root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

ktls: move ktls_enable() within ktls_start() 

On linux ktls can only be enabled on established TCP sockets.
When SSL_set_fd() is called before the connection is established
ktls_enable() fails and ktls is not setup.

This moves ktls_enable() call within then ktls_start() function.
Multiple calls to ktls_start() will trigger additional ktls_enable()
calls which fail with EEXIST, but do not affect the ktls socket.

CLA: trivial

Signed-off-by: Ulrich Weber <ulrich.weber@gmail.com>

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27908)

(cherry picked from commit f23f706a26)
This commit is contained in:
Ulrich Weber 2025-06-26 16:16:06 +02:00 committed by Tomas Mraz
parent f687c7ae6b
commit 0e6975a4f6
5 changed files with 6 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/bio/bio_sock2.c
View File

@ -181,15 +181,6 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
}
return 0;
}
# ifndef OPENSSL_NO_KTLS
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(sock);
# endif
return 1;
}

9
crypto/bio/bss_conn.c
View File

@ -252,15 +252,6 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
if (!conn_create_dgram_bio(b, c))
break;
c->state = BIO_CONN_S_OK;
# ifndef OPENSSL_NO_KTLS
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(b->num);
# endif
}
break;

11
crypto/bio/bss_sock.c
View File

@ -72,17 +72,6 @@ BIO *BIO_new_socket(int fd, int close_flag)
if (ret == NULL)
return NULL;
BIO_set_fd(ret, fd, close_flag);
# ifndef OPENSSL_NO_KTLS
{
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(fd);
}
# endif
return ret;
}

6
include/internal/ktls.h
View File

@ -302,6 +302,12 @@ static ossl_inline int ktls_enable(int fd)
static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
int is_tx)
{
/*
* Socket must be in TCP established state to enable KTLS.
* Further calls to enable ktls will return EEXIST
*/
ktls_enable(fd);
return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
}

18
ssl/ssl_lib.c
View File

@ -1740,15 +1740,6 @@ int SSL_set_fd(SSL *s, int fd)
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
SSL_set_bio(s, bio, bio);
#ifndef OPENSSL_NO_KTLS
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(fd);
#endif /* OPENSSL_NO_KTLS */
ret = 1;
err:
return ret;
@ -1774,15 +1765,6 @@ int SSL_set_wfd(SSL *s, int fd)
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
SSL_set0_wbio(s, bio);
#ifndef OPENSSL_NO_KTLS
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(fd);
#endif /* OPENSSL_NO_KTLS */
} else {
if (!BIO_up_ref(rbio))
return 0;