aa906e2a49
This merges upstream patches from OpenSSL's master branch to add KTLS infrastructure for TLS 1.0-1.3 including both RX and TX offload and SSL_sendfile support on both Linux and FreeBSD. Note that TLS 1.3 only supports TX offload. A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with KTLS support. It defaults to enabled on amd64 and disabled on all other architectures. Reviewed by: jkim (earlier version) Approved by: secteam Obtained from: OpenSSL (patches from master) MFC after: 1 week Relnotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D28273
523 lines
16 KiB
Plaintext
523 lines
16 KiB
Plaintext
# $FreeBSD$
|
|
|
|
OPENSSL_1_1_0 {
|
|
global:
|
|
BIO_f_ssl;
|
|
BIO_new_buffer_ssl_connect;
|
|
BIO_new_ssl;
|
|
BIO_new_ssl_connect;
|
|
BIO_ssl_copy_session_id;
|
|
BIO_ssl_shutdown;
|
|
DTLS_client_method;
|
|
DTLS_method;
|
|
DTLS_server_method;
|
|
DTLSv1_2_client_method;
|
|
DTLSv1_2_method;
|
|
DTLSv1_2_server_method;
|
|
DTLSv1_client_method;
|
|
DTLSv1_listen;
|
|
DTLSv1_method;
|
|
DTLSv1_server_method;
|
|
ERR_load_SSL_strings;
|
|
OPENSSL_init_ssl;
|
|
PEM_read_SSL_SESSION;
|
|
PEM_read_bio_SSL_SESSION;
|
|
PEM_write_SSL_SESSION;
|
|
PEM_write_bio_SSL_SESSION;
|
|
SRP_Calc_A_param;
|
|
SSL_CIPHER_description;
|
|
SSL_CIPHER_find;
|
|
SSL_CIPHER_get_auth_nid;
|
|
SSL_CIPHER_get_bits;
|
|
SSL_CIPHER_get_cipher_nid;
|
|
SSL_CIPHER_get_digest_nid;
|
|
SSL_CIPHER_get_id;
|
|
SSL_CIPHER_get_kx_nid;
|
|
SSL_CIPHER_get_name;
|
|
SSL_CIPHER_get_version;
|
|
SSL_CIPHER_is_aead;
|
|
SSL_CIPHER_standard_name;
|
|
SSL_COMP_add_compression_method;
|
|
SSL_COMP_get_compression_methods;
|
|
SSL_COMP_get_name;
|
|
SSL_COMP_set0_compression_methods;
|
|
SSL_CONF_CTX_clear_flags;
|
|
SSL_CONF_CTX_finish;
|
|
SSL_CONF_CTX_free;
|
|
SSL_CONF_CTX_new;
|
|
SSL_CONF_CTX_set1_prefix;
|
|
SSL_CONF_CTX_set_flags;
|
|
SSL_CONF_CTX_set_ssl;
|
|
SSL_CONF_CTX_set_ssl_ctx;
|
|
SSL_CONF_cmd;
|
|
SSL_CONF_cmd_argv;
|
|
SSL_CONF_cmd_value_type;
|
|
SSL_CTX_SRP_CTX_free;
|
|
SSL_CTX_SRP_CTX_init;
|
|
SSL_CTX_add_client_CA;
|
|
SSL_CTX_add_client_custom_ext;
|
|
SSL_CTX_add_server_custom_ext;
|
|
SSL_CTX_add_session;
|
|
SSL_CTX_callback_ctrl;
|
|
SSL_CTX_check_private_key;
|
|
SSL_CTX_clear_options;
|
|
SSL_CTX_config;
|
|
SSL_CTX_ct_is_enabled;
|
|
SSL_CTX_ctrl;
|
|
SSL_CTX_dane_clear_flags;
|
|
SSL_CTX_dane_enable;
|
|
SSL_CTX_dane_mtype_set;
|
|
SSL_CTX_dane_set_flags;
|
|
SSL_CTX_enable_ct;
|
|
SSL_CTX_flush_sessions;
|
|
SSL_CTX_free;
|
|
SSL_CTX_get0_certificate;
|
|
SSL_CTX_get0_ctlog_store;
|
|
SSL_CTX_get0_param;
|
|
SSL_CTX_get0_privatekey;
|
|
SSL_CTX_get0_security_ex_data;
|
|
SSL_CTX_get_cert_store;
|
|
SSL_CTX_get_ciphers;
|
|
SSL_CTX_get_client_CA_list;
|
|
SSL_CTX_get_client_cert_cb;
|
|
SSL_CTX_get_default_passwd_cb;
|
|
SSL_CTX_get_default_passwd_cb_userdata;
|
|
SSL_CTX_get_ex_data;
|
|
SSL_CTX_get_info_callback;
|
|
SSL_CTX_get_options;
|
|
SSL_CTX_get_quiet_shutdown;
|
|
SSL_CTX_get_security_callback;
|
|
SSL_CTX_get_security_level;
|
|
SSL_CTX_get_ssl_method;
|
|
SSL_CTX_get_timeout;
|
|
SSL_CTX_get_verify_callback;
|
|
SSL_CTX_get_verify_depth;
|
|
SSL_CTX_get_verify_mode;
|
|
SSL_CTX_has_client_custom_ext;
|
|
SSL_CTX_load_verify_locations;
|
|
SSL_CTX_new;
|
|
SSL_CTX_remove_session;
|
|
SSL_CTX_sess_get_get_cb;
|
|
SSL_CTX_sess_get_new_cb;
|
|
SSL_CTX_sess_get_remove_cb;
|
|
SSL_CTX_sess_set_get_cb;
|
|
SSL_CTX_sess_set_new_cb;
|
|
SSL_CTX_sess_set_remove_cb;
|
|
SSL_CTX_sessions;
|
|
SSL_CTX_set0_ctlog_store;
|
|
SSL_CTX_set0_security_ex_data;
|
|
SSL_CTX_set1_param;
|
|
SSL_CTX_set_alpn_protos;
|
|
SSL_CTX_set_alpn_select_cb;
|
|
SSL_CTX_set_cert_cb;
|
|
SSL_CTX_set_cert_store;
|
|
SSL_CTX_set_cert_verify_callback;
|
|
SSL_CTX_set_cipher_list;
|
|
SSL_CTX_set_client_CA_list;
|
|
SSL_CTX_set_client_cert_cb;
|
|
SSL_CTX_set_client_cert_engine;
|
|
SSL_CTX_set_cookie_generate_cb;
|
|
SSL_CTX_set_cookie_verify_cb;
|
|
SSL_CTX_set_ct_validation_callback;
|
|
SSL_CTX_set_ctlog_list_file;
|
|
SSL_CTX_set_default_ctlog_list_file;
|
|
SSL_CTX_set_default_passwd_cb;
|
|
SSL_CTX_set_default_passwd_cb_userdata;
|
|
SSL_CTX_set_default_read_buffer_len;
|
|
SSL_CTX_set_default_verify_dir;
|
|
SSL_CTX_set_default_verify_file;
|
|
SSL_CTX_set_default_verify_paths;
|
|
SSL_CTX_set_ex_data;
|
|
SSL_CTX_set_generate_session_id;
|
|
SSL_CTX_set_info_callback;
|
|
SSL_CTX_set_msg_callback;
|
|
SSL_CTX_set_next_proto_select_cb;
|
|
SSL_CTX_set_next_protos_advertised_cb;
|
|
SSL_CTX_set_not_resumable_session_callback;
|
|
SSL_CTX_set_options;
|
|
SSL_CTX_set_psk_client_callback;
|
|
SSL_CTX_set_psk_server_callback;
|
|
SSL_CTX_set_purpose;
|
|
SSL_CTX_set_quiet_shutdown;
|
|
SSL_CTX_set_security_callback;
|
|
SSL_CTX_set_security_level;
|
|
SSL_CTX_set_session_id_context;
|
|
SSL_CTX_set_srp_cb_arg;
|
|
SSL_CTX_set_srp_client_pwd_callback;
|
|
SSL_CTX_set_srp_password;
|
|
SSL_CTX_set_srp_strength;
|
|
SSL_CTX_set_srp_username;
|
|
SSL_CTX_set_srp_username_callback;
|
|
