1 /*
2 * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/evp.h>
11 #include <openssl/core_names.h>
12 #include <openssl/rand.h>
13 #include "../../ssl_local.h"
14 #include "../record_local.h"
15 #include "recmethod_local.h"
16 #include "internal/ktls.h"
17
18 static struct record_functions_st ossl_ktls_funcs;
19
20 #if defined(__FreeBSD__)
21 # include "crypto/cryptodev.h"
22
23 /*-
24 * Check if a given cipher is supported by the KTLS interface.
25 * The kernel might still fail the setsockopt() if no suitable
26 * provider is found, but this checks if the socket option
27 * supports the cipher suite used at all.
28 */
ktls_int_check_supported_cipher(OSSL_RECORD_LAYER * rl,const EVP_CIPHER * c,const EVP_MD * md,size_t taglen)29 static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
30 const EVP_CIPHER *c,
31 const EVP_MD *md,
32 size_t taglen)
33 {
34 switch (rl->version) {
35 case TLS1_VERSION:
36 case TLS1_1_VERSION:
37 case TLS1_2_VERSION:
38 #ifdef OPENSSL_KTLS_TLS13
39 case TLS1_3_VERSION:
40 #endif
41 break;
42 default:
43 return 0;
44 }
45
46 if (EVP_CIPHER_is_a(c, "AES-128-GCM")
47 || EVP_CIPHER_is_a(c, "AES-256-GCM")
48 # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
49 || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
50 # endif
51 )
52 return 1;
53
54 if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
55 && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
56 return 0;
57
58 if (rl->use_etm)
59 return 0;
60
61 if (md == NULL)
62 return 0;
63
64 if (EVP_MD_is_a(md, "SHA1")
65 || EVP_MD_is_a(md, "SHA2-256")
66 || EVP_MD_is_a(md, "SHA2-384"))
67 return 1;
68
69 return 0;
70 }
71
72 /* Function to configure kernel TLS structure */
73 static
ktls_configure_crypto(OSSL_LIB_CTX * libctx,int version,const EVP_CIPHER * c,EVP_MD * md,void * rl_sequence,ktls_crypto_info_t * crypto_info,int is_tx,unsigned char * iv,size_t ivlen,unsigned char * key,size_t keylen,unsigned char * mac_key,size_t mac_secret_size)74 int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
75 EVP_MD *md, void *rl_sequence,
76 ktls_crypto_info_t *crypto_info, int is_tx,
77 unsigned char *iv, size_t ivlen,
78 unsigned char *key, size_t keylen,
79 unsigned char *mac_key, size_t mac_secret_size)
80 {
81 memset(crypto_info, 0, sizeof(*crypto_info));
82 if (EVP_CIPHER_is_a(c, "AES-128-GCM")
83 || EVP_CIPHER_is_a(c, "AES-256-GCM")) {
84 crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
85 crypto_info->iv_len = ivlen;
86 } else
87 # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
88 if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) {
89 crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
90 crypto_info->iv_len = ivlen;
91 } else
92 # endif
93 if (EVP_CIPHER_is_a(c, "AES-128-CBC") || EVP_CIPHER_is_a(c, "AES-256-CBC")) {
94 if (md == NULL)
95 return 0;
96 if (EVP_MD_is_a(md, "SHA1"))
97 crypto_info->auth_algorithm = CRYPTO_SHA1_HMAC;
98 else if (EVP_MD_is_a(md, "SHA2-256"))
99 crypto_info->auth_algorithm = CRYPTO_SHA2_256_HMAC;
100 else if (EVP_MD_is_a(md, "SHA2-384"))
101 crypto_info->auth_algorithm = CRYPTO_SHA2_384_HMAC;
102 else
103 return 0;
104 crypto_info->cipher_algorithm = CRYPTO_AES_CBC;
105 crypto_info->iv_len = ivlen;
106 crypto_info->auth_key = mac_key;
107 crypto_info->auth_key_len = mac_secret_size;
108 } else {
109 return 0;
110 }
111 crypto_info->cipher_key = key;
112 crypto_info->cipher_key_len = keylen;
113 crypto_info->iv = iv;
114 crypto_info->tls_vmajor = (version >> 8) & 0x000000ff;
115 crypto_info->tls_vminor = (version & 0x000000ff);
116 # ifdef TCP_RXTLS_ENABLE
117 memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
118 # else
119 if (!is_tx)
120 return 0;
121 # endif
122 return 1;
123 };
124
125 #endif /* __FreeBSD__ */
126
127 #if defined(OPENSSL_SYS_LINUX)
128 /* Function to check supported ciphers in Linux */
ktls_int_check_supported_cipher(OSSL_RECORD_LAYER * rl,const EVP_CIPHER * c,const EVP_MD * md,size_t taglen)129 static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
