From: tb Date: Tue, 9 Jul 2024 16:57:27 +0000 (+0000) Subject: Invert logic in tls1_prf_alg() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f0f3bd898064cfe738f4271456e2b91a7bc75105;p=openbsd Invert logic in tls1_prf_alg() --- diff --git a/lib/libcrypto/kdf/tls1_prf.c b/lib/libcrypto/kdf/tls1_prf.c index 3bef26ea7a5..26fa653f961 100644 --- a/lib/libcrypto/kdf/tls1_prf.c +++ b/lib/libcrypto/kdf/tls1_prf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1_prf.c,v 1.23 2024/07/09 16:54:13 tb Exp $ */ +/* $OpenBSD: tls1_prf.c,v 1.24 2024/07/09 16:57:27 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 2016. @@ -326,31 +326,31 @@ tls1_prf_alg(const EVP_MD *md, const unsigned char *seed, size_t seed_len, unsigned char *out, size_t out_len) { + unsigned char *tmp; + size_t i; - if (EVP_MD_type(md) == NID_md5_sha1) { - size_t i; - unsigned char *tmp; - if (!tls1_prf_P_hash(EVP_md5(), - secret, secret_len/2 + (secret_len & 1), - seed, seed_len, out, out_len)) - return 0; + if (EVP_MD_type(md) != NID_md5_sha1) + return tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, + out, out_len); - if ((tmp = calloc(1, out_len)) == NULL) { - KDFerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2, - secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) { - freezero(tmp, out_len); - return 0; - } - for (i = 0; i < out_len; i++) - out[i] ^= tmp[i]; - freezero(tmp, out_len); - return 1; + if (!tls1_prf_P_hash(EVP_md5(), + secret, secret_len/2 + (secret_len & 1), + seed, seed_len, out, out_len)) + return 0; + + if ((tmp = calloc(1, out_len)) == NULL) { + KDFerror(ERR_R_MALLOC_FAILURE); + return 0; } - if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, out_len)) + if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2, + secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) { + freezero(tmp, out_len); return 0; + } + for (i = 0; i < out_len; i++) + out[i] ^= tmp[i]; + + freezero(tmp, out_len); return 1; }