Page MenuHomeFreeBSD

ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
ClosedPublic

Authored by jhb on Oct 26 2021, 11:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 6, 11:35 PM
Unknown Object (File)
Sep 9 2025, 10:11 AM
Unknown Object (File)
Aug 31 2025, 5:03 AM
Unknown Object (File)
Aug 28 2025, 4:43 AM
Unknown Object (File)
Aug 23 2025, 10:53 PM
Unknown Object (File)
Aug 14 2025, 10:33 PM
Unknown Object (File)
Aug 13 2025, 6:15 AM
Unknown Object (File)
Jul 26 2025, 10:43 AM
Subscribers

Details

Summary

The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable