From c7f7d1b193fe6961acc20ac5bb3893b6f98f59f9 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 20 Nov 2019 08:49:41 +1000
Subject: [PATCH] TLS supported curve extension - validate support fix

Check curve name is in range before checking for disabled
---
 src/tls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index c3a6bc36d..f6cb27220 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -4268,6 +4268,10 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
          curve = curve->next) {
 
     #ifdef OPENSSL_EXTRA
+        /* skip if name is not in supported ECC range */
+        if (curve->name > WOLFSSL_ECC_X25519)
+            continue;
+        /* skip if curve is disabled by user */
         if (ssl->ctx->disabledCurves & (1 << curve->name))
             continue;
     #endif