TLS supported curve extension - validate support fix

Check curve name is in range before checking for disabled
2019-11-20 08:49:41 +10:00
parent 1a3455110e
commit c7f7d1b193
1 changed files with 4 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -4268,6 +4268,10 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
         curve = curve->next) {

    #ifdef OPENSSL_EXTRA
+        /* skip if name is not in supported ECC range */
+        if (curve->name > WOLFSSL_ECC_X25519)
+            continue;
+        /* skip if curve is disabled by user */
        if (ssl->ctx->disabledCurves & (1 << curve->name))
            continue;
    #endif