From 7e6e4adb456eb07345fed69ec0f28dd5ff1a6d0e Mon Sep 17 00:00:00 2001
From: Apoorv Kothari <apoorv@toidiu.com>
Date: Tue, 14 Feb 2023 15:31:14 -0800
Subject: [PATCH] fn to detect ktls support

---
 tests/unit/s2n_ktls_feature_probe_test.c |  9 +++--
 tests/unit/s2n_ktls_test.c               | 47 ++++++------------------
 tls/s2n_ktls.c                           | 19 ++++++++--
 tls/s2n_ktls.h                           |  1 +
 4 files changed, 33 insertions(+), 43 deletions(-)

diff --git a/tests/unit/s2n_ktls_feature_probe_test.c b/tests/unit/s2n_ktls_feature_probe_test.c
index 8bd5af388ac..9dd4685d6d3 100644
--- a/tests/unit/s2n_ktls_feature_probe_test.c
+++ b/tests/unit/s2n_ktls_feature_probe_test.c
@@ -29,10 +29,11 @@ int main(int argc, char **argv)
 #if defined(__linux__)
     /* kTLS support was first added to AL2 starting in 5.10.130. */
     #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 130))
-        #ifndef S2N_PLATFORM_SUPPORTS_KTLS
-        FAIL_MSG("kTLS feature probe is not working");
-        #endif
-        EXPECT_TRUE(true);
+        if (!platform_supports_ktls()) {
+            FAIL_MSG("kTLS feature probe is not working");
+        } else {
+            EXPECT_TRUE(true);
+        }
     #endif
 #endif
     };
diff --git a/tests/unit/s2n_ktls_test.c b/tests/unit/s2n_ktls_test.c
index 3405b2fbc63..b1468aa7935 100644
--- a/tests/unit/s2n_ktls_test.c
+++ b/tests/unit/s2n_ktls_test.c
@@ -25,7 +25,6 @@
 #include "utils/s2n_safety.h"
 
 S2N_RESULT s2n_ktls_retrieve_file_descriptor(struct s2n_connection *conn, s2n_ktls_mode ktls_mode, int *fd);
-S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode ktls_mode);
 S2N_RESULT s2n_disable_ktls_socket_config_for_testing(void);
 
 S2N_RESULT s2n_test_configure_ktls_connection(struct s2n_connection *conn, int *fd)
@@ -49,19 +48,18 @@ int main(int argc, char **argv)
 {
     BEGIN_TEST();
 
-#ifndef S2N_PLATFORM_SUPPORTS_KTLS
-    /* s2n_connection_ktls_enable */
-    {
-        DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
-                s2n_connection_ptr_free);
-        int fd = 0;
-        EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
+    if (!platform_supports_ktls()) {
+        {
+            DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
+                    s2n_connection_ptr_free);
+            int fd = 0;
+            EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
 
-        EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
-    };
+            EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
+        };
 
-    END_TEST();
-#endif
+        END_TEST();
+    }
 
     EXPECT_OK(s2n_disable_ktls_socket_config_for_testing());
 
@@ -83,7 +81,7 @@ int main(int argc, char **argv)
         EXPECT_FALSE(cipher.ktls_supported);
     };
 
-    /* s2n_ktls_validate TLS 1.2 */
+    /* s2n_connection_ktls_enable */
     {
         DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
                 s2n_connection_ptr_free);
@@ -93,7 +91,7 @@ int main(int argc, char **argv)
         EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_DISABLED_FOR_TEST);
     };
 
-    /* s2n_ktls_validate TLS 1.3 */
+    /* TLS 1.3 */
     {
         DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
                 s2n_connection_ptr_free);
@@ -101,7 +99,6 @@ int main(int argc, char **argv)
         EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
 
         server_conn->actual_protocol_version = S2N_TLS13;
-
         EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_UNSUPPORTED_CONN);
     };
 
@@ -157,25 +154,5 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(fd_orig, fd_ret);
     };
 
-    /* s2n_ktls_configure_socket */
-    {
-        DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
-                s2n_connection_ptr_free);
-        int fd = 0;
-        EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
-
-        EXPECT_ERROR_WITH_ERRNO(s2n_ktls_configure_socket(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_DISABLED_FOR_TEST);
-    };
-
-    /* s2n_connection_ktls_enable */
-    {
-        DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
-                s2n_connection_ptr_free);
-        int fd = 0;
-        EXPECT_OK(s2n_test_configure_ktls_connection(server_conn, &fd));
-
-        EXPECT_FAILURE_WITH_ERRNO(s2n_connection_ktls_enable(server_conn, S2N_KTLS_MODE_SEND), S2N_ERR_KTLS_DISABLED_FOR_TEST);
-    };
-
     END_TEST();
 }
diff --git a/tls/s2n_ktls.c b/tls/s2n_ktls.c
index 1bde9a691ca..a4edec6247c 100644
--- a/tls/s2n_ktls.c
+++ b/tls/s2n_ktls.c
@@ -43,6 +43,15 @@
 /* These variables are used to disable ktls mechanisms during testing. */
 static bool disable_ktls_socket_config_for_testing = false;
 
+bool platform_supports_ktls()
+{
+#ifdef S2N_PLATFORM_SUPPORTS_KTLS
+    return true;
+#else
+    return false;
+#endif
+}
+
 static S2N_RESULT s2n_ktls_validate(struct s2n_connection *conn)
 {
     RESULT_ENSURE_REF(conn);
@@ -90,14 +99,11 @@ S2N_RESULT s2n_ktls_retrieve_file_descriptor(struct s2n_connection *conn, s2n_kt
     return S2N_RESULT_OK;
 }
 
-S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode ktls_mode)
+static S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode ktls_mode)
 {
     RESULT_ENSURE_REF(conn);
     RESULT_ENSURE(ktls_mode == S2N_KTLS_MODE_RECV || ktls_mode == S2N_KTLS_MODE_SEND, S2N_ERR_SAFETY);
 
-#ifndef S2N_PLATFORM_SUPPORTS_KTLS
-    RESULT_BAIL(S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
-#else
     /* If already enabled then return success */
     if (ktls_mode == S2N_KTLS_MODE_SEND && conn->ktls_send_enabled) {
         return S2N_RESULT_OK;
@@ -112,6 +118,7 @@ S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode
     /* Calls to setsockopt require a real socket, which is not used in unit tests. */
     RESULT_ENSURE(!disable_ktls_socket_config_for_testing, S2N_ERR_KTLS_DISABLED_FOR_TEST);
 
+#ifdef S2N_PLATFORM_SUPPORTS_KTLS
     /* Enable 'tls' ULP for the socket. https://lwn.net/Articles/730207 */
     int ret = setsockopt(fd, SOL_TCP, TCP_ULP, S2N_TLS_ULP_NAME, S2N_TLS_ULP_NAME_SIZE);
     RESULT_ENSURE(ret == 0, S2N_ERR_KTLS_ULP);
@@ -138,6 +145,10 @@ S2N_RESULT s2n_ktls_configure_socket(struct s2n_connection *conn, s2n_ktls_mode
  */
 int s2n_connection_ktls_enable(struct s2n_connection *conn, s2n_ktls_mode ktls_mode)
 {
+    if (!platform_supports_ktls()) {
+        POSIX_BAIL(S2N_ERR_KTLS_UNSUPPORTED_PLATFORM);
+    }
+
     POSIX_ENSURE_REF(conn);
     POSIX_GUARD_RESULT(s2n_ktls_validate(conn));
 
diff --git a/tls/s2n_ktls.h b/tls/s2n_ktls.h
index 918d5d783d3..8de63e33d9f 100644
--- a/tls/s2n_ktls.h
+++ b/tls/s2n_ktls.h
@@ -30,3 +30,4 @@ typedef enum {
 } s2n_ktls_mode;
 
 int s2n_connection_ktls_enable(struct s2n_connection *conn, s2n_ktls_mode ktls_mode);
+bool platform_supports_ktls();