[PATCH 03/21] dpp: replace EVP_PKEY by struct crypto_ec_key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In order to remove direct dependency to openssl in DPP replace EVP_PKEY
by struct crypto_ec_key in all structures and function prototypes

All direct call to EVP_PKEY_free are replaced by call to
crypto_ec_key_deinit.

Signed-off-by: Cedric Izoard <cedric.izoard@xxxxxxxxxxxx>
---
 src/common/dpp.c          |  60 ++++++-------
 src/common/dpp.h          |  26 +++---
 src/common/dpp_auth.c     |  12 +--
 src/common/dpp_backup.c   |  16 ++--
 src/common/dpp_crypto.c   | 179 +++++++++++++++++++-------------------
 src/common/dpp_i.h        |  43 ++++-----
 src/common/dpp_pkex.c     |  18 ++--
 src/common/dpp_reconfig.c |  18 ++--
 8 files changed, 187 insertions(+), 185 deletions(-)

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 3c8c7682d..14783ba74 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -180,7 +180,7 @@ void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info)
 	os_free(info->info);
 	os_free(info->chan);
 	os_free(info->pk);
-	EVP_PKEY_free(info->pubkey);
+	crypto_ec_key_deinit(info->pubkey);
 	str_clear_free(info->configurator_params);
 	os_free(info);
 }
@@ -1268,9 +1268,9 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
 	dpp_configuration_free(auth->conf2_ap);
 	dpp_configuration_free(auth->conf_sta);
 	dpp_configuration_free(auth->conf2_sta);
-	EVP_PKEY_free(auth->own_protocol_key);
-	EVP_PKEY_free(auth->peer_protocol_key);
-	EVP_PKEY_free(auth->reconfig_old_protocol_key);
+	crypto_ec_key_deinit(auth->own_protocol_key);
+	crypto_ec_key_deinit(auth->peer_protocol_key);
+	crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
 	wpabuf_free(auth->req_msg);
 	wpabuf_free(auth->resp_msg);
 	wpabuf_free(auth->conf_req);
@@ -1360,7 +1360,7 @@ dpp_build_conf_start(struct dpp_authentication *auth,
 }
 
 
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
+int dpp_build_jwk(struct wpabuf *buf, const char *name, struct crypto_ec_key *key,
 		  const char *kid, const struct dpp_curve_params *curve)
 {
 	struct wpabuf *pub;
@@ -2160,14 +2160,14 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
 }
 
 
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
-			 const struct dpp_curve_params **key_curve)
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+				     const struct dpp_curve_params **key_curve)
 {
 	struct json_token *token;
 	const struct dpp_curve_params *curve;
 	struct wpabuf *x = NULL, *y = NULL;
 	EC_GROUP *group;
-	EVP_PKEY *pkey = NULL;
+	struct crypto_ec_key *pkey = NULL;
 
 	token = json_get_member(jwk, "kty");
 	if (!token || token->type != JSON_STRING) {
@@ -2325,7 +2325,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
 {
 	struct json_token *root, *groups, *netkey, *token;
 	int ret = -1;
-	EVP_PKEY *key = NULL;
+	struct crypto_ec_key *key = NULL;
 	const struct dpp_curve_params *curve;
 	unsigned int rules = 0;
 
@@ -2392,7 +2392,7 @@ skip_groups:
 		goto fail;
 	dpp_debug_print_key("DPP: Received netAccessKey", key);
 
-	if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) {
+	if (EVP_PKEY_cmp((EVP_PKEY *)key, (EVP_PKEY *)auth->own_protocol_key) != 1) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: netAccessKey in connector does not match own protocol key");
 #ifdef CONFIG_TESTING_OPTIONS
@@ -2409,18 +2409,18 @@ skip_groups:
 
 	ret = 0;
 fail:
-	EVP_PKEY_free(key);
+	crypto_ec_key_deinit(key);
 	json_free(root);
 	return ret;
 }
 
 
-static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign)
+static void dpp_copy_csign(struct dpp_config_obj *conf, struct crypto_ec_key *csign)
 {
 	unsigned char *der = NULL;
 	int der_len;
 
-	der_len = i2d_PUBKEY(csign, &der);
+	der_len = i2d_PUBKEY((EVP_PKEY *)csign, &der);
 	if (der_len <= 0)
 		return;
 	wpabuf_free(conf->c_sign_key);
@@ -2429,12 +2429,12 @@ static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign)
 }
 
 
-static void dpp_copy_ppkey(struct dpp_config_obj *conf, EVP_PKEY *ppkey)
+static void dpp_copy_ppkey(struct dpp_config_obj *conf, struct crypto_ec_key *ppkey)
 {
 	unsigned char *der = NULL;
 	int der_len;
 
-	der_len = i2d_PUBKEY(ppkey, &der);
+	der_len = i2d_PUBKEY((EVP_PKEY *)ppkey, &der);
 	if (der_len <= 0)
 		return;
 	wpabuf_free(conf->pp_key);
@@ -2449,7 +2449,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
 	unsigned char *der = NULL;
 	int der_len;
 	EC_KEY *eckey;
-	EVP_PKEY *own_key;
+	struct crypto_ec_key *own_key;
 
 	own_key = auth->own_protocol_key;
 #ifdef CONFIG_DPP2
@@ -2457,7 +2457,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
 	    auth->reconfig_old_protocol_key)
 		own_key = auth->reconfig_old_protocol_key;
 #endif /* CONFIG_DPP2 */
-	eckey = EVP_PKEY_get1_EC_KEY(own_key);
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)own_key);
 	if (!eckey)
 		return;
 
@@ -2480,7 +2480,7 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
 	struct dpp_signed_connector_info info;
 	struct json_token *token, *csign, *ppkey;
 	int ret = -1;
-	EVP_PKEY *csign_pub = NULL, *pp_pub = NULL;
+	struct crypto_ec_key *csign_pub = NULL, *pp_pub = NULL;
 	const struct dpp_curve_params *key_curve = NULL, *pp_curve = NULL;
 	const char *signed_connector;
 
