Slightly abstract ktls_start() to reduce OS-specific #ifdefs.

Instead of passing the length in from the caller, compute the length
to pass to setsockopt() inside of ktls_start().  This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12782)

diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 79e31f80bf225611710b569be415991a6de2f2a0..e6972efd8ded0ff41329ea455b550dd6a7483166 100644 (file)
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -377,7 +377,6 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret = 1;
     BIO_CONNECT *data;
 # ifndef OPENSSL_NO_KTLS
-    size_t crypto_info_len;
     ktls_crypto_info_t *crypto_info;
 # endif
 
@@ -542,12 +541,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 # ifndef OPENSSL_NO_KTLS
     case BIO_CTRL_SET_KTLS:
         crypto_info = (ktls_crypto_info_t *)ptr;
-#  ifdef __FreeBSD__
-        crypto_info_len = sizeof(*crypto_info);
-#  else
-        crypto_info_len = crypto_info->tls_crypto_info_len;
-#  endif
-        ret = ktls_start(b->num, crypto_info, crypto_info_len, num);
+        ret = ktls_start(b->num, crypto_info, num);
         if (ret)
             BIO_set_ktls_flag(b, num);
         break;

diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 6c6c610b0e6d3574971c0c89138ee5bf6963475e..d3eaa6b19e23f5ff3cec31b67f36dca15e4f0a5a 100644 (file)
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -154,7 +154,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret = 1;
     int *ip;
 # ifndef OPENSSL_NO_KTLS
-    size_t crypto_info_len;
     ktls_crypto_info_t *crypto_info;
 # endif
 
@@ -187,12 +186,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 # ifndef OPENSSL_NO_KTLS
     case BIO_CTRL_SET_KTLS:
         crypto_info = (ktls_crypto_info_t *)ptr;
-#  ifdef __FreeBSD__
-        crypto_info_len = sizeof(*crypto_info);
-#  else
-        crypto_info_len = crypto_info->tls_crypto_info_len;
-#  endif
-        ret = ktls_start(b->num, crypto_info, crypto_info_len, num);
+        ret = ktls_start(b->num, crypto_info, num);
         if (ret)
             BIO_set_ktls_flag(b, num);
         break;

diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 5b5e3cb4e4b1e83333a0fc0178aed12cd4d98b9c..fd439b571859e27fe219282a13d7882c20ce7583 100644 (file)
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -66,15 +66,14 @@ static ossl_inline int ktls_enable(int fd)
  * as using TLS.  If successful, then data received for this socket will
  * be authenticated and decrypted using the tls_en provided here.
  */
-static ossl_inline int ktls_start(int fd,
-                                  void *tls_en,
-                                  size_t len, int is_tx)
+static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx)
 {
     if (is_tx)
         return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE,
-                          tls_en, len) ? 0 : 1;
+                          tls_en, sizeof(*tls_en)) ? 0 : 1;
 #   ifndef OPENSSL_NO_KTLS_RX
-    return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, len) ? 0 : 1;
+    return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en,
+                      sizeof(*tls_en)) ? 0 : 1;
 #   else
     return 0;
 #   endif
@@ -281,11 +280,11 @@ static ossl_inline int ktls_enable(int fd)
  * If successful, then data received using this socket will be decrypted,
  * authenticated and decapsulated using the crypto_info provided here.
  */
-static ossl_inline int ktls_start(int fd, void *crypto_info,
-                                  size_t len, int is_tx)
+static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
+                                  int is_tx)
 {
     return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
-                      crypto_info, len) ? 0 : 1;
+                      crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
 }
 
 /*