aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-02Updated OTP versionOTP-20.3.8.4Erlang/OTP
2018-08-02Prepare releaseErlang/OTP
2018-08-02Merge branch 'raimo/asn1/fix-ber-decode-recursion/ERIERL-220/OTP-14440' into ↵Erlang/OTP
maint-20 * raimo/asn1/fix-ber-decode-recursion/ERIERL-220/OTP-14440: Fix NIF stack recursion bug and enforce a limit
2018-08-02Fix NIF stack recursion bug and enforce a limitRaimo Niskanen
Fix recursion bug when decoding Constructed value within another value - here the allowed buffer for the recursed decode shall only be the size of the enclosing value, not the whole buffer. Return ASN1_ERROR if BER decode recurses more than about 8 kWords.
2018-07-20Updated OTP versionOTP-20.3.8.3Erlang/OTP
2018-07-20Prepare releaseErlang/OTP
2018-07-20Merge branch ↵Erlang/OTP
'ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192' into maint-20 * ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192: inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'sverker/crash-dump-crash-literals/OTP-15181' into maint-20Erlang/OTP
* sverker/crash-dump-crash-literals/OTP-15181: erts: Fix bug in crash dump generation
2018-07-20Merge branch 'sverker/ic/encode-long-buffer-overflow/OTP-15179' into maint-20Erlang/OTP
* sverker/ic/encode-long-buffer-overflow/OTP-15179: ic: Tweak tests to provoke more outbuf reallocations ic: Fix memory leak in oe_ei_decode_wstring ic: Fix correct external format sizes
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-20Merge branch 'ingela/maint-20/chipher-suite-handling/OTP-15178' into maint-20Erlang/OTP
* ingela/maint-20/chipher-suite-handling/OTP-15178: ssl: Prepare for release ssl: Fix test case to only check relevant info for the test ssl: Correct connection_information on ECC-curves ssl: No cipher suite sign restriction in TLS-1.2 ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5 ssl: anon test should use dh or ecdh anon keyexchange ssl: Correct key_usage check ssl: Fix ECDSA key decode clause ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling ssl: Run all test case combinations ssl: Correct ECC suite and DTLS ECC handling
2018-07-20Merge branch 'sverker/kernel/silence-dialyzer/OTP-15170' into maint-20Erlang/OTP
* sverker/kernel/silence-dialyzer/OTP-15170: kernel: Silence dialyzer
2018-07-20Merge branch 'john/erts/inet-drv-race/OTP-15158/ERL-654' into maint-20Erlang/OTP
* john/erts/inet-drv-race/OTP-15158/ERL-654: Fix a race condition when generating async operation ids
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-17inets: Prepare for releaseIngela Anderton Andin
2018-07-17inets: Improve error handlingIngela Anderton Andin
2018-07-12erts: Fix bug in crash dump generationSverker Eriksson
Symptom: emulator core dumps during crash dump generation. Problem: erts_dump_lit_areas did not grow correctly to always be equal or larger than number of loaded modules. The comment about twice the size to include both curr and old did not seem right. The beam_ranges structure contains *all* loaded module instances until they are removed when purged.
2018-07-11ic: Tweak tests to provoke more outbuf reallocationsSverker Eriksson
Docs says min _memchunk is 32, so lets use that.
2018-07-11ic: Fix memory leak in oe_ei_decode_wstringSverker Eriksson
2018-07-11ic: Fix correct external format sizesSverker Eriksson
longs, longlongs and wchar were too small on 64-bit which could lead to potential buffer overflow at encoding. __OE_DOUBLESZ__ was too big, probably due to old text format.
2018-07-10ssl: Prepare for releaseIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-07-03kernel: Silence dialyzerSverker Eriksson
2018-06-28Updated OTP versionOTP-20.3.8.2Erlang/OTP
2018-06-28Prepare releaseErlang/OTP
2018-06-28Merge branch 'john/erts/fix-process-schedule-after-free/OTP-15067/ERL-573' ↵Erlang/OTP
into maint-20 * john/erts/fix-process-schedule-after-free/OTP-15067/ERL-573: Don't enqueue system tasks if target process is in fail_state Fix erroneous schedule of freed/exiting processes Fix deadlock in run queue evacuation Fix memory leak of processes that died in the run queue
2018-06-28Merge branch 'sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160' into maint-20Erlang/OTP
* sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160: ic: Fix buffer overrun bug in oe_ei_encode_atom
2018-06-28Merge branch 'sverker/erl_interface/simultaneous-connect/OTP-15161' into ↵Erlang/OTP
maint-20 * sverker/erl_interface/simultaneous-connect/OTP-15161: erl_interface: Fix simultaneous connection setup
2018-06-28Merge branch 'sverker/kernel/tick-fixes/OTP-15162' into maint-20Erlang/OTP
* sverker/kernel/tick-fixes/OTP-15162: kernel: Fix tick count bug when pending writes kernel: Send tick to hidden node even if pending writes
2018-06-28kernel: Fix tick count bug when pending writesSverker Eriksson
2018-06-28kernel: Send tick to hidden node even if pending writesSverker Eriksson
as c-nodes need ticks to send ticks.
2018-06-28ic: Fix buffer overrun bug in oe_ei_encode_atomSverker Eriksson
bug exists since OTP-20.3.4 1d3acb70debd134c8346b7e98347171d5cf6fc62
2018-06-28Fix a race condition when generating async operation idsJohn Högberg
The counter used for generating async operation ids was a plain int shared between all ports, which was incorrect but mostly worked fine since the ids only had to be unique on a per-port basis. However, some compilers (notably GCC 8.1.1) generated code that assumed that this value didn't change between reads. Using a shortened version of enq_async_w_tmo as an example: int id = async_ref++; op->id = id; //A return id; //B In GCC 7 and earlier, `async_ref` would be read once and assigned to `id` before being incremented, which kept the values at A and B consistent. In GCC 8, `async_ref` was read when assigned at A and read again at B, and then incremented, which made them inconsistent if we raced with another port. This commit fixes the issue by removing `async_ref` altogether and replacing it with a per-port counter which makes it impossible to race with someone else.
2018-06-21Updated OTP versionOTP-20.3.8.1Erlang/OTP
2018-06-21Prepare releaseErlang/OTP
2018-06-21Merge branch 'hans/ssh/sftp_ver4_xfer/ERIERL-199/OTP-15149' into maint-20Erlang/OTP
* hans/ssh/sftp_ver4_xfer/ERIERL-199/OTP-15149: ssh: Fix ssh_xfer decode_ATTR error for Vsn=4
2018-06-21Merge branch 'hans/ssh/sftp_error_codes/ERIERL-194/OTP-15148' into maint-20Erlang/OTP
* hans/ssh/sftp_error_codes/ERIERL-194/OTP-15148: ssh: Report the signal name if there is an exit-signal to sftpd ssh: Bug fix sftp error codes
2018-06-21Merge branch 'hasse/syntax_tools/fix_map_type/OTP-15098/ERIERL-177' into ↵Erlang/OTP
maint-20 * hasse/syntax_tools/fix_map_type/OTP-15098/ERIERL-177: syntax_tools: Fix a bug regarding reverting map types.
2018-06-21Merge branch 'hans/ftp/socket_opts/ERIERL-192/OTP-15120' into maint-20Erlang/OTP
* hans/ftp/socket_opts/ERIERL-192/OTP-15120: ftp: Disallow 'packet_size' for low-level options ftp: Socket options
2018-06-21ssh: Report the signal name if there is an exit-signal to sftpdHans Nilsson