From 6b510e936b7af967fbea7236e8d70bccdfdd55f5 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 29 Jul 2022 19:31:24 +0900 Subject: [PATCH] Fix the previous patch enabling KTLS in gnutls-cli Related: #2097327 Signed-off-by: Daiki Ueno --- gnutls-3.7.6-ktls-fixes.patch | 76 ++++++++++++++++++++++++++++++++++- 1 file changed, 74 insertions(+), 2 deletions(-) diff --git a/gnutls-3.7.6-ktls-fixes.patch b/gnutls-3.7.6-ktls-fixes.patch index c7781cd..2bef420 100644 --- a/gnutls-3.7.6-ktls-fixes.patch +++ b/gnutls-3.7.6-ktls-fixes.patch @@ -228,11 +228,50 @@ index b9f7a73fb5..ddf27fac76 100644 -- 2.36.1 +From 2d3cba6bb21acb40141180298f3924c73c7de8f8 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 26 Jul 2022 11:38:41 +0900 +Subject: [PATCH 1/2] handshake: do not enable KTLS if custom pull/push + functions are set + +If gnutls_transport_set_pull_function or +gnutls_transport_set_push_function is used, we can't assume the +underlying transport handle is an FD. + +Signed-off-by: Daiki Ueno +--- + lib/handshake.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index 3886306eb4..cf025a84f6 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2861,7 +2861,14 @@ int gnutls_handshake(gnutls_session_t session) + + #ifdef ENABLE_KTLS + if (_gnutls_config_is_ktls_enabled()) { +- _gnutls_ktls_enable(session); ++ if (session->internals.pull_func || ++ session->internals.push_func) { ++ _gnutls_audit_log(session, ++ "Not enabling KTLS with " ++ "custom pull/push function\n"); ++ } else { ++ _gnutls_ktls_enable(session); ++ } + } + #endif + } +-- +2.37.1 + + From f7160e4fb970b4ba6f96e85e21f8395eae735d95 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 26 Jul 2022 11:39:57 +0900 -Subject: [PATCH] socket: only set pull/push functions when --save-*-trace is - used +Subject: [PATCH 2/2] socket: only set pull/push functions when --save-*-trace + is used This allows gnutls-cli to use KTLS for the transport, unless either --save-client-trace or --save-server-trace is used. @@ -274,3 +313,36 @@ index 39f18dbe18..36ac292700 100644 -- 2.37.1 +From a5b671fc9105cb5dbe6e6a1c0f39fa787d862076 Mon Sep 17 00:00:00 2001 +From: Frantisek Krenzelok +Date: Fri, 29 Jul 2022 10:38:42 +0200 +Subject: [PATCH] KTLS: hotfix + +session->internals.pull_func is set to system_read during gnutls_init() +so check for user set pull/push function added in commit mentioned +bellow will never pass. + +source: 2d3cba6bb21acb40141180298f3924c73c7de8f8 + +Signed-off-by: Frantisek Krenzelok +--- + lib/handshake.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index cf025a84f6..21edc5ece9 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2861,7 +2861,8 @@ int gnutls_handshake(gnutls_session_t session) + + #ifdef ENABLE_KTLS + if (_gnutls_config_is_ktls_enabled()) { +- if (session->internals.pull_func || ++ if ((session->internals.pull_func && ++ session->internals.pull_func != system_read) || + session->internals.push_func) { + _gnutls_audit_log(session, + "Not enabling KTLS with " +-- +2.37.1 +