1 /*
2 * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/evp.h>
11 #include <openssl/core_names.h>
12 #include <openssl/rand.h>
13 #include "../../ssl_local.h"
14 #include "../record_local.h"
15 #include "recmethod_local.h"
16 #include "internal/ktls.h"
17
18 static struct record_functions_st ossl_ktls_funcs;
19
20 #if defined(__FreeBSD__)
21 #include "crypto/cryptodev.h"
22
23 /*-
24 * Check if a given cipher is supported by the KTLS interface.
25 * The kernel might still fail the setsockopt() if no suitable
26 * provider is found, but this checks if the socket option
27 * supports the cipher suite used at all.
28 */
ktls_int_check_supported_cipher(OSSL_RECORD_LAYER * rl,const EVP_CIPHER * c,const EVP_MD * md,size_t taglen)29 static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
30 const EVP_CIPHER *c,
31 const EVP_MD *md,
32 size_t taglen)
33 {
34 switch (rl->version) {
35 case TLS1_VERSION:
36 case TLS1_1_VERSION:
37 case TLS1_2_VERSION:
38 #ifdef OPENSSL_KTLS_TLS13
39 case TLS1_3_VERSION:
40 #endif
41 break;
42 default:
43 return 0;
44 }
45
46 if (EVP_CIPHER_is_a(c, "AES-128-GCM")
47 || EVP_CIPHER_is_a(c, "AES-256-GCM")
48 #ifdef OPENSSL_KTLS_CHACHA20_POLY1305
49 || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
50 #endif
51 )
52 return 1;
53
54 if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
55 && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
56 return 0;
57
58 if (rl->use_etm)
59 return 0;
60
61 if (md == NULL)
62 return 0;
63
64 if (EVP_MD_is_a(md, "SHA1")
65 || EVP_MD_is_a(md, "SHA2-256")
66 || EVP_MD_is_a(md, "SHA2-384"))
67 return 1;
68
69 return 0;
70 }
71
72 /* Function to configure kernel TLS structure */
ktls_configure_crypto(OSSL_LIB_CTX * libctx,int version,const EVP_CIPHER * c,EVP_MD * md,void * rl_sequence,ktls_crypto_info_t * crypto_info,int is_tx,unsigned char * iv,size_t ivlen,unsigned char * key,size_t keylen,unsigned char * mac_key,size_t mac_secret_size)73 static int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
74 EVP_MD *md, void *rl_sequence,
75 ktls_crypto_info_t *crypto_info, int is_tx,
76 unsigned char *iv, size_t ivlen,
77 unsigned char *key, size_t keylen,
78 unsigned char *mac_key, size_t mac_secret_size)
79 {
80 memset(crypto_info, 0, sizeof(*crypto_info));
81 if (EVP_CIPHER_is_a(c, "AES-128-GCM")
82 || EVP_CIPHER_is_a(c, "AES-256-GCM")) {
83 crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
84 crypto_info->iv_len = ivlen;
85 } else
86 #ifdef OPENSSL_KTLS_CHACHA20_POLY1305
87 if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) {
88 crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
89 crypto_info->iv_len = ivlen;
90 } else
91 #endif
92 if (EVP_CIPHER_is_a(c, "AES-128-CBC") || EVP_CIPHER_is_a(c, "AES-256-CBC")) {
93 if (md == NULL)
94 return 0;
95 if (EVP_MD_is_a(md, "SHA1"))
96 crypto_info->auth_algorithm = CRYPTO_SHA1_HMAC;
97 else if (EVP_MD_is_a(md, "SHA2-256"))
98 crypto_info->auth_algorithm = CRYPTO_SHA2_256_HMAC;
99 else if (EVP_MD_is_a(md, "SHA2-384"))
100 crypto_info->auth_algorithm = CRYPTO_SHA2_384_HMAC;
101 else
102 return 0;
103 crypto_info->cipher_algorithm = CRYPTO_AES_CBC;
104 crypto_info->iv_len = ivlen;
105 crypto_info->auth_key = mac_key;
106 crypto_info->auth_key_len = mac_secret_size;
107 } else {
108 return 0;
109 }
110 crypto_info->cipher_key = key;
111 crypto_info->cipher_key_len = keylen;
112 crypto_info->iv = iv;
113 crypto_info->tls_vmajor = (version >> 8) & 0x000000ff;
114 crypto_info->tls_vminor = (version & 0x000000ff);
115 #ifdef TCP_RXTLS_ENABLE
116 memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
117 #else
118 if (!is_tx)
119 return 0;
120 #endif
121 return 1;
122 };
123
124 #endif /* __FreeBSD__ */
125
126 #if defined(OPENSSL_SYS_LINUX)
127 /* Function to check supported ciphers in Linux */
ktls_int_check_supported_cipher(OSSL_RECORD_LAYER * rl,const EVP_CIPHER * c,const EVP_MD * md,size_t taglen)128 static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
129 const EVP_CIPHER *c,
130 const EVP_MD *md,
131 size_t taglen)
132 {
133 switch (rl->version) {
134 case TLS1_2_VERSION:
135 #ifdef OPENSSL_KTLS_TLS13
136 case TLS1_3_VERSION:
137 #endif
138 break;
139 default:
140 return 0;
141 }
142
143 /*
144 * Check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
145 * or Chacha20-Poly1305
146 */
147 #ifdef OPENSSL_KTLS_AES_CCM_128
148 if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
149 if (taglen != EVP_CCM_TLS_TAG_LEN)
150 return 0;
151 return 1;
152 } else
153 #endif
154 if (0
155 #ifdef OPENSSL_KTLS_AES_GCM_128
156 || EVP_CIPHER_is_a(c, "AES-128-GCM")
157 #endif
158 #ifdef OPENSSL_KTLS_AES_GCM_256
159 || EVP_CIPHER_is_a(c, "AES-256-GCM")
160 #endif
161 #ifdef OPENSSL_KTLS_CHACHA20_POLY1305
162 || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
163 #endif
164 ) {
165 return 1;
166 }
167 return 0;
168 }
169
170 /* Function to configure kernel TLS structure */
ktls_configure_crypto(OSSL_LIB_CTX * libctx,int version,const EVP_CIPHER * c,const EVP_MD * md,void * rl_sequence,ktls_crypto_info_t * crypto_info,int is_tx,unsigned char * iv,size_t ivlen,unsigned char * key,size_t keylen,unsigned char * mac_key,size_t mac_secret_size)171 static int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
172 const EVP_MD *md, void *rl_sequence,
173 ktls_crypto_info_t *crypto_info, int is_tx,
174 unsigned char *iv, size_t ivlen,
175 unsigned char *key, size_t keylen,
176 unsigned char *mac_key, size_t mac_secret_size)
177 {
178 unsigned char geniv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
179 unsigned char *eiv = NULL;
180
181 #ifdef OPENSSL_NO_KTLS_RX
182 if (!is_tx)
183 return 0;
184 #endif
185
186 if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE
187 || EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
188 if (!ossl_assert(EVP_GCM_TLS_FIXED_IV_LEN == EVP_CCM_TLS_FIXED_IV_LEN)
189 || !ossl_assert(EVP_GCM_TLS_EXPLICIT_IV_LEN
190 == EVP_CCM_TLS_EXPLICIT_IV_LEN))
191 return 0;
192 if (version == TLS1_2_VERSION) {
193 if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN))
194 return 0;
195 if (is_tx) {
196 if (RAND_bytes_ex(libctx, geniv,
197 EVP_GCM_TLS_EXPLICIT_IV_LEN, 0)
198 <= 0)
199 return 0;
200 } else {
201 memset(geniv, 0, EVP_GCM_TLS_EXPLICIT_IV_LEN);
202 }
203 eiv = geniv;
204 } else {
205 if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN))
206 return 0;
207 eiv = iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE;
208 }
209 }
210
211 memset(crypto_info, 0, sizeof(*crypto_info));
212 switch (EVP_CIPHER_get_nid(c)) {
213 #ifdef OPENSSL_KTLS_AES_GCM_128
214 case NID_aes_128_gcm:
215 if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE
216 == EVP_GCM_TLS_FIXED_IV_LEN)
217 || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE
218 == EVP_GCM_TLS_EXPLICIT_IV_LEN))
219 return 0;
220 crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
221 crypto_info->gcm128.info.version = version;
222 crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
223 memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
224 memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
225 memcpy(crypto_info->gcm128.key, key, keylen);
226 memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
227 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
228 return 1;
229 #endif
230 #ifdef OPENSSL_KTLS_AES_GCM_256
231 case NID_aes_256_gcm:
232 if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE
233 == EVP_GCM_TLS_FIXED_IV_LEN)
234 || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE
235 == EVP_GCM_TLS_EXPLICIT_IV_LEN))
236 return 0;
237 crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256;
238 crypto_info->gcm256.info.version = version;
239 crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
240 memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
