aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
AgeCommit message (Collapse)Author
2017-03-20crypto: Deprecate crypto:rand_uniform/2 as it is not cryptographically strongIngela Anderton Andin
rand module should be used if not cryptographically strong is required. If cryptographically strong is required, new cryptographically strong functions should be added to crypto.
2017-03-14Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release Conflicts: OTP_VERSION lib/typer/doc/src/notes.xml lib/typer/vsn.mk
2017-03-14Prepare releaseErlang/OTP
2017-03-13Merge branch 'wiml/crypto/rsa-generate-key/ERL-165/PR-1299/OTP-14140'Hans Nilsson
2017-03-10Update copyright yearRickard Green
2017-03-09crypto: Document exceptions thrown in crypto:generate_keyHans Nilsson
2017-03-09crypto: Uppdate crypto.app.src for dirty_scheduler dependency in ERTSHans Nilsson
2017-03-09crypto: removed error function from PR and added error handling in crypto.erlHans Nilsson
2017-03-02crypto: Enable usage of LibreSSLHans Nilsson
2017-02-03Merge branch 'maint'Hans Nilsson
2017-02-03Merge branch 'maint'Björn-Egil Dahlberg
2017-02-03Fix merge commitBjörn-Egil Dahlberg
This fixes commit f0867aa2ccbbf5677e0577bba08f8b7bc53ec0ed
2017-02-03erge branch 'maint'Hans Nilsson
Conflicts: OTP_VERSION
2017-02-03Merge branch 'maint-18' into maintHans Nilsson
Conflicts: OTP_VERSION erts/doc/src/notes.xml erts/emulator/sys/unix/erl_unix_sys.h erts/emulator/sys/unix/sys.c erts/vsn.mk lib/crypto/c_src/crypto.c lib/crypto/doc/src/notes.xml lib/crypto/vsn.mk lib/inets/doc/src/notes.xml lib/inets/vsn.mk lib/ssh/doc/src/notes.xml lib/ssh/src/ssh.app.src lib/ssh/src/ssh_connection_handler.erl lib/ssh/vsn.mk otp_versions.table
2017-02-02ssh: document crypto:genarate_key(dh, [P,G,L])Hans Nilsson
2017-02-01Prepare releaseErlang/OTP
2017-01-31crypto: Added optional length to paramlist in generate_keyHans Nilsson
Conflicts: lib/crypto/c_src/crypto.c
2017-01-31ssh,crypto: prepare for releaseHans Nilsson
2017-01-31Merge branch 'maint'Hans Nilsson
Conflicts: lib/crypto/c_src/crypto.c lib/crypto/src/crypto.erl
2017-01-27crypto: Added optional length to paramlist in generate_keyHans Nilsson
2017-01-18Minor punctuation fixes in the crypto documentation.Wim Lewis
2017-01-18Update the documentation for RSA key generationWim Lewis
to reflect that dirty schedulers are no longer considered "experimental", per a comment from sverker.
2017-01-18Merge branch 'maint'Hans Nilsson
2017-01-17Remove the RSA-1024 test case.Wim Lewis
If the underlying library is in FIPS mode, it'll refuse to generate keys shorter than 2048 bits.
2017-01-17Add a missing aes_gcm -spec clause to crypto:block_encrypt/4Leo Liu
Fix https://bugs.erlang.org/browse/ERL-336.
2017-01-08Add RSA key generationWim Lewis
Support RSA key generation using generate_key(rsa, {bits, e}). This depends on the currently-experimental "dirty scheduler" support because key generation is a potentially lengthy process.
2016-12-29crypto: algo_ciper was too small after cipher additionsHans Nilsson
2016-12-20crypto: Support chacha20_poly1305Yuki Ito
This commit reactivates chacha20_poly1305 and fixes the imprementation for the released OpenSSL 1.1.0 or later.
2016-12-14Merge tag 'OTP-19.2'Dan Gudmundsson
=== OTP-19.2 === Changed Applications: - common_test-1.13 - compiler-7.0.3 - crypto-3.7.2 - dialyzer-3.0.3 - edoc-0.8.1 - erl_docgen-0.6.1 - erl_interface-3.9.2 - erts-8.2 - eunit-2.3.2 - hipe-3.15.3 - inets-6.3.4 - kernel-5.1.1 - mnesia-4.14.2 - observer-2.3 - odbc-2.12 - parsetools-2.1.4 - public_key-1.3 - runtime_tools-1.11 - sasl-3.0.2 - ssh-4.4 - ssl-8.1 - stdlib-3.2 - syntax_tools-2.1.1 - tools-2.9 - wx-1.8 Unchanged Applications: - asn1-4.0.4 - cosEvent-2.2.1 - cosEventDomain-1.2.1 - cosFileTransfer-1.2.1 - cosNotification-1.2.2 - cosProperty-1.2.1 - cosTime-1.2.2 - cosTransactions-1.3.2 - debugger-4.2.1 - diameter-1.12.1 - eldap-1.2.2 - et-1.6 - gs-1.6.2 - ic-4.4.2 - jinterface-1.7.1 - megaco-3.18.1 - orber-3.8.2 - os_mon-2.4.1 - otp_mibs-1.1.1 - percept-0.9 - reltool-0.7.2 - snmp-5.2.4 - typer-0.9.11 - xmerl-1.3.12 * tag 'OTP-19.2': Updated OTP version Prepare release Conflicts: OTP_VERSION
2016-12-09Prepare releaseErlang/OTP
2016-12-02Support OpenSSL 1.1.0Björn Gustavsson
2016-12-02crypto.c: Disable broken code for ChaCha and Poly1305Björn Gustavsson
In June 2014, fb9d36c2c7c1 added support for the AES GCM ciphers (ChaCha/Poly1305) based on a development version of OpenSSL 1.1.0. The code is seriously broken when used with the released OpenSSL 1.1.0.
