diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/compiler/src/beam_asm.erl | 2 | ||||
| -rw-r--r-- | lib/compiler/src/beam_bool.erl | 27 | ||||
| -rw-r--r-- | lib/compiler/test/andor_SUITE.erl | 66 | ||||
| -rw-r--r-- | lib/crypto/c_src/crypto_drv.c | 78 | ||||
| -rw-r--r-- | lib/crypto/doc/src/crypto.xml | 64 | ||||
| -rw-r--r-- | lib/crypto/src/crypto.erl | 25 | ||||
| -rw-r--r-- | lib/crypto/test/Makefile | 4 | ||||
| -rw-r--r-- | lib/crypto/test/blowfish_SUITE.erl | 210 | ||||
| -rw-r--r-- | lib/erl_interface/configure.in | 10 | ||||
| -rw-r--r-- | lib/public_key/doc/src/cert_records.xml | 34 | ||||
| -rw-r--r-- | lib/ssl/doc/src/create_certs.xml | 14 | ||||
| -rw-r--r-- | lib/ssl/doc/src/new_ssl.xml | 23 | ||||
| -rw-r--r-- | lib/ssl/doc/src/pkix_certs.xml | 213 | ||||
| -rw-r--r-- | lib/ssl/doc/src/remember.xml | 83 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 35 | ||||
| -rw-r--r-- | lib/stdlib/src/c.erl | 4 | ||||
| -rw-r--r-- | lib/stdlib/test/c_SUITE.erl | 69 | ||||
| -rw-r--r-- | lib/tools/doc/src/notes.xml | 15 | ||||
| -rw-r--r-- | lib/tools/src/cover.erl | 4 | ||||
| -rw-r--r-- | lib/tools/vsn.mk | 2 | ||||
| -rwxr-xr-x | lib/wx/configure.in | 20 |
21 files changed, 609 insertions, 393 deletions
diff --git a/lib/compiler/src/beam_asm.erl b/lib/compiler/src/beam_asm.erl index 90d25d87b2..497c4fa07b 100644 --- a/lib/compiler/src/beam_asm.erl +++ b/lib/compiler/src/beam_asm.erl @@ -150,7 +150,7 @@ build_file(Code, Attr, Dict, NumLabels, NumFuncs, Abst, SourceFile, Opts) -> %% Create IFF chunk. Chunks = case member(slim, Opts) of - true -> [Essentials,AttrChunk,CompileChunk,AbstChunk]; + true -> [Essentials,AttrChunk,AbstChunk]; false -> [Essentials,LocChunk,AttrChunk,CompileChunk,AbstChunk] end, build_form(<<"BEAM">>, Chunks). diff --git a/lib/compiler/src/beam_bool.erl b/lib/compiler/src/beam_bool.erl index d8c201a194..dcc6ad4c7c 100644 --- a/lib/compiler/src/beam_bool.erl +++ b/lib/compiler/src/beam_bool.erl @@ -123,6 +123,12 @@ bopt_block(Reg, Fail, OldIs, [{block,Bl0}|Acc0], St0) -> throw:mixed -> failed; + %% There was a reference to a boolean expression + %% from inside a protected block (try/catch), to + %% a boolean expression outside. + throw:protected_barrier -> + failed; + %% The 'xor' operator was used. We currently don't %% find it worthwile to translate 'xor' operators %% (the code would be clumsy). @@ -167,7 +173,7 @@ bopt_block(Reg, Fail, OldIs, [{block,Bl0}|Acc0], St0) -> %% whether the optimized code is guaranteed to work in the same %% way as the original code. %% -%% Throws an exception if the optmization is not safe. +%% Throw an exception if the optimization is not safe. %% ensure_opt_safe(Bl, NewCode, OldIs, Fail, PreceedingCode, St) -> %% Here are the conditions that must be true for the @@ -184,10 +190,10 @@ ensure_opt_safe(Bl, NewCode, OldIs, Fail, PreceedingCode, St) -> %% by the code that follows. %% %% 3. Any register that is assigned a value in the optimized - %% code must be UNUSED or KILLED in the following code. - %% (Possible future improvement: Registers that are known - %% to be assigned the SAME value in the original and optimized - %% code don't need to be unused in the following code.) + %% code must be UNUSED or KILLED in the following code + %% (because the register might be assigned the wrong value, + %% and even if the value is right it might no longer be + %% assigned on *all* paths leading to its use). InitInPreceeding = initialized_regs(PreceedingCode), @@ -304,6 +310,8 @@ dst_regs([{set,[D],_,{bif,_,{f,_}}}|Is], Acc) -> dst_regs(Is, [D|Acc]); dst_regs([{set,[D],_,{alloc,_,{gc_bif,_,{f,_}}}}|Is], Acc) -> dst_regs(Is, [D|Acc]); +dst_regs([{set,[D],_,move}|Is], Acc) -> + dst_regs(Is, [D|Acc]); dst_regs([_|Is], Acc) -> dst_regs(Is, Acc); dst_regs([], Acc) -> ordsets:from_list(Acc). @@ -414,11 +422,10 @@ bopt_good_args([A|As], Regs) -> bopt_good_args([], _) -> ok. bopt_good_arg({Tag,_}=X, Regs) when Tag =:= x; Tag =:= tmp -> - case gb_trees:get(X, Regs) of - any -> ok; - _Other -> - %%io:format("not any: ~p: ~p\n", [X,_Other]), - throw(mixed) + case gb_trees:lookup(X, Regs) of + {value,any} -> ok; + {value,_} -> throw(mixed); + none -> throw(protected_barrier) end; bopt_good_arg(_, _) -> ok. diff --git a/lib/compiler/test/andor_SUITE.erl b/lib/compiler/test/andor_SUITE.erl index 34609a49f2..a460d54239 100644 --- a/lib/compiler/test/andor_SUITE.erl +++ b/lib/compiler/test/andor_SUITE.erl @@ -20,13 +20,14 @@ -export([all/1, t_case/1,t_and_or/1,t_andalso/1,t_orelse/1,inside/1,overlap/1, - combined/1,in_case/1]). + combined/1,in_case/1,before_and_inside_if/1]). -include("test_server.hrl"). all(suite) -> test_lib:recompile(?MODULE), - [t_case,t_and_or,t_andalso,t_orelse,inside,overlap,combined,in_case]. + [t_case,t_and_or,t_andalso,t_orelse,inside,overlap,combined,in_case, + before_and_inside_if]. t_case(Config) when is_list(Config) -> %% We test boolean cases almost but not quite like cases @@ -380,6 +381,65 @@ in_case_1_guard(LenUp, LenDw, LenN, Rotation, Count) -> false -> loop end. +before_and_inside_if(Config) when is_list(Config) -> + ?line no = before_and_inside_if([a], [b], delete), + ?line no = before_and_inside_if([a], [b], x), + ?line no = before_and_inside_if([a], [], delete), + ?line no = before_and_inside_if([a], [], x), + ?line no = before_and_inside_if([], [], delete), + ?line yes = before_and_inside_if([], [], x), + ?line yes = before_and_inside_if([], [b], delete), + ?line yes = before_and_inside_if([], [b], x), + + ?line {ch1,ch2} = before_and_inside_if_2([a], [b], blah), + ?line {ch1,ch2} = before_and_inside_if_2([a], [b], xx), + ?line {ch1,ch2} = before_and_inside_if_2([a], [], blah), + ?line {ch1,ch2} = before_and_inside_if_2([a], [], xx), + ?line {no,no} = before_and_inside_if_2([], [b], blah), + ?line {no,no} = before_and_inside_if_2([], [b], xx), + ?line {ch1,no} = before_and_inside_if_2([], [], blah), + ?line {no,ch2} = before_and_inside_if_2([], [], xx), + ok. + +%% Thanks to Simon Cornish and Kostis Sagonas. +%% Used to crash beam_bool. +before_and_inside_if(XDo1, XDo2, Do3) -> + Do1 = (XDo1 =/= []), + Do2 = (XDo2 =/= []), + if + %% This expression occurs in a try/catch (protected) + %% block, which cannot refer to variables outside of + %% the block that are boolean expressions. + Do1 =:= true; + Do1 =:= false, Do2 =:= false, Do3 =:= delete -> + no; + true -> + yes + end. + +%% Thanks to Simon Cornish. +%% Used to generate code that would not set {y,0} on +%% all paths before its use (and therefore fail +%% validation by the beam_validator). +before_and_inside_if_2(XDo1, XDo2, Do3) -> + Do1 = (XDo1 =/= []), + Do2 = (XDo2 =/= []), + CH1 = if Do1 == true; + Do1 == false,Do2==false,Do3 == blah -> + ch1; + true -> + no + end, + CH2 = if Do1 == true; + Do1 == false,Do2==false,Do3 == xx -> + ch2; + true -> + no + end, + {CH1,CH2}. + +%% Utilities. + check(V1, V0) -> if V1 /= V0 -> io:fwrite("error: ~w.