summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2020-04-18 13:43:48 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2020-04-18 13:43:48 +0000
commit340e3b0af7b4872fb187b609115c33be34f20292 (patch)
tree4346bec88ad017caec0ad8c6d6221fbc729738be /lib/libssl
parent3007f0f96f67e91f7d51a9a34b8b8745ae70796a (diff)
Allow more key share groups for TLSv1.3.
The key share code previously only allowed for key shares to be generated using one of the groups in our default list (X25519, secp256r1, secp384r1). Relax this and allow key shares using any of the groups in our NID list. ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/tls13_key_share.c33
1 files changed, 12 insertions, 21 deletions
diff --git a/lib/libssl/tls13_key_share.c b/lib/libssl/tls13_key_share.c
index 5404c040703..58544dc1dba 100644
--- a/lib/libssl/tls13_key_share.c
+++ b/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.4 2020/04/17 17:16:53 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */
/*
* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
*
@@ -144,12 +144,10 @@ tls13_key_share_generate_x25519(struct tls13_key_share *ks)
int
tls13_key_share_generate(struct tls13_key_share *ks)
{
- if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1)
- return tls13_key_share_generate_ecdhe_ecp(ks);
- else if (ks->nid == NID_X25519)
+ if (ks->nid == NID_X25519)
return tls13_key_share_generate_x25519(ks);
- return 0;
+ return tls13_key_share_generate_ecdhe_ecp(ks);
}
static int
@@ -180,14 +178,12 @@ tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb)
if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
goto err;
- if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
- if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
- goto err;
- } else if (ks->nid == NID_X25519) {
+ if (ks->nid == NID_X25519) {
if (!tls13_key_share_public_x25519(ks, &key_exchange))
goto err;
} else {
- goto err;
+ if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
+ goto err;
}
if (!CBB_flush(cbb))
@@ -245,14 +241,12 @@ tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
if (ks->group_id != group)
return 0;
- if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
- if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
- return 0;
- } else if (ks->nid == NID_X25519) {
+ if (ks->nid == NID_X25519) {
if (!tls13_key_share_peer_public_x25519(ks, cbs))
return 0;
} else {
- return 0;
+ if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
+ return 0;
}
return 1;
@@ -305,13 +299,10 @@ tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
*shared_key_len = 0;
- if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
- return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
- shared_key_len);
- } else if (ks->nid == NID_X25519) {
+ if (ks->nid == NID_X25519)
return tls13_key_share_derive_x25519(ks, shared_key,
shared_key_len);
- }
- return 0;
+ return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
+ shared_key_len);
}