2016-11-29warn_obsolete_guard is already defaultRichard Carlsson
Update compiler documentation and remove superfluous erlc flags.
2016-11-04[crypto] Remove depricated functionsLars Thorsen
2016-10-11Merge branch 'legoscia/ssl_in_fips_mode/PR-1180/OTP-13921'Hans Nilsson
Conflicts: lib/crypto/c_src/crypto.c lib/ssl/src/ssl_cipher.erl
2016-10-05Merge branch 'master' into sverker/master/load_nif-print-init-errorSverker Eriksson
2016-10-05crypto: Return source line number from failed load/upgradeSverker Eriksson
Renamed the init function as the return semantics are changed.
2016-10-04Merge branch 'maint'Raimo Niskanen
2016-10-04Merge branch 'RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896' into maintRaimo Niskanen
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896: disable RC4 in SSL when crypto doesn't support it Fix compilation when OpenSSL doesn't support RC4 Conflicts: lib/crypto/c_src/crypto.c
2016-10-04Merge branch 'legoscia/crypto/no-rc2/PR-1163/OTP-13895' into maintRaimo Niskanen
* legoscia/crypto/no-rc2/PR-1163/OTP-13895: Fix compilation when OpenSSL doesn't support RC2
2016-09-29Fix warning tag in fips.xmlMagnus Henoch
That should be <warning>, not <warn>.
2016-09-28Rename SSL_DEFINE to SSL_FLAGSMagnus Henoch
For consistency with other applications.
2016-09-28Document FIPS mode supportDániel Szoboszlay
2016-09-28Fix aes_gcm test case in crypto_SUITEMagnus Henoch
In one of the test cases, the IV is 8 bytes. In FIPS mode, the minimum allowed IV length is 12 bytes, so let's skip that test case.
2016-09-28Use proper test data for FIPS mode negative testsMagnus Henoch
block_crypt_nif does some sanity tests on its arguments before trying to initialise the cipher. This made some of the tests in crypto_SUITE fail, since they were expecting notsup, not badarg. Fix this by passing the same test data as for the positive tests.
2016-09-28Filter elliptic curves depending on FIPS modeMagnus Henoch
Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f.
2016-09-28Skip FIPS tests if we cannot enable FIPS modeMagnus Henoch
Even if Erlang/OTP has been built with --enable-fips, it's possible that the OpenSSL library we're linked to doesn't support FIPS mode. In that case, it will fail to enable it at run time. Let's handle that in crypto_SUITE, by skipping the tests instead of failing.
2016-09-28Update test suites with FIPS mode supportDániel Szoboszlay
Every algorithm is now tested in both FIPS and non-FIPS modes (when crypto is compiled with FIPS support). In FIPS mode non-FIPS algorithms are disabled and the tests verify that they crash with notsup error as expected. In FIPS mode RSA and EC algorithms don't work if the key sizes are below a minimum required value - which happened to be the case with most keys used in the tests. These tests were changed to use longer keys (even in non-FIPS mode for simplicity). Conflicts: lib/crypto/test/crypto_SUITE.erl
2016-09-28Support using OpenSSL in FIPS modeDániel Szoboszlay
FIPS mode support needs to be enabled at compile time, by configuring Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS algorithms are disabled and raise error notsup. The supported protocols list is properly updated in FIPS mode to advertise only the enabled protocols. FIPS mode is off by default even if Erlang/OTP was built with FIPS support. It needs to be turned on at runtime. The official approach is to set the fips_mode application environment parameter of the crypto application to true. This would turn FIPS mode on when the NIF is loaded and would prevent loading the module on error. Another method is provided via the crypto:enable_fips_mode/1 function, but it is not recommended to be used in production, as it won't prevent the use of the crypto module in case of an error, and would risk OpenSSL crashing the emulator. It is very useful for test suites however that need to check both validated and non-validated functionality. This commit is based on commit 00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
2016-09-28Fix erlang:error/2 calls in crypto.erlMagnus Henoch
Make all calls to erlang:error/2 specify the actual argument list of the function. This ensures that the stacktrace contains the correct arity of the function where the error occurred.