Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle WRAP ops during SSL read #41611

Merged
merged 5 commits into from
Apr 29, 2019
Merged

Handle WRAP ops during SSL read #41611

merged 5 commits into from
Apr 29, 2019

Conversation

Tim-Brooks
Copy link
Contributor

It is possible that a WRAP operation can occur while decrypting
handshake data in TLS 1.3. The SSLDriver does not currently handle this
well as it does not have access to the outbound buffer during read call.
This commit moves the buffer into the Driver to fix this issue. Data
wrapped during a read call will be queued for writing after the read
call is complete.

@Tim-Brooks
Handle WRAP ops during SSL read
92b2930 
It is possible that a WRAP operation can occur while decrypting
handshake data in TLS 1.3. The SSLDriver does not currently handle this
well as it does not have access to the outbound buffer during read call.
This commit moves the buffer into the Driver to fix this issue. Data
wrapped during a read call will be queued for writing after the read
call is complete.
@Tim-Brooks
Once last change
1c0bdd0
@Tim-Brooks
Merge remote-tracking branch 'upstream/master' into ssl_fixes
a038100
@Tim-Brooks Tim-Brooks requested a review from jaymode April 26, 2019 20:26
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

jaymode
jaymode approved these changes Apr 27, 2019
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Tim-Brooks Tim-Brooks merged commit 7a407f5 into elastic:master Apr 29, 2019
Tim-Brooks added a commit to Tim-Brooks/elasticsearch that referenced this pull request Apr 29, 2019
@Tim-Brooks
Handle WRAP ops during SSL read (elastic#41611)
98f49b5 
It is possible that a WRAP operation can occur while decrypting
handshake data in TLS 1.3. The SSLDriver does not currently handle this
well as it does not have access to the outbound buffer during read call.
This commit moves the buffer into the Driver to fix this issue. Data
wrapped during a read call will be queued for writing after the read
call is complete.
akhil10x5 pushed a commit to akhil10x5/elasticsearch that referenced this pull request May 2, 2019
@Tim-Brooks @akhil10x5
Handle WRAP ops during SSL read (elastic#41611)
ed39b60 
It is possible that a WRAP operation can occur while decrypting
handshake data in TLS 1.3. The SSLDriver does not currently handle this
well as it does not have access to the outbound buffer during read call.
This commit moves the buffer into the Driver to fix this issue. Data
wrapped during a read call will be queued for writing after the read
call is complete.
gurkankaymak pushed a commit to gurkankaymak/elasticsearch that referenced this pull request May 27, 2019
@Tim-Brooks
Handle WRAP ops during SSL read (elastic#41611)
da6db68 
It is possible that a WRAP operation can occur while decrypting
handshake data in TLS 1.3. The SSLDriver does not currently handle this
well as it does not have access to the outbound buffer during read call.
This commit moves the buffer into the Driver to fix this issue. Data
wrapped during a read call will be queued for writing after the read
call is complete.
@Tim-Brooks Tim-Brooks deleted the ssl_fixes branch April 30, 2020 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaymode jaymode jaymode approved these changes

Assignees
No one assigned
Labels
>bug :Security/TLS SSL/TLS, Certificates v7.2.0 v8.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Tim-Brooks @elasticmachine @jaymode @jakelandis