wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

delay ssl server from creating ecdhe key until really needed

Browse Source
This commit is contained in:
toddouska
2014-08-27 10:48:19 -07:00
parent d5d3292ba7
commit b6345d654a
2 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -10493,6 +10493,16 @@ static void PickHashSigAlgo(CYASSL* ssl,
length = ENUM_LEN + CURVE_LEN + ENUM_LEN; length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
/* pub key size */ /* pub key size */
CYASSL_MSG("Using ephemeral ECDH"); CYASSL_MSG("Using ephemeral ECDH");
/* need ephemeral key now, create it if missing */
if (ssl->eccTempKeyPresent == 0) {
if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
ssl->eccTempKey) != 0) {
return ECC_MAKEKEY_ERROR;
}
ssl->eccTempKeyPresent = 1;
}
if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0)
return ECC_EXPORT_ERROR; return ECC_EXPORT_ERROR;
length += expSz; length += expSz;
@@ -12207,9 +12217,15 @@ static void PickHashSigAlgo(CYASSL* ssl,
ecc_free(&staticKey); ecc_free(&staticKey);
} }
else else {
ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey, if (ssl->eccTempKeyPresent == 0) {
CYASSL_MSG("Ecc ephemeral key not made correctly");
ret = ECC_MAKEKEY_ERROR;
} else {
ret = ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey,
ssl->arrays->preMasterSecret, &length); ssl->arrays->preMasterSecret, &length);
}
}
if (ret != 0) if (ret != 0)
return ECC_SHARED_ERROR; return ECC_SHARED_ERROR;

13
src/ssl.c
View File

@@ -4796,19 +4796,6 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
} }
#endif #endif
#ifdef HAVE_ECC
/* in case used set_accept_state after init */
if (ssl->eccTempKeyPresent == 0) {
if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
ssl->eccTempKey) != 0) {
ssl->error = ECC_MAKEKEY_ERROR;
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
ssl->eccTempKeyPresent = 1;
}
#endif
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR) { if (ssl->version.major == DTLS_MAJOR) {
ssl->options.dtls = 1; ssl->options.dtls = 1;