better handling of TLS layer switching out CTX layer keys/certs

src/internal.c

@@ -1961,7 +1961,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveRSAsig) {
+    if (tls1_2 && haveRSA) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
     }
@@ -1989,7 +1989,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-    if (tls1_2 && haveRSAsig) {
+    if (tls1_2 && haveRSA) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
     }
@@ -5911,8 +5911,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
         case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
             if (requirement == REQUIRES_RSA)
                 return 1;
-            if (requirement == REQUIRES_RSA_SIG)
-                return 1;
             break;
 
         case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :

src/ssl.c

@@ -4338,6 +4338,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                 } else {
                     /* check that the size of the RSA key is enough */
                     int RsaSz = wc_RsaEncryptSize((RsaKey*)key);
+
                     if (ssl) {
                         if (RsaSz < ssl->options.minRsaKeySz) {
                             ret = RSA_KEY_SIZE_E;
@@ -4352,6 +4353,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                     }
                     rsaKey = 1;
                     (void)rsaKey;  /* for no ecc builds */
+
+                    if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
+                        int havePSK = 0;
+                        #ifndef NO_PSK
+                            if (ssl->options.havePSK) {
+                                havePSK = 1;
+                            }
+                        #endif
+
+                        /* CTX may have been ECC key, let's reset suites */
+                        ssl->options.haveStaticECC = 0;
+                        InitSuites(ssl->suites, ssl->version, 1, havePSK,
+                             ssl->options.haveDH, ssl->options.haveNTRU,
+                             ssl->options.haveECDSAsig, ssl->options.haveECC,
+                             ssl->options.haveStaticECC, ssl->options.side);
+                    }
                 }
             }
 
@@ -4396,10 +4413,31 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 
             wc_ecc_free(&key);
             eccKey = 1;
-            if (ctx)
-                ctx->haveStaticECC = 1;
-            if (ssl)
+            if (ssl) {
                 ssl->options.haveStaticECC = 1;
+            }
+            else if (ctx) {
+                ctx->haveStaticECC = 1;
+            }
+
+            if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
+                int havePSK = 0;
+                int haveRSA = 0;
+                #ifndef NO_PSK
+                    if (ssl->options.havePSK) {
+                        havePSK = 1;
+                    }
+                #endif
+                #ifndef NO_RSA
+                    haveRSA = 1;
+                #endif
+
+                /* let's reset suites with ecc key */
+                InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
+                           ssl->options.haveDH, ssl->options.haveNTRU,
+                           ssl->options.haveECDSAsig, ssl->options.haveECC,
+                           ssl->options.haveStaticECC, ssl->options.side);
+            }
         }
     #endif /* HAVE_ECC */
     }
@@ -4428,16 +4466,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
         #endif
             return SSL_BAD_FILE;
         }
+
+        if (ssl && ssl->ctx->haveECDSAsig) {
+            WOLFSSL_MSG("SSL layer setting cert, CTX had ECDSA, turning off");
+            ssl->options.haveECDSAsig = 0;   /* may turn back on next */
+        }
+
         switch (cert->signatureOID) {
             case CTC_SHAwECDSA:
             case CTC_SHA256wECDSA:
             case CTC_SHA384wECDSA:
             case CTC_SHA512wECDSA:
                 WOLFSSL_MSG("ECDSA cert signature");
-                if (ctx)
-                    ctx->haveECDSAsig = 1;
                 if (ssl)
                     ssl->options.haveECDSAsig = 1;
+                else if (ctx)
+                    ctx->haveECDSAsig = 1;
                 break;
             default:
                 WOLFSSL_MSG("Not ECDSA cert signature");
@@ -4445,16 +4489,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
         }
 
     #ifdef HAVE_ECC
-        if (ctx) {
-            ctx->pkCurveOID = cert->pkCurveOID;
-        #ifndef WC_STRICT_SIG
-            if (cert->keyOID == ECDSAk) {
-                ctx->haveECC = 1;
-            }
-        #else
-            ctx->haveECC = ctx->haveECDSAsig;
-        #endif
-        }
         if (ssl) {
             ssl->pkCurveOID = cert->pkCurveOID;
         #ifndef WC_STRICT_SIG
@@ -4465,6 +4499,16 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             ssl->options.haveECC = ssl->options.haveECDSAsig;
         #endif
         }
+        else if (ctx) {
+            ctx->pkCurveOID = cert->pkCurveOID;
+        #ifndef WC_STRICT_SIG
+            if (cert->keyOID == ECDSAk) {
+                ctx->haveECC = 1;
+            }
+        #else
+            ctx->haveECC = ctx->haveECDSAsig;
+        #endif
+        }
     #endif
 
         /* check key size of cert unless specified not to */