From 6ba76c4f23e4b4ddc27b9e7234c8b9c3bcff5eff Mon Sep 17 00:00:00 2001
From: Boris Pismenny <borisp@mellanox.com>
Date: Thu, 1 Jun 2017 08:46:33 +0300
Subject: [PATCH] bio: Linux TLS Offload

Add support for Linux TLS offload in the BIO layer
and specifically in bss_sock.c.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
---
 crypto/bio/bss_sock.c  | 48 ++++++++++++++++++++++++++++++++++++++++--
 include/internal/bio.h | 36 +++++++++++++++++++++++++++++++
 include/openssl/bio.h  | 10 +++++++++
 3 files changed, 92 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 0c87e18104..60e5adc04a 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -11,6 +11,7 @@
 #include <errno.h>
 #include "bio_lcl.h"
 #include "internal/cryptlib.h"
+#include "internal/ktls.h"
 
 #ifndef OPENSSL_NO_SOCK
 
@@ -64,6 +65,17 @@ BIO *BIO_new_socket(int fd, int close_flag)
     if (ret == NULL)
         return NULL;
     BIO_set_fd(ret, fd, close_flag);
+# ifndef OPENSSL_NO_KTLS
+    {
+        /*
+         * The new socket is created successfully regardless of ktls_enable.
+         * ktls_enable doesn't change any functionality of the socket, except
+         * changing the setsockopt to enable the processing of ktls_start.
+         * Thus, it is not a problem to call it for non-TLS sockets.
+         */
+        ktls_enable(fd);
+    }
+# endif
     return ret;
 }
 
@@ -108,10 +120,20 @@ static int sock_read(BIO *b, char *out, int outl)
 
 static int sock_write(BIO *b, const char *in, int inl)
 {
-    int ret;
+    int ret = 0;
 
     clear_socket_error();
-    ret = writesocket(b->num, in, inl);
+# ifndef OPENSSL_NO_KTLS
+    if (BIO_should_ktls_ctrl_msg_flag(b)) {
+        unsigned char record_type = (intptr_t)b->ptr;
+        ret = ktls_send_ctrl_message(b->num, record_type, in, inl);
+        if (ret >= 0) {
+            ret = inl;
+            BIO_clear_ktls_ctrl_msg_flag(b);
+        }
+    } else
+# endif
+        ret = writesocket(b->num, in, inl);
     BIO_clear_retry_flags(b);
     if (ret <= 0) {
         if (BIO_sock_should_retry(ret))
@@ -124,6 +146,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
     long ret = 1;
     int *ip;
+# ifndef OPENSSL_NO_KTLS
+    struct tls12_crypto_info_aes_gcm_128 *crypto_info;
+# endif
 
     switch (cmd) {
     case BIO_C_SET_FD:
@@ -151,6 +176,25 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_FLUSH:
         ret = 1;
         break;
+# ifndef OPENSSL_NO_KTLS
+    case BIO_CTRL_SET_KTLS_SEND:
+        crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr;
+        ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num);
+        if (ret)
+            BIO_set_ktls_flag(b);
+        break;
+    case BIO_CTRL_GET_KTLS_SEND:
+        return BIO_should_ktls_flag(b);
+    case BIO_CTRL_SET_KTLS_SEND_CTRL_MSG:
+        BIO_set_ktls_ctrl_msg_flag(b);
+        b->ptr = (void *)num;
+        ret = 0;
+        break;
+    case BIO_CTRL_CLEAR_KTLS_CTRL_MSG:
+        BIO_clear_ktls_ctrl_msg_flag(b);
+        ret = 0;
+        break;
+# endif
     default:
         ret = 0;
         break;
diff --git a/include/internal/bio.h b/include/internal/bio.h
index e1251f6aaf..1e80d5ac68 100644
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@@ -7,6 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+#ifndef HEADER_INTERNAL_BIO_H
+# define HEADER_INTERNAL_BIO_H
+
 #include <openssl/bio.h>
 
 struct bio_method_st {
@@ -31,3 +34,36 @@ void bio_cleanup(void);
 /* Old style to new style BIO_METHOD conversion functions */
 int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
 int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
+
+# define BIO_CTRL_SET_KTLS_SEND                 72
+# define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74
+# define BIO_CTRL_CLEAR_KTLS_CTRL_MSG      75
+
+/*
+ * This is used with socket BIOs:
+ * BIO_FLAGS_KTLS means we are using ktls with this BIO.
+ * BIO_FLAGS_KTLS_CTRL_MSG means we are about to send a ctrl message next.
+ */
+# define BIO_FLAGS_KTLS          0x800
+# define BIO_FLAGS_KTLS_CTRL_MSG 0x1000
+
+/* KTLS related controls and flags */
+# define BIO_set_ktls_flag(b) \
+    BIO_set_flags(b, BIO_FLAGS_KTLS)
+# define BIO_should_ktls_flag(b) \
+    BIO_test_flags(b, BIO_FLAGS_KTLS)
+# define BIO_set_ktls_ctrl_msg_flag(b) \
+    BIO_set_flags(b, BIO_FLAGS_KTLS_CTRL_MSG)
+# define BIO_should_ktls_ctrl_msg_flag(b) \
+    BIO_test_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG))
+# define BIO_clear_ktls_ctrl_msg_flag(b) \
+    BIO_clear_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG))
+
+#  define BIO_set_ktls(b, keyblob, is_tx)   \
+     BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND, is_tx, keyblob)
+#  define BIO_set_ktls_ctrl_msg(b, record_type)   \
+     BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND_CTRL_MSG, record_type, NULL)
+#  define BIO_clear_ktls_ctrl_msg(b) \
+     BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_CTRL_MSG, 0, NULL)
+
+#endif
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 9f118d955f..cdeacc8e0a 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -145,6 +145,16 @@ extern "C" {
 
 # define BIO_CTRL_DGRAM_SET_PEEK_MODE      71
 
+/* internal BIO see include/internal/bio.h:
+ * # define BIO_CTRL_SET_KTLS_SEND                 72
+ * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74
+ * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG      75
+ */
+
+#  define BIO_CTRL_GET_KTLS_SEND                 73
+#  define BIO_get_ktls_send(b)         \
+     BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL)
+
 /* modifiers */
 # define BIO_FP_READ             0x02
 # define BIO_FP_WRITE            0x04
-- 
2.34.1