OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()

The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index b7475af58c677d75735e31d7217ce65901113971..deb76394accf51d24be53d83f52683e050807329 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1066,12 +1066,8 @@ static void dpp_debug_print_key(const char *title, EVP_PKEY *key)
 
 static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
 {
-#ifdef OPENSSL_IS_BORINGSSL
        EVP_PKEY_CTX *kctx = NULL;
        EC_KEY *ec_params;
-#else
-       EVP_PKEY_CTX *pctx, *kctx = NULL;
-#endif
        EVP_PKEY *params = NULL, *key = NULL;
        int nid;
 
@@ -1082,7 +1078,7 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
                wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
                return NULL;
        }
-#ifdef OPENSSL_IS_BORINGSSL
+
        ec_params = EC_KEY_new_by_curve_name(nid);
        if (!ec_params) {
                wpa_printf(MSG_ERROR,
@@ -1096,22 +1092,6 @@ static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
                           "DPP: Failed to generate EVP_PKEY parameters");
                goto fail;
        }
-#else
-       pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-       if (!pctx ||
-           EVP_PKEY_paramgen_init(pctx) != 1 ||
-           EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) != 1 ||
-#ifdef EVP_PKEY_CTX_set_ec_param_enc
-           EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE) != 1 ||
-#endif
-           EVP_PKEY_paramgen(pctx, &params) != 1) {
-               wpa_printf(MSG_ERROR,
-                          "DPP: Failed to generate EVP_PKEY parameters");
-               EVP_PKEY_CTX_free(pctx);
-               goto fail;
-       }
-       EVP_PKEY_CTX_free(pctx);
-#endif
 
        kctx = EVP_PKEY_CTX_new(params, NULL);
        if (!kctx ||

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 616968f4c26a677e423d4fc63fe2411cc0cb1384..ac67d707acdaa124136b52040d705a2d26569f2c 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1705,11 +1705,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
 {
        struct crypto_ecdh *ecdh;
        EVP_PKEY *params = NULL;
-#ifdef OPENSSL_IS_BORINGSSL
        EC_KEY *ec_params;
-#else /* OPENSSL_IS_BORINGSSL */
-       EVP_PKEY_CTX *pctx = NULL;
-#endif /* OPENSSL_IS_BORINGSSL */
        EVP_PKEY_CTX *kctx = NULL;
 
        ecdh = os_zalloc(sizeof(*ecdh));
@@ -1720,46 +1716,20 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
        if (!ecdh->ec)
                goto fail;
 
-#ifdef OPENSSL_IS_BORINGSSL
        ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid);
        if (!ec_params) {
                wpa_printf(MSG_ERROR,
-                          "BoringSSL: Failed to generate EC_KEY parameters");
+                          "OpenSSL: Failed to generate EC_KEY parameters");
                goto fail;
        }
        EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
        params = EVP_PKEY_new();
        if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
                wpa_printf(MSG_ERROR,
-                          "BoringSSL: Failed to generate EVP_PKEY parameters");
-               goto fail;
-       }
-#else /* OPENSSL_IS_BORINGSSL */
-       pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-       if (!pctx)
-               goto fail;
-
-       if (EVP_PKEY_paramgen_init(pctx) != 1) {
-               wpa_printf(MSG_ERROR,
-                          "OpenSSL: EVP_PKEY_paramgen_init failed: %s",
-                          ERR_error_string(ERR_get_error(), NULL));
+                          "OpenSSL: Failed to generate EVP_PKEY parameters");
                goto fail;
        }
 
-       if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecdh->ec->nid) != 1) {
-               wpa_printf(MSG_ERROR,
-                          "OpenSSL: EVP_PKEY_CTX_set_ec_paramgen_curve_nid failed: %s",
-                          ERR_error_string(ERR_get_error(), NULL));
-               goto fail;
-       }
-
-       if (EVP_PKEY_paramgen(pctx, &params) != 1) {
-               wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_paramgen failed: %s",
-                          ERR_error_string(ERR_get_error(), NULL));
-               goto fail;
-       }
-#endif /* OPENSSL_IS_BORINGSSL */
-
        kctx = EVP_PKEY_CTX_new(params, NULL);
        if (!kctx)
                goto fail;
@@ -1779,9 +1749,6 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
 
 done:
        EVP_PKEY_free(params);
-#ifndef OPENSSL_IS_BORINGSSL
-       EVP_PKEY_CTX_free(pctx);
-#endif /* OPENSSL_IS_BORINGSSL */
        EVP_PKEY_CTX_free(kctx);
 
        return ecdh;