Making sure that the ECDHE pre-computation is only done once.

2024-11-22 17:35:38 +01:00 · 2020-12-15 12:33:45 +01:00 · 2020-12-15 12:33:45 +01:00 · 34630562cd
commit 34630562cd
parent c162895030
1 changed files with 13 additions and 5 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -4259,6 +4259,9 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
    {
        case MBEDTLS_SSL_HELLO_REQUEST:
            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+#if defined(MBEDTLS_EARLY_KEY_COMPUTATION)
+            int ecdhe_computed = 0;
+#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */
            break;

       /*
@ -4277,11 +4280,16 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
        */
       case MBEDTLS_SSL_SERVER_HELLO:
 #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT)
+           /* Make sure that the ECDHE pre-computation is only done once */
+           if( ecdhe_computed == 0 )
+           {
               ret = uECC_make_key( ssl->handshake->ecdh_publickey, ssl->handshake->ecdh_privkey );
               if( ret == UECC_FAULT_DETECTED )
                   return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
               if( ret != UECC_SUCCESS )
                   return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+               ecdhe_computed = 1;
+           }
 #endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */

           ret = ssl_parse_server_hello( ssl );