Make the EVP Key Exchange code provider aware
authorMatt Caswell <matt@openssl.org>
Thu, 27 Jun 2019 09:48:17 +0000 (10:48 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 16 Jul 2019 09:16:32 +0000 (10:16 +0100)
We introduce a new EVP_KEYEXCH type to represent key exchange algorithms
and refactor the existing code to use it where available.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9266)

14 files changed:
crypto/err/openssl.txt
crypto/evp/build.info
crypto/evp/evp_lib.c
crypto/evp/evp_locl.h
crypto/evp/exchange.c [new file with mode: 0644]
crypto/evp/pmeth_fn.c
crypto/evp/pmeth_lib.c
crypto/include/internal/evp_int.h
crypto/params.c
include/openssl/core_names.h
include/openssl/core_numbers.h
include/openssl/evp.h
include/openssl/ossl_typ.h
util/libcrypto.num

index a8f28dc..4608938 100644 (file)
@@ -807,6 +807,7 @@ EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate
 EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
 EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
 EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
+EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch
 EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl
 EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str
 EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new
@@ -838,6 +839,7 @@ EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init
 EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old
 EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive
 EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init
+EVP_F_EVP_PKEY_DERIVE_INIT_EX:243:EVP_PKEY_derive_init_ex
 EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer
 EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt
 EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init
index fa49f2e..5030f3f 100644 (file)
@@ -15,7 +15,7 @@ SOURCE[../../libcrypto]=$COMMON\
         e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c \
-        mac_lib.c c_allm.c pkey_mac.c
+        mac_lib.c c_allm.c pkey_mac.c exchange.c
 SOURCE[../../providers/fips]=$COMMON
 
 INCLUDE[e_aes.o]=.. ../modes
index 615206b..3e64a1f 100644 (file)
@@ -13,6 +13,7 @@
 #include <openssl/objects.h>
 #include <openssl/params.h>
 #include <openssl/core_names.h>
+#include <openssl/dh.h>
 #include "internal/evp_int.h"
 #include "internal/provider.h"
 #include "evp_locl.h"
@@ -726,3 +727,133 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen),
     OPENSSL_free(bin);
     return rv;
 }
+
+#ifndef FIPS_MODE
+/*
+ * TODO(3.0): Temporarily unavailable in FIPS mode. This will need to be added
+ * in later.
+ */
+
+#define MAX_PARAMS 10
+typedef struct {
+    /* Number of the current param */
+    size_t curr;
+    struct {
+        /* Key for the current param */
+        const char *key;
+        /* Value for the current param */
+        const BIGNUM *bnparam;
+        /* Size of the buffer required for the BN */
+        size_t bufsz;
+    } params[MAX_PARAMS];
+    /* Running count of the total size required */
+    size_t totsz;
+    int ispublic;
+} PARAMS_TEMPLATE;
+
+static int push_param_bn(PARAMS_TEMPLATE *tmpl, const char *key,
+                         const BIGNUM *bn)
+{
+    int sz;
+
+    sz = BN_num_bytes(bn);
+    if (sz <= 0)
+        return 0;
+    tmpl->params[tmpl->curr].key = key;
+    tmpl->params[tmpl->curr].bnparam = bn;
+    tmpl->params[tmpl->curr++].bufsz = (size_t)sz;
+    tmpl->totsz += sizeof(OSSL_PARAM) + (size_t)sz;
+
+    return 1;
+}
+
+static OSSL_PARAM *param_template_to_param(PARAMS_TEMPLATE *tmpl, size_t *sz)
+{
+    size_t i;
+    void *buf;
+    OSSL_PARAM *param = NULL;
+    unsigned char *currbuf = NULL;
+
+    if (tmpl->totsz == 0)
+        return NULL;
+
+    /* Add some space for the end of OSSL_PARAM marker */
+    tmpl->totsz += sizeof(*param);
+
+    if (tmpl->ispublic)
+        buf = OPENSSL_zalloc(tmpl->totsz);
+    else
+        buf = OPENSSL_secure_zalloc(tmpl->totsz);
+    if (buf == NULL)
+        return NULL;
+    param = buf;
+
+    currbuf = (unsigned char *)buf + (sizeof(*param) * (tmpl->curr + 1));
+
+    for (i = 0; i < tmpl->curr; i++) {
+        if (!ossl_assert((currbuf - (unsigned char *)buf )
+                         + tmpl->params[i].bufsz <= tmpl->totsz))
+            goto err;
+        if (BN_bn2nativepad(tmpl->params[i].bnparam, currbuf,
+                            tmpl->params[i].bufsz) < 0)
+            goto err;
+        param[i] = OSSL_PARAM_construct_BN(tmpl->params[i].key, currbuf,
+                                           tmpl->params[i].bufsz);
+        currbuf += tmpl->params[i].bufsz;
+    }
+    param[i] = OSSL_PARAM_construct_end();
+
+    if (sz != NULL)
+        *sz = tmpl->totsz;
+    return param;
+
+ err:
+    if (tmpl->ispublic)
+        OPENSSL_free(param);
+    else
+        OPENSSL_clear_free(param, tmpl->totsz);
+    return NULL;
+}
+
+static OSSL_PARAM *evp_pkey_dh_to_param(EVP_PKEY *pkey, size_t *sz)
+{
+    DH *dh = pkey->pkey.dh;
+    PARAMS_TEMPLATE tmpl = {0};
+    const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh);
+    const BIGNUM *pub_key = DH_get0_pub_key(dh);
+    const BIGNUM *priv_key = DH_get0_priv_key(dh);
+
+    if (p == NULL || g == NULL || pub_key == NULL)
+        return NULL;
+
+    if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_P, p)
+            || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_G, g)
+            || !push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
+        return NULL;
+
+    if (q != NULL) {
+        if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_Q, q))
+            return NULL;
+    }
+
+    if (priv_key != NULL) {
+        if (!push_param_bn(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key))
+            return NULL;
+    } else {
+        tmpl.ispublic = 1;
+    }
+
+    return param_template_to_param(&tmpl, sz);
+}
+
+OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz)
+{
+    switch (pkey->type) {
+    case EVP_PKEY_DH:
+        return evp_pkey_dh_to_param(pkey, sz);
+    default:
+        return NULL;
+    }
+}
+
+#endif /* FIPS_MODE */
index b62f1e3..659305b 100644 (file)
@@ -9,6 +9,8 @@
 
