X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fstatem_srvr.c;h=38fa9455ff809b6e4bf0418f46c98b970d26f76f;hp=8fdf6e60194cd818a35f997cad98b47fd20db115;hb=0aeddcfa61250a6c474c4f8b3533772a63192f1b;hpb=2b0bcfaf834e2fb7cd52888d7330b247e3878115 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 8fdf6e6019..38fa9455ff 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1376,7 +1376,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (k >= complen) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); + SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING); goto f_err; } } else if (s->hit) @@ -1772,9 +1772,8 @@ int tls_construct_server_key_exchange(SSL *s) EVP_PKEY_free(pkdh); pkdh = NULL; - r[0] = dh->p; - r[1] = dh->g; - r[2] = dh->pub_key; + DH_get0_pqg(dh, &r[0], NULL, &r[1]); + DH_get0_key(dh, &r[2], NULL); } else #endif #ifndef OPENSSL_NO_EC @@ -2301,6 +2300,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) EVP_PKEY *skey = NULL; DH *cdh; unsigned int i; + BIGNUM *pub_key; if (!PACKET_get_net_2(pkt, &i)) { if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { @@ -2343,9 +2343,12 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) goto err; } cdh = EVP_PKEY_get0_DH(ckey); - cdh->pub_key = BN_bin2bn(data, i, NULL); - if (cdh->pub_key == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB); + pub_key = BN_bin2bn(data, i, NULL); + + if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) { + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + if (pub_key != NULL) + BN_free(pub_key); goto err; }