[net] net/tls: tls offload is broken

Message ID	20201201090752.27355-1-rohitm@chelsio.com
State	Superseded
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Rohit Maheshwari <rohitm@chelsio.com> To: kuba@kernel.org, netdev@vger.kernel.org, davem@davemloft.net Cc: secdev@chelsio.com, Rohit Maheshwari <rohitm@chelsio.com> Subject: [net] net/tls: tls offload is broken Date: Tue, 1 Dec 2020 14:37:52 +0530 Message-Id: <20201201090752.27355-1-rohitm@chelsio.com> Precedence: bulk
Series	[net] net/tls: tls offload is broken \| expand [net] net/tls: tls offload is broken

Message ID

20201201090752.27355-1-rohitm@chelsio.com

State

Superseded

Headers

From: Rohit Maheshwari <rohitm@chelsio.com>
To: kuba@kernel.org, netdev@vger.kernel.org, davem@davemloft.net
Cc: secdev@chelsio.com, Rohit Maheshwari <rohitm@chelsio.com>
Subject: [net] net/tls: tls offload is broken
Date: Tue,  1 Dec 2020 14:37:52 +0530
Message-Id: <20201201090752.27355-1-rohitm@chelsio.com>
Precedence: bulk

Series

[net] net/tls: tls offload is broken | expand

Commit Message

Rohit Maheshwari Dec. 1, 2020, 9:07 a.m. UTC

Recent changes made to remove AES constants started using protocol
aware salt_size. ctx->prot_info's salt_size is filled in tls sw case,
but not in tls offload mode, and was working so far because of the
hard coded value was used.

Fixes: 6942a284fb3e ("net/tls: make inline helpers protocol-aware")
Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>
---
 net/tls/tls_device.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Jakub Kicinski Dec. 2, 2020, 1:53 a.m. UTC | #1

On Tue,  1 Dec 2020 14:37:52 +0530 Rohit Maheshwari wrote:
> Recent changes made to remove AES constants started using protocol
> aware salt_size. ctx->prot_info's salt_size is filled in tls sw case,
> but not in tls offload mode, and was working so far because of the
> hard coded value was used.
> 
> Fixes: 6942a284fb3e ("net/tls: make inline helpers protocol-aware")
> Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>

I updated the subject to something more meaningful and applied to
net-next. The commit in question was just applied to net-next, it
doesn't exist in net.

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 6cc9fe778356..f7fb7d2c1de1 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -998,7 +998,7 @@  static void tls_device_attach(struct tls_context *ctx, struct sock *sk,
 
 int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
 {
-	u16 nonce_size, tag_size, iv_size, rec_seq_size;
+	u16 nonce_size, tag_size, iv_size, rec_seq_size, salt_size;
 	struct tls_context *tls_ctx = tls_get_ctx(sk);
 	struct tls_prot_info *prot = &tls_ctx->prot_info;
 	struct tls_record_info *start_marker_record;
@@ -1039,6 +1039,7 @@  int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
 		iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
 		iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
 		rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
+		salt_size = TLS_CIPHER_AES_GCM_128_SALT_SIZE;
 		rec_seq =
 		 ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
 		break;
@@ -1059,6 +1060,7 @@  int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
 	prot->tag_size = tag_size;
 	prot->overhead_size = prot->prepend_size + prot->tag_size;
 	prot->iv_size = iv_size;
+	prot->salt_size = salt_size;
 	ctx->tx.iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
 			     GFP_KERNEL);
 	if (!ctx->tx.iv) {

[net] net/tls: tls offload is broken

Commit Message

Comments

Patch