diff options
author | Daiki Ueno <dueno@redhat.com> | 2021-10-10 08:54:07 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-06 13:15:27 +0200 |
commit | a5fb9605329fb939abb536c1604d44a511741624 (patch) | |
tree | a0e349fd5476fc8fb231a4b5d2e8503a43f8534d /CHANGES.md | |
parent | 031132c297e54cbc20404a0bf8de6ed863196399 (diff) |
KTLS: Handle TLS 1.3 in ssl3_get_record.
- Don't unpad records, check the outer record type, or extract the
inner record type from TLS 1.3 records handled by the kernel. KTLS
performs all of these steps and returns the inner record type in the
TLS header.
- When checking the length of a received TLS 1.3 record don't allow
for the extra byte for the nested record type when KTLS is used.
- Pass a pointer to the record type in the TLS header to the
SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old
pointer pointed to the last byte of payload rather than the record
type. For the non-KTLS case, the TLS header has been updated with
the inner type before this callback is invoked.
Co-authored-by: John Baldwin <jhb@FreeBSD.org>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17942)
Diffstat (limited to 'CHANGES.md')
0 files changed, 0 insertions, 0 deletions