Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using ./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13. Refactor TLSX_KeyShare_GenEccKey to support either ECC or CURVE25519. Fix for PemToDer to handle ED25519 without ECC enabled.

2018-04-09 10:10:08 -07:00
parent 2a460d3d05
commit 21833e245f
3 changed files with 45 additions and 26 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4725,7 +4725,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
        } else
 #endif
 #ifdef HAVE_ED25519
-        if (header == BEGIN_DSA_PRIV) {
+    #ifdef HAVE_ECC
+        if (header == BEGIN_DSA_PRIV)
+    #else
+        if (header == BEGIN_ENC_PRIV_KEY)
+    #endif
+        {
            header =  BEGIN_EDDSA_PRIV;     footer = END_EDDSA_PRIV;
        } else
 #endif
@@ -5319,7 +5324,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                    != 0) {
                #ifdef HAVE_ECC
                    /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
-                    eccKey = 1;  /* so try it out */
+                    eccKey = 1;  /* try it next */
+                #elif defined(HAVE_ED25519)
+                    ed25519Key = 1; /* try it next */
                #else
                    WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
                    ret = WOLFSSL_BAD_FILE;