diff options
Diffstat (limited to 'net/quic/crypto')
-rw-r--r-- | net/quic/crypto/aead_base_decrypter_openssl.cc | 9 | ||||
-rw-r--r-- | net/quic/crypto/aead_base_encrypter_openssl.cc | 20 |
2 files changed, 14 insertions, 15 deletions
diff --git a/net/quic/crypto/aead_base_decrypter_openssl.cc b/net/quic/crypto/aead_base_decrypter_openssl.cc index fad0fe1..2190bf6 100644 --- a/net/quic/crypto/aead_base_decrypter_openssl.cc +++ b/net/quic/crypto/aead_base_decrypter_openssl.cc @@ -86,18 +86,21 @@ bool AeadBaseDecrypter::Decrypt(StringPiece nonce, return false; } - if (!EVP_AEAD_CTX_open( - ctx_.get(), output, output_length, ciphertext.size(), + ssize_t len = EVP_AEAD_CTX_open( + ctx_.get(), output, ciphertext.size(), reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(), reinterpret_cast<const uint8_t*>(ciphertext.data()), ciphertext.size(), reinterpret_cast<const uint8_t*>(associated_data.data()), - associated_data.size())) { + associated_data.size()); + + if (len < 0) { // Because QuicFramer does trial decryption, decryption errors are expected // when encryption level changes. So we don't log decryption errors. ClearOpenSslErrors(); return false; } + *output_length = len; return true; } diff --git a/net/quic/crypto/aead_base_encrypter_openssl.cc b/net/quic/crypto/aead_base_encrypter_openssl.cc index 7f2d3c6..9f053ab 100644 --- a/net/quic/crypto/aead_base_encrypter_openssl.cc +++ b/net/quic/crypto/aead_base_encrypter_openssl.cc @@ -81,18 +81,14 @@ bool AeadBaseEncrypter::Encrypt(StringPiece nonce, return false; } - size_t len; - if (!EVP_AEAD_CTX_seal( - ctx_.get(), - output, - &len, - plaintext.size() + auth_tag_size_, - reinterpret_cast<const uint8_t*>(nonce.data()), - nonce.size(), - reinterpret_cast<const uint8_t*>(plaintext.data()), - plaintext.size(), - reinterpret_cast<const uint8_t*>(associated_data.data()), - associated_data.size())) { + ssize_t len = EVP_AEAD_CTX_seal( + ctx_.get(), output, plaintext.size() + auth_tag_size_, + reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(), + reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size(), + reinterpret_cast<const uint8_t*>(associated_data.data()), + associated_data.size()); + + if (len < 0) { DLogOpenSslErrors(); return false; } |