From 5c7df560592e9bf486786833f5474557c32fdb8f Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Fri, 23 Mar 2012 10:48:51 -0400
Subject: [PATCH] crypto/tls: don't select ECC ciphersuites with no mutual
 curve.

The existing code that tried to prevent ECC ciphersuites from being
selected when there were no mutual curves still left |suite| set.
This lead to a panic on a nil pointer when there were no acceptable
ciphersuites at all.

Thanks to George Kadianakis for pointing it out.

R=golang-dev, r, bradfitz
CC=golang-dev
https://golang.org/cl/5857043
---
 handshake_server.go | 10 ++++++----
 key_agreement.go    |  4 ++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/handshake_server.go b/handshake_server.go
index 23ec558..77e56a7 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -60,21 +60,23 @@ FindCipherSuite:
 	for _, id := range clientHello.cipherSuites {
 		for _, supported := range config.cipherSuites() {
 			if id == supported {
-				suite = nil
+				var candidate *cipherSuite
+
 				for _, s := range cipherSuites {
 					if s.id == id {
-						suite = s
+						candidate = s
 						break
 					}
 				}
-				if suite == nil {
+				if candidate == nil {
 					continue
 				}
 				// Don't select a ciphersuite which we can't
 				// support for this client.
-				if suite.elliptic && !ellipticOk {
+				if candidate.elliptic && !ellipticOk {
 					continue
 				}
+				suite = candidate
 				break FindCipherSuite
 			}
 		}
diff --git a/key_agreement.go b/key_agreement.go
index 75f5c73..a931d8f 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -130,6 +130,10 @@ Curve:
 		}
 	}
 
+	if curveid == 0 {
+		return nil, errors.New("tls: no supported elliptic curves offered")
+	}
+
 	var x, y *big.Int
 	var err error
 	ka.privateKey, x, y, err = elliptic.GenerateKey(ka.curve, config.rand())