lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 01 Feb 2019 15:01:35 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     davejwatson@...com
Cc:     netdev@...r.kernel.org, vakul.garg@....com, borisp@...lanox.com,
        aviadye@...lanox.com, john.fastabend@...il.com,
        daniel@...earbox.net
Subject: Re: [PATCH net-next v2 0/5] net: tls: TLS 1.3 support

From: Dave Watson <davejwatson@...com>
Date: Wed, 30 Jan 2019 21:57:58 +0000

> This patchset adds 256bit keys and TLS1.3 support to the kernel TLS
> socket.  
> 
> TLS 1.3 is requested by passing TLS_1_3_VERSION in the setsockopt
> call, which changes the framing as required for TLS1.3.  
> 
> 256bit keys are requested by passing TLS_CIPHER_AES_GCM_256 in the
> sockopt.  This is a fairly straightforward passthrough to the crypto
> framework.  
> 
> 256bit keys work with both TLS 1.2 and TLS 1.3
> 
> TLS 1.3 requires a different AAD layout, necessitating some minor
> refactoring.  It also moves the message type byte to the encrypted
> portion of the message, instead of the cleartext header as it was in
> TLS1.2.  This requires moving the control message handling to after
> decryption, but is otherwise similar.
> 
> V1 -> V2
> 
> The first two patches were dropped, and sent separately, one as a
> bugfix to the net tree.

Series applied, thanks Dave.

I'll push this out to net-next once my build testing completes.

Thanks again.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