diff options
author | David Benjamin <davidben@google.com> | 2019-07-23 14:14:48 -0400 |
---|---|---|
committer | David Benjamin <davidben@google.com> | 2019-07-25 16:26:06 -0400 |
commit | e4a282fe030363a87d52d4a3214eb7490036015e (patch) | |
tree | af395d501c42137e4539b584786dd03406062ca4 /ssl | |
parent | 54aa9d51b09d67e90db443f682cface795f5af9e (diff) |
Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private
keypair and then overrides it with the server public key, so the
generation was a waste anyway. Instead, it should create a
parameters-only EVP_PKEY.
(This is a consequence of OpenSSL using the same type for empty key,
empty key with key type, empty key with key type + parameters, public
key, and private key. As a result, it's easy to mistakenly mix such
things up, as happened here.)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9445)
(cherry picked from commit 166c0b98fd6e8b1bb341397642527a9396468f6c)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 0ebaeead95..f0ae642fa0 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1858,8 +1858,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - skey = ssl_generate_pkey(ckey); - if (skey == NULL) { + skey = EVP_PKEY_new(); + if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); return 0; |