 /* EVP_MD_CTX related stuff */
 
+#include <openssl/core_numbers.h>
+
 struct evp_md_ctx_st {
     const EVP_MD *reqdigest;    /* The original requested digest */
     const EVP_MD *digest;
@@ -60,6 +62,20 @@ struct evp_kdf_ctx_st {
     EVP_KDF_IMPL *impl;          /* Algorithm-specific data */
 } /* EVP_KDF_CTX */ ;
 
+struct evp_keyexch_st {
+    OSSL_PROVIDER *prov;
+    CRYPTO_REF_COUNT refcnt;
+    CRYPTO_RWLOCK *lock;
+
+    OSSL_OP_keyexch_newctx_fn *newctx;
+    OSSL_OP_keyexch_init_fn *init;
+    OSSL_OP_keyexch_set_peer_fn *set_peer;
+    OSSL_OP_keyexch_derive_fn *derive;
+    OSSL_OP_keyexch_freectx_fn *freectx;
+    OSSL_OP_keyexch_dupctx_fn *dupctx;
+} /* EVP_KEYEXCH */;
+
+
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
                              int passlen, ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md,
@@ -114,3 +130,23 @@ int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx,
                               OSSL_PARAM params[]);
 int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx,
                               OSSL_PARAM params[]);
+
+OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz);
+
+#define M_check_autoarg(ctx, arg, arglen, err) \
+    if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
+        size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey);         \
+                                                                  \
+        if (pksize == 0) {                                        \
+            EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/      \
+            return 0;                                             \
+        }                                                         \
+        if (arg == NULL) {                                        \
+            *arglen = pksize;                                     \
+            return 1;                                             \
+        }                                                         \
+        if (*arglen < pksize) {                                   \
+            EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
+            return 0;                                             \
+        }                                                         \
+    }
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
new file mode 100644 (file)
index 0000000..655d5a1
--- /dev/null
@@ -0,0 +1,354 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/refcount.h"
+#include "internal/evp_int.h"
+#include "internal/provider.h"
+#include "evp_locl.h"
+
+static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
+{
+    EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
+
+    exchange->lock = CRYPTO_THREAD_lock_new();
+    if (exchange->lock == NULL) {
+        OPENSSL_free(exchange);
+        return NULL;
+    }
+    exchange->prov = prov;
+    ossl_provider_up_ref(prov);
+    exchange->refcnt = 1;
+
+    return exchange;
+}
+
+static void *evp_keyexch_from_dispatch(const OSSL_DISPATCH *fns,
+                                       OSSL_PROVIDER *prov)
+{
+    EVP_KEYEXCH *exchange = NULL;
+    int fncnt = 0;
+
+    if ((exchange = evp_keyexch_new(prov)) == NULL)
+        return NULL;
+
+    for (; fns->function_id != 0; fns++) {
+        switch (fns->function_id) {
+        case OSSL_FUNC_KEYEXCH_NEWCTX:
+            if (exchange->newctx != NULL)
+                break;
+            exchange->newctx = OSSL_get_OP_keyexch_newctx(fns);
+            fncnt++;
+            break;
+        case OSSL_FUNC_KEYEXCH_INIT:
+            if (exchange->init != NULL)
+                break;
+            exchange->init = OSSL_get_OP_keyexch_init(fns);
+            fncnt++;
+            break;
+        case OSSL_FUNC_KEYEXCH_SET_PEER:
+            if (exchange->set_peer != NULL)
+                break;
+            exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns);
+            break;
+        case OSSL_FUNC_KEYEXCH_DERIVE:
+            if (exchange->derive != NULL)
+                break;
+            exchange->derive = OSSL_get_OP_keyexch_derive(fns);
+            fncnt++;
+            break;
+        case OSSL_FUNC_KEYEXCH_FREECTX:
+            if (exchange->freectx != NULL)
+                break;
+            exchange->freectx = OSSL_get_OP_keyexch_freectx(fns);
+            fncnt++;
+            break;
+        case OSSL_FUNC_KEYEXCH_DUPCTX:
+            if (exchange->dupctx != NULL)
+                break;
+            exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
+            break;
+        }
+    }
+    if (fncnt != 4) {
+        /*
+         * In order to be a consistent set of functions we must have at least
+         * a complete set of "exchange" functions: init, derive, newctx,
+         * and freectx. The dupctx and set_peer functions are optional.
+         */
+        EVP_KEYEXCH_free(exchange);
+        EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
+               EVP_R_INVALID_PROVIDER_FUNCTIONS);
+        return NULL;
+    }
+
+    return exchange;
+}
+
+void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
+{
+    if (exchange != NULL) {
+        int i;
+
+        CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
+        if (i > 0)
+            return;
+        ossl_provider_free(exchange->prov);
+        CRYPTO_THREAD_lock_free(exchange->lock);
+        OPENSSL_free(exchange);
+    }
+}
+
+int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
+{
+    int ref = 0;
+
+    CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
+    return 1;
+}
+
+EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                               const char *properties)
+{
+    return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
+                             evp_keyexch_from_dispatch,
+                             (int (*)(void *))EVP_KEYEXCH_up_ref,
+                             (void (*)(void *))EVP_KEYEXCH_free);
+}
+
+int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange)
+{
+    int ret;
+    OSSL_PARAM *param = NULL;
+    size_t paramsz = 0;
+
+    ctx->operation = EVP_PKEY_OP_DERIVE;
+
+    if (ctx->engine != NULL)
+        goto legacy;
+
+    if (exchange != NULL) {
