On 3/7/2018 6:29 PM, Sabrina Dubroca wrote:
> 2018-03-06, 21:09:25 +0530, Atul Gupta wrote:
>> Read FW capability. Read key area size. Dump the TLS record count.
> That's not a really helpful commit message. Have a look at other
> commit messages and try to be more descriptive.
> It's also not
Hi, Kees,
On 03/07/2018 11:56 PM, Kees Cook wrote:
On the quest to remove all VLAs from the kernel[1], this switches to
a pair of kmalloc regions instead of using the stack. This also moves
the get_random_bytes() after all allocations (and drops the needless
"nbytes" variable).
[1]
On 3/7/2018 8:35 PM, Sabrina Dubroca wrote:
> 2018-03-06, 21:09:27 +0530, Atul Gupta wrote:
> [snip]
>> +static int chtls_set_tcb_field(struct sock *sk, u16 word, u64 mask, u64 val)
>> +{
>> +struct chtls_sock *csk = rcu_dereference_sk_user_data(sk);
>> +struct sk_buff *skb;
>> +
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Pass EBADMSG explicitly to tls_err_abort. Receive path will
pass additional codes - E2BIG if framing is larger than max
TLS record size.
Signed-off-by: Dave Watson
---
include/net/tls.h | 6 +++---
net/tls/tls_sw.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
Refactor zerocopy_from_iter to take arguments for pages and size,
such that it can be used for both tx and rx. RX will also support
zerocopy direct to output iter, as long as the full message can
be copied at once (a large enough userspace buffer was provided).
Signed-off-by: Dave Watson
Separate tx crypto parameters to a separate cipher_context struct.
The same parameters will be used for rx using the same struct.
tls_advance_record_sn is modified to only take the cipher info.
Signed-off-by: Dave Watson
---
include/net/tls.h | 26 +---
TLS tcp socket RX implementation, to match existing TX code.
This patchset completes the software TLS socket, allowing full
bi-directional communication over TLS using normal socket syscalls,
after the handshake has been done in userspace. Only the symmetric
encryption is done in the kernel.
Add documentation on rx path setup and cmsg interface.
Signed-off-by: Dave Watson
---
Documentation/networking/tls.txt | 59 ++--
1 file changed, 57 insertions(+), 2 deletions(-)
diff --git a/Documentation/networking/tls.txt
Hi Dave,
On 03/08/18 18:50, Dave Watson wrote:
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two
On 03/08/18 09:48 PM, Boris Pismenny wrote:
> Hi Dave,
>
> On 03/08/18 18:50, Dave Watson wrote:
> > Add rx path for tls software implementation.
> >
> > recvmsg, splice_read, and poll implemented.
> >
> > An additional sockopt TLS_RX is added, with the same interface as
> > TLS_TX. Either
On Thu, Mar 8, 2018 at 1:43 AM, Tudor Ambarus
wrote:
> Hi, Kees,
>
>
> On 03/07/2018 11:56 PM, Kees Cook wrote:
>>
>> On the quest to remove all VLAs from the kernel[1], this switches to
>> a pair of kmalloc regions instead of using the stack. This also moves
>> the
On the quest to remove all VLAs from the kernel[1], this switches to
a pair of kmalloc regions instead of using the stack. This also moves
the get_random_bytes() after all allocations (and drops the needless
"nbytes" variable).
[1] https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Kees Cook
13 matches
Mail list logo