Permit sending empty fragments for TLS 1.0.
ClosedPublic
Actions

Authored by jhb on Oct 9 2020, 11:53 PM.

Details

Reviewers

Commits

rS366674: Permit sending empty fragments for TLS 1.0.

Summary

Due to a weakness in the TLS 1.0 protocol, OpenSSL will periodically
send empty TLS records ("empty fragments"). These TLS records have
no payload (and thus a page count of zero). m_uiotombuf_nomap() was
returning NULL instead of an empty mbuf, and a few places needed to be
updated to treat an empty TLS record as having a page count of "1" as
0 means "no work to do" (e.g. nothing to encrypt, or nothing to mark
ready via sbready()).

Test Plan

openssl s_time -tls1 -cipher 'AES256-SHA@SECLEVEL=0' on client
openssl s_server -WWW -tls1 -cipher 'AES256-SHA@SECLEVEL=0' on server
verified with wireshark that "empty" TLSv1.0 fragments (length of 32 for this ciphersuite) were mixed in with regular app data frames

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb requested review of this revision.Oct 9 2020, 11:53 PM

jhb created this revision.

Harbormaster completed remote builds in B34079: Diff 78071.Oct 9 2020, 11:53 PM

Note that this does depend on an OpenSSL change to handle empty fragments correctly for KTLS (with stock OpenSSL without this patch, the write() of zero bytes failed with EFAULT and killed the connection. With stock OpenSSL and this patch, OpenSSL thinks the successful zero-byte write() is an error and still kills the connection).

OpenSSL change in review here: https://github.com/openssl/openssl/pull/13090

jhb added a child revision: D26730: Add support to the KTLS OCF module for AES-CBC MTE ciphersuites..Oct 9 2020, 11:57 PM

jhb added a subscriber: glebius.

Can we add some __predict_false() to aid the compiler (and the reader) to know these are rare?