Differential D32676

ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
ClosedPublic
Actions

Authored by jhb on Oct 26 2021, 11:31 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Jan 17, 2:47 PM

	Unknown Object (File)
	Dec 20 2024, 1:56 AM

	Unknown Object (File)
	Dec 14 2024, 2:14 PM

	Unknown Object (File)
	Dec 9 2024, 8:22 AM

	Unknown Object (File)
	Nov 12 2024, 6:22 AM

	Unknown Object (File)
	Oct 13 2024, 2:00 AM

	Unknown Object (File)
	Oct 6 2024, 5:45 PM

	Unknown Object (File)
	Oct 4 2024, 2:21 AM

View All 64 Files

Subscribers

Details

Reviewers

gallatin
markj

Commits

rG81b6dba1a08b: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
rG4827bf76bce8: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.

Summary

The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Sponsored by: Netflix

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 42387
Build 39275: arc lint + arc unit

Event Timeline

jhb created this revision.Oct 26 2021, 11:31 PM

Herald added subscribers: jmg, imp. · View Herald TranscriptOct 26 2021, 11:31 PM

jhb requested review of this revision.Oct 26 2021, 11:31 PM

Harbormaster completed remote builds in B42387: Diff 97509.Oct 26 2021, 11:31 PM

This was triggered by the tests added in D32652.

markj accepted this revision.Oct 27 2021, 2:30 PM

This revision is now accepted and ready to land.Oct 27 2021, 2:30 PM

Closed by commit rG4827bf76bce8: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno. (authored by jhb). · Explain WhyOct 27 2021, 11:36 PM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rG4827bf76bce8: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno..

jhb added a commit: rG81b6dba1a08b: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno..Nov 23 2021, 11:13 PM

Revision Contents
Changeset List

Path

Size

sys/

opencrypto/

3 lines

Diff 97509

sys/opencrypto/ktls_ocf.c

Loading...