130 const EVP_CIPHER *c,
131 const EVP_MD *md,
132 size_t taglen)
133 {
134 switch (rl->version) {
135 case TLS1_2_VERSION:
136 #ifdef OPENSSL_KTLS_TLS13
137 case TLS1_3_VERSION:
138 #endif
139 break;
140 default:
141 return 0;
142 }
143
144 /*
145 * Check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
146 * or Chacha20-Poly1305
147 */
148 # ifdef OPENSSL_KTLS_AES_CCM_128
149 if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
150 if (taglen != EVP_CCM_TLS_TAG_LEN)
151 return 0;
152 return 1;
153 } else
154 # endif
155 if (0
156 # ifdef OPENSSL_KTLS_AES_GCM_128
157 || EVP_CIPHER_is_a(c, "AES-128-GCM")
158 # endif
159 # ifdef OPENSSL_KTLS_AES_GCM_256
160 || EVP_CIPHER_is_a(c, "AES-256-GCM")
161 # endif
162 # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
163 || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
164 # endif
165 ) {
166 return 1;
167 }
168 return 0;
169 }
170
171 /* Function to configure kernel TLS structure */
172 static
ktls_configure_crypto(OSSL_LIB_CTX * libctx,int version,const EVP_CIPHER * c,const EVP_MD * md,void * rl_sequence,ktls_crypto_info_t * crypto_info,int is_tx,unsigned char * iv,size_t ivlen,unsigned char * key,size_t keylen,unsigned char * mac_key,size_t mac_secret_size)173 int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
174 const EVP_MD *md, void *rl_sequence,
175 ktls_crypto_info_t *crypto_info, int is_tx,
176 unsigned char *iv, size_t ivlen,
177 unsigned char *key, size_t keylen,
178 unsigned char *mac_key, size_t mac_secret_size)
179 {
180 unsigned char geniv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
181 unsigned char *eiv = NULL;
182
183 # ifdef OPENSSL_NO_KTLS_RX
184 if (!is_tx)
185 return 0;
186 # endif
187
188 if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE
189 || EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
190 if (!ossl_assert(EVP_GCM_TLS_FIXED_IV_LEN == EVP_CCM_TLS_FIXED_IV_LEN)
191 || !ossl_assert(EVP_GCM_TLS_EXPLICIT_IV_LEN
192 == EVP_CCM_TLS_EXPLICIT_IV_LEN))
193 return 0;
194 if (version == TLS1_2_VERSION) {
195 if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN))
196 return 0;
197 if (is_tx) {
198 if (RAND_bytes_ex(libctx, geniv,
199 EVP_GCM_TLS_EXPLICIT_IV_LEN, 0) <= 0)
200 return 0;
201 } else {
202 memset(geniv, 0, EVP_GCM_TLS_EXPLICIT_IV_LEN);
203 }
204 eiv = geniv;
205 } else {
206 if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN
207 + EVP_GCM_TLS_EXPLICIT_IV_LEN))
208 return 0;
209 eiv = iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE;
210 }
211 }
212
213 memset(crypto_info, 0, sizeof(*crypto_info));
214 switch (EVP_CIPHER_get_nid(c)) {
215 # ifdef OPENSSL_KTLS_AES_GCM_128
216 case NID_aes_128_gcm:
217 if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE
218 == EVP_GCM_TLS_FIXED_IV_LEN)
219 || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE
220 == EVP_GCM_TLS_EXPLICIT_IV_LEN))
221 return 0;
222 crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
223 crypto_info->gcm128.info.version = version;
224 crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
225 memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
226 memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
227 memcpy(crypto_info->gcm128.key, key, keylen);
228 memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
229 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
230 return 1;
231 # endif
232 # ifdef OPENSSL_KTLS_AES_GCM_256
233 case NID_aes_256_gcm:
234 if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE
235 == EVP_GCM_TLS_FIXED_IV_LEN)
236 || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE
237 == EVP_GCM_TLS_EXPLICIT_IV_LEN))
238 return 0;
239 crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256;
240 crypto_info->gcm256.info.version = version;
241 crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
242 memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