+        if (!EVP_KEYEXCH_up_ref(exchange))
+            goto err;
+    } else {
+        int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;
+
+        /*
+         * TODO(3.0): Check for legacy handling. Remove this once all all
+         * algorithms are moved to providers.
+         */
+        if (ctx->pkey != NULL) {
+            switch (ctx->pkey->type) {
+#if 0
+            case EVP_PKEY_DH:
+                break;
+#endif
+            default:
+                goto legacy;
+            }
+            exchange = EVP_KEYEXCH_fetch(NULL, OBJ_nid2sn(nid), NULL);
+        } else {
+            goto legacy;
+        }
+
+        if (exchange == NULL) {
+            EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
+            goto err;
+        }
+    }
+
+    if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
+        ctx->exchange->freectx(ctx->exchprovctx);
+    EVP_KEYEXCH_free(ctx->exchange);
+    ctx->exchange = exchange;
+    if (ctx->pkey != NULL) {
+        param = evp_pkey_to_param(ctx->pkey, &paramsz);
+        if (param == NULL) {
+            EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
+            goto err;
+        }
+    }
+    ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
+    if (ctx->exchprovctx == NULL) {
+        OPENSSL_secure_clear_free(param, paramsz);
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
+        goto err;
+    }
+    ret = exchange->init(ctx->exchprovctx, param);
+    /*
+     * TODO(3.0): Really we should detect whether to call OPENSSL_free or
+     * OPENSSL_secure_clear_free based on the presence of a private key or not.
+     * Since we always expect a private key to be present we just call
+     * OPENSSL_secure_clear_free for now.
+     */
+    OPENSSL_secure_clear_free(param, paramsz);
+
+    return ret ? 1 : 0;
+ err:
+    ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return 0;
+
+ legacy:
+    if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    if (ctx->pmeth->derive_init == NULL)
+        return 1;
+    ret = ctx->pmeth->derive_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+{
+    return EVP_PKEY_derive_init_ex(ctx, NULL);
+}
+
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
+{
+    int ret;
+    OSSL_PARAM *param = NULL;
+
+    if (ctx == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    if (ctx->exchprovctx == NULL)
+        goto legacy;
+
+    if (ctx->operation != EVP_PKEY_OP_DERIVE) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ctx->exchange->set_peer == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    param = evp_pkey_to_param(peer, NULL);
+    if (param == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    ret = ctx->exchange->set_peer(ctx->exchprovctx, param);
+    /*
+     * TODO(3.0): Really we should detect whether to call OPENSSL_free or
+     * OPENSSL_secure_clear_free based on the presence of a private key or not.
+     * Since we always expect a public key to be present we just call
+     * OPENSSL_free for now.
+     */
+    OPENSSL_free(param);
+
+    return ret;
+
+ legacy:
+    if (ctx->pmeth == NULL
+        || !(ctx->pmeth->derive != NULL
+             || ctx->pmeth->encrypt != NULL
+             || ctx->pmeth->decrypt != NULL)
+        || ctx->pmeth->ctrl == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE
+        && ctx->operation != EVP_PKEY_OP_ENCRYPT
+        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
+
+    if (ret <= 0)
+        return ret;
+
+    if (ret == 2)
+        return 1;
+
+    if (ctx->pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+        return -1;
+    }
+
+    if (ctx->pkey->type != peer->type) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
+        return -1;
+    }
+
+    /*
+     * For clarity.  The error is if parameters in peer are
+     * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
+     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
+     * (different key types) is impossible here because it is checked earlier.
+     * -2 is OK for us here, as well as 1, so we can check for 0 only.
+     */
+    if (!EVP_PKEY_missing_parameters(peer) &&
+        !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
+        return -1;
+    }
+
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+
+    if (ret <= 0) {
+        ctx->peerkey = NULL;
+        return ret;
+    }
+
+    EVP_PKEY_up_ref(peer);
+    return 1;
+}
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
+{
+    int ret;
+
+    if (ctx == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    if (ctx->operation != EVP_PKEY_OP_DERIVE) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ctx->exchprovctx == NULL)
+        goto legacy;
+
+    ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX);
+
+    return ret;
+ legacy:
+    if (ctx ==  NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
+        return ctx->pmeth->derive(ctx, key, pkeylen);
+}
index 187f7a6..51df2be 100644 (file)
@@ -9,28 +9,11 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "internal/cryptlib.h"
 #include "internal/evp_int.h"
-
-#define M_check_autoarg(ctx, arg, arglen, err) \
-    if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
-        size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey);         \
-                                                                  \
-        if (pksize == 0) {                                        \
-            EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/      \
-            return 0;                                             \
-        }                                                         \
-        if (!arg) {                                               \
-            *arglen = pksize;                                     \
-            return 1;                                             \
-        }                                                         \
-        if (*arglen < pksize) {                                   \
-            EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
-            return 0;                                             \
-        }                                                         \
-    }
+#include "evp_locl.h"
 
