1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index ad5275df60..a0979b4c72 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls1_prf.c,v 1.21 2024/07/09 16:52:34 tb Exp $ */
+/*      $OpenBSD: tls1_prf.c,v 1.22 2024/07/09 16:53:33 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2016.
@@ -100,6 +100,7 @@ static void
 pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
        struct tls1_prf_ctx *kctx = ctx->data;
        freezero(kctx->secret, kctx->secret_len);
        explicit_bzero(kctx->seed, kctx->seed_len);
        free(kctx);
@@ -109,6 +110,7 @@ static int
 pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
        struct tls1_prf_ctx *kctx = ctx->data;
        switch (type) {
        case EVP_PKEY_CTRL_TLS_MD:
                kctx->md = p2;
@@ -191,6 +193,7 @@ pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
    size_t *keylen)
 {
        struct tls1_prf_ctx *kctx = ctx->data;
        if (kctx->md == NULL) {
                KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
                return 0;
@@ -304,13 +307,16 @@ tls1_prf_P_hash(const EVP_MD *md,
                        break;
                }
        }
        ret = 1;
 err:
        EVP_PKEY_free(mac_key);
        EVP_MD_CTX_free(ctx);
        EVP_MD_CTX_free(ctx_tmp);
        EVP_MD_CTX_free(ctx_init);
        explicit_bzero(A1, sizeof(A1));
        return ret;
 }

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c index ad5275df60..a0979b4c72 100644 --- a/src/lib/libcrypto/kdf/tls1_prf.c +++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1_prf.c,v 1.21 2024/07/09 16:52:34 tb Exp $ */	1	/* $OpenBSD: tls1_prf.c,v 1.22 2024/07/09 16:53:33 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4	* 2016.	4	* 2016.
@@ -100,6 +100,7 @@ static void
100	pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)	100	pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
101	{	101	{
102	struct tls1_prf_ctx *kctx = ctx->data;	102	struct tls1_prf_ctx *kctx = ctx->data;
		103
103	freezero(kctx->secret, kctx->secret_len);	104	freezero(kctx->secret, kctx->secret_len);
104	explicit_bzero(kctx->seed, kctx->seed_len);	105	explicit_bzero(kctx->seed, kctx->seed_len);
105	free(kctx);	106	free(kctx);
@@ -109,6 +110,7 @@ static int
109	pkey_tls1_prf_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)	110	pkey_tls1_prf_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
110	{	111	{
111	struct tls1_prf_ctx *kctx = ctx->data;	112	struct tls1_prf_ctx *kctx = ctx->data;
		113
112	switch (type) {	114	switch (type) {
113	case EVP_PKEY_CTRL_TLS_MD:	115	case EVP_PKEY_CTRL_TLS_MD:
114	kctx->md = p2;	116	kctx->md = p2;
@@ -191,6 +193,7 @@ pkey_tls1_prf_derive(EVP_PKEY_CTX ctx, unsigned char key,
191	size_t *keylen)	193	size_t *keylen)
192	{	194	{
193	struct tls1_prf_ctx *kctx = ctx->data;	195	struct tls1_prf_ctx *kctx = ctx->data;
		196
194	if (kctx->md == NULL) {	197	if (kctx->md == NULL) {
195	KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);	198	KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
196	return 0;	199	return 0;
@@ -304,13 +307,16 @@ tls1_prf_P_hash(const EVP_MD *md,
304	break;	307	break;
305	}	308	}
306	}	309	}
		310
307	ret = 1;	311	ret = 1;
		312
308	err:	313	err:
309	EVP_PKEY_free(mac_key);	314	EVP_PKEY_free(mac_key);
310	EVP_MD_CTX_free(ctx);	315	EVP_MD_CTX_free(ctx);
311	EVP_MD_CTX_free(ctx_tmp);	316	EVP_MD_CTX_free(ctx_tmp);
312	EVP_MD_CTX_free(ctx_init);	317	EVP_MD_CTX_free(ctx_init);
313	explicit_bzero(A1, sizeof(A1));	318	explicit_bzero(A1, sizeof(A1));
		319
314	return ret;	320	return ret;
315	}	321	}
316		322