SSL_sendfile

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_sendfile

vishwas k.n.
Hello All,

I had a question regarding supporting sendfile with OpenSSL. Is there a branch which supports SSL version of the sendfile() ?.
I wasnt able to locate it in master branch.
If yes, could you please point me to it ?.
If no, could you please let me know the reason behind not having it in OpenSSL. I find there are references where there is a SSL_sendfile which is committed to freebsd and is available publicly. Hence the question.

thanks,
-vishwas.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_sendfile

Matt Caswell-2


On 10/01/2019 11:49, vishwas k.n. wrote:
> Hello All,
>
> I had a question regarding supporting sendfile with OpenSSL. Is there a branch
> which supports SSL version of the sendfile() ?.

No, this doesn't exist.


> I wasnt able to locate it in master branch.
> If yes, could you please point me to it ?.
> If no, could you please let me know the reason behind not having it in OpenSSL.
> I find there are references where there is a SSL_sendfile which is committed to
> freebsd and is available publicly. Hence the question.

Well, the purpose of sendfile is to read data from one fd and write it to
another *but without going through user space*, i.e. it is a kernel level
operation. In this way it is much more efficient.

OpenSSL on the other hand is a user space library. All of its SSL/TLS processing
happens within user space - so the optimisation of doing it all in the kernel is
not an option(*). I suppose you could envisage an optimisation which is
effectively a combination of SSL_read()/SSL_write() but copying directly from
the internal OpenSSL buffers of one SSL object, into the internal OpenSSL
buffers of another SSL object. This would all still happen in user space, but
would avoid copying to a user application buffer in the middle.

I'm not aware of anyone asking for that capability before, but if someone wanted
to produce a pull request for it, it would be discussed and considered.

Matt

* Actually in the master branch there is current ongoing work to integrate
Kernel TLS support. This (optionally) moves encryption/decryption of records
into the kernel which might make a "real" sendfile possible at some point in the
future. See:

https://github.com/openssl/openssl/pull/7848

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_sendfile

vishwas k.n.
Thanks for the quick and detailed response Matt. Much appreciated.
-vishwas.

On Thu, Jan 10, 2019 at 8:21 PM Matt Caswell <[hidden email]> wrote:


On 10/01/2019 11:49, vishwas k.n. wrote:
> Hello All,
>
> I had a question regarding supporting sendfile with OpenSSL. Is there a branch
> which supports SSL version of the sendfile() ?.

No, this doesn't exist.


> I wasnt able to locate it in master branch.
> If yes, could you please point me to it ?.
> If no, could you please let me know the reason behind not having it in OpenSSL.
> I find there are references where there is a SSL_sendfile which is committed to
> freebsd and is available publicly. Hence the question.

Well, the purpose of sendfile is to read data from one fd and write it to
another *but without going through user space*, i.e. it is a kernel level
operation. In this way it is much more efficient.

OpenSSL on the other hand is a user space library. All of its SSL/TLS processing
happens within user space - so the optimisation of doing it all in the kernel is
not an option(*). I suppose you could envisage an optimisation which is
effectively a combination of SSL_read()/SSL_write() but copying directly from
the internal OpenSSL buffers of one SSL object, into the internal OpenSSL
buffers of another SSL object. This would all still happen in user space, but
would avoid copying to a user application buffer in the middle.

I'm not aware of anyone asking for that capability before, but if someone wanted
to produce a pull request for it, it would be discussed and considered.

Matt

* Actually in the master branch there is current ongoing work to integrate
Kernel TLS support. This (optionally) moves encryption/decryption of records
into the kernel which might make a "real" sendfile possible at some point in the
future. See:

https://github.com/openssl/openssl/pull/7848

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users