From: jsing <jsing@openbsd.org>
Date: Tue, 4 Jan 2022 11:01:58 +0000 (+0000)
Subject: Pull key share group/length CBB code up from tls13_key_share_public()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=29c328861a32c7dc59b92aaa274e9308f7bc1a43;p=openbsd

Pull key share group/length CBB code up from tls13_key_share_public()

This provides better symmetry with the parsing code and will allow for
better reuse with the legacy stack, which has different message structures.

ok inoguchi@ tb@
---

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index c97ade8bdd9..74b54154e38 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.102 2022/01/04 10:34:16 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.103 2022/01/04 11:01:58 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1455,13 +1455,17 @@ tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-	CBB client_shares;
+	CBB client_shares, key_exchange;
 
 	if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
 		return 0;
 
-	if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share,
-	    &client_shares))
+	if (!CBB_add_u16(&client_shares,
+	    tls13_key_share_group(S3I(s)->hs.tls13.key_share)))
+		return 0;
+	if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
+		return 0;
+	if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange))
 		return 0;
 
 	if (!CBB_flush(cbb))
@@ -1531,6 +1535,8 @@ tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
+	CBB key_exchange;
+
 	/* In the case of a HRR, we only send the server selected group. */
 	if (S3I(s)->hs.tls13.hrr) {
 		if (S3I(s)->hs.tls13.server_group == 0)
@@ -1541,7 +1547,14 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 	if (S3I(s)->hs.tls13.key_share == NULL)
 		return 0;
 
-	if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, cbb))
+	if (!CBB_add_u16(cbb, tls13_key_share_group(S3I(s)->hs.tls13.key_share)))
+		return 0;
+	if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
+		return 0;
+	if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange))
+		return 0;
+
+	if (!CBB_flush(cbb))
 		return 0;
 
 	return 1;
diff --git a/lib/libssl/tls13_key_share.c b/lib/libssl/tls13_key_share.c
index 0d1c0914621..70f1b673f6c 100644
--- a/lib/libssl/tls13_key_share.c
+++ b/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.7 2022/01/04 11:01:58 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -187,28 +187,10 @@ tls13_key_share_public_x25519(struct tls13_key_share *ks, CBB *cbb)
 int
 tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb)
 {
-	CBB key_exchange;
-
-	if (!CBB_add_u16(cbb, ks->group_id))
-		goto err;
-	if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
-		goto err;
-
-	if (ks->nid == NID_X25519) {
-		if (!tls13_key_share_public_x25519(ks, &key_exchange))
-			goto err;
-	} else {
-		if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
-			goto err;
-	}
-
-	if (!CBB_flush(cbb))
-		goto err;
-
-	return 1;
+	if (ks->nid == NID_X25519)
+		return tls13_key_share_public_x25519(ks, cbb);
 
- err:
-	return 0;
+	return tls13_key_share_public_ecdhe_ecp(ks, cbb);
 }
 
 static int