7 files changed, 42 insertions, 466 deletions

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 264cb012d5a..d7cd37dec85 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.138 2016/03/27 00:55:38 mmcc Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.139 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1968,13 +1968,12 @@ err:
 }
 
 static int
-ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
+ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
     int *outlen)
 {
 	EC_KEY *tkey, *clnt_ecdh = NULL;
 	const EC_GROUP *srvr_group = NULL;
 	const EC_POINT *srvr_ecpoint = NULL;
-	EVP_PKEY *srvr_pub_pkey = NULL;
 	BN_CTX *bn_ctx = NULL;
 	unsigned char *encodedPoint = NULL;
 	unsigned char *key = NULL;
@@ -1994,14 +1993,6 @@ ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
 	}
 	tkey = sess_cert->peer_ecdh_tmp;
 
-	if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
-		/* Get the Server Public Key from certificate. */
-		srvr_pub_pkey = X509_get_pubkey(
-		    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-		if (srvr_pub_pkey != NULL && srvr_pub_pkey->type == EVP_PKEY_EC)
-			tkey = srvr_pub_pkey->pkey.ec;
-	}
-
 	if (tkey == NULL) {
 		SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
 		    ERR_R_INTERNAL_ERROR);
@@ -2093,7 +2084,6 @@ err:
 	BN_CTX_free(bn_ctx);
 	free(encodedPoint);
 	EC_KEY_free(clnt_ecdh);
-	EVP_PKEY_free(srvr_pub_pkey);
 
 	return (ret);
 }
@@ -2242,8 +2232,9 @@ ssl3_send_client_key_exchange(SSL *s)
 		} else if (alg_k & SSL_kDHE) {
 			if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1)
 				goto err;
-		} else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
-			if (ssl3_send_client_kex_ecdh(s, sess_cert, p, &n) != 1)
+		} else if (alg_k & SSL_kECDHE) {
+			if (ssl3_send_client_kex_ecdhe(s, sess_cert, p,
+			    &n) != 1)
 				goto err;
 		} else if (alg_k & SSL_kGOST) {
 			if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index e873c17c876..92beeae3c42 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.108 2016/04/28 16:39:45 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.109 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1129,86 +1129,6 @@ SSL_CIPHER ssl3_ciphers[] = {
 	},
 #endif /* OPENSSL_NO_CAMELLIA */
 
-	/* Cipher C001 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_eNULL,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 0,
-		.alg_bits = 0,
-	},
-
-	/* Cipher C002 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_RC4,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C003 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_3DES,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 112,
-		.alg_bits = 168,
-	},
-
-	/* Cipher C004 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES128,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C005 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES256,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 256,
-		.alg_bits = 256,
-	},
-
 	/* Cipher C006 */
 	{
 		.valid = 1,
@@ -1289,86 +1209,6 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* Cipher C00B */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
-		.id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_eNULL,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 0,
-		.alg_bits = 0,
-	},
-
-	/* Cipher C00C */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-		.id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_RC4,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_MEDIUM,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C00D */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-		.id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_3DES,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 112,
-		.alg_bits = 168,
-	},
-
-	/* Cipher C00E */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-		.id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES128,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C00F */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-		.id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES256,
-		.algorithm_mac = SSL_SHA1,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		.strength_bits = 256,
-		.alg_bits = 256,
-	},
-
 	/* Cipher C010 */
 	{
 		.valid = 1,
@@ -1564,38 +1404,6 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* Cipher C025 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES128,
-		.algorithm_mac = SSL_SHA256,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C026 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES256,
-		.algorithm_mac = SSL_SHA384,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-		.strength_bits = 256,
-		.alg_bits = 256,
-	},
-
 	/* Cipher C027 */
 	{
 		.valid = 1,
@@ -1628,38 +1436,6 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* Cipher C029 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
-		.id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES128,
-		.algorithm_mac = SSL_SHA256,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C02A */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
-		.id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES256,
-		.algorithm_mac = SSL_SHA384,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-		.strength_bits = 256,
-		.alg_bits = 256,
-	},
-
 	/* GCM based TLS v1.2 ciphersuites from RFC5289 */
 
