diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2022-05-16 07:06:42 +0200 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2022-05-17 13:16:49 +0200 |
| commit | c6c3602e943b1e9acfa79c3a27d3b47e7b116064 (patch) | |
| tree | 13aa5c158db5e12d9ccd6588ed25a1f068ecb613 /crypto/bio/bss_conn.c | |
| parent | 1417e2b4b45b7753efe9b58bea8fe5557dd316d8 (diff) | |
Fix KTLS with BIO_new_connect
When a socket connection is done using BIO_new_connect,
the ktls_enable is done too early, and fails with ENOTCONN.
Therefore the KLTS ioctl will fail later with ENOPROTOOPT.
Fix that by doing the ktls_enable after the connection
succeeded, not when the socket is created as that will
always fail.
One example where this happens is doit_localhost in
test/ssl_old_test.c, and therefore, contrary to the expectation
the -client_ktls option did never enable the client KTLS
connection, but this was not noticed, because there was no
diagnostic output, and it was only visible with strace output.
Also enhanced the ssl_old_test -client_ktls/-server_ktls
options together with -v option to print a summary line
if and how KTLS was negotiated in server and client.
While I am already there adjusted the usage info of
the -s_cert, -s_key commands, and allow -time to print the
timings of ktls connections.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18318)
(cherry picked from commit 598bd7741568a1aae678e5472f18aae1ab991e8d)
Diffstat (limited to 'crypto/bio/bss_conn.c')
| -rw-r--r-- | crypto/bio/bss_conn.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index d146c97b82..e71c05f96c 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -188,6 +188,9 @@ static int conn_state(BIO *b, BIO_CONNECT *c) break; case BIO_CONN_S_BLOCKED_CONNECT: + /* wait for socket being writable, before querying BIO_sock_error */ + if (BIO_socket_wait(b->num, 0, time(NULL)) == 0) + break; i = BIO_sock_error(b->num); if (i != 0) { BIO_clear_retry_flags(b); @@ -205,8 +208,18 @@ static int conn_state(BIO *b, BIO_CONNECT *c) ERR_raise(ERR_LIB_BIO, BIO_R_NBIO_CONNECT_ERROR); ret = 0; goto exit_loop; - } else + } else { c->state = BIO_CONN_S_OK; +# ifndef OPENSSL_NO_KTLS + /* + * The new socket is created successfully regardless of ktls_enable. + * ktls_enable doesn't change any functionality of the socket, except + * changing the setsockopt to enable the processing of ktls_start. + * Thus, it is not a problem to call it for non-TLS sockets. + */ + ktls_enable(b->num); +# endif + } break; case BIO_CONN_S_CONNECT_ERROR: |