QAT driver
Rick Macklem
rmacklem at uoguelph.ca
Tue Oct 27 21:15:15 UTC 2020
Mark Johnston wrote:
>On Tue, Oct 27, 2020 at 04:32:40AM +0000, Rick Macklem wrote:
[stuff snipped]
>> Can it be made to work with the KERN_TLS in head?
>> (KERN_TLS works fine for me using the ktls_ocf and aesni modules.)
>> I think it is only head and requires the patched OpenSSL3 that jhb@
>> currently has.
>
>I hadn't looked at ktls_ocf.c before but at a glance it looks like it
>can make use of any hardware or software opencrypto driver that supports
>the requested algorithms. The qat(4) port implements the algorithms
>referenced by ktls_ocf_try().
Well, if you were inspired to try it out, the basic doc for NFS-over-TLS is here:
https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt
(Same file is in base/projects/nfs-over-tls on subversion.)
For someone who is used to building/running head kernels, it should be
pretty straightforward.
You could become the first tester in the whole wide world;-) rick
ps: Although the NFS code uses it in the kernel, I think that an application
that uses OpenSSL's SSL_read()/SSL_write via a patched OpenSSL library,
has the encrypt/decrypt done in the kernel and the userspace library
code just does socket I/O with unencrypted data.
pss: Hopefully jhb@ will correct me if I got this wrong.
> I know nothing about it, except that it seems to work well, doing
> the TLS application data records in the kernel for a TCP socket
> enabled by the patched OpenSSL library.
> I've cc'd jhb@, so hopefully he can let us know what it needs?
More information about the freebsd-hackers
mailing list