unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+ if (SSL_USE_EXPLICIT_IV(s))
{
/* These lengths are all public so we can test them in
* non-constant time.
* the hash. */
unsigned md_length_size = 8;
char length_is_big_endian = 1;
+ int ret;
/* This is a, hopefully redundant, check that allows us to forget about
* many possible overflows later in this function. */
EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
EVP_DigestUpdate(&md_ctx, mac_out, md_size);
}
- EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
- if (md_out_size)
+ ret = EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
+ if (ret && md_out_size)
*md_out_size = md_out_size_u;
EVP_MD_CTX_cleanup(&md_ctx);
}