nfo_cb
-+BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send,
-+BIO_get_ktls_recv
- - BIO control operations
- 
- =head1 SYNOPSIS
-@@ -34,6 +35,9 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
-  int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
-  int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
- 
-+ int BIO_get_ktls_send(BIO *b);
-+ int BIO_get_ktls_recv(BIO *b);
-+
- =head1 DESCRIPTION
- 
- BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
-@@ -72,6 +76,11 @@ Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
- return a size_t type and are functions, BIO_pending() and BIO_wpending() are
- macros which call BIO_ctrl().
- 
-+BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for
-+sending. Otherwise, it returns zero.
-+BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for
-+receiving. Otherwise, it returns zero.
-+
- =head1 RETURN VALUES
- 
- BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
-@@ -92,6 +101,11 @@ BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
- BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
- return the amount of pending data.
- 
-+BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for
-+sending. Otherwise, it returns zero.
-+BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for
-+receiving. Otherwise, it returns zero.
-+
- =head1 NOTES
- 
- BIO_flush(), because it can write data may return 0 or -1 indicating
-@@ -124,6 +138,11 @@ particular a return value of 0 can be returned if an operation is not
- supported, if an error occurred, if EOF has not been reached and in
- the case of BIO_seek() on a file BIO for a successful operation.
- 
-+=head1 HISTORY
-+
-+The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in
-+OpenSSL 3.0.0.
-+
- =head1 COPYRIGHT
- 
- Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
-diff --git doc/man3/SSL_CONF_cmd.pod doc/man3/SSL_CONF_cmd.pod
-index 7f0e088687..c7cce5486b 100644
---- doc/man3/SSL_CONF_cmd.pod
-+++ doc/man3/SSL_CONF_cmd.pod
-@@ -495,6 +495,10 @@ specification. Some applications may be able to mitigate the replay risks in
- other ways and in such cases the built-in OpenSSL functionality is not required.
- Disabling anti-replay is equivalent to setting B<SSL_OP_NO_ANTI_REPLAY>.
- 
-+B<KTLS>: Enables kernel TLS if support has been compiled in, and it is supported
-+by the negotiated ciphersuites and extensions. Equivalent to
-+B<SSL_OP_ENABLE_KTLS>.
-+
- =item B<VerifyMode>
- 
- The B<value> argument is a comma separated list of flags to set.
-diff --git doc/man3/SSL_CTX_set_options.pod doc/man3/SSL_CTX_set_options.pod
-index 969e0366c4..231fe92d8e 100644
---- doc/man3/SSL_CTX_set_options.pod
-+++ doc/man3/SSL_CTX_set_options.pod
-@@ -237,6 +237,29 @@ functionality is not required. Those applications can turn this feature off by
- setting this option. This is a server-side opton only. It is ignored by
- clients.
- 
-+=item SSL_OP_ENABLE_KTLS
-+
-+Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must
-+have been compiled with support for it, and it must be supported by the
-+negotiated ciphersuites and extensions. The specific ciphersuites and extensions
-+that are supported may vary by platform and kernel version.
-+
-+The kernel TLS data-path implements the record layer, and the encryption
-+algorithm. The kernel will utilize the best hardware
-+available for encryption. Using the kernel data-path should reduce the memory
-+footprint of OpenSSL because no buffering is required. Also, the throughput
-+should improve because data copy is avoided when user data is encrypted into
-+kernel memory instead of the usual encrypt then copy to kernel.
-+
-+Kernel TLS might not support all the features of OpenSSL. For instance,
-+renegotiation, and setting the maximum fragment size is not possible as of
-+Linux 4.20.
-+
-+Note that with kernel TLS enabled some cryptographic operations are performed
-+by the kernel directly and not via any available OpenSSL Providers. This might
-+be undesirable if, for example, the application requires all cryptographic
-+operations to be performed by the FIPS provider.
-+
- =back
- 
- The following options no longer have any effect but their identifiers are
-diff --git doc/man3/SSL_CTX_set_record_padding_callback.pod doc/man3/SSL_CTX_set_record_padding_callback.pod
-index 13e56f0c57..247a39fc03 100644
---- doc/man3/SSL_CTX_set_record_padding_callback.pod
-+++ doc/man3/SSL_CTX_set_record_padding_callback.pod
-@@ -16,7 +16,7 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding
-  #include <openssl/ssl.h>
- 
-  void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
-- void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
-+ int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
- 
-  void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
-  void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
-@@ -32,6 +32,8 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding
- SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback()
- can be used to assign a callback function I<cb> to specify the padding
- for TLS 1.3 records. The value set in B<ctx> is copied to a new SSL by SSL_new().
