Hello:
This series was applied to netdev/net-next.git (main) by David S. Miller davem@davemloft.net:
On Thu, 12 Dec 2024 16:36:03 +0100 you wrote:
This adds support for receiving KeyUpdate messages (RFC 8446, 4.6.3 [1]). A sender transmits a KeyUpdate message and then changes its TX key. The receiver should react by updating its RX key before processing the next message.
This patchset implements key updates by:
- pausing decryption when a KeyUpdate message is received, to avoid attempting to use the old key to decrypt a record encrypted with the new key
- returning -EKEYEXPIRED to syscalls that cannot receive the KeyUpdate message, until the rekey has been performed by userspace
- passing the KeyUpdate message to userspace as a control message
- allowing updates of the crypto_info via the TLS_TX/TLS_RX setsockopts
[...]
Here is the summary with links: - [net-next,v5,1/6] tls: block decryption when a rekey is pending https://git.kernel.org/netdev/net-next/c/0471b1093e3a - [net-next,v5,2/6] tls: implement rekey for TLS1.3 https://git.kernel.org/netdev/net-next/c/47069594e67e - [net-next,v5,3/6] tls: add counters for rekey https://git.kernel.org/netdev/net-next/c/510128b30f2d - [net-next,v5,4/6] docs: tls: document TLS1.3 key updates https://git.kernel.org/netdev/net-next/c/5aa97a43d042 - [net-next,v5,5/6] selftests: tls: add key_generation argument to tls_crypto_info_init https://git.kernel.org/netdev/net-next/c/b2e584aa3c71 - [net-next,v5,6/6] selftests: tls: add rekey tests https://git.kernel.org/netdev/net-next/c/555f0edb9ff0
You are awesome, thank you!