1 files changed, 38 insertions, 3 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index d40768560c..678818d51b 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.59 2014/09/30 15:40:09 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.60 2014/10/03 13:58:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -408,6 +408,35 @@ tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
        return (0);
 }
+int
+tls1_get_shared_curve(SSL *s)
+{
+        const unsigned char *pref, *supp, *tsupp;
+        size_t preflen, supplen, i, j;
+        unsigned long server_pref;
+        int id;
+        /* Cannot do anything on the client side. */
+        if (s->server == 0)
+                return (NID_undef);
+        /* Return first preference shared curve. */
+        server_pref = (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
+        tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
+        tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);
+        for (i = 0; i < preflen; i += 2, pref += 2) {
+                tsupp = supp;
+                for (j = 0; j < supplen; j += 2, tsupp += 2) {
+                        if (pref[0] == tsupp[0] && pref[1] == tsupp[1]) {
+                                id = (pref[0] << 8) | pref[1];
+                                return (tls1_ec_curve_id2nid(id));
+                        }
+                }
+        }
+        return (NID_undef);
+}
 /* For an EC key set TLS ID and required compression based on parameters. */
 static int
 tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec)
@@ -524,11 +553,17 @@ tls1_check_ec_tmp_key(SSL *s)
        EC_KEY *ec = s->cert->ecdh_tmp;
        unsigned char curve_id[2];
+        if (s->cert->ecdh_tmp_auto != 0) {
+                /* Need a shared curve. */
+                if (tls1_get_shared_curve(s) != NID_undef)
+                        return (1);
+                return (0);
+        }
        if (ec == NULL) {
                if (s->cert->ecdh_tmp_cb != NULL)
                        return (1);
-                else
+                return (0);
-                        return (0);
        }
        if (tls1_set_ec_id(curve_id, NULL, ec) != 1)
                return (0);

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index d40768560c..678818d51b 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.59 2014/09/30 15:40:09 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.60 2014/10/03 13:58:18 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -408,6 +408,35 @@ tls1_check_curve(SSL s, const unsigned char p, size_t len)
408	return (0);	408	return (0);
409	}	409	}
410		410
		411	int
		412	tls1_get_shared_curve(SSL *s)
		413	{
		414	const unsigned char pref, supp, *tsupp;
		415	size_t preflen, supplen, i, j;
		416	unsigned long server_pref;
		417	int id;
		418
		419	/* Cannot do anything on the client side. */
		420	if (s->server == 0)
		421	return (NID_undef);
		422
		423	/* Return first preference shared curve. */
		424	server_pref = (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
		425	tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
		426	tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);
		427
		428	for (i = 0; i < preflen; i += 2, pref += 2) {
		429	tsupp = supp;
		430	for (j = 0; j < supplen; j += 2, tsupp += 2) {
		431	if (pref[0] == tsupp[0] && pref[1] == tsupp[1]) {
		432	id = (pref[0] << 8) \| pref[1];
		433	return (tls1_ec_curve_id2nid(id));
		434	}
		435	}
		436	}
		437	return (NID_undef);
		438	}
		439
411	/* For an EC key set TLS ID and required compression based on parameters. */	440	/* For an EC key set TLS ID and required compression based on parameters. */
412	static int	441	static int
413	tls1_set_ec_id(unsigned char curve_id, unsigned char comp_id, EC_KEY *ec)	442	tls1_set_ec_id(unsigned char curve_id, unsigned char comp_id, EC_KEY *ec)
@@ -524,11 +553,17 @@ tls1_check_ec_tmp_key(SSL *s)
524	EC_KEY *ec = s->cert->ecdh_tmp;	553	EC_KEY *ec = s->cert->ecdh_tmp;
525	unsigned char curve_id[2];	554	unsigned char curve_id[2];
526		555
		556	if (s->cert->ecdh_tmp_auto != 0) {
		557	/* Need a shared curve. */
		558	if (tls1_get_shared_curve(s) != NID_undef)
		559	return (1);
		560	return (0);
		561	}
		562
527	if (ec == NULL) {	563	if (ec == NULL) {
528	if (s->cert->ecdh_tmp_cb != NULL)	564	if (s->cert->ecdh_tmp_cb != NULL)
529	return (1);	565	return (1);
530	else	566	return (0);
531	return (0);
532	}	567	}
533	if (tls1_set_ec_id(curve_id, NULL, ec) != 1)	568	if (tls1_set_ec_id(curve_id, NULL, ec) != 1)
534	return (0);	569	return (0);