1 files changed, 18 insertions, 5 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b265ea089f..9536b0a078 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.165 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.165.4.1 2020/08/10 18:59:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -250,7 +250,14 @@ static const uint16_t eccurves_list[] = {
 };
 #endif
-static const uint16_t eccurves_default[] = {
+static const uint16_t eccurves_client_default[] = {
+        29,                     /* X25519 (29) */
+        23,                     /* secp256r1 (23) */
+        24,                     /* secp384r1 (24) */
+        25,                     /* secp521r1 (25) */
+};
+static const uint16_t eccurves_server_default[] = {
        29,                     /* X25519 (29) */
        23,                     /* secp256r1 (23) */
        24,                     /* secp384r1 (24) */
@@ -374,9 +381,15 @@ tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
        *pgroups = s->internal->tlsext_supportedgroups;
        *pgroupslen = s->internal->tlsext_supportedgroups_length;
-        if (*pgroups == NULL) {
+        if (*pgroups != NULL)
-                *pgroups = eccurves_default;
+                return;
-                *pgroupslen = sizeof(eccurves_default) / 2;
+        if (!s->server) {
+                *pgroups = eccurves_client_default;
+                *pgroupslen = sizeof(eccurves_client_default) / 2;
+        } else {
+                *pgroups = eccurves_server_default;
+                *pgroupslen = sizeof(eccurves_server_default) / 2;
        }
 }

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b265ea089f..9536b0a078 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.165 2020/03/10 17:02:21 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.165.4.1 2020/08/10 18:59:47 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -250,7 +250,14 @@ static const uint16_t eccurves_list[] = {
250	};	250	};
251	#endif	251	#endif
252		252
253	static const uint16_t eccurves_default[] = {	253	static const uint16_t eccurves_client_default[] = {
		254	29, /* X25519 (29) */
		255	23, /* secp256r1 (23) */
		256	24, /* secp384r1 (24) */
		257	25, /* secp521r1 (25) */
		258	};
		259
		260	static const uint16_t eccurves_server_default[] = {
254	29, /* X25519 (29) */	261	29, /* X25519 (29) */
255	23, /* secp256r1 (23) */	262	23, /* secp256r1 (23) */
256	24, /* secp384r1 (24) */	263	24, /* secp384r1 (24) */
@@ -374,9 +381,15 @@ tls1_get_group_list(SSL s, int client_groups, const uint16_t *pgroups,
374		381
375	*pgroups = s->internal->tlsext_supportedgroups;	382	*pgroups = s->internal->tlsext_supportedgroups;
376	*pgroupslen = s->internal->tlsext_supportedgroups_length;	383	*pgroupslen = s->internal->tlsext_supportedgroups_length;
377	if (*pgroups == NULL) {	384	if (*pgroups != NULL)
378	*pgroups = eccurves_default;	385	return;
379	*pgroupslen = sizeof(eccurves_default) / 2;	386
		387	if (!s->server) {
		388	*pgroups = eccurves_client_default;
		389	*pgroupslen = sizeof(eccurves_client_default) / 2;
		390	} else {
		391	*pgroups = eccurves_server_default;
		392	*pgroupslen = sizeof(eccurves_server_default) / 2;
380	}	393	}
381	}	394	}
382		395