Branch: Tag:

2016-04-14

2016-04-14 22:01:00 by Martin Nilsson <nilsson@fastmail.com>

Don't use ECC whith unknown point format.

301:    }      #if constant(Crypto.ECC.Curve) -  if (!sizeof(ecc_curves)) { +  if (!sizeof(ecc_curves) || ecc_point_format==-1) {    // The client may claim to support ECC, but hasn't sent the    // required extension, so don't believe it. -  ke_mask &= ~((1<<KE_ecdh_ecdsa)|(1<<KE_ecdhe_ecdsa)); +  ke_mask &= ~KE_ecc_mask;    }   #endif   
345:    }      #if constant(Crypto.ECC.Curve) -  if (!sizeof(ecc_curves)) { +  if (!sizeof(ecc_curves) || ecc_point_format==-1) {    // The client may claim to support ECC, but hasn't sent the    // required extension, so don't believe it. -  ke_mask &= ~((1<<KE_ecdh_rsa)|(1<<KE_ecdhe_rsa)| -  (1<<KE_ecdh_anon)); +  ke_mask &= ~KE_ecc_mask;    }   #endif