Message ID | 20775fcfd0371422921ee60a42de170c0398ac10.1729244987.git.sd@queasysnail.net (mailing list archive) |
---|---|
State | Accepted |
Commit | 81bc949f640f78b507c7523de7c750bcc87c1bb8 |
Headers | show |
Series | [net-next] selftests: tls: add a selftest for wrapping rec_seq | expand |
On Fri, Oct 18, 2024 at 12:55:58PM +0200, Sabrina Dubroca wrote: > Set the initial rec_seq to 0xffffffffffffffff so that it wraps > immediately. The send() call should fail with EBADMSG. > > A bug in this code was fixed in commit cfaa80c91f6f ("net/tls: do not > free tls_rec on async operation in bpf_exec_tx_verdict()"). > > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Simon Horman <horms@kernel.org>
Hello: This patch was applied to netdev/net-next.git (main) by Paolo Abeni <pabeni@redhat.com>: On Fri, 18 Oct 2024 12:55:58 +0200 you wrote: > Set the initial rec_seq to 0xffffffffffffffff so that it wraps > immediately. The send() call should fail with EBADMSG. > > A bug in this code was fixed in commit cfaa80c91f6f ("net/tls: do not > free tls_rec on async operation in bpf_exec_tx_verdict()"). > > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> > > [...] Here is the summary with links: - [net-next] selftests: tls: add a selftest for wrapping rec_seq https://git.kernel.org/netdev/net-next/c/81bc949f640f You are awesome, thank you!
diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index f27a12d2a2c9..1a706d03bb6b 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -266,6 +266,25 @@ TEST_F(tls_basic, bad_cipher) EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); } +TEST_F(tls_basic, recseq_wrap) +{ + struct tls_crypto_info_keys tls12; + char const *test_str = "test_read"; + int send_len = 10; + + if (self->notls) + SKIP(return, "no TLS support"); + + tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12); + memset(&tls12.aes128.rec_seq, 0xff, sizeof(tls12.aes128.rec_seq)); + + ASSERT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); + ASSERT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); + + EXPECT_EQ(send(self->fd, test_str, send_len, 0), -1); + EXPECT_EQ(errno, EBADMSG); +} + FIXTURE(tls) { int fd, cfd;
Set the initial rec_seq to 0xffffffffffffffff so that it wraps immediately. The send() call should fail with EBADMSG. A bug in this code was fixed in commit cfaa80c91f6f ("net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()"). Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> --- tools/testing/selftests/net/tls.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)