projects / packages / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 84745a0c AM |
1 | From: David Woodhouse <dwmw2@infradead.org> |
| 2 | Date: Tue, 12 Feb 2013 14:55:32 +0000 | |
| 3 | Subject: Check DTLS_BAD_VER for version number. | |
| 4 | Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9fe4603b8245425a4c46986ed000fca054231253 | |
| 5 | Bug-Debian: http://bugs.debian.org/701826 | |
| 6 | Bug: http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest | |
| 7 | ||
| 8 | The version check for DTLS1_VERSION was redundant as | |
| 9 | DTLS1_VERSION > TLS1_1_VERSION, however we do need to | |
| 10 | check for DTLS1_BAD_VER for compatibility. | |
| 11 | ||
| 12 | diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c | |
| 13 | index 02edf3f..443a31e 100644 | |
| 14 | --- a/ssl/s3_cbc.c | |
| 15 | +++ b/ssl/s3_cbc.c | |
| 16 | @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, | |
| 17 | unsigned padding_length, good, to_check, i; | |
| 18 | const unsigned overhead = 1 /* padding length byte */ + mac_size; | |
| 19 | /* Check if version requires explicit IV */ | |
| 20 | - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) | |
| 21 | + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) | |
| 22 | { | |
| 23 | /* These lengths are all public so we can test them in | |
| 24 | * non-constant time. | |
| 25 |