DPP: Use EVP_PKEY_get0_EC_KEY() when a const reference is sufficient

This removes unnecessary allocations and simplifies the implementation
by not having to remember to free the cloned reference.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-05-10 15:42:47 +03:00 committed by Jouni Malinen
parent 0a488ef35c
commit 76029c6e11

View file

@ -79,14 +79,12 @@ static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr,
} }
#ifdef CONFIG_DPP2
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
{ {
if (pkey->type != EVP_PKEY_EC) if (pkey->type != EVP_PKEY_EC)
return NULL; return NULL;
return pkey->pkey.ec; return pkey->pkey.ec;
} }
#endif /* CONFIG_DPP2 */
#endif #endif
@ -673,14 +671,14 @@ fail:
static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key,
const u8 *buf, size_t len) const u8 *buf, size_t len)
{ {
EC_KEY *eckey; const EC_KEY *eckey;
const EC_GROUP *group; const EC_GROUP *group;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
if (len & 1) if (len & 1)
return NULL; return NULL;
eckey = EVP_PKEY_get1_EC_KEY(group_key); eckey = EVP_PKEY_get0_EC_KEY(group_key);
if (!eckey) { if (!eckey) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
"DPP: Could not get EC_KEY from group_key"); "DPP: Could not get EC_KEY from group_key");
@ -694,7 +692,6 @@ static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key,
else else
wpa_printf(MSG_ERROR, "DPP: Could not get EC group"); wpa_printf(MSG_ERROR, "DPP: Could not get EC group");
EC_KEY_free(eckey);
return pkey; return pkey;
} }
@ -1519,7 +1516,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
{ {
unsigned char *der = NULL; unsigned char *der = NULL;
int der_len; int der_len;
EC_KEY *eckey; const EC_KEY *eckey;
struct wpabuf *ret = NULL; struct wpabuf *ret = NULL;
size_t len; size_t len;
const EC_GROUP *group; const EC_GROUP *group;
@ -1529,7 +1526,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
int nid; int nid;
ctx = BN_CTX_new(); ctx = BN_CTX_new();
eckey = EVP_PKEY_get1_EC_KEY(key); eckey = EVP_PKEY_get0_EC_KEY(key);
if (!ctx || !eckey) if (!ctx || !eckey)
goto fail; goto fail;
@ -1576,7 +1573,6 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
fail: fail:
DPP_BOOTSTRAPPING_KEY_free(bootstrap); DPP_BOOTSTRAPPING_KEY_free(bootstrap);
OPENSSL_free(der); OPENSSL_free(der);
EC_KEY_free(eckey);
BN_CTX_free(ctx); BN_CTX_free(ctx);
return ret; return ret;
} }
@ -2956,7 +2952,7 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
{ {
const EC_GROUP *group; const EC_GROUP *group;
EC_POINT *l = NULL; EC_POINT *l = NULL;
EC_KEY *BI = NULL, *bR = NULL, *pR = NULL; const EC_KEY *BI, *bR, *pR;
const EC_POINT *BI_point; const EC_POINT *BI_point;
BN_CTX *bnctx; BN_CTX *bnctx;
BIGNUM *lx, *sum, *q; BIGNUM *lx, *sum, *q;
@ -2971,7 +2967,7 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
lx = BN_new(); lx = BN_new();
if (!bnctx || !sum || !q || !lx) if (!bnctx || !sum || !q || !lx)
goto fail; goto fail;
BI = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey); BI = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
if (!BI) if (!BI)
goto fail; goto fail;
BI_point = EC_KEY_get0_public_key(BI); BI_point = EC_KEY_get0_public_key(BI);
@ -2979,8 +2975,8 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
if (!group) if (!group)
goto fail; goto fail;
bR = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey); bR = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
pR = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key); pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
