From: John Baldwin Date: Tue, 1 Sep 2020 00:13:17 +0000 (-0700) Subject: Slightly abstract ktls_start() to reduce OS-specific #ifdefs. X-Git-Tag: openssl-3.0.0-alpha7~375 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7f0f88240e181b6c95d55893cbab55e0765a1d89;p=thirdparty%2Fopenssl.git Slightly abstract ktls_start() to reduce OS-specific #ifdefs. Instead of passing the length in from the caller, compute the length to pass to setsockopt() inside of ktls_start(). This isolates the OS-specific behavior to ktls.h and removes it from the socket BIO implementations. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12782) --- diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 79e31f80bf2..e6972efd8de 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -377,7 +377,6 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; BIO_CONNECT *data; # ifndef OPENSSL_NO_KTLS - size_t crypto_info_len; ktls_crypto_info_t *crypto_info; # endif @@ -542,12 +541,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) # ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: crypto_info = (ktls_crypto_info_t *)ptr; -# ifdef __FreeBSD__ - crypto_info_len = sizeof(*crypto_info); -# else - crypto_info_len = crypto_info->tls_crypto_info_len; -# endif - ret = ktls_start(b->num, crypto_info, crypto_info_len, num); + ret = ktls_start(b->num, crypto_info, num); if (ret) BIO_set_ktls_flag(b, num); break; diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 6c6c610b0e6..d3eaa6b19e2 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -154,7 +154,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int *ip; # ifndef OPENSSL_NO_KTLS - size_t crypto_info_len; ktls_crypto_info_t *crypto_info; # endif @@ -187,12 +186,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) # ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: crypto_info = (ktls_crypto_info_t *)ptr; -# ifdef __FreeBSD__ - crypto_info_len = sizeof(*crypto_info); -# else - crypto_info_len = crypto_info->tls_crypto_info_len; -# endif - ret = ktls_start(b->num, crypto_info, crypto_info_len, num); + ret = ktls_start(b->num, crypto_info, num); if (ret) BIO_set_ktls_flag(b, num); break; diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 5b5e3cb4e4b..fd439b57185 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -66,15 +66,14 @@ static ossl_inline int ktls_enable(int fd) * as using TLS. If successful, then data received for this socket will * be authenticated and decrypted using the tls_en provided here. */ -static ossl_inline int ktls_start(int fd, - void *tls_en, - size_t len, int is_tx) +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx) { if (is_tx) return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE, - tls_en, len) ? 0 : 1; + tls_en, sizeof(*tls_en)) ? 0 : 1; # ifndef OPENSSL_NO_KTLS_RX - return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, len) ? 0 : 1; + return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, + sizeof(*tls_en)) ? 0 : 1; # else return 0; # endif @@ -281,11 +280,11 @@ static ossl_inline int ktls_enable(int fd) * If successful, then data received using this socket will be decrypted, * authenticated and decapsulated using the crypto_info provided here. */ -static ossl_inline int ktls_start(int fd, void *crypto_info, - size_t len, int is_tx) +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, + int is_tx) { return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, - crypto_info, len) ? 0 : 1; + crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; } /*