Make the record layer directly aware of EtM

We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
author: Matt Caswell <matt@openssl.org> 2022-05-20 16:54:12 +0100
committer: Matt Caswell <matt@openssl.org> 2022-08-18 16:38:12 +0100
commit: 7f2f0ac7bfdd676cd919dd94b971874eade41830 (patch)
tree: c122a2279d2735c70737bcbd1d16dd84a3bff139 /ssl/t1_enc.c
parent: 88d616805cab4fd052bcff890627668a8f4bae33 (diff)
1 files changed, 14 insertions, 14 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b7adc9daff..7083cd8151 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -227,22 +227,22 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
     }
 
     if (which & SSL3_CC_READ) {
-        if (SSL_CONNECTION_IS_DTLS(s)) {
-            if (s->ext.use_etm)
-                s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
-            else
-                s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+        if (s->ext.use_etm)
+            s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+        else
+            s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
 
-            if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-                s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-            else
-                s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+        if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
 
-            if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)
-                s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE;
-            else
-                s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE;
+        if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)
+            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE;
 
+        if (SSL_CONNECTION_IS_DTLS(s)) {
             if (s->enc_read_ctx != NULL) {
                 reuse_dd = 1;
             } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
@@ -425,7 +425,7 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
         goto skip_ktls;
 
     /* check that cipher is supported */
-    if (!ktls_check_supported_cipher(s, c, taglen))
+    if (!ktls_check_supported_cipher(s, c, m, taglen))
         goto skip_ktls;
 
     if (which & SSL3_CC_WRITE)
author	Matt Caswell <matt@openssl.org>	2022-05-20 16:54:12 +0100
committer	Matt Caswell <matt@openssl.org>	2022-08-18 16:38:12 +0100
commit	7f2f0ac7bfdd676cd919dd94b971874eade41830 (patch)
tree	c122a2279d2735c70737bcbd1d16dd84a3bff139 /ssl/t1_enc.c
parent	88d616805cab4fd052bcff890627668a8f4bae33 (diff)