Page MenuHomeFreeBSD
Differential D31439

OpenSSL: ktls: Initial support for ChaCha20-Poly1305
ClosedPublic
Actions

Authored by jhb on Aug 6 2021, 11:37 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 3 2024, 9:35 PM
Unknown Object (File)
Nov 28 2024, 7:07 AM
Unknown Object (File)
Nov 25 2024, 11:13 AM
Unknown Object (File)
Nov 24 2024, 4:30 AM
Unknown Object (File)
Nov 22 2024, 11:03 AM
Unknown Object (File)
Nov 18 2024, 4:23 PM
Unknown Object (File)
Nov 7 2024, 8:20 PM
Unknown Object (File)
Nov 4 2024, 2:52 PM
View All 90 Files
Subscribers
gallatin
imp
zarychtam_plan-b.pwste.edu.pl

Details

Reviewers
jkim
Commits
rGd00932bea68b: OpenSSL: ktls: Initial support for ChaCha20-Poly1305
rG63c6d3e283eb: OpenSSL: ktls: Initial support for ChaCha20-Poly1305
Summary

Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.

Obtained from: OpenSSL (3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f)
Sponsored by: Netflix
MFC after: 1 week

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 40905
Build 37794: arc lint + arc unit

Event Timeline

jhb created this revision.Aug 6 2021, 11:37 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 6 2021, 11:37 PM
jhb requested review of this revision.Aug 6 2021, 11:37 PM
jhb added a parent revision: D31438: OpenSSL: Correct the return value of BIO_get_ktls_*()..
jhb added a child revision: D31440: OpenSSL: Only enable KTLS if it is explicitly configured.
Harbormaster completed remote builds in B40905: Diff 93351.Aug 6 2021, 11:37 PM
This revision was not accepted when it landed; it landed in state Needs Review.Aug 17 2021, 9:46 PM
Closed by commit rG63c6d3e283eb: OpenSSL: ktls: Initial support for ChaCha20-Poly1305 (authored by jhb). · Explain Why
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG63c6d3e283eb: OpenSSL: ktls: Initial support for ChaCha20-Poly1305.
jhb added a commit: rGd00932bea68b: OpenSSL: ktls: Initial support for ChaCha20-Poly1305.Aug 24 2021, 1:01 AM
zarychtam_plan-b.pwste.edu.pl added a subscriber: zarychtam_plan-b.pwste.edu.pl.Jan 6 2022, 1:23 PM

Thank you for adding ChaCha20-Poly1305 support to KTLS and bringing it to the wider audience. I see these bits or at least "kern.ipc.tls.stats.ocf.tls13_chacha20_encrypts" in stable/13 since a while to, but can't make it working (GCM and CBC works fine). Does it require CURRENT or OpenSSL 3.0 to do the trick?

jhb added a comment.Jan 6 2022, 5:24 PM
In D31439#763623, @zarychtam_plan-b.pwste.edu.pl wrote:

Thank you for adding ChaCha20-Poly1305 support to KTLS and bringing it to the wider audience. I see these bits or at least "kern.ipc.tls.stats.ocf.tls13_chacha20_encrypts" in stable/13 since a while to, but can't make it working (GCM and CBC works fine). Does it require CURRENT or OpenSSL 3.0 to do the trick?

Hmm, I thought I might have merged the OpenSSL change for chacha20 to stable/13 before the kernel support:

commit b08bb7f8961d1df15b41754a454d45aa333bb118
Author: John Baldwin <jhb@FreeBSD.org>
Date: Tue Aug 17 14:40:16 2021 -0700

OpenSSL: Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.

FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.

NB: This commit has not yet been merged upstream as it is deemed a new
feature and did not make the feature freeze cutoff for OpenSSL 3.0.

Reviewed by:    jkim
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D31443

(cherry picked from commit 6372fd253e3266c6eb271f49159f1632d527c9bd)

Note that OpenSSL 3.0 does not include this commit though (and the openssl 3.x ports don't have it, only OpenSSL in base).

Revision Contents
Changeset List

PathSize
crypto/
openssl/
include/
internal/
8 lines
ssl/
21 lines

Diff 93351

View Options

crypto/openssl/include/internal/ktls.h

Loading...
View Options

crypto/openssl/ssl/ktls.c

Loading...