aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
AgeCommit message (Collapse)Author
2016-04-25crypto: Deprecate rand_bytes/1Ingela Anderton Andin
OpenSSL has deprecated the function RAND_pseudo_bytes used by crypto:rand_bytes/1, so this function is now deprecated in OTP too. rand_bytes/3 also used this function, but was not documented so we can remove it right away. This commit also removes the fallback in generate_key to use rand_bytes/1 if strong_rand_bytes/1 throws low entropy. This is a potential incompatibility but we think it is desirable as crypto should provide cryptographically secure functions.
2016-04-18Merge branch 'mururu/crypto/aes-gcm-tag-len.PR-998.OTP-13483'Sverker Eriksson
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-12Merge branch 'sverker/crypto/skip-link_test-without-ldd'Sverker Eriksson
2016-04-06crypto: Skip link_test if no 'ldd' availableSverker Eriksson
2016-04-05crypto: Add test for AES-GCMYuki Ito
2016-03-29crypto: Optimize digest/cipher lookupsSverker Eriksson
by not repeating calls to get static EVP_MD and EVP_CIPHER objects. Also compressed the structs with unions for better caching during search.
2016-03-29crypto: Raise 'notsup' if lacking 'characteristic_two_field'Sverker Eriksson
and not badarg.
2016-03-26crypto: Enable AES-GCM tag length to changeYuki Ito
This commit enables AES-GCM encryption/decryption to change its tag length between 1 to 16 bytes.
2016-03-15update copyright-yearHenrik Nord
2016-03-15Merge tag 'OTP-18.3'Lars Thorsen
=== OTP-18.3 === Changed Applications: - asn1-4.0.2 - common_test-1.12 - compiler-6.0.3 - cosNotification-1.2.1 - cosTime-1.2.1 - cosTransactions-1.3.1 - crypto-3.6.3 - debugger-4.1.2 - dialyzer-2.9 - diameter-1.11.2 - edoc-0.7.18 - eldap-1.2.1 - erl_docgen-0.4.2 - erl_interface-3.8.2 - erts-7.3 - eunit-2.2.13 - hipe-3.15 - inets-6.2 - kernel-4.2 - mnesia-4.13.3 - observer-2.1.2 - orber-3.8.1 - public_key-1.1.1 - runtime_tools-1.9.3 - sasl-2.7 - snmp-5.2.2 - ssh-4.2.2 - ssl-7.3 - stdlib-2.8 - test_server-3.10 - tools-2.8.3 - webtool-0.9.1 - wx-1.6.1 - xmerl-1.3.10 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosProperty-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - jinterface-1.6.1 - megaco-3.18 - odbc-2.11.1 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - typer-0.9.10 Conflicts: OTP_VERSION erts/vsn.mk lib/test_server/doc/src/notes.xml lib/test_server/vsn.mk lib/webtool/doc/src/notes.xml lib/webtool/vsn.mk
2016-03-14Prepare releaseErlang/OTP
2016-02-17Makefiles: Remove test_server from include path and code pathBjörn Gustavsson
Since no test suites includede test_server.hrl, there is no need to have test_server in the include path or code path.
2016-02-17Eliminate use of test_server.hrl and test_server_line.hrlBjörn Gustavsson
As a first step to removing the test_server application as as its own separate application, change the inclusion of test_server.hrl to an inclusion of ct.hrl and remove the inclusion of test_server_line.hrl.
2016-02-08Merge branch 'maint'Sverker Eriksson
2016-01-28Only use supported EC curves in crypto testsDániel Szoboszlay
Avoid hardcoding EC curve names in tests where it basically doesn't matter which curve is used. Take one of the supported curbes instead. Also, when testing ECDH key generation, skip unsupported curves. These changes are to simplify dealing with exotic libcrypto builds that don't support certain curves (for example RHEL disallows < 256 bit curves). The crypto application is only able to detect the supported curves on a very coarse level (ECC support in general and GF2m curves), so it may be necessary to edit the list of curves in the crypto_ec_curves modules. But that should be the only necessary modification to make the crypto tests pass.
