[thirdparty/openssl.git] / crypto / evp / exchange.c

/*
 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include "internal/refcount.h"
#include "crypto/evp.h"
#include "internal/provider.h"
#include "internal/numbers.h"   /* includes SIZE_MAX */
#include "evp_local.h"

static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
{
    EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));

    if (exchange == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    exchange->lock = CRYPTO_THREAD_lock_new();
    if (exchange->lock == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
        OPENSSL_free(exchange);
        return NULL;
    }
    exchange->prov = prov;
    ossl_provider_up_ref(prov);
    exchange->refcnt = 1;

    return exchange;
}

static void *evp_keyexch_from_algorithm(int name_id,
                                        const OSSL_ALGORITHM *algodef,
                                        OSSL_PROVIDER *prov)
{
    const OSSL_DISPATCH *fns = algodef->implementation;
    EVP_KEYEXCH *exchange = NULL;
    int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;

    if ((exchange = evp_keyexch_new(prov)) == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    exchange->name_id = name_id;
    exchange->description = algodef->algorithm_description;

    for (; fns->function_id != 0; fns++) {
        switch (fns->function_id) {
        case OSSL_FUNC_KEYEXCH_NEWCTX:
            if (exchange->newctx != NULL)
                break;
            exchange->newctx = OSSL_FUNC_keyexch_newctx(fns);
            fncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_INIT:
            if (exchange->init != NULL)
                break;
            exchange->init = OSSL_FUNC_keyexch_init(fns);
            fncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_SET_PEER:
            if (exchange->set_peer != NULL)
                break;
            exchange->set_peer = OSSL_FUNC_keyexch_set_peer(fns);
            break;
        case OSSL_FUNC_KEYEXCH_DERIVE:
            if (exchange->derive != NULL)
                break;
            exchange->derive = OSSL_FUNC_keyexch_derive(fns);
            fncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_FREECTX:
            if (exchange->freectx != NULL)
                break;
            exchange->freectx = OSSL_FUNC_keyexch_freectx(fns);
            fncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_DUPCTX:
            if (exchange->dupctx != NULL)
                break;
            exchange->dupctx = OSSL_FUNC_keyexch_dupctx(fns);
            break;
        case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
            if (exchange->get_ctx_params != NULL)
                break;
            exchange->get_ctx_params = OSSL_FUNC_keyexch_get_ctx_params(fns);
            gparamfncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
            if (exchange->gettable_ctx_params != NULL)
                break;
            exchange->gettable_ctx_params
                = OSSL_FUNC_keyexch_gettable_ctx_params(fns);
            gparamfncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
            if (exchange->set_ctx_params != NULL)
                break;
            exchange->set_ctx_params = OSSL_FUNC_keyexch_set_ctx_params(fns);
            sparamfncnt++;
            break;
        case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
            if (exchange->settable_ctx_params != NULL)
                break;
            exchange->settable_ctx_params
                = OSSL_FUNC_keyexch_settable_ctx_params(fns);
            sparamfncnt++;
            break;
        }
    }
    if (fncnt != 4
            || (gparamfncnt != 0 && gparamfncnt != 2)
            || (sparamfncnt != 0 && sparamfncnt != 2)) {
        /*
         * In order to be a consistent set of functions we must have at least
         * a complete set of "exchange" functions: init, derive, newctx,
         * and freectx. The set_ctx_params and settable_ctx_params functions are
         * optional, but if one of them is present then the other one must also
         * be present. Same goes for get_ctx_params and gettable_ctx_params.
         * The dupctx and set_peer functions are optional.
         */
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
        goto err;
    }

    return exchange;

 err:
    EVP_KEYEXCH_free(exchange);
    return NULL;
}

void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
{
    int i;

    if (exchange == NULL)
        return;
    CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
    if (i > 0)
        return;
    ossl_provider_free(exchange->prov);
    CRYPTO_THREAD_lock_free(exchange->lock);
    OPENSSL_free(exchange);
}

int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
{
    int ref = 0;

    CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
    return 1;
}

OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange)
{
    return exchange->prov;
}

EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                               const char *properties)
{
    return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
                             evp_keyexch_from_algorithm,
                             (int (*)(void *))EVP_KEYEXCH_up_ref,
                             (void (*)(void *))EVP_KEYEXCH_free);
}

int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
{
    return EVP_PKEY_derive_init_ex(ctx, NULL);
}

int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
{
    int ret;
    void *provkey = NULL;
    EVP_KEYEXCH *exchange = NULL;
    EVP_KEYMGMT *tmp_keymgmt = NULL;
    const char *supported_exch = NULL;

    if (ctx == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
        return -2;
    }

    evp_pkey_ctx_free_old_ops(ctx);
    ctx->operation = EVP_PKEY_OP_DERIVE;

