X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fd1_enc.c;h=d242dcad42fd11be913f53aecbed20701d13903c;hp=c13b495a081f56941bea4e372ca149592cd035ee;hb=e9add063b50e8a460d5636055156d2760c2fe29f;hpb=2acc020b770920657a169bf6be4ff12b254255e6

diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index c13b495a08..d242dcad42 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -126,6 +126,14 @@
 #include <openssl/des.h>
 #endif
 
+/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred. */
 int dtls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
@@ -165,8 +173,7 @@ int dtls1_enc(SSL *s, int send)
 		if (EVP_MD_CTX_md(s->read_hash))
 			{
 			mac_size=EVP_MD_CTX_size(s->read_hash);
-			if (mac_size < 0)
-				return -1;
+			OPENSSL_assert(mac_size >= 0);
 			}
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
@@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send)
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
-				return -1;
+				return 0;
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
@@ -245,7 +252,6 @@ int dtls1_enc(SSL *s, int send)
                 }
 #endif	/* KSSL_DEBUG */
 
-		rec->orig_len = rec->length;
 		if ((bs != 1) && !send)
 			return tls1_cbc_remove_padding(s, rec, bs, mac_size);
 		}