From nobody Sat May 14 00:10:01 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5043F1AE339F; Sat, 14 May 2022 00:10:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L0Qr96hDwz4SdR; Sat, 14 May 2022 00:10:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652487002; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4HaMMQEMhKyRupswYjYD+mGp7UKx6iEWiVtlo8cOQf0=; b=Aq5mNSVCsmGp1WarJeBPgE1dFCNzU8j8EIYWNoZdIOgHsvoB8tirMlUeWB8DrCm8Yktneg FI62rpi+kpMjp4DndXolQBkrgEsZFmM3xnvRsu/cUPp5FjOMFBQrrHgq2oiJlmrL9WotKy Kh3iy85OjWvffDBTsAtaDIaYf0zsinqGF3LxUHXkocS0iXsmueFQeCO7e9TzkQXT1HD7Ld YaqLluAlvgE9ej7FFZqM1ZApBL6rp46QABp9itzi1mPZ2l6S3tWfVM3RhkTu3sgGRRrPWh O2AqdXQ3TKu4f5ocPFP6iSMccqV29C0NQTydEDeMg5KgL7AZN+QQLWfUQUQKIA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BBD184CA5; Sat, 14 May 2022 00:10:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24E0A1Q7075485; Sat, 14 May 2022 00:10:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24E0A14C075483; Sat, 14 May 2022 00:10:01 GMT (envelope-from git) Date: Sat, 14 May 2022 00:10:01 GMT Message-Id: <202205140010.24E0A14C075483@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 44aacbc98185 - stable/13 - OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 44aacbc981851b319cad8485b0f9a9d09403a724 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652487002; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4HaMMQEMhKyRupswYjYD+mGp7UKx6iEWiVtlo8cOQf0=; b=B1bq0puDbZPHBJYt/aR/afQtK5Deq0SSA2gjJoo/cF5J4Gyk0p7SOrLd6hSd1INnfXbg8P HDk5n/gyRWeTeEXyazc/TSJlLrmJLCApmPs2hwGigRRUdig2+txY61oxPwpy7UcGNFK75d LxYy9dDEMYQwZWD8fZo8t1a1Nfi3T7GuUd1QIMB0wZLloNAM8wgAua48Ca/I4kNP3GbNz/ IC/KPYwiZmEjgRziQL0DIR02QF6UOvKDPILxZ0pSs/MX6x2dOJpIoQfS47IEaCo+4OkAjZ sAv8Gb/jCwld/+wHcxsZ59d/FAk4gy2VK+j2hLJHp/yEVkuEXZs0ixoGjmLJAg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1652487002; a=rsa-sha256; cv=none; b=XY62W+yJGb744UvytpGwZNY0hEntZIxuTdNPbJoDUECJxjre4MQE8AEBnYcJ5eVXCptoVF sknXgTKnicgTekD3ncoD6cAujoyCWOLEusbJAqdz6csNuS+WuqzR9s1adEzuHM4LhndGVz ndkP+OhE6X2BDnWwPn83+Qj/H5Rg/zEPYmeaw/tyoDxR2+Ag4xYBQw1EgrIK8QnLuNp3OQ xAQ7atMaOzT9AW66eA/OxI8jXopO1oGYTQTF7LpBstfIDiDLDcee3pEs736ugK3AY9rdd9 UoI+62QqiQ6D+CVl7k3SVLdJRMNO0JMT87Sl+1s72OCV0wcuddhvGiMbG+iK5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=44aacbc981851b319cad8485b0f9a9d09403a724 commit 44aacbc981851b319cad8485b0f9a9d09403a724 Author: John Baldwin AuthorDate: 2022-05-04 20:08:27 +0000 Commit: John Baldwin CommitDate: 2022-05-13 23:51:26 +0000 OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record. - Don't unpad records, check the outer record type, or extract the inner record type from TLS 1.3 records handled by the kernel. KTLS performs all of these steps and returns the inner record type in the TLS header. - When checking the length of a received TLS 1.3 record don't allow for the extra byte for the nested record type when KTLS is used. - Pass a pointer to the record type in the TLS header to the SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old pointer pointed to the last byte of payload rather than the record type. For the non-KTLS case, the TLS header has been updated with the inner type before this callback is invoked. Approved by: jkim Obtained from: OpenSSL commit a5fb9605329fb939abb536c1604d44a511741624 MFC after: 1 week Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D34975 (cherry picked from commit c0f977bfb6d9853fd6f762444310c23d8d7ec252) --- crypto/openssl/ssl/record/ssl3_record.c | 48 ++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c index 5fa481de9dbe..da549995e070 100644 --- a/crypto/openssl/ssl/record/ssl3_record.c +++ b/crypto/openssl/ssl/record/ssl3_record.c @@ -370,7 +370,9 @@ int ssl3_get_record(SSL *s) } } - if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { + if (SSL_IS_TLS13(s) + && s->enc_read_ctx != NULL + && !using_ktls) { if (thisrr->type != SSL3_RT_APPLICATION_DATA && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC || !SSL_IS_FIRST_HANDSHAKE(s)) @@ -400,7 +402,13 @@ int ssl3_get_record(SSL *s) } if (SSL_IS_TLS13(s)) { - if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { + size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; + + /* KTLS strips the inner record type. */ + if (using_ktls) + len = SSL3_RT_MAX_ENCRYPTED_LENGTH; + + if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -739,22 +747,30 @@ int ssl3_get_record(SSL *s) if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL && thisrr->type != SSL3_RT_ALERT) { - size_t end; + /* + * The following logic are irrelevant in KTLS: the kernel provides + * unprotected record and thus record type represent the actual + * content type, and padding is already removed and thisrr->type and + * thisrr->length should have the correct values. + */ + if (!using_ktls) { + size_t end; - if (thisrr->length == 0 - || thisrr->type != SSL3_RT_APPLICATION_DATA) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, - SSL_R_BAD_RECORD_TYPE); - return -1; - } + if (thisrr->length == 0 + || thisrr->type != SSL3_RT_APPLICATION_DATA) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE); + return -1; + } - /* Strip trailing padding */ - for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; - end--) - continue; + /* Strip trailing padding */ + for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; + end--) + continue; - thisrr->length = end; - thisrr->type = thisrr->data[end]; + thisrr->length = end; + thisrr->type = thisrr->data[end]; + } if (thisrr->type != SSL3_RT_APPLICATION_DATA && thisrr->type != SSL3_RT_ALERT && thisrr->type != SSL3_RT_HANDSHAKE) { @@ -764,7 +780,7 @@ int ssl3_get_record(SSL *s) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, - &thisrr->data[end], 1, s, s->msg_callback_arg); + &thisrr->type, 1, s, s->msg_callback_arg); } /*