From 727678bac9040805562e79cfeca4ee4b953bd557 Mon Sep 17 00:00:00 2001
From: op <>
Date: Sun, 18 Jun 2023 11:43:03 +0000
Subject: libtls: switch ECDSA_METHOD usage to EC_KEY_METHOD
smtpd and the bits it needs in libtls are the only consumer left of
ECDSA_METHOD, which is long deprecated. This paves the way for the
removal in libcrypto.
The diff is from gilles' work on OpenSMTPD-portable, libretls had a
similar diff.
ok tb@, jsing@
---
src/lib/libtls/tls.c | 10 +++++-----
src/lib/libtls/tls_internal.h | 4 ++--
src/lib/libtls/tls_signer.c | 15 +++++----------
3 files changed, 12 insertions(+), 17 deletions(-)
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 989339dc03..8444169bdc 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */
+/* $OpenBSD: tls.c,v 1.97 2023/06/18 11:43:03 op Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -389,7 +389,7 @@ static int
tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
{
RSA_METHOD *rsa_method;
- ECDSA_METHOD *ecdsa_method;
+ EC_KEY_METHOD *ecdsa_method;
RSA *rsa = NULL;
EC_KEY *eckey = NULL;
int ret = -1;
@@ -427,15 +427,15 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
break;
case EVP_PKEY_EC:
if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
- ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
+ EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
tls_set_errorx(ctx, "EC key setup failure");
goto err;
}
if (ctx->config->sign_cb != NULL) {
ecdsa_method = tls_signer_ecdsa_method();
if (ecdsa_method == NULL ||
- ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
- ECDSA_set_method(eckey, ecdsa_method) == 0) {
+ EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 ||
+ EC_KEY_set_method(eckey, ecdsa_method) == 0) {
tls_set_errorx(ctx, "failed to setup EC key");
goto err;
}
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index f4c23f64e6..af081a079a 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.81 2023/04/09 18:26:26 tb Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.82 2023/06/18 11:43:03 op Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -298,7 +298,7 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash);
int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
RSA_METHOD *tls_signer_rsa_method(void);
-ECDSA_METHOD *tls_signer_ecdsa_method(void);
+EC_KEY_METHOD *tls_signer_ecdsa_method(void);
#define TLS_PADDING_NONE 0
#define TLS_PADDING_RSA_PKCS1 1
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index f6005d3e07..372fa77819 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.6 2023/06/18 11:43:03 op Exp $ */
/*
* Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
*
@@ -419,26 +419,21 @@ tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
return (NULL);
}
-ECDSA_METHOD *
+EC_KEY_METHOD *
tls_signer_ecdsa_method(void)
{
- static ECDSA_METHOD *ecdsa_method = NULL;
+ static EC_KEY_METHOD *ecdsa_method = NULL;
pthread_mutex_lock(&signer_method_lock);
if (ecdsa_method != NULL)
goto out;
- ecdsa_method = calloc(1, sizeof(*ecdsa_method));
+ ecdsa_method = EC_KEY_METHOD_new(NULL);
if (ecdsa_method == NULL)
goto out;
- ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign;
- ecdsa_method->name = strdup("libtls ECDSA method");
- if (ecdsa_method->name == NULL) {
- free(ecdsa_method);
- ecdsa_method = NULL;
- }
+ EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign);
out:
pthread_mutex_unlock(&signer_method_lock);
--
cgit v1.2.3-55-g6feb