lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKaoeS2Jnaekdx2dXfBV91LhbaLU6SenBRkNqmRB3-1EhSCbYg@mail.gmail.com>
Date: Thu, 22 Jan 2026 11:22:03 -0800
From: Rishikesh Jethwani <rjethwani@...estorage.com>
To: Tariq Toukan <ttoukan.linux@...il.com>
Cc: netdev@...r.kernel.org, saeedm@...dia.com, tariqt@...dia.com, 
	mbloch@...dia.com, borisp@...dia.com, john.fastabend@...il.com, 
	kuba@...nel.org, sd@...asysnail.net, davem@...emloft.net, pabeni@...hat.com, 
	edumazet@...gle.com, leon@...nel.org
Subject: Re: [PATCH v4 0/3] tls: Add TLS 1.3 hardware offload support

> Hi Rishikesh,
>
> This version doesn't compile for us.
> A few comments that we wanted to share on V3, but I'll share here as
> this is the latest:
>
> We tested V3 and a few issues were spotted.
> We did not debug them though...
>
> We run a server/client test with nginx and wrk.
>
> a.
> When requesting 128-bit key, ss output shows "cipher: aes-gcm-256" for
> the respective connection.
> For TLS 1.2 it works fine.
>
> b.
> On the wrk side, the mlx5 rx_tls_ctx did not increase (meaning no
> offloaded connections were opened). It works fine on the nginx side
> however...
> For TLS 1.2 it works fine.
>
> We can share more info if needed.
>
> Regards,
> Tariq
>
Hi Tariq,

I have fixed the typo leading to compile errors in V5.
Could you please share more info. about the setup and test, so that I
can try to reproduce the issue?

Thanks,
Rishikesh
> >
> > v4:
> >    - Split single TLS patch into two separate patches:
> >      * Patch 1: TLS 1.3 basic HW offload support
> >      * Patch 2: HW offload key update (rekey) support with graceful degradation
> >    - Removed record_type check from tls_device_record_close()
> >    - Removed Broadcom bnxt_en out-of-tree driver mention
> >    - Link to v3: https://lore.kernel.org/netdev/20260102184708.24618-1-rjethwani@purestorage.com/
> >
> > v3:
> >    - Added note about Broadcom bnxt_en out-of-tree driver used for testing
> >    - Link to v2: https://lore.kernel.org/netdev/20251231192322.3791912-1-rjethwani@purestorage.com/
> >
> > v2:
> >    - Fixed reverse Christmas tree ordering in variable declarations
> >    - Combined 'err' and 'i' declarations (reviewer feedback)
> >    - Link to v1: https://lore.kernel.org/netdev/20251230224137.3600355-1-rjethwani@purestorage.com/
> >
> > Rishikesh Jethwani (3):
> >    tls: add TLS 1.3 hardware offload support
> >    tls: add hardware offload key update support
> >    mlx5: TLS 1.3 hardware offload support
> >
> >   .../mellanox/mlx5/core/en_accel/ktls.h        |   8 +-
> >   .../mellanox/mlx5/core/en_accel/ktls_txrx.c   |  14 +-
> >   include/net/tls.h                             |   4 +
> >   net/tls/tls.h                                 |  14 +-
> >   net/tls/tls_device.c                          | 319 +++++++++++++-----
> >   net/tls/tls_device_fallback.c                 |  34 +-
> >   net/tls/tls_main.c                            |  31 +-
> >   net/tls/tls_sw.c                              |  77 +++--
> >   8 files changed, 379 insertions(+), 122 deletions(-)
> >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