Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Lan

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

show more ...

Fix a FreeBSD build failure when KTLS is enabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/op

Fix a FreeBSD build failure when KTLS is enabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)

show more ...

Add support for KTLS zerocopy sendfile on Linux

TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced

Add support for KTLS zerocopy sendfile on Linux

TLS device offload allows to perform zerocopy sendfile transmissions.
FreeBSD provides this feature by default, and Linux 5.19 introduced it
as an opt-in. Zerocopy improves the TX rate significantly, but has a
side effect: if the underlying file is changed while being transmitted,
and a TCP retransmission happens, the receiver may get a TLS record
containing both new and old data, which leads to an authentication
failure and termination of connection. This effect is the reason Linux
makes a copy on sendfile by default.

This commit adds support for TLS zerocopy sendfile on Linux disabled by
default to avoid any unlikely backward compatibility issues on Linux,
although sacrificing consistency in OpenSSL's behavior on Linux and
FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable
the new zerocopy behavior on Linux. This option should be used when the
the application guarantees that the file is not modified during
transmission, or it doesn't care about breaking the connection.

The related documentation is also added in this commit. The unit test
added doesn't test the actual functionality (it would require specific
hardware and a non-local peer), but solely checks that it's possible to
set the new option flag.

Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Boris Pismenny <borisp@nvidia.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18650)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.

FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-

Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.

FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13752)

show more ...

Refactor KTLS tests to better support TLS 1.3.

- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
SSL_set_cipher_list.

- Don't bother passing a sequence number size

Refactor KTLS tests to better support TLS 1.3.

- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
SSL_set_cipher_list.

- Don't bother passing a sequence number size to KTLS test functions.
These functions always test TLS (and not DTLS) for which the
sequence size is always the same. In addition, even for DTLS the
check in question (verifying that the sequence number fields in SSL
do not change) should still pass when doing a before/after
comparison of the field.

- Define a helper structure to hold the TLS version and cipher name
for a single KTLS test.

- Define an array of such structures with valid KTLS ciphers and move
#ifdef's for TLS versions and supported ciphers out of test
functions and instead use them to define the valid members of this
array. This also permits using TLS 1.3 cipher suite names for
TLS 1.3 tests.

- Use separate tests per cipher for test_ktls to give more
fine-grained pass/fail results as is already done for
test_ktls_sendfile.

- While here, rename test_ktls_sendfile to execute_test_ktls_sendfile
and test_ktls_sendfile_anytls to test_ktls_sendfile. This is more
consistent with the naming used for test_ktls as well as other tests
in this file.

- Close the file descriptors used for temporary sockets in ktls tests.

- Don't assume that KTLS is supported for all compile-time supported
cipher suites at runtime. If the kernel fails to offload a given
cipher suite, skip the test rather than failing it. FreeBSD kernels
may not offload all of the cipher suites supported by its KTLS if a
suitable driver or KTLS backend is not present.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)

show more ...

Use <> for #include openssl/xxx

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15

Use <> for #include openssl/xxx

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15468)

show more ...

include/internal: add a few missing #pragma once directives

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht

include/internal: add a few missing #pragma once directives

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14096)

show more ...

Handle partial data re-sending on ktls/sendfile on FreeBSD

Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and

Handle partial data re-sending on ktls/sendfile on FreeBSD

Add a handler for EBUSY sendfile error in addition to
EAGAIN. With EBUSY returned the data still can be partially
sent and user code has to be notified about it, otherwise it
may try to send data multiple times.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13716)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

ktls: Initial support for ChaCha20-Poly1305

Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.

Reviewed-by: Matt Caswell <matt@opens

ktls: Initial support for ChaCha20-Poly1305

Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13475)

show more ...

Slightly abstract ktls_start() to reduce OS-specific #ifdefs.

Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start(). This i

Slightly abstract ktls_start() to reduce OS-specific #ifdefs.

Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start(). This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)

show more ...

Remove unused dummy functions from ktls.h.

The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
the dummy functions were never used.

Reviewed-by: Matt Caswell <m

Remove unused dummy functions from ktls.h.

The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
the dummy functions were never used.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)

show more ...

Move KTLS inline functions only used by libssl into ssl/ktls.c.

These functions are a bit large to inline and are not usable outside
of libssl.

Reviewed-by: Tomas Mraz <tmraz@fe

Move KTLS inline functions only used by libssl into ssl/ktls.c.

These functions are a bit large to inline and are not usable outside
of libssl.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...

Support for KTLS TX on FreeBSD for TLS 1.3.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope

Support for KTLS TX on FreeBSD for TLS 1.3.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...

Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.

Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket op

Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.

Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket option. Once
KTLS receive is enabled on a socket, the socket returns records via
recvmsg(). A control message attached to each record supplies the
original TLS header, and the decrypted plaintext is returned in the
data buffer passed to recvmsg().

To support the case that the userland buffer may already contain
pending encrypted records (which is already handled by Linux's KTLS
receive), the socket option structure for FreeBSD has been extended to
include the initial sequence number.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...

Add helper functions for FreeBSD KTLS.

These are similar to the helpers added in 95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_cry

Add helper functions for FreeBSD KTLS.

These are similar to the helpers added in 95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_crypto so that FreeBSD and Linux can both use the same
signature to avoid OS-specific #ifdef's in libssl. This also required
moving the check on valid TLS versions into
ktls_check_supported_cipher for Linux. This has largely removed
OS-specific code and OS-specific #ifdef's for KTLS outside of
<internal/ktls.h>.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...

Add a ktls_crypto_info_t typedef.

This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-b

Add a ktls_crypto_info_t typedef.

This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

show more ...

Retire EVP_CTRL_GET_IV

It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master,
and had only a couple of in-tree callers that are easy to convert.

Reviewed-by: To

Retire EVP_CTRL_GET_IV

It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master,
and had only a couple of in-tree callers that are easy to convert.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)

show more ...

Update copyright year

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12273)

kTLS: add Linux-specific kTLS helpers

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

kTLS: add Linux-specific kTLS helpers

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

show more ...

kTLS: add new algo definitions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

kTLS: make ktls_start type independed

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

kTLS: make ktls_start type independed

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11589)

show more ...

Add support for in-kernel TLS (KTLS) on FreeBSD.

- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key m

Add support for in-kernel TLS (KTLS) on FreeBSD.

- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

show more ...

Linux ktls sendfile

This commit introduces support for Linux KTLS sendfile.
Sendfile semantics require the use of a kernel TLS socket to construct the TLS
record headers, encrypt and

Linux ktls sendfile

This commit introduces support for Linux KTLS sendfile.
Sendfile semantics require the use of a kernel TLS socket to construct the TLS
record headers, encrypt and authenticate the data.
KTLS sendfile improves performance by avoiding the copy of file data into user
space, which is required today.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)

show more ...