[openssl/openssl] 24c7d3: Add a test for TLS pipelining

Matt Caswell noreply at github.com
Fri Feb 24 00:00:33 UTC 2023


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 24c7d367b612fc5a4a84571da1e54a01a6ee813f
      https://github.com/openssl/openssl/commit/24c7d367b612fc5a4a84571da1e54a01a6ee813f
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for TLS pipelining

TLS pipelining provides the ability for libssl to read or write multiple
records in parallel. It requires special ciphers to do this, and there are
currently no built-in ciphers that provide this capability. However, the
dasync engine does have such a cipher, so we add a test for this capability
using that engine.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)


  Commit: df9c7ceefef59cc870c80346906471fabec62494
      https://github.com/openssl/openssl/commit/df9c7ceefef59cc870c80346906471fabec62494
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M ssl/record/ssl3_record.c

  Log Message:
  -----------
  Pipeline output/input buf arrays must live until the EVP_Cipher is called

The pipeline input/output buf arrays must remain accessible to the
EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an
asan error discovered by the newly added pipeline test.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)


  Commit: 1d06598f0e9d9e39f9c206a2520777e696150257
      https://github.com/openssl/openssl/commit/1d06598f0e9d9e39f9c206a2520777e696150257
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M ssl/record/rec_layer_s3.c
    M ssl/record/ssl3_buffer.c

  Log Message:
  -----------
  Fix read pipelining

During read pipelining we must ensure that the buffer is sufficiently large
to read enough data to fill our pipelines. We also remove some code that
moved data to the start of the packet if we can. This was unnecessary
because of later code which would end up moving it anyway. The earlier move
was also incorrect in the case that |clearold| was 0. This would cause the
read pipelining code to fail with sufficiently large records.

Fixes #20197

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)


  Commit: 89ed54456ec79bfc3c2f8c5e216efb5976a07525
      https://github.com/openssl/openssl/commit/89ed54456ec79bfc3c2f8c5e216efb5976a07525
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M doc/man3/SSL_CTX_set_split_send_fragment.pod

  Log Message:
  -----------
  Update the pipelining docs

Document the effect on the internal read buffer when using pipelining.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)


  Commit: 2c4b1c7b7b09c0e3f9f4246e8d6747678ea90363
      https://github.com/openssl/openssl/commit/2c4b1c7b7b09c0e3f9f4246e8d6747678ea90363
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M ssl/record/rec_layer_s3.c

  Log Message:
  -----------
  Do not have more data in a pipeline than the split_send_fragment

We shouldn't be putting more data into a pipeline than the value of
split_send_fragment.

This is a backport of a fix which was included in a much larger commit in
master (c6186792b98) related to moving the pipelining code into the new
record layer that exists there.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)


Compare: https://github.com/openssl/openssl/compare/a92dd651abfc...2c4b1c7b7b09


More information about the openssl-commits mailing list