/* Typedef for SSL async callback */
typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
-/*
- * Some values are reserved until OpenSSL 3.0.0 because they were previously
- * included in SSL_OP_ALL in a 1.1.x release.
- */
-
/* Disable Extended master secret */
# define SSL_OP_NO_EXTENDED_MASTER_SECRET 0x00000001U
/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U
+/* Enable support for Kernel TLS */
+# define SSL_OP_ENABLE_KTLS 0x00000008U
+
# define SSL_OP_TLSEXT_PADDING 0x00000010U
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
# define SSL_OP_IGNORE_UNEXPECTED_EOF 0x00000080U
* Support Asynchronous operation
*/
# define SSL_MODE_ASYNC 0x00000100U
-/*
- * Don't use the kernel TLS data-path for sending.
- */
-# define SSL_MODE_NO_KTLS_TX 0x00000200U
+
/*
* When using DTLS/SCTP, include the terminating zero in the label
* used for computing the endpoint-pair shared secret. Required for
* - OpenSSL 1.1.1 and 1.1.1a
*/
# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U
-/*
- * Don't use the kernel TLS data-path for receiving.
- */
-# define SSL_MODE_NO_KTLS_RX 0x00000800U
/* Cert related flags */
/*
goto end;
/* ktls is used then kernel sequences are used instead of OpenSSL sequences */
- if (clientssl->mode & SSL_MODE_NO_KTLS_TX) {
+ if ((SSL_get_options(clientssl) & SSL_OP_ENABLE_KTLS) == 0) {
if (!TEST_mem_ne(crec_wseq_before, rec_seq_size,
crec_wseq_after, rec_seq_size))
goto end;
goto end;
}
- if (serverssl->mode & SSL_MODE_NO_KTLS_TX) {
+ if ((SSL_get_options(serverssl) & SSL_OP_ENABLE_KTLS) == 0) {
if (!TEST_mem_ne(srec_wseq_before, rec_seq_size,
srec_wseq_after, rec_seq_size))
goto end;
goto end;
}
- if (clientssl->mode & SSL_MODE_NO_KTLS_RX) {
+ if ((SSL_get_options(clientssl) & SSL_OP_ENABLE_KTLS) == 0
+#if defined(OPENSSL_NO_KTLS_RX)
+ || 1
+#endif
+ ) {
if (!TEST_mem_ne(crec_rseq_before, rec_seq_size,
crec_rseq_after, rec_seq_size))
goto end;
goto end;
}
- if (serverssl->mode & SSL_MODE_NO_KTLS_RX) {
+ if ((SSL_get_options(serverssl) & SSL_OP_ENABLE_KTLS) == 0
+#if defined(OPENSSL_NO_KTLS_RX)
+ || 1
+#endif
+ ) {
if (!TEST_mem_ne(srec_rseq_before, rec_seq_size,
srec_rseq_after, rec_seq_size))
goto end;
return 0;
}
-static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx,
- int sis_ktls_tx, int sis_ktls_rx,
+static int execute_test_ktls(int cis_ktls, int sis_ktls,
int tls_version, const char *cipher,
int rec_seq_size)
{
&clientssl, sfd, cfd)))
goto end;
- if (!cis_ktls_tx) {
- if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_TX)))
+ if (cis_ktls) {
+ if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS)))
goto end;
}
- if (!sis_ktls_tx) {
- if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_TX)))
- goto end;
- }
-
- if (!cis_ktls_rx) {
- if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_RX)))
- goto end;
- }
-
- if (!sis_ktls_rx) {
- if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_RX)))
+ if (sis_ktls) {
+ if (!TEST_true(SSL_set_mode(serverssl, SSL_OP_ENABLE_KTLS)))
goto end;
}
SSL_ERROR_NONE)))
goto end;
- if (!cis_ktls_tx) {
+ if (!cis_ktls) {
if (!TEST_false(BIO_get_ktls_send(clientssl->wbio)))
goto end;
} else {
goto end;
}
- if (!sis_ktls_tx) {
+ if (!sis_ktls) {
if (!TEST_false(BIO_get_ktls_send(serverssl->wbio)))
goto end;
} else {
goto end;
}
- if (!cis_ktls_rx) {
+ if (!cis_ktls
+#if defined(OPENSSL_NO_KTLS_RX)
+ || 1
+#endif
+ ) {
if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio)))
goto end;
} else {
goto end;
}
- if (!sis_ktls_rx) {
+ if (!sis_ktls
+#if defined(OPENSSL_NO_KTLS_RX)
+ || 1
+#endif
+ ) {
if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio)))
goto end;
} else {
#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
static int test_ktls(int test)
{
- int cis_ktls_tx, cis_ktls_rx, sis_ktls_tx, sis_ktls_rx;
+ int cis_ktls, sis_ktls;
int tlsver, testresult;
- if (test > 15) {
+ if (test > 3) {
#if defined(OSSL_NO_USABLE_TLS1_3)
return 1;
#else
- test -= 16;
+ test -= 4;
tlsver = TLS1_3_VERSION;
#endif
} else {
#endif
}
- cis_ktls_tx = (test & 1) != 0;
- cis_ktls_rx = (test & 2) != 0;
- sis_ktls_tx = (test & 4) != 0;
- sis_ktls_rx = (test & 8) != 0;
-
-#if defined(OPENSSL_NO_KTLS_RX)
- if (cis_ktls_rx || sis_ktls_rx)
- return 1;
-#endif
-#if !defined(OSSL_NO_USABLE_TLS1_3)
- if (tlsver == TLS1_3_VERSION && (cis_ktls_rx || sis_ktls_rx))
- return 1;
-#endif
+ cis_ktls = (test & 1) != 0;
+ sis_ktls = (test & 2) != 0;
testresult = 1;
#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
- sis_ktls_rx, tlsver, "AES128-GCM-SHA256",
+ testresult &= execute_test_ktls(cis_ktls, sis_ktls, tlsver,
+ "AES128-GCM-SHA256",
TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
#endif
#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
- sis_ktls_rx, tlsver, "AES128-CCM",
+ testresult &= execute_test_ktls(cis_ktls, sis_ktls, tlsver, "AES128-CCM",
TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
#endif
#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
- sis_ktls_rx, tlsver, "AES256-GCM-SHA384",
+ testresult &= execute_test_ktls(cis_ktls, sis_ktls, tlsver,
+ "AES256-GCM-SHA384",
TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
#endif
return testresult;
#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK)
# if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3)
- ADD_ALL_TESTS(test_ktls, 32);
+ ADD_ALL_TESTS(test_ktls, 8);
ADD_ALL_TESTS(test_ktls_sendfile_anytls, 6);
# endif
#endif