Don't check curves that haven't been sent

Don't check that the curve appears in the list of acceptable curves for the peer, if they didn't send us such a list (RFC 4492 does not require that the extension be sent). Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit b79d24101e3b5904b3770d60e32bdd6edc558337)
author: Matt Caswell <matt@openssl.org> 2015-03-20 15:10:16 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-23 14:06:17 +0000
commit: bd891f098bdfcaa285c073ce556d0f5e27ec3a10 (patch)
tree: 0354d547b383d65d7d42980810f13123b89b312b /ssl
parent: c45dfdc68a4d84c5a7c2a346ea335052cb2755a1 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a59fe82e1f..3e01b6af6a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -763,6 +763,16 @@ static int tls1_check_ec_key(SSL *s,
     for (j = 0; j <= 1; j++) {
         if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
             return 0;
+        if (j == 1 && num_curves == 0) {
+            /*
+             * If we've not received any curves then skip this check.
+             * RFC 4492 does not require the supported elliptic curves extension
+             * so if it is not sent we can just choose any curve.
+             * It is invalid to send an empty list in the elliptic curves
+             * extension, so num_curves == 0 always means no extension.
+             */
+            break;
+        }
         for (i = 0; i < num_curves; i++, pcurves += 2) {
             if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1])
                 break;
author	Matt Caswell <matt@openssl.org>	2015-03-20 15:10:16 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-23 14:06:17 +0000
commit	bd891f098bdfcaa285c073ce556d0f5e27ec3a10 (patch)
tree	0354d547b383d65d7d42980810f13123b89b312b /ssl
parent	c45dfdc68a4d84c5a7c2a346ea335052cb2755a1 (diff)