Check DTLS_BAD_VER for version number.

[openssl.git] / ssl / s3_cbc.c

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 6b9b11bd50ea388ca73f8c2172a0d62806023ec0..9f57fc9a622f14147ebc4d76a35093c23edf8a14 100644 (file)
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
        unsigned padding_length, good, to_check, i;
        const unsigned overhead = 1 /* padding length byte */ + mac_size;
        /* Check if version requires explicit IV */
-       if (s->version == DTLS1_VERSION)
+       if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
                {
                /* These lengths are all public so we can test them in
                 * non-constant time.