From: Matt Caswell <matt@openssl.org>
Date: Wed, 14 Oct 2020 15:19:16 +0000 (+0100)
Subject: Remove DH usage from tls_process_cke_dhe
X-Git-Tag: openssl-3.0.0-alpha9~82
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=936d5657680bba3315aec6d7cdc04ea8cab9050e;p=thirdparty%2Fopenssl.git

Remove DH usage from tls_process_cke_dhe

We instead set the encoded public key directly in the EVP_PKEY object.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
---

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9d0d8c9ed43..b6baff28ea5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2962,11 +2962,8 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
 
 static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
 {
-#ifndef OPENSSL_NO_DH
     EVP_PKEY *skey = NULL;
-    DH *cdh;
     unsigned int i;
-    BIGNUM *pub_key;
     const unsigned char *data;
     EVP_PKEY *ckey = NULL;
     int ret = 0;
@@ -2996,11 +2993,8 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
         goto err;
     }
 
-    cdh = EVP_PKEY_get0_DH(ckey);
-    pub_key = BN_bin2bn(data, i, NULL);
-    if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+    if (!EVP_PKEY_set1_encoded_public_key(ckey, data, i)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-        BN_free(pub_key);
         goto err;
     }
 
@@ -3015,11 +3009,6 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
  err:
     EVP_PKEY_free(ckey);
     return ret;
-#else
-    /* Should never happen */
-    SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-    return 0;
-#endif
 }
 
 static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)