Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Oct 2020 21:15:12 +0000
From:      Rick Macklem <rmacklem@uoguelph.ca>
To:        Mark Johnston <markj@freebsd.org>
Cc:        Neel Chauhan <neel@neelc.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "jhb@FreeBSD.org" <jhb@FreeBSD.org>
Subject:   Re: QAT driver
Message-ID:  <YTBPR01MB3966D1A13046294E5C10631DDD160@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <20201027125508.GD31663@raichu>
References:  <20201026200059.GA66299@raichu> <723fbd7326df42ce30cd5e361db9c736@neelc.org> <20201027032720.GB31663@raichu> <YTBPR01MB39666C8CB2DA8292EA4E4033DD160@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>, <20201027125508.GD31663@raichu>

next in thread | previous in thread | raw e-mail | index | archive | help
Mark Johnston wrote:=0A=
>On Tue, Oct 27, 2020 at 04:32:40AM +0000, Rick Macklem wrote:=0A=
[stuff snipped]=0A=
>> Can it be made to work with the KERN_TLS in head?=0A=
>> (KERN_TLS works fine for me using the ktls_ocf and aesni modules.)=0A=
>> I think it is only head and requires the patched OpenSSL3 that jhb@=0A=
>> currently has.=0A=
>=0A=
>I hadn't looked at ktls_ocf.c before but at a glance it looks like it=0A=
>can make use of any hardware or software opencrypto driver that supports=
=0A=
>the requested algorithms.  The qat(4) port implements the algorithms=0A=
>referenced by ktls_ocf_try().=0A=
Well, if you were inspired to try it out, the basic doc for NFS-over-TLS is=
 here:=0A=
https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt=0A=
(Same file is in base/projects/nfs-over-tls on subversion.)=0A=
For someone who is used to building/running head kernels, it should be=0A=
pretty straightforward.=0A=
=0A=
You could become the first tester in the whole wide world;-) rick=0A=
ps: Although the NFS code uses it in the kernel, I think that an applicatio=
n=0A=
     that uses OpenSSL's SSL_read()/SSL_write via a patched OpenSSL library=
,=0A=
     has the encrypt/decrypt done in the kernel and the userspace library=
=0A=
     code just does socket I/O with unencrypted data.=0A=
pss: Hopefully jhb@ will correct me if I got this wrong.=0A=
=0A=
> I know nothing about it, except that it seems to work well, doing=0A=
> the TLS application data records in the kernel for a TCP socket=0A=
> enabled by the patched OpenSSL library.=0A=
> I've cc'd jhb@, so hopefully he can let us know what it needs?=0A=
=0A=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTBPR01MB3966D1A13046294E5C10631DDD160>