net/tls: reject offload of TLS 1.3 (618bac45) · Commits · 戴 / test

Neither drivers nor the tls offload code currently supports TLS version 1.3. Check the TLS version when installing connection state. TLS 1.3 will just fallback to the kernel crypto for now. Fixes: ("net: tls: Add tls 1.3 support") Signed-off-by:

Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by:

Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by:

David S. Miller <davem@davemloft.net>

net/tls/tls_device.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -742,6 +742,11 @@ int tls_set_device_offload(struct sock sk, struct tls_context ctx)
		}

		crypto_info = &ctx->crypto_send.info;
		if (crypto_info->version != TLS_1_2_VERSION) {
		rc = -EOPNOTSUPP;
		goto free_offload_ctx;
		}

		switch (crypto_info->cipher_type) {
		case TLS_CIPHER_AES_GCM_128:
		nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
		@@ -876,6 +881,9 @@ int tls_set_device_offload_rx(struct sock sk, struct tls_context ctx)
		struct net_device *netdev;
		int rc = 0;

		if (ctx->crypto_recv.info.version != TLS_1_2_VERSION)
		return -EOPNOTSUPP;

		/* We support starting offload on multiple sockets
		* concurrently, so we only need a read lock here.
		* This lock must precede get_netdev_for_sock to prevent races between

Admin message