From 7d038e9d4d83e7c7120e78418e108df70b9025d6 Mon Sep 17 00:00:00 2001 From: markus <> Date: Tue, 10 Sep 2002 16:31:57 +0000 Subject: merge openssl-0.9.7-beta3, tested on vax by miod@ --- src/lib/libssl/t1_enc.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'src/lib/libssl/t1_enc.c') diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index b80525f3ba..5290bf6665 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -110,10 +110,10 @@ */ #include +#include "ssl_locl.h" #include #include #include -#include "ssl_locl.h" #include static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, @@ -483,14 +483,25 @@ printf("\nkey block\n"); { int z; for (z=0; zs3->need_empty_fragments = 1; -#ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + { + /* enable vulnerability countermeasure for CBC ciphers with + * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) + */ + s->s3->need_empty_fragments = 1; + + if (s->session->cipher != NULL) + { + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) + s->s3->need_empty_fragments = 0; + +#ifndef OPENSSL_NO_RC4 + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) + s->s3->need_empty_fragments = 0; #endif - + } + } + return(1); err: SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); -- cgit v1.2.3-55-g6feb