\n", [V1]), @@ -393,5 +453,3 @@ echo(X) -> X. id(I) -> I. - - diff --git a/lib/crypto/c_src/crypto_drv.c b/lib/crypto/c_src/crypto_drv.c index 241c4ec733..5b6d750dde 100644 --- a/lib/crypto/c_src/crypto_drv.c +++ b/lib/crypto/c_src/crypto_drv.c @@ -233,6 +233,11 @@ static ErlDrvEntry crypto_driver_entry = { #define DRV_BF_CFB64_ENCRYPT 59 #define DRV_BF_CFB64_DECRYPT 60 +#define DRV_BF_ECB_ENCRYPT 61 +#define DRV_BF_ECB_DECRYPT 62 +#define DRV_BF_OFB64_ENCRYPT 63 +#define DRV_BF_CBC_ENCRYPT 64 +#define DRV_BF_CBC_DECRYPT 65 /* #define DRV_CBC_IDEA_ENCRYPT 34 */ /* #define DRV_CBC_IDEA_DECRYPT 35 */ @@ -533,6 +538,79 @@ static int crypto_control(ErlDrvData drv_data, unsigned int command, char *buf, (command == DRV_CBC_DES_ENCRYPT)); return dlen; + case DRV_BF_ECB_ENCRYPT: + case DRV_BF_ECB_DECRYPT: + { + /* buf = klen[4] key data */ + int bf_direction; + const unsigned char *ukey; + const unsigned char *bf_dbuf; /* blowfish input data */ + BF_KEY bf_key; /* blowfish key 8 */ + + klen = get_int32(buf); + ukey = (unsigned char *) buf + 4; + bf_dbuf = ukey + klen; + dlen = len - 4 - klen; + if (dlen < 0) return -1; + BF_set_key(&bf_key, klen, ukey); + bin = return_binary(rbuf,rlen,dlen); + if (bin==NULL) return -1; + bf_direction = command == DRV_BF_ECB_ENCRYPT ? BF_ENCRYPT : BF_DECRYPT; + BF_ecb_encrypt(bf_dbuf, bin, &bf_key, bf_direction); + return dlen; + } + + case DRV_BF_CBC_ENCRYPT: + case DRV_BF_CBC_DECRYPT: + { + /* buf = klen[4] key ivec[8] data */ + unsigned char *ukey; + unsigned char* ivec; + unsigned char bf_tkey[8]; /* blowfish ivec */ + int bf_direction; + const unsigned char *bf_dbuf; /* blowfish input data */ + BF_KEY bf_key; /* blowfish key 8 */ + + klen = get_int32(buf); + ukey = (unsigned char *)buf + 4; + ivec = ukey + klen; + bf_dbuf = ivec + 8; + dlen = len - 4 - klen - 8; + if (dlen < 0) return -1; + BF_set_key(&bf_key, klen, ukey); + memcpy(bf_tkey, ivec, 8); + bin = return_binary(rbuf,rlen,dlen); + if (bin==NULL) return -1; + bf_direction = command == DRV_BF_CBC_ENCRYPT ? BF_ENCRYPT : BF_DECRYPT; + BF_cbc_encrypt(bf_dbuf, bin, dlen, &bf_key, bf_tkey, bf_direction); + return dlen; + } + + case DRV_BF_OFB64_ENCRYPT: + { + /* buf = klen[4] key ivec[8] data */ + unsigned char *ukey; + unsigned char* ivec; + unsigned char bf_tkey[8]; /* blowfish ivec */ + int bf_n; /* blowfish ivec pos */ + const unsigned char *bf_dbuf; /* blowfish input data */ + BF_KEY bf_key; /* blowfish key 8 */ + + klen = get_int32(buf); + ukey = (unsigned char *)buf + 4; + ivec = ukey + klen; + bf_dbuf = ivec + 8; + dlen = len - 4 - klen - 8; + if (dlen < 0) return -1; + BF_set_key(&bf_key, klen, ukey); + memcpy(bf_tkey, ivec, 8); + bin = return_binary(rbuf,rlen,dlen); + if (bin==NULL) return -1; + bf_n = 0; + BF_ofb64_encrypt(bf_dbuf, bin, dlen, &bf_key, bf_tkey, &bf_n); + return dlen; + } + case DRV_BF_CFB64_ENCRYPT: case DRV_BF_CFB64_DECRYPT: { diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 42ba523c8c..cfc6996332 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -337,6 +337,53 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> <c>Key3</c>, and <c>IVec</c> must be 64 bits (8 bytes).</p> </desc> </func> + + <func> + <name>blowfish_ecb_encrypt(Key, Text) -> Cipher</name> + <fsummary>Encrypt the first 64 bits of <c>Text</c> using Blowfish in ECB mode</fsummary> + <type> + <v>Key = Text = iolist() | binary()</v> + <v>IVec = Cipher = binary()</v> + </type> + <desc> + <p>Encrypts the first 64 bits of <c>Text</c> using Blowfish in ECB mode. <c>Key</c> is the Blowfish key. The length of <c>Text</c> must be at least 64 bits (8 bytes).</p> + </desc> + <name>blowfish_ecb_decrypt(Key, Text) -> Cipher</name> + <fsummary>Decrypt the first 64 bits of <c>Text</c> using Blowfish in ECB mode</fsummary> + <type> + <v>Key = Text = iolist() | binary()</v> + <v>IVec = Cipher = binary()</v> + </type> + <desc> + <p>Decrypts the first 64 bits of <c>Text</c> using Blowfish in ECB mode. <c>Key</c> is the Blowfish key. The length of <c>Text</c> must be at least 64 bits (8 bytes).</p> + </desc> + </func> + + <func> + <name>blowfish_cbc_encrypt(Key, Text) -> Cipher</name> + <fsummary>Encrypt <c>Text</c> using Blowfish in CBC mode</fsummary> + <type> + <v>Key = Text = iolist() | binary()</v> + <v>IVec = Cipher = binary()</v> + </type> + <desc> + <p>Encrypts <c>Text</c> using Blowfish in CBC mode. <c>Key</c> is the Blowfish key, and <c>IVec</c> is an + arbitrary initializing vector. The length of <c>IVec</c> + must be 64 bits (8 bytes). The length of <c>Text</c> must be a multiple of 64 bits (8 bytes).</p> + </desc> + <name>blowfish_cbc_decrypt(Key, Text) -> Cipher</name> + <fsummary>Decrypt <c>Text</c> using Blowfish in CBC mode</fsummary> + <type> + <v>Key = Text = iolist() | binary()</v> + <v>IVec = Cipher = binary()</v> + </type> + <desc> + <p>Decrypts <c>Text</c> using Blowfish in CBC mode. <c>Key</c> is the Blowfish key, and <c>IVec</c> is an + arbitrary initializing vector. The length of <c>IVec</c> + must be 64 bits (8 bytes). The length of <c>Text</c> must be a multiple 64 bits (8 bytes).</p> + </desc> + </func> + <func> <name>blowfish_cfb64_encrypt(Key, IVec, Text) -> Cipher</name> <fsummary>Encrypt <c>Text</c>using Blowfish in CFB mode with 64 @@ -367,6 +414,23 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> must be 64 bits (8 bytes).