]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 394742c)
_gnutls_figure_dh_params: do not use have_ffdhe flag
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 1 Aug 2017 08:21:37 +0000 (10:21 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 2 Aug 2017 10:39:05 +0000 (12:39 +0200)
This flag is intended to indicate whether the peer has advertized
at least one FFDHE group, and not whether we have negotiated FFDHE.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
lib/dh.c patch | blob | blame | history
lib/gnutls_int.h patch | blob | blame | history

diff --git a/lib/dh.c b/lib/dh.c
index 3a3c540c5ab256fbf438dca3c2424a106ff26adc..2294cb94cd9288590ed3d6a50d90a88bfcc5be40 100644 (file)
--- a/lib/dh.c
+++ b/lib/dh.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2000-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -73,13 +74,16 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params,
        unsigned free_pg = 0;
        int ret;
        unsigned q_bits = 0, i;
+       const gnutls_group_entry_st *group;
+
+       group = get_group(session);
 
        params.deinit = 0;
 
-       /* if client advertised RFC7919 */
-       if (session->internals.have_ffdhe) {
+       /* if we negotiated RFC7919 FFDHE */
+       if (group && group->pk == GNUTLS_PK_DH) {
                for (i=0;i<session->internals.priorities->groups.size;i++) {
-                       if (session->internals.priorities->groups.entry[i] == get_group(session)) {
+                       if (session->internals.priorities->groups.entry[i] == group) {
                                ret = _gnutls_mpi_init_scan_nz(&p,
                                                session->internals.priorities->groups.entry[i]->prime->data,
                                                session->internals.priorities->groups.entry[i]->prime->size);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 84728fc1404f525bd4aead2d68f8612485021bab..86745a9c286feb653deb83f35657a60b76f7b0e5 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1117,6 +1117,7 @@ typedef struct {
         * receive size */
        unsigned max_recv_size;
 
+       /* whether the peer has advertized at least an FFDHE group */
        bool have_ffdhe;
 
        /* candidate groups to be selected for security params groups */
Mirror of https://gitlab.com/gnutls/gnutls.git