TLS: Temporarly downgrade newly generated EVP_PKEYs to legacy

The transfer of TLS encodedpoint to backends isn't yet fully supported in provider implementations. This is a temporary measure so as not to get stuck in other development. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11358)
author: Richard Levitte <levitte@openssl.org> 2020-03-23 13:21:21 +0100
committer: Richard Levitte <levitte@openssl.org> 2020-04-08 15:30:25 +0200
commit: afce590b74159f7df1452fb2c4aa990a52536c38 (patch)
tree: 9ca3dbc44837332dd69a0a30b29bf9bbba8665ee /ssl/statem/extensions_clnt.c
parent: e3be0f4389fe1680e1fd547a8575ea71b4518b57 (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 776473e659..82e333628f 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -644,6 +644,21 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
             /* SSLfatal() already called */
             return 0;
         }
+
+        /*
+         * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+         * knows how to get a key from an encoded point with the help of
+         * a OSSL_SERIALIZER deserializer.  We know that EVP_PKEY_get0()
+         * downgrades an EVP_PKEY to contain a legacy key.
+         *
+         * THIS IS TEMPORARY
+         */
+        EVP_PKEY_get0(key_share_key);
+        if (EVP_PKEY_id(key_share_key) == EVP_PKEY_NONE) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                     ERR_R_EC_LIB);
+            goto err;
+        }
     }
 
     /* Encode the public key. */
@@ -1906,6 +1921,23 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                  ERR_R_MALLOC_FAILURE);
         return 0;
     }
+
+    /*
+     * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+     * knows how to get a key from an encoded point with the help of
+     * a OSSL_SERIALIZER deserializer.  We know that EVP_PKEY_get0()
+     * downgrades an EVP_PKEY to contain a legacy key.
+     *
+     * THIS IS TEMPORARY
+     */
+    EVP_PKEY_get0(skey);
+    if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) {
+        EVP_PKEY_free(skey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
                                         PACKET_remaining(&encoded_pt))) {
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
author	Richard Levitte <levitte@openssl.org>	2020-03-23 13:21:21 +0100
committer	Richard Levitte <levitte@openssl.org>	2020-04-08 15:30:25 +0200
commit	afce590b74159f7df1452fb2c4aa990a52536c38 (patch)
tree	9ca3dbc44837332dd69a0a30b29bf9bbba8665ee /ssl/statem/extensions_clnt.c
parent	e3be0f4389fe1680e1fd547a8575ea71b4518b57 (diff)