ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 0282ef4620d0af01d09ff7307b276917b6e976fa..196f0739d5fea556fd024d1289fd75c7dbe92ae8 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -730,7 +730,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
        EVP_MD_CTX md_ctx;
        const EVP_MD_CTX *hash;
        unsigned char *p,rec_char;
        EVP_MD_CTX md_ctx;
        const EVP_MD_CTX *hash;
        unsigned char *p,rec_char;

-       size_t md_size;
+       size_t md_size, orig_len;

        int npad;
        int t;
 
        int npad;
        int t;
 


@@ -755,6 +755,10 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
        md_size=t;
        npad=(48/md_size)*md_size;
 
        md_size=t;
        npad=(48/md_size)*md_size;
 

+       /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
+       orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
+       rec->type &= 0xff;
+

        if (!send &&
            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
            ssl3_cbc_record_digest_supported(hash))
        if (!send &&
            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
            ssl3_cbc_record_digest_supported(hash))


@@ -786,7 +790,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
                        hash,
                        md, &md_size,
                        header, rec->input,
                        hash,
                        md, &md_size,
                        header, rec->input,

-                       rec->length + md_size, rec->orig_len,
+                       rec->length + md_size, orig_len,

                        mac_sec, md_size,
                        1 /* is SSLv3 */);
                }
                        mac_sec, md_size,
                        1 /* is SSLv3 */);
                }