+
+#ifndef OPENSSL_NO_ECDH
+ if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+ {
+ int ret = 1;
+
+ /* initialize structures for server's ECDH key pair */
+ if ((srvr_ecdh = EC_KEY_new()) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Let's get server private key and group information */
+ if (l & SSL_kECDH)
+ {
+ /* use the certificate */
+ srvr_ecdh->group = s->cert->key->privatekey-> \
+ pkey.eckey->group;
+ srvr_ecdh->priv_key = s->cert->key->privatekey-> \
+ pkey.eckey->priv_key;
+ }
+ else
+ {
+ /* use the ephermeral values we saved when
+ * generating the ServerKeyExchange msg.
+ */
+ srvr_ecdh->group = s->s3->tmp.ecdh->group;
+ srvr_ecdh->priv_key = s->s3->tmp.ecdh->priv_key;
+ }
+
+ /* Let's get client's public key */
+ if ((clnt_ecpoint = EC_POINT_new(srvr_ecdh->group))
+ == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (n == 0L)
+ {
+ /* Client Publickey was in Client Certificate */
+
+ if (l & SSL_kECDHE)
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+ goto f_err;
+ }
+ if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
+ == NULL) ||
+ (clnt_pub_pkey->type != EVP_PKEY_EC))
+ {
+ /* XXX: For now, we do not support client
+ * authentication using ECDH certificates
+ * so this branch (n == 0L) of the code is
+ * never executed. When that support is
+ * added, we ought to ensure the key
+ * received in the certificate is
+ * authorized for key agreement.
+ * ECDH_compute_key implicitly checks that
+ * the two ECDH shares are for the same
+ * group.
+ */
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
+ goto f_err;
+ }
+
+ EC_POINT_copy(clnt_ecpoint,
+ clnt_pub_pkey->pkey.eckey->pub_key);
+ ret = 2; /* Skip certificate verify processing */
+ }
+ else
+ {
+ /* Get client's public key from encoded point
+ * in the ClientKeyExchange message.
+ */
+ if ((bn_ctx = BN_CTX_new()) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Get encoded point length */
+ i = *p;
+ p += 1;
+ if (EC_POINT_oct2point(srvr_ecdh->group,
+ clnt_ecpoint, p, i, bn_ctx) == 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
+ /* p is pointing to somewhere in the buffer
+ * currently, so set it to the start
+ */
+ p=(unsigned char *)s->init_buf->data;
+ }
+
+ /* Compute the shared pre-master secret */
+ i = ECDH_compute_key(p, clnt_ecpoint, srvr_ecdh);
+ if (i <= 0)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ EVP_PKEY_free(clnt_pub_pkey);
+ EC_POINT_free(clnt_ecpoint);
+ if (srvr_ecdh != NULL)
+ {
+ srvr_ecdh->priv_key = NULL;
+ srvr_ecdh->group = NULL;
+ EC_KEY_free(srvr_ecdh);
+ }
+ BN_CTX_free(bn_ctx);
+
+ /* Compute the master secret */
+ s->session->master_key_length = s->method->ssl3_enc-> \
+ generate_master_secret(s, s->session->master_key, p, i);
+
+ OPENSSL_cleanse(p, i);
+ return (ret);
+ }
+ else
+#endif