On Sun, 15 Nov 2020 07:16:00 +0300 Vadim Fedorenko wrote:
> If tcp socket has more data than Encrypted Handshake Message then
> tls_sw_recvmsg will try to decrypt next record instead of returning
> full control message to userspace as mentioned in comment. The next
> message - usually Application Data - gets corrupted because it uses
> zero copy for decryption that's why the data is not stored in skb
> for next iteration. Revert check to not decrypt next record if
> current is not Application Data.
>
> Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple
> records")
> Signed-off-by: Vadim Fedorenko <vfedore...@novek.ru>
> ---
> net/tls/tls_sw.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index 95ab5545..2fe9e2c 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -1913,7 +1913,7 @@ int tls_sw_recvmsg(struct sock *sk,
> * another message type
> */
> msg->msg_flags |= MSG_EOR;
> - if (ctx->control != TLS_RECORD_TYPE_DATA)
> + if (control != TLS_RECORD_TYPE_DATA)
Sorry I wasn't clear enough, should this be:
if (ctx->control != control)
? Otherwise if we get a control record first and then data record
the code will collapse them, which isn't correct, right?
> goto recv_end;
> } else {
> break;
