summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2022-08-17 18:41:17 +0000
committertb <>2022-08-17 18:41:17 +0000
commit697e13a205ea92565c0fbffa157d3c307f43dfaf (patch)
treea7799ad2ad5115d484e1c373726ea40141c64b7f /src
parentb0c5f651476e9397892adf645bba468df03d0ea9 (diff)
downloadopenbsd-697e13a205ea92565c0fbffa157d3c307f43dfaf.tar.gz
openbsd-697e13a205ea92565c0fbffa157d3c307f43dfaf.tar.bz2
openbsd-697e13a205ea92565c0fbffa157d3c307f43dfaf.zip
Provide ssl_security_shared_group()
Refactor ssl_security_supported_group() into a wrapper of a new internal ssl_security_group() which takes a secop as an argument. This allows adding ssl_security_shared_group() which will be needed in upcoming commits. ok jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/ssl_seclevel.c20
2 files changed, 18 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 1bfeeb9740..f7670693c1 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.418 2022/08/17 07:39:19 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.419 2022/08/17 18:41:17 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1313,6 +1313,7 @@ int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
1313 int is_peer, int *out_error); 1313 int is_peer, int *out_error);
1314int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, 1314int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk,
1315 X509 *x509, int *out_error); 1315 X509 *x509, int *out_error);
1316int ssl_security_shared_group(const SSL *ssl, uint16_t group_id);
1316int ssl_security_supported_group(const SSL *ssl, uint16_t group_id); 1317int ssl_security_supported_group(const SSL *ssl, uint16_t group_id);
1317 1318
1318int ssl_get_new_session(SSL *s, int session); 1319int ssl_get_new_session(SSL *s, int session);
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index 0d539bcb83..b691b9bc4b 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_seclevel.c,v 1.24 2022/07/30 17:26:01 tb Exp $ */ 1/* $OpenBSD: ssl_seclevel.c,v 1.25 2022/08/17 18:41:17 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -438,8 +438,8 @@ ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509,
438 return 1; 438 return 1;
439} 439}
440 440
441int 441static int
442ssl_security_supported_group(const SSL *ssl, uint16_t group_id) 442ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
443{ 443{
444 CBB cbb; 444 CBB cbb;
445 int bits, nid; 445 int bits, nid;
@@ -457,5 +457,17 @@ ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
457 if (!CBB_finish(&cbb, NULL, NULL)) 457 if (!CBB_finish(&cbb, NULL, NULL))
458 return 0; 458 return 0;
459 459
460 return ssl_security(ssl, SSL_SECOP_CURVE_SUPPORTED, bits, nid, group); 460 return ssl_security(ssl, secop, bits, nid, group);
461}
462
463int
464ssl_security_shared_group(const SSL *ssl, uint16_t group_id)
465{
466 return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED);
467}
468
469int
470ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
471{
472 return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED);
461} 473}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:59:56 +0000