Update DTLS code to match CBC decoding in TLS.

[oweals/openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8a15af6dd10593e177dfb32b46c0fd6778b9da81..d8bce55f4241cfc01531eb795877c1e7d4dca301 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -941,9 +941,10 @@ int ssl3_get_client_hello(SSL *s)
        unsigned int cookie_len;
        long n;
        unsigned long id;
-       unsigned char *p,*d,*q;
+       unsigned char *p,*d;
        SSL_CIPHER *c;
 #ifndef OPENSSL_NO_COMP
+       unsigned char *q;
        SSL_COMP *comp=NULL;
 #endif
        STACK_OF(SSL_CIPHER) *ciphers=NULL;
@@ -1179,7 +1180,9 @@ int ssl3_get_client_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
                goto f_err;
                }
+#ifndef OPENSSL_NO_COMP
        q=p;
+#endif
        for (j=0; j<i; j++)
                {
                if (p[j] == 0) break;
@@ -1707,8 +1710,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                        ecdhp=cert->ecdh_tmp;
                        if (s->cert->ecdh_tmp_auto)
                                {
-                               /* Get NID of first shared curve */
-                               int nid = tls1_shared_curve(s, 0);
+                               /* Get NID of appropriate shared curve */
+                               int nid = tls1_shared_curve(s, -2);
                                if (nid != NID_undef)
                                        ecdhp = EC_KEY_new_by_curve_name(nid);
                                }