Hi everybody,
I am looking into Openssl1.0.1g source code and I have a question regarding
IV vector initialization with random bytes in do_ssl3_write function.
I am referring to the following code in do_ssl3_write:
wr->input=p;
wr->data=p;
if (eivlen)
{
/* if (RAND_pseudo_bytes(p, eivlen) <= 0)
goto err; */
wr->length += eivlen;
}
/* ssl3_enc can only have an error on read */
s->method->ssl3_enc->enc(s,1);
My question is why call for RAND_pseudo_bytes is commented out?
I am not an expert in cryptography but my understanding that Initialization
Vector should be filled with random bytes to prevents repetition in data
encryption.
Could you please clarify?
Best regards,
Denis
