Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. Resolves issue with using `./configure --disable-ecc --enable-curve25519 --enable-ed25519 --enable-tls13`. Refactor `TLSX_KeyShare_GenEccKey` to support either ECC or CURVE25519. Fix for `PemToDer` to handle ED25519 without ECC enabled.

src/ssl.c

@@ -4725,7 +4725,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
         } else
 #endif
 #ifdef HAVE_ED25519
-        if (header == BEGIN_DSA_PRIV) {
+    #ifdef HAVE_ECC
+        if (header == BEGIN_DSA_PRIV)
+    #else
+        if (header == BEGIN_ENC_PRIV_KEY)
+    #endif
+        {
             header =  BEGIN_EDDSA_PRIV;     footer = END_EDDSA_PRIV;
         } else
 #endif
@@ -5319,7 +5324,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                     != 0) {
                 #ifdef HAVE_ECC
                     /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
-                    eccKey = 1;  /* so try it out */
+                    eccKey = 1;  /* try it next */
+                #elif defined(HAVE_ED25519)
+                    ed25519Key = 1; /* try it next */
                 #else
                     WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
                     ret = WOLFSSL_BAD_FILE;

src/tls.c

@@ -5256,7 +5256,7 @@ end:
 }
 #endif
 
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
 /* Create a key share entry using named elliptic curve parameters group.
  * Generates a key pair.
  *
@@ -5269,13 +5269,17 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
     int      ret;
     byte*    keyData = NULL;
     word32   dataSize;
+    byte*    keyPtr = NULL;
     word32   keySize;
-    ecc_key* eccKey = NULL;
+#ifdef HAVE_ECC
+    ecc_key* eccKey;
     word16   curveId;
+#endif
 
     /* TODO: [TLS13] The key sizes should come from wolfcrypt. */
     /* Translate named group to a curve id. */
     switch (kse->group) {
+#ifdef HAVE_ECC
     #if !defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)
         #ifndef NO_ECC_SECP
         case WOLFSSL_ECC_SECP256R1:
@@ -5303,52 +5307,49 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
             break;
         #endif /* !NO_ECC_SECP */
     #endif
+#endif
     #ifdef HAVE_CURVE25519
         case WOLFSSL_ECC_X25519:
             {
-                curve25519_key* key;
+                curve25519_key* curve_key;
                 /* Allocate an ECC key to hold private key. */
-                key = (curve25519_key*)XMALLOC(sizeof(curve25519_key),
+                keyPtr = (byte*)XMALLOC(sizeof(curve25519_key),
                                            ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
-                if (key == NULL) {
+                if (keyPtr == NULL) {
                     WOLFSSL_MSG("EccTempKey Memory error");
                     return MEMORY_E;
                 }
+                curve_key = (curve25519_key*)keyPtr;
 
                 dataSize = keySize = 32;
 
                 /* Make an ECC key. */
-                ret = wc_curve25519_init(key);
-                if (ret != 0) {
-                    eccKey = (ecc_key*)key; /* assign for freeing key */
+                ret = wc_curve25519_init(curve_key);
+                if (ret != 0)
                     goto end;
-                }
-                ret = wc_curve25519_make_key(ssl->rng, keySize, key);
-                if (ret != 0) {
-                    eccKey = (ecc_key*)key; /* assign for freeing key */
+                ret = wc_curve25519_make_key(ssl->rng, keySize, curve_key);
+                if (ret != 0)
                     goto end;
-                }
+
                 /* Allocate space for the public key. */
                 keyData = (byte*)XMALLOC(dataSize, ssl->heap,
                                          DYNAMIC_TYPE_PUBLIC_KEY);
                 if (keyData == NULL) {
                     WOLFSSL_MSG("Key data Memory error");
                     ret = MEMORY_E;
-                    eccKey = (ecc_key*)key; /* assign for freeing key */
                     goto end;
                 }
 
                 /* Export public key. */
-                if (wc_curve25519_export_public_ex(key, keyData, &dataSize,
+                if (wc_curve25519_export_public_ex(curve_key, keyData, &dataSize,
                                                   EC25519_LITTLE_ENDIAN) != 0) {
                     ret = ECC_EXPORT_ERROR;
-                    eccKey = (ecc_key*)key; /* assign for freeing key */
                     goto end;
                 }
 
                 kse->ke = keyData;
                 kse->keLen = dataSize;
-                kse->key = key;
+                kse->key = keyPtr;
 
 #ifdef WOLFSSL_DEBUG_TLS
                 WOLFSSL_MSG("Public Curve25519 Key");
@@ -5368,13 +5369,15 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
             return BAD_FUNC_ARG;
     }
 
+#ifdef HAVE_ECC
     /* Allocate an ECC key to hold private key. */
-    eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
+    keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap,
                                DYNAMIC_TYPE_PRIVATE_KEY);
-    if (eccKey == NULL) {
+    if (keyPtr == NULL) {
         WOLFSSL_MSG("EccTempKey Memory error");
         return MEMORY_E;
     }
+    eccKey = (ecc_key*)keyPtr;
 
     /* Make an ECC key. */
     ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId);
@@ -5406,20 +5409,21 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
     kse->ke = keyData;
     kse->keLen = dataSize;
-    kse->key = eccKey;
+    kse->key = keyPtr;
 
 #ifdef WOLFSSL_DEBUG_TLS
     WOLFSSL_MSG("Public ECC Key");
     WOLFSSL_BUFFER(keyData, dataSize);
 #endif
+#endif /* HAVE_ECC */
 
 end:
     if (ret != 0) {
         /* Data owned by key share entry otherwise. */
-        if (eccKey != NULL)
-            XFREE(eccKey, ssl->heap, DYNAMIC_TYPE_TLSX);
+        if (keyPtr != NULL)
+            XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
         if (keyData != NULL)
-            XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX);
+            XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     }
     return ret;
 }
@@ -5437,7 +5441,7 @@ static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
     if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK)
         return TLSX_KeyShare_GenDhKey(ssl, kse);
 #endif
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
     return TLSX_KeyShare_GenEccKey(ssl, kse);
 #else
     return NOT_COMPILED_IN;

tests/api.c

@@ -18123,6 +18123,14 @@ static int test_tls13_apis(void)
                 WOLFSSL_SUCCESS);
     AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
                 WOLFSSL_SUCCESS);
+#elif defined(HAVE_CURVE25519)
+    AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
+    AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
+                SIDE_ERROR);
+    AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
+                WOLFSSL_SUCCESS);
+    AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
+                WOLFSSL_SUCCESS);
 #else
     AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
     AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),