From ef36d1f9e8dc78d93ed503345655c43c70fe3671 Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 8 Jan 2022 12:43:44 +0000 Subject: [PATCH] Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY. Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@ --- lib/libssl/s3_lib.c | 4 +- lib/libssl/ssl_both.c | 4 +- lib/libssl/ssl_cert.c | 26 +++++------ lib/libssl/ssl_lib.c | 26 +++++------ lib/libssl/ssl_locl.h | 90 +++++++++++++++++++-------------------- lib/libssl/ssl_rsa.c | 18 ++++---- lib/libssl/ssl_srvr.c | 4 +- lib/libssl/t1_lib.c | 6 +-- lib/libssl/tls13_client.c | 12 +++--- lib/libssl/tls13_server.c | 12 +++--- 10 files changed, 101 insertions(+), 101 deletions(-) diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 1ede113cbb2..39a4682d106 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.223 2022/01/07 16:45:06 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.224 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2486,7 +2486,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c, *ret = NULL; int can_use_ecc; int i, ii, ok; - CERT *cert; + SSL_CERT *cert; /* Let's see which ciphers we can support */ cert = s->cert; diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 62652f8406f..9894648db85 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.39 2021/11/26 16:41:42 tb Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.40 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -334,7 +334,7 @@ ssl3_add_cert(CBB *cbb, X509 *x) } int -ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) +ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk) { X509_STORE_CTX *xs_ctx = NULL; STACK_OF(X509) *chain; diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 173e217c8f2..c7355473936 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.91 2022/01/07 16:45:06 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.92 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,12 +158,12 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } -CERT * +SSL_CERT * ssl_cert_new(void) { - CERT *ret; + SSL_CERT *ret; - ret = calloc(1, sizeof(CERT)); + ret = calloc(1, sizeof(SSL_CERT)); if (ret == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); @@ -173,13 +173,13 @@ ssl_cert_new(void) return (ret); } -CERT * -ssl_cert_dup(CERT *cert) +SSL_CERT * +ssl_cert_dup(SSL_CERT *cert) { - CERT *ret; + SSL_CERT *ret; int i; - ret = calloc(1, sizeof(CERT)); + ret = calloc(1, sizeof(SSL_CERT)); if (ret == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); @@ -269,7 +269,7 @@ ssl_cert_dup(CERT *cert) void -ssl_cert_free(CERT *c) +ssl_cert_free(SSL_CERT *c) { int i; @@ -292,7 +292,7 @@ ssl_cert_free(CERT *c) } int -ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) +ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain) { if (c->key == NULL) return 0; @@ -304,7 +304,7 @@ ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) } int -ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) +ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain) { STACK_OF(X509) *new_chain = NULL; @@ -321,7 +321,7 @@ ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) } int -ssl_cert_add0_chain_cert(CERT *c, X509 *cert) +ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert) { if (c->key == NULL) return 0; @@ -337,7 +337,7 @@ ssl_cert_add0_chain_cert(CERT *c, X509 *cert) } int -ssl_cert_add1_chain_cert(CERT *c, X509 *cert) +ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert) { if (!ssl_cert_add0_chain_cert(c, cert)) return 0; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 4fe7fb58dce..64b18062382 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.281 2022/01/07 16:45:06 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.282 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -912,7 +912,7 @@ SSL_get0_verified_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { - CERT *tmp; + SSL_CERT *tmp; /* Do we need to do SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) @@ -2187,10 +2187,10 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) } void -ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) { unsigned long mask_a, mask_k; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; if (c == NULL) return; @@ -2259,12 +2259,12 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return (1); } -CERT_PKEY * +SSL_CERT_PKEY * ssl_get_server_send_pkey(const SSL *s) { - unsigned long alg_a; - CERT *c; - int i; + unsigned long alg_a; + SSL_CERT *c; + int i; c = s->cert; ssl_set_cert_masks(c, S3I(s)->hs.cipher); @@ -2291,9 +2291,9 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, { const struct ssl_sigalg *sigalg = NULL; EVP_PKEY *pkey = NULL; - unsigned long alg_a; - CERT *c; - int idx = -1; + unsigned long alg_a; + SSL_CERT *c; + int idx = -1; alg_a = cipher->algorithm_auth; c = s->cert; @@ -2322,7 +2322,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, size_t ssl_dhe_params_auto_key_bits(SSL *s) { - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int key_bits; if (s->cert->dhe_params_auto == 2) { @@ -2974,7 +2974,7 @@ SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { - CERT *new_cert; + SSL_CERT *new_cert; if (ctx == NULL) ctx = ssl->initial_ctx; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 5361704d707..e8c277ec606 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.376 