lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20201005184313.3887-1-rohitm@chelsio.com>
Date:   Tue,  6 Oct 2020 00:13:13 +0530
From:   Rohit Maheshwari <rohitm@...lsio.com>
To:     kuba@...nel.org, netdev@...r.kernel.org, davem@...emloft.net
Cc:     secdev@...lsio.com, Rohit Maheshwari <rohitm@...lsio.com>
Subject: [PATCH net v2] net/tls: sendfile fails with ktls offload

At first when sendpage gets called, if there is more data, 'more' in
tls_push_data() gets set which later sets pending_open_record_frags, but
when there is no more data in file left, and last time tls_push_data()
gets called, pending_open_record_frags doesn't get reset. And later when
2 bytes of encrypted alert comes as sendmsg, it first checks for
pending_open_record_frags, and since this is set, it creates a record with
0 data bytes to encrypt, meaning record length is prepend_size + tag_size
only, which causes problem.
 We should set/reset pending_open_record_frags based on more bit.

Also incase if tls_do_allocation() fails, and if record len is only
prepend_size, then destroy the record.

v1->v2:
- handle tls_do_allocation() failure handling.

Signed-off-by: Rohit Maheshwari <rohitm@...lsio.com>
---
 net/tls/tls_device.c | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index b74e2741f74f..f3efd53e31cf 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -463,17 +463,16 @@ static int tls_push_data(struct sock *sk,
 			if (!record)
 				break;
 handle_error:
-			if (record_type != TLS_RECORD_TYPE_DATA) {
-				/* avoid sending partial
-				 * record with type !=
-				 * application_data
-				 */
-				size = orig_size;
-				destroy_record(record);
-				ctx->open_record = NULL;
-			} else if (record->len > prot->prepend_size) {
+			/* avoid sending partial record with type !=
+			 * application_data
+			 */
+			if (record_type == TLS_RECORD_TYPE_DATA &&
+			    record->len > prot->prepend_size)
 				goto last_record;
-			}
+
+			size = orig_size;
+			destroy_record(record);
+			ctx->open_record = NULL;
 
 			break;
 		}
@@ -492,11 +491,11 @@ static int tls_push_data(struct sock *sk,
 		if (!size) {
 last_record:
 			tls_push_record_flags = flags;
-			if (more) {
-				tls_ctx->pending_open_record_frags =
-						!!record->num_frags;
+			/* set/clear pending_open_record_frags based on more */
+			tls_ctx->pending_open_record_frags = !!more;
+
+			if (more)
 				break;
-			}
 
 			done = true;
 		}
-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