Initialize hash_len before using it Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 622d80453b5f8c057ec5f5bfb8ee6c88762af86c [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 13 14:38:40 2021 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 13 14:45:38 2021 +0100
tree: ddde65846705b01b2c2fd5495dc8f376e1892daa
parent: d61551c0170ea886428f243f299d6a31b6519234 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ae1a106..f07b189 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3631,6 +3631,14 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
 
+    /* There is currently no ciphersuite using another length with TLS 1.2 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        hash_len = 36;
+    else
+#endif
+        hash_len = 12;
+
     ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
 
     if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
@@ -3648,14 +3656,6 @@
         goto exit;
     }
 
-    /* There is currently no ciphersuite using another length with TLS 1.2 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        hash_len = 36;
-    else
-#endif
-        hash_len = 12;
-
     if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
         ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
     {
commit	622d80453b5f8c057ec5f5bfb8ee6c88762af86c	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Dec 13 14:38:40 2021 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Dec 13 14:45:38 2021 +0100
tree	ddde65846705b01b2c2fd5495dc8f376e1892daa
parent	d61551c0170ea886428f243f299d6a31b6519234 [diff] [blame]