#ifndef OPENSSL_NO_HEARTBEATS
case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
- if (SSL_IS_DTLS(s))
- ret = dtls1_heartbeat(s);
- break;
-
case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
- if (SSL_IS_DTLS(s))
- ret = s->tlsext_hb_pending;
- break;
-
case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
- if (SSL_IS_DTLS(s)) {
- if (larg)
- s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
- else
- s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
- ret = 1;
- }
break;
#endif
}
#endif
-/* Derive premaster or master secret for ECDH/DH */
-int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
+/* Derive secrets for ECDH/DH */
+int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
{
int rv = 0;
unsigned char *pms = NULL;
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
goto err;
- if (s->server) {
- /* For server generate master secret and discard premaster */
- rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+ if (gensecret) {
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * TODO(TLS1.3): For now we just use the default early_secret, this
+ * will need to change later when other early_secrets will be
+ * possible.
+ */
+ rv = tls13_generate_early_secret(s, NULL, 0)
+ && tls13_generate_handshake_secret(s, pms, pmslen);
+ OPENSSL_free(pms);
+ } else {
+ /* Generate master secret and discard premaster */
+ rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+ }
pms = NULL;
} else {
- /* For client just save premaster secret */
+ /* Save premaster secret */
s->s3->tmp.pms = pms;
s->s3->tmp.pmslen = pmslen;
pms = NULL;