diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc
index 8f4e53bc..ef095898 100644
--- a/ssl/ssl_x509.cc
+++ b/ssl/ssl_x509.cc
@@ -249,11 +249,10 @@ static int ssl_crypto_x509_check_client_CA_list(
     STACK_OF(CRYPTO_BUFFER) *names) {
   for (const CRYPTO_BUFFER *buffer : names) {
     const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
-    X509_NAME *name = d2i_X509_NAME(NULL, &inp, CRYPTO_BUFFER_len(buffer));
-    const int ok = name != NULL && inp == CRYPTO_BUFFER_data(buffer) +
-                                              CRYPTO_BUFFER_len(buffer);
-    X509_NAME_free(name);
-    if (!ok) {
+    UniquePtr<X509_NAME> name(
+        d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
+    if (name == nullptr ||
+        inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {
       return 0;
     }
   }
diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc
index 0c2c20dd..84bc5d22 100644
--- a/ssl/tls13_enc.cc
+++ b/ssl/tls13_enc.cc
@@ -74,8 +74,7 @@ static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest,
 
   ScopedCBB cbb;
   CBB child;
-  uint8_t *hkdf_label;
-  size_t hkdf_label_len;
+  Array<uint8_t> hkdf_label;
   if (!CBB_init(cbb.get(), 2 + 1 + strlen(kTLS13LabelVersion) + label_len + 1 +
                                hash_len) ||
       !CBB_add_u16(cbb.get(), len) ||
@@ -85,14 +84,12 @@ static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest,
       !CBB_add_bytes(&child, (const uint8_t *)label, label_len) ||
       !CBB_add_u8_length_prefixed(cbb.get(), &child) ||
       !CBB_add_bytes(&child, hash, hash_len) ||
-      !CBB_finish(cbb.get(), &hkdf_label, &hkdf_label_len)) {
+      !CBBFinishArray(cbb.get(), &hkdf_label)) {
     return 0;
   }
 
-  int ret = HKDF_expand(out, len, digest, secret, secret_len, hkdf_label,
-                        hkdf_label_len);
-  OPENSSL_free(hkdf_label);
-  return ret;
+  return HKDF_expand(out, len, digest, secret, secret_len, hkdf_label.data(),
+                     hkdf_label.size());
 }
 
 static const char kTLS13LabelDerived[] = "derived";