| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Aug 2023 19:56:31 +0200
From: Simon Horman <horms@...nel.org>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: netdev@...r.kernel.org, Vadim Fedorenko <vfedorenko@...ek.ru>,
Frantisek Krenzelok <fkrenzel@...hat.com>,
Jakub Kicinski <kuba@...nel.org>,
Kuniyuki Iwashima <kuniyu@...zon.com>,
Apoorv Kothari <apoorvko@...zon.com>,
Boris Pismenny <borisp@...dia.com>,
John Fastabend <john.fastabend@...il.com>,
Shuah Khan <shuah@...nel.org>, linux-kselftest@...r.kernel.org,
Gal Pressman <gal@...dia.com>,
Marcel Holtmann <marcel@...tmann.org>
Subject: Re: [PATCH net-next v3 3/6] tls: implement rekey for TLS1.3
On Wed, Aug 09, 2023 at 02:58:52PM +0200, Sabrina Dubroca wrote:
> This adds the possibility to change the key and IV when using
> TLS1.3. Changing the cipher or TLS version is not supported.
>
> Once we have updated the RX key, we can unblock the receive side. If
> the rekey fails, the context is unmodified and userspace is free to
> retry the update or close the socket.
>
> This change only affects tls_sw, since 1.3 offload isn't supported.
>
> v2:
> - reverse xmas tree
> - turn the alt_crypto_info into an else if
> - don't modify the context when rekey fails
>
> v3:
> - only call tls_sw_strparser_arm when setting the initial RX key, not
> on rekeys
> - update tls_sk_poll to not say the socket is readable when we're
> waiting for a rekey, and wake up poll() when the new key is installed
> - use unsafe_memcpy to make FORTIFY_SOURCE happy
>
> Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
...
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
...
> @@ -2873,14 +2911,24 @@ int tls_set_sw_offload(struct sock *sk, int tx)
>
> ctx->push_pending_record = tls_sw_push_pending_record;
>
> + /* setkey is the last operation that could fail during a
> + * rekey. if it succeeds, we can start modifying the
> + * context.
> + */
> rc = crypto_aead_setkey(*aead, key, keysize);
> + if (rc) {
> + if (new_crypto_info)
> + goto out;
> + else
> + goto free_aead;
> + }
>
> - if (rc)
> - goto free_aead;
> -
> - rc = crypto_aead_setauthsize(*aead, prot->tag_size);
> - if (rc)
> - goto free_aead;
> + if (!new_crypto_info) {
> + rc = crypto_aead_setauthsize(*aead, prot->tag_size);
> + if (rc) {
> + goto free_aead;
> + }
nit: no need for {} here.
> + }
>
> if (sw_ctx_rx) {
> tfm = crypto_aead_tfm(sw_ctx_rx->aead_recv);
...
Powered by blists - more mailing lists