 	/* Cipher C02B */
@@ -1698,42 +1474,6 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* Cipher C02D */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES128GCM,
-		.algorithm_mac = SSL_AEAD,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
-		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
-		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C02E */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-		.id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-		.algorithm_mkey = SSL_kECDHe,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES256GCM,
-		.algorithm_mac = SSL_AEAD,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
-		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
-		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
-		.strength_bits = 256,
-		.alg_bits = 256,
-	},
-
 	/* Cipher C02F */
 	{
 		.valid = 1,
@@ -1770,42 +1510,6 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* Cipher C031 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-		.id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES128GCM,
-		.algorithm_mac = SSL_AEAD,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
-		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
-		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
-		.strength_bits = 128,
-		.alg_bits = 128,
-	},
-
-	/* Cipher C032 */
-	{
-		.valid = 1,
-		.name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-		.id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-		.algorithm_mkey = SSL_kECDHr,
-		.algorithm_auth = SSL_aECDH,
-		.algorithm_enc = SSL_AES256GCM,
-		.algorithm_mac = SSL_AEAD,
-		.algorithm_ssl = SSL_TLSV1_2,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
-		    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
-		    SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
-		.strength_bits = 256,
-		.alg_bits = 256,
-	},
-
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 	/* Cipher CC13 */
 	{
@@ -2604,7 +2308,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		 * If we are considering an ECC cipher suite that uses our
 		 * certificate check it.
 		 */
-		if (alg_a & (SSL_aECDSA|SSL_aECDH))
+		if (alg_a & SSL_aECDSA)
 			ok = ok && tls1_check_ec_server_key(s);
 		/*
 		 * If we are considering an ECC cipher suite that uses
@@ -2647,14 +2351,10 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 	}
 	p[ret++] = SSL3_CT_RSA_SIGN;
 	p[ret++] = SSL3_CT_DSS_SIGN;
-	if ((alg_k & (SSL_kECDHr|SSL_kECDHe))) {
-		p[ret++] = TLS_CT_RSA_FIXED_ECDH;
-		p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
-	}
 
 	/*
 	 * ECDSA certs can be used with RSA cipher suites as well
-	 * so we don't need to check for SSL_kECDH or SSL_kECDHE
+	 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
 	 */
 	p[ret++] = TLS_CT_ECDSA_SIGN;
 
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index d2a03e05d23..8ecd51669ae 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.127 2016/09/22 07:17:41 guenther Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.128 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1764,9 +1764,7 @@ ssl3_get_client_key_exchange(SSL *s)
 		    s->method->ssl3_enc->generate_master_secret(
 		        s, s->session->master_key, p, i);
 		explicit_bzero(p, i);
-	} else
-
-	if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
+	} else if (alg_k & SSL_kECDHE) {
 		int ret = 1;
 		int key_size;
 		const EC_KEY   *tkey;
@@ -1780,17 +1778,11 @@ ssl3_get_client_key_exchange(SSL *s)
 			goto err;
 		}
 
-		/* Let's get server private key and group information. */
-		if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
-			/* Use the certificate */
-			tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
-		} else {
-			/*
-			 * Use the ephermeral values we saved when
-			 * generating the ServerKeyExchange msg.
-			 */
-			tkey = s->s3->tmp.ecdh;
-		}
+		/*
+		 * Use the ephemeral values we saved when
+		 * generating the ServerKeyExchange message.
+		 */
+		tkey = s->s3->tmp.ecdh;
 
 		group = EC_KEY_get0_group(tkey);
 		priv_key = EC_KEY_get0_private_key(tkey);
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 526d98e2937..2bf73c6606d 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.86 2016/04/28 16:39:45 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.87 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -257,28 +257,14 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_DH,
 		.algorithm_mkey = SSL_kDHE,
 	},
-
-	{
-		.name = SSL_TXT_kECDHr,
-		.algorithm_mkey = SSL_kECDHr,
-	},
-	{
-		.name = SSL_TXT_kECDHe,
-		.algorithm_mkey = SSL_kECDHe,
-	},
-	{
-		.name = SSL_TXT_kECDH,
-		.algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
-	},
 	{
 		.name = SSL_TXT_kEECDH,
 		.algorithm_mkey = SSL_kECDHE,
 	},
 	{
 		.name = SSL_TXT_ECDH,
-		.algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
+		.algorithm_mkey = SSL_kECDHE,
 	},
-
 	{
 		.name = SSL_TXT_kGOST,
 		.algorithm_mkey = SSL_kGOST,
@@ -302,10 +288,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.algorithm_auth = SSL_aNULL,
 	},
 	{
-		.name = SSL_TXT_aECDH,
-		.algorithm_auth = SSL_aECDH,
-	},
-	{
 		.name = SSL_TXT_aECDSA,
 		.algorithm_auth = SSL_aECDSA,
 	},
@@ -1455,7 +1437,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
 
