#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
77f39369 |
| 23-Dec-2020 |
John Baldwin |
Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD. FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-
Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD. FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13752)
show more ...
|
#
e1fdd526 |
| 23-Dec-2020 |
John Baldwin |
Refactor KTLS tests to better support TLS 1.3. - Use SSL_set_ciphersuites for TLS 1.3 tests instead of using SSL_set_cipher_list. - Don't bother passing a sequence number size
Refactor KTLS tests to better support TLS 1.3. - Use SSL_set_ciphersuites for TLS 1.3 tests instead of using SSL_set_cipher_list. - Don't bother passing a sequence number size to KTLS test functions. These functions always test TLS (and not DTLS) for which the sequence size is always the same. In addition, even for DTLS the check in question (verifying that the sequence number fields in SSL do not change) should still pass when doing a before/after comparison of the field. - Define a helper structure to hold the TLS version and cipher name for a single KTLS test. - Define an array of such structures with valid KTLS ciphers and move #ifdef's for TLS versions and supported ciphers out of test functions and instead use them to define the valid members of this array. This also permits using TLS 1.3 cipher suite names for TLS 1.3 tests. - Use separate tests per cipher for test_ktls to give more fine-grained pass/fail results as is already done for test_ktls_sendfile. - While here, rename test_ktls_sendfile to execute_test_ktls_sendfile and test_ktls_sendfile_anytls to test_ktls_sendfile. This is more consistent with the naming used for test_ktls as well as other tests in this file. - Close the file descriptors used for temporary sockets in ktls tests. - Don't assume that KTLS is supported for all compile-time supported cipher suites at runtime. If the kernel fails to offload a given cipher suite, skip the test rather than failing it. FreeBSD kernels may not offload all of the cipher suites supported by its KTLS if a suitable driver or KTLS backend is not present. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15814)
show more ...
|
#
6229815a |
| 25-May-2021 |
Rich Salz |
Use <> for #include openssl/xxx Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15
Use <> for #include openssl/xxx Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15468)
show more ...
|
#
3a111aad |
| 06-Feb-2021 |
FdaSilvaYY |
include/internal: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from ht
include/internal: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14096)
show more ...
|
#
dfcfd17f |
| 20-Dec-2020 |
Oleksandr Tymoshenko |
Handle partial data re-sending on ktls/sendfile on FreeBSD Add a handler for EBUSY sendfile error in addition to EAGAIN. With EBUSY returned the data still can be partially sent and
Handle partial data re-sending on ktls/sendfile on FreeBSD Add a handler for EBUSY sendfile error in addition to EAGAIN. With EBUSY returned the data still can be partially sent and user code has to be notified about it, otherwise it may try to send data multiple times. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13716)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
3aa7212e |
| 22-Nov-2020 |
Vadim Fedorenko |
ktls: Initial support for ChaCha20-Poly1305 Linux kernel is going to support ChaCha20-Poly1305 in TLS offload. Add support for this cipher. Reviewed-by: Matt Caswell <matt@opens
ktls: Initial support for ChaCha20-Poly1305 Linux kernel is going to support ChaCha20-Poly1305 in TLS offload. Add support for this cipher. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13475)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
7f0f8824 |
| 01-Sep-2020 |
John Baldwin |
Slightly abstract ktls_start() to reduce OS-specific #ifdefs. Instead of passing the length in from the caller, compute the length to pass to setsockopt() inside of ktls_start(). This i
Slightly abstract ktls_start() to reduce OS-specific #ifdefs. Instead of passing the length in from the caller, compute the length to pass to setsockopt() inside of ktls_start(). This isolates the OS-specific behavior to ktls.h and removes it from the socket BIO implementations. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12782)
show more ...
