public inbox for
help / color / mirror / Atom feed
* [newlib-cygwin] Initial support for kernel offload of TLS receive.
@ 2022-07-11 11:51 Sebastian Huber
  0 siblings, 0 replies; only message in thread
From: Sebastian Huber @ 2022-07-11 11:51 UTC (permalink / raw)
  To: newlib-cvs;h=7293d1e7b6f1ef012710b1a2e0e7d89889c782e6

commit 7293d1e7b6f1ef012710b1a2e0e7d89889c782e6
Author: John Baldwin <>
Date:   Mon Apr 27 23:17:19 2020 +0000

    Initial support for kernel offload of TLS receive.
    - Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
      authentication algorithms and keys as well as the initial sequence
    - When reading from a socket using KTLS receive, applications must use
      recvmsg().  Each successful call to recvmsg() will return a single
      TLS record.  A new TCP control message, TLS_GET_RECORD, will contain
      the TLS record header of the decrypted record.  The regular message
      buffer passed to recvmsg() will receive the decrypted payload.  This
      is similar to the interface used by Linux's KTLS RX except that
      Linux does not return the full TLS header in the control message.
    - Add plumbing to the TOE KTLS interface to request either transmit
      or receive KTLS sessions.
    - When a socket is using receive KTLS, redirect reads from
      soreceive_stream() into soreceive_generic().
    - Note that this interface is currently only defined for TLS 1.1 and
      1.2, though I believe we will be able to reuse the same interface
      and structures for 1.3.

 newlib/libc/sys/rtems/include/netinet/tcp.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/newlib/libc/sys/rtems/include/netinet/tcp.h b/newlib/libc/sys/rtems/include/netinet/tcp.h
index b5f01b3bc..5dc13eca2 100644
--- a/newlib/libc/sys/rtems/include/netinet/tcp.h
+++ b/newlib/libc/sys/rtems/include/netinet/tcp.h
@@ -178,6 +178,8 @@ struct tcphdr {
 				   device */
 #define	TCP_TXTLS_ENABLE 39	/* TLS framing and encryption for transmit */
 #define	TCP_TXTLS_MODE	40	/* Transmit TLS mode */
+#define	TCP_RXTLS_ENABLE 41	/* TLS framing and encryption for receive */
+#define	TCP_RXTLS_MODE	42	/* Receive TLS mode */
 #define	TCP_CONGESTION	64	/* get/set congestion control algorithm */
 #define	TCP_CCALGOOPT	65	/* get/set cc algorithm specific options */
 #define TCP_DELACK  	72	/* socket option for delayed ack */
@@ -388,6 +390,7 @@ struct tcp_function_set {
  * TCP Control message types
+#define	TLS_GET_RECORD		2
  * TCP specific variables of interest for tp->t_stats stats(9) accounting.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-07-11 11:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-11 11:51 [newlib-cygwin] Initial support for kernel offload of TLS receive Sebastian Huber

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).