diff options
| -rw-r--r-- | include/net/tls.h | 1 | ||||
| -rw-r--r-- | net/tls/tls_sw.c | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index f040edc97c50..a01c264e5f15 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -64,6 +64,7 @@ #define TLS_AAD_SPACE_SIZE 13 #define MAX_IV_SIZE 16 +#define TLS_TAG_SIZE 16 #define TLS_MAX_REC_SEQ_SIZE 8 /* For CCM mode, the full 16-bytes of IV is made of '4' fields of given sizes. diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 34e74b26211d..ae90749f182a 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -136,9 +136,9 @@ static int padding_length(struct tls_prot_info *prot, struct sk_buff *skb) /* Determine zero-padding length */ if (prot->version == TLS_1_3_VERSION) { + int back = TLS_TAG_SIZE + 1; char content_type = 0; int err; - int back = 17; while (content_type == 0) { if (back > rxm->full_len - prot->prepend_size) @@ -2496,7 +2496,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) /* Sanity-check the sizes for stack allocations. */ if (iv_size > MAX_IV_SIZE || nonce_size > MAX_IV_SIZE || - rec_seq_size > TLS_MAX_REC_SEQ_SIZE) { + rec_seq_size > TLS_MAX_REC_SEQ_SIZE || tag_size != TLS_TAG_SIZE) { rc = -EINVAL; goto free_priv; } |