Move need_empty_fragments inside the record layer

This flag can now be managed entirely by the new record layer code so we move it into ossl_record_layer_st. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
author: Matt Caswell <matt@openssl.org> 2022-08-30 16:26:33 +0100
committer: Matt Caswell <matt@openssl.org> 2022-09-23 14:54:49 +0100
commit: b9e4e78342df6575b358def3d951227e9c6cebda (patch)
tree: e39c0b55283541cd005d44efd5acb20d333b0a62 /ssl/t1_enc.c
parent: 91141aa1b0ff9d92323e2545bb9f6f0d1e2a8844 (diff)
1 files changed, 0 insertions, 17 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 2ef0da41b5..88249c7951 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -523,23 +523,6 @@ int tls1_setup_key_block(SSL_CONNECTION *s)
         BIO_dump_indent(trc_out, p, num, 4);
     } OSSL_TRACE_END(TLS);
 
-    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
-        && SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) {
-        /*
-         * enable vulnerability countermeasure for CBC ciphers with known-IV
-         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-        s->s3.need_empty_fragments = 1;
-
-        if (s->session->cipher != NULL) {
-            if (s->session->cipher->algorithm_enc == SSL_eNULL)
-                s->s3.need_empty_fragments = 0;
-
-            if (s->session->cipher->algorithm_enc == SSL_RC4)
-                s->s3.need_empty_fragments = 0;
-        }
-    }
-
     ret = 1;
  err:
     return ret;
author	Matt Caswell <matt@openssl.org>	2022-08-30 16:26:33 +0100
committer	Matt Caswell <matt@openssl.org>	2022-09-23 14:54:49 +0100
commit	b9e4e78342df6575b358def3d951227e9c6cebda (patch)
tree	e39c0b55283541cd005d44efd5acb20d333b0a62 /ssl/t1_enc.c
parent	91141aa1b0ff9d92323e2545bb9f6f0d1e2a8844 (diff)