- mdlen = EVP_MD_size(md);
-
- if (insecret == NULL) {
- insecret = default_zeros;
- insecretlen = mdlen;
- }
- if (prevsecret == NULL) {
- prevsecret = default_zeros;
- prevsecretlen = 0;
- } else {
- EVP_MD_CTX *mctx = EVP_MD_CTX_new();
- unsigned char hash[EVP_MAX_MD_SIZE];
-
- /* The pre-extract derive step uses a hash of no messages */
- if (mctx == NULL
- || EVP_DigestInit_ex(mctx, md, NULL) <= 0
- || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
- ERR_R_INTERNAL_ERROR);
- EVP_MD_CTX_free(mctx);
- EVP_PKEY_CTX_free(pctx);
- return 0;
- }
- EVP_MD_CTX_free(mctx);
-
- /* Generate the pre-extract secret */
- if (!tls13_hkdf_expand(s, md, prevsecret,
- (unsigned char *)derived_secret_label,
- sizeof(derived_secret_label) - 1, hash, mdlen,
- preextractsec, mdlen)) {
- /* SSLfatal() already called */
- EVP_PKEY_CTX_free(pctx);
- return 0;
- }
-
- prevsecret = preextractsec;
- prevsecretlen = mdlen;
+ mdleni = EVP_MD_get_size(md);
+ /* Ensure cast to size_t is safe */
+ if (!ossl_assert(mdleni >= 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ EVP_KDF_CTX_free(kctx);
+ return 0;