HomeFreeBSD

uipc_socket.c: Modify MSG_TLSAPPDATA to only do Alert Records

Description

uipc_socket.c: Modify MSG_TLSAPPDATA to only do Alert Records

Without this patch, the MSG_TLSAPPDATA flag would cause
soreceive_generic() to return ENXIO for any non-application
data record in a TLS receive stream.

This works ok for TLS1.2, since Alert records appear to be
the only non-application data records received.
However, for TLS1.3, there can be post-handshake handshake
records, such as NewSessionKey sent to the client from the
server. These handshake records cannot be handled by the
upcall which does an SSL_read() with length == 0.

It appears that the client can simply throw away these
NewSessionKey records, but to do so, it needs to receive
them within the kernel.

This patch modifies the semantics of MSG_TLSAPPDATA slightly,
so that it only applies to Alert records and not Handshake
records. It is needed to allow the krpc to work with KTLS1.3.

Reviewed by: hselasky
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35170

Details

Provenance
rmacklemAuthored on May 14 2022, 7:56 PM
Reviewer
hselasky
Differential Revision
D35170: Make MSG_TLSAPPDATA only apply to Alert records
Parents
rG6543fa5a5c47: dumpon: warn if the configured netdump link is down
Branches
Unknown
Tags
Unknown