net/tls: don't look for decrypted frames on non-offloaded sockets

If the RX config of a TLS socket is SW, there is no point iterating
over the fragments and checking if frame is decrypted.  It will
always be fully encrypted.  Note that in fully encrypted case
the function doesn't actually touch any offload-related state,
so it's safe to call for TLS_SW, today.  Soon we will introduce
code which can only be called for offloaded contexts.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 960494f437ac34e27b2c8a55575003e273f9e1fc..f833407c789f467c7caf9dcebc123b7aed9ef0cf 100644 (file)
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1492,9 +1492,11 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
 
        if (!ctx->decrypted) {
 #ifdef CONFIG_TLS_DEVICE
-               err = tls_device_decrypted(sk, skb);
-               if (err < 0)
-                       return err;
+               if (tls_ctx->rx_conf == TLS_HW) {
+                       err = tls_device_decrypted(sk, skb);
+                       if (err < 0)
+                               return err;
+               }
 #endif
                /* Still not decrypted after tls_device */
                if (!ctx->decrypted) {