yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-02 17:10:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use tinyCrypt only for ECDHE-RSA/ECDSA in SrvKeyExch writing

Browse source 
In a way inconsistent with the rest of the library restricting the
use of tinyCrypt to pure-ECDHE, the previous ServerKeyExchange writing
routine would use tinyCrypt also for ECDHE-PSK-based ciphersuites.
This commit fixes this.
This commit is contained in:
Hanno Becker 2019-07-24 11:19:03 +01:00
parent cdce332d8c
commit 9cf087d2e7
1 changed files with 81 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
library/ssl_srv.c
View file

@ -3384,6 +3384,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
*/
#if defined(MBEDTLS_USE_TINYCRYPT)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
{
static const uint16_t secp256r1_tls_id = 23;
static const unsigned char ecdh_param_hdr[] = {
MBEDTLS_ECP_TLS_NAMED_CURVE,
@ -3421,9 +3426,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ssl->handshake->ecdh_ownpubkey,
2*NUM_ECC_BYTES );
ssl->out_msglen += 2*NUM_ECC_BYTES;
#else /* MBEDTLS_USE_TINYCRYPT */
}
else
#endif /* MBEDTLS_ECDH_C */
#if !defined(MBEDTLS_ECDH_C)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#else
{
const mbedtls_ecp_curve_info *curve =
mbedtls_ecp_curve_info_from_tls_id( ssl->handshake->curve_tls_id );
int ret;
@ -3462,9 +3474,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Q );
#endif /* MBEDTLS_USE_TINYCRYPT */
}
#endif /* MBEDTLS_ECDH_C */
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */