summaryrefslogtreecommitdiffstats
path: root/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r--lib/libssl/tls13_client.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 25d78d1332f..1f51748147e 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.69 2021/01/05 17:32:39 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.70 2021/01/06 20:15:35 tb Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -1034,10 +1034,9 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
{
struct tls13_secrets *secrets = ctx->hs->secrets;
struct tls13_secret context = { .data = "", .len = 0 };
- struct tls13_secret finished_key;
+ struct tls13_secret finished_key = { .data = NULL, .len = 0 };
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
size_t transcript_hash_len;
- uint8_t key[EVP_MAX_MD_SIZE];
uint8_t *verify_data;
size_t verify_data_len;
unsigned int hlen;
@@ -1046,8 +1045,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
SSL *s = ctx->ssl;
int ret = 0;
- finished_key.data = key;
- finished_key.len = EVP_MD_size(ctx->hash);
+ if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash)))
+ goto err;
if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
&secrets->client_handshake_traffic, "finished",
@@ -1082,6 +1081,7 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
ret = 1;
err:
+ tls13_secret_cleanup(&finished_key);
HMAC_CTX_free(hmac_ctx);
return ret;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.