1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index 3ea7329f36..6d8263cbae 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls1_prf.c,v 1.17 2024/07/09 16:48:39 tb Exp $ */
+/*      $OpenBSD: tls1_prf.c,v 1.18 2024/07/09 16:50:07 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2016.
@@ -68,7 +68,7 @@
 #include "evp_local.h"
 static int tls1_prf_alg(const EVP_MD *md,
-    const unsigned char *sec, size_t slen,
+    const unsigned char *secret, size_t slen,
    const unsigned char *seed, size_t seed_len,
    unsigned char *out, size_t olen);
@@ -76,7 +76,7 @@ static int tls1_prf_alg(const EVP_MD *md,
 struct tls1_prf_ctx {
        const EVP_MD *md;
-        unsigned char *sec;
+        unsigned char *secret;
        size_t seclen;
        unsigned char seed[TLS1_PRF_MAXBUF];
        size_t seedlen;
@@ -100,7 +100,7 @@ static void
 pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
        struct tls1_prf_ctx *kctx = ctx->data;
-        freezero(kctx->sec, kctx->seclen);
+        freezero(kctx->secret, kctx->seclen);
        explicit_bzero(kctx->seed, kctx->seedlen);
        free(kctx);
 }
@@ -117,21 +117,21 @@ pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
        case EVP_PKEY_CTRL_TLS_SECRET:
                if (p1 < 0)
                        return 0;
-                if (kctx->sec != NULL)
+                if (kctx->secret != NULL)
-                        freezero(kctx->sec, kctx->seclen);
+                        freezero(kctx->secret, kctx->seclen);
                explicit_bzero(kctx->seed, kctx->seedlen);
                kctx->seedlen = 0;
-                kctx->sec = NULL;
+                kctx->secret = NULL;
                kctx->seclen = 0;
                if (p1 == 0 || p2 == NULL)
                        return 0;
-                if ((kctx->sec = calloc(1, p1)) == NULL)
+                if ((kctx->secret = calloc(1, p1)) == NULL)
                        return 0;
-                memcpy(kctx->sec, p2, p1);
+                memcpy(kctx->secret, p2, p1);
                kctx->seclen = p1;
                return 1;
@@ -195,7 +195,7 @@ pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
                return 0;
        }
-        if (kctx->sec == NULL) {
+        if (kctx->secret == NULL) {
                KDFerror(KDF_R_MISSING_SECRET);
                return 0;
        }
@@ -203,7 +203,7 @@ pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                KDFerror(KDF_R_MISSING_SEED);
                return 0;
        }
-        return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
+        return tls1_prf_alg(kctx->md, kctx->secret, kctx->seclen,
            kctx->seed, kctx->seedlen,
            key, *keylen);
 }
@@ -244,7 +244,7 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
 static int
 tls1_prf_P_hash(const EVP_MD *md,
-    const unsigned char *sec, size_t sec_len,
+    const unsigned char *secret, size_t sec_len,
    const unsigned char *seed, size_t seed_len,
    unsigned char *out, size_t olen)
 {
@@ -264,7 +264,7 @@ tls1_prf_P_hash(const EVP_MD *md,
        if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
                goto err;
        EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec,
+        mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, secret,
            sec_len);
        if (mac_key == NULL)
                goto err;
@@ -316,7 +316,7 @@ tls1_prf_P_hash(const EVP_MD *md,
 static int
 tls1_prf_alg(const EVP_MD *md,
-    const unsigned char *sec, size_t slen,
+    const unsigned char *secret, size_t slen,
    const unsigned char *seed, size_t seed_len,
    unsigned char *out, size_t olen)
 {
@@ -324,7 +324,7 @@ tls1_prf_alg(const EVP_MD *md,
        if (EVP_MD_type(md) == NID_md5_sha1) {
                size_t i;
                unsigned char *tmp;
-                if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),
+                if (!tls1_prf_P_hash(EVP_md5(), secret, slen/2 + (slen & 1),
                    seed, seed_len, out, olen))
                        return 0;
@@ -332,7 +332,7 @@ tls1_prf_alg(const EVP_MD *md,
                        KDFerror(ERR_R_MALLOC_FAILURE);
                        return 0;
                }
-                if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2,
+                if (!tls1_prf_P_hash(EVP_sha1(), secret + slen/2,
                    slen/2 + (slen & 1), seed, seed_len, tmp, olen)) {
                        freezero(tmp, olen);
                        return 0;
@@ -342,7 +342,7 @@ tls1_prf_alg(const EVP_MD *md,
                freezero(tmp, olen);
                return 1;
        }
-        if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))
+        if (!tls1_prf_P_hash(md, secret, slen, seed, seed_len, out, olen))
                return 0;
        return 1;

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c index 3ea7329f36..6d8263cbae 100644 --- a/src/lib/libcrypto/kdf/tls1_prf.c +++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1_prf.c,v 1.17 2024/07/09 16:48:39 tb Exp $ */	1	/* $OpenBSD: tls1_prf.c,v 1.18 2024/07/09 16:50:07 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4	* 2016.	4	* 2016.
