From d527834a1d2b268725652d8463f86e957274ab33 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 30 Sep 2007 22:01:36 +0000 Subject: [PATCH] Basic idea behind explicit IV is to make it unpredictable for attacker. Until now it was xor between CBC residue and 1st block from last datagram, or in other words still predictable. --- ssl/d1_pkt.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 4523484011..b9bbbd4826 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -120,6 +120,7 @@ #include #include #include +#include /* mod 128 saturating subtract of two 64-bit values in big-endian order */ static int satsub64be(const unsigned char *v1,const unsigned char *v2) @@ -1430,8 +1431,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, /* ssl3_enc can only have an error on read */ - wr->length += bs; /* bs != 0 in case of CBC. The enc fn provides - * the randomness */ + if (bs) /* bs != 0 in case of CBC */ + { + RAND_pseudo_bytes(p,bs); + /* master IV and last CBC residue stand for + * the rest of randomness */ + wr->length += bs; + } + s->method->ssl3_enc->enc(s,1); /* record length after mac and block padding */ -- 2.25.1