[thirdparty/openssl.git] / ssl / record / methods / ktls_meth.c

/*
 * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/evp.h>
#include <openssl/core_names.h>
#include <openssl/rand.h>
#include "../../ssl_local.h"
#include "../record_local.h"
#include "recmethod_local.h"
#include "internal/ktls.h"

#if defined(__FreeBSD__)
# include "crypto/cryptodev.h"

/*
 * TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher
 * but using an SSL object instead of an OSSL_RECORD_LAYER object. Once
 * everything has been moved to the reocrd layer this can be deleted
 */
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
                                const EVP_MD *md, size_t taglen)
{

    switch (s->version) {
    case TLS1_VERSION:
    case TLS1_1_VERSION:
    case TLS1_2_VERSION:
    case TLS1_3_VERSION:
        break;
    default:
        return 0;
    }

    if (EVP_CIPHER_is_a(c, "AES-128-GCM")
        || EVP_CIPHER_is_a(c, "AES-256-GCM")
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
        || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
# endif
       )
       return 1;

    if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
            && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
        return 0;

    if (s->ext.use_etm)
        return 0;

    if (md == NULL
            || EVP_MD_is_a(md, "SHA1")
            || EVP_MD_is_a(md, "SHA2-256")
            || EVP_MD_is_a(md, "SHA2-384"))
        return 1;

    return 0;
}

/*-
 * Check if a given cipher is supported by the KTLS interface.
 * The kernel might still fail the setsockopt() if no suitable
 * provider is found, but this checks if the socket option
 * supports the cipher suite used at all.
 */
static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
                                           const EVP_CIPHER *c,
                                           const EVP_MD *md,
                                           size_t taglen)
{
    switch (rl->version) {
    case TLS1_VERSION:
    case TLS1_1_VERSION:
    case TLS1_2_VERSION:
    case TLS1_3_VERSION:
        break;
    default:
        return 0;
    }

    if (EVP_CIPHER_is_a(c, "AES-128-GCM")
        || EVP_CIPHER_is_a(c, "AES-256-GCM")
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
        || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
# endif
       )
       return 1;

    if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
            && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
        return 0;

    if (rl->use_etm)
        return 0;

    if (md == NULL
            || EVP_MD_is_a(md, "SHA1")
            || EVP_MD_is_a(md, "SHA2-256")
            || EVP_MD_is_a(md, "SHA2-384"))
        return 1;

    return 0;
}

/* Function to configure kernel TLS structure */
int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
                          EVP_MD *md, void *rl_sequence,
                          ktls_crypto_info_t *crypto_info, int is_tx,
                          unsigned char *iv, size_t ivlen,
                          unsigned char *key, size_t keylen,
                          unsigned char *mac_key, size_t mac_secret_size)
{
    memset(crypto_info, 0, sizeof(*crypto_info));
    if (EVP_CIPHER_is_a(c, "AES-128-GCM")
            || EVP_CIPHER_is_a(c, "AES-256-GCM")) {
        crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
        crypto_info->iv_len = ivlen;
    } else
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
    if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) {
        crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
        crypto_info->iv_len = ivlen;
    } else
# endif
    if (EVP_CIPHER_is_a(c, "AES-128-CBC") || EVP_CIPHER_is_a(c, "AES-256-CBC")) {
        if (EVP_MD_is_a(md, "SHA1"))
            crypto_info->auth_algorithm = CRYPTO_SHA1_HMAC;
        else if (EVP_MD_is_a(md, "SHA2-256")) {
            crypto_info->auth_algorithm = CRYPTO_SHA2_256_HMAC;
        else if (EVP_MD_is_a(md, "SHA2-384"))
            crypto_info->auth_algorithm = CRYPTO_SHA2_384_HMAC;
        else
            return 0;
        crypto_info->cipher_algorithm = CRYPTO_AES_CBC;
        crypto_info->iv_len = ivlen;
        crypto_info->auth_key = mac_key;
        crypto_info->auth_key_len = mac_secret_size;
    } else {
        return 0;
    }
    crypto_info->cipher_key = key;
    crypto_info->cipher_key_len = keylen;
    crypto_info->iv = iv;
    crypto_info->tls_vmajor = (version >> 8) & 0x000000ff;
    crypto_info->tls_vminor = (version & 0x000000ff);
# ifdef TCP_RXTLS_ENABLE
    memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
# else
    if (!is_tx)
        return 0;
# endif
    return 1;
};

#endif                         /* __FreeBSD__ */

#if defined(OPENSSL_SYS_LINUX)

/*
 * TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher
 * but using an SSL object instead of an OSSL_RECORD_LAYER object. Once
 * everything has been moved to the reocrd layer this can be deleted
 */
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
                                const EVP_MD *md, size_t taglen)
{
    switch (s->version) {
    case TLS1_2_VERSION:
    case TLS1_3_VERSION:
        break;
    default:
        return 0;
    }