-+Kernel TLS is not possible if the record padding callback is set, and the callback
-+function cannot be set if Kernel TLS is already configured for the current SSL object.
- 
- SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg()
- assign a value B<arg> that is passed to the callback when it is invoked. The value
-@@ -64,6 +66,9 @@ indicates no padding will be added. A return value that causes the record to
- exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the
- maximum record size.
- 
-+The SSL_CTX_get_record_padding_callback_arg() function returns 1 on success or 0 if
-+the callback function is not set because Kernel TLS is configured for the SSL object.
-+
- =head1 NOTES
- 
- The default behavior is to add no padding to the record.
-@@ -84,6 +89,9 @@ L<ssl(7)>, L<SSL_new(3)>
- 
- The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.
- 
-+The return type of SSL_CTX_set_record_padding_callback() function was
-+changed to int in OpenSSL 3.0.
-+
- =head1 COPYRIGHT
- 
- Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
-diff --git doc/man3/SSL_write.pod doc/man3/SSL_write.pod
-index 5e3ce1e7e4..9b271d8e65 100644
---- doc/man3/SSL_write.pod
-+++ doc/man3/SSL_write.pod
-@@ -2,12 +2,13 @@
- 
- =head1 NAME
- 
--SSL_write_ex, SSL_write - write bytes to a TLS/SSL connection
-+SSL_write_ex, SSL_write, SSL_sendfile - write bytes to a TLS/SSL connection
- 
- =head1 SYNOPSIS
- 
-  #include <openssl/ssl.h>
- 
-+ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags);
-  int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
-  int SSL_write(SSL *ssl, const void *buf, int num);
- 
-@@ -17,6 +18,14 @@ SSL_write_ex() and SSL_write() write B<num> bytes from the buffer B<buf> into
- the specified B<ssl> connection. On success SSL_write_ex() will store the number
- of bytes written in B<*written>.
- 
-+SSL_sendfile() writes B<size> bytes from offset B<offset> in the file
-+descriptor B<fd> to the specified SSL connection B<s>. This function provides
-+efficient zero-copy semantics. SSL_sendfile() is available only when
-+Kernel TLS is enabled, which can be checked by calling BIO_get_ktls_send().
-+It is provided here to allow users to maintain the same interface.
-+The meaning of B<flags> is platform dependent.
-+Currently, under Linux it is ignored.
-+
- =head1 NOTES
- 
- In the paragraphs below a "write function" is defined as one of either
-@@ -104,17 +113,36 @@ You should instead call SSL_get_error() to find out if it's retryable.
- 
- =back
- 
-+For SSL_sendfile(), the following return values can occur:
-+
-+=over 4
-+
-+=item Z<>>= 0
-+
-+The write operation was successful, the return value is the number
-+of bytes of the file written to the TLS/SSL connection. The return
-+value can be less than B<size> for a partial write.
-+
-+=item E<lt> 0
-+
-+The write operation was not successful, because either the connection was
-+closed, an error occured or action must be taken by the calling process.
-+Call SSL_get_error() with the return value to find out the reason.
-+
-+=back
-+
- =head1 SEE ALSO
- 
- L<SSL_get_error(3)>, L<SSL_read_ex(3)>, L<SSL_read(3)>
- L<SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)>,
- L<SSL_connect(3)>, L<SSL_accept(3)>
--L<SSL_set_connect_state(3)>,
-+L<SSL_set_connect_state(3)>, L<BIO_ctrl(3)>,
- L<ssl(7)>, L<bio(7)>
- 
- =head1 HISTORY
- 
- The SSL_write_ex() function was added in OpenSSL 1.1.1.
-+The SSL_sendfile() function was added in OpenSSL 3.0.0.