    /*
     * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
     * calls can be removed.
     */
    ERR_set_mark();

    if (evp_pkey_ctx_is_legacy(ctx))
        goto legacy;

    /*
     * Ensure that the key is provided, either natively, or as a cached export.
     * If not, goto legacy
     */
    tmp_keymgmt = ctx->keymgmt;
    if (ctx->pkey == NULL) {
        /*
         * Some algorithms (e.g. legacy KDFs) don't have a pkey - so we create
         * a blank one.
         */
        EVP_PKEY *pkey = EVP_PKEY_new();

        if (pkey == NULL || !EVP_PKEY_set_type_by_keymgmt(pkey, tmp_keymgmt)) {
            ERR_clear_last_mark();
            EVP_PKEY_free(pkey);
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
            goto err;
        }
        provkey = pkey->keydata = evp_keymgmt_newdata(tmp_keymgmt);
        if (provkey == NULL)
            EVP_PKEY_free(pkey);
        else
            ctx->pkey = pkey;
    } else {
        provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
                                            &tmp_keymgmt, ctx->propquery);
    }
    if (provkey == NULL)
        goto legacy;
    if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
        ERR_clear_last_mark();
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
        goto err;
    }
    EVP_KEYMGMT_free(ctx->keymgmt);
    ctx->keymgmt = tmp_keymgmt;

    if (ctx->keymgmt->query_operation_name != NULL)
        supported_exch = ctx->keymgmt->query_operation_name(OSSL_OP_KEYEXCH);

    /*
     * If we didn't get a supported exch, assume there is one with the
     * same name as the key type.
     */
    if (supported_exch == NULL)
        supported_exch = ctx->keytype;

    /*
     * Because we cleared out old ops, we shouldn't need to worry about
     * checking if exchange is already there.
     */
    exchange = EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery);

    if (exchange == NULL
        || (EVP_KEYMGMT_provider(ctx->keymgmt)
            != EVP_KEYEXCH_provider(exchange))) {
        /*
         * We don't need to free ctx->keymgmt here, as it's not necessarily
         * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
         */
        EVP_KEYEXCH_free(exchange);
        goto legacy;
    }

    /*
     * TODO remove this when legacy is gone
     * If we don't have the full support we need with provided methods,
     * let's go see if legacy does.
     */
    ERR_pop_to_mark();

    /* No more legacy from here down to legacy: */

    ctx->op.kex.exchange = exchange;
    ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
    if (ctx->op.kex.exchprovctx == NULL) {
        /* The provider key can stay in the cache */
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
        goto err;
    }
    ret = exchange->init(ctx->op.kex.exchprovctx, provkey, params);

    return ret ? 1 : 0;
 err:
    evp_pkey_ctx_free_old_ops(ctx);
    ctx->operation = EVP_PKEY_OP_UNDEFINED;
    return 0;

 legacy:
    /*
     * TODO remove this when legacy is gone
     * If we don't have the full support we need with provided methods,
     * let's go see if legacy does.
     */
    ERR_pop_to_mark();

#ifdef FIPS_MODULE
    return 0;
#else
    if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    if (ctx->pmeth->derive_init == NULL)
        return 1;
    ret = ctx->pmeth->derive_init(ctx);
    if (ret <= 0)
        ctx->operation = EVP_PKEY_OP_UNDEFINED;
    return ret;
#endif
}

int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
                                int validate_peer)
{
    int ret = 0, check;
    void *provkey = NULL;
    EVP_PKEY_CTX *check_ctx = NULL;

    if (ctx == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
        return -1;
    }

    if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL)
        goto legacy;

    if (ctx->op.kex.exchange->set_peer == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    if (validate_peer) {
        check_ctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, peer, ctx->propquery);
        if (check_ctx == NULL)
            return -1;
        check = EVP_PKEY_public_check(check_ctx);
        EVP_PKEY_CTX_free(check_ctx);
        if (check <= 0)
            return -1;
    }

    provkey = evp_pkey_export_to_provider(peer, ctx->libctx, &ctx->keymgmt,
                                          ctx->propquery);
    /*
     * If making the key provided wasn't possible, legacy may be able to pick
     * it up
     */
    if (provkey == NULL)
        goto legacy;
    return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);

 legacy:
#ifdef FIPS_MODULE
    return ret;
#else
    if (ctx->pmeth == NULL
        || !(ctx->pmeth->derive != NULL
             || ctx->pmeth->encrypt != NULL
             || ctx->pmeth->decrypt != NULL)
        || ctx->pmeth->ctrl == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }
    if (ctx->operation != EVP_PKEY_OP_DERIVE
        && ctx->operation != EVP_PKEY_OP_ENCRYPT
        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
        return -1;
    }

