diff options
author | Andrew Gallatin <gallatin@gmail.com> | 2018-10-22 11:02:19 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-10-31 10:24:32 +0000 |
commit | 2111f5c2834a838c4fc1ca981fddf80cbc589dfc (patch) | |
tree | f818b3f6a402ec5948107eea9ce7a691db00789f /crypto | |
parent | 181ea366f67f46cab093d6a7bbb1b2f35125b9f2 (diff) |
Add support for in-kernel TLS (KTLS) on FreeBSD.
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/bio/bss_sock.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index ed513495ff..09cc4e30a0 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -152,7 +152,11 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int *ip; # ifndef OPENSSL_NO_KTLS +# ifdef __FreeBSD__ + struct tls_enable *crypto_info; +# else struct tls12_crypto_info_aes_gcm_128 *crypto_info; +# endif # endif switch (cmd) { @@ -183,7 +187,11 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) break; # ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: +# ifdef __FreeBSD__ + crypto_info = (struct tls_enable *)ptr; +# else crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr; +# endif ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num); if (ret) BIO_set_ktls_flag(b, num); |