mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

delay ssl server from creating ecdhe key until really needed

Browse Source
This commit is contained in:
toddouska 2014-08-27 10:48:19 -07:00
parent d5d3292ba7
commit b6345d654a
2 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@ -10493,6 +10493,16 @@ static void PickHashSigAlgo(CYASSL* ssl,
length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
/* pub key size */
CYASSL_MSG("Using ephemeral ECDH");
/* need ephemeral key now, create it if missing */
if (ssl->eccTempKeyPresent == 0) {
if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
ssl->eccTempKey) != 0) {
return ECC_MAKEKEY_ERROR;
}
ssl->eccTempKeyPresent = 1;
}
if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0)
return ECC_EXPORT_ERROR;
length += expSz;
@ -12207,9 +12217,15 @@ static void PickHashSigAlgo(CYASSL* ssl,
ecc_free(&staticKey);
}
else
ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
else {
if (ssl->eccTempKeyPresent == 0) {
CYASSL_MSG("Ecc ephemeral key not made correctly");
ret = ECC_MAKEKEY_ERROR;
} else {
ret = ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey,
ssl->arrays->preMasterSecret, &length);
}
}
if (ret != 0)
return ECC_SHARED_ERROR;

13
src/ssl.c
View File

@ -4796,19 +4796,6 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
}
#endif
#ifdef HAVE_ECC
/* in case used set_accept_state after init */
if (ssl->eccTempKeyPresent == 0) {
if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
ssl->eccTempKey) != 0) {
ssl->error = ECC_MAKEKEY_ERROR;
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
ssl->eccTempKeyPresent = 1;
}
#endif
#ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR) {
ssl->options.dtls = 1;