lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue,  5 Jul 2022 16:59:21 -0700
From:   Jakub Kicinski <>
Cc:,,,,,,,, Jakub Kicinski <>
Subject: [PATCH net-next 0/5] tls: rx: nopad and backlog flushing

This small series contains the two changes I've been working
towards in the previous ~50 patches a couple of months ago.

The first major change is the optional "nopad" optimization.
Currently TLS 1.3 Rx performs quite poorly because it does
not support the "zero-copy" or rather direct decrypt to a user
space buffer. Because of TLS 1.3 record padding we don't
know if a record contains data or a control message until
we decrypt it. Most records will contain data, tho, so the
optimization is to try the decryption hoping its data and
retry if it wasn't.

The performance gain from doing that is significant (~40%)
but if I'm completely honest the major reason is that we
call skb_cow_data() on the non-"zc" path. The next series
will remove the CoW, dropping the gain to only ~10%.

The second change is to flush the backlog every 128kB.

Jakub Kicinski (5):
  tls: rx: don't include tail size in data_len
  tls: rx: support optimistic decrypt to user buffer with TLS 1.3
  tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3
  selftests: tls: add selftest variant for pad
  tls: rx: periodically flush socket backlog

 Documentation/networking/tls.rst  | 18 +++++++
 include/linux/sockptr.h           |  8 +++
 include/net/tls.h                 |  3 ++
 include/uapi/linux/snmp.h         |  1 +
 include/uapi/linux/tls.h          |  2 +
 net/core/sock.c                   |  1 +
 net/tls/tls_main.c                | 75 +++++++++++++++++++++++++++
 net/tls/tls_proc.c                |  1 +
 net/tls/tls_sw.c                  | 84 ++++++++++++++++++++++++-------
 tools/testing/selftests/net/tls.c | 15 ++++++
 10 files changed, 191 insertions(+), 17 deletions(-)


Powered by blists - more mailing lists