243 memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
244 memcpy(crypto_info->gcm256.key, key, keylen);
245 memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
246 TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
247
248 return 1;
249 # endif
250 # ifdef OPENSSL_KTLS_AES_CCM_128
251 case NID_aes_128_ccm:
252 if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE
253 == EVP_CCM_TLS_FIXED_IV_LEN)
254 || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE
255 == EVP_CCM_TLS_EXPLICIT_IV_LEN))
256 return 0;
257 crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128;
258 crypto_info->ccm128.info.version = version;
259 crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
260 memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
261 memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
262 memcpy(crypto_info->ccm128.key, key, keylen);
263 memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
264 TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
265 return 1;
266 # endif
267 # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
268 case NID_chacha20_poly1305:
269 if (!ossl_assert(ivlen == TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE))
270 return 0;
271 crypto_info->chacha20poly1305.info.cipher_type
272 = TLS_CIPHER_CHACHA20_POLY1305;
273 crypto_info->chacha20poly1305.info.version = version;
274 crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
275 memcpy(crypto_info->chacha20poly1305.iv, iv, ivlen);
276 memcpy(crypto_info->chacha20poly1305.key, key, keylen);
277 memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
278 TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
279 return 1;
280 # endif
281 default:
282 return 0;
283 }
284
285 }
286
287 #endif /* OPENSSL_SYS_LINUX */
288
ktls_set_crypto_state(OSSL_RECORD_LAYER * rl,int level,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,COMP_METHOD * comp)289 static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
290 unsigned char *key, size_t keylen,
291 unsigned char *iv, size_t ivlen,
292 unsigned char *mackey, size_t mackeylen,
293 const EVP_CIPHER *ciph,
294 size_t taglen,
295 int mactype,
296 const EVP_MD *md,
297 COMP_METHOD *comp)
298 {
299 ktls_crypto_info_t crypto_info;
300
301 /*
302 * Check if we are suitable for KTLS. If not suitable we return
303 * OSSL_RECORD_RETURN_NON_FATAL_ERR so that other record layers can be tried
304 * instead
305 */
306
307 if (comp != NULL)
308 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
309
310 /* ktls supports only the maximum fragment size */
311 if (rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH)
312 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
313
314 /* check that cipher is supported */
315 if (!ktls_int_check_supported_cipher(rl, ciph, md, taglen))
316 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
317
318 /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */
319 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE) {
320 if (BIO_flush(rl->bio) <= 0)
321 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
322
323 /* KTLS does not support record padding */
324 if (rl->padding != NULL || rl->block_padding > 0)
325 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
326 }
327
328 if (!ktls_configure_crypto(rl->libctx, rl->version, ciph, md, rl->sequence,
329 &crypto_info,
330 rl->direction == OSSL_RECORD_DIRECTION_WRITE,
331 iv, ivlen, key, keylen, mackey, mackeylen))
332 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
333
334 if (!BIO_set_ktls(rl->bio, &crypto_info, rl->direction))
335 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
336
337 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE &&
338 (rl->options & SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE) != 0)
339 /* Ignore errors. The application opts in to using the zerocopy
340 * optimization. If the running kernel doesn't support it, just
341 * continue without the optimization.
