diff options
author | Tianjia Zhang <tianjia.zhang@linux.alibaba.com> | 2021-12-06 17:50:50 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-11-16 16:46:46 +0100 |
commit | 34c2f90d8ed325a892618ce0e42ebe916966d4d8 (patch) | |
tree | 72c988d28110d7f5f075470e9d8ffca003eb7b48 /ssl/record/methods | |
parent | 3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2 (diff) | |
download | openssl-new-34c2f90d8ed325a892618ce0e42ebe916966d4d8.tar.gz |
KTLS: enable the CCM mode of ktls
The latest kernel (including stable kernel) has fixed the issue
of decryption failure in CCM mode in TLS 1.3. It is necessary to
reenable CCM mode for KTLS.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17207)
Diffstat (limited to 'ssl/record/methods')
-rw-r--r-- | ssl/record/methods/ktls_meth.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c index 1fd83c94f2..5c94837dc0 100644 --- a/ssl/record/methods/ktls_meth.c +++ b/ssl/record/methods/ktls_meth.c @@ -147,8 +147,7 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl, */ # ifdef OPENSSL_KTLS_AES_CCM_128 if (EVP_CIPHER_is_a(c, "AES-128-CCM")) { - if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */ - || taglen != EVP_CCM_TLS_TAG_LEN) + if (taglen != EVP_CCM_TLS_TAG_LEN) return 0; return 1; } else |