Convert legacy server to tls_key_share.

This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@
author: jsing <> 2022-01-07 15:46:30 +0000
committer: jsing <> 2022-01-07 15:46:30 +0000
commit: 3f7702534a377e0a3b33a6681df0af8a57adbc57 (patch)
tree: 270b59705c9d4efa145c0649cce3fa41750939d9 /src/lib/libssl/tls13_server.c
parent: a42b07afac78ec75467b5a5ca9fcbbdaf9d093a4 (diff)
download: openbsd-3f7702534a377e0a3b33a6681df0af8a57adbc57.tar.gz
openbsd-3f7702534a377e0a3b33a6681df0af8a57adbc57.tar.bz2
openbsd-3f7702534a377e0a3b33a6681df0af8a57adbc57.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 739ef06609..c32ae22779 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.90 2022/01/05 17:10:02 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.91 2022/01/07 15:46:30 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -360,8 +360,8 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
        SSL *s = ctx->ssl;
        int ret = 0;
-        if (!tls_key_share_derive(ctx->hs->key_share,
+        if (!tls_key_share_derive(ctx->hs->key_share, &shared_key,
-            &shared_key, &shared_key_len))
+            &shared_key_len))
                goto err;
        s->session->cipher = ctx->hs->cipher;
author	jsing <>	2022-01-07 15:46:30 +0000
committer	jsing <>	2022-01-07 15:46:30 +0000
commit	3f7702534a377e0a3b33a6681df0af8a57adbc57 (patch)
tree	270b59705c9d4efa145c0649cce3fa41750939d9 /src/lib/libssl/tls13_server.c
parent	a42b07afac78ec75467b5a5ca9fcbbdaf9d093a4 (diff)
download	openbsd-3f7702534a377e0a3b33a6681df0af8a57adbc57.tar.gz openbsd-3f7702534a377e0a3b33a6681df0af8a57adbc57.tar.bz2 openbsd-3f7702534a377e0a3b33a6681df0af8a57adbc57.zip

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 739ef06609..c32ae22779 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.90 2022/01/05 17:10:02 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.91 2022/01/07 15:46:30 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -360,8 +360,8 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
360	SSL *s = ctx->ssl;	360	SSL *s = ctx->ssl;
361	int ret = 0;	361	int ret = 0;
362		362
363	if (!tls_key_share_derive(ctx->hs->key_share,	363	if (!tls_key_share_derive(ctx->hs->key_share, &shared_key,
364	&shared_key, &shared_key_len))	364	&shared_key_len))
365	goto err;	365	goto err;
366		366
367	s->session->cipher = ctx->hs->cipher;	367	s->session->cipher = ctx->hs->cipher;