update FAQ

[openssl.git] / ssl / d1_enc.c

diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index da42348b3df2f50677f23f52558abc676b110f0f..d242dcad42fd11be913f53aecbed20701d13903c 100644 (file)
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -126,6 +126,14 @@
 #include <openssl/des.h>
 #endif
 
+/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred. */
 int dtls1_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
@@ -165,8 +173,7 @@ int dtls1_enc(SSL *s, int send)
                if (EVP_MD_CTX_md(s->read_hash))
                        {
                        mac_size=EVP_MD_CTX_size(s->read_hash);
-                       if (mac_size < 0)
-                               return -1;
+                       OPENSSL_assert(mac_size >= 0);
                        }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
@@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               return -1;
+                               return 0;
                        }
                
                EVP_Cipher(ds,rec->data,rec->input,l);