diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/common_test/doc/src/ct_suite.xml | 8 | ||||
| -rw-r--r-- | lib/common_test/doc/src/run_test_chapter.xml | 2 | ||||
| -rw-r--r-- | lib/common_test/doc/src/write_test_chapter.xml | 6 | ||||
| -rw-r--r-- | lib/common_test/src/ct_suite.erl | 4 | ||||
| -rw-r--r-- | lib/compiler/doc/src/notes.xml | 15 | ||||
| -rw-r--r-- | lib/compiler/src/beam_ssa_check.erl | 5 | ||||
| -rw-r--r-- | lib/compiler/src/beam_ssa_private_append.erl | 21 | ||||
| -rw-r--r-- | lib/compiler/test/beam_ssa_check_SUITE_data/private_append.erl | 27 | ||||
| -rw-r--r-- | lib/compiler/test/beam_ssa_check_SUITE_data/sanity_checks.erl | 16 | ||||
| -rw-r--r-- | lib/compiler/vsn.mk | 2 | ||||
| -rw-r--r-- | lib/os_mon/doc/src/notes.xml | 17 | ||||
| -rw-r--r-- | lib/os_mon/vsn.mk | 2 | ||||
| -rw-r--r-- | lib/ssl/doc/src/ssl.xml | 64 | ||||
| -rw-r--r-- | lib/ssl/src/ssl.erl | 45 | ||||
| -rw-r--r-- | lib/ssl/src/tls_client_connection_1_3.erl | 10 | ||||
| -rw-r--r-- | lib/ssl/src/tls_v1.erl | 18 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_reject_SUITE.erl | 5 | ||||
| -rw-r--r-- | lib/ssl/test/tls_api_SUITE.erl | 22 | ||||
| -rw-r--r-- | lib/wx/c_src/Makefile.in | 6 |
19 files changed, 255 insertions, 40 deletions
diff --git a/lib/common_test/doc/src/ct_suite.xml b/lib/common_test/doc/src/ct_suite.xml index 8740a3ff79..cc926fbcbb 100644 --- a/lib/common_test/doc/src/ct_suite.xml +++ b/lib/common_test/doc/src/ct_suite.xml @@ -85,7 +85,9 @@ <fsummary>Returns the list of all test case groups and test cases in the module.</fsummary> <type> - <v><seetype marker="#ct_test_def">ct_test_def()</seetype> = TestCase | {group, GroupName} | {group, GroupName, Properties} | {group, GroupName, Properties, SubGroups}</v> + <v><seetype marker="#ct_test_def">ct_test_def()</seetype> = TestCase | + {group, GroupName} | {group, GroupName, Properties} | {group, GroupName, + Properties, SubGroups} | {testcase, TestCase, TestCaseRepeatType}</v> <v>TestCase = <seetype marker="#ct_testname">ct_testname()</seetype></v> <v>GroupName = <seetype marker="#ct_groupname">ct_groupname()</seetype></v> <v>Properties = [parallel | sequence | Shuffle | {RepeatType, N}] | default</v> @@ -93,6 +95,7 @@ <v>Shuffle = shuffle | {shuffle, Seed}</v> <v>Seed = {integer(), integer(), integer()}</v> <v>RepeatType = repeat | repeat_until_all_ok | repeat_until_all_fail | repeat_until_any_ok | repeat_until_any_fail</v> + <v>TestCaseRepeatType = [{repeat, N} | {repeat_until_ok, N} | {repeat_until_fail, N}]</v> <v>N = integer() | forever</v> <v>Reason = term()</v> </type> @@ -135,11 +138,12 @@ <v><seetype marker="#ct_group_def">ct_group_def()</seetype> = {GroupName, Properties, GroupsAndTestCases}</v> <v>GroupName = <seetype marker="#ct_groupname">ct_groupname()</seetype></v> <v>Properties = [parallel | sequence | Shuffle | {RepeatType, N}]</v> - <v>GroupsAndTestCases = [Group | {group, GroupName} | TestCase]</v> + <v>GroupsAndTestCases = [Group | {group, GroupName} | TestCase | {testcase, TestCase, TestCaseRepeatType}]</v> <v>TestCase = <seetype