Don't generate a MAC when using KTLS.

The kernel will generate the MAC when transmitting the frame.  Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts.  Note that this path is not taken when
using stitched cipher suites.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index a34f9df1dfef88aeca33152058ff293933645193..0b9d18fd00c1e21e567bfc5d8c65b53d62cedc83 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -986,7 +986,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * in the wb->buf
          */
 
-        if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!BIO_get_ktls_send(s->wbio) && !SSL_WRITE_ETM(s) && mac_size != 0) {
             unsigned char *mac;
 
             if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)