Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Oct 2023 17:30:52 GMT
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: d5ec2e12f399 - main - security/openssl: Major version update to 3.0
Message-ID:  <202310141730.39EHUqwl090424@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d5ec2e12f399b7813994564b77a0915821a0ac42

commit d5ec2e12f399b7813994564b77a0915821a0ac42
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2023-10-14 17:00:42 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2023-10-14 17:23:12 +0000

    security/openssl: Major version update to 3.0
    
     * OpenSSL 1.1.1 is EoL, update to new LTS version
     * Aligns with upcoming OpenSSL version in 14.0
---
 UPDATING                                           |   17 +
 security/openssl/Makefile                          |   96 +-
 security/openssl/distinfo                          |    6 +-
 security/openssl/files/extra-patch-ktls            | 3753 +++-----------------
 .../openssl/files/extra-patch-util_find-doc-nits   |   20 +
 .../files/extra-patch-util_process__docs.pl        |   20 -
 .../files/patch-Configurations_10-main.conf        |   35 +
 security/openssl/files/patch-Configure             |   11 +
 security/openssl/files/patch-crypto_ppccap.c       |   34 +
 .../openssl/files/patch-crypto_threads__pthread.c  |   13 +
 .../files/patch-util_perl_OpenSSL_config.pm        |   14 +
 security/openssl/files/pkg-message.in              |    8 -
 security/openssl/pkg-plist                         |  263 +-
 security/openssl/version.mk                        |    2 +-
 14 files changed, 793 insertions(+), 3499 deletions(-)

diff --git a/UPDATING b/UPDATING
index 10a57980b74c..382cf5f5bd48 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,23 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20231014:
+  AFFECTS: users of security/openssl and security/openssl30
+  AUTHOR: brnrd@FreeBSD.org
+
+  The openssl port was renamed to openssl111 and subsequently the
+  openssl30 port was renamed to openssl.
+
+  The shared library version of OpenSSL has been bumped.
+
+  Users of DEFAULT_VERSIONS= ssl=openssl30 must update this to
+  ssl=openssl.
+  Users of DEFAULT_VERSIONS= ssl=openssl should not change this unless
+  they use ports that require the deprecated OpenSSL 1.1.1 version.
+
+  You must rebuild all ports that depend on OpenSSL if you use OpenSSL
+  from ports.
+
 20231011:
   AFFECTS: users of www/caddy
   AUTHOR:  adamw@FreeBSD.org
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 77b05e43a321..0d829246a3e9 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	openssl
-PORTVERSION=	1.1.1w
+PORTVERSION=	3.0.11
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.openssl.org/source/ \
@@ -9,10 +9,16 @@ MAINTAINER=	brnrd@FreeBSD.org
 COMMENT=	TLSv1.3 capable SSL and crypto library
 WWW=		https://www.openssl.org/
 
-LICENSE=	OpenSSL
-LICENSE_FILE=	${WRKSRC}/LICENSE
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
 
-CONFLICTS_INSTALL=	boringssl libressl libressl-devel openssl3[012] openssl-quictls
+#EXPIRES=	2025-03-25
+
+CONFLICTS_INSTALL=	boringssl libressl libressl-devel openssl111 openssl3[12] openssl-quictls
+
+USES=		cpe perl5
+USE_PERL5=	build
+TEST_TARGET=	test
 
 HAS_CONFIGURE=	yes
 CONFIGURE_SCRIPT=	config
@@ -20,32 +26,27 @@ CONFIGURE_ENV=	PERL="${PERL}"
 CONFIGURE_ARGS=	--openssldir=${OPENSSLDIR} \
 		--prefix=${PREFIX}
 
-USES=		cpe perl5
-USE_PERL5=	build
-TEST_TARGET=	test
-
 LDFLAGS_i386=	-Wl,-znotext
 
 MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
 MAKE_ENV+=	LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
 
-OPTIONS_GROUP=		CIPHERS HASHES OPTIMIZE PROTOCOLS
+OPTIONS_GROUP=		CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS
 OPTIONS_GROUP_CIPHERS=	ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS
 OPTIONS_GROUP_HASHES=	MD2 MD4 MDC2 RMD160 SM2 SM3
 OPTIONS_GROUP_OPTIMIZE=	ASM SSE2 THREADS
+OPTIONS_GROUP_MODULES=	FIPS LEGACY
 OPTIONS_DEFINE_i386=	I386
 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
 
 OPTIONS_DEFINE=	ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB
 
-OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \
-		RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
+OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 NEXTPROTONEG \
+		RFC3779 RC2 RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
 
 OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \
 		${${OSVERSION} > 1300000:?CRYPTODEV:}
 
