Age | Commit message (Collapse) | Author |
|
* maint:
doc: Correct errors introduced by Editorial changes
|
|
Fix some older errors as well.
|
|
* gotthardp/crypto/add-cmac/ERL-82/PR-1138/OTP-13779:
Skip the cmac test cases on older OpenSSL
Added a reference to cmac RFC in the description part of the man page
Fix building crypto/cmac_nif on 64-bit machines.
crypto:cmac calculating the Cipher-based Message Authentication Code
|
|
|
|
|
|
|
|
|
|
The ERL-82 issue requests a way to calculate a CMAC in Erlang. The
AES128 CMAC is standartized in RFC 4493 and used e.g. for message
authentication in the LoRaWAN networks.
The CMAC is implemented by OpenSSL since v1.0.1, but as @IngelaAndin
stated in response to the ERL-82, the current crypto implementation
does not include functions that call those OpenSSL cryptolib functions.
This commit introduces a new function `crypto:cmac` that calls
the corresponding OpenSSL functions and calculates the CMAC.
Only the cmac_nif is implemented. The incremental functions (init,
update, final) are not provided because the current OpenSSL does
not allow custom memory allocators like `enif_alloc_resource`.
The Erlang user guide states that at least OpenSSL 0.9.8 is required,
so I added few #ifdefs so the code is compatible with all versions.
However, the OpenSSL pages say that the pre-1.0.1 versions (0.9.8 and
1.0.0) are no longer maintained. Even the 1.0.1 will be retired by
Dec 2016. Hence I believe that adding a 1.0.1-only function like CMAC
should be OK.
|
|
|
|
This reverts commit e020f75c10410a6943cd055bfa072a2641eab7da.
|
|
|
|
to make it easier to read and construct version checks.
|
|
Same fix as was done for EVP in f4f588683dce36c447017.
|
|
|
|
This reverts commit bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a.
|
|
|
|
OpenSSL has deprecated the function RAND_pseudo_bytes used by
crypto:rand_bytes/1, so this function is now deprecated in OTP too.
rand_bytes/3 also used this function, but was not documented
so we can remove it right away.
This commit also removes the fallback in generate_key to use
rand_bytes/1 if strong_rand_bytes/1 throws low entropy.
This is a potential incompatibility but we think it is desirable
as crypto should provide cryptographically secure functions.
|
|
|
|
* henrik/update-copyrightyear:
update copyright-year
|
|
|
|
|
|
|
|
by not repeating calls to get static EVP_MD and EVP_CIPHER objects.
Also compressed the structs with unions
for better caching during search.
|
|
and not badarg.
|
|
This commit enables AES-GCM encryption/decryption to change its tag
length between 1 to 16 bytes.
|
|
|
|
=== OTP-18.3 ===
Changed Applications:
- asn1-4.0.2
- common_test-1.12
- compiler-6.0.3
- cosNotification-1.2.1
- cosTime-1.2.1
- cosTransactions-1.3.1
- crypto-3.6.3
- debugger-4.1.2
- dialyzer-2.9
- diameter-1.11.2
- edoc-0.7.18
- eldap-1.2.1
- erl_docgen-0.4.2
- erl_interface-3.8.2
- erts-7.3
- eunit-2.2.13
- hipe-3.15
- inets-6.2
- kernel-4.2
- mnesia-4.13.3
- observer-2.1.2
- orber-3.8.1
- public_key-1.1.1
- runtime_tools-1.9.3
- sasl-2.7
- snmp-5.2.2
- ssh-4.2.2
- ssl-7.3
- stdlib-2.8
- test_server-3.10
- tools-2.8.3
- webtool-0.9.1
- wx-1.6.1
- xmerl-1.3.10
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosProperty-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- jinterface-1.6.1
- megaco-3.18
- odbc-2.11.1
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- parsetools-2.1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- typer-0.9.10
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/test_server/doc/src/notes.xml
lib/test_server/vsn.mk
lib/webtool/doc/src/notes.xml
lib/webtool/vsn.mk
|
|
|
|
Since no test suites includede test_server.hrl, there is no need
to have test_server in the include path or code path.
|
|
As a first step to removing the test_server application as
as its own separate application, change the inclusion of
test_server.hrl to an inclusion of ct.hrl and remove the
inclusion of test_server_line.hrl.
|
|
|
|
Avoid hardcoding EC curve names in tests where it basically doesn't
matter which curve is used. Take one of the supported curbes instead.
Also, when testing ECDH key generation, skip unsupported curves.
These changes are to simplify dealing with exotic libcrypto builds
that don't support certain curves (for example RHEL disallows < 256
bit curves). The crypto application is only able to detect the
supported curves on a very coarse level (ECC support in general and
GF2m curves), so it may be necessary to edit the list of curves in the
crypto_ec_curves modules. But that should be the only necessary
modification to make the crypto tests pass.
|
|
The FIPS-enabled OpenSSL on RHEL disallows the use of < 256 bit prime
fields (like secp128r1 or secp160k1), and the EC_GROUP_new_cuve_GFp
call would return a NULL pointer for such fields. Not checking for
this failure could result in a segfault in the NIF code.
|
|
|
|
as is strongly recommended by gcc man page.
We use __attribute__ ((visibility("default"))) to make sure
the init functions are properly exported.
|
|
OTP-13207
* sverk/crypto/aes-ecb-192-bit:
crypto: Support 192-bit keys for AES ECB
|
|
|
|
OTP-13206
* sverk/crypto/aes-cbc-192-bit:
crypto: Support 192-bit keys for AES CBC
|
|
OTP-13205
* sverk/crypto/evp-aes-gcm:
crypto: Fix potential memory leak in error case for block cipher
crypto: Optimize AES-GCM cipher to not use dynamic allocation
Use EVP for AES-GCM
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
Conflicts:
OTP_VERSION
erts/vsn.mk
|
|
|
|
|
|
and deprecate aes_cbc128 and aes_cbc256 in favor of aes_cbc.
This commit is pr 832 squashed, rebased and made work on master
https://github.com/erlang/otp/pull/832/commits
|
|
|
|
for the EVP_CIPHER_CTX.
|
|
This enables the use of hardware acceleration on newer Intel CPUs (AES-NI).
|
|
OTP-12217
* sverk/crypto-evp-master:
crypto: Avoid bug in OpenSSL-0.9.8 for ECB ciphers
Fix EVP_aes_???_ctr to demand OpenSSL 1.0.1 or later.
Fix bug for aes_cfb_128_encrypt with empty binary
crypto: Refactor nif code to use EVP interface
|
|
that make EVP_CIPHER_iv_length() return non-zero value.
Seems to be fixed in 0.9.8m.
|
|
|
|
* riverrun/maint:
Recommend against using crypto:rand_bytes
|