diff options
author | Matt Caswell <matt@openssl.org> | 2022-08-30 16:26:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-09-23 14:54:49 +0100 |
commit | b9e4e78342df6575b358def3d951227e9c6cebda (patch) | |
tree | e39c0b55283541cd005d44efd5acb20d333b0a62 /ssl/t1_enc.c | |
parent | 91141aa1b0ff9d92323e2545bb9f6f0d1e2a8844 (diff) |
Move need_empty_fragments inside the record layer
This flag can now be managed entirely by the new record layer code so we
move it into ossl_record_layer_st.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Diffstat (limited to 'ssl/t1_enc.c')
-rw-r--r-- | ssl/t1_enc.c | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 2ef0da41b5..88249c7951 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -523,23 +523,6 @@ int tls1_setup_key_block(SSL_CONNECTION *s) BIO_dump_indent(trc_out, p, num, 4); } OSSL_TRACE_END(TLS); - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) - && SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) { - /* - * enable vulnerability countermeasure for CBC ciphers with known-IV - * problem (http://www.openssl.org/~bodo/tls-cbc.txt) - */ - s->s3.need_empty_fragments = 1; - - if (s->session->cipher != NULL) { - if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3.need_empty_fragments = 0; - - if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3.need_empty_fragments = 0; - } - } - ret = 1; err: return ret; |