[openssl-users] SSL_sendfile

vishwas k.n. vishwaskn at gmail.com
Fri Jan 11 03:39:05 UTC 2019


Thanks for the quick and detailed response Matt. Much appreciated.
-vishwas.

On Thu, Jan 10, 2019 at 8:21 PM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 10/01/2019 11:49, vishwas k.n. wrote:
> > Hello All,
> >
> > I had a question regarding supporting sendfile with OpenSSL. Is there a
> branch
> > which supports SSL version of the sendfile() ?.
>
> No, this doesn't exist.
>
>
> > I wasnt able to locate it in master branch.
> > If yes, could you please point me to it ?.
> > If no, could you please let me know the reason behind not having it in
> OpenSSL.
> > I find there are references where there is a SSL_sendfile which is
> committed to
> > freebsd and is available publicly. Hence the question.
>
> Well, the purpose of sendfile is to read data from one fd and write it to
> another *but without going through user space*, i.e. it is a kernel level
> operation. In this way it is much more efficient.
>
> OpenSSL on the other hand is a user space library. All of its SSL/TLS
> processing
> happens within user space - so the optimisation of doing it all in the
> kernel is
> not an option(*). I suppose you could envisage an optimisation which is
> effectively a combination of SSL_read()/SSL_write() but copying directly
> from
> the internal OpenSSL buffers of one SSL object, into the internal OpenSSL
> buffers of another SSL object. This would all still happen in user space,
> but
> would avoid copying to a user application buffer in the middle.
>
> I'm not aware of anyone asking for that capability before, but if someone
> wanted
> to produce a pull request for it, it would be discussed and considered.
>
> Matt
>
> * Actually in the master branch there is current ongoing work to integrate
> Kernel TLS support. This (optionally) moves encryption/decryption of
> records
> into the kernel which might make a "real" sendfile possible at some point
> in the
> future. See:
>
> https://github.com/openssl/openssl/pull/7848
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190111/ca025014/attachment-0001.html>


More information about the openssl-users mailing list