From: Dr. Stephen Henson Date: Wed, 26 Dec 2012 14:27:27 +0000 (+0000) Subject: Function tls1_check_ec_server_key is now redundant as we make X-Git-Tag: OpenSSL_1_0_2-beta1~523 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c550f2e37bca43597eb5233ef2f62cfe84d0b988;p=oweals%2Fopenssl.git Function tls1_check_ec_server_key is now redundant as we make appropriate checks in tls1_check_chain. (backport from HEAD) --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ac70eaf966..fd6fab3b85 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3971,10 +3971,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC - /* if we are considering an ECC cipher suite that uses our - * certificate check it */ - if (alg_a & (SSL_aECDSA|SSL_aECDH)) - ok = ok && tls1_check_ec_server_key(s); /* if we are considering an ECC cipher suite that uses * an ephemeral EC key check it */ if (alg_k & SSL_kEECDH) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1b166caa56..49ad5fdb89 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1151,7 +1151,6 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); -int tls1_check_ec_server_key(SSL *s); int tls1_check_ec_tmp_key(SSL *s); #endif /* OPENSSL_NO_EC */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a2d9e62b36..6e7abc7e97 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -563,14 +563,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x) return 0; return tls1_check_ec_key(s, curve_id, &comp_id); } -/* Check EC server key is compatible with client extensions */ -int tls1_check_ec_server_key(SSL *s) - { - CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; - if (!cpk->x509 || !cpk->privatekey) - return 0; - return tls1_check_cert_param(s, cpk->x509); - } /* Check EC temporary key is compatible with client extensions */ int tls1_check_ec_tmp_key(SSL *s) {