git: d5ec2e12f399 - main - security/openssl: Major version update to 3.0
Date: Sat, 14 Oct 2023 17:30:52 UTC
The branch main has been updated by brnrd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=d5ec2e12f399b7813994564b77a0915821a0ac42
commit d5ec2e12f399b7813994564b77a0915821a0ac42
Author: Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2023-10-14 17:00:42 +0000
Commit: Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2023-10-14 17:23:12 +0000
security/openssl: Major version update to 3.0
* OpenSSL 1.1.1 is EoL, update to new LTS version
* Aligns with upcoming OpenSSL version in 14.0
---
UPDATING | 17 +
security/openssl/Makefile | 96 +-
security/openssl/distinfo | 6 +-
security/openssl/files/extra-patch-ktls | 3753 +++-----------------
.../openssl/files/extra-patch-util_find-doc-nits | 20 +
.../files/extra-patch-util_process__docs.pl | 20 -
.../files/patch-Configurations_10-main.conf | 35 +
security/openssl/files/patch-Configure | 11 +
security/openssl/files/patch-crypto_ppccap.c | 34 +
.../openssl/files/patch-crypto_threads__pthread.c | 13 +
.../files/patch-util_perl_OpenSSL_config.pm | 14 +
security/openssl/files/pkg-message.in | 8 -
security/openssl/pkg-plist | 263 +-
security/openssl/version.mk | 2 +-
14 files changed, 793 insertions(+), 3499 deletions(-)
diff --git a/UPDATING b/UPDATING
index 10a57980b74c..382cf5f5bd48 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,23 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20231014:
+ AFFECTS: users of security/openssl and security/openssl30
+ AUTHOR: brnrd@FreeBSD.org
+
+ The openssl port was renamed to openssl111 and subsequently the
+ openssl30 port was renamed to openssl.
+
+ The shared library version of OpenSSL has been bumped.
+
+ Users of DEFAULT_VERSIONS= ssl=openssl30 must update this to
+ ssl=openssl.
+ Users of DEFAULT_VERSIONS= ssl=openssl should not change this unless
+ they use ports that require the deprecated OpenSSL 1.1.1 version.
+
+ You must rebuild all ports that depend on OpenSSL if you use OpenSSL
+ from ports.
+
20231011:
AFFECTS: users of www/caddy
AUTHOR: adamw@FreeBSD.org
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 77b05e43a321..0d829246a3e9 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,5 +1,5 @@
PORTNAME= openssl
-PORTVERSION= 1.1.1w
+PORTVERSION= 3.0.11
PORTEPOCH= 1
CATEGORIES= security devel
MASTER_SITES= https://www.openssl.org/source/ \
@@ -9,10 +9,16 @@ MAINTAINER= brnrd@FreeBSD.org
COMMENT= TLSv1.3 capable SSL and crypto library
WWW= https://www.openssl.org/
-LICENSE= OpenSSL
-LICENSE_FILE= ${WRKSRC}/LICENSE
+LICENSE= APACHE20
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
-CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl3[012] openssl-quictls
+#EXPIRES= 2025-03-25
+
+CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl111 openssl3[12] openssl-quictls
+
+USES= cpe perl5
+USE_PERL5= build
+TEST_TARGET= test
HAS_CONFIGURE= yes
CONFIGURE_SCRIPT= config
@@ -20,32 +26,27 @@ CONFIGURE_ENV= PERL="${PERL}"
CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \
--prefix=${PREFIX}
-USES= cpe perl5
-USE_PERL5= build
-TEST_TARGET= test
-
LDFLAGS_i386= -Wl,-znotext
MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
-OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS
+OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS
OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS
OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3
OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS
+OPTIONS_GROUP_MODULES= FIPS LEGACY
OPTIONS_DEFINE_i386= I386
OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
OPTIONS_DEFINE= ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB
-OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \
- RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
+OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 NEXTPROTONEG \
+ RFC3779 RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \
${${OSVERSION} > 1300000:?CRYPTODEV:}
-OPTIONS_GROUP_OPTIMIZE_amd64= EC
-
.if ${MACHINE_ARCH} == "amd64"
OPTIONS_GROUP_OPTIMIZE+= EC
.elif ${MACHINE_ARCH} == "mips64el"
@@ -62,15 +63,18 @@ CRYPTODEV_DESC= /dev/crypto support
CT_DESC= Certificate Transparency Support
DES_DESC= (Triple) Data Encryption Standard
EC_DESC= Optimize NIST elliptic curves
+FIPS_DESC= Build FIPS provider
GOST_DESC= GOST (Russian standard)
HASHES_DESC= Hash Function Support
I386_DESC= i386 (instead of i486+)
IDEA_DESC= International Data Encryption Algorithm
-KTLS_DESC= Kernel TLS offload
+KTLS_DESC= Use in-kernel TLS (FreeBSD >13)
+LEGACY_DESC= Older algorithms
MAN3_DESC= Install API manpages (section 3, 7)
-MD2_DESC= MD2 (obsolete)
+MD2_DESC= MD2 (obsolete) (requires LEGACY)
MD4_DESC= MD4 (unsafe)
MDC2_DESC= MDC-2 (patented, requires DES)
+MODULES_DESC= Provider modules
NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY)
OPTIMIZE_DESC= Optimizations
PROTOCOLS_DESC= Protocol Support
@@ -92,30 +96,51 @@ TLS1_2_DESC= TLSv1.2
WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe)
# Upstream default disabled options
-.for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers
+.for _option in fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib
${_option:tu}_CONFIGURE_ON= enable-${_option}
.endfor
# Upstream default enabled options
-.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \
- rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2
+.for _option in aria asm async ct des gost idea md4 mdc2 legacy \
+ nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \
+ threads tls1 tls1_1 tls1_2
${_option:tu}_CONFIGURE_OFF= no-${_option}
.endfor
+MD2_IMPLIES= LEGACY
MDC2_IMPLIES= DES
TLS1_IMPLIES= TLS1_1
TLS1_1_IMPLIES= TLS1_2
EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128
+FIPS_VARS= shlibs+=lib/ossl-modules/fips.so
I386_CONFIGURE_ON= 386
KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls
-MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_process__docs.pl
+LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so
+MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits
SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER}
SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER}
SHARED_USE= ldconfig=yes
+SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \
+ lib/libssl.so.${OPENSSL_SHLIBVER} \
+ lib/engines-${OPENSSL_SHLIBVER}/capi.so \
+ lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \
+ lib/engines-${OPENSSL_SHLIBVER}/padlock.so"
SSL3_CONFIGURE_ON+= enable-ssl3-method
ZLIB_CONFIGURE_ON= zlib-dynamic
+SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so
+
+.include <bsd.port.options.mk>
+
+.if ${ARCH} == powerpc64
+CONFIGURE_ARGS+= BSD-ppc64
+.elif ${ARCH} == powerpc64le
+CONFIGURE_ARGS+= BSD-ppc64le
+.elif ${ARCH} == riscv64
+CONFIGURE_ARGS+= BSD-riscv64
+.endif
+
.include <bsd.port.pre.mk>
.if ${PREFIX} == /usr
IGNORE= the OpenSSL port can not be installed over the base version
@@ -135,35 +160,34 @@ BROKEN_sparc64= option ASM generates illegal instructions
.endif
post-patch:
- ${REINPLACE_CMD} \
- -e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \
- -e 's| install_html_docs$$||' \
- -e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \
+ ${REINPLACE_CMD} -Ee 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \
+ -e 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \
${WRKSRC}/Configurations/unix-Makefile.tmpl
- ${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl
+ ${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \
+ ${WRKSRC}/VERSION.dat
post-configure:
+ ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump )
+
+post-configure-MAN3-off:
${REINPLACE_CMD} \
- -e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \
+ -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \
+ -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \
${WRKSRC}/Makefile
- ${REINPLACE_CMD} \
- -e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \
- ${WRKSRC}/include/openssl/opensslv.h
post-install-SHARED-on:
-.for i in libcrypto libssl
- ${INSTALL_LIB} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib
- ${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so
-.endfor
-.for i in capi padlock
- ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines-1.1/${i}.so
+.for i in ${SHLIBS}
+ -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i
.endfor
+post-install-SHARED-off:
+ ${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-12
+
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
post-install-MAN3-on:
- ( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \
- ${SED} 's/$$/.gz/' >>${TMPPLIST}
+ ( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 -not -type d ; \
+ ${FIND} man/man7 -not -type d ) | ${SED} 's/$$/.gz/' >> ${TMPPLIST}
.include <bsd.port.post.mk>
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 11a9beb18815..a62e9e8bb1d6 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1694449777
-SHA256 (openssl-1.1.1w.tar.gz) = cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8
-SIZE (openssl-1.1.1w.tar.gz) = 9893384
+TIMESTAMP = 1695134169
+SHA256 (openssl-3.0.11.tar.gz) = b3425d3bb4a2218d0697eb41f7fc0cdede016ed19ca49d168b78e8d947887f55
+SIZE (openssl-3.0.11.tar.gz) = 15198318
diff --git a/security/openssl/files/extra-patch-ktls b/security/openssl/files/extra-patch-ktls
index d38a70e779e3..8a46c272d95c 100644
--- a/security/openssl/files/extra-patch-ktls
+++ b/security/openssl/files/extra-patch-ktls
@@ -1,2081 +1,318 @@
-diff --git CHANGES CHANGES
-index a5522e5fa5..98961effc0 100644
---- CHANGES
-+++ CHANGES
-@@ -606,6 +606,11 @@
- necessary to configure just to create a source distribution.