-OPTIONS_GROUP_OPTIMIZE_amd64=	EC
-
 .if ${MACHINE_ARCH} == "amd64"
 OPTIONS_GROUP_OPTIMIZE+=	EC
 .elif ${MACHINE_ARCH} == "mips64el"
@@ -62,15 +63,18 @@ CRYPTODEV_DESC=	/dev/crypto support
 CT_DESC=	Certificate Transparency Support
 DES_DESC=	(Triple) Data Encryption Standard
 EC_DESC=	Optimize NIST elliptic curves
+FIPS_DESC=	Build FIPS provider
 GOST_DESC=	GOST (Russian standard)
 HASHES_DESC=	Hash Function Support
 I386_DESC=	i386 (instead of i486+)
 IDEA_DESC=	International Data Encryption Algorithm
-KTLS_DESC=	Kernel TLS offload
+KTLS_DESC=	Use in-kernel TLS (FreeBSD >13)
+LEGACY_DESC=	Older algorithms
 MAN3_DESC=	Install API manpages (section 3, 7)
-MD2_DESC=	MD2 (obsolete)
+MD2_DESC=	MD2 (obsolete) (requires LEGACY)
 MD4_DESC=	MD4 (unsafe)
 MDC2_DESC=	MDC-2 (patented, requires DES)
+MODULES_DESC=	Provider modules
 NEXTPROTONEG_DESC=	Next Protocol Negotiation (SPDY)
 OPTIMIZE_DESC=	Optimizations
 PROTOCOLS_DESC=	Protocol Support
@@ -92,30 +96,51 @@ TLS1_2_DESC=	TLSv1.2
 WEAK-SSL-CIPHERS_DESC=	Weak cipher support (unsafe)
 
 # Upstream default disabled options
-.for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers
+.for _option in fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib
 ${_option:tu}_CONFIGURE_ON=	enable-${_option}
 .endfor
 
 # Upstream default enabled options
-.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \
-	rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2
+.for _option in aria asm async ct des gost idea md4 mdc2 legacy \
+	nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \
+	threads tls1 tls1_1 tls1_2
 ${_option:tu}_CONFIGURE_OFF=	no-${_option}
 .endfor
 
+MD2_IMPLIES=	LEGACY
 MDC2_IMPLIES=	DES
 TLS1_IMPLIES=	TLS1_1
 TLS1_1_IMPLIES=	TLS1_2
 
 EC_CONFIGURE_ON=	enable-ec_nistp_64_gcc_128
+FIPS_VARS=		shlibs+=lib/ossl-modules/fips.so
 I386_CONFIGURE_ON=	386
 KTLS_EXTRA_PATCHES=	${FILESDIR}/extra-patch-ktls
-MAN3_EXTRA_PATCHES_OFF=	${FILESDIR}/extra-patch-util_process__docs.pl
+LEGACY_VARS=		shlibs+=lib/ossl-modules/legacy.so
+MAN3_EXTRA_PATCHES_OFF=	${FILESDIR}/extra-patch-util_find-doc-nits
 SHARED_MAKE_ENV=	SHLIBVER=${OPENSSL_SHLIBVER}
 SHARED_PLIST_SUB=	SHLIBVER=${OPENSSL_SHLIBVER}
 SHARED_USE=		ldconfig=yes
+SHARED_VARS=		shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \
+				lib/libssl.so.${OPENSSL_SHLIBVER} \
+				lib/engines-${OPENSSL_SHLIBVER}/capi.so \
+				lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \
+				lib/engines-${OPENSSL_SHLIBVER}/padlock.so"
 SSL3_CONFIGURE_ON+=	enable-ssl3-method
 ZLIB_CONFIGURE_ON=	zlib-dynamic
 
+SHLIBS=			lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so
+
+.include <bsd.port.options.mk>
+
+.if ${ARCH} == powerpc64
+CONFIGURE_ARGS+=	BSD-ppc64
+.elif ${ARCH} == powerpc64le
+CONFIGURE_ARGS+=	BSD-ppc64le
+.elif ${ARCH} == riscv64
+CONFIGURE_ARGS+=	BSD-riscv64
+.endif
+
 .include <bsd.port.pre.mk>
 .if ${PREFIX} == /usr
 IGNORE=	the OpenSSL port can not be installed over the base version
@@ -135,35 +160,34 @@ BROKEN_sparc64=	option ASM generates illegal instructions
 .endif
 
 post-patch:
-	${REINPLACE_CMD} \
-		-e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \
-		-e 's| install_html_docs$$||' \
-		-e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \
+	${REINPLACE_CMD} -Ee 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \
+		-e 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \
 		${WRKSRC}/Configurations/unix-Makefile.tmpl
-	${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl
+	${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \
+		${WRKSRC}/VERSION.dat
 
 post-configure:
+	( cd ${WRKSRC} ; ${PERL} configdata.pm --dump )
+
+post-configure-MAN3-off:
 	${REINPLACE_CMD} \
-		-e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \
+		-e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \
+		-e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \
 		${WRKSRC}/Makefile
-	${REINPLACE_CMD} \
-		-e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \
-		${WRKSRC}/include/openssl/opensslv.h
 
 post-install-SHARED-on:
-.for i in libcrypto libssl
-	${INSTALL_LIB} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib
-	${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so
-.endfor
-.for i in capi padlock
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines-1.1/${i}.so
+.for i in ${SHLIBS}
+	-@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i
 .endfor
 
