On Wed, Aug 09, 2023 at 02:58:52PM +0200, Sabrina Dubroca wrote:
This adds the possibility to change the key and IV when using TLS1.3. Changing the cipher or TLS version is not supported.
Once we have updated the RX key, we can unblock the receive side. If the rekey fails, the context is unmodified and userspace is free to retry the update or close the socket.
This change only affects tls_sw, since 1.3 offload isn't supported.
v2:
- reverse xmas tree
- turn the alt_crypto_info into an else if
- don't modify the context when rekey fails
v3:
- only call tls_sw_strparser_arm when setting the initial RX key, not on rekeys
- update tls_sk_poll to not say the socket is readable when we're waiting for a rekey, and wake up poll() when the new key is installed
- use unsafe_memcpy to make FORTIFY_SOURCE happy
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
...
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
...
@@ -2873,14 +2911,24 @@ int tls_set_sw_offload(struct sock *sk, int tx) ctx->push_pending_record = tls_sw_push_pending_record;
- /* setkey is the last operation that could fail during a
* rekey. if it succeeds, we can start modifying the* context.*/- if (rc) {
if (new_crypto_info)goto out;elsegoto free_aead;- }
- if (rc)
goto free_aead;- rc = crypto_aead_setauthsize(*aead, prot->tag_size);
- if (rc)
goto free_aead;
- if (!new_crypto_info) {
rc = crypto_aead_setauthsize(*aead, prot->tag_size);if (rc) {goto free_aead;}
nit: no need for {} here.
- }
if (sw_ctx_rx) { tfm = crypto_aead_tfm(sw_ctx_rx->aead_recv);
...