system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 10:19:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

OpenSSL: KTLS: Handle TLS 1.3 in ssl3_get_record.

Browse source 
- Don't unpad records, check the outer record type, or extract the
  inner record type from TLS 1.3 records handled by the kernel.  KTLS
  performs all of these steps and returns the inner record type in the
  TLS header.

- When checking the length of a received TLS 1.3 record don't allow
  for the extra byte for the nested record type when KTLS is used.

- Pass a pointer to the record type in the TLS header to the
  SSL3_RT_INNER_CONTENT_TYPE message callback.  For KTLS, the old
  pointer pointed to the last byte of payload rather than the record
  type.  For the non-KTLS case, the TLS header has been updated with
  the inner type before this callback is invoked.

Approved by:	jkim
Obtained from:	OpenSSL commit a5fb9605329fb939abb536c1604d44a511741624
MFC after:	1 week
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D34975
This commit is contained in:
John Baldwin 2022-05-04 13:08:27 -07:00
parent 4f1f9c5502
commit c0f977bfb6
1 changed files with 33 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
crypto/openssl/ssl/record/ssl3_record.c
View file

@ -370,7 +370,9 @@ int ssl3_get_record(SSL *s)
}
}
if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
if (SSL_IS_TLS13(s)
&& s->enc_read_ctx != NULL
&& !using_ktls) {
if (thisrr->type != SSL3_RT_APPLICATION_DATA
&& (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
|| !SSL_IS_FIRST_HANDSHAKE(s))
@ -400,7 +402,13 @@ int ssl3_get_record(SSL *s)
}
if (SSL_IS_TLS13(s)) {
if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
/* KTLS strips the inner record type. */
if (using_ktls)
len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
if (thisrr->length > len) {
SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
return -1;
@ -739,22 +747,30 @@ int ssl3_get_record(SSL *s)
if (SSL_IS_TLS13(s)
&& s->enc_read_ctx != NULL
&& thisrr->type != SSL3_RT_ALERT) {
size_t end;
/*
* The following logic are irrelevant in KTLS: the kernel provides
* unprotected record and thus record type represent the actual
* content type, and padding is already removed and thisrr->type and
* thisrr->length should have the correct values.
*/
if (!using_ktls) {
size_t end;
if (thisrr->length == 0
|| thisrr->type != SSL3_RT_APPLICATION_DATA) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
SSL_R_BAD_RECORD_TYPE);
return -1;
if (thisrr->length == 0
|| thisrr->type != SSL3_RT_APPLICATION_DATA) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
return -1;
}
/* Strip trailing padding */
for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
end--)
continue;
thisrr->length = end;
thisrr->type = thisrr->data[end];
}
/* Strip trailing padding */
for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
end--)
continue;
thisrr->length = end;
thisrr->type = thisrr->data[end];
if (thisrr->type != SSL3_RT_APPLICATION_DATA
&& thisrr->type != SSL3_RT_ALERT
&& thisrr->type != SSL3_RT_HANDSHAKE) {
@ -764,7 +780,7 @@ int ssl3_get_record(SSL *s)
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
&thisrr->data[end], 1, s, s->msg_callback_arg);
&thisrr->type, 1, s, s->msg_callback_arg);
}
/*