summaryrefslogtreecommitdiffstats
path: root/net/tls
diff options
context:
space:
mode:
authorVakul Garg <vakul.garg@nxp.com>2019-02-11 11:31:05 +0000
committerDavid S. Miller <davem@davemloft.net>2019-02-12 12:35:14 -0500
commitc0ab4732d4c658f74eb929d3f615d390f03d660c (patch)
tree89399bf32badd17d93fb7dde8d613e6003c4296f /net/tls
parentfde55ea74ce69b1ba2fb108b197f7c3c6b8749e1 (diff)
downloadlinux-c0ab4732d4c658f74eb929d3f615d390f03d660c.tar.gz
linux-c0ab4732d4c658f74eb929d3f615d390f03d660c.tar.bz2
linux-c0ab4732d4c658f74eb929d3f615d390f03d660c.zip
net/tls: Do not use async crypto for non-data records
Addition of tls1.3 support broke tls1.2 handshake when async crypto accelerator is used. This is because the record type for non-data records is not propagated to user application. Also when async decryption happens, the decryption does not stop when two different types of records get dequeued and submitted for decryption. To address it, we decrypt tls1.2 non-data records in synchronous way. We check whether the record we just processed has same type as the previous one before checking for async condition and jumping to dequeue next record. Fixes: 130b392c6cd6b ("net: tls: Add tls 1.3 support") Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls')
-rw-r--r--net/tls/tls_sw.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fe8c287cbaa1..ae4784734547 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1645,10 +1645,10 @@ int tls_sw_recvmsg(struct sock *sk,
do {
bool retain_skb = false;
- bool async = false;
bool zc = false;
int to_decrypt;
int chunk = 0;
+ bool async;
skb = tls_wait_data(sk, psock, flags, timeo, &err);
if (!skb) {
@@ -1674,18 +1674,21 @@ int tls_sw_recvmsg(struct sock *sk,
tls_ctx->crypto_recv.info.version != TLS_1_3_VERSION)
zc = true;
+ /* Do not use async mode if record is non-data */
+ if (ctx->control == TLS_RECORD_TYPE_DATA)
+ async = ctx->async_capable;
+ else
+ async = false;
+
err = decrypt_skb_update(sk, skb, &msg->msg_iter,
- &chunk, &zc, ctx->async_capable);
+ &chunk, &zc, async);
if (err < 0 && err != -EINPROGRESS) {
tls_err_abort(sk, EBADMSG);
goto recv_end;
}
- if (err == -EINPROGRESS) {
- async = true;
+ if (err == -EINPROGRESS)
num_async++;
- goto pick_next_record;
- }
if (!cmsg) {
int cerr;
@@ -1704,6 +1707,9 @@ int tls_sw_recvmsg(struct sock *sk,
goto recv_end;
}
+ if (async)
+ goto pick_next_record;
+
if (!zc) {
if (rxm->full_len > len) {
retain_skb = true;