From nobody Wed May 04 20:33:57 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A82BD1AB4E68; Wed, 4 May 2022 20:33:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KtpT20xgGz3nnn; Wed, 4 May 2022 20:33:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651696438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2gCQzyFl3CXQl4Wa6XAegPBJitpo+tfaCTqT+KZ6wi0=; b=cOvYx7KhgE56S5neWbILet8b7H6JbzwVEZquV6u6EPttKosm5m1wkImg4/umnaR2YQ1LGL iJyMwQbL1IyaCLEBQbeTe28o8opvKArAoVIhXHF3duqmt5HsQ9tniJoq4Og7j3hFKsmoqD j08dfOwu5LpuHA8Sx70kIgFtx3IRwmmYHlDznERtfih2zryz2M8FIIv4gtCyzHVc1Oenlk P7hy8VFlHQDsQMloaZIOUoPWd0tykJ7Sok6EaXa2rh+nUUToB4TqyNrRw0y2cfJEE86/U8 N6hq4HtAQHCtYGdGZWBRZnGNc4mUiEiEZgAkNdiGXR/EJBXcavy5RALdGVXSIQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C5D3019F27; Wed, 4 May 2022 20:33:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 244KXvuL053146; Wed, 4 May 2022 20:33:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 244KXvNi053145; Wed, 4 May 2022 20:33:57 GMT (envelope-from git) Date: Wed, 4 May 2022 20:33:57 GMT Message-Id: <202205042033.244KXvNi053145@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: c0f977bfb6d9 - main - OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c0f977bfb6d9853fd6f762444310c23d8d7ec252 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651696438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2gCQzyFl3CXQl4Wa6XAegPBJitpo+tfaCTqT+KZ6wi0=; b=cinX5jpidrdUuqxAY3Bjp4C5yRYU0ckwIFbEAXuyL8I2VGgpdSF7xnI93d1OKQ2ydjbTgz 44We+0AWFfyyQ+l4MX1gbdWSuo5pjkT8otOI0qlY6v4wx2dY1yXeIV6ckYvcTlSQ5KiT5i RQRn5TTWEdzol4NePjUSU4a81qBIt9fhflKaUPHEbhKbvxI2V2/RU1wkqVBZp2wU3QYv+f +saHbcYSf3VdaPqSVcaY+i6+IjGcOZ+P9K3jP4vRgqTryHpEO+ViDhZQeU4yjBe5BpsRRN +mqajWEz8ERZKDUak7xhNu8BKmJfhrUu0nnRofXvbIlwLQGWOMuzdlzKiLA39g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651696438; a=rsa-sha256; cv=none; b=IFhmCzyDqM9RvDisFt3eGJwYYJ9TWr7kOIk08fimuuAYhHfz43B82hG6+Mi4AUjmmHcZ8l GcVgxUIXjCkk9bZyBjKyHXvdLaIbTqJB5Ug3ucMb3qLAJ8LiEsI2EJVT9JrEpfDcM1O4Js AJL+OPq2ZalTnlyP68Fr5osQmAEoa8BIdelzyauR21uTs6LV632AVkJJuIGxdHwyyAZSTi bh7R/V/SvVEEIDRxlkeHaG1I1ok6BnVcsxbnDRRFsS2Oq9rhh9XE+u/1+xHp4s4LAOpxr2 yjY8MO05IyajuZ+nA6kVEYvHP1GN7U+uN9FDk5PKk7VIy4h5XKoahjx6PqFs0g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=c0f977bfb6d9853fd6f762444310c23d8d7ec252 commit c0f977bfb6d9853fd6f762444310c23d8d7ec252 Author: John Baldwin AuthorDate: 2022-05-04 20:08:27 +0000 Commit: John Baldwin CommitDate: 2022-05-04 20:08:27 +0000 OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record. - Don't unpad records, check the outer record type, or extract the inner record type from TLS 1.3 records handled by the kernel. KTLS performs all of these steps and returns the inner record type in the TLS header. - When checking the length of a received TLS 1.3 record don't allow for the extra byte for the nested record type when KTLS is used. - Pass a pointer to the record type in the TLS header to the SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old pointer pointed to the last byte of payload rather than the record type. For the non-KTLS case, the TLS header has been updated with the inner type before this callback is invoked. Approved by: jkim Obtained from: OpenSSL commit a5fb9605329fb939abb536c1604d44a511741624 MFC after: 1 week Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D34975 --- crypto/openssl/ssl/record/ssl3_record.c | 48 ++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c index 5fa481de9dbe..da549995e070 100644 --- a/crypto/openssl/ssl/record/ssl3_record.c +++ b/crypto/openssl/ssl/record/ssl3_record.c @@ -370,7 +370,9 @@ int ssl3_get_record(SSL *s) } } - if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { + if (SSL_IS_TLS13(s) + && s->enc_read_ctx != NULL + && !using_ktls) { if (thisrr->type != SSL3_RT_APPLICATION_DATA && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC || !SSL_IS_FIRST_HANDSHAKE(s)) @@ -400,7 +402,13 @@ int ssl3_get_record(SSL *s) } if (SSL_IS_TLS13(s)) { - if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { + size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; + + /* KTLS strips the inner record type. */ + if (using_ktls) + len = SSL3_RT_MAX_ENCRYPTED_LENGTH; + + if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -739,22 +747,30 @@ int ssl3_get_record(SSL *s) if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL && thisrr->type != SSL3_RT_ALERT) { - size_t end; + /* + * The following logic are irrelevant in KTLS: the kernel provides + * unprotected record and thus record type represent the actual + * content type, and padding is already removed and thisrr->type and + * thisrr->length should have the correct values. + */ + if (!using_ktls) { + size_t end; - if (thisrr->length == 0 - || thisrr->type != SSL3_RT_APPLICATION_DATA) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, - SSL_R_BAD_RECORD_TYPE); - return -1; - } + if (thisrr->length == 0 + || thisrr->type != SSL3_RT_APPLICATION_DATA) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE); + return -1; + } - /* Strip trailing padding */ - for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; - end--) - continue; + /* Strip trailing padding */ + for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; + end--) + continue; - thisrr->length = end; - thisrr->type = thisrr->data[end]; + thisrr->length = end; + thisrr->type = thisrr->data[end]; + } if (thisrr->type != SSL3_RT_APPLICATION_DATA && thisrr->type != SSL3_RT_ALERT && thisrr->type != SSL3_RT_HANDSHAKE) { @@ -764,7 +780,7 @@ int ssl3_get_record(SSL *s) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, - &thisrr->data[end], 1, s, s->msg_callback_arg); + &thisrr->type, 1, s, s->msg_callback_arg); } /*