D31440.id93850.diff
View Options

	diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h
	--- a/crypto/openssl/include/openssl/ssl.h
	+++ b/crypto/openssl/include/openssl/ssl.h
	@@ -303,7 +303,9 @@
	/* Allow initial connection to servers that don't support RI */
	# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U

	-/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */
	+/* Enable support for Kernel TLS */
	+# define SSL_OP_ENABLE_KTLS 0x00000008U
	+
	# define SSL_OP_TLSEXT_PADDING 0x00000010U
	/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */
	# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
	@@ -493,10 +495,6 @@
	* Support Asynchronous operation
	*/
	# define SSL_MODE_ASYNC 0x00000100U
	-/*
	- * Don't use the kernel TLS data-path for sending.
	- */
	-# define SSL_MODE_NO_KTLS_TX 0x00000200U

	/*
	* When using DTLS/SCTP, include the terminating zero in the label
	@@ -510,10 +508,6 @@
	* - OpenSSL 1.1.1 and 1.1.1a
	*/
	# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U
	-/*
	- * Don't use the kernel TLS data-path for receiving.
	- */
	-# define SSL_MODE_NO_KTLS_RX 0x00000800U

	/* Cert related flags */
	/*
	diff --git a/crypto/openssl/ssl/ktls.c b/crypto/openssl/ssl/ktls.c
	--- a/crypto/openssl/ssl/ktls.c
	+++ b/crypto/openssl/ssl/ktls.c
	@@ -137,6 +137,7 @@
	return 0;
	# endif
	# ifdef OPENSSL_KTLS_AES_GCM_128
	+ /* Fall through */
	case NID_aes_128_gcm:
	# endif
	# ifdef OPENSSL_KTLS_AES_GCM_256
	diff --git a/crypto/openssl/ssl/ssl_conf.c b/crypto/openssl/ssl/ssl_conf.c
	--- a/crypto/openssl/ssl/ssl_conf.c
	+++ b/crypto/openssl/ssl/ssl_conf.c
	@@ -391,7 +391,8 @@
	SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
	SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
	SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT),
	- SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY)
	+ SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY),
	+ SSL_FLAG_TBL("KTLS", SSL_OP_ENABLE_KTLS)
	};
	if (value == NULL)
	return -3;
	diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
	--- a/crypto/openssl/ssl/t1_enc.c
	+++ b/crypto/openssl/ssl/t1_enc.c
	@@ -362,11 +362,7 @@
	goto err;
	}
	#ifndef OPENSSL_NO_KTLS
	- if (s->compress)
	- goto skip_ktls;
	-
	- if (((which & SSL3_CC_READ) && (s->mode & SSL_MODE_NO_KTLS_RX))
	- \|\| ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX)))
	+ if (s->compress \|\| (s->options & SSL_OP_ENABLE_KTLS) == 0)
	goto skip_ktls;

	/* ktls supports only the maximum fragment size */
	diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c
	--- a/crypto/openssl/ssl/tls13_enc.c
	+++ b/crypto/openssl/ssl/tls13_enc.c
	@@ -724,8 +724,9 @@
	s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
	#ifndef OPENSSL_NO_KTLS
	# if defined(OPENSSL_KTLS_TLS13)
	- if (!(which & SSL3_CC_WRITE) \|\| !(which & SSL3_CC_APPLICATION)
	- \|\| ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX)))
	+ if (!(which & SSL3_CC_WRITE)
	+ \|\| !(which & SSL3_CC_APPLICATION)
	+ \|\| (s->options & SSL_OP_ENABLE_KTLS) == 0)
	goto skip_ktls;

	/* ktls supports only the maximum fragment size */

File Metadata

Mime Type: text/plain
Expires: Sun, Oct 12, 11:55 PM (9 h, 39 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 23646449
Default Alt Text: D31440.id93850.diff (3 KB)

D31440.id93850.diff
No OneTemporary
Actions

D31440.id93850.diff
View Options

File Metadata

Event Timeline

D31440.id93850.diffNo OneTemporaryActions

D31440.id93850.diffView Options

File Metadata

Event Timeline

D31440.id93850.diff
No OneTemporary
Actions

D31440.id93850.diff
View Options