 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
 {
@@ -200,98 +183,3 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
     M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
         return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
 }
-
-int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
-{
-    int ret;
-    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    ctx->operation = EVP_PKEY_OP_DERIVE;
-    if (!ctx->pmeth->derive_init)
-        return 1;
-    ret = ctx->pmeth->derive_init(ctx);
-    if (ret <= 0)
-        ctx->operation = EVP_PKEY_OP_UNDEFINED;
-    return ret;
-}
-
-int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
-{
-    int ret;
-    if (!ctx || !ctx->pmeth
-        || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt)
-        || !ctx->pmeth->ctrl) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    if (ctx->operation != EVP_PKEY_OP_DERIVE
-        && ctx->operation != EVP_PKEY_OP_ENCRYPT
-        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-               EVP_R_OPERATON_NOT_INITIALIZED);
-        return -1;
-    }
-
-    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
-
-    if (ret <= 0)
-        return ret;
-
-    if (ret == 2)
-        return 1;
-
-    if (!ctx->pkey) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
-        return -1;
-    }
-
-    if (ctx->pkey->type != peer->type) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
-        return -1;
-    }
-
-    /*
-     * For clarity.  The error is if parameters in peer are
-     * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
-     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
-     * (different key types) is impossible here because it is checked earlier.
-     * -2 is OK for us here, as well as 1, so we can check for 0 only.
-     */
-    if (!EVP_PKEY_missing_parameters(peer) &&
-        !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
-        return -1;
-    }
-
-    EVP_PKEY_free(ctx->peerkey);
-    ctx->peerkey = peer;
-
-    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
-
-    if (ret <= 0) {
-        ctx->peerkey = NULL;
-        return ret;
-    }
-
-    EVP_PKEY_up_ref(peer);
-    return 1;
-}
-
-int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
-{
-    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    if (ctx->operation != EVP_PKEY_OP_DERIVE) {
-        EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
-        return -1;
-    }
-    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
-        return ctx->pmeth->derive(ctx, key, pkeylen);
-}
index 28fa047..b10663c 100644 (file)
@@ -16,6 +16,7 @@
 #include "internal/asn1_int.h"
 #include "internal/evp_int.h"
 #include "internal/numbers.h"
+#include "evp_locl.h"
 
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
 
@@ -253,7 +254,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
 {
     EVP_PKEY_CTX *rctx;
-    if (!pctx->pmeth || !pctx->pmeth->copy)
+
+    if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL))
+            && pctx->exchprovctx == NULL)
         return NULL;
 #ifndef OPENSSL_NO_ENGINE
     /* Make sure it's safe to copy a pkey context using an ENGINE */
@@ -262,31 +265,43 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
         return 0;
     }
 #endif
-    rctx = OPENSSL_malloc(sizeof(*rctx));
+    rctx = OPENSSL_zalloc(sizeof(*rctx));
     if (rctx == NULL) {
         EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
+    if (pctx->pkey != NULL)
+        EVP_PKEY_up_ref(pctx->pkey);
+    rctx->pkey = pctx->pkey;
+    rctx->operation = pctx->operation;
+
+    if (pctx->exchprovctx != NULL) {
+        if (!ossl_assert(pctx->exchange != NULL))
+            return NULL;
+        rctx->exchange = pctx->exchange;
+        if (!EVP_KEYEXCH_up_ref(rctx->exchange)) {
+            OPENSSL_free(rctx);
+            return NULL;
+        }
+        rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx);
+        if (rctx->exchprovctx == NULL) {
+            EVP_KEYEXCH_free(rctx->exchange);
+            OPENSSL_free(rctx);
+            return NULL;
+        }
+        return rctx;
+    }
+
     rctx->pmeth = pctx->pmeth;
 #ifndef OPENSSL_NO_ENGINE
     rctx->engine = pctx->engine;
 #endif
 
-    if (pctx->pkey)
-        EVP_PKEY_up_ref(pctx->pkey);
-
-    rctx->pkey = pctx->pkey;
-
     if (pctx->peerkey)
         EVP_PKEY_up_ref(pctx->peerkey);
-
     rctx->peerkey = pctx->peerkey;
 
-    rctx->data = NULL;
-    rctx->app_data = NULL;
-    rctx->operation = pctx->operation;
-
     if (pctx->pmeth->copy(rctx, pctx) > 0)
         return rctx;
 
@@ -355,6 +370,12 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
         return;
     if (ctx->pmeth && ctx->pmeth->cleanup)
         ctx->pmeth->cleanup(ctx);
+
+    if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
+        ctx->exchange->freectx(ctx->exchprovctx);
+
+    EVP_KEYEXCH_free(ctx->exchange);
+
     EVP_PKEY_free(ctx->pkey);
     EVP_PKEY_free(ctx->peerkey);
 #ifndef OPENSSL_NO_ENGINE
index da4ae0f..71833fa 100644 (file)
 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
 
 struct evp_pkey_ctx_st {
+    EVP_KEYEXCH *exchange;
+    void *exchprovctx;
+
+    /* Legacy fields below */
+
     /* Method associated with this operation */
     const EVP_PKEY_METHOD *pmeth;
     /* Engine that implements this method or NULL if builtin */
index 0c9e6f3..87a6682 100644 (file)
@@ -582,13 +582,6 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf)
                                 sizeof(size_t));
 }
 
