diff options
author | Sabrina Dubroca <sd@queasysnail.net> | 2023-08-25 23:35:11 +0200 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2023-08-27 17:17:41 -0700 |
commit | 037303d6760751fdb95ba62cf448ecbc1ac29c98 (patch) | |
tree | 65f0a5591fe99e40bbc767a6e5bcc7efce6993ae /net/tls/tls.h | |
parent | 200e23165109a173ffde3310dffa5ef5e502d97f (diff) |
tls: reduce size of tls_cipher_size_desc
tls_cipher_size_desc indexes ciphers by their type, but we're not
using indices 0..50 of the array. Each struct tls_cipher_size_desc is
20B, so that's a lot of unused memory. We can reindex the array
starting at the lowest used cipher_type.
Introduce the get_cipher_size_desc helper to find the right item and
avoid out-of-bounds accesses, and make tls_cipher_size_desc's size
explicit so that gcc reminds us to update TLS_CIPHER_MIN/MAX when we
add a new cipher.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/5e054e370e240247a5d37881a1cd93a67c15f4ca.1692977948.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/tls/tls.h')
-rw-r--r-- | net/tls/tls.h | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/net/tls/tls.h b/net/tls/tls.h index 7aae92972e00..ea799ef77bf8 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -59,7 +59,18 @@ struct tls_cipher_size_desc { unsigned int rec_seq; }; -extern const struct tls_cipher_size_desc tls_cipher_size_desc[]; +#define TLS_CIPHER_MIN TLS_CIPHER_AES_GCM_128 +#define TLS_CIPHER_MAX TLS_CIPHER_ARIA_GCM_256 +extern const struct tls_cipher_size_desc tls_cipher_size_desc[TLS_CIPHER_MAX + 1 - TLS_CIPHER_MIN]; + +static inline const struct tls_cipher_size_desc *get_cipher_size_desc(u16 cipher_type) +{ + if (cipher_type < TLS_CIPHER_MIN || cipher_type > TLS_CIPHER_MAX) + return NULL; + + return &tls_cipher_size_desc[cipher_type - TLS_CIPHER_MIN]; +} + /* TLS records are maintained in 'struct tls_rec'. It stores the memory pages * allocated or mapped for each TLS record. After encryption, the records are |