aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2018-08-09Update release notesErlang/OTP
2018-08-09Update version numbersErlang/OTP
2018-08-09Merge branch 'dgud/mnesia/add_table_copy_ram/OTP-15226' into maint-20Erlang/OTP
* dgud/mnesia/add_table_copy_ram/OTP-15226: Relax add_table_copy restriction
2018-08-09Merge branch 'john/crypto/fix-segfault-on-badarg/OTP-15194/ERL-673' into ↵Erlang/OTP
maint-20 * john/crypto/fix-segfault-on-badarg/OTP-15194/ERL-673: crypto: Fix crash in compute_key(ecdh, ...) on badarg
2018-08-09Merge branch 'ingela/ssl/empty-sni/OTP-15168' into maint-20Erlang/OTP
* ingela/ssl/empty-sni/OTP-15168: ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/ssl/ECC/ERIERL-210/OTP-15203' into maint-20Erlang/OTP
* ingela/ssl/ECC/ERIERL-210/OTP-15203: ssl: Make sure that a correct cipher suite is selected
2018-08-09Merge branch ↵Erlang/OTP
'john/compiler/fix-deterministic-include-paths/OTP-15204/ERL-679' into maint-20 * john/compiler/fix-deterministic-include-paths/OTP-15204/ERL-679: Omit include path debug info for +deterministic builds
2018-08-09Merge branch 'dotsimon/ref_ordering_bug/OTP-15225' into maint-20Erlang/OTP
* dotsimon/ref_ordering_bug/OTP-15225: Fixed #Ref ordering bug Test #Ref ordering in lists and ets
2018-08-09Merge branch 'rickard/full-cache-nif-env/OTP-15223/ERL-695' into maint-20Erlang/OTP
* rickard/full-cache-nif-env/OTP-15223/ERL-695: Fix caching of NIF environment when executing dirty
2018-08-09Merge branch 'dgud/mnesia/master-nodes/OTP-15221' into maint-20Erlang/OTP
* dgud/mnesia/master-nodes/OTP-15221: Do NOT disc_load from ram_copies when master_node is set
2018-08-09crypto: Fix crash in compute_key(ecdh, ...) on badargJohn Högberg
When term2point was passed a non-binary argument, `my_ecpoint` would be left uninitialized and the cleanup code would free a garbage pointer.
2018-08-09Relax add_table_copy restrictionDan Gudmundsson
Allow to add replicas even if all other replicas are down when the other replicase are not stored on disk.
2018-08-09Omit include path debug info for +deterministic buildsJohn Högberg
Compiling the same file with different include paths resulted in different files with the `+deterministic` flag even if everything but the paths were identical. This was caused by the absolute path of each include directory being unconditionally included in a debug information chunk. This commit fixes this by only including this information in non-deterministic builds.
2018-08-09Fix caching of NIF environment when executing dirtyRickard Green
2018-08-09Fixed #Ref ordering bugSimon Cornish
2018-08-09Test #Ref ordering in lists and etsSimon Cornish
2018-08-08Do NOT disc_load from ram_copies when master_node is setDan Gudmundsson
Setting master_nodes to a node with ram_copies replica and that node had not loaded the table, could cause it load an empty table, even though (non master) nodes had disc_replicas. This meant that tables where unexpected empty after multiple failures happened. When this happen do not load the table and wait for user to force_load it on some node, preferably with a disk copy.
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-02Updated OTP versionOTP-20.3.8.4Erlang/OTP
2018-08-02Prepare releaseErlang/OTP
2018-08-02Merge branch 'raimo/asn1/fix-ber-decode-recursion/ERIERL-220/OTP-14440' into ↵Erlang/OTP
maint-20 * raimo/asn1/fix-ber-decode-recursion/ERIERL-220/OTP-14440: Fix NIF stack recursion bug and enforce a limit
2018-08-02Fix NIF stack recursion bug and enforce a limitRaimo Niskanen
Fix recursion bug when decoding Constructed value within another value - here the allowed buffer for the recursed decode shall only be the size of the enclosing value, not the whole buffer. Return ASN1_ERROR if BER decode recurses more than about 8 kWords.
2018-07-20Updated OTP versionOTP-20.3.8.3Erlang/OTP
2018-07-20Prepare releaseErlang/OTP
2018-07-20Merge branch ↵Erlang/OTP
'ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192' into maint-20 * ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192: inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'sverker/crash-dump-crash-literals/OTP-15181' into maint-20Erlang/OTP
* sverker/crash-dump-crash-literals/OTP-15181: erts: Fix bug in crash dump generation
2018-07-20Merge branch 'sverker/ic/encode-long-buffer-overflow/OTP-15179' into maint-20Erlang/OTP
* sverker/ic/encode-long-buffer-overflow/OTP-15179: ic: Tweak tests to provoke more outbuf reallocations ic: Fix memory leak in oe_ei_decode_wstring ic: Fix correct external format sizes
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-20Merge branch 'ingela/maint-20/chipher-suite-handling/OTP-15178' into maint-20Erlang/OTP
* ingela/maint-20/chipher-suite-handling/OTP-15178: ssl: Prepare for release ssl: Fix test case to only check relevant info for the test ssl: Correct connection_information on ECC-curves ssl: No cipher suite sign restriction in TLS-1.2 ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5 ssl: anon test should use dh or ecdh anon keyexchange ssl: Correct key_usage check ssl: Fix ECDSA key decode clause ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling ssl: Run all test case combinations ssl: Correct ECC suite and DTLS ECC handling
2018-07-20Merge branch 'sverker/kernel/silence-dialyzer/OTP-15170' into maint-20Erlang/OTP
* sverker/kernel/silence-dialyzer/OTP-15170: kernel: Silence dialyzer
2018-07-20Merge branch 'john/erts/inet-drv-race/OTP-15158/ERL-654' into maint-20Erlang/OTP
* john/erts/inet-drv-race/OTP-15158/ERL-654: Fix a race condition when generating async operation ids
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-17inets: Prepare for releaseIngela Anderton Andin
2018-07-17inets: Improve error handlingIngela Anderton Andin
2018-07-12erts: Fix bug in crash dump generationSverker Eriksson
Symptom: emulator core dumps during crash dump generation. Problem: erts_dump_lit_areas did not grow correctly to always be equal or larger than number of loaded modules. The comment about twice the size to include both curr and old did not seem right. The beam_ranges structure contains *all* loaded module instances until they are removed when purged.
2018-07-11ic: Tweak tests to provoke more outbuf reallocationsSverker Eriksson
Docs says min _memchunk is 32, so lets use that.
2018-07-11ic: Fix memory leak in oe_ei_decode_wstringSverker Eriksson
2018-07-11ic: Fix correct external format sizesSverker Eriksson
longs, longlongs and wchar were too small on 64-bit which could lead to potential buffer overflow at encoding. __OE_DOUBLESZ__ was too big, probably due to old text format.
2018-07-10ssl: Prepare for releaseIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-07-03kernel: Silence dialyzerSverker Eriksson