generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only use explicit IV if cipher is in CBC mode.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2010-11-14 17:47:21 +00:00
parent d36c7b618d
commit 1a8ecda3ee
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/s3_pkt.c
View File

@ -741,7 +741,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
plen=p; plen=p;
p+=2; p+=2;
/* Explicit IV length, block ciphers and TLS version 1.1 or later */ /* Explicit IV length, block ciphers and TLS version 1.1 or later */
if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
&& EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
{ {
eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
if (eivlen <= 1) if (eivlen <= 1)

6
ssl/t1_enc.c
View File

@ -661,7 +661,8 @@ int tls1_enc(SSL *s, int send)
int ivlen; int ivlen;
enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */ /* For TLSv1.1 and later explicit IV */
if (s->version >= TLS1_1_VERSION) if (s->version >= TLS1_1_VERSION
&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
ivlen = EVP_CIPHER_iv_length(enc); ivlen = EVP_CIPHER_iv_length(enc);
else else
ivlen = 0; ivlen = 0;
@ -807,7 +808,8 @@ int tls1_enc(SSL *s, int send)
} }
} }
rec->length -=i; rec->length -=i;
if (s->version >= TLS1_1_VERSION) if (s->version >= TLS1_1_VERSION
&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
{ {
rec->data += bs; /* skip the explicit IV */ rec->data += bs; /* skip the explicit IV */
rec->input += bs; rec->input += bs;