Home
last modified time | relevance | path

Searched full:tls (Results 1 – 25 of 1286) sorted by relevance

12345678910>>...52

/freebsd/sys/kern/
H A Duipc_ktls.c111 SYSCTL_NODE(_kern_ipc, OID_AUTO, tls, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
112 "Kernel TLS offload");
114 "Kernel TLS offload stats");
127 &ktls_maxlen, 0, "Maximum TLS record size");
132 "Number of TLS threads in thread-pool");
137 "Max percent bytes retransmitted before ifnet TLS is disabled");
142 "Enable support for kernel TLS offload");
147 "Enable support of AES-CBC crypto for kernel TLS");
166 "Number of TLS 1.0 records waiting for earlier TLS records");
171 "Number of TLS records in queue to tasks for SW encryption");
[all …]
/freebsd/share/man/man4/
H A Dktls.443 facility allows the kernel to perform Transport Layer Security (TLS)
47 the initial handshake for a socket using TLS is performed in userland.
85 Instead, the NIC encrypts TLS records as they are being transmitted,
86 or decrypts received TLS records before providing them to the host.
100 (also known as packet pacing) for TLS offload,
110 between TCP and TLS.
113 Once TLS transmit is enabled by a successful set of the
116 all data written on the socket is stored in TLS records and encrypted.
117 Most data is transmitted in application layer TLS records,
118 and the kernel chooses how to partition data among TLS records.
[all …]
/freebsd/sys/opencrypto/
H A Dktls_ocf.c49 /* Encrypt a single outbound TLS record. */
51 struct ktls_session *tls, struct mbuf *m,
54 /* Re-encrypt a received TLS record that is partially decrypted. */
55 int (*recrypt)(struct ktls_session *tls,
59 /* Decrypt a received TLS record. */
60 int (*decrypt)(struct ktls_session *tls,
74 /* Only used for TLS 1.0 with the implicit IV. */
94 "Kernel TLS offload via OCF stats");
99 "Total number of OCF TLS 1.0 CBC encryption operations");
104 "Total number of OCF TLS 1.1/1.2 CBC decryption operations");
[all …]
/freebsd/contrib/wpa/src/crypto/
H A Dtls.h2 * SSL/TLS interface definition
125 * struct tls_connection_params - Parameters for TLS connection
179 * TLS connection parameters to be configured with tls_connection_set_params()
226 * tls_init - Initialize TLS library
227 * @conf: Configuration data for TLS library
232 * session. In other words, there can be two concurrent TLS contexts. If global
234 * authentication types), the TLS library wrapper should maintain a reference
240 * tls_deinit - Deinitialize TLS library
241 * @tls_ctx: TLS context data from tls_init()
245 * shared between both authentication types), the TLS library wrapper should
[all …]
/freebsd/crypto/openssl/doc/designs/quic-design/
H A Dquic-tls.md1 QUIC-TLS Handshake Integration
4 QUIC reuses the TLS handshake for the establishment of keys. It does not use
5 the standard TLS record layer and instead assumes responsibility for the
6 confidentiality and integrity of QUIC packets itself. Only the TLS handshake is
12 A QUIC-TLS handshake is managed by a QUIC_TLS object. This object provides
27 `SSL` object is initialised with an `SSL_CONNECTION` to represent the TLS
45 state of the QUIC-TLS handshake. On each call to `ossl_quic_tls_tick` newly
77 /* Called when a traffic secret is available for a given TLS protection level. */
122 QUIC-TLS handshake when there is new CRYPTO frame data to be sent, or when it
125 When the TLS handshake generates secrets they will be communicated to the
[all …]
/freebsd/crypto/openssl/test/ssl-tests/
H A D20-cert-select.cnf22 test-17 = 17-TLS 1.2 Ed25519 Client Auth
23 test-18 = 18-TLS 1.2 Ed448 Client Auth
39 test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
40 test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
41 test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
42 test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
43 test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
44 test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
45 test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
46 test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
[all …]
/freebsd/crypto/openssl/ssl/
H A Dssl_stat.c24 return "SSLv3/TLS read certificate status"; in SSL_state_string_long()
26 return "SSLv3/TLS write next proto"; in SSL_state_string_long()
28 return "SSLv3/TLS read next proto"; in SSL_state_string_long()
30 return "SSLv3/TLS write certificate status"; in SSL_state_string_long()
36 return "SSLv3/TLS write client hello"; in SSL_state_string_long()
