| Age | Commit message (Collapse) | Author |
|---|
|
|
|
In one of the test cases, the IV is 8 bytes. In FIPS mode, the minimum
allowed IV length is 12 bytes, so let's skip that test case.
|
|
block_crypt_nif does some sanity tests on its arguments before trying
to initialise the cipher. This made some of the tests in crypto_SUITE
fail, since they were expecting notsup, not badarg. Fix this by
passing the same test data as for the positive tests.
|
|
Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f.
|
|
Even if Erlang/OTP has been built with --enable-fips, it's possible
that the OpenSSL library we're linked to doesn't support FIPS mode.
In that case, it will fail to enable it at run time. Let's handle
that in crypto_SUITE, by skipping the tests instead of failing.
|
|
Every algorithm is now tested in both FIPS and non-FIPS modes (when
crypto is compiled with FIPS support). In FIPS mode non-FIPS
algorithms are disabled and the tests verify that they crash with
notsup error as expected.
In FIPS mode RSA and EC algorithms don't work if the key sizes are
below a minimum required value - which happened to be the case with
most keys used in the tests. These tests were changed to use longer
keys (even in non-FIPS mode for simplicity).
Conflicts:
lib/crypto/test/crypto_SUITE.erl
|
|
FIPS mode support needs to be enabled at compile time, by configuring
Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS
algorithms are disabled and raise error notsup.
The supported protocols list is properly updated in FIPS mode to
advertise only the enabled protocols.
FIPS mode is off by default even if Erlang/OTP was built with FIPS
support. It needs to be turned on at runtime.
The official approach is to set the fips_mode application environment
parameter of the crypto application to true. This would turn FIPS mode
on when the NIF is loaded and would prevent loading the module on
error.
Another method is provided via the crypto:enable_fips_mode/1
function, but it is not recommended to be used in production, as it
won't prevent the use of the crypto module in case of an error, and
would risk OpenSSL crashing the emulator. It is very useful for test
suites however that need to check both validated and non-validated
functionality.
This commit is based on commit
00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
|
|
Make all calls to erlang:error/2 specify the actual argument list of
the function. This ensures that the stacktrace contains the correct
arity of the function where the error occurred.
|
|
|
|
'legoscia/dynamic-child-shutdown-tuple/ERL-163/PR-1158/OTP-13907' into maint
* legoscia/dynamic-child-shutdown-tuple/ERL-163/PR-1158/OTP-13907:
Don't report error for shutdown exit tuple
|
|
Added wxDropFiles event
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* lucafavatella/erts/fix-typo-fp/PR-1177:
Fix typo in configuration description
|
|
|
|
* github/pr/1183:
Fix typos in public_key_app.xml
|
|
|
|
* ahmedshafeeq/inets-httpc-RFC-7231/PR-1172/OTP-13902:
Update test case docs with RFC-7231
Update behavior of httpc:request to match RFC-7231
|
|
|
|
|
|
* ingela/ssl/prepare-patch:
ssl: Prepare for release
|
|
* ingela/ssl/ECC-selection-fix/OTP-13918:
ssl: Correct ECC curve selection, the error could cause default to always be selected.
|
|
* ingela/ssl/handshake-event-queue/OTP-13917:
ssl: Avoid event reordering
|
|
The 'dfa_graph' option did not work with Unicode.
The testcase 'unicode' was not correct.
|
|
selected.
|
|
|
|
|
|
|
|
|
|
|
|
Several handshake events may be received in the same TLS packet. Then there
will be several events pushed to the gen_statems internal queue.
New events already in the socket-buffer should not be processed
if there are more unprocessed handshake events in next_event queue.
We need to handle this in the next_record/1 function.
|
|
* maint:
stdlib: Add a testcase for Unicode expander
Support for unicode expander
|
|
* andrey/stdlib/fix_edlin_expand/ERL-1152:
stdlib: Add a testcase for Unicode expander
Support for unicode expander
|
|
|
|
|
|
|
|
* siri/ttb/ip-client-queue-size/OTP-13829:
[ttb] Add option <c>queue_size</c> to tracer/2
|
|
|
|
* siri/appups-19.1/OTP-13912:
Update appups in kernel and stdlib for OTP versions > 19.1
|
|
|
|
* siri/ct_telnet-typo/OTP-13913:
Fix typo in documentation for ct_telnet:expect/3
|
|
|
|
|
|
Run the optimizations until a fixpoint is reached, or until
the maximum iteration count is reached.
The hope is that in the future we can many small optimizations
instead of optimizations that try to do everything in one pass.
This change allows us to remove the ad-hoc calls to expr/2
to run more optimizations on a piece of code.
|
|
The optimization that avoids building a tuple in a case
expression would not work if any clause matched a tuple
as in the following example:
f(A, B) ->
case {A,B} of
{<<X>>,Y} ->
{X,Y}
end.
The generated Core Erlang code would look like this (note
the tuples in the case expression and the pattern):
'f'/2 =
fun (_cor1,_cor0) ->
case {_cor1,_cor0} of
<{#{#<X>(8,1,'integer',['unsigned'|['big']])}#,Y}>
when 'true' ->
{X,Y}
.
.
.
end
It is expected that the code should look like this (note
that tuples have been replaced with "values"):
'f'/2 =
fun (_cor1,_cor0) ->
%% Line 5
case <_cor1,_cor0> of
<#{#<X>(8,1,'integer',['unsigned'|['big']])}#,Y> ->
{X,Y}
.
.
.
end
While at it, also fix bugs in the handling of pattern with
aliases. The bindings were produced in the wrong order (creating
'let's with referring to free variables), but in most cases
the incorrect bindings were discarded later without causing any
harm.
|
|
703e8f4490bf broke the scope verification code (by calling
ordsets:is_subset/2 with an unsorted second argument).
While we are it, also optimize the verification function
by avoiding converting the map to a sorted list.
|
