From nobody Tue Oct 24 19:25:58 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFMVG2h1Dz4yPVk; Tue, 24 Oct 2023 19:25:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SFMVG295Bz4Nb4; Tue, 24 Oct 2023 19:25:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698175558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Wm8DYl8RP0S8pXMOPbeJpHxWziMc8xj2CJTCReIqDGQ=; b=QeLj71kkxCIEw21NDbtL1KH4EFCxph4r+s6swoQ57MNocgpWlTL5OOejPEBMlo7GOxJMhz Iv9Pawjufo9HnHSuJWKNGGhsX9dgaLoMR97mmPVcPAC9ivBiFxSEUrfxPe31Cy4vdvFkRo 8MdVRdGY8KEX2m/acdHfqLp7Vaod2gV0Zs4jKIk81zVvhI4CP5bqTzOIofWAEF+VQ/OXzk RHZYJrsiYrsOGROVUyTqSq5qEd0qPz6XA/GJA5q/VKtC5Ow+zFtkdVdX6Q6HjuUFkI/Jvq 3WQQc+f7NSa2R9ObQwwEAHGBfzdB7qUhEa83VIjpeu769Iy7RgHdGcKnNIoLTg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698175558; a=rsa-sha256; cv=none; b=F0zdJbfULMihfU0J/ftQg4+kltG7lK81lBFCxO7miTL+09TLTAhGuRANJeywm2NTlIMtUA ZbI5qY2aZVVJv4xTPjIJwwGiEQmd666eGQ/Aa6FiuJPx5mrPBydBT03yPSJV+FAZWSFsRt gw2BPdyygONuk3ONJb3eqhq1X4GxuTcLys0z8NeDMz/ps+HF6TP0JBpCNf6G9OEd1yju+X 4ZtOUpSCIlc5/K5g9nwuOqSDvVUwIT5eiIpCzXnb+1mA99KMh5gs+KJetKNeFqLxHTqDv1 7u1plg+tKdN1Wc+1OKHQffFQzR8nsW/GOD8VZie6deJ3K2Rf/U9BZ8eESU07wQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698175558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Wm8DYl8RP0S8pXMOPbeJpHxWziMc8xj2CJTCReIqDGQ=; b=o4kTgKARkRred1z73sbEo4go+kqSOuKt2G74iLmNymYLDcSxgLqg/ycMk3c5mvfv3eyOpL o5LKzn8njBJw8Ka6/PmMatZnmjPKejZtJurIEdBsxzbbusq4C1kT8oKdPPSxvcU0djchS7 eg8cDuNUlqFhBpHxGKm6hupHuC2ghnembTqBYiFxCpZUepL5T8s6IBBMBo8FVckdTyiEPs RBuTbMkD05jyAfmz5lGAZn2WXVS8nh6yDYNwd8t4FDc2nI1GgQW5u1wHO3Ek4susxh8eKU 8JDXOGB3lL5BBApyh4PEVmAzzA+pdjIfb6gP2vi89PXwvFdwAZoMx1BTweCrJA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SFMVG1F6tzb1f; Tue, 24 Oct 2023 19:25:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 39OJPwmt074442; Tue, 24 Oct 2023 19:25:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 39OJPw9Y074439; Tue, 24 Oct 2023 19:25:58 GMT (envelope-from git) Date: Tue, 24 Oct 2023 19:25:58 GMT Message-Id: <202310241925.39OJPw9Y074439@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 4d85e7386f77 - stable/14 - KTLS: Handle TLS 1.3 in ssl3_get_record. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 4d85e7386f7756c98f3e4ae1fb0037b56903510f Auto-Submitted: auto-generated The branch stable/14 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=4d85e7386f7756c98f3e4ae1fb0037b56903510f commit 4d85e7386f7756c98f3e4ae1fb0037b56903510f Author: Daiki Ueno AuthorDate: 2021-10-10 06:54:07 +0000 Commit: John Baldwin CommitDate: 2023-10-24 19:02:46 +0000 KTLS: Handle TLS 1.3 in ssl3_get_record. - Don't unpad records, check the outer record type, or extract the inner record type from TLS 1.3 records handled by the kernel. KTLS performs all of these steps and returns the inner record type in the TLS header. - When checking the length of a received TLS 1.3 record don't allow for the extra byte for the nested record type when KTLS is used. - Pass a pointer to the record type in the TLS header to the SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old pointer pointed to the last byte of payload rather than the record type. For the non-KTLS case, the TLS header has been updated with the inner type before this callback is invoked. Obtained from: OpenSSL commit a5fb9605329fb939abb536c1604d44a511741624) (cherry picked from commit c085ca5245797ae17fc69353bbdf7584acb2feaa) --- crypto/openssl/ssl/record/ssl3_record.c | 46 ++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c index 57915e1bd6e0..d6c0cf346723 100644 --- a/crypto/openssl/ssl/record/ssl3_record.c +++ b/crypto/openssl/ssl/record/ssl3_record.c @@ -366,7 +366,9 @@ int ssl3_get_record(SSL *s) } } - if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { + if (SSL_IS_TLS13(s) + && s->enc_read_ctx != NULL + && !using_ktls) { if (thisrr->type != SSL3_RT_APPLICATION_DATA && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC || !SSL_IS_FIRST_HANDSHAKE(s)) @@ -396,7 +398,13 @@ int ssl3_get_record(SSL *s) } if (SSL_IS_TLS13(s)) { - if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { + size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; + + /* KTLS strips the inner record type. */ + if (using_ktls) + len = SSL3_RT_MAX_ENCRYPTED_LENGTH; + + if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -689,21 +697,29 @@ int ssl3_get_record(SSL *s) if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL && thisrr->type != SSL3_RT_ALERT) { - size_t end; + /* + * The following logic are irrelevant in KTLS: the kernel provides + * unprotected record and thus record type represent the actual + * content type, and padding is already removed and thisrr->type and + * thisrr->length should have the correct values. + */ + if (!using_ktls) { + size_t end; - if (thisrr->length == 0 - || thisrr->type != SSL3_RT_APPLICATION_DATA) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); - goto end; - } + if (thisrr->length == 0 + || thisrr->type != SSL3_RT_APPLICATION_DATA) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); + goto end; + } - /* Strip trailing padding */ - for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; - end--) - continue; + /* Strip trailing padding */ + for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; + end--) + continue; - thisrr->length = end; - thisrr->type = thisrr->data[end]; + thisrr->length = end; + thisrr->type = thisrr->data[end]; + } if (thisrr->type != SSL3_RT_APPLICATION_DATA && thisrr->type != SSL3_RT_ALERT && thisrr->type != SSL3_RT_HANDSHAKE) { @@ -712,7 +728,7 @@ int ssl3_get_record(SSL *s) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, - &thisrr->data[end], 1, s, s->msg_callback_arg); + &thisrr->type, 1, s, s->msg_callback_arg); } /*