svn commit: r254106 - vendor-crypto/openssl/dist/ssl
Xin LI
delphij at FreeBSD.org
Thu Aug 8 22:26:04 UTC 2013
Author: delphij
Date: Thu Aug 8 22:26:03 2013
New Revision: 254106
URL: http://svnweb.freebsd.org/changeset/base/254106
Log:
Integrate OpenSSL commit 9fe4603b8245425a4c46986ed000fca054231253:
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Feb 12 14:55:32 2013 +0000
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
PR:2984
(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
Approved by: benl
Modified:
vendor-crypto/openssl/dist/ssl/s3_cbc.c
Modified: vendor-crypto/openssl/dist/ssl/s3_cbc.c
==============================================================================
--- vendor-crypto/openssl/dist/ssl/s3_cbc.c Thu Aug 8 22:09:46 2013 (r254105)
+++ vendor-crypto/openssl/dist/ssl/s3_cbc.c Thu Aug 8 22:26:03 2013 (r254106)
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
{
/* These lengths are all public so we can test them in
* non-constant time.
More information about the svn-src-vendor
mailing list