tinyCrypt: Don't store public ECDH-share in handshake struct

Instead, write it to the message buffer directly.
2024-12-23 19:55:37 +00:00 · 2019-07-24 12:45:52 +01:00 · 2019-07-24 12:45:52 +01:00 · 8295ff0b04
parent b1626fb619
commit 8295ff0b04
3 changed files with 14 additions and 20 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -552,7 +552,6 @@ struct mbedtls_ssl_handshake_params

 #if defined(MBEDTLS_USE_TINYCRYPT)
    uint8_t ecdh_privkey[NUM_ECC_BYTES];
-    uint8_t ecdh_ownpubkey[2*NUM_ECC_BYTES];
    uint8_t ecdh_peerkey[2*NUM_ECC_BYTES];
 #endif /* MBEDTLS_USE_TINYCRYPT */
 };
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -3576,19 +3576,17 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
        ((void) n);
        ((void) ret);

-        if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
-                            ssl->handshake->ecdh_privkey,
-                            uecc_curve ) )
-        {
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
        if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );

        *p++ = 2 * NUM_ECC_BYTES + 1;
        *p++ = 0x04; /* uncompressed point presentation */
-        memcpy( p, ssl->handshake->ecdh_ownpubkey, 2 * NUM_ECC_BYTES );
+
+        if( !uECC_make_key( p, ssl->handshake->ecdh_privkey,
+                            uecc_curve ) )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
        p += 2 * NUM_ECC_BYTES;
    }
    else
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -3398,14 +3398,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                0x04 /* Uncompressed */
            };

-            if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
-                                ssl->handshake->ecdh_privkey,
-                                uecc_curve ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            }
-
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
            dig_signed = ssl->out_msg + ssl->out_msglen;
 #endif
@ -3414,9 +3406,14 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                    ecdh_param_hdr, sizeof( ecdh_param_hdr ) );
            ssl->out_msglen += sizeof( ecdh_param_hdr );

-            memcpy( &ssl->out_msg[ssl->out_msglen],
-                    ssl->handshake->ecdh_ownpubkey,
-                    2*NUM_ECC_BYTES );
+            if( !uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
+                                ssl->handshake->ecdh_privkey,
+                                uecc_curve ) )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+
            ssl->out_msglen += 2*NUM_ECC_BYTES;
        }
        else