Page MenuHomeFreeBSD
Differential D32676

ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
ClosedPublic
Actions

Authored by jhb on Oct 26 2021, 11:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 6, 12:11 PM
Unknown Object (File)
Sat, Dec 20, 12:44 AM
Unknown Object (File)
Nov 24 2025, 1:47 AM
Unknown Object (File)
Nov 10 2025, 8:38 PM
Unknown Object (File)
Nov 9 2025, 12:57 AM
Unknown Object (File)
Nov 4 2025, 9:01 AM
Unknown Object (File)
Nov 3 2025, 7:44 PM
Unknown Object (File)
Oct 26 2025, 7:06 PM
View All Files
Subscribers
imp
jmg

Details

Reviewers
gallatin
markj
Commits
rG81b6dba1a08b: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
rG4827bf76bce8: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
Summary

The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
3 lines

Diff 97588

View Options

sys/opencrypto/ktls_ocf.c

Loading...