| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Aug 2023 23:35:05 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: netdev@...r.kernel.org
Cc: borisp@...dia.com,
john.fastabend@...il.com,
kuba@...nel.org,
Sabrina Dubroca <sd@...asysnail.net>
Subject: [PATCH net-next 00/17] tls: expand tls_cipher_size_desc to simplify getsockopt/setsockopt
Commit 2d2c5ea24243 ("net/tls: Describe ciphers sizes by const
structs") introduced tls_cipher_size_desc to describe the size of the
fields of the per-cipher crypto_info structs, and commit ea7a9d88ba21
("net/tls: Use cipher sizes structs") used it, but only in
tls_device.c and tls_device_fallback.c, and skipped converting similar
code in tls_main.c and tls_sw.c.
This series expands tls_cipher_size_desc (renamed to tls_cipher_desc
to better fit this expansion) to fully describe a cipher:
- offset of the fields within the per-cipher crypto_info
- size of the full struct (for copies to/from userspace)
- offload flag
- algorithm name used by SW crypto
With these additions, we can remove ~350L of
switch (crypto_info->cipher_type) { ... }
from tls_set_device_offload, tls_sw_fallback_init,
do_tls_getsockopt_conf, do_tls_setsockopt_conf, tls_set_sw_offload
(mainly do_tls_getsockopt_conf and tls_set_sw_offload).
This series also adds the ARIA ciphers to the tls selftests, and some
more getsockopt/setsockopt tests to cover more of the code changed by
this series.
Sabrina Dubroca (17):
selftests: tls: add test variants for aria-gcm
selftests: tls: add getsockopt test
selftests: tls: test some invalid inputs for setsockopt
tls: move tls_cipher_size_desc to net/tls/tls.h
tls: add TLS_CIPHER_ARIA_GCM_* to tls_cipher_size_desc
tls: reduce size of tls_cipher_size_desc
tls: rename tls_cipher_size_desc to tls_cipher_desc
tls: extend tls_cipher_desc to fully describe the ciphers
tls: validate cipher descriptions at compile time
tls: expand use of tls_cipher_desc in tls_set_device_offload
tls: allocate the fallback aead after checking that the cipher is
valid
tls: expand use of tls_cipher_desc in tls_sw_fallback_init
tls: get crypto_info size from tls_cipher_desc in
do_tls_setsockopt_conf
tls: use tls_cipher_desc to simplify do_tls_getsockopt_conf
tls: use tls_cipher_desc to get per-cipher sizes in tls_set_sw_offload
tls: use tls_cipher_desc to access per-cipher crypto_info in
tls_set_sw_offload
tls: get cipher_name from cipher_desc in tls_set_sw_offload
include/net/tls.h | 10 --
net/tls/tls.h | 53 ++++++
net/tls/tls_device.c | 52 ++----
net/tls/tls_device_fallback.c | 62 +++----
net/tls/tls_main.c | 272 ++++++++---------------------
net/tls/tls_sw.c | 179 +++----------------
tools/testing/selftests/net/config | 1 +
tools/testing/selftests/net/tls.c | 84 +++++++++
8 files changed, 278 insertions(+), 435 deletions(-)
--
2.40.1
Powered by blists - more mailing lists