2 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
5 * This software is available to you under a choice of one of two
6 * licenses. You may choose to be licensed under the terms of the GNU
7 * General Public License (GPL) Version 2, available from the file
8 * COPYING in the main directory of this source tree, or the
9 * OpenIB.org BSD license below:
11 * Redistribution and use in source and binary forms, with or
12 * without modification, are permitted provided that the following
15 * - Redistributions of source code must retain the above
16 * copyright notice, this list of conditions and the following
19 * - Redistributions in binary form must reproduce the above
20 * copyright notice, this list of conditions and the following
21 * disclaimer in the documentation and/or other materials
22 * provided with the distribution.
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34 #include <linux/module.h>
37 #include <net/inet_common.h>
38 #include <linux/highmem.h>
39 #include <linux/netdevice.h>
40 #include <linux/sched/signal.h>
41 #include <linux/inetdevice.h>
45 MODULE_AUTHOR("Mellanox Technologies");
46 MODULE_DESCRIPTION("Transport Layer Security Support");
47 MODULE_LICENSE("Dual BSD/GPL");
48 MODULE_ALIAS_TCP_ULP("tls");
56 static struct proto
*saved_tcpv6_prot
;
57 static DEFINE_MUTEX(tcpv6_prot_mutex
);
58 static struct proto
*saved_tcpv4_prot
;
59 static DEFINE_MUTEX(tcpv4_prot_mutex
);
60 static LIST_HEAD(device_list
);
61 static DEFINE_SPINLOCK(device_spinlock
);
62 static struct proto tls_prots
[TLS_NUM_PROTS
][TLS_NUM_CONFIG
][TLS_NUM_CONFIG
];
63 static struct proto_ops tls_sw_proto_ops
;
64 static void build_protos(struct proto prot
[TLS_NUM_CONFIG
][TLS_NUM_CONFIG
],
67 static void update_sk_prot(struct sock
*sk
, struct tls_context
*ctx
)
69 int ip_ver
= sk
->sk_family
== AF_INET6
? TLSV6
: TLSV4
;
71 sk
->sk_prot
= &tls_prots
[ip_ver
][ctx
->tx_conf
][ctx
->rx_conf
];
74 int wait_on_pending_writer(struct sock
*sk
, long *timeo
)
77 DEFINE_WAIT_FUNC(wait
, woken_wake_function
);
79 add_wait_queue(sk_sleep(sk
), &wait
);
86 if (signal_pending(current
)) {
87 rc
= sock_intr_errno(*timeo
);
91 if (sk_wait_event(sk
, timeo
, !sk
->sk_write_pending
, &wait
))
94 remove_wait_queue(sk_sleep(sk
), &wait
);
98 int tls_push_sg(struct sock
*sk
,
99 struct tls_context
*ctx
,
100 struct scatterlist
*sg
,
104 int sendpage_flags
= flags
| MSG_SENDPAGE_NOTLAST
;
108 int offset
= first_offset
;
110 size
= sg
->length
- offset
;
111 offset
+= sg
->offset
;
113 ctx
->in_tcp_sendpages
= true;
116 sendpage_flags
= flags
;
118 /* is sending application-limited? */
119 tcp_rate_check_app_limited(sk
);
122 ret
= do_tcp_sendpages(sk
, p
, offset
, size
, sendpage_flags
);
131 offset
-= sg
->offset
;
132 ctx
->partially_sent_offset
= offset
;
133 ctx
->partially_sent_record
= (void *)sg
;
134 ctx
->in_tcp_sendpages
= false;
139 sk_mem_uncharge(sk
