1 files changed, 18 insertions, 5 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 6a2b082d02..1191f9201e 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.168 2020/07/07 19:31:11 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.169 2020/08/09 16:25:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -242,7 +242,14 @@ static const uint16_t eccurves_list[] = {
 };
 #endif
-static const uint16_t eccurves_default[] = {
+static const uint16_t eccurves_client_default[] = {
+        29,                     /* X25519 (29) */
+        23,                     /* secp256r1 (23) */
+        24,                     /* secp384r1 (24) */
+        25,                     /* secp521r1 (25) */
+};
+static const uint16_t eccurves_server_default[] = {
        29,                     /* X25519 (29) */
        23,                     /* secp256r1 (23) */
        24,                     /* secp384r1 (24) */
@@ -366,9 +373,15 @@ tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
        *pgroups = s->internal->tlsext_supportedgroups;
        *pgroupslen = s->internal->tlsext_supportedgroups_length;
-        if (*pgroups == NULL) {
+        if (*pgroups != NULL)
-                *pgroups = eccurves_default;
+                return;
-                *pgroupslen = sizeof(eccurves_default) / 2;
+        if (!s->server) {
+                *pgroups = eccurves_client_default;
+                *pgroupslen = sizeof(eccurves_client_default) / 2;
+        } else {
+                *pgroups = eccurves_server_default;
+                *pgroupslen = sizeof(eccurves_server_default) / 2;
        }
 }

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 6a2b082d02..1191f9201e 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.168 2020/07/07 19:31:11 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.169 2020/08/09 16:25:54 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -242,7 +242,14 @@ static const uint16_t eccurves_list[] = {
242	};	242	};
243	#endif	243	#endif
244		244
245	static const uint16_t eccurves_default[] = {	245	static const uint16_t eccurves_client_default[] = {
		246	29, /* X25519 (29) */
		247	23, /* secp256r1 (23) */
		248	24, /* secp384r1 (24) */
		249	25, /* secp521r1 (25) */
		250	};
		251
		252	static const uint16_t eccurves_server_default[] = {
246	29, /* X25519 (29) */	253	29, /* X25519 (29) */
247	23, /* secp256r1 (23) */	254	23, /* secp256r1 (23) */
248	24, /* secp384r1 (24) */	255	24, /* secp384r1 (24) */
@@ -366,9 +373,15 @@ tls1_get_group_list(SSL s, int client_groups, const uint16_t *pgroups,
366		373
367	*pgroups = s->internal->tlsext_supportedgroups;	374	*pgroups = s->internal->tlsext_supportedgroups;
368	*pgroupslen = s->internal->tlsext_supportedgroups_length;	375	*pgroupslen = s->internal->tlsext_supportedgroups_length;
369	if (*pgroups == NULL) {	376	if (*pgroups != NULL)
370	*pgroups = eccurves_default;	377	return;
371	*pgroupslen = sizeof(eccurves_default) / 2;	378
		379	if (!s->server) {
		380	*pgroups = eccurves_client_default;
		381	*pgroupslen = sizeof(eccurves_client_default) / 2;
		382	} else {
		383	*pgroups = eccurves_server_default;
		384	*pgroupslen = sizeof(eccurves_server_default) / 2;
372	}	385	}
373	}	386	}
374		387