From 7b3c01845f639b3c845dbcb5607eef15e43036c8 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 8 Sep 2010 10:32:55 +0200
Subject: Read the compression type byte for EC groups, only

---
 src/libtls/tls_server.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'src/libtls/tls_server.c')

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index d1accbc2e..b0417f6cb 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -419,14 +419,18 @@ static status_t process_key_exchange_dhe(private_tls_server_t *this,
 		return NEED_MORE;
 	}
 
-	if (pub.ptr[0] != TLS_ANSI_UNCOMPRESSED)
+	if (ec)
 	{
-		DBG1(DBG_TLS, "DH point format '%N' not supported",
-			 tls_ansi_point_format_names, pub.ptr[0]);
-		this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
-		return NEED_MORE;
+		if (pub.ptr[0] != TLS_ANSI_UNCOMPRESSED)
+		{
+			DBG1(DBG_TLS, "DH point format '%N' not supported",
+				 tls_ansi_point_format_names, pub.ptr[0]);
+			this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
+			return NEED_MORE;
+		}
+		pub = chunk_skip(pub, 1);
 	}
-	this->dh->set_other_public_value(this->dh, chunk_skip(pub, 1));
+	this->dh->set_other_public_value(this->dh, pub);
 	if (this->dh->get_shared_secret(this->dh, &premaster) != SUCCESS)
 	{
 		DBG1(DBG_TLS, "calculating premaster from DH failed");
-- 
cgit v1.2.3