diff options
| -rw-r--r-- | src/lib/libssl/tls13_key_share.c | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c index 5404c04070..58544dc1db 100644 --- a/src/lib/libssl/tls13_key_share.c +++ b/src/lib/libssl/tls13_key_share.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_key_share.c,v 1.4 2020/04/17 17:16:53 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_key_share.c,v 1.5 2020/04/18 13:43:47 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -144,12 +144,10 @@ tls13_key_share_generate_x25519(struct tls13_key_share *ks) | |||
| 144 | int | 144 | int |
| 145 | tls13_key_share_generate(struct tls13_key_share *ks) | 145 | tls13_key_share_generate(struct tls13_key_share *ks) |
| 146 | { | 146 | { |
| 147 | if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) | 147 | if (ks->nid == NID_X25519) |
| 148 | return tls13_key_share_generate_ecdhe_ecp(ks); | ||
| 149 | else if (ks->nid == NID_X25519) | ||
| 150 | return tls13_key_share_generate_x25519(ks); | 148 | return tls13_key_share_generate_x25519(ks); |
| 151 | 149 | ||
| 152 | return 0; | 150 | return tls13_key_share_generate_ecdhe_ecp(ks); |
| 153 | } | 151 | } |
| 154 | 152 | ||
| 155 | static int | 153 | static int |
| @@ -180,14 +178,12 @@ tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb) | |||
| 180 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | 178 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) |
| 181 | goto err; | 179 | goto err; |
| 182 | 180 | ||
| 183 | if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) { | 181 | if (ks->nid == NID_X25519) { |
| 184 | if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange)) | ||
| 185 | goto err; | ||
| 186 | } else if (ks->nid == NID_X25519) { | ||
| 187 | if (!tls13_key_share_public_x25519(ks, &key_exchange)) | 182 | if (!tls13_key_share_public_x25519(ks, &key_exchange)) |
| 188 | goto err; | 183 | goto err; |
| 189 | } else { | 184 | } else { |
| 190 | goto err; | 185 | if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange)) |
| 186 | goto err; | ||
| 191 | } | 187 | } |
| 192 | 188 | ||
| 193 | if (!CBB_flush(cbb)) | 189 | if (!CBB_flush(cbb)) |
| @@ -245,14 +241,12 @@ tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, | |||
| 245 | if (ks->group_id != group) | 241 | if (ks->group_id != group) |
| 246 | return 0; | 242 | return 0; |
| 247 | 243 | ||
| 248 | if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) { | 244 | if (ks->nid == NID_X25519) { |
| 249 | if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs)) | ||
| 250 | return 0; | ||
| 251 | } else if (ks->nid == NID_X25519) { | ||
| 252 | if (!tls13_key_share_peer_public_x25519(ks, cbs)) | 245 | if (!tls13_key_share_peer_public_x25519(ks, cbs)) |
| 253 | return 0; | 246 | return 0; |
| 254 | } else { | 247 | } else { |
| 255 | return 0; | 248 | if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs)) |
| 249 | return 0; | ||
| 256 | } | 250 | } |
| 257 | 251 | ||
| 258 | return 1; | 252 | return 1; |
| @@ -305,13 +299,10 @@ tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key, | |||
| 305 | 299 | ||
| 306 | *shared_key_len = 0; | 300 | *shared_key_len = 0; |
| 307 | 301 | ||
| 308 | if (ks->nid == NID_X9_62_prime256v1 || ks->nid == NID_secp384r1) { | 302 | if (ks->nid == NID_X25519) |
| 309 | return tls13_key_share_derive_ecdhe_ecp(ks, shared_key, | ||
| 310 | shared_key_len); | ||
| 311 | } else if (ks->nid == NID_X25519) { | ||
| 312 | return tls13_key_share_derive_x25519(ks, shared_key, | 303 | return tls13_key_share_derive_x25519(ks, shared_key, |
| 313 | shared_key_len); | 304 | shared_key_len); |
| 314 | } | ||
| 315 | 305 | ||
| 316 | return 0; | 306 | return tls13_key_share_derive_ecdhe_ecp(ks, shared_key, |
| 307 | shared_key_len); | ||
| 317 | } | 308 | } |