    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);

    if (ret <= 0)
        return ret;

    if (ret == 2)
        return 1;

    if (ctx->pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return -1;
    }

    if (ctx->pkey->type != peer->type) {
        ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
        return -1;
    }

    /*
     * For clarity.  The error is if parameters in peer are
     * present (!missing) but don't match.  EVP_PKEY_parameters_eq may return
     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
     * (different key types) is impossible here because it is checked earlier.
     * -2 is OK for us here, as well as 1, so we can check for 0 only.
     */
    if (!EVP_PKEY_missing_parameters(peer) &&
        !EVP_PKEY_parameters_eq(ctx->pkey, peer)) {
        ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS);
        return -1;
    }

    EVP_PKEY_free(ctx->peerkey);
    ctx->peerkey = peer;

    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);

    if (ret <= 0) {
        ctx->peerkey = NULL;
        return ret;
    }

    EVP_PKEY_up_ref(peer);
    return 1;
#endif
}

int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
{
    return EVP_PKEY_derive_set_peer_ex(ctx, peer, 1);
}

int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
{
    int ret;

    if (ctx == NULL || pkeylen == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
        return -1;
    }

    if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
        return -1;
    }

    if (ctx->op.kex.exchprovctx == NULL)
        goto legacy;

    ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen,
                                       key != NULL ? *pkeylen : 0);

    return ret;
 legacy:
    if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
        return ctx->pmeth->derive(ctx, key, pkeylen);
}

int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch)
{
    return keyexch->name_id;
}

const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch)
{
    return keyexch->description;
}

int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name)
{
    return evp_is_a(keyexch->prov, keyexch->name_id, NULL, name);
}

void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx,
                                 void (*fn)(EVP_KEYEXCH *keyexch, void *arg),
                                 void *arg)
{
    evp_generic_do_all(libctx, OSSL_OP_KEYEXCH,
                       (void (*)(void *, void *))fn, arg,
                       evp_keyexch_from_algorithm,
                       (void (*)(void *))EVP_KEYEXCH_free);
}

int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch,
                             void (*fn)(const char *name, void *data),
                             void *data)
{
    if (keyexch->prov != NULL)
        return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data);

    return 1;
}

const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch)
{
    void *provctx;

    if (keyexch == NULL || keyexch->gettable_ctx_params == NULL)
        return NULL;

    provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch));
    return keyexch->gettable_ctx_params(NULL, provctx);
}

const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch)
{
    void *provctx;

