From fb9ed686cbdc108c426d556d9c2a244384e083bb Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 15 Oct 2020 11:31:35 -0700 Subject: [PATCH] Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating `ssl->ecdhCurveOID`. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). --- src/internal.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 1ed9448d2..0e6d02b11 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4278,11 +4278,12 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer) #endif /* get key size */ - if (peer == NULL) { + if (peer == NULL || peer->dp == NULL) { keySz = ssl->eccTempKeySz; } else { keySz = peer->dp->size; + ecc_curve = peer->dp->id; } /* get curve type */ @@ -11513,6 +11514,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ECC_KEY_SIZE_E; WOLFSSL_MSG("Peer ECC key is too small"); } + + /* populate curve oid */ + if (ssl->options.side == WOLFSSL_CLIENT_END) + ssl->ecdhCurveOID = args->dCert->pkCurveOID; break; } #endif /* HAVE_ECC */ @@ -11563,6 +11568,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ECC_KEY_SIZE_E; WOLFSSL_MSG("Peer ECC key is too small"); } + + /* populate curve oid */ + if (ssl->options.side == WOLFSSL_CLIENT_END) + ssl->ecdhCurveOID = ECC_X25519_OID; break; } #endif /* HAVE_ED25519 */ @@ -11612,6 +11621,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ECC_KEY_SIZE_E; WOLFSSL_MSG("Peer ECC key is too small"); } + + /* populate curve oid */ + if (ssl->options.side == WOLFSSL_CLIENT_END) + ssl->ecdhCurveOID = ECC_X448_OID; break; } #endif /* HAVE_ED448 */