| Age | Commit message (Collapse) | Author |
|---|
|
* john/erts/improve-list-reverse-trapping/OTP-15199:
Improve trapping in lists:reverse/2
Fix unsafe use of lists:reverse/1
|
|
* rickard/conf-pgo/OTP-15282:
Fix PGO configure test
|
|
* hans/crypto/aes_ccm/OTP-15286:
crypto: Fix no_aead test
crypto: Document AES_CCM and fix errors in User's Guide The sizes in the Algorithms chapter for aes_gcm was wrong or incomplete.
crypto: AES_CCM test case
crypto: All aes_ccm vectors (including unused) This directory contains all aes_ccm vectors. However, effort is needed to include them in the test suite so they are left for later.
crypto: Add AES_CCM crypto Will be increase interoperability of future SSL application versions.
crypto: Generalize aes_gcm_(de|en)crypt nifs
|
|
* hans/crypto/rsassa_pss/OTP-15260:
crypto: Add forgotten #ifdef MAY prevent compilation errors if the symbol is configured to not be defined in an OpenSSL version where it exists by default.
crypto: Change condition for RSA_PKCS1_PSS Trubble on a couple of cross-building machines
crypto: RSA options list disclaimer in documentation for crypto:supports/0 The final appearence of the rs_opts entry is still not completly decided.
crypto: Add 'rsa_opts' to crypto:supports/0 Needed in future versions of the SSL application.
|
|
|
|
The sizes in the Algorithms chapter for aes_gcm was wrong or incomplete.
|
|
|
|
This directory contains all aes_ccm vectors. However, effort is needed
to include them in the test suite so they are left for later.
The aes_ccm cipher is already covered by the vectors in crypt_SUITE_data
Source: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program
|
|
Will be increase interoperability of future SSL application versions.
|
|
The EVP_CIPHER_CTX interface aims at enabling using the same code for many
ciphers. Since we are going to add aes_ccm which is similar to aes_gcm,
this commit is a preparation.
It creates the aead_(de|en)crypt nifs and removes the old ones.
|
|
MAY prevent compilation errors if the symbol is configured to not be defined in an OpenSSL version where it exists by default.
|
|
Trubble on a couple of cross-building machines
|
|
The final appearence of the rs_opts entry is still not completly decided.
|
|
Needed in future versions of the SSL application.
|
|
* hasse/syntax_tools/fix_revert/OTP-15294:
erts: Add comment about [] and nil() to The Abstract Format
syntax_tools: Correct erl_syntax:revert/1
|
|
|
|
|
|
* hans/crypto/doc/OTP-15134:
ssh: Use exported crypto types
public_key: Generate refman from types and specs
public_key: Rework -type and -spec Check existing specs with code and documentation and adjust. Prepare for doc generation
public_key: Setup for doc generation
public_key: Remove special type signature for one test
crypto: Add missing documentation for enable_fips_mode/1
crypto: Generate refman from types and specs and fix links in engine chapter for generated crypto module refman
crypto: Rework -type and -spec Check code and documentation and write -type/-spec or adjust existing. Prepare for doc generation
crypto: Setup for doc generation
crypto: A user's guide chapter on algorithm details Such as keylengths, blocksizes and IV lengths are hard to find otherwise
|
|
|
|
|
|
Check existing specs with code and documentation and adjust. Prepare for doc generation
|
|
|
|
|
|
|
|
and fix links in engine chapter for generated crypto module refman
|
|
Check code and documentation and write -type/-spec or adjust existing. Prepare for doc generation
|
|
|
|
Such as keylengths, blocksizes and IV lengths are hard to find otherwise
Conflicts:
lib/crypto/doc/src/crypto.xml
|
|
If the process had more free space than reductions it could run a
lot longer than it was supposed to. It didn't honor the number of
reductions going in either, nor did it bump reductions when
returning its result or erroring out.
This commit also removes this function from a work function in
scheduler_SUITE as it's extremely sensitive to the number of
reductions spent in the test, causing
equal_and_high_with_part_time_max to fail on some machines.
|
|
We said reverse/2 but used reverse/1 which is unsafe to use in
preloaded modules. This didn't have any effect in practice as the
affected functions weren't used before the code server was started,
but it's still an error.
|
|
* maint-21:
Updated OTP version
Update release notes
Update version numbers
erts: Fix "Prevent inconsistent node lists" fix
Fix include-path regression caused by dd0a39c
Restore default SIGTERM behaviour for port programs
|
|
|
|
maint
* hasse/syntax_tools/fix_stacktrace_var/OTP-15291/ERL-719:
syntax_tools: Correct unfolding of the stacktrace variable
|
|
revert/1 did not handle the types tuple() and map() correctly.
|
|
'ingela/ssl/unorded-or-incomplete-cert-chain/OTP-12983/OTP-15060' into maint
* ingela/ssl/unorded-or-incomplete-cert-chain/OTP-12983/OTP-15060:
ssl: Handle incomplete and unorded chains
|
|
If the peer sends an incomplete chain that we can reconstruct with
our known CA-certs it will be accepted.
We will assume that the peer honors the protocol and sends an orded
chain, however if validation fails we will try to order the chain in
case it was unorded. Will also handle that extraneous cert where present.
See Note form RFC 8446
Note: Prior to TLS 1.3, "certificate_list" ordering required each
certificate to certify the one immediately preceding it; however,
some implementations allowed some flexibility. Servers sometimes
send both a current and deprecated intermediate for transitional
purposes, and others are simply configured incorrectly, but these
cases can nonetheless be validated properly. For maximum
compatibility, all implementations SHOULD be prepared to handle
potentially extraneous certificates and arbitrary orderings from any
TLS version, with the exception of the end-entity certificate which
MUST be first.
|
|
* hans/crypto/valgrind:
crypto: Fix valgrind error
|
|
|
|
* anders/diameter/21.1/OTP-15202:
vsn -> 2.1.6
Update appup for 21.1
|
|
* anders/diameter/dpr/OTP-15198:
Fix function_clause when sending a request after an outgoing DPA
|
|
|
|
|
|
|
|
into maint-21
* sverker/erts/fix-aborted-pending-connection-race/OTP-15296:
erts: Fix "Prevent inconsistent node lists" fix
|
|
maint-21
* john/compiler/fix-rebar-recompiles-maint-21/OTP-15292:
Fix include-path regression caused by dd0a39c
|
|
* rickard/port-prog-sigterm-fix/OTP-15289:
Restore default SIGTERM behaviour for port programs
|
|
done in a31216200bdee2c04b3fb3ae5e26607674715c8a
that could cause a new pending connection to be incorrectly aborted.
|
|
* hans/crypto/x25519_x448/OTP-15240:
crypto: Remove 'experimental' comments for ecdh
|
|
* ingela/ssl/psk-correction/OTP-15285:
ssl: Correct handling of all PSK cipher suites
|
|
Before only some PSK suites would be correctly negotiated and most PSK
ciphers suites would fail the connection.
PSK cipher suites are anonymous in the sense that they do not use
certificates except for rsa_psk.
|
