OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()
The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works fine with OpenSSL as well, so use that same implementation for both to avoid unnecessary maintanence of multiple versions. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
7641d485db
commit
c23e87d0d1
2 changed files with 3 additions and 56 deletions
|
|
@ -1066,12 +1066,8 @@ static void dpp_debug_print_key(const char *title, EVP_PKEY *key)
|
||||||
|
|
||||||
static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
|
static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
EVP_PKEY_CTX *kctx = NULL;
|
EVP_PKEY_CTX *kctx = NULL;
|
||||||
EC_KEY *ec_params;
|
EC_KEY *ec_params;
|
||||||
#else
|
|
||||||
EVP_PKEY_CTX *pctx, *kctx = NULL;
|
|
||||||
#endif
|
|
||||||
EVP_PKEY *params = NULL, *key = NULL;
|
EVP_PKEY *params = NULL, *key = NULL;
|
||||||
int nid;
|
int nid;
|
||||||
|
|
||||||
|
|
@ -1082,7 +1078,7 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
|
||||||
wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
|
wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
ec_params = EC_KEY_new_by_curve_name(nid);
|
ec_params = EC_KEY_new_by_curve_name(nid);
|
||||||
if (!ec_params) {
|
if (!ec_params) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
|
|
@ -1096,22 +1092,6 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
|
||||||
"DPP: Failed to generate EVP_PKEY parameters");
|
"DPP: Failed to generate EVP_PKEY parameters");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
|
|
||||||
if (!pctx ||
|
|
||||||
EVP_PKEY_paramgen_init(pctx) != 1 ||
|
|
||||||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) != 1 ||
|
|
||||||
#ifdef EVP_PKEY_CTX_set_ec_param_enc
|
|
||||||
EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE) != 1 ||
|
|
||||||
#endif
|
|
||||||
EVP_PKEY_paramgen(pctx, ¶ms) != 1) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
|
||||||
"DPP: Failed to generate EVP_PKEY parameters");
|
|
||||||
EVP_PKEY_CTX_free(pctx);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
EVP_PKEY_CTX_free(pctx);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
kctx = EVP_PKEY_CTX_new(params, NULL);
|
kctx = EVP_PKEY_CTX_new(params, NULL);
|
||||||
if (!kctx ||
|
if (!kctx ||
|
||||||
|
|
|
||||||
|
|
@ -1705,11 +1705,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
|
||||||
{
|
{
|
||||||
struct crypto_ecdh *ecdh;
|
struct crypto_ecdh *ecdh;
|
||||||
EVP_PKEY *params = NULL;
|
EVP_PKEY *params = NULL;
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
EC_KEY *ec_params;
|
EC_KEY *ec_params;
|
||||||
#else /* OPENSSL_IS_BORINGSSL */
|
|
||||||
EVP_PKEY_CTX *pctx = NULL;
|
|
||||||
#endif /* OPENSSL_IS_BORINGSSL */
|
|
||||||
EVP_PKEY_CTX *kctx = NULL;
|
EVP_PKEY_CTX *kctx = NULL;
|
||||||
|
|
||||||
ecdh = os_zalloc(sizeof(*ecdh));
|
ecdh = os_zalloc(sizeof(*ecdh));
|
||||||
|
|
@ -1720,45 +1716,19 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
|
||||||
if (!ecdh->ec)
|
if (!ecdh->ec)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
#ifdef OPENSSL_IS_BORINGSSL
|
|
||||||
ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid);
|
ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid);
|
||||||
if (!ec_params) {
|
if (!ec_params) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"BoringSSL: Failed to generate EC_KEY parameters");
|
"OpenSSL: Failed to generate EC_KEY parameters");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
|
EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
|
||||||
params = EVP_PKEY_new();
|
params = EVP_PKEY_new();
|
||||||
if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
|
if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"BoringSSL: Failed to generate EVP_PKEY parameters");
|
"OpenSSL: Failed to generate EVP_PKEY parameters");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
#else /* OPENSSL_IS_BORINGSSL */
|
|
||||||
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
|
|
||||||
if (!pctx)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
if (EVP_PKEY_paramgen_init(pctx) != 1) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
|
||||||
"OpenSSL: EVP_PKEY_paramgen_init failed: %s",
|
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecdh->ec->nid) != 1) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
|
||||||
"OpenSSL: EVP_PKEY_CTX_set_ec_paramgen_curve_nid failed: %s",
|
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (EVP_PKEY_paramgen(pctx, ¶ms) != 1) {
|
|
||||||
wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_paramgen failed: %s",
|
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
#endif /* OPENSSL_IS_BORINGSSL */
|
|
||||||
|
|
||||||
kctx = EVP_PKEY_CTX_new(params, NULL);
|
kctx = EVP_PKEY_CTX_new(params, NULL);
|
||||||
if (!kctx)
|
if (!kctx)
|
||||||
|
|
@ -1779,9 +1749,6 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
|
||||||
|
|
||||||
done:
|
done:
|
||||||
EVP_PKEY_free(params);
|
EVP_PKEY_free(params);
|
||||||
#ifndef OPENSSL_IS_BORINGSSL
|
|
||||||
EVP_PKEY_CTX_free(pctx);
|
|
||||||
#endif /* OPENSSL_IS_BORINGSSL */
|
|
||||||
EVP_PKEY_CTX_free(kctx);
|
EVP_PKEY_CTX_free(kctx);
|
||||||
|
|
||||||
return ecdh;
|
return ecdh;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue