This document describes the changes made to the Crypto application.
Refactor
Own Id: OTP-12217
Add support for 192-bit keys for the
Own Id: OTP-13206 Aux Id: pr 832
Add support for 192-bit keys for
Own Id: OTP-13207 Aux Id: pr829
Deprecate the function
Own Id: OTP-13214
Enable AES-GCM encryption/decryption to change the tag length between 1 to 16 bytes.
Own Id: OTP-13483 Aux Id: PR-998
Fix bug for
Own Id: OTP-13249
Improve portability of ECC tests in Crypto and SSL for "exotic" OpenSSL versions.
Own Id: OTP-13311
Small documentation fixes
Own Id: OTP-13017
Make
Own Id: OTP-12944
Enhance crypto:generate_key to calculate ECC public keys from private key.
Own Id: OTP-12394
Fix bug in
Own Id: OTP-12733
Use the EVP API for AES-CBC crypto to enables the use of hardware acceleration for AES-CBC crypto on newer Intel CPUs (AES-NI), among other platforms.
Own Id: OTP-12380
Add AES ECB block encryption.
Own Id: OTP-12403
Extend block_encrypt/decrypt for aes_cfb8 and aes_cfb128 to accept keys of length 128, 192 and 256 bits. Before only 128 bit keys were accepted.
Own Id: OTP-12467
Add configure option --with-ssl-incl=PATH to support OpenSSL installations with headers and libraries at different places.
Own Id: OTP-12215 Aux Id: seq12700
Add configure option --with-ssl-rpath to control which runtime library path to use for dynamic linkage toward OpenSSL.
Own Id: OTP-12316 Aux Id: seq12753
Make
Own Id: OTP-12146 Aux Id: seq12700
Fix memory leak in
Own Id: OTP-11953
Fix memory leak in
Own Id: OTP-11999
Add
Own Id: OTP-11911
Fix memory leaks and invalid deallocations in
Own Id: OTP-11550
Correction of the word 'ChipherText' throughout the documentation (Thanks to Andrew Tunnell-Jones)
Own Id: OTP-11609
Fix fatal bug when using a hmac context variable in more
than one call to
Own Id: OTP-11724
Crypto handles out-of-memory with a controlled abort instead of crash/corruption. (Thanks to Florian Zumbiehi)
Own Id: OTP-11725
Application upgrade (appup) files are corrected for the following applications:
A new test utility for testing appup files is added to test_server. This is now used by most applications in OTP.
(Thanks to Tobias Schlager)
Own Id: OTP-11744
By giving --enable-static-{nifs,drivers} to configure it is now possible to statically linking of nifs and drivers to the main Erlang VM binary. At the moment only the asn1 and crypto nifs of the Erlang/OTP nifs and drivers have been prepared to be statically linked. For more details see the Installation Guide in the System documentation.
Own Id: OTP-11258
Add IGE mode for AES cipher in crypto (Thanks to Yura Beznos).
Own Id: OTP-11522
Moved elliptic curve definition from the crypto NIF/OpenSSL into Erlang code, adds the RFC-5639 brainpool curves and makes TLS use them (RFC-7027).
Thanks to Andreas Schultz
Own Id: OTP-11578
Remove all obsolete application processes from crypto and make it into a pure library application.
Own Id: OTP-11619
Fix uninitialized pointers in crypto (Thanks to Anthony Ramine)
Own Id: OTP-11510
Refactor ecdsa cipher to simplify code and improve performance.
Own Id: OTP-11320
Integrate elliptic curve contribution from Andreas Schultz
In order to be able to support elliptic curve cipher suites in SSL/TLS, additions to handle elliptic curve infrastructure has been added to public_key and crypto.
This also has resulted in a rewrite of the crypto API to gain consistency and remove unnecessary overhead. All OTP applications using crypto has been updated to use the new API.
Impact: Elliptic curve cryptography (ECC) offers equivalent security with smaller key sizes than other public key algorithms. Smaller key sizes result in savings for power, memory, bandwidth, and computational cost that make ECC especially attractive for constrained environments.
Own Id: OTP-11009
Fixed a spelling mistake in crypto docs. Thanks to Klaus Trainer
Own Id: OTP-11058
Make the crypto functions interruptible by chunking input when it is very large and bumping reductions in the nifs.
