crypto/tls: don't select ECC ciphersuites with no mutual curve.
The existing code that tried to prevent ECC ciphersuites from being selected when there were no mutual curves still left |suite| set. This lead to a panic on a nil pointer when there were no acceptable ciphersuites at all. Thanks to George Kadianakis for pointing it out. R=golang-dev, r, bradfitz CC=golang-dev https://golang.org/cl/5857043
This commit is contained in:
parent
43927bb46c
commit
5c7df56059
@ -60,21 +60,23 @@ FindCipherSuite:
|
||||
for _, id := range clientHello.cipherSuites {
|
||||
for _, supported := range config.cipherSuites() {
|
||||
if id == supported {
|
||||
suite = nil
|
||||
var candidate *cipherSuite
|
||||
|
||||
for _, s := range cipherSuites {
|
||||
if s.id == id {
|
||||
suite = s
|
||||
candidate = s
|
||||
break
|
||||
}
|
||||
}
|
||||
if suite == nil {
|
||||
if candidate == nil {
|
||||
continue
|
||||
}
|
||||
// Don't select a ciphersuite which we can't
|
||||
// support for this client.
|
||||
if suite.elliptic && !ellipticOk {
|
||||
if candidate.elliptic && !ellipticOk {
|
||||
continue
|
||||
}
|
||||
suite = candidate
|
||||
break FindCipherSuite
|
||||
}
|
||||
}
|
||||
|
@ -130,6 +130,10 @@ Curve:
|
||||
}
|
||||
}
|
||||
|
||||
if curveid == 0 {
|
||||
return nil, errors.New("tls: no supported elliptic curves offered")
|
||||
}
|
||||
|
||||
var x, y *big.Int
|
||||
var err error
|
||||
ka.privateKey, x, y, err = elliptic.GenerateKey(ka.curve, config.rand())
|
||||
|
Loading…
Reference in New Issue
Block a user