Don't rely on private key metadata in SSL

In SSL, don't use mbedtls_pk_ec or mbedtls_pk_rsa on a private signature or decryption key (as opposed to a public key or a key used for DH/ECDH). Extract the data (it's the same data) from the public key object instead. This way the code works even if the private key is opaque or if there is no private key object at all. Specifically, with an EC key, when checking whether the curve in a server key matches the handshake parameters, rely only on the offered certificate and not on the metadata of the private key.
2025-11-04 04:32:24 -05:00 · 2017-10-27 10:18:44 +02:00 · 2017-10-27 10:18:44 +02:00 · 81d4e899a4
commit 81d4e899a4
parent ec9c626b75
1 changed files with 1 additions and 1 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -731,7 +731,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,

 #if defined(MBEDTLS_ECDSA_C)
        if( pk_alg == MBEDTLS_PK_ECDSA &&
-            ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
+            ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
            continue;