ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV".

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index d2a5208824933baca05a0163809d017f6dc6cbcf..2486011bb5909f45dee89b4d1d3ecd5543078154 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -366,6 +366,10 @@ typedef struct ssl3_record_st
        {
 /*r */ int type;               /* type of record */
 /*rw*/ unsigned int length;    /* How many bytes available */
+/*rw*/ unsigned int orig_len;  /* How many bytes were available before padding
+                                  was removed? This is used to implement the
+                                  MAC check in constant time for CBC records.
+                                */
 /*r */ unsigned int off;       /* read/write offset into 'buf' */
 /*rw*/ unsigned char *data;    /* pointer to the record data */
 /*rw*/ unsigned char *input;   /* where the decode bytes are */