summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2021-01-18 17:05:43 +0100
committerTomas Mraz <tomas@openssl.org>2021-01-26 15:26:17 +0100
commit3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562 (patch)
tree93c946b1f048024e1b46926a4add46e7d3f74732 /ssl
parentDeprecate EC_KEY + Update ec apps to use EVP_PKEY (diff)
downloadopenssl-3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562.tar.xz
openssl-3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562.zip
Add EVP_PKEY functions to get EC conv form and field type
libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order to get the conv form and field type. Instead we provide EVP_PKEY level functions to do this. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/t1_lib.c24
1 files changed, 9 insertions, 15 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 799ff357f8..ccc71a1995 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -820,22 +820,19 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
{
unsigned char comp_id;
size_t i;
- char name[80];
- size_t name_len;
-
+ int point_conv;
/* If not an EC key nothing to check */
if (!EVP_PKEY_is_a(pkey, "EC"))
return 1;
- if (!EVP_PKEY_get_utf8_string_param(pkey,
- OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
- name, sizeof(name), &name_len))
- return 0;
/* Get required compression id */
- if (strcasecmp(name, "uncompressed") == 0) {
- comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ point_conv = EVP_PKEY_get_ec_point_conv_form(pkey);
+ if (point_conv == 0)
+ return 0;
+ if (point_conv == POINT_CONVERSION_UNCOMPRESSED) {
+ comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) {
/*
* ec_point_formats extension is not used in TLSv1.3 so we ignore
@@ -843,14 +840,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
*/
return 1;
} else {
- if (!EVP_PKEY_get_utf8_string_param(pkey,
- OSSL_PKEY_PARAM_EC_FIELD_TYPE,
- name, sizeof(name), &name_len))
- return 0;
+ int field_type = EVP_PKEY_get_field_type(pkey);
- if (strcasecmp(name, SN_X9_62_prime_field) == 0)
+ if (field_type == NID_X9_62_prime_field)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
- else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0)
+ else if (field_type == NID_X9_62_characteristic_two_field)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
else
return 0;
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 01:04:41 +0100