</p> </desc> </func> + + <func> + <name>blowfish_ofb64_encrypt(Key, IVec, Text) -> Cipher</name> + <fsummary>Encrypt <c>Text</c>using Blowfish in OFB mode with 64 + bit feedback</fsummary> + <type> + <v>Key = Text = iolist() | binary()</v> + <v>IVec = Cipher = binary()</v> + </type> + <desc> + <p>Encrypts <c>Text</c> using Blowfish in OFB mode with 64 bit + feedback. <c>Key</c> is the Blowfish key, and <c>IVec</c> is an + arbitrary initializing vector. The length of <c>IVec</c> + must be 64 bits (8 bytes).</p> + </desc> + </func> + <func> <name>aes_cfb_128_encrypt(Key, IVec, Text) -> Cipher</name> <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name> diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 5189677dd0..fa33bad2e0 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -30,7 +30,10 @@ -export([md5_mac/2, md5_mac_96/2, sha_mac/2, sha_mac_96/2]). -export([des_cbc_encrypt/3, des_cbc_decrypt/3, des_cbc_ivec/1]). -export([des3_cbc_encrypt/5, des3_cbc_decrypt/5]). --export([blowfish_cfb64_encrypt/3,blowfish_cfb64_decrypt/3]). +-export([blowfish_ecb_encrypt/2, blowfish_ecb_decrypt/2]). +-export([blowfish_cbc_encrypt/3, blowfish_cbc_decrypt/3]). +-export([blowfish_cfb64_encrypt/3, blowfish_cfb64_decrypt/3]). +-export([blowfish_ofb64_encrypt/3]). -export([des_ede3_cbc_encrypt/5, des_ede3_cbc_decrypt/5]). -export([aes_cfb_128_encrypt/3, aes_cfb_128_decrypt/3]). -export([exor/2]). @@ -115,6 +118,11 @@ -define(BF_CFB64_ENCRYPT, 59). -define(BF_CFB64_DECRYPT, 60). +-define(BF_ECB_ENCRYPT, 61). +-define(BF_ECB_DECRYPT, 62). +-define(BF_OFB64_ENCRYPT, 63). +-define(BF_CBC_ENCRYPT, 64). +-define(BF_CBC_DECRYPT, 65). %% -define(IDEA_CBC_ENCRYPT, 34). %% -define(IDEA_CBC_DECRYPT, 35). @@ -303,12 +311,27 @@ des_ede3_cbc_decrypt(Key1, Key2, Key3, IVec, Data) -> %% %% Blowfish %% +blowfish_ecb_encrypt(Key, Data) when byte_size(Data) >= 8 -> + control_bin(?BF_ECB_ENCRYPT, Key, list_to_binary([Data])). + +blowfish_ecb_decrypt(Key, Data) when byte_size(Data) >= 8 -> + control_bin(?BF_ECB_DECRYPT, Key, list_to_binary([Data])). + +blowfish_cbc_encrypt(Key, IVec, Data) when byte_size(Data) rem 8 =:= 0 -> + control_bin(?BF_CBC_ENCRYPT, Key, list_to_binary([IVec, Data])). + +blowfish_cbc_decrypt(Key, IVec, Data) when byte_size(Data) rem 8 =:= 0 -> + control_bin(?BF_CBC_DECRYPT, Key, list_to_binary([IVec, Data])). + blowfish_cfb64_encrypt(Key, IVec, Data) when byte_size(IVec) =:= 8 -> control_bin(?BF_CFB64_ENCRYPT, Key, list_to_binary([IVec, Data])). blowfish_cfb64_decrypt(Key, IVec, Data) when byte_size(IVec) =:= 8 -> control_bin(?BF_CFB64_DECRYPT, Key, list_to_binary([IVec, Data])). +blowfish_ofb64_encrypt(Key, IVec, Data) when byte_size(IVec) =:= 8 -> + control_bin(?BF_OFB64_ENCRYPT, Key, list_to_binary([IVec, Data])). + %% %% AES in cipher feedback mode (CFB) %% diff --git a/lib/crypto/test/Makefile b/lib/crypto/test/Makefile index bf5c42877e..e728875027 100644 --- a/lib/crypto/test/Makefile +++ b/lib/crypto/test/Makefile @@ -5,7 +5,9 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk # Target Specs # ---------------------------------------------------- -MODULES= crypto_SUITE +MODULES = \ + blowfish_SUITE \ + crypto_SUITE ERL_FILES= $(MODULES:%=%.erl) diff --git a/lib/crypto/test/blowfish_SUITE.erl b/lib/crypto/test/blowfish_SUITE.erl new file mode 100644 index 0000000000..d4cc167ea9 --- /dev/null +++ b/lib/crypto/test/blowfish_SUITE.erl @@ -0,0 +1,210 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% +-module(blowfish_SUITE). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-include("test_server.hrl"). +-include("test_server_line.hrl"). + +-define(TIMEOUT, 120000). % 2 min + +-define(KEY, to_bin("0123456789ABCDEFF0E1D2C3B4A59687")). +-define(IVEC, to_bin("FEDCBA9876543210")). +%% "7654321 Now is the time for " (includes trailing '\0') +-define(DATA, to_bin("37363534333231204E6F77206973207468652074696D6520666F722000")). +-define(DATA_PADDED, to_bin("37363534333231204E6F77206973207468652074696D6520666F722000000000")). + +%% Test server callback functions +%%-------------------------------------------------------------------- +%% Function: init_per_suite(Config) -> Config +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Initialization before the whole suite +%% +%% Note: This function is free to add any key/value pairs to the Config +%% variable, but should NOT alter/remove any existing entries. +%%-------------------------------------------------------------------- +init_per_suite(Config) -> + crypto:start(), + Config. + +%%-------------------------------------------------------------------- +%% Function: end_per_suite(Config) -> _ +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Cleanup after the whole suite +%%-------------------------------------------------------------------- +end_per_suite(_Config) -> + crypto:stop(). + +%%-------------------------------------------------------------------- +%% Function: init_per_testcase(TestCase, Config) -> Config +%% Case - atom() +%% Name of the test case that is about to be run. +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% +%% Description: Initialization before each test case +%% +%% Note: This function is free to add any key/value pairs to the Config +%% variable, but should NOT alter/remove any existing entries. +%% Description: Initialization before each test case +%%-------------------------------------------------------------------- +init_per_testcase(_TestCase, Config0) -> + Config = lists:keydelete(watchdog, 1, Config0), + Dog = test_server:timetrap(?TIMEOUT), + [{watchdog, Dog} | Config]. + +%%-------------------------------------------------------------------- +%% Function: end_per_testcase(TestCase, Config) -> _ +%% Case - atom() +%% Name of the test case that is about to be run. +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Cleanup after each test case +%%-------------------------------------------------------------------- +end_per_testcase(_TestCase, Config) -> + Dog = ?config(watchdog, Config), + case Dog of + undefined -> + ok; + _ -> + test_server:timetrap_cancel(Dog) + end. + +%%-------------------------------------------------------------------- +%% Function: all(Clause) -> TestCases +%% Clause - atom() - suite | doc +%% TestCases - [Case] +%% Case - atom() +%% Name of a test case. +%% Description: Returns a list of all test cases in this test suite +%%-------------------------------------------------------------------- +all(doc) -> + ["Test