Age | Commit message (Collapse) | Author |
|
The encoder wrongly assumed that a known multiplier string (such as
IA5String) encoded as exactly 16 bits did not need to be aligned to an
octet boundary. X.691 (07/2002) 27.5.7 says that it does. Since an
OCTET STRING encoded to 16 bits (two octets) should not be aligned to
an octet boundary, that means that asnct_imm:dec_string() needs an
additional parameter to determine whether a string of a given length
needs to be aligned.
Furthermore, there is another subtle rule difference: An OCTET STRING
which does not have fixed length is always aligned (in PER), but
a known multiplier string is aligned if its upper bound is greater
than or equal to 16.
In encoding, make sure that short known multiplier strings and
OCTET STRINGs with extensible sizes are not aligned when they are
below the appropriate limit.
|
|
Given the type:
S ::= IA5String (SIZE (5, ...))
attempting to encode (to PER/UPER) a string shorter than 5 characters
would fail. Similarly, attempting to decode such string in the BER
format would fail.
In the case of BER, we can do no range checks if the size constraint
is extensible.
|
|
Consider a type with a size constraint with an extension marker
such as:
S ::= OCTET STRING (SIZE (0..10, ...))
For a length outside the root range (e.g. 42), the PER/UPER encoder
will encode the length field in the same way as it would the type
INTEGER (0..MAX) (i.e., as semi-constrained whole number), while the
decoder would decode the length in the same way as length field
without any constraint.
Clearly, either the encoder or the decoder is wrong. But which one?
Dubuisson's [1] book (page 442) says that the length should be encoded
as a semi-constrained whole number if the length is outside the root
range.
The X.691 standard document [2] also says (e.g. in 15.11) that length
fields should be a semi-constrained number, but gives a reference
to section gives a reference to section 10.9, "General rules for encoding
a length determinant", and not to to 10.7, "Encoding of a
semi-constrained whole number".
Reading the standard that way should imply that a length outside the
root range should be encoded in the same way as an unconstrained
length, and that the decoder does the right thing.
Further support for that interpretation:
- Larmouth's book [3], page 303.
- The ASN.1 playground. [4]
References:
[1] http://www.oss.com/asn1/resources/books-whitepapers-pubs/dubuisson-asn1-book.PDF
[2] http://www.itu.int/ITU-T/studygroups/com17/languages/X.691-0207.pdf
[3] http://www.oss.com/asn1/resources/books-whitepapers-pubs/larmouth-asn1-book.pdf
[4] http://asn1-playground.oss.com
|
|
For what seems to be historical reasons,
asn1_rtt_per:encode_octet_string/3 has an ExtensionMarker argument
that is no longer used. The extension mark (if any) is included in the
constraints argument.
|
|
|
|
The compiler would crash when given code such as the following:
Type ::= INTEGER (lower<..<upper)
lower INTEGER ::= 0
lower INTEGER ::= 42
|
|
The record #constraint{} is almost unused outside of the parser
except for two places in asn1ct_check.
The only correct usage of the record is in instance_of_constraints/2.
Eliminate that usage by updating the parser to pass that constraint
in the same way as all other constraints.
In check_integer_range/2, the record is used incorrectly. A
constraint for an integer will never be a list of #constraint{}
records. Therefore, the list comprehension will always produce
an empty list, and check_constr/2 will not actually check anything
(which is kind of lucky, since the 'ValueRange' range constraint
is incorrectly written - the lower and upper bounds should be in
a tuple).
For now, we will not attempt to actually start validating integer
ranges. Firstly (obviously) we will need to be sure that we
correctly handles all forms of constraints, and secondly we will
need to consider whether we need to produce a warning rather than an
error for compatibility reasons.
|
|
|
|
|
|
The record #typereference{} is only used internally within
the asn1ct_parser2 module (the parser translates it to
an #'Externaltypereference{} record).
|
|
The only code that is really different between the PER
and UPER backends is encoding of primitive types.
|
|
|
|
|
|
The wrong backend was used.
|
|
|
|
|
|
|
|
Improve readability and maintainability.
|
|
Optimize the decoding of CHOICE. Most important is to inline decoding
of the extension bit (if present) and decoding of the choice index
to give the BEAM compiler more opportunities for optimization.
