diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/alert.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 7 | ||||
-rw-r--r-- | lib/handshake.c | 12 | ||||
-rw-r--r-- | lib/includes/gnutls/socket.h | 2 | ||||
-rw-r--r-- | lib/libgnutls.map | 1 | ||||
-rw-r--r-- | lib/record.c | 8 | ||||
-rw-r--r-- | lib/system/ktls.c | 339 | ||||
-rw-r--r-- | lib/system/ktls.h | 8 |
8 files changed, 202 insertions, 177 deletions
diff --git a/lib/alert.c b/lib/alert.c index eda931a1c5..28ee91b13f 100644 --- a/lib/alert.c +++ b/lib/alert.c @@ -182,7 +182,7 @@ gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level, return ret; } - if (IS_KTLS_ENABLED(session)) { + if (IS_KTLS_ENABLED(session, KTLS_SEND)) { ret = _gnutls_ktls_send_control_msg(session, GNUTLS_ALERT, data, 2); } else { diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1dbe404857..a660828a57 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -176,7 +176,7 @@ typedef enum record_send_state_t { #define IS_DTLS(session) (session->internals.transport == GNUTLS_DGRAM) /* To check whether we have a KTLS enabled */ -#define IS_KTLS_ENABLED(session) (session->internals.ktls_enabled) +#define IS_KTLS_ENABLED(session, interface) (session->internals.ktls_enabled & interface) /* the maximum size of encrypted packets */ #define DEFAULT_MAX_RECORD_SIZE 16384 @@ -1495,10 +1495,7 @@ typedef struct { void *epoch_lock; /* indicates whether or not was KTLS initialized properly. */ - bool ktls_enabled; - int recv_fd; - int send_fd; - + int ktls_enabled; /* If you add anything here, check _gnutls_handshake_internal_state_clear(). */ } internals_st; diff --git a/lib/handshake.c b/lib/handshake.c index 9d36446e54..4ddfa66afe 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2811,10 +2811,8 @@ int gnutls_handshake(gnutls_session_t session) int ret; #ifdef ENABLE_KTLS - int sockin, sockout; - gnutls_transport_get_int2(session, &sockin, &sockout); - _gnutls_ktls_enable(session, sockin, sockout); -#endif + _gnutls_ktls_enable(session); +#endif if (unlikely(session->internals.initial_negotiation_completed)) { if (vers->tls13_sem) { @@ -2912,10 +2910,8 @@ int gnutls_handshake(gnutls_session_t session) } #ifdef ENABLE_KTLS - if (IS_KTLS_ENABLED(session)) { - ret = _gnutls_ktls_set_keys(session); - if (ret < 0) - return ret; + if (IS_KTLS_ENABLED(session, KTLS_DUPLEX)) { + _gnutls_ktls_set_keys(session); } #endif diff --git a/lib/includes/gnutls/socket.h b/lib/includes/gnutls/socket.h index 64eb19f896..82f8d2f094 100644 --- a/lib/includes/gnutls/socket.h +++ b/lib/includes/gnutls/socket.h @@ -43,6 +43,8 @@ void gnutls_transport_set_fastopen(gnutls_session_t session, socklen_t connect_addrlen, unsigned int flags); +int gnutls_transport_is_ktls_enabled(gnutls_session_t session); + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/lib/libgnutls.map b/lib/libgnutls.map index dc50c6dba9..109837a5b5 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1363,6 +1363,7 @@ GNUTLS_3_7_3 gnutls_sign_set_secure_for_certs; gnutls_digest_set_secure; gnutls_protocol_set_enabled; + gnutls_transport_is_ktls_enabled; local: *; } GNUTLS_3_7_2; diff --git a/lib/record.c b/lib/record.c index ebc07d9e1c..d7f8724352 100644 --- a/lib/record.c +++ b/lib/record.c @@ -289,7 +289,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) switch (BYE_STATE) { case BYE_STATE0: - if (!IS_KTLS_ENABLED(session)) + if (!IS_KTLS_ENABLED(session, KTLS_SEND)) ret = _gnutls_io_write_flush(session); BYE_STATE = BYE_STATE0; if (ret < 0) { @@ -309,7 +309,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) case BYE_STATE2: BYE_STATE = BYE_STATE2; if (how == GNUTLS_SHUT_RDWR) { - if (IS_KTLS_ENABLED(session)){ + if (IS_KTLS_ENABLED(session, KTLS_SEND)){ do { ret = _gnutls_ktls_recv_int(session, GNUTLS_ALERT, NULL, 0); @@ -2035,7 +2035,7 @@ gnutls_record_send2(gnutls_session_t session, const void *data, switch(session->internals.rsend_state) { case RECORD_SEND_NORMAL: - if (IS_KTLS_ENABLED(session)) { + if (IS_KTLS_ENABLED(session, KTLS_SEND)) { return _gnutls_ktls_send(session, data, data_size); } else { return _gnutls_send_tlen_int(session, GNUTLS_APPLICATION_DATA, @@ -2306,7 +2306,7 @@ gnutls_record_recv(gnutls_session_t session, void *data, size_t data_size) return gnutls_assert_val(GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE); } - if (IS_KTLS_ENABLED(session)) { + if (IS_KTLS_ENABLED(session, KTLS_RECV)) { return _gnutls_ktls_recv(session, data, data_size); } else { return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, diff --git a/lib/system/ktls.c b/lib/system/ktls.c index 7ab1d3215d..c54653b498 100644 --- a/lib/system/ktls.c +++ b/lib/system/ktls.c @@ -34,34 +34,37 @@ #include "ext/session_ticket.h" /** - * gnutls_transport_set_ktls: + * gnutls_transport_is_ktls_enabled: * @session: is a #gnutls_session_t type. - * @sockin: is a socket descriptor. - * @sockout: is a socket descriptor. * - * Enables Kernel TLS for the @session - * Requieres `tls` kernel module and - * gnutls configuration with `--enable-ktls` + * Checks if KTLS is now enabled and was properly inicialized. * - * Returns: 0 on success error otherwise + * Returns: 1 for enabled, 0 otherwise * * Since: 3.7.2 **/ -int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout) +int gnutls_transport_is_ktls_enabled(gnutls_session_t session){ + if (unlikely(!session->internals.initial_negotiation_completed)) + return gnutls_assert_val(GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE); + + return session->internals.ktls_enabled; +} + +int _gnutls_ktls_enable(gnutls_session_t session) { - if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + int sockin, sockout; + session->internals.ktls_enabled = 0; + gnutls_transport_get_int2(session, &sockin, &sockout); - session->internals.recv_fd = sockin; - session->internals.send_fd = sockin; + if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) + session->internals.ktls_enabled |= KTLS_RECV; - if (sockin != sockout){ - if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - session->internals.send_fd = sockout; - } + if (sockin != sockout) { + if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) + session->internals.ktls_enabled |= KTLS_SEND; + } else + session->internals.ktls_enabled |= KTLS_SEND; - session->internals.ktls_enabled = 1; return 0; } @@ -72,9 +75,10 @@ int _gnutls_ktls_set_keys(gnutls_session_t session) gnutls_datum_t iv; gnutls_datum_t cipher_key; unsigned char seq_number[8]; + int sockin, sockout; int ret; - session->internals.ktls_enabled = 0; + gnutls_transport_get_int2(session, &sockin, &sockout); /* check whether or not cipher suite supports ktls */ @@ -85,164 +89,174 @@ int _gnutls_ktls_set_keys(gnutls_session_t session) return GNUTLS_E_UNIMPLEMENTED_FEATURE; } - version = (version == GNUTLS_TLS1_2) ? TLS_1_2_VERSION : TLS_1_3_VERSION; - ret = gnutls_record_get_state(session, 1, &mac_key, &iv, &cipher_key, seq_number); if (ret < 0) { return ret; } - switch (cipher) { - case GNUTLS_CIPHER_AES_128_GCM: - { - struct tls12_crypto_info_aes_gcm_128 crypto_info; - - crypto_info.info.version = version; - crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; - - assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE); - - /* for TLS 1.2 IV is generated in kernel */ - if (version == TLS_1_2_VERSION) { - assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE); - } else { - assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE - + TLS_CIPHER_AES_GCM_128_IV_SIZE); - - memcpy(crypto_info.iv, iv.data + - TLS_CIPHER_AES_GCM_128_SALT_SIZE, - TLS_CIPHER_AES_GCM_128_IV_SIZE); + if(session->internals.ktls_enabled & KTLS_RECV){ + switch (cipher) { + case GNUTLS_CIPHER_AES_128_GCM: + { + struct tls12_crypto_info_aes_gcm_128 crypto_info; + memset(&crypto_info, 0, sizeof(crypto_info)); + + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; + assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == GNUTLS_TLS1_2) { + crypto_info.info.version = TLS_1_2_VERSION; + memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_128_IV_SIZE); + } else { + crypto_info.info.version = TLS_1_3_VERSION; + assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE + + TLS_CIPHER_AES_GCM_128_IV_SIZE); + + memcpy(crypto_info.iv, iv.data + + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + TLS_CIPHER_AES_GCM_128_IV_SIZE); + } + + memcpy(crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + if (setsockopt (sockin, SOL_TLS, TLS_RX, + &crypto_info, sizeof (crypto_info))) { + session->internals.ktls_enabled ^= KTLS_RECV; + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } } - - memcpy(crypto_info.salt, iv.data, - TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(crypto_info.rec_seq, seq_number, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(crypto_info.key, cipher_key.data, - TLS_CIPHER_AES_GCM_128_KEY_SIZE); - - if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX, - &crypto_info, sizeof (crypto_info))) { - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - } - } - break; - case GNUTLS_CIPHER_AES_256_GCM: - { - struct tls12_crypto_info_aes_gcm_256 crypto_info; - - crypto_info.info.version = version; - crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256; - - assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE); - - /* for TLS 1.2 IV is generated in kernel */ - if (version == TLS_1_2_VERSION) { - assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE); - } else { - assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE - + TLS_CIPHER_AES_GCM_256_IV_SIZE); - - memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE, - TLS_CIPHER_AES_GCM_256_IV_SIZE); - } - - memcpy(crypto_info.salt, iv.data, - TLS_CIPHER_AES_GCM_256_SALT_SIZE); - memcpy(crypto_info.rec_seq, seq_number, - TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); - memcpy(crypto_info.key, cipher_key.data, - TLS_CIPHER_AES_GCM_256_KEY_SIZE); - - if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX, - &crypto_info, sizeof(crypto_info))) { - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + break; + case GNUTLS_CIPHER_AES_256_GCM: + { + struct tls12_crypto_info_aes_gcm_256 crypto_info; + memset(&crypto_info, 0, sizeof(crypto_info)); + + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256; + assert (cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == GNUTLS_TLS1_2) { + crypto_info.info.version = TLS_1_2_VERSION; + memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_256_IV_SIZE); + } else { + crypto_info.info.version = TLS_1_3_VERSION; + assert (iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE + + TLS_CIPHER_AES_GCM_256_IV_SIZE); + + memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE, + TLS_CIPHER_AES_GCM_256_IV_SIZE); + } + + memcpy (crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_256_SALT_SIZE); + memcpy (crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + memcpy (crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + if (setsockopt (sockin, SOL_TLS, TLS_RX, + &crypto_info, sizeof (crypto_info))) { + session->internals.ktls_enabled ^= KTLS_RECV; + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } } + break; + default: + assert(0); } - break; - default: - assert(0); } - ret = gnutls_record_get_state(session, 0, &mac_key, &iv, &cipher_key, + ret = gnutls_record_get_state (session, 0, &mac_key, &iv, &cipher_key, seq_number); if (ret < 0) { return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } - switch (cipher) { - case GNUTLS_CIPHER_AES_128_GCM: - { - struct tls12_crypto_info_aes_gcm_128 crypto_info; + if(session->internals.ktls_enabled & KTLS_SEND){ + switch (cipher) { + case GNUTLS_CIPHER_AES_128_GCM: + { + struct tls12_crypto_info_aes_gcm_128 crypto_info; + memset(&crypto_info, 0, sizeof(crypto_info)); - crypto_info.info.version = version; - crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; - assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE); + assert (cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE); - /* for TLS 1.2 IV is generated in kernel */ - if (version == TLS_1_2_VERSION) { - assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE); - } else { - assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE - + TLS_CIPHER_AES_GCM_128_IV_SIZE); + /* for TLS 1.2 IV is generated in kernel */ + if (version == GNUTLS_TLS1_2) { + crypto_info.info.version = TLS_1_2_VERSION; + memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_128_IV_SIZE); + } else { + crypto_info.info.version = TLS_1_3_VERSION; + assert (iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE + + TLS_CIPHER_AES_GCM_128_IV_SIZE); - memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_128_SALT_SIZE, - TLS_CIPHER_AES_GCM_128_IV_SIZE); - } - - memcpy(crypto_info.salt, iv.data, - TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(crypto_info.rec_seq, seq_number, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(crypto_info.key, cipher_key.data, - TLS_CIPHER_AES_GCM_128_KEY_SIZE); - - if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX, - &crypto_info, sizeof(crypto_info))) { - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - } - } - break; - case GNUTLS_CIPHER_AES_256_GCM: - { - struct tls12_crypto_info_aes_gcm_256 crypto_info; - - crypto_info.info.version = version; - crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256; - assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE); - - /* for TLS 1.2 IV is generated in kernel */ - if (version == TLS_1_2_VERSION) { - assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE); - } else { - assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE + - TLS_CIPHER_AES_GCM_256_IV_SIZE); - - memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE, - TLS_CIPHER_AES_GCM_256_IV_SIZE); + memcpy (crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + TLS_CIPHER_AES_GCM_128_IV_SIZE); + } + + memcpy (crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy (crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy (crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + if (setsockopt (sockout, SOL_TLS, TLS_TX, + &crypto_info, sizeof (crypto_info))) { + session->internals.ktls_enabled ^= KTLS_SEND; + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } } - - memcpy(crypto_info.salt, iv.data, - TLS_CIPHER_AES_GCM_256_SALT_SIZE); - memcpy(crypto_info.rec_seq, seq_number, - TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); - memcpy(crypto_info.key, cipher_key.data, - TLS_CIPHER_AES_GCM_256_KEY_SIZE); - - if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX, - &crypto_info, sizeof(crypto_info))) { - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + break; + case GNUTLS_CIPHER_AES_256_GCM: + { + struct tls12_crypto_info_aes_gcm_256 crypto_info; + memset(&crypto_info, 0, sizeof(crypto_info)); + + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256; + assert (cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == GNUTLS_TLS1_2) { + crypto_info.info.version = TLS_1_2_VERSION; + memcpy(crypto_info.iv, seq_number, TLS_CIPHER_AES_GCM_256_IV_SIZE); + } else { + crypto_info.info.version = TLS_1_3_VERSION; + assert (iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE + + TLS_CIPHER_AES_GCM_256_IV_SIZE); + + memcpy (crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE, + TLS_CIPHER_AES_GCM_256_IV_SIZE); + } + + memcpy (crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_256_SALT_SIZE); + memcpy (crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + memcpy (crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + if (setsockopt (sockout, SOL_TLS, TLS_TX, + &crypto_info, sizeof (crypto_info))) { + session->internals.ktls_enabled ^= KTLS_SEND; + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } } + break; + default: + assert(0); } - break; - default: - assert(0); - } - session->internals.ktls_enabled = 1; return 0; } @@ -251,8 +265,11 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, { const char *buf = data; ssize_t ret; + int sockin, sockout; - assert(session != NULL); + assert (session != NULL); + + gnutls_transport_get_int2(session, &sockin, &sockout); while (data_size > 0) { char cmsg[CMSG_SPACE(sizeof (unsigned char))]; @@ -278,7 +295,7 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, msg.msg_iov = &msg_iov; msg.msg_iovlen = 1; - ret = sendmsg(session->internals.send_fd, &msg, MSG_DONTWAIT); + ret = sendmsg(sockout, &msg, MSG_DONTWAIT); if (ret == -1) { switch (errno) { @@ -299,17 +316,20 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, } int _gnutls_ktls_recv_control_msg(gnutls_session_t session, - unsigned char *record_type, void *data, size_t data_size) + unsigned char *record_type, void *data, size_t data_size) { char *buf = data; ssize_t ret; + int sockin, sockout; char cmsg[CMSG_SPACE(sizeof (unsigned char))]; struct msghdr msg = { 0 }; struct iovec msg_iov; struct cmsghdr *hdr; - assert(session != NULL); + assert (session != NULL); + + gnutls_transport_get_int2(session, &sockin, &sockout); if (session->internals.read_eof != 0) { return 0; @@ -327,7 +347,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t session, msg.msg_iov = &msg_iov; msg.msg_iovlen = 1; - ret = recvmsg(session->internals.recv_fd, &msg, MSG_DONTWAIT); + ret = recvmsg(sockin, &msg, MSG_DONTWAIT); if (ret == -1){ switch(errno){ @@ -399,8 +419,11 @@ int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type, } #else //ENABLE_KTLS +int gnutls_transport_is_ktls_enabled(gnutls_session_t session){ + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +} -int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout){ +int _gnutls_ktls_enable(gnutls_session_t session){ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); } diff --git a/lib/system/ktls.h b/lib/system/ktls.h index 3955052f58..829799e212 100644 --- a/lib/system/ktls.h +++ b/lib/system/ktls.h @@ -3,7 +3,13 @@ #include "gnutls_int.h" -int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout); +enum{ + KTLS_RECV = 1, + KTLS_SEND, + KTLS_DUPLEX, +}; + +int _gnutls_ktls_enable(gnutls_session_t session); int _gnutls_ktls_set_keys(gnutls_session_t session); int _gnutls_ktls_send_control_msg(gnutls_session_t session, unsigned char record_type, const void *data, size_t data_size); |