| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <A07B819E-A406-457A-B7DB-8926DCEBADCD@holtmann.org>
Date: Tue, 24 Jan 2023 18:48:56 +0100
From: Marcel Holtmann <marcel@...tmann.org>
To: Ilya Lesokhin <ilyal@...lanox.com>,
Dave Watson <davejwatson@...com>
Cc: netdev@...r.kernel.org
Subject: Setting TLS_RX and TLS_TX crypto info more than once?
Hi Ilya,
in commit 196c31b4b5447 you limited setsockopt for TLS_RX and TLS_TX
crypto info to just one time.
+ crypto_info = &ctx->crypto_send;
+ /* Currently we don't support set crypto info more than one time */
+ if (TLS_CRYPTO_INFO_READY(crypto_info))
+ goto out;
This is a bit unfortunate for TLS 1.3 where the majority of the TLS
handshake is actually encrypted with handshake traffic secrets and
only after a successful handshake, the application traffic secrets
are applied.
I am hitting this issue since I am just sending ClientHello and only
reading ServerHello and then switching on TLS_RX right away to receive
the rest of the handshake via TLS_GET_RECORD_TYPE. This works pretty
nicely in my code.
Since this limitation wasn’t there in the first place, can we get it
removed again and allow setting the crypto info more than once? At
least updating the key material (the cipher obviously has to match).
I think this is also needed when having to do any re-keying since I
have seen patches for that, but it seems they never got applied.
Any thoughts?
Regards
Marcel
Powered by blists - more mailing lists