if (pkey == NULL || !EVP_PKEY_is_a(pkey, "EC"))
return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
- if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
- curve_name, sizeof(curve_name),
- &curve_name_len))
+ if (!EVP_PKEY_get_group_name(pkey, curve_name, sizeof(curve_name),
+ &curve_name_len))
return X509_V_ERR_SUITE_B_INVALID_CURVE;
curve_nid = OBJ_txt2nid(curve_name);
}
#endif
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
- EVP_PKEY *pkey)
-{
- char name[80];
- int nid, ret = 0;
- size_t name_len;
-
- if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
- name, sizeof(name), &name_len)) {
- SSLerr(0, EC_R_MISSING_PARAMETERS);
- return 0;
- }
- nid = OBJ_txt2nid(name);
- if (nid == NID_undef)
- goto end;
- ret = tls1_set_groups(pext, pextlen, &nid, 1);
-end:
- EVP_PKEY_free(pkey);
- return ret;
-}
-#endif
-
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
- EVP_PKEY *pkecdh = NULL;
-
if (parg == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- pkecdh = ssl_ecdh_to_pkey(parg);
- if (pkecdh == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return 0;
- }
return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
&s->ext.supportedgroups_len,
- pkecdh);
+ parg);
}
-#endif /* !OPENSSL_NO_EC */
+#endif
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
/*
* TODO(OpenSSL1.2)
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
- EVP_PKEY *pkecdh = NULL;
-
if (parg == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- pkecdh = ssl_ecdh_to_pkey(parg);
- if (pkecdh == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return 0;
- }
return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
- pkecdh);
+ parg);
}
-#endif /* !OPENSSL_NO_EC */
+#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->ext.servername_arg = parg;
break;
unsigned char **ctp, size_t *ctlenp,
int gensecret);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
-# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-__owur EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec);
-# endif
+__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+ void *key);
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
/* Some deprecated public APIs pass EC_KEY objects */
# ifndef OPENSSL_NO_EC
-EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec)
+int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+ void *key)
{
- EVP_PKEY *ret;
+ const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
+ int nid;
- if (ec == NULL)
- return NULL;
- ret = EVP_PKEY_new();
- if (EVP_PKEY_set1_EC_KEY(ret, ec) <= 0) {
- EVP_PKEY_free(ret);
- return NULL;
+ if (group == NULL) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
+ return 0;
}
- return ret;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_groups(pext, pextlen, &nid, 1);
}
# endif
#endif
static int pkey_type(EVP_PKEY *pkey)
{
-#ifndef OPENSSL_NO_EC
if (EVP_PKEY_is_a(pkey, "EC")) {
char name[80];
size_t name_len;
- if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
- name, sizeof(name), &name_len))
+ if (!EVP_PKEY_get_group_name(pkey, name, sizeof(name), &name_len))
return NID_undef;
return OBJ_txt2nid(name);
}
-#endif
return EVP_PKEY_id(pkey);
}