diff options
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 776473e659..82e333628f 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -644,6 +644,21 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) /* SSLfatal() already called */ return 0; } + + /* + * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() + * knows how to get a key from an encoded point with the help of + * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() + * downgrades an EVP_PKEY to contain a legacy key. + * + * THIS IS TEMPORARY + */ + EVP_PKEY_get0(key_share_key); + if (EVP_PKEY_id(key_share_key) == EVP_PKEY_NONE) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, + ERR_R_EC_LIB); + goto err; + } } /* Encode the public key. */ @@ -1906,6 +1921,23 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, ERR_R_MALLOC_FAILURE); return 0; } + + /* + * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() + * knows how to get a key from an encoded point with the help of + * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() + * downgrades an EVP_PKEY to contain a legacy key. + * + * THIS IS TEMPORARY + */ + EVP_PKEY_get0(skey); + if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) { + EVP_PKEY_free(skey); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, |