search

aws / s2n-tls

An implementation of the TLS/SSL protocols
https://aws.github.io/s2n-tls/usage-guide/
Apache License 2.0
4.53k stars 706 forks source link

Reduce connection memory caused by adding round 3 KEM Groups #2935

Closed WesleyRosenblum closed 3 years ago

WesleyRosenblum commented 3 years ago

Problem:

Adding round 3 KEM Groups (#2842) has increased the connection memory size. This issue is to track reducing the memory size back to 18700 bytes.

Solution:

From @camshaft: "Looks like we're storing an array of s2n_kem_group_params for each supported kem group? That seems like a waste of space, especially for the connections that never negotiate PQ in the first place, which is the majority of security policies used in production. I think the correct fix here is to allocate the array if needed and just store the pointer on the connection."

Requirements / Acceptance Criteria:

What must a solution address in order to solve the problem? How do we know the solution is complete?

The s2n_connection_test can be reduced back to 18700 bytes

lrstewart commented 3 years ago

We could also take the opportunity to reconsider how this is set up. The current setup assumed we would send multiple (initially, all) keyshares. Now we just send one. We probably don't need space to store every possible keyshare.