@@ -2560,8 +2560,8 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
 
 	ret = 0;
 fail:
-	EVP_PKEY_free(csign_pub);
-	EVP_PKEY_free(pp_pub);
+	crypto_ec_key_deinit(csign_pub);
+	crypto_ec_key_deinit(pp_pub);
 	os_free(info.payload);
 	return ret;
 }
@@ -3394,11 +3394,11 @@ void dpp_configurator_free(struct dpp_configurator *conf)
 {
 	if (!conf)
 		return;
-	EVP_PKEY_free(conf->csign);
+	crypto_ec_key_deinit(conf->csign);
 	os_free(conf->kid);
 	os_free(conf->connector);
-	EVP_PKEY_free(conf->connector_key);
-	EVP_PKEY_free(conf->pp_key);
+	crypto_ec_key_deinit(conf->connector_key);
+	crypto_ec_key_deinit(conf->pp_key);
 	os_free(conf);
 }
 
@@ -3413,7 +3413,7 @@ int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
 	if (!conf->csign)
 		return -1;
 
-	eckey = EVP_PKEY_get1_EC_KEY(conf->csign);
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)conf->csign);
 	if (!eckey)
 		return -1;
 
@@ -3670,7 +3670,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 	struct json_token *root = NULL, *netkey, *token;
 	struct json_token *own_root = NULL;
 	enum dpp_status_error ret = 255, res;
-	EVP_PKEY *own_key = NULL, *peer_key = NULL;
+	struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
 	struct wpabuf *own_key_pub = NULL;
 	const struct dpp_curve_params *curve, *own_curve;
 	struct dpp_signed_connector_info info;
@@ -3776,9 +3776,9 @@ fail:
 		os_memset(intro, 0, sizeof(*intro));
 	os_memset(Nx, 0, sizeof(Nx));
 	os_free(info.payload);
-	EVP_PKEY_free(own_key);
+	crypto_ec_key_deinit(own_key);
 	wpabuf_free(own_key_pub);
-	EVP_PKEY_free(peer_key);
+	crypto_ec_key_deinit(peer_key);
 	json_free(root);
 	json_free(own_root);
 	return ret;
@@ -4129,7 +4129,7 @@ static int dpp_nfc_update_bi_key(struct dpp_bootstrap_info *own_bi,
 	wpa_printf(MSG_DEBUG,
 		   "DPP: Update own bootstrapping key to match peer curve from NFC handover");
 
-	EVP_PKEY_free(own_bi->pubkey);
+	crypto_ec_key_deinit(own_bi->pubkey);
 	own_bi->pubkey = NULL;
 
 	if (dpp_keygen(own_bi, peer_bi->curve->name, NULL, 0) < 0 ||
@@ -4282,7 +4282,7 @@ int dpp_configurator_from_backup(struct dpp_global *dpp,
 
 	if (!key->csign || !key->pp_key)
 		return -1;
-	eckey = EVP_PKEY_get0_EC_KEY(key->csign);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->csign);
 	if (!eckey)
 		return -1;
 	group = EC_KEY_get0_group(eckey);
@@ -4294,7 +4294,7 @@ int dpp_configurator_from_backup(struct dpp_global *dpp,
 		wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key");
 		return -1;
 	}
-	eckey_pp = EVP_PKEY_get0_EC_KEY(key->pp_key);
+	eckey_pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->pp_key);
 	if (!eckey_pp)
 		return -1;
 	group_pp = EC_KEY_get0_group(eckey_pp);
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 75de3cae9..40e950a96 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -16,8 +16,8 @@
 #include "utils/list.h"
 #include "common/wpa_common.h"
 #include "crypto/sha256.h"
+#include "crypto/crypto.h"
 
-struct crypto_ecdh;
 struct hostapd_ip_addr;
 struct dpp_global;
 struct json_token;
@@ -157,7 +157,7 @@ struct dpp_bootstrap_info {
 	bool channels_listed;
 	u8 version;
 	int own;
-	EVP_PKEY *pubkey;
+	struct crypto_ec_key *pubkey;
 	u8 pubkey_hash[SHA256_MAC_LEN];
 	u8 pubkey_hash_chirp[SHA256_MAC_LEN];
 	const struct dpp_curve_params *curve;
@@ -180,12 +180,12 @@ struct dpp_pkex {
 	u8 peer_mac[ETH_ALEN];
 	char *identifier;
 	char *code;
-	EVP_PKEY *x;
-	EVP_PKEY *y;
+	struct crypto_ec_key *x;
+	struct crypto_ec_key *y;
 	u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
 	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
 	u8 z[DPP_MAX_HASH_LEN];
-	EVP_PKEY *peer_bootstrap_key;
+	struct crypto_ec_key *peer_bootstrap_key;
 	struct wpabuf *exchange_req;
 	struct wpabuf *exchange_resp;
 	unsigned int t; /* number of failures on code use */
@@ -234,8 +234,8 @@ struct dpp_configuration {
 
 struct dpp_asymmetric_key {
 	struct dpp_asymmetric_key *next;
-	EVP_PKEY *csign;
-	EVP_PKEY *pp_key;
+	struct crypto_ec_key *csign;
+	struct crypto_ec_key *pp_key;
 	char *config_template;
 	char *connector_template;
 };
@@ -266,9 +266,9 @@ struct dpp_authentication {
 	u8 i_capab;
 	u8 r_capab;
 	enum dpp_netrole e_netrole;
-	EVP_PKEY *own_protocol_key;
-	EVP_PKEY *peer_protocol_key;
-	EVP_PKEY *reconfig_old_protocol_key;
+	struct crypto_ec_key *own_protocol_key;
+	struct crypto_ec_key *peer_protocol_key;
+	struct crypto_ec_key *reconfig_old_protocol_key;
 	struct wpabuf *req_msg;
 	struct wpabuf *resp_msg;
 	struct wpabuf *reconfig_req_msg;
@@ -361,13 +361,13 @@ struct dpp_configurator {
 	struct dl_list list;
 	unsigned int id;
 	int own;
-	EVP_PKEY *csign;
+	struct crypto_ec_key *csign;
 	u8 kid_hash[SHA256_MAC_LEN];
 	char *kid;
 	const struct dpp_curve_params *curve;
 	char *connector; /* own Connector for reconfiguration */
-	EVP_PKEY *connector_key;
-	EVP_PKEY *pp_key;
+	struct crypto_ec_key *connector_key;
+	struct crypto_ec_key *pp_key;
 };
 
 struct dpp_introduction {
diff --git a/src/common/dpp_auth.c b/src/common/dpp_auth.c
index 0cabd647f..6c8ea8dc7 100644
--- a/src/common/dpp_auth.c
+++ b/src/common/dpp_auth.c
@@ -456,7 +456,7 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
 #endif /* CONFIG_TESTING_OPTIONS */
 	wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
 