 	/* Move ciphers without forward secrecy to the end */
-	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
 	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
 
 	/* RC4 is sort of broken - move it to the end */
@@ -1597,12 +1578,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_kDHE:
 		kx = "DH";
 		break;
-	case SSL_kECDHr:
-		kx = "ECDH/RSA";
-		break;
-	case SSL_kECDHe:
-		kx = "ECDH/ECDSA";
-		break;
 	case SSL_kECDHE:
 		kx = "ECDH";
 		break;
@@ -1620,9 +1595,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_aDSS:
 		au = "DSS";
 		break;
-	case SSL_aECDH:
-		au = "ECDH";
-		break;
 	case SSL_aNULL:
 		au = "None";
 		break;
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 35963151663..4fa9b149b19 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.118 2016/09/22 12:34:59 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.119 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2004,14 +2004,11 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
 void
 ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 {
-	CERT_PKEY	*cpk;
 	int		 rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+	int		 have_ecc_cert, have_ecdh_tmp;
 	unsigned long	 mask_k, mask_a;
-	int		 have_ecc_cert, ecdh_ok, ecdsa_ok;
-	int		 have_ecdh_tmp;
 	X509		*x = NULL;
-	EVP_PKEY	*ecc_pkey = NULL;
-	int		 signature_nid = 0, pk_nid = 0, md_nid = 0;
+	CERT_PKEY	*cpk;
 
 	if (c == NULL)
 		return;
@@ -2021,6 +2018,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 
 	have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
 	    c->ecdh_tmp_auto != 0);
+
 	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
 	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
 	cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
@@ -2058,93 +2056,40 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	 * ECDSA cipher suites depending on the key usage extension.
 	 */
 	if (have_ecc_cert) {
-		/* This call populates extension flags (ex_flags) */
 		x = (c->pkeys[SSL_PKEY_ECC]).x509;
+
+		/* This call populates extension flags (ex_flags). */
 		X509_check_purpose(x, -1, 0);
-		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-		(x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-		(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
-		ecc_pkey = X509_get_pubkey(x);
-		EVP_PKEY_free(ecc_pkey);
-		if ((x->sig_alg) && (x->sig_alg->algorithm)) {
-			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-		}
-		if (ecdh_ok) {
-			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
-				mask_k|=SSL_kECDHr;
-				mask_a|=SSL_aECDH;
-			}
-			if (pk_nid == NID_X9_62_id_ecPublicKey) {
-				mask_k|=SSL_kECDHe;
-				mask_a|=SSL_aECDH;
-			}
-		}
-		if (ecdsa_ok)
+
+		/* Key usage, if present, must allow signing. */
+		if ((x->ex_flags & EXFLAG_KUSAGE) == 0 ||
+		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE))
 			mask_a|=SSL_aECDSA;
 	}
 
-	if (have_ecdh_tmp) {
+	if (have_ecdh_tmp)
 		mask_k|=SSL_kECDHE;
-	}
-
 
 	c->mask_k = mask_k;
 	c->mask_a = mask_a;
 	c->valid = 1;
 }
 
-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
-#define ku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-
-
 int
 ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 {
-	unsigned long		 alg_k, alg_a;
-	int			 signature_nid = 0, md_nid = 0, pk_nid = 0;
 	const SSL_CIPHER	*cs = s->s3->tmp.new_cipher;
+	unsigned long		 alg_a;
 
-	alg_k = cs->algorithm_mkey;
 	alg_a = cs->algorithm_auth;
 
