ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.

author: Andy Polyakov <appro@openssl.org> 2013-02-01 15:31:50 +0100
committer: Andy Polyakov <appro@openssl.org> 2013-02-01 15:34:09 +0100
commit: ec07246a0835a36af9d892f1e28b594018be6da1 (patch)
tree: 955cb6700539d31dc4dd53b9aad1747313ce5261 /ssl/t1_enc.c
parent: 04e45b52ee3be81121359cc1198fd01e38096e9f (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 6fbe2c33aa..809ad2ee1e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -949,7 +949,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	SSL3_RECORD *rec;
 	unsigned char *seq;
 	EVP_MD_CTX *hash;
-	size_t md_size;
+	size_t md_size, orig_len;
 	int i;
 	EVP_MD_CTX hmac, *mac_ctx;
 	unsigned char header[13];
@@ -996,6 +996,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	else
 		memcpy(header, seq, 8);
 
+	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
+	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
+	rec->type &= 0xff;
+
 	header[8]=rec->type;
 	header[9]=(unsigned char)(ssl->version>>8);
 	header[10]=(unsigned char)(ssl->version);
@@ -1014,7 +1018,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 			mac_ctx,
 			md, &md_size,
 			header, rec->input,
-			rec->length + md_size, rec->orig_len,
+			rec->length + md_size, orig_len,
 			ssl->s3->read_mac_secret,
 			ssl->s3->read_mac_secret_size,
 			0 /* not SSLv3 */);
@@ -1030,7 +1034,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 			tls_fips_digest_extra(
 	    				ssl->enc_read_ctx,
 					mac_ctx, rec->input,
-					rec->length, rec->orig_len);
+					rec->length, orig_len);
 #endif
 		}
author	Andy Polyakov <appro@openssl.org>	2013-02-01 15:31:50 +0100
committer	Andy Polyakov <appro@openssl.org>	2013-02-01 15:34:09 +0100
commit	ec07246a0835a36af9d892f1e28b594018be6da1 (patch)
tree	955cb6700539d31dc4dd53b9aad1747313ce5261 /ssl/t1_enc.c
parent	04e45b52ee3be81121359cc1198fd01e38096e9f (diff)