342 */
343 BIO_set_ktls_tx_zerocopy_sendfile(rl->bio);
344
345 return OSSL_RECORD_RETURN_SUCCESS;
346 }
347
ktls_read_n(OSSL_RECORD_LAYER * rl,size_t n,size_t max,int extend,int clearold,size_t * readbytes)348 static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
349 int clearold, size_t *readbytes)
350 {
351 int ret;
352
353 ret = tls_default_read_n(rl, n, max, extend, clearold, readbytes);
354
355 if (ret < OSSL_RECORD_RETURN_RETRY) {
356 switch (errno) {
357 case EBADMSG:
358 RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
359 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
360 break;
361 case EMSGSIZE:
362 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
363 SSL_R_PACKET_LENGTH_TOO_LONG);
364 break;
365 case EINVAL:
366 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
367 SSL_R_WRONG_VERSION_NUMBER);
368 break;
369 default:
370 break;
371 }
372 }
373
374 return ret;
375 }
376
ktls_cipher(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * inrecs,size_t n_recs,int sending,SSL_MAC_BUF * mac,size_t macsize)377 static int ktls_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs,
378 size_t n_recs, int sending, SSL_MAC_BUF *mac,
379 size_t macsize)
380 {
381 return 1;
382 }
383
ktls_validate_record_header(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * rec)384 static int ktls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
385 {
386 if (rec->rec_version != TLS1_2_VERSION) {
387 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_WRONG_VERSION_NUMBER);
388 return 0;
389 }
390
391 return 1;
392 }
393
ktls_post_process_record(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * rec)394 static int ktls_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
395 {
396 if (rl->version == TLS1_3_VERSION)
397 return tls13_common_post_process_record(rl, rec);
398
399 return 1;
400 }
401
402 static int
ktls_new_record_layer(OSSL_LIB_CTX * libctx,const char * propq,int vers,int role,int direction,int level,uint16_t epoch,unsigned char * secret,size_t secretlen,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,COMP_METHOD * comp,const EVP_MD * kdfdigest,BIO * prev,BIO * transport,BIO * next,BIO_ADDR * local,BIO_ADDR * peer,const OSSL_PARAM * settings,const OSSL_PARAM * options,const OSSL_DISPATCH * fns,void * cbarg,void * rlarg,OSSL_RECORD_LAYER ** retrl)403 ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
404 int role, int direction, int level, uint16_t epoch,
405 unsigned char *secret, size_t secretlen,
406 unsigned char *key, size_t keylen, unsigned char *iv,
407 size_t ivlen, unsigned char *mackey, size_t mackeylen,
408 const EVP_CIPHER *ciph, size_t taglen,
409 int mactype,
410 const EVP_MD *md, COMP_METHOD *comp,
411 const EVP_MD *kdfdigest, BIO *prev, BIO *transport,
412 BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
413 const OSSL_PARAM *settings, const OSSL_PARAM *options,
414 const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
415 OSSL_RECORD_LAYER **retrl)
416 {
417 int ret;
418
419 ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
420 ciph, taglen, md, comp, prev,
421 transport, next, settings,
422 options, fns, cbarg, retrl);
423
424 if (ret != OSSL_RECORD_RETURN_SUCCESS)
425 return ret;
426
427 (*retrl)->funcs = &ossl_ktls_funcs;
428
429 ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
430 ivlen, mackey, mackeylen, ciph,
431 taglen, mactype, md, comp);
432
433 if (ret != OSSL_RECORD_RETURN_SUCCESS) {
434 OPENSSL_free(*retrl);
435 *retrl = NULL;
436 } else {
437 /*
438 * With KTLS we always try and read as much as possible and fill the
439 * buffer
440 */
441 (*retrl)->read_ahead = 1;
442 }
443 return ret;
444 }
445
ktls_allocate_write_buffers(OSSL_RECORD_LAYER * rl,OSSL_RECORD_TEMPLATE * templates,size_t numtempl,size_t * prefix)446 static int ktls_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
447 OSSL_RECORD_TEMPLATE *templates,
448 size_t numtempl, size_t *prefix)
449 {
450 if (!ossl_assert(numtempl == 1))
451 return 0;
452
453 /*
454 * We just use the end application buffer in the case of KTLS, so nothing
455 * to do. We pretend we set up one buffer.
456 */
457 rl->numwpipes = 1;
458
459 return 1;
460 }
461
ktls_initialise_write_packets(OSSL_RECORD_LAYER * rl,OSSL_RECORD_TEMPLATE * templates,size_t numtempl,OSSL_RECORD_TEMPLATE * prefixtempl,WPACKET * pkt,TLS_BUFFER * bufs,size_t * wpinited)462 static int ktls_initialise_write_packets(OSSL_RECORD_LAYER *rl,
463 OSSL_RECORD_TEMPLATE *templates,
464 size_t numtempl,
465 OSSL_RECORD_TEMPLATE *prefixtempl,
466 WPACKET *pkt,
467 TLS_BUFFER *bufs,
468 size_t *wpinited)
469 {
470 TLS_BUFFER *wb;
471
472 /*
473 * We just use the application buffer directly and don't use any WPACKET
474 * structures
475 */
476 wb = &bufs[0];
477 wb->type = templates[0].type;
478
479 /*
480 * ktls doesn't modify the buffer, but to avoid a warning we need
481 * to discard the const qualifier.