-	/* This call populates the ex_flags field correctly */
-	X509_check_purpose(x, -1, 0);
-	if ((x->sig_alg) && (x->sig_alg->algorithm)) {
-		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-	}
-	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
-		/* key usage, if present, must allow key agreement */
-		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
-			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-			    SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
-			return (0);
-		}
-		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
-		    TLS1_2_VERSION) {
-			/* signature alg must be ECDSA */
-			if (pk_nid != NID_X9_62_id_ecPublicKey) {
-				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-				    SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
-				return (0);
-			}
-		}
-		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
-		    TLS1_2_VERSION) {
-			/* signature alg must be RSA */
-			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
-				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-				    SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
-				return (0);
-			}
-		}
-	}
 	if (alg_a & SSL_aECDSA) {
-		/* key usage, if present, must allow signing */
-		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
+		/* This call populates extension flags (ex_flags). */
+		X509_check_purpose(x, -1, 0);
+
+		/* Key usage, if present, must allow signing. */
+		if ((x->ex_flags & EXFLAG_KUSAGE) &&
+		    ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
 			    SSL_R_ECC_CERT_NOT_FOR_SIGNING);
 			return (0);
@@ -2152,39 +2097,21 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 	}
 
 	return (1);
-	/* all checks are ok */
 }
 
-
-/* THIS NEEDS CLEANING UP */
 CERT_PKEY *
 ssl_get_server_send_pkey(const SSL *s)
 {
-	unsigned long	 alg_k, alg_a;
+	unsigned long	 alg_a;
 	CERT		*c;
 	int		 i;
 
 	c = s->cert;
 	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 
-	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 
-	if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
-		/*
-		 * We don't need to look at SSL_kECDHE
-		 * since no certificate is needed for
-		 * anon ECDH and for authenticated
-		 * ECDHE, the check for the auth
-		 * algorithm will set i correctly
-		 * NOTE: For ECDH-RSA, we need an ECC
-		 * not an RSA cert but for EECDH-RSA
-		 * we need an RSA cert. Placing the
-		 * checks for SSL_kECDH before RSA
-		 * checks ensures the correct cert is chosen.
-		 */
-		i = SSL_PKEY_ECC;
-	} else if (alg_a & SSL_aECDSA) {
+	if (alg_a & SSL_aECDSA) {
 		i = SSL_PKEY_ECC;
 	} else if (alg_a & SSL_aDSS) {
 		i = SSL_PKEY_DSA_SIGN;
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 2a521fe26a3..1b768e3939a 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.129 2016/04/28 16:39:45 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.130 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -255,8 +255,6 @@
 /* Bits for algorithm_mkey (key exchange algorithm) */
 #define SSL_kRSA		0x00000001L /* RSA key exchange */
 #define SSL_kDHE		0x00000008L /* tmp DH key no DH cert */
-#define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
-#define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
 #define SSL_kECDHE		0x00000080L /* ephemeral ECDH */
 #define SSL_kGOST		0x00000200L /* GOST key exchange */
 
@@ -264,11 +262,9 @@
 #define SSL_aRSA		0x00000001L /* RSA auth */
 #define SSL_aDSS 		0x00000002L /* DSS auth */
 #define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aECDH 		0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
 #define SSL_aECDSA              0x00000040L /* ECDSA auth*/
 #define SSL_aGOST01 		0x00000200L /* GOST R 34.10-2001 signature auth */
 
-
 /* Bits for algorithm_enc (symmetric encryption) */
 #define SSL_DES			0x00000001L
 #define SSL_3DES		0x00000002L
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 257cd0bd070..e7dbe9cd990 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.92 2016/10/02 21:18:08 guenther Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.93 2016/10/19 16:38:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -651,8 +651,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 			alg_k = c->algorithm_mkey;
 			alg_a = c->algorithm_auth;
 
-			if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
-			    (alg_a & SSL_aECDSA))) {
+			if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
 				using_ecc = 1;
 				break;
 			}
@@ -964,8 +963,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 
 	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-	using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
-	    alg_a & SSL_aECDSA) &&
+	using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
 	    s->session->tlsext_ecpointformatlist != NULL;
 
 	ret += 2;
@@ -1959,7 +1957,7 @@ ssl_check_serverhello_tlsext(SSL *s)
 	    (s->tlsext_ecpointformatlist_length > 0) &&
 	    (s->session->tlsext_ecpointformatlist != NULL) &&
 	    (s->session->tlsext_ecpointformatlist_length > 0) &&
-	    ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
+	    ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
 		/* we are using an ECC cipher */
 		size_t i;
 		unsigned char *list;