From: David Benjamin Date: Tue, 23 Jul 2019 18:14:48 +0000 (-0400) Subject: Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. X-Git-Tag: openssl-3.0.0-alpha1~1717 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=166c0b98fd6e8b1bb341397642527a9396468f6c Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9445) --- diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b6e96ae56f..e6b674cebe 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1900,8 +1900,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - skey = ssl_generate_pkey(ckey); - if (skey == NULL) { + skey = EVP_PKEY_new(); + if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); return 0;