From: Dave Watson <davejwat...@fb.com> Date: Wed, 30 Jan 2019 21:57:58 +0000
> This patchset adds 256bit keys and TLS1.3 support to the kernel TLS > socket. > > TLS 1.3 is requested by passing TLS_1_3_VERSION in the setsockopt > call, which changes the framing as required for TLS1.3. > > 256bit keys are requested by passing TLS_CIPHER_AES_GCM_256 in the > sockopt. This is a fairly straightforward passthrough to the crypto > framework. > > 256bit keys work with both TLS 1.2 and TLS 1.3 > > TLS 1.3 requires a different AAD layout, necessitating some minor > refactoring. It also moves the message type byte to the encrypted > portion of the message, instead of the cleartext header as it was in > TLS1.2. This requires moving the control message handling to after > decryption, but is otherwise similar. > > V1 -> V2 > > The first two patches were dropped, and sent separately, one as a > bugfix to the net tree. Series applied, thanks Dave. I'll push this out to net-next once my build testing completes. Thanks again.
