lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <90cc9b71e356a94e593b66614bbb28a542ca204c.camel@gmail.com>
Date: Thu, 21 Aug 2025 16:18:25 +1000
From: Wilfred Mallawa <wilfred.opensource@...il.com>
To: Hannes Reinecke <hare@...e.de>, chuck.lever@...cle.com,
 davem@...emloft.net, 	edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, donald.hunter@...il.com, 	borisp@...dia.com,
 john.fastabend@...il.com
Cc: alistair.francis@....com, dlemoal@...nel.org, 
	kernel-tls-handshake@...ts.linux.dev, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [RFC v2 1/1] net/tls: allow limiting maximum record size

On Mon, 2025-08-18 at 08:31 +0200, Hannes Reinecke wrote:
> 
[snip]
> > --- a/include/uapi/linux/handshake.h
> > +++ b/include/uapi/linux/handshake.h
> > @@ -54,6 +54,7 @@ enum {
> >   	HANDSHAKE_A_DONE_STATUS = 1,
> >   	HANDSHAKE_A_DONE_SOCKFD,
> >   	HANDSHAKE_A_DONE_REMOTE_AUTH,
> > +	HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT,
> >   
> >   	__HANDSHAKE_A_DONE_MAX,
> >   	HANDSHAKE_A_DONE_MAX = (__HANDSHAKE_A_DONE_MAX - 1)
> > diff --git a/net/handshake/genl.c b/net/handshake/genl.c
> > index f55d14d7b726..44c43ce18361 100644
> > --- a/net/handshake/genl.c
> > +++ b/net/handshake/genl.c
> > @@ -16,10 +16,11 @@ static const struct nla_policy
> > handshake_accept_nl_policy[HANDSHAKE_A_ACCEPT_HAN
> >   };
> >   
> >   /* HANDSHAKE_CMD_DONE - do */
> > -static const struct nla_policy
> > handshake_done_nl_policy[HANDSHAKE_A_DONE_REMOTE_AUTH + 1] = {
> > +static const struct nla_policy
> > handshake_done_nl_policy[HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT + 1] =
> > {
> 
Hey Hannes,

I did consider using HANDSHAKE_A_DONE_MAX, but wasn't sure if the
existing convention is there for some reason. But I can switch over if
you think that is best.

> Shouldn't that be 'HANDSHAKE_A_DONE_MAX'?
> 
> >   	[HANDSHAKE_A_DONE_STATUS] = { .type = NLA_U32, },
> >   	[HANDSHAKE_A_DONE_SOCKFD] = { .type = NLA_S32, },
> >   	[HANDSHAKE_A_DONE_REMOTE_AUTH] = { .type = NLA_U32, },
> > +	[HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT] = { .type = NLA_U32,
> > },
> >   };
> >   
> >   /* Ops table for handshake */
> > @@ -35,7 +36,7 @@ static const struct genl_split_ops
> > handshake_nl_ops[] = {
> >   		.cmd		= HANDSHAKE_CMD_DONE,
> >   		.doit		= handshake_nl_done_doit,
> >   		.policy		=
> > handshake_done_nl_policy,
> > -		.maxattr	= HANDSHAKE_A_DONE_REMOTE_AUTH,
> > +		.maxattr	=
> > HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT,
> 
> HANDSHAKE_A_DONE_MAX - 1?

Shouldn't it be `HANDSHAKE_A_DONE_MAX`? Unless the existing
`HANDSHAKE_A_DONE_REMOTE_AUTH` is incorrect?

Thanks for the review!

Regards,
Wilfred
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