From patchwork Wed Jan 30 21:58:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Watson X-Patchwork-Id: 1033815 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=fb.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=fb.com header.i=@fb.com header.b="QHuHUAOj"; dkim=pass (1024-bit key; unprotected) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com header.b="GZsozjfT"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43qfbt3BZPz9s9h for ; Thu, 31 Jan 2019 10:25:14 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729317AbfA3XZN (ORCPT ); Wed, 30 Jan 2019 18:25:13 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:48578 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725768AbfA3XZM (ORCPT ); Wed, 30 Jan 2019 18:25:12 -0500 Received: from pps.filterd (m0148461.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0ULw6ip018467; Wed, 30 Jan 2019 13:59:06 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=tn6hp/OiNsBApXNUTOM30u2uciHkKja686whsrGk8wg=; b=QHuHUAOj3AOIvR7XIwWLtNC921/p+X4/wuPdEu9Am5qtCSVhnGWzf4l+0Cb8eUP1iEzW EADA2eMrw4UWOzJoWmcZekWc6sx8tgqrMToJ/9vXgMZoIRMYf+0Wj6uGbHd5ukWbx6HV MpAOHD5qkIwYYllRwEW3I2oYWqXZDuBXFhY= Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2qbm08g26e-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 30 Jan 2019 13:59:06 -0800 Received: from frc-mbx05.TheFacebook.com (2620:10d:c0a1:f82::29) by frc-hub01.TheFacebook.com (2620:10d:c021:18::171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Wed, 30 Jan 2019 13:58:41 -0800 Received: from frc-hub06.TheFacebook.com (2620:10d:c021:18::176) by frc-mbx05.TheFacebook.com (2620:10d:c0a1:f82::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Wed, 30 Jan 2019 13:58:40 -0800 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3 via Frontend Transport; Wed, 30 Jan 2019 13:58:40 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tn6hp/OiNsBApXNUTOM30u2uciHkKja686whsrGk8wg=; b=GZsozjfTmbpcXsdRk1vvWQjpoQc112Uhb622HtbNNalY5tx60ykhMW49AnRuC8FT0ALUA86qxJFfHGccSK2unLN8zxCe2M5NL13cNmf1t9rJ/MBq7AHTP8Db5EKvCcmRZ5jMDCUV5sMfuNsuYcGjy/0vNfr30n1oT4K1GUQmu88= Received: from MWHPR15MB1134.namprd15.prod.outlook.com (10.175.2.12) by MWHPR15MB1695.namprd15.prod.outlook.com (10.175.142.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.17; Wed, 30 Jan 2019 21:58:24 +0000 Received: from MWHPR15MB1134.namprd15.prod.outlook.com ([fe80::93f:b6fe:a6e9:80dc]) by MWHPR15MB1134.namprd15.prod.outlook.com ([fe80::93f:b6fe:a6e9:80dc%8]) with mapi id 15.20.1580.017; Wed, 30 Jan 2019 21:58:24 +0000 From: Dave Watson To: "netdev@vger.kernel.org" , Dave Miller CC: Vakul Garg , Boris Pismenny , Aviad Yehezkel , John Fastabend , Daniel Borkmann Subject: [PATCH net-next v2 3/5] net: tls: Refactor control message handling on recv Thread-Topic: [PATCH net-next v2 3/5] net: tls: Refactor control message handling on recv Thread-Index: AQHUuObsv/EseIETC0aQNRd6FXmGnQ== Date: Wed, 30 Jan 2019 21:58:24 +0000 Message-ID: <20190130215822.xldijibk5uz3bwjw@davejwatson-mba.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: NeoMutt/20180716 x-clientproxiedby: CO2PR04CA0166.namprd04.prod.outlook.com (2603:10b6:104:4::20) To MWHPR15MB1134.namprd15.prod.outlook.com (2603:10b6:320:22::12) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2620:10d:c090:180::1:7423] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR15MB1695; 20:WIwv6cgbNjj0vUKYOhd6IGLMktm0PMBLCcaIi139nbhT8eQfDbb166ZZGiOdMp7r3nThfFO4gJ4YAnn6Ps5cG7sem5/jVLgrRj7f8/EVOYwWUREP4RvYticTbkA+UNeEV4vQ4dtTlmkEOECFm+gEMgVlcB6pl7nh+BYklA2X/b0= x-ms-office365-filtering-correlation-id: ab911ae8-625f-41b6-e2bb-08d686fe0e47 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1695; x-ms-traffictypediagnostic: MWHPR15MB1695: x-microsoft-antispam-prvs: x-forefront-prvs: 0933E9FD8D x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(39860400002)(376002)(136003)(346002)(189003)(199004)(386003)(2501003)(15650500001)(25786009)(68736007)(81156014)(6512007)(4326008)(1076003)(53936002)(33896004)(186003)(2906002)(52116002)(6486002)(256004)(14444005)(98436002)(6116002)(6506007)(102836004)(6436002)(39060400002)(7736002)(486006)(8676002)(14454004)(9686003)(105586002)(71200400001)(71190400001)(54906003)(316002)(476003)(86362001)(110136005)(58126008)(97736004)(81166006)(8936002)(305945005)(106356001)(99286004)(46003)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1695; H:MWHPR15MB1134.