Date: Fri, 12 Jun 2020 22:27:26 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362131 - head/sys/opencrypto Message-ID: <202006122227.05CMRQ9Y010668@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Fri Jun 12 22:27:26 2020 New Revision: 362131 URL: https://svnweb.freebsd.org/changeset/base/362131 Log: Fix a regression in r361804 for TLS 1.3. I was not including the record type stored in the first byte of the trailer as part of the payload to be encrypted and hashed. Sponsored by: Netflix Modified: head/sys/opencrypto/ktls_ocf.c Modified: head/sys/opencrypto/ktls_ocf.c ============================================================================== --- head/sys/opencrypto/ktls_ocf.c Fri Jun 12 22:14:45 2020 (r362130) +++ head/sys/opencrypto/ktls_ocf.c Fri Jun 12 22:27:26 2020 (r362131) @@ -293,6 +293,7 @@ ktls_ocf_tls13_gcm_encrypt(struct ktls_session *tls, * record_type even if only the first byte is used. */ trailer[0] = record_type; + crp->crp_payload_length++; iov[iovcnt + 1].iov_base = trailer; iov[iovcnt + 1].iov_len = AES_GMAC_HASH_LEN + 1; uio.uio_iovcnt++;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006122227.05CMRQ9Y010668>