1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index a0979b4c72..3bef26ea7a 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls1_prf.c,v 1.22 2024/07/09 16:53:33 tb Exp $ */
+/*      $OpenBSD: tls1_prf.c,v 1.23 2024/07/09 16:54:13 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2016.
@@ -70,7 +70,7 @@
 static int tls1_prf_alg(const EVP_MD *md,
    const unsigned char *secret, size_t secret_len,
    const unsigned char *seed, size_t seed_len,
-    unsigned char *out, size_t olen);
+    unsigned char *out, size_t out_len);
 #define TLS1_PRF_MAXBUF 1024
@@ -249,7 +249,7 @@ static int
 tls1_prf_P_hash(const EVP_MD *md,
    const unsigned char *secret, size_t sec_len,
    const unsigned char *seed, size_t seed_len,
-    unsigned char *out, size_t olen)
+    unsigned char *out, size_t out_len)
 {
        int chunk;
        EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
@@ -286,24 +286,24 @@ tls1_prf_P_hash(const EVP_MD *md,
                        goto err;
                if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
                        goto err;
-                if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+                if (out_len > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
                        goto err;
                if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
                        goto err;
-                if (olen > (size_t)chunk) {
+                if (out_len > (size_t)chunk) {
                        size_t mac_len;
                        if (!EVP_DigestSignFinal(ctx, out, &mac_len))
                                goto err;
                        out += mac_len;
-                        olen -= mac_len;
+                        out_len -= mac_len;
            /* calc the next A1 value */
                        if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
                                goto err;
                } else {                /* last one */
                        if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
                                goto err;
-                        memcpy(out, A1, olen);
+                        memcpy(out, A1, out_len);
                        break;
                }
        }
@@ -324,7 +324,7 @@ static int
 tls1_prf_alg(const EVP_MD *md,
    const unsigned char *secret, size_t secret_len,
    const unsigned char *seed, size_t seed_len,
-    unsigned char *out, size_t olen)
+    unsigned char *out, size_t out_len)
 {
        if (EVP_MD_type(md) == NID_md5_sha1) {
@@ -332,24 +332,24 @@ tls1_prf_alg(const EVP_MD *md,
                unsigned char *tmp;
                if (!tls1_prf_P_hash(EVP_md5(),
                    secret, secret_len/2 + (secret_len & 1),
-                    seed, seed_len, out, olen))
+                    seed, seed_len, out, out_len))
                        return 0;
-                if ((tmp = calloc(1, olen)) == NULL) {
+                if ((tmp = calloc(1, out_len)) == NULL) {
                        KDFerror(ERR_R_MALLOC_FAILURE);
                        return 0;
                }
                if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,
-                    secret_len/2 + (secret_len & 1), seed, seed_len, tmp, olen)) {
+                    secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {
-                        freezero(tmp, olen);
+                        freezero(tmp, out_len);
                        return 0;
                }
-                for (i = 0; i < olen; i++)
+                for (i = 0; i < out_len; i++)
                        out[i] ^= tmp[i];
-                freezero(tmp, olen);
+                freezero(tmp, out_len);
                return 1;
        }
-        if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, olen))
+        if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, out_len))
                return 0;
        return 1;

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c index a0979b4c72..3bef26ea7a 100644 --- a/src/lib/libcrypto/kdf/tls1_prf.c +++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1_prf.c,v 1.22 2024/07/09 16:53:33 tb Exp $ */	1	/* $OpenBSD: tls1_prf.c,v 1.23 2024/07/09 16:54:13 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4	* 2016.	4	* 2016.
