diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:30:36 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-04 22:30:36 +0100 |
commit | fe6ef2472db933f01b59cad82aa925736935984b (patch) | |
tree | d589ecaada575ee4a692043ec0eb6fed9fae1557 /ssl/t1_lib.c | |
parent | 6977e8ee4a718a76351ba5275a9f0be4e530eab5 (diff) |
Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6a9dc5db28..971aad381a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -259,8 +259,8 @@ static const unsigned char ecformats_default[] = { TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; -/* The client's default curves / the server's 'auto' curves. */ -static const unsigned char eccurves_auto[] = { +/* The default curves */ +static const unsigned char eccurves_default[] = { /* Prefer P-256 which has the fastest and most secure implementations. */ 0, 23, /* secp256r1 (23) */ /* Other >= 256-bit prime curves. */ @@ -438,13 +438,8 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = s->tlsext_ellipticcurvelist_length; } if (!*pcurves) { - if (!s->server || s->cert->ecdh_tmp_auto) { - *pcurves = eccurves_auto; - pcurveslen = sizeof(eccurves_auto); - } else { - *pcurves = eccurves_all; - pcurveslen = sizeof(eccurves_all); - } + *pcurves = eccurves_default; + pcurveslen = sizeof(eccurves_default); } } @@ -877,19 +872,11 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) /* Check this curve is acceptable */ if (!tls1_check_ec_key(s, curve_id, NULL)) return 0; - /* If auto assume OK */ - if (s->cert->ecdh_tmp_auto) - return 1; - else - return 0; - } - if (s->cert->ecdh_tmp_auto) { - /* Need a shared curve */ - if (tls1_shared_curve(s, 0)) - return 1; - else - return 0; + return 1; } + /* Need a shared curve */ + if (tls1_shared_curve(s, 0)) + return 1; return 0; } # endif /* OPENSSL_NO_EC */ |