1 files changed, 17 insertions, 92 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 5cebd1d630..46f30aa47e 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.57 2020/01/26 03:29:30 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.58 2020/01/30 17:09:23 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -16,6 +16,7 @@
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include <openssl/curve25519.h>
 #include <openssl/ocsp.h>
@@ -1255,82 +1256,46 @@ tlsext_keyshare_client_needs(SSL *s)
 int
 tlsext_keyshare_client_build(SSL *s, CBB *cbb)
 {
-        uint8_t *public_key = NULL, *private_key = NULL;
+        CBB client_shares;
-        CBB client_shares, key_exchange;
-        /* Generate and provide key shares. */
        if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
                return 0;
-        /* XXX - other groups. */
+        if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share,
+            &client_shares))
-        /* Generate X25519 key pair. */
+                return 0;
-        if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        X25519_keypair(public_key, private_key);
-        /* Add the group and serialize the public key. */
-        if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519)))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
-                goto err;
-        if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
-                goto err;
        if (!CBB_flush(cbb))
-                goto err;
+                return 0;
-        S3I(s)->hs_tls13.x25519_public = public_key;
-        S3I(s)->hs_tls13.x25519_private = private_key;
        return 1;
- err:
-        freezero(public_key, X25519_KEY_LENGTH);
-        freezero(private_key, X25519_KEY_LENGTH);
-        return 0;
 }
 int
 tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert)
 {
        CBS client_shares;
-        CBS key_exchange;
        uint16_t group;
-        size_t out_len;
        if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
                goto err;
-        if (CBS_len(cbs) != 0)
-                goto err;
        while (CBS_len(&client_shares) > 0) {
                /* Unpack client share. */
                if (!CBS_get_u16(&client_shares, &group))
                        goto err;
-                if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange))
-                        goto err;
                /*
-                 * Skip this client share if not X25519
                 * XXX support other groups later.
                 * XXX enforce group can only appear once.
                 */
-                if (S3I(s)->hs_tls13.x25519_peer_public != NULL ||
+                if (S3I(s)->hs_tls13.key_share == NULL ||
-                    group != tls1_ec_nid2curve_id(NID_X25519))
+                    tls13_key_share_group(S3I(s)->hs_tls13.key_share) != group)
                        continue;
-                if (CBS_len(&key_exchange) != X25519_KEY_LENGTH)
+                if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share,
-                        goto err;
+                    group, &client_shares))
-                if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public,
-                    &out_len))
                        goto err;
        }
@@ -1353,68 +1318,28 @@ tlsext_keyshare_server_needs(SSL *s)
 int
 tlsext_keyshare_server_build(SSL *s, CBB *cbb)
 {
-        uint8_t *public_key = NULL, *private_key = NULL;
+        if (S3I(s)->hs_tls13.key_share == NULL)
-        CBB key_exchange;
-        /* XXX deduplicate with client code */
-        /* X25519 */
-        if (S3I(s)->hs_tls13.x25519_peer_public == NULL)
                return 0;
-        /* Generate X25519 key pair. */
+        if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, cbb))
-        if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
+                return 0;
-                goto err;
-        if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        X25519_keypair(public_key, private_key);
-        /* Add the group and serialize the public key. */
-        if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519)))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
-                goto err;
-        if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-        S3I(s)->hs_tls13.x25519_public = public_key;
-        S3I(s)->hs_tls13.x25519_private = private_key;
        return 1;
- err:
-        freezero(public_key, X25519_KEY_LENGTH);
-        freezero(private_key, X25519_KEY_LENGTH);
-        return 0;
 }
 int
 tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert)
 {
-        CBS key_exchange;
        uint16_t group;
-        size_t out_len;
        /* Unpack server share. */
        if (!CBS_get_u16(cbs, &group))
                goto err;
-        /* Handle other groups and verify that they're valid. */
+        /* XXX - Handle other groups and verify that they're valid. */
-        if (group != tls1_ec_nid2curve_id(NID_X25519))
-                goto err;
-        if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
-                goto err;
-        if (CBS_len(&key_exchange) != X25519_KEY_LENGTH)
-                goto err;
-        if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public,
+        if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share,
-            &out_len))
+            group, cbs))
                goto err;
        return 1;

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 5cebd1d630..46f30aa47e 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.57 2020/01/26 03:29:30 beck Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.58 2020/01/30 17:09:23 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -16,6 +16,7 @@
16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18	*/	18	*/
		19
19	#include <openssl/curve25519.h>	20	#include <openssl/curve25519.h>