-	EVP_PKEY_free(auth->own_protocol_key);
+	crypto_ec_key_deinit(auth->own_protocol_key);
 #ifdef CONFIG_TESTING_OPTIONS
 	if (dpp_protocol_key_override_len) {
 		const struct dpp_curve_params *tmp_curve;
@@ -671,7 +671,7 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles,
 		unsigned int freq, const u8 *hdr, const u8 *attr_start,
 		size_t attr_len)
 {
-	EVP_PKEY *pi = NULL;
+	struct crypto_ec_key *pi = NULL;
 	EVP_PKEY_CTX *ctx = NULL;
 	size_t secret_len;
 	const u8 *addr[2];
@@ -928,7 +928,7 @@ not_compatible:
 	return auth;
 fail:
 	bin_clear_free(unwrapped, unwrapped_len);
-	EVP_PKEY_free(pi);
+	crypto_ec_key_deinit(pi);
 	EVP_PKEY_CTX_free(ctx);
 	dpp_auth_deinit(auth);
 	return NULL;
@@ -1405,7 +1405,7 @@ struct wpabuf *
 dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
 		 const u8 *attr_start, size_t attr_len)
 {
-	EVP_PKEY *pr;
+	struct crypto_ec_key *pr;
 	size_t secret_len;
 	const u8 *addr[2];
 	size_t len[2];
@@ -1567,7 +1567,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
 		dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
 		goto fail;
 	}
-	EVP_PKEY_free(auth->peer_protocol_key);
+	crypto_ec_key_deinit(auth->peer_protocol_key);
 	auth->peer_protocol_key = pr;
 	pr = NULL;
 
@@ -1737,7 +1737,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
 fail:
 	bin_clear_free(unwrapped, unwrapped_len);
 	bin_clear_free(unwrapped2, unwrapped2_len);
-	EVP_PKEY_free(pr);
+	crypto_ec_key_deinit(pr);
 	return NULL;
 }
 
diff --git a/src/common/dpp_backup.c b/src/common/dpp_backup.c
index 947a5e9ea..1e03e0fb9 100644
--- a/src/common/dpp_backup.c
+++ b/src/common/dpp_backup.c
@@ -39,8 +39,8 @@ void dpp_free_asymmetric_key(struct dpp_asymmetric_key *key)
 	while (key) {
 		struct dpp_asymmetric_key *next = key->next;
 
-		EVP_PKEY_free(key->csign);
-		EVP_PKEY_free(key->pp_key);
+		crypto_ec_key_deinit(key->csign);
+		crypto_ec_key_deinit(key->pp_key);
 		str_clear_free(key->config_template);
 		str_clear_free(key->connector_template);
 		os_free(key);
@@ -62,7 +62,7 @@ static struct wpabuf * dpp_build_conf_params(struct dpp_configurator *conf)
 
 	if (!conf->pp_key)
 		return NULL;
-	eckey = EVP_PKEY_get0_EC_KEY(conf->pp_key);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)conf->pp_key);
 	if (!eckey)
 		return NULL;
 
@@ -182,7 +182,7 @@ static struct wpabuf * dpp_build_key_pkg(struct dpp_authentication *auth)
 	unsigned char *der = NULL;
 	int der_len;
 
-	eckey = EVP_PKEY_get0_EC_KEY(auth->conf->csign);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->conf->csign);
 	if (!eckey)
 		return NULL;
 
@@ -982,8 +982,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 			   ERR_error_string(ERR_get_error(), NULL));
 		goto fail;
 	}
-	key->csign = EVP_PKEY_new();
-	if (!key->csign || EVP_PKEY_assign_EC_KEY(key->csign, eckey) != 1) {
+	key->csign = (struct crypto_ec_key *)EVP_PKEY_new();
+	if (!key->csign || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->csign, eckey) != 1) {
 		EC_KEY_free(eckey);
 		goto fail;
 	}
@@ -1103,8 +1103,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 			   ERR_error_string(ERR_get_error(), NULL));
 		goto fail;
 	}
-	key->pp_key = EVP_PKEY_new();
-	if (!key->pp_key || EVP_PKEY_assign_EC_KEY(key->pp_key, eckey) != 1) {
+	key->pp_key = (struct crypto_ec_key *)EVP_PKEY_new();
+	if (!key->pp_key || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->pp_key, eckey) != 1) {
 		EC_KEY_free(eckey);
 		goto fail;
 	}
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index c75fc7871..bce1473d1 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -176,7 +176,7 @@ fail:
 }
 
 
-void dpp_debug_print_key(const char *title, EVP_PKEY *key)
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key)
 {
 	EC_KEY *eckey;
 	BIO *out;
@@ -192,7 +192,7 @@ void dpp_debug_print_key(const char *title, EVP_PKEY *key)
 	if (!out)
 		return;
 
-	EVP_PKEY_print_private(out, key, 0, NULL);
+	EVP_PKEY_print_private(out, (EVP_PKEY *)key, 0, NULL);
 	rlen = BIO_ctrl_pending(out);
 	txt = os_malloc(rlen + 1);
 	if (txt) {
@@ -205,7 +205,7 @@ void dpp_debug_print_key(const char *title, EVP_PKEY *key)
 	}
 	BIO_free(out);
 
-	eckey = EVP_PKEY_get1_EC_KEY(key);
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key);
 	if (!eckey)
 		return;
 
@@ -377,14 +377,14 @@ int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len)
 }
 
 
-struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix)
 {
 	int len, res;
 	EC_KEY *eckey;
 	struct wpabuf *buf;
 	unsigned char *pos;
 
-	eckey = EVP_PKEY_get1_EC_KEY(pkey);
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key);
 	if (!eckey)
 		return NULL;
 	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
@@ -424,9 +424,9 @@ struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
 }
 
