From: Jouni Malinen <j@w1.fi>
Date: Sun, 27 Nov 2011 19:38:25 +0000 (+0200)
Subject: TLS: Assume explicit IV for TLS v1.1 and newer
X-Git-Tag: aosp-jb-start~253
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bcf03f52099e0b306e4c8f747958b0f929861b49;p=thirdparty%2Fhostap.git

TLS: Assume explicit IV for TLS v1.1 and newer

This is needed to allow TLS v1.2 to be supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
---

diff --git a/src/tls/tlsv1_record.c b/src/tls/tlsv1_record.c
index dd022a58e..04f3ee254 100644
--- a/src/tls/tlsv1_record.c
+++ b/src/tls/tlsv1_record.c
@@ -175,7 +175,7 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
 
 	cpayload = pos;
 	explicit_iv = rl->write_cipher_suite != TLS_NULL_WITH_NULL_NULL &&
-		rl->iv_size && rl->tls_version == TLS_VERSION_1_1;
+		rl->iv_size && rl->tls_version >= TLS_VERSION_1_1;
 	if (explicit_iv) {
 		/* opaque IV[Cipherspec.block_length] */
 		if (pos + rl->iv_size > buf + buf_size)
@@ -377,7 +377,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
 			 * attacks more difficult.
 			 */
 
-			if (rl->tls_version == TLS_VERSION_1_1) {
+			if (rl->tls_version >= TLS_VERSION_1_1) {
 				/* Remove opaque IV[Cipherspec.block_length] */
 				if (plen < rl->iv_size) {
 					wpa_printf(MSG_DEBUG, "TLSv1.1: Not "