From 81d4e899a4eee9e1f1a2d794dbe70a83b4a7be9a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Oct 2017 10:18:44 +0200 Subject: [PATCH] Don't rely on private key metadata in SSL In SSL, don't use mbedtls_pk_ec or mbedtls_pk_rsa on a private signature or decryption key (as opposed to a public key or a key used for DH/ECDH). Extract the data (it's the same data) from the public key object instead. This way the code works even if the private key is opaque or if there is no private key object at all. Specifically, with an EC key, when checking whether the curve in a server key matches the handshake parameters, rely only on the offered certificate and not on the metadata of the private key. --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 37f415dd1..fd04e927a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -731,7 +731,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDSA_C) if( pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 ) + ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) ); continue;