diff --git a/src/internal.c b/src/internal.c index 5f12565ca..34401e6dc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15511,6 +15511,10 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, (void)input; (void)sz; + if (input == NULL) { + return BAD_FUNC_ARG; + } + switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case wolfssl_rc4: @@ -18386,6 +18390,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, FALL_THROUGH; case BUILD_MSG_HASH: { + /* done with size calculations */ + if (sizeOnly) + goto exit_buildmsg; + if (type == handshake && hashOutput) { ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz); if (ret != 0) @@ -18413,6 +18421,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, FALL_THROUGH; case BUILD_MSG_VERIFY_MAC: { + /* done with size calculations */ + if (sizeOnly) + goto exit_buildmsg; + /* User Record Layer Callback handling */ #ifdef ATOMIC_USER #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) @@ -18488,6 +18500,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, FALL_THROUGH; case BUILD_MSG_ENCRYPT: { + /* done with size calculations */ + if (sizeOnly) + goto exit_buildmsg; + #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) /* If we want the PREV_ORDER then modify CUR_ORDER sequence number * for all encryption algos that use it for encryption parameters */ @@ -18535,6 +18551,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, FALL_THROUGH; case BUILD_MSG_ENCRYPTED_VERIFY_MAC: { + /* done with size calculations */ + if (sizeOnly) + goto exit_buildmsg; + #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) if (ssl->options.startedETMWrite) { WOLFSSL_MSG("Calculate MAC of Encrypted Data");