Check the security of DH key shares

ok beck, looks good to jsing
author: tb <> 2022-06-29 08:27:52 +0000
committer: tb <> 2022-06-29 08:27:52 +0000
commit: 1aa9f0fe78279eb8ca28f1560639591dc29a28b3 (patch)
tree: 737bede5c25ec5b6855578423751b08517e50653 /src/lib/libssl/tls_key_share.c
parent: 6918deeb05138f45795a919147f1f6733f178b0c (diff)
download: openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.gz
openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.bz2
openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.zip
1 files changed, 12 insertions, 1 deletions
diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c
index e5e6c304b6..0b941d8b0d 100644
--- a/src/lib/libssl/tls_key_share.c
+++ b/src/lib/libssl/tls_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_key_share.c,v 1.4 2022/01/11 18:28:41 jsing Exp $ */
+/* $OpenBSD: tls_key_share.c,v 1.5 2022/06/29 08:27:52 tb Exp $ */
 /*
 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
 *
@@ -471,3 +471,14 @@ tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
        return tls_key_share_derive_ecdhe_ecp(ks, shared_key,
            shared_key_len);
 }
+int
+tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks)
+{
+        switch (ks->nid) {
+        case NID_dhKeyAgreement:
+                return ssl_security_dh(ssl, ks->dhe_peer);
+        default:
+                return 0;
+        }
+}
author	tb <>	2022-06-29 08:27:52 +0000
committer	tb <>	2022-06-29 08:27:52 +0000
commit	1aa9f0fe78279eb8ca28f1560639591dc29a28b3 (patch)
tree	737bede5c25ec5b6855578423751b08517e50653 /src/lib/libssl/tls_key_share.c
parent	6918deeb05138f45795a919147f1f6733f178b0c (diff)
download	openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.gz openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.bz2 openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.zip

diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c index e5e6c304b6..0b941d8b0d 100644 --- a/src/lib/libssl/tls_key_share.c +++ b/src/lib/libssl/tls_key_share.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_key_share.c,v 1.4 2022/01/11 18:28:41 jsing Exp $ */	1	/* $OpenBSD: tls_key_share.c,v 1.5 2022/06/29 08:27:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -471,3 +471,14 @@ tls_key_share_derive(struct tls_key_share ks, uint8_t *shared_key,
471	return tls_key_share_derive_ecdhe_ecp(ks, shared_key,	471	return tls_key_share_derive_ecdhe_ecp(ks, shared_key,
472	shared_key_len);	472	shared_key_len);
473	}	473	}
		474
		475	int
		476	tls_key_share_peer_security(const SSL ssl, struct tls_key_share ks)
		477	{
		478	switch (ks->nid) {
		479	case NID_dhKeyAgreement:
		480	return ssl_security_dh(ssl, ks->dhe_peer);
		481	default:
		482	return 0;
		483	}
		484	}