| Age | Commit message (Collapse) | Author |
|---|
|
Even if Erlang/OTP has been built with --enable-fips, it's possible
that the OpenSSL library we're linked to doesn't support FIPS mode.
In that case, it will fail to enable it at run time. Let's handle
that in crypto_SUITE, by skipping the tests instead of failing.
|
|
Every algorithm is now tested in both FIPS and non-FIPS modes (when
crypto is compiled with FIPS support). In FIPS mode non-FIPS
algorithms are disabled and the tests verify that they crash with
notsup error as expected.
In FIPS mode RSA and EC algorithms don't work if the key sizes are
below a minimum required value - which happened to be the case with
most keys used in the tests. These tests were changed to use longer
keys (even in non-FIPS mode for simplicity).
Conflicts:
lib/crypto/test/crypto_SUITE.erl
|
|
FIPS mode support needs to be enabled at compile time, by configuring
Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS
algorithms are disabled and raise error notsup.
The supported protocols list is properly updated in FIPS mode to
advertise only the enabled protocols.
FIPS mode is off by default even if Erlang/OTP was built with FIPS
support. It needs to be turned on at runtime.
The official approach is to set the fips_mode application environment
parameter of the crypto application to true. This would turn FIPS mode
on when the NIF is loaded and would prevent loading the module on
error.
Another method is provided via the crypto:enable_fips_mode/1
function, but it is not recommended to be used in production, as it
won't prevent the use of the crypto module in case of an error, and
would risk OpenSSL crashing the emulator. It is very useful for test
suites however that need to check both validated and non-validated
functionality.
This commit is based on commit
00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
|
|
Make all calls to erlang:error/2 specify the actual argument list of
the function. This ensures that the stacktrace contains the correct
arity of the function where the error occurred.
|
|
|
|
|
|
|
|
* github/pr/1183:
Fix typos in public_key_app.xml
|
|
|
|
* ahmedshafeeq/inets-httpc-RFC-7231/PR-1172/OTP-13902:
Update test case docs with RFC-7231
Update behavior of httpc:request to match RFC-7231
|
|
|
|
|
|
* maint:
stdlib: Add a testcase for Unicode expander
Support for unicode expander
|
|
* andrey/stdlib/fix_edlin_expand/ERL-1152:
stdlib: Add a testcase for Unicode expander
Support for unicode expander
|
|
|
|
* siri/ttb/ip-client-queue-size/OTP-13829:
[ttb] Add option <c>queue_size</c> to tracer/2
|
|
|
|
* siri/appups-19.1/OTP-13912:
Update appups in kernel and stdlib for OTP versions > 19.1
|
|
|
|
|
|
|
|
|
|
This sets the maximum queue size for the IP trace driver which is used
when tracing to shell and/or <c>{local,File}</c>.
Also, change the default queue size set by dbg:trace_port/2 to 200.
|
|
* maint:
file_SUITE: Test file:write_file/3
|
|
* sverker/include-erl_nif/PR-1171:
Use more correct delimiters for erl_nif.h include
|
|
Extend file_SUITE:read_write_file/1 to test file:write_file/3
which was not tested at all.
While we are it, remove the superfluous roundtrips tests of
term_to_binary/1 and binary_to_term/1. Those BIFs are tested
in detail in other test suites (for example, binary_SUITE in
emulator_test).
