From: jsing Date: Sun, 2 May 2021 17:28:33 +0000 (+0000) Subject: In the TLSv1.2 server, set up the key block after sending the CCS. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=56985c136a01f2cc7e3fcd2f897091e9f2d15f42;p=openbsd In the TLSv1.2 server, set up the key block after sending the CCS. This avoids calling into the key block setup code multiple times and makes the server code consistent with the client. ok inoguchi@ tb@ --- diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 2d1af2f86f1..8e6a1859ebd 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.106 2021/05/02 17:18:10 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.107 2021/05/02 17:28:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -641,12 +641,6 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: - s->session->cipher = S3I(s)->hs.cipher; - if (!tls1_setup_key_block(s)) { - ret = -1; - goto end; - } - ret = ssl3_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); if (ret <= 0) @@ -654,6 +648,12 @@ ssl3_accept(SSL *s) S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; + s->session->cipher = S3I(s)->hs.cipher; + if (!tls1_setup_key_block(s)) { + ret = -1; + goto end; + } + if (!tls1_change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1;