+ n = ssl_do_write(s);
+#ifndef OPENSSL_NO_SRP
+ /* Check for SRP */
+ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+ /*
+ * If everything written generate master key: no need to save PMS as
+ * SRP_generate_client_master_secret generates it internally.
+ */
+ if (n > 0) {
+ if ((s->session->master_key_length =
+ SRP_generate_client_master_secret(s,
+ s->session->master_key)) <
+ 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+ } else
+#endif
+ /* If we haven't written everything save PMS */
+ if (n <= 0) {
+ s->cert->pms = pms;
+ s->cert->pmslen = pmslen;
+ } else {
+ /* If we don't have a PMS restore */
+ if (pms == NULL) {
+ pms = s->cert->pms;
+ pmslen = s->cert->pmslen;
+ }
+ if (pms == NULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ pms, pmslen);
+ OPENSSL_cleanse(pms, pmslen);
+ OPENSSL_free(pms);
+ s->cert->pms = NULL;
+ }
+ return n;
+ memerr:
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);