From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Thu, 24 Jul 2025 08:51:29 +0000 (+0200)
Subject: CLEANUP: ssl: Use only NIDs in curve name to id table
X-Git-Tag: v3.3-dev4~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14615a86722341b65f9bc18cb157be42e2798f90;p=thirdparty%2Fhaproxy.git

CLEANUP: ssl: Use only NIDs in curve name to id table

The curve name to curve id mapping table was built out of multiple
internal tables found in openssl sources, namely the 'nid_to_group'
table found in 'ssl/t1_lib.c' which maps openssl specific NIDs to public
IANA curve identifiers. In this table, there were two instances of
EVP_PKEY_XXX ids being used while all the other ones are NID_XXX
identifiers.
Since the two EVP_PKEY are actually equal to their NID equivalent in
'include/openssl/evp.h' we can use NIDs all along for better coherence.
---

diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 775464c23..01cac2771 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -962,8 +962,8 @@ static struct curve {
 	V( 26,     NID_brainpoolP256r1,                      "brainpoolP256r1",       NULL       ),
 	V( 27,     NID_brainpoolP384r1,                      "brainpoolP384r1",       NULL       ),
 	V( 28,     NID_brainpoolP512r1,                      "brainpoolP512r1",       NULL       ),
-	V( 29,     EVP_PKEY_X25519,                          "ecdh_x25519",           NULL       ),
-	V( 30,     EVP_PKEY_X448,                            "ecdh_x448",             NULL       ),
+	V( 29,     NID_X25519,                               "ecdh_x25519",           NULL       ),
+	V( 30,     NID_X448,                                 "ecdh_x448",             NULL       ),
 	V( 31,     NID_brainpoolP256r1tls13,                 "brainpoolP256r1tls13",  NULL       ),
 	V( 32,     NID_brainpoolP384r1tls13,                 "brainpoolP384r1tls13",  NULL       ),
 	V( 33,     NID_brainpoolP512r1tls13,                 "brainpoolP512r1tls13",  NULL       ),