diff options
Diffstat (limited to 'ssl/statem/extensions_srvr.c')
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 549a207430..bafd62a0db 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -711,6 +711,21 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } + /* + * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() + * knows how to get a key from an encoded point with the help of + * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() + * downgrades an EVP_PKEY to contain a legacy key. + * + * THIS IS TEMPORARY + */ + EVP_PKEY_get0(s->s3.peer_tmp); + if (EVP_PKEY_id(s->s3.peer_tmp) == EVP_PKEY_NONE) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->s3.group_id = group_id; if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, @@ -1736,6 +1751,21 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } + /* + * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() + * knows how to get a key from an encoded point with the help of + * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() + * downgrades an EVP_PKEY to contain a legacy key. + * + * THIS IS TEMPORARY + */ + EVP_PKEY_get0(skey); + if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + /* Generate encoding of server key */ encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint); if (encoded_pt_len == 0) { |