diff options
| author | David S. Miller <davem@davemloft.net> | 2017-11-14 10:26:35 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-11-14 10:26:35 +0300 |
| commit | 951b7966959fde507e1718627b37795f40b704f4 (patch) | |
| tree | d0d4e6feae47f3b33d9f2672ba4828a63364ea6e /include | |
| parent | 0a87bc2e58a687fe14817b9c7f73e68570ba33c6 (diff) | |
| parent | ee181e5201e640a4b92b217e9eab2531dab57d2c (diff) | |
| download | linux-951b7966959fde507e1718627b37795f40b704f4.tar.xz | |
Merge branch 'tls-misc-fixes'
Ilya Lesokhin says:
====================
tls: Miscellaneous fixes
Here's a set of miscellaneous fix patches.
Patch 1 makes sure aead_request is initailized properly.
Patches 2-3 Fix a memory leak we've encountered.
patch 4 moves tls_make_aad to allow sharing it in the future.
Patch 5 fixes a TOCTOU issue reported here:
https://www.spinics.net/lists/kernel/msg2608603.html
Patch 6 Avoids callback overriding when tls_set_sw_offload fails.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/tls.h | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index b89d397dd62f..70becd0a9299 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -83,6 +83,8 @@ struct tls_context { void *priv_ctx; + u8 tx_conf:2; + u16 prepend_size; u16 tag_size; u16 overhead_size; @@ -97,7 +99,6 @@ struct tls_context { u16 pending_open_record_frags; int (*push_pending_record)(struct sock *sk, int flags); - void (*free_resources)(struct sock *sk); void (*sk_write_space)(struct sock *sk); void (*sk_proto_close)(struct sock *sk, long timeout); @@ -122,6 +123,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); void tls_sw_close(struct sock *sk, long timeout); +void tls_sw_free_tx_resources(struct sock *sk); void tls_sk_destruct(struct sock *sk, struct tls_context *ctx); void tls_icsk_clean_acked(struct sock *sk); @@ -212,6 +214,21 @@ static inline void tls_fill_prepend(struct tls_context *ctx, ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); } +static inline void tls_make_aad(char *buf, + size_t size, + char *record_sequence, + int record_sequence_size, + unsigned char record_type) +{ + memcpy(buf, record_sequence, record_sequence_size); + + buf[8] = record_type; + buf[9] = TLS_1_2_VERSION_MAJOR; + buf[10] = TLS_1_2_VERSION_MINOR; + buf[11] = size >> 8; + buf[12] = size & 0xFF; +} + static inline struct tls_context *tls_get_ctx(const struct sock *sk) { struct inet_connection_sock *icsk = inet_csk(sk); |