TLS: Assume explicit IV for TLS v1.1 and newer
This is needed to allow TLS v1.2 to be supported. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
6c67d77fef
commit
bcf03f5209
1 changed files with 2 additions and 2 deletions
|
@ -175,7 +175,7 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
|
|||
|
||||
cpayload = pos;
|
||||
explicit_iv = rl->write_cipher_suite != TLS_NULL_WITH_NULL_NULL &&
|
||||
rl->iv_size && rl->tls_version == TLS_VERSION_1_1;
|
||||
rl->iv_size && rl->tls_version >= TLS_VERSION_1_1;
|
||||
if (explicit_iv) {
|
||||
/* opaque IV[Cipherspec.block_length] */
|
||||
if (pos + rl->iv_size > buf + buf_size)
|
||||
|
@ -377,7 +377,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
|||
* attacks more difficult.
|
||||
*/
|
||||
|
||||
if (rl->tls_version == TLS_VERSION_1_1) {
|
||||
if (rl->tls_version >= TLS_VERSION_1_1) {
|
||||
/* Remove opaque IV[Cipherspec.block_length] */
|
||||
if (plen < rl->iv_size) {
|
||||
wpa_printf(MSG_DEBUG, "TLSv1.1: Not "
|
||||
|
|
Loading…
Reference in a new issue