2022/01/07 16:45:06 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.377 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -361,6 +361,34 @@ __BEGIN_HIDDEN_DECLS #define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 +typedef struct ssl_cert_pkey_st { + X509 *x509; + EVP_PKEY *privatekey; + STACK_OF(X509) *chain; +} SSL_CERT_PKEY; + +typedef struct ssl_cert_st { + /* Current active set */ + /* ALWAYS points to an element of the pkeys array + * Probably it would make more sense to store + * an index, not a pointer. */ + SSL_CERT_PKEY *key; + + SSL_CERT_PKEY pkeys[SSL_PKEY_NUM]; + + /* The following masks are for the key and auth + * algorithms that are supported by the certs below */ + int valid; + unsigned long mask_k; + unsigned long mask_a; + + DH *dhe_params; + DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); + int dhe_params_auto; + + int references; /* >1 only if SSL_copy_session_id is used */ +} SSL_CERT; + struct ssl_comp_st { int id; const char *name; @@ -498,12 +526,6 @@ struct ssl_session_st { uint16_t *tlsext_supportedgroups; /* peer's list */ }; -typedef struct cert_pkey_st { - X509 *x509; - EVP_PKEY *privatekey; - STACK_OF(X509) *chain; -} CERT_PKEY; - struct ssl_sigalg; typedef struct ssl_handshake_tls12_st { @@ -533,7 +555,7 @@ typedef struct ssl_handshake_tls13_st { int hrr; /* Certificate selected for use (static pointer). */ - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; /* Version proposed by peer server. */ uint16_t server_version; @@ -785,7 +807,7 @@ typedef struct ssl_ctx_internal_st { STACK_OF(SSL_CIPHER) *cipher_list_tls13; - struct cert_st /* CERT */ *cert; + SSL_CERT *cert; /* Default values used when no per-SSL value is defined follow */ @@ -1058,7 +1080,7 @@ struct ssl_st { STACK_OF(SSL_CIPHER) *cipher_list; /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; + SSL_CERT *cert; /* the session_id_context is used to ensure sessions are only reused * in the appropriate context */ @@ -1200,38 +1222,16 @@ typedef struct ssl3_state_st { struct ssl3_state_internal_st *internal; } SSL3_STATE; -typedef struct cert_st { - /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ - - /* The following masks are for the key and auth - * algorithms that are supported by the certs below */ - int valid; - unsigned long mask_k; - unsigned long mask_a; - - DH *dhe_params; - DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); - int dhe_params_auto; - - CERT_PKEY pkeys[SSL_PKEY_NUM]; - - int references; /* >1 only if SSL_copy_session_id is used */ -} CERT; - - typedef struct sess_cert_st { STACK_OF(X509) *cert_chain; /* as received from peer */ /* The 'peer_...' members are used only by clients. */ int peer_cert_type; - CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ - CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; + SSL_CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ + SSL_CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; /* Obviously we don't have the private keys of these, - * so maybe we shouldn't even use the CERT_PKEY type here. */ + * so maybe we shouldn't even use the SSL_CERT_PKEY type here. */ int references; /* actually always 1 at the moment */ } SESS_CERT; @@ -1293,13 +1293,13 @@ void ssl_info_callback(const SSL *s, int type, int value); void ssl_msg_callback(SSL *s, int is_write, int content_type, const void *msg_buf, size_t msg_len); -CERT *ssl_cert_new(void); -CERT *ssl_cert_dup(CERT *cert); -void ssl_cert_free(CERT *c); -int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); -int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); -int ssl_cert_add0_chain_cert(CERT *c, X509 *cert); -int ssl_cert_add1_chain_cert(CERT *c, X509 *cert); +SSL_CERT *ssl_cert_new(void); +SSL_CERT *ssl_cert_dup(SSL_CERT *cert); +void ssl_cert_free(SSL_CERT *c); +int ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain); +int ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain); +int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert); +int ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert); SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); @@ -1328,12 +1328,12 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); +SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, const struct ssl_sigalg **sap); size_t ssl_dhe_params_auto_key_bits(SSL *s); int ssl_cert_type(X509 *x, EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); +void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_has_ecc_ciphers(SSL *s); int ssl_verify_alarm_type(long type); @@ -1365,7 +1365,7 @@ void ssl_force_want_read(SSL *s); int ssl3_dispatch_alert(SSL *s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk); +int ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk); SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); int ssl3_setup_buffers(SSL *s); diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index e25b9387d7e..6b1010e4132 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.37 2021/11/29 18:36:27 tb Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.38 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,11 +66,11 @@ #include "ssl_locl.h" -static int ssl_set_cert(CERT *c, X509 *x509); -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -static int