Commit 6ba76c4f authored by Boris Pismenny's avatar Boris Pismenny Committed by Matt Caswell
Browse files

bio: Linux TLS Offload 



Add support for Linux TLS offload in the BIO layer
and specifically in bss_sock.c.

Signed-off-by: default avatarBoris Pismenny <borisp@mellanox.com>

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarPaul Yang <yang.yang@baishancloud.com>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
parent 69495e3d

crypto/bio/bss_sock.c

+46 −2
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ 
#include <errno.h>

#include "bio_lcl.h"

#include "internal/cryptlib.h"

#include "internal/ktls.h"



#ifndef OPENSSL_NO_SOCK
@@ -64,6 +65,17 @@ BIO *BIO_new_socket(int fd, int close_flag) 
    if (ret == NULL)

        return NULL;

    BIO_set_fd(ret, fd, close_flag);

# ifndef OPENSSL_NO_KTLS

    {

        /*

         * The new socket is created successfully regardless of ktls_enable.

         * ktls_enable doesn't change any functionality of the socket, except

         * changing the setsockopt to enable the processing of ktls_start.

         * Thus, it is not a problem to call it for non-TLS sockets.

         */

        ktls_enable(fd);

    }

# endif

    return ret;

}
@@ -108,9 +120,19 @@ static int sock_read(BIO *b, char *out, int outl) 


static int sock_write(BIO *b, const char *in, int inl)

{

    int ret;

    int ret = 0;



    clear_socket_error();

# ifndef OPENSSL_NO_KTLS

    if (BIO_should_ktls_ctrl_msg_flag(b)) {

        unsigned char record_type = (intptr_t)b->ptr;

        ret = ktls_send_ctrl_message(b->num, record_type, in, inl);

        if (ret >= 0) {

            ret = inl;

            BIO_clear_ktls_ctrl_msg_flag(b);

        }

    } else

# endif

        ret = writesocket(b->num, in, inl);

    BIO_clear_retry_flags(b);

    if (ret <= 0) {
@@ -124,6 +146,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) 
{

    long ret = 1;

    int *ip;

# ifndef OPENSSL_NO_KTLS

    struct tls12_crypto_info_aes_gcm_128 *crypto_info;

# endif



    switch (cmd) {

    case BIO_C_SET_FD:
@@ -151,6 +176,25 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) 
    case BIO_CTRL_FLUSH:

        ret = 1;

        break;

# ifndef OPENSSL_NO_KTLS

    case BIO_CTRL_SET_KTLS_SEND:

        crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr;

        ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num);

        if (ret)

            BIO_set_ktls_flag(b);

        break;

    case BIO_CTRL_GET_KTLS_SEND:

        return BIO_should_ktls_flag(b);

    case BIO_CTRL_SET_KTLS_SEND_CTRL_MSG:

        BIO_set_ktls_ctrl_msg_flag(b);

        b->ptr = (void *)num;

        ret = 0;

        break;

    case BIO_CTRL_CLEAR_KTLS_CTRL_MSG:

        BIO_clear_ktls_ctrl_msg_flag(b);

        ret = 0;

        break;

# endif

    default:

        ret = 0;

        break;

include/internal/bio.h

+36 −0
Original line number Diff line number Diff line
@@ -7,6 +7,9 @@ 
 * https://www.openssl.org/source/license.html

 */



#ifndef HEADER_INTERNAL_BIO_H

# define HEADER_INTERNAL_BIO_H



#include <openssl/bio.h>



struct bio_method_st {
@@ -31,3 +34,36 @@ void bio_cleanup(void); 
/* Old style to new style BIO_METHOD conversion functions */

int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);

int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);



# define BIO_CTRL_SET_KTLS_SEND                 72

# define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74

# define BIO_CTRL_CLEAR_KTLS_CTRL_MSG      75



/*

 * This is used with socket BIOs:

 * BIO_FLAGS_KTLS means we are using ktls with this BIO.

 * BIO_FLAGS_KTLS_CTRL_MSG means we are about to send a ctrl message next.

 */

# define BIO_FLAGS_KTLS          0x800

# define BIO_FLAGS_KTLS_CTRL_MSG 0x1000



/* KTLS related controls and flags */

# define BIO_set_ktls_flag(b) \

    BIO_set_flags(b, BIO_FLAGS_KTLS)

# define BIO_should_ktls_flag(b) \

    BIO_test_flags(b, BIO_FLAGS_KTLS)

# define BIO_set_ktls_ctrl_msg_flag(b) \

    BIO_set_flags(b, BIO_FLAGS_KTLS_CTRL_MSG)

# define BIO_should_ktls_ctrl_msg_flag(b) \

    BIO_test_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG))

# define BIO_clear_ktls_ctrl_msg_flag(b) \

    BIO_clear_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG))



#  define BIO_set_ktls(b, keyblob, is_tx)   \

     BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND, is_tx, keyblob)

#  define BIO_set_ktls_ctrl_msg(b, record_type)   \

     BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND_CTRL_MSG, record_type, NULL)

#  define BIO_clear_ktls_ctrl_msg(b) \

     BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_CTRL_MSG, 0, NULL)



#endif

include/openssl/bio.h

+10 −0
Original line number Diff line number Diff line
@@ -145,6 +145,16 @@ extern "C" { 


# define BIO_CTRL_DGRAM_SET_PEEK_MODE      71



/* internal BIO see include/internal/bio.h:

 * # define BIO_CTRL_SET_KTLS_SEND                 72

 * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74

 * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG      75

 */



#  define BIO_CTRL_GET_KTLS_SEND                 73

#  define BIO_get_ktls_send(b)         \

     BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL)



/* modifiers */

# define BIO_FP_READ             0x02

# define BIO_FP_WRITE            0x04