PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve Reviewed by: steve As required by RFC4492 an absent supported points format by a server is not an error: it should be treated as equivalent to an extension only containing uncompressed.
This commit is contained in:
parent
9c61c57896
commit
6c36ca4628
11
ssl/t1_lib.c
11
ssl/t1_lib.c
@ -1452,23 +1452,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
|
||||
int al = SSL_AD_UNRECOGNIZED_NAME;
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
/* If we are client and using an elliptic curve cryptography cipher suite, then server
|
||||
* must return a an EC point formats lists containing uncompressed.
|
||||
/* If we are client and using an elliptic curve cryptography cipher
|
||||
* suite, then if server returns an EC point formats lists extension
|
||||
* it must contain uncompressed.
|
||||
*/
|
||||
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
||||
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
|
||||
if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
|
||||
(s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
|
||||
((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
|
||||
{
|
||||
/* we are using an ECC cipher */
|
||||
size_t i;
|
||||
unsigned char *list;
|
||||
int found_uncompressed = 0;
|
||||
if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
|
||||
return -1;
|
||||
}
|
||||
list = s->session->tlsext_ecpointformatlist;
|
||||
for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user