Only use explicit IV if cipher is in CBC mode.

e15320f6 · Dr. Stephen Henson · e827b587 · e15320f6 · e15320f6
隐藏空白更改
内联并排

Showing with 6 addition and 3 deletion

ssl/s3_pkt.c ssl/s3_pkt.c +2 -1

ssl/t1_enc.c ssl/t1_enc.c +4 -2

未找到文件。
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -741,7 +741,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	plen=p; 
 	p+=2;
 	/* Explicit IV length, block ciphers and TLS version 1.1 or later */
-	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
+		&& EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
 		{
 		eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
 		if (eivlen <= 1)

--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -661,7 +661,8 @@ int tls1_enc(SSL *s, int send)
 			int ivlen;
 			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
 			/* For TLSv1.1 and later explicit IV */
-			if (s->version >= TLS1_1_VERSION)
+			if (s->version >= TLS1_1_VERSION
+				&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
 				ivlen = EVP_CIPHER_iv_length(enc);
 			else
 				ivlen = 0;
@@ -807,7 +808,8 @@ int tls1_enc(SSL *s, int send)
 					}
 				}
 			rec->length -=i;
-			if (s->version >= TLS1_1_VERSION)
+			if (s->version >= TLS1_1_VERSION
+				&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
 				{
 				rec->data += bs;    /* skip the explicit IV */
 				rec->input += bs;