git: 44aacbc98185 - stable/13 - OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 14 May 2022 00:10:01 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=44aacbc981851b319cad8485b0f9a9d09403a724
commit 44aacbc981851b319cad8485b0f9a9d09403a724
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-05-04 20:08:27 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-05-13 23:51:26 +0000
OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record.
- Don't unpad records, check the outer record type, or extract the
inner record type from TLS 1.3 records handled by the kernel. KTLS
performs all of these steps and returns the inner record type in the
TLS header.
- When checking the length of a received TLS 1.3 record don't allow
for the extra byte for the nested record type when KTLS is used.
- Pass a pointer to the record type in the TLS header to the
SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old
pointer pointed to the last byte of payload rather than the record
type. For the non-KTLS case, the TLS header has been updated with
the inner type before this callback is invoked.
Approved by: jkim
Obtained from: OpenSSL commit a5fb9605329fb939abb536c1604d44a511741624
MFC after: 1 week
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34975
(cherry picked from commit c0f977bfb6d9853fd6f762444310c23d8d7ec252)
---
crypto/openssl/ssl/record/ssl3_record.c | 48 ++++++++++++++++++++++-----------
1 file changed, 32 insertions(+), 16 deletions(-)
diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c
index 5fa481de9dbe..da549995e070 100644
--- a/crypto/openssl/ssl/record/ssl3_record.c
+++ b/crypto/openssl/ssl/record/ssl3_record.c
@@ -370,7 +370,9 @@ int ssl3_get_record(SSL *s)
}
}
- if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
+ if (SSL_IS_TLS13(s)
+ && s->enc_read_ctx != NULL
+ && !using_ktls) {
if (thisrr->type != SSL3_RT_APPLICATION_DATA
&& (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
|| !SSL_IS_FIRST_HANDSHAKE(s))
@@ -400,7 +402,13 @@ int ssl3_get_record(SSL *s)
}
if (SSL_IS_TLS13(s)) {
- if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
+ size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
+
+ /* KTLS strips the inner record type. */
+ if (using_ktls)
+ len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+ if (thisrr->length > len) {
SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
return -1;
@@ -739,22 +747,30 @@ int ssl3_get_record(SSL *s)
if (SSL_IS_TLS13(s)
&& s->enc_read_ctx != NULL
&& thisrr->type != SSL3_RT_ALERT) {
- size_t end;
+ /*
+ * The following logic are irrelevant in KTLS: the kernel provides
+ * unprotected record and thus record type represent the actual
+ * content type, and padding is already removed and thisrr->type and
+ * thisrr->length should have the correct values.
+ */
+ if (!using_ktls) {
+ size_t end;
- if (thisrr->length == 0
- || thisrr->type != SSL3_RT_APPLICATION_DATA) {
- SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
- SSL_R_BAD_RECORD_TYPE);
- return -1;
- }
+ if (thisrr->length == 0
+ || thisrr->type != SSL3_RT_APPLICATION_DATA) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
+ return -1;
+ }
- /* Strip trailing padding */
- for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
- end--)
- continue;
+ /* Strip trailing padding */
+ for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
+ end--)
+ continue;
- thisrr->length = end;
- thisrr->type = thisrr->data[end];
+ thisrr->length = end;
+ thisrr->type = thisrr->data[end];
+ }
if (thisrr->type != SSL3_RT_APPLICATION_DATA
&& thisrr->type != SSL3_RT_ALERT
&& thisrr->type != SSL3_RT_HANDSHAKE) {
@@ -764,7 +780,7 @@ int ssl3_get_record(SSL *s)
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
- &thisrr->data[end], 1, s, s->msg_callback_arg);
+ &thisrr->type, 1, s, s->msg_callback_arg);
}
/*