 
-EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
-				      const u8 *buf_x, const u8 *buf_y,
-				      size_t len)
+struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group,
+						  const u8 *buf_x, const u8 *buf_y,
+						  size_t len)
 {
 	EC_KEY *eckey = NULL;
 	BN_CTX *ctx;
@@ -485,7 +485,7 @@ out:
 	EC_KEY_free(eckey);
 	EC_POINT_free(point);
 	BN_CTX_free(ctx);
-	return pkey;
+	return (struct crypto_ec_key *)pkey;
 fail:
 	EVP_PKEY_free(pkey);
 	pkey = NULL;
@@ -493,16 +493,17 @@ fail:
 }
 
 
-EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len)
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+					    const u8 *buf, size_t len)
 {
 	const EC_KEY *eckey;
 	const EC_GROUP *group;
-	EVP_PKEY *pkey = NULL;
+	struct crypto_ec_key *pkey = NULL;
 
 	if (len & 1)
 		return NULL;
 
-	eckey = EVP_PKEY_get0_EC_KEY(group_key);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)group_key);
 	if (!eckey) {
 		wpa_printf(MSG_ERROR,
 			   "DPP: Could not get EC_KEY from group_key");
@@ -520,7 +521,7 @@ EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len)
 }
 
 
-EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
 {
 	EVP_PKEY_CTX *kctx = NULL;
 	EC_KEY *ec_params = NULL;
@@ -559,18 +560,18 @@ EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
 	}
 
 	if (wpa_debug_show_keys)
-		dpp_debug_print_key("Own generated key", key);
+		dpp_debug_print_key("Own generated key", (struct crypto_ec_key *)key);
 
 fail:
 	EC_KEY_free(ec_params);
 	EVP_PKEY_free(params);
 	EVP_PKEY_CTX_free(kctx);
-	return key;
+	return (struct crypto_ec_key *)key;
 }
 
 
-EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
-			   const u8 *privkey, size_t privkey_len)
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+				       const u8 *privkey, size_t privkey_len)
 {
 	EVP_PKEY *pkey;
 	EC_KEY *eckey;
@@ -610,7 +611,7 @@ EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
 		EVP_PKEY_free(pkey);
 		return NULL;
 	}
-	return pkey;
+	return (struct crypto_ec_key *)pkey;
 }
 
 
@@ -630,7 +631,7 @@ ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
 IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY);
 
 
-static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
+static struct wpabuf * dpp_bootstrap_key_der(struct crypto_ec_key *key)
 {
 	unsigned char *der = NULL;
 	int der_len;
@@ -644,7 +645,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
 	int nid;
 
 	ctx = BN_CTX_new();
-	eckey = EVP_PKEY_get0_EC_KEY(key);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key);
 	if (!ctx || !eckey)
 		goto fail;
 
@@ -883,7 +884,7 @@ int dpp_derive_bk_ke(struct dpp_authentication *auth)
 }
 
 
-int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer, u8 *secret, size_t *secret_len)
 {
 	EVP_PKEY_CTX *ctx;
 	int ret = -1;
@@ -891,7 +892,7 @@ int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
 	ERR_clear_error();
 	*secret_len = 0;
 
-	ctx = EVP_PKEY_CTX_new(own, NULL);
+	ctx = EVP_PKEY_CTX_new((EVP_PKEY *)own, NULL);
 	if (!ctx) {
 		wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_CTX_new failed: %s",
 			   ERR_error_string(ERR_get_error(), NULL));
@@ -904,7 +905,7 @@ int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
 		goto fail;
 	}
 
-	if (EVP_PKEY_derive_set_peer(ctx, peer) != 1) {
+	if (EVP_PKEY_derive_set_peer(ctx, (EVP_PKEY *)peer) != 1) {
 		wpa_printf(MSG_ERROR,
 			   "DPP: EVP_PKEY_derive_set_peet failed: %s",
 			   ERR_error_string(ERR_get_error(), NULL));
@@ -1103,7 +1104,7 @@ int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi,
 	wpa_hexdump(MSG_DEBUG, "DPP: URI subjectPublicKey", pk, ppklen);
 
 	X509_PUBKEY_free(pub);
-	bi->pubkey = pkey;
+	bi->pubkey = (struct crypto_ec_key *)pkey;
 	return 0;
 fail:
 	X509_PUBKEY_free(pub);
@@ -1192,7 +1193,7 @@ fail:
 }
 
 
-static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash)
+static int dpp_check_pubkey_match(struct crypto_ec_key *pub, struct wpabuf *r_hash)
 {
 	struct wpabuf *uncomp;
 	int res;
@@ -1226,7 +1227,7 @@ static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash)
 
 enum dpp_status_error
 dpp_process_signed_connector(struct dpp_signed_connector_info *info,
-			     EVP_PKEY *csign_pub, const char *connector)
+			     struct crypto_ec_key *csign_pub, const char *connector)
 {
 	enum dpp_status_error ret = 255;
 	const char *pos, *end, *signed_start, *signed_end;
@@ -1245,7 +1246,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
 	const EC_GROUP *group;
 	int nid;
 
-	eckey = EVP_PKEY_get0_EC_KEY(csign_pub);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)csign_pub);
 	if (!eckey)
 		goto fail;
 	group = EC_KEY_get0_group(eckey);
@@ -1352,7 +1353,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
 		goto fail;
 
 	ERR_clear_error();
-	if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, csign_pub) != 1) {
+	if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, (EVP_PKEY *)csign_pub) != 1) {
 		wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyInit failed: %s",
 			   ERR_error_string(ERR_get_error(), NULL));
 		goto fail;
@@ -1392,12 +1393,12 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info,
 			   const u8 *peer_connector, size_t peer_connector_len)
 {
 	const unsigned char *p;
-	EVP_PKEY *csign = NULL;
+	struct crypto_ec_key *csign = NULL;
 	char *signed_connector = NULL;
 	enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR;
 
 	p = csign_key;
-	csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+	csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len);
 	if (!csign) {
 		wpa_printf(MSG_ERROR,
 			   "DPP: Failed to parse local C-sign-key information");
@@ -1414,7 +1415,7 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info,
 	res = dpp_process_signed_connector(info, csign, signed_connector);
 fail:
 	os_free(signed_connector);
-	EVP_PKEY_free(csign);
+	crypto_ec_key_deinit(csign);
 	return res;
 }
 
@@ -1600,7 +1601,7 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 	lx = BN_new();
 	if (!bnctx || !sum || !q || !lx)
 		goto fail;
-	BI = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
+	BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
 	if (!BI)
 		goto fail;
 	BI_point = EC_KEY_get0_public_key(BI);
@@ -1608,8 +1609,8 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 	if (!group)
 		goto fail;
 
-	bR = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
-	pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+	bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
+	pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key);
 	if (!bR || !pR)
 		goto fail;
 	bR_bn = EC_KEY_get0_private_key(bR);
@@ -1662,14 +1663,14 @@ int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
 	lx = BN_new();
 	if (!bnctx || !lx)
 		goto fail;
-	BR = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
-	PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
+	BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
+	PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key);
 	if (!BR || !PR)
 		goto fail;
 	BR_point = EC_KEY_get0_public_key(BR);
 	PR_point = EC_KEY_get0_public_key(PR);
 
-	bI = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
+	bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
 	if (!bI)
 		goto fail;
 	group = EC_KEY_get0_group(bI);
@@ -1731,7 +1732,7 @@ int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len)
 
 
 int dpp_derive_pmkid(const struct dpp_curve_params *curve,
-		     EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid)
+		     struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid)
 {
 	struct wpabuf *nkx, *pkx;
 	int ret = -1, res;
@@ -1981,13 +1982,13 @@ static const u8 pkex_resp_y_bp_p512r1[64] = {
 };
 
 
-static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
-					 int init)
+static struct crypto_ec_key * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
+						     int init)
 {
 	EC_GROUP *group;
 	size_t len = curve->prime_len;
 	const u8 *x, *y;
-	EVP_PKEY *res;
+	struct crypto_ec_key *res;
 
 	switch (curve->ike_group) {
 	case 19:
@@ -2037,7 +2038,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
 	size_t len[3];
 	unsigned int num_elem = 0;
 	EC_POINT *Qi = NULL;
-	EVP_PKEY *Pi = NULL;
+	struct crypto_ec_key *Pi = NULL;
 	const EC_KEY *Pi_ec;
 	const EC_POINT *Pi_point;
 	BIGNUM *hash_bn = NULL;
@@ -2070,7 +2071,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
 	if (!Pi)
 		goto fail;
 	dpp_debug_print_key("DPP: Pi", Pi);
-	Pi_ec = EVP_PKEY_get0_EC_KEY(Pi);
+	Pi_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)Pi);
 	if (!Pi_ec)
 		goto fail;
 	Pi_point = EC_KEY_get0_public_key(Pi_ec);
@@ -2096,7 +2097,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
 	}
 	dpp_debug_print_point("DPP: Qi", group, Qi);
 out:
-	EVP_PKEY_free(Pi);
+	crypto_ec_key_deinit(Pi);
 	BN_clear_free(hash_bn);
 	if (ret_group && Qi)
 		*ret_group = group2;
@@ -2120,7 +2121,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
 	size_t len[3];
 	unsigned int num_elem = 0;
 	EC_POINT *Qr = NULL;
-	EVP_PKEY *Pr = NULL;
+	struct crypto_ec_key *Pr = NULL;
 	const EC_KEY *Pr_ec;
 	const EC_POINT *Pr_point;
 	BIGNUM *hash_bn = NULL;
@@ -2153,7 +2154,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
 	if (!Pr)
 		goto fail;
 	dpp_debug_print_key("DPP: Pr", Pr);
-	Pr_ec = EVP_PKEY_get0_EC_KEY(Pr);
+	Pr_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)Pr);
 	if (!Pr_ec)
 		goto fail;
 	Pr_point = EC_KEY_get0_public_key(Pr_ec);
@@ -2179,7 +2180,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
 	}
 	dpp_debug_print_point("DPP: Qr", group, Qr);
 out:
-	EVP_PKEY_free(Pr);
+	crypto_ec_key_deinit(Pr);
 	BN_clear_free(hash_bn);
 	if (ret_group && Qr)
 		*ret_group = group2;
@@ -2258,7 +2259,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
 				     struct json_token *peer_net_access_key)
 {
 	BN_CTX *bnctx = NULL;
-	EVP_PKEY *own_key = NULL, *peer_key = NULL;
+	struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
 	BIGNUM *sum = NULL, *q = NULL, *mx = NULL;
 	EC_POINT *m = NULL;
 	const EC_KEY *cR, *pR;
@@ -2303,8 +2304,8 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
 			auth->e_nonce, auth->curve->nonce_len);
 
 	/* M = { cR + pR } * CI */
-	cR = EVP_PKEY_get0_EC_KEY(own_key);
-	pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+	cR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)own_key);
+	pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key);
 	if (!pR)
 		goto fail;
 	group = EC_KEY_get0_group(pR);
@@ -2319,7 +2320,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
 	pR_bn = EC_KEY_get0_private_key(pR);
 	if (!cR_bn || !pR_bn)
 		goto fail;
-	CI = EVP_PKEY_get0_EC_KEY(peer_key);
+	CI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)peer_key);
 	CI_point = EC_KEY_get0_public_key(CI);
 	if (EC_GROUP_get_order(group, q, bnctx) != 1 ||
 	    BN_mod_add(sum, cR_bn, pR_bn, q, bnctx) != 1 ||
@@ -2355,7 +2356,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
 			auth->ke, curve->hash_len);
 
 	res = 0;
-	EVP_PKEY_free(auth->reconfig_old_protocol_key);
+	crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
 	auth->reconfig_old_protocol_key = own_key;
 	own_key = NULL;
 fail:
@@ -2365,8 +2366,8 @@ fail:
 	BN_free(q);
 	BN_clear_free(mx);
 	BN_clear_free(sum);
-	EVP_PKEY_free(own_key);
-	EVP_PKEY_free(peer_key);
+	crypto_ec_key_deinit(own_key);
+	crypto_ec_key_deinit(peer_key);
 	BN_CTX_free(bnctx);
 	return res;
 }
@@ -2377,7 +2378,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
 				     struct json_token *net_access_key)
 {
 	BN_CTX *bnctx = NULL;
-	EVP_PKEY *pr = NULL, *peer_key = NULL;
+	struct crypto_ec_key *pr = NULL, *peer_key = NULL;
 	EC_POINT *sum = NULL, *m = NULL;
 	BIGNUM *mx = NULL;
 	const EC_KEY *cI, *CR, *PR;
@@ -2397,7 +2398,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
 		goto fail;
 	}
 	dpp_debug_print_key("Peer (Responder) Protocol Key", pr);
-	EVP_PKEY_free(auth->peer_protocol_key);
+	crypto_ec_key_deinit(auth->peer_protocol_key);
 	auth->peer_protocol_key = pr;
 	pr = NULL;
 
