From f7fed9455632a5807e76bd3a28879f5a87857c53 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 2 Jul 2022 16:00:12 +0000 Subject: Rename uses 'curve' to 'group' and rework tls1 group API. This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing --- src/lib/libssl/ssl_sigalgs.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/lib/libssl/ssl_sigalgs.c') diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 9c38a076ac..754d76e72a 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.45 2022/06/29 07:55:59 tb Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.46 2022/07/02 16:00:12 tb Exp $ */ /* * Copyright (c) 2018-2020 Bob Beck * Copyright (c) 2021 Joel Sing @@ -39,7 +39,7 @@ const struct ssl_sigalg sigalgs[] = { .key_type = EVP_PKEY_EC, .md = EVP_sha512, .security_level = 5, - .curve_nid = NID_secp521r1, + .group_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST { @@ -60,7 +60,7 @@ const struct ssl_sigalg sigalgs[] = { .key_type = EVP_PKEY_EC, .md = EVP_sha384, .security_level = 4, - .curve_nid = NID_secp384r1, + .group_nid = NID_secp384r1, }, { .value = SIGALG_RSA_PKCS1_SHA256, @@ -73,7 +73,7 @@ const struct ssl_sigalg sigalgs[] = { .key_type = EVP_PKEY_EC, .md = EVP_sha256, .security_level = 3, - .curve_nid = NID_X9_62_prime256v1, + .group_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST { @@ -321,12 +321,12 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) return 0; - /* Ensure that curve matches for EC keys. */ + /* Ensure that group matches for EC keys. */ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { - if (sigalg->curve_nid == 0) + if (sigalg->group_nid == 0) return 0; if (EC_GROUP_get_curve_name(EC_KEY_get0_group( - EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) + EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->group_nid) return 0; } -- cgit v1.2.3-55-g6feb