Author: hselasky Date: Mon May 25 12:34:15 2020 New Revision: 361446 URL: https://svnweb.freebsd.org/changeset/base/361446
Log: Correctly set the initial vector for TLS v1.3 for mlx5en(4). For TLS v1.3 the 12 bytes of the initial vector, IV, should just be copied as-is from the kernel to the gcm_iv field, which hold the first 4 bytes, and the remaining 8 bytes go to the subsequent implicit_iv field. There is no need to consider the byte order on the 12 bytes of IV like initially done. Sponsored by: Mellanox Technologies Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c ============================================================================== --- head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Mon May 25 12:31:48 2020 (r361445) +++ head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Mon May 25 12:34:15 2020 (r361446) @@ -251,18 +251,14 @@ mlx5e_tls_set_params(void *ctx, const struct tls_sessi MLX5_SET(sw_tls_cntx, ctx, param.encryption_standard, 1); /* TLS */ /* copy the initial vector in place */ - if (en->iv_len == MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)) { + switch (en->iv_len) { + case MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv): + case MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv) + + MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv): memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.gcm_iv), - en->iv, MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)); - } else if (en->iv_len == (MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv) + - MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv))) { - memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.gcm_iv), - (char *)en->iv + MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv), - MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)); - memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.implicit_iv), - en->iv, - MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv)); - } else { + en->iv, en->iv_len); + break; + default: return (EINVAL); } _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"