mbox series

[00/21] DPP: Remove direct dependency on OpenSSL

Message ID 20210628162538.21067-1-cedric.izoard@ceva-dsp.com
Headers show
Series DPP: Remove direct dependency on OpenSSL | expand

Message

Cedric Izoard June 28, 2021, 4:25 p.m. UTC 
The purpose of this series is to remove direct calls to OpenSSL
in DPP code and to use the crypto.h API instead.

The last 2 patches (CSR and PKCS7) will definitely need another
revision but I'm not sure what the best way to deal with this.

Cedric Izoard (21):
  Complete Documentation in crypto.h
  openssl: use EVP_PKEY as struct crypto_ec_key
  dpp: replace EVP_PKEY by struct crypto_ec_key
  dpp: move dpp_gen_keypair to crypto
  dpp: factorize conversion to ASN.1 ECPrivateKey
  dpp: replace dpp_get_pubkey_point by crypto_ec_key_get_pubkey_point
  dpp: move dpp_set_pubkey_point_group to crypto.h
  dpp: use crypto_ec_key_get_subject_public_key when possible
  dpp: use crypto_ec_key_parse_pub in dpp_get_subject_public_key
  dpp: use crypto_ec_key_parse_priv when possible
  dpp: Update pkex part to use crypto.h API
  dpp: Use ECDH from crypto.h
  dpp: Use crypto.h for authentication computation
  dpp: Update connector signing to use crypto.h
  dpp: Use crypto API for reconfig part
  dpp: Use crypto_ec_key_group to compare EC Key's group
  dpp: Add crypto_ec_key_cmp in crypto.h
  dpp: remove direct call to OpenSSL in dpp_test_gen_invalid_key
  dpp: Move debug print of EC key to crypto.h
  dpp: csr rewrote to use crypto.h
  dpp: rename dpp_pkcs7_certs to pkcs7_get_certificates

 src/common/dpp.c            |  169 ++--
 src/common/dpp.h            |   29 +-
 src/common/dpp_auth.c       |   18 +-
 src/common/dpp_backup.c     |   73 +-
 src/common/dpp_crypto.c     | 1860 +++++++++--------------------------
 src/common/dpp_i.h          |   64 +-
 src/common/dpp_pkex.c       |  278 ++----
 src/common/dpp_reconfig.c   |   34 +-
 src/crypto/crypto.h         |  354 ++++++-
 src/crypto/crypto_openssl.c |  827 +++++++++++++++-
 src/tls/pkcs7.h             |   13 +
 tests/hwsim/test_dpp.py     |   22 +-
 12 files changed, 1885 insertions(+), 1856 deletions(-)
 create mode 100644 src/tls/pkcs7.h

--
2.17.0

Comments

Jouni Malinen Oct. 28, 2021, 4:08 p.m. UTC | #1 
On Mon, Jun 28, 2021 at 06:25:17PM +0200, Cedric Izoard wrote:
> The purpose of this series is to remove direct calls to OpenSSL
> in DPP code and to use the crypto.h API instead.
> 
> The last 2 patches (CSR and PKCS7) will definitely need another
> revision but I'm not sure what the best way to deal with this.

Thanks, I applied patches 1-7, 9-11, and 13-21 with some cleanup. I
pulled in some of patch 8/21 as well except for the part I commented on
earlier.

I'm not sure what would be the best way of addressing the CSR and PKCS#7
operations, but for now, I applied the last two patches as well to get a
starting point in, but with the PKCS#7 function prototype moved into
crypto.h (src/tls/* is for the internal TLS library and not really very
good place for defining functions that are used with external
libraries).