From 340e3b0af7b4872fb187b609115c33be34f20292 Mon Sep 17 00:00:00 2001
From: Joel Sing <jsing@cvs.openbsd.org>
Date: Sat, 18 Apr 2020 13:43:48 +0000
Subject: Allow more key share groups for TLSv1.3.

The key share code previously only allowed for key shares to be generated
using one of the groups in our default list (X25519, secp256r1, secp384r1).
Relax this and allow key shares using any of the groups in our NID list.

ok inoguchi@ tb@
---
 lib/libssl/tls13_key_share.c | 33 ++++++++++++---------------------
 1 file changed, 12 insertions(+), 21 deletions(-)

(limited to 'lib')

diff --git a/lib/libssl/tls13_key_share.c b/lib/libssl/tls13_key_share.c
index 5404c040703..58544dc1dba 100644
--- a/lib/libssl/tls13_key_share.c
+++ b/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.4 2020/04/17 17:16:53 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -144,12 +144,10 @@ tls13_key_share_generate_x25519(struct tls13_key_share *ks)
 int
 tls13_key_share_generate(struct tls13_key_share *ks)
 {
-	if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1)
-		return tls13_key_share_generate_ecdhe_ecp(ks);
-	else if (ks->nid == NID_X25519)
+	if (ks->nid == NID_X25519)
 		return tls13_key_share_generate_x25519(ks);
 
-	return 0;
+	return tls13_key_share_generate_ecdhe_ecp(ks);
 }
 
 static int
@@ -180,14 +178,12 @@ tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb)
 	if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
 		goto err;
 
-	if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
-		if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
-			goto err;
-	} else if (ks->nid == NID_X25519) {
+	if (ks->nid == NID_X25519) {
 		if (!tls13_key_share_public_x25519(ks, &key_exchange))
 			goto err;
 	} else {
-		goto err;
+		if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
+			goto err;
 	}
 
 	if (!CBB_flush(cbb))
@@ -245,14 +241,12 @@ tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
 	if (ks->group_id != group)
 		return 0;
 
-	if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
-		if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
-			return 0;
-	} else if (ks->nid == NID_X25519) {
+	if (ks->nid == NID_X25519) {
 		if (!tls13_key_share_peer_public_x25519(ks, cbs))
 			return 0;
 	} else {
-		return 0;
+		if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
+			return 0;
 	}
 
 	return 1;
@@ -305,13 +299,10 @@ tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
 
 	*shared_key_len = 0;
 
-	if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
-		return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
-		    shared_key_len);
-	} else if (ks->nid == NID_X25519) {
+	if (ks->nid == NID_X25519)
 		return tls13_key_share_derive_x25519(ks, shared_key,
 		    shared_key_len);
-	}
 
-	return 0;
+	return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
+	    shared_key_len);
 }
-- 
cgit v1.2.3