Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #1157 #1158

Closed
wants to merge 2,605 commits into from
Closed

Fix #1157 #1158

wants to merge 2,605 commits into from

Conversation

krizhanovsky
Copy link
Contributor

The probles in in nested __kernel_fpu_begin_bh() calls: firstly in DEFINE_TLS_TEST()->kernel_fpu_begin() and secondly in
ttls_ecp_group_free()->ttls_bzero_safe()->kernel_fpu_begin().

The fix moves all the TLS unit tests to test_tls.c from tls/ and
make each test responsible for calling kernel_fpu_{begin,end}().
The crypto routines can be split into 2 groups: called from process
context of Tempesta FW initialization and called in run-time, softirq
context. Only the second group must be called with saved FPU context.
In fact, current crypto routines (covered by the test) don't use SIMD
much and this is going to change in #1064.

aleksostapenko and others added 30 commits July 14, 2018 14:37
@aleksostapenko
Fix bug in 'http_field_len' verification in case of duplicated headers.
8930102
@aleksostapenko
Changes according review comments (#1033).
e29d8cc
@aleksostapenko
Correct matching of multiple headers in 'match_hdr_raw()' (#1033).
0bfd5ea
@aleksostapenko
Merge pull request #1036 from tempesta-tech/ao-1033
88252a4 
Fix #1033: Change header name format in HTTP tables configuration.
@aleksostapenko
Merge pull request #1039 from tempesta-tech/ao-772
2c88221 
 Fix #772: Change 'keepalive' and 'client_body' timeouts applying.
@krizhanovsky
Fix TLS record headers writting in multi-record data transfers
134d5a6
@krizhanovsky
1. [FIX] Place server certificate in the same page as read file data.
7807f9f 
   The page is used later as skb page fragment in TLS handshake.
2. Cleanups in PEM decoder.
3. Remove DHM routines called only for FS IO (unused).
4. Revert DTLS routines (dirty code) as it's supposed to used them for QUIC.
@krizhanovsky
Small TLS Handshakes FSM fixes
613497c
@aleksostapenko
Fix #535: Block clients which requests have no session cookie.
ac32d62
@aleksostapenko
Fix #900: Change some comments and add unit tests.
bfc5e90
@aleksostapenko
Additional comment added (#900).
1086abb
@krizhanovsky
Cleanups. Completely remove DTLS as QUIC uses TLS 1.3.
eb03fd6
@aleksostapenko
Merge pull request #1051 from tempesta-tech/ao-900
0801674 
Fix #900: Change some comments and add unit tests.
@vankoven
Fix misspells
d147160
@vankoven
gfsm: don't return PASS if at least one fsm waits for more data
34b21b7
@vankoven
restore current fsm state after after calling registered hooks
86676b5
@vankoven
add current gfsm state debug function
b44561d
@krizhanovsky
1. Multiple fixes in TLS handshake FSM;
cecbc99 
2. Make GFSM traverse skb list and call a FSM for each skb. TLS layer
   must collect skbs before decryption to have AEAD tag, so it sends
   list of decrypted skbs to HTTP layer by GFSM call. However, HTTP
   manages skb list on it's own.
3. Make ttls_decrypt() to work with plain buffers as well as fragmented
   skbs;
4. Some cleanups.
@krizhanovsky
Add links to stable release
864c969
@aleksostapenko
Additional changes according review comments (#535).
aef34eb
@aleksostapenko
Changes in config man (#535).
1c80e93
@krizhanovsky
Make irq_fpu_usable() return true for Tempesta softirqs so that
f40fa64 
SIMD crypto algorithms won't be called through cryptd.
Some cleanups.
@vankoven
gfsm: fix incorrect fsm hook call
a6a492c 
tfw_gfsm_switch() can be called multiple times during tfw_gfsm_move()
call. After each tfw_gfsm_switch() call current FSM is switched
to FSM stated in fsm_hooks. Thus FSM(st) actually points on
child FSM state, not parent one.
@aleksostapenko
Place redir mark after authority during redirection (#535).
9ddd07c
@krizhanovsky
Fix review commits, the rest of #1000(#166) in particular
4cdbd9c
@krizhanovsky
TODO comments for #488,#515,#1054
60082f7
@krizhanovsky
Fix reading explicit iv for ClientFinished
2523ee3
@aleksostapenko
Changes according review comments (#535).
5620c94
@aleksostapenko
Fix #1058: Protocol/port persistence support during redirection.
8b37a43
@aleksostapenko
Changes according review comments (#1058).
4bdb0bb
krizhanovsky and others added 22 commits January 1, 2019 18:47
@krizhanovsky
Fix review comments: usage of uninitialized valiables, wrong usage of…
4ce9a4f 
… unsigned

