aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2021-10-27 23:35:56 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2021-10-27 23:35:56 +0000
commit4827bf76bce8814b9d9a0d883467a3d2366e59a2 (patch)
treefe6f6282bd5ecea481fcbac2c227c3a74986121b
parent72f750dc7c7324c3999e4d6cfbb2758694893cdd (diff)
downloadsrc-4827bf76bce8814b9d9a0d883467a3d2366e59a2.tar.gz
src-4827bf76bce8814b9d9a0d883467a3d2366e59a2.zip
ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
The starting sequence number used to verify that TLS 1.0 CBC records are encrypted in-order in the OCF layer was always set to 0 and not to the initial sequence number from the struct tls_enable. In practice, OpenSSL always starts TLS transmit offload with a sequence number of zero, so this only matters for tests that use a random starting sequence number. Reviewed by: markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D32676
-rw-r--r--sys/opencrypto/ktls_ocf.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c
index 0753f4bafb1a..0096b4189533 100644
--- a/sys/opencrypto/ktls_ocf.c
+++ b/sys/opencrypto/ktls_ocf.c
@@ -761,6 +761,9 @@ ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction)
if (tls->params.tls_vminor == TLS_MINOR_VER_ZERO) {
os->implicit_iv = true;
memcpy(os->iv, tls->params.iv, AES_BLOCK_LEN);
+#ifdef INVARIANTS
+ os->next_seqno = tls->next_seqno;
+#endif
}
}