X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_cbc.c;h=73e12b6799b3e95d02773ac772f7a81225666b7c;hp=87cdc3b2447ecc1d4eaa5a4878d8a9279aaddc17;hb=78038e095fcd0c1f849cfdcb0ff20b00f8d0223f;hpb=0850f11855fff2691d5827ea56b4b55307163612

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 87cdc3b244..73e12b6799 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -146,7 +146,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 	unsigned padding_length, good, to_check, i;
 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
 	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+	if (SSL_USE_EXPLICIT_IV(s))
 		{
 		/* These lengths are all public so we can test them in
 		 * non-constant time.
@@ -419,7 +419,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
  *   md_out_size: if non-NULL, the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.
- *   data: the record data itself, less any preceeding explicit IV.
+ *   data: the record data itself, less any preceding explicit IV.
  *   data_plus_mac_size: the secret, reported length of the data and MAC
  *     once the padding has been removed.
  *   data_plus_mac_plus_padding_size: the public length of the whole