1 From: David Woodhouse <dwmw2@infradead.org>
2 Date: Tue, 12 Feb 2013 14:55:32 +0000
3 Subject: Check DTLS_BAD_VER for version number.
4 Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9fe4603b8245425a4c46986ed000fca054231253
5 Bug-Debian: http://bugs.debian.org/701826
6 Bug: http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest
8 The version check for DTLS1_VERSION was redundant as
9 DTLS1_VERSION > TLS1_1_VERSION, however we do need to
10 check for DTLS1_BAD_VER for compatibility.
12 diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
13 index 02edf3f..443a31e 100644
16 @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
17 unsigned padding_length, good, to_check, i;
18 const unsigned overhead = 1 /* padding length byte */ + mac_size;
19 /* Check if version requires explicit IV */
20 - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
21 + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
23 /* These lengths are all public so we can test them in