diff options
author | John Baldwin <jhb@FreeBSD.org> | 2022-11-15 20:02:03 +0000 |
---|---|---|
committer | John Baldwin <jhb@FreeBSD.org> | 2022-11-15 20:02:03 +0000 |
commit | 9a673b7158973d86558a5d381e4784a561576b98 (patch) | |
tree | 04e89998f605ee251b7a202e951cf32f732677ba /sys/kern | |
parent | b97ee269eae3cbaf35c18f51a459aea581c2a7dc (diff) | |
download | src-9a673b7158973d86558a5d381e4784a561576b98.tar.gz src-9a673b7158973d86558a5d381e4784a561576b98.zip |
ktls: Add software support for AES-CBC decryption for TLS 1.1+.
This is mainly intended to provide a fallback for TOE TLS which may
need to use software decryption for an initial record at the start
of a connection.
Reviewed by: markj
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D37370
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/uipc_ktls.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 3df1f2843c32..ae9201976988 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -149,7 +149,7 @@ SYSCTL_BOOL(_kern_ipc_tls, OID_AUTO, enable, CTLFLAG_RWTUN, static bool ktls_cbc_enable = true; SYSCTL_BOOL(_kern_ipc_tls, OID_AUTO, cbc_enable, CTLFLAG_RWTUN, &ktls_cbc_enable, 1, - "Enable Support of AES-CBC crypto for kernel TLS"); + "Enable support of AES-CBC crypto for kernel TLS"); static bool ktls_sw_buffer_cache = true; SYSCTL_BOOL(_kern_ipc_tls, OID_AUTO, sw_buffer_cache, CTLFLAG_RDTUN, @@ -2444,8 +2444,10 @@ ktls_decrypt(struct socket *so) sb->sb_ccc -= tls_len; sb->sb_tlsdcc = 0; + if (error != EMSGSIZE) + error = EBADMSG; CURVNET_SET(so->so_vnet); - so->so_error = EBADMSG; + so->so_error = error; sorwakeup_locked(so); CURVNET_RESTORE(); |