Provide ssl_security_shared_group()

Refactor ssl_security_supported_group() into a wrapper of a new internal
ssl_security_group() which takes a secop as an argument. This allows
adding ssl_security_shared_group() which will be needed in upcoming
commits.

ok jsing

1 files changed, 16 insertions, 4 deletions

diff --git a/lib/libssl/ssl_seclevel.c b/lib/libssl/ssl_seclevel.c
index 0d539bcb836..b691b9bc4bc 100644
--- a/lib/libssl/ssl_seclevel.c
+++ b/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_seclevel.c,v 1.24 2022/07/30 17:26:01 tb Exp $ */
+/*	$OpenBSD: ssl_seclevel.c,v 1.25 2022/08/17 18:41:17 tb Exp $ */
 /*
  * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
  *
@@ -438,8 +438,8 @@ ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509,
 	return 1;
 }
 
-int
-ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
+static int
+ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
 {
 	CBB cbb;
 	int bits, nid;
@@ -457,5 +457,17 @@ ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
 	if (!CBB_finish(&cbb, NULL, NULL))
 		return 0;
 
-	return ssl_security(ssl, SSL_SECOP_CURVE_SUPPORTED, bits, nid, group);
+	return ssl_security(ssl, secop, bits, nid, group);
+}
+
+int
+ssl_security_shared_group(const SSL *ssl, uint16_t group_id)
+{
+	return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED);
+}
+
+int
+ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
+{
+	return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED);
 }