+post-install-SHARED-off:
+	${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-12
+
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl
 
 post-install-MAN3-on:
-	( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \
-		${SED} 's/$$/.gz/' >>${TMPPLIST}
+	( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 -not -type d ; \
+		${FIND} man/man7 -not -type d ) | ${SED} 's/$$/.gz/' >> ${TMPPLIST}
 
 .include <bsd.port.post.mk>
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 11a9beb18815..a62e9e8bb1d6 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1694449777
-SHA256 (openssl-1.1.1w.tar.gz) = cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8
-SIZE (openssl-1.1.1w.tar.gz) = 9893384
+TIMESTAMP = 1695134169
+SHA256 (openssl-3.0.11.tar.gz) = b3425d3bb4a2218d0697eb41f7fc0cdede016ed19ca49d168b78e8d947887f55
+SIZE (openssl-3.0.11.tar.gz) = 15198318
diff --git a/security/openssl/files/extra-patch-ktls b/security/openssl/files/extra-patch-ktls
index d38a70e779e3..8a46c272d95c 100644
--- a/security/openssl/files/extra-patch-ktls
+++ b/security/openssl/files/extra-patch-ktls
@@ -1,2081 +1,318 @@
-diff --git CHANGES CHANGES
-index a5522e5fa5..98961effc0 100644
---- CHANGES
-+++ CHANGES
-@@ -606,6 +606,11 @@
-      necessary to configure just to create a source distribution.
-      [Richard Levitte]
- 
-+  *) Added support for Linux Kernel TLS data-path. The Linux Kernel data-path
-+     improves application performance by removing data copies and providing
-+     applications with zero-copy system calls such as sendfile and splice.
-+     [Boris Pismenny]
-+
-  Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
- 
-   *) Timing vulnerability in DSA signature generation
-diff --git Configure Configure
-index 4bea49d7da..e656814a7f 100755
---- Configure
-+++ Configure
-@@ -341,6 +341,7 @@ my @dtls = qw(dtls1 dtls1_2);
- # For developers: keep it sorted alphabetically
+diff --git include/internal/ktls.h include/internal/ktls.h
+index 95492fd065..3c82cae26b 100644
+--- include/internal/ktls.h
++++ include/internal/ktls.h
+@@ -40,6 +40,11 @@
+ #   define OPENSSL_KTLS_AES_GCM_128
+ #   define OPENSSL_KTLS_AES_GCM_256
+ #   define OPENSSL_KTLS_TLS13
++#   ifdef TLS_CHACHA20_IV_LEN
++#    ifndef OPENSSL_NO_CHACHA
++#     define OPENSSL_KTLS_CHACHA20_POLY1305
++#    endif
++#   endif
  
- my @disablables = (
-+    "ktls",
-     "afalgeng",
-     "aria",
-     "asan",
-@@ -474,6 +475,7 @@ our %disabled = ( # "what"         => "comment"
-                   "weak-ssl-ciphers"    => "default",
-                   "zlib"                => "default",
-                   "zlib-dynamic"        => "default",
-+		  "ktls"                => "default",
-                 );
+ typedef struct tls_enable ktls_crypto_info_t;
  
- # Note: => pair form used for aesthetics, not to truly make a hash table
-@@ -1583,6 +1585,33 @@ unless ($disabled{devcryptoeng}) {
-     }
- }
+diff --git ssl/ktls.c ssl/ktls.c
+index 79d980959e..e343d382cc 100644
+--- ssl/ktls.c
++++ ssl/ktls.c
+@@ -10,6 +10,67 @@
+ #include "ssl_local.h"
+ #include "internal/ktls.h"
  
