Use spans for the various TLS 1.3 secrets.
This undoes a lot of the MakeConstSpans and MakeSpans that were just
added, though it does require a bit of helper machinery. This should
make us much more consistent about which buffer is sized with which size
(even though they are secretly all the same size).
Change-Id: I772ffd2e69141ff20511bcd3add865afa82cf3a0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37127
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 1a49e4c..7457155 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -384,21 +384,20 @@
bool use_saved_value) {
SSL *const ssl = hs->ssl;
uint8_t verify_data_buf[EVP_MAX_MD_SIZE];
- const uint8_t *verify_data;
- size_t verify_data_len;
+ Span<const uint8_t> verify_data;
if (use_saved_value) {
assert(ssl->server);
- verify_data = hs->expected_client_finished;
- verify_data_len = hs->hash_len;
+ verify_data = hs->expected_client_finished();
} else {
- if (!tls13_finished_mac(hs, verify_data_buf, &verify_data_len,
- !ssl->server)) {
+ size_t len;
+ if (!tls13_finished_mac(hs, verify_data_buf, &len, !ssl->server)) {
return false;
}
- verify_data = verify_data_buf;
+ verify_data = MakeConstSpan(verify_data_buf, len);
}
- bool finished_ok = CBS_mem_equal(&msg.body, verify_data, verify_data_len);
+ bool finished_ok =
+ CBS_mem_equal(&msg.body, verify_data.data(), verify_data.size());
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
finished_ok = true;
#endif
