| Age | Commit message (Collapse) | Author |
|---|
|
The current crypto module implementations require all of the data
being encrypted or authenticated to be in memory at one time. When
trying to encrypt or authenticate a large file (on order of GBs),
this is problematic.
The implementation of AES CTR uses the same underlying implementation
as aes_ctr_[en|de]crypt, but hands the state back to the client
after every operation.
The HMAC implementation differs from the previous implementations of
sha_mac and md5_mac. The old implementations did not utilize the
OpenSSL HMAC implementation. In order to ensure that I didn't
implement something incorrectly, I chose to use the OpenSSL HMAC
implementation directly, since it handles streaming as well. This
has the added side benefit of allowing other hash functions to be
used as desired (for instances, I added support for ripemd160
hashing).
While I haven't done this, it seems like the existing md5_mac and
sha_mac functions could either be depricated or redefined in terms
of the new hmac_ functions.
Update AES CTR and HMAC streaming with code review input
Ensure that memcpy operations in hmac operations are being size
checked properly. Rename aes_ctr_XXX_with_state to
aes_ctr_stream_XXX. Remove redundant hmac_init_[sha|md5|ripemd160]
functions. Fix documentation for hmac_final_n.
Fix possible error using negative value as a marker on an unsigned int
Now, use a separate marker and add a unit test to test specifically for
a case where HashLen is larger than the underlying resultant hash.
Revert "Fix possible error using negative value as a marker on an unsigned int"
This reverts commit 59cb177aa96444c0fd3ace6d01f7b8a70dd69cc9.
Resolve buffer overflow posibility on an unsigned int.
Change handling the marker for HashLen to use the fact that a second
parameter that has to be the the HashLen was passed. Also, ensure
that HashLen parameter is positive.
|
|
* ia/public_key/users-guide/examples:
Corrected documentation error and added examples to Users Guide
|
|
into dev
* ia/ssl/do_not_invalidate_session_on_improper_close/OTP-9310:
In TLS 1.1, failure to properly close a connection no longer requires that a session not be resumed. This is a change from TLS 1.0 to conform with widespread implementation practice. Erlang ssl will now in TLS 1.0 conform to the widespread implementation practice instead of the specification to avoid performance issues.
|
|
|
|
|
|
|
|
* hb/edoc/bugfixes/OTP-9301:
Fix bugs concerning the option report_missing_types
|
|
that a session not be resumed. This is a change from TLS 1.0 to
conform with widespread implementation practice. Erlang ssl will now
in TLS 1.0 conform to the widespread implementation practice instead
of the specification to avoid performance issues.
|
|
|
|
* ta/re-doc:
re: remove gratuitous "it " in manpage
OTP-9307
|
|
|
|
|
|
|
|
* uw/mnesia-majority:
dialyzer warning on mnesia_tm
Add documentation text about majority checking
add mnesia_majority_test suite
where_to_wlock optimization + change_table_majority/2
bug in mnesia_tm:needs_majority/2
optimize sticky_lock maj. check
check majority for sticky locks
Write locks now check majority when needed.
Add {majority, boolean()} per-table option.
OTP-9304
|
|
|
|
Earlier, reltool expected all module names detected under the lib
directories to have unique names. If this was not the case, the result
was undefined - i.e. the beam file of the duplicated module might be
included in multiple applications in the target area, or it might even
be excluded from all applications.
This commit adds awareness in reltool that a module might occur in
multiple applications, and it is allowed as long as the module or it's
application is explicitely excluded in all but one of the containing
applications.
|
|
* siri/sasl/rb-bugs/OTP-9149:
Bugfix in rb:filter when using 're' (regexp) and 'no'
Don't attempt to do supervisor:delete_child for temporary child
Never fail when stopping rb, and fix file descriptor leak
|
|
Bugs concerning the option report_missing_types that was added in
EDoc-0.7.7 have been corrected: the option was misspelled in the
source, and local definitions as well as the function tags @private
and @hidden were not handled correctly. (Thanks to Manolis Papadakis.)
|
|
|
|
|
|
Merge branch 'bmk/snmp/snmp420_integration' into dev
|
|
|
|
* ss/fix-cover-fd-leak:
Add a check logic to prevent file descriptor leak
Fix file descriptor leak
OTP-9300
|
|
The support for using Dialyzer specifications and types has been
improved.
|
|
test_server:timetrap_scale_factor to common test when starting a test run.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Since the table loader also sets (table) write locks, a special
lock type, 'load', was needed. Unfortunately, this affects mnesia
activity callbacks that redefine the lock operation.
|
|
With {majority, true} set for a table, write transactions will
abort if they cannot commit to a majority of the nodes that
have a copy of the table. Currently, the implementation hooks
into the prepare_commit, and forces an asymmetric transaction
if the commit set affects any table with the majority flag set.
