Be strict about requiring ServerKeyExchange. Missing ServerKeyExchange is handled, but only because it hits an ERR_R_INTERNAL_ERROR in ssl3_send_client_key_exchange in trying to find the server ECDH parameters. Be strict about requiring it for ECDHE. Change-Id: Ifce5b73c8bd14746b8a2185f479d550e9e3f84df Reviewed-on: https://boringssl-review.googlesource.com/1157 Reviewed-by: Adam Langley <agl@google.com>

commit: 9c651c9ef6d0ec8a4fa953efcdd85e3130015fe6 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Jul 12 13:27:45 2014 -0400
committer: Adam Langley <agl@google.com> Mon Jul 14 21:42:30 2014 +0000
tree: ef2e2f5384ab1f3bb1bcea7d92712f59c5082e62
parent: ced551f9673426a7287d958aa1f3967f24107da9 [diff] [blame]
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ed3a0b5..3d1b2ca 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -994,6 +994,7 @@
 int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
 const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
 int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher);
+int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
 
 int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
 int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
commit	9c651c9ef6d0ec8a4fa953efcdd85e3130015fe6	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Jul 12 13:27:45 2014 -0400
committer	Adam Langley <agl@google.com>	Mon Jul 14 21:42:30 2014 +0000
tree	ef2e2f5384ab1f3bb1bcea7d92712f59c5082e62
parent	ced551f9673426a7287d958aa1f3967f24107da9 [diff] [blame]