DPP: Use EVP_PKEY_get0_EC_KEY() when a const reference is sufficient
This removes unnecessary allocations and simplifies the implementation by not having to remember to free the cloned reference. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
0a488ef35c
commit
76029c6e11
1 changed files with 23 additions and 37 deletions
|
@ -79,14 +79,12 @@ static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_DPP2
|
|
||||||
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
|
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
|
||||||
{
|
{
|
||||||
if (pkey->type != EVP_PKEY_EC)
|
if (pkey->type != EVP_PKEY_EC)
|
||||||
return NULL;
|
return NULL;
|
||||||
return pkey->pkey.ec;
|
return pkey->pkey.ec;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_DPP2 */
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -673,14 +671,14 @@ fail:
|
||||||
static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key,
|
static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key,
|
||||||
const u8 *buf, size_t len)
|
const u8 *buf, size_t len)
|
||||||
{
|
{
|
||||||
EC_KEY *eckey;
|
const EC_KEY *eckey;
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
EVP_PKEY *pkey = NULL;
|
EVP_PKEY *pkey = NULL;
|
||||||
|
|
||||||
if (len & 1)
|
if (len & 1)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
eckey = EVP_PKEY_get1_EC_KEY(group_key);
|
eckey = EVP_PKEY_get0_EC_KEY(group_key);
|
||||||
if (!eckey) {
|
if (!eckey) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"DPP: Could not get EC_KEY from group_key");
|
"DPP: Could not get EC_KEY from group_key");
|
||||||
|
@ -694,7 +692,6 @@ static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key,
|
||||||
else
|
else
|
||||||
wpa_printf(MSG_ERROR, "DPP: Could not get EC group");
|
wpa_printf(MSG_ERROR, "DPP: Could not get EC group");
|
||||||
|
|
||||||
EC_KEY_free(eckey);
|
|
||||||
return pkey;
|
return pkey;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1519,7 +1516,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
|
||||||
{
|
{
|
||||||
unsigned char *der = NULL;
|
unsigned char *der = NULL;
|
||||||
int der_len;
|
int der_len;
|
||||||
EC_KEY *eckey;
|
const EC_KEY *eckey;
|
||||||
struct wpabuf *ret = NULL;
|
struct wpabuf *ret = NULL;
|
||||||
size_t len;
|
size_t len;
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
|
@ -1529,7 +1526,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
|
||||||
int nid;
|
int nid;
|
||||||
|
|
||||||
ctx = BN_CTX_new();
|
ctx = BN_CTX_new();
|
||||||
eckey = EVP_PKEY_get1_EC_KEY(key);
|
eckey = EVP_PKEY_get0_EC_KEY(key);
|
||||||
if (!ctx || !eckey)
|
if (!ctx || !eckey)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
@ -1576,7 +1573,6 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
|
||||||
fail:
|
fail:
|
||||||
DPP_BOOTSTRAPPING_KEY_free(bootstrap);
|
DPP_BOOTSTRAPPING_KEY_free(bootstrap);
|
||||||
OPENSSL_free(der);
|
OPENSSL_free(der);
|
||||||
EC_KEY_free(eckey);
|
|
||||||
BN_CTX_free(ctx);
|
BN_CTX_free(ctx);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -2956,7 +2952,7 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
|
||||||
{
|
{
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
EC_POINT *l = NULL;
|
EC_POINT *l = NULL;
|
||||||
EC_KEY *BI = NULL, *bR = NULL, *pR = NULL;
