diff mbox series

[Openvpn-devel,3/3] Set DCO_NOT_INSTALLED also for keys not in the get_key_scan range

Message ID 20221213225430.1892940-3-arne@rfc2549.org
State Accepted
Headers show
Series [Openvpn-devel,1/3] Improve debug logging of DCO swap key message and Linux dco_new_peer | expand

Commit Message

Arne Schwabe Dec. 13, 2022, 10:54 p.m. UTC 
We have 6 key slots but normally only consider 3 of them to be
active/valid keys. Especially the secondary key of TM_LAME_DUCK can
in rare corner cases have a key that is still installed in the kernel.

While this should not cause any issues since I do not see way for this
key to become active ever again, it is better to keep the state correctly.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/dco.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

Comments

Antonio Quartulli Dec. 13, 2022, 11:06 p.m. UTC | #1 
Hi,

On 13/12/2022 23:54, Arne Schwabe wrote:
> We have 6 key slots but normally only consider 3 of them to be
> active/valid keys. Especially the secondary key of TM_LAME_DUCK can
> in rare corner cases have a key that is still installed in the kernel.
> 
> While this should not cause any issues since I do not see way for this
> key to become active ever again, it is better to keep the state correctly.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>

I am fine with this because it is just "safer".
But I truly dislike that we have to "Defend ourselves" from conditions 
which we don't even know when they may happen....
Still, this is a rant for another patch/cleanup.

This patch makes sense
Acked-by: Antonio Quartulli <a@unstable.cc>

> ---
>   src/openvpn/dco.c | 14 +++++++++-----
>   1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
> index 36bfbf10a..20196fe5d 100644
> --- a/src/openvpn/dco.c
> +++ b/src/openvpn/dco.c
> @@ -221,13 +221,17 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
>           multi->dco_keys_installed = 1;
>       }
>   
> -    /* all keys that are not installed are set to NOT installed */
> -    for (int i = 0; i < KEY_SCAN_SIZE; ++i)
> +    /* all keys that are not installed are set to NOT installed. Include also
> +     * keys that might even be considered as active keys to be sure*/
> +    for (int i = 0; i < TM_SIZE; ++i)
>       {
> -        struct key_state *ks = get_key_scan(multi, i);
> -        if (ks != primary && ks != secondary)
> +        for (int j = 0; j < KS_SIZE; j++)
>           {
> -            ks->dco_status = DCO_NOT_INSTALLED;
> +            struct key_state *ks = &multi->session[i].key[j];
> +            if (ks != primary && ks != secondary)
> +            {
> +                ks->dco_status = DCO_NOT_INSTALLED;
> +            }
>           }
>       }
>       return true;
Gert Doering Dec. 14, 2022, 8:12 a.m. UTC | #2 
I've done a quick read over ssl_common.h to be sure the indexes are
valid, and fed this to a light test run (client-side only, for the
start).  Looks good, passes.

I can see why Antonio grumbles, but then, ensuring stuff is in a really
well-known state if we suspect it might not always be is a valid line
of defense.

Your patch has been applied to the master and release/2.6 branch.

commit 4cf7409e82580f2890c391372d60ed713ba4650c (master)
commit 5c26918f482f21484527f4b065818863c459b226 (release/2.6)
Author: Arne Schwabe
Date:   Tue Dec 13 23:54:30 2022 +0100

     Set DCO_NOT_INSTALLED also for keys not in the get_key_scan range

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Antonio Quartulli <antonio@openvpn.net>
     Message-Id: <20221213225430.1892940-3-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25681.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 36bfbf10a..20196fe5d 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -221,13 +221,17 @@  dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
         multi->dco_keys_installed = 1;
     }
 
-    /* all keys that are not installed are set to NOT installed */
-    for (int i = 0; i < KEY_SCAN_SIZE; ++i)
+    /* all keys that are not installed are set to NOT installed. Include also
+     * keys that might even be considered as active keys to be sure*/
+    for (int i = 0; i < TM_SIZE; ++i)
     {
-        struct key_state *ks = get_key_scan(multi, i);
-        if (ks != primary && ks != secondary)
+        for (int j = 0; j < KS_SIZE; j++)
         {
-            ks->dco_status = DCO_NOT_INSTALLED;
+            struct key_state *ks = &multi->session[i].key[j];
+            if (ks != primary && ks != secondary)
+            {
+                ks->dco_status = DCO_NOT_INSTALLED;
+            }
         }
     }
     return true;