Prevent use of binary curves when OPENSSL_NO_EC2M is defined

author Dr. Stephen Henson <steve@openssl.org>

Mon, 17 Nov 2014 19:39:32 +0000 (19:39 +0000)

committer Matt Caswell <matt@openssl.org>

Tue, 18 Nov 2014 13:01:45 +0000 (13:01 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 17 Nov 2014 19:39:32 +0000 (19:39 +0000)
committer Matt Caswell <matt@openssl.org>
Tue, 18 Nov 2014 13:01:45 +0000 (13:01 +0000)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 0c0d6428dff3fefed1baf7e3d3aef804eb536a5f..1876b78cfa0c26fcb10b73b904f5f9399ff8373a 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -435,6 +435,10 @@ static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
                                 sizeof(nid_list)/sizeof(nid_list[0])))
                 return 0;
         cinfo = &nid_list[curve[1]-1];
+#ifdef OPENSSL_NO_EC2M
+       if (cinfo->flags & TLS_CURVE_CHAR2)
+               return 0;
+#endif
         return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)curve);
         }
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 17 Nov 2014 19:39:32 +0000 (19:39 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 18 Nov 2014 13:01:45 +0000 (13:01 +0000)