check in v3.8.0 source

crypto/ecdh/ecdh_kdf.c

@@ -0,0 +1,119 @@
+/*
+ * Written by Stephen Henson for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *	notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *	notice, this list of conditions and the following disclaimer in
+ *	the documentation and/or other materials provided with the
+ *	distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *	software must display the following acknowledgment:
+ *	"This product includes software developed by the OpenSSL Project
+ *	for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *	endorse or promote products derived from this software without
+ *	prior written permission. For written permission, please contact
+ *	openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *	nor may "OpenSSL" appear in their names without prior written
+ *	permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *	acknowledgment:
+ *	"This product includes software developed by the OpenSSL Project
+ *	for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <string.h>
+
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+
+#include "ech_local.h"
+
+/*
+ * Key derivation function from X9.63/SECG.
+ */
+
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX	(1 << 30)
+
+int
+ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z,
+    size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md)
+{
+	EVP_MD_CTX *mctx = NULL;
+	unsigned int i;
+	size_t mdlen;
+	unsigned char ctr[4];
+	int rv = 0;
+
+	if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX ||
+	    Zlen > ECDH_KDF_MAX)
+		return 0;
+	mctx = EVP_MD_CTX_new();
+	if (mctx == NULL)
+		return 0;
+	mdlen = EVP_MD_size(md);
+	for (i = 1;; i++) {
+		unsigned char mtmp[EVP_MAX_MD_SIZE];
+		if (!EVP_DigestInit_ex(mctx, md, NULL))
+			goto err;
+		ctr[3] = i & 0xFF;
+		ctr[2] = (i >> 8) & 0xFF;
+		ctr[1] = (i >> 16) & 0xFF;
+		ctr[0] = (i >> 24) & 0xFF;
+		if (!EVP_DigestUpdate(mctx, Z, Zlen))
+			goto err;
+		if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+			goto err;
+		if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+			goto err;
+		if (outlen >= mdlen) {
+			if (!EVP_DigestFinal(mctx, out, NULL))
+				goto err;
+			outlen -= mdlen;
+			if (outlen == 0)
+				break;
+			out += mdlen;
+		} else {
+			if (!EVP_DigestFinal(mctx, mtmp, NULL))
+				goto err;
+			memcpy(out, mtmp, outlen);
+			explicit_bzero(mtmp, mdlen);
+			break;
+		}
+	}
+	rv = 1;
+
+ err:
+	EVP_MD_CTX_free(mctx);
+
+	return rv;
+}

crypto/ecdh/ech_err.c

@@ -0,0 +1,93 @@
+/* $OpenBSD: ech_err.c,v 1.7 2022/07/12 14:42:49 kn Exp $ */
+/* ====================================================================
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include <openssl/opensslconf.h>
+
+#include <openssl/err.h>
+#include <openssl/ecdh.h>
+
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
+
+static ERR_STRING_DATA ECDH_str_functs[]= {
+	{ERR_FUNC(0xfff), "CRYPTO_internal"},
+	{0, NULL}
+};
+
+static ERR_STRING_DATA ECDH_str_reasons[]= {
+	{ERR_REASON(ECDH_R_KDF_FAILED)           , "KDF failed"},
+	{ERR_REASON(ECDH_R_KEY_TRUNCATION), "key would be truncated"},
+	{ERR_REASON(ECDH_R_NON_FIPS_METHOD)      , "non fips method"},
+	{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     , "no private value"},
+	{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
+	{0, NULL}
+};
+
+#endif
+
+void
+ERR_load_ECDH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+	if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) {
+		ERR_load_strings(0, ECDH_str_functs);
+		ERR_load_strings(0, ECDH_str_reasons);
+	}
+#endif
+}

