Page MenuHomeFreeBSD
Differential D31439

OpenSSL: ktls: Initial support for ChaCha20-Poly1305
ClosedPublic
Actions

Authored by jhb on Aug 6 2021, 11:37 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Mar 21, 5:07 PM
Unknown Object (File)
Mar 7 2024, 11:45 PM
Unknown Object (File)
Feb 2 2024, 6:33 AM
Unknown Object (File)
Jan 17 2024, 1:57 PM
Unknown Object (File)
Jan 12 2024, 5:09 PM
Unknown Object (File)
Dec 20 2023, 4:28 AM
Unknown Object (File)
Dec 12 2023, 5:38 AM
Unknown Object (File)
Dec 7 2023, 8:32 PM
View All 38 Files
Subscribers
gallatin
imp
zarychtam_plan-b.pwste.edu.pl

Details

Reviewers
jkim
Commits
rGd00932bea68b: OpenSSL: ktls: Initial support for ChaCha20-Poly1305
rG63c6d3e283eb: OpenSSL: ktls: Initial support for ChaCha20-Poly1305
Summary

Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.

Obtained from: OpenSSL (3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f)
Sponsored by: Netflix
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Aug 6 2021, 11:37 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 6 2021, 11:37 PM
jhb requested review of this revision.Aug 6 2021, 11:37 PM
jhb added a parent revision: D31438: OpenSSL: Correct the return value of BIO_get_ktls_*()..
jhb added a child revision: D31440: OpenSSL: Only enable KTLS if it is explicitly configured.
Harbormaster completed remote builds in B40905: Diff 93351.Aug 6 2021, 11:37 PM
This revision was not accepted when it landed; it landed in state Needs Review.Aug 17 2021, 9:46 PM
Closed by commit rG63c6d3e283eb: OpenSSL: ktls: Initial support for ChaCha20-Poly1305 (authored by jhb). · Explain Why
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG63c6d3e283eb: OpenSSL: ktls: Initial support for ChaCha20-Poly1305.
jhb added a commit: rGd00932bea68b: OpenSSL: ktls: Initial support for ChaCha20-Poly1305.Aug 24 2021, 1:01 AM
zarychtam_plan-b.pwste.edu.pl added a subscriber: zarychtam_plan-b.pwste.edu.pl.Jan 6 2022, 1:23 PM

Thank you for adding ChaCha20-Poly1305 support to KTLS and bringing it to the wider audience. I see these bits or at least "kern.ipc.tls.stats.ocf.tls13_chacha20_encrypts" in stable/13 since a while to, but can't make it working (GCM and CBC works fine). Does it require CURRENT or OpenSSL 3.0 to do the trick?

jhb added a comment.Jan 6 2022, 5:24 PM
In D31439#763623, @zarychtam_plan-b.pwste.edu.pl wrote:

Thank you for adding ChaCha20-Poly1305 support to KTLS and bringing it to the wider audience. I see these bits or at least "kern.ipc.tls.stats.ocf.tls13_chacha20_encrypts" in stable/13 since a while to, but can't make it working (GCM and CBC works fine). Does it require CURRENT or OpenSSL 3.0 to do the trick?

Hmm, I thought I might have merged the OpenSSL change for chacha20 to stable/13 before the kernel support:

commit b08bb7f8961d1df15b41754a454d45aa333bb118
Author: John Baldwin <jhb@FreeBSD.org>
Date: Tue Aug 17 14:40:16 2021 -0700

OpenSSL: Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.

FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.

NB: This commit has not yet been merged upstream as it is deemed a new
feature and did not make the feature freeze cutoff for OpenSSL 3.0.

Reviewed by:    jkim
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D31443

(cherry picked from commit 6372fd253e3266c6eb271f49159f1632d527c9bd)

Note that OpenSSL 3.0 does not include this commit though (and the openssl 3.x ports don't have it, only OpenSSL in base).

Revision Contents
Changeset List

PathSize
crypto/
openssl/
include/
internal/
8 lines
ssl/
21 lines

Diff 93849

View Options

crypto/openssl/include/internal/ktls.h

Loading...
View Options

crypto/openssl/ssl/ktls.c

Loading...