Add key derivation support.

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 28624ccd6400e61abc7d7dcc034531692f567a46..d2e6aaff1e71b78f376948b5f6d065267d41c948 100644 (file)
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -209,6 +209,8 @@ const EVP_PKEY_METHOD dh_pkey_meth =
 
        0,0,
 
+       0,0,
+
        pkey_dh_ctrl,
        pkey_dh_ctrl_str
 

diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 364ba15a12c98915a1c845e637b0d8ec3855d0e3..306af267bbd0279c282bdd4db32c7ebc92968771 100644 (file)
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -245,6 +245,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth =
 
        0,0,
 
+       0,0,
+
        pkey_dsa_ctrl,
        pkey_dsa_ctrl_str
 

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index bb2d815f2d0af25efcf8c379f7852c33a91c54fc..d60781696a6c337fc589c6ac97688e0a0971c264 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1016,6 +1016,8 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_PKEY_DECRYPT                          104
 #define EVP_F_EVP_PKEY_DECRYPT_INIT                     138
 #define EVP_F_EVP_PKEY_DECRYPT_OLD                      151
+#define EVP_F_EVP_PKEY_DERIVE                           153
+#define EVP_F_EVP_PKEY_DERIVE_INIT                      154
 #define EVP_F_EVP_PKEY_ENCRYPT                          105
 #define EVP_F_EVP_PKEY_ENCRYPT_INIT                     139
 #define EVP_F_EVP_PKEY_ENCRYPT_OLD                      152

diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 97e5996a5f4c26babfc8d099f84cb1d37df2594e..50d5a712769765e11e4183b01833bf3a332c5568 100644 (file)
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -95,6 +95,8 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),     "EVP_PKEY_decrypt"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT),        "EVP_PKEY_decrypt_init"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE),      "EVP_PKEY_DERIVE"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_DERIVE_INIT"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),     "EVP_PKEY_encrypt"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT),        "EVP_PKEY_encrypt_init"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},

diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index 3edfd9949f441b9bf442c2dc1c97732cc9ba3386..fb1ebf4c80c459bc0b44b5037d76a23b066854eb 100644 (file)
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -241,6 +241,8 @@ struct evp_pkey_ctx_st
        const EVP_PKEY_METHOD *pmeth;
        /* Key: may be NULL */
        EVP_PKEY *pkey;
+       /* Peer key for key agreement, may be NULL */
+       EVP_PKEY *peerkey;
        /* Actual operation */
        int operation;
        /* Algorithm specific data */
@@ -297,6 +299,9 @@ struct evp_pkey_method_st
        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
                                        const unsigned char *in, int inlen);
 
+       int (*derive_init)(EVP_PKEY_CTX *ctx);
+       int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, int *keylen);
+
        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
 

diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index c7e21485e9fad08e450b006f1cc52bce0e0e92a4..0ad8098718ff617a2ae1ba280b9d710a311ff398 100644 (file)
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -243,3 +243,38 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
        }
 
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+       {
+       int ret;
+       if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+               {
+               EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+               return -2;
+               }
+       ctx->operation = EVP_PKEY_OP_DERIVE;
+       if (!ctx->pmeth->derive_init)
+               return 1;
+       ret = ctx->pmeth->derive_init(ctx);
+       if (ret <= 0)
+               ctx->operation = EVP_PKEY_OP_UNDEFINED;
+       return ret;
+       }
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, int *pkeylen)
+       {
+       if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+               {
+               EVPerr(EVP_F_EVP_PKEY_DERIVE,
+                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+               return -2;
+               }
+       if (ctx->operation != EVP_PKEY_OP_DERIVE)
+               {
+               EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+               return -1;
+               }
+       return ctx->pmeth->derive(ctx, key, pkeylen);
+       }
+

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index d54dd4e966053d500197b79d9ed39e27d25f459b..95b1e4ed3c3e5bf9828c232a7846d1748e7aa406 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -120,6 +120,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
        ret->pmeth = pmeth;
        ret->operation = EVP_PKEY_OP_UNDEFINED;
        ret->pkey = pkey;
+       ret->peerkey = NULL;
        if (pkey)
                CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
        ret->data = NULL;

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 3eebdf58bfc3f96c61a7e7544c4159b51a418785..5f357b98c6f11d2d3295cfdfc4a658651a76d49a 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -524,6 +524,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
        0,
        pkey_rsa_decrypt,
 
+       0,0,
+
        pkey_rsa_ctrl,
        pkey_rsa_ctrl_str