Index: sys/kern/kern_sendfile.c =================================================================== --- sys/kern/kern_sendfile.c +++ sys/kern/kern_sendfile.c @@ -1157,8 +1157,12 @@ CURVNET_SET(so->so_vnet); #ifdef KERN_TLS - if (tls != NULL) - ktls_frame(m, tls, &tls_enq_cnt, TLS_RLTYPE_APP); + if (tls != NULL) { + error = ktls_frame(m, tls, &tls_enq_cnt, + TLS_RLTYPE_APP); + KASSERT(error == 0, + ("%s: ktls_frame returned %d", __func__, error)); + } #endif if (nios == 0) { /* Index: sys/kern/uipc_ktls.c =================================================================== --- sys/kern/uipc_ktls.c +++ sys/kern/uipc_ktls.c @@ -1674,7 +1674,7 @@ * special case of empty fragments for TLS 1.0 sessions, an empty * fragment counts as one page. */ -void +int ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt, uint8_t record_type) { @@ -1691,12 +1691,14 @@ * All mbufs in the chain should be TLS records whose * payload does not exceed the maximum frame length. * - * Empty TLS records are permitted when using CBC. + * Empty TLS 1.0 records are permitted when using CBC. */ - KASSERT(m->m_len <= maxlen && - (tls->params.cipher_algorithm == CRYPTO_AES_CBC ? - m->m_len >= 0 : m->m_len > 0), - ("ktls_frame: m %p len %d\n", m, m->m_len)); + KASSERT(m->m_len >= 0, + ("ktls_frame: m %p len %d", m, m->m_len)); + if (__predict_false(m->m_len > maxlen || (m->m_len == 0 && + (tls->params.cipher_algorithm != CRYPTO_AES_CBC || + tls->params.tls_vminor != TLS_MINOR_VER_ZERO)))) + return (EINVAL); /* * TLS frames require unmapped mbufs to store session @@ -1795,6 +1797,7 @@ *enq_cnt += m->m_epg_nrdy; } } + return (0); } void Index: sys/kern/uipc_socket.c =================================================================== --- sys/kern/uipc_socket.c +++ sys/kern/uipc_socket.c @@ -1740,8 +1740,10 @@ top->m_flags |= M_EOR; #ifdef KERN_TLS if (tls != NULL) { - ktls_frame(top, tls, &tls_enq_cnt, - tls_rtype); + error = ktls_frame(top, tls, + &tls_enq_cnt, tls_rtype); + if (error != 0) + goto release; tls_rtype = TLS_RLTYPE_APP; } #endif @@ -1761,8 +1763,10 @@ M_EXTPG | ((flags & MSG_EOR) ? M_EOR : 0)); if (top != NULL) { - ktls_frame(top, tls, + error = ktls_frame(top, tls, &tls_enq_cnt, tls_rtype); + if (error != 0) + goto release; } tls_rtype = TLS_RLTYPE_APP; } else Index: sys/sys/ktls.h =================================================================== --- sys/sys/ktls.h +++ sys/sys/ktls.h @@ -211,7 +211,7 @@ int ktls_enable_rx(struct socket *so, struct tls_enable *en); int ktls_enable_tx(struct socket *so, struct tls_enable *en); void ktls_destroy(struct ktls_session *tls); -void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, +int ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, uint8_t record_type); void ktls_seq(struct sockbuf *sb, struct mbuf *m); void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count); Index: tests/sys/kern/ktls_test.c =================================================================== --- tests/sys/kern/ktls_test.c +++ tests/sys/kern/ktls_test.c @@ -1105,9 +1105,19 @@ fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); - /* A write of zero bytes should send an empty fragment. */ + /* + * A write of zero bytes should send an empty fragment only for + * TLS 1.0, otherwise an error should be raised. + */ rv = write(sockets[1], NULL, 0); - ATF_REQUIRE(rv == 0); + if (rv == 0) { + ATF_REQUIRE(en->cipher_algorithm == CRYPTO_AES_CBC); + ATF_REQUIRE(en->tls_vminor == TLS_MINOR_VER_ZERO); + } else { + ATF_REQUIRE(rv == -1); + ATF_REQUIRE(errno == EINVAL); + return; + } /* * First read the header to determine how much additional data @@ -1369,7 +1379,7 @@ ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_##name); #define GEN_TRANSMIT_EMPTY_FRAGMENT_TEST(cipher_name, cipher_alg, \ - key_size, auth_alg) \ + key_size, auth_alg, minor) \ ATF_TC_WITHOUT_HEAD(ktls_transmit_##cipher_name##_empty_fragment); \ ATF_TC_BODY(ktls_transmit_##cipher_name##_empty_fragment, tc) \ { \ @@ -1378,14 +1388,14 @@ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, \ - TLS_MINOR_VER_ZERO, seqno, &en); \ + build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ + &en); \ test_ktls_transmit_empty_fragment(&en, seqno); \ free_tls_enable(&en); \ } #define ADD_TRANSMIT_EMPTY_FRAGMENT_TEST(cipher_name, cipher_alg, \ - key_size, auth_alg) \ + key_size, auth_alg, minor) \ ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_empty_fragment); #define GEN_TRANSMIT_TESTS(cipher_name, cipher_alg, key_size, auth_alg, \ @@ -1506,7 +1516,9 @@ * Test "empty fragments" which are TLS records with no payload that * OpenSSL can send for TLS 1.0 connections. */ -TLS_10_TESTS(GEN_TRANSMIT_EMPTY_FRAGMENT_TEST); +AES_CBC_TESTS(GEN_TRANSMIT_EMPTY_FRAGMENT_TEST); +AES_GCM_TESTS(GEN_TRANSMIT_EMPTY_FRAGMENT_TEST); +CHACHA20_TESTS(GEN_TRANSMIT_EMPTY_FRAGMENT_TEST); static void test_ktls_invalid_transmit_cipher_suite(struct tls_enable *en) @@ -1768,7 +1780,9 @@ AES_GCM_TESTS(ADD_TRANSMIT_TESTS); CHACHA20_TESTS(ADD_TRANSMIT_TESTS); AES_CBC_TESTS(ADD_TRANSMIT_PADDING_TESTS); - TLS_10_TESTS(ADD_TRANSMIT_EMPTY_FRAGMENT_TEST); + AES_CBC_TESTS(ADD_TRANSMIT_EMPTY_FRAGMENT_TEST); + AES_GCM_TESTS(ADD_TRANSMIT_EMPTY_FRAGMENT_TEST); + CHACHA20_TESTS(ADD_TRANSMIT_EMPTY_FRAGMENT_TEST); INVALID_CIPHER_SUITES(ADD_INVALID_TRANSMIT_TEST); /* Receive tests */