diff options
author | David Woodhouse <dwmw2@infradead.org> | 2013-02-12 14:55:32 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-12 15:14:14 +0000 |
commit | d980abb22e22661e98e5cee33d760ab0c7584ecc (patch) | |
tree | bbe8c8629e7e4a177eadaff7ffb9401bf8b76ed0 /ssl | |
parent | b7c37f2fc0a891c01721ea6cedbc817dc2adb908 (diff) |
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
PR:2984
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_cbc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 2e93657973..1db1d8c32a 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -146,7 +146,7 @@ int tls1_cbc_remove_padding(const SSL* s, unsigned padding_length, good, to_check, i; const unsigned overhead = 1 /* padding length byte */ + mac_size; /* Check if version requires explicit IV */ - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { /* These lengths are all public so we can test them in * non-constant time. |