| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZGZIPuuhirQLucuf@corigine.com>
Date: Thu, 18 May 2023 17:46:06 +0200
From: Simon Horman <simon.horman@...igine.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
pabeni@...hat.com, borisp@...dia.com, john.fastabend@...il.com,
tariqt@...dia.com, Shai Amiram <samiram@...dia.com>
Subject: Re: [PATCH net 6/7] tls: rx: strp: preserve decryption status of
skbs when needed
On Tue, May 16, 2023 at 06:50:41PM -0700, Jakub Kicinski wrote:
> When receive buffer is small we try to copy out the data from
> TCP into a skb maintained by TLS to prevent connection from
> stalling. Unfortunately if a single record is made up of a mix
> of decrypted and non-decrypted skbs combining them into a single
> skb leads to loss of decryption status, resulting in decryption
> errors or data corruption.
>
> Similarly when trying to use TCP receive queue directly we need
> to make sure that all the skbs within the record have the same
> status. If we don't the mixed status will be detected correctly
> but we'll CoW the anchor, again collapsing it into a single paged
> skb without decrypted status preserved. So the "fixup" code will
> not know which parts of skb to re-encrypt.
>
> Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
> Tested-by: Shai Amiram <samiram@...dia.com>
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
Reviewed-by: Simon Horman <simon.horman@...igine.com>
Powered by blists - more mailing lists