Fix mbedtls_ecdh_get_params with new ECDH context

The new check for matching groups in mbedtls_ecdh_get_params only worked
with legacy ECDH contexts. Make it work with the new context format.
This commit is contained in:
Gilles Peskine 2019-02-22 12:31:25 +01:00
parent 661610c8e0
commit 05fcf4f3c5

View File

@ -49,6 +49,16 @@
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif #endif
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx )
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ctx->grp.id );
#else
return( ctx->grp_id );
#endif
}
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
/* /*
* Generate public key (restartable version) * Generate public key (restartable version)
@ -442,7 +452,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS ); side == MBEDTLS_ECDH_THEIRS );
if( ctx->grp.id == MBEDTLS_ECP_DP_NONE ) if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{ {
/* This is the first call to get_params(). Set up the context /* This is the first call to get_params(). Set up the context
* for use with the group. */ * for use with the group. */
@ -454,7 +464,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
/* This is not the first call to get_params(). Check that the /* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set * current key's group is the same as the context's, which was set
* from the first key's group. */ * from the first key's group. */
if( ctx->grp.id != key->grp.id ) if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
} }