Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and user code has to be notified about it, otherwise it
may try to send data multiple times.
PR: 251969
Reviewed by: jkim
Obtained from: OpenSSL (dfcfd17f2818cf520ce6381aed9ec3d2fc12170d)
MFC after: 1 week
Sponsored by: Netflix (merging to FreeBSD)
Differential Revision: https://reviews.freebsd.org/D28714
This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.
Note that TLS 1.3 only supports TX offload.
A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support. It defaults to enabled on amd64 and disabled on all
other architectures.
Reviewed by: jkim (earlier version)
Approved by: secteam
Obtained from: OpenSSL (patches from master)
MFC after: 1 week
Relnotes: yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D28273
OpenSSL commit 3db2c9f3:
Complain if we are attempting to encode with an invalid ASN.1 template
OpenSSL commit 43a7033:
Check that multi-strings/CHOICE types don't use implicit tagging
OpenSSL commit f960d812:
Correctly compare EdiPartyName in GENERAL_NAME_cmp()
Obtained from: OpenSSL 3db2c9f3, 43a7033, f960d812
Security: CVE-2020-1971
Now the new devcrypto engine is enabled since r342009, many users started
seeing "Could not open /dev/crypto: No such file or directory". Disable
the annoying error message as it is not very useful anyway.
Note the patch was submitted upstream.
https://github.com/openssl/openssl/pull/7896
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c. Later, upstream fixed it in
1.0.2d but they removed the first one. Therefore, both were removed in our
version unfortunately. Now we revert to the vendor one to re-add it.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D10525
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.
Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.
Approved by: jkim
Sponsored by: DARPA, AFRL
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
