diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-01-20 14:01:01 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-01-26 15:26:49 +0100 |
commit | 0c8e98e615d3522592a5bde6fcef43e42eb70deb (patch) | |
tree | d4cde4d46f67f9d2baf6a5d9c7bf8982699d856f /ssl/s3_lib.c | |
parent | f377e58fde1a7e6b29067c48df7d3c04fdaeba38 (diff) |
Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 45 |
1 files changed, 4 insertions, 41 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 34980b0bc6..966d799d6b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3430,29 +3430,6 @@ static char *srp_password_from_info_cb(SSL *s, void *arg) } #endif -#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, - EVP_PKEY *pkey) -{ - char name[80]; - int nid, ret = 0; - size_t name_len; - - if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, - name, sizeof(name), &name_len)) { - SSLerr(0, EC_R_MISSING_PARAMETERS); - return 0; - } - nid = OBJ_txt2nid(name); - if (nid == NID_undef) - goto end; - ret = tls1_set_groups(pext, pextlen, &nid, 1); -end: - EVP_PKEY_free(pkey); - return ret; -} -#endif - static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) @@ -3503,22 +3480,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_ECDH: { - EVP_PKEY *pkecdh = NULL; - if (parg == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - pkecdh = ssl_ecdh_to_pkey(parg); - if (pkecdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return 0; - } return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, &s->ext.supportedgroups_len, - pkecdh); + parg); } -#endif /* !OPENSSL_NO_EC */ +#endif case SSL_CTRL_SET_TLSEXT_HOSTNAME: /* * TODO(OpenSSL1.2) @@ -3838,22 +3808,15 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_ECDH: { - EVP_PKEY *pkecdh = NULL; - if (parg == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - pkecdh = ssl_ecdh_to_pkey(parg); - if (pkecdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return 0; - } return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, - pkecdh); + parg); } -#endif /* !OPENSSL_NO_EC */ +#endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->ext.servername_arg = parg; break; |