marker="#ct_testname">ct_testname()</seetype></v> <v>Shuffle = shuffle | {shuffle, Seed}</v> <v>Seed = {integer(), integer(), integer()}</v> <v>RepeatType = repeat | repeat_until_all_ok | repeat_until_all_fail | repeat_until_any_ok | repeat_until_any_fail</v> + <v>TestCaseRepeatType = [{repeat, N} | {repeat_until_ok, N} | {repeat_until_fail, N}]</v> <v>N = integer() | forever</v> </type> diff --git a/lib/common_test/doc/src/run_test_chapter.xml b/lib/common_test/doc/src/run_test_chapter.xml index f9416e1bee..ea33b9d8f9 100644 --- a/lib/common_test/doc/src/run_test_chapter.xml +++ b/lib/common_test/doc/src/run_test_chapter.xml @@ -763,7 +763,7 @@ finally function <c>end_per_group</c>. Also, if particular test cases in a group are specified, <c>init_per_group</c> and <c>end_per_group</c>, for the group in question, are - called. If a group defined (in <c>Suite:group/0</c>) as + called. If a group defined (in <c>Suite:groups/0</c>) as a subgroup of another group, is specified (or if particular test cases of a subgroup are), <c>Common Test</c> calls the configuration functions for the top-level groups and for the subgroup diff --git a/lib/common_test/doc/src/write_test_chapter.xml b/lib/common_test/doc/src/write_test_chapter.xml index 8f7c7e8177..99571bbdae 100644 --- a/lib/common_test/doc/src/write_test_chapter.xml +++ b/lib/common_test/doc/src/write_test_chapter.xml @@ -515,14 +515,14 @@ <c>{group,GroupName,Properties,SubGroups}</c> Where, <c>SubGroups</c> is a list of tuples, <c>{GroupName,Properties}</c> or <c>{GroupName,Properties,SubGroups}</c> representing the subgroups. - Any subgroups defined in <c>group/0</c> for a group, that are not specified + Any subgroups defined in <c>groups/0</c> for a group, that are not specified in the <c>SubGroups</c> list, executes with their predefined properties.</p> <p><em>Example:</em></p> <pre> - groups() -> {tests1, [], [{tests2, [], [t2a,t2b]}, - {tests3, [], [t31,t3b]}]}.</pre> + groups() -> [{tests1, [], [{tests2, [], [t2a,t2b]}, + {tests3, [], [t31,t3b]}]}].</pre> <p>To execute group <c>tests1</c> twice with different properties for <c>tests2</c> each time:</p> <pre> diff --git a/lib/common_test/src/ct_suite.erl b/lib/common_test/src/ct_suite.erl index a2d23e15ef..860efe3ae2 100644 --- a/lib/common_test/src/ct_suite.erl +++ b/lib/common_test/src/ct_suite.erl @@ -47,9 +47,9 @@ {group, ct_groupname(), ct_group_props_ref()} | {group, ct_groupname(), ct_group_props_ref(), ct_subgroups_def()}. -type ct_testcase_ref() :: {testcase, ct_testname(), ct_testcase_repeat_prop()}. --type ct_testcase_repeat_prop() :: {repeat, ct_test_repeat()} | +-type ct_testcase_repeat_prop() :: [{repeat, ct_test_repeat()} | {repeat_until_ok, ct_test_repeat()} | - {repeat_until_fail, ct_test_repeat()}. + {repeat_until_fail, ct_test_repeat()}]. -type ct_info() :: {timetrap, ct_info_timetrap()} | {require, ct_info_required()} | {require, Name :: atom(), ct_info_required()} | diff --git a/lib/compiler/doc/src/notes.xml b/lib/compiler/doc/src/notes.xml index 75396f4c0f..f92505409c 100644 --- a/lib/compiler/doc/src/notes.xml +++ b/lib/compiler/doc/src/notes.xml @@ -32,6 +32,21 @@ <p>This document describes the changes made to the Compiler application.