From 7ea19bef120782a8a15b532db8de2a91f291de1d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 10 Jul 2017 12:02:13 +0200 Subject: gnutls_priority_ecc_curve_list: avoid including groups into elliptic curves list This provides a mostly-compatible behavior of gnutls_priority_ecc_curve_list() in order to avoid keeping additional information for elliptic curves in the priority cache. This approach will always return the supported curves, if the set groups are prioritized with the elliptic curve variants set first. This is the default in the built-in priorities, and to most common setups. Items which are non-valid curves will not be returned. Signed-off-by: Nikos Mavrogiannopoulos --- lib/priority.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/priority.c b/lib/priority.c index 831a82ac38..ff49875e7b 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1692,17 +1692,30 @@ int gnutls_set_default_priority(gnutls_session_t session) * Get a list of available elliptic curves in the priority * structure. * + * Deprecated: This function has been replaced by + * gnutls_priority_group_list() since 3.6.0. + * * Returns: the number of items, or an error code. + * * Since: 3.0 **/ int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, const unsigned int **list) { + unsigned i; + if (pcache->_supported_ecc.algorithms == 0) return 0; *list = pcache->_supported_ecc.priority; + + /* to ensure we don't confuse the caller, we do not include + * any FFDHE groups. This may return an incomplete list. */ + for (i=0;i_supported_ecc.algorithms;i++) + if (pcache->_supported_ecc.priority[i] > GNUTLS_ECC_CURVE_MAX) + return i; + return pcache->_supported_ecc.algorithms; } -- cgit v1.2.1