|
const EC_KEY *BI, *bR, *pR;
|
||||||
const EC_POINT *BI_point;
|
const EC_POINT *BI_point;
|
||||||
BN_CTX *bnctx;
|
BN_CTX *bnctx;
|
||||||
BIGNUM *lx, *sum, *q;
|
BIGNUM *lx, *sum, *q;
|
||||||
|
@ -2971,7 +2967,7 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
|
||||||
lx = BN_new();
|
lx = BN_new();
|
||||||
if (!bnctx || !sum || !q || !lx)
|
if (!bnctx || !sum || !q || !lx)
|
||||||
goto fail;
|
goto fail;
|
||||||
BI = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey);
|
BI = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
|
||||||
if (!BI)
|
if (!BI)
|
||||||
goto fail;
|
goto fail;
|
||||||
BI_point = EC_KEY_get0_public_key(BI);
|
BI_point = EC_KEY_get0_public_key(BI);
|
||||||
|
@ -2979,8 +2975,8 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
|
||||||
if (!group)
|
if (!group)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
bR = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey);
|
bR = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
|
||||||
pR = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key);
|
pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
|
||||||
if (!bR || !pR)
|
if (!bR || !pR)
|
||||||
goto fail;
|
goto fail;
|
||||||
bR_bn = EC_KEY_get0_private_key(bR);
|
bR_bn = EC_KEY_get0_private_key(bR);
|
||||||
|
@ -3008,9 +3004,6 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
fail:
|
fail:
|
||||||
EC_POINT_clear_free(l);
|
EC_POINT_clear_free(l);
|
||||||
EC_KEY_free(BI);
|
|
||||||
EC_KEY_free(bR);
|
|
||||||
EC_KEY_free(pR);
|
|
||||||
BN_clear_free(lx);
|
BN_clear_free(lx);
|
||||||
BN_clear_free(sum);
|
BN_clear_free(sum);
|
||||||
BN_free(q);
|
BN_free(q);
|
||||||
|
@ -3023,7 +3016,7 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
|
||||||
{
|
{
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
EC_POINT *l = NULL, *sum = NULL;
|
EC_POINT *l = NULL, *sum = NULL;
|
||||||
EC_KEY *bI = NULL, *BR = NULL, *PR = NULL;
|
const EC_KEY *bI, *BR, *PR;
|
||||||
const EC_POINT *BR_point, *PR_point;
|
const EC_POINT *BR_point, *PR_point;
|
||||||
BN_CTX *bnctx;
|
BN_CTX *bnctx;
|
||||||
BIGNUM *lx;
|
BIGNUM *lx;
|
||||||
|
@ -3036,14 +3029,14 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
|
||||||
lx = BN_new();
|
lx = BN_new();
|
||||||
if (!bnctx || !lx)
|
if (!bnctx || !lx)
|
||||||
goto fail;
|
goto fail;
|
||||||
BR = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey);
|
BR = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
|
||||||
PR = EVP_PKEY_get1_EC_KEY(auth->peer_protocol_key);
|
PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
|
||||||
if (!BR || !PR)
|
if (!BR || !PR)
|
||||||
goto fail;
|
goto fail;
|
||||||
BR_point = EC_KEY_get0_public_key(BR);
|
BR_point = EC_KEY_get0_public_key(BR);
|
||||||
PR_point = EC_KEY_get0_public_key(PR);
|
PR_point = EC_KEY_get0_public_key(PR);
|
||||||
|
|
||||||
bI = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey);
|
bI = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
|
||||||
if (!bI)
|
if (!bI)
|
||||||
goto fail;
|
goto fail;
|
||||||
group = EC_KEY_get0_group(bI);
|
group = EC_KEY_get0_group(bI);
|
||||||
|
@ -3071,9 +3064,6 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
|
||||||
fail:
|
fail:
|
||||||
EC_POINT_clear_free(l);
|