</p> +<section><title>Compiler 8.2.6</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>Fixed type handling bugs that could cause an internal + error in the compiler for correct code.</p> + <p> + Own Id: OTP-18565 Aux Id: GH-7147 </p> + </item> + </list> + </section> + +</section> + <section><title>Compiler 8.2.5</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/compiler/src/beam_ssa_check.erl b/lib/compiler/src/beam_ssa_check.erl index 0d3faa0ee2..f344286943 100644 --- a/lib/compiler/src/beam_ssa_check.erl +++ b/lib/compiler/src/beam_ssa_check.erl @@ -285,8 +285,9 @@ env_post1(_Pattern, _Actual, _Env) -> ?DP("Failed to match ~p <-> ~p~n", [_Pattern, _Actual]), error({internal_pattern_match_error,env_post1}). -post_bitstring(Bytes, Actual, _Env) -> - Actual = build_bitstring(Bytes, <<>>). +post_bitstring(Bytes, Actual, Env) -> + Actual = build_bitstring(Bytes, <<>>), + Env. %% Convert the parsed literal binary to an actual bitstring. build_bitstring([{integer,_,V}|Bytes], Acc) -> diff --git a/lib/compiler/src/beam_ssa_private_append.erl b/lib/compiler/src/beam_ssa_private_append.erl index bf51e8b81a..c295492762 100644 --- a/lib/compiler/src/beam_ssa_private_append.erl +++ b/lib/compiler/src/beam_ssa_private_append.erl @@ -86,6 +86,17 @@ find_appends_blk([], _, Found) -> Found. find_appends_is([#b_set{dst=Dst, op=bs_create_bin, + args=[#b_literal{val=append}, + _, + Lit=#b_literal{val= <<>>}|_]}|Is], + Fun, Found0) -> + %% Special case for when the first fragment is a literal <<>> as + %% it won't be annotated as unique nor will it die with the + %% instruction. + AlreadyFound = maps:get(Fun, Found0, []), + Found = Found0#{Fun => [{append,Dst,Lit}|AlreadyFound]}, + find_appends_is(Is, Fun, Found); +find_appends_is([#b_set{dst=Dst, op=bs_create_bin, args=[#b_literal{val=append},SegmentInfo,Var|_], anno=#{first_fragment_dies:=Dies}=Anno}|Is], Fun, Found0) -> @@ -468,6 +479,16 @@ patch_appends_is([I0=#b_set{dst=Dst}|Rest], PD0, Cnt0, Acc, BlockAdditions0) Ps = keysort(1, map(ExtractOpargs, Patches)), {Is, Cnt} = patch_opargs(I0, Ps, Cnt0), patch_appends_is(Rest, PD, Cnt, Is++Acc, BlockAdditions0); + [{append,Dst,#b_literal{val= <<>>}=Lit}] -> + %% Special case for when the first fragment is a literal + %% <<>> and it has to be replaced with a bs_init_writable. + #b_set{op=bs_create_bin,dst=Dst,args=Args0}=I0, + [#b_literal{val=append},SegInfo,Lit|OtherArgs] = Args0, + {V,Cnt} = new_var(Cnt0), + Init = #b_set{op=bs_init_writable,dst=V,args=[#b_literal{val=256}]}, + I = I0#b_set{args=[#b_literal{val=private_append}, + SegInfo,V|OtherArgs]}, + patch_appends_is(Rest, PD, Cnt, [I,Init|Acc], BlockAdditions0); [{append,Dst,_}] -> #b_set{op=bs_create_bin,dst=Dst,args=Args0}=I0, [#b_literal{val=append}|OtherArgs] = Args0, diff --git a/lib/compiler/test/beam_ssa_check_SUITE_data/private_append.erl b/lib/compiler/test/beam_ssa_check_SUITE_data/private_append.erl index 4d4b0f1bbd..c1edc54460 100644 --- a/lib/compiler/test/beam_ssa_check_SUITE_data/private_append.erl +++ b/lib/compiler/test/beam_ssa_check_SUITE_data/private_append.erl @@ -22,6 +22,8 @@ %% -module(private_append). +-feature(maybe_expr, enable). + -export([transformable0/1, transformable1/1, transformable1b/1, @@ -76,7 +78,9 @@ not_transformable14/0, not_transformable15/2, - id/1]). + id/1, + + bs_create_bin_on_literal/0]). %% Trivial smoke test transformable0(L) -> @@ -977,3 +981,24 @@ not_transformable15(_, V) -> id(I) -> I. + +%% Check that we don't try to private_append to something created by +%% bs_create_bin `append`, _, `<<>>`, ... +bs_create_bin_on_literal() -> +%ssa% () when post_ssa_opt -> +%ssa% X = bs_init_writable(_), +%ssa% Y = bs_create_bin(private_append, _, X, ...), +%ssa% Z = bs_create_bin(private_append, _, Y, ...), +%ssa% ret(Z). + << + << + (maybe + 2147483647 ?= ok + else + <<_>> -> + ok; + _ -> + <<>> + end)/bytes + >>/binary + >>. diff --git a/lib/compiler/test/beam_ssa_check_SUITE_data/sanity_checks.erl b/lib/compiler/test/beam_ssa_check_SUITE_data/sanity_checks.erl index ae4bb28eea..47c60fd8d6 100644 --- a/lib/compiler/test/beam_ssa_check_SUITE_data/sanity_checks.erl +++ b/lib/compiler/test/beam_ssa_check_SUITE_data/sanity_checks.erl @@ -18,6 +18,8 @@ -module(sanity_checks). +-compile(no_ssa_opt_private_append). + -export([check_fail/0, check_wrong_pass/0, check_xfail/0, @@ -33,7 +35,9 @@ t25/0, t26/0, t27/0, t28/0, t29/0, t30/0, t31/0, t32/1, t33/1, t34/1, t35/1, t36/0, t37/0, t38/0, t39/1, - t40/0, t41/0, t42/0, t43/0, t44/0]). + t40/0, t41/0, t42/0, t43/0, t44/0, + + check_env/0]). %% Check that we do not trigger on the wrong pass check_wrong_pass() -> @@ -325,3 +329,13 @@ t44() -> %ssa% () when post_ssa_opt -> %ssa% _ = call(fun e:f0/1, {...}). e:f0({}). + +%% Ensure bug which trashed the environment after matching a literal +%% bitstring stays fixed. +check_env() -> +%ssa% () when post_ssa_opt -> +%ssa% X = bs_create_bin(append, _, <<>>, ...), +%ssa% ret(X). + A = <<>>, + B = ex:f(), + <<A/binary, B/binary>>. diff --git a/lib/compiler/vsn.mk b/lib/compiler/vsn.mk index 0c4eae4d45..fa46ea4097 100644 --- a/lib/compiler/vsn.mk +++ b/lib/compiler/vsn.mk @@ -1 +1 @@ -COMPILER_VSN = 8.2.5 +COMPILER_VSN = 8.2.6 diff --git a/lib/os_mon/doc/src/notes.xml b/lib/os_mon/doc/src/notes.xml index 1fac53d330..439c1e839a 100644 --- a/lib/os_mon/doc/src/notes.xml +++ b/lib/os_mon/doc/src/notes.xml @@ -31,6 +31,23 @@ </header> <p>This document describes the changes made to the OS_Mon application.</p> +<section><title>Os_Mon 2.8.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Avoid error report from failing <c>erlang:port_close</c> + at shutdown of <c>cpu_sup</c> and <c>memsup</c>. Bug + exists since OTP 25.3 (os_mon-2.8.1).