In the commit itself, the transaction will abort if it cannot
satisfy the majority requirement for all tables involved in the
thransaction.
A future optimization might be to abort already when a write
lock is attempted on such a table (/-object) and the lock cannot
be set on enough nodes.
This functionality introduces the possibility to automatically
"fence off" a table in the presence of failures.
This is a first implementation. Only basic tests have been
performed.
|
|
section to the "Fixed..." section.
Merge branch 'bmk/snmp/snmp420_integration' into dev
|
|
|
|
OTP-9088: [agent] Added support for sending traps to IPv6 targets.
OTP-9119: [agent] To be able to handle multiple engine-id(s) when
sending trap(s), the function
snmp_community_mib:add_community/6 has been added.
OTP-9162: [manager] The API for snmp requests has been augmented to
allow the caller to override some configuration.
OTP-9174: [manager] The old API functions (for get and set
requests) are now officially deprecated.
OTP-9183: [agent] Pass extra info through the agent to the net-if
process when sending notifications.
OTP-9208: Added type specs for functions that do not return.
Kostis Sagonas
Merge branch 'bmk/snmp/snmp420_integration' into dev
|
|
Filipe David Manana
OTP-9114: [ftp] Added (type) spec for all exported functions.
OTP-9123: mod_esi:deliver/2 made to accept binary data.
Bernard Duggan
OTP-9124: [httpd] Prevent XSS in error pages.
Michael Santos
OTP-9131: [httpd] Wrong security property names used in documentation.
Garrett Smith
OTP-9157: [httpd] Improved error messages.
Ricardo Catalinas Jim�nez
OTP-9158: [httpd] Fix timeout message generated by mod_esi.
Bernard Duggan
OTP-9202: [httpd] Extended support for file descriptors.
Attila Rajmund Nohl
OTP-9230: The default ssl kind has now been changed to essl.
OTP-9246: [httpc] httpc manager crash because of a handler retry
race condition.
Merge branch 'bmk/inets/inet56_integration' into dev
|
|
* ia/ssl/sometimes-fails-when-reuseing-session/OTP-9283:
Ssl sometimes fails when reusing a session
|
|
For this case to work, we need crypto!
|
|
* hb/stdlib/dets_tablenames/OTP-9282:
Allow Dets tablenames to be arbitrary terms
Conflicts:
lib/stdlib/src/dets.erl
|
|
* hb/stdlib/doc_specs/OTP-9271:
Use Erlang specs and types for documentation
Conflicts:
lib/stdlib/doc/src/timer.xml
|
|
* hb/stdlib/specs/OTP-9267:
Types and specifications have been modified and added
Conflicts:
lib/stdlib/src/timer.erl
|
|
* hb/kernel/doc_specs/OTP-9272:
Use Erlang specs and types for documentation
|
|
* hb/kernel/specs/OTP-9268:
Types and specifications have been modified and added
|
|
Invalidation of a session for reusing should first flag that the
session may no longer be reused and then later when all possible
pending reuses have been handled delete the session from the
database. This could otherwise cause the client to terminate due to
{badarg,[{erlang,byte_size,[undefined]}, and the server to terminate due to
{{badmatch,{resumed,undefined}}.
|
|
There was an inconsistency in the filter function, as
filter([{Key,Regexp,re,no}]) did not work in the same way as
filter([{Key,Value,no}])
The first filter only returned 'proplist' reports, while the second
returned *all* reports that didn't match the Value. This has been
corrected so both filters now return all reports that don't match.
|
|
|
|
After a bug fix supervisor does no longer save childspecs for
temporary children. Due to this, all calls to supervisor:delete_child
will fail for temporary children. rb:stop is therefore now rewritten
to only do supervisor:terminate_child.
|
|
rb:stop did sometimes return {error,running}.
This came from supervisor:delete_child and happened when the rb_server
has not yet terminated when this function was called. Instead of
having a separate gen_server call to rb_server for stopping the
process, supervisor:terminate_child is now called. This is a
synchronous function - i.e. it waits for the process to actually
terminate before it returns.
A file descriptor leak in rb:scan_files is corrected. The index file
was never closed after reading.
|
