| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
|
|
Type: improvement
Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I68ada775810bb4a4f280962a979605b211562a52
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7287e40ad95dfe061fd8a7b0e99921d5540e030d
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5d4e68730a75337a2e532e72f366b62d6973235e
|
|
Type: improvement
Signed-off-by: satna <satbeervarma9596@gmail.com>
Change-Id: I1b1db60fa1a0e47fce273bc07b01887813fd3c48
|
|
Type: improvement
Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com>
Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
|
|
Type: improvement
Signed-off-by: sarmurug <sarmurug@cisco.com>
Change-Id: Ibbfe827b9c4c603a6fe7cc49970a46bd683194ce
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
|
|
Type: fix
Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com>
Change-Id: I5f7f4b925b3d250c5b8616d1fb35edbde50a7a23
|
|
So far by suppressing depreciation messages, as there was no transition
period.
Type: make
Change-Id: I9887613fd71a22bf11bf22a04c129aca4a16867f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In addition to returning the number of bytes also update the number of
segments to reflect the number used.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia87dc2aa62cea38b18dfa83df94dc2abe29d5121
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia77b26db61b6f58b4ff659f09192b4ea93ed50b4
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie0fde16fb4e41637169474628808fddf343884f3
|
|
Type: improvement
Motivation for this addition is to add support for cipher suites
that use Diffie-Hellman Ephemeral (DHE) for key exchange.
Using ephemeral DH key exchange yields forward secrecy as the
connection can only be decrypted when the DH key is known.
Configure OpenSSL to use the default built-in DH parameters for the
SSL_CTX object.
Change-Id: I31aadad047a6394ddf8bfa08471c239e0d1cd63c
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
|
|
Type: improvement
Check SSL_CTX_use_* API return value and exit on error.
Check BIO_new return code.
Release allocated BIO on error cases.
Change-Id: I9c48e91727e0eeba5d7d74d06fc37634e3c20978
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I34b53dcaf4f049157b538ea40a39033d43e525a5
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib25598f72f6539c07de1acee1e6049ecd28f35cc
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7c47b55ec6f0c83f2d13e0e737d0559a32f7c837
|
|
On error, the signed value is cast to unsigned.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0f94422f47e40d7c358118b2df8ab96cf4116dd0
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I433cc1b7a29f785a431618641317bbfbbe2cf2f4
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic24516a7242ef4193c5d751a2d5424918c390759
|
|
Type: fix
Avoid complaint that we're potentially incrementing ii which could be
null.
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8511c07b1c2f260cc0e526d9aefeb4a051d98edf
|
|
Type: improvement
Change-Id: I1152e58d7bfcb3c4347147f87a834d45ad51cdfe
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I35b5ae5a58ab38cc4328f9f438938fab4fbd7942
|
|
Type: fix
1. added additional checks for pending data in
openssl_ctx_read_tls().
2. fixed read/write typo issues.
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: Id018c62bb9e02bf0d5f9abf929b6030b965a5d61
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6ed2104e9d79c367ca36460047586f9b632c3315
|
|
Type: feature
Basic dtls transport protocol implementation that relies on openssl
wire protocol implementation. Retries/timeouts not yet supported.
To test using vcl test apps, first ensure all arp entries are properly
resolved and subsequently:
server: vcl_server -p dtls 1234
client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id67cf8a3e1c5c9b4160689fde5de9ce7ed8a2ee3
|
|
The bio interacts directly with the session so it avoids using an
intermediary mem bio and, implicitly, higher memory consumption and an
extra memcpy.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ifb675cfd12df86396a7a738a6cd4d0882c69ad2f
|
|
Thread index used in qat_init_thread() is passed via a pointer
to a variable located on a stack that does not exist
when qat_init_thread is actually executed.
Type: fix
Fixes: f4a92f6a1c
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Change-Id: I65dd4e604b78fcb1cf0452d707f47f9785e6371d
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
|
|
Type: improvement
- allow apps to request rescheduling of tx events via
SESSION_F_CUSTOM_TX flag
- limit max burst per session custom tx dispatch
In tls
- use the new infra to reschedule tx events
- use max burst bytes as upper limit to number of bytes to be encrypted
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
|
|
Type: improvement
Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0895eb54a8c31bfa545d30287bb0783876483d21
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1f981e909c45f1731ce4bdfa959b41d349e22ef1
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie3bc31fc3df662e087f7931de6c274eb3608a2d8
|
|
Type: refactor
Switch from a wrapped byte space to a "continuous" one wherein fifo
chunks are appended to the fifo as more data is enqueued and chunks are
removed as data is dequeued.
The fifo is still subject to a maximum size, i.e., maximum number of
bytes that can be enqueued, so the max number of chunks associated to
the fifo is also constrained.
When enqueueing data, which must fit within the available free space, if
not enough "supporting" chunk memory is available, the fifo asks the
fifo segment for enough chunk memory to ensure that the write can
succeed. To avoid allocating large amounts of small chunks due to small
writes, if possible, the size of the chunks requested is lower capped by
min_alloc.
When dequeuing data, all the chunks that have been completely drained,
i.e., head moved beyond the chunks’ end bytes, are unlinked from the
fifo and returned to the fifo segment. The one exception to this is the
last chunk which is never unlinked.
Change-Id: I98c1dbd9135fb79650365c7e40c29238b96cd4ee
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I429351f04a2865be4a289a3021277f9b2ced902b
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: fix
When async is enabled and request is inflight, delay close oepration
Change-Id: I713078fe9832c1599e8860fc0a6bb98588f20943
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: docs
Change-Id: Id1972fd1d0769f26ee73db326c22c6a57eb6ceab
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: refactor
Make sure one tls ctx has one event availble
Thus ctx has the same life time with event, which can simplify the
management.
Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: fix
Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: fix
Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: fix
Change-Id: I8cfb48bd7f92689b296861dd368186408918061b
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: fix
Change-Id: I454aff1b187b75a1328c90e30b9b487377ae5f68
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: refactor
This patch does the following conversions
TLS_ENGINE_X -> CRYPTO_ENGINE_X
tls_engine_type_t -> crypto_engine_t
It does not change numbering of engines
Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
Ofer Heifetz
Florin Coras
Damjan Marion
satna
Saravanan Murugesan
Sivaprasad Tummala
Vladimir Medvedkin
Yu Ping
Nathan Skrzypczak