git: 79669b07b08b - stable/13 - uipc_socket.c: Modify MSG_TLSAPPDATA to only do Alert Records
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 28 May 2022 03:20:58 UTC
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=79669b07b08bca80203f35495d06783da5b799c7 commit 79669b07b08bca80203f35495d06783da5b799c7 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2022-05-14 19:56:50 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2022-05-28 03:19:48 +0000 uipc_socket.c: Modify MSG_TLSAPPDATA to only do Alert Records Without this patch, the MSG_TLSAPPDATA flag would cause soreceive_generic() to return ENXIO for any non-application data record in a TLS receive stream. This works ok for TLS1.2, since Alert records appear to be the only non-application data records received. However, for TLS1.3, there can be post-handshake handshake records, such as NewSessionKey sent to the client from the server. These handshake records cannot be handled by the upcall which does an SSL_read() with length == 0. It appears that the client can simply throw away these NewSessionKey records, but to do so, it needs to receive them within the kernel. This patch modifies the semantics of MSG_TLSAPPDATA slightly, so that it only applies to Alert records and not Handshake records. It is needed to allow the krpc to work with KTLS1.3. (cherry picked from commit 373511338d954895752e957f3028a178587c8c84) --- sys/kern/uipc_socket.c | 8 ++++---- sys/sys/ktls.h | 2 ++ sys/sys/socket.h | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index bdd7756916d9..bbcd5dd30320 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -2065,8 +2065,8 @@ dontblock: struct tls_get_record tgr; /* - * For MSG_TLSAPPDATA, check for a non-application data - * record. If found, return ENXIO without removing + * For MSG_TLSAPPDATA, check for an alert record. + * If found, return ENXIO without removing * it from the receive queue. This allows a subsequent * call without MSG_TLSAPPDATA to receive it. * Note that, for TLS, there should only be a single @@ -2077,8 +2077,8 @@ dontblock: if (cmsg->cmsg_type == TLS_GET_RECORD && cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); - /* This will need to change for TLS 1.3. */ - if (tgr.tls_type != TLS_RLTYPE_APP) { + if (__predict_false(tgr.tls_type == + TLS_RLTYPE_ALERT)) { SOCKBUF_UNLOCK(&so->so_rcv); error = ENXIO; goto release; diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index 0e16fd5d9d1e..9fc01de5978c 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -50,6 +50,8 @@ struct tls_record_layer { #define TLS_CBC_IMPLICIT_IV_LEN 16 /* Type values for the record layer */ +#define TLS_RLTYPE_ALERT 21 +#define TLS_RLTYPE_HANDSHAKE 22 #define TLS_RLTYPE_APP 23 /* diff --git a/sys/sys/socket.h b/sys/sys/socket.h index 2cb76f9c6d63..de7a874b3079 100644 --- a/sys/sys/socket.h +++ b/sys/sys/socket.h @@ -470,7 +470,7 @@ struct msghdr { #endif #ifdef _KERNEL #define MSG_MORETOCOME 0x00100000 /* additional data pending */ -#define MSG_TLSAPPDATA 0x00200000 /* only soreceive() app. data (TLS) */ +#define MSG_TLSAPPDATA 0x00200000 /* do not soreceive() alert rec. (TLS) */ #endif /*