mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
8f48a978e5
openssl/ssl
History
Maxim Mikityanskiy cd715b7e7f Add support for KTLS zerocopy sendfile on Linux 
TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced it
as an opt-in. Zerocopy improves the TX rate significantly, but has a
side effect: if the underlying file is changed while being transmitted,
and a TCP retransmission happens, the receiver may get a TLS record
containing both new and old data, which leads to an authentication
failure and termination of connection. This effect is the reason Linux
makes a copy on sendfile by default.

This commit adds support for TLS zerocopy sendfile on Linux disabled by
default to avoid any unlikely backward compatibility issues on Linux,
although sacrificing consistency in OpenSSL's behavior on Linux and
FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable
the new zerocopy behavior on Linux. This option should be used when the
the application guarantees that the file is not modified during
transmission, or it doesn't care about breaking the connection.

The related documentation is also added in this commit. The unit test
added doesn't test the actual functionality (it would require specific
hardware and a non-local peer), but solely checks that it's possible to
set the new option flag.

Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18650)
2022-11-24 13:19:37 +01:00
..
quic QUIC TXP: Fix missing OSSL_NELEM include 2022-11-24 09:17:20 +00:00
record Add support for KTLS zerocopy sendfile on Linux 2022-11-24 13:19:37 +01:00
statem Remove references to read_mac_secret and write_mac_secret 2022-11-14 07:51:17 +00:00
bio_ssl.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
build.info Add support for compressed certificates (RFC8879) 2022-10-18 09:30:22 -04:00
d1_lib.c Fix coverity 1516101 deadcode 2022-10-24 09:51:00 +11:00
d1_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
d1_srtp.c
event_queue.c Make OSSL_TIME a structure 2022-08-12 15:44:01 +01:00
methods.c
pqueue.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
priority_queue.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
s3_enc.c Remove enc_write_state 2022-10-12 15:53:31 +01:00
s3_lib.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
s3_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
ssl_asn1.c ssl: modify libssl so that it uses OSSL_TIME 2022-09-13 21:13:22 +10:00
ssl_cert_comp.c Add zlib oneshot compression 2022-11-07 11:23:13 +01:00
ssl_cert_table.h
ssl_cert.c Add support for compressed certificates (RFC8879) 2022-10-18 09:30:22 -04:00
ssl_ciph.c Cast values to match printf format strings. 2022-11-14 07:47:53 +00:00
ssl_conf.c Add support for KTLS zerocopy sendfile on Linux 2022-11-24 13:19:37 +01:00
ssl_err_legacy.c
ssl_err.c Consolidate sequence counter incrementing code 2022-10-20 14:39:33 +01:00
ssl_init.c
ssl_lib.c Cleanup : directly include of internal/nelem.h when required. 2022-11-23 18:08:25 +01:00
ssl_local.h Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
ssl_mcnf.c
ssl_rsa_legacy.c
ssl_rsa.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ssl_sess.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ssl_stat.c Add support for compressed certificates (RFC8879) 2022-10-18 09:30:22 -04:00
ssl_txt.c Cast values to match printf format strings. 2022-11-14 07:47:53 +00:00
ssl_utst.c Remove the old buffer management code 2022-10-20 14:39:33 +01:00
sslerr.h Transfer the functionality from ssl3_read_n to the new record layer 2022-08-18 16:38:12 +01:00
t1_enc.c Fix dtls_get_max_record_overhead() 2022-11-07 10:59:20 +00:00
t1_lib.c Remove some redundant code 2022-10-20 14:39:33 +01:00
t1_trce.c Cleanup : directly include of internal/nelem.h when required. 2022-11-23 18:08:25 +01:00
tls13_enc.c Remove the read_iv/write_iv fields from SSL_CONNECTION 2022-11-14 07:51:17 +00:00
tls_depr.c
tls_srp.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00