Fix SSL_OP_SINGLE_ECDH_USE
authorPiotr Sikora <piotr@cloudflare.com>
Fri, 1 Nov 2013 21:35:46 +0000 (21:35 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 1 Nov 2013 21:41:52 +0000 (21:41 +0000)
Don't require a public key in tls1_set_ec_id if compression status is
not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.
(cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)

ssl/t1_lib.c

index 1bdac22..741f102 100644 (file)
@@ -590,14 +590,12 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
        {
        int is_prime, id;
        const EC_GROUP *grp;
-       const EC_POINT *pt;
        const EC_METHOD *meth;
        if (!ec)
                return 0;
        /* Determine if it is a prime field */
        grp = EC_KEY_get0_group(ec);
-        pt = EC_KEY_get0_public_key(ec);
-       if (!grp || !pt)
+       if (!grp)
                return 0;
         meth = EC_GROUP_method_of(grp);
        if (!meth)
@@ -625,6 +623,8 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
                }
        if (comp_id)
                {
+               if (EC_KEY_get0_public_key(ec) == NULL)
+                       return 0;
                if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED)
                        {
                        if (is_prime)