diff options
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 3c55be6e68..69e75558dc 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.38 2020/01/29 17:03:58 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.39 2020/01/30 17:09:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -52,6 +52,11 @@ tls13_client_init(struct tls13_ctx *ctx) | |||
| 52 | if (!tls1_transcript_init(s)) | 52 | if (!tls1_transcript_init(s)) |
| 53 | return 0; | 53 | return 0; |
| 54 | 54 | ||
| 55 | if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL) | ||
| 56 | return 0; | ||
| 57 | if (!tls13_key_share_generate(ctx->hs->key_share)) | ||
| 58 | return 0; | ||
| 59 | |||
| 55 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); | 60 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); |
| 56 | 61 | ||
| 57 | return 1; | 62 | return 1; |
| @@ -394,6 +399,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 394 | struct tls13_secret context; | 399 | struct tls13_secret context; |
| 395 | unsigned char buf[EVP_MAX_MD_SIZE]; | 400 | unsigned char buf[EVP_MAX_MD_SIZE]; |
| 396 | uint8_t *shared_key = NULL; | 401 | uint8_t *shared_key = NULL; |
| 402 | size_t shared_key_len = 0; | ||
| 397 | size_t hash_len; | 403 | size_t hash_len; |
| 398 | SSL *s = ctx->ssl; | 404 | SSL *s = ctx->ssl; |
| 399 | int ret = 0; | 405 | int ret = 0; |
| @@ -406,14 +412,12 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 406 | return 1; | 412 | return 1; |
| 407 | 413 | ||
| 408 | /* XXX - handle other key share types. */ | 414 | /* XXX - handle other key share types. */ |
| 409 | if (ctx->hs->x25519_peer_public == NULL) { | 415 | if (ctx->hs->key_share == NULL) { |
| 410 | /* XXX - alert. */ | 416 | /* XXX - alert. */ |
| 411 | goto err; | 417 | goto err; |
| 412 | } | 418 | } |
| 413 | if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) | 419 | if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key, |
| 414 | goto err; | 420 | &shared_key_len)) |
| 415 | if (!X25519(shared_key, ctx->hs->x25519_private, | ||
| 416 | ctx->hs->x25519_peer_public)) | ||
| 417 | goto err; | 421 | goto err; |
| 418 | 422 | ||
| 419 | s->session->cipher = S3I(s)->hs.new_cipher; | 423 | s->session->cipher = S3I(s)->hs.new_cipher; |
| @@ -443,7 +447,7 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 443 | 447 | ||
| 444 | /* Handshake secrets. */ | 448 | /* Handshake secrets. */ |
| 445 | if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, | 449 | if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, |
| 446 | X25519_KEY_LENGTH, &context)) | 450 | shared_key_len, &context)) |
| 447 | goto err; | 451 | goto err; |
| 448 | 452 | ||
| 449 | tls13_record_layer_set_aead(ctx->rl, ctx->aead); | 453 | tls13_record_layer_set_aead(ctx->rl, ctx->aead); |
| @@ -460,7 +464,8 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 460 | ret = 1; | 464 | ret = 1; |
| 461 | 465 | ||
| 462 | err: | 466 | err: |
| 463 | freezero(shared_key, X25519_KEY_LENGTH); | 467 | freezero(shared_key, shared_key_len); |
| 468 | |||
| 464 | return ret; | 469 | return ret; |
| 465 | } | 470 | } |
| 466 | 471 | ||