tls: implement rekey for TLS1.3

This adds the possibility to change the key and IV when using TLS1.3. Changing the cipher or TLS version is not supported. Once we have updated the RX key, we can unblock the receive side. If the rekey fails, the context is unmodified and userspace is free to retry the update or close the socket. This change only affects tls_sw, since 1.3 offload isn't supported. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Acked-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Sabrina Dubroca <sd@queasysnail.net> 2024-12-12 16:36:05 +0100
committer: David S. Miller <davem@davemloft.net> 2024-12-16 12:47:29 +0000
commit: 47069594e67e882ec5c1d8d374f6aab037511509 (patch)
tree: f9fef2235945614a765ccc6383f38ceca0727e88 /net/tls/tls_device.c
parent: 0471b1093e3a5d702ba2bf5987c35ee0e2336855 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index dc063c2c7950..e50b6e71df13 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1227,7 +1227,7 @@ int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx)
 	context->resync_nh_reset = 1;
 
 	ctx->priv_ctx_rx = context;
-	rc = tls_set_sw_offload(sk, 0);
+	rc = tls_set_sw_offload(sk, 0, NULL);
 	if (rc)
 		goto release_ctx;
author	Sabrina Dubroca <sd@queasysnail.net>	2024-12-12 16:36:05 +0100
committer	David S. Miller <davem@davemloft.net>	2024-12-16 12:47:29 +0000
commit	47069594e67e882ec5c1d8d374f6aab037511509 (patch)
tree	f9fef2235945614a765ccc6383f38ceca0727e88 /net/tls/tls_device.c
parent	0471b1093e3a5d702ba2bf5987c35ee0e2336855 (diff)