Pull the EC_GROUP_new_by_curve_name up into EVP_PKEY_CTX_set_ec_paramgen_curve_nid
ec_pkey_meth, and thus every all of EC EVP_PKEY logic, currently depends
on all supported curves by way of EC_GROUP_new_by_curve_name. In
reality, the only call pattern which depends on every curve is
"paramgem", when callers do:
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr);
EVP_PKEY_paramgen_init(ctx);
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_X9_62_prime256v1);
EVP_PKEY_paramgen(ctx, &key);
This is a really roundabout way to get at a basically static object. EVP
is kinda cumbersome. The other pattern is keygen when you don't already
have an object that represents the curve, since OpenSSL does not provide
such a thing.
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr);
EVP_PKEY_keygen_init(ctx);
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_X9_62_prime256v1);
EVP_PKEY_keygen(ctx, &key);
That one is harder to avoid because EVP does not provide a better way to
do this. Ideally our API would look more like
EVP_generate_ec_key(EC_group_p256()), or perhaps
EVP_PKEY_generate(EVP_pkey_ec_p256()) or something.
Either way, we can lift the dependency to
EVP_PKEY_CTX_set_ec_paramgen_curve_nid which is the function that
actually pulls in all curves, and then folks who don't use that pattern
aren't impacted. The other thing I considered was to make
EVP_PKEY_CTX_new_id(EVP_PKEY_EC) use a different method table from
EVP_PKEY_CTX_new(pkey), but this was really easy.
(We can do this because our EVP_PKEY_CTRL_* constants are completely
internal. We don't have to implement the same hooks that upstream does.)
Bug: 42290364
Change-Id: Ib223b966d1a48527088e1bb13435ac6dc2c11749
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81509
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Lily Chen <chlily@google.com>
Commit-Queue: Lily Chen <chlily@google.com>
diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h
index 30aecd1..be213ae 100644
--- a/crypto/evp/internal.h
+++ b/crypto/evp/internal.h
@@ -165,7 +165,7 @@
#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10)
#define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11)
#define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
-#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 13)
+#define EVP_PKEY_CTRL_EC_PARAMGEN_GROUP (EVP_PKEY_ALG_CTRL + 13)
#define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 14)
#define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 15)
#define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 16)
diff --git a/crypto/evp/p_ec.cc b/crypto/evp/p_ec.cc
index 927696c..310464c 100644
--- a/crypto/evp/p_ec.cc
+++ b/crypto/evp/p_ec.cc
@@ -148,12 +148,8 @@
// Default behaviour is OK
return 1;
- case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: {
- const EC_GROUP *group = EC_GROUP_new_by_curve_name(p1);
- if (group == NULL) {
- return 0;
- }
- dctx->gen_group = group;
+ case EVP_PKEY_CTRL_EC_PARAMGEN_GROUP: {
+ dctx->gen_group = static_cast<const EC_GROUP *>(p2);
return 1;
}
@@ -216,8 +212,13 @@
};
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) {
+ const EC_GROUP *group = EC_GROUP_new_by_curve_name(nid);
+ if (group == nullptr) {
+ return 0;
+ }
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
- EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL);
+ EVP_PKEY_CTRL_EC_PARAMGEN_GROUP, 0,
+ const_cast<EC_GROUP *>(group));
}
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding) {
