From 9f7bc5899b5335b444e8b9f837aee040b51730e7 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 2 May 2021 17:28:33 +0000
Subject: In the TLSv1.2 server, set up the key block after sending the CCS.

This avoids calling into the key block setup code multiple times and makes
the server code consistent with the client.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_srvr.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 2d1af2f86f..8e6a1859eb 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.106 2021/05/02 17:18:10 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.107 2021/05/02 17:28:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -641,12 +641,6 @@ ssl3_accept(SSL *s)
 
 		case SSL3_ST_SW_CHANGE_A:
 		case SSL3_ST_SW_CHANGE_B:
-			s->session->cipher = S3I(s)->hs.cipher;
-			if (!tls1_setup_key_block(s)) {
-				ret = -1;
-				goto end;
-			}
-
 			ret = ssl3_send_change_cipher_spec(s,
 			    SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
 			if (ret <= 0)
@@ -654,6 +648,12 @@ ssl3_accept(SSL *s)
 			S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
 			s->internal->init_num = 0;
 
+			s->session->cipher = S3I(s)->hs.cipher;
+			if (!tls1_setup_key_block(s)) {
+				ret = -1;
+				goto end;
+			}
+
 			if (!tls1_change_cipher_state(s,
 			    SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
 				ret = -1;
-- 
cgit v1.2.3-55-g6feb