Not yet implemented for block_encrypt|decrypt/4
Impact: Individual calls to crypto functions may take longer time but over all system performance should improve as crypto calls will not become throughput bottlenecks.
Own Id: OTP-11142
Enable runtime upgrade of crypto including the OpenSSL library used by crypto.
Own Id: OTP-10596
Improve documentation and tests for hmac functions in crypto. Thanks to Daniel White
Own Id: OTP-10640
Added ripemd160 support to crypto. Thanks to Michael Loftis
Own Id: OTP-10667
Remove unnecessary dependency to libssl from crypto NIF library. This dependency was introduced by accident in R14B04.
Own Id: OTP-10064
Add crypto and public_key support for the hash functions SHA224, SHA256, SHA384 and SHA512 and also hmac and rsa_sign/verify support using these hash functions. Thanks to Andreas Schultz for making a prototype.
Own Id: OTP-9908
Optimize RSA private key handling in
Own Id: OTP-10065
Make
Own Id: OTP-10136
public_key, ssl and crypto now supports PKCS-8
Own Id: OTP-9312
Erlang/OTP can now be built using parallel make if you
limit the number of jobs, for instance using '
Own Id: OTP-9451
Add DES and Triple DES cipher feedback (CFB) mode
functions to
Own Id: OTP-9640
Add sha256, sha384 and sha512 support for
Own Id: OTP-9778
Own Id: OTP-9526
Fix win32 OpenSSL static linking (Thanks to Dave Cottlehuber)
Own Id: OTP-9532
Various small documentation fixes (Thanks to Bernard Duggan)
Own Id: OTP-9172
New
Own Id: OTP-9275
Due to standard library DLL mismatches between versions of OpenSSL and Erlang/OTP, OpenSSL is now linked statically to the crypto driver on Windows. This fixes problems starting crypto when running Erlang as a service on all Windows versions.
Own Id: OTP-9280
Strengthened random number generation. (Thanks to Geoff Cant)
Own Id: OTP-9225
Misc. Updates.
Own Id: OTP-9132
AES CTR encryption support in
Own Id: OTP-8752 Aux Id: seq11642
Crypto dialyzer type error in md5_mac and sha_mac.
Own Id: OTP-8718
RC4 stream cipher didn't work. This since the new NIF
implementation of
Own Id: OTP-8781
A number of memory leaks in the crypto NIF library have been fixed.
Own Id: OTP-8810
Added erlang:system_info(build_type) which makes it easier to chose drivers, NIF libraries, etc based on build type of the runtime system.
The NIF library for crypto can now be built for valgrind and/or debug as separate NIF libraries that will be automatically loaded if the runtime system has been built with a matching build type.
Own Id: OTP-8760
crypto application changed to use NIFs instead of driver.
Own Id: OTP-8333
des_ecb_encrypt/2 and des_ecb_decrypt/2 has been added to the crypto module. The crypto:md4/1 function has been documented.
Own Id: OTP-8551
The undocumented, unsupport, and deprecated function
Own Id: OTP-8584
New variants of
Own Id: OTP-8700
Cross compilation improvements and other build system improvements.
Most notable:
(Thanks to Henrik Riomar for suggestions and testing)
(Thanks to Winston Smith for the AVR32-Linux cross configuration and testing)
*** POTENTIAL INCOMPATIBILITY ***
Own Id: OTP-8323
The crypto module now supports Blowfish in ECB, CBC and OFB modes. (Thanks to Paul Oliver.)
Own Id: OTP-8331
The documentation is now possible to build in an open source environment after a number of bugs are fixed and some features are added in the documentation build process.
- The arity calculation is updated.
- The module prefix used in the function names for bif's are removed in the generated links so the links will look like "http://www.erlang.org/doc/man/erlang.html#append_element-2" instead of "http://www.erlang.org/doc/man/erlang.html#erlang:append_element-2".
- Enhanced the menu positioning in the html documentation when a new page is loaded.
- A number of corrections in the generation of man pages (thanks to Sergei Golovan)
- The legal notice is taken from the xml book file so OTP's build process can be used for non OTP applications.
Own Id: OTP-8343
Suppressed false valgrind errors caused by libcrypto using uninitialized data as entropy.
Own Id: OTP-8200
The documentation is now built with open source tools (xsltproc and fop) that exists on most platforms. One visible change is that the frames are removed.
Own Id: OTP-8201
When the crypto application failed to load the OpenSSL/LibEAY shared object, error indication was sparse. Now a more specific error message is sent to the error logger.
Own Id: OTP-8281
Fixed emulator crash caused by crypto using an old openssl version that did not cope with large file descriptors.
Own Id: OTP-8261 Aux Id: seq11434
Own Id: OTP-8157
Support for Blowfish cfb64 added to
Own Id: OTP-8096
New function
Own Id: OTP-8141
The
Own Id: OTP-7674
Optimization for drivers by creating small binaries direct on process heap.
Own Id: OTP-7762
Added new functions: dss_verify/3, rsa_verify/3, rsa_verify/4, dss_sign/2, rsa_sign/2, rsa_sign/3, rsa_public_encrypt, rsa_private_decrypt/3, rsa_private_encrypt/3, rsa_public_decrypt/3, dh_generate_key/1, dh_generate_key/2, dh_compute_key/3.
Own Id: OTP-7545
Minor performance optimization.
Own Id: OTP-7521
./configure has been improved to find 64-bit OpenSSL libraries.
Own Id: OTP-7270
crypto and zlib drivers improved to allow concurent smp access.
Own Id: OTP-7262
The linked in driver for the crypto application is now linked statically against the OpenSSL libraries, to avoid installation and runtime problems in connection to the OpenSSL library locations.
Own Id: OTP-6680
Minor Makefile changes.
Own Id: OTP-6689
It is now explicitly checked at start-up that the crypto driver is properly loaded (Thanks to Claes Wikstrom).
Own Id: OTP-6109
The previously undocumented and UNSUPPORTED
Also, more cryptographic algorithms have been added to
the
*** POTENTIAL INCOMPATIBILITY ***
Own Id: OTP-5631
Added support for RFC 3826 - The Advanced Encryption Standard
(AES) Cipher Algorithm in the SNMP User-based Security Model.
Martin Björklund
Linked in drivers in the crypto, and asn1 applications are now compiled with the -D_THREAD_SAFE and -D_REENTRANT switches on unix when the emulator has thread support enabled.
Linked in drivers on MacOSX are not compiled with the undocumented -lbundle1.o switch anymore. Thanks to Sean Hinde who sent us a patch.
Linked in driver in crypto, and port programs in ssl, now compiles on OSF1.
Minor makefile improvements in runtime_tools.
Own Id: OTP-5346
Corrected error handling. If the port to the driver that crypto uses is unexpectedly closed (which should not happen during normal operation of crypto), crypto will terminate immediately (rather than crashing the next time crypto is used). Also corrected build problems on Mac OS X.
Own Id: OTP-5279
It was not possible in R9 to relink the crypto driver. The object file was missing as well as an example makefile. The crypto driver object file is now released with the application (installed in priv/obj). An example makefile has also been added to the priv/obj directory. The makefile serves as an example of how to relink the driver on Unix (crypto_drv.so) or Windows (crypto_drv.dll).
Own Id: OTP-4828 Aux Id: seq8193
Previous versions of Crypto where delivered with
statically linked binaries based on SSLeay. That is not
longer the case. The current version of Crypto requires
dynamically linked OpenSSL libraries that the user has to
install. The library needed is
This version of Crypto uses the new DES interface of OpenSSL 0.9.7, which is not backward compatible with earlier versions of OpenSSL.
The start of crypto failed on Windows, due to erroneous addition of a DES3 algorithm.
Own Id: OTP-4684
Aux Id: seq7864
In the manual page
Own Id: OTP-3409
Code replacement in runtime is supported. Upgrade can be done from from version 1.1 and downgrade to version 1.1.
The driver part of the Crypto application has been updated to use the erl_driver header file. Version 1.1.1 requires emulator version 4.9.1 or later.
On Windows the crypto_drv was incorrectly linked to static run-time libraries instead of dynamic ones.
Own Id: OTP-3240
New application.