diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-11-14 17:47:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-11-14 17:47:45 +0000 |
commit | e15320f652ef0d8eac29c8115a9c4bfd4376663b (patch) | |
tree | 87ed9a885af63a98258ab057dbddf79d5bf54ded /ssl/t1_enc.c | |
parent | e827b58711ce508f5445a8460f857c71c8ffedcd (diff) |
Only use explicit IV if cipher is in CBC mode.
Diffstat (limited to 'ssl/t1_enc.c')
-rw-r--r-- | ssl/t1_enc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 3614b8a30e..34b300161d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -661,7 +661,8 @@ int tls1_enc(SSL *s, int send) int ivlen; enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); /* For TLSv1.1 and later explicit IV */ - if (s->version >= TLS1_1_VERSION) + if (s->version >= TLS1_1_VERSION + && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) ivlen = EVP_CIPHER_iv_length(enc); else ivlen = 0; @@ -807,7 +808,8 @@ int tls1_enc(SSL *s, int send) } } rec->length -=i; - if (s->version >= TLS1_1_VERSION) + if (s->version >= TLS1_1_VERSION + && EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE) { rec->data += bs; /* skip the explicit IV */ rec->input += bs; |