From c23e87d0d12d4122dcda03ddc95a4b77a16839e0 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 10 Dec 2017 23:49:39 +0200 Subject: [PATCH] OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name() The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works fine with OpenSSL as well, so use that same implementation for both to avoid unnecessary maintanence of multiple versions. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 22 +--------------------- src/crypto/crypto_openssl.c | 37 ++----------------------------------- 2 files changed, 3 insertions(+), 56 deletions(-) diff --git a/src/common/dpp.c b/src/common/dpp.c index b7475af58..deb76394a 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -1066,12 +1066,8 @@ static void dpp_debug_print_key(const char *title, EVP_PKEY *key) static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve) { -#ifdef OPENSSL_IS_BORINGSSL EVP_PKEY_CTX *kctx = NULL; EC_KEY *ec_params; -#else - EVP_PKEY_CTX *pctx, *kctx = NULL; -#endif EVP_PKEY *params = NULL, *key = NULL; int nid; @@ -1082,7 +1078,7 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve) wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name); return NULL; } -#ifdef OPENSSL_IS_BORINGSSL + ec_params = EC_KEY_new_by_curve_name(nid); if (!ec_params) { wpa_printf(MSG_ERROR, @@ -1096,22 +1092,6 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve) "DPP: Failed to generate EVP_PKEY parameters"); goto fail; } -#else - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - if (!pctx || - EVP_PKEY_paramgen_init(pctx) != 1 || - EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) != 1 || -#ifdef EVP_PKEY_CTX_set_ec_param_enc - EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE) != 1 || -#endif - EVP_PKEY_paramgen(pctx, ¶ms) != 1) { - wpa_printf(MSG_ERROR, - "DPP: Failed to generate EVP_PKEY parameters"); - EVP_PKEY_CTX_free(pctx); - goto fail; - } - EVP_PKEY_CTX_free(pctx); -#endif kctx = EVP_PKEY_CTX_new(params, NULL); if (!kctx || diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 616968f4c..ac67d707a 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -1705,11 +1705,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group) { struct crypto_ecdh *ecdh; EVP_PKEY *params = NULL; -#ifdef OPENSSL_IS_BORINGSSL EC_KEY *ec_params; -#else /* OPENSSL_IS_BORINGSSL */ - EVP_PKEY_CTX *pctx = NULL; -#endif /* OPENSSL_IS_BORINGSSL */ EVP_PKEY_CTX *kctx = NULL; ecdh = os_zalloc(sizeof(*ecdh)); @@ -1720,45 +1716,19 @@ struct crypto_ecdh * crypto_ecdh_init(int group) if (!ecdh->ec) goto fail; -#ifdef OPENSSL_IS_BORINGSSL ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid); if (!ec_params) { wpa_printf(MSG_ERROR, - "BoringSSL: Failed to generate EC_KEY parameters"); + "OpenSSL: Failed to generate EC_KEY parameters"); goto fail; } EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE); params = EVP_PKEY_new(); if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) { wpa_printf(MSG_ERROR, - "BoringSSL: Failed to generate EVP_PKEY parameters"); + "OpenSSL: Failed to generate EVP_PKEY parameters"); goto fail; } -#else /* OPENSSL_IS_BORINGSSL */ - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - if (!pctx) - goto fail; - - if (EVP_PKEY_paramgen_init(pctx) != 1) { - wpa_printf(MSG_ERROR, - "OpenSSL: EVP_PKEY_paramgen_init failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecdh->ec->nid) != 1) { - wpa_printf(MSG_ERROR, - "OpenSSL: EVP_PKEY_CTX_set_ec_paramgen_curve_nid failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } - - if (EVP_PKEY_paramgen(pctx, ¶ms) != 1) { - wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_paramgen failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto fail; - } -#endif /* OPENSSL_IS_BORINGSSL */ kctx = EVP_PKEY_CTX_new(params, NULL); if (!kctx) @@ -1779,9 +1749,6 @@ struct crypto_ecdh * crypto_ecdh_init(int group) done: EVP_PKEY_free(params); -#ifndef OPENSSL_IS_BORINGSSL - EVP_PKEY_CTX_free(pctx); -#endif /* OPENSSL_IS_BORINGSSL */ EVP_PKEY_CTX_free(kctx); return ecdh;