-#ifndef FIPS_MODE
-/*
- * TODO(3.0): Make this available in FIPS mode.
- *
- * Temporarily we don't include these functions in FIPS mode to avoid pulling
- * in the entire BN sub-library into the module at this point.
- */
 int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val)
 {
     BIGNUM *b;
@@ -632,7 +625,6 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
     return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER,
                                 buf, bsize);
 }
-#endif
 
 int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val)
 {
index 4addcea..143668a 100644 (file)
@@ -56,6 +56,15 @@ extern "C" {
 #define OSSL_DIGEST_PARAM_PAD_TYPE  "pad_type"
 #define OSSL_DIGEST_PARAM_MICALG    "micalg"
 
+/* PKEY parameters */
+/* Diffie-Hellman Parameters */
+#define OSSL_PKEY_PARAM_DH_P         "dh-p"
+#define OSSL_PKEY_PARAM_DH_G         "dh-g"
+#define OSSL_PKEY_PARAM_DH_Q         "dh-q"
+/* Diffie-Hellman Keys */
+#define OSSL_PKEY_PARAM_DH_PUB_KEY   "dh-pub"
+#define OSSL_PKEY_PARAM_DH_PRIV_KEY  "dh-priv"
+
 # ifdef __cplusplus
 }
 # endif
index 37a3170..0a61c21 100644 (file)
@@ -229,6 +229,27 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx,
 OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx,
                                                     const OSSL_PARAM params[]))
 
+/* Key Exchange */
+
+# define OSSL_OP_KEYEXCH                               3
+
+# define OSSL_FUNC_KEYEXCH_NEWCTX                      1
+# define OSSL_FUNC_KEYEXCH_INIT                        2
+# define OSSL_FUNC_KEYEXCH_DERIVE                      3
+# define OSSL_FUNC_KEYEXCH_SET_PEER                    4
+# define OSSL_FUNC_KEYEXCH_FREECTX                     5
+# define OSSL_FUNC_KEYEXCH_DUPCTX                      6
+
+OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx))
+OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx,
+                                           OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx,  unsigned char *key,
+                                             size_t *keylen, size_t outlen))
+OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx,
+                                               OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx))
+
 # ifdef __cplusplus
 }
 # endif
index e781ebe..a2cb66a 100644 (file)
@@ -1477,6 +1477,7 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
                      unsigned char *out, size_t *outlen,
                      const unsigned char *in, size_t inlen);
 
+int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange);
 int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
@@ -1705,6 +1706,12 @@ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
 void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
                                      int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
                                                              EVP_MD_CTX *mctx));
+
+void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange);
+int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange);
+EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                               const char *properties);
+
 void EVP_add_alg_module(void);
 
 /*
index 202e366..76a9bee 100644 (file)
@@ -104,6 +104,8 @@ typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 typedef struct evp_kdf_st EVP_KDF;
 typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
 
+typedef struct evp_keyexch_st EVP_KEYEXCH;
+
 typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
 
 typedef struct hmac_ctx_st HMAC_CTX;
index 0ce8800..9e95e3e 100644 (file)
@@ -4679,3 +4679,7 @@ BN_priv_rand_ex                         4784      3_0_0   EXIST::FUNCTION:
 BN_rand_range_ex                        4785   3_0_0   EXIST::FUNCTION:
 BN_priv_rand_range_ex                   4786   3_0_0   EXIST::FUNCTION:
 BN_generate_prime_ex2                   4787   3_0_0   EXIST::FUNCTION:
+EVP_PKEY_derive_init_ex                 4788   3_0_0   EXIST::FUNCTION:
+EVP_KEYEXCH_free                        4789   3_0_0   EXIST::FUNCTION:
+EVP_KEYEXCH_up_ref                      4790   3_0_0   EXIST::FUNCTION:
+EVP_KEYEXCH_fetch                       4791   3_0_0   EXIST::FUNCTION: