On 08/02/18 05:23 PM, Vakul Garg wrote:

quoted

I agree that Boris' patch does what you say it does - it sets keys immediately
after CCS instead of after FINISHED message.  I disagree that the kernel tls
implementation currently requires that specific ordering, nor do I think that it
should require that ordering.

The current kernel implementation assumes record sequence number to start from '0'.
If keys have to be set after FINISHED message, then record sequence number need to
be communicated from user space TLS stack to kernel. IIRC, sequence number is not 
part of the interface through which key is transferred.

The setsockopt call struct takes the key, iv, salt, and seqno:

struct tls12_crypto_info_aes_gcm_128 {
        struct tls_crypto_info info;
        unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
        unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
        unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
        unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};