| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Implement socket options recvtclass, recvtos, recvttl and pktoptions.
Document the implemented socket options, new types and message formats.
The options recvtclass, recvtos and recvttl are boolean options that
when activated (true) for a socket will cause ancillary data to be
received through recvmsg(). That is for packet oriented sockets
(UDP and SCTP).
The required options for this feature were recvtclass and recvtos,
and recvttl was only added to test that the ancillary data parsing
handled multiple data items in one message correctly.
These options does not work on Windows since ancillary data
is not handled by the Winsock2 API.
For stream sockets (TCP) there is no clear connection between
a received packet and what is returned when reading data from
the socket, so recvmsg() is not useful. It is possible to get
the same ancillary data through a getsockopt() call with
the IPv6 socket option IPV6_PKTOPTIONS, on Linux named
IPV6_2292PKTOPTIONS after the now obsoleted RFC where it originated.
(unfortunately RFC 3542 that obsoletes it explicitly undefines
this way to get packet ancillary data from a stream socket)
Linux also has got a way to get packet ancillary data for IPv4
TCP sockets through a getsockopt() call with IP_PKTOPTIONS,
which appears to be Linux specific.
This implementation uses a flag field in the inet_drv.c socket
internal data that records if any setsockopt() call with recvtclass,
recvtos or recvttl (IPV6_RECVTCLASS, IP_RECVTOS or IP_RECVTTL)
has been activated. If so recvmsg() is used instead of recvfrom().
Ancillary data is delivered to the application by a new return
tuple format from gen_udp:recv/2,3 containing a list of
ancillary data tuples [{tclass,TCLASS} | {tos,TOS} | {ttl,TTL}],
as returned by recvmsg(). For a socket in active mode a new
message format, containing the ancillary data list, delivers
the data in the same way.
For gen_sctp the ancillary data is delivered in the same way,
except that the gen_sctp return tuple format already contained
an ancillary data list so there are just more possible elements
when using these socket options. Note that the active mode
message format has got an extra tuple level for the ancillary
data compared to what is now implemented gen_udp.
The gen_sctp active mode format was considered to be the odd one
- now all tuples containing ancillary data are flat,
except for gen_sctp active mode.
Note that testing has not shown that Linux SCTP sockets deliver
any ancillary data for these socket options, so it is probably
not implemented yet. Remains to be seen what FreeBSD does...
For gen_tcp inet:getopts([pktoptions]) will deliver the latest
received ancillary data for any activated socket option recvtclass,
recvtos or recvttl, on platforms where IP_PKTOPTIONS is defined
for an IPv4 socket, or where IPV6_PKTOPTIONS or IPV6_2292PKTOPTIONS
is defined for an IPv6 socket. It will be delivered as a
list of ancillary data items in the same way as for gen_udp
(and gen_sctp).
On some platforms, e.g the BSD:s, when you activate IP_RECVTOS
you get ancillary data tagged IP_RECVTOS with the TOS value,
but on Linux you get ancillary data tagged IP_TOS with the
TOS value. Linux follows the style of RFC 2292, and the BSD:s
use an older notion. For RFC 2292 that defines the IP_PKTOPTIONS
socket option it is more logical to tag the items with the
tag that is the item's, than with the tag that defines that you
want the item. Therefore this implementation translates all
BSD style ancillary data tags to the corresponding Linux style
data tags, so the application will only see the tags 'tclass',
'tos' and 'ttl' on all platforms.
|
|
* ingela/ssl/correct-specs:
ssl: Correct dialyzer specs
|
|
|
|
* hans/ssh/x25519_x448/OTP-15133:
ssh: Doc updates
ssh: spec curve25519 & curve448
ssh: Fix non-conforming key generation in kex for x25519 and x448
ssh: Enable curve448-sha512 and curve25519-sha256
ssh: Remove the term 'eddh'
|
|
* hans/crypto/x25519_x448/OTP-15240:
crypto: doc x25519 & x448
crypto: Test vectors for ecdh x25519 and x448
crypto: Remove the term 'eddh'
crypto: Enable EDDH all OpenSSL cryptolib over beta version 1.1.1-pre8
|
|
* hans/crypto/SHA3/OTP-15153:
crypto: Disable non-working SHA3_224 and SHA3_256
crypto: doc SHA3 (hash & hmac)
crypto: Tests for SHA3
crypto: SHA3 hash on OpenSSL-1.1.1
|
|
* hans/ssh/[email protected]/OTP-15209:
ssh: Doc updates
ssh: some benchmarking of [email protected]
ssh: -spec
ssh: Add [email protected] cipher
|
|
|
|
|
|
|
|
|
|
|
|
|
|
That is, curve25519-sha256, [email protected] and curve448-sha512
|
|
|
|
|
|
|
|
|
|
|
|
crypto:hash/2,
crypto:hash_init/1, crypto:hash_update/2, crypto:hash_final/1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Prepare release
Updated the engine load functionality
Clean up bag index tables
Conflicts:
OTP_VERSION
lib/crypto/c_src/crypto.c
lib/crypto/doc/src/notes.xml
lib/crypto/vsn.mk
lib/mnesia/doc/src/notes.xml
lib/mnesia/vsn.mk
otp_versions.table
|
|
* bjorn/compiler/fix-is_map_key-issues/OTP-15227:
map_SUITE: Test is_map_key/2 followed by a map update
beam_validator: Infer the type of the map argument for is_map_key/2
map_SUITE: Cover map_get optimizations in beam_dead
|
|
|
|
* lars/crypto/multiple-engine-load/OTP-15233:
Updated the engine load functionality
|
|
|
|
Make sure that beam_validator considers a call to is_map_key/2
followed by an update of the same map without an is_map/1 test
safe. (This situation will probably not be encountered when
using the compiler in OTP 21, but better safe than sorry.)
|
|
|
|
The conversion code for different representations of cipher suites
is long an repetitive. We want to hide it in a module that does not
have other functions that we like to look at.
|
|
When starting to implement DTLS, it was assumed that the APIs for TLS and
DTLS would differ more. This assumption turned out to be wrong.
|
|
- engine_load/3/4 can be called multiple times for same engine
if it allows it (eg doesn't contain global data)
- ensure_engine_loaded/2/3 is new functions that guarantees that the engine
is just loaded once by adding it to OpenSSL internal engine list and check that
before loading.
- ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with
ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload).
- new utility functions engine_by_id/1, engine_add/1, engine_remove/1,
engine_get_id/1 and engine_get_name/1
|
|
|
|
|
|
Modernized example
|
|
Index records for bag tables with ram_copies was not deleted
after "real" objects where deleted and thus a memory leak.
|
|
* hans/ssh/curve_element/OTP-15244:
ssh: Use the 'macs' tag in crypto:supports/0
ssh: Use the new crypto:supports/0 tag 'curves'
|
|
|
|
|
