#include "../ssl_local.h"
#include "statem_local.h"
#include "internal/cryptlib.h"
-#include "internal/evp.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
* more restrictive so check that our sig algs are consistent with this
* EC cert. See section 4.2.3 of RFC8446.
*/
- curve = evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
- .privatekey);
+ curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
if (tls_check_sigalg_curve(s, curve))
return 1;
#else
#include <openssl/provider.h>
#include <openssl/param_build.h>
#include "internal/nelem.h"
-#include "internal/evp.h"
+#include "internal/sizes.h"
#include "internal/tlsgroups.h"
#include "ssl_local.h"
#include <openssl/ct.h>
/* Return group id of a key */
static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
{
- int curve_nid = evp_pkey_get_EC_KEY_curve_nid(pkey);
+ int curve_nid = ssl_get_EC_curve_nid(pkey);
if (curve_nid == NID_undef)
return 0;
/* For TLS 1.3 or Suite B check curve matches signature algorithm */
if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
- int curve = evp_pkey_get_EC_KEY_curve_nid(pkey);
+ int curve = ssl_get_EC_curve_nid(pkey);
if (lu->curve != NID_undef && curve != lu->curve) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE);
: s->cert->pkeys[lu->sig_idx].privatekey;
if (lu->sig == EVP_PKEY_EC) {
-#ifndef OPENSSL_NO_EC
if (curve == -1)
- curve = evp_pkey_get_EC_KEY_curve_nid(tmppkey);
+ curve = ssl_get_EC_curve_nid(tmppkey);
if (lu->curve != NID_undef && curve != lu->curve)
continue;
-#else
- continue;
-#endif
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu))
if (SSL_USE_SIGALGS(s)) {
size_t i;
if (s->s3.tmp.peer_sigalgs != NULL) {
-#ifndef OPENSSL_NO_EC
int curve = -1;
/* For Suite B need to match signature algorithm to curve */
if (tls1_suiteb(s))
- curve =
- evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
- .privatekey);
-#endif
+ curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
+ .privatekey);
/*
* Find highest preference signature algorithm matching
if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu))
continue;
}
-#ifndef OPENSSL_NO_EC
if (curve == -1 || lu->curve == curve)
-#endif
break;
}
#ifndef OPENSSL_NO_GOST
return 0;
}
+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey)
+{
+ char gname[OSSL_MAX_NAME_SIZE];
+
+ if (EVP_PKEY_get_group_name(pkey, gname, sizeof(gname), NULL) > 0)
+ return OBJ_txt2nid(gname);
+
+ return NID_undef;
+}