diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 2c15081f45..32ffa88f15 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.104 2021/04/25 13:15:22 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.105 2021/04/30 19:26:45 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1797,9 +1797,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) | |||
| 1797 | p = fakekey; | 1797 | p = fakekey; |
| 1798 | } | 1798 | } |
| 1799 | 1799 | ||
| 1800 | s->session->master_key_length = | 1800 | if (!tls12_derive_master_secret(s, p, SSL_MAX_MASTER_KEY_LENGTH)) |
| 1801 | tls1_generate_master_secret(s, | 1801 | goto err; |
| 1802 | s->session->master_key, p, SSL_MAX_MASTER_KEY_LENGTH); | ||
| 1803 | 1802 | ||
| 1804 | freezero(pms, pms_len); | 1803 | freezero(pms, pms_len); |
| 1805 | 1804 | ||
| @@ -1867,8 +1866,8 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) | |||
| 1867 | goto fatal_err; | 1866 | goto fatal_err; |
| 1868 | } | 1867 | } |
| 1869 | 1868 | ||
| 1870 | s->session->master_key_length = tls1_generate_master_secret(s, | 1869 | if (!tls12_derive_master_secret(s, key, key_len)) |
| 1871 | s->session->master_key, key, key_len); | 1870 | goto err; |
| 1872 | 1871 | ||
| 1873 | DH_free(S3I(s)->tmp.dh); | 1872 | DH_free(S3I(s)->tmp.dh); |
| 1874 | S3I(s)->tmp.dh = NULL; | 1873 | S3I(s)->tmp.dh = NULL; |
| @@ -1928,8 +1927,8 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs) | |||
| 1928 | /* Derive the shared secret and compute master secret. */ | 1927 | /* Derive the shared secret and compute master secret. */ |
| 1929 | if (!ssl_kex_derive_ecdhe_ecp(ecdh, ecdh_peer, &key, &key_len)) | 1928 | if (!ssl_kex_derive_ecdhe_ecp(ecdh, ecdh_peer, &key, &key_len)) |
| 1930 | goto err; | 1929 | goto err; |
| 1931 | s->session->master_key_length = tls1_generate_master_secret(s, | 1930 | if (!tls12_derive_master_secret(s, key, key_len)) |
| 1932 | s->session->master_key, key, key_len); | 1931 | goto err; |
| 1933 | 1932 | ||
| 1934 | EC_KEY_free(S3I(s)->tmp.ecdh); | 1933 | EC_KEY_free(S3I(s)->tmp.ecdh); |
| 1935 | S3I(s)->tmp.ecdh = NULL; | 1934 | S3I(s)->tmp.ecdh = NULL; |
| @@ -1966,9 +1965,8 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, CBS *cbs) | |||
| 1966 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 1965 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); |
| 1967 | S3I(s)->tmp.x25519 = NULL; | 1966 | S3I(s)->tmp.x25519 = NULL; |
| 1968 | 1967 | ||
| 1969 | s->session->master_key_length = | 1968 | if (!tls12_derive_master_secret(s, shared_key, X25519_KEY_LENGTH)) |
| 1970 | tls1_generate_master_secret( | 1969 | goto err; |
| 1971 | s, s->session->master_key, shared_key, X25519_KEY_LENGTH); | ||
| 1972 | 1970 | ||
| 1973 | ret = 1; | 1971 | ret = 1; |
| 1974 | 1972 | ||
| @@ -2033,10 +2031,8 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) | |||
| 2033 | goto gerr; | 2031 | goto gerr; |
| 2034 | } | 2032 | } |
| 2035 | 2033 | ||
| 2036 | /* Generate master secret */ | 2034 | if (!tls12_derive_master_secret(s, premaster_secret, 32)) |
| 2037 | s->session->master_key_length = | 2035 | goto err; |
| 2038 | tls1_generate_master_secret( | ||
| 2039 | s, s->session->master_key, premaster_secret, 32); | ||
| 2040 | 2036 | ||
| 2041 | /* Check if pubkey from client certificate was used */ | 2037 | /* Check if pubkey from client certificate was used */ |
| 2042 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, | 2038 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, |