diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2006-05-07 12:30:37 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2006-05-07 12:30:37 +0000 |
| commit | 5cda6c458211c2b5803f9616b192fd2e8c1c47f3 (patch) | |
| tree | cf9cfb7e43d0e31225513d5a70e638088a437b74 /ssl/t1_enc.c | |
| parent | 83ed49149ce8d93e5f564a3ce34ce5d1f73b794c (diff) | |
| download | openssl-5cda6c458211c2b5803f9616b192fd2e8c1c47f3.zip openssl-5cda6c458211c2b5803f9616b192fd2e8c1c47f3.tar.gz openssl-5cda6c458211c2b5803f9616b192fd2e8c1c47f3.tar.bz2 | |
Fix from stable branch.
Diffstat (limited to 'ssl/t1_enc.c')
| -rw-r--r-- | ssl/t1_enc.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index cf38aa0..4baea2d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -654,7 +654,15 @@ int tls1_enc(SSL *s, int send) { ii=i=rec->data[l-1]; /* padding_length */ i++; - if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) + /* NB: if compression is in operation the first packet + * may not be of even length so the padding bug check + * cannot be performed. This bug workaround has been + * around since SSLeay so hopefully it is either fixed + * now or no buggy implementation supports compression + * [steve] + */ + if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) + && !s->expand) { /* First packet is even in size, so check */ if ((memcmp(s->s3->read_sequence, |