Check DTLS_BAD_VER for version number.

author David Woodhouse <dwmw2@infradead.org>

Tue, 12 Feb 2013 15:09:44 +0000 (15:09 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 12 Feb 2013 15:09:44 +0000 (15:09 +0000)
author David Woodhouse <dwmw2@infradead.org>
Tue, 12 Feb 2013 15:09:44 +0000 (15:09 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 12 Feb 2013 15:09:44 +0000 (15:09 +0000)
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c

index 5b3f3713b12cbc2a0d4a9a117ebd0032c1b3237d..61413b8eca1c4f4bb1a28896ece85920019bc57e 100644 (file)
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
         unsigned padding_length, good, to_check, i;
         const unsigned overhead = 1 /* padding length byte */ + mac_size;
         /* Check if version requires explicit IV */
-       if (s->version == DTLS1_VERSION)
+       if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
                 {
                 /* These lengths are all public so we can test them in
                  * non-constant time.
author	David Woodhouse <dwmw2@infradead.org>
	Tue, 12 Feb 2013 15:09:44 +0000 (15:09 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 12 Feb 2013 15:09:44 +0000 (15:09 +0000)