    /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
     * or Chacha20-Poly1305
     */
# ifdef OPENSSL_KTLS_AES_CCM_128
    if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
        if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */
            || taglen != EVP_CCM_TLS_TAG_LEN)
            return 0;
        return 1;
    } else
# endif
    if (0
# ifdef OPENSSL_KTLS_AES_GCM_128
        || EVP_CIPHER_is_a(c, "AES-128-GCM")
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
        || EVP_CIPHER_is_a(c, "AES-256-GCM")
# endif
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
        || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
# endif
        ) {
        return 1;
    }
    return 0;
}

/* Function to check supported ciphers in Linux */
static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
                                           const EVP_CIPHER *c,
                                           const EVP_MD *md,
                                           size_t taglen)
{
    switch (rl->version) {
    case TLS1_2_VERSION:
    case TLS1_3_VERSION:
        break;
    default:
        return 0;
    }

    /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
     * or Chacha20-Poly1305
     */
# ifdef OPENSSL_KTLS_AES_CCM_128
    if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
        if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */
            || taglen != EVP_CCM_TLS_TAG_LEN)
            return 0;
        return 1;
    } else
# endif
    if (0
# ifdef OPENSSL_KTLS_AES_GCM_128
        || EVP_CIPHER_is_a(c, "AES-128-GCM")
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
        || EVP_CIPHER_is_a(c, "AES-256-GCM")
# endif
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
        || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
# endif
        ) {
        return 1;
    }
    return 0;
}

/* Function to configure kernel TLS structure */
int ktls_configure_crypto(OSSL_LIB_CTX *libctx, int version, const EVP_CIPHER *c,
                          const EVP_MD *md, void *rl_sequence,
                          ktls_crypto_info_t *crypto_info, int is_tx,
                          unsigned char *iv, size_t ivlen,
                          unsigned char *key, size_t keylen,
                          unsigned char *mac_key, size_t mac_secret_size)
{
    unsigned char geniv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
    unsigned char *eiv = NULL;

# ifdef OPENSSL_NO_KTLS_RX
    if (!is_tx)
        return 0;
# endif

    if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE
            || EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
        if (!ossl_assert(EVP_GCM_TLS_FIXED_IV_LEN == EVP_CCM_TLS_FIXED_IV_LEN)
                || !ossl_assert(EVP_GCM_TLS_EXPLICIT_IV_LEN
                                == EVP_CCM_TLS_EXPLICIT_IV_LEN))
            return 0;
        if (version == TLS1_2_VERSION) {
            if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN))
                return 0;
            if (is_tx) {
                if (RAND_bytes_ex(libctx, geniv,
                                EVP_GCM_TLS_EXPLICIT_IV_LEN, 0) <= 0)
                    return 0;
            } else {
                memset(geniv, 0, EVP_GCM_TLS_EXPLICIT_IV_LEN);
            }
            eiv = geniv;
        } else {
            if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN
                                      + EVP_GCM_TLS_EXPLICIT_IV_LEN))
                return 0;
            eiv = iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE;
        }
    }

    memset(crypto_info, 0, sizeof(*crypto_info));
    switch (EVP_CIPHER_get_nid(c))
    {
# ifdef OPENSSL_KTLS_AES_GCM_128
    case NID_aes_128_gcm:
        if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE == EVP_GCM_TLS_FIXED_IV_LEN)
                || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE == EVP_GCM_TLS_EXPLICIT_IV_LEN))
            return 0;
        crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
        crypto_info->gcm128.info.version = version;
        crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
        memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
        memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
        memcpy(crypto_info->gcm128.key, key, keylen);
        memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
               TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
        return 1;
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
    case NID_aes_256_gcm:
        if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE == EVP_GCM_TLS_FIXED_IV_LEN)
                || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE == EVP_GCM_TLS_EXPLICIT_IV_LEN))
            return 0;
        crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256;
        crypto_info->gcm256.info.version = version;
        crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
        memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
        memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
        memcpy(crypto_info->gcm256.key, key, keylen);
        memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
               TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);

        return 1;
# endif
# ifdef OPENSSL_KTLS_AES_CCM_128
    case NID_aes_128_ccm:
        if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE == EVP_CCM_TLS_FIXED_IV_LEN)
                || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE == EVP_CCM_TLS_EXPLICIT_IV_LEN))
            return 0;
        crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128;
        crypto_info->ccm128.info.version = version;
        crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
        memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
        memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
        memcpy(crypto_info->ccm128.key, key, keylen);
        memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
               TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
        return 1;
# endif
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
    case NID_chacha20_poly1305:
        if (!ossl_assert(ivlen == TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE))
            return 0;
        crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305;
        crypto_info->chacha20poly1305.info.version = version;
        crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
        memcpy(crypto_info->chacha20poly1305.iv, iv, ivlen);
        memcpy(crypto_info->chacha20poly1305.key, key, keylen);
        memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
               TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
        return 1;
# endif
    default:
        return 0;
    }

