2 files changed, 7 insertions, 27 deletions

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 2da16fd..3026187 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2264,19 +2264,14 @@ psk_err:
 #endif
 
 #ifndef OPENSSL_NO_EC
-    else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
+    else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
 
-        if (s->s3->peer_tmp != NULL) {
-            skey = s->s3->peer_tmp;
-        } else {
-            /* Get the Server Public Key from Cert */
-            skey = X509_get0_pubkey(s->session->peer);
-            if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
-                SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+        skey = s->s3->peer_tmp;
+        if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
                        ERR_R_INTERNAL_ERROR);
-                goto err;
+            goto err;
             }
-        }
 
         ckey = ssl_generate_pkey(skey, NID_undef);
 
@@ -2777,9 +2772,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
         SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
                SSL_R_MISSING_ECDSA_SIGNING_CERT);
         goto f_err;
-    } else if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_ECDH_CERT);
-        goto f_err;
     }
 #endif
     pkey = X509_get0_pubkey(s->session->peer);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bc651c7..4d40d0f 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2365,20 +2365,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 #endif
 
 #ifndef OPENSSL_NO_EC
-    if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
-        EVP_PKEY *skey = NULL;
-
-        /* Let's get server private key and group information */
-        if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-            /* use the certificate */
-            skey = s->cert->pkeys[SSL_PKEY_ECC].privatekey;
-        } else {
-            /*
-             * use the ephermeral values we saved when generating the
-             * ServerKeyExchange msg.
-             */
-            skey = s->s3->tmp.pkey;
-        }
+    if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        EVP_PKEY *skey = s->s3->tmp.pkey;
 
         if (PACKET_remaining(pkt) == 0L) {
             /* We don't support ECDH client auth */