38 return "SSLv3/TLS read server hello"; in SSL_state_string_long()
40 return "SSLv3/TLS read server certificate"; in SSL_state_string_long()
44 return "SSLv3/TLS read server key exchange"; in SSL_state_string_long()
46 return "SSLv3/TLS read server certificate request"; in SSL_state_string_long()
48 return "SSLv3/TLS read server session ticket"; in SSL_state_string_long()
[all …]
/freebsd/contrib/wpa/src/eap_peer/
H A Deap_tls_common.c2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
13 #include "crypto/tls.h"
174 * handle the TLS Session Ticket extension (they are supposed in eap_tls_params_from_conf()
175 * to ignore unrecognized TLS extensions, but end up rejecting in eap_tls_params_from_conf()
177 * TLS Sesson Ticket extension for EAP-TLS, EAP-PEAP, and in eap_tls_params_from_conf()
184 /* RFC 7170 requires TLS v1.2 or newer to be used with TEAP */ in eap_tls_params_from_conf()
195 * TLS v1.3 changes, so disable this by default for now. */ in eap_tls_params_from_conf()
202 /* While the current EAP-TLS implementation is more or less in eap_tls_params_from_conf()
203 * complete for TLS v1.3, there has been only minimal in eap_tls_params_from_conf()
207 * with TLS version update. in eap_tls_params_from_conf()
[all …]
H A Deap_tls_common.h2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
13 * struct eap_ssl_data - TLS data for EAP methods
17 * conn - TLS connection context data from tls_connection_init()
22 * tls_out - TLS message to be sent out in fragments
27 * tls_out_pos - The current position in the outgoing TLS message
32 * tls_out_limit - Maximum fragment size for outgoing TLS messages
37 * tls_in - Received TLS message buffer for re-assembly
42 * tls_in_left - Number of remaining bytes in the incoming TLS message
47 * tls_in_total - Total number of bytes in the incoming TLS message
52 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
[all …]
/freebsd/lib/libc/gen/
H A Dtls.c30 * Define stubs for TLS internals so that programs and libraries can
68 void _rtld_free_tls(void *tls, size_t tcbsize, size_t tcbalign);
70 void __libc_free_tls(void *tls, size_t tcbsize, size_t tcbalign);
141 * There are two versions of variant I of TLS
144 * where TP points to start of TCB followed by aligned TLS segment.
145 * Both TCB and TLS must be aligned to alignment of TLS section. The TCB[0]
147 * Note: for Local Exec TLS Model, the offsets from TP (TCB in this case) to
148 * TLS variables are computed by linker, so we cannot overalign TLS section.
151 * where TP points (with bias) to TLS and TCB immediately precedes TLS without
152 * any alignment gap[4]. Only TLS should be aligned. The TCB[0] points to DTV
[all …]
/freebsd/crypto/openssl/doc/man7/
H A Dossl-guide-quic-introduction.pod13 some OpenSSL and TLS fundamentals (see L<ossl-guide-libraries-introduction(7)>
14 and L<ossl-guide-tls-introduction(7)>).
21 TLS protocol for connection establishment but independently protects packets.
22 It provides similar security guarantees to TLS such as confidentiality,
23 integrity and authentication (see L<ossl-guide-tls-introduction(7)>).
38 client and server as is required when opening an additional TLS/TCP
50 transmitted without any waiting time. This is similar to TLS 1.3's 0-RTT
52 it is similar to a combination of TLS 1.3 0-RTT and TCP Fast Open.
62 allowing support for both TLS and DTLS-style use cases on a single connection.
82 A key difference between the TLS implementation and the QUIC implementation in
[all …]
H A Dossl-guide-tls-introduction.pod5 ossl-guide-tls-introduction
6 - OpenSSL Guide: An introduction to SSL/TLS in OpenSSL
10 This page will provide an introduction to some basic SSL/TLS concepts and
14 =head1 WHAT IS TLS?
16 TLS stands for Transport Layer Security. TLS allows applications to securely
24 Sometimes TLS is referred to by its predecessor's name SSL (Secure Sockets
27 abbreviation. Nonetheless OpenSSL contains a fully fledged TLS implementation.
29 TLS is based on a client/server model. The application that initiates a
37 TLS is a standardised protocol and there are numerous different implementations
39 seamlessly with an application using some different implementation of TLS. TLS
[all …]
H A Dossl-guide-tls-server-block.pod6 demos/guide/tls-server-block.c
12 ossl-guide-tls-server-block
13 - OpenSSL Guide: Writing a simple blocking TLS server
15 =head1 SIMPLE BLOCKING TLS SERVER EXAMPLE
18 simple, non-concurrent, TLS "echo" server application which accepts one client
