Commit c0ab4732 authored by Vakul Garg's avatar Vakul Garg Committed by David S. Miller

net/tls: Do not use async crypto for non-data records

Addition of tls1.3 support broke tls1.2 handshake when async crypto
accelerator is used. This is because the record type for non-data
records is not propagated to user application. Also when async
decryption happens, the decryption does not stop when two different
types of records get dequeued and submitted for decryption. To address
it, we decrypt tls1.2 non-data records in synchronous way. We check
whether the record we just processed has same type as the previous one
before checking for async condition and jumping to dequeue next record.

Fixes: 130b392c ("net: tls: Add tls 1.3 support")
Signed-off-by: default avatarVakul Garg <vakul.garg@nxp.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent fde55ea7
...@@ -1645,10 +1645,10 @@ int tls_sw_recvmsg(struct sock *sk, ...@@ -1645,10 +1645,10 @@ int tls_sw_recvmsg(struct sock *sk,
do { do {
bool retain_skb = false; bool retain_skb = false;
bool async = false;
bool zc = false; bool zc = false;
int to_decrypt; int to_decrypt;
int chunk = 0; int chunk = 0;
bool async;
skb = tls_wait_data(sk, psock, flags, timeo, &err); skb = tls_wait_data(sk, psock, flags, timeo, &err);
if (!skb) { if (!skb) {
...@@ -1674,18 +1674,21 @@ int tls_sw_recvmsg(struct sock *sk, ...@@ -1674,18 +1674,21 @@ int tls_sw_recvmsg(struct sock *sk,
tls_ctx->crypto_recv.info.version != TLS_1_3_VERSION) tls_ctx->crypto_recv.info.version != TLS_1_3_VERSION)
zc = true; zc = true;
/* Do not use async mode if record is non-data */
if (ctx->control == TLS_RECORD_TYPE_DATA)
async = ctx->async_capable;
else
async = false;
err = decrypt_skb_update(sk, skb, &msg->msg_iter, err = decrypt_skb_update(sk, skb, &msg->msg_iter,
&chunk, &zc, ctx->async_capable); &chunk, &zc, async);
if (err < 0 && err != -EINPROGRESS) { if (err < 0 && err != -EINPROGRESS) {
tls_err_abort(sk, EBADMSG); tls_err_abort(sk, EBADMSG);
goto recv_end; goto recv_end;
} }
if (err == -EINPROGRESS) { if (err == -EINPROGRESS)
async = true;
num_async++; num_async++;
goto pick_next_record;
}
if (!cmsg) { if (!cmsg) {
int cerr; int cerr;
...@@ -1704,6 +1707,9 @@ int tls_sw_recvmsg(struct sock *sk, ...@@ -1704,6 +1707,9 @@ int tls_sw_recvmsg(struct sock *sk,
goto recv_end; goto recv_end;
} }
if (async)
goto pick_next_record;
if (!zc) { if (!zc) {
if (rxm->full_len > len) { if (rxm->full_len > len) {
retain_skb = true; retain_skb = true;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment