/* Check a key is compatible with compression extension */
static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
{
- const EC_KEY *ec;
- const EC_GROUP *grp;
unsigned char comp_id;
size_t i;
+ char name[80];
+ size_t name_len;
+
/* If not an EC key nothing to check */
if (!EVP_PKEY_is_a(pkey, "EC"))
return 1;
- ec = EVP_PKEY_get0_EC_KEY(pkey);
- grp = EC_KEY_get0_group(ec);
+
+ if (!EVP_PKEY_get_utf8_string_param(pkey,
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ name, sizeof(name), &name_len))
+ return 0;
/* Get required compression id */
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
- comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ if (strcasecmp(name, "uncompressed") == 0) {
+ comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) {
- /*
- * ec_point_formats extension is not used in TLSv1.3 so we ignore
- * this check.
- */
- return 1;
+ /*
+ * ec_point_formats extension is not used in TLSv1.3 so we ignore
+ * this check.
+ */
+ return 1;
} else {
- int field_type = EC_GROUP_get_field_type(grp);
+ if (!EVP_PKEY_get_utf8_string_param(pkey,
+ OSSL_PKEY_PARAM_EC_FIELD_TYPE,
+ name, sizeof(name), &name_len))
+ return 0;
- if (field_type == NID_X9_62_prime_field)
+ if (strcasecmp(name, SN_X9_62_prime_field) == 0)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
- else if (field_type == NID_X9_62_characteristic_two_field)
+ else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
else
return 0;