1 files changed, 34 insertions, 17 deletions

diff --git a/lib/record.c b/lib/record.c
index 3f16ae6505..ebc07d9e1c 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -54,6 +54,7 @@
 #include <random.h>
 #include <xsize.h>
 #include "locks.h"
+#include "system/ktls.h"
 
 struct tls_record_st {
 	uint16_t header_size;
@@ -288,7 +289,8 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
 
 	switch (BYE_STATE) {
 	case BYE_STATE0:
-		ret = _gnutls_io_write_flush(session);
+		if (!IS_KTLS_ENABLED(session))
+			ret = _gnutls_io_write_flush(session);
 		BYE_STATE = BYE_STATE0;
 		if (ret < 0) {
 			gnutls_assert();
@@ -296,9 +298,8 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
 		}
 		FALLTHROUGH;
 	case BYE_STATE1:
-		ret =
-		    gnutls_alert_send(session, GNUTLS_AL_WARNING,
-				      GNUTLS_A_CLOSE_NOTIFY);
+		ret = gnutls_alert_send(session, GNUTLS_AL_WARNING,
+				GNUTLS_A_CLOSE_NOTIFY);
 		BYE_STATE = BYE_STATE1;
 		if (ret < 0) {
 			gnutls_assert();
@@ -308,14 +309,22 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
 	case BYE_STATE2:
 		BYE_STATE = BYE_STATE2;
 		if (how == GNUTLS_SHUT_RDWR) {
-			do {
-				ret =
-				    _gnutls_recv_int(session, GNUTLS_ALERT,
-						     NULL, 0, NULL,
-						     session->internals.
-						     record_timeout_ms);
+			if (IS_KTLS_ENABLED(session)){
+				do {
+					ret = _gnutls_ktls_recv_int(session,
+							GNUTLS_ALERT, NULL, 0);
+				}
+				while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
+			} else {
+				do {
+					ret =
+						_gnutls_recv_int(session, GNUTLS_ALERT,
+								 NULL, 0, NULL,
+								 session->internals.
+								 record_timeout_ms);
+				}
+				while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
 			}
-			while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
 
 			if (ret >= 0)
 				session->internals.may_not_read = 1;
@@ -2026,9 +2035,13 @@ gnutls_record_send2(gnutls_session_t session, const void *data,
 
 	switch(session->internals.rsend_state) {
 		case RECORD_SEND_NORMAL:
-			return _gnutls_send_tlen_int(session, GNUTLS_APPLICATION_DATA,
-						     -1, EPOCH_WRITE_CURRENT, data,
-						     data_size, pad, MBUFFER_FLUSH);
+			if (IS_KTLS_ENABLED(session)) {
+				return _gnutls_ktls_send(session, data, data_size);
+			} else {
+				return _gnutls_send_tlen_int(session, GNUTLS_APPLICATION_DATA,
+								 -1, EPOCH_WRITE_CURRENT, data,
+								 data_size, pad, MBUFFER_FLUSH);
+			}
 		case RECORD_SEND_CORKED:
 		case RECORD_SEND_CORKED_TO_KU:
 			return append_data_to_corked(session, data, data_size);
@@ -2293,9 +2306,13 @@ gnutls_record_recv(gnutls_session_t session, void *data, size_t data_size)
 			return gnutls_assert_val(GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE);
 	}
 
-	return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA,
-				data, data_size, NULL,
-				session->internals.record_timeout_ms);
+	if (IS_KTLS_ENABLED(session)) {
+		return _gnutls_ktls_recv(session, data, data_size);
+	} else {
+		return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA,
+					data, data_size, NULL,
+					session->internals.record_timeout_ms);
+	}
 }
 
 /**