}

#endif /* OPENSSL_SYS_LINUX */

/* TODO(RECLAYER): Handle OPENSSL_NO_COMP */
static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
                                 unsigned char *key, size_t keylen,
                                 unsigned char *iv, size_t ivlen,
                                 unsigned char *mackey, size_t mackeylen,
                                 const EVP_CIPHER *ciph,
                                 size_t taglen,
                                 /* TODO(RECLAYER): This probably should not be an int */
                                 int mactype,
                                 const EVP_MD *md,
                                 const SSL_COMP *comp)
{
    ktls_crypto_info_t crypto_info;

    /*
     * Check if we are suitable for KTLS. If not suitable we return
     * OSSL_RECORD_RETURN_NON_FATAL_ERR so that other record layers can be tried
     * instead
     */

    if (comp != NULL)
        return OSSL_RECORD_RETURN_NON_FATAL_ERR;

    /* ktls supports only the maximum fragment size */
    if (rl->max_frag_len > 0 && rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH)
        return OSSL_RECORD_RETURN_NON_FATAL_ERR;
#if 0
    /*
     * TODO(RECLAYER): We will need to reintroduce the check of the send
     * fragment for KTLS once we do the record write side implementation
     */
    if (ssl_get_max_send_fragment(s) != SSL3_RT_MAX_PLAIN_LENGTH)
        return OSSL_RECORD_RETURN_NON_FATAL_ERR;
#endif

    /* check that cipher is supported */
    if (!ktls_int_check_supported_cipher(rl, ciph, md, taglen))
        return OSSL_RECORD_RETURN_NON_FATAL_ERR;

    /*
     * TODO(RECLAYER): For the write side we need to add a check for
     * use of s->record_padding_cb
     */

    /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */
    if (rl->direction == OSSL_RECORD_DIRECTION_WRITE) {
       if (BIO_flush(rl->bio) <= 0)
           return OSSL_RECORD_RETURN_NON_FATAL_ERR;
    }

    if (!ktls_configure_crypto(rl->libctx, rl->version, ciph, md, rl->sequence,
                               &crypto_info,
                               rl->direction == OSSL_RECORD_DIRECTION_WRITE,
                               iv, ivlen, key, keylen, mackey, mackeylen))
       return OSSL_RECORD_RETURN_NON_FATAL_ERR;

    if (!BIO_set_ktls(rl->bio, &crypto_info, rl->direction))
        return OSSL_RECORD_RETURN_NON_FATAL_ERR;

    return OSSL_RECORD_RETURN_SUCCESS;
}

static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
                       int clearold, size_t *readbytes)
{
    int ret;

    ret = tls_default_read_n(rl, n, max, extend, clearold, readbytes);

    if (ret < OSSL_RECORD_RETURN_RETRY) {
        switch (errno) {
        case EBADMSG:
            RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
                        SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
            break;
        case EMSGSIZE:
            RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
                        SSL_R_PACKET_LENGTH_TOO_LONG);
            break;
        case EINVAL:
            RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
                        SSL_R_WRONG_VERSION_NUMBER);
            break;
        default:
            break;
        }
    }

    return ret;
}

static int ktls_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *inrecs, size_t n_recs,
                       int sending, SSL_MAC_BUF *mac, size_t macsize)
{
    return 1;
}

static int ktls_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
{
    if (rec->rec_version != TLS1_2_VERSION) {
        RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_WRONG_VERSION_NUMBER);
        return 0;
    }

    return 1;
}

static int ktls_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
{
    if (rl->version == TLS1_3_VERSION)
        return tls13_common_post_process_record(rl, rec);

    return 1;
}

static struct record_functions_st ossl_ktls_funcs = {
    ktls_set_crypto_state,
    ktls_read_n,
    tls_get_more_records,
    ktls_cipher,
    NULL,
    tls_default_set_protocol_version,
    ktls_validate_record_header,
    ktls_post_process_record
};

static int
ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                      int role, int direction, int level, unsigned int epoch,
                      unsigned char *key, size_t keylen, unsigned char *iv,
                      size_t ivlen, unsigned char *mackey, size_t mackeylen,
                      const EVP_CIPHER *ciph, size_t taglen,
                      /* TODO(RECLAYER): This probably should not be an int */
                      int mactype,
                      const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
                      BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                      const OSSL_PARAM *settings, const OSSL_PARAM *options,
                      const OSSL_DISPATCH *fns, void *cbarg,
                      OSSL_RECORD_LAYER **retrl)
{
    int ret;

    ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
                                   key, keylen, iv, ivlen, mackey, mackeylen,
                                   ciph, taglen, mactype, md, comp, prev,
                                   transport, next, local, peer, settings,
                                   options, fns, cbarg, retrl);

    if (ret != OSSL_RECORD_RETURN_SUCCESS)
        return ret;

    (*retrl)->funcs = &ossl_ktls_funcs;

    ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
                                            ivlen, mackey, mackeylen, ciph,
                                            taglen, mactype, md, comp);

    if (ret != OSSL_RECORD_RETURN_SUCCESS) {
        OPENSSL_free(*retrl);
        *retrl = NULL;
    } else {
        /*
         * With KTLS we always try and read as much as possible and fill the
         * buffer
         */
        (*retrl)->read_ahead = 1;
    }
    return ret;
}

const OSSL_RECORD_METHOD ossl_ktls_record_method = {
    ktls_new_record_layer,
    tls_free,
    tls_reset,
    tls_unprocessed_read_pending,
    tls_processed_read_pending,
    tls_app_data_pending,
    tls_write_pending,
    tls_get_max_record_len,
    tls_get_max_records,
    tls_write_records,
    tls_retry_write_records,
    tls_read_record,
    tls_release_record,
    tls_get_alert_code,
    tls_set1_bio,
    tls_set_protocol_version,
    tls_set_plain_alerts,
    tls_set_first_handshake,
    tls_set_max_pipelines,
    NULL
};
Commit	Line	Data
cc110a0a	1	/*
5b24990b	2	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
cc110a0a MC	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/evp.h>
	11	#include <openssl/core_names.h>
5b24990b	12	#include <openssl/rand.h>
cc110a0a MC	13	#include "../../ssl_local.h"
	14	#include "../record_local.h"
	15	#include "recmethod_local.h"
5b24990b MC	16	#include "internal/ktls.h"
5b24990b MC	17
5b24990b MC	18	#if defined(__FreeBSD__)
	19	# include "crypto/cryptodev.h"
	20
7f2f0ac7 MC	21	/*
	22	* TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher
	23	* but using an SSL object instead of an OSSL_RECORD_LAYER object. Once
	24	* everything has been moved to the reocrd layer this can be deleted
5b24990b MC	25	*/
5b24990b MC	26	int ktls_check_supported_cipher(const SSL_CONNECTION s, const EVP_CIPHER c,
7f2f0ac7	27	const EVP_MD *md, size_t taglen)
5b24990b MC	28	{
	29
	30	switch (s->version) {
	31	case TLS1_VERSION:
	32	case TLS1_1_VERSION:
	33	case TLS1_2_VERSION:
	34	case TLS1_3_VERSION:
	35	break;
	36	default:
	37	return 0;
	38	}
	39
7f2f0ac7 MC	40	if (EVP_CIPHER_is_a(c, "AES-128-GCM")
7f2f0ac7 MC	41	\|\| EVP_CIPHER_is_a(c, "AES-256-GCM")
5b24990b	42	# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
7f2f0ac7	43	\|\| EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
5b24990b	44	# endif
7f2f0ac7 MC	45	)
	46	return 1;
	47
	48	if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
	49	&& !EVP_CIPHER_is_a(c, "AES-256-CBC"))
	50	return 0;
	51
	52	if (s->ext.use_etm)
	53	return 0;
	54
	55	if (md == NULL
	56	\|\| EVP_MD_is_a(md, "SHA1")
	57	\|\| EVP_MD_is_a(md, "SHA2-256")
	58	\|\| EVP_MD_is_a(md, "SHA2-384"))
	59	return 1;
	60
	61	return 0;
	62	}
	63
	64	/*-
	65	* Check if a given cipher is supported by the KTLS interface.
	66	* The kernel might still fail the setsockopt() if no suitable
	67	* provider is found, but this checks if the socket option
	68	* supports the cipher suite used at all.
	69	*/
	70	static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
	71	const EVP_CIPHER *c,
	72	const EVP_MD *md,
	73	size_t taglen)
	74	{
	75	switch (rl->version) {
	76	case TLS1_VERSION:
	77	case TLS1_1_VERSION:
	78	case TLS1_2_VERSION:
	79	case TLS1_3_VERSION:
	80	break;
5b24990b MC	81	default:
	82	return 0;
	83	}
7f2f0ac7 MC	84
	85	if (EVP_CIPHER_is_a(c, "AES-128-GCM")
	86	\|\| EVP_CIPHER_is_a(c, "AES-256-GCM")
	87	# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
	88	\|\| EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
	89	# endif
	90	)
	91	return 1;
	92
	93	if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
	94	&& !EVP_CIPHER_is_a(c, "AES-256-CBC"))
	95	return 0;
	96
	97	if (rl->use_etm)
	98	return 0;
	99
	100	if (md == NULL
	101	\|\| EVP_MD_is_a(md, "SHA1")
	102	\|\| EVP_MD_is_a(md, "SHA2-256")
	103	\|\| EVP_MD_is_a(md, "SHA2-384"))
	104	return 1;
	105
	106	return 0;
5b24990b MC	107	}
	108
	109	/* Function to configure kernel TLS structure */
8124ab56 MC	110	int ktls_configure_crypto(OSSL_LIB_CTX libctx, int version, const EVP_CIPHER c,
	111	EVP_MD md, void rl_sequence,
	112	ktls_crypto_info_t *crypto_info, int is_tx,
	113	unsigned char *iv, size_t ivlen,
5b24990b MC	114	unsigned char *key, size_t keylen,
	115	unsigned char *mac_key, size_t mac_secret_size)
	116	{
	117	memset(crypto_info, 0, sizeof(*crypto_info));
8124ab56 MC	118	if (EVP_CIPHER_is_a(c, "AES-128-GCM")
8124ab56 MC	119	\|\| EVP_CIPHER_is_a(c, "AES-256-GCM")) {
5b24990b MC	120	crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
5b24990b MC	121	crypto_info->iv_len = ivlen;
8124ab56	122	} else
5b24990b	123	# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
8124ab56	124	if (EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")) {
5b24990b MC	125	crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
5b24990b MC	126	crypto_info->iv_len = ivlen;
8124ab56	127	} else
5b24990b	128	# endif
8124ab56 MC	129	if (EVP_CIPHER_is_a(c, "AES-128-CBC") \|\| EVP_CIPHER_is_a(c, "AES-256-CBC")) {
8124ab56 MC	130	if (EVP_MD_is_a(md, "SHA1"))
5b24990b	131	crypto_info->auth_algorithm = CRYPTO_SHA1_HMAC;
8124ab56	132	else if (EVP_MD_is_a(md, "SHA2-256")) {
5b24990b	133	crypto_info->auth_algorithm = CRYPTO_SHA2_256_HMAC;
8124ab56	134	else if (EVP_MD_is_a(md, "SHA2-384"))
5b24990b	135	crypto_info->auth_algorithm = CRYPTO_SHA2_384_HMAC;
8124ab56	136	else
5b24990b	137	return 0;
5b24990b MC	138	crypto_info->cipher_algorithm = CRYPTO_AES_CBC;
	139	crypto_info->iv_len = ivlen;
	140	crypto_info->auth_key = mac_key;
	141	crypto_info->auth_key_len = mac_secret_size;
8124ab56	142	} else {
5b24990b MC	143	return 0;
	144	}
	145	crypto_info->cipher_key = key;
	146	crypto_info->cipher_key_len = keylen;
	147	crypto_info->iv = iv;
8124ab56 MC	148	crypto_info->tls_vmajor = (version >> 8) & 0x000000ff;
8124ab56 MC	149	crypto_info->tls_vminor = (version & 0x000000ff);
5b24990b MC	150	# ifdef TCP_RXTLS_ENABLE
5b24990b MC	151	memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq));
5b24990b MC	152	# else
	153	if (!is_tx)
	154	return 0;
	155	# endif
	156	return 1;
	157	};
	158
	159	#endif /* __FreeBSD__ */
	160
	161	#if defined(OPENSSL_SYS_LINUX)
	162
7f2f0ac7 MC	163	/*
	164	* TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher
	165	* but using an SSL object instead of an OSSL_RECORD_LAYER object. Once
	166	* everything has been moved to the reocrd layer this can be deleted
	167	*/
5b24990b	168	int ktls_check_supported_cipher(const SSL_CONNECTION s, const EVP_CIPHER c,
7f2f0ac7	169	const EVP_MD *md, size_t taglen)
5b24990b MC	170	{
	171	switch (s->version) {
	172	case TLS1_2_VERSION:
	173	case TLS1_3_VERSION:
	174	break;
	175	default:
	176	return 0;
	177	}
	178
	179	/* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
	180	* or Chacha20-Poly1305
	181	*/
	182	# ifdef OPENSSL_KTLS_AES_CCM_128
	183	if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
	184	if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */
	185	\|\| taglen != EVP_CCM_TLS_TAG_LEN)
	186	return 0;
	187	return 1;
	188	} else
	189	# endif
	190	if (0
	191	# ifdef OPENSSL_KTLS_AES_GCM_128
	192	\|\| EVP_CIPHER_is_a(c, "AES-128-GCM")
	193	# endif
	194	# ifdef OPENSSL_KTLS_AES_GCM_256
	195	\|\| EVP_CIPHER_is_a(c, "AES-256-GCM")
	196	# endif
	197	# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
	198	\|\| EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
	199	# endif
	200	) {
	201	return 1;
	202	}
	203	return 0;
	204	}
	205
7f2f0ac7 MC	206	/* Function to check supported ciphers in Linux */
	207	static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
	208	const EVP_CIPHER *c,
	209	const EVP_MD *md,
	210	size_t taglen)
	211	{
	212	switch (rl->version) {
