Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

delay ssl server from creating ecdhe key until really needed

toddouska 9 years ago
parent
d5d3292ba7
commit
b6345d654a
2 changed files with 18 additions and 15 deletions
Split View Show Diff Stats
  1. 18 2
      src/internal.c
  2. 0 13
      src/ssl.c

+ 18 - 2
src/internal.c
View File 

@@ -10493,6 +10493,16 @@ static void PickHashSigAlgo(CYASSL* ssl,
 
             length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
 
             /* pub key size */
 
             CYASSL_MSG("Using ephemeral ECDH");
 
+
 
+            /* need ephemeral key now, create it if missing */
 
+            if (ssl->eccTempKeyPresent == 0) {
 
+                if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
 
+                                 ssl->eccTempKey) != 0) {
 
+                    return ECC_MAKEKEY_ERROR;
 
+                }
 
+                ssl->eccTempKeyPresent = 1;
 
+            }
 
+
 
             if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0)
 
                 return ECC_EXPORT_ERROR;
 
             length += expSz;
 
@@ -12207,9 +12217,15 @@ static void PickHashSigAlgo(CYASSL* ssl,
 
 
                     ecc_free(&staticKey);
 
                 }
 
-                else
 
-                    ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
 
+                else {
 
+                    if (ssl->eccTempKeyPresent == 0) {
 
+                        CYASSL_MSG("Ecc ephemeral key not made correctly");
 
+                        ret = ECC_MAKEKEY_ERROR;
 
+                    } else {
 
+                        ret = ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey,
 
                                          ssl->arrays->preMasterSecret, &length);
 
+                    }
 
+                }
 
 
                 if (ret != 0)
 
                     return ECC_SHARED_ERROR;

+ 0 - 13
src/ssl.c
View File 

@@ -4796,19 +4796,6 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
 
             }
 
         #endif
 
 
-        #ifdef HAVE_ECC
 
-            /* in case used set_accept_state after init */
 
-            if (ssl->eccTempKeyPresent == 0) {
 
-                if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
 
-                                 ssl->eccTempKey) != 0) {
 
-                    ssl->error = ECC_MAKEKEY_ERROR;
 
-                    CYASSL_ERROR(ssl->error);
 
-                    return SSL_FATAL_ERROR;
 
-                }
 
-                ssl->eccTempKeyPresent = 1;
 
-            }
 
-        #endif
 
-
 
         #ifdef CYASSL_DTLS
 
             if (ssl->version.major == DTLS_MAJOR) {
 
                 ssl->options.dtls   = 1;