Front page | perl.perl5.porters |
Postings from September 2014
On Mon Apr 07 03:51:06 2014, ppisar wrote: > Hello, > > if platform implements FIPS mode, then weak algorithms are not > available. > > DES is one of them and DES is the default algorithm used by glibc's > crypt(3). > Then a t/op/crypt.t test fails because perl's crypt() will return > undef: > > Use of uninitialized value in substr at ./op/crypt.t line 33. > substr outside of string at ./op/crypt.t line 33. > Use of uninitialized value in substr at ./op/crypt.t line 33. > substr outside of string at ./op/crypt.t line 33. > Use of uninitialized value in string ne at ./op/crypt.t line 33. > Use of uninitialized value in string ne at ./op/crypt.t line 33. > # Failed test 1 - salt makes a difference at ./op/crypt.t line 33 > ./op/crypt.t .. > Failed 1/4 subtests > > Attached patch detects this case and uses a special salt prefix '$5$' > to > select SHA-256 which is allowed by FIPS through out all the > t/op/crypt.t. > > One could just skip the "salt makes a difference" test but I think > performing > all the tests with non-undef value is better approach. > > -- Petr This ticket, which has a patch, was filed in April but has not yet had any discussion. Could someone familiar with Perl's 'crypt' function take a look? Thank you very much. -- James E Keenan (jkeenan@cpan.org) --- via perlbug: queue: perl5 status: new https://rt.perl.org/Ticket/Display.html?id=121591