| Age | Commit message (Collapse) | Author |
|---|
|
Validate peer certificate against supported signature algorithms.
Send 'Hanshake Failure' Alert if signature algorithm is not
supported by the server.
Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
|
|
Report the role of the peer when logging incoming Alerts.
Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
|
|
Split get_handshake_context/2 into two functions. The new
get_handshake_context_cv/2 returns the context for the
verification of CertificateVerify.
Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
|
|
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
|
|
Verify if the signature algorithm used in the signature of
CertificateVerify is one of those present in the
supported_signature_algorithms field of the "signature_algorithms"
extension in the CertificateRequest message.
Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
|
|
Verify CertificateVerify message against the handshake context and
the public key provided by the Certificate message.
Remove 'Context' argument from state handler functions and store
data in the state variable.
Refactor get_handshake_context/1 to cover all implemented cases.
Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
|
|
Change-Id: I09c0501ea790941001b11a3f6d12a96f18da2bea
|
|
Implement validation of client certificates in state
'wait_cert'.
Implement state 'wait_cv'.
Clean up handler functions.
Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
|
|
Test client authentication when client responds with empty
Certificate.
Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
|
|
Implement state 'wait_cert' with its handler function
do_wait_cert/2.
Send CertificateRequest if peer verification is enabled.
Send Alert 'certificate required' if client answers with empty
Certificate and option 'fail_if_no_peer_cert' is set to true.
Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
|
|
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
|
|
Add missing alert to description_atom/1.
Function clauses ordered by value of the alert.
Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
|
|
* peterdmv/ssl/hello-retry-request/OTP-15590:
ssl: Fix type spec for handshake_history()
ssl: Add tests for hello_retry_request and groups
ssl: Implement 'hello_retry_request'
Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
|
|
|
|
* sverker/erl_docgen/prettify-cfunc-docs/OTP-15637:
erl_docgen: Prettify c-function argument lists
erl_docgen: Indent c-function line continuations
|
|
* maint:
Set early enough start time
inet_db: fix a bug when .hosts file is never reloaded
|
|
* inet_db-startup-fix:
Set early enough start time
inet_db: fix a bug when .hosts file is never reloaded
|
|
Adhering to the review in GitHub PR #2066:
The start time should be set so the resolver file can get
re-read as soon as possible to not get the whole timeout time
before detecting that the resolver file has been created.
|
|
* maint:
stdlib: Optimize calendar:system_time_to_rfc3339()
|
|
* hasse/stdlib/optimize_calendar_rfc3339/OTP-15630:
stdlib: Optimize calendar:system_time_to_rfc3339()
|
|
|
|
* siri/logger/os-timestamp/OTP-15625:
Update preloaded
[logger] Change timestamp from erlang:system_time to os:system_time
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
Rewords one sentence in common_test documentation
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
|
|
Add application:set_env/1 and application:set_env/2
OTP-15642
|
|
Move size=all binary clause pruning to v3_kernel
|
|
Tune BEAM instructions for the new compiler (part 1)
|
|
Optimize the beam_ssa_dead sub pass
|
|
It is equivalent to calling application:set_env/4 on
each application individually, except it is more efficient.
When given duplicate apps or duplicate keys, set_env/1
and set_env/2 will warn. The warning will also be emitted
during boot:
$ erl -config dupkeys.config -s erlang halt
2019-02-27 11:16:02.653100 application: kernel; duplicate parameter: key1
=WARNING REPORT==== 27-Feb-2019::11:16:02.653100 ===
application: kernel; duplicate parameter: key1
$ erl -config dupapps.config -s erlang halt
2019-02-27 11:16:02.653100 duplicate application config: kernel
=WARNING REPORT==== 27-Feb-2019::11:16:02.653100 ===
duplicate application config: kernel
Prior to this patch, the behaviour was unspecified,
and duplicate keys and duplicate apps would behave
different depending on the amount of config, the name
of the config files, and how those configs would be
listed. The goal is to raise an error in the future.
|
|
The advantage of moving it up is that it reduces the
size of the code emitted by v3_kernel, speeding
v3_kernel itself and beam_kernel_to_ssa pass.
|
|
Prior to this patch, v3_kernel would do multiple
passes on the clauses to group them. This commit
unrolls those passes, making v3_kernel up to 10%
faster in those cases.
|
|
|
|
This is cleaner and slightly faster.
|
|
The general complexity of the shortcut sub pass of `beam_ssa_dead` is
quadratic, but those optimizations will reduce the constant factor
somewhat.
|
|
Refactor the code to avoid putting any variable from a skippable block
into the set of unset variables. Keeping the set of unset variables as
small as possible will make beam_ssa_dead almost twice as fast when
compiling lib/unicode/tokenizer.ex in elixir.
|
|
handshake_history() was specified as {[binary()], [binary[]]},
although its real type was {iodata(), iodata()}, dialyzer did
not give a warning until a new function matched out an element
of handshake_history and used it as input data for crypto:hash/2.
