aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/s3_pkt.c')
-rw-r--r--ssl/s3_pkt.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 6d0a2ee0cac6..707738be94c4 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -246,7 +246,7 @@ static int ssl3_get_record(SSL *s)
unsigned char *p;
unsigned char md[EVP_MAX_MD_SIZE];
short version;
- unsigned mac_size;
+ unsigned mac_size, orig_len;
size_t extra;
rr= &(s->s3->rrec);
@@ -351,7 +351,7 @@ again:
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
- rr->orig_len=rr->length;
+ orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
@@ -387,10 +387,10 @@ printf("\n");
* therefore we can safely process the record in a different
* amount of time if it's too short to possibly contain a MAC.
*/
- if (rr->orig_len < mac_size ||
+ if (orig_len < mac_size ||
/* CBC records must have a padding length byte too. */
(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- rr->orig_len < mac_size+1))
+ orig_len < mac_size+1))
{
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
@@ -405,12 +405,12 @@ printf("\n");
* without leaking the contents of the padding bytes.
* */
mac = mac_tmp;
- ssl3_cbc_copy_mac(mac_tmp, rr, mac_size);
+ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
rr->length -= mac_size;
}
else
{
- /* In this case there's no padding, so |rec->orig_len|
+ /* In this case there's no padding, so |orig_len|
* equals |rec->length| and we checked that there's
* enough bytes for |mac_size| above. */
rr->length -= mac_size;