1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index e8f7df572f..9ba9896a52 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
 {
        unsigned padding_length, good, to_check, i;
        const unsigned overhead = 1 /* padding length byte */ + mac_size;
        /* Check if version requires explicit IV */
-        if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) {
+        if (SSL_USE_EXPLICIT_IV(s)) {
                /* These lengths are all public so we can test them in
                 * non-constant time.
                 */

diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index e8f7df572f..9ba9896a52 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c
@@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
148	{	148	{
149	unsigned padding_length, good, to_check, i;	149	unsigned padding_length, good, to_check, i;
150	const unsigned overhead = 1 /* padding length byte */ + mac_size;	150	const unsigned overhead = 1 /* padding length byte */ + mac_size;
		151
151	/* Check if version requires explicit IV */	152	/* Check if version requires explicit IV */
152	if (s->version >= TLS1_1_VERSION \|\| s->version == DTLS1_BAD_VER) {	153	if (SSL_USE_EXPLICIT_IV(s)) {
153	/* These lengths are all public so we can test them in	154	/* These lengths are all public so we can test them in
154	* non-constant time.	155	* non-constant time.
155	*/	156	*/