| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
maint-19
* kellymclaughlin/crypto/aes_cfb_128/PR-1393/OTP-14313:
Fix bug with AES CFB 128
Demonstrate the bug with AES CFB 128 encryption
|
|
into maint-19
* voltone/inets/httpc_redirect_normalize_host/PR-1381/OTP-14301:
Omit port from Host header on redirect to well-known port
|
|
* ingela/maint-19/active-once/ERL-371/OTP-14300:
ssl: Prepare for release
ssl: Avoid data loss in active once
|
|
* hans/ssh/daemon_info_crash_ip/OTP-14298:
ssh: fixed crash in ssh:daemon_info
|
|
Fix a bug with the use of the aes_cfb128 cipher by calling the correct
underlying openssl interface function when the cipher is specified.
|
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|
|
|
|
Emulate active once in such a way that data recived by the TLS
connection process, but not fetch via active once option
by the user, can be delivered at next active once before final close.
|
|
|
|
ERL-316, as part of 19.3, adds the port number to the Host header
upon automatic redirection. The port number is included even if it
is a well-known port (80, 443). This is different from the
behaviour of most HTTP clients, as well as httpc's own for new
requests.
The added port number can lead to problems such as this one, where
the request signature assumes the client will not send the :443
suffix on redirection to an https URL:
https://github.com/nerves-project/nerves/issues/96
I was unable to add a test case, since that would require a server
on a well-known port, but I manually verified that the GitHub/S3
signing issue was indeed resolved with this patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* siri/appups-19.3:
Update appups in kernel and stdlib for OTP-19.3
|
|
* anders/diameter/capx_strictness/OTP-14257:
Add transport_opt() capx_strictness
|
|
|
|
* anders/diameter/19.3/OTP-14252:
vsn -> 1.12.2
Update appup for 19.3
|
|
* anders/diameter/19.2/failover/OTP-14206:
Avoid sending large terms between nodes unnecessarily
Don't use request table for answer routing
Fix/redo failover optimization
|
|
* ingela/ssl/next-maint-version:
ssl: Version update
|
|
* ingela/ssl/dtls-cont:
dtls: Only test this for TLS for now
dtls: Avoid mixup of protocol to test
dtls: 'dtlsv1.2' corresponds to 'tlsv1.2'
dtls: Correct dialyzer spec and postpone inclusion of test
dtls: Erlang distribution over DTLS is not supported
dtls: Enable some DTLS tests in ssl_to_openssl_SUITE
dtls: Enable DTLS test in ssl_certificate_verify_SUITE
dtls: Hibernation and retransmit timers
dtls: Make sure retransmission timers are run
dtls: DTLS specific handling of socket and ciphers
|
|
We want to avoid failing test cases but still be able to merge
DTLS progress for 19.3
|
|
To allow the Peer State Machine requirement that only the expected
capabilities exchange message be received in the relevant state to be
relaxed. If {capx_strictness, false} is configured then anything bu the
expected CER/CEA is ignored.
This is non-standard behaviour, and thusfar undocumented. Use at your
own risk.
|
|
When relaying outgoing requests through transport on a remote node,
terms that were stripped when sending to the transport process weren't
stripped when spawning a process on the remote node.
Also, don't save the request to the process dictionary in a process that
just relays an answer.
|
|
The table has existed forever, to route incoming answers to a waiting
request process: each outgoing request writes to the table, and each
incoming answer reads. This has been seen to suffer from lock contention
at high load however, so this commit moves the routing into the
diameter_peer_fsm processes that are diameter's conduit to transport
processes. The request table is still used for failover detection, but
entries are only written when a watchdog state transitions leaves or
enters state OKAY.
|
|
|
|
|
|
'dtlsv1.2' should not be included in MIN_DATAGRAM_SUPPORTED_VERSIONS
as this is the default when crypto does not have sufficient support for
'tlsv1.2' and 'dtlsv1.2'
|
|
The new_options_in_accept test is not working yet, however DTLS is still
work in progress and we want to make a progress merge to avoid merge conflicts
with other progress of the ssl application.
|
|
* hasse/dialyzer/fix_warnings/OTP-14177:
dialyzer: Improve a warning
dialyzer: Fix a weird warning
dialyzer: Fix an opaque bug
dialyzer: Minor fix
|
|
Erlang distribution requiers a reliable transport, which udp is not.
Maybe could be interesting later when SCTP support is added to DTLS.
|
|
We need to figure out a good way of knowing if the OpenSSL-"DTLS server" is up.
Some of the code in this commit is attempting this, but it is not really working
yet, and hence only tests where OpenSSL is client are enabled.
|
|
|
|
Change retransmissions timers to use gen_statem state timeouts. We do
not need a retransmission timer in the state connection as data traffic in
DTLS over UDP is not retransmitted. If the last flight before
transitioning into connection is lost, it will be resent when the peer
resends its last flight. This will also make hibernation testing more
straight forward.
We need more adjustments later to handle a reliable DTLS transport
such as SCTP.
|
|
|
|
DTLS does not support stream ciphers and needs diffrent
handling of the "#ssl_socket{}" handle .
|
|
* peppe/common_test/multiply_timetraps/OTP-14210:
Fix multiply/scale_timetraps in testspecs not working
OTP-14210
|
|
* siri/ct_hooks/callbacks-on-skip/OTP-10599:
[ct] Update built-in ct hooks with new Suite parameter
[cth_surefire] Handle skips from test spec
[ct] Remove excessive skipped/failed tag in hook function
[ct] Send tc_start event on force_stop and failed sequence
[ct] Correctly handle process died in init and end_per_testcase
[ct] Fix faulty hook callbacks for skipped tests
Add dummy end_per_suite/1
[ct] Fix hooks and fail when one of init/end_per_* does not exit
[ct] Add Suite argument to hook callback functions
[ct] Fix function_clause in ct_framework when hook function crashes
|
|
|
|
OTP-14206 fix 19.1 failover blunder, use diameter_request less
|
|
Use a portable way to lookup the home directory
|
|
* raimo/kernel/gen_statem-progress/OTP-14114:
Make code_change/4 optional
Implement fallback for terminate/3
Clarify code_change and callback mode change
Stop pampering with stacktraces
Clean up timer handling
Remove event timer optimization
Clean up timer handling
Reduce number of loop variables hence code mass
Optimize by using async cancel_timer
Bugfix: callback mode not cached after code change
Implement repeat_state and repeat_state_and_data
Correct type checking function for action {next_event,,}
Change arity of type to init_result/1
|
|
In the xref example, use init:get_argument(home) to find the
location of the home directory.
|
|
Use init:get_argument(home) to find the location of the home
directory. That will work on all platforms (including Windows).
Note that the run-time system will fail to start if HOME
(or the equivalent on Windows) is not set. Therefore, it can
be assumed that init:get_argument(home) will not fail.
ERL-161
|
