diff options
| author | Matt Caswell <matt@openssl.org> | 2021-01-18 16:05:43 +0000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-01-26 15:26:17 +0100 |
| commit | 3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562 (patch) | |
| tree | 93c946b1f048024e1b46926a4add46e7d3f74732 /ssl/t1_lib.c | |
| parent | 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (diff) | |
Add EVP_PKEY functions to get EC conv form and field type
libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide EVP_PKEY level
functions to do this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 799ff357f8..ccc71a1995 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -820,22 +820,19 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) { unsigned char comp_id; size_t i; - char name[80]; - size_t name_len; - + int point_conv; /* If not an EC key nothing to check */ if (!EVP_PKEY_is_a(pkey, "EC")) return 1; - if (!EVP_PKEY_get_utf8_string_param(pkey, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - name, sizeof(name), &name_len)) - return 0; /* Get required compression id */ - if (strcasecmp(name, "uncompressed") == 0) { - comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; + point_conv = EVP_PKEY_get_ec_point_conv_form(pkey); + if (point_conv == 0) + return 0; + if (point_conv == POINT_CONVERSION_UNCOMPRESSED) { + comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; } else if (SSL_IS_TLS13(s)) { /* * ec_point_formats extension is not used in TLSv1.3 so we ignore @@ -843,14 +840,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) */ return 1; } else { - if (!EVP_PKEY_get_utf8_string_param(pkey, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, - name, sizeof(name), &name_len)) - return 0; + int field_type = EVP_PKEY_get_field_type(pkey); - if (strcasecmp(name, SN_X9_62_prime_field) == 0) + if (field_type == NID_X9_62_prime_field) comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0) + else if (field_type == NID_X9_62_characteristic_two_field) comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; else return 0; |