[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Jul 27 03:20:07 UTC 2021
The branch master has been updated
via 26411bc8879bf979e3703357e9595de057528e28 (commit)
via c9eb45987036314b150fdeed8a8a8a24bfa71687 (commit)
via bdb65e2ba63bc63456ec3d462bd2e2c3e62eb193 (commit)
from a7e62fbdf89b9bbaac85826020c1033b35a67d52 (commit)
- Log -----------------------------------------------------------------
commit 26411bc8879bf979e3703357e9595de057528e28
Author: Tomas Mraz <tomas at openssl.org>
Date: Tue Jul 20 13:08:31 2021 +0200
KTLS: AES-CCM in TLS-1.3 is broken on 5.x kernels, disable it
Fixes #16089
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
commit c9eb45987036314b150fdeed8a8a8a24bfa71687
Author: Tomas Mraz <tomas at openssl.org>
Date: Tue Jul 20 12:23:24 2021 +0200
Test ktls in non-default options CI build
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
commit bdb65e2ba63bc63456ec3d462bd2e2c3e62eb193
Author: Tomas Mraz <tomas at openssl.org>
Date: Tue Jul 20 12:22:57 2021 +0200
Drop no-ktls from runchecker daily build as it has no effect
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
-----------------------------------------------------------------------
Summary of changes:
.github/workflows/ci.yml | 4 +++-
.github/workflows/run-checker-daily.yml | 1 -
ssl/ktls.c | 3 ++-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4f9bfbfb8a..9e89d455a9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -163,8 +163,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout at v2
+ - name: modprobe tls
+ run: sudo modprobe tls
- name: config
- run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-fips && perl configdata.pm --dump
+ run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
index c66241743a..0ab02c5375 100644
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -62,7 +62,6 @@ jobs:
no-hw,
no-hw-padlock,
no-idea,
- no-ktls,
no-makedepend,
enable-md2,
no-md2,
diff --git a/ssl/ktls.c b/ssl/ktls.c
index 2d691fdeb2..02dbb937ea 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -133,7 +133,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
{
# ifdef OPENSSL_KTLS_AES_CCM_128
case NID_aes_128_ccm:
- if (EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
+ if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */
+ || EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
return 0;
# endif
# ifdef OPENSSL_KTLS_AES_GCM_128
More information about the openssl-commits
mailing list