1 files changed, 1 insertions, 19 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index fd4781b64c..57485caacf 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
 /* ====================================================================
 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
 *
@@ -165,24 +165,6 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
        padding_length = rec->data[rec->length - 1];
-        /* NB: if compression is in operation the first packet may not be of
-         * even length so the padding bug check cannot be performed. This bug
-         * workaround has been around since SSLeay so hopefully it is either
-         * fixed now or no buggy implementation supports compression [steve]
-         * (We don't support compression either, so it's not in operation.)
-         */
-        if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) {
-                /* First packet is even in size, so check */
-                if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
-                    SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
-                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-                }
-                if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
-                    padding_length > 0) {
-                        padding_length--;
-                }
-        }
        if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
                /* padding is already verified */
                rec->length -= padding_length + 1;

diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index fd4781b64c..57485caacf 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */	1	/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2012 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -165,24 +165,6 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
165		165
166	padding_length = rec->data[rec->length - 1];	166	padding_length = rec->data[rec->length - 1];
167		167
168	/* NB: if compression is in operation the first packet may not be of
169	* even length so the padding bug check cannot be performed. This bug
170	* workaround has been around since SSLeay so hopefully it is either
171	* fixed now or no buggy implementation supports compression [steve]
172	* (We don't support compression either, so it's not in operation.)
173	*/
174	if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) {
175	/* First packet is even in size, so check */
176	if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
177	SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
178	s->s3->flags\|=TLS1_FLAGS_TLS_PADDING_BUG;
179	}
180	if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
181	padding_length > 0) {
182	padding_length--;
183	}
184	}
185
186	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {	168	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
187	/* padding is already verified */	169	/* padding is already verified */
188	rec->length -= padding_length + 1;	170	rec->length -= padding_length + 1;