| Age | Commit message (Collapse) | Author |
|---|
|
The option 'signature_algs_cert' is not set by default.
Change-Id: Ib87cedc5e48b3ac7a36a30bc7caa08d3193f12fa
|
|
Update default hash algorithm (md5 -> sha1) used for generating
the server and CA certificates.
Default support for md5 has been removed for TLS 1.2 and OTP-15248
introduced a check for the whole {hash, signature} algorithm pair
as defined by RFC5246.
Change-Id: I964914914f522c10ef11c8c7c72bb9e4a0c38010
|
|
Change-Id: Ie60b2a2651ea975cebd0ccf0c7e2953f89986463
|
|
Change-Id: Ifb933d1bad647b941b7324c0712a7bc20ae74efa
|
|
Implement handling of the signature algorithms extension described by
RFC 8446. This commit updates the behavior of legacy TLS versions to
align them with RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2).
- TLS 1.0/1.1 clients validate the client certificate against the
certificate_type field of the CertificateRequest message.
- TLS 1.2 client verifies the hash/signature algorithm pair of the
client certificate when processing a CertificateRequest. Old
behavior only checked the signature algorithms.
- TLS 1.2 server verifies that the server certificate is signed by
a hash/signature algorithm pair that appears in the
"singature_algorithms" or "signature_algorithms_cert" (RFC 8446)
extensions of the ClientHello.
Change-Id: I3e0a0d7408984f5e5b1233968934fe34d64eb2b7
|
|
Add documentation to the ssl option "signature_algs_cert"
introduced by TLS 1.3. The client/server will send a
"signature_algorithms_cert" extension, if TLS 1.3 or later
is used.
Change-Id: I17d612f311a1deef7e29473c3998e7f99fa56f02
|
|
* ingela/ssl/extensions-and-TLS-1.3-handshaking:
ssl: Correct extension decoding and dialyzer spec
ssl: Generalize extensions handling
|
|
|
|
|
|
Rewrite BSM optimizations in the new SSA-based intermediate format
|
|
|
|
This has been superseded by bs_get_tail/3. Note that it is NOT
removed from the emulator or beam_disasm, as old modules are still
legal.
|
|
Remove the variable aliasing support that was needed for the
old beam_bsm pass.
|
|
|
|
The beam_ssa_bsm pass welds chained matches together, but the match
expressions themselves are unchanged and if there's a tail
alignment check it will be done each time. This subpass figures out
the checks we've already done and deletes the redundant ones.
|
|
This commit improves the bit-syntax match optimization pass,
leveraging the new SSA intermediate format to perform much more
aggressive optimizations. Some highlights:
* Watch contexts can be reused even after being passed to a
function or being used in a try block.
* Sub-binaries are no longer eagerly extracted, making it far
easier to keep "happy paths" free from binary creation.
* Trivial wrapper functions no longer disable context reuse.
|
|
As TLS 1.3 introduces more extensions in other places than in hello messages
we like to have generalize extension handling encode/decode with some
hello wrappers.
Also extend property tests of handshake encod/decode
|
|
|
|
jhogberg/john/compiler/validator-aliased-type-fixes/ERL-735
beam_validator: Use set_aliased_type in more operations
|
|
The following code broke because aliases weren't tracked for hd/1:
bug(Bool) ->
Bug = remote:call(),
if
Bool -> %% Branch of some kind.
_ = hd(Bug),
remote:call(),
hd(Bug)
end.
Related to 1f221b27f1336e747f7409692f260055dd3ddf79
|
|
fix for ppc64le / add travis test for ppc64le
OTP-15313
|
|
|
|
|
|
|
|
|
|
|
|
get_anno/3: as get_anno but with a default value
definitions/1-2: returns a map of variable definitions (#b_set{})
uses/1-2: returns a map of all uses of a given variable
mapfold_blocks_rpo/4: mapfolds over blocks
|
|
The upcoming beam_ssa_bsm pass makes this redundant.
|
|
Clean up variable-related cruft in new SSA passes
|
|
Add a more scalable ETS ordered_set implementation
|
|
* maint:
crypto: Fix accidental merge
|
|
Commit 8c47a7657d03777a03a6838c7ec937b6347d07f8 accidently
reverted the changes in lib/crypto/src/crypto.erl correctly
introduced in e8de0736005e91afd992e49f434e08c940eddfa0
This fix re-introduces the correct changes.
|
|
|
|
|
|
|
|
|
|
Now that variables are represented as #b_var{}, there's no longer
any risk of colliding with anything else.
|
|
We chose to refer to variables through their var_name() because we
anticipated the need to annotate them, but it turned out we didn't
really need that, and many things become a lot cleaner if the
entire #b_var{} is used to represent variables.
|
|
|
|
* ingela/ERL-622/fix:
ssl: Move link to correct process
|
|
The link should be between the connection process and the tls_sender
process. But the start of the tls_sender process needs to be done
by the process that also starts the connection process in order to
correctly create the opaque #ssl_socket{}.
|
|
OTP-14737
* raimo/stdlib/gen_statem-cleanup:
Improve user's guide on time-outs
Clean up and optimize code and doc
|
|
|
|
* raimo/receive-TOS-TCLASS/ERIERL-187/OTP-15145:
Elaborate the disclaimer for 'pktoptions'
Improve platform filter
Fix endianness bug for CMSG parsing
|
|
|
|
|
|
* maint:
crypto: Re-work the 'Description' section
crypto: Add warnings in RefMan and User's Guide for experimental RSA opts
|
|
Links and contents needs update.
|
|
Replace beam_dead with beam_ssa_dead
|
|
OTP-14461 - New 'rand' algorithm: Xoroshiro928** also for 'crypto'
Implement a new 'rand' algorithm named 'exro928ss' and a new 'crypto' plugin for 'rand' named 'crypto_aes'.
Both are based on Xoroshiro928** which is derived from Xoroshiro1024** modified to use 58-bit words for performance reasons in the Erlang VM. Xoroshiro1024** has got the Xoroshiro1024 generator and the StarStar scrambler from the 2018 paper "Scrambled Linear Pseudorandom Number Generators" by David Blackman and Sebastiano Vigna.
This generator and scrambler combination shows no systematic weaknesses in standard statistical tests as TestU01(BigCrush) and PractRand, unlike the previously used * and + scramblers in the 'rand' module that exhibit statistical weaknesses for the lowest bits.
The 'crypto' plugin uses AES-256 as scrambler and the Xoroshiro928 as generator, which gives the same very long period and jump functions as for Xoroshiro928**, but a cryptographically secure scrambler gives absolutely no detectable statistical weaknesses regardless of how the generated numbers are used.
The speed of 'exro928ss' is only about 30-50% slower than the default fast 'rand' algorithm, but the state is roughly the double and it produces about 8 times the garbage per iteration.
The speed of 'crypto_aes' is about half (amortized) that of the default fast 'rand' algorithm which is fast and thanks to doing encryption in batches caching the result. Hence the state is much larger.
|
