aboutsummaryrefslogtreecommitdiff
path: root/sys/kern
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2022-11-15 20:02:03 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2022-11-15 20:02:03 +0000
commit9a673b7158973d86558a5d381e4784a561576b98 (patch)
tree04e89998f605ee251b7a202e951cf32f732677ba /sys/kern
parentb97ee269eae3cbaf35c18f51a459aea581c2a7dc (diff)
downloadsrc-9a673b7158973d86558a5d381e4784a561576b98.tar.gz
src-9a673b7158973d86558a5d381e4784a561576b98.zip
ktls: Add software support for AES-CBC decryption for TLS 1.1+.
This is mainly intended to provide a fallback for TOE TLS which may need to use software decryption for an initial record at the start of a connection. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37370
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/uipc_ktls.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 3df1f2843c32..ae9201976988 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -149,7 +149,7 @@ SYSCTL_BOOL(_kern_ipc_tls, OID_AUTO, enable, CTLFLAG_RWTUN,
static bool ktls_cbc_enable = true;
SYSCTL_BOOL(_kern_ipc_tls, OID_AUTO, cbc_enable, CTLFLAG_RWTUN,
&ktls_cbc_enable, 1,
- "Enable Support of AES-CBC crypto for kernel TLS");
+ "Enable support of AES-CBC crypto for kernel TLS");
static bool ktls_sw_buffer_cache = true;
SYSCTL_BOOL(_kern_ipc_tls, OID_AUTO, sw_buffer_cache, CTLFLAG_RDTUN,
@@ -2444,8 +2444,10 @@ ktls_decrypt(struct socket *so)
sb->sb_ccc -= tls_len;
sb->sb_tlsdcc = 0;
+ if (error != EMSGSIZE)
+ error = EBADMSG;
CURVNET_SET(so->so_vnet);
- so->so_error = EBADMSG;
+ so->so_error = error;
sorwakeup_locked(so);
CURVNET_RESTORE();
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 14:21:22 +0000