libtls: switch ECDSA_METHOD usage to EC_KEY_METHOD

smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto. The diff is from gilles' work on OpenSMTPD-portable, libretls had a similar diff. ok tb@, jsing@
author: op <> 2023-06-18 11:43:03 +0000
committer: op <> 2023-06-18 11:43:03 +0000
commit: 727678bac9040805562e79cfeca4ee4b953bd557 (patch)
tree: cc3e371985ef9f03635d4ad74f97569e0f8bd591
parent: 2810e2ca8ccbcc1d5ea8e11a8475a66e01d25b73 (diff)
download: openbsd-727678bac9040805562e79cfeca4ee4b953bd557.tar.gz
openbsd-727678bac9040805562e79cfeca4ee4b953bd557.tar.bz2
openbsd-727678bac9040805562e79cfeca4ee4b953bd557.zip
3 files changed, 12 insertions, 17 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 989339dc03..8444169bdc 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */
+/* $OpenBSD: tls.c,v 1.97 2023/06/18 11:43:03 op Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -389,7 +389,7 @@ static int
 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
 {
        RSA_METHOD *rsa_method;
-        ECDSA_METHOD *ecdsa_method;
+        EC_KEY_METHOD *ecdsa_method;
        RSA *rsa = NULL;
        EC_KEY *eckey = NULL;
        int ret = -1;
@@ -427,15 +427,15 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
                break;
        case EVP_PKEY_EC:
                if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
-                    ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
+                    EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
                        tls_set_errorx(ctx, "EC key setup failure");
                        goto err;
                }
                if (ctx->config->sign_cb != NULL) {
                        ecdsa_method = tls_signer_ecdsa_method();
                        if (ecdsa_method == NULL ||
-                            ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
+                            EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 ||
-                            ECDSA_set_method(eckey, ecdsa_method) == 0) {
+                            EC_KEY_set_method(eckey, ecdsa_method) == 0) {
                                tls_set_errorx(ctx, "failed to setup EC key");
                                goto err;
                        }
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index f4c23f64e6..af081a079a 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.81 2023/04/09 18:26:26 tb Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.82 2023/06/18 11:43:03 op Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -298,7 +298,7 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash);
 int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
 RSA_METHOD *tls_signer_rsa_method(void);
-ECDSA_METHOD *tls_signer_ecdsa_method(void);
+EC_KEY_METHOD *tls_signer_ecdsa_method(void);
 #define TLS_PADDING_NONE                        0
 #define TLS_PADDING_RSA_PKCS1                   1
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index f6005d3e07..372fa77819 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.6 2023/06/18 11:43:03 op Exp $ */
 /*
 * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
 *
@@ -419,26 +419,21 @@ tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
        return (NULL);
 }
-ECDSA_METHOD *
+EC_KEY_METHOD *
 tls_signer_ecdsa_method(void)
 {
-        static ECDSA_METHOD *ecdsa_method = NULL;
+        static EC_KEY_METHOD *ecdsa_method = NULL;
        pthread_mutex_lock(&signer_method_lock);
        if (ecdsa_method != NULL)
                goto out;
-        ecdsa_method = calloc(1, sizeof(*ecdsa_method));
+        ecdsa_method = EC_KEY_METHOD_new(NULL);
        if (ecdsa_method == NULL)
                goto out;
-        ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign;
+        EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign);
-        ecdsa_method->name = strdup("libtls ECDSA method");
-        if (ecdsa_method->name == NULL) {
-                free(ecdsa_method);
-                ecdsa_method = NULL;
-        }
 out:
        pthread_mutex_unlock(&signer_method_lock);
author	op <>	2023-06-18 11:43:03 +0000
committer	op <>	2023-06-18 11:43:03 +0000
commit	727678bac9040805562e79cfeca4ee4b953bd557 (patch)
tree	cc3e371985ef9f03635d4ad74f97569e0f8bd591
parent	2810e2ca8ccbcc1d5ea8e11a8475a66e01d25b73 (diff)
download	openbsd-727678bac9040805562e79cfeca4ee4b953bd557.tar.gz openbsd-727678bac9040805562e79cfeca4ee4b953bd557.tar.bz2 openbsd-727678bac9040805562e79cfeca4ee4b953bd557.zip