OpenSearch/x-pack/plugin/security
Tim Brooks df3ef66294
Remove dedicated SSL network write buffer (#41654)
This is related to #27260. Currently for the SSLDriver we allocate a
dedicated network write buffer and encrypt the data into that buffer one
buffer at a time. This requires constantly switching between encrypting
and flushing. This commit adds a dedicated outbound buffer for SSL
operations that will internally allocate new packet sized buffers as
they are need (for writing encrypted data). This allows us to totally
encrypt an operation before writing it to the network. Eventually it can
be hooked up to buffer recycling.

This commit also backports the following commit:

Handle WRAP ops during SSL read

It is possible that a WRAP operation can occur while decrypting
handshake data in TLS 1.3. The SSLDriver does not currently handle this
well as it does not have access to the outbound buffer during read call.
This commit moves the buffer into the Driver to fix this issue. Data
wrapped during a read call will be queued for writing after the read
call is complete.
2019-04-29 17:59:13 -06:00
..
cli Upgrade hamcrest to 2.1 (#41464) 2019-04-24 23:40:03 -07:00
forbidden Add an OpenID Connect authentication realm (#40674) (#41178) 2019-04-15 12:41:16 +03:00
licenses Add an OpenID Connect authentication realm (#40674) (#41178) 2019-04-15 12:41:16 +03:00
qa [Backport] Replace usages RandomizedTestingTask with built-in Gradle Test (#40978) (#40993) 2019-04-09 11:52:50 -07:00
src Remove dedicated SSL network write buffer (#41654) 2019-04-29 17:59:13 -06:00
build.gradle Add an OpenID Connect authentication realm (#40674) (#41178) 2019-04-15 12:41:16 +03:00