20	#include <openssl/ocsp.h>	21	#include <openssl/ocsp.h>
21		22
@@ -1255,82 +1256,46 @@ tlsext_keyshare_client_needs(SSL *s)
1255	int	1256	int
1256	tlsext_keyshare_client_build(SSL s, CBB cbb)	1257	tlsext_keyshare_client_build(SSL s, CBB cbb)
1257	{	1258	{
1258	uint8_t public_key = NULL, private_key = NULL;	1259	CBB client_shares;
1259	CBB client_shares, key_exchange;
1260		1260
1261	/* Generate and provide key shares. */
1262	if (!CBB_add_u16_length_prefixed(cbb, &client_shares))	1261	if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
1263	return 0;	1262	return 0;
1264		1263
1265	/* XXX - other groups. */	1264	if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share,
1266		1265	&client_shares))
1267	/* Generate X25519 key pair. */	1266	return 0;
1268	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
1269	goto err;
1270	if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
1271	goto err;
1272	X25519_keypair(public_key, private_key);
1273
1274	/* Add the group and serialize the public key. */
1275	if (!CBB_add_u16(&client_shares, tls1_ec_nid2curve_id(NID_X25519)))
1276	goto err;
1277	if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
1278	goto err;
1279	if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
1280	goto err;
1281		1267
1282	if (!CBB_flush(cbb))	1268	if (!CBB_flush(cbb))
1283	goto err;	1269	return 0;
1284
1285	S3I(s)->hs_tls13.x25519_public = public_key;
1286	S3I(s)->hs_tls13.x25519_private = private_key;
1287		1270
1288	return 1;	1271	return 1;
1289
1290	err:
1291	freezero(public_key, X25519_KEY_LENGTH);
1292	freezero(private_key, X25519_KEY_LENGTH);
1293
1294	return 0;
1295	}	1272	}
1296		1273
1297	int	1274	int
1298	tlsext_keyshare_server_parse(SSL s, CBS cbs, int *alert)	1275	tlsext_keyshare_server_parse(SSL s, CBS cbs, int *alert)
1299	{	1276	{
1300	CBS client_shares;	1277	CBS client_shares;
1301	CBS key_exchange;
1302	uint16_t group;	1278	uint16_t group;
1303	size_t out_len;
1304		1279
1305	if (!CBS_get_u16_length_prefixed(cbs, &client_shares))	1280	if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
1306	goto err;	1281	goto err;
1307		1282
1308	if (CBS_len(cbs) != 0)
1309	goto err;
1310
1311	while (CBS_len(&client_shares) > 0) {	1283	while (CBS_len(&client_shares) > 0) {
1312		1284
1313	/* Unpack client share. */	1285	/* Unpack client share. */
1314	if (!CBS_get_u16(&client_shares, &group))	1286	if (!CBS_get_u16(&client_shares, &group))
1315	goto err;	1287	goto err;
1316		1288
1317	if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange))
1318	goto err;
1319
1320	/*	1289	/*
1321	* Skip this client share if not X25519
1322	* XXX support other groups later.	1290	* XXX support other groups later.
1323	* XXX enforce group can only appear once.	1291	* XXX enforce group can only appear once.
1324	*/	1292	*/
1325	if (S3I(s)->hs_tls13.x25519_peer_public != NULL \|\|	1293	if (S3I(s)->hs_tls13.key_share == NULL \|\|
1326	group != tls1_ec_nid2curve_id(NID_X25519))	1294	tls13_key_share_group(S3I(s)->hs_tls13.key_share) != group)
1327	continue;	1295	continue;
1328		1296
1329	if (CBS_len(&key_exchange) != X25519_KEY_LENGTH)	1297	if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share,
1330	goto err;	1298	group, &client_shares))
1331
1332	if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public,
1333	&out_len))
1334	goto err;	1299	goto err;
1335	}	1300	}
1336		1301
@@ -1353,68 +1318,28 @@ tlsext_keyshare_server_needs(SSL *s)
1353	int	1318	int
1354	tlsext_keyshare_server_build(SSL s, CBB cbb)	1319	tlsext_keyshare_server_build(SSL s, CBB cbb)
1355	{	1320	{
1356	uint8_t public_key = NULL, private_key = NULL;	1321	if (S3I(s)->hs_tls13.key_share == NULL)
1357	CBB key_exchange;
1358
1359	/* XXX deduplicate with client code */
1360
1361	/* X25519 */
1362	if (S3I(s)->hs_tls13.x25519_peer_public == NULL)
1363	return 0;	1322	return 0;
1364		1323
1365	/* Generate X25519 key pair. */	1324	if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, cbb))
1366	if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)	1325	return 0;
1367	goto err;
1368	if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
1369	goto err;
1370	X25519_keypair(public_key, private_key);
1371
1372	/* Add the group and serialize the public key. */
1373	if (!CBB_add_u16(cbb, tls1_ec_nid2curve_id(NID_X25519)))
1374	goto err;
1375	if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
1376	goto err;
1377	if (!CBB_add_bytes(&key_exchange, public_key, X25519_KEY_LENGTH))
1378	goto err;
1379
1380	if (!CBB_flush(cbb))
1381	goto err;
1382
1383	S3I(s)->hs_tls13.x25519_public = public_key;
1384	S3I(s)->hs_tls13.x25519_private = private_key;
1385		1326
1386	return 1;	1327	return 1;
1387
1388	err:
1389	freezero(public_key, X25519_KEY_LENGTH);
1390	freezero(private_key, X25519_KEY_LENGTH);
1391
1392	return 0;
1393	}	1328	}
1394		1329
1395	int	1330	int
1396	tlsext_keyshare_client_parse(SSL s, CBS cbs, int *alert)	1331	tlsext_keyshare_client_parse(SSL s, CBS cbs, int *alert)
1397	{	1332	{
1398	CBS key_exchange;
1399	uint16_t group;	1333	uint16_t group;
1400	size_t out_len;
1401		1334
1402	/* Unpack server share. */	1335	/* Unpack server share. */
1403	if (!CBS_get_u16(cbs, &group))	1336	if (!CBS_get_u16(cbs, &group))
1404	goto err;	1337	goto err;
1405		1338
1406	/* Handle other groups and verify that they're valid. */	1339	/* XXX - Handle other groups and verify that they're valid. */
1407	if (group != tls1_ec_nid2curve_id(NID_X25519))
1408	goto err;
1409
1410	if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
1411	goto err;
1412
1413	if (CBS_len(&key_exchange) != X25519_KEY_LENGTH)
1414	goto err;
1415		1340
1416	if (!CBS_stow(&key_exchange, &S3I(s)->hs_tls13.x25519_peer_public,	1341	if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share,
1417	&out_len))	1342	group, cbs))
1418	goto err;	1343	goto err;
1419		1344
1420	return 1;	1345	return 1;