projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0471b10) | patch
tls: implement rekey for TLS1.3
authorSabrina Dubroca <sd@queasysnail.net>
Thu, 12 Dec 2024 15:36:05 +0000 (16:36 +0100)
committerDavid S. Miller <davem@davemloft.net>
Mon, 16 Dec 2024 12:47:29 +0000 (12:47 +0000)
commit47069594e67e882ec5c1d8d374f6aab037511509
treef9fef2235945614a765ccc6383f38ceca0727e88tree
parent0471b1093e3a5d702ba2bf5987c35ee0e2336855commit | diff
tls: implement rekey for TLS1.3

This adds the possibility to change the key and IV when using
TLS1.3. Changing the cipher or TLS version is not supported.

Once we have updated the RX key, we can unblock the receive side. If
the rekey fails, the context is unmodified and userspace is free to
retry the update or close the socket.

This change only affects tls_sw, since 1.3 offload isn't supported.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tls/tls.h diff | blob | blame | history
net/tls/tls_device.c diff | blob | blame | history
net/tls/tls_main.c diff | blob | blame | history
net/tls/tls_sw.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)