ktls: improve messaging around freed handshakes (#4346)

aws · Jan 9, 2024 · e5e7b01 · e5e7b01
1 parent d606b53
commit e5e7b01
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/api/unstable/ktls.h b/api/unstable/ktls.h
@@ -44,7 +44,8 @@
  * Enables sending using kTLS on a given connection.
  *
  * See above for the limitations on when kTLS can be enabled. Additionally,
- * s2n_connection_ktls_enable_send must be called after the handshake completes.
+ * s2n_connection_ktls_enable_send must be called after the handshake completes
+ * but before the handshake is freed with s2n_connection_free_handshake.
  * It may be called after some application data is sent and received without kTLS,
  * but there must be no pending application data that requires flushing. If these
  * requirements are not met, enabling kTLS will fail with an error.
@@ -74,7 +75,8 @@ S2N_API int s2n_connection_ktls_enable_send(struct s2n_connection *conn);
  * Enables receiving using kTLS on a given connection.
  *
  * See above for the limitations on when kTLS can be enabled. Additionally,
- * s2n_connection_ktls_enable_recv must be called after the handshake completes.
+ * s2n_connection_ktls_enable_recv must be called after the handshake completes
+ * but before the handshake is freed with s2n_connection_free_handshake.
  * It may be called after some application data is sent and received without kTLS,
  * but there must be no buffered application data that requires draining. If these
  * requirements are not met, enabling kTLS will fail with an error.

diff --git a/tls/s2n_ktls.c b/tls/s2n_ktls.c
@@ -55,6 +55,12 @@ static S2N_RESULT s2n_ktls_validate(struct s2n_connection *conn, s2n_ktls_mode k
     /* kTLS enable should only be called once the handshake has completed. */
     RESULT_ENSURE(is_handshake_complete(conn), S2N_ERR_HANDSHAKE_NOT_COMPLETE);
 
+    /* kTLS uses the prf_space to recalculate the keys, but the prf_space may be
+     * freed by s2n_connection_free_handshake to reduce the connection size.
+     * Explicitly check for prf_space here to avoid a confusing S2N_ERR_NULL later.
+     */
+    RESULT_ENSURE(conn->prf_space, S2N_ERR_INVALID_STATE);
+
     /* For now, only allow TlS1.3 if explicitly enabled.
      *
      * TLS1.3 is potentially more dangerous to enable than TLS1.2, since the kernel