lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

ECDH: not restartable unless explicitly enabled

Browse Source 
This is mainly for the benefit of SSL modules, which only supports restart in
a limited number of cases. In the other cases (ECDHE_PSK) it would currently
return ERR_ECP_IN_PROGRESS and the user would thus call ssl_handshake() again,
but the SSL code wouldn't handle state properly and things would go wrong in
possibly unexpected ways.  This is undesirable, so it should be possible for
the SSL module to choose if ECDHE should behave the old or the new way.

Not that it also brings ECDHE more in line with the other modules which
already have that choice available (by passing a NULL or valid restart
context).
This commit is contained in:
Manuel Pégourié-Gonnard
2017-05-18 12:35:37 +02:00
parent 1f1f2a1ca6
commit 23e416261c
5 changed files with 68 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
library/ecdh.c
View File

@ -155,6 +155,16 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
#endif
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
* Enable restartable operations for context
*/
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
{
ctx->restart_enabled = 1;
}
#endif
/*
* Setup and write the ServerKeyExhange parameters (RFC 4492)
* struct {
@ -175,7 +185,8 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
#if defined(MBEDTLS_ECP_RESTARTABLE)
rs_ctx = &ctx->rs;
if( ctx->restart_enabled )
rs_ctx = &ctx->rs;
#endif
if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
@ -260,7 +271,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
#if defined(MBEDTLS_ECP_RESTARTABLE)
rs_ctx = &ctx->rs;
if( ctx->restart_enabled )
rs_ctx = &ctx->rs;
#endif
if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
@ -307,7 +319,8 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
#if defined(MBEDTLS_ECP_RESTARTABLE)
rs_ctx = &ctx->rs;
if( ctx->restart_enabled )
rs_ctx = &ctx->rs;
#endif
if( ( ret = ecdh_compute_shared_restartable( &ctx->grp,