crypto/ecdh/ech_key.c

@@ -0,0 +1,229 @@
+/* $OpenBSD: ech_key.c,v 1.14 2022/11/26 16:08:52 tb Exp $ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+
+#include "bn_local.h"
+#include "ech_local.h"
+#include "ec_local.h"
+
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+    EC_KEY *ecdh,
+    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+
+/*
+ * This implementation is based on the following primitives in the IEEE 1363
+ * standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ * Finally an optional KDF is applied.
+ */
+static int
+ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+    EC_KEY *ecdh,
+    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+{
+	BN_CTX *ctx;
+	EC_POINT *tmp = NULL;
+	BIGNUM *x = NULL, *y = NULL;
+	const BIGNUM *priv_key;
+	const EC_GROUP* group;
+	int ret = -1;
+	size_t buflen, len;
+	unsigned char *buf = NULL;
+
+	if (outlen > INT_MAX) {
+		/* Sort of, anyway. */
+		ECDHerror(ERR_R_MALLOC_FAILURE);
+		return -1;
+	}
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	BN_CTX_start(ctx);
+	if ((x = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((y = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	priv_key = EC_KEY_get0_private_key(ecdh);
+	if (priv_key == NULL) {
+		ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
+		goto err;
+	}
+
+	group = EC_KEY_get0_group(ecdh);
+
+	if (!EC_POINT_is_on_curve(group, pub_key, ctx))
+		goto err;
+
+	if ((tmp = EC_POINT_new(group)) == NULL) {
+		ECDHerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+		ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
+		goto err;
+	}
+
+	if (!EC_POINT_get_affine_coordinates(group, tmp, x, y, ctx)) {
+		ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
+		goto err;
+	}
+
+	buflen = ECDH_size(ecdh);
+	len = BN_num_bytes(x);
+	if (len > buflen) {
+		ECDHerror(ERR_R_INTERNAL_ERROR);
+		goto err;
+	}
+	if (KDF == NULL && outlen < buflen) {
+		/* The resulting key would be truncated. */
+		ECDHerror(ECDH_R_KEY_TRUNCATION);
+		goto err;
+	}
+	if ((buf = malloc(buflen)) == NULL) {
+		ECDHerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	memset(buf, 0, buflen - len);
+	if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+		ECDHerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	if (KDF != NULL) {
+		if (KDF(buf, buflen, out, &outlen) == NULL) {
+			ECDHerror(ECDH_R_KDF_FAILED);
+			goto err;
+		}
+		ret = outlen;
+	} else {
+		/* No KDF, just copy out the key and zero the rest. */
+		if (outlen > buflen) {
+			memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen);
+			outlen = buflen;
+		}
+		memcpy(out, buf, outlen);
+		ret = outlen;
+	}
+
+err:
+	EC_POINT_free(tmp);
+	if (ctx)
+		BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+	free(buf);
+	return (ret);
+}
+
+static ECDH_METHOD openssl_ecdh_meth = {
+	.name = "OpenSSL ECDH method",
+	.compute_key = ecdh_compute_key
+};
+
+const ECDH_METHOD *
+ECDH_OpenSSL(void)
+{
+	return &openssl_ecdh_meth;
+}
+
+/* replace w/ ecdh_compute_key() when ECDH_METHOD gets removed */
+int
+ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+    EC_KEY *eckey,
+    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+{
+	ECDH_DATA *ecdh;
+
+	if ((ecdh = ecdh_check(eckey)) == NULL)
+		return 0;
+	return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+}
+
+int
+ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+    EC_KEY *eckey,
+    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+{
+	if (eckey->meth->compute_key != NULL)
+		return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+	ECerror(EC_R_NOT_IMPLEMENTED);
+	return 0;
+}

