Skip to content

Commit 5e1f713

Browse files
douzzerdouzzer
authored
Merge pull request wolfSSL#8691 from lealem47/ecc521_minSz
Fix SetMinEccKey_Sz to allow for P-521 minimum
2 parents cb1a35a + 1b80c03 commit 5e1f713

File tree

1 file changed

+27
-9
lines changed

1 file changed

+27
-9
lines changed

src/ssl.c

Lines changed: 27 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2882,45 +2882,63 @@ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
28822882
#ifdef HAVE_ECC
28832883
int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
28842884
{
2885+
short keySzBytes;
2886+
28852887
WOLFSSL_ENTER("wolfSSL_CTX_SetMinEccKey_Sz");
2886-
if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
2887-
WOLFSSL_MSG("Key size must be divisible by 8 or ctx was null");
2888+
if (ctx == NULL || keySz < 0) {
2889+
WOLFSSL_MSG("Key size must be positive value or ctx was null");
28882890
return BAD_FUNC_ARG;
28892891
}
28902892

2893+
if (keySz % 8 == 0) {
2894+
keySzBytes = keySz / 8;
2895+
}
2896+
else {
2897+
keySzBytes = (keySz / 8) + 1;
2898+
}
2899+
28912900
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
28922901
if (crypto_policy.enabled) {
2893-
if (ctx->minEccKeySz > (keySz / 8)) {
2902+
if (ctx->minEccKeySz > (keySzBytes)) {
28942903
return CRYPTO_POLICY_FORBIDDEN;
28952904
}
28962905
}
28972906
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
28982907

2899-
ctx->minEccKeySz = keySz / 8;
2908+
ctx->minEccKeySz = keySzBytes;
29002909
#ifndef NO_CERTS
2901-
ctx->cm->minEccKeySz = keySz / 8;
2910+
ctx->cm->minEccKeySz = keySzBytes;
29022911
#endif
29032912
return WOLFSSL_SUCCESS;
29042913
}
29052914

29062915

29072916
int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
29082917
{
2918+
short keySzBytes;
2919+
29092920
WOLFSSL_ENTER("wolfSSL_SetMinEccKey_Sz");
2910-
if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
2911-
WOLFSSL_MSG("Key size must be divisible by 8 or ssl was null");
2921+
if (ssl == NULL || keySz < 0) {
2922+
WOLFSSL_MSG("Key size must be positive value or ctx was null");
29122923
return BAD_FUNC_ARG;
29132924
}
29142925

2926+
if (keySz % 8 == 0) {
2927+
keySzBytes = keySz / 8;
2928+
}
2929+
else {
2930+
keySzBytes = (keySz / 8) + 1;
2931+
}
2932+
29152933
#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
29162934
if (crypto_policy.enabled) {
2917-
if (ssl->options.minEccKeySz > (keySz / 8)) {
2935+
if (ssl->options.minEccKeySz > (keySzBytes)) {
29182936
return CRYPTO_POLICY_FORBIDDEN;
29192937
}
29202938
}
29212939
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
29222940

2923-
ssl->options.minEccKeySz = keySz / 8;
2941+
ssl->options.minEccKeySz = keySzBytes;
29242942
return WOLFSSL_SUCCESS;
29252943
}
29262944

0 commit comments

Comments
 (0)