diff options
| author |   jsing <jsing@openbsd.org> | 2020-01-30 17:09:23 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-01-30 17:09:23 +0000 |
| commit | 4673309b7add502ba4c75a5eed0b550a38c0a8b1 (patch) | |
| tree | 2e79c3808af558cd2138d008ecdfa90a87136f99 /lib/libssl/tls13_client.c | |
| parent | Factor out/rewrite the ECDHE EC point key exchange code. (diff) | |
| download | wireguard-openbsd-4673309b7add502ba4c75a5eed0b550a38c0a8b1.tar.xz wireguard-openbsd-4673309b7add502ba4c75a5eed0b550a38c0a8b1.zip | |
Provide struct/functions for handling TLSv1.3 key shares.
Pull out the key share handling code and provide a clean/self contained
interface. This will make it easier to support groups other than X25519.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'lib/libssl/tls13_client.c')
| -rw-r--r-- | lib/libssl/tls13_client.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 3c55be6e680..69e75558dc1 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.38 2020/01/29 17:03:58 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.39 2020/01/30 17:09:23 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -52,6 +52,11 @@ tls13_client_init(struct tls13_ctx *ctx) if (!tls1_transcript_init(s)) return 0; + if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL) + return 0; + if (!tls13_key_share_generate(ctx->hs->key_share)) + return 0; + arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); return 1; @@ -394,6 +399,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) struct tls13_secret context; unsigned char buf[EVP_MAX_MD_SIZE]; uint8_t *shared_key = NULL; + size_t shared_key_len = 0; size_t hash_len; SSL *s = ctx->ssl; int ret = 0; @@ -406,14 +412,12 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) return 1; /* XXX - handle other key share types. */ - if (ctx->hs->x25519_peer_public == NULL) { + if (ctx->hs->key_share == NULL) { /* XXX - alert. */ goto err; } - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if (!X25519(shared_key, ctx->hs->x25519_private, - ctx->hs->x25519_peer_public)) + if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key, + &shared_key_len)) goto err; s->session->cipher = S3I(s)->hs.new_cipher; @@ -443,7 +447,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) /* Handshake secrets. */ if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, - X25519_KEY_LENGTH, &context)) + shared_key_len, &context)) goto err; tls13_record_layer_set_aead(ctx->rl, ctx->aead); @@ -460,7 +464,8 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) ret = 1; err: - freezero(shared_key, X25519_KEY_LENGTH); + freezero(shared_key, shared_key_len); + return ret; } |