X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=559924d3681b1fc8f3ba6fa968fa33ccfbdebd05;hp=35fde29c8a5f4b65d1bf093a0af7ffad52887bce;hb=ea513641d05cfaa3f787de4ad19fdf9307869ad3;hpb=8537943e8bb9e191f764f8e7f6c691cd41a8c8d2

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 35fde29c8a..559924d368 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -474,6 +474,7 @@ int ssl3_enc(SSL *s, int send)
 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
 				return 0;
 				}
+			/* otherwise, rec->length >= bs */
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
@@ -482,7 +483,7 @@ int ssl3_enc(SSL *s, int send)
 			{
 			i=rec->data[l-1]+1;
 			/* SSL 3.0 bounds the number of padding bytes by the block size;
-			 * padding bytes (except that last) are arbitrary */
+			 * padding bytes (except the last one) are arbitrary */
 			if (i > bs)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
@@ -491,6 +492,7 @@ int ssl3_enc(SSL *s, int send)
 				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
 				return -1;
 				}
+			/* now i <= bs <= rec->length */
 			rec->length-=i;
 			}
 		}