]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 72f750d) | patch
ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
authorJohn Baldwin <jhb@FreeBSD.org>
Wed, 27 Oct 2021 23:35:56 +0000 (16:35 -0700)
committerJohn Baldwin <jhb@FreeBSD.org>
Wed, 27 Oct 2021 23:35:56 +0000 (16:35 -0700)
commit4827bf76bce8814b9d9a0d883467a3d2366e59a2
treefe6f6282bd5ecea481fcbac2c227c3a74986121btree | snapshot
parent72f750dc7c7324c3999e4d6cfbb2758694893cddcommit | diff
ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.

The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32676
sys/opencrypto/ktls_ocf.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.