@@ -68,7 +68,7 @@
68	#include "evp_local.h"	68	#include "evp_local.h"
69		69
70	static int tls1_prf_alg(const EVP_MD *md,	70	static int tls1_prf_alg(const EVP_MD *md,
71	const unsigned char *sec, size_t slen,	71	const unsigned char *secret, size_t slen,
72	const unsigned char *seed, size_t seed_len,	72	const unsigned char *seed, size_t seed_len,
73	unsigned char *out, size_t olen);	73	unsigned char *out, size_t olen);
74		74
@@ -76,7 +76,7 @@ static int tls1_prf_alg(const EVP_MD *md,
76		76
77	struct tls1_prf_ctx {	77	struct tls1_prf_ctx {
78	const EVP_MD *md;	78	const EVP_MD *md;
79	unsigned char *sec;	79	unsigned char *secret;
80	size_t seclen;	80	size_t seclen;
81	unsigned char seed[TLS1_PRF_MAXBUF];	81	unsigned char seed[TLS1_PRF_MAXBUF];
82	size_t seedlen;	82	size_t seedlen;
@@ -100,7 +100,7 @@ static void
100	pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)	100	pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
101	{	101	{
102	struct tls1_prf_ctx *kctx = ctx->data;	102	struct tls1_prf_ctx *kctx = ctx->data;
103	freezero(kctx->sec, kctx->seclen);	103	freezero(kctx->secret, kctx->seclen);
104	explicit_bzero(kctx->seed, kctx->seedlen);	104	explicit_bzero(kctx->seed, kctx->seedlen);
105	free(kctx);	105	free(kctx);
106	}	106	}
@@ -117,21 +117,21 @@ pkey_tls1_prf_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
117	case EVP_PKEY_CTRL_TLS_SECRET:	117	case EVP_PKEY_CTRL_TLS_SECRET:
118	if (p1 < 0)	118	if (p1 < 0)
119	return 0;	119	return 0;
120	if (kctx->sec != NULL)	120	if (kctx->secret != NULL)
121	freezero(kctx->sec, kctx->seclen);	121	freezero(kctx->secret, kctx->seclen);
122		122
123	explicit_bzero(kctx->seed, kctx->seedlen);	123	explicit_bzero(kctx->seed, kctx->seedlen);
124	kctx->seedlen = 0;	124	kctx->seedlen = 0;
125		125
126	kctx->sec = NULL;	126	kctx->secret = NULL;
127	kctx->seclen = 0;	127	kctx->seclen = 0;
128		128
129	if (p1 == 0 \|\| p2 == NULL)	129	if (p1 == 0 \|\| p2 == NULL)
130	return 0;	130	return 0;
131		131
132	if ((kctx->sec = calloc(1, p1)) == NULL)	132	if ((kctx->secret = calloc(1, p1)) == NULL)
133	return 0;	133	return 0;
134	memcpy(kctx->sec, p2, p1);	134	memcpy(kctx->secret, p2, p1);
135	kctx->seclen = p1;	135	kctx->seclen = p1;
136		136
137	return 1;	137	return 1;
@@ -195,7 +195,7 @@ pkey_tls1_prf_derive(EVP_PKEY_CTX ctx, unsigned char key,
195	KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);	195	KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
196	return 0;	196	return 0;
197	}	197	}
198	if (kctx->sec == NULL) {	198	if (kctx->secret == NULL) {
199	KDFerror(KDF_R_MISSING_SECRET);	199	KDFerror(KDF_R_MISSING_SECRET);
200	return 0;	200	return 0;
201	}	201	}
@@ -203,7 +203,7 @@ pkey_tls1_prf_derive(EVP_PKEY_CTX ctx, unsigned char key,
203	KDFerror(KDF_R_MISSING_SEED);	203	KDFerror(KDF_R_MISSING_SEED);
204	return 0;	204	return 0;
205	}	205	}