- [Richard Levitte]
-
-+ *) Added support for Linux Kernel TLS data-path. The Linux Kernel data-path
-+ improves application performance by removing data copies and providing
-+ applications with zero-copy system calls such as sendfile and splice.
-+ [Boris Pismenny]
-+
- Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
-
- *) Timing vulnerability in DSA signature generation
-diff --git Configure Configure
-index 4bea49d7da..e656814a7f 100755
---- Configure
-+++ Configure
-@@ -341,6 +341,7 @@ my @dtls = qw(dtls1 dtls1_2);
- # For developers: keep it sorted alphabetically
+diff --git include/internal/ktls.h include/internal/ktls.h
+index 95492fd065..3c82cae26b 100644
+--- include/internal/ktls.h
++++ include/internal/ktls.h
+@@ -40,6 +40,11 @@
+ # define OPENSSL_KTLS_AES_GCM_128
+ # define OPENSSL_KTLS_AES_GCM_256
+ # define OPENSSL_KTLS_TLS13
++# ifdef TLS_CHACHA20_IV_LEN
++# ifndef OPENSSL_NO_CHACHA
++# define OPENSSL_KTLS_CHACHA20_POLY1305
++# endif
++# endif
- my @disablables = (
-+ "ktls",
- "afalgeng",
- "aria",
- "asan",
-@@ -474,6 +475,7 @@ our %disabled = ( # "what" => "comment"
- "weak-ssl-ciphers" => "default",
- "zlib" => "default",
- "zlib-dynamic" => "default",
-+ "ktls" => "default",
- );
+ typedef struct tls_enable ktls_crypto_info_t;
- # Note: => pair form used for aesthetics, not to truly make a hash table
-@@ -1583,6 +1585,33 @@ unless ($disabled{devcryptoeng}) {
- }
- }
+diff --git ssl/ktls.c ssl/ktls.c
+index 79d980959e..e343d382cc 100644
+--- ssl/ktls.c
++++ ssl/ktls.c
+@@ -10,6 +10,67 @@
+ #include "ssl_local.h"
+ #include "internal/ktls.h"
-+unless ($disabled{ktls}) {
-+ $config{ktls}="";
-+ if ($target =~ m/^linux/) {
-+ my $usr = "/usr/$config{cross_compile_prefix}";
-+ chop($usr);
-+ if ($config{cross_compile_prefix} eq "") {
-+ $usr = "/usr";
-+ }
-+ my $minver = (4 << 16) + (13 << 8) + 0;
-+ my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
++#ifndef OPENSSL_NO_KTLS_RX
++ /*
++ * Count the number of records that were not processed yet from record boundary.
++ *
++ * This function assumes that there are only fully formed records read in the
++ * record layer. If read_ahead is enabled, then this might be false and this
++ * function will fail.
++ */
++static int count_unprocessed_records(SSL *s)
++{
++ SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
++ PACKET pkt, subpkt;
++ int count = 0;
+
-+ if ($verstr[2] < $minver) {
-+ disable('too-old-kernel', 'ktls');
-+ }
-+ } elsif ($target =~ m/^BSD/) {
-+ my $cc = $config{CROSS_COMPILE}.$config{CC};
-+ system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
-+ if ($? != 0) {
-+ disable('too-old-freebsd', 'ktls');
-+ }
-+ } else {
-+ disable('not-linux-or-freebsd', 'ktls');
++ if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left))
++ return -1;
++
++ while (PACKET_remaining(&pkt) > 0) {
++ /* Skip record type and version */
++ if (!PACKET_forward(&pkt, 3))
++ return -1;
++
++ /* Read until next record */
++ if (!PACKET_get_length_prefixed_2(&pkt, &subpkt))
++ return -1;
++
++ count += 1;
+ }
++
++ return count;
+}
+
-+push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
++/*
++ * The kernel cannot offload receive if a partial TLS record has been read.