    if (keyexch == NULL || keyexch->settable_ctx_params == NULL)
        return NULL;
    provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch));
    return keyexch->settable_ctx_params(NULL, provctx);
}
Commit	Line	Data
ff64702b	1	/*
4333b89f	2	* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
ff64702b MC	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/crypto.h>
	11	#include <openssl/evp.h>
	12	#include <openssl/err.h>
	13	#include "internal/refcount.h"
25f2138b	14	#include "crypto/evp.h"
ff64702b	15	#include "internal/provider.h"
ac5a61ca	16	#include "internal/numbers.h" /* includes SIZE_MAX */
706457b7	17	#include "evp_local.h"
ff64702b MC	18
	19	static EVP_KEYEXCH evp_keyexch_new(OSSL_PROVIDER prov)
	20	{
	21	EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
	22
c1ff5994 MC	23	if (exchange == NULL) {
	24	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
	25	return NULL;
	26	}
	27
ff64702b MC	28	exchange->lock = CRYPTO_THREAD_lock_new();
ff64702b MC	29	if (exchange->lock == NULL) {
c1ff5994	30	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
ff64702b MC	31	OPENSSL_free(exchange);
	32	return NULL;
	33	}
	34	exchange->prov = prov;
	35	ossl_provider_up_ref(prov);
	36	exchange->refcnt = 1;
	37
	38	return exchange;
	39	}
	40
309a78aa RL	41	static void *evp_keyexch_from_algorithm(int name_id,
	42	const OSSL_ALGORITHM *algodef,
	43	OSSL_PROVIDER *prov)
ff64702b	44	{
309a78aa	45	const OSSL_DISPATCH *fns = algodef->implementation;
ff64702b	46	EVP_KEYEXCH *exchange = NULL;
4fe54d67	47	int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;
ff64702b	48
f7c16d48	49	if ((exchange = evp_keyexch_new(prov)) == NULL) {
3ca9d210 RL	50	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
3ca9d210 RL	51	goto err;
6b9e3724	52	}
ff64702b	53
f7c16d48	54	exchange->name_id = name_id;
309a78aa	55	exchange->description = algodef->algorithm_description;
3ca9d210	56
ff64702b MC	57	for (; fns->function_id != 0; fns++) {
	58	switch (fns->function_id) {
	59	case OSSL_FUNC_KEYEXCH_NEWCTX:
	60	if (exchange->newctx != NULL)
	61	break;
363b1e5d	62	exchange->newctx = OSSL_FUNC_keyexch_newctx(fns);
ff64702b MC	63	fncnt++;
	64	break;
	65	case OSSL_FUNC_KEYEXCH_INIT:
	66	if (exchange->init != NULL)
	67	break;
363b1e5d	68	exchange->init = OSSL_FUNC_keyexch_init(fns);
ff64702b MC	69	fncnt++;
	70	break;
	71	case OSSL_FUNC_KEYEXCH_SET_PEER:
	72	if (exchange->set_peer != NULL)
	73	break;
363b1e5d	74	exchange->set_peer = OSSL_FUNC_keyexch_set_peer(fns);
ff64702b MC	75	break;
	76	case OSSL_FUNC_KEYEXCH_DERIVE:
	77	if (exchange->derive != NULL)
	78	break;
363b1e5d	79	exchange->derive = OSSL_FUNC_keyexch_derive(fns);
ff64702b MC	80	fncnt++;
	81	break;
	82	case OSSL_FUNC_KEYEXCH_FREECTX:
	83	if (exchange->freectx != NULL)
	84	break;
363b1e5d	85	exchange->freectx = OSSL_FUNC_keyexch_freectx(fns);
ff64702b MC	86	fncnt++;
	87	break;
	88	case OSSL_FUNC_KEYEXCH_DUPCTX:
	89	if (exchange->dupctx != NULL)
	90	break;
363b1e5d	91	exchange->dupctx = OSSL_FUNC_keyexch_dupctx(fns);
ff64702b	92	break;
4fe54d67 NT	93	case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
	94	if (exchange->get_ctx_params != NULL)
	95	break;
363b1e5d	96	exchange->get_ctx_params = OSSL_FUNC_keyexch_get_ctx_params(fns);
4fe54d67 NT	97	gparamfncnt++;
	98	break;
	99	case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
	100	if (exchange->gettable_ctx_params != NULL)
	101	break;
	102	exchange->gettable_ctx_params
363b1e5d	103	= OSSL_FUNC_keyexch_gettable_ctx_params(fns);
4fe54d67 NT	104	gparamfncnt++;
4fe54d67 NT	105	break;
9c45222d MC	106	case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
9c45222d MC	107	if (exchange->set_ctx_params != NULL)
35aca9ec	108	break;
363b1e5d	109	exchange->set_ctx_params = OSSL_FUNC_keyexch_set_ctx_params(fns);
4fe54d67	110	sparamfncnt++;
9c45222d MC	111	break;
	112	case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
	113	if (exchange->settable_ctx_params != NULL)
	114	break;
	115	exchange->settable_ctx_params
363b1e5d	116	= OSSL_FUNC_keyexch_settable_ctx_params(fns);
4fe54d67	117	sparamfncnt++;
35aca9ec	118	break;
