]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ba6b771) | patch
ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
authorJohn Baldwin <jhb@FreeBSD.org>
Wed, 27 Oct 2021 23:35:56 +0000 (16:35 -0700)
committerJohn Baldwin <jhb@FreeBSD.org>
Tue, 23 Nov 2021 23:11:45 +0000 (15:11 -0800)
commit81b6dba1a08b031bdf7463c1704d27ae1e0daa0f
tree5ff7ca4f1b9c813ef56b455d3c3660eed3e6591dtree | snapshot
parentba6b771d1732eda0546d187b1397b1bcded3208dcommit | diff
ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.

The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32676

(cherry picked from commit 4827bf76bce8814b9d9a0d883467a3d2366e59a2)
sys/opencrypto/ktls_ocf.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.