KTLS: Invalidate session on ktls error

We invalidate the session if an KTLS related error occurs after it was initialized i.e. keys were set on the interfaces. As of now this only affects key_update() which should be fixed via a kernel patch. Thus future fallback mechanism implementation is not likely as that would require yet another kernel patch. Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
author: Frantisek Krenzelok <krenzelok.frantisek@gmail.com> 2022-10-31 12:17:43 +0100
committer: Frantisek Krenzelok <krenzelok.frantisek@gmail.com> 2022-12-04 13:09:43 +0100
commit: 700a8a75c1ed5b54a19299a5c8e91c5d2398575b (patch)
tree: 4571ebdcbb0c8b5ff5807b745a5f30432a5d0362 /lib/handshake.c
parent: 443b4b07742eccde7c0dc877142cb8a88b4aaa91 (diff)
download: gnutls-700a8a75c1ed5b54a19299a5c8e91c5d2398575b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/handshake.c b/lib/handshake.c
index 14bcdea56a..044b70e2a8 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2926,6 +2926,7 @@ int gnutls_handshake(gnutls_session_t session)
 	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) {
 		ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX);
 		if (ret < 0) {
+			/* no need to invalidate the session as keys were not set */
 			session->internals.ktls_enabled = 0;
 			_gnutls_audit_log(session,
 					  "disabling KTLS: failed to set keys\n");
author	Frantisek Krenzelok <krenzelok.frantisek@gmail.com>	2022-10-31 12:17:43 +0100
committer	Frantisek Krenzelok <krenzelok.frantisek@gmail.com>	2022-12-04 13:09:43 +0100
commit	700a8a75c1ed5b54a19299a5c8e91c5d2398575b (patch)
tree	4571ebdcbb0c8b5ff5807b745a5f30432a5d0362 /lib/handshake.c
parent	443b4b07742eccde7c0dc877142cb8a88b4aaa91 (diff)
download	gnutls-700a8a75c1ed5b54a19299a5c8e91c5d2398575b.tar.gz