lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y9Bbz60sAwkmrsrt@hog>
Date:   Tue, 24 Jan 2023 23:29:35 +0100
From:   Sabrina Dubroca <sd@...asysnail.net>
To:     Marcel Holtmann <marcel@...tmann.org>
Cc:     Ilya Lesokhin <ilyal@...lanox.com>,
        Dave Watson <davejwatson@...com>, netdev@...r.kernel.org
Subject: Re: Setting TLS_RX and TLS_TX crypto info more than once?

Hi Marcel,

2023-01-24, 18:48:56 +0100, Marcel Holtmann wrote:
> Hi Ilya,
> 
> in commit 196c31b4b5447 you limited setsockopt for TLS_RX and TLS_TX
> crypto info to just one time.

Looking at commit 196c31b4b5447, that check was already there, it only
got moved.

> 
> +       crypto_info = &ctx->crypto_send;
> +       /* Currently we don't support set crypto info more than one time */
> +       if (TLS_CRYPTO_INFO_READY(crypto_info))
> +               goto out;
> 
> This is a bit unfortunate for TLS 1.3 where the majority of the TLS
> handshake is actually encrypted with handshake traffic secrets and
> only after a successful handshake, the application traffic secrets
> are applied.
> 
> I am hitting this issue since I am just sending ClientHello and only
> reading ServerHello and then switching on TLS_RX right away to receive
> the rest of the handshake via TLS_GET_RECORD_TYPE. This works pretty
> nicely in my code.
> 
> Since this limitation wasn’t there in the first place, can we get it
> removed again and allow setting the crypto info more than once? At
> least updating the key material (the cipher obviously has to match).
> 
> I think this is also needed when having to do any re-keying since I
> have seen patches for that, but it seems they never got applied.

The patches are still under discussion (I only posted them a week ago
so "never got applied" seems a bit harsh):
https://lore.kernel.org/all/cover.1673952268.git.sd@queasysnail.net/T/#u

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