-+unless ($disabled{ktls}) {
-+    $config{ktls}="";
-+    if ($target =~ m/^linux/) {
-+        my $usr = "/usr/$config{cross_compile_prefix}";
-+        chop($usr);
-+        if ($config{cross_compile_prefix} eq "") {
-+            $usr = "/usr";
-+        }
-+        my $minver = (4 << 16) + (13 << 8) + 0;
-+        my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
++#ifndef OPENSSL_NO_KTLS_RX
++ /*
++  * Count the number of records that were not processed yet from record boundary.
++  *
++  * This function assumes that there are only fully formed records read in the
++  * record layer. If read_ahead is enabled, then this might be false and this
++  * function will fail.
++  */
++static int count_unprocessed_records(SSL *s)
++{
++    SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
++    PACKET pkt, subpkt;
++    int count = 0;
 +
-+        if ($verstr[2] < $minver) {
-+            disable('too-old-kernel', 'ktls');
-+        }
-+    } elsif ($target =~ m/^BSD/) {
-+        my $cc = $config{CROSS_COMPILE}.$config{CC};
-+        system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
-+        if ($? != 0) {
-+            disable('too-old-freebsd', 'ktls');
-+        }
-+    } else {
-+        disable('not-linux-or-freebsd', 'ktls');
++    if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left))
++        return -1;
++
++    while (PACKET_remaining(&pkt) > 0) {
++        /* Skip record type and version */
++        if (!PACKET_forward(&pkt, 3))
++            return -1;
++
++        /* Read until next record */
++        if (!PACKET_get_length_prefixed_2(&pkt, &subpkt))
++            return -1;
++
++        count += 1;
 +    }
++
++    return count;
 +}
 +
-+push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
++/*
++ * The kernel cannot offload receive if a partial TLS record has been read.
++ * Check the read buffer for unprocessed records.  If the buffer contains a
++ * partial record, fail and return 0.  Otherwise, update the sequence
++ * number at *rec_seq for the count of unprocessed records and return 1.
++ */
++static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq)
++{
++    int bit, count_unprocessed;
 +
- # Get the extra flags used when building shared libraries and modules.  We
- # do this late because some of them depend on %disabled.
- 
-diff --git INSTALL INSTALL
-index f3ac727183..f6f754fd5e 100644
---- INSTALL
-+++ INSTALL
-@@ -263,6 +263,15 @@
-                    Don't build the AFALG engine. This option will be forced if
-                    on a platform that does not support AFALG.
- 
-+  enable-ktls
-+                   Build with Kernel TLS support. This option will enable the
-+                   use of the Kernel TLS data-path, which can improve
-+                   performance and allow for the use of sendfile and splice
-+                   system calls on TLS sockets. The Kernel may use TLS
-+                   accelerators if any are available on the system.
-+                   This option will be forced off on systems that do not support
-+                   the Kernel TLS data-path.
++    count_unprocessed = count_unprocessed_records(s);
++    if (count_unprocessed < 0)
++        return 0;
 +
-   enable-asan
-                    Build with the Address sanitiser. This is a developer option
-                    only. It may not work on all platforms and should never be
-diff --git apps/s_client.c apps/s_client.c
-index 00effc8037..5664e7e04e 100644
---- apps/s_client.c
-+++ apps/s_client.c
-@@ -3295,6 +3295,12 @@ static void print_stuff(BIO *bio, SSL *s, int full)
-     BIO_printf(bio, "Expansion: %s\n",
-                expansion ? SSL_COMP_get_name(expansion) : "NONE");
- #endif
-+#ifndef OPENSSL_NO_KTLS
-+    if (BIO_get_ktls_send(SSL_get_wbio(s)))
-+        BIO_printf(bio_err, "Using Kernel TLS for sending\n");
-+    if (BIO_get_ktls_recv(SSL_get_rbio(s)))
-+        BIO_printf(bio_err, "Using Kernel TLS for receiving\n");
-+#endif
- 
- #ifdef SSL_DEBUG
-     {
-diff --git apps/s_server.c apps/s_server.c
-index 64d53e68d0..9fcb8d7a7b 100644
---- apps/s_server.c
-+++ apps/s_server.c
-@@ -2934,6 +2934,12 @@ static void print_connection_info(SSL *con)
-         }
-         OPENSSL_free(exportedkeymat);
-     }
-+#ifndef OPENSSL_NO_KTLS
-+    if (BIO_get_ktls_send(SSL_get_wbio(con)))
-+        BIO_printf(bio_err, "Using Kernel TLS for sending\n");
-+    if (BIO_get_ktls_recv(SSL_get_rbio(con)))
-+        BIO_printf(bio_err, "Using Kernel TLS for receiving\n");
++    /* increment the crypto_info record sequence */
++    while (count_unprocessed) {
++        for (bit = 7; bit >= 0; bit--) { /* increment */
++            ++rec_seq[bit];
++            if (rec_seq[bit] != 0)
++                break;
++        }
++        count_unprocessed--;
++
++    }
++
++    return 1;
++}
 +#endif
++
+ #if defined(__FreeBSD__)
+ # include "crypto/cryptodev.h"
  
