OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API

Avoid using the deprecated EC_KEY API when building these functions with
OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2022-05-26 13:59:25 +03:00
parent b092d8ee63
commit 4f4479ef9e

View file

@ -26,6 +26,7 @@
#include <openssl/core_names.h> #include <openssl/core_names.h>
#include <openssl/param_build.h> #include <openssl/param_build.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/decoder.h>
#else /* OpenSSL version >= 3.0 */ #else /* OpenSSL version >= 3.0 */
#include <openssl/cmac.h> #include <openssl/cmac.h>
#endif /* OpenSSL version >= 3.0 */ #endif /* OpenSSL version >= 3.0 */
@ -2950,6 +2951,27 @@ size_t crypto_ecdh_prime_len(struct crypto_ecdh *ecdh)
struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len) struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_PKEY *pkey = NULL;
OSSL_DECODER_CTX *ctx;
ctx = OSSL_DECODER_CTX_new_for_pkey(
&pkey, "DER", NULL, "EC",
OSSL_KEYMGMT_SELECT_KEYPAIR |
OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
NULL, NULL);
if (!ctx ||
OSSL_DECODER_from_data(ctx, &der, &der_len) != 1) {
wpa_printf(MSG_INFO, "OpenSSL: Decoding EC private key (DER) failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
return (struct crypto_ec_key *) pkey;
fail:
crypto_ec_key_deinit((struct crypto_ec_key *) pkey);
return NULL;
#else /* OpenSSL version >= 3.0 */
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
EC_KEY *eckey; EC_KEY *eckey;
@ -2971,6 +2993,7 @@ struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len)
fail: fail:
crypto_ec_key_deinit((struct crypto_ec_key *) pkey); crypto_ec_key_deinit((struct crypto_ec_key *) pkey);
return NULL; return NULL;
#endif /* OpenSSL version >= 3.0 */
} }
@ -2986,8 +3009,13 @@ struct crypto_ec_key * crypto_ec_key_parse_pub(const u8 *der, size_t der_len)
} }
/* Ensure this is an EC key */ /* Ensure this is an EC key */
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (!EVP_PKEY_is_a(pkey, "EC"))
goto fail;
#else /* OpenSSL version >= 3.0 */
if (!EVP_PKEY_get0_EC_KEY(pkey)) if (!EVP_PKEY_get0_EC_KEY(pkey))
goto fail; goto fail;
#endif /* OpenSSL version >= 3.0 */
return (struct crypto_ec_key *) pkey; return (struct crypto_ec_key *) pkey;
fail: fail:
crypto_ec_key_deinit((struct crypto_ec_key *) pkey); crypto_ec_key_deinit((struct crypto_ec_key *) pkey);