diff options
author | tb <> | 2022-07-02 16:00:12 +0000 |
---|---|---|
committer | tb <> | 2022-07-02 16:00:12 +0000 |
commit | f7fed9455632a5807e76bd3a28879f5a87857c53 (patch) | |
tree | 9d374c62eeff973ee0b7721a87b5f66c56832f1e /src/lib/libssl/ssl_sigalgs.c | |
parent | c757fe9bb6c16f47a415034b69dda698116160ba (diff) | |
download | openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.tar.gz openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.tar.bz2 openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.zip |
Rename uses 'curve' to 'group' and rework tls1 group API.
This reworks various tls1_ curve APIs to indicate success via a boolean
return value and move the output to an out parameter. This makes the
caller code easier and more consistent.
Based on a suggestion by jsing
ok jsing
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
-rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 9c38a076ac..754d76e72a 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_sigalgs.c,v 1.45 2022/06/29 07:55:59 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.46 2022/07/02 16:00:12 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
@@ -39,7 +39,7 @@ const struct ssl_sigalg sigalgs[] = { | |||
39 | .key_type = EVP_PKEY_EC, | 39 | .key_type = EVP_PKEY_EC, |
40 | .md = EVP_sha512, | 40 | .md = EVP_sha512, |
41 | .security_level = 5, | 41 | .security_level = 5, |
42 | .curve_nid = NID_secp521r1, | 42 | .group_nid = NID_secp521r1, |
43 | }, | 43 | }, |
44 | #ifndef OPENSSL_NO_GOST | 44 | #ifndef OPENSSL_NO_GOST |
45 | { | 45 | { |
@@ -60,7 +60,7 @@ const struct ssl_sigalg sigalgs[] = { | |||
60 | .key_type = EVP_PKEY_EC, | 60 | .key_type = EVP_PKEY_EC, |
61 | .md = EVP_sha384, | 61 | .md = EVP_sha384, |
62 | .security_level = 4, | 62 | .security_level = 4, |
63 | .curve_nid = NID_secp384r1, | 63 | .group_nid = NID_secp384r1, |
64 | }, | 64 | }, |
65 | { | 65 | { |
66 | .value = SIGALG_RSA_PKCS1_SHA256, | 66 | .value = SIGALG_RSA_PKCS1_SHA256, |
@@ -73,7 +73,7 @@ const struct ssl_sigalg sigalgs[] = { | |||
73 | .key_type = EVP_PKEY_EC, | 73 | .key_type = EVP_PKEY_EC, |
74 | .md = EVP_sha256, | 74 | .md = EVP_sha256, |
75 | .security_level = 3, | 75 | .security_level = 3, |
76 | .curve_nid = NID_X9_62_prime256v1, | 76 | .group_nid = NID_X9_62_prime256v1, |
77 | }, | 77 | }, |
78 | #ifndef OPENSSL_NO_GOST | 78 | #ifndef OPENSSL_NO_GOST |
79 | { | 79 | { |
@@ -321,12 +321,12 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
321 | (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) | 321 | (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) |
322 | return 0; | 322 | return 0; |
323 | 323 | ||
324 | /* Ensure that curve matches for EC keys. */ | 324 | /* Ensure that group matches for EC keys. */ |
325 | if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { | 325 | if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { |
326 | if (sigalg->curve_nid == 0) | 326 | if (sigalg->group_nid == 0) |
327 | return 0; | 327 | return 0; |
328 | if (EC_GROUP_get_curve_name(EC_KEY_get0_group( | 328 | if (EC_GROUP_get_curve_name(EC_KEY_get0_group( |
329 | EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) | 329 | EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->group_nid) |
330 | return 0; | 330 | return 0; |
331 | } | 331 | } |
332 | 332 | ||