Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/uipc_ktls.c
Show First 20 Lines • Show All 1,685 Lines • ▼ Show 20 Lines | ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt, | ||||
maxlen = tls->params.max_frame_len; | maxlen = tls->params.max_frame_len; | ||||
*enq_cnt = 0; | *enq_cnt = 0; | ||||
for (m = top; m != NULL; m = m->m_next) { | for (m = top; m != NULL; m = m->m_next) { | ||||
/* | /* | ||||
* All mbufs in the chain should be TLS records whose | * All mbufs in the chain should be TLS records whose | ||||
* payload does not exceed the maximum frame length. | * payload does not exceed the maximum frame length. | ||||
* | * | ||||
* Empty TLS records are permitted when using CBC. | * Empty TLS 1.0 records are permitted when using CBC. | ||||
*/ | */ | ||||
KASSERT(m->m_len <= maxlen && | KASSERT(m->m_len <= maxlen && m->m_len >= 0 && | ||||
(tls->params.cipher_algorithm == CRYPTO_AES_CBC ? | (m->m_len > 0 || ktls_permit_empty_frames(tls)), | ||||
m->m_len >= 0 : m->m_len > 0), | ("ktls_frame: m %p len %d", m, m->m_len)); | ||||
("ktls_frame: m %p len %d\n", m, m->m_len)); | |||||
/* | /* | ||||
* TLS frames require unmapped mbufs to store session | * TLS frames require unmapped mbufs to store session | ||||
* info. | * info. | ||||
*/ | */ | ||||
KASSERT((m->m_flags & M_EXTPG) != 0, | KASSERT((m->m_flags & M_EXTPG) != 0, | ||||
("ktls_frame: mapped mbuf %p (top = %p)\n", m, top)); | ("ktls_frame: mapped mbuf %p (top = %p)", m, top)); | ||||
tls_len = m->m_len; | tls_len = m->m_len; | ||||
/* Save a reference to the session. */ | /* Save a reference to the session. */ | ||||
m->m_epg_tls = ktls_hold(tls); | m->m_epg_tls = ktls_hold(tls); | ||||
m->m_epg_hdrlen = tls->params.tls_hlen; | m->m_epg_hdrlen = tls->params.tls_hlen; | ||||
m->m_epg_trllen = tls->params.tls_tlen; | m->m_epg_trllen = tls->params.tls_tlen; | ||||
▲ Show 20 Lines • Show All 75 Lines • ▼ Show 20 Lines | if (tls->mode == TCP_TLS_MODE_SW) { | ||||
if (__predict_false(tls_len == 0)) { | if (__predict_false(tls_len == 0)) { | ||||
/* TLS 1.0 empty fragment. */ | /* TLS 1.0 empty fragment. */ | ||||
m->m_epg_nrdy = 1; | m->m_epg_nrdy = 1; | ||||
} else | } else | ||||
m->m_epg_nrdy = m->m_epg_npgs; | m->m_epg_nrdy = m->m_epg_npgs; | ||||
*enq_cnt += m->m_epg_nrdy; | *enq_cnt += m->m_epg_nrdy; | ||||
} | } | ||||
} | } | ||||
} | |||||
bool | |||||
ktls_permit_empty_frames(struct ktls_session *tls) | |||||
{ | |||||
return (tls->params.cipher_algorithm == CRYPTO_AES_CBC && | |||||
tls->params.tls_vminor == TLS_MINOR_VER_ZERO); | |||||
} | } | ||||
void | void | ||||
ktls_check_rx(struct sockbuf *sb) | ktls_check_rx(struct sockbuf *sb) | ||||
{ | { | ||||
struct tls_record_layer hdr; | struct tls_record_layer hdr; | ||||
struct ktls_wq *wq; | struct ktls_wq *wq; | ||||
struct socket *so; | struct socket *so; | ||||
▲ Show 20 Lines • Show All 1,079 Lines • Show Last 20 Lines |