diff options
author | Sabrina Dubroca <sd@queasysnail.net> | 2023-10-09 22:50:43 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2023-10-13 11:26:09 +0100 |
commit | 6d5029e54700b2427581513c533232b02ce05043 (patch) | |
tree | 6bbec467aea8449f61117d8b973b3a11ed62dee9 | |
parent | 8f1d532b4a49e196696b0aa150962d7ce96985e4 (diff) |
tls: store rec_seq directly within cipher_context
TLS_MAX_REC_SEQ_SIZE is 8B, we don't get anything by using kmalloc.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/tls.h | 2 | ||||
-rw-r--r-- | net/tls/tls_device.c | 11 | ||||
-rw-r--r-- | net/tls/tls_main.c | 1 | ||||
-rw-r--r-- | net/tls/tls_sw.c | 13 |
4 files changed, 5 insertions, 22 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index a2b44578dcb7..f3f22b08af26 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -194,7 +194,7 @@ enum tls_context_flags { struct cipher_context { char *iv; - char *rec_seq; + char rec_seq[TLS_MAX_REC_SEQ_SIZE]; }; union tls_crypto_context { diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index fbd687a0c66f..525d7b813869 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -58,7 +58,6 @@ static void tls_device_free_ctx(struct tls_context *ctx) { if (ctx->tx_conf == TLS_HW) { kfree(tls_offload_ctx_tx(ctx)); - kfree(ctx->tx.rec_seq); kfree(ctx->tx.iv); } @@ -1098,16 +1097,12 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) memcpy(ctx->tx.iv + cipher_desc->salt, iv, cipher_desc->iv); prot->rec_seq_size = cipher_desc->rec_seq; - ctx->tx.rec_seq = kmemdup(rec_seq, cipher_desc->rec_seq, GFP_KERNEL); - if (!ctx->tx.rec_seq) { - rc = -ENOMEM; - goto free_iv; - } + memcpy(ctx->tx.rec_seq, rec_seq, cipher_desc->rec_seq); start_marker_record = kmalloc(sizeof(*start_marker_record), GFP_KERNEL); if (!start_marker_record) { rc = -ENOMEM; - goto free_rec_seq; + goto free_iv; } offload_ctx = kzalloc(TLS_OFFLOAD_CONTEXT_SIZE_TX, GFP_KERNEL); @@ -1192,8 +1187,6 @@ free_offload_ctx: ctx->priv_ctx_tx = NULL; free_marker_record: kfree(start_marker_record); -free_rec_seq: - kfree(ctx->tx.rec_seq); free_iv: kfree(ctx->tx.iv); release_netdev: diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 02f583ff9239..f705d812fc36 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -344,7 +344,6 @@ static void tls_sk_proto_cleanup(struct sock *sk, /* We need these for tls_sw_fallback handling of other packets */ if (ctx->tx_conf == TLS_SW) { - kfree(ctx->tx.rec_seq); kfree(ctx->tx.iv); tls_sw_release_resources_tx(sk); TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW); diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 270712b8d391..93d40c9a6823 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2467,7 +2467,6 @@ void tls_sw_release_resources_rx(struct sock *sk) struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); - kfree(tls_ctx->rx.rec_seq); kfree(tls_ctx->rx.iv); if (ctx->aead_recv) { @@ -2692,19 +2691,14 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) prot->rec_seq_size = cipher_desc->rec_seq; memcpy(cctx->iv, salt, cipher_desc->salt); memcpy(cctx->iv + cipher_desc->salt, iv, cipher_desc->iv); - - cctx->rec_seq = kmemdup(rec_seq, cipher_desc->rec_seq, GFP_KERNEL); - if (!cctx->rec_seq) { - rc = -ENOMEM; - goto free_iv; - } + memcpy(cctx->rec_seq, rec_seq, cipher_desc->rec_seq); if (!*aead) { *aead = crypto_alloc_aead(cipher_desc->cipher_name, 0, 0); if (IS_ERR(*aead)) { rc = PTR_ERR(*aead); *aead = NULL; - goto free_rec_seq; + goto free_iv; } } @@ -2736,9 +2730,6 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) free_aead: crypto_free_aead(*aead); *aead = NULL; -free_rec_seq: - kfree(cctx->rec_seq); - cctx->rec_seq = NULL; free_iv: kfree(cctx->iv); cctx->iv = NULL; |