Support for KTLS TX on FreeBSD for TLS 1.3.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)

diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index fe02a35536c112a00f515d282e5d03ccecc6a597..b681278c341b19f5522707bb0550ef9ad13ef089 100644 (file)
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -38,6 +38,7 @@
 #   endif
 #   define OPENSSL_KTLS_AES_GCM_128
 #   define OPENSSL_KTLS_AES_GCM_256
+#   define OPENSSL_KTLS_TLS13
 
 /*
  * Only used by the tests in sslapitest.c.
@@ -221,6 +222,7 @@ static ossl_inline int ktls_check_supported_cipher(const SSL *s,
     case TLS1_VERSION:
     case TLS1_1_VERSION:
     case TLS1_2_VERSION:
+    case TLS1_3_VERSION:
         break;
     default:
         return 0;
@@ -263,7 +265,10 @@ static ossl_inline int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c,
     case SSL_AES128GCM:
     case SSL_AES256GCM:
         crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
-        crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
+        if (s->version == TLS1_3_VERSION)
+            crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd);
+        else
+            crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
         break;
     case SSL_AES128:
     case SSL_AES256:

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 714ffbff41db8fa3a835609db0502799e0e28df4..829a6e9be112fc22673d41c1bb94a02b41e07a0f 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -516,10 +516,8 @@ int tls13_change_cipher_state(SSL *s, int which)
     const EVP_MD *md = NULL;
     const EVP_CIPHER *cipher = NULL;
 #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13)
-# ifndef __FreeBSD__
     ktls_crypto_info_t crypto_info;
     BIO *bio;
-# endif
 #endif
 
     if (which & SSL3_CC_READ) {
@@ -784,7 +782,6 @@ int tls13_change_cipher_state(SSL *s, int which)
         s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
 #ifndef OPENSSL_NO_KTLS
 # if defined(OPENSSL_KTLS_TLS13)
-#  ifndef __FreeBSD__
     if (!(which & SSL3_CC_WRITE) || !(which & SSL3_CC_APPLICATION)
         || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX)))
         goto skip_ktls;
@@ -822,7 +819,6 @@ int tls13_change_cipher_state(SSL *s, int which)
     /* ktls works with user provided buffers directly */
     if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE))
         ssl3_release_write_buffer(s);
-#  endif
 skip_ktls:
 # endif
 #endif