From 31e26e90200a0e79e3f108523facc54b5e1b86e2 Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 8 Aug 2013 22:26:03 +0000 Subject: [PATCH] Integrate OpenSSL commit 9fe4603b8245425a4c46986ed000fca054231253: Author: David Woodhouse Date: Tue Feb 12 14:55:32 2013 +0000 Check DTLS_BAD_VER for version number. The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. PR:2984 (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) Approved by: benl --- ssl/s3_cbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 02edf3f9189e..443a31e74627 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, unsigned padding_length, good, to_check, i; const unsigned overhead = 1 /* padding length byte */ + mac_size; /* Check if version requires explicit IV */ - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { /* These lengths are all public so we can test them in * non-constant time.