diff options
| author | Dave Watson <davejwatson@fb.com> | 2019-01-31 00:58:31 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-02-02 02:00:55 +0300 |
| commit | 130b392c6cd6b2aed1b7eb32253d4920babb4891 (patch) | |
| tree | 99a8b337cdf5fcb3f23374b3100ed8e3ea295e19 /net/tls/tls_main.c | |
| parent | fedf201e12960bd2fab0596422851b20a8d80d20 (diff) | |
| download | linux-130b392c6cd6b2aed1b7eb32253d4920babb4891.tar.xz | |
net: tls: Add tls 1.3 support
TLS 1.3 has minor changes from TLS 1.2 at the record layer.
* Header now hardcodes the same version and application content type in
the header.
* The real content type is appended after the data, before encryption (or
after decryption).
* The IV is xored with the sequence number, instead of concatinating four
bytes of IV with the explicit IV.
* Zero-padding: No exlicit length is given, we search backwards from the
end of the decrypted data for the first non-zero byte, which is the
content type. Currently recv supports reading zero-padding, but there
is no way for send to add zero padding.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls/tls_main.c')
| -rw-r--r-- | net/tls/tls_main.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 0f028cfdf835..d1c2fd9a3f63 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -463,7 +463,8 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, } /* check version */ - if (crypto_info->version != TLS_1_2_VERSION) { + if (crypto_info->version != TLS_1_2_VERSION && + crypto_info->version != TLS_1_3_VERSION) { rc = -ENOTSUPP; goto err_crypto_info; } |