crypto/ecdh/ech_lib.c

@@ -0,0 +1,244 @@
+/* $OpenBSD: ech_lib.c,v 1.16 2023/04/25 19:26:45 tb Exp $ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+
+#include "ec_local.h"
+#include "ech_local.h"
+
+static const ECDH_METHOD *default_ECDH_method = NULL;
+
+static void *ecdh_data_new(void);
+static void *ecdh_data_dup(void *);
+static void  ecdh_data_free(void *);
+
+void
+ECDH_set_default_method(const ECDH_METHOD *meth)
+{
+	default_ECDH_method = meth;
+}
+
+const ECDH_METHOD *
+ECDH_get_default_method(void)
+{
+	if (!default_ECDH_method) {
+		default_ECDH_method = ECDH_OpenSSL();
+	}
+	return default_ECDH_method;
+}
+
+int
+ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
+{
+	ECDH_DATA *ecdh;
+
+	ecdh = ecdh_check(eckey);
+
+	if (ecdh == NULL)
+		return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+	ENGINE_finish(ecdh->engine);
+	ecdh->engine = NULL;
+#endif
+	ecdh->meth = meth;
+	return 1;
+}
+
+static ECDH_DATA *
+ECDH_DATA_new_method(ENGINE *engine)
+{
+	ECDH_DATA *ret;
+
+	ret = malloc(sizeof(ECDH_DATA));
+	if (ret == NULL) {
+		ECDHerror(ERR_R_MALLOC_FAILURE);
+		return (NULL);
+	}
+
+	ret->init = NULL;
+
+	ret->meth = ECDH_get_default_method();
+	ret->engine = engine;
+#ifndef OPENSSL_NO_ENGINE
+	if (!ret->engine)
+		ret->engine = ENGINE_get_default_ECDH();
+	if (ret->engine) {
+		ret->meth = ENGINE_get_ECDH(ret->engine);
+		if (ret->meth == NULL) {
+			ECDHerror(ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			free(ret);
+			return NULL;
+		}
+	}
+#endif
+
+	ret->flags = ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+	return (ret);
+}
+
+static void *
+ecdh_data_new(void)
+{
+	return (void *)ECDH_DATA_new_method(NULL);
+}
+
+static void *
+ecdh_data_dup(void *data)
+{
+	ECDH_DATA *r = (ECDH_DATA *)data;
+
+	/* XXX: dummy operation */
+	if (r == NULL)
+		return NULL;
+
+	return (void *)ecdh_data_new();
+}
+
+void
+ecdh_data_free(void *data)
+{
+	ECDH_DATA *r = (ECDH_DATA *)data;
+
+#ifndef OPENSSL_NO_ENGINE
+	ENGINE_finish(r->engine);
+#endif
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+
+	freezero(r, sizeof(ECDH_DATA));
+}
+
+ECDH_DATA *
+ecdh_check(EC_KEY *key)
+{
+	ECDH_DATA *ecdh_data;
+
+	void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
+	    ecdh_data_free, ecdh_data_free);
+	if (data == NULL) {
+		ecdh_data = (ECDH_DATA *)ecdh_data_new();
+		if (ecdh_data == NULL)
+			return NULL;
+		data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+		    ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+		if (data != NULL) {
+			/* Another thread raced us to install the key_method
+			 * data and won. */
+			ecdh_data_free(ecdh_data);
+			ecdh_data = (ECDH_DATA *)data;
+		}
+	} else
+		ecdh_data = (ECDH_DATA *)data;
+
+	return ecdh_data;
+}
+
+int
+ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+	    new_func, dup_func, free_func);
+}
+
+int
+ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
+{
+	ECDH_DATA *ecdh;
+	ecdh = ecdh_check(d);
+	if (ecdh == NULL)
+		return 0;
+	return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg));
+}
+
+void *
+ECDH_get_ex_data(EC_KEY *d, int idx)
+{
+	ECDH_DATA *ecdh;
+	ecdh = ecdh_check(d);
+	if (ecdh == NULL)
+		return NULL;
+	return (CRYPTO_get_ex_data(&ecdh->ex_data, idx));
+}
+
+int
+ECDH_size(const EC_KEY *d)
+{
+	return ((EC_GROUP_get_degree(EC_KEY_get0_group(d)) + 7) / 8);
+}

crypto/ecdh/ech_local.h

@@ -0,0 +1,99 @@
+/* $OpenBSD: ech_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ECH_LOCAL_H
+#define HEADER_ECH_LOCAL_H
+
+#include <openssl/ecdh.h>
+
+__BEGIN_HIDDEN_DECLS
+
+struct ecdh_method {
+	const char *name;
+	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+	    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+	int flags;
+	char *app_data;
+};
+
+/* If this flag is set the ECDH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDH_FLAG_FIPS_METHOD	0x1
+
+typedef struct ecdh_data_st {
+	/* EC_KEY_METH_DATA part */
+	int (*init)(EC_KEY *);
+	/* method specific part */
+	ENGINE	*engine;
+	int	flags;
+	const ECDH_METHOD *meth;
+	CRYPTO_EX_DATA ex_data;
+} ECDH_DATA;
+
+ECDH_DATA *ecdh_check(EC_KEY *);
+
+/*
+ * ECDH Key Derivation Function as defined in ANSI X9.63.
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z,
+    size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md);
+
+__END_HIDDEN_DECLS
+
+#endif /* !HEADER_ECH_LOCAL_H */