diff options
author | John Baldwin <jhb@FreeBSD.org> | 2019-10-09 11:33:00 -0700 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-10-31 10:24:32 +0000 |
commit | f059e4cc435b7b850cfc8188d265a8925edff0bd (patch) | |
tree | 1f2b33a73206b940024be961d57929248c389bcf /ssl | |
parent | 1ca50aa975fb149a75a3b0411230761376cb5e33 (diff) |
Don't generate a MAC when using KTLS.
The kernel will generate the MAC when transmitting the frame. Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts. Note that this path is not taken when
using stitched cipher suites.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/rec_layer_s3.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index a34f9df1df..0b9d18fd00 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -986,7 +986,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * in the wb->buf */ - if (!SSL_WRITE_ETM(s) && mac_size != 0) { + if (!BIO_get_ktls_send(s->wbio) && !SSL_WRITE_ETM(s) && mac_size != 0) { unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) |