diff options
| author |   Jakub Kicinski <kuba@kernel.org> | 2022-07-07 18:03:10 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-07-08 18:38:45 -0700 |
| commit | 50a07aa5316181e08fb80914fcf70229a827a2e0 (patch) | |
| tree | d841f8e239698390fa70d105fb739ba1735157a4 | |
| parent | strparser: pad sk_skb_cb to avoid straddling cachelines (diff) | |
| download | linux-dev-50a07aa5316181e08fb80914fcf70229a827a2e0.tar.xz linux-dev-50a07aa5316181e08fb80914fcf70229a827a2e0.zip | |
tls: rx: always allocate max possible aad size for decrypt
AAD size is either 5 or 13. Really no point complicating
the code for the 8B of difference. This will also let us
turn the chunked up buffer into a sane struct.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | include/net/tls.h | 1 | ||||
| -rw-r--r-- | net/tls/tls_sw.c | 19 |
2 files changed, 11 insertions, 9 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index 4fc16ca5f469..9394c0459fe8 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -66,6 +66,7 @@ #define MAX_IV_SIZE 16 #define TLS_TAG_SIZE 16 #define TLS_MAX_REC_SEQ_SIZE 8 +#define TLS_MAX_AAD_SIZE TLS_AAD_SPACE_SIZE /* For CCM mode, the full 16-bytes of IV is made of '4' fields of given sizes. * diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index f1777d67527f..377c0f608167 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1450,7 +1450,7 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, aead_size = sizeof(*aead_req) + crypto_aead_reqsize(ctx->aead_recv); mem_size = aead_size + (nsg * sizeof(struct scatterlist)); - mem_size = mem_size + prot->aad_size; + mem_size = mem_size + TLS_MAX_AAD_SIZE; mem_size = mem_size + MAX_IV_SIZE; mem_size = mem_size + prot->tail_size; @@ -1467,7 +1467,7 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, sgin = (struct scatterlist *)(mem + aead_size); sgout = sgin + n_sgin; aad = (u8 *)(sgout + n_sgout); - iv = aad + prot->aad_size; + iv = aad + TLS_MAX_AAD_SIZE; tail = iv + MAX_IV_SIZE; /* For CCM based ciphers, first byte of nonce+iv is a constant */ @@ -2474,13 +2474,6 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) goto free_priv; } - /* Sanity-check the sizes for stack allocations. */ - if (iv_size > MAX_IV_SIZE || nonce_size > MAX_IV_SIZE || - rec_seq_size > TLS_MAX_REC_SEQ_SIZE || tag_size != TLS_TAG_SIZE) { - rc = -EINVAL; - goto free_priv; - } - if (crypto_info->version == TLS_1_3_VERSION) { nonce_size = 0; prot->aad_size = TLS_HEADER_SIZE; @@ -2490,6 +2483,14 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) prot->tail_size = 0; } + /* Sanity-check the sizes for stack allocations. */ + if (iv_size > MAX_IV_SIZE || nonce_size > MAX_IV_SIZE || + rec_seq_size > TLS_MAX_REC_SEQ_SIZE || tag_size != TLS_TAG_SIZE || + prot->aad_size > TLS_MAX_AAD_SIZE) { + rc = -EINVAL; + goto free_priv; + } + prot->version = crypto_info->version; prot->cipher_type = crypto_info->cipher_type; prot->prepend_size = TLS_HEADER_SIZE + nonce_size; |