projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
clarification
[openssl.git] / ssl / t1_lib.c
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 69c0d42b1acd43d69c3d3a7b8a3bc8e3fc337a56..06cb57d9eaa760cc53ec187ec8517601867657b3 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -223,7 +223,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
                if ((lenmax = limit - p - 6) < 0) return NULL; 
                if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
-               if (s->tlsext_ellipticcurvelist_length > 255)
+               if (s->tlsext_ellipticcurvelist_length > 65532)
                        {
                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
                        return NULL;
@@ -231,6 +231,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                
                s2n(TLSEXT_TYPE_elliptic_curves,ret);
                s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
+
+               /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
+                * elliptic_curve_list, but the examples use two bytes.
+                * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
+                * resolves this to two bytes.
+                */
                s2n(s->tlsext_ellipticcurvelist_length, ret);
                memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
                ret+=s->tlsext_ellipticcurvelist_length;
Unnamed repository; edit this file 'description' to name the repository.