diff options
| author | tb <> | 2022-08-17 18:41:17 +0000 |
|---|---|---|
| committer | tb <> | 2022-08-17 18:41:17 +0000 |
| commit | 697e13a205ea92565c0fbffa157d3c307f43dfaf (patch) | |
| tree | a7799ad2ad5115d484e1c373726ea40141c64b7f | |
| parent | b0c5f651476e9397892adf645bba468df03d0ea9 (diff) | |
| download | openbsd-697e13a205ea92565c0fbffa157d3c307f43dfaf.tar.gz openbsd-697e13a205ea92565c0fbffa157d3c307f43dfaf.tar.bz2 openbsd-697e13a205ea92565c0fbffa157d3c307f43dfaf.zip | |
Provide ssl_security_shared_group()
Refactor ssl_security_supported_group() into a wrapper of a new internal
ssl_security_group() which takes a secop as an argument. This allows
adding ssl_security_shared_group() which will be needed in upcoming
commits.
ok jsing
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_seclevel.c | 20 |
2 files changed, 18 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 1bfeeb9740..f7670693c1 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.418 2022/08/17 07:39:19 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.419 2022/08/17 18:41:17 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1313,6 +1313,7 @@ int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, | |||
| 1313 | int is_peer, int *out_error); | 1313 | int is_peer, int *out_error); |
| 1314 | int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, | 1314 | int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, |
| 1315 | X509 *x509, int *out_error); | 1315 | X509 *x509, int *out_error); |
| 1316 | int ssl_security_shared_group(const SSL *ssl, uint16_t group_id); | ||
| 1316 | int ssl_security_supported_group(const SSL *ssl, uint16_t group_id); | 1317 | int ssl_security_supported_group(const SSL *ssl, uint16_t group_id); |
| 1317 | 1318 | ||
| 1318 | int ssl_get_new_session(SSL *s, int session); | 1319 | int ssl_get_new_session(SSL *s, int session); |
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c index 0d539bcb83..b691b9bc4b 100644 --- a/src/lib/libssl/ssl_seclevel.c +++ b/src/lib/libssl/ssl_seclevel.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_seclevel.c,v 1.24 2022/07/30 17:26:01 tb Exp $ */ | 1 | /* $OpenBSD: ssl_seclevel.c,v 1.25 2022/08/17 18:41:17 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -438,8 +438,8 @@ ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509, | |||
| 438 | return 1; | 438 | return 1; |
| 439 | } | 439 | } |
| 440 | 440 | ||
| 441 | int | 441 | static int |
| 442 | ssl_security_supported_group(const SSL *ssl, uint16_t group_id) | 442 | ssl_security_group(const SSL *ssl, uint16_t group_id, int secop) |
| 443 | { | 443 | { |
| 444 | CBB cbb; | 444 | CBB cbb; |
| 445 | int bits, nid; | 445 | int bits, nid; |
| @@ -457,5 +457,17 @@ ssl_security_supported_group(const SSL *ssl, uint16_t group_id) | |||
| 457 | if (!CBB_finish(&cbb, NULL, NULL)) | 457 | if (!CBB_finish(&cbb, NULL, NULL)) |
| 458 | return 0; | 458 | return 0; |
| 459 | 459 | ||
| 460 | return ssl_security(ssl, SSL_SECOP_CURVE_SUPPORTED, bits, nid, group); | 460 | return ssl_security(ssl, secop, bits, nid, group); |
| 461 | } | ||
| 462 | |||
| 463 | int | ||
| 464 | ssl_security_shared_group(const SSL *ssl, uint16_t group_id) | ||
| 465 | { | ||
| 466 | return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED); | ||
| 467 | } | ||
| 468 | |||
| 469 | int | ||
| 470 | ssl_security_supported_group(const SSL *ssl, uint16_t group_id) | ||
| 471 | { | ||
| 472 | return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED); | ||
| 461 | } | 473 | } |