Fix error codes.

[oweals/openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 64cef2abfae205e50d1bc55c280e20862d46ed7f..35fcddf5b1c45d63f5ed70e85f89d5088988e9ab 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -400,7 +400,6 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 
        /* decrypt in place in 'rr->input' */
        rr->data=rr->input;
-       orig_len=rr->length;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
        /* enc_err is:
@@ -410,7 +409,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
        if (enc_err == 0)
                {
                al=SSL_AD_DECRYPTION_FAILED;
-               SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                goto f_err;
                }
 
@@ -431,6 +430,9 @@ printf("\n");
                mac_size=EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
 
+               /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+               orig_len = rr->length+((unsigned int)rr->type>>8);
+
                /* orig_len is the length of the record before any padding was
                 * removed. This is public information, as is the MAC in use,
                 * therefore we can safely process the record in a different