3 files changed, 23 insertions, 17 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index c8345f3a36..5353b5a3c8 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.8 2019/02/13 16:29:18 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.9 2019/02/14 17:55:31 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -308,8 +308,10 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
        tls13_record_layer_set_aead(ctx->rl, ctx->aead);
        tls13_record_layer_set_hash(ctx->rl, ctx->hash);
-        if (!tls13_record_layer_set_traffic_keys(ctx->rl,
+        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->server_handshake_traffic,
+            &secrets->server_handshake_traffic))
+                goto err;
+        if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
            &secrets->client_handshake_traffic))
                goto err;
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 2d23e6609b..71abb6c443 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.18 2019/02/14 17:50:07 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.19 2019/02/14 17:55:32 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -114,8 +114,10 @@ void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
 void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
    const EVP_MD *hash);
 void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
-int tls13_record_layer_set_traffic_keys(struct tls13_record_layer *rl,
+int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *read_key, struct tls13_secret *write_key);
+    struct tls13_secret *read_key);
+int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
+    struct tls13_secret *write_key);
 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index b70f9f174e..dbb5695d5e 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.1 2019/01/20 10:31:54 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.2 2019/02/14 17:55:32 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -260,21 +260,23 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx,
 }
 int
-tls13_record_layer_set_traffic_keys(struct tls13_record_layer *rl,
+tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *read_key, struct tls13_secret *write_key)
+    struct tls13_secret *read_key)
 {
        memset(rl->read_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN);
-        memset(rl->write_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN);
-        if (!tls13_record_layer_set_traffic_key(rl->aead, &rl->read_aead_ctx,
+        return tls13_record_layer_set_traffic_key(rl->aead, &rl->read_aead_ctx,
-            rl->hash, &rl->read_iv, &rl->read_nonce, read_key))
+            rl->hash, &rl->read_iv, &rl->read_nonce, read_key);
-                return 0;
+}
-        if (!tls13_record_layer_set_traffic_key(rl->aead, &rl->write_aead_ctx,
+int
-            rl->hash, &rl->write_iv, &rl->write_nonce, write_key))
+tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
-                return 0;
+    struct tls13_secret *write_key)
+{
+        memset(rl->write_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN);
-        return 1;
+        return tls13_record_layer_set_traffic_key(rl->aead, &rl->write_aead_ctx,
+            rl->hash, &rl->write_iv, &rl->write_nonce, write_key);
 }
 static int