diff options
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 48 |
1 files changed, 16 insertions, 32 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index dfd5893a2f..87b43a3521 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.191 2020/02/16 14:33:04 inoguchi Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.192 2020/04/18 14:07:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1652,10 +1652,6 @@ static long | |||
| 1652 | ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) | 1652 | ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) |
| 1653 | { | 1653 | { |
| 1654 | EVP_PKEY *pkey = NULL; | 1654 | EVP_PKEY *pkey = NULL; |
| 1655 | EC_GROUP *group = NULL; | ||
| 1656 | EC_POINT *point = NULL; | ||
| 1657 | EC_KEY *ec_key = NULL; | ||
| 1658 | BIGNUM *order = NULL; | ||
| 1659 | SESS_CERT *sc; | 1655 | SESS_CERT *sc; |
| 1660 | int ret = 0; | 1656 | int ret = 0; |
| 1661 | 1657 | ||
| @@ -1672,41 +1668,29 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) | |||
| 1672 | return 0; | 1668 | return 0; |
| 1673 | 1669 | ||
| 1674 | if (sc->peer_dh_tmp != NULL) { | 1670 | if (sc->peer_dh_tmp != NULL) { |
| 1675 | ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp); | 1671 | if (!EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp)) |
| 1676 | } else if (sc->peer_ecdh_tmp) { | ||
| 1677 | ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); | ||
| 1678 | } else if (sc->peer_x25519_tmp != NULL) { | ||
| 1679 | /* Fudge up an EC_KEY that looks like X25519... */ | ||
| 1680 | if ((group = EC_GROUP_new_by_curve_name( | ||
| 1681 | NID_X9_62_prime256v1)) == NULL) | ||
| 1682 | goto err; | ||
| 1683 | if ((point = EC_POINT_new(group)) == NULL) | ||
| 1684 | goto err; | ||
| 1685 | if ((order = BN_new()) == NULL) | ||
| 1686 | goto err; | 1672 | goto err; |
| 1687 | if (!BN_set_bit(order, 252)) | 1673 | } else if (sc->peer_ecdh_tmp) { |
| 1688 | goto err; | 1674 | if (!EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp)) |
| 1689 | if (!EC_GROUP_set_generator(group, point, order, NULL)) | ||
| 1690 | goto err; | 1675 | goto err; |
| 1691 | EC_GROUP_set_curve_name(group, NID_X25519); | 1676 | } else if (sc->peer_x25519_tmp != NULL) { |
| 1692 | if ((ec_key = EC_KEY_new()) == NULL) | 1677 | if (!ssl_kex_dummy_ecdhe_x25519(pkey)) |
| 1693 | goto err; | 1678 | goto err; |
| 1694 | if (!EC_KEY_set_group(ec_key, group)) | 1679 | } else if (S3I(s)->hs_tls13.key_share != NULL) { |
| 1680 | if (!tls13_key_share_peer_pkey(S3I(s)->hs_tls13.key_share, | ||
| 1681 | pkey)) | ||
| 1695 | goto err; | 1682 | goto err; |
| 1696 | ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key); | 1683 | } else { |
| 1684 | goto err; | ||
| 1697 | } | 1685 | } |
| 1698 | 1686 | ||
| 1699 | if (ret == 1) { | 1687 | *pkey_tmp = pkey; |
| 1700 | *pkey_tmp = pkey; | 1688 | pkey = NULL; |
| 1701 | pkey = NULL; | ||
| 1702 | } | ||
| 1703 | 1689 | ||
| 1704 | err: | 1690 | ret = 1; |
| 1691 | |||
| 1692 | err: | ||
| 1705 | EVP_PKEY_free(pkey); | 1693 | EVP_PKEY_free(pkey); |
| 1706 | EC_GROUP_free(group); | ||
| 1707 | EC_POINT_free(point); | ||
| 1708 | EC_KEY_free(ec_key); | ||
| 1709 | BN_free(order); | ||
| 1710 | 1694 | ||
| 1711 | return (ret); | 1695 | return (ret); |
| 1712 | } | 1696 | } |