++ * Check the read buffer for unprocessed records. If the buffer contains a
++ * partial record, fail and return 0. Otherwise, update the sequence
++ * number at *rec_seq for the count of unprocessed records and return 1.
++ */
++static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq)
++{
++ int bit, count_unprocessed;
+
- # Get the extra flags used when building shared libraries and modules. We
- # do this late because some of them depend on %disabled.
-
-diff --git INSTALL INSTALL
-index f3ac727183..f6f754fd5e 100644
---- INSTALL
-+++ INSTALL
-@@ -263,6 +263,15 @@
- Don't build the AFALG engine. This option will be forced if
- on a platform that does not support AFALG.
-
-+ enable-ktls
-+ Build with Kernel TLS support. This option will enable the
-+ use of the Kernel TLS data-path, which can improve
-+ performance and allow for the use of sendfile and splice
-+ system calls on TLS sockets. The Kernel may use TLS
-+ accelerators if any are available on the system.
-+ This option will be forced off on systems that do not support
-+ the Kernel TLS data-path.
++ count_unprocessed = count_unprocessed_records(s);
++ if (count_unprocessed < 0)
++ return 0;
+
- enable-asan
- Build with the Address sanitiser. This is a developer option
- only. It may not work on all platforms and should never be
-diff --git apps/s_client.c apps/s_client.c
-index 00effc8037..5664e7e04e 100644
---- apps/s_client.c
-+++ apps/s_client.c
-@@ -3295,6 +3295,12 @@ static void print_stuff(BIO *bio, SSL *s, int full)
- BIO_printf(bio, "Expansion: %s\n",
- expansion ? SSL_COMP_get_name(expansion) : "NONE");
- #endif
-+#ifndef OPENSSL_NO_KTLS
-+ if (BIO_get_ktls_send(SSL_get_wbio(s)))
-+ BIO_printf(bio_err, "Using Kernel TLS for sending\n");
-+ if (BIO_get_ktls_recv(SSL_get_rbio(s)))
-+ BIO_printf(bio_err, "Using Kernel TLS for receiving\n");
-+#endif
-
- #ifdef SSL_DEBUG
- {
-diff --git apps/s_server.c apps/s_server.c
-index 64d53e68d0..9fcb8d7a7b 100644
---- apps/s_server.c
-+++ apps/s_server.c
-@@ -2934,6 +2934,12 @@ static void print_connection_info(SSL *con)
- }
- OPENSSL_free(exportedkeymat);
- }
-+#ifndef OPENSSL_NO_KTLS
-+ if (BIO_get_ktls_send(SSL_get_wbio(con)))
-+ BIO_printf(bio_err, "Using Kernel TLS for sending\n");
-+ if (BIO_get_ktls_recv(SSL_get_rbio(con)))
-+ BIO_printf(bio_err, "Using Kernel TLS for receiving\n");
++ /* increment the crypto_info record sequence */
++ while (count_unprocessed) {
++ for (bit = 7; bit >= 0; bit--) { /* increment */
++ ++rec_seq[bit];
++ if (rec_seq[bit] != 0)
++ break;
++ }
++ count_unprocessed--;
++
++ }
++
++ return 1;
++}
+#endif
++
+ #if defined(__FreeBSD__)
+ # include "crypto/cryptodev.h"
- (void)BIO_flush(bio_s_out);
- }
-diff --git crypto/bio/b_sock2.c crypto/bio/b_sock2.c
-index 104ff31b0d..771729880e 100644
---- crypto/bio/b_sock2.c
-+++ crypto/bio/b_sock2.c
-@@ -12,6 +12,7 @@
- #include <errno.h>
-
- #include "bio_local.h"
-+#include "internal/ktls.h"
-
- #include <openssl/err.h>
-
-@@ -50,6 +51,17 @@ int BIO_socket(int domain, int socktype, int protocol, int options)
- BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
- return INVALID_SOCKET;
- }
-+# ifndef OPENSSL_NO_KTLS
-+ {
-+ /*
-+ * The new socket is created successfully regardless of ktls_enable.
-+ * ktls_enable doesn't change any functionality of the socket, except
-+ * changing the setsockopt to enable the processing of ktls_start.
-+ * Thus, it is not a problem to call it for non-TLS sockets.