Blowfish functionality"]; + +all(suite) -> + [ecb, + cbc, + cfb64, + ofb64 + ]. + +%% Test cases start here. +%%-------------------------------------------------------------------- + +ecb_test(KeyBytes, ClearBytes, CipherBytes) -> + {Key, Clear, Cipher} = + {to_bin(KeyBytes), to_bin(ClearBytes), to_bin(CipherBytes)}, + crypto:blowfish_ecb_encrypt(Key, Clear) =:= Cipher. + +ecb(doc) -> + "Test that ECB mode is OK"; +ecb(suite) -> + []; +ecb(Config) when is_list(Config) -> + true = ecb_test("0000000000000000", "0000000000000000", "4EF997456198DD78"), + true = ecb_test("FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "51866FD5B85ECB8A"), + true = ecb_test("3000000000000000", "1000000000000001", "7D856F9A613063F2"), + true = ecb_test("1111111111111111", "1111111111111111", "2466DD878B963C9D"), + true = ecb_test("0123456789ABCDEF", "1111111111111111", "61F9C3802281B096"), + true = ecb_test("1111111111111111", "0123456789ABCDEF", "7D0CC630AFDA1EC7"), + true = ecb_test("0000000000000000", "0000000000000000", "4EF997456198DD78"), + true = ecb_test("FEDCBA9876543210", "0123456789ABCDEF", "0ACEAB0FC6A0A28D"), + true = ecb_test("7CA110454A1A6E57", "01A1D6D039776742", "59C68245EB05282B"), + true = ecb_test("0131D9619DC1376E", "5CD54CA83DEF57DA", "B1B8CC0B250F09A0"), + true = ecb_test("07A1133E4A0B2686", "0248D43806F67172", "1730E5778BEA1DA4"), + true = ecb_test("3849674C2602319E", "51454B582DDF440A", "A25E7856CF2651EB"), + true = ecb_test("04B915BA43FEB5B6", "42FD443059577FA2", "353882B109CE8F1A"), + true = ecb_test("0113B970FD34F2CE", "059B5E0851CF143A", "48F4D0884C379918"), + true = ecb_test("0170F175468FB5E6", "0756D8E0774761D2", "432193B78951FC98"), + true = ecb_test("43297FAD38E373FE", "762514B829BF486A", "13F04154D69D1AE5"), + true = ecb_test("07A7137045DA2A16", "3BDD119049372802", "2EEDDA93FFD39C79"), + true = ecb_test("04689104C2FD3B2F", "26955F6835AF609A", "D887E0393C2DA6E3"), + true = ecb_test("37D06BB516CB7546", "164D5E404F275232", "5F99D04F5B163969"), + true = ecb_test("1F08260D1AC2465E", "6B056E18759F5CCA", "4A057A3B24D3977B"), + true = ecb_test("584023641ABA6176", "004BD6EF09176062", "452031C1E4FADA8E"), + true = ecb_test("025816164629B007", "480D39006EE762F2", "7555AE39F59B87BD"), + true = ecb_test("49793EBC79B3258F", "437540C8698F3CFA", "53C55F9CB49FC019"), + true = ecb_test("4FB05E1515AB73A7", "072D43A077075292", "7A8E7BFA937E89A3"), + true = ecb_test("49E95D6D4CA229BF", "02FE55778117F12A", "CF9C5D7A4986ADB5"), + true = ecb_test("018310DC409B26D6", "1D9D5C5018F728C2", "D1ABB290658BC778"), + true = ecb_test("1C587F1C13924FEF", "305532286D6F295A", "55CB3774D13EF201"), + true = ecb_test("0101010101010101", "0123456789ABCDEF", "FA34EC4847B268B2"), + true = ecb_test("1F1F1F1F0E0E0E0E", "0123456789ABCDEF", "A790795108EA3CAE"), + true = ecb_test("E0FEE0FEF1FEF1FE", "0123456789ABCDEF", "C39E072D9FAC631D"), + true = ecb_test("0000000000000000", "FFFFFFFFFFFFFFFF", "014933E0CDAFF6E4"), + true = ecb_test("FFFFFFFFFFFFFFFF", "0000000000000000", "F21E9A77B71C49BC"), + true = ecb_test("0123456789ABCDEF", "0000000000000000", "245946885754369A"), + true = ecb_test("FEDCBA9876543210", "FFFFFFFFFFFFFFFF", "6B5C5A9C5D9E0A5A"), + ok. + +cbc(doc) -> + "Test that CBC mode is OK"; +cbc(suite) -> + []; +cbc(Config) when is_list(Config) -> + true = crypto:blowfish_cbc_encrypt(?KEY, ?IVEC, ?DATA_PADDED) =:= + to_bin("6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC"), + ok. + +cfb64(doc) -> + "Test that CFB64 mode is OK"; +cfb64(suite) -> + []; +cfb64(Config) when is_list(Config) -> + true = crypto:blowfish_cfb64_encrypt(?KEY, ?IVEC, ?DATA) =:= + to_bin("E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3"), + ok. + +ofb64(doc) -> + "Test that OFB64 mode is OK"; +ofb64(suite) -> + []; +ofb64(Config) when is_list(Config) -> + true = crypto:blowfish_ofb64_encrypt(?KEY, ?IVEC, ?DATA) =:= + to_bin("E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA"), + ok. + +%% Helper functions + +%% Convert a hexadecimal string to a binary. +-spec(to_bin(L::string()) -> binary()). +to_bin(L) -> + to_bin(L, []). + +%% @spec dehex(char()) -> integer() +%% @doc Convert a hex digit to its integer value. +-spec(dehex(char()) -> integer()). +dehex(C) when C >= $0, C =< $9 -> + C - $0; +dehex(C) when C >= $a, C =< $f -> + C - $a + 10; +dehex(C) when C >= $A, C =< $F -> + C - $A + 10. + +-spec(to_bin(L::string(), list()) -> binary()). +to_bin([], Acc) -> + iolist_to_binary(lists:reverse(Acc)); +to_bin([C1, C2 | Rest], Acc) -> + to_bin(Rest, [(dehex(C1) bsl 4) bor dehex(C2) | Acc]). diff --git a/lib/erl_interface/configure.in b/lib/erl_interface/configure.in index 80b229c1c3..2f5b5673bb 100644 --- a/lib/erl_interface/configure.in +++ b/lib/erl_interface/configure.in @@ -100,11 +100,11 @@ if test "x$LD" = "x"; then fi AC_SUBST(LD) -AC_CHECK_SIZEOF(short, $erl_xcomp_short) -AC_CHECK_SIZEOF(int, $erl_xcomp_int) -AC_CHECK_SIZEOF(long, $erl_xcomp_long) -AC_CHECK_SIZEOF(void *, $erl_xcomp_void_p) -AC_CHECK_SIZEOF(long long, $erl_xcomp_long_long) +AC_CHECK_SIZEOF(short) +AC_CHECK_SIZEOF(int) +AC_CHECK_SIZEOF(long) +AC_CHECK_SIZEOF(void *) +AC_CHECK_SIZEOF(long long) if test $ac_cv_sizeof_void_p = 8; then CFLAGS="$CFLAGS -DEI_64BIT" diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml index 8fb4ea5fd0..8cfe57f670 100644 --- a/lib/public_key/doc/src/cert_records.xml +++ b/lib/public_key/doc/src/cert_records.xml @@ -41,10 +41,18 @@ </p> <p>Use the following include directive to get access to the - records and constant macros described in the following sections.</p> + records and constant macros (OIDs) described in the following sections.