Author: jhb
Date: Fri Jun 12 22:27:26 2020
New Revision: 362131
URL: https://svnweb.freebsd.org/changeset/base/362131
Log:
Fix a regression in r361804 for TLS 1.3.
I was not including the record type stored in the first byte of the
trailer as part of the payload to be encrypted and hashed.
Sponsored by: Netflix
Modified:
head/sys/opencrypto/ktls_ocf.c
Modified: head/sys/opencrypto/ktls_ocf.c
==============================================================================
--- head/sys/opencrypto/ktls_ocf.c Fri Jun 12 22:14:45 2020
(r362130)
+++ head/sys/opencrypto/ktls_ocf.c Fri Jun 12 22:27:26 2020
(r362131)
@@ -293,6 +293,7 @@ ktls_ocf_tls13_gcm_encrypt(struct ktls_session *tls,
* record_type even if only the first byte is used.
*/
trailer[0] = record_type;
+ crp->crp_payload_length++;
iov[iovcnt + 1].iov_base = trailer;
iov[iovcnt + 1].iov_len = AES_GMAC_HASH_LEN + 1;
uio.uio_iovcnt++;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
