Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #1170 #1173

Merged
merged 5 commits into from
Feb 12, 2019
Merged

Fix #1170 #1173

merged 5 commits into from
Feb 12, 2019

Commits on Jan 30, 2019

  1. Merge md.[ch] with cipher.[ch] to provide common crypto algorithms 

    lookup on initialization phase.
    @krizhanovsky
    krizhanovsky committed Jan 30, 2019
    Configuration menu
    Copy the full SHA
    2e58d3c View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2019

  1. Kernel: 

    Split crypto_alloc_tfm() into crypto_find_*() sleepable part and atomic,
suitable for calling from softirq, crypto_alloc_*_atomic().
Previously crypto_find_alg() called moules loading and used semaphore
synchronization, so we had softlockups in TLS handshakes.

Tempesta TLS:

1. Call crypto_find_*() for all configured algorithms on start phase,
   so in run-time we have the ready algs and can quickly allocate
   crypt contexts;

2. Determine maximum size of crypt request also on start phase and
   use it for per-cpu requests allocation instead of wrong 8-byte
   constant.

3. Remove some dead code (crypto.h definitions mostly).
    @krizhanovsky
    krizhanovsky committed Jan 31, 2019
    Configuration menu
    Copy the full SHA
    1da146b View commit details
    Browse the repository at this point in the history

Commits on Feb 3, 2019

  1. Make all supported siphersuites available for a TLS session

    @krizhanovsky
    krizhanovsky committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    618e7c6 View commit details
    Browse the repository at this point in the history

  2. Fix RSA context initialization in rsa_alloc_wrap() plus some cleanups. 

    Print warnings on TTLS_ERR_BAD_INPUT_DATA in ttls_encrypt(): we have
net reatelimited warnings, so this won't cause serious logging problems.
    @krizhanovsky
    krizhanovsky committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    45f6b35 View commit details
    Browse the repository at this point in the history

  3. Fix warnings about too large skb data in ttls_encrypt() caused by wrong 

    arithmetics in tcp_write_xmit() (double TLS header size accounting).

Account TCP FIN flag in comparing TCP seqnos with skb->len.
    @krizhanovsky
    krizhanovsky committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    62ab90d View commit details
    Browse the repository at this point in the history