</p> <code> -include_lib("public_key/include/public_key.hrl"). </code> + <p>The used specification is available in <c>OTP-PKIX.asn1</c>, + which is an amelioration of + the <c>PKIX1Explicit88.asn1</c>, <c>PKIX1Implicit88.asn1</c> + and <c>PKIX1Algorithms88.asn1</c> modules. + You find all these modules in the <c>asn1</c> subdirectory + of the application <c>public_key</c>. + </p> + <section> <title>Common Data Types</title> @@ -148,8 +156,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p> }. </code> -<p><c>id_attributes() = ?oid_name_as_erlang_atom</c> -for available oid names see table below. Ex: ?'id-at-name'</p> +<p><c>id_attributes() </c></p> <table> <row> <cell align="left" valign="middle">OID name</cell> @@ -231,8 +238,7 @@ for available oid names see table below. Ex: ?'id-at-name'</p> }. </code> -<p><c> id_public_key_algorithm() = ?oid_name_as_erlang_atom</c> for available -oid names see table below. Ex: ?'id-dsa'</p> +<p><c> id_public_key_algorithm() </c></p> <table> <row> <cell align="left" valign="middle">OID name</cell> @@ -264,14 +270,11 @@ oid names see table below. Ex: ?'id-dsa'</p> }. </code> -<p><c>id_extensions() = ?oid_name_as_erlang_atom</c> for -available oid names see tables. Ex: ?'id-ce-authorityKeyIdentifier'<seealso -marker="#StdCertExt">Standard Certificate Extensions</seealso>, - <seealso - marker="#PrivIntExt">Private Internet Extensions</seealso>, <seealso - marker="#CRLCertExt">CRL Extensions</seealso> and - <seealso - marker="#CRLEntryExt">CRL Entry Extensions</seealso>. +<p><c>id_extensions()</c> + <seealso marker="#StdCertExt">Standard Certificate Extensions</seealso>, + <seealso marker="#PrivIntExt">Private Internet Extensions</seealso>, + <seealso marker="#CRLCertExt">CRL Extensions</seealso> and + <seealso marker="#CRLEntryExt">CRL Entry Extensions</seealso>. </p> </section> @@ -368,9 +371,8 @@ marker="#StdCertExt">Standard Certificate Extensions</seealso>, decipherOnly </c></p> - <p><c> id_key_purpose() = ?oid_name_as_erlang_atom</c> for available -oid names see table below. Ex: ?'id-kp-serverAuth'</p> - + <p><c> id_key_purpose()</c></p> + <table> <row> <cell align="left" valign="middle">OID name</cell> diff --git a/lib/ssl/doc/src/create_certs.xml b/lib/ssl/doc/src/create_certs.xml index 15958ee457..79cc8a0537 100644 --- a/lib/ssl/doc/src/create_certs.xml +++ b/lib/ssl/doc/src/create_certs.xml @@ -98,12 +98,12 @@ <title>Creating the Erlang root CA</title> <p>The Erlang root CA is created with the command</p> <code type="none"> -\011openssl req -new -x509 -config /some/path/req.cnf \\ -\011 -keyout /some/path/key.pem -out /some/path/cert.pem </code> + openssl req -new -x509 -config /some/path/req.cnf \\ + -keyout /some/path/key.pem -out /some/path/cert.pem </code> <p>where the option <c>-new</c> indicates that we want to create a new certificate request and the option <c>-x509</c> implies that a self-signed certificate is created. - </p> + </p> </section> <section> @@ -111,12 +111,12 @@ <p>The OTP CA is created by first creating a certificate request with the command</p> <code type="none"> -\011openssl req -new -config /some/path/req.cnf \\ -\011 -keyout /some/path/key.pem -out /some/path/req.pem </code> + openssl req -new -config /some/path/req.cnf \\ + -keyout /some/path/key.pem -out /some/path/req.pem </code> <p>and the ask the Erlang CA to sign it:</p> <code type="none"> -\011openssl ca -batch -notext -config /some/path/req.cnf \\ -\011 -extensions ca_cert -in /some/path/req.pem -out /some/path/cert.pem </code> + openssl ca -batch -notext -config /some/path/req.cnf \\ + -extensions ca_cert -in /some/path/req.pem -out /some/path/cert.pem </code> <p>where the option <c>-extensions</c> refers to a section in the configuration file saying that it should create a CA certificate, and not a plain user certificate. diff --git a/lib/ssl/doc/src/new_ssl.xml b/lib/ssl/doc/src/new_ssl.xml index f50f714fe6..a11919eb51 100644 --- a/lib/ssl/doc/src/new_ssl.xml +++ b/lib/ssl/doc/src/new_ssl.xml @@ -437,30 +437,17 @@ end </func> <func> - <name>peercert(Socket) -> </name> - <name>peercert(Socket, Opts) -> {ok, Cert} | {error, Reason}</name> + <name>peercert(Socket) -> {ok, Cert} | {error, Reason}</name> <fsummary>Return the peer certificate.</fsummary> <type> <v>Socket = sslsocket()</v> - <v>Opts = [] | [otp] | [plain] </v> - <v>Cert = term()</v> + <v>Cert = binary()</v> <v>Subject = term()</v> </type> <desc> - <p><c>peercert(Cert)</c> is equivalent to <c>peercert(Cert, [])</c>. - </p> - <p>The form of the returned certificate depends on the - options. - </p> - <p>If the options list is empty the certificate is returned as - a DER encoded binary. - </p> - <p>The option <c>otp</c> or <c>plain</c> implies that the - certificate will be returned as a parsed ASN.1 structure in the - form of an Erlang term. For detail see the public_key application. - Currently only plain is officially supported see the public_key users - guide. - </p> + <p>The peer certificate is returned as a DER encoded binary. + The certificate can be decoded with <c>public_key:pkix_decode_cert/2</c>. + </p> </desc> </func> <func> diff --git a/lib/ssl/doc/src/pkix_certs.xml b/lib/ssl/doc/src/pkix_certs.xml index 47818c1b7d..1de807cadc 100644 --- a/lib/ssl/doc/src/pkix_certs.xml +++ b/lib/ssl/doc/src/pkix_certs.xml @@ -34,219 +34,24 @@ <p>Certificates were originally defined by ITU (CCITT) and the latest definitions are described in <cite id="X.509"></cite>, but those definitions are (as always) not working. - </p> + </p> <p>Working certificate definitions for the Internet Community are found - in the the PKIX RFCs <cite id="rfc3279"></cite>and <cite id="rfc3280"></cite>. + in the the PKIX RFCs <cite id="rfc3279"></cite> and <cite id="rfc3280"></cite>. The parsing of certificates in the Erlang/OTP SSL application is based on those RFCS. - </p> + </p> <p>Certificates are defined in terms of ASN.1 (<cite id="X.680"></cite>). For an introduction to ASN.1 see <url href="http://asn1.elibel.tm.fr/">ASN.1 Information Site</url>. - </p> + </p> </section> <section> <title>PKIX Certificates</title> - <p>Here we base the PKIX certificate definitions in RFCs <cite id="rfc3279"></cite>and <cite id="rfc3280"></cite>. We however present the - definitions according to <c>SSL-PKIX.asn1</c> module, - which is an amelioration of the <c>PKIX1Explicit88.asn1</c>, - <c>PKIX1Implicit88.asn1</c>, and <c>PKIX1Algorithms88.asn1</c> - modules. You find all these modules in the <c>pkix</c> subdirectory - of SSL. - </p> - <p>The Erlang terms that are returned by the functions - <c>ssl:peercert/1/2</c>, <c>ssl_pkix:decode_cert/1/2</c>, and - <c>ssl_pkix:decode_cert_file/1/2</c> when the option <c>ssl</c> - is used in those functions, correspond the ASN.1 structures - described in the sequel. - </p> - - <section> - <title>Certificate