-     (void)BIO_flush(bio_s_out);
- }
-diff --git crypto/bio/b_sock2.c crypto/bio/b_sock2.c
-index 104ff31b0d..771729880e 100644
---- crypto/bio/b_sock2.c
-+++ crypto/bio/b_sock2.c
-@@ -12,6 +12,7 @@
- #include <errno.h>
- 
- #include "bio_local.h"
-+#include "internal/ktls.h"
- 
- #include <openssl/err.h>
- 
-@@ -50,6 +51,17 @@ int BIO_socket(int domain, int socktype, int protocol, int options)
-         BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
-         return INVALID_SOCKET;
-     }
-+# ifndef OPENSSL_NO_KTLS
-+    {
-+        /*
-+         * The new socket is created successfully regardless of ktls_enable.
-+         * ktls_enable doesn't change any functionality of the socket, except
-+         * changing the setsockopt to enable the processing of ktls_start.
-+         * Thus, it is not a problem to call it for non-TLS sockets.
-+         */
-+        ktls_enable(sock);
-+    }
+@@ -37,6 +98,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
+     case SSL_AES128GCM:
+     case SSL_AES256GCM:
+         return 1;
++# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
++    case SSL_CHACHA20POLY1305:
++        return 1;
 +# endif
- 
-     return sock;
+     case SSL_AES128:
+     case SSL_AES256:
+         if (s->ext.use_etm)
+@@ -55,9 +120,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
  }
-diff --git crypto/bio/bss_conn.c crypto/bio/bss_conn.c
-index 807a82b23b..10cf20871c 100644
---- crypto/bio/bss_conn.c
-+++ crypto/bio/bss_conn.c
-@@ -11,6 +11,7 @@
- #include <errno.h>
- 
- #include "bio_local.h"
-+#include "internal/ktls.h"
- 
- #ifndef OPENSSL_NO_SOCK
- 
-@@ -20,6 +21,9 @@ typedef struct bio_connect_st {
-     char *param_hostname;
-     char *param_service;
-     int connect_mode;
-+# ifndef OPENSSL_NO_KTLS
-+    unsigned char record_type;
-+# endif
- 
-     BIO_ADDRINFO *addr_first;
-     const BIO_ADDRINFO *addr_iter;
-@@ -320,7 +324,12 @@ static int conn_read(BIO *b, char *out, int outl)
- 
-     if (out != NULL) {
-         clear_socket_error();
--        ret = readsocket(b->num, out, outl);
-+# ifndef OPENSSL_NO_KTLS
-+        if (BIO_get_ktls_recv(b))
-+            ret = ktls_read_record(b->num, out, outl);
-+        else
-+# endif
-+            ret = readsocket(b->num, out, outl);
-         BIO_clear_retry_flags(b);
-         if (ret <= 0) {
-             if (BIO_sock_should_retry(ret))
-@@ -345,7 +354,16 @@ static int conn_write(BIO *b, const char *in, int inl)
-     }
- 
-     clear_socket_error();
--    ret = writesocket(b->num, in, inl);
-+# ifndef OPENSSL_NO_KTLS
-+    if (BIO_should_ktls_ctrl_msg_flag(b)) {
-+        ret = ktls_send_ctrl_message(b->num, data->record_type, in, inl);
-+        if (ret >= 0) {
-+            ret = inl;
-+            BIO_clear_ktls_ctrl_msg_flag(b);
-+        }
-+    } else
-+# endif
-+        ret = writesocket(b->num, in, inl);
-     BIO_clear_retry_flags(b);
-     if (ret <= 0) {
-         if (BIO_sock_should_retry(ret))
-@@ -361,6 +379,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
-     const char **pptr = NULL;
-     long ret = 1;
-     BIO_CONNECT *data;
-+# ifndef OPENSSL_NO_KTLS
-+    ktls_crypto_info_t *crypto_info;
-+# endif
  
