OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()

The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works fine with OpenSSL as well, so use that same implementation for both to avoid unnecessary maintanence of multiple versions. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:49:39 +02:00 · 2017-12-10 23:49:39 +02:00 · c23e87d0d1
parent 7641d485db
commit c23e87d0d1
2 changed files with 3 additions and 56 deletions
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@ -1066,12 +1066,8 @@ static void dpp_debug_print_key(const char *title, EVP_PKEY *key)

 static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
 {
-#ifdef OPENSSL_IS_BORINGSSL
 	EVP_PKEY_CTX *kctx = NULL;
 	EC_KEY *ec_params;
-#else
-	EVP_PKEY_CTX *pctx, *kctx = NULL;
-#endif
 	EVP_PKEY *params = NULL, *key = NULL;
 	int nid;

@ -1082,7 +1078,7 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
 		wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
 		return NULL;
 	}
-#ifdef OPENSSL_IS_BORINGSSL
+
 	ec_params = EC_KEY_new_by_curve_name(nid);
 	if (!ec_params) {
 		wpa_printf(MSG_ERROR,
@ -1096,22 +1092,6 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
 			   "DPP: Failed to generate EVP_PKEY parameters");
 		goto fail;
 	}
-#else
-	pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-	if (!pctx ||
-	    EVP_PKEY_paramgen_init(pctx) != 1 ||
-	    EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) != 1 ||
-#ifdef EVP_PKEY_CTX_set_ec_param_enc
-	    EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE) != 1 ||
-#endif
-	    EVP_PKEY_paramgen(pctx, &params) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "DPP: Failed to generate EVP_PKEY parameters");
-		EVP_PKEY_CTX_free(pctx);
-		goto fail;
-	}
-	EVP_PKEY_CTX_free(pctx);
-#endif

 	kctx = EVP_PKEY_CTX_new(params, NULL);
 	if (!kctx ||
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@ -1705,11 +1705,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
 {
 	struct crypto_ecdh *ecdh;
 	EVP_PKEY *params = NULL;
-#ifdef OPENSSL_IS_BORINGSSL
 	EC_KEY *ec_params;
-#else /* OPENSSL_IS_BORINGSSL */
-	EVP_PKEY_CTX *pctx = NULL;
-#endif /* OPENSSL_IS_BORINGSSL */
 	EVP_PKEY_CTX *kctx = NULL;

 	ecdh = os_zalloc(sizeof(*ecdh));
@ -1720,45 +1716,19 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
 	if (!ecdh->ec)
 		goto fail;

-#ifdef OPENSSL_IS_BORINGSSL
 	ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid);
 	if (!ec_params) {
 		wpa_printf(MSG_ERROR,
-			   "BoringSSL: Failed to generate EC_KEY parameters");
+			   "OpenSSL: Failed to generate EC_KEY parameters");
 		goto fail;
 	}
 	EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
 	params = EVP_PKEY_new();
 	if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
 		wpa_printf(MSG_ERROR,
-			   "BoringSSL: Failed to generate EVP_PKEY parameters");
+			   "OpenSSL: Failed to generate EVP_PKEY parameters");
 		goto fail;
 	}
-#else /* OPENSSL_IS_BORINGSSL */
-	pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-	if (!pctx)
-		goto fail;
-
-	if (EVP_PKEY_paramgen_init(pctx) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: EVP_PKEY_paramgen_init failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-
-	if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecdh->ec->nid) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: EVP_PKEY_CTX_set_ec_paramgen_curve_nid failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-
-	if (EVP_PKEY_paramgen(pctx, &params) != 1) {
-		wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_paramgen failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-#endif /* OPENSSL_IS_BORINGSSL */

 	kctx = EVP_PKEY_CTX_new(params, NULL);
 	if (!kctx)
@ -1779,9 +1749,6 @@ struct crypto_ecdh * crypto_ecdh_init(int group)

 done:
 	EVP_PKEY_free(params);
-#ifndef OPENSSL_IS_BORINGSSL
-	EVP_PKEY_CTX_free(pctx);
-#endif /* OPENSSL_IS_BORINGSSL */
 	EVP_PKEY_CTX_free(kctx);

 	return ecdh;