From bcec335856233cbcea4d96e3d43e1b43b8fe4182 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 1 Nov 2016 13:24:02 +0000 Subject: [PATCH] Add key_share info to the ServerHello Reviewed-by: Rich Salz --- ssl/ssl_locl.h | 2 ++ ssl/t1_lib.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 105a487c7e..ec0d0b4824 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1299,6 +1299,8 @@ typedef struct ssl3_state_st { /* For clients: peer temporary key */ # if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + /* The group_id for the DH/ECDH key */ + unsigned int group_id; EVP_PKEY *peer_tmp; # endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 37e6841d7e..11c8399a28 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1648,6 +1648,47 @@ int ssl_add_serverhello_tlsext(SSL *s, WPACKET *pkt, int *al) } } #endif + + if (s->version == TLS1_3_VERSION) { + unsigned char *encodedPoint; + size_t encoded_pt_len = 0; + EVP_PKEY *ckey = NULL, *skey = NULL; + + ckey = s->s3->peer_tmp; + if (ckey == NULL) { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return 0; + } + + skey = ssl_generate_pkey(ckey); + + /* Generate encoding of server key */ + encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint); + if (encoded_pt_len == 0) { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_EC_LIB); + EVP_PKEY_free(skey); + return 0; + } + + if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len) + || !WPACKET_close(pkt)) { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + EVP_PKEY_free(skey); + OPENSSL_free(encodedPoint); + return 0; + } + + s->s3->tmp.pkey = skey; + OPENSSL_free(encodedPoint); + } + if (!custom_ext_add(s, 1, pkt, al)) { SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; @@ -2293,6 +2334,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) EVP_PKEY_CTX_free(pctx); pctx = NULL; } + s->s3->group_id = group_id; if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, PACKET_data(&encoded_pt),