| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <cover.1694018970.git.sd@queasysnail.net> Date: Wed, 6 Sep 2023 19:08:30 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: netdev@...r.kernel.org Cc: Sabrina Dubroca <sd@...asysnail.net>, Dave Watson <davejwatson@...com>, Jakub Kicinski <kuba@...nel.org>, Vakul Garg <vakul.garg@....com>, Boris Pismenny <borisp@...dia.com>, John Fastabend <john.fastabend@...il.com> Subject: [PATCH net 0/5] tls: fix some issues with async encryption I've been playing with a few hacks in the crypto code (forcing async crypto for every request, smaller cryptd queue), and that has revealed some bugs while running the selftests. With this setup and those patches applied, the bad_in_large_read test case still fails. With all-async crypto, we don't know which record threw the EBADMSG, so we can't keep the first couple of records that were decrypted correctly. We have to throw away the whole batch. Liu Jian has also found a bug with async crypto and wrapping record numbers: https://lore.kernel.org/netdev/20230906065237.2180187-1-liujian56@huawei.com/ It will get fixed separately and I'll submit a selftest for this case. Sabrina Dubroca (5): net: tls: handle -EBUSY on async encrypt/decrypt requests tls: fix use-after-free with partial reads and async decrypt tls: fix returned read length with async !zc decrypt tls: fix race condition in async decryption of corrupted records tls: don't decrypt the next record if it's of a different type net/tls/tls_sw.c | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) -- 2.40.1
Powered by blists - more mailing lists