Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
author: Shane Lontis <shane.lontis@oracle.com> 2020-10-15 13:41:59 +1000
committer: Tomas Mraz <tomas@openssl.org> 2021-01-26 15:22:14 +0100
commit: 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (patch)
tree: 4a3261cb27a582770270a07b40ecf05ecb71c89a /ssl/t1_lib.c
parent: 98dbf2c1c8143c0cc6dd05be7950d90bc6792064 (diff)
1 files changed, 21 insertions, 14 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 60c17dd809..799ff357f8 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -818,32 +818,39 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
 /* Check a key is compatible with compression extension */
 static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
 {
-    const EC_KEY *ec;
-    const EC_GROUP *grp;
     unsigned char comp_id;
     size_t i;
+    char name[80];
+    size_t name_len;
+
 
     /* If not an EC key nothing to check */
     if (!EVP_PKEY_is_a(pkey, "EC"))
         return 1;
-    ec = EVP_PKEY_get0_EC_KEY(pkey);
-    grp = EC_KEY_get0_group(ec);
+
+    if (!EVP_PKEY_get_utf8_string_param(pkey,
+                                        OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                                        name, sizeof(name), &name_len))
+        return 0;
 
     /* Get required compression id */
-    if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
-            comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+    if (strcasecmp(name, "uncompressed") == 0) {
+        comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
     } else if (SSL_IS_TLS13(s)) {
-            /*
-             * ec_point_formats extension is not used in TLSv1.3 so we ignore
-             * this check.
-             */
-            return 1;
+        /*
+         * ec_point_formats extension is not used in TLSv1.3 so we ignore
+         * this check.
+         */
+        return 1;
     } else {
-        int field_type = EC_GROUP_get_field_type(grp);
+        if (!EVP_PKEY_get_utf8_string_param(pkey,
+                                            OSSL_PKEY_PARAM_EC_FIELD_TYPE,
+                                            name, sizeof(name), &name_len))
+            return 0;
 
-        if (field_type == NID_X9_62_prime_field)
+        if (strcasecmp(name, SN_X9_62_prime_field) == 0)
             comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-        else if (field_type == NID_X9_62_characteristic_two_field)
+        else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0)
             comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
         else
             return 0;
author	Shane Lontis <shane.lontis@oracle.com>	2020-10-15 13:41:59 +1000
committer	Tomas Mraz <tomas@openssl.org>	2021-01-26 15:22:14 +0100
commit	5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (patch)
tree	4a3261cb27a582770270a07b40ecf05ecb71c89a /ssl/t1_lib.c
parent	98dbf2c1c8143c0cc6dd05be7950d90bc6792064 (diff)