TLS: Assume explicit IV for TLS v1.1 and newer

This is needed to allow TLS v1.2 to be supported.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/tls/tlsv1_record.c b/src/tls/tlsv1_record.c
index dd022a58ecf1261d993813ee71cf7e307081d866..04f3ee254e5148fadab6a245011cdf2eb2e2f57b 100644 (file)
--- a/src/tls/tlsv1_record.c
+++ b/src/tls/tlsv1_record.c
@@ -175,7 +175,7 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
 
        cpayload = pos;
        explicit_iv = rl->write_cipher_suite != TLS_NULL_WITH_NULL_NULL &&
-               rl->iv_size && rl->tls_version == TLS_VERSION_1_1;
+               rl->iv_size && rl->tls_version >= TLS_VERSION_1_1;
        if (explicit_iv) {
                /* opaque IV[Cipherspec.block_length] */
                if (pos + rl->iv_size > buf + buf_size)
@@ -377,7 +377,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
                         * attacks more difficult.
                         */
 
-                       if (rl->tls_version == TLS_VERSION_1_1) {
+                       if (rl->tls_version >= TLS_VERSION_1_1) {
                                /* Remove opaque IV[Cipherspec.block_length] */
                                if (plen < rl->iv_size) {
                                        wpa_printf(MSG_DEBUG, "TLSv1.1: Not "