482 * This doesn't leak memory because the buffers have never been allocated
483 * with KTLS
484 */
485 TLS_BUFFER_set_buf(wb, (unsigned char *)templates[0].buf);
486 TLS_BUFFER_set_offset(wb, 0);
487 TLS_BUFFER_set_app_buffer(wb, 1);
488
489 return 1;
490 }
491
ktls_prepare_record_header(OSSL_RECORD_LAYER * rl,WPACKET * thispkt,OSSL_RECORD_TEMPLATE * templ,uint8_t rectype,unsigned char ** recdata)492 static int ktls_prepare_record_header(OSSL_RECORD_LAYER *rl,
493 WPACKET *thispkt,
494 OSSL_RECORD_TEMPLATE *templ,
495 uint8_t rectype,
496 unsigned char **recdata)
497 {
498 /* The kernel writes the record header, so nothing to do */
499 *recdata = NULL;
500
501 return 1;
502 }
503
ktls_prepare_for_encryption(OSSL_RECORD_LAYER * rl,size_t mac_size,WPACKET * thispkt,TLS_RL_RECORD * thiswr)504 static int ktls_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
505 size_t mac_size,
506 WPACKET *thispkt,
507 TLS_RL_RECORD *thiswr)
508 {
509 /* No encryption, so nothing to do */
510 return 1;
511 }
512
ktls_post_encryption_processing(OSSL_RECORD_LAYER * rl,size_t mac_size,OSSL_RECORD_TEMPLATE * templ,WPACKET * thispkt,TLS_RL_RECORD * thiswr)513 static int ktls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
514 size_t mac_size,
515 OSSL_RECORD_TEMPLATE *templ,
516 WPACKET *thispkt,
517 TLS_RL_RECORD *thiswr)
518 {
519 /* The kernel does anything that is needed, so nothing to do here */
520 return 1;
521 }
522
ktls_prepare_write_bio(OSSL_RECORD_LAYER * rl,int type)523 static int ktls_prepare_write_bio(OSSL_RECORD_LAYER *rl, int type)
524 {
525 /*
526 * To prevent coalescing of control and data messages,
527 * such as in buffer_write, we flush the BIO
528 */
529 if (type != SSL3_RT_APPLICATION_DATA) {
530 int ret, i = BIO_flush(rl->bio);
531
532 if (i <= 0) {
533 if (BIO_should_retry(rl->bio))
534 ret = OSSL_RECORD_RETURN_RETRY;
535 else
536 ret = OSSL_RECORD_RETURN_FATAL;
537 return ret;
538 }
539 BIO_set_ktls_ctrl_msg(rl->bio, type);
540 }
541
542 return OSSL_RECORD_RETURN_SUCCESS;
543 }
544
ktls_alloc_buffers(OSSL_RECORD_LAYER * rl)545 static int ktls_alloc_buffers(OSSL_RECORD_LAYER *rl)
546 {
547 /* We use the application buffer directly for writing */
548 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
549 return 1;
550
551 return tls_alloc_buffers(rl);
552 }
553
ktls_free_buffers(OSSL_RECORD_LAYER * rl)554 static int ktls_free_buffers(OSSL_RECORD_LAYER *rl)
555 {
556 /* We use the application buffer directly for writing */
557 if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
558 return 1;
559
560 return tls_free_buffers(rl);
561 }
562
563 static struct record_functions_st ossl_ktls_funcs = {
564 ktls_set_crypto_state,
565 ktls_cipher,
566 NULL,
567 tls_default_set_protocol_version,
568 ktls_read_n,
569 tls_get_more_records,
570 ktls_validate_record_header,
571 ktls_post_process_record,
572 tls_get_max_records_default,
573 tls_write_records_default,
574 ktls_allocate_write_buffers,
575 ktls_initialise_write_packets,
576 NULL,
577 ktls_prepare_record_header,
578 NULL,
579 ktls_prepare_for_encryption,
580 ktls_post_encryption_processing,
581 ktls_prepare_write_bio
582 };
583
584 const OSSL_RECORD_METHOD ossl_ktls_record_method = {
585 ktls_new_record_layer,
586 tls_free,
587 tls_unprocessed_read_pending,
588 tls_processed_read_pending,
589 tls_app_data_pending,
590 tls_get_max_records,
591 tls_write_records,
592 tls_retry_write_records,
593 tls_read_record,
594 tls_release_record,
595 tls_get_alert_code,
596 tls_set1_bio,
597 tls_set_protocol_version,
598 tls_set_plain_alerts,
599 tls_set_first_handshake,
600 tls_set_max_pipelines,
601 NULL,
602 tls_get_state,
603 tls_set_options,
604 tls_get_compression,
605 tls_set_max_frag_len,
606 NULL,
607 tls_increment_sequence_ctr,
608 ktls_alloc_buffers,
609 ktls_free_buffers
610 };
611
