Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Same comment as previous commit applies.
|
|
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0
The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included).
Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint.
This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8.
Lacking: test cases, exporting the more general erlang api, documentation...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Make some C code static
|
|
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0.
|
|
|
|
crypto: replace AES test vectors with validation data from NIST CAVP program
OTP-14436
|
|
Fix backwards equality check in aes cfb128 function
OTP-14435
|
|
|
|
|
|
|
|
This reverts commit dc57404252c47520f352834ad9be45ad684f96c9.
|
|
|
|
|
|
It turns out that the excessive memory usage is cause by the
test framework printing all the test vectors into the log output.
A similar proplem was already diagnosed for long_msg/0. The root
cause was not mentioned in the SUITE, but the same fix applies
to the CAPV test vector data.
Switch all CAPV data to lazy evaluation and have the test itself
read the data.
|
|
|
|
|
|
NIST's Cryptographic Algorithm Validation Program provides
validation testing of FIPS-approved and NIST-recommended
cryptographic algorithms.
Instead of hard coding a limited set of test vectors, use
their comprehensive validation set to test AES cipher modes.
|
|
* raimo/rand-dev/OTP-14295:
Implement Xoroshiro116+ and improve statisticals
|
|
Implement Xoroshiro116+ as 'exrop' with fixes.
Deprecate all old algorithms but reincarnate 'exs1024' as 'exs1024s'
and 'exsplus' as 'exsp' with fixes.
Fixes:
* Avoid skew for uniform integers caused by using a simple 'rem'
operation for range confinement. Correctness requires retry
with new random value for an unfortunate first value.
* Implement a correct algorithm that collects enough random
bits for ranges larger than the generator's precision.
* Fix uniform density for floats by acquiring 53 bits
then multiplying with 2.0^(-53) which produces floats
on the form N * 2.0^(-53).
|
|
* ingela/openssl-version:
crypto: Update documentation to reflect new version policy
erts: Update configure check for OpenSSL
|
|
Fix for problem introduced with OTP-14140
|
|
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
* g-andrade/strong-random-numbers/PR-1367/OTP-14317:
Clean up documentation and test cases
Attempt faster approach to strong random floats
Allow for crypto upgrades when using rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
No longer expose strong_rand_(range|float)
Support cryptographically strong rand plugin
Restyle crypto strong numeric generators for usage in rand
Support generation of strong random numbers
|
|
|
|
|
|
|
|
Fix a bug with the use of the aes_cfb128 cipher by calling the correct
underlying openssl interface function when the cipher is specified.
|
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|
|
This is a poor man's solution that allows to build and test the
system with all files compiled to native code simply by setting
the ERL_COMPILER_OPTS environment variable. Better solutions,
like automatically setting the no_native option whenever the
compiler sees an on_load attribute, obviously exist but require
more time to implement.
|
|
|
|
|
|
Fix documented range (interval is half-open.)
|
|
Be friendlier to Dialyzer
|
|
rand module should be used if not cryptographically strong is required.
If cryptographically strong is required, new cryptographically strong
functions should be added to crypto.
|
|
|
|
|
|
for usage in rand
|
|
|