, sg
->length
);
148 ctx
->in_tcp_sendpages
= false;
153 static int tls_handle_open_record(struct sock
*sk
, int flags
)
155 struct tls_context
*ctx
= tls_get_ctx(sk
);
157 if (tls_is_pending_open_record(ctx
))
158 return ctx
->push_pending_record(sk
, flags
);
163 int tls_proccess_cmsg(struct sock
*sk
, struct msghdr
*msg
,
164 unsigned char *record_type
)
166 struct cmsghdr
*cmsg
;
169 for_each_cmsghdr(cmsg
, msg
) {
170 if (!CMSG_OK(msg
, cmsg
))
172 if (cmsg
->cmsg_level
!= SOL_TLS
)
175 switch (cmsg
->cmsg_type
) {
176 case TLS_SET_RECORD_TYPE
:
177 if (cmsg
->cmsg_len
< CMSG_LEN(sizeof(*record_type
)))
180 if (msg
->msg_flags
& MSG_MORE
)
183 rc
= tls_handle_open_record(sk
, msg
->msg_flags
);
187 *record_type
= *(unsigned char *)CMSG_DATA(cmsg
);
198 int tls_push_partial_record(struct sock
*sk
, struct tls_context
*ctx
,
201 struct scatterlist
*sg
;
204 sg
= ctx
->partially_sent_record
;
205 offset
= ctx
->partially_sent_offset
;
207 ctx
->partially_sent_record
= NULL
;
208 return tls_push_sg(sk
, ctx
, sg
, offset
, flags
);
211 bool tls_free_partial_record(struct sock
*sk
, struct tls_context
*ctx
)
213 struct scatterlist
*sg
;
215 sg
= ctx
->partially_sent_record
;
220 put_page(sg_page(sg
));
221 sk_mem_uncharge(sk
, sg
->length
);
227 ctx
->partially_sent_record
= NULL
;
231 static void tls_write_space(struct sock
*sk
)
233 struct tls_context
*ctx
= tls_get_ctx(sk
);
235 /* If in_tcp_sendpages call lower protocol write space handler
236 * to ensure we wake up any waiting operations there. For example
237 * if do_tcp_sendpages where to call sk_wait_event.
239 if (ctx
->in_tcp_sendpages
) {
240 ctx
->sk_write_space(sk
);
244 #ifdef CONFIG_TLS_DEVICE
245 if (ctx
->tx_conf
== TLS_HW
)
246 tls_device_write_space(sk
, ctx
);
249 tls_sw_write_space(sk
, ctx
);
251 ctx
->sk_write_space(sk
);
254 void tls_ctx_free(struct tls_context
*ctx
)
259 memzero_explicit(&ctx
->crypto_send
, sizeof(ctx
->crypto_send
));
260 memzero_explicit(&ctx
->crypto_recv
, sizeof(ctx
->crypto_recv
));
264 static void tls_sk_proto_close(struct sock
*sk
, long timeout
)
266 struct tls_context
*ctx
= tls_get_ctx(sk
);
267 long timeo
= sock_sndtimeo(sk
, 0);
268 void (*sk_proto_close
)(struct sock
*sk
, long timeout
);
269 bool free_ctx
= false;
272 sk_proto_close
= ctx
->sk_proto_close
;
274 if (ctx
->tx_conf
== TLS_HW_RECORD
&& ctx
->rx_conf
== TLS_HW_RECORD
)
275 goto skip_tx_cleanup
;
277 if (ctx
->tx_conf
== TLS_BASE
&& ctx
->rx_conf
== TLS_BASE
) {
279 goto skip_tx_cleanup
;
282 if (unlikely(sk
->sk_write_pending
) &&
283 !wait_on_pending_writer(sk
, &timeo
))
284 tls_handle_open_record(sk
, 0);
286 /* We need these for tls_sw_fallback handling of other packets */
287 if (ctx
->tx_conf
== TLS_SW
) {
288 kfree(ctx
->tx
.rec_seq
);
290 tls_sw_free_resources_tx(sk
);
291 #ifdef CONFIG_TLS_DEVICE
292 } else if (ctx
->tx_conf
== TLS_HW
) {
293 tls_device_free_resources_tx(sk
