Invert logic in tls1_prf_alg()

author: tb <> 2024-07-09 16:57:27 +0000
committer: tb <> 2024-07-09 16:57:27 +0000
commit: 220ce3429d868c3a6488a1a472a345c65451e2b8 (patch)
tree: 75d9affa4cd7a3258cbd726928bfbd676bcd8cc9 /src
parent: 4c989e2d45fbebdc8f00672e049919fa0cfd85cf (diff)
download: openbsd-220ce3429d868c3a6488a1a472a345c65451e2b8.tar.gz
openbsd-220ce3429d868c3a6488a1a472a345c65451e2b8.tar.bz2
openbsd-220ce3429d868c3a6488a1a472a345c65451e2b8.zip
1 files changed, 22 insertions, 22 deletions
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index 3bef26ea7a..26fa653f96 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls1_prf.c,v 1.23 2024/07/09 16:54:13 tb Exp $ */
+/*      $OpenBSD: tls1_prf.c,v 1.24 2024/07/09 16:57:27 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2016.
@@ -326,31 +326,31 @@ tls1_prf_alg(const EVP_MD *md,
    const unsigned char *seed, size_t seed_len,
    unsigned char *out, size_t out_len)
 {
+        unsigned char *tmp;
+        size_t i;
-        if (EVP_MD_type(md) == NID_md5_sha1) {
+        if (EVP_MD_type(md) != NID_md5_sha1)
-                size_t i;
+                return tls1_prf_P_hash(md, secret, secret_len, seed, seed_len,
-                unsigned char *tmp;
+                    out, out_len);
-                if (!tls1_prf_P_hash(EVP_md5(),
-                    secret, secret_len/2 + (secret_len & 1),
-                    seed, seed_len, out, out_len))
-                        return 0;
-                if ((tmp = calloc(1, out_len)) == NULL) {
+        if (!tls1_prf_P_hash(EVP_md5(),
-                        KDFerror(ERR_R_MALLOC_FAILURE);
+            secret, secret_len/2 + (secret_len & 1),
-                        return 0;
+            seed, seed_len, out, out_len))
-                }
+                return 0;
-                if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,
-                    secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {
+        if ((tmp = calloc(1, out_len)) == NULL) {
-                        freezero(tmp, out_len);
+                KDFerror(ERR_R_MALLOC_FAILURE);
-                        return 0;
+                return 0;
-                }
-                for (i = 0; i < out_len; i++)
-                        out[i] ^= tmp[i];
-                freezero(tmp, out_len);
-                return 1;
        }
-        if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, out_len))
+        if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,
+            secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {
+                freezero(tmp, out_len);
                return 0;
+        }
+        for (i = 0; i < out_len; i++)
+                out[i] ^= tmp[i];
+        freezero(tmp, out_len);
        return 1;
 }
author	tb <>	2024-07-09 16:57:27 +0000
committer	tb <>	2024-07-09 16:57:27 +0000
commit	220ce3429d868c3a6488a1a472a345c65451e2b8 (patch)
tree	75d9affa4cd7a3258cbd726928bfbd676bcd8cc9 /src
parent	4c989e2d45fbebdc8f00672e049919fa0cfd85cf (diff)
download	openbsd-220ce3429d868c3a6488a1a472a345c65451e2b8.tar.gz openbsd-220ce3429d868c3a6488a1a472a345c65451e2b8.tar.bz2 openbsd-220ce3429d868c3a6488a1a472a345c65451e2b8.zip

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c index 3bef26ea7a..26fa653f96 100644 --- a/src/lib/libcrypto/kdf/tls1_prf.c +++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1_prf.c,v 1.23 2024/07/09 16:54:13 tb Exp $ */	1	/* $OpenBSD: tls1_prf.c,v 1.24 2024/07/09 16:57:27 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4	* 2016.	4	* 2016.
@@ -326,31 +326,31 @@ tls1_prf_alg(const EVP_MD *md,
326	const unsigned char *seed, size_t seed_len,	326	const unsigned char *seed, size_t seed_len,
327	unsigned char *out, size_t out_len)	327	unsigned char *out, size_t out_len)
328	{	328	{
		329	unsigned char *tmp;
		330	size_t i;
329		331
330	if (EVP_MD_type(md) == NID_md5_sha1) {	332	if (EVP_MD_type(md) != NID_md5_sha1)
331	size_t i;	333	return tls1_prf_P_hash(md, secret, secret_len, seed, seed_len,
332	unsigned char *tmp;	334	out, out_len);
333	if (!tls1_prf_P_hash(EVP_md5(),
334	secret, secret_len/2 + (secret_len & 1),
335	seed, seed_len, out, out_len))
336	return 0;
337		335
338	if ((tmp = calloc(1, out_len)) == NULL) {	336	if (!tls1_prf_P_hash(EVP_md5(),
339	KDFerror(ERR_R_MALLOC_FAILURE);	337	secret, secret_len/2 + (secret_len & 1),
340	return 0;	338	seed, seed_len, out, out_len))
341	}	339	return 0;
342	if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,	340
343	secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {	341	if ((tmp = calloc(1, out_len)) == NULL) {
344	freezero(tmp, out_len);	342	KDFerror(ERR_R_MALLOC_FAILURE);
345	return 0;	343	return 0;
346	}
347	for (i = 0; i < out_len; i++)
348	out[i] ^= tmp[i];
349	freezero(tmp, out_len);
350	return 1;
351	}	344	}
352	if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, out_len))	345	if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,
		346	secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {
		347	freezero(tmp, out_len);
353	return 0;	348	return 0;
		349	}
		350	for (i = 0; i < out_len; i++)
		351	out[i] ^= tmp[i];
		352
		353	freezero(tmp, out_len);
354		354
355	return 1;	355	return 1;
356	}	356	}