X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_cbc.c;h=73e12b6799b3e95d02773ac772f7a81225666b7c;hp=2e93657973ab709ae86144c36c894c5aa1782f7f;hb=29b490a45886b409fd402c233acda9659e3f2094;hpb=f93a41877d8d7a287debb7c63d7b646abaaf269c

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 2e93657973..73e12b6799 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -146,7 +146,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 	unsigned padding_length, good, to_check, i;
 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
 	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+	if (SSL_USE_EXPLICIT_IV(s))
 		{
 		/* These lengths are all public so we can test them in
 		 * non-constant time.
@@ -419,7 +419,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
  *   md_out_size: if non-NULL, the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.
- *   data: the record data itself, less any preceeding explicit IV.
+ *   data: the record data itself, less any preceding explicit IV.
  *   data_plus_mac_size: the secret, reported length of the data and MAC
  *     once the padding has been removed.
  *   data_plus_mac_plus_padding_size: the public length of the whole
@@ -462,6 +462,7 @@ void ssl3_cbc_digest_record(
 	* the hash. */
 	unsigned md_length_size = 8;
 	char length_is_big_endian = 1;
+	int ret;
 
 	/* This is a, hopefully redundant, check that allows us to forget about
 	 * many possible overflows later in this function. */
@@ -733,8 +734,8 @@ void ssl3_cbc_digest_record(
 		EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
 		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
 		}
-	EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
-	if (md_out_size)
+	ret = EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
+	if (ret && md_out_size)
 		*md_out_size = md_out_size_u;
 	EVP_MD_CTX_cleanup(&md_ctx);
 	}