);
297 if (ctx
->rx_conf
== TLS_SW
)
298 tls_sw_free_resources_rx(sk
);
300 #ifdef CONFIG_TLS_DEVICE
301 if (ctx
->rx_conf
== TLS_HW
)
302 tls_device_offload_cleanup_rx(sk
);
304 if (ctx
->tx_conf
!= TLS_HW
&& ctx
->rx_conf
!= TLS_HW
) {
314 sk_proto_close(sk
, timeout
);
315 /* free ctx for TLS_HW_RECORD, used by tcp_set_state
316 * for sk->sk_prot->unhash [tls_hw_unhash]
322 static int do_tls_getsockopt_tx(struct sock
*sk
, char __user
*optval
,
326 struct tls_context
*ctx
= tls_get_ctx(sk
);
327 struct tls_crypto_info
*crypto_info
;
330 if (get_user(len
, optlen
))
333 if (!optval
|| (len
< sizeof(*crypto_info
))) {
343 /* get user crypto info */
344 crypto_info
= &ctx
->crypto_send
.info
;
346 if (!TLS_CRYPTO_INFO_READY(crypto_info
)) {
351 if (len
== sizeof(*crypto_info
)) {
352 if (copy_to_user(optval
, crypto_info
, sizeof(*crypto_info
)))
357 switch (crypto_info
->cipher_type
) {
358 case TLS_CIPHER_AES_GCM_128
: {
359 struct tls12_crypto_info_aes_gcm_128
*
360 crypto_info_aes_gcm_128
=
361 container_of(crypto_info
,
362 struct tls12_crypto_info_aes_gcm_128
,
365 if (len
!= sizeof(*crypto_info_aes_gcm_128
)) {
370 memcpy(crypto_info_aes_gcm_128
->iv
,
371 ctx
->tx
.iv
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE
,
372 TLS_CIPHER_AES_GCM_128_IV_SIZE
);
373 memcpy(crypto_info_aes_gcm_128
->rec_seq
, ctx
->tx
.rec_seq
,
374 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE
);
376 if (copy_to_user(optval
,
377 crypto_info_aes_gcm_128
,
378 sizeof(*crypto_info_aes_gcm_128
)))
382 case TLS_CIPHER_AES_GCM_256
: {
383 struct tls12_crypto_info_aes_gcm_256
*
384 crypto_info_aes_gcm_256
=
385 container_of(crypto_info
,
386 struct tls12_crypto_info_aes_gcm_256
,
389 if (len
!= sizeof(*crypto_info_aes_gcm_256
)) {
394 memcpy(crypto_info_aes_gcm_256
->iv
,
395 ctx
->tx
.iv
+ TLS_CIPHER_AES_GCM_256_SALT_SIZE
,
396 TLS_CIPHER_AES_GCM_256_IV_SIZE
);
397 memcpy(crypto_info_aes_gcm_256
->rec_seq
, ctx
->tx
.rec_seq
,
398 TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE
);
400 if (copy_to_user(optval
,
401 crypto_info_aes_gcm_256
,
402 sizeof(*crypto_info_aes_gcm_256
)))
414 static int do_tls_getsockopt(struct sock
*sk
, int optname
,
415 char __user
*optval
, int __user
*optlen
)
421 rc
= do_tls_getsockopt_tx(sk
, optval
, optlen
);
430 static int tls_getsockopt(struct sock
*sk
, int level
, int optname
,
431 char __user
*optval
, int __user
*optlen
)
433 struct tls_context
*ctx
= tls_get_ctx(sk
);
435 if (level
!= SOL_TLS
)
436 return ctx
->getsockopt(sk
, level
, optname
, optval
, optlen
);
438 return do_tls_getsockopt(sk
, optname
, optval
, optlen
);
441 static int do_tls_setsockopt_conf(struct sock
*sk
, char __user
*optval
,
442 unsigned int optlen
, int tx
)
444 struct tls_crypto_info
*crypto_info
;
445 struct tls_crypto_info
*alt_crypto_info
;
446 struct tls_context
*ctx
= tls_get_ctx(sk
);
451 if (!optval
