On linux ktls can only be enabled on established TCP sockets.
When SSL_set_fd() is called before the connection is established
ktls_enable() fails and ktls is not setup.
This moves ktls_enable() call within then ktls_start() function.
Multiple calls to ktls_start() will trigger additional ktls_enable()
calls which fail with EEXIST, but do not affect the ktls socket.
CLA: trivial
Signed-off-by: Ulrich Weber <ulrich.weber@gmail.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27908)
(cherry picked from commit
f23f706a26f2e7cd5dd5221d57e2d0db28530f4e)
}
return 0;
}
-# ifndef OPENSSL_NO_KTLS
- /*
- * The new socket is created successfully regardless of ktls_enable.
- * ktls_enable doesn't change any functionality of the socket, except
- * changing the setsockopt to enable the processing of ktls_start.
- * Thus, it is not a problem to call it for non-TLS sockets.
- */
- ktls_enable(sock);
-# endif
return 1;
}
if (!conn_create_dgram_bio(b, c))
break;
c->state = BIO_CONN_S_OK;
-# ifndef OPENSSL_NO_KTLS
- /*
- * The new socket is created successfully regardless of ktls_enable.
- * ktls_enable doesn't change any functionality of the socket, except
- * changing the setsockopt to enable the processing of ktls_start.
- * Thus, it is not a problem to call it for non-TLS sockets.
- */
- ktls_enable(b->num);
-# endif
}
break;
if (ret == NULL)
return NULL;
BIO_set_fd(ret, fd, close_flag);
-# ifndef OPENSSL_NO_KTLS
- {
- /*
- * The new socket is created successfully regardless of ktls_enable.
- * ktls_enable doesn't change any functionality of the socket, except
- * changing the setsockopt to enable the processing of ktls_start.
- * Thus, it is not a problem to call it for non-TLS sockets.
- */
- ktls_enable(fd);
- }
-# endif
return ret;
}
static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
int is_tx)
{
+ /*
+ * Socket must be in TCP established state to enable KTLS.
+ * Further calls to enable ktls will return EEXIST
+ */
+ ktls_enable(fd);
+
return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
}
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
SSL_set_bio(s, bio, bio);
-#ifndef OPENSSL_NO_KTLS
- /*
- * The new socket is created successfully regardless of ktls_enable.
- * ktls_enable doesn't change any functionality of the socket, except
- * changing the setsockopt to enable the processing of ktls_start.
- * Thus, it is not a problem to call it for non-TLS sockets.
- */
- ktls_enable(fd);
-#endif /* OPENSSL_NO_KTLS */
ret = 1;
err:
return ret;
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
SSL_set0_wbio(s, bio);
-#ifndef OPENSSL_NO_KTLS
- /*
- * The new socket is created successfully regardless of ktls_enable.
- * ktls_enable doesn't change any functionality of the socket, except
- * changing the setsockopt to enable the processing of ktls_start.
- * Thus, it is not a problem to call it for non-TLS sockets.
- */
- ktls_enable(fd);
-#endif /* OPENSSL_NO_KTLS */
} else {
BIO_up_ref(rbio);
SSL_set0_wbio(s, rbio);
projects / thirdparty / openssl.git / commitdiff
