Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: Dave Watson <davejwatson@fb.com>
Cc: Ilya Lesokhin <ilyal@mellanox.com>,
	Aviad Yehezkel <aviadye@mellanox.com>,
	Boris Pismenny <borisp@mellanox.com>,
	Liran Liss <liranl@mellanox.com>,
	"Matan Barak" <matanb@mellanox.com>,
	David Miller <davem@davemloft.net>, <netdev@vger.kernel.org>,
	Tom Herbert <tom@herbertland.com>, <herbert@gondor.apana.org.au>,
	<linux-crypto@vger.kernel.org>,
	"Hannes Frederic Sowa" <hannes@stressinduktion.org>,
	Eric Dumazet <eric.dumazet@gmail.com>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	<nmav@gnutls.org>, <fridolin.pokorny@gmail.com>
Subject: Re: [PATCH v3 net-next 3/4] tls: kernel TLS support
Date: Tue, 11 Jul 2017 08:29:53 +0200	[thread overview]
Message-ID: <20170711062953.GE2631@secunet.com> (raw)
In-Reply-To: <20170614183739.GA80368@davejwatson-mba.dhcp.thefacebook.com>

Sorry for replying to old mail...

On Wed, Jun 14, 2017 at 11:37:39AM -0700, Dave Watson wrote:
> +static int tls_do_encryption(struct tls_context *tls_ctx,
> +			     struct tls_sw_context *ctx, size_t data_len,
> +			     gfp_t flags)
> +{
> +	unsigned int req_size = sizeof(struct aead_request) +
> +		crypto_aead_reqsize(ctx->aead_send);
> +	struct aead_request *aead_req;
> +	int rc;
> +
> +	aead_req = kmalloc(req_size, flags);
> +	if (!aead_req)
> +		return -ENOMEM;
> +
> +	ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size;
> +	ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size;
> +
> +	aead_request_set_tfm(aead_req, ctx->aead_send);
> +	aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
> +	aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
> +			       data_len, tls_ctx->iv);
> +	rc = crypto_aead_encrypt(aead_req);
> +
> +	ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size;
> +	ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size;
> +
> +	kfree(aead_req);
> +	return rc;
> +}

...

> +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
> +{

...

> +
> +	if (!sw_ctx->aead_send) {
> +		sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0);
> +		if (IS_ERR(sw_ctx->aead_send)) {
> +			rc = PTR_ERR(sw_ctx->aead_send);
> +			sw_ctx->aead_send = NULL;
> +			goto free_rec_seq;
> +		}
> +	}
> +

When I look on how you allocate the aead transformation, it seems
that you should either register an asynchronous callback with
aead_request_set_callback(), or request for a synchronous algorithm.

Otherwise you will crash on an asynchronous crypto return, no?

Also, it seems that you have your scatterlists on a per crypto
transformation base istead of per crypto request. Is this intentional?

next prev parent reply	other threads:[~2017-07-11  6:29 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <cover.1497465295.git.davejwatson@fb.com>
2017-06-14 18:37 ` [PATCH v3 net-next 1/4] tcp: ULP infrastructure Dave Watson
2017-06-17  0:14   ` Christoph Paasch
2017-07-29 20:19     ` Tom Herbert
2017-06-25  2:42   ` Levin, Alexander (Sasha Levin)
2017-06-26 14:30     ` Dave Watson
2017-06-26 15:07       ` Levin, Alexander (Sasha Levin)
2017-07-29 20:12   ` Tom Herbert
2017-07-31 22:16     ` Dave Watson
2017-08-01 18:27       ` Tom Herbert
2017-06-14 18:37 ` [PATCH v3 net-next 2/4] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions Dave Watson
2017-06-14 18:37 ` [PATCH v3 net-next 3/4] tls: kernel TLS support Dave Watson
2017-06-16 20:56   ` Stephen Hemminger
2017-06-16 20:58   ` Stephen Hemminger
2017-06-17  0:35     ` Dave Watson
2017-07-11  6:29   ` Steffen Klassert [this message]
2017-07-11 18:53     ` Dave Watson
2017-07-11 20:24       ` Eric Biggers
2017-07-12  7:20       ` Steffen Klassert
2017-07-12 18:34         ` Dave Watson
2017-06-14 18:37 ` [PATCH v3 net-next 4/4] tls: Documentation Dave Watson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170711062953.GE2631@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=aviadye@mellanox.com \
    --cc=borisp@mellanox.com \
    --cc=davejwatson@fb.com \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=fridolin.pokorny@gmail.com \
    --cc=hannes@stressinduktion.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=ilyal@mellanox.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=liranl@mellanox.com \
    --cc=matanb@mellanox.com \
    --cc=netdev@vger.kernel.org \
    --cc=nmav@gnutls.org \
    --cc=tom@herbertland.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.