From bbfed52cf2912d5088abeb017049241e4d37d21f Mon Sep 17 00:00:00 2001
From: ssaroha <ssaroha@gmail.com>
Date: Sun, 11 Dec 2016 18:42:07 -0800
Subject: [PATCH] Set OPENSSL_EC_NAMED_CURVE explicitly on EC key so that
 certificate has ASN1 OID and NIST curve info. Without this openSSL handshake
 negotiation fails throwing NO_SHARED_CIPHER error. the change made is along
 the lines of openssl behavior documented here:
 https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman#ECDH_and_Named_Curves

tested with openssl 1.0.2j

BUG=webrtc:6763

Review-Url: https://codereview.webrtc.org/2534773002
Cr-Commit-Position: refs/heads/master@{#15536}
---
 AUTHORS                             | 1 +
 webrtc/base/opensslidentity.cc      | 7 +++++++
 webrtc/base/opensslstreamadapter.cc | 1 +
 3 files changed, 9 insertions(+)

diff --git a/AUTHORS b/AUTHORS
index 51a48fb47a..379c4f316c 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -31,6 +31,7 @@ Ralph Giles <giles@ghostscript.com>
 Riku Voipio <riku.voipio@linaro.org>
 Robert Nagy <robert.nagy@gmail.com>
 Ryan Yoakum <ryoakum@skobalt.com>
+Satender Saroha <ssaroha@yahoo.com>
 Sarah Thompson <sarah@telergy.com>
 Saul Kravitz <Saul.Kravitz@celera.com>
 Silviu Caragea <silviu.cpp@gmail.com>
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
index 58a0cd8ade..0ebf20bd6b 100644
--- a/webrtc/base/opensslidentity.cc
+++ b/webrtc/base/opensslidentity.cc
@@ -61,6 +61,13 @@ static EVP_PKEY* MakeKey(const KeyParams& key_params) {
   } else if (key_params.type() == KT_ECDSA) {
     if (key_params.ec_curve() == EC_NIST_P256) {
       EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+      // Ensure curve name is included when EC key is serialized.
+      // Without this call, OpenSSL versions before 1.1.0 will create
+      // certificates that don't work for TLS.
+      // This is a no-op for BoringSSL and OpenSSL 1.1.0+
+      EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+
       if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
           !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
         EVP_PKEY_free(pkey);
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 0e7a2927ec..3b3aa5d219 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -20,6 +20,7 @@
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_IS_BORINGSSL
 #include <openssl/dtls1.h>
+#include <openssl/ssl.h>
 #endif
 
 #include <memory>