From 0a699a0723bcc689c07c8110da0fff7f9c2356a4 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 15 Aug 2016 14:07:33 +0100
Subject: Fix no-ec

Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/s3_lib.c | 57 ++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 34 insertions(+), 23 deletions(-)

(limited to 'ssl/s3_lib.c')

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f1363ca3b6..eea75a3c5d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3982,41 +3982,51 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
     return s->session->master_key_length >= 0;
 }
 
-/* Generate a private key from parameters or a curve ID */
-EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id)
+/* Generate a private key from parameters */
+EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
 {
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
-    int nid;
-    if (pm != NULL) {
-        pctx = EVP_PKEY_CTX_new(pm, NULL);
+
+    if (pm == NULL)
+        return NULL;
+    pctx = EVP_PKEY_CTX_new(pm, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+    err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#ifndef OPENSSL_NO_EC
+/* Generate a private key a curve ID */
+EVP_PKEY *ssl_generate_pkey_curve(int id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned int curve_flags;
+    int nid = tls1_ec_curve_id2nid(id, &curve_flags);
+
+    if (nid == 0)
+        goto err;
+    if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        pctx = EVP_PKEY_CTX_new_id(nid, NULL);
         nid = 0;
     } else {
-        unsigned int curve_flags;
-        nid = tls1_ec_curve_id2nid(id, &curve_flags);
-        if (nid == 0)
-            goto err;
-        /*
-         * Generate a new key for this curve.
-         * Should not be called if EC is disabled: if it is it will
-         * fail with an unknown algorithm error.
-         */
-        if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
-            pctx = EVP_PKEY_CTX_new_id(nid, NULL);
-            nid = 0;
-        } else {
-            pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-        }
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
     }
     if (pctx == NULL)
         goto err;
     if (EVP_PKEY_keygen_init(pctx) <= 0)
         goto err;
-#ifndef OPENSSL_NO_EC
     if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
         goto err;
-#endif
-
     if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
         EVP_PKEY_free(pkey);
         pkey = NULL;
@@ -4026,6 +4036,7 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id)
     EVP_PKEY_CTX_free(pctx);
     return pkey;
 }
+#endif
 /* Derive premaster or master secret for ECDH/DH */
 int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
 {
-- 
cgit v1.2.3