Fix no-ec

Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-08-15 14:07:33 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-08-15 14:07:33 +0100
commit: 0a699a0723bcc689c07c8110da0fff7f9c2356a4 (patch)
tree: eb1b4ef5bfad7f8d74a5a9b3ec585a0e728e1638 /ssl/s3_lib.c
parent: 0818dbadf32d193973d84a0736c099166777c071 (diff)
1 files changed, 34 insertions, 23 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f1363ca3b6..eea75a3c5d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3982,41 +3982,51 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
     return s->session->master_key_length >= 0;
 }
 
-/* Generate a private key from parameters or a curve ID */
-EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id)
+/* Generate a private key from parameters */
+EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
 {
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
-    int nid;
-    if (pm != NULL) {
-        pctx = EVP_PKEY_CTX_new(pm, NULL);
+
+    if (pm == NULL)
+        return NULL;
+    pctx = EVP_PKEY_CTX_new(pm, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+    err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#ifndef OPENSSL_NO_EC
+/* Generate a private key a curve ID */
+EVP_PKEY *ssl_generate_pkey_curve(int id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned int curve_flags;
+    int nid = tls1_ec_curve_id2nid(id, &curve_flags);
+
+    if (nid == 0)
+        goto err;
+    if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        pctx = EVP_PKEY_CTX_new_id(nid, NULL);
         nid = 0;
     } else {
-        unsigned int curve_flags;
-        nid = tls1_ec_curve_id2nid(id, &curve_flags);
-        if (nid == 0)
-            goto err;
-        /*
-         * Generate a new key for this curve.
-         * Should not be called if EC is disabled: if it is it will
-         * fail with an unknown algorithm error.
-         */
-        if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
-            pctx = EVP_PKEY_CTX_new_id(nid, NULL);
-            nid = 0;
-        } else {
-            pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-        }
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
     }
     if (pctx == NULL)
         goto err;
     if (EVP_PKEY_keygen_init(pctx) <= 0)
         goto err;
-#ifndef OPENSSL_NO_EC
     if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
         goto err;
-#endif
-
     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
         EVP_PKEY_free(pkey);
         pkey = NULL;
@@ -4026,6 +4036,7 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id)
     EVP_PKEY_CTX_free(pctx);
     return pkey;
 }
+#endif
 /* Derive premaster or master secret for ECDH/DH */
 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
 {
author	Dr. Stephen Henson <steve@openssl.org>	2016-08-15 14:07:33 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-08-15 14:07:33 +0100
commit	0a699a0723bcc689c07c8110da0fff7f9c2356a4 (patch)
tree	eb1b4ef5bfad7f8d74a5a9b3ec585a0e728e1638 /ssl/s3_lib.c
parent	0818dbadf32d193973d84a0736c099166777c071 (diff)