We will also change the structure of the generated code. The current
code uses a flattened case for both the root and extension alternatives:
case Choice + NumRootChoices * Ext of
%% Root alternatives.
0 - ...;
:
LastRootAlternative -> ...;
%% Extension alternatives.
LastRootAlternative+1 -> ...;
:
%% Unknown extension.
_ -> ...;
end
We will instead generate nested cases:
case Ext of
0 ->
case Choice of
%% Root alternatives.
0 - ...;
:
LastRootAlternative -> ...
end;
1 ->
%% Extension alternatives.
<Decode the open type here>
case Choice of
0 -> ...;
:
LastExtensionAlternative -> ...;
%% Unknown extension.
_ -> ...;
end
end
Nested cases should be slightly faster. For decoding of the extensions,
it also makes it possible to hoist the decoding of the open type up
from each case to before the case switching on the extension index,
thus reducing the size of the generated code.
We will also do another change to the structure. Currently, the
big flat clase is wrapped in code that repackages the return values:
{Alt,{Value,RemainingEncodedData}} =
case Choice + NumRootChoices * Ext of
:
end,
{{Value,Alt},RemainingEncodedData}.
We still need to do the repackaging, but we can push it down to
the case arm for decoding each alternative. In many cases, that
will give the BEAM compiler the opportunity to avoid building the
temporary tuples.
|
|
We will need more explicit control of decoding of open types for
CHOICEs, so refactor the gen_dec_line() and gen_dec_line_imm()
to break out the decoding of the open types.
Note that gen_dec_line_special() will not generate correct code
if Ext =/= noext; thus, we can eliminate the Ext parameter.
|
|
gen_dec_choice2() is unnecessarily complicated. Code is duplicated
merely to avoid outputting a ";" separator after the last item,
and there is code to skip extensionmarks that are never actually
present.
While at it, eliminate the the wrap_gen_dec_line() function which is
not needed. It puts a {component_type,C} key in the process
dictionary, but that is actually never used. Besides that, it only
shuffles the argument.
|
|
gen_enc_choice2() duplicates code merely to avoid outputting a ";"
separator after the last item.
|
|
Ensure that asn1ct_name:start/0 will call asn1ct_name:clear/0 if the
name server process is already running so that we can be sure that
the variables are cleared.
|
|
active/1 always returned 'true' (curr(Var) can never return 'nil',
except if Var =:= 'nil'). Therefore, we can eliminate its use and
remove it.
|
|
clean/1 is used quite lot; while not a bottleneck it does seem
unnecessary to stop and start the name server just to clear the
variables.
Since the change to clean/1 makes stop/1 unused, we can remove it.
|
|
Since new/1 does not return any useful value and cannot fail, there
is no reason to wait for a response from the name server process.
|
|
|
|
Since we no longer need to support push/1 and pop/1, we can simplify
the data structures used for keeping track of the variables.
Each entry in the list can be simply {Var,integer()} instead of
{Var,[integer()]}.
While at it, eliminate calls to the obsolete lists:keysearch/3
function, don't use integer_to_list/0 within a call to lists:concat/1,
and the catch all clause in get_prev/2 and get_next/2.
|
|
asn1ct_name:delete/1 is used from asn1ct_gen_ber_bin_v2:add_removed_bytes/1,
but that function is not used.
|
|
* sla/odbc_in_non_standard_location/OTP-11126:
Fix checking for odbc in standard locations when "with-odbc" flag present.
