Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp402045ybi; Fri, 26 Jul 2019 11:41:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqxHpw/iMkNznW5VthUPckHUAiaJESPlCOyLko1sOYOcZFq2tu0etViiy5VfqX/PTQy7D1+D X-Received: by 2002:a17:90a:30aa:: with SMTP id h39mr100062089pjb.32.1564166485340; Fri, 26 Jul 2019 11:41:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564166485; cv=none; d=google.com; s=arc-20160816; b=P3YziczeYhoDXCCOnOk6fhIpX0vychCEYiqo6Z00OstIcol/8T5N0AmURSELhtHEFj q37I3i07oNY1nx4tnrxf3cJxIfc4b2BQZOUiv9wWNWMLHNEmOQ9v26mPlV4H+40WhpZp Osb+UwjvRveIvYe38pa4/Cgz7hX+y40gekYzGcsHYhipGDHpc42XJjWROZkSuVNNtxqZ +rPMVb7aT9wsvkxOmGj15abMfFZosjQA+V+u/b8s30HzZAysUIjc7uqlBz3DVOuUVY83 SWhjyBTXL9DycOjTrCIlKuLY8d0gTHA50WSGzhJtG3WgGs9uJegOdKgk0x9VHgp0esqR /oJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=72ri21uHtCoC7qh5Ie2IXKGJ9h0x+B8Zu+urU89GSo4=; b=dHYUoc/Z4b3gtTPQHP3hhf6GFVbYcrPCtMfLJRK1ey78wiBDBuwLhcQV5OnlV1aZCU pcjONZvtu6nAuawrtkZJi5RzhAJA7Q1U3qX13ybda6Cajy9yx6vMPh4+F54I3yGuwvaK XG9R1eyJD3dyss6etTMCRUrt9wQ5vrMfwkNLVtsQmsSusw+kRBG9IDQVNnfqc5YEyYhw PzHvZL52bIBRCsPTLHM5RHi1KnzKj/MOBAM9G57xzz+cMBedEyPkm5SrLLmDGDbC+L+Y 4OEXVfwckyGzc+SF88Zoc5QVAs2fA228ENqXoQNMCrJaSXHlFWeLQsOSUp1HkB1JuTJl s7ng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BGg8IVIb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 73si26269849pgg.72.2019.07.26.11.41.10; Fri, 26 Jul 2019 11:41:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BGg8IVIb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389080AbfGZPa0 (ORCPT + 99 others); Fri, 26 Jul 2019 11:30:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:45276 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389064AbfGZPaW (ORCPT ); Fri, 26 Jul 2019 11:30:22 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 034E5205F4; Fri, 26 Jul 2019 15:30:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564155021; bh=ZR35wzuuqft4MCSMoZUmWn/SZjadH6eInU+f59OcpAo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BGg8IVIbY1zOIjXGOy4IJsVQUCqzhujAolkt8/Q2EuU8tUf8WL4yeu+qNBZ94eRxF 2wjjMDp8p4RykRlOTybk/sTDRAslJqTziyNIJeXdetP41rnVAs9fYUj0+daA3QmXZ8 AOKcY/cnwDhwd9sdJBhdLxvPVQaxBcxPBkMB3zFQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe , "David S. Miller" Subject: [PATCH 5.1 38/62] net/tls: reject offload of TLS 1.3 Date: Fri, 26 Jul 2019 17:24:50 +0200 Message-Id: <20190726152305.969679023@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190726152301.720139286@linuxfoundation.org> References: <20190726152301.720139286@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jakub Kicinski [ Upstream commit 618bac45937a3dc6126ac0652747481e97000f99 ] Neither drivers nor the tls offload code currently supports TLS version 1.3. Check the TLS version when installing connection state. TLS 1.3 will just fallback to the kernel crypto for now. Fixes: 130b392c6cd6 ("net: tls: Add tls 1.3 support") Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_device.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -746,6 +746,11 @@ int tls_set_device_offload(struct sock * } crypto_info = &ctx->crypto_send.info; + if (crypto_info->version != TLS_1_2_VERSION) { + rc = -EOPNOTSUPP; + goto free_offload_ctx; + } + switch (crypto_info->cipher_type) { case TLS_CIPHER_AES_GCM_128: nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE; @@ -880,6 +885,9 @@ int tls_set_device_offload_rx(struct soc struct net_device *netdev; int rc = 0; + if (ctx->crypto_recv.info.version != TLS_1_2_VERSION) + return -EOPNOTSUPP; + /* We support starting offload on multiple sockets * concurrently, so we only need a read lock here. * This lock must precede get_netdev_for_sock to prevent races between