From ce251417f5a30173bdc2225732c9f52607299795 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 20 Jun 2019 10:57:07 -0600 Subject: [PATCH 1/3] curve25519 in get_curve_name when HAVE_ECC not defined. Thanks to C.B. for the report. --- src/ssl.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d74c59b1e..58df549fb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16524,15 +16524,20 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) { if (ssl == NULL) return NULL; + #ifdef HAVE_FFDHE if (ssl->namedGroup != 0) return wolfssl_ffdhe_name(ssl->namedGroup); #endif + +#ifdef HAVE_CURVE25519 + if (ssl->ecdhCurveOID == ECC_X25519_OID) + return "X25519"; +#endif + #ifdef HAVE_ECC if (ssl->ecdhCurveOID == 0) return NULL; - if (ssl->ecdhCurveOID == ECC_X25519_OID) - return "X25519"; return wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL)); #else return NULL; From 49a631996cc6c8a250607d939a68d67210758aae Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 21 Jun 2019 09:27:15 -0600 Subject: [PATCH 2/3] Check other names when FFDHE returns NULL --- src/ssl.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 58df549fb..802f50be6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16522,26 +16522,33 @@ static const char* wolfssl_ffdhe_name(word16 group) */ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) { + const char* cName = NULL; + if (ssl == NULL) return NULL; #ifdef HAVE_FFDHE - if (ssl->namedGroup != 0) - return wolfssl_ffdhe_name(ssl->namedGroup); + if (ssl->namedGroup != 0) { + cName = wolfssl_ffdhe_name(ssl->namedGroup); + } #endif + if (cName == NULL) { #ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID) - return "X25519"; + if (ssl->ecdhCurveOID == ECC_X25519_OID) { + cName = "X25519"; + } #endif #ifdef HAVE_ECC - if (ssl->ecdhCurveOID == 0) - return NULL; - return wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL)); -#else - return NULL; + if (ssl->ecdhCurveOID != 0 && cName == NULL) { + cName = wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, + NULL)); + } #endif + } + + return cName; } #endif From c114bcaead4172ea022eb2e6c3c007ca3e028bee Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 21 Jun 2019 09:40:17 -0600 Subject: [PATCH 3/3] Addressed peer feedback, avoid double check when HAVE_CURVE25519 not set --- src/ssl.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 802f50be6..2c920cd70 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16533,20 +16533,18 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) } #endif - if (cName == NULL) { #ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID) { - cName = "X25519"; - } + if (ssl->ecdhCurveOID == ECC_X25519_OID && cName == NULL) { + cName = "X25519"; + } #endif #ifdef HAVE_ECC - if (ssl->ecdhCurveOID != 0 && cName == NULL) { - cName = wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, - NULL)); - } -#endif + if (ssl->ecdhCurveOID != 0 && cName == NULL) { + cName = wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, + NULL)); } +#endif return cName; }