diff options
author | Sabrina Dubroca <sd@queasysnail.net> | 2023-10-09 22:50:45 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2023-10-13 11:26:10 +0100 |
commit | 1c1cb3110d7ed2897e65d9a352a8fb709723e057 (patch) | |
tree | 62d5148e58b862da82f0f027b7b2ea225d81697c | |
parent | bee6b7b30706e7693d91cb28c8ff3cb69e094f65 (diff) |
tls: store iv directly within cipher_context
TLS_MAX_IV_SIZE + TLS_MAX_SALT_SIZE is 20B, we don't get much benefit
in cipher_context's size and can simplify the init code a bit.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/tls.h | 3 | ||||
-rw-r--r-- | net/tls/tls_device.c | 13 | ||||
-rw-r--r-- | net/tls/tls_main.c | 2 | ||||
-rw-r--r-- | net/tls/tls_sw.c | 13 |
4 files changed, 7 insertions, 24 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index 5200ce27db91..28cc40d7b945 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -62,6 +62,7 @@ struct tls_rec; #define TLS_AAD_SPACE_SIZE 13 #define TLS_MAX_IV_SIZE 16 +#define TLS_MAX_SALT_SIZE 4 #define TLS_TAG_SIZE 16 #define TLS_MAX_REC_SEQ_SIZE 8 #define TLS_MAX_AAD_SIZE TLS_AAD_SPACE_SIZE @@ -193,7 +194,7 @@ enum tls_context_flags { }; struct cipher_context { - char *iv; + char iv[TLS_MAX_IV_SIZE + TLS_MAX_SALT_SIZE]; char rec_seq[TLS_MAX_REC_SEQ_SIZE]; }; diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 525d7b813869..0981496c6294 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -56,10 +56,8 @@ static struct page *dummy_page; static void tls_device_free_ctx(struct tls_context *ctx) { - if (ctx->tx_conf == TLS_HW) { + if (ctx->tx_conf == TLS_HW) kfree(tls_offload_ctx_tx(ctx)); - kfree(ctx->tx.iv); - } if (ctx->rx_conf == TLS_HW) kfree(tls_offload_ctx_rx(ctx)); @@ -1088,11 +1086,6 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) prot->overhead_size = prot->prepend_size + prot->tag_size; prot->iv_size = cipher_desc->iv; prot->salt_size = cipher_desc->salt; - ctx->tx.iv = kmalloc(cipher_desc->iv + cipher_desc->salt, GFP_KERNEL); - if (!ctx->tx.iv) { - rc = -ENOMEM; - goto release_netdev; - } memcpy(ctx->tx.iv + cipher_desc->salt, iv, cipher_desc->iv); @@ -1102,7 +1095,7 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) start_marker_record = kmalloc(sizeof(*start_marker_record), GFP_KERNEL); if (!start_marker_record) { rc = -ENOMEM; - goto free_iv; + goto release_netdev; } offload_ctx = kzalloc(TLS_OFFLOAD_CONTEXT_SIZE_TX, GFP_KERNEL); @@ -1187,8 +1180,6 @@ free_offload_ctx: ctx->priv_ctx_tx = NULL; free_marker_record: kfree(start_marker_record); -free_iv: - kfree(ctx->tx.iv); release_netdev: dev_put(netdev); return rc; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 58f13660fe6b..b91524ac1009 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -60,6 +60,7 @@ enum { #define CHECK_CIPHER_DESC(cipher,ci) \ static_assert(cipher ## _IV_SIZE <= TLS_MAX_IV_SIZE); \ + static_assert(cipher ## _SALT_SIZE <= TLS_MAX_SALT_SIZE); \ static_assert(cipher ## _REC_SEQ_SIZE <= TLS_MAX_REC_SEQ_SIZE); \ static_assert(cipher ## _TAG_SIZE == TLS_TAG_SIZE); \ static_assert(sizeof_field(struct ci, iv) == cipher ## _IV_SIZE); \ @@ -344,7 +345,6 @@ static void tls_sk_proto_cleanup(struct sock *sk, /* We need these for tls_sw_fallback handling of other packets */ if (ctx->tx_conf == TLS_SW) { - kfree(ctx->tx.iv); tls_sw_release_resources_tx(sk); TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW); } else if (ctx->tx_conf == TLS_HW) { diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 5b6175f9b9a6..c3da937b8207 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2467,8 +2467,6 @@ void tls_sw_release_resources_rx(struct sock *sk) struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); - kfree(tls_ctx->rx.iv); - if (ctx->aead_recv) { __skb_queue_purge(&ctx->rx_list); crypto_free_aead(ctx->aead_recv); @@ -2682,11 +2680,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) prot->tag_size + prot->tail_size; prot->iv_size = cipher_desc->iv; prot->salt_size = cipher_desc->salt; - cctx->iv = kmalloc(cipher_desc->iv + cipher_desc->salt, GFP_KERNEL); - if (!cctx->iv) { - rc = -ENOMEM; - goto free_priv; - } + /* Note: 128 & 256 bit salt are the same size */ prot->rec_seq_size = cipher_desc->rec_seq; memcpy(cctx->iv, salt, cipher_desc->salt); @@ -2698,7 +2692,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) if (IS_ERR(*aead)) { rc = PTR_ERR(*aead); *aead = NULL; - goto free_iv; + goto free_priv; } } @@ -2730,9 +2724,6 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) free_aead: crypto_free_aead(*aead); *aead = NULL; -free_iv: - kfree(cctx->iv); - cctx->iv = NULL; free_priv: if (tx) { kfree(ctx->priv_ctx_tx); |