SSL_CTX_set_srp_verify_param_callback;
|
|
SSL_CTX_set_ssl_version;
|
|
SSL_CTX_set_timeout;
|
|
SSL_CTX_set_tlsext_use_srtp;
|
|
SSL_CTX_set_tmp_dh_callback;
|
|
SSL_CTX_set_trust;
|
|
SSL_CTX_set_verify;
|
|
SSL_CTX_set_verify_depth;
|
|
SSL_CTX_up_ref;
|
|
SSL_CTX_use_PrivateKey;
|
|
SSL_CTX_use_PrivateKey_ASN1;
|
|
SSL_CTX_use_PrivateKey_file;
|
|
SSL_CTX_use_RSAPrivateKey;
|
|
SSL_CTX_use_RSAPrivateKey_ASN1;
|
|
SSL_CTX_use_RSAPrivateKey_file;
|
|
SSL_CTX_use_certificate;
|
|
SSL_CTX_use_certificate_ASN1;
|
|
SSL_CTX_use_certificate_chain_file;
|
|
SSL_CTX_use_certificate_file;
|
|
SSL_CTX_use_psk_identity_hint;
|
|
SSL_CTX_use_serverinfo;
|
|
SSL_CTX_use_serverinfo_file;
|
|
SSL_SESSION_free;
|
|
SSL_SESSION_get0_cipher;
|
|
SSL_SESSION_get0_hostname;
|
|
SSL_SESSION_get0_id_context;
|
|
SSL_SESSION_get0_peer;
|
|
SSL_SESSION_get0_ticket;
|
|
SSL_SESSION_get_compress_id;
|
|
SSL_SESSION_get_ex_data;
|
|
SSL_SESSION_get_id;
|
|
SSL_SESSION_get_master_key;
|
|
SSL_SESSION_get_protocol_version;
|
|
SSL_SESSION_get_ticket_lifetime_hint;
|
|
SSL_SESSION_get_time;
|
|
SSL_SESSION_get_timeout;
|
|
SSL_SESSION_has_ticket;
|
|
SSL_SESSION_new;
|
|
SSL_SESSION_print;
|
|
SSL_SESSION_print_fp;
|
|
SSL_SESSION_print_keylog;
|
|
SSL_SESSION_set1_id;
|
|
SSL_SESSION_set1_id_context;
|
|
SSL_SESSION_set_ex_data;
|
|
SSL_SESSION_set_time;
|
|
SSL_SESSION_set_timeout;
|
|
SSL_SESSION_up_ref;
|
|
SSL_SRP_CTX_free;
|
|
SSL_SRP_CTX_init;
|
|
SSL_accept;
|
|
SSL_add1_host;
|
|
SSL_add_client_CA;
|
|
SSL_add_dir_cert_subjects_to_stack;
|
|
SSL_add_file_cert_subjects_to_stack;
|
|
SSL_add_ssl_module;
|
|
SSL_alert_desc_string;
|
|
SSL_alert_desc_string_long;
|
|
SSL_alert_type_string;
|
|
SSL_alert_type_string_long;
|
|
SSL_callback_ctrl;
|
|
SSL_certs_clear;
|
|
SSL_check_chain;
|
|
SSL_check_private_key;
|
|
SSL_clear;
|
|
SSL_clear_options;
|
|
SSL_client_version;
|
|
SSL_config;
|
|
SSL_connect;
|
|
SSL_copy_session_id;
|
|
SSL_ct_is_enabled;
|
|
SSL_ctrl;
|
|
SSL_dane_clear_flags;
|
|
SSL_dane_enable;
|
|
SSL_dane_set_flags;
|
|
SSL_dane_tlsa_add;
|
|
SSL_do_handshake;
|
|
SSL_dup;
|
|
SSL_dup_CA_list;
|
|
SSL_enable_ct;
|
|
SSL_export_keying_material;
|
|
SSL_extension_supported;
|
|
SSL_free;
|
|
SSL_get0_alpn_selected;
|
|
SSL_get0_dane;
|
|
SSL_get0_dane_authority;
|
|
SSL_get0_dane_tlsa;
|
|
SSL_get0_next_proto_negotiated;
|
|
SSL_get0_param;
|
|
SSL_get0_peer_scts;
|
|
SSL_get0_peername;
|
|
SSL_get0_security_ex_data;
|
|
SSL_get0_verified_chain;
|
|
SSL_get1_session;
|
|
SSL_get1_supported_ciphers;
|
|
SSL_get_SSL_CTX;
|
|
SSL_get_all_async_fds;
|
|
SSL_get_certificate;
|
|
SSL_get_changed_async_fds;
|
|
SSL_get_cipher_list;
|
|
SSL_get_ciphers;
|
|
SSL_get_client_CA_list;
|
|
SSL_get_client_ciphers;
|
|
SSL_get_client_random;
|
|
SSL_get_current_cipher;
|
|
SSL_get_current_compression;
|
|
SSL_get_current_expansion;
|
|
SSL_get_default_passwd_cb;
|
|
SSL_get_default_passwd_cb_userdata;
|
|
SSL_get_default_timeout;
|
|
SSL_get_error;
|
|
SSL_get_ex_data;
|
|
SSL_get_ex_data_X509_STORE_CTX_idx;
|
|
SSL_get_fd;
|
|
SSL_get_finished;
|
|
SSL_get_info_callback;
|
|
SSL_get_options;
|
|
SSL_get_peer_cert_chain;
|
|
SSL_get_peer_certificate;
|
|
SSL_get_peer_finished;
|
|
SSL_get_privatekey;
|
|
SSL_get_psk_identity;
|
|
SSL_get_psk_identity_hint;
|
|
SSL_get_quiet_shutdown;
|
|
SSL_get_rbio;
|
|
SSL_get_read_ahead;
|
|
SSL_get_rfd;
|
|
SSL_get_security_callback;
|
|
SSL_get_security_level;
|
|
SSL_get_selected_srtp_profile;
|
|
SSL_get_server_random;
|
|
SSL_get_servername;
|
|
SSL_get_servername_type;
|
|
SSL_get_session;
|
|
SSL_get_shared_ciphers;
|
|
SSL_get_shared_sigalgs;
|
|
SSL_get_shutdown;
|
|
SSL_get_sigalgs;
|
|
SSL_get_srp_N;
|
|
SSL_get_srp_g;
|
|
SSL_get_srp_userinfo;
|
|
SSL_get_srp_username;
|
|
SSL_get_srtp_profiles;
|
|
SSL_get_ssl_method;
|
|
SSL_get_state;
|
|
SSL_get_verify_callback;
|
|
SSL_get_verify_depth;
|
|
SSL_get_verify_mode;
|
|
SSL_get_verify_result;
|
|
SSL_get_version;
|
|
SSL_get_wbio;
|
|
SSL_get_wfd;
|
|
SSL_has_matching_session_id;
|
|
SSL_has_pending;
|
|
SSL_in_before;
|
|
SSL_in_init;
|
|
SSL_is_dtls;
|
|
SSL_is_init_finished;
|
|
SSL_is_server;
|
|
SSL_load_client_CA_file;
|
|
SSL_new;
|
|
SSL_peek;
|
|
SSL_pending;
|
|
SSL_read;
|
|
SSL_renegotiate;
|
|
SSL_renegotiate_abbreviated;
|
|
SSL_renegotiate_pending;
|
|
SSL_rstate_string;
|
|
SSL_rstate_string_long;
|
|
SSL_select_next_proto;
|
|
SSL_session_reused;
|
|
SSL_set0_rbio;
|
|
SSL_set0_security_ex_data;
|
|
SSL_set0_wbio;
|
|
SSL_set1_host;
|
|
SSL_set1_param;
|
|
SSL_set_SSL_CTX;
|
|
SSL_set_accept_state;
|
|
SSL_set_alpn_protos;
|
|
SSL_set_bio;
|
|
SSL_set_cert_cb;
|
|
SSL_set_cipher_list;
|
|
SSL_set_client_CA_list;
|
|
SSL_set_connect_state;
|
|
SSL_set_ct_validation_callback;
|
|
SSL_set_debug;
|
|
SSL_set_default_passwd_cb;
|
|
SSL_set_default_passwd_cb_userdata;
|
|
SSL_set_default_read_buffer_len;
|
|
SSL_set_ex_data;
|
|
SSL_set_fd;
|
|
SSL_set_generate_session_id;
|
|
SSL_set_hostflags;
|
|
SSL_set_info_callback;
|
|
SSL_set_msg_callback;
|
|
SSL_set_not_resumable_session_callback;
|
|
SSL_set_options;
|
|
SSL_set_psk_client_callback;
|
|
SSL_set_psk_server_callback;
|
|
SSL_set_purpose;
|
|
SSL_set_quiet_shutdown;
|
|
SSL_set_read_ahead;
|
|
SSL_set_rfd;
|
|
SSL_set_security_callback;
|
|
SSL_set_security_level;
|
|
SSL_set_session;
|
|
SSL_set_session_id_context;
|
|
SSL_set_session_secret_cb;
|
|
SSL_set_session_ticket_ext;
|
|
SSL_set_session_ticket_ext_cb;
|
|
SSL_set_shutdown;
|
|
SSL_set_srp_server_param;
|
|
SSL_set_srp_server_param_pw;
|
|
SSL_set_ssl_method;
|
|
SSL_set_tlsext_use_srtp;
|
|
SSL_set_tmp_dh_callback;
|
|
SSL_set_trust;
|
|
SSL_set_verify;
|
|
SSL_set_verify_depth;
|
|
SSL_set_verify_result;
|
|
SSL_set_wfd;
|
|
SSL_shutdown;
|
|
SSL_srp_server_param_with_username;
|
|
SSL_state_string;
|
|
SSL_state_string_long;
|
|
SSL_up_ref;
|
|
SSL_use_PrivateKey;
|
|
SSL_use_PrivateKey_ASN1;
|
|
SSL_use_PrivateKey_file;
|
|
SSL_use_RSAPrivateKey;
|
|
SSL_use_RSAPrivateKey_ASN1;
|
|
SSL_use_RSAPrivateKey_file;
|
|
SSL_use_certificate;
|
|
SSL_use_certificate_ASN1;
|
|
SSL_use_certificate_chain_file;
|
|
SSL_use_certificate_file;
|
|
SSL_use_psk_identity_hint;
|
|
SSL_version;
|
|
SSL_waiting_for_async;
|
|
SSL_want;
|
|
SSL_write;
|
|
SSLv3_client_method;
|
|
SSLv3_method;
|
|
SSLv3_server_method;
|
|
TLS_client_method;
|
|
TLS_method;
|
|
TLS_server_method;
|
|
TLSv1_1_client_method;
|
|
TLSv1_1_method;
|
|
TLSv1_1_server_method;
|
|
TLSv1_2_client_method;
|
|
TLSv1_2_method;
|
|
TLSv1_2_server_method;
|
|
TLSv1_client_method;
|
|
TLSv1_method;
|
|
TLSv1_server_method;
|
|
d2i_SSL_SESSION;
|
|
i2d_SSL_SESSION;
|
|
};
|
|
|
|
OPENSSL_1_1_0d {
|
|
global:
|
|
SSL_COMP_get0_name;
|
|
SSL_COMP_get_id;
|
|
} OPENSSL_1_1_0;
|
|
|
|
OPENSSL_1_1_1 {
|
|
global:
|
|
DTLS_get_data_mtu;
|
|
DTLS_set_timer_cb;
|
|
OPENSSL_cipher_name;
|
|
SSL_CIPHER_get_handshake_digest;
|
|
SSL_CIPHER_get_protocol_id;
|
|
SSL_CTX_add1_to_CA_list;
|
|
SSL_CTX_add_custom_ext;
|
|
SSL_CTX_get0_CA_list;
|
|
SSL_CTX_get_keylog_callback;
|
|
SSL_CTX_get_max_early_data;
|
|
SSL_CTX_get_num_tickets;
|
|
SSL_CTX_get_record_padding_callback_arg;
|
|
SSL_CTX_get_recv_max_early_data;
|
|
SSL_CTX_set0_CA_list;
|
|
SSL_CTX_set1_cert_store;
|
|
SSL_CTX_set_allow_early_data_cb;
|
|
SSL_CTX_set_block_padding;
|
|
SSL_CTX_set_ciphersuites;
|
|
SSL_CTX_set_client_hello_cb;
|
|
SSL_CTX_set_keylog_callback;
|
|
SSL_CTX_set_max_early_data;
|
|
SSL_CTX_set_num_tickets;
|
|
SSL_CTX_set_post_handshake_auth;
|
|
SSL_CTX_set_psk_find_session_callback;
|
|
SSL_CTX_set_psk_use_session_callback;
|
|
SSL_CTX_set_record_padding_callback;
|
|
SSL_CTX_set_record_padding_callback_arg;
|
|
SSL_CTX_set_recv_max_early_data;
|
|
SSL_CTX_set_session_ticket_cb;
|
|
SSL_CTX_set_stateless_cookie_generate_cb;
|
|
SSL_CTX_set_stateless_cookie_verify_cb;
|
|
SSL_CTX_set_tlsext_max_fragment_length;
|
|
SSL_CTX_use_cert_and_key;
|
|
SSL_CTX_use_serverinfo_ex;
|
|
SSL_SESSION_dup;
|
|
SSL_SESSION_get0_alpn_selected;
|
|
SSL_SESSION_get0_ticket_appdata;
|
|
SSL_SESSION_get_max_early_data;
|
|
SSL_SESSION_get_max_fragment_length;
|
|
SSL_SESSION_is_resumable;
|
|
SSL_SESSION_set1_alpn_selected;
|
|
SSL_SESSION_set1_hostname;
|
|
SSL_SESSION_set1_master_key;
|
|
SSL_SESSION_set1_ticket_appdata;
|
|
SSL_SESSION_set_cipher;
|
|
SSL_SESSION_set_max_early_data;
|
|
SSL_SESSION_set_protocol_version;
|
|
SSL_add1_to_CA_list;
|
|
SSL_alloc_buffers;
|
|
SSL_bytes_to_cipher_list;
|
|
SSL_client_hello_get0_ciphers;
|
|
SSL_client_hello_get0_compression_methods;
|
|
SSL_client_hello_get0_ext;
|
|
SSL_client_hello_get0_legacy_version;
|
|
SSL_client_hello_get0_random;
|
|
SSL_client_hello_get0_session_id;
|
|
SSL_client_hello_get1_extensions_present;
|
|
SSL_client_hello_isv2;
|
|
SSL_export_keying_material_early;
|
|
SSL_free_buffers;
|
|
SSL_get0_CA_list;
|
|
SSL_get0_peer_CA_list;
|
|
SSL_get_early_data_status;
|
|
SSL_get_key_update_type;
|
|
SSL_get_max_early_data;
|
|
SSL_get_num_tickets;
|
|
SSL_get_peer_signature_type_nid;
|
|
SSL_get_pending_cipher;
|
|
SSL_get_record_padding_callback_arg;
|
|
SSL_get_recv_max_early_data;
|
|
SSL_key_update;
|
|
SSL_peek_ex;
|
|
SSL_read_early_data;
|
|
SSL_read_ex;
|
|
SSL_set0_CA_list;
|
|
SSL_set_allow_early_data_cb;
|
|
SSL_set_block_padding;
|
|
SSL_set_ciphersuites;
|
|
SSL_set_max_early_data;
|
|
SSL_set_num_tickets;
|
|
SSL_set_post_handshake_auth;
|
|
SSL_set_psk_find_session_callback;
|
|
SSL_set_psk_use_session_callback;
|
|
SSL_set_record_padding_callback;
|
|
SSL_set_record_padding_callback_arg;
|
|
SSL_set_recv_max_early_data;
|
|
SSL_set_tlsext_max_fragment_length;
|
|
SSL_stateless;
|
|
SSL_use_cert_and_key;
|
|
SSL_verify_client_post_handshake;
|
|
SSL_write_early_data;
|
|
SSL_write_ex;
|
|
} OPENSSL_1_1_0d;
|
|
|
|
OPENSSL_1_1_1a {
|
|
global:
|
|
SSL_get_signature_type_nid;
|
|
local: *;
|
|
} OPENSSL_1_1_1;
|
|
|
|
OPENSSL_1_1_1e {
|
|
global:
|
|
SSL_sendfile;
|
|
local: *;
|
|
} OPENSSL_1_1_1a;
|