and TBSCertificate</title> - <code type="none"> -Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm SignatureAlgorithm, - signature BIT STRING } - -TBSCertificate ::= SEQUENCE { - version [0] Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature SignatureAlgorithm, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - extensions [3] Extensions OPTIONAL - -- If present, version MUST be v3 -- } - -Version ::= INTEGER { v1(0), v2(1), v3(2) } - -CertificateSerialNumber ::= INTEGER - -Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - </code> - <p>The meaning of the fields <c>version</c>, <c>serialNumber</c>, - and <c>validity</c> are quite obvious given the type definitions - above, so we do not go further into their details. - </p> - <p>The <c>signatureAlgorithm</c> field of <c>Certificate</c> and - the <c>signature</c> field of <c>TBSCertificate</c> contain - the name and parameters of the algorithm used for signing the - certificate. The values of these two fields must be equal. - </p> - <p>The <c>signature</c> field of <c>Certificate</c> contains the - value of the signature that the issuer computed by using the - prescribed algorithm. - </p> - <p>The <c><![CDATA[issuer<c> and <c>subject]]></c> fields can contain many - different types av data, and is therefore considered in a - separate section. The same holds for the <c>extensions</c> - field. - The <c>issuerUniqueID</c> and the <c>subjectUniqueID</c> fields - are not considered further.</p> - </section> - - <section> - <title>TBSCertificate issuer and subject</title> - <p></p> - <code type="none"><![CDATA[ -Name ::= CHOICE { -- only one possibility for now -- - rdnSequence RDNSequence } - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -DistinguishedName ::= RDNSequence - -RelativeDistinguishedName ::= - SET SIZE (1 .. MAX) OF AttributeTypeAndValue - -AttributeTypeAndValue ::= SEQUENCE { - type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id -\011\011({SupportedAttributeTypeAndValues}), - value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type -\011\011({SupportedAttributeTypeAndValues}{@type}) } - -SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= -\011{ name | surname | givenName | initials | generationQualifier | -\011 commonName | localityName | stateOrProvinceName | organizationName | -\011 organizationalUnitName | title | dnQualifier | countryName | -\011 serialNumber | pseudonym | domainComponent | emailAddress } ]]></code> - </section> - - <section> - <title>TBSCertificate extensions</title> - <p>The <c>extensions</c> field of a <c>TBScertificate</c> is a - sequence of type <c>Extension</c>, defined as follows,</p> - <code type="none"> -Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue ANY } </code> - <p>Each extension has a unique object identifier. An extension - with a <c>critical</c> value set to <c>TRUE</c><em>must</em> - be recognised by the reader of a certificate, or else the - certificate must be rejected. - </p> - <p>Extensions are divided into two groups: standard extensions - and internet certificate extensions. All extensions listed in - the table that follows are standard extensions, except for - <c>authorityInfoAccess</c> and <c>subjectInfoAccess</c>, which - are internet extensions. - </p> - <p>Depending on the object identifier the <c>extnValue</c> is - parsed into an appropriate welldefined structure. - </p> - <p>The following table shows the purpose of each extension, but - does not specify the structure. To see the structure consult - the <c>PKIX1Implicit88.asn1</c> module. - </p> - <table> - <row> - <cell align="left" valign="middle">authorityKeyIdentifier</cell> - <cell align="left" valign="middle">Used by to identify a certificate signed that has multiple signing keys. </cell> - </row> - <row> - <cell align="left" valign="middle">subjectKeyIdentifier</cell> - <cell align="left" valign="middle">Used to identify certificates that contain a public key. Must appear i CA certificates.</cell> - </row> - <row> - <cell align="left" valign="middle">keyUsage </cell> - <cell align="left" valign="middle">Defines the purpose of the certificate. Can be one or several of<c>digitalSignature</c>, <c>nonRepudiation</c>,<c>keyEncipherment</c>, <c>dataEncipherment</c>,<c>keyAgreement</c>, <c>keyCertSign</c>, <c>cRLSign</c>,<c>encipherOnly</c>, <c>decipherOnly</c>.</cell> - </row> - <row> - <cell align="left" valign="middle">privateKeyUsagePeriod </cell> - <cell align="left" valign="middle">Allows certificate issuer to provide a private key usage period to be short than the certificate usage period.</cell> - </row> - <row> - <cell align="left" valign="middle">certificatePolicies</cell> - <cell align="left" valign="middle">Contains one or more policy information terms indicating the policies under which the certificate has been issued.</cell> - </row> - <row> - <cell align="left" valign="middle">policyMappings</cell> - <cell align="left" valign="middle">Used i CA certificates. </cell> - </row> - <row> - <cell align="left" valign="middle">subjectAltName</cell> - <cell align="left" valign="middle">Allows additional identities to be bound the the subject. </cell> - </row> - <row> - <cell align="left" valign="middle">issuerAltName</cell> - <cell align="left" valign="middle">Allows additional identities to be bound the the issuer.</cell> - </row> - <row> - <cell align="left" valign="middle">subjectDirectoryAttributes</cell> - <cell align="left" valign="middle">Conveys identity attributes of the subject.</cell> - </row> - <row> - <cell align="left" valign="middle">basicConstraints</cell> - <cell align="left" valign="middle">Tells if the certificate holder is a CA or not.</cell> - </row> - <row> - <cell align="left" valign="middle">nameConstraints</cell> - <cell align="left" valign="middle">Used in CA certificates.</cell> - </row> - <row> - <cell align="left" valign="middle">policyConstraints</cell> - <cell align="left" valign="middle">Used in CA certificates.</cell> - </row> - <row> - <cell align="left" valign="middle">extKeyUsage</cell> - <cell align="left" valign="middle">Indicates for which purposed the public key may be used. </cell> - </row> - <row> - <cell align="left" valign="middle">cRLDistributionPoints</cell> - <cell align="left" valign="middle">Indicates how CRL (Certificate Revokation List) information is obtained.