Age | Commit message (Collapse) | Author |
|
|
|
NIST's Cryptographic Algorithm Validation Program provides
validation testing of FIPS-approved and NIST-recommended
cryptographic algorithms.
Instead of hard coding a limited set of test vectors, use
their comprehensive validation set to test AES cipher modes.
|
|
* raimo/rand-dev/OTP-14295:
Implement Xoroshiro116+ and improve statisticals
|
|
Implement Xoroshiro116+ as 'exrop' with fixes.
Deprecate all old algorithms but reincarnate 'exs1024' as 'exs1024s'
and 'exsplus' as 'exsp' with fixes.
Fixes:
* Avoid skew for uniform integers caused by using a simple 'rem'
operation for range confinement. Correctness requires retry
with new random value for an unfortunate first value.
* Implement a correct algorithm that collects enough random
bits for ranges larger than the generator's precision.
* Fix uniform density for floats by acquiring 53 bits
then multiplying with 2.0^(-53) which produces floats
on the form N * 2.0^(-53).
|
|
* ingela/openssl-version:
crypto: Update documentation to reflect new version policy
erts: Update configure check for OpenSSL
|
|
Fix for problem introduced with OTP-14140
|
|
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
* g-andrade/strong-random-numbers/PR-1367/OTP-14317:
Clean up documentation and test cases
Attempt faster approach to strong random floats
Allow for crypto upgrades when using rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
No longer expose strong_rand_(range|float)
Support cryptographically strong rand plugin
Restyle crypto strong numeric generators for usage in rand
Support generation of strong random numbers
|
|
|
|
|
|
|
|
Fix a bug with the use of the aes_cfb128 cipher by calling the correct
underlying openssl interface function when the cipher is specified.
|
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|
|
This is a poor man's solution that allows to build and test the
system with all files compiled to native code simply by setting
the ERL_COMPILER_OPTS environment variable. Better solutions,
like automatically setting the no_native option whenever the
compiler sees an on_load attribute, obviously exist but require
more time to implement.
|
|
|
|
|
|
Fix documented range (interval is half-open.)
|
|
Be friendlier to Dialyzer
|
|
rand module should be used if not cryptographically strong is required.
If cryptographically strong is required, new cryptographically strong
functions should be added to crypto.
|
|
|
|
|
|
for usage in rand
|
|
|
|
* maint:
Updated OTP version
Prepare release
Conflicts:
OTP_VERSION
lib/typer/doc/src/notes.xml
lib/typer/vsn.mk
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This fixes commit f0867aa2ccbbf5677e0577bba08f8b7bc53ec0ed
|
|
Conflicts:
OTP_VERSION
|
|
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/emulator/sys/unix/erl_unix_sys.h
erts/emulator/sys/unix/sys.c
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/doc/src/notes.xml
lib/crypto/vsn.mk
lib/inets/doc/src/notes.xml
lib/inets/vsn.mk
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.app.src
lib/ssh/src/ssh_connection_handler.erl
lib/ssh/vsn.mk
otp_versions.table
|
|
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
|
|
|
|
|
|
to reflect that dirty schedulers are no longer
considered "experimental", per a comment from sverker.
|
|
|
|
If the underlying library is in FIPS mode, it'll refuse to generate
keys shorter than 2048 bits.
|
|
Fix https://bugs.erlang.org/browse/ERL-336.
|
|
Support RSA key generation using generate_key(rsa, {bits, e}). This depends
on the currently-experimental "dirty scheduler" support because key
generation is a potentially lengthy process.
|
|
|