On Mon, 2013-02-11 at 20:59 +0000, David Woodhouse wrote: > > From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 > > From: "Dr. Stephen Henson" <[email protected]> > > Date: Thu, 7 Feb 2013 21:06:37 +0000 > > Subject: [PATCH] Fix IV check and padding removal. > ... > + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) > > > That's redundant, isn't it? DTLS1_VERSION (0xfeff) is greater than > TLS1_1_version (0x302) anyway. > > DTLS1_BAD_VER isn't though. Changing the DTLS1_VERSION to DTLS1_BAD_VER > makes OpenConnect work again... > > diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c > index 2e93657..1db1d8c 100644 > --- a/ssl/s3_cbc.c > +++ b/ssl/s3_cbc.c > @@ -146,7 +146,7 @@ int tls1_cbc_remove_padding(const SSL* s, > unsigned padding_length, good, to_check, i; > const unsigned overhead = 1 /* padding length byte */ + mac_size; > /* Check if version requires explicit IV */ > - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) > + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) > { > /* These lengths are all public so we can test them in > * non-constant time.
Ah, it looks like you only moved the offending code; it was actually Ben's fault in commit 9f27de17 / 014265eb. (I'm so happy you finally moved to git :) -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