241 memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
242 memcpy(crypto_info->gcm256.key, key, keylen);
243 memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
244 TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
245
246 return 1;
247 #endif
248 #ifdef OPENSSL_KTLS_AES_CCM_128
249 case NID_aes_128_ccm:
250 if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE
251 == EVP_CCM_TLS_FIXED_IV_LEN)
252 || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE
253 == EVP_CCM_TLS_EXPLICIT_IV_LEN))
254 return 0;
255 crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128;
256 crypto_info->ccm128.info.version = version;
257 crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
258 memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
259 memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
260 memcpy(crypto_info->ccm128.key, key, keylen);
261 memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
262 TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
263 return 1;
264 #endif
265 #ifdef OPENSSL_KTLS_CHACHA20_POLY1305
266 case NID_chacha20_poly1305:
267 if (!ossl_assert(ivlen == TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE))
268 return 0;
269 crypto_info->chacha20poly1305.info.cipher_type
270 = TLS_CIPHER_CHACHA20_POLY1305;
271 crypto_info->chacha20poly1305.info.version = version;
272 crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
273 memcpy(crypto_info->chacha20poly1305.iv, iv, ivlen);
274 memcpy(crypto_info->chacha20poly1305.key, key, keylen);
275 memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
276 TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
277 return 1;
278 #endif
279 default:
280 return 0;
281 }
282 }
283
284 #endif /* OPENSSL_SYS_LINUX */
285
ktls_set_crypto_state(OSSL_RECORD_LAYER * rl,int level,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,COMP_METHOD * comp)286 static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
287 unsigned char *key, size_t keylen,
288 unsigned char *iv, size_t ivlen,
289 unsigned char *mackey, size_t mackeylen,
290 const EVP_CIPHER *ciph,
291 size_t taglen,
292 int mactype,
293 const EVP_MD *md,
294 COMP_METHOD *comp)
295 {
296 ktls_crypto_info_t crypto_info;
297
298 /*
299 * Check if we are suitable for KTLS. If not suitable we return
300 * OSSL_RECORD_RETURN_NON_FATAL_ERR so that other record layers can be tried
301 * instead
302 */
303
304 if (comp != NULL)
305 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
306
307 /* ktls supports only the maximum fragment size */
308 if (rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH)
309 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
310
311 /* check that cipher is supported */
312 if (!ktls_int_check_supported_cipher(rl, ciph, md, taglen))
313 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
314
315 /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */
316 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE) {
317 if (BIO_flush(rl->bio) <= 0)
318 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
319
320 /* KTLS does not support record padding */
321 if (rl->padding != NULL || rl->block_padding > 0)
322 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
323 }
324
325 if (!ktls_configure_crypto(rl->libctx, rl->version, ciph, md, rl->sequence,
326 &crypto_info,
327 rl->direction == OSSL_RECORD_DIRECTION_WRITE,
328 iv, ivlen, key, keylen, mackey, mackeylen))
329 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
330
331 if (!BIO_set_ktls(rl->bio, &crypto_info, rl->direction))
332 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
333
334 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE && (rl->options & SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE) != 0)
335 /* Ignore errors. The application opts in to using the zerocopy
336 * optimization. If the running kernel doesn't support it, just
337 * continue without the optimization.
