Setting of explicit IV is postponed from do_ssl3_write() to tls1_enc().
I think, it is moved because tls1_enc() is more appropriate place to do it
as it is specific to TLS 1.1 and later and it would always be better to
keep the common function(do_ssl3_write()) clean from this version specific
stuff.
Please correct me if my assumption is wrong or incomplete.
On Mon, Jul 21, 2014 at 9:06 PM, Denis Berezhnoy <denis.berezh...@gmail.com>
wrote:
> Hi everybody,
>
> I am looking into Openssl1.0.1g source code and I have a question
> regarding IV vector initialization with random bytes in do_ssl3_write
> function.
>
> I am referring to the following code in do_ssl3_write:
>
> wr->input=p;
> wr->data=p;
>
> if (eivlen)
> {
> /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
> goto err; */
> wr->length += eivlen;
> }
>
> /* ssl3_enc can only have an error on read */
> s->method->ssl3_enc->enc(s,1);
>
>
> My question is why call for RAND_pseudo_bytes is commented out?
>
> I am not an expert in cryptography but my understanding that
> Initialization Vector should be filled with random bytes to prevents
> repetition in data encryption.
>
> Could you please clarify?
>
> Best regards,
> Denis
>
