1. 13 2月, 2019 9 次提交
  2. 12 2月, 2019 4 次提交
  3. 11 2月, 2019 2 次提交
  4. 10 2月, 2019 1 次提交
    • V
      net/tls: Disable async decrytion for tls1.3 · 8497ded2
      Vakul Garg 提交于
      Function tls_sw_recvmsg() dequeues multiple records from stream parser
      and decrypts them. In case the decryption is done by async accelerator,
      the records may get submitted for decryption while the previous ones may
      not have been decryted yet. For tls1.3, the record type is known only
      after decryption. Therefore, for tls1.3, tls_sw_recvmsg() may submit
      records for decryption even if it gets 'handshake' records after 'data'
      records. These intermediate 'handshake' records may do a key updation.
      By the time new keys are given to ktls by userspace, it is possible that
      ktls has already submitted some records i(which are encrypted with new
      keys) for decryption using old keys. This would lead to decrypt failure.
      Therefore, async decryption of records should be disabled for tls1.3.
      
      Fixes: 130b392c ("net: tls: Add tls 1.3 support")
      Signed-off-by: NVakul Garg <vakul.garg@nxp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8497ded2
  5. 09 2月, 2019 6 次提交
  6. 08 2月, 2019 15 次提交
  7. 07 2月, 2019 3 次提交