| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190201.150135.2232426583404883022.davem@davemloft.net>
Date: Fri, 01 Feb 2019 15:01:35 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: davejwatson@...com
Cc: netdev@...r.kernel.org, vakul.garg@....com, borisp@...lanox.com,
aviadye@...lanox.com, john.fastabend@...il.com,
daniel@...earbox.net
Subject: Re: [PATCH net-next v2 0/5] net: tls: TLS 1.3 support
From: Dave Watson <davejwatson@...com>
Date: Wed, 30 Jan 2019 21:57:58 +0000
> This patchset adds 256bit keys and TLS1.3 support to the kernel TLS
> socket.
>
> TLS 1.3 is requested by passing TLS_1_3_VERSION in the setsockopt
> call, which changes the framing as required for TLS1.3.
>
> 256bit keys are requested by passing TLS_CIPHER_AES_GCM_256 in the
> sockopt. This is a fairly straightforward passthrough to the crypto
> framework.
>
> 256bit keys work with both TLS 1.2 and TLS 1.3
>
> TLS 1.3 requires a different AAD layout, necessitating some minor
> refactoring. It also moves the message type byte to the encrypted
> portion of the message, instead of the cleartext header as it was in
> TLS1.2. This requires moving the control message handling to after
> decryption, but is otherwise similar.
>
> V1 -> V2
>
> The first two patches were dropped, and sent separately, one as a
> bugfix to the net tree.
Series applied, thanks Dave.
I'll push this out to net-next once my build testing completes.
Thanks again.
Powered by blists - more mailing lists