-+ */
-+ ktls_enable(sock);
-+ }
+@@ -37,6 +98,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
+ case SSL_AES128GCM:
+ case SSL_AES256GCM:
+ return 1;
++# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
++ case SSL_CHACHA20POLY1305:
++ return 1;
+# endif
-
- return sock;
+ case SSL_AES128:
+ case SSL_AES256:
+ if (s->ext.use_etm)
+@@ -55,9 +120,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
}
-diff --git crypto/bio/bss_conn.c crypto/bio/bss_conn.c
-index 807a82b23b..10cf20871c 100644
---- crypto/bio/bss_conn.c
-+++ crypto/bio/bss_conn.c
-@@ -11,6 +11,7 @@
- #include <errno.h>
-
- #include "bio_local.h"
-+#include "internal/ktls.h"
-
- #ifndef OPENSSL_NO_SOCK
-
-@@ -20,6 +21,9 @@ typedef struct bio_connect_st {
- char *param_hostname;
- char *param_service;
- int connect_mode;
-+# ifndef OPENSSL_NO_KTLS
-+ unsigned char record_type;
-+# endif
-
- BIO_ADDRINFO *addr_first;
- const BIO_ADDRINFO *addr_iter;
-@@ -320,7 +324,12 @@ static int conn_read(BIO *b, char *out, int outl)
-
- if (out != NULL) {
- clear_socket_error();
-- ret = readsocket(b->num, out, outl);
-+# ifndef OPENSSL_NO_KTLS
-+ if (BIO_get_ktls_recv(b))
-+ ret = ktls_read_record(b->num, out, outl);
-+ else
-+# endif
-+ ret = readsocket(b->num, out, outl);
- BIO_clear_retry_flags(b);
- if (ret <= 0) {
- if (BIO_sock_should_retry(ret))
-@@ -345,7 +354,16 @@ static int conn_write(BIO *b, const char *in, int inl)
- }
-
- clear_socket_error();
-- ret = writesocket(b->num, in, inl);
-+# ifndef OPENSSL_NO_KTLS
-+ if (BIO_should_ktls_ctrl_msg_flag(b)) {
-+ ret = ktls_send_ctrl_message(b->num, data->record_type, in, inl);
-+ if (ret >= 0) {
-+ ret = inl;
-+ BIO_clear_ktls_ctrl_msg_flag(b);
-+ }
-+ } else
-+# endif
-+ ret = writesocket(b->num, in, inl);
- BIO_clear_retry_flags(b);
- if (ret <= 0) {
- if (BIO_sock_should_retry(ret))
-@@ -361,6 +379,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
- const char **pptr = NULL;
- long ret = 1;
- BIO_CONNECT *data;
-+# ifndef OPENSSL_NO_KTLS
-+ ktls_crypto_info_t *crypto_info;
-+# endif
- data = (BIO_CONNECT *)b->ptr;
-
-@@ -518,8 +539,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
- }
- break;
- case BIO_CTRL_EOF:
-- ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
-+ ret = (b->flags & BIO_FLAGS_IN_EOF) != 0;
+ /* Function to configure kernel TLS structure */
+-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ void *rl_sequence, ktls_crypto_info_t *crypto_info,
+- unsigned char **rec_seq, unsigned char *iv,
++ int is_tx, unsigned char *iv,
+ unsigned char *key, unsigned char *mac_key,
+ size_t mac_secret_size)
+ {
+@@ -71,6 +136,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ else
+ crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
break;
-+# ifndef OPENSSL_NO_KTLS
-+ case BIO_CTRL_SET_KTLS:
-+ crypto_info = (ktls_crypto_info_t *)ptr;
-+ ret = ktls_start(b->num, crypto_info, num);
-+ if (ret)
-+ BIO_set_ktls_flag(b, num);
-+ break;
-+ case BIO_CTRL_GET_KTLS_SEND:
-+ return BIO_should_ktls_flag(b, 1) != 0;
-+ case BIO_CTRL_GET_KTLS_RECV:
-+ return BIO_should_ktls_flag(b, 0) != 0;
-+ case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG:
-+ BIO_set_ktls_ctrl_msg_flag(b);
-+ data->record_type = num;
-+ ret = 0;
-+ break;
-+ case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG:
-+ BIO_clear_ktls_ctrl_msg_flag(b);
-+ ret = 0;
++# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
++ case SSL_CHACHA20POLY1305:
++ crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
++ crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
+ break;
+# endif
- default:
- ret = 0;
- break;
-diff --git crypto/bio/bss_fd.c crypto/bio/bss_fd.c
-index ccbe1626ba..8d03e48ce9 100644
---- crypto/bio/bss_fd.c
-+++ crypto/bio/bss_fd.c
-@@ -189,7 +189,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
- ret = 1;
- break;
- case BIO_CTRL_EOF:
-- ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
-+ ret = (b->flags & BIO_FLAGS_IN_EOF) != 0;
- break;
- default:
- ret = 0;
-diff --git crypto/bio/bss_sock.c crypto/bio/bss_sock.c
-index 6251f3d46a..8de1f58292 100644
---- crypto/bio/bss_sock.c
-+++ crypto/bio/bss_sock.c
-@@ -11,6 +11,7 @@
- #include <errno.h>
- #include "bio_local.h"
- #include "internal/cryptlib.h"
-+#include "internal/ktls.h"
-
- #ifndef OPENSSL_NO_SOCK
-
-@@ -64,6 +65,17 @@ BIO *BIO_new_socket(int fd, int close_flag)
- if (ret == NULL)
- return NULL;
- BIO_set_fd(ret, fd, close_flag);
-+# ifndef OPENSSL_NO_KTLS
-+ {
-+ /*
-+ * The new socket is created successfully regardless of ktls_enable.
-+ * ktls_enable doesn't change any functionality of the socket, except
-+ * changing the setsockopt to enable the processing of ktls_start.
-+ * Thus, it is not a problem to call it for non-TLS sockets.
-+ */
-+ ktls_enable(fd);
-+ }
-+# endif
- return ret;
+ case SSL_AES128:
+ case SSL_AES256:
+ switch (s->s3.tmp.new_cipher->algorithm_mac) {
+@@ -101,11 +172,11 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ crypto_info->tls_vminor = (s->version & 0x000000ff);
+ # ifdef TCP_RXTLS_ENABLE
+ memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
+- if (rec_seq != NULL)
+- *rec_seq = crypto_info->rec_seq;
++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->rec_seq))
++ return 0;
+ # else
+- if (rec_seq != NULL)
+- *rec_seq = NULL;
++ if (!is_tx)
++ return 0;
+ # endif
+ return 1;
+ };
+@@ -154,15 +225,20 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
}
-@@ -96,7 +108,12 @@ static int sock_read(BIO *b, char *out, int outl)
-
- if (out != NULL) {
- clear_socket_error();
-- ret = readsocket(b->num, out, outl);
-+# ifndef OPENSSL_NO_KTLS
-+ if (BIO_get_ktls_recv(b))
-+ ret = ktls_read_record(b->num, out, outl);
-+ else
-+# endif
-+ ret = readsocket(b->num, out, outl);
- BIO_clear_retry_flags(b);
- if (ret <= 0) {
- if (BIO_sock_should_retry(ret))
-@@ -110,10 +127,20 @@ static int sock_read(BIO *b, char *out, int outl)
-
- static int sock_write(BIO *b, const char *in, int inl)
- {
-- int ret;
-+ int ret = 0;
-
- clear_socket_error();
-- ret = writesocket(b->num, in, inl);
-+# ifndef OPENSSL_NO_KTLS
-+ if (BIO_should_ktls_ctrl_msg_flag(b)) {
-+ unsigned char record_type = (intptr_t)b->ptr;
-+ ret = ktls_send_ctrl_message(b->num, record_type, in, inl);
-+ if (ret >= 0) {
-+ ret = inl;
-+ BIO_clear_ktls_ctrl_msg_flag(b);
-+ }
-+ } else
-+# endif
-+ ret = writesocket(b->num, in, inl);
- BIO_clear_retry_flags(b);
- if (ret <= 0) {
- if (BIO_sock_should_retry(ret))
-@@ -126,6 +153,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+ /* Function to configure kernel TLS structure */
+-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ void *rl_sequence, ktls_crypto_info_t *crypto_info,
+- unsigned char **rec_seq, unsigned char *iv,
++ int is_tx, unsigned char *iv,
+ unsigned char *key, unsigned char *mac_key,
+ size_t mac_secret_size)
{
- long ret = 1;
- int *ip;
-+# ifndef OPENSSL_NO_KTLS
-+ ktls_crypto_info_t *crypto_info;
-+# endif
+ unsigned char geniv[12];
+ unsigned char *iiv = iv;
- switch (cmd) {
- case BIO_C_SET_FD:
-@@ -153,8 +183,29 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
- case BIO_CTRL_FLUSH:
- ret = 1;
- break;
-+# ifndef OPENSSL_NO_KTLS
-+ case BIO_CTRL_SET_KTLS:
-+ crypto_info = (ktls_crypto_info_t *)ptr;
-+ ret = ktls_start(b->num, crypto_info, num);
-+ if (ret)
-+ BIO_set_ktls_flag(b, num);
-+ break;
-+ case BIO_CTRL_GET_KTLS_SEND:
-+ return BIO_should_ktls_flag(b, 1) != 0;
-+ case BIO_CTRL_GET_KTLS_RECV:
-+ return BIO_should_ktls_flag(b, 0) != 0;
-+ case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG:
-+ BIO_set_ktls_ctrl_msg_flag(b);
-+ b->ptr = (void *)num;
-+ ret = 0;
-+ break;
-+ case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG:
-+ BIO_clear_ktls_ctrl_msg_flag(b);
-+ ret = 0;
-+ break;
++# ifdef OPENSSL_NO_KTLS_RX
++ if (!is_tx)
++ return 0;
+# endif
- case BIO_CTRL_EOF:
-- ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