|
|
* anders/diameter/watchdog_function_clause/OTP-11115:
Fix watchdog function_clause
|
|
* anders/diameter/missed_5001/OTP-11087:
Remove redundant integer type specifiers from binaries
Fix recognition of 5001 on mandatory AVP's
|
|
* anders/diameter/avp_decode/OTP-11007:
Detect all 5005 (MISSING_AVP) errors and don't reverse errors
Adapt Failed-AVP setting to RFC 6733
Add spec to diameter_codec
Add spec to diameter_gen
Fix recognition of 5014 (INVALID_AVP_LENGTH) errors
Ensure setting Failed-AVP is appropriate
Correct AVP Length error testcases
|
|
* anders/diameter/avp_length_failure/OTP-11026:
Fix decode failure when AVP Length < 8
|
|
* md/httpc-stream-once-fix/OTP-11122:
Remove http_chunk:decode/4 as it is no longer used
Fix {stream, {self, once}} in httpc
|
|
|
|
An AVP setting the M-bit was not regarded as erroneous if it was defined
in the dictionary in question and its container (message or Grouped AVP)
had an 'AVP' field. It's now regarded as a 5001 error (AVP_UNSUPPORTED),
as in the case that the AVP is not defined.
|
|
* bjorn/stdlib/improve-ls/OTP-11108:
Teach c:ls/1 to show non-directory files
|
|
* anders/diameter/timetraps/OTP-10914:
Add examples testcase to help identify timetrap failures
Minor traffic suite fix
Add gen_tcp suite
Lighten up on suite timetraps
Add more information to traffic suite timeout failures
|
|
* avi/fix-os-cmd-win/OTP-11104:
Add testcase to exported
Added primary bootstrap for os.beam
kernel: redefined deep_list_command test
Remove unnecessary whitespaces in os.erl and os_SUITE.erl
Fix deep list argument error under Windows in os:cmd/1
|
|
* ia/ssl/public_key/crypto/elliptic_curve/OTP-11009: (21 commits)
ssl: Do not advertise EC ciphers if crypto support is insufficient
crypto: Ctify tests and test new API
crypto: Allow integer as srp_private arguments according to docs
ssl: Remove unused `srp_parameters` type spec
crypto, public_key & ssl: Make more functions accept integer keys
snmp: Remove use of deprecated crypto functions
crypto,ssh, netconf, inets: binary_to_integer -> bytes_to_integer
netconf: Remove use of deprecated crypto functions
crypto: Documentation fixes from review
crypto: Change argument order of crypto:next_iv/3
crypto,public_key,ssl: Change return value of crypto:generate_key(ecdh,..)
ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0
ssl, public_key & inets: Remove use of deprecated crypto functions from test code
ssl: Remove use of deprecated crypto functions
public_key: Remove use of deprecated crypto functions
dialyzer: Remove use of deprecated crypto functions
ssh & crypto: Remove use of deprecated crypto functions from ssh
Update primary bootstrap
common_test: Replace use of deprecated crypto functions
beam_lib, compile: Replace use of deprecated crypto functions
...
|
|
|
|
Commit 0b7c87dc caused diameter_watchdog:restart/2 to start returning
'stop', so that a watchdog process for a listening transport that
allowed multiple connections to the same peer would die one watchdog
timeout after losing a connection. The new return value was supposed to
be passed up to transition/2, but was instead passed to set_watchdog/1,
resulting in a function_clause error. The resulting crash was harmless
but unseemly.
Not detected by dialyzer.
Thanks to Aleksander Nycz.
|
|
Also fix bugs found by new tests
|
|
* siri/ct_telnet/no-more-after-timetrap/OTP-10648:
[common_test] Unregister connection if killed
|
|
|
|
As the file 'lib/ssl/src/ssl_srp_primes.hrl' only contains a
specification of a `srp_parameters` type that isn't exported and also
isn't referenced anywhere (neither in the code nor in the
documentation), the type specification (and hence the file as well) can
be removed.
|
|
|
|
|
|
The symptom of this bug was that a (named) telnet connection which was
open and hanging during a timetrap timeout could no longer be opened
again in subsequent test cases.
Since the connection was hanging, ct_telnet:close/1 which was called
during end_per_testcase would fail (timeout) and cause common_test to
brutally kill the connection. The bug was that the connection was not
unregistered at this point. When trying to open the connection again
in the next testcase, common_test attempted to reuse the same
connection since it had not been unregistered. This failed since the
connection in fact was dead.
|