From 1a14b47ed970da64ad286b0d67af50badef3bfa0 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 17 Nov 2014 19:39:32 +0000
Subject: [PATCH] Prevent use of binary curves when OPENSSL_NO_EC2M is defined

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 ssl/t1_lib.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0c0d6428df..1876b78cfa 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -435,6 +435,10 @@ static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
 				sizeof(nid_list)/sizeof(nid_list[0])))
 		return 0;
 	cinfo = &nid_list[curve[1]-1];
+#ifdef OPENSSL_NO_EC2M
+	if (cinfo->flags & TLS_CURVE_CHAR2)
+		return 0;
+#endif
 	return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)curve);
 	}
 
-- 
2.25.1