From dc958d4b752e05b4fef27418c3bced8d83e91779 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 9 Jul 2024 17:44:18 +0000
Subject: Align math with t1_enc.c

suggested by jsing on review
---
 src/lib/libcrypto/kdf/tls1_prf.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index e28962da2e..afc629b708 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls1_prf.c,v 1.34 2024/07/09 17:35:55 tb Exp $ */
+/*	$OpenBSD: tls1_prf.c,v 1.35 2024/07/09 17:44:18 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2016.
@@ -265,23 +265,25 @@ tls1_prf_alg(const EVP_MD *md,
     unsigned char *out, size_t out_len)
 {
 	unsigned char *tmp;
+	size_t half_len;
 	size_t i;
 
 	if (EVP_MD_type(md) != NID_md5_sha1)
 		return tls1_prf_P_hash(md, secret, secret_len, seed, seed_len,
 		    out, out_len);
 
-	if (!tls1_prf_P_hash(EVP_md5(),
-	    secret, secret_len / 2 + (secret_len & 1),
-	    seed, seed_len, out, out_len))
+	half_len = secret_len - secret_len / 2;
+	if (!tls1_prf_P_hash(EVP_md5(), secret, half_len, seed, seed_len,
+	    out, out_len))
 		return 0;
 
 	if ((tmp = calloc(1, out_len)) == NULL) {
 		KDFerror(ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
-	if (!tls1_prf_P_hash(EVP_sha1(), secret + secret_len / 2,
-	    secret_len / 2 + (secret_len & 1), seed, seed_len, tmp, out_len)) {
+	secret += secret_len - half_len;
+	if (!tls1_prf_P_hash(EVP_sha1(), secret, half_len, seed, seed_len,
+	    tmp, out_len)) {
 		freezero(tmp, out_len);
 		return 0;
 	}
-- 
cgit v1.2.3-55-g6feb