projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1ca50aa) | patch
Don't generate a MAC when using KTLS.
authorJohn Baldwin <jhb@FreeBSD.org>
Wed, 9 Oct 2019 18:33:00 +0000 (11:33 -0700)
committerMatt Caswell <matt@openssl.org>
Thu, 31 Oct 2019 10:24:32 +0000 (10:24 +0000)
commitf059e4cc435b7b850cfc8188d265a8925edff0bd
tree1f2b33a73206b940024be961d57929248c389bcftree | snapshot
parent1ca50aa975fb149a75a3b0411230761376cb5e33commit | diff
Don't generate a MAC when using KTLS.

The kernel will generate the MAC when transmitting the frame.  Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts.  Note that this path is not taken when
using stitched cipher suites.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
ssl/record/rec_layer_s3.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.