]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
client side ECC fixes.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 20 May 2011 19:07:31 +0000 (21:07 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 20 May 2011 19:07:38 +0000 (21:07 +0200)
lib/auth/ecdh_common.c
lib/gnutls_handshake.c
src/common.c

index 555ab4f9ef2c869c6ab12f9071bf4cc28ad24e9d..502396d1b00f33de78aef81b9d86860c6df8cb1c 100644 (file)
@@ -151,6 +151,8 @@ _gnutls_proc_ecdh_common_server_kx (gnutls_session_t session,
   if (ret < 0)
     return gnutls_assert_val(ret);
 
+  _gnutls_session_ecc_curve_set(session, curve);
+
   DECR_LEN (data_size, 1);
   point_size = data[i];
   i+=1;
index 0e11c2fcd14211334cd5240227c9ccaa4ec2caa7..759987463d11972e79711e7dd7bb4bb5bc7f15b1 100644 (file)
@@ -3344,6 +3344,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
           if (server)
             delete = check_server_params (session, kx, alg, alg_size);
         }
+       
+      /* If we have not agreed to a common curve with the peer don't bother
+       * negotiating ECDH.
+       */
+      if (session->security_parameters.entity == GNUTLS_SERVER && (kx == GNUTLS_KX_ANON_ECDH))
+        {
+          if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID)
+            delete = 1;
+        }
 
       /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
          (see cred_mappings in gnutls_algorithms.c), but it also
index ef537c36d3db2c9a8ce758867aa1a9a9da079ade..3dfea1bb07cfedf58e22ffbd74e5d07c88c5d75d 100644 (file)
@@ -410,7 +410,8 @@ print_info (gnutls_session_t session, const char *hostname, int insecure)
     {
 #ifdef ENABLE_ANON
     case GNUTLS_CRD_ANON:
-      print_dh_info (session, "Anonymous ");
+      if (kx != GNUTLS_KX_ANON_ECDH)
+        print_dh_info (session, "Anonymous ");
       break;
 #endif
 #ifdef ENABLE_SRP