Don't send a for ServerKeyExchange for kDHr and kDHd

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 12820b6acba8ec73b57df1886e39038670cbb75b..0f6758bb52f502cdaa84448cfe68dd8aec6e68ce 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -532,10 +532,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
             else
                 *comp = NULL;
         }
+        /* If were only interested in comp then return success */
+        if((enc == NULL) && (md == NULL))
+            return 1;
     }
 
     if ((enc == NULL) || (md == NULL))
-        return (0);
+        return 0;
 
     switch (c->algorithm_enc) {
     case SSL_DES:
@@ -748,12 +751,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     *mkey |= SSL_kKRB5;
     *auth |= SSL_aKRB5;
 #endif
-#ifdef OPENSSL_NO_ECDSA
-    *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
     *mkey |= SSL_kECDHe | SSL_kECDHr;
-    *auth |= SSL_aECDH;
+    *auth |= SSL_aECDSA | SSL_aECDH;
 #endif
 #ifdef OPENSSL_NO_PSK
     *mkey |= SSL_kPSK;
@@ -1437,7 +1437,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                    SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
         return 0;
     }
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     switch (suiteb_flags) {
     case SSL_CERT_FLAG_SUITEB_128_LOS:
         if (suiteb_comb2)