EC_POINT_clear_free(l);
|
||||||
EC_POINT_clear_free(sum);
|
EC_POINT_clear_free(sum);
|
||||||
EC_KEY_free(bI);
|
|
||||||
EC_KEY_free(BR);
|
|
||||||
EC_KEY_free(PR);
|
|
||||||
BN_clear_free(lx);
|
BN_clear_free(lx);
|
||||||
BN_CTX_free(bnctx);
|
BN_CTX_free(bnctx);
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -6635,11 +6625,11 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
|
||||||
ECDSA_SIG *sig = NULL;
|
ECDSA_SIG *sig = NULL;
|
||||||
BIGNUM *r = NULL, *s = NULL;
|
BIGNUM *r = NULL, *s = NULL;
|
||||||
const struct dpp_curve_params *curve;
|
const struct dpp_curve_params *curve;
|
||||||
EC_KEY *eckey;
|
const EC_KEY *eckey;
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
int nid;
|
int nid;
|
||||||
|
|
||||||
eckey = EVP_PKEY_get1_EC_KEY(csign_pub);
|
eckey = EVP_PKEY_get0_EC_KEY(csign_pub);
|
||||||
if (!eckey)
|
if (!eckey)
|
||||||
goto fail;
|
goto fail;
|
||||||
group = EC_KEY_get0_group(eckey);
|
group = EC_KEY_get0_group(eckey);
|
||||||
|
@ -6768,7 +6758,6 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
|
||||||
|
|
||||||
ret = DPP_STATUS_OK;
|
ret = DPP_STATUS_OK;
|
||||||
fail:
|
fail:
|
||||||
EC_KEY_free(eckey);
|
|
||||||
EVP_MD_CTX_destroy(md_ctx);
|
EVP_MD_CTX_destroy(md_ctx);
|
||||||
os_free(prot_hdr);
|
os_free(prot_hdr);
|
||||||
wpabuf_free(kid);
|
wpabuf_free(kid);
|
||||||
|
@ -8788,7 +8777,7 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
|
||||||
unsigned int num_elem = 0;
|
unsigned int num_elem = 0;
|
||||||
EC_POINT *Qi = NULL;
|
EC_POINT *Qi = NULL;
|
||||||
EVP_PKEY *Pi = NULL;
|
EVP_PKEY *Pi = NULL;
|
||||||
EC_KEY *Pi_ec = NULL;
|
const EC_KEY *Pi_ec;
|
||||||
const EC_POINT *Pi_point;
|
const EC_POINT *Pi_point;
|
||||||
BIGNUM *hash_bn = NULL;
|
BIGNUM *hash_bn = NULL;
|
||||||
const EC_GROUP *group = NULL;
|
const EC_GROUP *group = NULL;
|
||||||
|
@ -8820,7 +8809,7 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
|
||||||
if (!Pi)
|
if (!Pi)
|
||||||
goto fail;
|
goto fail;
|
||||||
dpp_debug_print_key("DPP: Pi", Pi);
|
dpp_debug_print_key("DPP: Pi", Pi);
|
||||||
Pi_ec = EVP_PKEY_get1_EC_KEY(Pi);
|
Pi_ec = EVP_PKEY_get0_EC_KEY(Pi);
|
||||||
if (!Pi_ec)
|
if (!Pi_ec)
|
||||||
goto fail;
|
goto fail;
|
||||||
Pi_point = EC_KEY_get0_public_key(Pi_ec);
|
Pi_point = EC_KEY_get0_public_key(Pi_ec);
|
||||||
|
@ -8846,7 +8835,6 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
|
||||||
}
|
}
|
||||||
dpp_debug_print_point("DPP: Qi", group, Qi);
|
dpp_debug_print_point("DPP: Qi", group, Qi);
|
||||||
out:
|
out:
|
||||||
EC_KEY_free(Pi_ec);
|
|
||||||
EVP_PKEY_free(Pi);
|
EVP_PKEY_free(Pi);
|
||||||
BN_clear_free(hash_bn);
|
BN_clear_free(hash_bn);
|
||||||
if (ret_group && Qi)
|
if (ret_group && Qi)
|
||||||
|
@ -8872,7 +8860,7 @@ static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
|
||||||
unsigned int num_elem = 0;
|
unsigned int num_elem = 0;
|
||||||
EC_POINT *Qr = NULL;
|
EC_POINT *Qr = NULL;
|
||||||
EVP_PKEY *Pr = NULL;
|
EVP_PKEY *Pr = NULL;
|
||||||
EC_KEY *Pr_ec = NULL;
|
const EC_KEY *Pr_ec;
|
||||||
const EC_POINT *Pr_point;
|
const EC_POINT *Pr_point;
|
||||||
BIGNUM *hash_bn = NULL;
|
BIGNUM *hash_bn = NULL;
|
||||||
const EC_GROUP *group = NULL;
|
const EC_GROUP *group = NULL;
|
||||||
|
@ -8904,7 +8892,7 @@ static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
|
||||||
if (!Pr)
|
if (!Pr)
|
||||||
goto fail;
|
goto fail;
|
||||||
dpp_debug_print_key("DPP: Pr", Pr);
|
dpp_debug_print_key("DPP: Pr", Pr);
|
||||||
Pr_ec = EVP_PKEY_get1_EC_KEY(Pr);
|
Pr_ec = EVP_PKEY_get0_EC_KEY(Pr);
|
||||||
if (!Pr_ec)
|
if (!Pr_ec)
|
||||||
goto fail;
|
goto fail;
|
||||||
Pr_point = EC_KEY_get0_public_key(Pr_ec);
|
Pr_point = EC_KEY_get0_public_key(Pr_ec);
|
||||||
|
@ -8930,7 +8918,6 @@ static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
|
||||||
}
|
}
|
||||||
dpp_debug_print_point("DPP: Qr", group, Qr);
|
dpp_debug_print_point("DPP: Qr", group, Qr);
|
||||||
out:
|
out:
|
||||||
EC_KEY_free(Pr_ec);
|
|
||||||
EVP_PKEY_free(Pr);
|
EVP_PKEY_free(Pr);
|
||||||
BN_clear_free(hash_bn);
|
BN_clear_free(hash_bn);
|
||||||
if (ret_group && Qr)
|
if (ret_group && Qr)
|
||||||
|
@ -9014,7 +9001,7 @@ fail:
|
||||||
|
|
||||||
static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
|
static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
|
||||||
{
|
{
|
||||||
EC_KEY *X_ec = NULL;
|
const EC_KEY *X_ec;
|
||||||
const EC_POINT *X_point;
|
const EC_POINT *X_point;
|
||||||
BN_CTX *bnctx = NULL;
|
BN_CTX *bnctx = NULL;
|
||||||
EC_GROUP *group = NULL;
|
EC_GROUP *group = NULL;
|
||||||
|
@ -9056,7 +9043,7 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* M = X + Qi */
|
/* M = X + Qi */
|
||||||
X_ec = EVP_PKEY_get1_EC_KEY(pkex->x);
|
X_ec = EVP_PKEY_get0_EC_KEY(pkex->x);
|
||||||
if (!X_ec)
|
if (!X_ec)
|
||||||
goto fail;
|
goto fail;
|
||||||
X_point = EC_KEY_get0_public_key(X_ec);
|
X_point = EC_KEY_get0_public_key(X_ec);
|
||||||
|
@ -9133,7 +9120,6 @@ skip_finite_cyclic_group:
|
||||||
|
|
||||||
out:
|
out:
|
||||||
wpabuf_free(M_buf);
|
wpabuf_free(M_buf);
|
||||||
EC_KEY_free(X_ec);
|
|
||||||
EC_POINT_free(M);
|
EC_POINT_free(M);
|
||||||
EC_POINT_free(Qi);
|
EC_POINT_free(Qi);
|
||||||
BN_clear_free(Mx);
|
BN_clear_free(Mx);
|
||||||
|
@ -9386,7 +9372,8 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
|
||||||
BN_CTX *bnctx = NULL;
|
BN_CTX *bnctx = NULL;
|
||||||
EC_GROUP *group = NULL;
|
EC_GROUP *group = NULL;
|
||||||
BIGNUM *Mx = NULL, *My = NULL;
|
BIGNUM *Mx = NULL, *My = NULL;
|
||||||
EC_KEY *Y_ec = NULL, *X_ec = NULL;;
|
const EC_KEY *Y_ec;
|
||||||
|
EC_KEY *X_ec = NULL;
|
||||||
const EC_POINT *Y_point;
|
const EC_POINT *Y_point;
|
||||||
BIGNUM *Nx = NULL, *Ny = NULL;
|
BIGNUM *Nx = NULL, *Ny = NULL;
|
||||||
u8 Kx[DPP_MAX_SHARED_SECRET_LEN];
|
u8 Kx[DPP_MAX_SHARED_SECRET_LEN];
|
||||||
|
@ -9536,7 +9523,7 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* N = Y + Qr */
|
/* N = Y + Qr */
|
||||||
Y_ec = EVP_PKEY_get1_EC_KEY(pkex->y);
|
Y_ec = EVP_PKEY_get0_EC_KEY(pkex->y);
|
||||||
if (!Y_ec)
|
if (!Y_ec)
|
||||||
goto fail;
|
goto fail;
|
||||||
Y_point = EC_KEY_get0_public_key(Y_ec);
|
Y_point = EC_KEY_get0_public_key(Y_ec);
|
||||||
|
@ -9588,7 +9575,6 @@ out:
|
||||||
EC_POINT_free(N);
|
EC_POINT_free(N);
|
||||||
EC_POINT_free(X);
|
EC_POINT_free(X);
|
||||||
EC_KEY_free(X_ec);
|
EC_KEY_free(X_ec);
|
||||||
EC_KEY_free(Y_ec);
|
|
||||||
EC_GROUP_free(group);
|
EC_GROUP_free(group);
|
||||||
return pkex;
|
return pkex;
|
||||||
fail:
|
fail:
|
||||||
|
|
Loading…
Reference in a new issue