ktls: fix ChaCha20-Poly1305 IV passing for TLS 1.2

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

diff --git a/lib/system/ktls.c b/lib/system/ktls.c
index a4c2a60df01170a65a4929f7e2e96273cad275c0..d531cfb85a150febc70f8d2a8ac3130e593236af 100644 (file)
--- a/lib/system/ktls.c
+++ b/lib/system/ktls.c
@@ -679,10 +679,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
                        assert(cipher_key.size ==
                               TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE);
 
-                       /* for TLS 1.2 IV is generated in kernel */
                        if (version == GNUTLS_TLS1_2) {
                                crypto_info.info.version = TLS_1_2_VERSION;
-                               memcpy(crypto_info.iv, seq_number,
+                               memcpy(crypto_info.iv, iv.data,
                                       TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE);
                        } else {
                                crypto_info.info.version = TLS_1_3_VERSION;
@@ -854,10 +853,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
                        assert(cipher_key.size ==
                               TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE);
 
-                       /* for TLS 1.2 IV is generated in kernel */
                        if (version == GNUTLS_TLS1_2) {
                                crypto_info.info.version = TLS_1_2_VERSION;
-                               memcpy(crypto_info.iv, seq_number,
+                               memcpy(crypto_info.iv, iv.data,
                                       TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE);
                        } else {
                                crypto_info.info.version = TLS_1_3_VERSION;