From e260bee0a97d4e6de60eae2c86d7c11ed03f2010 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 4 Jan 2021 17:29:35 +0000
Subject: [PATCH] Only perform special TLS handling if TLS has been configured

Skip over special TLS steps for stream ciphers if we haven't been
configured for TLS.

Fixes #12528

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13774)
---
 providers/implementations/ciphers/ciphercommon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 0941210f20a..0e3e367dfc3 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -429,7 +429,7 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
     }
 
     *outl = inl;
-    if (!ctx->enc) {
+    if (!ctx->enc && ctx->tlsversion > 0) {
         /*
         * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
         * cipher_aes_cbc_hmac_sha256_hw.c
-- 
2.47.2