mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 00:55:36 +00:00
Fix missing check on server-chosen curve
We had this check in the non-PSA case, but it was missing in the PSA case. Backport of 141be6cc7faeb68296625670b851670542481ab6 with just the error code change to adapt to 2.28. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
298d6cc397
commit
0178487fb2
7
ChangeLog.d/use-psa-ecdhe-curve.txt
Normal file
7
ChangeLog.d/use-psa-ecdhe-curve.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
Bugfix
|
||||
* Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
|
||||
enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
|
||||
client would fail to check that the curve selected by the server for
|
||||
ECDHE was indeed one that was offered. As a result, the client would
|
||||
accept any curve that it supported, even if that curve was not allowed
|
||||
according to its configuration.
|
|
@ -2703,6 +2703,10 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
|
|||
tls_id <<= 8;
|
||||
tls_id |= *(*p)++;
|
||||
|
||||
/* Check it's a curve we offered */
|
||||
if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
|
||||
/* Convert EC group to PSA key type. */
|
||||
if( ( handshake->ecdh_psa_type =
|
||||
mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
|
||||
|
|
Loading…
Reference in a new issue