X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=5290bf66659ae72e5266769903ea412f4b065952;hb=d7041ea5dec42326947781642ee330042b65609a;hp=b80525f3badea9e50cf61c3d99ec416e3906c980;hpb=82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc;p=oweals%2Fopenssl.git

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b80525f3ba..5290bf6665 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -110,10 +110,10 @@
  */
 
 #include <stdio.h>
+#include "ssl_locl.h"
 #include <openssl/comp.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#include "ssl_locl.h"
 #include <openssl/md5.h>
 
 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
@@ -483,14 +483,25 @@ printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
 #endif
 
-	/* enable vulnerability countermeasure for CBC ciphers with
-	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-	s->s3->need_empty_fragments = 1;
-#ifndef NO_RC4
-	if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-		s->s3->need_empty_fragments = 0;
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
+		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+				s->s3->need_empty_fragments = 0;
+			
+#ifndef OPENSSL_NO_RC4
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+				s->s3->need_empty_fragments = 0;
 #endif
-		
+			}
+		}
+
 	return(1);
 err:
 	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);