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: j/5ce5RXsaBo2WZxHkYxqDJSyTaEuJAxAyZHMUKonlo71XdgxY1mCJhkWvjYvKIpJh2UBsAhBQJZSTCEoPHbPgNx6FhSabpneOjn/g3+HLcc7RdqxPv/qcIcRdN9QGPfF+PmjcA4tiyg4dVm8SAsV/SrUcZUJUrok0lkmmM3C/udW4oXd2qXvUOyx06/nRU+SM3B84fRCS3kKcwf19j6FiZqI/WRtbh8f30vOwcb6wV6IQUWlNNowU7JyDdOBW8MSwhuG65ryHJHyhmkI7VRn8t2eWVLC+2fjc5OvCZGv4N/jTYdUrZytEzG5qcSpgXdH4P+Q8IFCo1PDrAXEWuEhVhDeHkj7Q/vIs5oGXAPBQO3mEdvju5qhu2YMjEGjUBc9s42pA94eqGPN5csPR7kV5qCzdkT2xXr1z6LpxsHzSY= Content-ID: MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: ab911ae8-625f-41b6-e2bb-08d686fe0e47 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jan 2019 21:58:23.8130 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1695 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-30_16:, , signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org For TLS 1.3, the control message is encrypted. Handle control message checks after decryption. Signed-off-by: Dave Watson --- net/tls/tls_sw.c | 88 ++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7b6386f4c685..34f3523f668e 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1421,16 +1421,15 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, return err; } + rxm->offset += tls_ctx->rx.prepend_size; + rxm->full_len -= tls_ctx->rx.overhead_size; + tls_advance_record_sn(sk, &tls_ctx->rx); + ctx->decrypted = true; + ctx->saved_data_ready(sk); } else { *zc = false; } - rxm->offset += tls_ctx->rx.prepend_size; - rxm->full_len -= tls_ctx->rx.overhead_size; - tls_advance_record_sn(sk, &tls_ctx->rx); - ctx->decrypted = true; - ctx->saved_data_ready(sk); - return err; } @@ -1609,6 +1608,25 @@ int tls_sw_recvmsg(struct sock *sk, rxm = strp_msg(skb); + to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size; + + if (to_decrypt <= len && !is_kvec && !is_peek && + ctx->control == TLS_RECORD_TYPE_DATA) + zc = true; + + err = decrypt_skb_update(sk, skb, &msg->msg_iter, + &chunk, &zc, ctx->async_capable); + if (err < 0 && err != -EINPROGRESS) { + tls_err_abort(sk, EBADMSG); + goto recv_end; + } + + if (err == -EINPROGRESS) { + async = true; + num_async++; + goto pick_next_record; + } + if (!cmsg) { int cerr; @@ -1626,40 +1644,22 @@ int tls_sw_recvmsg(struct sock *sk, goto recv_end; } - to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size; - - if (to_decrypt <= len && !is_kvec && !is_peek) - zc = true; - - err = decrypt_skb_update(sk, skb, &msg->msg_iter, - &chunk, &zc, ctx->async_capable); - if (err < 0 && err != -EINPROGRESS) { - tls_err_abort(sk, EBADMSG); - goto recv_end; - } - - if (err == -EINPROGRESS) { - async = true; - num_async++; - goto pick_next_record; - } else { - if (!zc) { - if (rxm->full_len > len) { - retain_skb = true; - chunk = len; - } else { - chunk = rxm->full_len; - } + if (!zc) { + if (rxm->full_len > len) { + retain_skb = true; + chunk = len; + } else { + chunk = rxm->full_len; + } - err = skb_copy_datagram_msg(skb, rxm->offset, - msg, chunk); - if (err < 0) - goto recv_end; + err = skb_copy_datagram_msg(skb, rxm->offset, + msg, chunk); + if (err < 0) + goto recv_end; - if (!is_peek) { - rxm->offset = rxm->offset + chunk; - rxm->full_len = rxm->full_len - chunk; - } + if (!is_peek) { + rxm->offset = rxm->offset + chunk; + rxm->full_len = rxm->full_len - chunk; } } @@ -1759,15 +1759,15 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos, if (!skb) goto splice_read_end; - /* splice does not support reading control messages */ - if (ctx->control != TLS_RECORD_TYPE_DATA) { - err = -ENOTSUPP; - goto splice_read_end; - } - if (!ctx->decrypted) { err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false); + /* splice does not support reading control messages */ + if (ctx->control != TLS_RECORD_TYPE_DATA) { + err = -ENOTSUPP; + goto splice_read_end; + } + if (err < 0) { tls_err_abort(sk, EBADMSG); goto splice_read_end;