if (!bR || !pR) if (!bR || !pR)
goto fail; goto fail;
bR_bn = EC_KEY_get0_private_key(bR); bR_bn = EC_KEY_get0_private_key(bR);
@ -3008,9 +3004,6 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
ret = 0; ret = 0;
fail: fail:
EC_POINT_clear_free(l); EC_POINT_clear_free(l);
EC_KEY_free(BI);
EC_KEY_free(bR);
EC_KEY_free(pR);
BN_clear_free(lx); BN_clear_free(lx);
BN_clear_free(sum); BN_clear_free(sum);
BN_free(q); BN_free(q);
@ -3023,7 +3016,7 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
{ {
const EC_GROUP *group; const EC_GROUP *group;
EC_POINT *l = NULL, *sum = NULL; EC_POINT *l = NULL, *sum = NULL;
EC_KEY *bI = NULL, *BR = NULL, *PR = NULL; const EC_KEY *bI, *BR, *PR;
const EC_POINT *BR_point, *PR_point; const EC_POINT *BR_point, *PR_point;
BN_CTX *bnctx; BN_CTX *bnctx;
BIGNUM *lx; BIGNUM *lx;
@ -3036,14 +3029,14 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
lx = BN_new(); lx = BN_new();
if (!bnctx || !lx) if (!bnctx || !lx)
goto fail; goto fail;
BR = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey); BR = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
PR = EVP_PKEY_get1_EC_KEY(auth->peer_protocol_key); PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
if (!BR || !PR) if (!BR || !PR)
goto fail; goto fail;
BR_point = EC_KEY_get0_public_key(BR); BR_point = EC_KEY_get0_public_key(BR);
PR_point = EC_KEY_get0_public_key(PR); PR_point = EC_KEY_get0_public_key(PR);
bI = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey); bI = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
if (!bI) if (!bI)
goto fail; goto fail;
group = EC_KEY_get0_group(bI); group = EC_KEY_get0_group(bI);
@ -3071,9 +3064,6 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
fail: fail:
EC_POINT_clear_free(l); EC_POINT_clear_free(l);
EC_POINT_clear_free(sum); EC_POINT_clear_free(sum);
EC_KEY_free(bI);
EC_KEY_free(BR);
EC_KEY_free(PR);
BN_clear_free(lx); BN_clear_free(lx);
BN_CTX_free(bnctx); BN_CTX_free(bnctx);
return ret; return ret;
@ -6635,11 +6625,11 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
ECDSA_SIG *sig = NULL; ECDSA_SIG *sig = NULL;
BIGNUM *r = NULL, *s = NULL; BIGNUM *r = NULL, *s = NULL;
const struct dpp_curve_params *curve; const struct dpp_curve_params *curve;
EC_KEY *eckey; const EC_KEY *eckey;
const EC_GROUP *group; const EC_GROUP *group;
int nid; int nid;
eckey = EVP_PKEY_get1_EC_KEY(csign_pub); eckey = EVP_PKEY_get0_EC_KEY(csign_pub);
if (!eckey) if (!eckey)
goto fail; goto fail;
group = EC_KEY_get0_group(eckey); group = EC_KEY_get0_group(eckey);
@ -6768,7 +6758,6 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
ret = DPP_STATUS_OK; ret = DPP_STATUS_OK;
fail: fail:
EC_KEY_free(eckey);
EVP_MD_CTX_destroy(md_ctx); EVP_MD_CTX_destroy(md_ctx);
os_free(prot_hdr); os_free(prot_hdr);
wpabuf_free(kid); wpabuf_free(kid);
@ -8788,7 +8777,7 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
unsigned int num_elem = 0; unsigned int num_elem = 0;
EC_POINT *Qi = NULL; EC_POINT *Qi = NULL;
EVP_PKEY *Pi = NULL; EVP_PKEY *Pi = NULL;
EC_KEY *Pi_ec = NULL; const EC_KEY *Pi_ec;
const EC_POINT *Pi_point; const EC_POINT *Pi_point;
BIGNUM *hash_bn = NULL; BIGNUM *hash_bn = NULL;
const EC_GROUP *group = NULL; const EC_GROUP *group = NULL;
@ -8820,7 +8809,7 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
if (!Pi) if (!Pi)
goto fail; goto fail;
dpp_debug_print_key("DPP: Pi", Pi); dpp_debug_print_key("DPP: Pi", Pi);
Pi_ec = EVP_PKEY_get1_EC_KEY(Pi); Pi_ec = EVP_PKEY_get0_EC_KEY(Pi);
if (!Pi_ec) if (!Pi_ec)
