Changed the logic for determining the group used for KeyShare.

2021-04-15 19:30:02 +09:00
parent 21faeff478
commit 2db06eb3b7
1 changed files with 9 additions and 8 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -10329,20 +10329,21 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                    int set = 0;
                    int i, j;
-                    /* Default to first group in supported list. */
+                    /* try to find the highest element in ssl->group[]
-                    namedGroup = ssl->group[0];
+                     * that is contained in preferredGroup[].
-                    /* Try to find preferred in supported list. */
+                     */
-                    for (i = 0; i < (int)PREFERRED_GROUP_SZ && !set; i++) {
+                    namedGroup = preferredGroup[0];
-                        for (j = 0; j < ssl->numGroups; j++) {
+                    for (i = 0; i < ssl->numGroups && !set; i++) {
-                            if (preferredGroup[i] == ssl->group[j]) {
+                        for (j = 0; j < (int)PREFERRED_GROUP_SZ; j++) {
-                                /* Most preferred that is supported. */
+                            if (preferredGroup[j] == ssl->group[i]) {
-                                namedGroup = ssl->group[j];
+                                namedGroup = ssl->group[i];
                                set = 1;
                                break;
                            }
                        }
                    }
                }
                else {
                    /* Choose the most preferred group. */
                    namedGroup = preferredGroup[0];