variables, some code mess.
@vankoven
tls: replace direct include of lib/log.h with debug.h header
2589ef5
@vankoven
tls: remove extra whitespace in Makefile
fadc79b
@krizhanovsky
Merge pull request #1143 from tempesta-tech/ak-1037-fixes
ea638cf 
Fix review comments for #1037
@vankoven
Merge pull request #1144 from tempesta-tech/ik-fix-build
99906fe 
Fix build of TLS module
@i-rinat
remove rebase artifacts
5ffb73c 
Various backup file copies were accidentally added to the repo.
@i-rinat
Merge pull request #1148 from tempesta-tech/ri-remove-rebase-artifacts
ded4ad7 
remove rebase artifacts
@i-rinat
recreate Content-Type request header for multipart/form-data requests
b55524e
@i-rinat
Merge pull request #1139 from tempesta-tech/ri-post-hdr-sanitize
4d9662f 
Sanitize Content-Type for multipart/form-data requests
@i-rinat
follow-up changes (see #1139)
754bf18 
* req->vhost is expected to be non-NULL, as it was checked before;
* disallow multiple instances of http_post_validate at topmost level;
* a typo.
@i-rinat
Merge pull request #1154 from tempesta-tech/ri-pr1139-fixups
3ccc7f4 
follow-up changes (see #1139)
@avbelov23
replace void ptr by union
c457b18
@avbelov23
Merge pull request #1150 from tempesta-tech/ab-str
3d6f8d4 
Replace void ptr by union
@vankoven
Remove TFW_HTTP_SUSPECTED flag
47e3788 
Instead of distinct flag, TFW_HTTP_CONN_CLOSE flags is set
to close client connection. The reason for a change
is message adjusting on forwarding. The 'Connection: ' header
should be properly set.
@vankoven
If error on request processing happen, don't close connection immedia…
16a800f 
…tely, serve all pending requests first

Fix #962
@vankoven
rename tfw_http_cli_error_resp_and_log wrappers
93f355e
@vankoven
Fix #899: check for sticky cookie before passing request to cache
339a5ee
@vankoven
fix code review comments
4b7a0c1
@vankoven
Address code review comments
d33e433
@vankoven
Fix rebase glitch
b09b442 
ss_close_sync() was replaced by tfw_connection_close() in current master.
@vankoven
Merge pull request #1141 from tempesta-tech/ik-error-req-fixes
8767e82 
Fixes on serving requests with errors
@krizhanovsky
Fix #1157: the probles in in nested __kernel_fpu_begin_bh() calls:
5755f72 
firstly in DEFINE_TLS_TEST()->kernel_fpu_begin() and secondly in
ttls_ecp_group_free()->ttls_bzero_safe()->kernel_fpu_begin().

The fix moves all the TLS unit tests to test_tls.c from tls/ and
make each test responsible for calling kernel_fpu_{begin,end}().
The crypto routines can be split into 2 groups: called from process
context of Tempesta FW initialization and called in run-time, softirq
context. Only the second group must be called with saved FPU context.
In fact, current crypto routines (covered by the test) don't use SIMD
much and this is going to change in #1064.
@krizhanovsky krizhanovsky mentioned this pull request Jan 26, 2019
Closed
@krizhanovsky krizhanovsky mentioned this pull request Jan 27, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vankoven vankoven Awaiting requested review from vankoven

@aleksostapenko aleksostapenko Awaiting requested review from aleksostapenko

Assignees

@vankoven vankoven

@aleksostapenko aleksostapenko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@krizhanovsky @vankoven @aleksostapenko @craig @vladtcvs @i-rinat @avbelov23