CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2021/02/03 08:14:44
Modified files:
lib/libssl : t1_enc.c
Log message:
Fail early in legacy exporter if master secret is not available
The exporter depends on having a master secret. If the handshake is
not completed, it is neither guaranteed that a shared ciphersuite was
selected (in which case tls1_PRF() will currently NULL deref) or that
a master secret was set up (in which case the exporter will succeed
with a predictable value). Neither outcome is desirable, so error out
early instead of entering the sausage factory unprepared. This aligns
the legacy exporter with the TLSv1.3 exporter in that regard.
with/ok jsing
