ssl/[d1|s3]_pkt.c: harmomize orig_len handling.

(cherry picked from commit 8545f73b8919770a5d012fe7a82d6785b69baa27)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 9db44c95f9bd843ea98bbd33b4c5beb6e3294130..55765d1cfb846c296ef96095b125cd232bcd421c 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -362,7 +362,6 @@ dtls1_process_record(SSL *s)
 
        /* decrypt in place in 'rr->input' */
        rr->data=rr->input;
-       orig_len=rr->length;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
        /* enc_err is:
@@ -394,6 +393,9 @@ printf("\n");
                mac_size=EVP_MD_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
 
+               /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+               orig_len = rr->length+((unsigned int)rr->type>>8);
+
                /* orig_len is the length of the record before any padding was
                 * removed. This is public information, as is the MAC in use,
                 * therefore we can safely process the record in a different

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 707738be94c46f7ec29383bd6808e3e1b262a266..ff54ab75fb60f0ceef547fd3c6398e9c0c73ff47 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -351,7 +351,6 @@ again:
 
        /* decrypt in place in 'rr->input' */
        rr->data=rr->input;
-       orig_len=rr->length;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
        /* enc_err is:
@@ -382,6 +381,9 @@ printf("\n");
                mac_size=EVP_MD_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
 
+               /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+               orig_len = rr->length+((unsigned int)rr->type>>8);
+
                /* orig_len is the length of the record before any padding was
                 * removed. This is public information, as is the MAC in use,
                 * therefore we can safely process the record in a different