|| (optlen
< sizeof(*crypto_info
))) {
457 crypto_info
= &ctx
->crypto_send
.info
;
458 alt_crypto_info
= &ctx
->crypto_recv
.info
;
460 crypto_info
= &ctx
->crypto_recv
.info
;
461 alt_crypto_info
= &ctx
->crypto_send
.info
;
464 /* Currently we don't support set crypto info more than one time */
465 if (TLS_CRYPTO_INFO_READY(crypto_info
)) {
470 rc
= copy_from_user(crypto_info
, optval
, sizeof(*crypto_info
));
473 goto err_crypto_info
;
477 if (crypto_info
->version
!= TLS_1_2_VERSION
&&
478 crypto_info
->version
!= TLS_1_3_VERSION
) {
480 goto err_crypto_info
;
483 /* Ensure that TLS version and ciphers are same in both directions */
484 if (TLS_CRYPTO_INFO_READY(alt_crypto_info
)) {
485 if (alt_crypto_info
->version
!= crypto_info
->version
||
486 alt_crypto_info
->cipher_type
!= crypto_info
->cipher_type
) {
488 goto err_crypto_info
;
492 switch (crypto_info
->cipher_type
) {
493 case TLS_CIPHER_AES_GCM_128
:
494 optsize
= sizeof(struct tls12_crypto_info_aes_gcm_128
);
496 case TLS_CIPHER_AES_GCM_256
: {
497 optsize
= sizeof(struct tls12_crypto_info_aes_gcm_256
);
500 case TLS_CIPHER_AES_CCM_128
:
501 optsize
= sizeof(struct tls12_crypto_info_aes_ccm_128
);
505 goto err_crypto_info
;
508 if (optlen
!= optsize
) {
510 goto err_crypto_info
;
513 rc
= copy_from_user(crypto_info
+ 1, optval
+ sizeof(*crypto_info
),
514 optlen
- sizeof(*crypto_info
));
517 goto err_crypto_info
;
521 #ifdef CONFIG_TLS_DEVICE
522 rc
= tls_set_device_offload(sk
, ctx
);
528 rc
= tls_set_sw_offload(sk
, ctx
, 1);
532 #ifdef CONFIG_TLS_DEVICE
533 rc
= tls_set_device_offload_rx(sk
, ctx
);
539 rc
= tls_set_sw_offload(sk
, ctx
, 0);
545 goto err_crypto_info
;
551 update_sk_prot(sk
, ctx
);
553 ctx
->sk_write_space
= sk
->sk_write_space
;
554 sk
->sk_write_space
= tls_write_space
;
556 sk
->sk_socket
->ops
= &tls_sw_proto_ops
;
561 memzero_explicit(crypto_info
, sizeof(union tls_crypto_context
));
566 static int do_tls_setsockopt(struct sock
*sk
, int optname
,
567 char __user
*optval
, unsigned int optlen
)
575 rc
= do_tls_setsockopt_conf(sk
, optval
, optlen
,
586 static int tls_setsockopt(struct sock
*sk
, int level
, int optname
,
587 char __user
*optval
, unsigned int optlen
)
589 struct tls_context
*ctx
= tls_get_ctx(sk
);
591 if (level
!= SOL_TLS
)
592 return ctx
->setsockopt(sk
, level
, optname
, optval
, optlen
);
594 return do_tls_setsockopt(sk
, optname
, optval
, optlen
);
597 static struct tls_context
*create_ctx(struct sock
*sk
)
599 struct inet_connection_sock
*icsk
= inet_csk(sk
);
600 struct tls_context
*ctx
;
602 ctx
= kzalloc(sizeof(*ctx
), GFP_ATOMIC
);
606 icsk
->icsk_ulp_data
= ctx
;
607 ctx
->setsockopt
= sk
->sk_prot
->setsockopt
;
608 ctx
->getsockopt
= sk
->sk_prot
->getsockopt
;
609 ctx
->sk_proto_close
= sk
->sk_prot
->close
;
613 static void tls_build_proto(struct sock
*sk
)
615 int ip_ver
= sk
->sk_family
== AF_INET6
? TLSV6
: TLSV4
