diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-02 17:25:17 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-02 17:25:17 +0200 |
| commit | f53a08e106cbc21cf898ae93ad776ce321e5b1bf (patch) | |
| tree | 444aa546a09c441fd300843f2895a2bcae495376 | |
| parent | aaece215838e66f0bd1d0eebdc3ec539d1c3eefb (diff) | |
| download | gnutls-f53a08e106cbc21cf898ae93ad776ce321e5b1bf.tar.gz | |
Set a default supported curve
RFC4492 and draft-ietf-tls-rfc4492bis-17 mention:
"A client that proposes ECC cipher suites may choose not to include these
extensions. In this case, the server is free to choose any one of
the elliptic curves or point formats listed in Section 5."
As such, we set a default curve to be used in the case the
server encounters a handshake with no supported groups/curves
extension.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 9 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 11 |
2 files changed, 16 insertions, 4 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 141597d92a..ae5dba1c09 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1411,6 +1411,15 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); } + /* If we didn't receive the supported_groups extension, then + * we should assume that SECP256R1 is supported; that is required + * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve + * ciphersuites */ + if (session->internals.cand_ec_group == NULL && + _gnutls_extension_list_check(session, GNUTLS_EXTENSION_SUPPORTED_ECC) < 0) { + session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP); + } + if (session->internals.priorities->server_precedence == 0) { for (i = 0; i < peer_clist->size; i++) { _gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n", diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 86745a9c28..fa00ad234d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -148,6 +148,10 @@ typedef struct { #define DEFAULT_EXPIRE_TIME 3600 #define DEFAULT_HANDSHAKE_TIMEOUT_MS 40*1000 +/* The EC group to be used when the extension + * supported groups/curves is not present */ +#define DEFAULT_EC_GROUP GNUTLS_GROUP_SECP256R1 + typedef enum transport_t { GNUTLS_STREAM, GNUTLS_DGRAM @@ -1098,10 +1102,6 @@ typedef struct { struct extension_entry_st *rexts; unsigned rexts_size; - /* In case of a client holds the extensions we sent to the peer; - * otherwise the extensions we received from the client. - */ - struct { uint16_t type; gnutls_ext_priv_data_t priv; @@ -1110,6 +1110,9 @@ typedef struct { bool resumed_set; } ext_data[MAX_EXT_TYPES]; + /* In case of a client holds the extensions we sent to the peer; + * otherwise the extensions we received from the client. + */ const struct extension_entry_st *used_exts[MAX_EXT_TYPES]; unsigned used_exts_size; |