]>
Commit | Line | Data |
---|---|---|
84745a0c AM |
1 | From: David Woodhouse <dwmw2@infradead.org> |
2 | Date: Tue, 12 Feb 2013 14:55:32 +0000 | |
3 | Subject: Check DTLS_BAD_VER for version number. | |
4 | Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9fe4603b8245425a4c46986ed000fca054231253 | |
5 | Bug-Debian: http://bugs.debian.org/701826 | |
6 | Bug: http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest | |
7 | ||
8 | The version check for DTLS1_VERSION was redundant as | |
9 | DTLS1_VERSION > TLS1_1_VERSION, however we do need to | |
10 | check for DTLS1_BAD_VER for compatibility. | |
11 | ||
12 | diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c | |
13 | index 02edf3f..443a31e 100644 | |
14 | --- a/ssl/s3_cbc.c | |
15 | +++ b/ssl/s3_cbc.c | |
16 | @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, | |
17 | unsigned padding_length, good, to_check, i; | |
18 | const unsigned overhead = 1 /* padding length byte */ + mac_size; | |
19 | /* Check if version requires explicit IV */ | |
20 | - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) | |
21 | + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) | |
22 | { | |
23 | /* These lengths are all public so we can test them in | |
24 | * non-constant time. | |
25 |