</p> + <p> + Own Id: OTP-18559 Aux Id: ERIERL-942 </p> + </item> + </list> + </section> + +</section> + <section><title>Os_Mon 2.8.1</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/os_mon/vsn.mk b/lib/os_mon/vsn.mk index 9e64a83612..d6878e6773 100644 --- a/lib/os_mon/vsn.mk +++ b/lib/os_mon/vsn.mk @@ -1 +1 @@ -OS_MON_VSN = 2.8.1 +OS_MON_VSN = 2.8.2 diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index 700709ed7a..b4a30a68c8 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -477,12 +477,10 @@ {sha384, ecdsa}, {sha384, rsa}, {sha256, ecdsa}, -{sha256, rsa}, -{sha224, ecdsa}, -{sha224, rsa} +{sha256, rsa} ]</code> -<p>Support for {md5, rsa} was removed from the the TLS-1.2 default in ssl-8.0 (OTP-22) and support for SHA1 {sha, _} was removed in ssl-11.0 (OTP-26) </p> +<p>Support for {md5, rsa} was removed from the the TLS-1.2 default in ssl-8.0 (OTP-22) and support for SHA1 {sha, _} and SHA224 {sha224, _} was removed in ssl-11.0 (OTP-26) </p> <p><c> rsa_pss_schemes =</c></p> <code> @@ -521,10 +519,10 @@ rsa_pss_schemes() <p>EDDSA was made highest priority in ssl-10.8 (OTP-25) </p> <p>TLS-1.3 default is</p> -<code>Default_TLS_13_Schemes ++ Legacy_TLS_13_Schemes </code> +<code>Default_TLS_13_Schemes</code> <p>If both TLS-1.3 and TLS-1.2 are supported the default will be</p> -<code>Default_TLS_13_Schemes ++ Default_TLS_12_Alg_Pairs </code> +<code>Default_TLS_13_Schemes ++ TLS_13_Legacy_Schemes ++ Default_TLS_12_Alg_Pairs (not represented in TLS_13_Legacy_Schemes) </code> <p>so appropriate algorithms can be chosen for the negotiated version. @@ -2175,6 +2173,60 @@ fun(srp, Username :: binary(), UserState :: term()) -> is useful.</p> </desc> </func> + + <func> + <name since="OTP @OTP-18572@" name="signature_algs" arity="2" /> + <fsummary>Returns a list of signature algorithms/schemes </fsummary> + <desc> + <p>Lists all possible signature algorithms corresponding to + <c>Description</c> that are available. The + <c>exclusive</c> option will exclusively list + algorithms/schemes for that protocol version, whereas the + <c>default</c> and <c>all</c> options lists the combined list to support the + range of protocols from (D)TLS-1.2, the first version to support + configuration of the signature algorithms, to <c>Version</c>.</p> + + <p> Example: <c> + + 1> ssl:signature_algs(default, 'tlsv1.3'). + [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512, + ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256, + rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256, + rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256, + {sha512,ecdsa}, + {sha384,ecdsa}, + {sha256,ecdsa}] + + 2>ssl:signature_algs(all, 'tlsv1.3'). + [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512, + ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256, + rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256, + rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256, + {sha512,ecdsa}, + {sha384,ecdsa}, + {sha256,ecdsa}, + {sha224,ecdsa}, + {sha224,rsa}, + {sha,rsa}, + {sha,dsa}] + + 3> ssl:signature_algs(exclusive, 'tlsv1.3'). + [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512, + ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256, + rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256, + rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256] + </c></p> + + <note><p>Some TLS-1-3 scheme names overlap with TLS-1.2 + algorithm-tuple-pair-names and then TLS-1.3 names will be + used, for example <c>rsa_pkcs1_sha256</c> instead of + <c>{sha256, rsa}</c> these are legacy algorithms in TLS-1.3 + that apply only to certificate signatures in this version of + the protocol.