diff options
| author | Vakul Garg <vakul.garg@nxp.com> | 2019-02-14 02:11:35 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-02-19 13:40:36 -0500 |
| commit | 4509de14680084141d3514c3b87bd9d070fc366d (patch) | |
| tree | 7b0e29e68ef0c1e526eed22713d0168ea7654b1f /net/tls/tls_main.c | |
| parent | c9b747dbc2036c917b1067fbb78dc38b105c4454 (diff) | |
net/tls: Move protocol constants from cipher context to tls context
Each tls context maintains two cipher contexts (one each for tx and rx
directions). For each tls session, the constants such as protocol
version, ciphersuite, iv size, associated data size etc are same for
both the directions and need to be stored only once per tls context.
Hence these are moved from 'struct cipher_context' to 'struct
tls_prot_info' and stored only once in 'struct tls_context'.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls/tls_main.c')
| -rw-r--r-- | net/tls/tls_main.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index d1c2fd9a3f63..caff15b2f9b2 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c | |||
| @@ -435,6 +435,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, | |||
| 435 | unsigned int optlen, int tx) | 435 | unsigned int optlen, int tx) |
| 436 | { | 436 | { |
| 437 | struct tls_crypto_info *crypto_info; | 437 | struct tls_crypto_info *crypto_info; |
| 438 | struct tls_crypto_info *alt_crypto_info; | ||
| 438 | struct tls_context *ctx = tls_get_ctx(sk); | 439 | struct tls_context *ctx = tls_get_ctx(sk); |
| 439 | size_t optsize; | 440 | size_t optsize; |
| 440 | int rc = 0; | 441 | int rc = 0; |
| @@ -445,10 +446,13 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, | |||
| 445 | goto out; | 446 | goto out; |
| 446 | } | 447 | } |
| 447 | 448 | ||
| 448 | if (tx) | 449 | if (tx) { |
| 449 | crypto_info = &ctx->crypto_send.info; | 450 | crypto_info = &ctx->crypto_send.info; |
| 450 | else | 451 | alt_crypto_info = &ctx->crypto_recv.info; |
| 452 | } else { | ||
| 451 | crypto_info = &ctx->crypto_recv.info; | 453 | crypto_info = &ctx->crypto_recv.info; |
| 454 | alt_crypto_info = &ctx->crypto_send.info; | ||
| 455 | } | ||
| 452 | 456 | ||
| 453 | /* Currently we don't support set crypto info more than one time */ | 457 | /* Currently we don't support set crypto info more than one time */ |
| 454 | if (TLS_CRYPTO_INFO_READY(crypto_info)) { | 458 | if (TLS_CRYPTO_INFO_READY(crypto_info)) { |
| @@ -469,6 +473,15 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, | |||
| 469 | goto err_crypto_info; | 473 | goto err_crypto_info; |
| 470 | } | 474 | } |
| 471 | 475 | ||
| 476 | /* Ensure that TLS version and ciphers are same in both directions */ | ||
| 477 | if (TLS_CRYPTO_INFO_READY(alt_crypto_info)) { | ||
| 478 | if (alt_crypto_info->version != crypto_info->version || | ||
| 479 | alt_crypto_info->cipher_type != crypto_info->cipher_type) { | ||
| 480 | rc = -EINVAL; | ||
| 481 | goto err_crypto_info; | ||
| 482 | } | ||
| 483 | } | ||
| 484 | |||
| 472 | switch (crypto_info->cipher_type) { | 485 | switch (crypto_info->cipher_type) { |
| 473 | case TLS_CIPHER_AES_GCM_128: | 486 | case TLS_CIPHER_AES_GCM_128: |
| 474 | case TLS_CIPHER_AES_GCM_256: { | 487 | case TLS_CIPHER_AES_GCM_256: { |