yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 07:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix ecdh_get_params with mismatching group

Browse Source 
If mbedtls_ecdh_get_params is called with keys belonging to
different groups, make it return an error the second time, rather than
silently interpret the first key as being on the second curve.

This makes the non-regression test added by the previous commit pass.
This commit is contained in:
Gilles Peskine 2018-11-07 22:10:59 +01:00
parent 496c9e053d
commit f58078c7c5
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
library/ecdh.c
View File

@ -179,8 +179,20 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai
{ {
int ret; int ret;
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ) if( ctx->grp.id == MBEDTLS_ECP_DP_NONE )
return( ret ); {
/* This is the first call to get_params(). Copy the group information
* into the context. */
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
return( ret );
}
else
{
/* This is not the first call to get_params(). Check that the group
* is the same as the first time. */
if( ctx->grp.id != key->grp.id )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
/* If it's not our key, just import the public part as Qp */ /* If it's not our key, just import the public part as Qp */
if( side == MBEDTLS_ECDH_THEIRS ) if( side == MBEDTLS_ECDH_THEIRS )