projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Only use explicit IV if cipher is in CBC mode.
[openssl.git] / ssl / s3_pkt.c
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 8f08c16510ec204f29e79cd0e9ab21d88a89df4d..a168f934a99037e600e997cbb2e4a0e836c47a6f 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -741,7 +741,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        plen=p; 
        p+=2;
        /* Explicit IV length, block ciphers and TLS version 1.1 or later */
-       if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+       if (s->enc_write_ctx && s->version >= TLS1_1_VERSION
+               && EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)
                {
                eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
                if (eivlen <= 1)
Unnamed repository; edit this file 'description' to name the repository.