|
|
* sverker/ets-load-factor:
erts: Unify reduction count for ets:select
stdlib: Cuddle ets_SUITE for valgrind
stdlib: Fix ets_SUITE:smp_select_delete
erts: Tweak ets grow/shrink to keep up at contention
erts: Fix ets_SUITE:memory
erts: Suppress failed ETS memory checks
erts: Reduce ets hash load factor
erts: Enable a smaller first hash segment for ets
erts: Redesign ets with separate segment tables
erts: Remove unnecessary access of 'is_resizing'
erts: Add ErtsSizeofMember macro
erts: Add ErtsContainerStruct_ for array members
|
|
=== OTP-19.1 ===
Changed Applications:
- asn1-4.0.4
- common_test-1.12.3
- compiler-7.0.2
- crypto-3.7.1
- debugger-4.2.1
- dialyzer-3.0.2
- diameter-1.12.1
- edoc-0.8
- erl_docgen-0.6
- erl_interface-3.9.1
- erts-8.1
- eunit-2.3.1
- gs-1.6.2
- hipe-3.15.2
- ic-4.4.2
- inets-6.3.3
- jinterface-1.7.1
- kernel-5.1
- mnesia-4.14.1
- observer-2.2.2
- odbc-2.11.3
- parsetools-2.1.3
- reltool-0.7.2
- runtime_tools-1.10.1
- sasl-3.0.1
- snmp-5.2.4
- ssh-4.3.2
- ssl-8.0.2
- stdlib-3.1
- syntax_tools-2.1
- tools-2.8.6
- wx-1.7.1
- xmerl-1.3.12
Unchanged Applications:
- cosEvent-2.2.1
- cosEventDomain-1.2.1
- cosFileTransfer-1.2.1
- cosNotification-1.2.2
- cosProperty-1.2.1
- cosTime-1.2.2
- cosTransactions-1.3.2
- eldap-1.2.2
- et-1.6
- megaco-3.18.1
- orber-3.8.2
- os_mon-2.4.1
- otp_mibs-1.1.1
- percept-0.9
- public_key-1.2
- typer-0.9.11
Conflicts:
OTP_VERSION
lib/gs/doc/src/notes.xml
lib/gs/vsn.mk
|
|
|
|
Anywhere but the beam sources we shouldn't #include "erl_nif.h", because
what "erl_nif.h" does is: (1) fail to find it outside of -I dirs, (2)
then treat it as if it was written like <erl_nif.h>. Using <erl_nif.h>
skips (1).
More information can be found in 6.10.2 of the C standard.
Because the examples use "erl_nif.h", NIF projects in the Erlang
ecosystem copy this verbatim and make the same mistake.
|
|
|
|
no point in checking table load as select_delete does
not shrink.
|
|
by simply asking for the size of struct ext_segtab
|
|
due to the grow/shrink hysteresis of the meta tables
|
|
for faster lookup/insert/delete
at the expense of about one word per object.
|
|
When user defined SSH shell REPL process exits with reason normal
SSH channel callback module should report successful exit status
to the SSH client. This provides simple way for SSH clients to check
for successful completion of executed commands.
|
|
Test that when used defined shell REPL exit with reason normal
SSH client receives exit status 0.
|
|
- The behavior of httpc:request when autoredirect = true is not correct
according to the latest update in RFC-7231. This patch corrects the
autoredirect behavior.
|
|
|
|
* raimo/diffserv-socket-option/OTP-13582:
Tune 'tclass' semantics
Implement IPV6_TCLASS
|
|
* maint:
erts: Add nif_SUITE:t_on_load
erts: Improve nif_SUITE:upgrade test
Don't leak old code when loading a modules with an on_load function
Conflicts:
erts/preloaded/ebin/erts_code_purger.beam
erts/preloaded/ebin/erts_internal.beam
erts/preloaded/src/erts_code_purger.erl
|
|
* bjorn/erts/on_load/ERL-240/OTP-13893:
erts: Add nif_SUITE:t_on_load
erts: Improve nif_SUITE:upgrade test
Don't leak old code when loading a modules with an on_load function
|
|
* maint:
Ensure asserts are enabled in eunit.hrl
|
|
* richarl/eunit/fix-asserts/PR-1168/OTP-13892:
Ensure asserts are enabled in eunit.hrl
|
|
|
|
|
|
|
|
* peppe/kernel/invalid_priv_dir/ERL-195/OTP-13758:
Fix incorrect priv_dir when adding app's ebin directory to path
OTP-13758
|
|
OTP-13841
|
|
Normally, calling code:delete/1 before re-loading the code for a
module is unnecessary but causes no problem.
But there will be be problems if the new code has an on_load function.
Code with an on_load function will always be loaded as old code
to allowed it to be easily purged if the on_load function would fail.
If the on_load function succeeds, the old and current code will be
swapped.
So in the scenario where code:delete/1 has been called explicitly,
there is old code but no current code. Loading code with an
on_load function will cause the reference to the old code to be
overwritten. That will at best cause a memory leak, and at worst
an emulator crash (especially if NIFs are involved).
To avoid that situation, we will put the code with the on_load
function in a special, third slot in Module.
ERL-240
|
