Use curve_id not the nid

Found by OSS-Fuzz and the tests

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #4410

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fd265950073f8498ec063492f6564ff84aac3ddf..67b06f261a8e3be3b4fec40bffec88c85c88415b 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -462,7 +462,7 @@ int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str)
 static int tls1_set_ec_id(uint16_t *pcurve_id, unsigned char *comp_id,
                           EC_KEY *ec)
 {
-    int id;
+    int curve_nid;
     const EC_GROUP *grp;
     if (!ec)
         return 0;
@@ -471,8 +471,8 @@ static int tls1_set_ec_id(uint16_t *pcurve_id, unsigned char *comp_id,
     if (!grp)
         return 0;
     /* Determine curve ID */
-    id = EC_GROUP_get_curve_name(grp);
-    *pcurve_id = tls1_ec_nid2curve_id(id);
+    curve_nid = EC_GROUP_get_curve_name(grp);
+    *pcurve_id = tls1_ec_nid2curve_id(curve_nid);
     /* If no id return error: we don't support arbitrary explicit curves */
     if (*pcurve_id == 0)
         return 0;
@@ -482,7 +482,7 @@ static int tls1_set_ec_id(uint16_t *pcurve_id, unsigned char *comp_id,
         if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
             *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
         } else {
-            if ((nid_list[id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME)
+            if ((nid_list[*pcurve_id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME)
                 *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
             else
                 *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;