206	return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,	206	return tls1_prf_alg(kctx->md, kctx->secret, kctx->seclen,
207	kctx->seed, kctx->seedlen,	207	kctx->seed, kctx->seedlen,
208	key, *keylen);	208	key, *keylen);
209	}	209	}
@@ -244,7 +244,7 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
244		244
245	static int	245	static int
246	tls1_prf_P_hash(const EVP_MD *md,	246	tls1_prf_P_hash(const EVP_MD *md,
247	const unsigned char *sec, size_t sec_len,	247	const unsigned char *secret, size_t sec_len,
248	const unsigned char *seed, size_t seed_len,	248	const unsigned char *seed, size_t seed_len,
249	unsigned char *out, size_t olen)	249	unsigned char *out, size_t olen)
250	{	250	{
@@ -264,7 +264,7 @@ tls1_prf_P_hash(const EVP_MD *md,
264	if (ctx == NULL \|\| ctx_tmp == NULL \|\| ctx_init == NULL)	264	if (ctx == NULL \|\| ctx_tmp == NULL \|\| ctx_init == NULL)
265	goto err;	265	goto err;
266	EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);	266	EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
267	mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec,	267	mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, secret,
268	sec_len);	268	sec_len);
269	if (mac_key == NULL)	269	if (mac_key == NULL)
270	goto err;	270	goto err;
@@ -316,7 +316,7 @@ tls1_prf_P_hash(const EVP_MD *md,
316		316
317	static int	317	static int
318	tls1_prf_alg(const EVP_MD *md,	318	tls1_prf_alg(const EVP_MD *md,
319	const unsigned char *sec, size_t slen,	319	const unsigned char *secret, size_t slen,
320	const unsigned char *seed, size_t seed_len,	320	const unsigned char *seed, size_t seed_len,
321	unsigned char *out, size_t olen)	321	unsigned char *out, size_t olen)
322	{	322	{
@@ -324,7 +324,7 @@ tls1_prf_alg(const EVP_MD *md,
324	if (EVP_MD_type(md) == NID_md5_sha1) {	324	if (EVP_MD_type(md) == NID_md5_sha1) {
325	size_t i;	325	size_t i;
326	unsigned char *tmp;	326	unsigned char *tmp;
327	if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),	327	if (!tls1_prf_P_hash(EVP_md5(), secret, slen/2 + (slen & 1),
328	seed, seed_len, out, olen))	328	seed, seed_len, out, olen))
329	return 0;	329	return 0;
330		330
@@ -332,7 +332,7 @@ tls1_prf_alg(const EVP_MD *md,
332	KDFerror(ERR_R_MALLOC_FAILURE);	332	KDFerror(ERR_R_MALLOC_FAILURE);
333	return 0;	333	return 0;
334	}	334	}
335	if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2,	335	if (!tls1_prf_P_hash(EVP_sha1(), secret + slen/2,
336	slen/2 + (slen & 1), seed, seed_len, tmp, olen)) {	336	slen/2 + (slen & 1), seed, seed_len, tmp, olen)) {
337	freezero(tmp, olen);	337	freezero(tmp, olen);
338	return 0;	338	return 0;
@@ -342,7 +342,7 @@ tls1_prf_alg(const EVP_MD *md,
342	freezero(tmp, olen);	342	freezero(tmp, olen);
343	return 1;	343	return 1;
344	}	344	}
345	if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))	345	if (!tls1_prf_P_hash(md, secret, slen, seed, seed_len, out, olen))
346	return 0;	346	return 0;
347		347
348	return 1;	348	return 1;