From nobody Tue Oct 24 19:25:56 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFMVF2BVyz4yPnC; Tue, 24 Oct 2023 19:25:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SFMVF19K8z4NGV; Tue, 24 Oct 2023 19:25:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698175557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aYr5OfLBDPBKm9122w1sObMh66qqslWrEBUqfIjS/bY=; b=uQk0UsSd/W6Kq7YsI/twCS3aHrcS3BhUgnaKtZVDCKeSALhRCFo5q5/kjWR9+LcUm8+lQN 3ipoKg1N1dFvhTZWdukKvzl3Ae8LKESGk6Zk995gIF5UNpJwbx6mWAXJh+YRTibKTXDpNr xJaDedJYZ1FEt+9QXOHTVfljgKH66hv+5Vm4aWPOMoKonT6OB7+8yT+I476m8Ed/lkGaqF LtK7SVB/BXOHkibKUERa5yh0MuHViEd3xnFkySkXMPA8vl1na6lM2iJH12C4erUgx7aPRk DOu20NA2WjMI9ICLpkuxi1sj7SrdgWLPMFlg7Ximsb28RSFJ9WVJ0Vc/g2K07A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698175557; a=rsa-sha256; cv=none; b=Ao9dTtedRQTjOUlQ9uHRXy1ZMCr1YHJIm78iM5oFgQFXVsu6eSDlWvUA1GcKU2XZ+BdlR4 Flbu3KHOW35/ZdOtM+Kg5fbG8viHRaYvd6FEMkMkhclnRWRSu34a2w5DJ1Pg34kuQJJjTH srrYzEjFYePG8foER1xNWpaAsNALN0bVsrp+1yhCA2yW61paqs2ENjQEiviq2MGHmNmQK9 4UkpeWhm7eS6Z2qE+/q8xWxX5uBHO4ztsLX2YjfyyEe/c+DtTeIfrUdP/uOENNb+3804eZ lHF686lXFDDfaU9RKxEmrbMZk93ISFI4HpEHehns5u2SN6NYrvaa8BgXejILgQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698175557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aYr5OfLBDPBKm9122w1sObMh66qqslWrEBUqfIjS/bY=; b=G9HSDKDth44ykY5G+Ek2LrISJ1SyZtamCpGTz+n+19Y3+TRQJuRq4Vmxudh6wf9Q/HaCF/ LtlEZsKW6njAAgUbZsUDrtBKQ9Meb11K2FHw0Oxr1P5A+Ms99YA0vE0ZdlQ4awaagnxIE7 yi1IcVLU5Asdlb25ZhdfL+Z6btcRMhZMJw3y9YjdMCmUp79r6nXNSfzLDh+g9wz1OFyBjY L0YGRu3VhEGcMr0POfDKtXK38FhcKAbHHEN1GRhmKtluJXvTJguVv1QXuXcWGOPLu+LRj1 FVeCCWFvAFWraF77ro0PZQsbLi7P3g0KGQJ/pLF2lOtBl6yM/m2rLcXv8ARBKg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SFMVF0GVrzb5t; Tue, 24 Oct 2023 19:25:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 39OJPuVY074329; Tue, 24 Oct 2023 19:25:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 39OJPusj074326; Tue, 24 Oct 2023 19:25:56 GMT (envelope-from git) Date: Tue, 24 Oct 2023 19:25:56 GMT Message-Id: <202310241925.39OJPusj074326@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 65e292cdf155 - stable/14 - KTLS: Add using_ktls helper variable in ssl3_get_record(). List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 65e292cdf15539472ffe3ecf561951d08fa2a76d Auto-Submitted: auto-generated The branch stable/14 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=65e292cdf15539472ffe3ecf561951d08fa2a76d commit 65e292cdf15539472ffe3ecf561951d08fa2a76d Author: John Baldwin AuthorDate: 2022-03-08 00:55:18 +0000 Commit: John Baldwin CommitDate: 2023-10-24 19:02:36 +0000 KTLS: Add using_ktls helper variable in ssl3_get_record(). When KTLS receive is enabled, pending data may still be present due to read ahead. This data must still be processed the same as records received without KTLS. To ease readability (especially in consideration of additional checks which will be added for TLS 1.3), add a helper variable 'using_ktls' that is true when the KTLS receive path is being used to receive a record. Obtained from: OpenSSL commit 031132c297e54cbc20404a0bf8de6ed863196399 (cherry picked from commit 0fc28f22d5b6a75d8a0449262a05cefe1040f982) --- crypto/openssl/ssl/record/ssl3_record.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c index 3c0b1323a459..57915e1bd6e0 100644 --- a/crypto/openssl/ssl/record/ssl3_record.c +++ b/crypto/openssl/ssl/record/ssl3_record.c @@ -185,18 +185,23 @@ int ssl3_get_record(SSL *s) int imac_size; size_t num_recs = 0, max_recs, j; PACKET pkt, sslv2pkt; - int is_ktls_left; + int using_ktls; SSL_MAC_BUF *macbufs = NULL; int ret = -1; rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); - is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); max_recs = s->max_pipelines; if (max_recs == 0) max_recs = 1; sess = s->session; + /* + * KTLS reads full records. If there is any data left, + * then it is from before enabling ktls. + */ + using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0; + do { thisrr = &rr[num_recs]; @@ -409,7 +414,7 @@ int ssl3_get_record(SSL *s) #endif /* KTLS may use all of the buffer */ - if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) + if (using_ktls) len = SSL3_BUFFER_get_left(rbuf); if (thisrr->length > len) { @@ -518,11 +523,7 @@ int ssl3_get_record(SSL *s) return 1; } - /* - * KTLS reads full records. If there is any data left, - * then it is from before enabling ktls - */ - if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) + if (using_ktls) goto skip_decryption; if (s->read_hash != NULL) { @@ -734,8 +735,7 @@ int ssl3_get_record(SSL *s) * Therefore we have to rely on KTLS to check the plaintext length * limit in the kernel. */ - if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH - && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { + if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !using_ktls) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; }