Move need_empty_fragments inside the record layer

This flag can now be managed entirely by the new record layer code so we
move it into ossl_record_layer_st.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

ssl/record/methods/recmethod_local.h

@@ -139,6 +139,13 @@ struct ossl_record_layer_st
     /* The number of consecutive empty records we have received */
     size_t empty_record_count;
 
+    /*
+     * Do we need to send a prefix empty record before application data as a
+     * countermeasure against known-IV weakness (necessary for SSLv3 and
+     * TLSv1.0)
+     */
+    int need_empty_fragments;
+
     /* cryptographic state */
     EVP_CIPHER_CTX *enc_ctx;
 

ssl/record/methods/tls_common.c

@@ -1238,6 +1238,17 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
         goto err;
     }
 
+    if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0
+            && rl->version <= TLS1_VERSION
+            && !EVP_CIPHER_is_a(ciph, "NULL")
+            && !EVP_CIPHER_is_a(ciph, "RC4")) {
+        /*
+         * Enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        rl->need_empty_fragments = 1;
+    }
+
     *retrl = rl;
     return OSSL_RECORD_RETURN_SUCCESS;
  err:
@@ -1440,7 +1451,7 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
      * ourselves.
      * Do we need to do that recursion in order to add an empty record prefix?
      */
-    prefix = s->s3.need_empty_fragments
+    prefix = rl->need_empty_fragments
              && !clear
              && templates[0].type == SSL3_RT_APPLICATION_DATA;
 

ssl/s3_enc.c

@@ -259,22 +259,6 @@ int ssl3_setup_key_block(SSL_CONNECTION *s)
     /* Calls SSLfatal() as required */
     ret = ssl3_generate_key_block(s, p, num);
 
-    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
-        /*
-         * enable vulnerability countermeasure for CBC ciphers with known-IV
-         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-        s->s3.need_empty_fragments = 1;
-
-        if (s->session->cipher != NULL) {
-            if (s->session->cipher->algorithm_enc == SSL_eNULL)
-                s->s3.need_empty_fragments = 0;
-
-            if (s->session->cipher->algorithm_enc == SSL_RC4)
-                s->s3.need_empty_fragments = 0;
-        }
-    }
-
     return ret;
 }
 

ssl/ssl_local.h

@@ -1296,8 +1296,7 @@ struct ssl_connection_st {
         unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
         unsigned char server_random[SSL3_RANDOM_SIZE];
         unsigned char client_random[SSL3_RANDOM_SIZE];
-        /* flags for countermeasure against known-IV weakness */
-        int need_empty_fragments;
+
         /* used during startup, digest all incoming/outgoing packets */
         BIO *handshake_buffer;
         /*

ssl/t1_enc.c

@@ -523,23 +523,6 @@ int tls1_setup_key_block(SSL_CONNECTION *s)
         BIO_dump_indent(trc_out, p, num, 4);
     } OSSL_TRACE_END(TLS);
 
-    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
-        && SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) {
-        /*
-         * enable vulnerability countermeasure for CBC ciphers with known-IV
-         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-        s->s3.need_empty_fragments = 1;
-
-        if (s->session->cipher != NULL) {
-            if (s->session->cipher->algorithm_enc == SSL_eNULL)
-                s->s3.need_empty_fragments = 0;
-
-            if (s->session->cipher->algorithm_enc == SSL_RC4)
-                s->s3.need_empty_fragments = 0;
-        }
-    }
-
     ret = 1;
  err:
     return ret;