summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/ssl_srvr.c42
1 files changed, 15 insertions, 27 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index d98a76f8f0a..aae72759981 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.12 2017/04/14 15:19:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1271,8 +1271,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
unsigned char *data;
EC_KEY *ecdh = NULL, *ecdhp;
const EC_GROUP *group;
- unsigned char *encodedPoint = NULL;
- int encodedlen = 0;
+ int encoded_len = 0;
int curve_id = 0;
BN_CTX *bn_ctx = NULL;
int al;
@@ -1335,28 +1334,17 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
* Encode the public key. First check the size of encoding and
* allocate memory accordingly.
*/
- encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
+ encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
-
- encodedPoint = malloc(encodedlen);
-
- bn_ctx = BN_CTX_new();
- if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
- SSLerror(s, ERR_R_MALLOC_FAILURE);
+ if (encoded_len == 0) {
+ SSLerror(s, ERR_R_ECDH_LIB);
goto err;
}
-
- encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx);
-
- if (encodedlen == 0) {
- SSLerror(s, ERR_R_ECDH_LIB);
+ if ((bn_ctx = BN_CTX_new()) == NULL) {
+ SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- BN_CTX_free(bn_ctx);
- bn_ctx = NULL;
-
/*
* Only named curves are supported in ECDH ephemeral key exchanges.
* In this case the ServerKeyExchange message has:
@@ -1370,23 +1358,23 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
goto err;
- if (!CBB_add_space(&ecpoint, &data, encodedlen))
+ if (!CBB_add_space(&ecpoint, &data, encoded_len))
goto err;
-
- memcpy(data, encodedPoint, encodedlen);
-
- free(encodedPoint);
- encodedPoint = NULL;
-
+ if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED, data, encoded_len, bn_ctx) == 0) {
+ SSLerror(s, ERR_R_ECDH_LIB);
+ goto err;
+ }
if (!CBB_flush(cbb))
goto err;
+ BN_CTX_free(bn_ctx);
+
return (1);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
- free(encodedPoint);
BN_CTX_free(bn_ctx);
return (-1);