summaryrefslogtreecommitdiffstats
path: root/ssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r--ssl/s3_lib.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bcc0f9e5fd..524f5308f3 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4067,8 +4067,8 @@ EVP_PKEY *ssl_generate_pkey_curve(int id)
}
#endif
-/* Derive premaster or master secret for ECDH/DH */
-int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int genmaster)
+/* Derive secrets for ECDH/DH */
+int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
{
int rv = 0;
unsigned char *pms = NULL;
@@ -4093,9 +4093,20 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int genmaster)
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
goto err;
- if (genmaster) {
- /* Generate master secret and discard premaster */
- rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+ if (gensecret) {
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * TODO(TLS1.3): For now we just use the default early_secret, this
+ * will need to change later when other early_secrets will be
+ * possible.
+ */
+ rv = tls13_generate_early_secret(s, NULL, 0)
+ && tls13_generate_handshake_secret(s, pms, pmslen);
+ OPENSSL_free(pms);
+ } else {
+ /* Generate master secret and discard premaster */
+ rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+ }
pms = NULL;
} else {
/* Save premaster secret */
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 22:45:34 +0000