diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2019-11-15 15:14:03 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2019-11-15 15:14:03 +0000 |
| commit | 17894993dd275a4ea1da4c068850549078384d79 (patch) | |
| tree | aa6307785af7735d90ed3e89b0573eefc1bfd31f | |
| parent | d47e4f53a61d099739dd67a1203d402625d70053 (diff) | |
Deduplicate some extension processing code.
ok tb@ inoguchi@
| -rw-r--r-- | lib/libssl/ssl_tlsext.c | 105 |
1 files changed, 47 insertions, 58 deletions
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 91b74b5d3fc..f91b790f99f 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.49 2019/05/29 17:28:37 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.50 2019/11/15 15:14:02 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -1223,17 +1223,11 @@ tlsext_keyshare_client_needs(SSL *s) TLS1_3_VERSION); } -int -tlsext_keyshare_client_build(SSL *s, CBB *cbb) +static int +tlsext_keyshare_x25519_internal(SSL *s, CBB *cbb) { uint8_t *public_key = NULL, *private_key = NULL; - CBB client_shares, key_exchange; - - /* Generate and provide key shares. */ - if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) - return 0; - - /* XXX - other groups. */ + CBB key_exchange; /* Generate X25519 key pair. */ if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) @@ -1243,16 +1237,13 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) X25519_keypair(public_key, private_key); /* Add the group and serialize the public key. */ - if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519))) + if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) goto err; - if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) + if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) goto err; if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) goto err; - if (!CBB_flush(cbb)) - goto err; - S3I(s)->hs_tls13.x25519_public = public_key; S3I(s)->hs_tls13.x25519_private = private_key; @@ -1266,6 +1257,32 @@ tlsext_keyshare_client_build(SSL *s, CBB *cbb) } int +tlsext_keyshare_client_build(SSL *s, CBB *cbb) +{ + CBB client_shares; + + /* Generate and provide key shares. */ + if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) + return 0; + + /* XXX - other groups. */ + + if (!tlsext_keyshare_x25519_internal(s, &client_shares)) + return 0; + + if (!CBB_flush(cbb)) + goto err; + + return 1; + + err: + freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); + + return 0; +} + +int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert) { CBS client_shares; @@ -1324,41 +1341,21 @@ tlsext_keyshare_server_needs(SSL *s) int tlsext_keyshare_server_build(SSL *s, CBB *cbb) { - uint8_t *public_key = NULL, *private_key = NULL; - CBB key_exchange; - - /* XXX deduplicate with client code */ - /* X25519 */ if (S3I(s)->hs_tls13.x25519_peer_public == NULL) return 0; - /* Generate X25519 key pair. */ - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - - /* Add the group and serialize the public key. */ - if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519))) - goto err; - if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) - goto err; - if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH)) - goto err; + if (!tlsext_keyshare_x25519_internal(s, cbb)) + return 0; if (!CBB_flush(cbb)) goto err; - S3I(s)->hs_tls13.x25519_public = public_key; - S3I(s)->hs_tls13.x25519_private = private_key; - return 1; err: - freezero(public_key, X25519_KEY_LENGTH); - freezero(private_key, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); return 0; } @@ -1534,8 +1531,8 @@ tlsext_cookie_client_needs(SSL *s) S3I(s)->hs_tls13.cookie != NULL); } -int -tlsext_cookie_client_build(SSL *s, CBB *cbb) +static int +tlsext_cookie_build_internal(SSL *s, CBB *cbb) { CBB cookie; @@ -1553,6 +1550,12 @@ tlsext_cookie_client_build(SSL *s, CBB *cbb) } int +tlsext_cookie_client_build(SSL *s, CBB *cbb) +{ + return tlsext_cookie_build_internal(s, cbb); +} + +int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert) { CBS cookie; @@ -1599,25 +1602,11 @@ tlsext_cookie_server_needs(SSL *s) } int -tlsext_cookie_server_build(SSL *s, CBB *cbb) -{ - CBB cookie; - - /* XXX deduplicate with client code */ - - if (!CBB_add_u16_length_prefixed(cbb, &cookie)) - return 0; - - if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, - S3I(s)->hs_tls13.cookie_len)) - return 0; - - if (!CBB_flush(cbb)) - return 0; - - return 1; +tlsext_cookie_server_build(SSL *s, CBB *cbb) { + return tlsext_cookie_build_internal(s, cbb); } + int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert) { |