aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2018-08-14Merge branch 'ingela/inets/maint-20/status-501/ERIERL-218/OTP-15215' into ↵Erlang/OTP
maint-20 * ingela/inets/maint-20/status-501/ERIERL-218/OTP-15215: inets: Prepare for release inets: Use status code 501 when no mod_* handles the request # Conflicts: # lib/inets/test/httpd_SUITE.erl # lib/inets/vsn.mk
2018-08-14inets: Prepare for releaseIngela Anderton Andin
2018-08-14inets: Use status code 501 when no mod_* handles the requestIngela Anderton Andin
Conflicts: lib/inets/test/httpd_SUITE.erl
2018-08-09Update release notesErlang/OTP
2018-08-09Update version numbersErlang/OTP
2018-08-09Merge branch 'dgud/mnesia/add_table_copy_ram/OTP-15226' into maint-20Erlang/OTP
* dgud/mnesia/add_table_copy_ram/OTP-15226: Relax add_table_copy restriction
2018-08-09Merge branch 'john/crypto/fix-segfault-on-badarg/OTP-15194/ERL-673' into ↵Erlang/OTP
maint-20 * john/crypto/fix-segfault-on-badarg/OTP-15194/ERL-673: crypto: Fix crash in compute_key(ecdh, ...) on badarg
2018-08-09Merge branch 'ingela/ssl/empty-sni/OTP-15168' into maint-20Erlang/OTP
* ingela/ssl/empty-sni/OTP-15168: ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/ssl/ECC/ERIERL-210/OTP-15203' into maint-20Erlang/OTP
* ingela/ssl/ECC/ERIERL-210/OTP-15203: ssl: Make sure that a correct cipher suite is selected
2018-08-09Merge branch ↵Erlang/OTP
'john/compiler/fix-deterministic-include-paths/OTP-15204/ERL-679' into maint-20 * john/compiler/fix-deterministic-include-paths/OTP-15204/ERL-679: Omit include path debug info for +deterministic builds
2018-08-09Merge branch 'dgud/mnesia/master-nodes/OTP-15221' into maint-20Erlang/OTP
* dgud/mnesia/master-nodes/OTP-15221: Do NOT disc_load from ram_copies when master_node is set
2018-08-09crypto: Fix crash in compute_key(ecdh, ...) on badargJohn Högberg
When term2point was passed a non-binary argument, `my_ecpoint` would be left uninitialized and the cleanup code would free a garbage pointer.
2018-08-09Relax add_table_copy restrictionDan Gudmundsson
Allow to add replicas even if all other replicas are down when the other replicase are not stored on disk.
2018-08-09Omit include path debug info for +deterministic buildsJohn Högberg
Compiling the same file with different include paths resulted in different files with the `+deterministic` flag even if everything but the paths were identical. This was caused by the absolute path of each include directory being unconditionally included in a debug information chunk. This commit fixes this by only including this information in non-deterministic builds.
2018-08-08Do NOT disc_load from ram_copies when master_node is setDan Gudmundsson
Setting master_nodes to a node with ram_copies replica and that node had not loaded the table, could cause it load an empty table, even though (non master) nodes had disc_replicas. This meant that tables where unexpected empty after multiple failures happened. When this happen do not load the table and wait for user to force_load it on some node, preferably with a disk copy.
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-02Prepare releaseErlang/OTP
2018-08-02Fix NIF stack recursion bug and enforce a limitRaimo Niskanen
Fix recursion bug when decoding Constructed value within another value - here the allowed buffer for the recursed decode shall only be the size of the enclosing value, not the whole buffer. Return ASN1_ERROR if BER decode recurses more than about 8 kWords.
2018-07-20Prepare releaseErlang/OTP
2018-07-20Merge branch ↵Erlang/OTP
'ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192' into maint-20 * ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192: inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'sverker/ic/encode-long-buffer-overflow/OTP-15179' into maint-20Erlang/OTP
* sverker/ic/encode-long-buffer-overflow/OTP-15179: ic: Tweak tests to provoke more outbuf reallocations ic: Fix memory leak in oe_ei_decode_wstring ic: Fix correct external format sizes
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-20Merge branch 'ingela/maint-20/chipher-suite-handling/OTP-15178' into maint-20Erlang/OTP
* ingela/maint-20/chipher-suite-handling/OTP-15178: ssl: Prepare for release ssl: Fix test case to only check relevant info for the test ssl: Correct connection_information on ECC-curves ssl: No cipher suite sign restriction in TLS-1.2 ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5 ssl: anon test should use dh or ecdh anon keyexchange ssl: Correct key_usage check ssl: Fix ECDSA key decode clause ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling ssl: Run all test case combinations ssl: Correct ECC suite and DTLS ECC handling
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-17inets: Prepare for releaseIngela Anderton Andin
2018-07-17inets: Improve error handlingIngela Anderton Andin
2018-07-11ic: Tweak tests to provoke more outbuf reallocationsSverker Eriksson
Docs says min _memchunk is 32, so lets use that.
2018-07-11ic: Fix memory leak in oe_ei_decode_wstringSverker Eriksson
2018-07-11ic: Fix correct external format sizesSverker Eriksson
longs, longlongs and wchar were too small on 64-bit which could lead to potential buffer overflow at encoding. __OE_DOUBLESZ__ was too big, probably due to old text format.
2018-07-10ssl: Prepare for releaseIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-07-03kernel: Silence dialyzerSverker Eriksson
2018-07-02ssl: Correct handling of empty server SNI extensionIngela Anderton Andin
2018-06-28Prepare releaseErlang/OTP
2018-06-28Merge branch 'sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160' into maint-20Erlang/OTP
* sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160: ic: Fix buffer overrun bug in oe_ei_encode_atom
2018-06-28Merge branch 'sverker/erl_interface/simultaneous-connect/OTP-15161' into ↵Erlang/OTP
maint-20 * sverker/erl_interface/simultaneous-connect/OTP-15161: erl_interface: Fix simultaneous connection setup
2018-06-28Merge branch 'sverker/kernel/tick-fixes/OTP-15162' into maint-20Erlang/OTP
* sverker/kernel/tick-fixes/OTP-15162: kernel: Fix tick count bug when pending writes kernel: Send tick to hidden node even if pending writes
2018-06-28kernel: Fix tick count bug when pending writesSverker Eriksson
2018-06-28kernel: Send tick to hidden node even if pending writesSverker Eriksson
as c-nodes need ticks to send ticks.
2018-06-28ic: Fix buffer overrun bug in oe_ei_encode_atomSverker Eriksson
bug exists since OTP-20.3.4 1d3acb70debd134c8346b7e98347171d5cf6fc62
2018-06-21Prepare releaseErlang/OTP