KTLS: Add using_ktls helper variable in ssl3_get_record().

When KTLS receive is enabled, pending data may still be present due to read ahead. This data must still be processed the same as records received without KTLS. To ease readability (especially in consideration of additional checks which will be added for TLS 1.3), add a helper variable 'using_ktls' that is true when the KTLS receive path is being used to receive a record. Co-authored-by: Dmitry Podgorny <pasis.ua@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17942)
2025-02-23 14:42:15 +08:00 · 2022-03-07 16:55:18 -08:00 · 2022-03-07 16:55:18 -08:00 · 031132c297
commit 031132c297
parent 85773128d0
1 changed files with 10 additions and 10 deletions
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@ -185,18 +185,23 @@ int ssl3_get_record(SSL *s)
    int imac_size;
    size_t num_recs = 0, max_recs, j;
    PACKET pkt, sslv2pkt;
-    int is_ktls_left;
+    int using_ktls;
    SSL_MAC_BUF *macbufs = NULL;
    int ret = -1;

    rr = RECORD_LAYER_get_rrec(&s->rlayer);
    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
-    is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0);
    max_recs = s->max_pipelines;
    if (max_recs == 0)
        max_recs = 1;
    sess = s->session;

+    /*
+     * KTLS reads full records. If there is any data left,
+     * then it is from before enabling ktls.
+     */
+    using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0;
+
    do {
        thisrr = &rr[num_recs];

@ -409,7 +414,7 @@ int ssl3_get_record(SSL *s)
 #endif

            /* KTLS may use all of the buffer */
-            if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left)
+            if (using_ktls)
                len = SSL3_BUFFER_get_left(rbuf);

            if (thisrr->length > len) {
@ -518,11 +523,7 @@ int ssl3_get_record(SSL *s)
        return 1;
    }

-    /*
-     * KTLS reads full records. If there is any data left,
-     * then it is from before enabling ktls
-     */
-    if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left)
+    if (using_ktls)
        goto skip_decryption;

    if (s->read_hash != NULL) {
@ -723,8 +724,7 @@ int ssl3_get_record(SSL *s)
         * Therefore we have to rely on KTLS to check the plaintext length
         * limit in the kernel.
         */
-        if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH
-                && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) {
+        if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !using_ktls) {
            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
            goto end;
        }