lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190201.150135.2232426583404883022.davem@davemloft.net> Date: Fri, 01 Feb 2019 15:01:35 -0800 (PST) From: David Miller <davem@...emloft.net> To: davejwatson@...com Cc: netdev@...r.kernel.org, vakul.garg@....com, borisp@...lanox.com, aviadye@...lanox.com, john.fastabend@...il.com, daniel@...earbox.net Subject: Re: [PATCH net-next v2 0/5] net: tls: TLS 1.3 support From: Dave Watson <davejwatson@...com> Date: Wed, 30 Jan 2019 21:57:58 +0000 > This patchset adds 256bit keys and TLS1.3 support to the kernel TLS > socket. > > TLS 1.3 is requested by passing TLS_1_3_VERSION in the setsockopt > call, which changes the framing as required for TLS1.3. > > 256bit keys are requested by passing TLS_CIPHER_AES_GCM_256 in the > sockopt. This is a fairly straightforward passthrough to the crypto > framework. > > 256bit keys work with both TLS 1.2 and TLS 1.3 > > TLS 1.3 requires a different AAD layout, necessitating some minor > refactoring. It also moves the message type byte to the encrypted > portion of the message, instead of the cleartext header as it was in > TLS1.2. This requires moving the control message handling to after > decryption, but is otherwise similar. > > V1 -> V2 > > The first two patches were dropped, and sent separately, one as a > bugfix to the net tree. Series applied, thanks Dave. I'll push this out to net-next once my build testing completes. Thanks again.
Powered by blists - more mailing lists