summaryrefslogtreecommitdiffstats
path: root/crypto/openssl
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2013-08-08 22:29:35 +0000
committerdelphij <delphij@FreeBSD.org>2013-08-08 22:29:35 +0000
commitbaffb509e4ffa105af1955f5481fd1f05f3858c0 (patch)
tree280561bd48d0df63bb6369b436724b6a9b6b7611 /crypto/openssl
parentd7e2caa8b259a6db816d56306f50a6ecd8337cb4 (diff)
downloadFreeBSD-src-baffb509e4ffa105af1955f5481fd1f05f3858c0.zip
FreeBSD-src-baffb509e4ffa105af1955f5481fd1f05f3858c0.tar.gz
MFV r254106 (OpenSSL bugfix for RT #2984):
Check DTLS_BAD_VER for version number. The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. Requested by: zi Approved by: benl
Diffstat (limited to 'crypto/openssl')
-rw-r--r--crypto/openssl/ssl/s3_cbc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c
index 02edf3f..443a31e 100644
--- a/crypto/openssl/ssl/s3_cbc.c
+++ b/crypto/openssl/ssl/s3_cbc.c
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
{
/* These lengths are all public so we can test them in
* non-constant time.
OpenPOWER on IntegriCloud