-     data = (BIO_CONNECT *)b->ptr;
- 
-@@ -518,8 +539,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
-         }
-         break;
-     case BIO_CTRL_EOF:
--        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
-+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0;
+ /* Function to configure kernel TLS structure */
+-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+                           void *rl_sequence, ktls_crypto_info_t *crypto_info,
+-                          unsigned char **rec_seq, unsigned char *iv,
++                          int is_tx, unsigned char *iv,
+                           unsigned char *key, unsigned char *mac_key,
+                           size_t mac_secret_size)
+ {
+@@ -71,6 +136,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+         else
+             crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
          break;
-+# ifndef OPENSSL_NO_KTLS
-+    case BIO_CTRL_SET_KTLS:
-+        crypto_info = (ktls_crypto_info_t *)ptr;
-+        ret = ktls_start(b->num, crypto_info, num);
-+        if (ret)
-+            BIO_set_ktls_flag(b, num);
-+        break;
-+    case BIO_CTRL_GET_KTLS_SEND:
-+        return BIO_should_ktls_flag(b, 1) != 0;
-+    case BIO_CTRL_GET_KTLS_RECV:
-+        return BIO_should_ktls_flag(b, 0) != 0;
-+    case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG:
-+        BIO_set_ktls_ctrl_msg_flag(b);
-+        data->record_type = num;
-+        ret = 0;
-+        break;
-+    case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG:
-+        BIO_clear_ktls_ctrl_msg_flag(b);
-+        ret = 0;
++# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
++    case SSL_CHACHA20POLY1305:
++        crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
++        crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
 +        break;
 +# endif
-     default:
-         ret = 0;
-         break;
-diff --git crypto/bio/bss_fd.c crypto/bio/bss_fd.c
-index ccbe1626ba..8d03e48ce9 100644
---- crypto/bio/bss_fd.c
-+++ crypto/bio/bss_fd.c
-@@ -189,7 +189,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
-         ret = 1;
-         break;
-     case BIO_CTRL_EOF:
--        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
-+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0;
-         break;
-     default:
-         ret = 0;
-diff --git crypto/bio/bss_sock.c crypto/bio/bss_sock.c
-index 6251f3d46a..8de1f58292 100644
---- crypto/bio/bss_sock.c
-+++ crypto/bio/bss_sock.c
-@@ -11,6 +11,7 @@
- #include <errno.h>
- #include "bio_local.h"
- #include "internal/cryptlib.h"
-+#include "internal/ktls.h"
- 
- #ifndef OPENSSL_NO_SOCK
- 
-@@ -64,6 +65,17 @@ BIO *BIO_new_socket(int fd, int close_flag)
-     if (ret == NULL)
-         return NULL;
-     BIO_set_fd(ret, fd, close_flag);
-+# ifndef OPENSSL_NO_KTLS
-+    {
-+        /*
-+         * The new socket is created successfully regardless of ktls_enable.
-+         * ktls_enable doesn't change any functionality of the socket, except
-+         * changing the setsockopt to enable the processing of ktls_start.
-+         * Thus, it is not a problem to call it for non-TLS sockets.
-+         */
-+        ktls_enable(fd);
-+    }
-+# endif
-     return ret;
+     case SSL_AES128:
+     case SSL_AES256:
+         switch (s->s3.tmp.new_cipher->algorithm_mac) {
+@@ -101,11 +172,11 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+     crypto_info->tls_vminor = (s->version & 0x000000ff);
+ # ifdef TCP_RXTLS_ENABLE
+     memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
+-    if (rec_seq != NULL)
+-        *rec_seq = crypto_info->rec_seq;
++    if (!is_tx && !check_rx_read_ahead(s, crypto_info->rec_seq))
++        return 0;
+ # else
+-    if (rec_seq != NULL)
+-        *rec_seq = NULL;
++    if (!is_tx)
++        return 0;
+ # endif
+     return 1;
+ };
+@@ -154,15 +225,20 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
  }
  
-@@ -96,7 +108,12 @@ static int sock_read(BIO *b, char *out, int outl)
- 
-     if (out != NULL) {
-         clear_socket_error();
--        ret = readsocket(b->num, out, outl);
-+# ifndef OPENSSL_NO_KTLS
-+        if (BIO_get_ktls_recv(b))
-+            ret = ktls_read_record(b->num, out, outl);
-+        else
-+# endif
-+            ret = readsocket(b->num, out, outl);
-         BIO_clear_retry_flags(b);
-         if (ret <= 0) {
-             if (BIO_sock_should_retry(ret))
-@@ -110,10 +127,20 @@ static int sock_read(BIO *b, char *out, int outl)
- 
- static int sock_write(BIO *b, const char *in, int inl)
- {
--    int ret;
-+    int ret = 0;
- 
-     clear_socket_error();
--    ret = writesocket(b->num, in, inl);
-+# ifndef OPENSSL_NO_KTLS
-+    if (BIO_should_ktls_ctrl_msg_flag(b)) {
-+        unsigned char record_type = (intptr_t)b->ptr;
-+        ret = ktls_send_ctrl_message(b->num, record_type, in, inl);
-+        if (ret >= 0) {
-+            ret = inl;
-+            BIO_clear_ktls_ctrl_msg_flag(b);
-+        }
-+    } else
-+# endif
-+        ret = writesocket(b->num, in, inl);
-     BIO_clear_retry_flags(b);
-     if (ret <= 0) {
-         if (BIO_sock_should_retry(ret))
-@@ -126,6 +153,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+ /* Function to configure kernel TLS structure */
+-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+                           void *rl_sequence, ktls_crypto_info_t *crypto_info,
+-                          unsigned char **rec_seq, unsigned char *iv,
++                          int is_tx, unsigned char *iv,
+                           unsigned char *key, unsigned char *mac_key,
+                           size_t mac_secret_size)
  {
-     long ret = 1;
-     int *ip;
-+# ifndef OPENSSL_NO_KTLS
-+    ktls_crypto_info_t *crypto_info;
-+# endif
+     unsigned char geniv[12];
+     unsigned char *iiv = iv;
  
