ktls: Try to enable TOE TLS after marking existing data not ready.
ClosedPublic
Actions

Authored by jhb on Jan 28 2022, 6:10 PM.

Details

Reviewers

Commits

rGd958bc7963d4: ktls: Try to enable TOE TLS after marking existing data not ready.

Summary

At the moment this is mostly a no-op but in the future there will be
in-flight encrypted data which requires software decryption. This
same setup is also needed for NIC TLS RX.

Note that this does break TOE TLS RX for AES-CBC ciphers since there
is no software fallback for AES-CBC receive. This will be resolved
one way or another before 14.0 is released.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Jan 28 2022, 6:10 PM

Herald added a subscriber: imp. · View Herald TranscriptJan 28 2022, 6:10 PM

jhb requested review of this revision.Jan 28 2022, 6:10 PM

Harbormaster completed remote builds in B44147: Diff 102053.Jan 28 2022, 6:10 PM

@hselasky I've tested this and aside from the issue with AES-CBC it does work ok for TOE TLS. It's the more complete version of the patch you had asked me about earlier.

• hselasky accepted this revision.Jan 29 2022, 9:46 AM

This revision is now accepted and ready to land.Jan 29 2022, 9:46 AM

Closed by commit rGd958bc7963d4: ktls: Try to enable TOE TLS after marking existing data not ready. (authored by jhb). · Explain WhyFeb 1 2022, 12:45 AM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rGd958bc7963d4: ktls: Try to enable TOE TLS after marking existing data not ready..