[openssl-users] SSL_sendfile

Matt Caswell matt at openssl.org
Thu Jan 10 14:51:16 UTC 2019



On 10/01/2019 11:49, vishwas k.n. wrote:
> Hello All,
> 
> I had a question regarding supporting sendfile with OpenSSL. Is there a branch
> which supports SSL version of the sendfile() ?.

No, this doesn't exist.


> I wasnt able to locate it in master branch.
> If yes, could you please point me to it ?.
> If no, could you please let me know the reason behind not having it in OpenSSL.
> I find there are references where there is a SSL_sendfile which is committed to
> freebsd and is available publicly. Hence the question.

Well, the purpose of sendfile is to read data from one fd and write it to
another *but without going through user space*, i.e. it is a kernel level
operation. In this way it is much more efficient.

OpenSSL on the other hand is a user space library. All of its SSL/TLS processing
happens within user space - so the optimisation of doing it all in the kernel is
not an option(*). I suppose you could envisage an optimisation which is
effectively a combination of SSL_read()/SSL_write() but copying directly from
the internal OpenSSL buffers of one SSL object, into the internal OpenSSL
buffers of another SSL object. This would all still happen in user space, but
would avoid copying to a user application buffer in the middle.

I'm not aware of anyone asking for that capability before, but if someone wanted
to produce a pull request for it, it would be discussed and considered.

Matt

* Actually in the master branch there is current ongoing work to integrate
Kernel TLS support. This (optionally) moves encryption/decryption of records
into the kernel which might make a "real" sendfile possible at some point in the
future. See:

https://github.com/openssl/openssl/pull/7848



More information about the openssl-users mailing list