@@ -2413,15 +2414,15 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
 	}
 
 	/* M = cI * { CR + PR } */
-	cI = EVP_PKEY_get0_EC_KEY(auth->conf->connector_key);
+	cI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->conf->connector_key);
 	cI_bn = EC_KEY_get0_private_key(cI);
 	group = EC_KEY_get0_group(cI);
 	bnctx = BN_CTX_new();
 	sum = EC_POINT_new(group);
 	m = EC_POINT_new(group);
 	mx = BN_new();
-	CR = EVP_PKEY_get0_EC_KEY(peer_key);
-	PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
+	CR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)peer_key);
+	PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key);
 	CR_point = EC_KEY_get0_public_key(CR);
 	PR_point = EC_KEY_get0_public_key(PR);
 	if (!bnctx || !sum || !m || !mx ||
@@ -2456,8 +2457,8 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
 fail:
 	forced_memzero(prk, sizeof(prk));
 	forced_memzero(Mx, sizeof(Mx));
-	EVP_PKEY_free(pr);
-	EVP_PKEY_free(peer_key);
+	crypto_ec_key_deinit(pr);
+	crypto_ec_key_deinit(peer_key);
 	EC_POINT_clear_free(sum);
 	EC_POINT_clear_free(m);
 	BN_clear_free(mx);
@@ -2524,7 +2525,7 @@ dpp_build_conn_signature(struct dpp_configurator *conf,
 		goto fail;
 
 	ERR_clear_error();
-	if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, conf->csign) != 1) {
+	if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, (EVP_PKEY *)conf->csign) != 1) {
 		wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignInit failed: %s",
 			   ERR_error_string(ERR_get_error(), NULL));
 		goto fail;
@@ -2618,7 +2619,7 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
 			      size_t net_access_key_len)
 {
 	struct wpabuf *pub = NULL;
-	EVP_PKEY *own_key;
+	struct crypto_ec_key *own_key;
 	struct dpp_pfs *pfs;
 
 	pfs = os_zalloc(sizeof(*pfs));
@@ -2631,7 +2632,7 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
 		wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
 		goto fail;
 	}
-	EVP_PKEY_free(own_key);
+	crypto_ec_key_deinit(own_key);
 
 	pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group);
 	if (!pfs->ecdh)
@@ -2700,7 +2701,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
 	struct wpabuf *buf = NULL;
 	unsigned char *der;
 	int der_len;
-	EVP_PKEY *key;
+	struct crypto_ec_key *key;
 	const EVP_MD *sign_md;
 	unsigned int hash_len = auth->curve->hash_len;
 	EC_KEY *eckey;
@@ -2716,7 +2717,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
 	 * a specific group to be used */
 	key = auth->own_protocol_key;
 
-	eckey = EVP_PKEY_get1_EC_KEY(key);
+	eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key);
 	if (!eckey)
 		goto fail;
 	der = NULL;
@@ -2730,7 +2731,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
 		goto fail;
 
 	req = X509_REQ_new();
-	if (!req || !X509_REQ_set_pubkey(req, key))
+	if (!req || !X509_REQ_set_pubkey(req, (EVP_PKEY *)key))
 		goto fail;
 
 	if (name) {
@@ -2780,7 +2781,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
 		goto fail;
 	}
 
-	if (!X509_REQ_sign(req, key, sign_md))
+	if (!X509_REQ_sign(req, (EVP_PKEY *)key, sign_md))
 		goto fail;
 
 	der = NULL;
@@ -3012,7 +3013,7 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
 					     size_t pp_key_len)
 {
 	const unsigned char *p;
-	EVP_PKEY *csign = NULL, *ppkey = NULL;
+	struct crypto_ec_key *csign = NULL, *ppkey = NULL;
 	struct dpp_reconfig_id *id = NULL;
 	BN_CTX *ctx = NULL;
 	BIGNUM *bn = NULL, *q = NULL;
@@ -3021,18 +3022,18 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
 	EC_POINT *e_id = NULL;
 
 	p = csign_key;
-	csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+	csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len);
 	if (!csign)
 		goto fail;
 
 	if (!pp_key)
 		goto fail;
 	p = pp_key;
-	ppkey = d2i_PUBKEY(NULL, &p, pp_key_len);
+	ppkey = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, pp_key_len);
 	if (!ppkey)
 		goto fail;
 
-	eckey = EVP_PKEY_get0_EC_KEY(csign);
+	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)csign);
 	if (!eckey)
 		goto fail;
 	group = EC_KEY_get0_group(eckey);
@@ -3063,16 +3064,16 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
 	ppkey = NULL;
 fail:
 	EC_POINT_free(e_id);
-	EVP_PKEY_free(csign);
-	EVP_PKEY_free(ppkey);
+	crypto_ec_key_deinit(csign);
+	crypto_ec_key_deinit(ppkey);
 	BN_clear_free(bn);
 	BN_CTX_free(ctx);
 	return id;
 }
 
 
-static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group,
-				      const EC_POINT *point)
+static struct crypto_ec_key * dpp_pkey_from_point(const EC_GROUP *group,
+						  const EC_POINT *point)
 {
 	EC_KEY *eckey;
 	EVP_PKEY *pkey = NULL;
@@ -3098,7 +3099,7 @@ static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group,
 
 fail:
 	EC_KEY_free(eckey);
-	return pkey;
+	return (struct crypto_ec_key *)pkey;
 }
 
 
@@ -3111,7 +3112,7 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
 	const EC_KEY *pp;
 	const EC_POINT *pp_point;
 
-	pp = EVP_PKEY_get0_EC_KEY(id->pp_key);
+	pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)id->pp_key);
 	if (!pp)
 		goto fail;
 	pp_point = EC_KEY_get0_public_key(pp);
@@ -3135,8 +3136,8 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
 	dpp_debug_print_point("DPP: Encrypted E-id to E'-id",
 			      id->group, e_prime_id);
 
-	EVP_PKEY_free(id->a_nonce);
-	EVP_PKEY_free(id->e_prime_id);
+	crypto_ec_key_deinit(id->a_nonce);
+	crypto_ec_key_deinit(id->e_prime_id);
 	id->a_nonce = dpp_pkey_from_point(id->group, a_nonce);
 	id->e_prime_id = dpp_pkey_from_point(id->group, e_prime_id);
 	if (!id->a_nonce || !id->e_prime_id)
@@ -3157,17 +3158,17 @@ void dpp_free_reconfig_id(struct dpp_reconfig_id *id)
 {
 	if (id) {
 		EC_POINT_clear_free(id->e_id);
-		EVP_PKEY_free(id->csign);
-		EVP_PKEY_free(id->a_nonce);
-		EVP_PKEY_free(id->e_prime_id);
-		EVP_PKEY_free(id->pp_key);
+		crypto_ec_key_deinit(id->csign);
+		crypto_ec_key_deinit(id->a_nonce);
+		crypto_ec_key_deinit(id->e_prime_id);
+		crypto_ec_key_deinit(id->pp_key);
 		os_free(id);
 	}
 }
 
 
-EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
-			    EVP_PKEY *e_prime_id)
+EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey, struct crypto_ec_key *a_nonce,
+			    struct crypto_ec_key *e_prime_id)
 {
 	const EC_KEY *pp_ec, *a_nonce_ec, *e_prime_id_ec;
 	const BIGNUM *pp_bn;
@@ -3180,9 +3181,9 @@ EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
 		return NULL;
 
 	/* E-id = E'-id - s_C * A-NONCE */
-	pp_ec = EVP_PKEY_get0_EC_KEY(ppkey);
-	a_nonce_ec = EVP_PKEY_get0_EC_KEY(a_nonce);
-	e_prime_id_ec = EVP_PKEY_get0_EC_KEY(e_prime_id);
+	pp_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)ppkey);
+	a_nonce_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)a_nonce);
+	e_prime_id_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)e_prime_id);
 	if (!pp_ec || !a_nonce_ec || !e_prime_id_ec)
 		return NULL;
 	pp_bn = EC_KEY_get0_private_key(pp_ec);
diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h
index af12467a5..6deb34737 100644
--- a/src/common/dpp_i.h
+++ b/src/common/dpp_i.h
@@ -37,10 +37,10 @@ struct wpabuf * dpp_build_conn_status(enum dpp_status_error result,
 struct json_token * dpp_parse_own_connector(const char *own_connector);
 int dpp_connector_match_groups(struct json_token *own_root,
 			       struct json_token *peer_root, bool reconfig);
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
+int dpp_build_jwk(struct wpabuf *buf, const char *name, struct crypto_ec_key *key,
 		  const char *kid, const struct dpp_curve_params *curve);
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
-			 const struct dpp_curve_params **key_curve);
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+				     const struct dpp_curve_params **key_curve);
 int dpp_prepare_channel_list(struct dpp_authentication *auth,
 			     unsigned int neg_freq,
 			     struct hostapd_hw_modes *own_modes, u16 num_modes);
@@ -65,7 +65,7 @@ struct dpp_signed_connector_info {
 
 enum dpp_status_error
 dpp_process_signed_connector(struct dpp_signed_connector_info *info,
-			     EVP_PKEY *csign_pub, const char *connector);
+			     struct crypto_ec_key *csign_pub, const char *connector);
 enum dpp_status_error
 dpp_check_signed_connector(struct dpp_signed_connector_info *info,
 			   const u8 *csign_key, size_t csign_key_len,
@@ -76,21 +76,22 @@ const struct dpp_curve_params * dpp_get_curve_nid(int nid);
 const struct dpp_curve_params * dpp_get_curve_ike_group(u16 group);
 int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi,
 		       const u8 *data, size_t data_len);
-struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix);
-EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
-				      const u8 *buf_x, const u8 *buf_y,
-				      size_t len);
-EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len);
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix);
+struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group,
+						  const u8 *buf_x, const u8 *buf_y,
+						  size_t len);
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+					    const u8 *buf, size_t len);
 int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len);
 int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
 		    const char *label, u8 *out, size_t outlen);
 int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
 		    size_t num_elem, const u8 *addr[], const size_t *len,
 		    u8 *mac);
-int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len);
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer, u8 *secret, size_t *secret_len);
 void dpp_debug_print_point(const char *title, const EC_GROUP *group,
 			   const EC_POINT *point);
-void dpp_debug_print_key(const char *title, EVP_PKEY *key);
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key);
 int dpp_pbkdf2(size_t hash_len, const u8 *password, size_t password_len,
 	       const u8 *salt, size_t salt_len, unsigned int iterations,
 	       u8 *buf, size_t buflen);
@@ -99,9 +100,9 @@ int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi,
 int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
 int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
 	       const u8 *privkey, size_t privkey_len);
-EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
-			   const u8 *privkey, size_t privkey_len);
-EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve);
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+				       const u8 *privkey, size_t privkey_len);
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve);
 int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, unsigned int hash_len);
 int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, unsigned int hash_len);
 int dpp_derive_bk_ke(struct dpp_authentication *auth);
@@ -111,7 +112,7 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth);
 int dpp_auth_derive_l_initiator(struct dpp_authentication *auth);
 int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len);
 int dpp_derive_pmkid(const struct dpp_curve_params *curve,
-		     EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid);
+		     struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid);
 EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
 			      const u8 *mac_init, const char *code,
 			      const char *identifier, BN_CTX *bnctx,
@@ -133,8 +134,8 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
 int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
 				     const u8 *r_proto, u16 r_proto_len,
 				     struct json_token *net_access_key);
-EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
-			    EVP_PKEY *e_prime_id);
+EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey, struct crypto_ec_key *a_nonce,
+			    struct crypto_ec_key *e_prime_id);
 char * dpp_sign_connector(struct dpp_configurator *conf,
 			  const struct wpabuf *dppcon);
 int dpp_test_gen_invalid_key(struct wpabuf *msg,
@@ -143,10 +144,10 @@ int dpp_test_gen_invalid_key(struct wpabuf *msg,
 struct dpp_reconfig_id {
 	const EC_GROUP *group;
 	EC_POINT *e_id; /* E-id */
-	EVP_PKEY *csign;
-	EVP_PKEY *a_nonce; /* A-NONCE */
-	EVP_PKEY *e_prime_id; /* E'-id */
-	EVP_PKEY *pp_key;
+	struct crypto_ec_key *csign;
+	struct crypto_ec_key *a_nonce; /* A-NONCE */
+	struct crypto_ec_key *e_prime_id; /* E'-id */
+	struct crypto_ec_key *pp_key;
 };
 
