aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/test
AgeCommit message (Collapse)Author
2018-08-21Updated the engine load functionalityLars Thorsen
- engine_load/3/4 can be called multiple times for same engine if it allows it (eg doesn't contain global data) - ensure_engine_loaded/2/3 is new functions that guarantees that the engine is just loaded once by adding it to OpenSSL internal engine list and check that before loading. - ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload). - new utility functions engine_by_id/1, engine_add/1, engine_remove/1, engine_get_id/1 and engine_get_name/1
2018-08-09crypto: Fix crash in compute_key(ecdh, ...) on badargJohn Högberg
When term2point was passed a non-binary argument, `my_ecpoint` would be left uninitialized and the cleanup code would free a garbage pointer.
2018-03-05[crypto] Fix hanging test case on outdated lab machineLars Thorsen
2017-12-04[crypto] Add engine_ctrl_cmd_string() to APILars Thorsen
2017-12-01crypto: engine_SUITE updateHans Nilsson
2017-11-21crypto: Fixes to make privkey_to_pubkey behave similar to other functionsHans Nilsson
2017-11-20crypto: Correct and extends tests of key fetching/usageHans Nilsson
2017-11-10crypto: Extend engine_SUITE with tests of the pub key extraction from priv keysHans Nilsson
2017-11-10crypto: Extend engine_SUITE with tests of the pub/priv key fetchesHans Nilsson
2017-11-10[crypto] Add support for loading an alternative EngineLars Thorsen
Add support to plug in alternative implementations for some or all of the cryptographic operations supported by the OpenSSL Engine API. When configured appropriately, OpenSSL calls the engine's implementation of these operations instead of its own.
2017-10-04crypto: disable tests of non-working assymetric ciphersHans Nilsson
ECDSA and DSA (DSS) public/private encryption/decryption does not work
2017-10-04crypto: Added pkey_crypt_nif from PR838Hans Nilsson
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
2017-07-07crypto: test case for sign/verify ecdsa with sha256 etcHans Nilsson
2017-07-07crypto: test case for sign/verify dss with sha256 etcHans Nilsson
In OpenSSL version >= 1.0.1 the hash algos sha, sha224, sha256, sha384 and sha512 are supported. In 1.0.0 sha, sha224 and sha256 are supported In 0.9.8 sha is supported
2017-07-07crypto: tests for rsa sign/verify from PR838Hans Nilsson
2017-07-07crypto: test suites report openssl version, supports etcHans Nilsson
2017-06-12crypto: add test for rsa keygen 1024/3Hans Nilsson
2017-06-12crypto: filter out small mod in test suite for rsa keygen in FIPS modeHans Nilsson
2017-05-29Merge pull request #1396 from RoadRunnr/crypto/cavpHans Nilsson
crypto: replace AES test vectors with validation data from NIST CAVP program OTP-14436
2017-05-04Update copyright yearRaimo Niskanen
2017-05-03crypto: use lazy evaluation for test cases read from CAVP filesAndreas Schultz
It turns out that the excessive memory usage is cause by the test framework printing all the test vectors into the log output. A similar proplem was already diagnosed for long_msg/0. The root cause was not mentioned in the SUITE, but the same fix applies to the CAPV test vector data. Switch all CAPV data to lazy evaluation and have the test itself read the data.
2017-05-03crypto: replace AES GCM test vectors with NIST CAVP suiteAndreas Schultz
2017-05-03crypto: replace AES CMAC test vectors with NIST CAVP suiteAndreas Schultz
2017-05-03crypto: replace AES test vectors with NIST CAVP test dataAndreas Schultz
NIST's Cryptographic Algorithm Validation Program provides validation testing of FIPS-approved and NIST-recommended cryptographic algorithms. Instead of hard coding a limited set of test vectors, use their comprehensive validation set to test AES cipher modes.
2017-04-12crypto: Increase prime to pass with FIPS-enabled cryptolibHans Nilsson
Fix for problem introduced with OTP-14140
2017-03-18No longer expose strong_rand_(range|float)Guilherme Andrade
2017-03-18Support cryptographically strong rand pluginGuilherme Andrade
2017-03-18Restyle crypto strong numeric generatorsGuilherme Andrade
for usage in rand
2017-03-14Support generation of strong random numbersGuilherme Andrade
2017-01-17Remove the RSA-1024 test case.Wim Lewis
If the underlying library is in FIPS mode, it'll refuse to generate keys shorter than 2048 bits.
2017-01-08Add RSA key generationWim Lewis
Support RSA key generation using generate_key(rsa, {bits, e}). This depends on the currently-experimental "dirty scheduler" support because key generation is a potentially lengthy process.
2016-12-20crypto: Support chacha20_poly1305Yuki Ito
This commit reactivates chacha20_poly1305 and fixes the imprementation for the released OpenSSL 1.1.0 or later.
