diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-25 14:49:23 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-14 15:00:32 +0100 |
commit | d690fb326eeee343d91fa1a1353346bd7e44e785 (patch) | |
tree | 20361f76e8fcb33ff05940fcf1258e491aa355d7 | |
parent | 8bf0421af05b5a909dc8a6ab06265d2de39ffd64 (diff) | |
download | gnutls-d690fb326eeee343d91fa1a1353346bd7e44e785.tar.gz |
priority: include groups into priority when having a TLS1.3-only session
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/priority.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/lib/priority.c b/lib/priority.c index 63d9ebd9cb..14254ab0fb 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1191,6 +1191,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) unsigned tls_sig_sem = 0; const version_entry_st *tlsmax = NULL; const version_entry_st *dtlsmax = NULL; + unsigned have_tls13 = 0; priority_cache->cs.size = 0; priority_cache->sigalg.size = 0; @@ -1200,12 +1201,18 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) for (i = 0; i < priority_cache->protocol.algorithms; i++) { if (priority_cache->protocol.priority[i] < GNUTLS_DTLS_VERSION_MIN) { tlsmax = version_to_entry(priority_cache->protocol.priority[i]); - if (tlsmax) + if (tlsmax) { tls_sig_sem |= tlsmax->tls_sig_sem; + if (tlsmax->tls13_sem) + have_tls13 = 1; + } } else { /* dtls */ dtlsmax = version_to_entry(priority_cache->protocol.priority[i]); - if (dtlsmax) + if (dtlsmax) { tls_sig_sem |= dtlsmax->tls_sig_sem; + if (dtlsmax->tls13_sem) + have_tls13 = 1; + } } } @@ -1244,6 +1251,24 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } } + if (have_tls13 && !have_ec) { + /* scan groups to determine have_ec and have_dh */ + for (i=0; i < priority_cache->_supported_ecc.algorithms; i++) { + const gnutls_group_entry_st *ge; + ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priority[i]); + if (ge) { + if (ge->curve) { + have_ec = 1; + if (!have_dh) + ecc_first = 1; + } else if (ge->prime) { + have_dh = 1; + } + } + } + + } + for (i = 0; i < priority_cache->_sign_algo.algorithms; i++) { se = _gnutls_sign_to_entry(priority_cache->_sign_algo.priority[i]); if (se != NULL && priority_cache->sigalg.size < sizeof(priority_cache->sigalg.entry)/sizeof(priority_cache->sigalg.entry[0])) { |