diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2021-03-10 19:07:40 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2021-03-10 19:07:40 +0000 |
| commit | 3fa034210c75431173cb0a2375f6938386e25315 (patch) | |
| tree | 2ca25d11b1198ed6a5d42f69148f1e3e708b21b9 | |
| parent | 2cee045b4d62568d065b838a6cf129fed2424709 (diff) | |
ktls: Fix non-inplace TLS 1.3 encryption.
Copy the iovec for the trailer from the proper place. This is the same
fix for CBC encryption from ff6a7e4ba6bf.
Reported by: gallatin
Reviewed by: gallatin, markj
Fixes: 49f6925ca
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D29177
| -rw-r--r-- | sys/opencrypto/ktls_ocf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c index 7414e26bb3e2..2f2249cd3bfe 100644 --- a/sys/opencrypto/ktls_ocf.c +++ b/sys/opencrypto/ktls_ocf.c @@ -574,7 +574,7 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_session *tls, if (!inplace) { /* Duplicate the output iov to append the trailer. */ memcpy(out_iov, outiov, outiovcnt * sizeof(*out_iov)); - out_iov[outiovcnt] = iov[outiovcnt]; + out_iov[outiovcnt] = iov[iniovcnt]; out_uio.uio_iov = out_iov; out_uio.uio_iovcnt = outiovcnt + 1; |