Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #1170 #1173

Merged
merged 5 commits into from
Feb 12, 2019
Merged

Fix #1170 #1173

merged 5 commits into from
Feb 12, 2019

Conversation

krizhanovsky
Copy link
Contributor

Most changes are in kernel tempesta-tech/linux-4.14.32-tfw#6 :

Kernel:

Split crypto_alloc_tfm() into crypto_find_*() sleepable part and atomic,
suitable for calling from softirq, crypto_alloc_*_atomic().
Previously crypto_find_alg() called moules loading and used semaphore
synchronization, so we had softlockups in TLS handshakes.

Tempesta TLS:

1. Call crypto_find_*() for all configured algorithms on start phase,
   so in run-time we have the ready algs and can quickly allocate
   crypt contexts;

2. Determine maximum size of crypt request also on start phase and
   use it for per-cpu requests allocation instead of wrong 8-byte
   constant.

3. Remove some dead code (crypto.h definitions mostly).

Also merge md.[ch] with cipher.[ch]

@krizhanovsky
Merge md.[ch] with cipher.[ch] to provide common crypto algorithms
2e58d3c 
lookup on initialization phase.
@krizhanovsky
Kernel:
1da146b 
Split crypto_alloc_tfm() into crypto_find_*() sleepable part and atomic,
suitable for calling from softirq, crypto_alloc_*_atomic().
Previously crypto_find_alg() called moules loading and used semaphore
synchronization, so we had softlockups in TLS handshakes.

Tempesta TLS:

1. Call crypto_find_*() for all configured algorithms on start phase,
   so in run-time we have the ready algs and can quickly allocate
   crypt contexts;

2. Determine maximum size of crypt request also on start phase and
   use it for per-cpu requests allocation instead of wrong 8-byte
   constant.

3. Remove some dead code (crypto.h definitions mostly).
@krizhanovsky
Make all supported siphersuites available for a TLS session
618e7c6
@krizhanovsky
Fix RSA context initialization in rsa_alloc_wrap() plus some cleanups.
45f6b35 
Print warnings on TTLS_ERR_BAD_INPUT_DATA in ttls_encrypt(): we have
net reatelimited warnings, so this won't cause serious logging problems.
@krizhanovsky
Fix warnings about too large skb data in ttls_encrypt() caused by wrong
62ab90d 
arithmetics in tcp_write_xmit() (double TLS header size accounting).

Account TCP FIN flag in comparing TCP seqnos with skb->len.
vankoven
vankoven approved these changes Feb 12, 2019
View reviewed changes
Copy link
Contributor

@vankoven vankoven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

aleksostapenko
aleksostapenko approved these changes Feb 12, 2019
View reviewed changes
Copy link
Contributor

@aleksostapenko aleksostapenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to merge.

@krizhanovsky krizhanovsky merged commit 5adf46d into master Feb 12, 2019
@krizhanovsky krizhanovsky deleted the ak-1170 branch February 13, 2019 11:35
@avbelov23 avbelov23 mentioned this pull request Apr 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vankoven vankoven vankoven approved these changes

@aleksostapenko aleksostapenko aleksostapenko approved these changes

Assignees

@vankoven vankoven

@aleksostapenko aleksostapenko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@krizhanovsky @vankoven @aleksostapenko