@@ -70,7 +70,7 @@
70	static int tls1_prf_alg(const EVP_MD *md,	70	static int tls1_prf_alg(const EVP_MD *md,
71	const unsigned char *secret, size_t secret_len,	71	const unsigned char *secret, size_t secret_len,
72	const unsigned char *seed, size_t seed_len,	72	const unsigned char *seed, size_t seed_len,
73	unsigned char *out, size_t olen);	73	unsigned char *out, size_t out_len);
74		74
75	#define TLS1_PRF_MAXBUF 1024	75	#define TLS1_PRF_MAXBUF 1024
76		76
@@ -249,7 +249,7 @@ static int
249	tls1_prf_P_hash(const EVP_MD *md,	249	tls1_prf_P_hash(const EVP_MD *md,
250	const unsigned char *secret, size_t sec_len,	250	const unsigned char *secret, size_t sec_len,
251	const unsigned char *seed, size_t seed_len,	251	const unsigned char *seed, size_t seed_len,
252	unsigned char *out, size_t olen)	252	unsigned char *out, size_t out_len)
253	{	253	{
254	int chunk;	254	int chunk;
255	EVP_MD_CTX ctx = NULL, ctx_tmp = NULL, *ctx_init = NULL;	255	EVP_MD_CTX ctx = NULL, ctx_tmp = NULL, *ctx_init = NULL;
@@ -286,24 +286,24 @@ tls1_prf_P_hash(const EVP_MD *md,
286	goto err;	286	goto err;
287	if (!EVP_DigestSignUpdate(ctx, A1, A1_len))	287	if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
288	goto err;	288	goto err;
289	if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))	289	if (out_len > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
290	goto err;	290	goto err;
291	if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))	291	if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
292	goto err;	292	goto err;
293		293
294	if (olen > (size_t)chunk) {	294	if (out_len > (size_t)chunk) {
295	size_t mac_len;	295	size_t mac_len;
296	if (!EVP_DigestSignFinal(ctx, out, &mac_len))	296	if (!EVP_DigestSignFinal(ctx, out, &mac_len))
297	goto err;	297	goto err;
298	out += mac_len;	298	out += mac_len;
299	olen -= mac_len;	299	out_len -= mac_len;
300	/* calc the next A1 value */	300	/* calc the next A1 value */
301	if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))	301	if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
302	goto err;	302	goto err;
303	} else { /* last one */	303	} else { /* last one */
304	if (!EVP_DigestSignFinal(ctx, A1, &A1_len))	304	if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
305	goto err;	305	goto err;
306	memcpy(out, A1, olen);	306	memcpy(out, A1, out_len);
307	break;	307	break;
308	}	308	}
309	}	309	}
@@ -324,7 +324,7 @@ static int
324	tls1_prf_alg(const EVP_MD *md,	324	tls1_prf_alg(const EVP_MD *md,
325	const unsigned char *secret, size_t secret_len,	325	const unsigned char *secret, size_t secret_len,
326	const unsigned char *seed, size_t seed_len,	326	const unsigned char *seed, size_t seed_len,
327	unsigned char *out, size_t olen)	327	unsigned char *out, size_t out_len)
328	{	328	{
329		329
330	if (EVP_MD_type(md) == NID_md5_sha1) {	330	if (EVP_MD_type(md) == NID_md5_sha1) {
@@ -332,24 +332,24 @@ tls1_prf_alg(const EVP_MD *md,
332	unsigned char *tmp;	332	unsigned char *tmp;
333	if (!tls1_prf_P_hash(EVP_md5(),	333	if (!tls1_prf_P_hash(EVP_md5(),
334	secret, secret_len/2 + (secret_len & 1),	334	secret, secret_len/2 + (secret_len & 1),
335	seed, seed_len, out, olen))	335	seed, seed_len, out, out_len))
336	return 0;	336	return 0;
337		337
338	if ((tmp = calloc(1, olen)) == NULL) {	338	if ((tmp = calloc(1, out_len)) == NULL) {
339	KDFerror(ERR_R_MALLOC_FAILURE);	339	KDFerror(ERR_R_MALLOC_FAILURE);
340	return 0;	340	return 0;
341	}	341	}
342	if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,	342	if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len/2,
343	secret_len/2 + (secret_len & 1), seed, seed_len, tmp, olen)) {	343	secret_len/2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {
344	freezero(tmp, olen);	344	freezero(tmp, out_len);
345	return 0;	345	return 0;
346	}	346	}
347	for (i = 0; i < olen; i++)	347	for (i = 0; i < out_len; i++)
348	out[i] ^= tmp[i];	348	out[i] ^= tmp[i];
349	freezero(tmp, olen);	349	freezero(tmp, out_len);
350	return 1;	350	return 1;
351	}	351	}
352	if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, olen))	352	if (!tls1_prf_P_hash(md, secret, secret_len, seed, seed_len, out, out_len))
353	return 0;	353	return 0;
354		354
355	return 1;	355	return 1;