1 files changed, 26 insertions, 4 deletions

diff --git a/sys/dev/cxgbe/crypto/t4_keyctx.c b/sys/dev/cxgbe/crypto/t4_keyctx.c
index 50e339ac2e05..b85e50fd6cb1 100644
--- a/sys/dev/cxgbe/crypto/t4_keyctx.c
+++ b/sys/dev/cxgbe/crypto/t4_keyctx.c
@@ -437,10 +437,16 @@ t4_tls_key_info_size(const struct ktls_session *tls)
 int
 t4_tls_proto_ver(const struct ktls_session *tls)
 {
-	if (tls->params.tls_vminor == TLS_MINOR_VER_ONE)
+	switch (tls->params.tls_vminor) {
+	case TLS_MINOR_VER_ONE:
 		return (SCMD_PROTO_VERSION_TLS_1_1);
-	else
+	case TLS_MINOR_VER_TWO:
 		return (SCMD_PROTO_VERSION_TLS_1_2);
+	case TLS_MINOR_VER_THREE:
+		return (SCMD_PROTO_VERSION_TLS_1_3);
+	default:
+		__assert_unreachable();
+	}
 }
 
 int
@@ -492,6 +498,17 @@ t4_tls_hmac_ctrl(const struct ktls_session *tls)
 }
 
 static int
+tls_seqnum_ctrl(const struct ktls_session *tls)
+{
+	switch (tls->params.tls_vminor) {
+	case TLS_MINOR_VER_THREE:
+		return (0);
+	default:
+		return (3);
+	}
+}
+
+static int
 tls_cipher_key_size(const struct ktls_session *tls)
 {
 	switch (tls->params.cipher_key_len) {
@@ -557,7 +574,7 @@ t4_tls_key_ctx(const struct ktls_session *tls, int direction,
 
 		kctx->u.rxhdr.authmode_to_rxvalid =
 		    V_TLS_KEYCTX_TX_WR_AUTHMODE(t4_tls_auth_mode(tls)) |
-		    V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(3) |
+		    V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(tls_seqnum_ctrl(tls)) |
 		    V_TLS_KEYCTX_TX_WR_RXVALID(1);
 
 		kctx->u.rxhdr.ivpresent_to_rxmk_size =
@@ -607,7 +624,8 @@ t4_tls_key_ctx(const struct ktls_session *tls, int direction,
 		_Static_assert(offsetof(struct tx_keyctx_hdr, txsalt) ==
 		    offsetof(struct rx_keyctx_hdr, rxsalt),
 		    "salt offset mismatch");
-		memcpy(kctx->u.txhdr.txsalt, tls->params.iv, SALT_SIZE);
+		memcpy(kctx->u.txhdr.txsalt, tls->params.iv,
+		    tls->params.iv_len);
 		t4_init_gmac_hash(tls->params.cipher_key,
 		    tls->params.cipher_key_len, hash);
 	} else {
@@ -665,6 +683,10 @@ t4_write_tlskey_wr(const struct ktls_session *tls, int direction, int tid,
 	kwr->reneg_to_write_rx = V_KEY_GET_LOC(direction == KTLS_TX ?
 	    KEY_WRITE_TX : KEY_WRITE_RX);
 
+	/* We don't need to use V_T7_ULP_MEMIO_DATA_LEN in this routine. */
+	_Static_assert(V_T7_ULP_MEMIO_DATA_LEN(TLS_KEY_CONTEXT_SZ >> 5) ==
+	    V_ULP_MEMIO_DATA_LEN(TLS_KEY_CONTEXT_SZ >> 5), "datalen mismatch");
+
 	/* master command */
 	kwr->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) |
 	    V_T5_ULP_MEMIO_ORDER(1) | V_T5_ULP_MEMIO_IMM(1));