From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 17 Nov 2014 19:39:32 +0000 (+0000)
Subject: Prevent use of binary curves when OPENSSL_NO_EC2M is defined
X-Git-Tag: master-pre-reformat~240
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1a14b47ed970da64ad286b0d67af50badef3bfa0;p=openssl

Prevent use of binary curves when OPENSSL_NO_EC2M is defined

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0c0d6428df..1876b78cfa 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -435,6 +435,10 @@ static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
 				sizeof(nid_list)/sizeof(nid_list[0])))
 		return 0;
 	cinfo = &nid_list[curve[1]-1];
+#ifdef OPENSSL_NO_EC2M
+	if (cinfo->flags & TLS_CURVE_CHAR2)
+		return 0;
+#endif
 	return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)curve);
 	}