- 
- =head1 COPYRIGHT
- 
-diff --git engines/e_afalg.c engines/e_afalg.c
-index 2d16c13834..748969204e 100644
---- engines/e_afalg.c
-+++ engines/e_afalg.c
-@@ -407,7 +407,7 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
-                                  size_t inl, const unsigned char *iv,
-                                  unsigned int enc)
- {
--    struct msghdr msg = { 0 };
-+    struct msghdr msg;
-     struct cmsghdr *cmsg;
-     struct iovec iov;
-     ssize_t sbytes;
-@@ -416,6 +416,7 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
- # endif
-     char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
- 
-+    memset(&msg, 0, sizeof(msg));
-     memset(cbuf, 0, sizeof(cbuf));
-     msg.msg_control = cbuf;
-     msg.msg_controllen = sizeof(cbuf);
-diff --git include/internal/bio.h include/internal/bio.h
-index c343b27629..365d41dabb 100644
---- include/internal/bio.h
-+++ include/internal/bio.h
-@@ -7,6 +7,9 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
-+#ifndef HEADER_INTERNAL_BIO_H
-+# define HEADER_INTERNAL_BIO_H
-+
- #include <openssl/bio.h>
- 
- struct bio_method_st {
-@@ -31,3 +34,39 @@ void bio_cleanup(void);
- /* Old style to new style BIO_METHOD conversion functions */
- int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
- int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
-+
-+/* Changes to these internal BIOs must also update include/openssl/bio.h */
-+# define BIO_CTRL_SET_KTLS                      72
-+# define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG     74
-+# define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG        75
-+
-+/*
-+ * This is used with socket BIOs:
-+ * BIO_FLAGS_KTLS_TX means we are using ktls with this BIO for sending.
-+ * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next.
-+ * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving.
-+ */
-+# define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000
-+# define BIO_FLAGS_KTLS_RX          0x2000
-+# define BIO_FLAGS_KTLS_TX          0x4000
-+
-+/* KTLS related controls and flags */
-+# define BIO_set_ktls_flag(b, is_tx) \
-+    BIO_set_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX)
-+# define BIO_should_ktls_flag(b, is_tx) \
-+    BIO_test_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX)
-+# define BIO_set_ktls_ctrl_msg_flag(b) \
-+    BIO_set_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG)
-+# define BIO_should_ktls_ctrl_msg_flag(b) \
-+    BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG)
-+# define BIO_clear_ktls_ctrl_msg_flag(b) \
-+    BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG)
-+
-+#  define BIO_set_ktls(b, keyblob, is_tx)   \
-+     BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob)
-+#  define BIO_set_ktls_ctrl_msg(b, record_type)   \
-+     BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL)
-+#  define BIO_clear_ktls_ctrl_msg(b) \
-+     BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL)
-+
-+#endif
-diff --git include/internal/ktls.h include/internal/ktls.h
-new file mode 100644
-index 0000000000..5f9e3f91ed
---- /dev/null
-+++ include/internal/ktls.h
-@@ -0,0 +1,407 @@
-+/*
-+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#if defined(OPENSSL_SYS_LINUX)
-+# ifndef OPENSSL_NO_KTLS
-+#  include <linux/version.h>
-+#  if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)
-+#   define OPENSSL_NO_KTLS
-+#   ifndef PEDANTIC
-+#    warning "KTLS requires Kernel Headers >= 4.13.0"
-+#    warning "Skipping Compilation of KTLS"
-+#   endif
-+#  endif
-+# endif
-+#endif
-+
-+#ifndef HEADER_INTERNAL_KTLS
-+# define HEADER_INTERNAL_KTLS
-+# ifndef OPENSSL_NO_KTLS
-+
-+#  if defined(__FreeBSD__)
-+#   include <sys/types.h>
-+#   include <sys/socket.h>
-+#   include <sys/ktls.h>
-+#   include <netinet/in.h>
-+#   include <netinet/tcp.h>
-+#   include "openssl/ssl3.h"
-+
-+#   ifndef TCP_RXTLS_ENABLE
-+#    define OPENSSL_NO_KTLS_RX
-+#   endif
-+#   define OPENSSL_KTLS_AES_GCM_128
-+#   define OPENSSL_KTLS_AES_GCM_256
-+#   define OPENSSL_KTLS_TLS13
-+#   ifdef TLS_CHACHA20_IV_LEN
-+#    ifndef OPENSSL_NO_CHACHA
-+#     define OPENSSL_KTLS_CHACHA20_POLY1305
-+#    endif
-+#   endif
-+
-+typedef struct tls_enable ktls_crypto_info_t;
-+
-+/*
-+ * FreeBSD does not require any additional steps to enable KTLS before
-+ * setting keys.
-+ */
*** 3014 LINES SKIPPED ***