On Thu, 14 Nov 2024 16:50:48 +0100 Sabrina Dubroca wrote:
+static int tls_check_pending_rekey(struct tls_context *ctx, struct sk_buff *skb) +{
- const struct tls_msg *tlm = tls_msg(skb);
- const struct strp_msg *rxm = strp_msg(skb);
- char hs_type;
- int err;
- if (likely(tlm->control != TLS_RECORD_TYPE_HANDSHAKE))
return 0;- if (rxm->full_len < 1)
return -EINVAL;- err = skb_copy_bits(skb, rxm->offset, &hs_type, 1);
- if (err < 0)
return err;- if (hs_type == TLS_HANDSHAKE_KEYUPDATE) {
struct tls_sw_context_rx *rx_ctx = ctx->priv_ctx_rx;WRITE_ONCE(rx_ctx->key_update_pending, true);- }
- return 0;
+}
static int tls_rx_one_record(struct sock *sk, struct msghdr *msg, struct tls_decrypt_arg *darg) { @@ -1739,6 +1769,10 @@ static int tls_rx_one_record(struct sock *sk, struct msghdr *msg, rxm->full_len -= prot->overhead_size; tls_advance_record_sn(sk, prot, &tls_ctx->rx);
- err = tls_check_pending_rekey(tls_ctx, darg->skb);
- if (err < 0)
return err;
Sorry if I already asked this, is this 100% safe to error out from here after we decrypted the record? Normally once we successfully decrypted and pulled the message header / trailer we always call tls_rx_rec_done()
The only reason the check_pending_rekey() can fail is if the message is mis-formatted, I wonder if we are better off ignoring mis-formatted rekeys? User space will see them and break the connection, anyway. Alternatively - we could add a selftest for this.