diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2010-11-14 17:47:21 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2010-11-14 17:47:21 +0000 |
| commit | 1a8ecda3ee67728dc1619920abf07d01c8b73efa (patch) | |
| tree | c62e666c799d4abfdc50cd65ffe0e2556bca9b56 /ssl/s3_pkt.c | |
| parent | d36c7b618d3114579174b2cc31a347d8fab22973 (diff) | |
Only use explicit IV if cipher is in CBC mode.
Diffstat (limited to 'ssl/s3_pkt.c')
| -rw-r--r-- | ssl/s3_pkt.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a1fec62df8..521a4da78f 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -741,7 +741,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, plen=p; p+=2; /* Explicit IV length, block ciphers and TLS version 1.1 or later */ - if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) + if (s->enc_write_ctx && s->version >= TLS1_1_VERSION + && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE) { eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); if (eivlen <= 1) |