338 */
339 BIO_set_ktls_tx_zerocopy_sendfile(rl->bio);
340
341 return OSSL_RECORD_RETURN_SUCCESS;
342 }
343
ktls_read_n(OSSL_RECORD_LAYER * rl,size_t n,size_t max,int extend,int clearold,size_t * readbytes)344 static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
345 int clearold, size_t *readbytes)
346 {
347 int ret;
348
349 ret = tls_default_read_n(rl, n, max, extend, clearold, readbytes);
350
351 if (ret < OSSL_RECORD_RETURN_RETRY) {
352 switch (errno) {
353 case EBADMSG:
354 RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
355 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
356 break;
357 case EMSGSIZE:
358 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
359 SSL_R_PACKET_LENGTH_TOO_LONG);
360 break;
361 case EINVAL:
362 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
363 SSL_R_WRONG_VERSION_NUMBER);
364 break;
365 default:
366 break;
367 }
368 }
369
370 return ret;
371 }
372
ktls_cipher(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * inrecs,size_t n_recs,int sending,SSL_MAC_BUF * mac,size_t macsize)373 static int ktls_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
374 size_t n_recs, int sending, SSL_MAC_BUF *mac,
375 size_t macsize)
376 {
377 return 1;
378 }
379
ktls_validate_record_header(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * rec)380 static int ktls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
381 {
382 if (rec->rec_version != TLS1_2_VERSION) {
383 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_WRONG_VERSION_NUMBER);
384 return 0;
385 }
386
387 return 1;
388 }
389
ktls_post_process_record(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * rec)390 static int ktls_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
391 {
392 if (rl->version == TLS1_3_VERSION)
393 return tls13_common_post_process_record(rl, rec);
394
395 return 1;
396 }
397
398 static int
ktls_new_record_layer(OSSL_LIB_CTX * libctx,const char * propq,int vers,int role,int direction,int level,uint16_t epoch,unsigned char * secret,size_t secretlen,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,COMP_METHOD * comp,const EVP_MD * kdfdigest,BIO * prev,BIO * transport,BIO * next,BIO_ADDR * local,BIO_ADDR * peer,const OSSL_PARAM * settings,const OSSL_PARAM * options,const OSSL_DISPATCH * fns,void * cbarg,void * rlarg,OSSL_RECORD_LAYER ** retrl)399 ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
400 int role, int direction, int level, uint16_t epoch,
401 unsigned char *secret, size_t secretlen,
402 unsigned char *key, size_t keylen, unsigned char *iv,
403 size_t ivlen, unsigned char *mackey, size_t mackeylen,
404 const EVP_CIPHER *ciph, size_t taglen,
405 int mactype,
406 const EVP_MD *md, COMP_METHOD *comp,
407 const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
408 BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
409 const OSSL_PARAM *settings, const OSSL_PARAM *options,
410 const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
411 OSSL_RECORD_LAYER **retrl)
412 {
413 int ret;
414
415 ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
416 ciph, taglen, md, comp, prev,
417 transport, next, settings,
418 options, fns, cbarg, retrl);
419
420 if (ret != OSSL_RECORD_RETURN_SUCCESS)
421 return ret;
422
423 (*retrl)->funcs = &ossl_ktls_funcs;
424
425 ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
426 ivlen, mackey, mackeylen, ciph,
427 taglen, mactype, md, comp);
428
429 if (ret != OSSL_RECORD_RETURN_SUCCESS) {
430 tls_free(*retrl);
431 *retrl = NULL;
432 } else {
433 /*
434 * With KTLS we always try and read as much as possible and fill the
435 * buffer
436 */
437 (*retrl)->read_ahead = 1;
438 }
439 return ret;
440 }
441
ktls_allocate_write_buffers(OSSL_RECORD_LAYER * rl,OSSL_RECORD_TEMPLATE * templates,size_t numtempl,size_t * prefix)442 static int ktls_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
443 OSSL_RECORD_TEMPLATE *templates,
444 size_t numtempl, size_t *prefix)
445 {
446 if (!ossl_assert(numtempl == 1))
447 return 0;
448
449 /*
450 * We just use the end application buffer in the case of KTLS, so nothing
451 * to do. We pretend we set up one buffer.
452 */
453 rl->numwpipes = 1;
454
455 return 1;
456 }
457
ktls_initialise_write_packets(OSSL_RECORD_LAYER * rl,OSSL_RECORD_TEMPLATE * templates,size_t numtempl,OSSL_RECORD_TEMPLATE * prefixtempl,WPACKET * pkt,TLS_BUFFER * bufs,size_t * wpinited)458 static int ktls_initialise_write_packets(OSSL_RECORD_LAYER *rl,
459 OSSL_RECORD_TEMPLATE *templates,
460 size_t numtempl,
461 OSSL_RECORD_TEMPLATE *prefixtempl,
462 WPACKET *pkt,
463 TLS_BUFFER *bufs,
464 size_t *wpinited)
465 {
466 TLS_BUFFER *wb;
467
468 /*
469 * We just use the application buffer directly and don't use any WPACKET
470 * structures
471 */
472 wb = &bufs[0];
473 wb->type = templates[0].type;
474
475 /*
476 * ktls doesn't modify the buffer, but to avoid a warning we need
477 * to discard the const qualifier.
