mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
OpenSSL: KTLS: Enable KTLS for receiving as well in TLS 1.3
This removes a guard condition that prevents KTLS being enabled for receiving in TLS 1.3. Use the correct sequence number and BIO for receive vs transmit offload. Approved by: jkim Obtained from: OpenSSL commit 7c78932b9a4330fb7c8db72b3fb37cbff1401f8b MFC after: 1 week Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D34976
This commit is contained in:
parent
c0f977bfb6
commit
913616b885
|
@ -471,6 +471,7 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
const EVP_CIPHER *cipher = NULL;
|
||||
#if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13)
|
||||
ktls_crypto_info_t crypto_info;
|
||||
void *rl_sequence;
|
||||
BIO *bio;
|
||||
#endif
|
||||
|
||||
|
@ -724,8 +725,7 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
|
||||
#ifndef OPENSSL_NO_KTLS
|
||||
# if defined(OPENSSL_KTLS_TLS13)
|
||||
if (!(which & SSL3_CC_WRITE)
|
||||
|| !(which & SSL3_CC_APPLICATION)
|
||||
if (!(which & SSL3_CC_APPLICATION)
|
||||
|| (s->options & SSL_OP_ENABLE_KTLS) == 0)
|
||||
goto skip_ktls;
|
||||
|
||||
|
@ -741,7 +741,10 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
if (!ktls_check_supported_cipher(s, cipher, ciph_ctx))
|
||||
goto skip_ktls;
|
||||
|
||||
if (which & SSL3_CC_WRITE)
|
||||
bio = s->wbio;
|
||||
else
|
||||
bio = s->rbio;
|
||||
|
||||
if (!ossl_assert(bio != NULL)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
|
||||
|
@ -750,19 +753,26 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
}
|
||||
|
||||
/* All future data will get encrypted by ktls. Flush the BIO or skip ktls */
|
||||
if (which & SSL3_CC_WRITE) {
|
||||
if (BIO_flush(bio) <= 0)
|
||||
goto skip_ktls;
|
||||
}
|
||||
|
||||
/* configure kernel crypto structure */
|
||||
if (!ktls_configure_crypto(s, cipher, ciph_ctx,
|
||||
RECORD_LAYER_get_write_sequence(&s->rlayer),
|
||||
&crypto_info, which & SSL3_CC_WRITE, iv, key,
|
||||
NULL, 0))
|
||||
if (which & SSL3_CC_WRITE)
|
||||
rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
|
||||
else
|
||||
rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer);
|
||||
|
||||
if (!ktls_configure_crypto(s, cipher, ciph_ctx, rl_sequence, &crypto_info,
|
||||
which & SSL3_CC_WRITE, iv, key, NULL, 0))
|
||||
goto skip_ktls;
|
||||
|
||||
/* ktls works with user provided buffers directly */
|
||||
if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE))
|
||||
if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) {
|
||||
if (which & SSL3_CC_WRITE)
|
||||
ssl3_release_write_buffer(s);
|
||||
}
|
||||
skip_ktls:
|
||||
# endif
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue