Initial experimental TLSv1.1 support

author: Dr. Stephen Henson <steve@openssl.org> 2009-12-07 13:31:02 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-12-07 13:31:02 +0000
commit: 637f374ad49d5f6d4f81d87d7cdd226428aa470c (patch)
tree: 2f471a88015ddb5c1e0b3b8b36717db006b0361e /ssl/t1_enc.c
parent: 7e4cae1d2f555cbe9226b377aff4b56c9f7ddd4d (diff)
1 files changed, 28 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index d9cb059d0c..028f6493d1 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -143,6 +143,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
+#include <openssl/rand.h>
 #ifdef KSSL_DEBUG
 #include <openssl/des.h>
 #endif
@@ -617,7 +618,27 @@ int tls1_enc(SSL *s, int send)
 		if (s->enc_write_ctx == NULL)
 			enc=NULL;
 		else
+			{
+			int ivlen;
 			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+			/* For TLSv1.1 and later explicit IV */
+			if (s->version >= TLS1_1_VERSION)
+				ivlen = EVP_CIPHER_iv_length(enc);
+			else
+				ivlen = 0;
+			if (ivlen > 1)
+				{
+				if ( rec->data != rec->input)
+				/* we can't write into the input stream:
+				 * Can this ever happen?? (steve)
+				 */
+				fprintf(stderr,
+					"%s:%d: rec->data != rec->input\n",
+					__FILE__, __LINE__);
+				else if (RAND_bytes(rec->input, ivlen) <= 0)
+					return -1;
+				}
+			}
 		}
 	else
 		{
@@ -746,7 +767,13 @@ int tls1_enc(SSL *s, int send)
 					return -1;
 					}
 				}
-			rec->length-=i;
+			rec->length -=i;
+			if (s->version >= TLS1_1_VERSION)
+				{
+				rec->data += bs;    /* skip the explicit IV */
+				rec->input += bs;
+				rec->length -= bs;
+				}
 			}
 		}
 	return(1);
author	Dr. Stephen Henson <steve@openssl.org>	2009-12-07 13:31:02 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-12-07 13:31:02 +0000
commit	637f374ad49d5f6d4f81d87d7cdd226428aa470c (patch)
tree	2f471a88015ddb5c1e0b3b8b36717db006b0361e /ssl/t1_enc.c
parent	7e4cae1d2f555cbe9226b377aff4b56c9f7ddd4d (diff)