goto fail; goto fail;
Pi_point = EC_KEY_get0_public_key(Pi_ec); Pi_point = EC_KEY_get0_public_key(Pi_ec);
@ -8846,7 +8835,6 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
} }
dpp_debug_print_point("DPP: Qi", group, Qi); dpp_debug_print_point("DPP: Qi", group, Qi);
out: out:
EC_KEY_free(Pi_ec);
EVP_PKEY_free(Pi); EVP_PKEY_free(Pi);
BN_clear_free(hash_bn); BN_clear_free(hash_bn);
if (ret_group && Qi) if (ret_group && Qi)
@ -8872,7 +8860,7 @@ static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
unsigned int num_elem = 0; unsigned int num_elem = 0;
EC_POINT *Qr = NULL; EC_POINT *Qr = NULL;
EVP_PKEY *Pr = NULL; EVP_PKEY *Pr = NULL;
EC_KEY *Pr_ec = NULL; const EC_KEY *Pr_ec;
const EC_POINT *Pr_point; const EC_POINT *Pr_point;
BIGNUM *hash_bn = NULL; BIGNUM *hash_bn = NULL;
const EC_GROUP *group = NULL; const EC_GROUP *group = NULL;
@ -8904,7 +8892,7 @@ static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
if (!Pr) if (!Pr)
goto fail; goto fail;
dpp_debug_print_key("DPP: Pr", Pr); dpp_debug_print_key("DPP: Pr", Pr);
Pr_ec = EVP_PKEY_get1_EC_KEY(Pr); Pr_ec = EVP_PKEY_get0_EC_KEY(Pr);
if (!Pr_ec) if (!Pr_ec)
goto fail; goto fail;
Pr_point = EC_KEY_get0_public_key(Pr_ec); Pr_point = EC_KEY_get0_public_key(Pr_ec);
@ -8930,7 +8918,6 @@ static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
} }
dpp_debug_print_point("DPP: Qr", group, Qr); dpp_debug_print_point("DPP: Qr", group, Qr);
out: out:
EC_KEY_free(Pr_ec);
EVP_PKEY_free(Pr); EVP_PKEY_free(Pr);
BN_clear_free(hash_bn); BN_clear_free(hash_bn);
if (ret_group && Qr) if (ret_group && Qr)
@ -9014,7 +9001,7 @@ fail:
static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex) static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
{ {
EC_KEY *X_ec = NULL; const EC_KEY *X_ec;
const EC_POINT *X_point; const EC_POINT *X_point;
BN_CTX *bnctx = NULL; BN_CTX *bnctx = NULL;
EC_GROUP *group = NULL; EC_GROUP *group = NULL;
@ -9056,7 +9043,7 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
goto fail; goto fail;
/* M = X + Qi */ /* M = X + Qi */
X_ec = EVP_PKEY_get1_EC_KEY(pkex->x); X_ec = EVP_PKEY_get0_EC_KEY(pkex->x);
if (!X_ec) if (!X_ec)
goto fail; goto fail;
X_point = EC_KEY_get0_public_key(X_ec); X_point = EC_KEY_get0_public_key(X_ec);
@ -9133,7 +9120,6 @@ skip_finite_cyclic_group:
out: out:
wpabuf_free(M_buf); wpabuf_free(M_buf);
EC_KEY_free(X_ec);
EC_POINT_free(M); EC_POINT_free(M);
EC_POINT_free(Qi); EC_POINT_free(Qi);
BN_clear_free(Mx); BN_clear_free(Mx);
@ -9386,7 +9372,8 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
BN_CTX *bnctx = NULL; BN_CTX *bnctx = NULL;
EC_GROUP *group = NULL; EC_GROUP *group = NULL;
BIGNUM *Mx = NULL, *My = NULL; BIGNUM *Mx = NULL, *My = NULL;
EC_KEY *Y_ec = NULL, *X_ec = NULL;; const EC_KEY *Y_ec;
EC_KEY *X_ec = NULL;
const EC_POINT *Y_point; const EC_POINT *Y_point;
BIGNUM *Nx = NULL, *Ny = NULL; BIGNUM *Nx = NULL, *Ny = NULL;
u8 Kx[DPP_MAX_SHARED_SECRET_LEN]; u8 Kx[DPP_MAX_SHARED_SECRET_LEN];
@ -9536,7 +9523,7 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
goto fail; goto fail;
/* N = Y + Qr */ /* N = Y + Qr */
Y_ec = EVP_PKEY_get1_EC_KEY(pkex->y); Y_ec = EVP_PKEY_get0_EC_KEY(pkex->y);
if (!Y_ec) if (!Y_ec)
goto fail; goto fail;
Y_point = EC_KEY_get0_public_key(Y_ec); Y_point = EC_KEY_get0_public_key(Y_ec);
@ -9588,7 +9575,6 @@ out:
EC_POINT_free(N); EC_POINT_free(N);
EC_POINT_free(X); EC_POINT_free(X);
EC_KEY_free(X_ec); EC_KEY_free(X_ec);
EC_KEY_free(Y_ec);
EC_GROUP_free(group); EC_GROUP_free(group);
return pkex; return pkex;
fail: fail: