From 9d412d872ceb04ac143258ae8aca5b66337147f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 17 Jun 2015 12:10:46 +0200
Subject: [PATCH] Small internal changes in curve checking

- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
---
 include/mbedtls/ssl_internal.h |  2 +-
 library/ssl_cli.c              |  2 +-
 library/ssl_tls.c              | 13 ++++++++-----
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index e074ce29e..22b07bc17 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -376,7 +376,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
 
 #if defined(MBEDTLS_ECP_C)
-int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 3d3f3d17f..e4f06864e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1684,7 +1684,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
 #if defined(MBEDTLS_ECP_C)
-    if( ! mbedtls_ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
+    if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
 #else
     if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
         ssl->handshake->ecdh_ctx.grp.nbits > 521 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7a1284aab..9f241576d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4087,7 +4087,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
 
             /* If certificate uses an EC key, make sure the curve is OK */
             if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
-                ! mbedtls_ssl_curve_is_acceptable( ssl, mbedtls_pk_ec( *pk )->grp.id ) )
+                mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
                 if( ret == 0 )
@@ -6807,17 +6807,20 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
 #if defined(MBEDTLS_ECP_C)
 /*
  * Check is a curve proposed by the peer is in our list.
- * Return 1 if we're willing to use it, 0 otherwise.
+ * Return 0 if we're willing to use it, -1 otherwise.
  */
-int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
 {
     const mbedtls_ecp_group_id *gid;
 
+    if( ssl->conf->curve_list == NULL )
+        return( -1 );
+
     for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
         if( *gid == grp_id )
-            return( 1 );
+            return( 0 );
 
-    return( 0 );
+    return( -1 );
 }
 #endif /* MBEDTLS_ECP_C */