ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
The starting sequence number used to verify that TLS 1.0 CBC records are encrypted in-order in the OCF layer was always set to 0 and not to the initial sequence number from the struct tls_enable. In practice, OpenSSL always starts TLS transmit offload with a sequence number of zero, so this only matters for tests that use a random starting sequence number. Reviewed by: markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D32676
This commit is contained in:
parent
72f750dc7c
commit
4827bf76bc
@ -761,6 +761,9 @@ ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction)
|
||||
if (tls->params.tls_vminor == TLS_MINOR_VER_ZERO) {
|
||||
os->implicit_iv = true;
|
||||
memcpy(os->iv, tls->params.iv, AES_BLOCK_LEN);
|
||||
#ifdef INVARIANTS
|
||||
os->next_seqno = tls->next_seqno;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user