All of lore.kernel.org
 help / color / mirror / Atom feed
* [net] net/tls: tls offload is broken
@ 2020-12-01  9:07 Rohit Maheshwari
  2020-12-02  1:53 ` Jakub Kicinski
  0 siblings, 1 reply; 2+ messages in thread
From: Rohit Maheshwari @ 2020-12-01  9:07 UTC (permalink / raw)
  To: kuba, netdev, davem; +Cc: secdev, Rohit Maheshwari

Recent changes made to remove AES constants started using protocol
aware salt_size. ctx->prot_info's salt_size is filled in tls sw case,
but not in tls offload mode, and was working so far because of the
hard coded value was used.

Fixes: 6942a284fb3e ("net/tls: make inline helpers protocol-aware")
Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>
---
 net/tls/tls_device.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 6cc9fe778356..f7fb7d2c1de1 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -998,7 +998,7 @@ static void tls_device_attach(struct tls_context *ctx, struct sock *sk,
 
 int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
 {
-	u16 nonce_size, tag_size, iv_size, rec_seq_size;
+	u16 nonce_size, tag_size, iv_size, rec_seq_size, salt_size;
 	struct tls_context *tls_ctx = tls_get_ctx(sk);
 	struct tls_prot_info *prot = &tls_ctx->prot_info;
 	struct tls_record_info *start_marker_record;
@@ -1039,6 +1039,7 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
 		iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
 		iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
 		rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
+		salt_size = TLS_CIPHER_AES_GCM_128_SALT_SIZE;
 		rec_seq =
 		 ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
 		break;
@@ -1059,6 +1060,7 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
 	prot->tag_size = tag_size;
 	prot->overhead_size = prot->prepend_size + prot->tag_size;
 	prot->iv_size = iv_size;
+	prot->salt_size = salt_size;
 	ctx->tx.iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
 			     GFP_KERNEL);
 	if (!ctx->tx.iv) {
-- 
2.18.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [net] net/tls: tls offload is broken
  2020-12-01  9:07 [net] net/tls: tls offload is broken Rohit Maheshwari
@ 2020-12-02  1:53 ` Jakub Kicinski
  0 siblings, 0 replies; 2+ messages in thread
From: Jakub Kicinski @ 2020-12-02  1:53 UTC (permalink / raw)
  To: Rohit Maheshwari; +Cc: netdev, davem, secdev

On Tue,  1 Dec 2020 14:37:52 +0530 Rohit Maheshwari wrote:
> Recent changes made to remove AES constants started using protocol
> aware salt_size. ctx->prot_info's salt_size is filled in tls sw case,
> but not in tls offload mode, and was working so far because of the
> hard coded value was used.
> 
> Fixes: 6942a284fb3e ("net/tls: make inline helpers protocol-aware")
> Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>

I updated the subject to something more meaningful and applied to
net-next. The commit in question was just applied to net-next, it
doesn't exist in net.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-12-02  1:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-01  9:07 [net] net/tls: tls offload is broken Rohit Maheshwari
2020-12-02  1:53 ` Jakub Kicinski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.