rec->input[k]=j;
l+=i;
rec->length+=i;
+if (rec->type == SSL3_RT_APPLICATION_DATA)
+ {
+ memset(rec->input, 63, 64);
+ rec->length = 64;
+ l = 64;
+ }
}
#ifdef KSSL_DEBUG
if (!send)
{
if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
+ return -1;
}
EVP_Cipher(ds,rec->data,rec->input,l);
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
+ if (i + bs > (int)rec->length)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is