| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250729024150.222513-2-wilfred.opensource@gmail.com> Date: Tue, 29 Jul 2025 12:41:47 +1000 From: Wilfred Mallawa <wilfred.opensource@...il.com> To: alistair.francis@....com, dlemoal@...nel.org, chuck.lever@...cle.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, donald.hunter@...il.com, corbet@....net, kbusch@...nel.org, axboe@...nel.dk, hch@....de, sagi@...mberg.me, kch@...dia.com, borisp@...dia.com, john.fastabend@...il.com, jlayton@...nel.org, neil@...wn.name, okorniev@...hat.com, Dai.Ngo@...cle.com, tom@...pey.com, trondmy@...nel.org, anna@...nel.org, kernel-tls-handshake@...ts.linux.dev, netdev@...r.kernel.org Cc: linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-nvme@...ts.infradead.org, linux-nfs@...r.kernel.org, Wilfred Mallawa <wilfred.mallawa@....com> Subject: [RFC 0/4] net/tls: add support for the record size limit extension From: Wilfred Mallawa <wilfred.mallawa@....com> During a tls handshake, an endpoint may specify a maximum record size limit. As specified by [1]. which allows peers to negotiate a maximum plaintext record size during the TLS handshake. If a TLS endpoint receives a record larger than its advertised limit, it must send a fatal "record_overflow" alert [1]. Currently, this limit is not visble to the kernel, particularly in the case where userspace handles the handshake (tlshd/gnutls). This series in conjunction with the respective userspace changes for tlshd [2] and gnutls [3], adds support for the kernel the receive the negotiated record size limit through the existing netlink communication layer, and use this value to limit outgoing records to the size specified. [1] https://www.rfc-editor.org/rfc/rfc8449 [2] https://github.com/oracle/ktls-utils/pull/112 [3] https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 Wilfred Mallawa (4): net/handshake: get negotiated tls record size limit net/tls/tls_sw: use the record size limit specified nvme/host/tcp: set max record size in the tls context nvme/target/tcp: set max record size in the tls context Documentation/netlink/specs/handshake.yaml | 3 +++ Documentation/networking/tls-handshake.rst | 8 +++++++- drivers/nvme/host/tcp.c | 18 +++++++++++++++++- drivers/nvme/target/tcp.c | 16 +++++++++++++++- include/net/handshake.h | 4 +++- include/net/tls.h | 1 + include/uapi/linux/handshake.h | 1 + net/handshake/genl.c | 5 +++-- net/handshake/tlshd.c | 15 +++++++++++++-- net/sunrpc/svcsock.c | 4 +++- net/sunrpc/xprtsock.c | 4 +++- net/tls/tls_sw.c | 10 +++++++++- 12 files changed, 78 insertions(+), 11 deletions(-) -- 2.50.1
Powered by blists - more mailing lists