Age | Commit message (Collapse) | Author |
|
* maint:
Updated OTP version
Prepare release
Conflicts:
OTP_VERSION
lib/typer/doc/src/notes.xml
lib/typer/vsn.mk
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This fixes commit f0867aa2ccbbf5677e0577bba08f8b7bc53ec0ed
|
|
Conflicts:
OTP_VERSION
|
|
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/emulator/sys/unix/erl_unix_sys.h
erts/emulator/sys/unix/sys.c
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/doc/src/notes.xml
lib/crypto/vsn.mk
lib/inets/doc/src/notes.xml
lib/inets/vsn.mk
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.app.src
lib/ssh/src/ssh_connection_handler.erl
lib/ssh/vsn.mk
otp_versions.table
|
|
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
|
|
|
|
|
|
to reflect that dirty schedulers are no longer
considered "experimental", per a comment from sverker.
|
|
|
|
If the underlying library is in FIPS mode, it'll refuse to generate
keys shorter than 2048 bits.
|
|
Fix https://bugs.erlang.org/browse/ERL-336.
|
|
Support RSA key generation using generate_key(rsa, {bits, e}). This depends
on the currently-experimental "dirty scheduler" support because key
generation is a potentially lengthy process.
|
|
|
|
This commit reactivates chacha20_poly1305 and fixes the imprementation
for the released OpenSSL 1.1.0 or later.
|
|
=== OTP-19.2 ===
Changed Applications:
- common_test-1.13
- compiler-7.0.3
- crypto-3.7.2
- dialyzer-3.0.3
- edoc-0.8.1
- erl_docgen-0.6.1
- erl_interface-3.9.2
- erts-8.2
- eunit-2.3.2
- hipe-3.15.3
- inets-6.3.4
- kernel-5.1.1
- mnesia-4.14.2
- observer-2.3
- odbc-2.12
- parsetools-2.1.4
- public_key-1.3
- runtime_tools-1.11
- sasl-3.0.2
- ssh-4.4
- ssl-8.1
- stdlib-3.2
- syntax_tools-2.1.1
- tools-2.9
- wx-1.8
Unchanged Applications:
- asn1-4.0.4
- cosEvent-2.2.1
- cosEventDomain-1.2.1
- cosFileTransfer-1.2.1
- cosNotification-1.2.2
- cosProperty-1.2.1
- cosTime-1.2.2
- cosTransactions-1.3.2
- debugger-4.2.1
- diameter-1.12.1
- eldap-1.2.2
- et-1.6
- gs-1.6.2
- ic-4.4.2
- jinterface-1.7.1
- megaco-3.18.1
- orber-3.8.2
- os_mon-2.4.1
- otp_mibs-1.1.1
- percept-0.9
- reltool-0.7.2
- snmp-5.2.4
- typer-0.9.11
- xmerl-1.3.12
* tag 'OTP-19.2':
Updated OTP version
Prepare release
Conflicts:
OTP_VERSION
|
|
|
|
|
|
In June 2014, fb9d36c2c7c1 added support for the AES GCM ciphers
(ChaCha/Poly1305) based on a development version of OpenSSL 1.1.0.
The code is seriously broken when used with the released OpenSSL 1.1.0.
|
|
Update compiler documentation and remove superfluous erlc flags.
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
lib/ssl/src/ssl_cipher.erl
|
|
|
|
Renamed the init function as the return semantics are changed.
|
|
|
|
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896:
disable RC4 in SSL when crypto doesn't support it
Fix compilation when OpenSSL doesn't support RC4
Conflicts:
lib/crypto/c_src/crypto.c
|
|
* legoscia/crypto/no-rc2/PR-1163/OTP-13895:
Fix compilation when OpenSSL doesn't support RC2
|
|
That should be <warning>, not <warn>.
|
|
For consistency with other applications.
|
|
|
|
In one of the test cases, the IV is 8 bytes. In FIPS mode, the minimum
allowed IV length is 12 bytes, so let's skip that test case.
|
|
block_crypt_nif does some sanity tests on its arguments before trying
to initialise the cipher. This made some of the tests in crypto_SUITE
fail, since they were expecting notsup, not badarg. Fix this by
passing the same test data as for the positive tests.
|
|
Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f.
|
|
Even if Erlang/OTP has been built with --enable-fips, it's possible
that the OpenSSL library we're linked to doesn't support FIPS mode.
In that case, it will fail to enable it at run time. Let's handle
that in crypto_SUITE, by skipping the tests instead of failing.
|
|
Every algorithm is now tested in both FIPS and non-FIPS modes (when
crypto is compiled with FIPS support). In FIPS mode non-FIPS
algorithms are disabled and the tests verify that they crash with
notsup error as expected.
In FIPS mode RSA and EC algorithms don't work if the key sizes are
below a minimum required value - which happened to be the case with
most keys used in the tests. These tests were changed to use longer
keys (even in non-FIPS mode for simplicity).
Conflicts:
lib/crypto/test/crypto_SUITE.erl
|
|
FIPS mode support needs to be enabled at compile time, by configuring
Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS
algorithms are disabled and raise error notsup.
The supported protocols list is properly updated in FIPS mode to
advertise only the enabled protocols.
FIPS mode is off by default even if Erlang/OTP was built with FIPS
support. It needs to be turned on at runtime.
The official approach is to set the fips_mode application environment
parameter of the crypto application to true. This would turn FIPS mode
on when the NIF is loaded and would prevent loading the module on
error.
Another method is provided via the crypto:enable_fips_mode/1
function, but it is not recommended to be used in production, as it
won't prevent the use of the crypto module in case of an error, and
would risk OpenSSL crashing the emulator. It is very useful for test
suites however that need to check both validated and non-validated
functionality.
This commit is based on commit
00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
|
|
Make all calls to erlang:error/2 specify the actual argument list of
the function. This ensures that the stacktrace contains the correct
arity of the function where the error occurred.
|
|
* sverker/include-erl_nif/PR-1171:
Use more correct delimiters for erl_nif.h include
|