478 * This doesn't leak memory because the buffers have never been allocated
479 * with KTLS
480 */
481 TLS_BUFFER_set_buf(wb, (unsigned char *)templates[0].buf);
482 TLS_BUFFER_set_offset(wb, 0);
483 TLS_BUFFER_set_app_buffer(wb, 1);
484
485 return 1;
486 }
487
ktls_prepare_record_header(OSSL_RECORD_LAYER * rl,WPACKET * thispkt,OSSL_RECORD_TEMPLATE * templ,uint8_t rectype,unsigned char ** recdata)488 static int ktls_prepare_record_header(OSSL_RECORD_LAYER *rl,
489 WPACKET *thispkt,
490 OSSL_RECORD_TEMPLATE *templ,
491 uint8_t rectype,
492 unsigned char **recdata)
493 {
494 /* The kernel writes the record header, so nothing to do */
495 *recdata = NULL;
496
497 return 1;
498 }
499
ktls_prepare_for_encryption(OSSL_RECORD_LAYER * rl,size_t mac_size,WPACKET * thispkt,TLS_RL_RECORD * thiswr)500 static int ktls_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
501 size_t mac_size,
502 WPACKET *thispkt,
503 TLS_RL_RECORD *thiswr)
504 {
505 /* No encryption, so nothing to do */
506 return 1;
507 }
508
ktls_post_encryption_processing(OSSL_RECORD_LAYER * rl,size_t mac_size,OSSL_RECORD_TEMPLATE * templ,WPACKET * thispkt,TLS_RL_RECORD * thiswr)509 static int ktls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
510 size_t mac_size,
511 OSSL_RECORD_TEMPLATE *templ,
512 WPACKET *thispkt,
513 TLS_RL_RECORD *thiswr)
514 {
515 /* The kernel does anything that is needed, so nothing to do here */
516 return 1;
517 }
518
ktls_prepare_write_bio(OSSL_RECORD_LAYER * rl,int type)519 static int ktls_prepare_write_bio(OSSL_RECORD_LAYER *rl, int type)
520 {
521 /*
522 * To prevent coalescing of control and data messages,
523 * such as in buffer_write, we flush the BIO
524 */
525 if (type != SSL3_RT_APPLICATION_DATA) {
526 int ret, i = BIO_flush(rl->bio);
527
528 if (i <= 0) {
529 if (BIO_should_retry(rl->bio))
530 ret = OSSL_RECORD_RETURN_RETRY;
531 else
532 ret = OSSL_RECORD_RETURN_FATAL;
533 return ret;
534 }
535 BIO_set_ktls_ctrl_msg(rl->bio, type);
536 }
537
538 return OSSL_RECORD_RETURN_SUCCESS;
539 }
540
ktls_alloc_buffers(OSSL_RECORD_LAYER * rl)541 static int ktls_alloc_buffers(OSSL_RECORD_LAYER *rl)
542 {
543 /* We use the application buffer directly for writing */
544 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
545 return 1;
546
547 return tls_alloc_buffers(rl);
548 }
549
ktls_free_buffers(OSSL_RECORD_LAYER * rl)550 static int ktls_free_buffers(OSSL_RECORD_LAYER *rl)
551 {
552 /* We use the application buffer directly for writing */
553 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
554 return 1;
555
556 return tls_free_buffers(rl);
557 }
558
559 static struct record_functions_st ossl_ktls_funcs = {
560 ktls_set_crypto_state,
561 ktls_cipher,
562 NULL,
563 tls_default_set_protocol_version,
564 ktls_read_n,
565 tls_get_more_records,
566 ktls_validate_record_header,
567 ktls_post_process_record,
568 tls_get_max_records_default,
569 tls_write_records_default,
570 ktls_allocate_write_buffers,
571 ktls_initialise_write_packets,
572 NULL,
573 ktls_prepare_record_header,
574 NULL,
575 ktls_prepare_for_encryption,
576 ktls_post_encryption_processing,
577 ktls_prepare_write_bio
578 };
579
580 const OSSL_RECORD_METHOD ossl_ktls_record_method = {
581 ktls_new_record_layer,
582 tls_free,
583 tls_unprocessed_read_pending,
584 tls_processed_read_pending,
585 tls_app_data_pending,
586 tls_get_max_records,
587 tls_write_records,
588 tls_retry_write_records,
589 tls_read_record,
590 tls_release_record,
591 tls_get_alert_code,
592 tls_set1_bio,
593 tls_set_protocol_version,
594 tls_set_plain_alerts,
595 tls_set_first_handshake,
596 tls_set_max_pipelines,
597 NULL,
598 tls_get_state,
599 tls_set_options,
600 tls_get_compression,
601 tls_set_max_frag_len,
602 NULL,
603 tls_increment_sequence_ctr,
604 ktls_alloc_buffers,
605 ktls_free_buffers
606 };
607