KTLS: enable the CCM mode of ktls

The latest kernel (including stable kernel) has fixed the issue of decryption failure in CCM mode in TLS 1.3. It is necessary to reenable CCM mode for KTLS. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17207)
author: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> 2021-12-06 17:50:50 +0800
committer: Tomas Mraz <tomas@openssl.org> 2022-11-16 16:46:46 +0100
commit: 34c2f90d8ed325a892618ce0e42ebe916966d4d8 (patch)
tree: 72c988d28110d7f5f075470e9d8ffca003eb7b48 /ssl/record/methods
parent: 3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2 (diff)
download: openssl-new-34c2f90d8ed325a892618ce0e42ebe916966d4d8.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c
index 1fd83c94f2..5c94837dc0 100644
--- a/ssl/record/methods/ktls_meth.c
+++ b/ssl/record/methods/ktls_meth.c
@@ -147,8 +147,7 @@ static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
      */
 # ifdef OPENSSL_KTLS_AES_CCM_128
     if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
-        if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */
-            || taglen != EVP_CCM_TLS_TAG_LEN)
+        if (taglen != EVP_CCM_TLS_TAG_LEN)
             return 0;
         return 1;
     } else
author	Tianjia Zhang <tianjia.zhang@linux.alibaba.com>	2021-12-06 17:50:50 +0800
committer	Tomas Mraz <tomas@openssl.org>	2022-11-16 16:46:46 +0100
commit	34c2f90d8ed325a892618ce0e42ebe916966d4d8 (patch)
tree	72c988d28110d7f5f075470e9d8ffca003eb7b48 /ssl/record/methods
parent	3b6154ccaf3e64bcdfda4859f2b98ef21b08c5b2 (diff)
download	openssl-new-34c2f90d8ed325a892618ce0e42ebe916966d4d8.tar.gz