Don't generate a MAC when using KTLS.

The kernel will generate the MAC when transmitting the frame. Doing so here causes the MAC to be included as part of the plain text that the kernel MACs and encrypts. Note that this path is not taken when using stitched cipher suites. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10045)
author: John Baldwin <jhb@FreeBSD.org> 2019-10-09 11:33:00 -0700
committer: Matt Caswell <matt@openssl.org> 2019-10-31 10:24:32 +0000
commit: f059e4cc435b7b850cfc8188d265a8925edff0bd (patch)
tree: 1f2b33a73206b940024be961d57929248c389bcf /ssl/record
parent: 1ca50aa975fb149a75a3b0411230761376cb5e33 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index a34f9df1df..0b9d18fd00 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -986,7 +986,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * in the wb->buf
          */
 
-        if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!BIO_get_ktls_send(s->wbio) && !SSL_WRITE_ETM(s) && mac_size != 0) {
             unsigned char *mac;
 
             if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
author	John Baldwin <jhb@FreeBSD.org>	2019-10-09 11:33:00 -0700
committer	Matt Caswell <matt@openssl.org>	2019-10-31 10:24:32 +0000
commit	f059e4cc435b7b850cfc8188d265a8925edff0bd (patch)
tree	1f2b33a73206b940024be961d57929248c389bcf /ssl/record
parent	1ca50aa975fb149a75a3b0411230761376cb5e33 (diff)