/* SSLfatal() already called */
return 0;
}
+
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(key_share_key);
+ if (EVP_PKEY_id(key_share_key) == EVP_PKEY_NONE) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
}
/* Encode the public key. */
ERR_R_MALLOC_FAILURE);
return 0;
}
+
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(skey);
+ if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) {
+ EVP_PKEY_free(skey);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
return 0;
}
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(s->s3.peer_tmp);
+ if (EVP_PKEY_id(s->s3.peer_tmp) == EVP_PKEY_NONE) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
s->s3.group_id = group_id;
if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp,
return EXT_RETURN_FAIL;
}
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(skey);
+ if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+
/* Generate encoding of server key */
encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
if (encoded_pt_len == 0) {
return 0;
}
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(s->s3.peer_tmp);
+ if (EVP_PKEY_id(s->s3.peer_tmp) == EVP_PKEY_NONE) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp,
PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
goto err;
}
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(ckey);
+ if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
if (ssl_derive(s, ckey, skey, 0) == 0) {
/* SSLfatal() already called */
goto err;
goto err;
}
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(s->s3.tmp.pkey);
+ if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE)
+ goto err;
+
/* Encode the public key. */
encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey,
&encodedPoint);
ERR_R_EVP_LIB);
goto err;
}
+
+ /*
+ * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
+ * knows how to get a key from an encoded point with the help of
+ * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
+ * downgrades an EVP_PKEY to contain a legacy key.
+ *
+ * THIS IS TEMPORARY
+ */
+ EVP_PKEY_get0(ckey);
+ if (EVP_PKEY_id(ckey) == EVP_PKEY_NONE) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
ERR_R_EC_LIB);
projects / oweals / openssl.git / commitdiff