OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()

The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-10 23:49:39 +02:00
parent 7641d485db
commit c23e87d0d1
2 changed files with 3 additions and 56 deletions

View file

@ -1066,12 +1066,8 @@ static void dpp_debug_print_key(const char *title, EVP_PKEY *key)
static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
#ifdef OPENSSL_IS_BORINGSSL
EVP_PKEY_CTX *kctx = NULL;
EC_KEY *ec_params;
#else
EVP_PKEY_CTX *pctx, *kctx = NULL;
#endif
EVP_PKEY *params = NULL, *key = NULL;
int nid;
@ -1082,7 +1078,7 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
return NULL;
}
#ifdef OPENSSL_IS_BORINGSSL
ec_params = EC_KEY_new_by_curve_name(nid);
if (!ec_params) {
wpa_printf(MSG_ERROR,
@ -1096,22 +1092,6 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
"DPP: Failed to generate EVP_PKEY parameters");
goto fail;
}
#else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
if (!pctx ||
EVP_PKEY_paramgen_init(pctx) != 1 ||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) != 1 ||
#ifdef EVP_PKEY_CTX_set_ec_param_enc
EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE) != 1 ||
#endif
EVP_PKEY_paramgen(pctx, &params) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to generate EVP_PKEY parameters");
EVP_PKEY_CTX_free(pctx);
goto fail;
}
EVP_PKEY_CTX_free(pctx);
#endif
kctx = EVP_PKEY_CTX_new(params, NULL);
if (!kctx ||

View file

@ -1705,11 +1705,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
{
struct crypto_ecdh *ecdh;
EVP_PKEY *params = NULL;
#ifdef OPENSSL_IS_BORINGSSL
EC_KEY *ec_params;
#else /* OPENSSL_IS_BORINGSSL */
EVP_PKEY_CTX *pctx = NULL;
#endif /* OPENSSL_IS_BORINGSSL */
EVP_PKEY_CTX *kctx = NULL;
ecdh = os_zalloc(sizeof(*ecdh));
@ -1720,45 +1716,19 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
if (!ecdh->ec)
goto fail;
#ifdef OPENSSL_IS_BORINGSSL
ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid);
if (!ec_params) {
wpa_printf(MSG_ERROR,
"BoringSSL: Failed to generate EC_KEY parameters");
"OpenSSL: Failed to generate EC_KEY parameters");
goto fail;
}
EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
params = EVP_PKEY_new();
if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
wpa_printf(MSG_ERROR,
"BoringSSL: Failed to generate EVP_PKEY parameters");
"OpenSSL: Failed to generate EVP_PKEY parameters");
goto fail;
}
#else /* OPENSSL_IS_BORINGSSL */
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
if (!pctx)
goto fail;
if (EVP_PKEY_paramgen_init(pctx) != 1) {
wpa_printf(MSG_ERROR,
"OpenSSL: EVP_PKEY_paramgen_init failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecdh->ec->nid) != 1) {
wpa_printf(MSG_ERROR,
"OpenSSL: EVP_PKEY_CTX_set_ec_paramgen_curve_nid failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
if (EVP_PKEY_paramgen(pctx, &params) != 1) {
wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_paramgen failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
#endif /* OPENSSL_IS_BORINGSSL */
kctx = EVP_PKEY_CTX_new(params, NULL);
if (!kctx)
@ -1779,9 +1749,6 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
done:
EVP_PKEY_free(params);
#ifndef OPENSSL_IS_BORINGSSL
EVP_PKEY_CTX_free(pctx);
#endif /* OPENSSL_IS_BORINGSSL */
EVP_PKEY_CTX_free(kctx);
return ecdh;