From: tb <tb@openbsd.org>
Date: Wed, 17 Aug 2022 18:41:17 +0000 (+0000)
Subject: Provide ssl_security_shared_group()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=051c5a6a99180a58870668f79f41bae936ea26a4;p=openbsd

Provide ssl_security_shared_group()

Refactor ssl_security_supported_group() into a wrapper of a new internal
ssl_security_group() which takes a secop as an argument. This allows
adding ssl_security_shared_group() which will be needed in upcoming
commits.

ok jsing
---

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 1bfeeb97407..f7670693c16 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.418 2022/08/17 07:39:19 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.419 2022/08/17 18:41:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1313,6 +1313,7 @@ int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
     int is_peer, int *out_error);
 int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk,
     X509 *x509, int *out_error);
+int ssl_security_shared_group(const SSL *ssl, uint16_t group_id);
 int ssl_security_supported_group(const SSL *ssl, uint16_t group_id);
 
 int ssl_get_new_session(SSL *s, int session);
diff --git a/lib/libssl/ssl_seclevel.c b/lib/libssl/ssl_seclevel.c
index 0d539bcb836..b691b9bc4bc 100644
--- a/lib/libssl/ssl_seclevel.c
+++ b/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_seclevel.c,v 1.24 2022/07/30 17:26:01 tb Exp $ */
+/*	$OpenBSD: ssl_seclevel.c,v 1.25 2022/08/17 18:41:17 tb Exp $ */
 /*
  * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
  *
@@ -438,8 +438,8 @@ ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509,
 	return 1;
 }
 
-int
-ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
+static int
+ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
 {
 	CBB cbb;
 	int bits, nid;
@@ -457,5 +457,17 @@ ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
 	if (!CBB_finish(&cbb, NULL, NULL))
 		return 0;
 
-	return ssl_security(ssl, SSL_SECOP_CURVE_SUPPORTED, bits, nid, group);
+	return ssl_security(ssl, secop, bits, nid, group);
+}
+
+int
+ssl_security_shared_group(const SSL *ssl, uint16_t group_id)
+{
+	return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED);
+}
+
+int
+ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
+{
+	return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED);
 }