1 files changed, 24 insertions, 1 deletions
diff --git a/src/lib/libssl/tls12_lib.c b/src/lib/libssl/tls12_lib.c
index 520f41678d..e7171ba833 100644
--- a/src/lib/libssl/tls12_lib.c
+++ b/src/lib/libssl/tls12_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls12_lib.c,v 1.1 2021/04/25 13:15:23 jsing Exp $ */
+/*      $OpenBSD: tls12_lib.c,v 1.2 2021/04/30 19:26:45 jsing Exp $ */
 /*
 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
 *
@@ -90,3 +90,26 @@ tls12_derive_peer_finished(SSL *s)
                    &S3I(s)->hs.peer_finished_len);
        }
 }
+int
+tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret,
+    size_t premaster_secret_len)
+{
+        s->session->master_key_length = 0;
+        if (premaster_secret_len == 0)
+                return 0;
+        CTASSERT(sizeof(s->session->master_key) == SSL_MAX_MASTER_KEY_LENGTH);
+        if (!tls1_PRF(s, premaster_secret, premaster_secret_len,
+            TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
+            s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
+            s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
+            s->session->master_key, sizeof(s->session->master_key)))
+                return 0;
+        s->session->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
+        return 1;
+}

diff --git a/src/lib/libssl/tls12_lib.c b/src/lib/libssl/tls12_lib.c index 520f41678d..e7171ba833 100644 --- a/src/lib/libssl/tls12_lib.c +++ b/src/lib/libssl/tls12_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls12_lib.c,v 1.1 2021/04/25 13:15:23 jsing Exp $ */	1	/* $OpenBSD: tls12_lib.c,v 1.2 2021/04/30 19:26:45 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -90,3 +90,26 @@ tls12_derive_peer_finished(SSL *s)
90	&S3I(s)->hs.peer_finished_len);	90	&S3I(s)->hs.peer_finished_len);
91	}	91	}
92	}	92	}
		93
		94	int
		95	tls12_derive_master_secret(SSL s, uint8_t premaster_secret,
		96	size_t premaster_secret_len)
		97	{
		98	s->session->master_key_length = 0;
		99
		100	if (premaster_secret_len == 0)
		101	return 0;
		102
		103	CTASSERT(sizeof(s->session->master_key) == SSL_MAX_MASTER_KEY_LENGTH);
		104
		105	if (!tls1_PRF(s, premaster_secret, premaster_secret_len,
		106	TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
		107	s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
		108	s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
		109	s->session->master_key, sizeof(s->session->master_key)))
		110	return 0;
		111
		112	s->session->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
		113
		114	return 1;
		115	}