diff options
author | Martin Willi <martin@revosec.ch> | 2010-09-03 16:22:49 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-09-03 16:53:36 +0200 |
commit | f4c98ae664ed226b1dd7c0eaac17626b2df9e4ef (patch) | |
tree | e207f02eb2a2dd4d2b163777e48679f7ea601154 /src/libtls/tls_peer.c | |
parent | 7d7711aba4d4330155e1d4bd9fde5b75f2d154c7 (diff) | |
download | strongswan-f4c98ae664ed226b1dd7c0eaac17626b2df9e4ef.tar.bz2 strongswan-f4c98ae664ed226b1dd7c0eaac17626b2df9e4ef.tar.xz |
Use ECDH group check where appropriate
Diffstat (limited to 'src/libtls/tls_peer.c')
-rw-r--r-- | src/libtls/tls_peer.c | 37 |
1 files changed, 10 insertions, 27 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index b66a21f48..17d526428 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -458,35 +458,18 @@ static status_t process_key_exchange(private_tls_peer_t *this, TLS_SERVER_KEY_EXCHANGE, reader->peek(reader)); group = this->crypto->get_dh_group(this->crypto); - /* check if the suite used a MODP or a ECP group */ - switch (group) + if (group == MODP_NONE) { - case MODP_NONE: - DBG1(DBG_TLS, "received Server Key Exchange, but not required " - "for current suite"); - this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE); - return NEED_MORE; - case MODP_768_BIT: - case MODP_1024_BIT: - case MODP_1536_BIT: - case MODP_2048_BIT: - case MODP_3072_BIT: - case MODP_4096_BIT: - case MODP_6144_BIT: - case MODP_8192_BIT: - case MODP_1024_160: - case MODP_2048_224: - case MODP_2048_256: - return process_modp_key_exchange(this, reader); - case ECP_256_BIT: - case ECP_384_BIT: - case ECP_521_BIT: - case ECP_192_BIT: - case ECP_224_BIT: - return process_ec_key_exchange(this, reader); - default: - return FAILED; + DBG1(DBG_TLS, "received Server Key Exchange, but not required " + "for current suite"); + this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE); + return NEED_MORE; + } + if (diffie_hellman_group_is_ec(group)) + { + return process_ec_key_exchange(this, reader); } + return process_modp_key_exchange(this, reader); } /** |