Prevent use of binary curves when OPENSSL_NO_EC2M is defined
authorDr. Stephen Henson <steve@openssl.org>
Mon, 17 Nov 2014 19:39:32 +0000 (19:39 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 18 Nov 2014 13:01:45 +0000 (13:01 +0000)
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/t1_lib.c

index 0c0d642..1876b78 100644 (file)
@@ -435,6 +435,10 @@ static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
                                sizeof(nid_list)/sizeof(nid_list[0])))
                return 0;
        cinfo = &nid_list[curve[1]-1];
+#ifdef OPENSSL_NO_EC2M
+       if (cinfo->flags & TLS_CURVE_CHAR2)
+               return 0;
+#endif
        return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)curve);
        }