[openssl] master update

kaduk at mit.edu kaduk at mit.edu
Sun Sep 6 03:30:13 UTC 2020


The branch master has been updated
       via  7f0f88240e181b6c95d55893cbab55e0765a1d89 (commit)
       via  74eee1bdaa03cfcb3b1df01beff2b6d81a113f58 (commit)
       via  4b09e19216d5e889b85593dbf45b78a874426d8a (commit)
      from  076bf8c2c972d01a70ca4146e637dfbe6f35b2fb (commit)


- Log -----------------------------------------------------------------
commit 7f0f88240e181b6c95d55893cbab55e0765a1d89
Author: John Baldwin <jhb at FreeBSD.org>
Date:   Mon Aug 31 17:13:17 2020 -0700

    Slightly abstract ktls_start() to reduce OS-specific #ifdefs.
    
    Instead of passing the length in from the caller, compute the length
    to pass to setsockopt() inside of ktls_start().  This isolates the
    OS-specific behavior to ktls.h and removes it from the socket BIO
    implementations.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/12782)

commit 74eee1bdaa03cfcb3b1df01beff2b6d81a113f58
Author: John Baldwin <jhb at FreeBSD.org>
Date:   Thu Sep 3 10:56:10 2020 -0700

    Remove unused dummy functions from ktls.h.
    
    The KTLS functions are always used under #ifndef OPENSSL_NO_KTLS, so
    the dummy functions were never used.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/12782)

commit 4b09e19216d5e889b85593dbf45b78a874426d8a
Author: John Baldwin <jhb at FreeBSD.org>
Date:   Mon Aug 31 17:02:01 2020 -0700

    Fix the socket BIO control methods to use ktls_crypto_info_t.
    
    This is mostly a cosmetic cleanup I missed when adding the
    ktls_crypto_info_t type.  However, while fixing this I noticed that
    the changes to extract the size from crypto_info from the wrapper
    structure for Linux KTLS had not been propagated from bss_sock.c to
    bss_conn.c, so I've fixed that to use the correct length.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/12782)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bss_conn.c   | 14 +++-----------
 crypto/bio/bss_sock.c   | 17 +++--------------
 include/internal/ktls.h | 43 +++++++------------------------------------
 3 files changed, 13 insertions(+), 61 deletions(-)

diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 6cff2a99ac..e6972efd8d 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -377,11 +377,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret = 1;
     BIO_CONNECT *data;
 # ifndef OPENSSL_NO_KTLS
-#  ifdef __FreeBSD__
-    struct tls_enable *crypto_info;
-#  else
-    struct tls12_crypto_info_aes_gcm_128 *crypto_info;
-#  endif
+    ktls_crypto_info_t *crypto_info;
 # endif
 
     data = (BIO_CONNECT *)b->ptr;
@@ -544,12 +540,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
 # ifndef OPENSSL_NO_KTLS
     case BIO_CTRL_SET_KTLS:
-#  ifdef __FreeBSD__
-        crypto_info = (struct tls_enable *)ptr;
-#  else
-        crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr;
-#  endif
-        ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num);
+        crypto_info = (ktls_crypto_info_t *)ptr;
+        ret = ktls_start(b->num, crypto_info, num);
         if (ret)
             BIO_set_ktls_flag(b, num);
         break;
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index ff2bde7a58..d3eaa6b19e 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -154,12 +154,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
     long ret = 1;
     int *ip;
 # ifndef OPENSSL_NO_KTLS
-    size_t crypto_info_len;
-#  ifdef __FreeBSD__
-    struct tls_enable *crypto_info;
-#  else
-    struct tls_crypto_info_all *crypto_info;
-#  endif
+    ktls_crypto_info_t *crypto_info;
 # endif
 
     switch (cmd) {
@@ -190,14 +185,8 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
 # ifndef OPENSSL_NO_KTLS
     case BIO_CTRL_SET_KTLS:
-#  ifdef __FreeBSD__
-        crypto_info = (struct tls_enable *)ptr;
-        crypto_info_len = sizeof(*crypto_info);
-#  else
-        crypto_info = (struct tls_crypto_info_all *)ptr;
-        crypto_info_len = crypto_info->tls_crypto_info_len;
-#  endif
-        ret = ktls_start(b->num, crypto_info, crypto_info_len, num);
+        crypto_info = (ktls_crypto_info_t *)ptr;
+        ret = ktls_start(b->num, crypto_info, num);
         if (ret)
             BIO_set_ktls_flag(b, num);
         break;
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 2af1589f98..fd439b5718 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -66,15 +66,14 @@ static ossl_inline int ktls_enable(int fd)
  * as using TLS.  If successful, then data received for this socket will
  * be authenticated and decrypted using the tls_en provided here.
  */
-static ossl_inline int ktls_start(int fd,
-                                  void *tls_en,
-                                  size_t len, int is_tx)
+static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx)
 {
     if (is_tx)
         return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE,
-                          tls_en, len) ? 0 : 1;
+                          tls_en, sizeof(*tls_en)) ? 0 : 1;
 #   ifndef OPENSSL_NO_KTLS_RX
-    return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, len) ? 0 : 1;
+    return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en,
+                      sizeof(*tls_en)) ? 0 : 1;
 #   else
     return 0;
 #   endif
@@ -281,11 +280,11 @@ static ossl_inline int ktls_enable(int fd)
  * If successful, then data received using this socket will be decrypted,
  * authenticated and decapsulated using the crypto_info provided here.
  */
-static ossl_inline int ktls_start(int fd, void *crypto_info,
-                                  size_t len, int is_tx)
+static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
+                                  int is_tx)
 {
     return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
-                      crypto_info, len) ? 0 : 1;
+                      crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
 }
 
 /*
@@ -400,33 +399,5 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
 #   endif /* OPENSSL_NO_KTLS_RX */
 
 #  endif /* OPENSSL_SYS_LINUX */
-# else /* OPENSSL_NO_KTLS */
-/* Dummy functions here */
-static ossl_inline int ktls_enable(int fd)
-{
-    return 0;
-}
-
-static ossl_inline int ktls_start(int fd, void *crypto_info,
-                                  size_t len, int is_tx)
-{
-    return 0;
-}
-
-static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type,
-                                              const void *data, size_t length)
-{
-    return -1;
-}
-
-static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
-{
-    return -1;
-}
-
-static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags)
-{
-    return -1;
-}
 # endif /* OPENSSL_NO_KTLS */
 #endif /* HEADER_INTERNAL_KTLS */


More information about the openssl-commits mailing list