bio: Linux TLS Offload

Add support for Linux TLS offload in the BIO layer and specifically in bss_sock.c. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
2025-04-29 11:14:36 +00:00 · 2017-06-01 08:46:33 +03:00 · 2017-06-01 08:46:33 +03:00 · 6ba76c4f23
commit 6ba76c4f23
parent 69495e3df5
3 changed files with 92 additions and 2 deletions
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@ -11,6 +11,7 @@
 #include <errno.h>
 #include "bio_lcl.h"
 #include "internal/cryptlib.h"
+#include "internal/ktls.h"

 #ifndef OPENSSL_NO_SOCK

@ -64,6 +65,17 @@ BIO *BIO_new_socket(int fd, int close_flag)
    if (ret == NULL)
        return NULL;
    BIO_set_fd(ret, fd, close_flag);
+# ifndef OPENSSL_NO_KTLS
+    {
+        /*
+         * The new socket is created successfully regardless of ktls_enable.
+         * ktls_enable doesn't change any functionality of the socket, except
+         * changing the setsockopt to enable the processing of ktls_start.
+         * Thus, it is not a problem to call it for non-TLS sockets.
+         */
+        ktls_enable(fd);
+    }
+# endif
    return ret;
 }

@ -108,10 +120,20 @@ static int sock_read(BIO *b, char *out, int outl)

 static int sock_write(BIO *b, const char *in, int inl)
 {
-    int ret;
+    int ret = 0;

    clear_socket_error();
-    ret = writesocket(b->num, in, inl);
+# ifndef OPENSSL_NO_KTLS
+    if (BIO_should_ktls_ctrl_msg_flag(b)) {
+        unsigned char record_type = (intptr_t)b->ptr;
+        ret = ktls_send_ctrl_message(b->num, record_type, in, inl);
+        if (ret >= 0) {
+            ret = inl;
+            BIO_clear_ktls_ctrl_msg_flag(b);
+        }
+    } else
+# endif
+        ret = writesocket(b->num, in, inl);
    BIO_clear_retry_flags(b);
    if (ret <= 0) {
        if (BIO_sock_should_retry(ret))
@ -124,6 +146,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
    long ret = 1;
    int *ip;
+# ifndef OPENSSL_NO_KTLS
+    struct tls12_crypto_info_aes_gcm_128 *crypto_info;
+# endif

    switch (cmd) {
    case BIO_C_SET_FD:
@ -151,6 +176,25 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
    case BIO_CTRL_FLUSH:
        ret = 1;
        break;
+# ifndef OPENSSL_NO_KTLS
+    case BIO_CTRL_SET_KTLS_SEND:
+        crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr;
+        ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num);
+        if (ret)
+            BIO_set_ktls_flag(b);
+        break;
+    case BIO_CTRL_GET_KTLS_SEND:
+        return BIO_should_ktls_flag(b);
+    case BIO_CTRL_SET_KTLS_SEND_CTRL_MSG:
+        BIO_set_ktls_ctrl_msg_flag(b);
+        b->ptr = (void *)num;
+        ret = 0;
+        break;
+    case BIO_CTRL_CLEAR_KTLS_CTRL_MSG:
+        BIO_clear_ktls_ctrl_msg_flag(b);
+        ret = 0;
+        break;
+# endif
    default:
        ret = 0;
        break;
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@ -7,6 +7,9 @@
 * https://www.openssl.org/source/license.html
 */

+#ifndef HEADER_INTERNAL_BIO_H
+# define HEADER_INTERNAL_BIO_H
+
 #include <openssl/bio.h>

 struct bio_method_st {
@ -31,3 +34,36 @@ void bio_cleanup(void);
 /* Old style to new style BIO_METHOD conversion functions */
 int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
 int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
+
+# define BIO_CTRL_SET_KTLS_SEND                 72
+# define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74
+# define BIO_CTRL_CLEAR_KTLS_CTRL_MSG      75
+
+/*
+ * This is used with socket BIOs:
+ * BIO_FLAGS_KTLS means we are using ktls with this BIO.
+ * BIO_FLAGS_KTLS_CTRL_MSG means we are about to send a ctrl message next.
+ */
+# define BIO_FLAGS_KTLS          0x800
+# define BIO_FLAGS_KTLS_CTRL_MSG 0x1000
+
+/* KTLS related controls and flags */
+# define BIO_set_ktls_flag(b) \
+    BIO_set_flags(b, BIO_FLAGS_KTLS)
+# define BIO_should_ktls_flag(b) \
+    BIO_test_flags(b, BIO_FLAGS_KTLS)
+# define BIO_set_ktls_ctrl_msg_flag(b) \
+    BIO_set_flags(b, BIO_FLAGS_KTLS_CTRL_MSG)
+# define BIO_should_ktls_ctrl_msg_flag(b) \
+    BIO_test_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG))
+# define BIO_clear_ktls_ctrl_msg_flag(b) \
+    BIO_clear_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG))
+
+#  define BIO_set_ktls(b, keyblob, is_tx)   \
+     BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND, is_tx, keyblob)
+#  define BIO_set_ktls_ctrl_msg(b, record_type)   \
+     BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND_CTRL_MSG, record_type, NULL)
+#  define BIO_clear_ktls_ctrl_msg(b) \
+     BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_CTRL_MSG, 0, NULL)
+
+#endif
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@ -145,6 +145,16 @@ extern "C" {

 # define BIO_CTRL_DGRAM_SET_PEEK_MODE      71

+/* internal BIO see include/internal/bio.h:
+ * # define BIO_CTRL_SET_KTLS_SEND                 72
+ * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG        74
+ * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG      75
+ */
+
+#  define BIO_CTRL_GET_KTLS_SEND                 73
+#  define BIO_get_ktls_send(b)         \
+     BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL)
+
 /* modifiers */
 # define BIO_FP_READ             0x02
 # define BIO_FP_WRITE            0x04