	213	case TLS1_2_VERSION:
	214	case TLS1_3_VERSION:
	215	break;
	216	default:
	217	return 0;
	218	}
	219
	220	/* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
	221	* or Chacha20-Poly1305
	222	*/
	223	# ifdef OPENSSL_KTLS_AES_CCM_128
	224	if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
	225	if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */
	226	\|\| taglen != EVP_CCM_TLS_TAG_LEN)
	227	return 0;
	228	return 1;
	229	} else
	230	# endif
	231	if (0
	232	# ifdef OPENSSL_KTLS_AES_GCM_128
	233	\|\| EVP_CIPHER_is_a(c, "AES-128-GCM")
	234	# endif
	235	# ifdef OPENSSL_KTLS_AES_GCM_256
	236	\|\| EVP_CIPHER_is_a(c, "AES-256-GCM")
	237	# endif
	238	# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
	239	\|\| EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
	240	# endif
	241	) {
	242	return 1;
	243	}
	244	return 0;
	245	}
	246
5b24990b	247	/* Function to configure kernel TLS structure */
8124ab56 MC	248	int ktls_configure_crypto(OSSL_LIB_CTX libctx, int version, const EVP_CIPHER c,
	249	const EVP_MD md, void rl_sequence,
	250	ktls_crypto_info_t *crypto_info, int is_tx,
	251	unsigned char *iv, size_t ivlen,
5b24990b MC	252	unsigned char *key, size_t keylen,
	253	unsigned char *mac_key, size_t mac_secret_size)
	254	{
	255	unsigned char geniv[EVP_GCM_TLS_EXPLICIT_IV_LEN];
	256	unsigned char *eiv = NULL;
5b24990b MC	257
	258	# ifdef OPENSSL_NO_KTLS_RX
	259	if (!is_tx)
	260	return 0;
	261	# endif
	262
	263	if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE
	264	\|\| EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
	265	if (!ossl_assert(EVP_GCM_TLS_FIXED_IV_LEN == EVP_CCM_TLS_FIXED_IV_LEN)
	266	\|\| !ossl_assert(EVP_GCM_TLS_EXPLICIT_IV_LEN
	267	== EVP_CCM_TLS_EXPLICIT_IV_LEN))
	268	return 0;
8124ab56	269	if (version == TLS1_2_VERSION) {
5b24990b MC	270	if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN))
	271	return 0;
	272	if (is_tx) {
8124ab56	273	if (RAND_bytes_ex(libctx, geniv,
5b24990b MC	274	EVP_GCM_TLS_EXPLICIT_IV_LEN, 0) <= 0)
	275	return 0;
	276	} else {
	277	memset(geniv, 0, EVP_GCM_TLS_EXPLICIT_IV_LEN);
	278	}
	279	eiv = geniv;
	280	} else {
	281	if (!ossl_assert(ivlen == EVP_GCM_TLS_FIXED_IV_LEN
	282	+ EVP_GCM_TLS_EXPLICIT_IV_LEN))
	283	return 0;
	284	eiv = iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE;
	285	}
	286	}
	287
	288	memset(crypto_info, 0, sizeof(*crypto_info));
	289	switch (EVP_CIPHER_get_nid(c))
	290	{
	291	# ifdef OPENSSL_KTLS_AES_GCM_128
	292	case NID_aes_128_gcm:
	293	if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE == EVP_GCM_TLS_FIXED_IV_LEN)
	294	\|\| !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE == EVP_GCM_TLS_EXPLICIT_IV_LEN))
	295	return 0;
	296	crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
8124ab56	297	crypto_info->gcm128.info.version = version;
5b24990b MC	298	crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
	299	memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
	300	memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
	301	memcpy(crypto_info->gcm128.key, key, keylen);
	302	memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
	303	TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
5b24990b MC	304	return 1;
	305	# endif
	306	# ifdef OPENSSL_KTLS_AES_GCM_256
	307	case NID_aes_256_gcm:
	308	if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE == EVP_GCM_TLS_FIXED_IV_LEN)
	309	\|\| !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE == EVP_GCM_TLS_EXPLICIT_IV_LEN))
	310	return 0;
	311	crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256;
8124ab56	312	crypto_info->gcm256.info.version = version;
5b24990b MC	313	crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
	314	memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
	315	memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
	316	memcpy(crypto_info->gcm256.key, key, keylen);
	317	memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
	318	TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
5b24990b MC	319
	320	return 1;
	321	# endif
	322	# ifdef OPENSSL_KTLS_AES_CCM_128
