static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
struct iov_iter *out_iov,
struct scatterlist *out_sg,
- int *chunk, bool *zc, bool async)
+ bool *zc, bool async)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
(n_sgout - 1));
if (err < 0)
goto fallback_to_reg_recv;
- *chunk = data_len;
} else if (out_sg) {
memcpy(sgout, out_sg, n_sgout * sizeof(*sgout));
} else {
fallback_to_reg_recv:
sgout = sgin;
pages = 0;
- *chunk = data_len;
*zc = false;
}
}
static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
- struct iov_iter *dest, int *chunk, bool *zc,
- bool async)
+ struct iov_iter *dest, bool *zc, bool async)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_prot_info *prot = &tls_ctx->prot_info;
}
}
- err = decrypt_internal(sk, skb, dest, NULL, chunk, zc, async);
+ err = decrypt_internal(sk, skb, dest, NULL, zc, async);
if (err < 0) {
if (err == -EINPROGRESS)
tls_advance_record_sn(sk, prot, &tls_ctx->rx);
struct scatterlist *sgout)
{
bool zc = true;
- int chunk;
- return decrypt_internal(sk, skb, NULL, sgout, &chunk, &zc, false);
+ return decrypt_internal(sk, skb, NULL, sgout, &zc, false);
}
static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb,
num_async = 0;
while (len && (decrypted + copied < target || ctx->recv_pkt)) {
bool retain_skb = false;
+ int to_decrypt, chunk;
bool zc = false;
- int to_decrypt;
- int chunk = 0;
bool async_capable;
bool async = false;
async_capable = false;
err = decrypt_skb_update(sk, skb, &msg->msg_iter,
- &chunk, &zc, async_capable);
+ &zc, async_capable);
if (err < 0 && err != -EINPROGRESS) {
tls_err_abort(sk, -EBADMSG);
goto recv_end;
}
}
- if (async)
+ if (async) {
+ /* TLS 1.2-only, to_decrypt must be text length */
+ chunk = min_t(int, to_decrypt, len);
goto pick_next_record;
+ }
+ /* TLS 1.3 may have updated the length by more than overhead */
+ chunk = rxm->full_len;
if (!zc) {
if (bpf_strp_enabled) {
}
}
- if (rxm->full_len > len) {
+ if (chunk > len) {
retain_skb = true;
chunk = len;
- } else {
- chunk = rxm->full_len;
}
err = skb_copy_datagram_msg(skb, rxm->offset,
}
pick_next_record:
- if (chunk > len)
- chunk = len;
-
decrypted += chunk;
len -= chunk;
if (!skb)
goto splice_read_end;
- err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
+ err = decrypt_skb_update(sk, skb, NULL, &zc, false);
if (err < 0) {
tls_err_abort(sk, -EBADMSG);
goto splice_read_end;