summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | | ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin2018-07-103-7/+15
| | | | | |
| * | | | | ssl: Correct key_usage checkIngela Anderton Andin2018-07-103-47/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
| * | | | | ssl: Fix ECDSA key decode clauseIngela Anderton Andin2018-07-101-1/+7
| | | | | |
| * | | | | ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin2018-07-104-196/+286
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
| * | | | | ssl: Run all test case combinationsIngela Anderton Andin2018-07-105-71/+267
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
| * | | | | ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin2018-07-106-10/+410
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
* | | | | kernel: Silence dialyzerSverker Eriksson2018-07-031-6/+6
|/ / / /
* | | | Prepare releaseErlang/OTP2018-06-286-4/+59
| | | |
* | | | Merge branch 'sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160' into maint-20Erlang/OTP2018-06-281-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | * sverker/ic/encode-atom-overrun/ERIERL-191/OTP-15160: ic: Fix buffer overrun bug in oe_ei_encode_atom
| * | | | ic: Fix buffer overrun bug in oe_ei_encode_atomSverker Eriksson2018-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | bug exists since OTP-20.3.4 1d3acb70debd134c8346b7e98347171d5cf6fc62
* | | | | Merge branch 'sverker/erl_interface/simultaneous-connect/OTP-15161' into ↵Erlang/OTP2018-06-281-3/+6
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | maint-20 * sverker/erl_interface/simultaneous-connect/OTP-15161: erl_interface: Fix simultaneous connection setup
| * | | | | erl_interface: Fix simultaneous connection setupSverker Eriksson2018-06-191-3/+6
| |/ / / / | | | | | | | | | | | | | | | by also accepting status "ok_simultaneous".
* | | | | Merge branch 'sverker/kernel/tick-fixes/OTP-15162' into maint-20Erlang/OTP2018-06-281-9/+10
|\ \ \ \ \ | |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | * sverker/kernel/tick-fixes/OTP-15162: kernel: Fix tick count bug when pending writes kernel: Send tick to hidden node even if pending writes
| * | | | kernel: Fix tick count bug when pending writesSverker Eriksson2018-06-281-6/+7
| | | | |
| * | | | kernel: Send tick to hidden node even if pending writesSverker Eriksson2018-06-281-3/+3
| |/ / / | | | | | | | | | | | | as c-nodes need ticks to send ticks.
* | | | Prepare releaseErlang/OTP2018-06-216-4/+65
| | | |
* | | | Merge branch 'hans/ssh/sftp_ver4_xfer/ERIERL-199/OTP-15149' into maint-20Erlang/OTP2018-06-211-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | * hans/ssh/sftp_ver4_xfer/ERIERL-199/OTP-15149: ssh: Fix ssh_xfer decode_ATTR error for Vsn=4
| * | | | ssh: Fix ssh_xfer decode_ATTR error for Vsn=4Hans Nilsson2018-06-201-1/+1
| | |/ / | |/| |
* | | | Merge branch 'hans/ssh/sftp_error_codes/ERIERL-194/OTP-15148' into maint-20Erlang/OTP2018-06-213-7/+20
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | * hans/ssh/sftp_error_codes/ERIERL-194/OTP-15148: ssh: Report the signal name if there is an exit-signal to sftpd ssh: Bug fix sftp error codes
| * | | | ssh: Report the signal name if there is an exit-signal to sftpdHans Nilsson2018-06-211-3/+3
| | | | |
| * | | | ssh: Bug fix sftp error codesHans Nilsson2018-06-212-4/+17
| |/ / / | | | | | | | | | | | | | | | | Report the signal name if the signal error message is "" Do not report a return code of 0 as an error.
* | | | Merge branch 'hasse/syntax_tools/fix_map_type/OTP-15098/ERIERL-177' into ↵Erlang/OTP2018-06-212-4/+24
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | maint-20 * hasse/syntax_tools/fix_map_type/OTP-15098/ERIERL-177: syntax_tools: Fix a bug regarding reverting map types.
| * | | | syntax_tools: Fix a bug regarding reverting map types.Hans Bolinder2018-06-142-4/+24
| |/ / /
* | | | ftp: Disallow 'packet_size' for low-level optionsHans Nilsson2018-06-192-1/+2
| | | |
* | | | ftp: Socket optionsHans Nilsson2018-06-182-52/+82
|/ / /
* | | Prepare releaseErlang/OTP2018-06-132-2/+18
| | |
* | | Add test caseRaimo Niskanen2018-06-112-3/+67
| | |
* | | Parse #mc_new_type{}s before definitions_loop/2Raimo Niskanen2018-06-111-28/+38
| | |
* | | Prepare releaseErlang/OTP2018-06-053-3/+37
| | |
* | | Merge branch 'ingela/inets/header-handling/OTP-15092' into maint-20Erlang/OTP2018-06-052-5/+7
|\ \ \ | | | | | | | | | | | | | | | | * ingela/inets/header-handling/OTP-15092: inets: Gracefully handle bad headers
| * | | inets: Gracefully handle bad headersIngela Anderton Andin2018-05-222-5/+7
| | |/ | |/| | | | | | | | | | | | | max_headers operated on the individual header length instead of the total length of all headers. Also headers with empty keys are now discarded.
* | | [erl_docgen] Update versionLars Thorsen2018-05-211-1/+1
| | |
* | | [erl_docgen] Add missing file db_funcs.xsl to file listLars Thorsen2018-05-211-2/+3
|/ /
* | Prepare releaseErlang/OTP2018-05-074-2/+46
| |
* | Merge branch 'hans/ssh/reneg_bug_20/OTP-15066' into maint-20Erlang/OTP2018-05-071-1/+1
|\ \ | | | | | | | | | | | | * hans/ssh/reneg_bug_20/OTP-15066: ssh: Renegotiation -> renegotiate
| * | ssh: Renegotiation -> renegotiateHans Nilsson2018-05-041-1/+1
| | |
* | | Merge branch 'hans/ssh/dh_gex_putty/OTP-15064' into maint-20Erlang/OTP2018-05-071-2/+3
|\ \ \ | | | | | | | | | | | | | | | | * hans/ssh/dh_gex_putty/OTP-15064: ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
| * | | ssh: Fix DH group exchange server bug for PuTTYHans Nilsson2018-05-041-2/+3
| |/ / | | | | | | | | | and others following draft-draft-00 from 2001 and not the rfc4419
* | | Merge branch 'hans/crypto/OPENSSL_NO_EC/OTP-15073' into maint-20Erlang/OTP2018-05-072-7/+30
|\ \ \ | | | | | | | | | | | | | | | | | | | | * hans/crypto/OPENSSL_NO_EC/OTP-15073: crypto: Disable test_engine if engine is disabled crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
| * | | crypto: Disable test_engine if engine is disabledHans Nilsson2018-05-041-2/+17
| | | |
| * | | crypto: disable engine if OPENSSL_NO_EC* is setHans Nilsson2018-05-041-5/+13
| |/ / | | | | | | | | | If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
* | | crypto: get_engine_load_cmd_list excluded if no engine supportHans Nilsson2018-05-041-5/+3
| | |
* | | crypto: Fix compilation for LibreSSL 2.7.xHans Nilsson2018-05-041-2/+6
|/ /
* | Update release notesErlang/OTP2018-05-021-0/+16
| |
* | Merge branch 'ingela/ssl/client-has-no-cert/ERL-599/OTP-15050' into maint-20Erlang/OTP2018-05-026-41/+79
|\ \ | | | | | | | | | | | | | | | * ingela/ssl/client-has-no-cert/ERL-599/OTP-15050: ssl: Prepare for release ssl: Proper handling of clients that choose to send an empty answer to a certificate request
| * | ssl: Prepare for releaseIngela Anderton Andin2018-04-272-3/+1
| | |
| * | ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin2018-04-274-38/+78
| |/ | | | | | | | | | | answer to a certificate request Solves ERL-599
* | Merge branch 'john/erts/fix-heart-command-overflow/OTP-15034/ERIERL-166' ↵Erlang/OTP2018-05-021-3/+10
|\ \ | |/ |/| | | | | | | | | | | | | | | into maint-20 * john/erts/fix-heart-command-overflow/OTP-15034/ERIERL-166: heart: Use ntohs instead of manual conversion # Conflicts: # lib/kernel/test/heart_SUITE.erl
| * heart: Use ntohs instead of manual conversionJohn Högberg2018-04-241-3/+10
| | | | | | | | | | | | | | | | | | Multiplying a signed char by 256 is undefined behavior and caused problems on some platforms when the length was long enough. We could cast it to an unsigned int to make it work, but it's best not to reinvent the wheel. Fixes OTP-15034
* | Prepare releaseErlang/OTP2018-04-198-6/+82
| |
View Lorry Controller Status