Don't downgrade keys in libssl

We were downgrading to legacy keys at various points in libssl in order to get or set an encoded point. Now that the encoded point functions work with provided keys this is no longer necessary. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11898)
author: Matt Caswell <matt@openssl.org> 2020-06-02 08:57:26 +0100
committer: Matt Caswell <matt@openssl.org> 2020-06-05 11:04:11 +0100
commit: 7b2d995ed79f0653defd682e5097ed937f4cabbc (patch)
tree: 3790348b098fc259f3ae11e1505b54e9eaa5e2b4 /ssl/statem/statem_srvr.c
parent: 7fa2b2673edd684ceb94ff19346f08121da9774f (diff)
1 files changed, 0 insertions, 29 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e5340b4e7f..036bfadbe5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2636,20 +2636,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
             goto err;
         }
 
-        /*
-         * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
-         * knows how to get a key from an encoded point with the help of
-         * a OSSL_SERIALIZER deserializer.  We know that EVP_PKEY_get0()
-         * downgrades an EVP_PKEY to contain a legacy key.
-         *
-         * THIS IS TEMPORARY
-         */
-        EVP_PKEY_get0(s->s3.tmp.pkey);
-        if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_EC_LIB);
-            goto err;
-        }
-
         /* Encode the public key. */
         encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey,
                                                     &encodedPoint);
@@ -3234,21 +3220,6 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
             goto err;
         }
 
-        /*
-         * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
-         * knows how to get a key from an encoded point with the help of
-         * a OSSL_SERIALIZER deserializer.  We know that EVP_PKEY_get0()
-         * downgrades an EVP_PKEY to contain a legacy key.
-         *
-         * THIS IS TEMPORARY
-         */
-        EVP_PKEY_get0(ckey);
-        if (EVP_PKEY_id(ckey) == EVP_PKEY_NONE) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
-                     ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
         if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
                      ERR_R_EC_LIB);
author	Matt Caswell <matt@openssl.org>	2020-06-02 08:57:26 +0100
committer	Matt Caswell <matt@openssl.org>	2020-06-05 11:04:11 +0100
commit	7b2d995ed79f0653defd682e5097ed937f4cabbc (patch)
tree	3790348b098fc259f3ae11e1505b54e9eaa5e2b4 /ssl/statem/statem_srvr.c
parent	7fa2b2673edd684ceb94ff19346f08121da9774f (diff)