tls-server: Also change DH group when selecting a different EC curve

If we initially selected a group the peer doesn't support (e.g. because
curve25519 is the first ECDH group provided by plugins), then found
a supported curve, we previously still instantiated a DH object for the
original group and might have formatted the parameters incorrectly.

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index e91e4e4407ea8e8340bef010a3cc72c28ceb6731..3ad9fd2a5c847969ca64d13bc8d2a4a91e6c66e5 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -1483,20 +1483,23 @@ static status_t send_certificate_request(private_tls_server_t *this,
 }
 
 /**
- * Try to find a curve supported by both, client and server
+ * Try to find a curve/group supported by both, client and server
  */
 static bool find_supported_curve(private_tls_server_t *this,
-                                                                tls_named_group_t *curve)
+                                                                tls_named_group_t *curve,
+                                                                key_exchange_method_t *group)
 {
        tls_named_group_t current;
+       key_exchange_method_t current_group;
        enumerator_t *enumerator;
 
        enumerator = this->crypto->create_ec_enumerator(this->crypto);
-       while (enumerator->enumerate(enumerator, NULL, &current))
+       while (enumerator->enumerate(enumerator, &current_group, &current))
        {
                if (peer_supports_curve(this, current))
                {
                        *curve = current;
+                       *group = current_group;
                        enumerator->destroy(enumerator);
                        return TRUE;
                }
@@ -1520,7 +1523,7 @@ static status_t send_server_key_exchange(private_tls_server_t *this,
        {
                curve = tls_ec_group_to_curve(group);
                if (!curve || (!peer_supports_curve(this, curve) &&
-                                          !find_supported_curve(this, &curve)))
+                                          !find_supported_curve(this, &curve, &group)))
                {
                        DBG1(DBG_TLS, "no EC group supported by client and server");
                        this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);