From 858880686ebe4919b7c433c7a0d96c19ad47740c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Oct 2017 10:18:44 +0200 Subject: [PATCH] Don't rely on private key metadata in SSL When checking whether a server key matches the handshake parameters, rely only on the offered certificate and not on the metadata of the private key. Specifically, with an EC key, check the curve in the certificate rather than in the associated private key. This was the only place in the SSL module where mbedtls_pk_ec or mbedtls_pk_rsa was called to access a private signature or decryption key (as opposed to a public key or a key used for DH/ECDH). --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 37f415dd1..fd04e927a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -731,7 +731,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDSA_C) if( pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 ) + ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) ); continue;