diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2022-07-14 22:22:30 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2022-07-18 11:24:11 +0100 |
| commit | 541cc48be3b141e8529fef05ad6cedbca83f9e80 (patch) | |
| tree | 37bbdfc174258b2baa5342a4d74ffddcc159f1c8 /net/tls/tls.h | |
| parent | 8a958732818bc27f7da4d41ecf2c5c99d9aa8b0e (diff) | |
tls: rx: read the input skb from ctx->recv_pkt
Callers always pass ctx->recv_pkt into decrypt_skb_update(),
and it propagates it to its callees. This may give someone
the false impression that those functions can accept any valid
skb containing a TLS record. That's not the case, the record
sequence number is read from the context, and they can only
take the next record coming out of the strp.
Let the functions get the skb from the context instead of
passing it in. This will also make it cleaner to return
a different skb than ctx->recv_pkt as the decrypted one
later on.
Since we're touching the definition of decrypt_skb_update()
use this as an opportunity to rename it.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls/tls.h')
| -rw-r--r-- | net/tls/tls.h | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/net/tls/tls.h b/net/tls/tls.h index e0ccc96a0850..44522b221717 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -118,8 +118,7 @@ void tls_device_write_space(struct sock *sk, struct tls_context *ctx); int tls_process_cmsg(struct sock *sk, struct msghdr *msg, unsigned char *record_type); -int decrypt_skb(struct sock *sk, struct sk_buff *skb, - struct scatterlist *sgout); +int decrypt_skb(struct sock *sk, struct scatterlist *sgout); int tls_sw_fallback_init(struct sock *sk, struct tls_offload_context_tx *offload_ctx, @@ -132,6 +131,11 @@ static inline struct tls_msg *tls_msg(struct sk_buff *skb) return &scb->tls; } +static inline struct sk_buff *tls_strp_msg(struct tls_sw_context_rx *ctx) +{ + return ctx->recv_pkt; +} + #ifdef CONFIG_TLS_DEVICE int tls_device_init(void); void tls_device_cleanup(void); @@ -140,8 +144,7 @@ void tls_device_free_resources_tx(struct sock *sk); int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx); void tls_device_offload_cleanup_rx(struct sock *sk); void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq); -int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, - struct sk_buff *skb, struct strp_msg *rxm); +int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx); #else static inline int tls_device_init(void) { return 0; } static inline void tls_device_cleanup(void) {} @@ -165,8 +168,7 @@ static inline void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq) {} static inline int -tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx, - struct sk_buff *skb, struct strp_msg *rxm) +tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx) { return 0; } |