</cell> - </row> - <row> - <cell align="left" valign="middle">inhibitAnyPolicy</cell> - <cell align="left" valign="middle">Used i CA certificates.</cell> - </row> - <row> - <cell align="left" valign="middle">freshestCRL</cell> - <cell align="left" valign="middle">For CRLs.</cell> - </row> - <row> - <cell align="left" valign="middle">authorityInfoAccess</cell> - <cell align="left" valign="middle">How to access CA information of the issuer of the certificate.</cell> - </row> - <row> - <cell align="left" valign="middle">subjectInfoAccess</cell> - <cell align="left" valign="middle">How to access CA information of the subject of the certificate.</cell> - </row> - <tcaption>PKIX Extensions</tcaption> - </table> - </section> + <p>Certificate handling is now handled by the <c>public_key</c> application.</p> + <p> + DER encoded certificates returned by <c>ssl:peercert/1</c> can for example + be decoded by the <c>public_key:pkix_decode_cert/2</c> function. + </p> </section> </chapter> diff --git a/lib/ssl/doc/src/remember.xml b/lib/ssl/doc/src/remember.xml deleted file mode 100644 index 799627a33c..0000000000 --- a/lib/ssl/doc/src/remember.xml +++ /dev/null @@ -1,83 +0,0 @@ -<?xml version="1.0" encoding="latin1" ?> -<!DOCTYPE chapter SYSTEM "chapter.dtd"> - -<chapter> - <header> - <copyright> - <year>2003</year><year>2009</year> - <holder>Ericsson AB. All Rights Reserved.</holder> - </copyright> - <legalnotice> - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. - - </legalnotice> - - <title>PKIX Certificates</title> - <prepared>UAB/F/P Peter Högfeldt</prepared> - <docno></docno> - <date>2003-06-09</date> - <rev>A</rev> - <file>pkix_certs.sgml</file> - </header> - - <section> - <title>Introduction to Certificates</title> - <p><em>Outline:</em></p> - <list type="bulleted"> - <item>SSL/TLS protocol - server must have certificate - -what - the the server sends to the client - client may verify the - server - server may ask client for certificate - what the - client sends to the server - server may then verify the client - - verification - certificate chains - root certificates - - public keys - key agreement - purpose of certificate - main - contents of certificate - contents have increased as time went - by - common file formats for certificates. - </item> - <item>private keys - password protection - key generation - file - formats. - </item> - <item>ssl_pkix and alternate decodings. - </item> - <item>Attribute Certificates (not used by SSL). - </item> - <item>Certificate requests - certificate authorities - signing of - certificates - certificate revocation lists. - </item> - <item>standards: ASN.1, X.509, X.520, PKIX, PKCS, PEM. - </item> - <item>incompatibilities between standards (X.509-1997 vs old) - the - ASN.1 problem of ANY, BIT STRING and OCTET STRING - the module - ssl_pkix. - </item> - <item>test suites: NIST - </item> - <item>Warnings: *creation* of trusted certificate (OpenSSL). - </item> - <item>Erlang SSL and certificates - </item> - <item>The need for seeding the random generator. See also John - S. Denker: High-Entropy Symbol Generator - (http://www.monmouth.com/~jsd). - </item> - <item>links to standards and documents. Books (Rescorla). - </item> - <item>ASN.1 crash course. - </item> - <item>Nagel algorithm. - </item> - </list> - <p>For an introduction to ASN.1 see <url href="http://asn1.elibel.tm.fr/">ASN.1 Information Site</url>. - </p> - </section> -</chapter> - - diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 9b780b14ce..217eb791d0 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -347,39 +347,17 @@ </desc> </func> <func> - <name>peercert(Socket) -> </name> - <name>peercert(Socket, Opts) -> {ok, Cert} | {ok, Subject} | {error, Reason}</name> + <name>peercert(Socket) -> {ok, Cert} | {error, Reason}</name> <fsummary>Return the peer certificate.</fsummary> <type> <v>Socket = sslsocket()</v> - <v>Opts = [pkix | ssl | subject]()</v> - <v>Cert = term()()</v> + <v>Cert = binary()()</v> <v>Subject = term()()</v> </type> <desc> - <p><c>peercert(Cert)</c> is equivalent to <c>peercert(Cert, [])</c>. - </p> - <p>The form of the returned certificate depends on the - options. - </p> - <p>If the options list is empty the certificate is returned as - a DER encoded binary. - </p> - <p>The options <c>pkix</c> and <c>ssl</c> implies that the - certificate is returned as a parsed ASN.1 structure in the - form of an Erlang term. - </p> - <p>The <c>ssl</c> option gives a more elaborate return - structure, with more explicit information. In particular - object identifiers are replaced by atoms. - </p> - <p>The options <c>pkix</c>, and <c>ssl</c> are mutually - exclusive. - </p> - <p>The option <c>subject</c> implies that only the subject's - distinguished name part of the peer certificate is returned. - It can only be used together with the option <c>pkix</c> or - the option <c>ssl</c>.</p> + <p>Returns the DER encoded peer certificate, the certificate can be decoded with + <c>public_key:pkix_decode_cert/2</c>. + </p> </desc> </func> <func> @@ -719,8 +697,7 @@ <section> <title>SEE ALSO</title> - <p>gen_tcp(3), inet(3) - </p> + <p>gen_tcp(3), inet(3) public_key(3) </p> </section> </erlref> diff --git a/lib/stdlib/src/c.erl b/lib/stdlib/src/c.erl index 9e4cec5db2..433833e233 100644 --- a/lib/stdlib/src/c.erl +++ b/lib/stdlib/src/c.erl @@ -197,7 +197,9 @@ nc(File, Opts0) when is_list(Opts0) -> Opts = Opts0 ++ [report_errors, report_warnings], case compile:file(File, Opts) of {ok,Mod} -> - Fname = concat([File, code:objfile_extension()]), + Dir = outdir(Opts), + Obj = filename:basename(File, ".erl") ++ code:objfile_extension(), + Fname = filename:join(Dir, Obj), case file:read_file(Fname) of {ok,Bin} -> rpc:eval_everywhere(code,load_binary,[Mod,Fname,Bin]), diff --git a/lib/stdlib/test/c_SUITE.erl b/lib/stdlib/test/c_SUITE.erl index 5608d73d19..2edbc7ab4c 100644 --- a/lib/stdlib/test/c_SUITE.erl +++ b/lib/stdlib/test/c_SUITE.erl @@ -18,15 +18,16 @@ %% -module(c_SUITE). -export([all/1]). --export([c_1/1, c_2/1, c_3/1, c_4/1, memory/1]). +-export([c_1/1, c_2/1, c_3/1, c_4/1, nc_1/1, nc_2/1, nc_3/1, nc_4/1, + memory/1]). -include("test_server.hrl"). --import(c, [c/2]). +-import(c, [c/2, nc/2]). all(doc) -> ["Test cases for the 'c' module."]; all(suite) -> - [c_1, c_2, c_3, c_4, memory]. + [c_1, c_2, c_3, c_4, nc_1, nc_2, nc_3, nc_4, memory]. %%% Write output to a directory other than current directory: @@ -34,7 +35,7 @@ c_1(doc) -> ["Checks that c:c works also with option 'outdir' [ticket OTP-1209]."]; c_1(suite) -> []; -c_1(Config) when list(Config) -> +c_1(Config) when is_list(Config) -> ?line R = filename:join(?config(data_dir, Config), "m.erl"), ?line W = ?config(priv_dir, Config), ?line Result = c(R,[{outdir,W}]), @@ -44,7 +45,7 @@ c_2(doc) -> ["Checks that c:c works also with option 'outdir' [ticket OTP-1209]."]; c_2(suite) -> []; -c_2(Config) when list(Config) -> +c_2(Config) when is_list(Config) -> ?line R = filename:join(?config(data_dir, Config), "m"), ?line W = ?config(priv_dir, Config), ?line Result = c(R,[{outdir,W}]), @@ -59,7 +60,7 @@ c_3(doc) -> "directory). [ticket OTP-1209]."]; c_3(suite) -> []; -c_3(Config) when list(Config) -> +c_3(Config) when is_list(Config) -> ?line R = filename:join(?config(data_dir, Config), "m.erl"), ?line W = ?config(priv_dir, Config), ?line file:set_cwd(W), @@ -71,18 +72,68 @@ c_4(doc) -> "directory). [ticket OTP-1209]."]; c_4(suite) -> []; -c_4(Config) when list(Config) -> +c_4(Config) when is_list(Config) -> ?line R = filename:join(?config(data_dir, Config), "m"), ?line W = ?config(priv_dir, Config), ?line file:set_cwd(W), ?line Result = c(R,[{outdir,W}]), ?line {ok, m} = Result. +%%% Write output to a directory other than current directory: + +nc_1(doc) -> + ["Checks that c:nc works also with option 'outdir'."]; +nc_1(suite) -> + []; +nc_1(Config) when is_list(Config) -> + ?line R = filename:join(?config(data_dir, Config), "m.erl"), + ?line W = ?config(priv_dir, Config), + ?line Result = nc(R,[{outdir,W}]), + ?line {ok, m} = Result. + +nc_2(doc) -> + ["Checks that c:nc works also with option 'outdir'."]; +nc_2(suite) -> + []; +nc_2(Config) when is_list(Config) -> + ?line R = filename:join(?config(data_dir, Config), "m"), + ?line W = ?config(priv_dir, Config), + ?line Result = nc(R,[{outdir,W}]), + ?line {ok, m} = Result. + + +%%% Put results in current directory (or rather, change current dir +%%% to the output dir): + +nc_3(doc) -> + ["Checks that c:nc works also with option 'outdir' (same as current" + "directory)."]; +nc_3(suite) -> + []; +nc_3(Config) when is_list(Config) -> + ?line R = filename:join(?config(data_dir, Config), "m.erl"), + ?line W = ?config(priv_dir, Config), + ?line file:set_cwd(W), + ?line Result = nc(R,[{outdir,W}]), + ?line {ok, m} = Result. + +nc_4(doc) -> + ["Checks that c:nc works also with option 'outdir' (same as current" + "directory)."]; +nc_4(suite) -> + []; +nc_4(Config) when is_list(Config) -> + ?line R = filename:join(?config(data_dir, Config), "m"), + ?line W = ?config(priv_dir, Config), + ?line file:set_cwd(W), + ?line Result = nc(R,[{outdir,W}]), + ?line {ok, m} = Result. + memory(doc) -> ["Checks that c:memory/[0,1] returns consistent results."]; memory(suite) -> []; -memory(Config) when list(Config) -> +memory(Config) when is_list(Config) -> try ?line ML = c:memory(), ?line T = mget(total, ML), @@ -112,5 +163,5 @@ mget(K, L) -> ?line test_v(V). % Help function for c_SUITE:memory/1 -test_v(V) when integer(V) -> +test_v(V) when is_integer(V) -> ?line V. diff --git a/lib/tools/doc/src/notes.xml b/lib/tools/doc/src/notes.xml index 59f600145e..e6c074cc7d 100644 --- a/lib/tools/doc/src/notes.xml +++ b/lib/tools/doc/src/notes.xml @@ -30,6 +30,21 @@ </header> <p>This document describes the changes made to the Tools application.</p> +<section><title>Tools 2.6.5.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>A bug concerning bit comprehensions has been fixed + in Cover. The bug was introduced in R13B03. + (Thanks to Matthew Sackman.)</p> + <p>Own Id: OTP-8340</p> + </item> + </list> + </section> + +</section> + <section><title>Tools 2.6.5</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/tools/src/cover.erl b/lib/tools/src/cover.erl index aff3927db3..1a7ebdc69a 100644 --- a/lib/tools/src/cover.erl +++ b/lib/tools/src/cover.erl @@ -1685,8 +1685,8 @@ munge_expr({lc,Line,Expr,Qs}, Vars) -> {MungedQs, Vars3} = munge_qualifiers(Qs, Vars2), {{lc,Line,MungedExpr,MungedQs}, Vars3}; munge_expr({bc,Line,Expr,Qs}, Vars) -> - {bin,BLine,[{bin_element,EL,Val,Sz,TSL}]} = Expr, - Expr2 = {bin,BLine,[{bin_element,EL,?BLOCK1(Val),Sz,TSL}]}, + {bin,BLine,[{bin_element,EL,Val,Sz,TSL}|Es]} = Expr, + Expr2 = {bin,BLine,[{bin_element,EL,?BLOCK1(Val),Sz,TSL}|Es]}, {MungedExpr,Vars2} = munge_expr(Expr2, Vars), {MungedQs, Vars3} = munge_qualifiers(Qs, Vars2), {{bc,Line,MungedExpr,MungedQs}, Vars3}; diff --git a/lib/tools/vsn.mk b/lib/tools/vsn.mk index 644e8b719b..13cf5af9f5 100644 --- a/lib/tools/vsn.mk +++ b/lib/tools/vsn.mk @@ -16,4 +16,4 @@ # # %CopyrightEnd% -TOOLS_VSN = 2.6.5 +TOOLS_VSN = 2.6.5.1 diff --git a/lib/wx/configure.in b/lib/wx/configure.in index 7dc8d6e831..2b47f86baa 100755 --- a/lib/wx/configure.in +++ b/lib/wx/configure.in @@ -1,3 +1,21 @@ +dnl Process this file with autoconf to produce a configure script. -*-m4-*- + +dnl %CopyrightBegin% +dnl +dnl Copyright Ericsson AB 2008-2009. All Rights Reserved. +dnl +dnl The contents of this file are subject to the Erlang Public License, +dnl Version 1.1, (the "License"); you may not use this file except in +dnl compliance with the License. You should have received a copy of the +dnl Erlang Public License along with this software. If not, it can be +dnl retrieved online at http://www.erlang.org/. +dnl +dnl Software distributed under the License is distributed on an "AS IS" +dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +dnl the License for the specific language governing rights and limitations +dnl under the License. +dnl +dnl %CopyrightEnd% AC_INIT() @@ -101,7 +119,7 @@ AC_SUBST(MIXED_CYGWIN) ## Check that we are in 32 bits mode on darwin ## (wxWidgets require that it currently uses 32-bits Carbon) ## Otherwise skip building wxErlang -AC_CHECK_SIZEOF(void *, 4) +AC_CHECK_SIZEOF(void *) case $ac_cv_sizeof_void_p-$host_os in 8-darwin*) |