use_certificate_chain_bio(BIO *in, CERT *cert, +static int ssl_set_cert(SSL_CERT *c, X509 *x509); +static int ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey); +static int use_certificate_chain_bio(BIO *in, SSL_CERT *cert, pem_password_cb *passwd_cb, void *passwd_arg); -static int use_certificate_chain_file(const char *file, CERT *cert, +static int use_certificate_chain_file(const char *file, SSL_CERT *cert, pem_password_cb *passwd_cb, void *passwd_arg); int @@ -167,7 +167,7 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) } static int -ssl_set_pkey(CERT *c, EVP_PKEY *pkey) +ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey) { int i; @@ -343,7 +343,7 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) } static int -ssl_set_cert(CERT *c, X509 *x) +ssl_set_cert(SSL_CERT *c, X509 *x) { EVP_PKEY *pkey; int i; @@ -610,7 +610,7 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, * sent to the peer in the Certificate message. */ static int -use_certificate_chain_bio(BIO *in, CERT *cert, pem_password_cb *passwd_cb, +use_certificate_chain_bio(BIO *in, SSL_CERT *cert, pem_password_cb *passwd_cb, void *passwd_arg) { X509 *ca, *x = NULL; @@ -653,7 +653,7 @@ use_certificate_chain_bio(BIO *in, CERT *cert, pem_password_cb *passwd_cb, } int -use_certificate_chain_file(const char *file, CERT *cert, +use_certificate_chain_file(const char *file, SSL_CERT *cert, pem_password_cb *passwd_cb, void *passwd_arg) { BIO *in; diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 9fad66b91a5..6e749438032 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.132 2022/01/07 16:45:06 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.133 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2277,7 +2277,7 @@ int ssl3_send_server_certificate(SSL *s) { CBB cbb, server_cert; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; /* * Server Certificate - RFC 5246, section 7.4.2. diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 78532054a09..be4bb3026cf 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.184 2021/11/26 16:41:42 tb Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.185 2022/01/08 12:43:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -569,7 +569,7 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) int tls1_check_ec_server_key(SSL *s) { - CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; + SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; uint16_t curve_id; uint8_t comp_id; EC_KEY *eckey; @@ -635,7 +635,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->internal->tlsext_status_cb) { int r; - CERT_PKEY *certpkey; + SSL_CERT_PKEY *certpkey; certpkey = ssl_get_server_send_pkey(s); /* If no certificate can't return certificate status */ if (certpkey == NULL) { diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 8ba78cd02b5..882bce8c1f6 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.89 2022/01/05 17:10:02 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.90 2022/01/08 12:43:44 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -828,7 +828,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) } static int -tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, +tls13_client_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, int *ok, const struct ssl_sigalg **out_sigalg) { const struct ssl_sigalg *sigalg; @@ -851,12 +851,12 @@ tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, } static int -tls13_client_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, +tls13_client_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, const struct ssl_sigalg **out_sigalg) { SSL *s = ctx->ssl; const struct ssl_sigalg *sigalg; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int cert_ok; *out_cpk = NULL; @@ -897,7 +897,7 @@ tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) CBB cert_request_context, cert_list; const struct ssl_sigalg *sigalg; STACK_OF(X509) *chain; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; X509 *cert; int i, ret = 0; @@ -948,7 +948,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index c32ae227794..4edf3881c2c 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.91 2022/01/07 15:46:30 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.92 2022/01/08 12:43:45 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -545,7 +545,7 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) } static int -tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, +tls13_server_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, int *ok, const struct ssl_sigalg **out_sigalg) { const struct ssl_sigalg *sigalg; @@ -575,12 +575,12 @@ tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, } static int -tls13_server_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, +tls13_server_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, const struct ssl_sigalg **out_sigalg) { SSL *s = ctx->ssl; const struct ssl_sigalg *sigalg; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int cert_ok; *out_cpk = NULL; @@ -616,7 +616,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) const struct ssl_sigalg *sigalg; X509_STORE_CTX *xsc = NULL; STACK_OF(X509) *chain; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; X509 *cert; int i, ret = 0; @@ -697,7 +697,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; -- 2.20.1