;
617 /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
618 if (ip_ver
== TLSV6
&&
619 unlikely(sk
->sk_prot
!= smp_load_acquire(&saved_tcpv6_prot
))) {
620 mutex_lock(&tcpv6_prot_mutex
);
621 if (likely(sk
->sk_prot
!= saved_tcpv6_prot
)) {
622 build_protos(tls_prots
[TLSV6
], sk
->sk_prot
);
623 smp_store_release(&saved_tcpv6_prot
, sk
->sk_prot
);
625 mutex_unlock(&tcpv6_prot_mutex
);
628 if (ip_ver
== TLSV4
&&
629 unlikely(sk
->sk_prot
!= smp_load_acquire(&saved_tcpv4_prot
))) {
630 mutex_lock(&tcpv4_prot_mutex
);
631 if (likely(sk
->sk_prot
!= saved_tcpv4_prot
)) {
632 build_protos(tls_prots
[TLSV4
], sk
->sk_prot
);
633 smp_store_release(&saved_tcpv4_prot
, sk
->sk_prot
);
635 mutex_unlock(&tcpv4_prot_mutex
);
639 static void tls_hw_sk_destruct(struct sock
*sk
)
641 struct tls_context
*ctx
= tls_get_ctx(sk
);
642 struct inet_connection_sock
*icsk
= inet_csk(sk
);
644 ctx
->sk_destruct(sk
);
647 icsk
->icsk_ulp_data
= NULL
;
650 static int tls_hw_prot(struct sock
*sk
)
652 struct tls_context
*ctx
;
653 struct tls_device
*dev
;
656 spin_lock_bh(&device_spinlock
);
657 list_for_each_entry(dev
, &device_list
, dev_list
) {
658 if (dev
->feature
&& dev
->feature(dev
)) {
659 ctx
= create_ctx(sk
);
663 spin_unlock_bh(&device_spinlock
);
665 ctx
->hash
= sk
->sk_prot
->hash
;
666 ctx
->unhash
= sk
->sk_prot
->unhash
;
667 ctx
->sk_proto_close
= sk
->sk_prot
->close
;
668 ctx
->sk_destruct
= sk
->sk_destruct
;
669 sk
->sk_destruct
= tls_hw_sk_destruct
;
670 ctx
->rx_conf
= TLS_HW_RECORD
;
671 ctx
->tx_conf
= TLS_HW_RECORD
;
672 update_sk_prot(sk
, ctx
);
673 spin_lock_bh(&device_spinlock
);
679 spin_unlock_bh(&device_spinlock
);
683 static void tls_hw_unhash(struct sock
*sk
)
685 struct tls_context
*ctx
= tls_get_ctx(sk
);
686 struct tls_device
*dev
;
688 spin_lock_bh(&device_spinlock
);
689 list_for_each_entry(dev
, &device_list
, dev_list
) {
691 kref_get(&dev
->kref
);
692 spin_unlock_bh(&device_spinlock
);
693 dev
->unhash(dev
, sk
);
694 kref_put(&dev
->kref
, dev
->release
);
695 spin_lock_bh(&device_spinlock
);
698 spin_unlock_bh(&device_spinlock
);
702 static int tls_hw_hash(struct sock
*sk
)
704 struct tls_context
*ctx
= tls_get_ctx(sk
);
705 struct tls_device
*dev
;
709 spin_lock_bh(&device_spinlock
);
710 list_for_each_entry(dev
, &device_list
, dev_list
) {
712 kref_get(&dev
->kref
);
713 spin_unlock_bh(&device_spinlock
);
714 err
|= dev
->hash(dev
, sk
);
715 kref_put(&dev
->kref
, dev
->release
);
716 spin_lock_bh(&device_spinlock
);
719 spin_unlock_bh(&device_spinlock
);
726 static void build_protos(struct proto prot
[TLS_NUM_CONFIG
][TLS_NUM_CONFIG
],
729 prot
[TLS_BASE
][TLS_BASE
] = *base
;
730 prot
[TLS_BASE
][TLS_BASE
].setsockopt
= tls_setsockopt
;
731 prot
[TLS_BASE
][TLS_BASE
].getsockopt
= tls_getsockopt
;
732 prot
[TLS_BASE
][TLS_BASE
].close
= tls_sk_proto_close
;
734 prot
[TLS_SW
][TLS_BASE
] = prot
[TLS_BASE