2016-01-27Check the result of EC_GROUP_new_curve_* callsDániel Szoboszlay
The FIPS-enabled OpenSSL on RHEL disallows the use of < 256 bit prime fields (like secp128r1 or secp160k1), and the EC_GROUP_new_cuve_GFp call would return a NULL pointer for such fields. Not checking for this failure could result in a segfault in the NIF code.
2016-01-14crypto: Fix bug for multiple blocks for AES-ECBAndrew Bennett
2016-01-08erts: Allow -fvisibility=hidden for NIFs and driversSverker Eriksson
as is strongly recommended by gcc man page. We use __attribute__ ((visibility("default"))) to make sure the init functions are properly exported.
2015-12-17Merge branch 'sverk/crypto/aes-ecb-192-bit'Sverker Eriksson
OTP-13207 * sverk/crypto/aes-ecb-192-bit: crypto: Support 192-bit keys for AES ECB
2015-12-17crypto: Support 192-bit keys for AES ECBAndrew Bennett
2015-12-17Merge branch 'sverk/crypto/aes-cbc-192-bit'Sverker Eriksson
OTP-13206 * sverk/crypto/aes-cbc-192-bit: crypto: Support 192-bit keys for AES CBC
2015-12-17Merge branch 'sverk/crypto/evp-aes-gcm'Sverker Eriksson
OTP-13205 * sverk/crypto/evp-aes-gcm: crypto: Fix potential memory leak in error case for block cipher crypto: Optimize AES-GCM cipher to not use dynamic allocation Use EVP for AES-GCM
2015-12-16Merge tag 'OTP-18.2'Henrik Nord
=== OTP-18.2 === Changed Applications: - asn1-4.0.1 - common_test-1.11.1 - compiler-6.0.2 - crypto-3.6.2 - dialyzer-2.8.2 - diameter-1.11.1 - erl_docgen-0.4.1 - erl_interface-3.8.1 - erts-7.2 - eunit-2.2.12 - hipe-3.14 - inets-6.1 - jinterface-1.6.1 - kernel-4.1.1 - observer-2.1.1 - parsetools-2.1.1 - public_key-1.1 - runtime_tools-1.9.2 - sasl-2.6.1 - snmp-5.2.1 - ssh-4.2 - ssl-7.2 - stdlib-2.7 - test_server-3.9.1 - tools-2.8.2 - typer-0.9.10 - wx-1.6 - xmerl-1.3.9 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - debugger-4.1.1 - edoc-0.7.17 - eldap-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - megaco-3.18 - mnesia-4.13.2 - odbc-2.11.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - webtool-0.9 Conflicts: OTP_VERSION erts/vsn.mk
2015-12-15Update release notesErlang/OTP
2015-12-15Update version numbersErlang/OTP
2015-12-11crypto: Support 192-bit keys for AES CBCSverker Eriksson
and deprecate aes_cbc128 and aes_cbc256 in favor of aes_cbc. This commit is pr 832 squashed, rebased and made work on master https://github.com/erlang/otp/pull/832/commits
2015-12-11crypto: Fix potential memory leak in error case for block cipherSverker Eriksson
2015-12-11crypto: Optimize AES-GCM cipher to not use dynamic allocationSverker Eriksson
for the EVP_CIPHER_CTX.
2015-12-11Use EVP for AES-GCMYuki Ito
This enables the use of hardware acceleration on newer Intel CPUs (AES-NI).
2015-12-10Merge branch 'sverk/crypto-evp-master'Sverker Eriksson
OTP-12217 * sverk/crypto-evp-master: crypto: Avoid bug in OpenSSL-0.9.8 for ECB ciphers Fix EVP_aes_???_ctr to demand OpenSSL 1.0.1 or later. Fix bug for aes_cfb_128_encrypt with empty binary crypto: Refactor nif code to use EVP interface
2015-12-01crypto: Avoid bug in OpenSSL-0.9.8 for ECB ciphersSverker Eriksson
that make EVP_CIPHER_iv_length() return non-zero value. Seems to be fixed in 0.9.8m.
