diff --git a/include/internal/ktls.h b/include/internal/ktls.h index fe02a35536..b681278c34 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -38,6 +38,7 @@ # endif # define OPENSSL_KTLS_AES_GCM_128 # define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 /* * Only used by the tests in sslapitest.c. @@ -221,6 +222,7 @@ static ossl_inline int ktls_check_supported_cipher(const SSL *s, case TLS1_VERSION: case TLS1_1_VERSION: case TLS1_2_VERSION: + case TLS1_3_VERSION: break; default: return 0; @@ -263,7 +265,10 @@ static ossl_inline int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, case SSL_AES128GCM: case SSL_AES256GCM: crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16; - crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; + if (s->version == TLS1_3_VERSION) + crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd); + else + crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; case SSL_AES128: case SSL_AES256: diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 714ffbff41..829a6e9be1 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -516,10 +516,8 @@ int tls13_change_cipher_state(SSL *s, int which) const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) -# ifndef __FreeBSD__ ktls_crypto_info_t crypto_info; BIO *bio; -# endif #endif if (which & SSL3_CC_READ) { @@ -784,7 +782,6 @@ int tls13_change_cipher_state(SSL *s, int which) s->statem.enc_write_state = ENC_WRITE_STATE_VALID; #ifndef OPENSSL_NO_KTLS # if defined(OPENSSL_KTLS_TLS13) -# ifndef __FreeBSD__ if (!(which & SSL3_CC_WRITE) || !(which & SSL3_CC_APPLICATION) || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) goto skip_ktls; @@ -822,7 +819,6 @@ int tls13_change_cipher_state(SSL *s, int which) /* ktls works with user provided buffers directly */ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) ssl3_release_write_buffer(s); -# endif skip_ktls: # endif #endif