wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available).

Browse Source
This commit is contained in:
David Garske
2020-10-15 11:31:35 -07:00
parent 045fc4d686
commit fb9ed686cb
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/internal.c
View File

@@ -4278,11 +4278,12 @@ int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
#endif #endif
/* get key size */ /* get key size */
if (peer == NULL) { if (peer == NULL || peer->dp == NULL) {
keySz = ssl->eccTempKeySz; keySz = ssl->eccTempKeySz;
} }
else { else {
keySz = peer->dp->size; keySz = peer->dp->size;
ecc_curve = peer->dp->id;
} }
/* get curve type */ /* get curve type */
@@ -11513,6 +11514,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ECC_KEY_SIZE_E; ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("Peer ECC key is too small"); WOLFSSL_MSG("Peer ECC key is too small");
} }
/* populate curve oid */
if (ssl->options.side == WOLFSSL_CLIENT_END)
ssl->ecdhCurveOID = args->dCert->pkCurveOID;
break; break;
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -11563,6 +11568,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ECC_KEY_SIZE_E; ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("Peer ECC key is too small"); WOLFSSL_MSG("Peer ECC key is too small");
} }
/* populate curve oid */
if (ssl->options.side == WOLFSSL_CLIENT_END)
ssl->ecdhCurveOID = ECC_X25519_OID;
break; break;
} }
#endif /* HAVE_ED25519 */ #endif /* HAVE_ED25519 */
@@ -11612,6 +11621,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ECC_KEY_SIZE_E; ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("Peer ECC key is too small"); WOLFSSL_MSG("Peer ECC key is too small");
} }
/* populate curve oid */
if (ssl->options.side == WOLFSSL_CLIENT_END)
ssl->ecdhCurveOID = ECC_X448_OID;
break; break;
} }
#endif /* HAVE_ED448 */ #endif /* HAVE_ED448 */