diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 967840f19e..07ce76d9e3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3788,6 +3788,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } tls1_set_cert_validity(s); + ssl_set_masks(s); for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); @@ -3799,7 +3800,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION) continue; - ssl_set_masks(s, c); mask_k = s->s3->tmp.mask_k; mask_a = s->s3->tmp.mask_a; #ifndef OPENSSL_NO_SRP diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fecd39200e..7c627312d6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2493,7 +2493,7 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) ssl_cert_set_cert_cb(s->cert, cb, arg); } -void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) +void ssl_set_masks(SSL *s) { #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST) CERT_PKEY *cpk; @@ -2646,7 +2646,7 @@ CERT_PKEY *ssl_get_server_send_pkey(SSL *s) c = s->cert; if (!s->s3 || !s->s3->tmp.new_cipher) return NULL; - ssl_set_masks(s, s->s3->tmp.new_cipher); + ssl_set_masks(s); i = ssl_get_server_cert_index(s); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fbca4f9b35..f4d1ddcbc4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1854,7 +1854,7 @@ __owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverin size_t *serverinfo_length); __owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey); -void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher); +void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void);