From ca78bf1500c5f3c68d72214bd06fcc1b66a52c38 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 27 Sep 2016 12:28:28 +0200
Subject: ssl: Correct ECC curve selection, the error could cause default to
 always be selected.

---
 lib/ssl/src/ssl_connection.erl | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'lib/ssl/src/ssl_connection.erl')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 304d1706f5..08fca76123 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1430,13 +1430,14 @@ key_exchange(#state{role = server, private_key = Key, key_algorithm = Algo} = St
 key_exchange(#state{role = server, key_algorithm = Algo,
 		    hashsign_algorithm = HashSignAlgo,
 		    private_key = PrivateKey,
+		    session = #session{ecc = ECCCurve},
 		    connection_states = ConnectionStates0,
 		    negotiated_version = Version
 		   } = State0, Connection)
   when Algo == ecdhe_ecdsa; Algo == ecdhe_rsa;
        Algo == ecdh_anon ->
 
-    ECDHKeys = public_key:generate_key(select_curve(State0)),
+    ECDHKeys = public_key:generate_key(ECCCurve),
     #{security_parameters := SecParams} = 
 	ssl_record:pending_connection_state(ConnectionStates0, read),
     #security_parameters{client_random = ClientRandom,
@@ -1845,11 +1846,6 @@ cipher_role(server, Data, Session,  #state{connection_states = ConnectionStates0
     {Record, State} = prepare_connection(State1, Connection),
     Connection:next_event(connection, Record, State).
 
-select_curve(#state{client_ecc = {[Curve|_], _}}) ->
-    {namedCurve, Curve};
-select_curve(_) ->
-    {namedCurve, ?secp256r1}.
-
 is_anonymous(Algo) when Algo == dh_anon;
 			Algo == ecdh_anon;
 			Algo == psk;
-- 
cgit v1.2.3