Commit 8497ded2 authored Feb 09, 2019 by Vakul Garg Committed by David S. Miller Feb 09, 2019

net/tls: Disable async decrytion for tls1.3

Function tls_sw_recvmsg() dequeues multiple records from stream parser
and decrypts them. In case the decryption is done by async accelerator,
the records may get submitted for decryption while the previous ones may
not have been decryted yet. For tls1.3, the record type is known only
after decryption. Therefore, for tls1.3, tls_sw_recvmsg() may submit
records for decryption even if it gets 'handshake' records after 'data'
records. These intermediate 'handshake' records may do a key updation.
By the time new keys are given to ktls by userspace, it is possible that
ktls has already submitted some records i(which are encrypted with new
keys) for decryption using old keys. This would lead to decrypt failure.
Therefore, async decryption of records should be disabled for tls1.3.

Fixes: 130b392c ("net: tls: Add tls 1.3 support")
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 3b5e74e0

net/tls/tls_sw.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -2215,6 +2215,10 @@ int tls_set_sw_offload(struct sock sk, struct tls_context ctx, int tx)

		if (sw_ctx_rx) {
		tfm = crypto_aead_tfm(sw_ctx_rx->aead_recv);

		if (crypto_info->version == TLS_1_3_VERSION)
		sw_ctx_rx->async_capable = false;
		else
		sw_ctx_rx->async_capable =
		tfm->__crt_alg->cra_flags & CRYPTO_ALG_ASYNC;

Admin message