-     switch (cmd) {
-     case BIO_C_SET_FD:
-@@ -153,8 +183,29 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
-     case BIO_CTRL_FLUSH:
-         ret = 1;
-         break;
-+# ifndef OPENSSL_NO_KTLS
-+    case BIO_CTRL_SET_KTLS:
-+        crypto_info = (ktls_crypto_info_t *)ptr;
-+        ret = ktls_start(b->num, crypto_info, num);
-+        if (ret)
-+            BIO_set_ktls_flag(b, num);
-+        break;
-+    case BIO_CTRL_GET_KTLS_SEND:
-+        return BIO_should_ktls_flag(b, 1) != 0;
-+    case BIO_CTRL_GET_KTLS_RECV:
-+        return BIO_should_ktls_flag(b, 0) != 0;
-+    case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG:
-+        BIO_set_ktls_ctrl_msg_flag(b);
-+        b->ptr = (void *)num;
-+        ret = 0;
-+        break;
-+    case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG:
-+        BIO_clear_ktls_ctrl_msg_flag(b);
-+        ret = 0;
-+        break;
++# ifdef OPENSSL_NO_KTLS_RX
++    if (!is_tx)
++        return 0;
 +# endif
-     case BIO_CTRL_EOF:
--        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
-+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0;
-         break;
-     default:
-         ret = 0;
-diff --git crypto/err/openssl.txt crypto/err/openssl.txt
-index 902e97b843..846c896359 100644
---- crypto/err/openssl.txt
-+++ crypto/err/openssl.txt
-@@ -1319,6 +1319,7 @@ SSL_F_SSL_RENEGOTIATE:516:SSL_renegotiate
- SSL_F_SSL_RENEGOTIATE_ABBREVIATED:546:SSL_renegotiate_abbreviated
- SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT:320:*
- SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT:321:*
-+SSL_F_SSL_SENDFILE:639:SSL_sendfile
- SSL_F_SSL_SESSION_DUP:348:ssl_session_dup
- SSL_F_SSL_SESSION_NEW:189:SSL_SESSION_new
- SSL_F_SSL_SESSION_PRINT_FP:190:SSL_SESSION_print_fp
-diff --git crypto/evp/e_aes.c crypto/evp/e_aes.c
-index a1d3ab90fa..715fac9f88 100644
---- crypto/evp/e_aes.c
-+++ crypto/evp/e_aes.c
-@@ -2889,6 +2889,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-         memcpy(ptr, c->buf, arg);
++
+     if (s->version == TLS1_2_VERSION &&
+         EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
+         if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv,
+@@ -186,8 +262,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+         memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c));
+         memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
+                TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+-        if (rec_seq != NULL)
+-            *rec_seq = crypto_info->gcm128.rec_seq;
++        if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm128.rec_seq))
++            return 0;
          return 1;
- 
-+    case EVP_CTRL_GET_IV:
-+        if (gctx->iv_gen != 1)
+ # endif
+ # ifdef OPENSSL_KTLS_AES_GCM_256
+@@ -201,8 +277,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+         memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c));
+         memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
+                TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+-        if (rec_seq != NULL)
+-            *rec_seq = crypto_info->gcm256.rec_seq;
++        if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm256.rec_seq))
 +            return 0;
-+        if (gctx->ivlen != arg)
+         return 1;
+ # endif
+ # ifdef OPENSSL_KTLS_AES_CCM_128
+@@ -216,8 +292,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+         memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c));
+         memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
+                TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
+-        if (rec_seq != NULL)
+-            *rec_seq = crypto_info->ccm128.rec_seq;
++        if (!is_tx && !check_rx_read_ahead(s, crypto_info->ccm128.rec_seq))
 +            return 0;
-+        memcpy(ptr, gctx->iv, arg);
-+        return 1;
-+
-     case EVP_CTRL_GCM_SET_IV_FIXED:
-         /* Special case: -1 length restores whole IV */
-         if (arg == -1) {
-diff --git doc/man3/BIO_ctrl.pod doc/man3/BIO_ctrl.pod
-index cf6ba135df..fc51173c8d 100644
---- doc/man3/BIO_ctrl.pod
-+++ doc/man3/BIO_ctrl.pod
-@@ -5,7 +5,8 @@
- BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
- BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
- BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
--BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
-+BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send,
-+BIO_get_ktls_recv
- - BIO control operations
- 
- =head1 SYNOPSIS
-@@ -34,6 +35,9 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
-  int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
-  int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
- 
-+ int BIO_get_ktls_send(BIO *b);
-+ int BIO_get_ktls_recv(BIO *b);
-+
- =head1 DESCRIPTION
- 
- BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
-@@ -72,6 +76,11 @@ Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
- return a size_t type and are functions, BIO_pending() and BIO_wpending() are
- macros which call BIO_ctrl().
- 
-+BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for
-+sending. Otherwise, it returns zero.
-+BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for
-+receiving. Otherwise, it returns zero.
-+
- =head1 RETURN VALUES
- 
- BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
-@@ -92,6 +101,11 @@ BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
- BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
- return the amount of pending data.
- 
-+BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for
-+sending. Otherwise, it returns zero.
-+BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for
-+receiving. Otherwise, it returns zero.
-+
- =head1 NOTES
+         return 1;
+ # endif
+ # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+@@ -231,8 +307,10 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
+                EVP_CIPHER_get_key_length(c));
+         memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
+                TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
+-        if (rec_seq != NULL)
+-            *rec_seq = crypto_info->chacha20poly1305.rec_seq;
++        if (!is_tx
++                && !check_rx_read_ahead(s,
++                                        crypto_info->chacha20poly1305.rec_seq))
++            return 0;
+         return 1;
+ # endif
+     default:
+diff --git ssl/record/ssl3_record.c ssl/record/ssl3_record.c
+index d8ef018741..63caac080f 100644
+--- ssl/record/ssl3_record.c
++++ ssl/record/ssl3_record.c
+@@ -185,18 +185,23 @@ int ssl3_get_record(SSL *s)
+     int imac_size;
+     size_t num_recs = 0, max_recs, j;
+     PACKET pkt, sslv2pkt;
+-    int is_ktls_left;
++    int using_ktls;
+     SSL_MAC_BUF *macbufs = NULL;
+     int ret = -1;
  