-+ ret = (b->flags & BIO_FLAGS_IN_EOF) != 0;
- break;
- default:
- ret = 0;
-diff --git crypto/err/openssl.txt crypto/err/openssl.txt
-index 902e97b843..846c896359 100644
---- crypto/err/openssl.txt
-+++ crypto/err/openssl.txt
-@@ -1319,6 +1319,7 @@ SSL_F_SSL_RENEGOTIATE:516:SSL_renegotiate
- SSL_F_SSL_RENEGOTIATE_ABBREVIATED:546:SSL_renegotiate_abbreviated
- SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT:320:*
- SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT:321:*
-+SSL_F_SSL_SENDFILE:639:SSL_sendfile
- SSL_F_SSL_SESSION_DUP:348:ssl_session_dup
- SSL_F_SSL_SESSION_NEW:189:SSL_SESSION_new
- SSL_F_SSL_SESSION_PRINT_FP:190:SSL_SESSION_print_fp
-diff --git crypto/evp/e_aes.c crypto/evp/e_aes.c
-index a1d3ab90fa..715fac9f88 100644
---- crypto/evp/e_aes.c
-+++ crypto/evp/e_aes.c
-@@ -2889,6 +2889,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- memcpy(ptr, c->buf, arg);
++
+ if (s->version == TLS1_2_VERSION &&
+ EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
+ if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv,
+@@ -186,8 +262,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c));
+ memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+- if (rec_seq != NULL)
+- *rec_seq = crypto_info->gcm128.rec_seq;
++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm128.rec_seq))
++ return 0;
return 1;
-
-+ case EVP_CTRL_GET_IV:
-+ if (gctx->iv_gen != 1)
+ # endif
+ # ifdef OPENSSL_KTLS_AES_GCM_256
+@@ -201,8 +277,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c));
+ memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+- if (rec_seq != NULL)
+- *rec_seq = crypto_info->gcm256.rec_seq;
++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm256.rec_seq))
+ return 0;
-+ if (gctx->ivlen != arg)
+ return 1;
+ # endif
+ # ifdef OPENSSL_KTLS_AES_CCM_128
+@@ -216,8 +292,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c));
+ memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
+ TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
+- if (rec_seq != NULL)
+- *rec_seq = crypto_info->ccm128.rec_seq;
++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->ccm128.rec_seq))
+ return 0;
-+ memcpy(ptr, gctx->iv, arg);
-+ return 1;
-+
- case EVP_CTRL_GCM_SET_IV_FIXED:
- /* Special case: -1 length restores whole IV */
- if (arg == -1) {
-diff --git doc/man3/BIO_ctrl.pod doc/man3/BIO_ctrl.pod
-index cf6ba135df..fc51173c8d 100644
---- doc/man3/BIO_ctrl.pod
-+++ doc/man3/BIO_ctrl.pod
-@@ -5,7 +5,8 @@
- BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
- BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
- BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
--BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
-+BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send,
-+BIO_get_ktls_recv
- - BIO control operations
-
- =head1 SYNOPSIS
-@@ -34,6 +35,9 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
- int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
- int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
-
-+ int BIO_get_ktls_send(BIO *b);
-+ int BIO_get_ktls_recv(BIO *b);
-+
- =head1 DESCRIPTION
-
- BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
-@@ -72,6 +76,11 @@ Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
- return a size_t type and are functions, BIO_pending() and BIO_wpending() are
- macros which call BIO_ctrl().