Change-Id: I60660e7296a52bf69bd7198a4cffee8338907726
|
|
* hans/crypto/bad_ret_fips/master/OTP-15634:
crypto: Fix FIPS mode
|
|
* hans/crypto/bad_ret_fips/OTP-15634:
crypto: Fix bad return value for aes_cfb8 and aes_cfb128 if FIPS_SUPPORT
crypto: Fix bad return code for eddsa if FIPS_SUPPORT
|
|
* bjorn/cuddle-with-tests:
Fix failing test case binary_module_SUITE:copy/1
Fix failing test case qlc_SUITE:lookup2/1
|
|
Consider this code:
foo(X) ->
case X of
{ok,A} -> A;
error -> X
end.
The `is_tagged_tuple` instruction would not be used
because not all instructions in the tuple matching
sequence had the same failure label:
function t:foo(_0) {
0:
@ssa_bool:7 = bif:is_tuple _0
br @ssa_bool:7, label 8, label 4
8:
@ssa_arity = bif:tuple_size _0
@ssa_bool:9 = bif:'=:=' @ssa_arity, literal 2
br @ssa_bool:9, label 6, label 3
6:
_4 = get_tuple_element _0, literal 0
@ssa_bool = bif:'=:=' _4, literal ok
br @ssa_bool, label 5, label 3
5:
_3 = get_tuple_element _0, literal 1
ret _3
4:
@ssa_bool:11 = bif:'=:=' _0, literal error
br @ssa_bool:11, label 10, label 3
10:
ret _0
3:
_2 = put_tuple literal case_clause, _0
%% t.erl:5
@ssa_ret:12 = call remote (literal erlang):(literal error)/1, _2
ret @ssa_ret:12
}
Enhance the ssa_opt_record optimization to use
`is_tagged_tuple` even if all failure labels are not the
same:
function t:foo(_0) {
0:
@ssa_bool:7 = bif:is_tuple _0
br @ssa_bool:7, label 8, label 4
8:
@ssa_bool:9 = is_tagged_tuple _0, literal 2, literal ok
br @ssa_bool:9, label 6, label 3
6:
_3 = get_tuple_element _0, literal 1
ret _3
4:
@ssa_bool:11 = bif:'=:=' _0, literal error
br @ssa_bool:11, label 10, label 3
10:
ret _0
3:
_2 = put_tuple literal case_clause, _0
%% t.erl:5
@ssa_ret:12 = call remote (literal erlang):(literal error)/1, _2
ret @ssa_ret:12
}
The tuple test will be repeated, but since four instructions
are replaced by two instructions, the code will still be faster
and smaller.
|
|
|
|
* john/compiler/refactor-validator-type-management:
beam_validator: Clarify a comment
beam_validator: Make call argument validation stricter
beam_validator: Don't explode when building terms in receive
beam_validator: Improve 'binary' type tracking
beam_validator: Infer tuple element types
beam_validator: Tolerate the 'receive' hack in prim_eval
beam_validator: Track types by value rather than by register
beam_validator: Disregard 'none' on join
beam_validator: Handle is_number, and join(float,int) -> number
beam_validator: Treat is_nil as is_eq_exact with nil
beam_validator: Simplify get_element_type
beam_validator: Fix literal handling in meet/2
beam_validator: Use literals as keys in container (tuple) elements
beam_validator: Refactor try/catch handling, again
beam_validator: Refactor register initialization
beam_validator: Refactor stack allocation
beam_validator: Handle argument/return types for more functions
beam_validator: Don't forget last element when using put_tuple
beam_jump: Fail label of select_val is unsafe for move elimination
cerl_sets: Use maps:filter/2 in filter/2
|
|
|
|
There were some bad values returned if FIPS mode was enabled. The exclusion of
algorithms were not completly correct either.
|
|
* maint:
crypto: Remove assertion
crypto: Fail if FIPS mode is present but can't be enabled
crypto: Remove blowfish_SUITE.
crypto: Update crypto_SUITE checking of FIPS
|
|
This is not needed any more
|
|
|
|
The tests are a subset of the newer and larger crypto_SUITE.
|
