From 3fa034210c75431173cb0a2375f6938386e25315 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Wed, 10 Mar 2021 11:07:40 -0800 Subject: [PATCH] ktls: Fix non-inplace TLS 1.3 encryption. Copy the iovec for the trailer from the proper place. This is the same fix for CBC encryption from ff6a7e4ba6bf. Reported by: gallatin Reviewed by: gallatin, markj Fixes: 49f6925ca Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D29177 --- sys/opencrypto/ktls_ocf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c index 7414e26bb3e..2f2249cd3bf 100644 --- a/sys/opencrypto/ktls_ocf.c +++ b/sys/opencrypto/ktls_ocf.c @@ -574,7 +574,7 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_session *tls, if (!inplace) { /* Duplicate the output iov to append the trailer. */ memcpy(out_iov, outiov, outiovcnt * sizeof(*out_iov)); - out_iov[outiovcnt] = iov[outiovcnt]; + out_iov[outiovcnt] = iov[iniovcnt]; out_uio.uio_iov = out_iov; out_uio.uio_iovcnt = outiovcnt + 1;