- BIO_flush(), because it can write data may return 0 or -1 indicating
-@@ -124,6 +138,11 @@ particular a return value of 0 can be returned if an operation is not
- supported, if an error occurred, if EOF has not been reached and in
- the case of BIO_seek() on a file BIO for a successful operation.
+     rr = RECORD_LAYER_get_rrec(&s->rlayer);
+     rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+-    is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0);
+     max_recs = s->max_pipelines;
+     if (max_recs == 0)
+         max_recs = 1;
+     sess = s->session;
  
-+=head1 HISTORY
-+
-+The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in
-+OpenSSL 3.0.0.
++    /*
++     * KTLS reads full records. If there is any data left,
++     * then it is from before enabling ktls.
++     */
++    using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0;
 +
- =head1 COPYRIGHT
- 
- Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
-diff --git doc/man3/SSL_CONF_cmd.pod doc/man3/SSL_CONF_cmd.pod
-index 7f0e088687..c7cce5486b 100644
---- doc/man3/SSL_CONF_cmd.pod
-+++ doc/man3/SSL_CONF_cmd.pod
-@@ -495,6 +495,10 @@ specification. Some applications may be able to mitigate the replay risks in
- other ways and in such cases the built-in OpenSSL functionality is not required.
- Disabling anti-replay is equivalent to setting B<SSL_OP_NO_ANTI_REPLAY>.
+     do {
+         thisrr = &rr[num_recs];
  
-+B<KTLS>: Enables kernel TLS if support has been compiled in, and it is supported
-+by the negotiated ciphersuites and extensions. Equivalent to
-+B<SSL_OP_ENABLE_KTLS>.
-+
- =item B<VerifyMode>
+@@ -361,7 +366,9 @@ int ssl3_get_record(SSL *s)
+                     }
+                 }
  
- The B<value> argument is a comma separated list of flags to set.
-diff --git doc/man3/SSL_CTX_set_options.pod doc/man3/SSL_CTX_set_options.pod
-index 969e0366c4..231fe92d8e 100644
---- doc/man3/SSL_CTX_set_options.pod
-+++ doc/man3/SSL_CTX_set_options.pod
-@@ -237,6 +237,29 @@ functionality is not required. Those applications can turn this feature off by
- setting this option. This is a server-side opton only. It is ignored by
- clients.
+-                if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
++                if (SSL_IS_TLS13(s)
++                        && s->enc_read_ctx != NULL
++                        && !using_ktls) {
+                     if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                             && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
+                                 || !SSL_IS_FIRST_HANDSHAKE(s))
+@@ -391,7 +398,13 @@ int ssl3_get_record(SSL *s)
+         }
  
-+=item SSL_OP_ENABLE_KTLS
-+
-+Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must
-+have been compiled with support for it, and it must be supported by the
-+negotiated ciphersuites and extensions. The specific ciphersuites and extensions
-+that are supported may vary by platform and kernel version.
-+
-+The kernel TLS data-path implements the record layer, and the encryption
*** 3708 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202310141730.39EHUqwl090424>