Pull key share group/length CBB code up from tls13_key_share_public()

This provides better symmetry with the parsing code and will allow for
better reuse with the legacy stack, which has different message structures.

ok inoguchi@ tb@

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index c97ade8..74b5415 100644 (file)
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.102 2022/01/04 10:34:16 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.103 2022/01/04 11:01:58 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1455,13 +1455,17 @@ tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-       CBB client_shares;
+       CBB client_shares, key_exchange;
 
        if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
                return 0;
 
-       if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share,
-           &client_shares))
+       if (!CBB_add_u16(&client_shares,
+           tls13_key_share_group(S3I(s)->hs.tls13.key_share)))
+               return 0;
+       if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
+               return 0;
+       if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange))
                return 0;
 
        if (!CBB_flush(cbb))
@@ -1531,6 +1535,8 @@ tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
+       CBB key_exchange;
+
        /* In the case of a HRR, we only send the server selected group. */
        if (S3I(s)->hs.tls13.hrr) {
                if (S3I(s)->hs.tls13.server_group == 0)
@@ -1541,7 +1547,14 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        if (S3I(s)->hs.tls13.key_share == NULL)
                return 0;
 
-       if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, cbb))
+       if (!CBB_add_u16(cbb, tls13_key_share_group(S3I(s)->hs.tls13.key_share)))
+               return 0;
+       if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
+               return 0;
+       if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange))
+               return 0;
+
+       if (!CBB_flush(cbb))
                return 0;
 
        return 1;

diff --git a/lib/libssl/tls13_key_share.c b/lib/libssl/tls13_key_share.c
index 0d1c091..70f1b67 100644 (file)
--- a/lib/libssl/tls13_key_share.c
+++ b/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.7 2022/01/04 11:01:58 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -187,28 +187,10 @@ tls13_key_share_public_x25519(struct tls13_key_share *ks, CBB *cbb)
 int
 tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb)
 {
-       CBB key_exchange;
-
-       if (!CBB_add_u16(cbb, ks->group_id))
-               goto err;
-       if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
-               goto err;
-
-       if (ks->nid == NID_X25519) {
-               if (!tls13_key_share_public_x25519(ks, &key_exchange))
-                       goto err;
-       } else {
-               if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
-                       goto err;
-       }
-
-       if (!CBB_flush(cbb))
-               goto err;
-
-       return 1;
+       if (ks->nid == NID_X25519)
+               return tls13_key_share_public_x25519(ks, cbb);
 
- err:
-       return 0;
+       return tls13_key_share_public_ecdhe_ecp(ks, cbb);
 }
 
 static int