fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 88f0fe5..6b8f8e1 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -655,6 +655,8 @@
size_t transcript_len;
unsigned char *base_key = NULL;
+ mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
+ &ssl->handshake->tls13_hs_secrets;
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
const mbedtls_md_info_t* const md_info =
@@ -664,7 +666,10 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
if( dst_len < md_size )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ {
+ ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ goto exit;
+ }
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
transcript, sizeof( transcript ),
@@ -677,9 +682,9 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
if( from == MBEDTLS_SSL_IS_CLIENT )
- base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret;
+ base_key = tls13_hs_secrets->client_handshake_traffic_secret;
else
- base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
+ base_key = tls13_hs_secrets->server_handshake_traffic_secret;
ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
if( ret != 0 )
@@ -692,9 +697,15 @@
exit:
/* Erase handshake secrets */
if( from == MBEDTLS_SSL_IS_CLIENT )
- mbedtls_platform_zeroize( base_key, sizeof( ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret ) );
+ {
+ mbedtls_platform_zeroize( base_key,
+ sizeof( tls13_hs_secrets->client_handshake_traffic_secret ) );
+ }
else
- mbedtls_platform_zeroize( base_key, sizeof( ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret ) );
+ {
+ mbedtls_platform_zeroize( base_key,
+ sizeof( tls13_hs_secrets->server_handshake_traffic_secret ) );
+ }
mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
return( ret );
}
