Skip to content

Commit dafb67f

Browse files
Boris Pismennydavem330
Boris Pismenny
authored and
davem330
committed
tls: Split decrypt_skb to two functions
Previously, decrypt_skb also updated the TLS context. Now, decrypt_skb only decrypts the payload using the current context, while decrypt_skb_update also updates the state. Later, in the tls_device Rx flow, we will use decrypt_skb directly. Signed-off-by: Boris Pismenny <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent d80a1b9 commit dafb67f

File tree

2 files changed

+28
-18
lines changed

2 files changed

+28
-18
lines changed

include/net/tls.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -390,6 +390,8 @@ int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg,
390390
unsigned char *record_type);
391391
void tls_register_device(struct tls_device *device);
392392
void tls_unregister_device(struct tls_device *device);
393+
int decrypt_skb(struct sock *sk, struct sk_buff *skb,
394+
struct scatterlist *sgout);
393395

394396
struct sk_buff *tls_validate_xmit_skb(struct sock *sk,
395397
struct net_device *dev,

net/tls/tls_sw.c

Lines changed: 26 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,6 @@ static int tls_do_decryption(struct sock *sk,
5353
{
5454
struct tls_context *tls_ctx = tls_get_ctx(sk);
5555
struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
56-
struct strp_msg *rxm = strp_msg(skb);
5756
struct aead_request *aead_req;
5857

5958
int ret;
@@ -71,18 +70,6 @@ static int tls_do_decryption(struct sock *sk,
7170

7271
ret = crypto_wait_req(crypto_aead_decrypt(aead_req), &ctx->async_wait);
7372

74-
if (ret < 0)
75-
goto out;
76-
77-
rxm->offset += tls_ctx->rx.prepend_size;
78-
rxm->full_len -= tls_ctx->rx.overhead_size;
79-
tls_advance_record_sn(sk, &tls_ctx->rx);
80-
81-
ctx->decrypted = true;
82-
83-
ctx->saved_data_ready(sk);
84-
85-
out:
8673
aead_request_free(aead_req);
8774
return ret;
8875
}
@@ -666,8 +653,29 @@ static struct sk_buff *tls_wait_data(struct sock *sk, int flags,
666653
return skb;
667654
}
668655

669-
static int decrypt_skb(struct sock *sk, struct sk_buff *skb,
670-
struct scatterlist *sgout)
656+
static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
657+
struct scatterlist *sgout)
658+
{
659+
struct tls_context *tls_ctx = tls_get_ctx(sk);
660+
struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
661+
struct strp_msg *rxm = strp_msg(skb);
662+
int err = 0;
663+
664+
err = decrypt_skb(sk, skb, sgout);
665+
if (err < 0)
666+
return err;
667+
668+
rxm->offset += tls_ctx->rx.prepend_size;
669+
rxm->full_len -= tls_ctx->rx.overhead_size;
670+
tls_advance_record_sn(sk, &tls_ctx->rx);
671+
ctx->decrypted = true;
672+
ctx->saved_data_ready(sk);
673+
674+
return err;
675+
}
676+
677+
int decrypt_skb(struct sock *sk, struct sk_buff *skb,
678+
struct scatterlist *sgout)
671679
{
672680
struct tls_context *tls_ctx = tls_get_ctx(sk);
673681
struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
@@ -812,7 +820,7 @@ int tls_sw_recvmsg(struct sock *sk,
812820
if (err < 0)
813821
goto fallback_to_reg_recv;
814822

815-
err = decrypt_skb(sk, skb, sgin);
823+
err = decrypt_skb_update(sk, skb, sgin);
816824
for (; pages > 0; pages--)
817825
put_page(sg_page(&sgin[pages]));
818826
if (err < 0) {
@@ -821,7 +829,7 @@ int tls_sw_recvmsg(struct sock *sk,
821829
}
822830
} else {
823831
fallback_to_reg_recv:
824-
err = decrypt_skb(sk, skb, NULL);
832+
err = decrypt_skb_update(sk, skb, NULL);
825833
if (err < 0) {
826834
tls_err_abort(sk, EBADMSG);
827835
goto recv_end;
@@ -892,7 +900,7 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
892900
}
893901

894902
if (!ctx->decrypted) {
895-
err = decrypt_skb(sk, skb, NULL);
903+
err = decrypt_skb_update(sk, skb, NULL);
896904

897905
if (err < 0) {
898906
tls_err_abort(sk, EBADMSG);

0 commit comments

Comments
 (0)