 /* dpp_tcp.c */
diff --git a/src/common/dpp_pkex.c b/src/common/dpp_pkex.c
index 807ab7d0a..cde46ac39 100644
--- a/src/common/dpp_pkex.c
+++ b/src/common/dpp_pkex.c
@@ -86,7 +86,7 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
 		goto fail;
 
 	/* M = X + Qi */
-	X_ec = EVP_PKEY_get0_EC_KEY(pkex->x);
+	X_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)pkex->x);
 	if (!X_ec)
 		goto fail;
 	X_point = EC_KEY_get0_public_key(X_ec);
@@ -477,9 +477,9 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
 	    EC_KEY_set_group(X_ec, group) != 1 ||
 	    EC_KEY_set_public_key(X_ec, X) != 1)
 		goto fail;
-	pkex->x = EVP_PKEY_new();
+	pkex->x = (struct crypto_ec_key *)EVP_PKEY_new();
 	if (!pkex->x ||
-	    EVP_PKEY_set1_EC_KEY(pkex->x, X_ec) != 1)
+	    EVP_PKEY_set1_EC_KEY((EVP_PKEY *)pkex->x, X_ec) != 1)
 		goto fail;
 
 	/* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */
@@ -507,7 +507,7 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
 		goto fail;
 
 	/* N = Y + Qr */
-	Y_ec = EVP_PKEY_get0_EC_KEY(pkex->y);
+	Y_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)pkex->y);
 	if (!Y_ec)
 		goto fail;
 	Y_point = EC_KEY_get0_public_key(Y_ec);
@@ -801,9 +801,9 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 	    EC_KEY_set_group(Y_ec, group) != 1 ||
 	    EC_KEY_set_public_key(Y_ec, Y) != 1)
 		goto fail;
-	pkex->y = EVP_PKEY_new();
+	pkex->y = (struct crypto_ec_key *)EVP_PKEY_new();
 	if (!pkex->y ||
-	    EVP_PKEY_set1_EC_KEY(pkex->y, Y_ec) != 1)
+	    EVP_PKEY_set1_EC_KEY((EVP_PKEY *)pkex->y, Y_ec) != 1)
 		goto fail;
 	if (dpp_ecdh(pkex->own_bi->pubkey, pkex->y, Jx, &Jx_len) < 0)
 		goto fail;
@@ -1315,9 +1315,9 @@ void dpp_pkex_free(struct dpp_pkex *pkex)
 
 	os_free(pkex->identifier);
 	os_free(pkex->code);
-	EVP_PKEY_free(pkex->x);
-	EVP_PKEY_free(pkex->y);
-	EVP_PKEY_free(pkex->peer_bootstrap_key);
+	crypto_ec_key_deinit(pkex->x);
+	crypto_ec_key_deinit(pkex->y);
+	crypto_ec_key_deinit(pkex->peer_bootstrap_key);
 	wpabuf_free(pkex->exchange_req);
 	wpabuf_free(pkex->exchange_resp);
 	os_free(pkex);
diff --git a/src/common/dpp_reconfig.c b/src/common/dpp_reconfig.c
index c4a027363..a6959c1bc 100644
--- a/src/common/dpp_reconfig.c
+++ b/src/common/dpp_reconfig.c
@@ -40,7 +40,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
 						struct dpp_reconfig_id *id)
 {
 	struct wpabuf *msg = NULL;
-	EVP_PKEY *csign = NULL;
+	struct crypto_ec_key *csign = NULL;
 	const unsigned char *p;
 	struct wpabuf *uncomp;
 	u8 hash[SHA256_MAC_LEN];
@@ -49,7 +49,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
 	int res;
 	size_t attr_len;
 	const struct dpp_curve_params *own_curve;
-	EVP_PKEY *own_key;
+	struct crypto_ec_key *own_key;
 	struct wpabuf *a_nonce = NULL, *e_id = NULL;
 
 	wpa_printf(MSG_DEBUG, "DPP: Build Reconfig Announcement frame");
@@ -62,7 +62,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
 	}
 
 	p = csign_key;
-	csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+	csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len);
 	if (!csign) {
 		wpa_printf(MSG_ERROR,
 			   "DPP: Failed to parse local C-sign-key information");
@@ -70,7 +70,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
 	}
 
 	uncomp = dpp_get_pubkey_point(csign, 1);
-	EVP_PKEY_free(csign);
+	crypto_ec_key_deinit(csign);
 	if (!uncomp)
 		goto fail;
 	addr[0] = wpabuf_head(uncomp);
@@ -126,7 +126,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
 fail:
 	wpabuf_free(a_nonce);
 	wpabuf_free(e_id);
-	EVP_PKEY_free(own_key);
+	crypto_ec_key_deinit(own_key);
 	return msg;
 }
 
@@ -230,7 +230,7 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx,
 {
 	struct dpp_authentication *auth;
 	const struct dpp_curve_params *curve;
-	EVP_PKEY *a_nonce, *e_prime_id;
+	struct crypto_ec_key *a_nonce, *e_prime_id;
 	EC_POINT *e_id;
 
 	curve = dpp_get_curve_ike_group(group);
@@ -260,13 +260,13 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx,
 	e_prime_id = dpp_set_pubkey_point(conf->csign, e_id_attr, e_id_len);
 	if (!e_prime_id) {
 		wpa_printf(MSG_INFO, "DPP: Invalid E'-id");
-		EVP_PKEY_free(a_nonce);
+		crypto_ec_key_deinit(a_nonce);
 		return NULL;
 	}
 	dpp_debug_print_key("E'-id", e_prime_id);
 	e_id = dpp_decrypt_e_id(conf->pp_key, a_nonce, e_prime_id);
-	EVP_PKEY_free(a_nonce);
-	EVP_PKEY_free(e_prime_id);
+	crypto_ec_key_deinit(a_nonce);
+	crypto_ec_key_deinit(e_prime_id);
 	if (!e_id) {
 		wpa_printf(MSG_INFO, "DPP: Could not decrypt E'-id");
 		return NULL;
-- 
2.17.0


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux