Add support for in-kernel TLS (KTLS) on FreeBSD. - Check for the <sys/ktls.h> header to determine if KTLS support is available. - Populate a tls_enable structure with session key material for supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256 with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE is supported. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)

commit: 2111f5c2834a838c4fc1ca981fddf80cbc589dfc [log] [tgz]
author: Andrew Gallatin <gallatin@gmail.com> Mon Oct 22 11:02:19 2018 -0400
committer: Matt Caswell <matt@openssl.org> Thu Oct 31 10:24:32 2019 +0000
tree: f818b3f6a402ec5948107eea9ce7a691db00789f
parent: 181ea366f67f46cab093d6a7bbb1b2f35125b9f2 [diff] [blame]
diff --git a/Configure b/Configure
index 6bba3ae..17d5fb5 100755
--- a/Configure
+++ b/Configure

@@ -1586,8 +1586,14 @@
         if ($verstr[2] < $minver) {
             disable('too-old-kernel', 'ktls');
         }
+    } elsif ($target =~ m/^BSD/) {
+        my $cc = $config{CROSS_COMPILE}.$config{CC};
+        system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
+        if ($? != 0) {
+            disable('too-old-freebsd', 'ktls');
+        }
     } else {
-        disable('not-linux', 'ktls');
+        disable('not-linux-or-freebsd', 'ktls');
     }
 }
commit	2111f5c2834a838c4fc1ca981fddf80cbc589dfc	[log] [tgz]
author	Andrew Gallatin <gallatin@gmail.com>	Mon Oct 22 11:02:19 2018 -0400
committer	Matt Caswell <matt@openssl.org>	Thu Oct 31 10:24:32 2019 +0000
tree	f818b3f6a402ec5948107eea9ce7a691db00789f
parent	181ea366f67f46cab093d6a7bbb1b2f35125b9f2 [diff] [blame]