On 4/27/20 4:17 PM, John Baldwin wrote: > Author: jhb > Date: Mon Apr 27 23:17:19 2020 > New Revision: 360408 > URL: https://svnweb.freebsd.org/changeset/base/360408 > > Log: > Initial support for kernel offload of TLS receive. > > - Add a new TCP_RXTLS_ENABLE socket option to set the encryption and > authentication algorithms and keys as well as the initial sequence > number. > > - When reading from a socket using KTLS receive, applications must use > recvmsg(). Each successful call to recvmsg() will return a single > TLS record. A new TCP control message, TLS_GET_RECORD, will contain > the TLS record header of the decrypted record. The regular message > buffer passed to recvmsg() will receive the decrypted payload. This > is similar to the interface used by Linux's KTLS RX except that > Linux does not return the full TLS header in the control message. > > - Add plumbing to the TOE KTLS interface to request either transmit > or receive KTLS sessions. > > - When a socket is using receive KTLS, redirect reads from > soreceive_stream() into soreceive_generic(). > > - Note that this interface is currently only defined for TLS 1.1 and > 1.2, though I believe we will be able to reuse the same interface > and structures for 1.3.
The OpenSSL changes required for RX support are not yet upstream, but I hope to open the pull request for those later today after retesting them against latest OpenSSL master. -- John Baldwin _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "[email protected]"
