Slightly abstract ktls_start() to reduce OS-specific #ifdefs.

Instead of passing the length in from the caller, compute the length to pass to setsockopt() inside of ktls_start(). This isolates the OS-specific behavior to ktls.h and removes it from the socket BIO implementations. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12782)
2025-02-17 14:32:04 +08:00 · 2020-08-31 17:13:17 -07:00 · 2020-08-31 17:13:17 -07:00 · 7f0f88240e
commit 7f0f88240e
parent 74eee1bdaa
3 changed files with 9 additions and 22 deletions
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@ -377,7 +377,6 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
    long ret = 1;
    BIO_CONNECT *data;
 # ifndef OPENSSL_NO_KTLS
-    size_t crypto_info_len;
    ktls_crypto_info_t *crypto_info;
 # endif

@ -542,12 +541,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 # ifndef OPENSSL_NO_KTLS
    case BIO_CTRL_SET_KTLS:
        crypto_info = (ktls_crypto_info_t *)ptr;
-#  ifdef __FreeBSD__
-        crypto_info_len = sizeof(*crypto_info);
-#  else
-        crypto_info_len = crypto_info->tls_crypto_info_len;
-#  endif
-        ret = ktls_start(b->num, crypto_info, crypto_info_len, num);
+        ret = ktls_start(b->num, crypto_info, num);
        if (ret)
            BIO_set_ktls_flag(b, num);
        break;
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@ -154,7 +154,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
    long ret = 1;
    int *ip;
 # ifndef OPENSSL_NO_KTLS
-    size_t crypto_info_len;
    ktls_crypto_info_t *crypto_info;
 # endif

@ -187,12 +186,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 # ifndef OPENSSL_NO_KTLS
    case BIO_CTRL_SET_KTLS:
        crypto_info = (ktls_crypto_info_t *)ptr;
-#  ifdef __FreeBSD__
-        crypto_info_len = sizeof(*crypto_info);
-#  else
-        crypto_info_len = crypto_info->tls_crypto_info_len;
-#  endif
-        ret = ktls_start(b->num, crypto_info, crypto_info_len, num);
+        ret = ktls_start(b->num, crypto_info, num);
        if (ret)
            BIO_set_ktls_flag(b, num);
        break;
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@ -66,15 +66,14 @@ static ossl_inline int ktls_enable(int fd)
 * as using TLS.  If successful, then data received for this socket will
 * be authenticated and decrypted using the tls_en provided here.
 */
-static ossl_inline int ktls_start(int fd,
-                                  void *tls_en,
-                                  size_t len, int is_tx)
+static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx)
 {
    if (is_tx)
        return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE,
-                          tls_en, len) ? 0 : 1;
+                          tls_en, sizeof(*tls_en)) ? 0 : 1;
 #   ifndef OPENSSL_NO_KTLS_RX
-    return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, len) ? 0 : 1;
+    return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en,
+                      sizeof(*tls_en)) ? 0 : 1;
 #   else
    return 0;
 #   endif
@ -281,11 +280,11 @@ static ossl_inline int ktls_enable(int fd)
 * If successful, then data received using this socket will be decrypted,
 * authenticated and decapsulated using the crypto_info provided here.
 */
-static ossl_inline int ktls_start(int fd, void *crypto_info,
-                                  size_t len, int is_tx)
+static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
+                                  int is_tx)
 {
    return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
-                      crypto_info, len) ? 0 : 1;
+                      crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
 }

 /*