kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: don't select ECC ciphersuites with no mutual curve.

Browse Source 
The existing code that tried to prevent ECC ciphersuites from being
selected when there were no mutual curves still left |suite| set.
This lead to a panic on a nil pointer when there were no acceptable
ciphersuites at all.

Thanks to George Kadianakis for pointing it out.

R=golang-dev, r, bradfitz
CC=golang-dev
https://golang.org/cl/5857043
This commit is contained in:
Adam Langley 2012-03-23 10:48:51 -04:00
parent 43927bb46c
commit 5c7df56059
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
handshake_server.go
View File

@ -60,21 +60,23 @@ FindCipherSuite:
for _, id := range clientHello.cipherSuites { for _, id := range clientHello.cipherSuites {
for _, supported := range config.cipherSuites() { for _, supported := range config.cipherSuites() {
if id == supported { if id == supported {
suite = nil var candidate *cipherSuite
for _, s := range cipherSuites { for _, s := range cipherSuites {
if s.id == id { if s.id == id {
suite = s candidate = s
break break
} }
} }
if suite == nil { if candidate == nil {
continue continue
} }
// Don't select a ciphersuite which we can't // Don't select a ciphersuite which we can't
// support for this client. // support for this client.
if suite.elliptic && !ellipticOk { if candidate.elliptic && !ellipticOk {
continue continue
} }
suite = candidate
break FindCipherSuite break FindCipherSuite
} }
} }

4
key_agreement.go
View File

@ -130,6 +130,10 @@ Curve:
} }
} }
if curveid == 0 {
return nil, errors.New("tls: no supported elliptic curves offered")
}
var x, y *big.Int var x, y *big.Int
var err error var err error
ka.privateKey, x, y, err = elliptic.GenerateKey(ka.curve, config.rand()) ka.privateKey, x, y, err = elliptic.GenerateKey(ka.curve, config.rand())