artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: baa34b1)
Use better order in EVP_PKEY_CTRL_TLS_SECRET
authortb <tb@openbsd.org>
Tue, 9 Jul 2024 17:04:50 +0000 (17:04 +0000)
committertb <tb@openbsd.org>
Tue, 9 Jul 2024 17:04:50 +0000 (17:04 +0000)
Also avoid an unnecessary NULL check.

lib/libcrypto/kdf/tls1_prf.c patch | blob | history

diff --git a/lib/libcrypto/kdf/tls1_prf.c b/lib/libcrypto/kdf/tls1_prf.c
index cefb3e2..594537c 100644 (file)
--- a/lib/libcrypto/kdf/tls1_prf.c
+++ b/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tls1_prf.c,v 1.30 2024/07/09 17:01:40 tb Exp $ */
+/*     $OpenBSD: tls1_prf.c,v 1.31 2024/07/09 17:04:50 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2016.
@@ -119,15 +119,14 @@ pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
        case EVP_PKEY_CTRL_TLS_SECRET:
                if (p1 < 0)
                        return 0;
-               if (kctx->secret != NULL)
-                       freezero(kctx->secret, kctx->secret_len);
-
-               explicit_bzero(kctx->seed, kctx->seed_len);
-               kctx->seed_len = 0;
 
+               freezero(kctx->secret, kctx->secret_len);
                kctx->secret = NULL;
                kctx->secret_len = 0;
 
+               explicit_bzero(kctx->seed, kctx->seed_len);
+               kctx->seed_len = 0;
+
                if (p1 == 0 || p2 == NULL)
                        return 0;
 
OpenBSD src
by Ahmet Artu Yildirim