tls-crypto: Don't filter suites with specific ECDH group if any is available
authorTobias Brunner <tobias@strongswan.org>
Thu, 11 Feb 2021 16:09:04 +0000 (17:09 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
Since DH groups (or with TLS < 1.3 curves) are negotiated separately,
it doesn't matter which one is listed in the cipher suite as any one could
be used.

src/libtls/tls_crypto.c

index 07d5ce7..d7faa4e 100644 (file)
@@ -837,8 +837,10 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset,
                        }
                        if (current.dh && current.dh != suites[i].dh)
                        {
                        }
                        if (current.dh && current.dh != suites[i].dh)
                        {
-                               if (suites[i].dh != MODP_NONE)
-                               {       /* skip DH group, does not match nor NONE */
+                               if (suites[i].dh != MODP_NONE &&
+                                       !(diffie_hellman_group_is_ec(current.dh) &&
+                                         diffie_hellman_group_is_ec(suites[i].dh)))
+                               {       /* skip DH group, does not match nor NONE nor both ECDH */
                                        continue;
                                }
                        }
                                        continue;
                                }
                        }