From 9dba47cf9a95c7727165ee3beec47eac0cf9e361 Mon Sep 17 00:00:00 2001 From: op Date: Sun, 18 Jun 2023 11:43:03 +0000 Subject: [PATCH] libtls: switch ECDSA_METHOD usage to EC_KEY_METHOD smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto. The diff is from gilles' work on OpenSMTPD-portable, libretls had a similar diff. ok tb@, jsing@ --- lib/libtls/tls.c | 10 +++++----- lib/libtls/tls_internal.h | 4 ++-- lib/libtls/tls_signer.c | 15 +++++---------- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 989339dc033..8444169bdcc 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */ +/* $OpenBSD: tls.c,v 1.97 2023/06/18 11:43:03 op Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -389,7 +389,7 @@ static int tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) { RSA_METHOD *rsa_method; - ECDSA_METHOD *ecdsa_method; + EC_KEY_METHOD *ecdsa_method; RSA *rsa = NULL; EC_KEY *eckey = NULL; int ret = -1; @@ -427,15 +427,15 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p break; case EVP_PKEY_EC: if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || - ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { + EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { tls_set_errorx(ctx, "EC key setup failure"); goto err; } if (ctx->config->sign_cb != NULL) { ecdsa_method = tls_signer_ecdsa_method(); if (ecdsa_method == NULL || - ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 || - ECDSA_set_method(eckey, ecdsa_method) == 0) { + EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 || + EC_KEY_set_method(eckey, ecdsa_method) == 0) { tls_set_errorx(ctx, "failed to setup EC key"); goto err; } diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index f4c23f64e67..af081a079a3 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.81 2023/04/09 18:26:26 tb Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.82 2023/06/18 11:43:03 op Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -298,7 +298,7 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash); int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); RSA_METHOD *tls_signer_rsa_method(void); -ECDSA_METHOD *tls_signer_ecdsa_method(void); +EC_KEY_METHOD *tls_signer_ecdsa_method(void); #define TLS_PADDING_NONE 0 #define TLS_PADDING_RSA_PKCS1 1 diff --git a/lib/libtls/tls_signer.c b/lib/libtls/tls_signer.c index f6005d3e07a..372fa77819f 100644 --- a/lib/libtls/tls_signer.c +++ b/lib/libtls/tls_signer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */ +/* $OpenBSD: tls_signer.c,v 1.6 2023/06/18 11:43:03 op Exp $ */ /* * Copyright (c) 2021 Eric Faurot * @@ -419,26 +419,21 @@ tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, return (NULL); } -ECDSA_METHOD * +EC_KEY_METHOD * tls_signer_ecdsa_method(void) { - static ECDSA_METHOD *ecdsa_method = NULL; + static EC_KEY_METHOD *ecdsa_method = NULL; pthread_mutex_lock(&signer_method_lock); if (ecdsa_method != NULL) goto out; - ecdsa_method = calloc(1, sizeof(*ecdsa_method)); + ecdsa_method = EC_KEY_METHOD_new(NULL); if (ecdsa_method == NULL) goto out; - ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign; - ecdsa_method->name = strdup("libtls ECDSA method"); - if (ecdsa_method->name == NULL) { - free(ecdsa_method); - ecdsa_method = NULL; - } + EC_KEY_METHOD_set_sign(ecdsa_method, NULL, NULL, tls_ecdsa_do_sign); out: pthread_mutex_unlock(&signer_method_lock); -- 2.20.1