From f6240e5558a9dbe8219c0ede99f10f4e18f9a2eb Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 17 Jan 2019 09:52:00 -0800
Subject: [PATCH] Fix Checks 1. In the client, check the return code on
 wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue
 #2037.) 2. In HashOutput(), check that the hsHashes exists for the session
 before hashing. (Resolves issue #2038.)

---
 examples/client/client.c | 5 ++++-
 src/internal.c           | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index abbdb1ca8..35a61f05c 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2122,7 +2122,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         wolfSSL_CTX_set_group_messages(ctx);
 
 #ifndef NO_DH
-    wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+    if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits)
+            != WOLFSSL_SUCCESS) {
+        err_sys("Error setting minimum DH key size");
+    }
 #endif
 
     if (usePsk) {
diff --git a/src/internal.c b/src/internal.c
index 87266bf19..e97c8ff8a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6479,6 +6479,9 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
     int ret = 0;
     const byte* adj;
 
+    if (ssl->hsHashes == NULL)
+        return BAD_FUNC_ARG;
+
     adj = output + RECORD_HEADER_SZ + ivSz;
     sz -= RECORD_HEADER_SZ;