|
#
74eee1bd |
| 03-Sep-2020 |
John Baldwin |
Remove unused dummy functions from ktls.h. The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so the dummy functions were never used. Reviewed-by: Matt Caswell <m
Remove unused dummy functions from ktls.h. The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so the dummy functions were never used. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12782)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
c7b46b54 |
| 27-Jul-2020 |
John Baldwin |
Move KTLS inline functions only used by libssl into ssl/ktls.c. These functions are a bit large to inline and are not usable outside of libssl. Reviewed-by: Tomas Mraz <tmraz@fe
Move KTLS inline functions only used by libssl into ssl/ktls.c. These functions are a bit large to inline and are not usable outside of libssl. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
b22a3ccc |
| 05-Dec-2019 |
John Baldwin |
Support for KTLS TX on FreeBSD for TLS 1.3. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/ope
Support for KTLS TX on FreeBSD for TLS 1.3. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
#
0a90a90c |
| 31-Oct-2019 |
John Baldwin |
Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled by passing a session key to the kernel via a new socket op
Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD. Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled by passing a session key to the kernel via a new socket option. Once KTLS receive is enabled on a socket, the socket returns records via recvmsg(). A control message attached to each record supplies the original TLS header, and the decrypted plaintext is returned in the data buffer passed to recvmsg(). To support the case that the userland buffer may already contain pending encrypted records (which is already handled by Linux's KTLS receive), the socket option structure for FreeBSD has been extended to include the initial sequence number. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
#
3e582606 |
| 10-Jun-2020 |
John Baldwin |
Add helper functions for FreeBSD KTLS. These are similar to the helpers added in 95badfeb60. I've adjusted the arguments passed to ktls_check_supported_cipher and ktls_configure_cry
Add helper functions for FreeBSD KTLS. These are similar to the helpers added in 95badfeb60. I've adjusted the arguments passed to ktls_check_supported_cipher and ktls_configure_crypto so that FreeBSD and Linux can both use the same signature to avoid OS-specific #ifdef's in libssl. This also required moving the check on valid TLS versions into ktls_check_supported_cipher for Linux. This has largely removed OS-specific code and OS-specific #ifdef's for KTLS outside of <internal/ktls.h>. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
#
c34ca13a |
| 24-Jul-2020 |
John Baldwin |
Add a ktls_crypto_info_t typedef. This type is defined to hold the OS-specific structure passed to BIO_set_ktls. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-b
Add a ktls_crypto_info_t typedef. This type is defined to hold the OS-specific structure passed to BIO_set_ktls. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
#
37322687 |
| 02-Jul-2020 |
Benjamin Kaduk |
Retire EVP_CTRL_GET_IV It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master, and had only a couple of in-tree callers that are easy to convert. Reviewed-by: To
Retire EVP_CTRL_GET_IV It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master, and had only a couple of in-tree callers that are easy to convert. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12233)
show more ...
|
#
fbd2ece1 |
| 25-Jun-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12273)
|
#
95badfeb |
| 01-May-2020 |
Vadim Fedorenko |
kTLS: add Linux-specific kTLS helpers Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
kTLS: add Linux-specific kTLS helpers Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11589)
show more ...
|
#
f434bfac |
| 24-Jan-2020 |
Vadim Fedorenko |
kTLS: add new algo definitions Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11589)
|
#
996a6ac3 |
| 24-Jan-2020 |
Vadim Fedorenko |
kTLS: make ktls_start type independed Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
kTLS: make ktls_start type independed Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11589)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
2111f5c2 |
| 22-Oct-2018 |
Andrew Gallatin |
Add support for in-kernel TLS (KTLS) on FreeBSD. - Check for the <sys/ktls.h> header to determine if KTLS support is available. - Populate a tls_enable structure with session key m
Add support for in-kernel TLS (KTLS) on FreeBSD. - Check for the <sys/ktls.h> header to determine if KTLS support is available. - Populate a tls_enable structure with session key material for supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256 with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE is supported. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
show more ...
|
#
72fb59c7 |
| 11-Apr-2019 |
Boris Pismenny |
Linux ktls sendfile This commit introduces support for Linux KTLS sendfile. Sendfile semantics require the use of a kernel TLS socket to construct the TLS record headers, encrypt and
Linux ktls sendfile This commit introduces support for Linux KTLS sendfile. Sendfile semantics require the use of a kernel TLS socket to construct the TLS record headers, encrypt and authenticate the data. KTLS sendfile improves performance by avoiding the copy of file data into user space, which is required today. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
show more ...
|
#
8450d0c7 |
| 19-Apr-2019 |
Matt Caswell |
Fix KTLS compilation error If the kernel headers are sufficiently recent to have KTLS transmit support, but not recent enough to have KTLS receive support then a compilation error wo
Fix KTLS compilation error If the kernel headers are sufficiently recent to have KTLS transmit support, but not recent enough to have KTLS receive support then a compilation error would be the result. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8793)
show more ...
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
f851a689 |
| 11-Mar-2018 |
Boris Pismenny |
Linux ktls Rx infrastructure Introduce the infrastructure for supproting receive side Linux Kernel TLS data-path. Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c Signed
Linux ktls Rx infrastructure Introduce the infrastructure for supproting receive side Linux Kernel TLS data-path. Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
show more ...
|
#
64a45882 |
| 29-Mar-2019 |
Pauli |
Ensure that the struct msghdr is properly zeroed. This is probably harmless but best to properly initialise things. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged fr
Ensure that the struct msghdr is properly zeroed. This is probably harmless but best to properly initialise things. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
show more ...
|