Don't rely on private key metadata in SSL When checking whether a server key matches the handshake parameters, rely only on the offered certificate and not on the metadata of the private key. Specifically, with an EC key, check the curve in the certificate rather than in the associated private key. This was the only place in the SSL module where mbedtls_pk_ec or mbedtls_pk_rsa was called to access a private signature or decryption key (as opposed to a public key or a key used for DH/ECDH).

commit: 858880686ebe4919b7c433c7a0d96c19ad47740c [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri Oct 27 10:18:44 2017 +0200
committer: Andrzej Kurek <andrzej.kurek@mobica.com> Mon Jan 22 07:51:24 2018 -0500
tree: 77b2063da62dc2526da6cdcc1052c99b420ab637
parent: 2ba437ad3c692917f6f82cb36485b9ea9592a3fd [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 37f415d..fd04e92 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -731,7 +731,7 @@
 
 #if defined(MBEDTLS_ECDSA_C)
         if( pk_alg == MBEDTLS_PK_ECDSA &&
-            ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
+            ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
             continue;
commit	858880686ebe4919b7c433c7a0d96c19ad47740c	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Oct 27 10:18:44 2017 +0200
committer	Andrzej Kurek <andrzej.kurek@mobica.com>	Mon Jan 22 07:51:24 2018 -0500
tree	77b2063da62dc2526da6cdcc1052c99b420ab637
parent	2ba437ad3c692917f6f82cb36485b9ea9592a3fd [diff] [blame]