lib: fix group selection in case of GOST cipher suites

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/algorithms.h b/lib/algorithms.h
index 0d143311540fa6f35ff3671943c74ad94bb8ef1e..a01cc9cb8cb62530ab72a9f37d7172ce363fd2ef 100644 (file)
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -488,6 +488,14 @@ static inline int _gnutls_kx_is_dhe(gnutls_kx_algorithm_t kx)
        return 0;
 }
 
+static inline unsigned _gnutls_kx_is_vko_gost(gnutls_kx_algorithm_t kx)
+{
+       if (kx == GNUTLS_KX_VKO_GOST_12)
+               return 1;
+
+       return 0;
+}
+
 static inline int _sig_is_ecdsa(gnutls_sign_algorithm_t sig)
 {
        if (sig == GNUTLS_SIGN_ECDSA_SHA1 || sig == GNUTLS_SIGN_ECDSA_SHA224 ||

diff --git a/lib/priority.c b/lib/priority.c
index 1f0841fef1d9da7777abcb3de06b1dfdd235904d..93cd9d5fef99114421c36814fa4cda57eb516d34 100644 (file)
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1605,7 +1605,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache)
 
                                if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) {
                                        priority_cache->cs.entry[priority_cache->cs.size++] = ce;
-                                       if (!have_ec && _gnutls_kx_is_ecc(ce->kx_algorithm)) {
+                                       if (!have_ec && (_gnutls_kx_is_ecc(ce->kx_algorithm) ||
+                                                        _gnutls_kx_is_vko_gost(ce->kx_algorithm))) {
                                                have_ec = 1;
                                                add_ec(priority_cache);
                                        }