summaryrefslogtreecommitdiff
path: root/net/tls/tls_main.c
diff options
context:
space:
mode:
authorDave Watson <davejwatson@fb.com>2019-01-31 00:58:31 +0300
committerDavid S. Miller <davem@davemloft.net>2019-02-02 02:00:55 +0300
commit130b392c6cd6b2aed1b7eb32253d4920babb4891 (patch)
tree99a8b337cdf5fcb3f23374b3100ed8e3ea295e19 /net/tls/tls_main.c
parentfedf201e12960bd2fab0596422851b20a8d80d20 (diff)
downloadlinux-130b392c6cd6b2aed1b7eb32253d4920babb4891.tar.xz
net: tls: Add tls 1.3 support
TLS 1.3 has minor changes from TLS 1.2 at the record layer. * Header now hardcodes the same version and application content type in the header. * The real content type is appended after the data, before encryption (or after decryption). * The IV is xored with the sequence number, instead of concatinating four bytes of IV with the explicit IV. * Zero-padding: No exlicit length is given, we search backwards from the end of the decrypted data for the first non-zero byte, which is the content type. Currently recv supports reading zero-padding, but there is no way for send to add zero padding. Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls/tls_main.c')
-rw-r--r--net/tls/tls_main.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 0f028cfdf835..d1c2fd9a3f63 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -463,7 +463,8 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
}
/* check version */
- if (crypto_info->version != TLS_1_2_VERSION) {
+ if (crypto_info->version != TLS_1_2_VERSION &&
+ crypto_info->version != TLS_1_3_VERSION) {
rc = -ENOTSUPP;
goto err_crypto_info;
}