2015-11-20Merge branch 'maint'Zandra
2015-11-20Merge branch 'riverrun/maint' into maintZandra
* riverrun/maint: Recommend against using crypto:rand_bytes
2015-11-18Merge branch 'maint'Hans Bolinder
* maint: [crypto] Correct documentation [compiler] Correct documentation [ssh] Correct documentation [snmp] Correct documentation [eunit] Correct documentation
2015-11-17[crypto] Correct documentationHans Bolinder
Fix mistakes found by 'xmllint'.
2015-11-17Fix EVP_aes_???_ctr to demand OpenSSL 1.0.1 or later.Sverker Eriksson
2015-11-17Fix bug for aes_cfb_128_encrypt with empty binarySverker Eriksson
causing OpenSSL 0.9.8h to crash with evp_enc.c(282): OpenSSL internal error, assertion failed: inl > 0
2015-11-17crypto: Refactor nif code to use EVP interfaceSverker Eriksson
Using the generic EVP_* API makes it possible to unify algorithm-specific nif functions to a single generic function. Effectively the same change that took place on the Erlang API in R16B01 is now applied to the C code. The old implementation using the low-level API is kept for compiling against old OpenSSL, as parts of the EVP API were introduced in OpenSSL 1.0.0. There are various minor improvements as well: - supported algorithms are now provided by the nif code (not a mix of the C and Erlang code) - remove unnecessary variables and macro definitions Most of the changes in this commit comes from Dániel Szoboszlay https://github.com/dszoboszlay/otp/commit/07f7056f955b324df4ace which is part of his 'fips' branch. Now also rebased on master branch.
2015-11-06Recommend against using crypto:rand_bytesDavid Whitlock
2015-09-30Merge branch 'maint'Henrik Nord
2015-09-25Fix typos in crypto documentationMagnus Henoch
s/stong_rand_bytes/strong_rand_bytes/, s/bts/bits/
2015-09-23Merge tag 'OTP-18.1'Henrik Nord
=== OTP-18.1 === Changed Applications: - compiler-6.0.1 - crypto-3.6.1 - debugger-4.1.1 - dialyzer-2.8.1 - diameter-1.11 - erts-7.1 - eunit-2.2.11 - hipe-3.13 - inets-6.0.1 - kernel-4.1 - mnesia-4.13.1 - odbc-2.11.1 - public_key-1.0.1 - sasl-2.6 - ssh-4.1 - ssl-7.1 - stdlib-2.6 - tools-2.8.1 - wx-1.5 Unchanged Applications: - asn1-4.0 - common_test-1.11 - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - edoc-0.7.17 - eldap-1.2 - erl_docgen-0.4 - erl_interface-3.8 - et-1.5.1 - gs-1.6 - ic-4.4 - jinterface-1.6 - megaco-3.18 - observer-2.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1 - percept-0.8.11 - reltool-0.7 - runtime_tools-1.9.1 - snmp-5.2 - syntax_tools-1.7 - test_server-3.9 - typer-0.9.9 - webtool-0.9 - xmerl-1.3.8 Conflicts: OTP_VERSION erts/vsn.mk
2015-09-21Prepare releaseErlang/OTP
2015-09-07Merge branch 'maint'Sverker Eriksson
2015-08-19crypto: Make ec_curves/0 return empty list if not supportedSverker Eriksson
2015-07-10ose: Remove all code related to the OSE portLukas Larsson
The OSE port is no longer supported and this commit removed it and any changes related to it. The things that were general improvements have been left in the code.
2015-06-23Prepare releaseErlang/OTP
2015-06-18Change license text to APLv2Bruce Yinhe
2015-05-27Update application versionsHans Bolinder