[PATCH 10/21] dpp: use crypto_ec_key_parse_priv when possible

Cedric Izoard cedric.izoard at ceva-dsp.com
Mon Jun 28 09:25:27 PDT 2021


Function crypto_ec_key_parse_priv already parse ASN.1 ECPrivateKey so
use it when possible.

Signed-off-by: Cedric Izoard <cedric.izoard at ceva-dsp.com>
---
 src/common/dpp_backup.c | 27 ++++---------------------
 src/common/dpp_crypto.c | 44 ++++++++++++++---------------------------
 2 files changed, 19 insertions(+), 52 deletions(-)

diff --git a/src/common/dpp_backup.c b/src/common/dpp_backup.c
index 65fe12afc..0d2dd8a78 100644
--- a/src/common/dpp_backup.c
+++ b/src/common/dpp_backup.c
@@ -7,8 +7,6 @@
  */
 
 #include "utils/includes.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
 
 #include "utils/common.h"
 #include "crypto/aes.h"
@@ -866,7 +864,6 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 	struct asn1_oid oid;
 	char txt[80];
 	struct dpp_asymmetric_key *key;
-	EC_KEY *eckey;
 
 	wpa_hexdump_key(MSG_MSGDUMP, "DPP: OneAsymmetricKey", buf, len);
 
@@ -941,16 +938,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 	wpa_hexdump_key(MSG_MSGDUMP, "DPP: PrivateKey",
 			hdr.payload, hdr.length);
 	pos = hdr.payload + hdr.length;
-	eckey = d2i_ECPrivateKey(NULL, &hdr.payload, hdr.length);
-	if (!eckey) {
-		wpa_printf(MSG_INFO,
-			   "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-	key->csign = (struct crypto_ec_key *)EVP_PKEY_new();
-	if (!key->csign || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->csign, eckey) != 1) {
-		EC_KEY_free(eckey);
+	key->csign = crypto_ec_key_parse_priv(hdr.payload, hdr.length);
+	if (!key->csign) {
 		goto fail;
 	}
 	if (wpa_debug_show_keys)
@@ -1062,16 +1051,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 	wpa_hexdump_key(MSG_MSGDUMP, "DPP: privacyProtectionKey",
 			hdr.payload, hdr.length);
 	pos = hdr.payload + hdr.length;
-	eckey = d2i_ECPrivateKey(NULL, &hdr.payload, hdr.length);
-	if (!eckey) {
-		wpa_printf(MSG_INFO,
-			   "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-	key->pp_key = (struct crypto_ec_key *)EVP_PKEY_new();
-	if (!key->pp_key || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->pp_key, eckey) != 1) {
-		EC_KEY_free(eckey);
+	key->pp_key =  crypto_ec_key_parse_priv(hdr.payload, hdr.length);
+	if (!key->pp_key) {
 		goto fail;
 	}
 	if (wpa_debug_show_keys)
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 61715afd4..2e4a9a27a 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -393,45 +393,31 @@ struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
 struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
 				       const u8 *privkey, size_t privkey_len)
 {
-	EVP_PKEY *pkey;
-	EC_KEY *eckey;
-	const EC_GROUP *group;
-	int nid;
+	struct crypto_ec_key *key;
+	int group;
 
-	pkey = EVP_PKEY_new();
-	if (!pkey)
-		return NULL;
-	eckey = d2i_ECPrivateKey(NULL, &privkey, privkey_len);
-	if (!eckey) {
-		wpa_printf(MSG_INFO,
-			   "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		EVP_PKEY_free(pkey);
+	key = crypto_ec_key_parse_priv(privkey, privkey_len);
+	if (!key) {
+		wpa_printf(MSG_INFO, "DPP: Failed to parse private key");
 		return NULL;
 	}
-	group = EC_KEY_get0_group(eckey);
-	if (!group) {
-		EC_KEY_free(eckey);
-		EVP_PKEY_free(pkey);
+
+	group = crypto_ec_key_group(key);
+	if (group < 0) {
+		crypto_ec_key_deinit(key);
 		return NULL;
 	}
-	nid = EC_GROUP_get_curve_name(group);
-	*curve = dpp_get_curve_nid(nid);
+
+	*curve = dpp_get_curve_ike_group(group);
 	if (!*curve) {
 		wpa_printf(MSG_INFO,
-			   "DPP: Unsupported curve (nid=%d) in pre-assigned key",
-			   nid);
-		EC_KEY_free(eckey);
-		EVP_PKEY_free(pkey);
+			   "DPP: Unsupported curve (group=%d) in pre-assigned key",
+			   group);
+		crypto_ec_key_deinit(key);
 		return NULL;
 	}
 
-	if (EVP_PKEY_assign_EC_KEY(pkey, eckey) != 1) {
-		EC_KEY_free(eckey);
-		EVP_PKEY_free(pkey);
-		return NULL;
-	}
-	return (struct crypto_ec_key *)pkey;
+	return key;
 }
 
 
-- 
2.17.0




More information about the Hostap mailing list