Allow more key share groups for TLSv1.3.

The key share code previously only allowed for key shares to be generated
using one of the groups in our default list (X25519, secp256r1, secp384r1).
Relax this and allow key shares using any of the groups in our NID list.

ok inoguchi@ tb@

1 files changed, 12 insertions, 21 deletions

diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c
index 5404c04070..58544dc1db 100644
--- a/src/lib/libssl/tls13_key_share.c
+++ b/src/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.4 2020/04/17 17:16:53 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -144,12 +144,10 @@ tls13_key_share_generate_x25519(struct tls13_key_share *ks)
 int
 tls13_key_share_generate(struct tls13_key_share *ks)
 {
-        if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1)
-                return tls13_key_share_generate_ecdhe_ecp(ks);
-        else if (ks->nid == NID_X25519)
+        if (ks->nid == NID_X25519)
                 return tls13_key_share_generate_x25519(ks);
 
-        return 0;
+        return tls13_key_share_generate_ecdhe_ecp(ks);
 }
 
 static int
@@ -180,14 +178,12 @@ tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb)
         if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
                 goto err;
 
-        if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
-                if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
-                        goto err;
-        } else if (ks->nid == NID_X25519) {
+        if (ks->nid == NID_X25519) {
                 if (!tls13_key_share_public_x25519(ks, &key_exchange))
                         goto err;
         } else {
-                goto err;
+                if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
+                        goto err;
         }
 
         if (!CBB_flush(cbb))
@@ -245,14 +241,12 @@ tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
         if (ks->group_id != group)
                 return 0;
 
-        if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
-                if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
-                        return 0;
-        } else if (ks->nid == NID_X25519) {
+        if (ks->nid == NID_X25519) {
                 if (!tls13_key_share_peer_public_x25519(ks, cbs))
                         return 0;
         } else {
-                return 0;
+                if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
+                        return 0;
         }
 
         return 1;
@@ -305,13 +299,10 @@ tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
 
         *shared_key_len = 0;
 
-        if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) {
-                return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
-                    shared_key_len);
-        } else if (ks->nid == NID_X25519) {
+        if (ks->nid == NID_X25519)
                 return tls13_key_share_derive_x25519(ks, shared_key,
                     shared_key_len);
-        }
 
-        return 0;
+        return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
+            shared_key_len);
 }