-
-+BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for
-+sending. Otherwise, it returns zero.
-+BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for
-+receiving. Otherwise, it returns zero.
-+
- =head1 RETURN VALUES
-
- BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
-@@ -92,6 +101,11 @@ BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
- BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
- return the amount of pending data.
-
-+BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for
-+sending. Otherwise, it returns zero.
-+BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for
-+receiving. Otherwise, it returns zero.
-+
- =head1 NOTES
+ return 1;
+ # endif
+ # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+@@ -231,8 +307,10 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+ EVP_CIPHER_get_key_length(c));
+ memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
+ TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
+- if (rec_seq != NULL)
+- *rec_seq = crypto_info->chacha20poly1305.rec_seq;
++ if (!is_tx
++ && !check_rx_read_ahead(s,
++ crypto_info->chacha20poly1305.rec_seq))
++ return 0;
+ return 1;
+ # endif
+ default:
+diff --git ssl/record/ssl3_record.c ssl/record/ssl3_record.c
+index d8ef018741..63caac080f 100644
+--- ssl/record/ssl3_record.c
++++ ssl/record/ssl3_record.c
+@@ -185,18 +185,23 @@ int ssl3_get_record(SSL *s)
+ int imac_size;
+ size_t num_recs = 0, max_recs, j;
+ PACKET pkt, sslv2pkt;
+- int is_ktls_left;
++ int using_ktls;
+ SSL_MAC_BUF *macbufs = NULL;
+ int ret = -1;
- BIO_flush(), because it can write data may return 0 or -1 indicating
-@@ -124,6 +138,11 @@ particular a return value of 0 can be returned if an operation is not
- supported, if an error occurred, if EOF has not been reached and in
- the case of BIO_seek() on a file BIO for a successful operation.
+ rr = RECORD_LAYER_get_rrec(&s->rlayer);
+ rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+- is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0);
+ max_recs = s->max_pipelines;
+ if (max_recs == 0)
+ max_recs = 1;
+ sess = s->session;
-+=head1 HISTORY
-+
-+The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in
-+OpenSSL 3.0.0.
++ /*
++ * KTLS reads full records. If there is any data left,
++ * then it is from before enabling ktls.
++ */
++ using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0;
+
- =head1 COPYRIGHT
-
- Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
-diff --git doc/man3/SSL_CONF_cmd.pod doc/man3/SSL_CONF_cmd.pod
-index 7f0e088687..c7cce5486b 100644
---- doc/man3/SSL_CONF_cmd.pod
-+++ doc/man3/SSL_CONF_cmd.pod
-@@ -495,6 +495,10 @@ specification. Some applications may be able to mitigate the replay risks in
- other ways and in such cases the built-in OpenSSL functionality is not required.
- Disabling anti-replay is equivalent to setting B<SSL_OP_NO_ANTI_REPLAY>.
+ do {
+ thisrr = &rr[num_recs];
-+B<KTLS>: Enables kernel TLS if support has been compiled in, and it is supported
-+by the negotiated ciphersuites and extensions. Equivalent to
-+B<SSL_OP_ENABLE_KTLS>.
-+
- =item B<VerifyMode>
+@@ -361,7 +366,9 @@ int ssl3_get_record(SSL *s)
+ }
+ }
- The B<value> argument is a comma separated list of flags to set.
-diff --git doc/man3/SSL_CTX_set_options.pod doc/man3/SSL_CTX_set_options.pod
-index 969e0366c4..231fe92d8e 100644
---- doc/man3/SSL_CTX_set_options.pod
-+++ doc/man3/SSL_CTX_set_options.pod
-@@ -237,6 +237,29 @@ functionality is not required. Those applications can turn this feature off by
- setting this option. This is a server-side opton only. It is ignored by
- clients.
+- if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
++ if (SSL_IS_TLS13(s)
++ && s->enc_read_ctx != NULL
++ && !using_ktls) {
+ if (thisrr->type != SSL3_RT_APPLICATION_DATA
+ && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
+ || !SSL_IS_FIRST_HANDSHAKE(s))
+@@ -391,7 +398,13 @@ int ssl3_get_record(SSL *s)
+ }
-+=item SSL_OP_ENABLE_KTLS
-+
-+Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must
-+have been compiled with support for it, and it must be supported by the
-+negotiated ciphersuites and extensions. The specific ciphersuites and extensions
-+that are supported may vary by platform and kernel version.
-+
-+The kernel TLS data-path implements the record layer, and the encryption
*** 3708 LINES SKIPPED ***