projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't crash when processing a zero-length, TLS >= 1.1 record.
[openssl.git] / ssl / t1_enc.c
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 0cb3c56478d6a57a338b9a01859d7840c830f53c..aaa4a5ef280296a6ef51a39167983563203fb6b6 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -635,6 +635,15 @@ err:
        return(ret);
        }
 
+/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured.
+ */
 int tls1_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
@@ -746,8 +755,6 @@ int tls1_enc(SSL *s, int send)
                }
 #endif /* KSSL_DEBUG */
 
-               rec->orig_len = rec->length;
-
                ret = 1;
                if (EVP_MD_CTX_md(s->read_hash) != NULL)
                        mac_size = EVP_MD_CTX_size(s->read_hash);
Unnamed repository; edit this file 'description' to name the repository.