Re: [PATCH v9 crypto 06/12] cxgb4: LLD driver changes to enable TLS

On 3/7/2018 6:29 PM, Sabrina Dubroca wrote: > 2018-03-06, 21:09:25 +0530, Atul Gupta wrote: >> Read FW capability. Read key area size. Dump the TLS record count. > That's not a really helpful commit message. Have a look at other > commit messages and try to be more descriptive. > It's also not

Re: [PATCH] crypto/ecc: Remove stack VLA usage

Hi, Kees, On 03/07/2018 11:56 PM, Kees Cook wrote: On the quest to remove all VLAs from the kernel[1], this switches to a pair of kmalloc regions instead of using the stack. This also moves the get_random_bytes() after all allocations (and drops the needless "nbytes" variable). [1]

Re: [PATCH v9 crypto 08/12] chtls: Key program

On 3/7/2018 8:35 PM, Sabrina Dubroca wrote: > 2018-03-06, 21:09:27 +0530, Atul Gupta wrote: > [snip] >> +static int chtls_set_tcb_field(struct sock *sk, u16 word, u64 mask, u64 val) >> +{ >> +struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); >> +struct sk_buff *skb; >> +

[PATCH RFC 4/5] tls: RX path for ktls

Add rx path for tls software implementation. recvmsg, splice_read, and poll implemented. An additional sockopt TLS_RX is added, with the same interface as TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or together (with two different setsockopt calls with appropriate keys).

[PATCH RFC 3/5] tls: Pass error code explicitly to tls_err_abort

Pass EBADMSG explicitly to tls_err_abort. Receive path will pass additional codes - E2BIG if framing is larger than max TLS record size. Signed-off-by: Dave Watson --- include/net/tls.h | 6 +++--- net/tls/tls_sw.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)

[PATCH RFC 1/5] tls: Generalize zerocopy_from_iter

Refactor zerocopy_from_iter to take arguments for pages and size, such that it can be used for both tx and rx. RX will also support zerocopy direct to output iter, as long as the full message can be copied at once (a large enough userspace buffer was provided). Signed-off-by: Dave Watson

[PATCH RFC 2/5] tls: Move cipher info to a separate struct

Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson --- include/net/tls.h | 26 +---

[PATCH RFC 0/5] TLX Rx

TLS tcp socket RX implementation, to match existing TX code. This patchset completes the software TLS socket, allowing full bi-directional communication over TLS using normal socket syscalls, after the handshake has been done in userspace. Only the symmetric encryption is done in the kernel.

[PATCH RFC 5/5] tls: Add receive path documentation

Add documentation on rx path setup and cmsg interface. Signed-off-by: Dave Watson --- Documentation/networking/tls.txt | 59 ++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/Documentation/networking/tls.txt

Re: [PATCH RFC 4/5] tls: RX path for ktls

Hi Dave, On 03/08/18 18:50, Dave Watson wrote: Add rx path for tls software implementation. recvmsg, splice_read, and poll implemented. An additional sockopt TLS_RX is added, with the same interface as TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or together (with two

Re: [PATCH RFC 4/5] tls: RX path for ktls

On 03/08/18 09:48 PM, Boris Pismenny wrote: > Hi Dave, > > On 03/08/18 18:50, Dave Watson wrote: > > Add rx path for tls software implementation. > > > > recvmsg, splice_read, and poll implemented. > > > > An additional sockopt TLS_RX is added, with the same interface as > > TLS_TX. Either

Re: [PATCH] crypto/ecc: Remove stack VLA usage

On Thu, Mar 8, 2018 at 1:43 AM, Tudor Ambarus wrote: > Hi, Kees, > > > On 03/07/2018 11:56 PM, Kees Cook wrote: >> >> On the quest to remove all VLAs from the kernel[1], this switches to >> a pair of kmalloc regions instead of using the stack. This also moves >> the

[PATCH v2] crypto/ecc: Remove stack VLA usage

On the quest to remove all VLAs from the kernel[1], this switches to a pair of kmalloc regions instead of using the stack. This also moves the get_random_bytes() after all allocations (and drops the needless "nbytes" variable). [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kees Cook