diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2017-09-23 21:43:45 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-01-27 16:09:53 +0100 |
| commit | 778414d1d9b9eb2b8a9523f8f240c2e1305a77f2 (patch) | |
| tree | b79e52d0a611a246358ac6794031219953dff2fe | |
| parent | 94ff1bc014fcc660d737cb1969f79b37a1de759c (diff) | |
| download | gnutls-778414d1d9b9eb2b8a9523f8f240c2e1305a77f2.tar.gz | |
lib: simplify adding groups according to prioritites
There is little point, remembering if EC or DHE came first and then
adding necessary groups checking that flag. Instead just add groups at
the time first EC or DHE ciphersuite is met.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | lib/priority.c | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/lib/priority.c b/lib/priority.c index 30693b6edd..89691d534b 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1187,7 +1187,6 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) const gnutls_sign_entry_st *se; unsigned have_ec = 0; unsigned have_dh = 0; - unsigned ecc_first = 0; unsigned tls_sig_sem = 0; const version_entry_st *tlsmax = NULL; const version_entry_st *dtlsmax = NULL; @@ -1241,29 +1240,33 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) priority_cache->cs.entry[priority_cache->cs.size++] = ce; if (!have_ec && _gnutls_kx_is_ecc(ce->kx_algorithm)) { have_ec = 1; - if (have_dh == 0) - ecc_first = 1; + add_ec(priority_cache); } - if (!have_dh && _gnutls_kx_is_dhe(ce->kx_algorithm)) + if (!have_dh && _gnutls_kx_is_dhe(ce->kx_algorithm)) { have_dh = 1; + add_dh(priority_cache); + } } } } } - if (have_tls13 && !have_ec) { + if (have_tls13 && (!have_ec || !have_dh)) { /* scan groups to determine have_ec and have_dh */ for (i=0; i < priority_cache->_supported_ecc.algorithms; i++) { const gnutls_group_entry_st *ge; ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priority[i]); if (ge) { - if (ge->curve) { + if (ge->curve && !have_ec) { + add_ec(priority_cache); have_ec = 1; - if (!have_dh) - ecc_first = 1; - } else if (ge->prime) { + } else if (ge->prime && !have_dh) { + add_dh(priority_cache); have_dh = 1; } + + if (have_dh && have_ec) + break; } } @@ -1280,18 +1283,6 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } } - if (ecc_first) { - if (have_ec) - add_ec(priority_cache); - if (have_dh) - add_dh(priority_cache); - } else { - if (have_dh) - add_dh(priority_cache); - if (have_ec) - add_ec(priority_cache); - } - _gnutls_debug_log("added %d ciphersuites, %d sig algos and %d groups into priority list\n", priority_cache->cs.size, priority_cache->sigalg.size, priority_cache->groups.size); |