From owner-svn-src-vendor@FreeBSD.ORG  Thu Aug  8 22:26:04 2013
Return-Path: <owner-svn-src-vendor@FreeBSD.ORG>
Delivered-To: svn-src-vendor@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 0A568DB2;
 Thu,  8 Aug 2013 22:26:04 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id EB0B327B4;
 Thu,  8 Aug 2013 22:26:03 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r78MQ3T2084328;
 Thu, 8 Aug 2013 22:26:03 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id r78MQ3nD084327;
 Thu, 8 Aug 2013 22:26:03 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201308082226.r78MQ3nD084327@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Thu, 8 Aug 2013 22:26:03 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r254106 - vendor-crypto/openssl/dist/ssl
X-SVN-Group: vendor-crypto
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-vendor@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the vendor work area tree
 <svn-src-vendor.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-vendor>,
 <mailto:svn-src-vendor-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-vendor>
List-Post: <mailto:svn-src-vendor@freebsd.org>
List-Help: <mailto:svn-src-vendor-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-vendor>,
 <mailto:svn-src-vendor-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 22:26:04 -0000

Author: delphij
Date: Thu Aug  8 22:26:03 2013
New Revision: 254106
URL: http://svnweb.freebsd.org/changeset/base/254106

Log:
  Integrate OpenSSL commit 9fe4603b8245425a4c46986ed000fca054231253:
  Author: David Woodhouse <dwmw2@infradead.org>
  Date:   Tue Feb 12 14:55:32 2013 +0000
  
      Check DTLS_BAD_VER for version number.
  
      The version check for DTLS1_VERSION was redundant as
      DTLS1_VERSION > TLS1_1_VERSION, however we do need to
      check for DTLS1_BAD_VER for compatibility.
  
      PR:2984
      (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
  
  Approved by:	benl

Modified:
  vendor-crypto/openssl/dist/ssl/s3_cbc.c

Modified: vendor-crypto/openssl/dist/ssl/s3_cbc.c
==============================================================================
--- vendor-crypto/openssl/dist/ssl/s3_cbc.c	Thu Aug  8 22:09:46 2013	(r254105)
+++ vendor-crypto/openssl/dist/ssl/s3_cbc.c	Thu Aug  8 22:26:03 2013	(r254106)
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
 	unsigned padding_length, good, to_check, i;
 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
 	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
 		{
 		/* These lengths are all public so we can test them in
 		 * non-constant time.