[openssl/openssl] 1f82f0: Add a test for TLS pipelining

Matt Caswell noreply at github.com
Fri Feb 24 00:03:34 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 1f82f094dbdacffd850f7cabf4d314638425c2b1
      https://github.com/openssl/openssl/commit/1f82f094dbdacffd850f7cabf4d314638425c2b1
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add a test for TLS pipelining

TLS pipelining provides the ability for libssl to read or write multiple
records in parallel. It requires special ciphers to do this, and there are
currently no built-in ciphers that provide this capability. However, the
dasync engine does have such a cipher, so we add a test for this capability
using that engine.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)

(cherry picked from commit 24c7d367b612fc5a4a84571da1e54a01a6ee813f)


  Commit: 0cc27fe8d44e3083057b4287c3a5d5da9dfb3f8d
      https://github.com/openssl/openssl/commit/0cc27fe8d44e3083057b4287c3a5d5da9dfb3f8d
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M ssl/record/ssl3_record.c

  Log Message:
  -----------
  Pipeline output/input buf arrays must live until the EVP_Cipher is called

The pipeline input/output buf arrays must remain accessible to the
EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an
asan error discovered by the newly added pipeline test.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)

(cherry picked from commit df9c7ceefef59cc870c80346906471fabec62494)


  Commit: 55c5421a8c83243acde044a9cf5a57060049c55a
      https://github.com/openssl/openssl/commit/55c5421a8c83243acde044a9cf5a57060049c55a
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M ssl/record/rec_layer_s3.c
    M ssl/record/ssl3_buffer.c

  Log Message:
  -----------
  Fix read pipelining

During read pipelining we must ensure that the buffer is sufficiently large
to read enough data to fill our pipelines. We also remove some code that
moved data to the start of the packet if we can. This was unnecessary
because of later code which would end up moving it anyway. The earlier move
was also incorrect in the case that |clearold| was 0. This would cause the
read pipelining code to fail with sufficiently large records.

Fixes #20197

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)

(cherry picked from commit 1d06598f0e9d9e39f9c206a2520777e696150257)


  Commit: 4f67cb9dbde5e607ab882ad9fc27efaf46deb910
      https://github.com/openssl/openssl/commit/4f67cb9dbde5e607ab882ad9fc27efaf46deb910
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M doc/man3/SSL_CTX_set_split_send_fragment.pod

  Log Message:
  -----------
  Update the pipelining docs

Document the effect on the internal read buffer when using pipelining.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)

(cherry picked from commit 89ed54456ec79bfc3c2f8c5e216efb5976a07525)


  Commit: 6044b436d0c8aed6a8d2fcc66bf45470fe685a23
      https://github.com/openssl/openssl/commit/6044b436d0c8aed6a8d2fcc66bf45470fe685a23
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M ssl/record/rec_layer_s3.c

  Log Message:
  -----------
  Do not have more data in a pipeline than the split_send_fragment

We shouldn't be putting more data into a pipeline than the value of
split_send_fragment.

This is a backport of a fix which was included in a much larger commit in
master (c6186792b98) related to moving the pipelining code into the new
record layer that exists there.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)

(cherry picked from commit 2c4b1c7b7b09c0e3f9f4246e8d6747678ea90363)


Compare: https://github.com/openssl/openssl/compare/196cbeb319df...6044b436d0c8


More information about the openssl-commits mailing list