2016-11-04[crypto] Remove depricated functionsLars Thorsen
2016-10-11Merge branch 'legoscia/ssl_in_fips_mode/PR-1180/OTP-13921'Hans Nilsson
Conflicts: lib/crypto/c_src/crypto.c lib/ssl/src/ssl_cipher.erl
2016-10-04Merge branch 'maint'Raimo Niskanen
2016-10-04Merge branch 'RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896' into maintRaimo Niskanen
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896: disable RC4 in SSL when crypto doesn't support it Fix compilation when OpenSSL doesn't support RC4 Conflicts: lib/crypto/c_src/crypto.c
2016-09-28Fix aes_gcm test case in crypto_SUITEMagnus Henoch
In one of the test cases, the IV is 8 bytes. In FIPS mode, the minimum allowed IV length is 12 bytes, so let's skip that test case.
2016-09-28Use proper test data for FIPS mode negative testsMagnus Henoch
block_crypt_nif does some sanity tests on its arguments before trying to initialise the cipher. This made some of the tests in crypto_SUITE fail, since they were expecting notsup, not badarg. Fix this by passing the same test data as for the positive tests.
2016-09-28Skip FIPS tests if we cannot enable FIPS modeMagnus Henoch
Even if Erlang/OTP has been built with --enable-fips, it's possible that the OpenSSL library we're linked to doesn't support FIPS mode. In that case, it will fail to enable it at run time. Let's handle that in crypto_SUITE, by skipping the tests instead of failing.
2016-09-28Update test suites with FIPS mode supportDániel Szoboszlay
Every algorithm is now tested in both FIPS and non-FIPS modes (when crypto is compiled with FIPS support). In FIPS mode non-FIPS algorithms are disabled and the tests verify that they crash with notsup error as expected. In FIPS mode RSA and EC algorithms don't work if the key sizes are below a minimum required value - which happened to be the case with most keys used in the tests. These tests were changed to use longer keys (even in non-FIPS mode for simplicity). Conflicts: lib/crypto/test/crypto_SUITE.erl
2016-09-22Fix compilation when OpenSSL doesn't support RC4Andreas Schultz
When OpenSSL has been configured with the "no-rc4" option, the header file rc4.h doesn't exist, and neither does the rc4 functions. Let's handle those by checking whether OPENSSL_NO_RC4 is defined.
2016-09-14Fix compilation when OpenSSL doesn't support RC2Magnus Henoch
When OpenSSL has been configured with the "no-rc2" option, the header file rc2.h doesn't exist, and neither does the function EVP_rc2_cbc. Let's handle those by checking whether OPENSSL_NO_RC2 is defined. Also update pbe_SUITE, which uses RC2-CBC in one of the tests.
2016-09-07Merge branch 'maint'Raimo Niskanen
2016-09-02Add '_cfb' alias for misspelled '_cbf' cipherRaimo Niskanen
2016-09-02Fix badarg -> notsup and test casesRaimo Niskanen
Also correct algo_cipher[] size since it was one to small.
2016-08-12Skip the cmac test cases on older OpenSSLPetr Gotthard
2016-07-30crypto:cmac calculating the Cipher-based Message Authentication CodePetr Gotthard
The ERL-82 issue requests a way to calculate a CMAC in Erlang. The AES128 CMAC is standartized in RFC 4493 and used e.g. for message authentication in the LoRaWAN networks. The CMAC is implemented by OpenSSL since v1.0.1, but as @IngelaAndin stated in response to the ERL-82, the current crypto implementation does not include functions that call those OpenSSL cryptolib functions. This commit introduces a new function `crypto:cmac` that calls the corresponding OpenSSL functions and calculates the CMAC. Only the cmac_nif is implemented. The incremental functions (init, update, final) are not provided because the current OpenSSL does not allow custom memory allocators like `enif_alloc_resource`. The Erlang user guide states that at least OpenSSL 0.9.8 is required, so I added few #ifdefs so the code is compatible with all versions. However, the OpenSSL pages say that the pre-1.0.1 versions (0.9.8 and 1.0.0) are no longer maintained. Even the 1.0.1 will be retired by Dec 2016. Hence I believe that adding a 1.0.1-only function like CMAC should be OK.
2016-04-25crypto: Deprecate rand_bytes/1Ingela Anderton Andin
OpenSSL has deprecated the function RAND_pseudo_bytes used by crypto:rand_bytes/1, so this function is now deprecated in OTP too. rand_bytes/3 also used this function, but was not documented so we can remove it right away. This commit also removes the fallback in generate_key to use rand_bytes/1 if strong_rand_bytes/1 throws low entropy. This is a potential incompatibility but we think it is desirable as crypto should provide cryptographically secure functions.
2016-04-18Merge branch 'mururu/crypto/aes-gcm-tag-len.PR-998.OTP-13483'Sverker Eriksson
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year