| Age | Commit message (Collapse) | Author |
|---|
|
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193:
ssl: Engine key trumps certfile option
|
|
* ingela/maint-20/chipher-suite-handling/OTP-15178:
ssl: Prepare for release
ssl: Fix test case to only check relevant info for the test
ssl: Correct connection_information on ECC-curves
ssl: No cipher suite sign restriction in TLS-1.2
ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5
ssl: anon test should use dh or ecdh anon keyexchange
ssl: Correct key_usage check
ssl: Fix ECDSA key decode clause
ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling
ssl: Run all test case combinations
ssl: Correct ECC suite and DTLS ECC handling
|
|
* sverker/kernel/silence-dialyzer/OTP-15170:
kernel: Silence dialyzer
|
|
* john/erts/inet-drv-race/OTP-15158/ERL-654:
Fix a race condition when generating async operation ids
|
|
|
|
|
|
Conflicts:
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
Conflicts:
lib/ssl/test/ssl_ECC_SUITE.erl
|
|
Failing to recognize psk as an anonymous key exchange would fail the connection
when trying to decode an undefined certificate.
|
|
|
|
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
In SSL/TLS, when the server certificate contains a RSA key, then:
either a DHE or ECDHE cipher suite is used, in which case the RSA key
is used for a signature (see section 7.4.3 of RFC 5246: the "Server
Key Exchange" message); this exercises the digitalSignature key usage;
or "plain RSA" is used, with a random value (the 48-byte pre-master
secret) being encrypted by the client with the server's public key
(see section 7.4.7.1 of RFC 5246); this is right in the definition of
the keyEncipherment key usage flag.
dataEncipherment does not apply, because what is encrypted is not
directly meaningful data, but a value which is mostly generated
randomly and used to derive symmetric keys. keyAgreement does not
apply either, because that one is for key agreement algorithms which
are not a case of asymmetric encryption (e.g. Diffie-Hellman). The
keyAgreement usage flag would appear in a certificate which contains a
DH key, not a RSA key. nonRepudiation is not used, because whatever is
signed as part of a SSL/TLS key exchange cannot be used as proof for a
third party (there is nothing in a SSL/TLS tunnel that the client
could record and then use to convince a judge when tring to sue the
server itself; the data which is exchanged within the tunnel is not
signed by the server).
When a ECDSA key is used then "keyAgreement" flag is needed for beeing
ECDH "capable" (as opposed to ephemeral ECDHE)
|
|
|
|
ECDH suite handling did not use the EC parameters form the certs
as expected.
Conflicts:
lib/ssl/src/ssl_cipher.erl
|
|
Fix test case code to use keyAgreement for ECDH_ECDSA
Conflicts:
lib/ssl/test/ssl_ECC.erl
lib/ssl/test/ssl_ECC_openssl_SUITE.erl
lib/ssl/test/ssl_to_openssl_SUITE.erl
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/test/Makefile
lib/ssl/test/ssl_ECC.erl
lib/ssl/test/ssl_ECC_SUITE.erl
lib/ssl/test/ssl_ECC_openssl_SUITE.erl
|
|
|
|
|
|
|
|
into maint-20
* john/erts/fix-process-schedule-after-free/OTP-15067/ERL-573:
Don't enqueue system tasks if target process is in fail_state
Fix erroneous schedule of freed/exiting processes
Fix deadlock in run queue evacuation
Fix memory leak of processes that died in the run queue
|
|
* sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160:
ic: Fix buffer overrun bug in oe_ei_encode_atom
|
|
maint-20
* sverker/erl_interface/simultaneous-connect/OTP-15161:
erl_interface: Fix simultaneous connection setup
|
|
* sverker/kernel/tick-fixes/OTP-15162:
kernel: Fix tick count bug when pending writes
kernel: Send tick to hidden node even if pending writes
|
|
|
|
as c-nodes need ticks to send ticks.
|
|
bug exists since OTP-20.3.4
1d3acb70debd134c8346b7e98347171d5cf6fc62
|
|
The counter used for generating async operation ids was a plain int
shared between all ports, which was incorrect but mostly worked
fine since the ids only had to be unique on a per-port basis.
However, some compilers (notably GCC 8.1.1) generated code that
assumed that this value didn't change between reads. Using a
shortened version of enq_async_w_tmo as an example:
int id = async_ref++;
op->id = id; //A
return id; //B
In GCC 7 and earlier, `async_ref` would be read once and assigned
to `id` before being incremented, which kept the values at A and B
consistent. In GCC 8, `async_ref` was read when assigned at A and
read again at B, and then incremented, which made them inconsistent
if we raced with another port.
This commit fixes the issue by removing `async_ref` altogether and
replacing it with a per-port counter which makes it impossible to
race with someone else.
|
|
|
|
|
|
* hans/ssh/sftp_ver4_xfer/ERIERL-199/OTP-15149:
ssh: Fix ssh_xfer decode_ATTR error for Vsn=4
|
|
* hans/ssh/sftp_error_codes/ERIERL-194/OTP-15148:
ssh: Report the signal name if there is an exit-signal to sftpd
ssh: Bug fix sftp error codes
|
|
maint-20
* hasse/syntax_tools/fix_map_type/OTP-15098/ERIERL-177:
syntax_tools: Fix a bug regarding reverting map types.
|
|
* hans/ftp/socket_opts/ERIERL-192/OTP-15120:
ftp: Disallow 'packet_size' for low-level options
ftp: Socket options
|
|
|
|
Report the signal name if the signal error message is ""
Do not report a return code of 0 as an error.
|
|
|
|
|
|
by also accepting status "ok_simultaneous".
|
|
|
|
|
|
The fail state wasn't re-checked in the state change loop; only
the FREE state was checked. In addition to that, we would leave
the task in the queue when bailing out which could lead to a
double-free.
This commit backports active_sys_enqueue from master to make it
easier to merge onwards.
|
|
When scheduled out, the process was never checked for the FREE state
before rescheduling, which meant that a system task could sneak in
and cause a double-free later on.
|
|
|
|
|
|
maint-20
* raimo/snmp/parse-mc_new_type-first/ERIERL-161/OTP-14196:
Add test case
Parse #mc_new_type{}s before definitions_loop/2
|
|
* sverker/ets-auto-unfix-delete-race/OTP-15109:
erts: Fix race between ets table deletion and auto-unfix
|
|
|
|
|
|
|
|
|
