This is a note to let you know that I've just added the patch titled

tls: reset crypto_info when do_tls_setsockopt_tx fails

to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...

The filename of the patch is: tls-reset-crypto_info-when-do_tls_setsockopt_tx-fails.patch and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.

From foo@baz Sun Jan 28 17:35:08 CET 2018

From: Sabrina Dubroca sd@queasysnail.net Date: Tue, 16 Jan 2018 16:04:28 +0100 Subject: tls: reset crypto_info when do_tls_setsockopt_tx fails

From: Sabrina Dubroca sd@queasysnail.net

[ Upstream commit 6db959c82eb039a151d95a0f8b7dea643657327a ]

The current code copies directly from userspace to ctx->crypto_send, but doesn't always reinitialize it to 0 on failure. This causes any subsequent attempt to use this setsockopt to fail because of the TLS_CRYPTO_INFO_READY check, eventhough crypto_info is not actually ready.

This should result in a correctly set up socket after the 3rd call, but currently it does not:

size_t s = sizeof(struct tls12_crypto_info_aes_gcm_128); struct tls12_crypto_info_aes_gcm_128 crypto_good = { .info.version = TLS_1_2_VERSION, .info.cipher_type = TLS_CIPHER_AES_GCM_128, };

struct tls12_crypto_info_aes_gcm_128 crypto_bad_type = crypto_good; crypto_bad_type.info.cipher_type = 42;

setsockopt(sock, SOL_TLS, TLS_TX, &crypto_bad_type, s); setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s - 1); setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s);

Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Sabrina Dubroca sd@queasysnail.net Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/tls/tls_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -373,7 +373,7 @@ static int do_tls_setsockopt_tx(struct s case TLS_CIPHER_AES_GCM_128: { if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) { rc = -EINVAL; - goto out; + goto err_crypto_info; } rc = copy_from_user( crypto_info, @@ -388,7 +388,7 @@ static int do_tls_setsockopt_tx(struct s } default: rc = -EINVAL; - goto out; + goto err_crypto_info; }

ctx->sk_write_space = sk->sk_write_space;

Patches currently in stable-queue which might be from sd@queasysnail.net are

queue-4.14/tls-reset-crypto_info-when-do_tls_setsockopt_tx-fails.patch queue-4.14/tls-return-ebusy-if-crypto_info-is-already-set.patch queue-4.14/tls-fix-sw_ctx-leak.patch