d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
62ca9fc1ad
freebsd-dev/crypto/openssl/ssl
History
John Baldwin 62ca9fc1ad OpenSSL: Only enable KTLS if it is explicitly configured 
It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specifically
configured not to. This is problematic because it avoids any crypto
implementations from providers. A user who configures all crypto to use
the FIPS provider may unexpectedly find that TLS related crypto is actually
being performed outside of the FIPS boundary.

Instead we change KTLS so that it is disabled by default.

We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather
than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and
SSL_MODE_NO_KTLS_TX).

Reviewed by:	jkim
Obtained from:	OpenSSL (a3a54179b6754fbed6d88e434baac710a83aaf80)
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31440
2021-08-17 14:41:24 -07:00
..
record OpenSSL: Merge OpenSSL 1.1.1j 2021-02-16 17:00:27 -05:00
statem OpenSSL: Merge OpenSSL 1.1.1k 2021-03-25 11:45:19 -04:00
bio_ssl.c Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
build.info OpenSSL: Support for kernel TLS offload (KTLS) 2021-01-28 10:24:13 -08:00
d1_lib.c OpenSSL: Merge OpenSSL 1.1.1j 2021-02-16 17:00:27 -05:00
d1_msg.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
d1_srtp.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ktls.c OpenSSL: Only enable KTLS if it is explicitly configured 2021-08-17 14:41:24 -07:00
methods.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
packet_local.h Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
packet.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
pqueue.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
s3_cbc.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
s3_enc.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
s3_lib.c OpenSSL: Merge OpenSSL 1.1.1k 2021-03-25 11:45:19 -04:00
s3_msg.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_asn1.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_cert_table.h Update OpenSSL to 1.1.1. 2018-09-13 20:40:51 +00:00
ssl_cert.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_ciph.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_conf.c OpenSSL: Only enable KTLS if it is explicitly configured 2021-08-17 14:41:24 -07:00
ssl_err.c OpenSSL: Support for kernel TLS offload (KTLS) 2021-01-28 10:24:13 -08:00
ssl_init.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_lib.c OpenSSL: Merge OpenSSL 1.1.1k 2021-03-25 11:45:19 -04:00
ssl_local.h OpenSSL: Merge OpenSSL 1.1.1j 2021-02-16 17:00:27 -05:00
ssl_mcnf.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_rsa.c Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
ssl_sess.c Merge OpenSSL 1.1.1i. 2020-12-09 02:05:14 +00:00
ssl_stat.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_txt.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
ssl_utst.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
t1_enc.c OpenSSL: Only enable KTLS if it is explicitly configured 2021-08-17 14:41:24 -07:00
t1_lib.c Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
t1_trce.c Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
tls13_enc.c OpenSSL: Only enable KTLS if it is explicitly configured 2021-08-17 14:41:24 -07:00
tls_srp.c Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00