Age | Commit message (Collapse) | Author |
|
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896:
disable RC4 in SSL when crypto doesn't support it
Fix compilation when OpenSSL doesn't support RC4
Conflicts:
lib/crypto/c_src/crypto.c
|
|
* legoscia/crypto/no-rc2/PR-1163/OTP-13895:
Fix compilation when OpenSSL doesn't support RC2
|
|
When OpenSSL has been configured with the "no-rc4" option, the header
file rc4.h doesn't exist, and neither does the rc4 functions.
Let's handle those by checking whether OPENSSL_NO_RC4 is defined.
|
|
|
|
When OpenSSL has been configured with the "no-rc2" option, the header
file rc2.h doesn't exist, and neither does the function EVP_rc2_cbc.
Let's handle those by checking whether OPENSSL_NO_RC2 is defined.
Also update pbe_SUITE, which uses RC2-CBC in one of the tests.
|
|
|
|
maint
* michaesc/crypto/honour-OPENSSL_NO_DES/ERL-203/OTP-13783:
Add '_cfb' alias for misspelled '_cbf' cipher
Fix badarg -> notsup and test cases
Honour OPENSSL_NO_DES
Conflicts:
lib/crypto/c_src/crypto.c
|
|
|
|
Also correct algo_cipher[] size since it was one to small.
|
|
Patch suggestion by Michae in ERL-203 at bugs.erlang.org.
|
|
Fix some older errors as well.
|
|
|
|
|
|
This reverts commit e020f75c10410a6943cd055bfa072a2641eab7da.
|
|
|
|
to make it easier to read and construct version checks.
|
|
Same fix as was done for EVP in f4f588683dce36c447017.
|
|
|
|
This reverts commit bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a.
|
|
|
|
OpenSSL has deprecated the function RAND_pseudo_bytes used by
crypto:rand_bytes/1, so this function is now deprecated in OTP too.
rand_bytes/3 also used this function, but was not documented
so we can remove it right away.
This commit also removes the fallback in generate_key to use
rand_bytes/1 if strong_rand_bytes/1 throws low entropy.
This is a potential incompatibility but we think it is desirable
as crypto should provide cryptographically secure functions.
|
|
|
|
* henrik/update-copyrightyear:
update copyright-year
|
|
|
|
|
|
|
|
by not repeating calls to get static EVP_MD and EVP_CIPHER objects.
Also compressed the structs with unions
for better caching during search.
|
|
and not badarg.
|
|
This commit enables AES-GCM encryption/decryption to change its tag
length between 1 to 16 bytes.
|
|
|
|
=== OTP-18.3 ===
Changed Applications:
- asn1-4.0.2
- common_test-1.12
- compiler-6.0.3
- cosNotification-1.2.1
- cosTime-1.2.1
- cosTransactions-1.3.1
- crypto-3.6.3
- debugger-4.1.2
- dialyzer-2.9
- diameter-1.11.2
- edoc-0.7.18
- eldap-1.2.1
- erl_docgen-0.4.2
- erl_interface-3.8.2
- erts-7.3
- eunit-2.2.13
- hipe-3.15
- inets-6.2
- kernel-4.2
- mnesia-4.13.3
- observer-2.1.2
- orber-3.8.1
- public_key-1.1.1
- runtime_tools-1.9.3
- sasl-2.7
- snmp-5.2.2
- ssh-4.2.2
- ssl-7.3
- stdlib-2.8
- test_server-3.10
- tools-2.8.3
- webtool-0.9.1
- wx-1.6.1
- xmerl-1.3.10
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosProperty-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- jinterface-1.6.1
- megaco-3.18
- odbc-2.11.1
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- parsetools-2.1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- typer-0.9.10
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/test_server/doc/src/notes.xml
lib/test_server/vsn.mk
lib/webtool/doc/src/notes.xml
lib/webtool/vsn.mk
|
|
|
|
Since no test suites includede test_server.hrl, there is no need
to have test_server in the include path or code path.
|
|
As a first step to removing the test_server application as
as its own separate application, change the inclusion of
test_server.hrl to an inclusion of ct.hrl and remove the
inclusion of test_server_line.hrl.
|
|
|
|
Avoid hardcoding EC curve names in tests where it basically doesn't
matter which curve is used. Take one of the supported curbes instead.
Also, when testing ECDH key generation, skip unsupported curves.
These changes are to simplify dealing with exotic libcrypto builds
that don't support certain curves (for example RHEL disallows < 256
bit curves). The crypto application is only able to detect the
supported curves on a very coarse level (ECC support in general and
GF2m curves), so it may be necessary to edit the list of curves in the
crypto_ec_curves modules. But that should be the only necessary
modification to make the crypto tests pass.
|
|
The FIPS-enabled OpenSSL on RHEL disallows the use of < 256 bit prime
fields (like secp128r1 or secp160k1), and the EC_GROUP_new_cuve_GFp
call would return a NULL pointer for such fields. Not checking for
this failure could result in a segfault in the NIF code.
|
|
|
|
as is strongly recommended by gcc man page.
We use __attribute__ ((visibility("default"))) to make sure
the init functions are properly exported.
|
|
OTP-13207
* sverk/crypto/aes-ecb-192-bit:
crypto: Support 192-bit keys for AES ECB
|
|
|
|
OTP-13206
* sverk/crypto/aes-cbc-192-bit:
crypto: Support 192-bit keys for AES CBC
|
|
OTP-13205
* sverk/crypto/evp-aes-gcm:
crypto: Fix potential memory leak in error case for block cipher
crypto: Optimize AES-GCM cipher to not use dynamic allocation
Use EVP for AES-GCM
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
Conflicts:
OTP_VERSION
erts/vsn.mk
|
|
|
|
|
|
and deprecate aes_cbc128 and aes_cbc256 in favor of aes_cbc.
This commit is pr 832 squashed, rebased and made work on master
https://github.com/erlang/otp/pull/832/commits
|
|
|
|
for the EVP_CIPHER_CTX.
|
|
This enables the use of hardware acceleration on newer Intel CPUs (AES-NI).
|