diff options
author | John Baldwin <jhb@FreeBSD.org> | 2019-12-04 16:50:06 -0800 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-08-31 09:34:19 +0100 |
commit | b22a3ccc07e304df8fdbc79bf4168c1a880d0ac5 (patch) | |
tree | 23b706a8da448ae8ae1d082c50b4ca7b57ae487a | |
parent | 3c1641e8e86dc86028637251421a57827243f6ca (diff) |
Support for KTLS TX on FreeBSD for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
-rw-r--r-- | include/internal/ktls.h | 7 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 4 |
2 files changed, 6 insertions, 5 deletions
diff --git a/include/internal/ktls.h b/include/internal/ktls.h index fe02a35536..b681278c34 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -38,6 +38,7 @@ # endif # define OPENSSL_KTLS_AES_GCM_128 # define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 /* * Only used by the tests in sslapitest.c. @@ -221,6 +222,7 @@ static ossl_inline int ktls_check_supported_cipher(const SSL *s, case TLS1_VERSION: case TLS1_1_VERSION: case TLS1_2_VERSION: + case TLS1_3_VERSION: break; default: return 0; @@ -263,7 +265,10 @@ static ossl_inline int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, case SSL_AES128GCM: case SSL_AES256GCM: crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16; - crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; + if (s->version == TLS1_3_VERSION) + crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd); + else + crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; case SSL_AES128: case SSL_AES256: diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 714ffbff41..829a6e9be1 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -516,10 +516,8 @@ int tls13_change_cipher_state(SSL *s, int which) const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) -# ifndef __FreeBSD__ ktls_crypto_info_t crypto_info; BIO *bio; -# endif #endif if (which & SSL3_CC_READ) { @@ -784,7 +782,6 @@ int tls13_change_cipher_state(SSL *s, int which) s->statem.enc_write_state = ENC_WRITE_STATE_VALID; #ifndef OPENSSL_NO_KTLS # if defined(OPENSSL_KTLS_TLS13) -# ifndef __FreeBSD__ if (!(which & SSL3_CC_WRITE) || !(which & SSL3_CC_APPLICATION) || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) goto skip_ktls; @@ -822,7 +819,6 @@ int tls13_change_cipher_state(SSL *s, int which) /* ktls works with user provided buffers directly */ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) ssl3_release_write_buffer(s); -# endif skip_ktls: # endif #endif |