From: Nikos Mavrogiannopoulos Date: Tue, 1 Aug 2017 08:21:37 +0000 (+0200) Subject: _gnutls_figure_dh_params: do not use have_ffdhe flag X-Git-Tag: gnutls_3_6_0~239 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e98e682a48d1431246d42352749d42e6ea744e92;p=thirdparty%2Fgnutls.git _gnutls_figure_dh_params: do not use have_ffdhe flag This flag is intended to indicate whether the peer has advertized at least one FFDHE group, and not whether we have negotiated FFDHE. Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/lib/dh.c b/lib/dh.c index 3a3c540c5a..2294cb94cd 100644 --- a/lib/dh.c +++ b/lib/dh.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2000-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -73,13 +74,16 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, unsigned free_pg = 0; int ret; unsigned q_bits = 0, i; + const gnutls_group_entry_st *group; + + group = get_group(session); params.deinit = 0; - /* if client advertised RFC7919 */ - if (session->internals.have_ffdhe) { + /* if we negotiated RFC7919 FFDHE */ + if (group && group->pk == GNUTLS_PK_DH) { for (i=0;iinternals.priorities->groups.size;i++) { - if (session->internals.priorities->groups.entry[i] == get_group(session)) { + if (session->internals.priorities->groups.entry[i] == group) { ret = _gnutls_mpi_init_scan_nz(&p, session->internals.priorities->groups.entry[i]->prime->data, session->internals.priorities->groups.entry[i]->prime->size); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 84728fc140..86745a9c28 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1117,6 +1117,7 @@ typedef struct { * receive size */ unsigned max_recv_size; + /* whether the peer has advertized at least an FFDHE group */ bool have_ffdhe; /* candidate groups to be selected for security params groups */