diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-02 08:57:26 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-05 11:04:11 +0100 |
commit | 7b2d995ed79f0653defd682e5097ed937f4cabbc (patch) | |
tree | 3790348b098fc259f3ae11e1505b54e9eaa5e2b4 /ssl/statem/statem_srvr.c | |
parent | 7fa2b2673edd684ceb94ff19346f08121da9774f (diff) |
Don't downgrade keys in libssl
We were downgrading to legacy keys at various points in libssl in
order to get or set an encoded point. Now that the encoded point
functions work with provided keys this is no longer necessary.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e5340b4e7f..036bfadbe5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2636,20 +2636,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(s->s3.tmp.pkey); - if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_EC_LIB); - goto err; - } - /* Encode the public key. */ encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey, &encodedPoint); @@ -3234,21 +3220,6 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) goto err; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(ckey); - if (EVP_PKEY_id(ckey) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, - ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB); |