diff options
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index a559e03219..1f17fe4ab0 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.21 2020/01/29 17:03:58 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.22 2020/01/30 17:09:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -51,6 +51,11 @@ tls13_server_init(struct tls13_ctx *ctx) | |||
| 51 | if ((s->session = SSL_SESSION_new()) == NULL) | 51 | if ((s->session = SSL_SESSION_new()) == NULL) |
| 52 | return 0; | 52 | return 0; |
| 53 | 53 | ||
| 54 | if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL) | ||
| 55 | return 0; | ||
| 56 | if (!tls13_key_share_generate(ctx->hs->key_share)) | ||
| 57 | return 0; | ||
| 58 | |||
| 54 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | 59 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| 55 | 60 | ||
| 56 | return 1; | 61 | return 1; |
| @@ -552,19 +557,18 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) | |||
| 552 | struct tls13_secret context; | 557 | struct tls13_secret context; |
| 553 | unsigned char buf[EVP_MAX_MD_SIZE]; | 558 | unsigned char buf[EVP_MAX_MD_SIZE]; |
| 554 | uint8_t *shared_key = NULL; | 559 | uint8_t *shared_key = NULL; |
| 560 | size_t shared_key_len = 0; | ||
| 555 | size_t hash_len; | 561 | size_t hash_len; |
| 556 | SSL *s = ctx->ssl; | 562 | SSL *s = ctx->ssl; |
| 557 | int ret = 0; | 563 | int ret = 0; |
| 558 | 564 | ||
| 559 | /* XXX - handle other key share types. */ | 565 | /* XXX - handle other key share types. */ |
| 560 | if (ctx->hs->x25519_peer_public == NULL) { | 566 | if (ctx->hs->key_share == NULL) { |
| 561 | /* XXX - alert. */ | 567 | /* XXX - alert. */ |
| 562 | goto err; | 568 | goto err; |
| 563 | } | 569 | } |
| 564 | if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) | 570 | if (!tls13_key_share_derive(ctx->hs->key_share, |
| 565 | goto err; | 571 | &shared_key, &shared_key_len)) |
| 566 | if (!X25519(shared_key, ctx->hs->x25519_private, | ||
| 567 | ctx->hs->x25519_peer_public)) | ||
| 568 | goto err; | 572 | goto err; |
| 569 | 573 | ||
| 570 | s->session->cipher = S3I(s)->hs.new_cipher; | 574 | s->session->cipher = S3I(s)->hs.new_cipher; |
| @@ -594,7 +598,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) | |||
| 594 | 598 | ||
| 595 | /* Handshake secrets. */ | 599 | /* Handshake secrets. */ |
| 596 | if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, | 600 | if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, |
| 597 | X25519_KEY_LENGTH, &context)) | 601 | shared_key_len, &context)) |
| 598 | goto err; | 602 | goto err; |
| 599 | 603 | ||
| 600 | tls13_record_layer_set_aead(ctx->rl, ctx->aead); | 604 | tls13_record_layer_set_aead(ctx->rl, ctx->aead); |
| @@ -614,7 +618,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) | |||
| 614 | ret = 1; | 618 | ret = 1; |
| 615 | 619 | ||
| 616 | err: | 620 | err: |
| 617 | freezero(shared_key, X25519_KEY_LENGTH); | 621 | freezero(shared_key, shared_key_len); |
| 618 | return ret; | 622 | return ret; |
| 619 | } | 623 | } |
| 620 | 624 | ||