svn commit: r360408 - in head: share/man/man4 sys/dev/cxgbe/tom sys/kern sys/netinet sys/sys
John Baldwin
jhb at FreeBSD.org
Tue Apr 28 16:18:52 UTC 2020
On 4/27/20 4:17 PM, John Baldwin wrote:
> Author: jhb
> Date: Mon Apr 27 23:17:19 2020
> New Revision: 360408
> URL: https://svnweb.freebsd.org/changeset/base/360408
>
> Log:
> Initial support for kernel offload of TLS receive.
>
> - Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
> authentication algorithms and keys as well as the initial sequence
> number.
>
> - When reading from a socket using KTLS receive, applications must use
> recvmsg(). Each successful call to recvmsg() will return a single
> TLS record. A new TCP control message, TLS_GET_RECORD, will contain
> the TLS record header of the decrypted record. The regular message
> buffer passed to recvmsg() will receive the decrypted payload. This
> is similar to the interface used by Linux's KTLS RX except that
> Linux does not return the full TLS header in the control message.
>
> - Add plumbing to the TOE KTLS interface to request either transmit
> or receive KTLS sessions.
>
> - When a socket is using receive KTLS, redirect reads from
> soreceive_stream() into soreceive_generic().
>
> - Note that this interface is currently only defined for TLS 1.1 and
> 1.2, though I believe we will be able to reuse the same interface
> and structures for 1.3.
The OpenSSL changes required for RX support are not yet upstream, but
I hope to open the pull request for those later today after retesting
them against latest OpenSSL master.
--
John Baldwin
More information about the svn-src-all
mailing list