Bug 1684461
| Summary: | Implement gnutls_aead_cipher_(en|de)crypt_vec() API in GnuTLS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Andreas Schneider <asn> |
| Component: | gnutls | Assignee: | Daiki Ueno <dueno> |
| Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.1 | CC: | asn, dueno, hkario, omoris, ssorce, wchadwic |
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
| Target Release: | 8.0 | Flags: | dueno:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | gnutls-3.6.8-8.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-11-05 22:26:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This issue was set to medium priority because this issue does not limit the core functionality of a component. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3600 |
Please implement: int gnutls_aead_cipher_encrypt_vec(gnutls_aead_cipher_hd_t handle, const void *nonce, size_t nonce_len, const giovec_t * auth_iov, int auth_iovcnt, const giovec_t *iov, int iovcnt, void *tag, size_t *tag_size); and a corresponding gnutls_aead_cipher_decrypt_vec() In Samba we work with io vectors (struct iov). Also the encrypt and decrypt functions for a PDU (protocol data unit) get an iov. Using GnuTLS is already a huge speed up, but the passed in iov for transferring big files is 8MB in total. This we have to allocate 8MB for the plain text and 8MB + tag size for the cipher text. Then memcpy the iov into the allocated plain text buffer and pass it to GnuTLS. Once encypted we need to copy the data from the cipher text buffer back into the iov. Performance in Samba matters and as we move to GnuTLS to get better performance we would like to avoid to allocate the memory and copying the data around. The above API would allow us to be even more performant as we don't have to copy so much data around. The tag being extra makes it easier to use if it is not part of the cihper text. If it is the last iov, you can just pass that to the tag or calculate the position in the iov easily. Benchmarks: https://hackmd.io/s/S1bJnG4IN This is related to https://bugzilla.redhat.com/show_bug.cgi?id=1637861