summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/s3_srvr.c')
-rw-r--r--lib/libssl/s3_srvr.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index cba875a3e69..c4a8442a3e0 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.85 2014/09/27 11:03:43 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.86 2014/10/03 13:58:18 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1465,9 +1465,15 @@ ssl3_send_server_key_exchange(SSL *s)
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
- if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
+ if (s->cert->ecdh_tmp_auto != 0) {
+ int nid = tls1_get_shared_curve(s);
+ if (nid != NID_undef)
+ ecdhp = EC_KEY_new_by_curve_name(nid);
+ } else if (ecdhp == NULL &&
+ s->cert->ecdh_tmp_cb != NULL) {
ecdhp = s->cert->ecdh_tmp_cb(s, 0,
SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
+ }
if (ecdhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1482,7 +1488,9 @@ ssl3_send_server_key_exchange(SSL *s)
}
/* Duplicate the ECDH structure. */
- if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
+ if (s->cert->ecdh_tmp_auto != 0) {
+ ecdh = ecdhp;
+ } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_R_ECDH_LIB);
goto err;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-02 20:15:01 +0000