Apparently, the IV initialization was moved to tls1_enc() t1_enc.c, so
the commented-put initialization is indeed superfluous. And indeed, the
IV on the wire appears to be random.
Could someone please double-check this? Thanks.
--
Florian Weimer / Red Hat Product Security Team
commit 6ad93dd6f8ccfdb5cafe5403de8952c568657fb6
Author: Florian Weimer <fwei...@redhat.com>
Date: Mon Nov 19 15:10:29 2012 +0100
Replace scary comment with cross-reference
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index dca3458..239a101 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -811,8 +811,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (eivlen)
{
- /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
- goto err; */
+ /* IV is initialized in tls1_enc(). */
wr->length += eivlen;
}