Commit e4a282fe authored Jul 23, 2019 by David Benjamin

Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.



tls_parse_stoc_key_share was generating a new EVP_PKEY public/private
keypair and then overrides it with the server public key, so the
generation was a waste anyway. Instead, it should create a
parameters-only EVP_PKEY.

(This is a consequence of OpenSSL using the same type for empty key,
empty key with key type, empty key with key type + parameters, public
key, and private key. As a result, it's easy to mistakenly mix such
things up, as happened here.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9445)

(cherry picked from commit 166c0b98fd6e8b1bb341397642527a9396468f6c)

parent 54aa9d51

ssl/statem/extensions_clnt.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1858,8 +1858,8 @@ int tls_parse_stoc_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		return 0;
		}

		skey = ssl_generate_pkey(ckey);
		if (skey == NULL) {
		skey = EVP_PKEY_new();
		if (skey == NULL \|\| EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
		ERR_R_MALLOC_FAILURE);
		return 0;