| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <65a78771-d820-2337-363e-a29f3f144c15@suse.de>
Date: Wed, 19 Jul 2023 09:40:48 +0200
From: Hannes Reinecke <hare@...e.de>
To: Chuck Lever <cel@...nel.org>, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com
Cc: netdev@...r.kernel.org, kernel-tls-handshake@...ts.linux.dev
Subject: Re: [PATCH net-next v1 2/7] net/tls: Add TLS Alert definitions
On 7/18/23 20:59, Chuck Lever wrote:
> From: Chuck Lever <chuck.lever@...cle.com>
>
> I'm about to add support for kernel handshake API consumers to send
> TLS Alerts, so introduce the needed protocol definitions in the new
> header tls_prot.h.
>
> This presages support for Closure alerts. Also, support for alerts
> is a pre-requite for handling session re-keying, where one peer will
> signal the need for a re-key by sending a TLS Alert.
>
> Signed-off-by: Chuck Lever <chuck.lever@...cle.com>
> ---
> include/net/tls_prot.h | 42 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 42 insertions(+)
>
> diff --git a/include/net/tls_prot.h b/include/net/tls_prot.h
> index 47d6cfd1619e..68a40756440b 100644
> --- a/include/net/tls_prot.h
> +++ b/include/net/tls_prot.h
> @@ -23,4 +23,46 @@ enum {
> TLS_RECORD_TYPE_ACK = 26,
> };
>
> +/*
> + * TLS Alert protocol: AlertLevel
> + */
> +enum {
> + TLS_ALERT_LEVEL_WARNING = 1,
> + TLS_ALERT_LEVEL_FATAL = 2,
> +};
> +
> +/*
> + * TLS Alert protocol: AlertDescription
> + */
> +enum {
> + TLS_ALERT_DESC_CLOSE_NOTIFY = 0,
> + TLS_ALERT_DESC_UNEXPECTED_MESSAGE = 10,
> + TLS_ALERT_DESC_BAD_RECORD_MAC = 20,
> + TLS_ALERT_DESC_RECORD_OVERFLOW = 22,
> + TLS_ALERT_DESC_HANDSHAKE_FAILURE = 40,
> + TLS_ALERT_DESC_BAD_CERTIFICATE = 42,
> + TLS_ALERT_DESC_UNSUPPORTED_CERTIFICATE = 43,
> + TLS_ALERT_DESC_CERTIFICATE_REVOKED = 44,
> + TLS_ALERT_DESC_CERTIFICATE_EXPIRED = 45,
> + TLS_ALERT_DESC_CERTIFICATE_UNKNOWN = 46,
> + TLS_ALERT_DESC_ILLEGAL_PARAMETER = 47,
> + TLS_ALERT_DESC_UNKNOWN_CA = 48,
> + TLS_ALERT_DESC_ACCESS_DENIED = 49,
> + TLS_ALERT_DESC_DECODE_ERROR = 50,
> + TLS_ALERT_DESC_DECRYPT_ERROR = 51,
> + TLS_ALERT_DESC_TOO_MANY_CIDS_REQUESTED = 52,
> + TLS_ALERT_DESC_PROTOCOL_VERSION = 70,
> + TLS_ALERT_DESC_INSUFFICIENT_SECURITY = 71,
> + TLS_ALERT_DESC_INTERNAL_ERROR = 80,
> + TLS_ALERT_DESC_INAPPROPRIATE_FALLBACK = 86,
> + TLS_ALERT_DESC_USER_CANCELED = 90,
> + TLS_ALERT_DESC_MISSING_EXTENSION = 109,
> + TLS_ALERT_DESC_UNSUPPORTED_EXTENSION = 110,
> + TLS_ALERT_DESC_UNRECOGNIZED_NAME = 112,
> + TLS_ALERT_DESC_BAD_CERTIFICATE_STATUS_RESPONSE = 113,
> + TLS_ALERT_DESC_UNKNOWN_PSK_IDENTITY = 115,
> + TLS_ALERT_DESC_CERTIFICATE_REQUIRED = 116,
> + TLS_ALERT_DESC_NO_APPLICATION_PROTOCOL = 120,
> +};
> +
> #endif /* _TLS_PROT_H */
>
>
>
Reviewed-by: Hannes Reinecke <hare@...e.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Frankenstr. 146, 90461 Nürnberg
Managing Directors: I. Totev, A. Myers, A. McDonald, M. B. Moerman
(HRB 36809, AG Nürnberg)
Powered by blists - more mailing lists