tls-crypto: Correctly filter cipher suites based on PRF algorithms

author Tobias Brunner <tobias@strongswan.org>

Tue, 25 Aug 2020 11:47:00 +0000 (13:47 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 12 Feb 2021 10:45:44 +0000 (11:45 +0100)
author Tobias Brunner <tobias@strongswan.org>
Tue, 25 Aug 2020 11:47:00 +0000 (13:47 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 10:45:44 +0000 (11:45 +0100)
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c

index a48393f380d6ca7728c60f0b9d2e875582c43e59..311299bea0464cdc053b97df995a17857f43f411 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -823,8 +823,12 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset,
                                 }
                         }
                         if (current.prf && current.prf != suites[i].prf)
-                       {       /* skip, PRF does not match */
-                               continue;
+                       {
+                               if (suites[i].prf != PRF_UNDEFINED)
+                               {
+                                       /* skip, PRF does not match nor is it undefined */
+                                       continue;
+                               }
                         }
                         if (current.hash && current.hash != suites[i].hash)
                         {       /* skip, hash does not match */
@@ -1108,13 +1112,10 @@ static void filter_specific_config_suites(private_tls_crypto_t *this,
  static void filter_unsupported_suites(suite_algs_t suites[], int *count)
  {
         /* filter suite list by each algorithm */
-       if (suites->tls_version < TLS_1_3)
-       {
-               filter_suite(suites, count, offsetof(suite_algs_t, encr),
-                                        lib->crypto->create_aead_enumerator);
-               filter_suite(suites, count, offsetof(suite_algs_t, prf),
-                                        lib->crypto->create_prf_enumerator);
-       }
+       filter_suite(suites, count, offsetof(suite_algs_t, encr),
+                                lib->crypto->create_aead_enumerator);
+       filter_suite(suites, count, offsetof(suite_algs_t, prf),
+                                lib->crypto->create_prf_enumerator);
         filter_suite(suites, count, offsetof(suite_algs_t, encr),
                                  lib->crypto->create_crypter_enumerator);
         filter_suite(suites, count, offsetof(suite_algs_t, mac),
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 25 Aug 2020 11:47:00 +0000 (13:47 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 12 Feb 2021 10:45:44 +0000 (11:45 +0100)