Age | Commit message (Collapse) | Author |
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Extend Travis CI to test more configurations
|
|
* siri/appups-19.3:
Update appups in kernel and stdlib for OTP-19.3
|
|
Build Erlang and run smoke test in a Docker container running
32-bit Linxux.
|
|
|
|
|
|
Since docker is run from the top-level of the otp repository, the
entire repository will be the context for the docker daemon. In my
private repository, more than 800Mb had to be copied before the
build could be started.
Let the ./scripts directory be the context for docker instead.
That way, only the otp.tar.gz file needs to be copied.
While we are it, also use the ADD command in the Dockerfiles to
pack up the tar file and avoid copying the tar file itself to
the Docker image.
|
|
* anders/diameter/capx_strictness/OTP-14257:
Add transport_opt() capx_strictness
|
|
|
|
* anders/diameter/19.3/OTP-14252:
vsn -> 1.12.2
Update appup for 19.3
|
|
* anders/diameter/19.2/failover/OTP-14206:
Avoid sending large terms between nodes unnecessarily
Don't use request table for answer routing
Fix/redo failover optimization
|
|
Pass all argument except the first as the command for "docker run".
|
|
* ingela/ssl/next-maint-version:
ssl: Version update
|
|
* ingela/ssl/dtls-cont:
dtls: Only test this for TLS for now
dtls: Avoid mixup of protocol to test
dtls: 'dtlsv1.2' corresponds to 'tlsv1.2'
dtls: Correct dialyzer spec and postpone inclusion of test
dtls: Erlang distribution over DTLS is not supported
dtls: Enable some DTLS tests in ssl_to_openssl_SUITE
dtls: Enable DTLS test in ssl_certificate_verify_SUITE
dtls: Hibernation and retransmit timers
dtls: Make sure retransmission timers are run
dtls: DTLS specific handling of socket and ciphers
|
|
We want to avoid failing test cases but still be able to merge
DTLS progress for 19.3
|
|
To allow the Peer State Machine requirement that only the expected
capabilities exchange message be received in the relevant state to be
relaxed. If {capx_strictness, false} is configured then anything bu the
expected CER/CEA is ignored.
This is non-standard behaviour, and thusfar undocumented. Use at your
own risk.
|
|
Running fewer jobs in parallel reduces the risk of running out
of memory.
|
|
|
|
We never use the installed Erlang package. Setting the language
to C could also allow us to build on platforms that don't support
the Erlang language (e.g. osx).
|
|
Travis CI: Avoid that builds gets killed for inactivity
|
|
When relaying outgoing requests through transport on a remote node,
terms that were stripped when sending to the transport process weren't
stripped when spawning a process on the remote node.
Also, don't save the request to the process dictionary in a process that
just relays an answer.
|
|
The table has existed forever, to route incoming answers to a waiting
request process: each outgoing request writes to the table, and each
incoming answer reads. This has been seen to suffer from lock contention
at high load however, so this commit moves the routing into the
diameter_peer_fsm processes that are diameter's conduit to transport
processes. The request table is still used for failover detection, but
entries are only written when a watchdog state transitions leaves or
enters state OKAY.
|
|
|
|
* lars/xmerl/compiler_and_dialyzer_warnings/OTP-14212:
[xmerl] Fix compiler and dialyzer warnings
|
|
|
|
'dtlsv1.2' should not be included in MIN_DATAGRAM_SUPPORTED_VERSIONS
as this is the default when crypto does not have sufficient support for
'tlsv1.2' and 'dtlsv1.2'
|
|
Travis CI will kill build jobs that have not produced output for
10 minutes.
The OTP build was never killed because of inactivity before 74796de9c7739
(which started to capture the output in a temporary file). After that
commit, now and then a build would be killed because it did not finish
in 10 minutes.
Update the build script to periodically print a ".", but only if the
size of the log file has changed. That way, if there is a real hanging
during the build, Travis CI will still kill the build.
Alternatives considered: Using travis_wait. Rejected because travis_wait
will extend the build unconditonally, even if the build does not progress
at all.
|
|
AGAIN
* sverker/zlib-option-8/ERL-362/OTP-14254:
erts: Fix typo and clearify warning in zlib docs
|
|
|
|
The new_options_in_accept test is not working yet, however DTLS is still
work in progress and we want to make a progress merge to avoid merge conflicts
with other progress of the ssl application.
|
|
* hasse/dialyzer/fix_warnings/OTP-14177:
dialyzer: Improve a warning
dialyzer: Fix a weird warning
dialyzer: Fix an opaque bug
dialyzer: Minor fix
|
|
|
|
|
|
|
|
* lukas/erts/19.3-doc-fixes:
erts: Clarify process_info(pid(), binary) docs
|
|
Erlang distribution requiers a reliable transport, which udp is not.
Maybe could be interesting later when SCTP support is added to DTLS.
|
|
We need to figure out a good way of knowing if the OpenSSL-"DTLS server" is up.
Some of the code in this commit is attempting this, but it is not really working
yet, and hence only tests where OpenSSL is client are enabled.
|
|
|
|
Change retransmissions timers to use gen_statem state timeouts. We do
not need a retransmission timer in the state connection as data traffic in
DTLS over UDP is not retransmitted. If the last flight before
transitioning into connection is lost, it will be resent when the peer
resends its last flight. This will also make hibernation testing more
straight forward.
We need more adjustments later to handle a reliable DTLS transport
such as SCTP.
|
|
|
|
DTLS does not support stream ciphers and needs diffrent
handling of the "#ssl_socket{}" handle .
|
|
* peppe/common_test/multiply_timetraps/OTP-14210:
Fix multiply/scale_timetraps in testspecs not working
OTP-14210
|