26 The complete source code for this example blocking TLS server is available in
28 B<tls-server-block.c>. It is also available online at
29 L<https://github.com/openssl/openssl/blob/master/demos/guide/tls-server-block.c>.
32 already have some fundamental understanding of OpenSSL concepts and TLS (see
33 L<ossl-guide-libraries-introduction(7)> and L<ossl-guide-tls-introduction(7)>);
[all …]
/freebsd/contrib/wpa/wpa_supplicant/
H A Deap_testing.txt56 EAP-TLS + + + + + + + + - - + +
61 EAP-PEAPv0/TLS + + - + + + F + - - + +
72 EAP-PEAPv1/TLS - - - + + +1 F +5 - - + +
87 EAP-TTLS/EAP-TLS + - +2 + F + + + - - + -
107 EAP-FAST/TLS(aprov) - - - - - - - - - - + +
112 EAP-FAST/TLS(auth) - - - - - - - - - - + +
145 - EAP-TLS
149 - EAP-PEAPv0 / TLS
153 - EAP-TTLS / EAP-TLS
163 - EAP-TLS
[all …]
/freebsd/crypto/openssl/include/openssl/
H A Dcore_names.h140 # define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
141 # define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
142 # define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
143 # define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
144 # define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
145 # define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
146 # define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
147 # define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
148 # define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
149 # define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
[all …]
/freebsd/sys/dev/cxgbe/crypto/
H A Dt4_keyctx.c410 t4_tls_key_info_size(const struct ktls_session *tls) in t4_tls_key_info_size() argument
415 tls->params.cipher_key_len; in t4_tls_key_info_size()
416 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { in t4_tls_key_info_size()
419 switch (tls->params.auth_algorithm) { in t4_tls_key_info_size()
438 t4_tls_proto_ver(const struct ktls_session *tls) in t4_tls_proto_ver() argument
440 switch (tls->params.tls_vminor) { in t4_tls_proto_ver()
453 t4_tls_cipher_mode(const struct ktls_session *tls) in t4_tls_cipher_mode()
455 switch (tls->params.cipher_algorithm) { in t4_tls_cipher_mode()
466 t4_tls_auth_mode(const struct ktls_session *tls) in t4_tls_auth_mode()
468 switch (tls in t4_tls_auth_mode()
447 t4_tls_cipher_mode(const struct ktls_session * tls) t4_tls_cipher_mode() argument
460 t4_tls_auth_mode(const struct ktls_session * tls) t4_tls_auth_mode() argument
482 t4_tls_hmac_ctrl(const struct ktls_session * tls) t4_tls_hmac_ctrl() argument
495 tls_cipher_key_size(const struct ktls_session * tls) tls_cipher_key_size() argument
510 tls_mac_key_size(const struct ktls_session * tls) tls_mac_key_size() argument
529 t4_tls_key_ctx(const struct ktls_session * tls,int direction,struct tls_keyctx * kctx) t4_tls_key_ctx() argument
657 t4_write_tlskey_wr(const struct ktls_session * tls,int direction,int tid,int flags,int keyid,struct tls_key_req * kwr) t4_write_tlskey_wr() argument
[all...]
/freebsd/sys/dev/cxgbe/tom/
H A Dt4_tls.c81 /* TLS and DTLS common routines */
86 return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS); in can_tls_offload()
92 struct tls_ofld_info *tls_ofld = &toep->tls; in tls_tx_key()
114 /* TLS/DTLS content type for CPL SFO */
132 /* TLS Key memory management */
136 struct tls_ofld_info *tls_ofld = &toep->tls; in clear_tls_keyid()
150 get_tp_plen_max(struct ktls_session *tls) in get_tp_plen_max() argument
154 return (tls->params.max_frame_len <= 8192 ? plen : FC_TP_PLEN_MAX); in get_tp_plen_max()
159 tls_program_key_id(struct toepcb *toep, struct ktls_session *tls, in tls_program_key_id() argument
162 struct tls_ofld_info *tls_ofld = &toep->tls; in tls_program_key_id()
207 tls_alloc_ktls(struct toepcb * toep,struct ktls_session * tls,int direction) tls_alloc_ktls() argument
[all...]
/freebsd/secure/lib/libcrypto/man/man7/
H A Dprovider-base.7610 \fI"TLS-GROUP" Capability\fR
611 .IX Subsection """TLS-GROUP"" Capability"
613 The "TLS-GROUP" capability can be queried by libssl to discover the list of
615 \&\fIkey exchange\fR (KEX) or \fIkey encapsulation method\fR (KEM) during a TLS
617 TLS clients can advertise the list of TLS groups they support in the
618 supported_groups extension, and TLS servers can select a group from the offered
622 Each TLS group that a provider supports should be described via the callback
626 .IP """tls-group-name"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME\fR) <UTF8 string>" 4
627 .IX Item """tls-group-name"" (OSSL_CAPABILITY_TLS_GROUP_NAME) <UTF8 string>"
628 The name of the group as given in the IANA TLS Supported Groups registry
[all …]
H A Dossl-guide-tls-introduction.757 .IX Title "OSSL-GUIDE-TLS-INTRODUCTION 7ossl"
58 .TH OSSL-GUIDE-TLS-INTRODUCTION 7ossl 2025-09-30 3.5.4 OpenSSL
64 ossl\-guide\-tls\-introduction
65 \&\- OpenSSL Guide: An introduction to SSL/TLS in OpenSSL
68 This page will provide an introduction to some basic SSL/TLS concepts and
71 .SH "WHAT IS TLS?"