	323	case NID_aes_128_ccm:
	324	if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE == EVP_CCM_TLS_FIXED_IV_LEN)
	325	\|\| !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE == EVP_CCM_TLS_EXPLICIT_IV_LEN))
	326	return 0;
	327	crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128;
8124ab56	328	crypto_info->ccm128.info.version = version;
5b24990b MC	329	crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
	330	memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
	331	memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
	332	memcpy(crypto_info->ccm128.key, key, keylen);
	333	memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
	334	TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
5b24990b MC	335	return 1;
	336	# endif
	337	# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
	338	case NID_chacha20_poly1305:
	339	if (!ossl_assert(ivlen == TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE))
	340	return 0;
	341	crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305;
8124ab56	342	crypto_info->chacha20poly1305.info.version = version;
5b24990b MC	343	crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
	344	memcpy(crypto_info->chacha20poly1305.iv, iv, ivlen);
	345	memcpy(crypto_info->chacha20poly1305.key, key, keylen);
	346	memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
	347	TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
5b24990b MC	348	return 1;
	349	# endif
	350	default:
	351	return 0;
	352	}
	353
	354	}
	355
	356	#endif /* OPENSSL_SYS_LINUX */
cc110a0a MC	357
	358	/* TODO(RECLAYER): Handle OPENSSL_NO_COMP */
	359	static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
	360	unsigned char *key, size_t keylen,
	361	unsigned char *iv, size_t ivlen,
	362	unsigned char *mackey, size_t mackeylen,
	363	const EVP_CIPHER *ciph,
	364	size_t taglen,
	365	/* TODO(RECLAYER): This probably should not be an int */
	366	int mactype,
	367	const EVP_MD *md,
8124ab56	368	const SSL_COMP *comp)
cc110a0a	369	{
cc110a0a MC	370	ktls_crypto_info_t crypto_info;
cc110a0a MC	371
7c293999 MC	372	/*
	373	* Check if we are suitable for KTLS. If not suitable we return
	374	* OSSL_RECORD_RETURN_NON_FATAL_ERR so that other record layers can be tried
	375	* instead
	376	*/
cc110a0a MC	377
cc110a0a MC	378	if (comp != NULL)
7c293999	379	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
cc110a0a MC	380
cc110a0a MC	381	/* ktls supports only the maximum fragment size */
ffbd6e67 MC	382	if (rl->max_frag_len > 0 && rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH)
	383	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
	384	#if 0
	385	/*
	386	* TODO(RECLAYER): We will need to reintroduce the check of the send
	387	* fragment for KTLS once we do the record write side implementation
	388	*/
cc110a0a	389	if (ssl_get_max_send_fragment(s) != SSL3_RT_MAX_PLAIN_LENGTH)
7c293999	390	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
ffbd6e67	391	#endif
cc110a0a MC	392
cc110a0a MC	393	/* check that cipher is supported */
7f2f0ac7	394	if (!ktls_int_check_supported_cipher(rl, ciph, md, taglen))
7c293999	395	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
cc110a0a MC	396
	397	/*
	398	* TODO(RECLAYER): For the write side we need to add a check for
	399	* use of s->record_padding_cb
	400	*/
	401
	402	/* All future data will get encrypted by ktls. Flush the BIO or skip ktls */
	403	if (rl->direction == OSSL_RECORD_DIRECTION_WRITE) {
	404	if (BIO_flush(rl->bio) <= 0)
7c293999	405	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
cc110a0a MC	406	}
cc110a0a MC	407
8124ab56 MC	408	if (!ktls_configure_crypto(rl->libctx, rl->version, ciph, md, rl->sequence,
8124ab56 MC	409	&crypto_info,
cc110a0a MC	410	rl->direction == OSSL_RECORD_DIRECTION_WRITE,
cc110a0a MC	411	iv, ivlen, key, keylen, mackey, mackeylen))
7c293999	412	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
cc110a0a MC	413
cc110a0a MC	414	if (!BIO_set_ktls(rl->bio, &crypto_info, rl->direction))
7c293999	415	return OSSL_RECORD_RETURN_NON_FATAL_ERR;
cc110a0a	416
7c293999	417	return OSSL_RECORD_RETURN_SUCCESS;
cc110a0a MC	418	}
cc110a0a MC	419
1853d20a MC	420	static int ktls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
	421	int clearold, size_t *readbytes)
	422	{
	423	int ret;
	424
	425	ret = tls_default_read_n(rl, n, max, extend, clearold, readbytes);
	426
	427	if (ret < OSSL_RECORD_RETURN_RETRY) {
	428	switch (errno) {
	429	case EBADMSG:
	430	RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
	431	SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
	432	break;
	433	case EMSGSIZE:
	434	RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
	435	SSL_R_PACKET_LENGTH_TOO_LONG);
	436	break;
	437	case EINVAL:
	438	RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
	439	SSL_R_WRONG_VERSION_NUMBER);
	440	break;
	441	default:
	442	break;
	443	}
	444	}
	445
	446	return ret;
	447	}
	448
cc110a0a	449	static int ktls_cipher(OSSL_RECORD_LAYER rl, SSL3_RECORD inrecs, size_t n_recs,
8124ab56	450	int sending, SSL_MAC_BUF *mac, size_t macsize)
cc110a0a MC	451	{
	452	return 1;
	453	}
	454
1853d20a MC	455	static int ktls_validate_record_header(OSSL_RECORD_LAYER rl, SSL3_RECORD rec)
	456	{
	457	if (rec->rec_version != TLS1_2_VERSION) {
	458	RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_WRONG_VERSION_NUMBER);
	459	return 0;
	460	}
	461
	462	return 1;
	463	}
	464
8124ab56	465	static int ktls_post_process_record(OSSL_RECORD_LAYER rl, SSL3_RECORD rec)
1853d20a MC	466	{
1853d20a MC	467	if (rl->version == TLS1_3_VERSION)
8124ab56	468	return tls13_common_post_process_record(rl, rec);
1853d20a MC	469
	470	return 1;
	471	}
	472
	473	static struct record_functions_st ossl_ktls_funcs = {
cc110a0a	474	ktls_set_crypto_state,
1853d20a	475	ktls_read_n,
eddb067e	476	tls_get_more_records,
cc110a0a	477	ktls_cipher,
1853d20a MC	478	NULL,
	479	tls_default_set_protocol_version,
	480	ktls_validate_record_header,
	481	ktls_post_process_record
	482	};
	483
	484	static int
	485	ktls_new_record_layer(OSSL_LIB_CTX libctx, const char propq, int vers,
222cf410 MC	486	int role, int direction, int level, unsigned int epoch,
	487	unsigned char key, size_t keylen, unsigned char iv,
	488	size_t ivlen, unsigned char *mackey, size_t mackeylen,
1853d20a MC	489	const EVP_CIPHER *ciph, size_t taglen,
	490	/* TODO(RECLAYER): This probably should not be an int */
	491	int mactype,
359affde MC	492	const EVP_MD md, const SSL_COMP comp, BIO *prev,
359affde MC	493	BIO transport, BIO next, BIO_ADDR local, BIO_ADDR peer,
1853d20a	494	const OSSL_PARAM settings, const OSSL_PARAM options,
9dd90232	495	const OSSL_DISPATCH fns, void cbarg,
8124ab56	496	OSSL_RECORD_LAYER **retrl)
1853d20a MC	497	{
	498	int ret;
	499
	500	ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
	501	key, keylen, iv, ivlen, mackey, mackeylen,
359affde MC	502	ciph, taglen, mactype, md, comp, prev,
359affde MC	503	transport, next, local, peer, settings,
8124ab56	504	options, fns, cbarg, retrl);
1853d20a MC	505
	506	if (ret != OSSL_RECORD_RETURN_SUCCESS)
	507	return ret;
	508
	509	(*retrl)->funcs = &ossl_ktls_funcs;
	510
	511	ret = (retrl)->funcs->set_crypto_state(retrl, level, key, keylen, iv,
	512	ivlen, mackey, mackeylen, ciph,
8124ab56	513	taglen, mactype, md, comp);
1853d20a MC	514
	515	if (ret != OSSL_RECORD_RETURN_SUCCESS) {
	516	OPENSSL_free(*retrl);
	517	*retrl = NULL;
	518	} else {
	519	/*
	520	* With KTLS we always try and read as much as possible and fill the
	521	* buffer
	522	*/
	523	(*retrl)->read_ahead = 1;
	524	}
	525	return ret;
	526	}
	527
	528	const OSSL_RECORD_METHOD ossl_ktls_record_method = {
	529	ktls_new_record_layer,
	530	tls_free,
	531	tls_reset,
	532	tls_unprocessed_read_pending,
	533	tls_processed_read_pending,
	534	tls_app_data_pending,
	535	tls_write_pending,
	536	tls_get_max_record_len,
	537	tls_get_max_records,
	538	tls_write_records,
	539	tls_retry_write_records,
	540	tls_read_record,
	541	tls_release_record,
	542	tls_get_alert_code,
	543	tls_set1_bio,
	544	tls_set_protocol_version,
	545	tls_set_plain_alerts,
	546	tls_set_first_handshake,
8124ab56	547	tls_set_max_pipelines,
81c9ebd9	548	NULL
cc110a0a	549	};