Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fedf201e authored by Dave Watson's avatar Dave Watson Committed by David S. Miller
Browse files

net: tls: Refactor control message handling on recv 



For TLS 1.3, the control message is encrypted.  Handle control
message checks after decryption.

Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a2ef9b6a

net/tls/tls_sw.c

+44 −44
Original line number Diff line number Diff line
@@ -1421,15 +1421,14 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, 


			return err;

		}

	} else {

		*zc = false;

	}



		rxm->offset += tls_ctx->rx.prepend_size;

		rxm->full_len -= tls_ctx->rx.overhead_size;

		tls_advance_record_sn(sk, &tls_ctx->rx);

		ctx->decrypted = true;

		ctx->saved_data_ready(sk);

	} else {

		*zc = false;

	}



	return err;

}
@@ -1609,6 +1608,25 @@ int tls_sw_recvmsg(struct sock *sk, 


		rxm = strp_msg(skb);



		to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size;



		if (to_decrypt <= len && !is_kvec && !is_peek &&

		    ctx->control == TLS_RECORD_TYPE_DATA)

			zc = true;



		err = decrypt_skb_update(sk, skb, &msg->msg_iter,

					 &chunk, &zc, ctx->async_capable);

		if (err < 0 && err != -EINPROGRESS) {

			tls_err_abort(sk, EBADMSG);

			goto recv_end;

		}



		if (err == -EINPROGRESS) {

			async = true;

			num_async++;

			goto pick_next_record;

		}



		if (!cmsg) {

			int cerr;
@@ -1626,23 +1644,6 @@ int tls_sw_recvmsg(struct sock *sk, 
			goto recv_end;

		}



		to_decrypt = rxm->full_len - tls_ctx->rx.overhead_size;



		if (to_decrypt <= len && !is_kvec && !is_peek)

			zc = true;



		err = decrypt_skb_update(sk, skb, &msg->msg_iter,

					 &chunk, &zc, ctx->async_capable);

		if (err < 0 && err != -EINPROGRESS) {

			tls_err_abort(sk, EBADMSG);

			goto recv_end;

		}



		if (err == -EINPROGRESS) {

			async = true;

			num_async++;

			goto pick_next_record;

		} else {

		if (!zc) {

			if (rxm->full_len > len) {

				retain_skb = true;
@@ -1661,7 +1662,6 @@ int tls_sw_recvmsg(struct sock *sk, 
				rxm->full_len = rxm->full_len - chunk;

			}

		}

		}



pick_next_record:

		if (chunk > len)
@@ -1759,15 +1759,15 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos, 
	if (!skb)

		goto splice_read_end;



	if (!ctx->decrypted) {

		err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);



		/* splice does not support reading control messages */

		if (ctx->control != TLS_RECORD_TYPE_DATA) {

			err = -ENOTSUPP;

			goto splice_read_end;

		}



	if (!ctx->decrypted) {

		err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);



		if (err < 0) {

			tls_err_abort(sk, EBADMSG);

			goto splice_read_end;