From 56985c136a01f2cc7e3fcd2f897091e9f2d15f42 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 2 May 2021 17:28:33 +0000 Subject: [PATCH] In the TLSv1.2 server, set up the key block after sending the CCS. This avoids calling into the key block setup code multiple times and makes the server code consistent with the client. ok inoguchi@ tb@ --- lib/libssl/ssl_srvr.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 2d1af2f86f1..8e6a1859ebd 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.106 2021/05/02 17:18:10 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.107 2021/05/02 17:28:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -641,12 +641,6 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: - s->session->cipher = S3I(s)->hs.cipher; - if (!tls1_setup_key_block(s)) { - ret = -1; - goto end; - } - ret = ssl3_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); if (ret <= 0) @@ -654,6 +648,12 @@ ssl3_accept(SSL *s) S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; + s->session->cipher = S3I(s)->hs.cipher; + if (!tls1_setup_key_block(s)) { + ret = -1; + goto end; + } + if (!tls1_change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; -- 2.20.1