fixed error catching on TLSX_EllipticCurve_Parse

fixed unsupported curves handling
2014-02-03 21:54:31 -03:00 · 2014-02-03 21:54:31 -03:00 · 468e26a3a2
commit 468e26a3a2
parent f669e73c8d
2 changed files with 28 additions and 14 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -631,6 +631,19 @@ int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
    if (ssl == NULL)
        return BAD_FUNC_ARG;

+    switch (name) {
+        case CYASSL_ECC_SECP160R1:
+        case CYASSL_ECC_SECP192R1:
+        case CYASSL_ECC_SECP224R1:
+        case CYASSL_ECC_SECP256R1:
+        case CYASSL_ECC_SECP384R1:
+        case CYASSL_ECC_SECP521R1:
+            break;
+
+        default:
+            return BAD_FUNC_ARG;
+    }
+
    return TLSX_UseSupportedCurve(&ssl->extensions, name);
 }

@ -639,6 +652,19 @@ int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
    if (ctx == NULL)
        return BAD_FUNC_ARG;

+    switch (name) {
+        case CYASSL_ECC_SECP160R1:
+        case CYASSL_ECC_SECP192R1:
+        case CYASSL_ECC_SECP224R1:
+        case CYASSL_ECC_SECP256R1:
+        case CYASSL_ECC_SECP384R1:
+        case CYASSL_ECC_SECP521R1:
+            break;
+
+        default:
+            return BAD_FUNC_ARG;
+    }
+
    return TLSX_UseSupportedCurve(&ctx->extensions, name);
 }

--- a/src/tls.c
+++ b/src/tls.c
@ -1272,7 +1272,7 @@ static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,

        r = TLSX_UseSupportedCurve(&ssl->extensions, name);

-        if (r) return r; /* throw error */
+        if (r != SSL_SUCCESS) return r; /* throw error */
    }

    return 0;
@ -1300,6 +1300,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
            case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
            case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
            case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
+            default: continue; /* unsupported curve */
        }

        switch (second) {
@ -1380,19 +1381,6 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
    if (extensions == NULL)
        return BAD_FUNC_ARG;

-    switch (name) {
-        case CYASSL_ECC_SECP160R1:
-        case CYASSL_ECC_SECP192R1:
-        case CYASSL_ECC_SECP224R1:
-        case CYASSL_ECC_SECP256R1:
-        case CYASSL_ECC_SECP384R1:
-        case CYASSL_ECC_SECP521R1:
-            break;
-
-        default:
-            return BAD_FUNC_ARG;
-    }
-
    if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
        return ret;