lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180327202329.6d0d8896@epycfail>
Date:   Tue, 27 Mar 2018 20:23:29 +0200
From:   Stefano Brivio <sbrivio@...hat.com>
To:     Atul Gupta <atul.gupta@...lsio.com>
Cc:     davem@...emloft.net, herbert@...dor.apana.org.au,
        davejwatson@...com, sd@...asysnail.net,
        linux-crypto@...r.kernel.org, netdev@...r.kernel.org,
        werner@...lsio.com, leedom@...lsio.com,
        swise@...ngridcomputing.com, indranil@...lsio.com,
        ganeshgr@...lsio.com
Subject: Re: [PATCH v13 net-next 01/12] tls: support for Inline tls record

On Tue, 27 Mar 2018 23:06:30 +0530
Atul Gupta <atul.gupta@...lsio.com> wrote:

> +static struct tls_context *create_ctx(struct sock *sk)
> +{
> +	struct inet_connection_sock *icsk = inet_csk(sk);
> +	struct tls_context *ctx;
> +
> +	/* allocate tls context */
> +	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
> +	if (!ctx)
> +		return NULL;
> +
> +	icsk->icsk_ulp_data = ctx;
> +	return ctx;
> +}
>
> [...]
>
>  static int tls_init(struct sock *sk)
>  {
>  	int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
> -	struct inet_connection_sock *icsk = inet_csk(sk);
>  	struct tls_context *ctx;
>  	int rc = 0;
>  
> +	if (tls_hw_prot(sk))
> +		goto out;
> +
>  	/* The TLS ulp is currently supported only for TCP sockets
>  	 * in ESTABLISHED state.
>  	 * Supporting sockets in LISTEN state will require us
> @@ -530,12 +624,11 @@ static int tls_init(struct sock *sk)
>  		return -ENOTSUPP;
>  
>  	/* allocate tls context */
> -	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
> +	ctx = create_ctx(sk);
>  	if (!ctx) {
>  		rc = -ENOMEM;
>  		goto out;
>  	}
> -	icsk->icsk_ulp_data = ctx;

Why are you changing this?

This is now equivalent to the original implementation, except that you
are "hiding" the assignment of icsk->icsk_ulp_data into a function named
"create_ctx".

Please also note that you are duplicating the "allocate tls context"
comment.

-- 
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