diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4734eabd5..44a7bccf2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3573,14 +3573,6 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey, - ssl->handshake->ecdh_privkey, - ssl->handshake->premaster, - uecc_curve ) ) - { - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - /* TODO: Write the client share. */ ((void) p); ((void) end); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fb8fab655..37e83399a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4204,19 +4204,8 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) { - const struct uECC_Curve_t * uecc_curve = uECC_secp256r1(); - - ret = mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ); - if( ret != 0 ) - return( ret ); - - if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey, - ssl->handshake->ecdh_privkey, - ssl->handshake->premaster, - uecc_curve ) ) - { + if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } } else #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3e9d717e3..da7285f9f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1701,6 +1701,26 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake ); +#if defined(MBEDTLS_USE_TINYCRYPT) + if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) + == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || + mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) + == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) + { + const struct uECC_Curve_t * uecc_curve = uECC_secp256r1(); + + if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey, + ssl->handshake->ecdh_privkey, + ssl->handshake->premaster, + uecc_curve ) ) + { + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + ssl->handshake->pmslen = NUM_ECC_BYTES; + } + else +#endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == MBEDTLS_KEY_EXCHANGE_DHE_RSA )