generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only use explicit IV if cipher is in CBC mode.

Browse Source
This commit is contained in:
Dr. Stephen Henson
2010-11-14 17:47:21 +00:00
parent d36c7b618d
commit 1a8ecda3ee
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/s3_pkt.c
View File

@@ -741,7 +741,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
plen=p;
p+=2;
/* Explicit IV length, block ciphers and TLS version 1.1 or later */
if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
&& EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
{
eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
if (eivlen <= 1)