| Age | Commit message (Collapse) | Author |
|---|
|
TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced it
as an opt-in. Zerocopy improves the TX rate significantly, but has a
side effect: if the underlying file is changed while being transmitted,
and a TCP retransmission happens, the receiver may get a TLS record
containing both new and old data, which leads to an authentication
failure and termination of connection. This effect is the reason Linux
makes a copy on sendfile by default.
This commit adds support for TLS zerocopy sendfile on Linux disabled by
default to avoid any unlikely backward compatibility issues on Linux,
although sacrificing consistency in OpenSSL's behavior on Linux and
FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable
the new zerocopy behavior on Linux. This option should be used when the
the application guarantees that the file is not modified during
transmission, or it doesn't care about breaking the connection.
The related documentation is also added in this commit. The unit test
added doesn't test the actual functionality (it would require specific
hardware and a non-local peer), but solely checks that it's possible to
set the new option flag.
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18650)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
|
FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13752)
|
|
- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
SSL_set_cipher_list.
- Don't bother passing a sequence number size to KTLS test functions.
These functions always test TLS (and not DTLS) for which the
sequence size is always the same. In addition, even for DTLS the
check in question (verifying that the sequence number fields in SSL
do not change) should still pass when doing a before/after
comparison of the field.
- Define a helper structure to hold the TLS version and cipher name
for a single KTLS test.
- Define an array of such structures with valid KTLS ciphers and move
#ifdef's for TLS versions and supported ciphers out of test
functions and instead use them to define the valid members of this
array. This also permits using TLS 1.3 cipher suite names for
TLS 1.3 tests.
- Use separate tests per cipher for test_ktls to give more
fine-grained pass/fail results as is already done for
test_ktls_sendfile.
- While here, rename test_ktls_sendfile to execute_test_ktls_sendfile
and test_ktls_sendfile_anytls to test_ktls_sendfile. This is more
consistent with the naming used for test_ktls as well as other tests
in this file.
- Close the file descriptors used for temporary sockets in ktls tests.
- Don't assume that KTLS is supported for all compile-time supported
cipher suites at runtime. If the kernel fails to offload a given
cipher suite, skip the test rather than failing it. FreeBSD kernels
may not offload all of the cipher suites supported by its KTLS if a
suitable driver or KTLS backend is not present.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14096)
|
|
Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and user code has to be notified about it, otherwise it
may try to send data multiple times.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13716)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
|
|
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13475)
|
|
Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start(). This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
|
|
The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
the dummy functions were never used.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)
|
|
These functions are a bit large to inline and are not usable outside
of libssl.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
|
|
Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket option. Once
KTLS receive is enabled on a socket, the socket returns records via
recvmsg(). A control message attached to each record supplies the
original TLS header, and the decrypted plaintext is returned in the
data buffer passed to recvmsg().
To support the case that the userland buffer may already contain
pending encrypted records (which is already handled by Linux's KTLS
receive), the socket option structure for FreeBSD has been extended to
include the initial sequence number.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
|
|
These are similar to the helpers added in 95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_crypto so that FreeBSD and Linux can both use the same
signature to avoid OS-specific #ifdef's in libssl. This also required
moving the check on valid TLS versions into
ktls_check_supported_cipher for Linux. This has largely removed
OS-specific code and OS-specific #ifdef's for KTLS outside of
<internal/ktls.h>.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
|
|
This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
|
|
It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master,
and had only a couple of in-tree callers that are easy to convert.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
|
|
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12273)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)
|
|
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
|
|
This commit introduces support for Linux KTLS sendfile.
Sendfile semantics require the use of a kernel TLS socket to construct the TLS
record headers, encrypt and authenticate the data.
KTLS sendfile improves performance by avoiding the copy of file data into user
space, which is required today.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)
|
|
If the kernel headers are sufficiently recent to have KTLS transmit
support, but not recent enough to have KTLS receive support then a
compilation error would be the result.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8793)
|
|
Introduce the infrastructure for supproting receive side Linux Kernel TLS
data-path.
Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
|
|
This is probably harmless but best to properly initialise things.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
|
|
Introduce a compatability layer that exposes the required structures
and constants for supporting ktls.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
|
