Add a define for the SSLv3 sequence size and use it, rather than sprinkling

magic numbers around. ok deraadt@
author: jsing <> 2014-06-08 15:10:14 +0000
committer: jsing <> 2014-06-08 15:10:14 +0000
commit: e09f346f585ebbff7e51f7095ad14e930011ddf9 (patch)
tree: eeaa4bb55da13a0440a55e4d626f2f38e5d93b9e /src/lib/libssl/s3_cbc.c
parent: 052a9a9be92e722401a6631b2605e5939c1cdce9 (diff)
download: openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.tar.gz
openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.tar.bz2
openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 9ba9896a52..eb1a8fdff7 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
         */
        if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
                /* First packet is even in size, so check */
-                if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+                if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
-                    !(padding_length & 1)) {
+                    SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
                }
                if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
author	jsing <>	2014-06-08 15:10:14 +0000
committer	jsing <>	2014-06-08 15:10:14 +0000
commit	e09f346f585ebbff7e51f7095ad14e930011ddf9 (patch)
tree	eeaa4bb55da13a0440a55e4d626f2f38e5d93b9e /src/lib/libssl/s3_cbc.c
parent	052a9a9be92e722401a6631b2605e5939c1cdce9 (diff)
download	openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.tar.gz openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.tar.bz2 openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.zip

diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index 9ba9896a52..eb1a8fdff7 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
172	*/	172	*/
173	if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {	173	if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
174	/* First packet is even in size, so check */	174	/* First packet is even in size, so check */
175	if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&	175	if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
176	!(padding_length & 1)) {	176	SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
177	s->s3->flags\|=TLS1_FLAGS_TLS_PADDING_BUG;	177	s->s3->flags\|=TLS1_FLAGS_TLS_PADDING_BUG;
178	}	178	}
179	if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&	179	if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&