From b6345d654a1f62ea48e5ee19bba9ea74d4cd4776 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 27 Aug 2014 10:48:19 -0700 Subject: [PATCH] delay ssl server from creating ecdhe key until really needed --- src/internal.c | 20 ++++++++++++++++++-- src/ssl.c | 13 ------------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/internal.c b/src/internal.c index 827a47a68..180f4681f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10493,6 +10493,16 @@ static void PickHashSigAlgo(CYASSL* ssl, length = ENUM_LEN + CURVE_LEN + ENUM_LEN; /* pub key size */ CYASSL_MSG("Using ephemeral ECDH"); + + /* need ephemeral key now, create it if missing */ + if (ssl->eccTempKeyPresent == 0) { + if (ecc_make_key(ssl->rng, ssl->eccTempKeySz, + ssl->eccTempKey) != 0) { + return ECC_MAKEKEY_ERROR; + } + ssl->eccTempKeyPresent = 1; + } + if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) return ECC_EXPORT_ERROR; length += expSz; @@ -12207,9 +12217,15 @@ static void PickHashSigAlgo(CYASSL* ssl, ecc_free(&staticKey); } - else - ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey, + else { + if (ssl->eccTempKeyPresent == 0) { + CYASSL_MSG("Ecc ephemeral key not made correctly"); + ret = ECC_MAKEKEY_ERROR; + } else { + ret = ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey, ssl->arrays->preMasterSecret, &length); + } + } if (ret != 0) return ECC_SHARED_ERROR; diff --git a/src/ssl.c b/src/ssl.c index 2bd63f238..c1b29904c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4796,19 +4796,6 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) } #endif - #ifdef HAVE_ECC - /* in case used set_accept_state after init */ - if (ssl->eccTempKeyPresent == 0) { - if (ecc_make_key(ssl->rng, ssl->eccTempKeySz, - ssl->eccTempKey) != 0) { - ssl->error = ECC_MAKEKEY_ERROR; - CYASSL_ERROR(ssl->error); - return SSL_FATAL_ERROR; - } - ssl->eccTempKeyPresent = 1; - } - #endif - #ifdef CYASSL_DTLS if (ssl->version.major == DTLS_MAJOR) { ssl->options.dtls = 1;