fn to detect ktls support

tests/unit/s2n_ktls_feature_probe_test.c

@@ -29,10 +29,11 @@ int main(int argc, char **argv)
 #if defined(__linux__)
     /* kTLS support was first added to AL2 starting in 5.10.130. */
     #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 130))
-        #ifndef S2N_PLATFORM_SUPPORTS_KTLS
-        FAIL_MSG("kTLS feature probe is not working");
-        #endif
-        EXPECT_TRUE(true);
+        if (!platform_supports_ktls()) {
+            FAIL_MSG("kTLS feature probe is not working");
+        } else {
+            EXPECT_TRUE(true);
+        }
     #endif
 #endif
     };

tests/unit/s2n_ktls_test.c

@@ -25,7 +25,6 @@
 #include "utils/s2n_safety.h"
 
 S2N_RESULT s2n_ktls_retrieve_file_descriptor(struct s2n_connection *conn, s2n_ktls_mode ktls_mode, int *fd);
-S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode ktls_mode);
 S2N_RESULT s2n_disable_ktls_socket_config_for_testing(void);
 
 S2N_RESULT s2n_test_configure_ktls_connection(struct s2n_connection *conn, int *fd)
@@ -49,19 +48,18 @@ int main(int argc, char **argv)
 {
     BEGIN_TEST();
 
-#ifndef S2N_PLATFORM_SUPPORTS_KTLS
-    /* s2n_connection_ktls_enable */
-    {
-        DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
-                s2n_connection_ptr_free);
-        int fd = 0;
-        EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
+    if (!platform_supports_ktls()) {
+        {
+            DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
+                    s2n_connection_ptr_free);
+            int fd = 0;
+            EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
 
-        EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
-    };
+            EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
+        };
 
-    END_TEST();
-#endif
+        END_TEST();
+    }
 
     EXPECT_OK(s2n_disable_ktls_socket_config_for_testing());
 
@@ -83,7 +81,7 @@ int main(int argc, char **argv)
         EXPECT_FALSE(cipher.ktls_supported);
     };
 
-    /* s2n_ktls_validate TLS 1.2 */
+    /* s2n_connection_ktls_enable */
     {
         DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
                 s2n_connection_ptr_free);
@@ -93,15 +91,14 @@ int main(int argc, char **argv)
         EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_DISABLED_FOR_TEST);
     };
 
-    /* s2n_ktls_validate TLS 1.3 */
+    /* TLS 1.3 */
     {
         DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
                 s2n_connection_ptr_free);
         int fd = 0;
         EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
 
         server_conn->actual_protocol_version = S2N_TLS13;
-
         EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_UNSUPPORTED_CONN);
     };
 
@@ -157,25 +154,5 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(fd_orig, fd_ret);
     };
 
-    /* s2n_ktls_configure_socket */
-    {
-        DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
-                s2n_connection_ptr_free);
-        int fd = 0;
-        EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
-
-        EXPECT_ERROR_WITH_ERRNO(s2n_ktls_configure_socket(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_DISABLED_FOR_TEST);
-    };
-
-    /* s2n_connection_ktls_enable */
-    {
-        DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
-                s2n_connection_ptr_free);
-        int fd = 0;
-        EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
-
-        EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_DISABLED_FOR_TEST);
-    };
-
     END_TEST();
 }

tls/s2n_ktls.c

@@ -43,6 +43,15 @@
 /* These variables are used to disable ktls mechanisms during testing. */
 static bool disable_ktls_socket_config_for_testing = false;
 
+bool platform_supports_ktls()
+{
+#ifdef S2N_PLATFORM_SUPPORTS_KTLS
+    return true;
+#else
+    return false;
+#endif
+}
+
 static S2N_RESULT s2n_ktls_validate(struct s2n_connection *conn)
 {
     RESULT_ENSURE_REF(conn);
@@ -90,14 +99,11 @@ S2N_RESULT s2n_ktls_retrieve_file_descriptor(struct s2n_connection *conn, s2n_kt
     return S2N_RESULT_OK;
 }
 
-S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode ktls_mode)
+static S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode ktls_mode)
 {
     RESULT_ENSURE_REF(conn);
     RESULT_ENSURE(ktls_mode == S2N_KTLS_MODE_RECV || ktls_mode == S2N_KTLS_MODE_SEND, S2N_ERR_SAFETY);
 
-#ifndef S2N_PLATFORM_SUPPORTS_KTLS
-    RESULT_BAIL(S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
-#else
     /* If already enabled then return success */
     if (ktls_mode == S2N_KTLS_MODE_SEND && conn->ktls_send_enabled) {
         return S2N_RESULT_OK;
@@ -112,6 +118,7 @@ S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode
     /* Calls to setsockopt require a real socket, which is not used in unit tests. */
     RESULT_ENSURE(!disable_ktls_socket_config_for_testing, S2N_ERR_KTLS_DISABLED_FOR_TEST);
 
+#ifdef S2N_PLATFORM_SUPPORTS_KTLS
     /* Enable 'tls' ULP for the socket. https://lwn.net/Articles/730207 */
     int ret = setsockopt(fd, SOL_TCP, TCP_ULP, S2N_TLS_ULP_NAME, S2N_TLS_ULP_NAME_SIZE);
     RESULT_ENSURE(ret == 0, S2N_ERR_KTLS_ULP);
@@ -138,6 +145,10 @@ S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode
  */
 int s2n_connection_ktls_enable(struct s2n_connection *conn, s2n_ktls_mode ktls_mode)
 {
+    if (!platform_supports_ktls()) {
+        POSIX_BAIL(S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
+    }
+
     POSIX_ENSURE_REF(conn);
     POSIX_GUARD_RESULT(s2n_ktls_validate(conn));
 

tls/s2n_ktls.h

@@ -30,3 +30,4 @@ typedef enum {
 } s2n_ktls_mode;
 
 int s2n_connection_ktls_enable(struct s2n_connection *conn, s2n_ktls_mode ktls_mode);
+bool platform_supports_ktls();