[net,0/5] tls: fix some issues with async encryption

Message ID	cover.1694018970.git.sd@queasysnail.net (mailing list archive)
Headers	show Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2899746A2 for <netdev@vger.kernel.org>; Wed, 6 Sep 2023 17:08:52 +0000 (UTC) From: Sabrina Dubroca <sd@queasysnail.net> To: netdev@vger.kernel.org Cc: Sabrina Dubroca <sd@queasysnail.net>, Dave Watson <davejwatson@fb.com>, Jakub Kicinski <kuba@kernel.org>, Vakul Garg <vakul.garg@nxp.com>, Boris Pismenny <borisp@nvidia.com>, John Fastabend <john.fastabend@gmail.com> Subject: [PATCH net 0/5] tls: fix some issues with async encryption Date: Wed, 6 Sep 2023 19:08:30 +0200 Message-Id: <cover.1694018970.git.sd@queasysnail.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	tls: fix some issues with async encryption \| expand [net,0/5] tls: fix some issues with async encryption [net,1/5] net: tls: handle -EBUSY on async encrypt/decrypt requests [net,2/5] tls: fix use-after-free with partial reads and async decrypt [net,3/5] tls: fix returned read length with async !zc decrypt [net,4/5] tls: fix race condition in async decryption of corrupted records [net,5/5] tls: don't decrypt the next record if it's of a different type

Message ID

cover.1694018970.git.sd@queasysnail.net (mailing list archive)

Headers

From: Sabrina Dubroca <sd@queasysnail.net>
To: netdev@vger.kernel.org
Cc: Sabrina Dubroca <sd@queasysnail.net>,
	Dave Watson <davejwatson@fb.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Vakul Garg <vakul.garg@nxp.com>,
	Boris Pismenny <borisp@nvidia.com>,
	John Fastabend <john.fastabend@gmail.com>
Subject: [PATCH net 0/5] tls: fix some issues with async encryption
Date: Wed,  6 Sep 2023 19:08:30 +0200
Message-Id: <cover.1694018970.git.sd@queasysnail.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

tls: fix some issues with async encryption | expand

Message

Sabrina Dubroca Sept. 6, 2023, 5:08 p.m. UTC

I've been playing with a few hacks in the crypto code (forcing async
crypto for every request, smaller cryptd queue), and that has revealed
some bugs while running the selftests.

With this setup and those patches applied, the bad_in_large_read test
case still fails. With all-async crypto, we don't know which record
threw the EBADMSG, so we can't keep the first couple of records that
were decrypted correctly. We have to throw away the whole batch.

Liu Jian has also found a bug with async crypto and wrapping record
numbers:
https://lore.kernel.org/netdev/20230906065237.2180187-1-liujian56@huawei.com/
It will get fixed separately and I'll submit a selftest for this case.

Sabrina Dubroca (5):
  net: tls: handle -EBUSY on async encrypt/decrypt requests
  tls: fix use-after-free with partial reads and async decrypt
  tls: fix returned read length with async !zc decrypt
  tls: fix race condition in async decryption of corrupted records
  tls: don't decrypt the next record if it's of a different type

 net/tls/tls_sw.c | 45 +++++++++++++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 10 deletions(-)