diff options
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index c97ade8bdd..74b54154e3 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.102 2022/01/04 10:34:16 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.103 2022/01/04 11:01:58 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1455,13 +1455,17 @@ tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) | |||
| 1455 | int | 1455 | int |
| 1456 | tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | 1456 | tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) |
| 1457 | { | 1457 | { |
| 1458 | CBB client_shares; | 1458 | CBB client_shares, key_exchange; |
| 1459 | 1459 | ||
| 1460 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) | 1460 | if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) |
| 1461 | return 0; | 1461 | return 0; |
| 1462 | 1462 | ||
| 1463 | if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, | 1463 | if (!CBB_add_u16(&client_shares, |
| 1464 | &client_shares)) | 1464 | tls13_key_share_group(S3I(s)->hs.tls13.key_share))) |
| 1465 | return 0; | ||
| 1466 | if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) | ||
| 1467 | return 0; | ||
| 1468 | if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange)) | ||
| 1465 | return 0; | 1469 | return 0; |
| 1466 | 1470 | ||
| 1467 | if (!CBB_flush(cbb)) | 1471 | if (!CBB_flush(cbb)) |
| @@ -1531,6 +1535,8 @@ tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) | |||
| 1531 | int | 1535 | int |
| 1532 | tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | 1536 | tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) |
| 1533 | { | 1537 | { |
| 1538 | CBB key_exchange; | ||
| 1539 | |||
| 1534 | /* In the case of a HRR, we only send the server selected group. */ | 1540 | /* In the case of a HRR, we only send the server selected group. */ |
| 1535 | if (S3I(s)->hs.tls13.hrr) { | 1541 | if (S3I(s)->hs.tls13.hrr) { |
| 1536 | if (S3I(s)->hs.tls13.server_group == 0) | 1542 | if (S3I(s)->hs.tls13.server_group == 0) |
| @@ -1541,7 +1547,14 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1541 | if (S3I(s)->hs.tls13.key_share == NULL) | 1547 | if (S3I(s)->hs.tls13.key_share == NULL) |
| 1542 | return 0; | 1548 | return 0; |
| 1543 | 1549 | ||
| 1544 | if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, cbb)) | 1550 | if (!CBB_add_u16(cbb, tls13_key_share_group(S3I(s)->hs.tls13.key_share))) |
| 1551 | return 0; | ||
| 1552 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | ||
| 1553 | return 0; | ||
| 1554 | if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange)) | ||
| 1555 | return 0; | ||
| 1556 | |||
| 1557 | if (!CBB_flush(cbb)) | ||
| 1545 | return 0; | 1558 | return 0; |
| 1546 | 1559 | ||
| 1547 | return 1; | 1560 | return 1; |