Skip to content

Commit

Permalink
net: tls: Refactor control message handling on recv
Browse files Browse the repository at this point in the history 
For TLS 1.3, the control message is encrypted.  Handle control
message checks after decryption.

Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
@davem330
Dave Watson authored and davem330 committed Feb 1, 2019
1 parent a2ef9b6 commit fedf201
Showing 1 changed file with 44 additions and 44 deletions.
88 changes: 44 additions & 44 deletions net/tls/tls_sw.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1421,16 +1421,15 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,

return err;
}
rxm->offset += tls_ctx->rx.prepend_size;
rxm->full_len -= tls_ctx->rx.overhead_size;
tls_advance_record_sn(sk, &tls_ctx->rx);
ctx->decrypted = true;
ctx->saved_data_ready(sk);
} else {
*zc = false;
}

rxm->offset += tls_ctx->rx.prepend_size;
rxm->full_len -= tls_ctx->rx.overhead_size;
tls_advance_record_sn(sk, &tls_ctx->rx);
ctx->decrypted = true;
ctx->saved_data_ready(sk);

return err;
}

Expand Down Expand Up @@ -1609,6 +1608,25 @@ int tls_sw_recvmsg(struct sock *sk,

rxm = strp_msg(skb);

to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size;

if (to_decrypt <= len && !is_kvec && !is_peek &&
ctx->control == TLS_RECORD_TYPE_DATA)
zc = true;

err = decrypt_skb_update(sk, skb, &msg->msg_iter,
&chunk, &zc, ctx->async_capable);
if (err < 0 && err != -EINPROGRESS) {
tls_err_abort(sk, EBADMSG);
goto recv_end;
}

if (err == -EINPROGRESS) {
async = true;
num_async++;
goto pick_next_record;
}

if (!cmsg) {
int cerr;

Expand All @@ -1626,40 +1644,22 @@ int tls_sw_recvmsg(struct sock *sk,
goto recv_end;
}

to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size;

if (to_decrypt <= len && !is_kvec && !is_peek)
zc = true;

err = decrypt_skb_update(sk, skb, &msg->msg_iter,
&chunk, &zc, ctx->async_capable);
if (err < 0 && err != -EINPROGRESS) {
tls_err_abort(sk, EBADMSG);
goto recv_end;
}

if (err == -EINPROGRESS) {
async = true;
num_async++;
goto pick_next_record;
} else {
if (!zc) {
if (rxm->full_len > len) {
retain_skb = true;
chunk = len;
} else {
chunk = rxm->full_len;
}
if (!zc) {
if (rxm->full_len > len) {
retain_skb = true;
chunk = len;
} else {
chunk = rxm->full_len;
}

err = skb_copy_datagram_msg(skb, rxm->offset,
msg, chunk);
if (err < 0)
goto recv_end;
err = skb_copy_datagram_msg(skb, rxm->offset,
msg, chunk);
if (err < 0)
goto recv_end;

if (!is_peek) {
rxm->offset = rxm->offset + chunk;
rxm->full_len = rxm->full_len - chunk;
}
if (!is_peek) {
rxm->offset = rxm->offset + chunk;
rxm->full_len = rxm->full_len - chunk;
}
}

Expand Down Expand Up @@ -1759,15 +1759,15 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
if (!skb)
goto splice_read_end;

/* splice does not support reading control messages */
if (ctx->control != TLS_RECORD_TYPE_DATA) {
err = -ENOTSUPP;
goto splice_read_end;
}

if (!ctx->decrypted) {
err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);

/* splice does not support reading control messages */
if (ctx->control != TLS_RECORD_TYPE_DATA) {
err = -ENOTSUPP;
goto splice_read_end;
}

if (err < 0) {
tls_err_abort(sk, EBADMSG);
goto splice_read_end;
Expand Down

0 comments on commit fedf201

Please sign in to comment.