gnutls_priority_ecc_curve_list: avoid including groups into elliptic curves list

This provides a mostly-compatible behavior of gnutls_priority_ecc_curve_list()
in order to avoid keeping additional information for elliptic curves in the
priority cache. This approach will always return the supported curves, if the set
groups are prioritized with the elliptic curve variants set first. This
is the default in the built-in priorities, and to most common setups.

Items which are non-valid curves will not be returned.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/lib/priority.c b/lib/priority.c
index 831a82ac38..ff49875e7b 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1692,17 +1692,30 @@ int gnutls_set_default_priority(gnutls_session_t session)
  * Get a list of available elliptic curves in the priority
  * structure. 
  *
+ * Deprecated: This function has been replaced by
+ * gnutls_priority_group_list() since 3.6.0.
+ *
  * Returns: the number of items, or an error code.
+ *
  * Since: 3.0
  **/
 int
 gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
 			       const unsigned int **list)
 {
+	unsigned i;
+
 	if (pcache->_supported_ecc.algorithms == 0)
 		return 0;
 
 	*list = pcache->_supported_ecc.priority;
+
+	/* to ensure we don't confuse the caller, we do not include
+	 * any FFDHE groups. This may return an incomplete list. */
+	for (i=0;i<pcache->_supported_ecc.algorithms;i++)
+		if (pcache->_supported_ecc.priority[i] > GNUTLS_ECC_CURVE_MAX)
+			return i;
+
 	return pcache->_supported_ecc.algorithms;
 }