72 .IX Header "WHAT IS TLS?"
73 TLS stands for Transport Layer Security. TLS allows applications to securely
81 Sometimes TLS is referred to by its predecessor's name SSL (Secure Sockets
84 abbreviation. Nonetheless OpenSSL contains a fully fledged TLS implementation.
[all …]
H A Dossl-guide-quic-introduction.771 some OpenSSL and TLS fundamentals (see \fBossl\-guide\-libraries\-introduction\fR\|(7)
72 and \fBossl\-guide\-tls\-introduction\fR\|(7)).
79 It provides similar security guarantees to TLS such as confidentiality,
80 integrity and authentication (see \fBossl\-guide\-tls\-introduction\fR\|(7)).
92 client and server as is required when opening an additional TLS/TCP
102 transmitted without any waiting time. This is similar to TLS 1.3's 0\-RTT
104 it is similar to a combination of TLS 1.3 0\-RTT and TCP Fast Open.
112 allowing support for both TLS and DTLS-style use cases on a single connection.
127 A key difference between the TLS implementation and the QUIC implementation in
150 .SH "QUIC AND TLS"
[all …]
H A Dossl-guide-tls-server-block.757 .IX Title "OSSL-GUIDE-TLS-SERVER-BLOCK 7ossl"
58 .TH OSSL-GUIDE-TLS-SERVER-BLOCK 7ossl 2025-09-30 3.5.4 OpenSSL
64 ossl\-guide\-tls\-server\-block
65 \&\- OpenSSL Guide: Writing a simple blocking TLS server
66 .SH "SIMPLE BLOCKING TLS SERVER EXAMPLE"
67 .IX Header "SIMPLE BLOCKING TLS SERVER EXAMPLE"
69 simple, non-concurrent, TLS "echo" server application which accepts one client
77 The complete source code for this example blocking TLS server is available in
80 <https://github.com/openssl/openssl/blob/master/demos/guide/tls\-server\-block.c>.
83 already have some fundamental understanding of OpenSSL concepts and TLS (see
[all …]
/freebsd/crypto/openssl/test/recipes/90-test_sslapi_data/
H A Dssltraceref-zlib.txt1 Sent TLS Record
3 Version = TLS 1.0 (0x301)
7 client_version=0x303 (TLS 1.2)
56 TLS 1.3 (772)
65 Received TLS Record
67 Version = TLS 1.2 (0x303)
71 server_version=0x303 (TLS 1.2)
80 TLS 1.3 (772)
85 Received TLS Record
87 Version = TLS 1.2 (0x303)
[all …]
H A Dssltraceref.txt1 Sent TLS Record
3 Version = TLS 1.0 (0x301)
7 client_version=0x303 (TLS 1.2)
56 TLS 1.3 (772)
63 Received TLS Record
65 Version = TLS 1.2 (0x303)
69 server_version=0x303 (TLS 1.2)
78 TLS 1.3 (772)
83 Received TLS Record
85 Version = TLS 1.2 (0x303)
[all …]
/freebsd/tools/regression/tls/ttls3/
H A DMakefile7 tls-lib: elftls.S
12 tls-test-lib: tls-lib tls-test-lib.c
13 gcc -c -o tls-test.o ${.CURDIR}/tls-test-lib.c
14 ld $(LDFLAGS) tls-test.o libtls.so.1 -rpath=${.OBJDIR} -soname libtls-test.so.1 -o libtls-test.so.1
16 ttls3: tls-test-lib tls-test.c
17 gcc $(CFLAGS) -rdynamic -o ttls3 ${.CURDIR}/tls-test.c
/freebsd/sys/sys/
H A Dktls.h59 * Nonce for GCM for TLS 1.2 per RFC 5288.
67 * AEAD additional data format for TLS 1.2 per RFC 5246.
78 * AEAD additional data format for TLS 1.3 per RFC 8446.
141 /* TLS record header. */
225 /* Only used for TLS 1.0. */
244 void ktls_cleanup_tls_enable(struct tls_enable *tls);
245 int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls);
251 void ktls_destroy(struct ktls_session *tls);
252 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
260 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
[all …]

12345678910>>...52