Commit 5c5d22a7 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller

net/tls: avoid spurious decryption error with HW resync

When device loses sync mid way through a record - kernel
has to re-encrypt the part of the record which the device
already decrypted to be able to decrypt and authenticate
the record in its entirety.

The re-encryption piggy backs on the decryption routine,
but obviously because the partially decrypted record can't
be authenticated crypto API returns an error which is then
ignored by tls_device_reencrypt().

Commit 5c5ec668 ("net/tls: add TlsDecryptError stat")
added a statistic to count decryption errors, this statistic
can't be incremented when we see the expected re-encryption
error. Move the inc to the caller.
Reported-and-tested-by: default avatarDavid Beckett <david.beckett@netronome.com>
Fixes: 5c5ec668 ("net/tls: add TlsDecryptError stat")
Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: default avatarSimon Horman <simon.horman@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e267371d
...@@ -256,8 +256,6 @@ static int tls_do_decryption(struct sock *sk, ...@@ -256,8 +256,6 @@ static int tls_do_decryption(struct sock *sk,
return ret; return ret;
ret = crypto_wait_req(ret, &ctx->async_wait); ret = crypto_wait_req(ret, &ctx->async_wait);
} else if (ret == -EBADMSG) {
TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR);
} }
if (async) if (async)
...@@ -1515,7 +1513,9 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, ...@@ -1515,7 +1513,9 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
if (err == -EINPROGRESS) if (err == -EINPROGRESS)
tls_advance_record_sn(sk, prot, tls_advance_record_sn(sk, prot,
&tls_ctx->rx); &tls_ctx->rx);
else if (err == -EBADMSG)
TLS_INC_STATS(sock_net(sk),
LINUX_MIB_TLSDECRYPTERROR);
return err; return err;
} }
} else { } else {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment