From: Matt Caswell <matt@openssl.org>
Date: Mon, 3 Apr 2017 14:24:06 +0000 (+0100)
Subject: Fix calls to SSL_get_server_tmp_key() in TLSv1.3
X-Git-Tag: OpenSSL_1_1_1-pre1~1878
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=090c8118e8d37f5631a421384a24ded35940690c

Fix calls to SSL_get_server_tmp_key() in TLSv1.3

The macro SSL_get_server_tmp_key() returns information about the temp key
used by the server during a handshake. This was returning NULL for TLSv1.3
and causing s_client to omit this information in its connection summary.

Fixes #3081

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3114)
---

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 939ad4cf44..8bb9a888f3 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1295,7 +1295,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
     EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL;
 
     /* Sanity check */
-    if (ckey == NULL) {
+    if (ckey == NULL || s->s3->peer_tmp != NULL) {
         *al = SSL_AD_INTERNAL_ERROR;
         SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
         return 0;
@@ -1386,7 +1386,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         EVP_PKEY_free(skey);
         return 0;
     }
-    EVP_PKEY_free(skey);
+    s->s3->peer_tmp = skey;
 #endif
 
     return 1;