Only require an EC public key in tls1_set_ec_id(), if we need to provide

a compression identifier. In the case of a server using ephemeral EC keys, the supplied key is unlikely to have a public key where SSL_CTX_set_tmp_ecdh() is called after SSL_OP_SINGLE_ECDH_USE has been set. This makes ECDHE ciphers work again for this use case.
author: jsing <> 2014-10-15 14:02:16 +0000
committer: jsing <> 2014-10-15 14:02:16 +0000
commit: 060df266399eaa119161ae1d0dd66991023ce805 (patch)
tree: 6a58a6ea88e10ee8827ad1658924657ba50d4027 /src/lib
parent: d1ef05b60b0377a5eac02b3693ea5a0161a51731 (diff)
download: openbsd-060df266399eaa119161ae1d0dd66991023ce805.tar.gz
openbsd-060df266399eaa119161ae1d0dd66991023ce805.tar.bz2
openbsd-060df266399eaa119161ae1d0dd66991023ce805.zip
2 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 409da9b4bd..22e84fe122 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.63 2014/10/05 14:56:32 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.64 2014/10/15 14:02:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -458,9 +458,6 @@ tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec)
        if (ec == NULL)
                return (0);
-        if (EC_KEY_get0_public_key(ec) == NULL)
-                return (0);
        /* Determine if it is a prime field. */
        if ((grp = EC_KEY_get0_group(ec)) == NULL)
                return (0);
@@ -484,6 +481,9 @@ tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec)
        /* Specify the compression identifier. */
        if (comp_id != NULL) {
+                if (EC_KEY_get0_public_key(ec) == NULL)
+                        return (0);
                if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
                        *comp_id = is_prime ?
                            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime :
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 409da9b4bd..22e84fe122 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.63 2014/10/05 14:56:32 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.64 2014/10/15 14:02:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -458,9 +458,6 @@ tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec)
        if (ec == NULL)
                return (0);
-        if (EC_KEY_get0_public_key(ec) == NULL)
-                return (0);
        /* Determine if it is a prime field. */
        if ((grp = EC_KEY_get0_group(ec)) == NULL)
                return (0);
@@ -484,6 +481,9 @@ tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec)
        /* Specify the compression identifier. */
        if (comp_id != NULL) {
+                if (EC_KEY_get0_public_key(ec) == NULL)
+                        return (0);
                if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
                        *comp_id = is_prime ?
                            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime :
author	jsing <>	2014-10-15 14:02:16 +0000
committer	jsing <>	2014-10-15 14:02:16 +0000
commit	060df266399eaa119161ae1d0dd66991023ce805 (patch)
tree	6a58a6ea88e10ee8827ad1658924657ba50d4027 /src/lib
parent	d1ef05b60b0377a5eac02b3693ea5a0161a51731 (diff)
download	openbsd-060df266399eaa119161ae1d0dd66991023ce805.tar.gz openbsd-060df266399eaa119161ae1d0dd66991023ce805.tar.bz2 openbsd-060df266399eaa119161ae1d0dd66991023ce805.zip