HomeFreeBSD
Diffusion FreeBSD src repository 4827bf76bce8

ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
4827bf76bce8
Actions

Description

ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.

The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32676

Details

Provenance
jhbAuthored on Oct 27 2021, 11:35 PM
Reviewer
markj
Differential Revision
D32676: ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
Parents
rG72f750dc7c73: sh: Fix heredoc at certain places in case and for
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
opencrypto/

rG4827bf76bce8

View Options

sys/opencrypto/ktls_ocf.c

Loading...