Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.

tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9445)

Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9445)
166c0b98 · David Benjamin · 8ccf2ffb · 166c0b98
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

ssl/statem/extensions_clnt.c ssl/statem/extensions_clnt.c +2 -2

未找到文件。
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1900,8 +1900,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
        return 0;
    }
-    skey = ssl_generate_pkey(ckey);
+    skey = EVP_PKEY_new();
-    if (skey == NULL) {
+    if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
                 ERR_R_MALLOC_FAILURE);
        return 0;