</p></note> + </desc> + </func> <func> <name since="" name="sockname" arity="1" /> diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index c96173e98b..0a1db06804 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -81,6 +81,7 @@ filter_cipher_suites/2, prepend_cipher_suites/2, append_cipher_suites/2, + signature_algs/2, eccs/0, eccs/1, versions/0, @@ -183,12 +184,11 @@ -type hash() :: sha2() | legacy_hash(). % exported --type sha2() :: sha224 | - sha256 | - sha384 | - sha512. +-type sha2() :: sha256 | + sha384 | + sha512. --type legacy_hash() :: sha | md5. +-type legacy_hash() :: sha224 | sha | md5. -type sign_algo() :: rsa | dsa | ecdsa | eddsa. % exported @@ -1106,6 +1106,41 @@ append_cipher_suites(Filters, Suites) -> (Suites -- Deferred) ++ Deferred. %%-------------------------------------------------------------------- +-spec signature_algs(Description, Version) -> [signature_algs()] when + Description :: default | all | exclusive, + Version :: protocol_version(). + +%% Description: Returns possible signature algorithms/schemes +%% for TLS/DTLS version +%%-------------------------------------------------------------------- + +signature_algs(default, 'tlsv1.3') -> + tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'), + tls_record:protocol_version_name('tlsv1.2')]); +signature_algs(default, 'tlsv1.2') -> + tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]); +signature_algs(all, 'tlsv1.3') -> + tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3'), + tls_record:protocol_version_name('tlsv1.2')]) ++ + tls_v1:legacy_signature_algs_pre_13(); +signature_algs(all, 'tlsv1.2') -> + tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]) ++ + tls_v1:legacy_signature_algs_pre_13(); +signature_algs(exclusive, 'tlsv1.3') -> + tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.3')]); +signature_algs(exclusive, 'tlsv1.2') -> + Algs = tls_v1:default_signature_algs([tls_record:protocol_version_name('tlsv1.2')]), + Algs ++ tls_v1:legacy_signature_algs_pre_13(); +signature_algs(Description, 'dtlsv1.2') -> + signature_algs(Description, 'tlsv1.2'); +signature_algs(Description, Version) when Description == default; + Description == all; + Description == exclusive-> + {error, {signature_algs_not_supported_in_protocol_version, Version}}; +signature_algs(Description,_) -> + {error, {badarg, Description}}. + +%%-------------------------------------------------------------------- -spec eccs() -> NamedCurves when NamedCurves :: [named_curve()]. diff --git a/lib/ssl/src/tls_client_connection_1_3.erl b/lib/ssl/src/tls_client_connection_1_3.erl index d5742ea390..8f7486d419 100644 --- a/lib/ssl/src/tls_client_connection_1_3.erl +++ b/lib/ssl/src/tls_client_connection_1_3.erl @@ -316,6 +316,10 @@ hello_middlebox_assert(enter, _, State) -> {keep_state, State}; hello_middlebox_assert(internal, #change_cipher_spec{}, State) -> tls_gen_connection:next_event(wait_ee, no_record, State); +hello_middlebox_assert(internal = Type, #encrypted_extensions{} = Msg, #state{ssl_options = #{log_level := Level}} = State) -> + ssl_logger:log(warning, Level, #{description => "Failed to assert middlebox server message", + reason => [{missing, #change_cipher_spec{}}]}, ?LOCATION), + ssl_gen_statem:handle_common_event(Type, Msg, ?FUNCTION_NAME, State); hello_middlebox_assert(info, Msg, State) -> tls_gen_connection:handle_info(Msg, ?FUNCTION_NAME, State); hello_middlebox_assert(Type, Msg, State) -> @@ -331,8 +335,10 @@ hello_retry_middlebox_assert(enter, _, State) -> {keep_state, State}; hello_retry_middlebox_assert(internal, #change_cipher_spec{}, State) -> tls_gen_connection:next_event(wait_sh, no_record, State); -hello_retry_middlebox_assert(internal, #server_hello{}, State) -> - tls_gen_connection:next_event(?FUNCTION_NAME, no_record, State, [postpone]); +hello_retry_middlebox_assert(internal = Type, #server_hello{} = Msg, #state{ssl_options = #{log_level := Level}} = State) -> + ssl_logger:log(warning, Level, #{description => "Failed to assert middlebox server message", + reason => [{missing, #change_cipher_spec{}}]}, ?LOCATION), + ssl_gen_statem:handle_common_event(Type, Msg, ?FUNCTION_NAME, State); hello_retry_middlebox_assert(info, Msg, State) -> tls_gen_connection:handle_info(Msg, ?FUNCTION_NAME, State); hello_retry_middlebox_assert(Type, Msg, State) -> diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 7404365520..8eda30506a 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -55,6 +55,7 @@ oid_to_enum/1, enum_to_oid/1, default_signature_algs/1, + legacy_signature_algs_pre_13/0, signature_algs/2, signature_schemes/2, rsa_schemes/0, @@ -885,7 +886,8 @@ signature_algs(?TLS_1_2, HashSigns) -> default_signature_algs([?TLS_1_3]) -> default_signature_schemes(?TLS_1_3) ++ legacy_signature_schemes(?TLS_1_3); default_signature_algs([?TLS_1_3, ?TLS_1_2 | _]) -> - default_signature_schemes(?TLS_1_3) ++ default_pre_1_3_signature_algs_only(); + default_signature_schemes(?TLS_1_3) ++ legacy_signature_schemes(?TLS_1_3) + ++ default_pre_1_3_signature_algs_only(); default_signature_algs([?TLS_1_2 = Version |_]) -> Default = [%% SHA2 ++ PSS {sha512, ecdsa}, @@ -899,9 +901,7 @@ default_signature_algs([?TLS_1_2 = Version |_]) -> {sha256, ecdsa}, rsa_pss_pss_sha256, rsa_pss_rsae_sha256, - {sha256, rsa}, - {sha224, ecdsa}, - {sha224, rsa} + {sha256, rsa} ], signature_algs(Version, Default); default_signature_algs(_) -> @@ -910,16 +910,14 @@ default_signature_algs(_) -> default_pre_1_3_signature_algs_only() -> Default = [%% SHA2 {sha512, ecdsa}, - {sha512, rsa}, {sha384, ecdsa}, - {sha384, rsa}, - {sha256, ecdsa}, - {sha256, rsa}, - {sha224, ecdsa}, - {sha224, rsa} + {sha256, ecdsa} ], signature_algs(?TLS_1_2, Default). +legacy_signature_algs_pre_13() -> + [{sha224, ecdsa}, {sha224, rsa}, {sha, rsa}, {sha, dsa}]. + signature_schemes(Version, [_|_] =SignatureSchemes) when is_tuple(Version) andalso ?TLS_GTE(Version, ?TLS_1_2) -> CryptoSupports = crypto:supports(), diff --git a/lib/ssl/test/ssl_reject_SUITE.erl b/lib/ssl/test/ssl_reject_SUITE.erl index cc24ffbcfe..be79e0543b 100644 --- a/lib/ssl/test/ssl_reject_SUITE.erl +++ b/lib/ssl/test/ssl_reject_SUITE.erl @@ -184,9 +184,12 @@ accept_sslv3_record_hello(Config) when is_list(Config) -> Allversions = all_versions(), + AllSigAlgs = ssl:signature_algs(all, 'tlsv1.3'), + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, - {options, [{versions, Allversions} | ServerOpts]}]), + {options, [{versions, Allversions}, + {signature_algs, AllSigAlgs} | ServerOpts]}]), Port = ssl_test_lib:inet_port(Server), %% TLS-1.X Hello with SSL-3.0 record version diff --git a/lib/ssl/test/tls_api_SUITE.erl b/lib/ssl/test/tls_api_SUITE.erl index 405bb74b2d..74b4e76566 100644 --- a/lib/ssl/test/tls_api_SUITE.erl +++ b/lib/ssl/test/tls_api_SUITE.erl @@ -109,7 +109,9 @@ accept_pool/0, accept_pool/1, reuseaddr/0, - reuseaddr/1 + reuseaddr/1, + signature_algs/0, + signature_algs/1 ]). %% Apply export @@ -1307,6 +1309,24 @@ tls_password_badarg(Config) when is_list(Config) -> {error, {keyfile,badarg}}). %%-------------------------------------------------------------------- +signature_algs() -> + [{doc, "Check that listing of signature algorithms for different version and configure combinations"}]. +signature_algs(Config) when is_list(Config) -> + true = [] =/= [Alg || Alg <- ssl:signature_algs(default, 'tlsv1.3'), is_tuple(Alg)], + true = [] == [Alg || Alg <- ssl:signature_algs(exclusive, 'tlsv1.3'), is_tuple(Alg)], + true = ssl:signature_algs(exclusive, 'tlsv1.3') =/= ssl:signature_algs(exclusive, 'tlsv1.2'), + true = length(ssl:signature_algs(defalt, 'tlsv1.2')) < + length(ssl:signature_algs(all, 'tlsv1.2')), + TLS_1_3_All = ssl:signature_algs(all, 'tlsv1.3'), + true = lists:member(rsa_pkcs1_sha512, TLS_1_3_All) andalso (not lists:member({sha512, rsa}, TLS_1_3_All)), + true = lists:member(rsa_pkcs1_sha384, TLS_1_3_All) andalso (not lists:member({sha384, rsa}, TLS_1_3_All)), + true = lists:member(rsa_pkcs1_sha256, TLS_1_3_All) andalso (not lists:member({sha256, rsa}, TLS_1_3_All)), + TLS_1_2_All = ssl:signature_algs(all, 'tlsv1.2'), + true = (not lists:member(rsa_pkcs1_sha512, TLS_1_2_All)) andalso lists:member({sha512, rsa}, TLS_1_2_All), + true = (not lists:member(rsa_pkcs1_sha384, TLS_1_2_All)) andalso lists:member({sha384, rsa}, TLS_1_2_All), + true = (not lists:member(rsa_pkcs1_sha256, TLS_1_2_All)) andalso lists:member({sha256, rsa}, TLS_1_2_All). + +%%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- diff --git a/lib/wx/c_src/Makefile.in b/lib/wx/c_src/Makefile.in index 87fc0354b6..6371f401c0 100644 --- a/lib/wx/c_src/Makefile.in +++ b/lib/wx/c_src/Makefile.in @@ -199,7 +199,11 @@ release_spec: opt $(INSTALL_PROGRAM) $(TARGET_DIR)/wxe_driver$(SO_EXT) "$(RELSYSDIR)/priv/" $(INSTALL_PROGRAM) $(TARGET_DIR)/erl_gl$(SO_EXT) "$(RELSYSDIR)/priv/" ifneq ($(WEBVIEW_LOADER_DLL_ORIG),) - $(INSTALL_PROGRAM) $(WEBVIEW_LOADER_DLL_DEST) "$(RELSYSDIR)/priv/" + $(INSTALL_PROGRAM) $(WEBVIEW_LOADER_DLL_DEST) "$(RELSYSDIR)/priv/" +endif +ifeq ($(SYS_TYPE),win32) + $(INSTALL_PROGRAM) $(TARGET_DIR)/wxe_driver.pdb "$(RELSYSDIR)/priv/" + $(INSTALL_PROGRAM) $(TARGET_DIR)/erl_gl.pdb "$(RELSYSDIR)/priv/" endif release_docs_spec: |