diff options
| author | Sabrina Dubroca <sd@queasysnail.net> | 2023-08-25 23:35:11 +0200 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2023-08-27 17:17:41 -0700 |
| commit | 037303d6760751fdb95ba62cf448ecbc1ac29c98 (patch) | |
| tree | 65f0a5591fe99e40bbc767a6e5bcc7efce6993ae /net/tls/tls_device_fallback.c | |
| parent | 200e23165109a173ffde3310dffa5ef5e502d97f (diff) | |
| download | linux-037303d6760751fdb95ba62cf448ecbc1ac29c98.tar.gz linux-037303d6760751fdb95ba62cf448ecbc1ac29c98.tar.bz2 linux-037303d6760751fdb95ba62cf448ecbc1ac29c98.zip | |
tls: reduce size of tls_cipher_size_desc
tls_cipher_size_desc indexes ciphers by their type, but we're not
using indices 0..50 of the array. Each struct tls_cipher_size_desc is
20B, so that's a lot of unused memory. We can reindex the array
starting at the lowest used cipher_type.
Introduce the get_cipher_size_desc helper to find the right item and
avoid out-of-bounds accesses, and make tls_cipher_size_desc's size
explicit so that gcc reminds us to update TLS_CIPHER_MIN/MAX when we
add a new cipher.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/5e054e370e240247a5d37881a1cd93a67c15f4ca.1692977948.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/tls/tls_device_fallback.c')
| -rw-r--r-- | net/tls/tls_device_fallback.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/tls/tls_device_fallback.c b/net/tls/tls_device_fallback.c index b28c5e296dfd..dd21fa4961b6 100644 --- a/net/tls/tls_device_fallback.c +++ b/net/tls/tls_device_fallback.c @@ -69,7 +69,7 @@ static int tls_enc_record(struct aead_request *aead_req, default: return -EINVAL; } - cipher_sz = &tls_cipher_size_desc[prot->cipher_type]; + cipher_sz = get_cipher_size_desc(prot->cipher_type); buf_size = TLS_HEADER_SIZE + cipher_sz->iv; len = min_t(int, *in_len, buf_size); @@ -310,7 +310,7 @@ static void fill_sg_out(struct scatterlist sg_out[3], void *buf, void *dummy_buf) { const struct tls_cipher_size_desc *cipher_sz = - &tls_cipher_size_desc[tls_ctx->crypto_send.info.cipher_type]; + get_cipher_size_desc(tls_ctx->crypto_send.info.cipher_type); sg_set_buf(&sg_out[0], dummy_buf, sync_size); sg_set_buf(&sg_out[1], nskb->data + tcp_payload_offset, payload_len); @@ -348,7 +348,7 @@ static struct sk_buff *tls_enc_skb(struct tls_context *tls_ctx, default: goto free_req; } - cipher_sz = &tls_cipher_size_desc[tls_ctx->crypto_send.info.cipher_type]; + cipher_sz = get_cipher_size_desc(tls_ctx->crypto_send.info.cipher_type); buf_len = cipher_sz->salt + cipher_sz->iv + TLS_AAD_SPACE_SIZE + sync_size + cipher_sz->tag; buf = kmalloc(buf_len, GFP_ATOMIC); @@ -495,7 +495,7 @@ int tls_sw_fallback_init(struct sock *sk, rc = -EINVAL; goto free_aead; } - cipher_sz = &tls_cipher_size_desc[crypto_info->cipher_type]; + cipher_sz = get_cipher_size_desc(crypto_info->cipher_type); rc = crypto_aead_setkey(offload_ctx->aead_send, key, cipher_sz->key); if (rc) |