ssl/statem_srvr.c: clean up handling of EVP_PKEY_decrypt() outlen

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17354)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2023-05-29 06:43:29 +0200
committer: Dr. David von Oheimb <dev@ddvo.net> 2023-05-30 22:02:10 +0200
commit: fdef95716dbcc6127d05f8cfc90f389a84acaf9b (patch)
tree: 1cfe97557adc7f6894bf30397cb73b5755c2c3ca /ssl
parent: 3179995f114fca4cb9958116e353ad6b686b7ecd (diff)
1 files changed, 5 insertions, 8 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ddc74883f5..c33e8f64e9 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3050,8 +3050,7 @@ static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt)
     }
 
     /* Also cleanses rsa_decrypt (on success or failure) */
-    if (!ssl_generate_master_secret(s, rsa_decrypt,
-                                    SSL_MAX_MASTER_KEY_LENGTH, 0)) {
+    if (!ssl_generate_master_secret(s, rsa_decrypt, outlen, 0)) {
         /* SSLfatal() already called */
         goto err;
     }
@@ -3216,7 +3215,7 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt)
     EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
     unsigned char premaster_secret[32];
     const unsigned char *start;
-    size_t outlen = 32, inlen;
+    size_t outlen = sizeof(premaster_secret), inlen;
     unsigned long alg_a;
     GOST_KX_MESSAGE *pKX = NULL;
     const unsigned char *ptr;
@@ -3291,8 +3290,7 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt)
         goto err;
     }
     /* Generate master secret */
-    if (!ssl_generate_master_secret(s, premaster_secret,
-                                    sizeof(premaster_secret), 0)) {
+    if (!ssl_generate_master_secret(s, premaster_secret, outlen, 0)) {
         /* SSLfatal() already called */
         goto err;
     }
@@ -3321,7 +3319,7 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt)
     EVP_PKEY *pk = NULL;
     unsigned char premaster_secret[32];
     const unsigned char *start = NULL;
-    size_t outlen = 32, inlen = 0;
+    size_t outlen = sizeof(premaster_secret), inlen = 0;
     int ret = 0;
     int cipher_nid = ossl_gost18_cke_cipher_nid(s);
     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
@@ -3375,8 +3373,7 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt)
         goto err;
     }
     /* Generate master secret */
-    if (!ssl_generate_master_secret(s, premaster_secret,
-         sizeof(premaster_secret), 0)) {
+    if (!ssl_generate_master_secret(s, premaster_secret, outlen, 0)) {
          /* SSLfatal() already called */
          goto err;
     }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2023-05-29 06:43:29 +0200
committer	Dr. David von Oheimb <dev@ddvo.net>	2023-05-30 22:02:10 +0200
commit	fdef95716dbcc6127d05f8cfc90f389a84acaf9b (patch)
tree	1cfe97557adc7f6894bf30397cb73b5755c2c3ca /ssl
parent	3179995f114fca4cb9958116e353ad6b686b7ecd (diff)