][TLS_BASE
];
735 prot
[TLS_SW
][TLS_BASE
].sendmsg
= tls_sw_sendmsg
;
736 prot
[TLS_SW
][TLS_BASE
].sendpage
= tls_sw_sendpage
;
738 prot
[TLS_BASE
][TLS_SW
] = prot
[TLS_BASE
][TLS_BASE
];
739 prot
[TLS_BASE
][TLS_SW
].recvmsg
= tls_sw_recvmsg
;
740 prot
[TLS_BASE
][TLS_SW
].stream_memory_read
= tls_sw_stream_read
;
741 prot
[TLS_BASE
][TLS_SW
].close
= tls_sk_proto_close
;
743 prot
[TLS_SW
][TLS_SW
] = prot
[TLS_SW
][TLS_BASE
];
744 prot
[TLS_SW
][TLS_SW
].recvmsg
= tls_sw_recvmsg
;
745 prot
[TLS_SW
][TLS_SW
].stream_memory_read
= tls_sw_stream_read
;
746 prot
[TLS_SW
][TLS_SW
].close
= tls_sk_proto_close
;
748 #ifdef CONFIG_TLS_DEVICE
749 prot
[TLS_HW
][TLS_BASE
] = prot
[TLS_BASE
][TLS_BASE
];
750 prot
[TLS_HW
][TLS_BASE
].sendmsg
= tls_device_sendmsg
;
751 prot
[TLS_HW
][TLS_BASE
].sendpage
= tls_device_sendpage
;
753 prot
[TLS_HW
][TLS_SW
] = prot
[TLS_BASE
][TLS_SW
];
754 prot
[TLS_HW
][TLS_SW
].sendmsg
= tls_device_sendmsg
;
755 prot
[TLS_HW
][TLS_SW
].sendpage
= tls_device_sendpage
;
757 prot
[TLS_BASE
][TLS_HW
] = prot
[TLS_BASE
][TLS_SW
];
759 prot
[TLS_SW
][TLS_HW
] = prot
[TLS_SW
][TLS_SW
];
761 prot
[TLS_HW
][TLS_HW
] = prot
[TLS_HW
][TLS_SW
];
764 prot
[TLS_HW_RECORD
][TLS_HW_RECORD
] = *base
;
765 prot
[TLS_HW_RECORD
][TLS_HW_RECORD
].hash
= tls_hw_hash
;
766 prot
[TLS_HW_RECORD
][TLS_HW_RECORD
].unhash
= tls_hw_unhash
;
767 prot
[TLS_HW_RECORD
][TLS_HW_RECORD
].close
= tls_sk_proto_close
;
770 static int tls_init(struct sock
*sk
)
772 struct tls_context
*ctx
;
778 /* The TLS ulp is currently supported only for TCP sockets
779 * in ESTABLISHED state.
780 * Supporting sockets in LISTEN state will require us
781 * to modify the accept implementation to clone rather then
782 * share the ulp context.
784 if (sk
->sk_state
!= TCP_ESTABLISHED
)
787 /* allocate tls context */
788 ctx
= create_ctx(sk
);
795 ctx
->tx_conf
= TLS_BASE
;
796 ctx
->rx_conf
= TLS_BASE
;
797 update_sk_prot(sk
, ctx
);
802 void tls_register_device(struct tls_device
*device
)
804 spin_lock_bh(&device_spinlock
);
805 list_add_tail(&device
->dev_list
, &device_list
);
806 spin_unlock_bh(&device_spinlock
);
808 EXPORT_SYMBOL(tls_register_device
);
810 void tls_unregister_device(struct tls_device
*device
)
812 spin_lock_bh(&device_spinlock
);
813 list_del(&device
->dev_list
);
814 spin_unlock_bh(&device_spinlock
);
816 EXPORT_SYMBOL(tls_unregister_device
);
818 static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly
= {
820 .owner
= THIS_MODULE
,
824 static int __init
tls_register(void)
826 tls_sw_proto_ops
= inet_stream_ops
;
827 tls_sw_proto_ops
.splice_read
= tls_sw_splice_read
;
829 #ifdef CONFIG_TLS_DEVICE
832 tcp_register_ulp(&tcp_tls_ulp_ops
);
837 static void __exit
tls_unregister(void)
839 tcp_unregister_ulp(&tcp_tls_ulp_ops
);
840 #ifdef CONFIG_TLS_DEVICE
841 tls_device_cleanup();
845 module_init(tls_register
);
846 module_exit(tls_unregister
);