ff64702b MC	119	}
ff64702b MC	120	}
4fe54d67 NT	121	if (fncnt != 4
	122	\|\| (gparamfncnt != 0 && gparamfncnt != 2)
	123	\|\| (sparamfncnt != 0 && sparamfncnt != 2)) {
ff64702b MC	124	/*
	125	* In order to be a consistent set of functions we must have at least
	126	* a complete set of "exchange" functions: init, derive, newctx,
9c45222d MC	127	* and freectx. The set_ctx_params and settable_ctx_params functions are
9c45222d MC	128	* optional, but if one of them is present then the other one must also
4fe54d67 NT	129	* be present. Same goes for get_ctx_params and gettable_ctx_params.
4fe54d67 NT	130	* The dupctx and set_peer functions are optional.
ff64702b	131	*/
9311d0c4	132	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
3ca9d210	133	goto err;
ff64702b MC	134	}
	135
	136	return exchange;
3ca9d210 RL	137
	138	err:
	139	EVP_KEYEXCH_free(exchange);
3ca9d210	140	return NULL;
ff64702b MC	141	}
	142
	143	void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
	144	{
543e740b RS	145	int i;
	146
	147	if (exchange == NULL)
	148	return;
	149	CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
	150	if (i > 0)
	151	return;
	152	ossl_provider_free(exchange->prov);
	153	CRYPTO_THREAD_lock_free(exchange->lock);
	154	OPENSSL_free(exchange);
ff64702b MC	155	}
	156
	157	int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
	158	{
	159	int ref = 0;
	160
	161	CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
	162	return 1;
	163	}
	164
8b84b075 RL	165	OSSL_PROVIDER EVP_KEYEXCH_provider(const EVP_KEYEXCH exchange)
	166	{
	167	return exchange->prov;
	168	}
	169
b4250010	170	EVP_KEYEXCH EVP_KEYEXCH_fetch(OSSL_LIB_CTX ctx, const char *algorithm,
ff64702b MC	171	const char *properties)
ff64702b MC	172	{
0ddf74bf	173	return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
309a78aa	174	evp_keyexch_from_algorithm,
0ddf74bf RL	175	(int ()(void ))EVP_KEYEXCH_up_ref,
0ddf74bf RL	176	(void ()(void ))EVP_KEYEXCH_free);
ff64702b MC	177	}
ff64702b MC	178
c0e0984f	179	int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
4b58d9b4 P	180	{
	181	return EVP_PKEY_derive_init_ex(ctx, NULL);
	182	}
	183
	184	int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
ff64702b MC	185	{
ff64702b MC	186	int ret;
8b84b075	187	void *provkey = NULL;
c0e0984f	188	EVP_KEYEXCH *exchange = NULL;
f6aa5774 RL	189	EVP_KEYMGMT *tmp_keymgmt = NULL;
f6aa5774 RL	190	const char *supported_exch = NULL;
c0e0984f RL	191
c0e0984f RL	192	if (ctx == NULL) {
6d9a54c6	193	ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
c0e0984f RL	194	return -2;
c0e0984f RL	195	}
ff64702b	196
864b89ce	197	evp_pkey_ctx_free_old_ops(ctx);
ff64702b MC	198	ctx->operation = EVP_PKEY_OP_DERIVE;
ff64702b MC	199
0b9dd384 RL	200	/*
	201	* TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
	202	* calls can be removed.
	203	*/
	204	ERR_set_mark();
	205
f21c9c64	206	if (evp_pkey_ctx_is_legacy(ctx))
ff64702b MC	207	goto legacy;
ff64702b MC	208
3c6ed955 RL	209	/*
3c6ed955 RL	210	* Ensure that the key is provided, either natively, or as a cached export.
ac2d58c7	211	* If not, goto legacy
3c6ed955	212	*/
f6aa5774	213	tmp_keymgmt = ctx->keymgmt;
ac2d58c7 MC	214	if (ctx->pkey == NULL) {
	215	/*
	216	* Some algorithms (e.g. legacy KDFs) don't have a pkey - so we create
	217	* a blank one.
	218	*/
	219	EVP_PKEY *pkey = EVP_PKEY_new();
	220
	221	if (pkey == NULL \|\| !EVP_PKEY_set_type_by_keymgmt(pkey, tmp_keymgmt)) {
	222	ERR_clear_last_mark();
	223	EVP_PKEY_free(pkey);
	224	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
	225	goto err;
	226	}
	227	provkey = pkey->keydata = evp_keymgmt_newdata(tmp_keymgmt);
	228	if (provkey == NULL)
	229	EVP_PKEY_free(pkey);
	230	else
	231	ctx->pkey = pkey;
	232	} else {
	233	provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
	234	&tmp_keymgmt, ctx->propquery);
	235	}
f6aa5774 RL	236	if (provkey == NULL)
	237	goto legacy;
	238	if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
0b9dd384	239	ERR_clear_last_mark();
f6aa5774 RL	240	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
f6aa5774 RL	241	goto err;
c0e0984f	242	}
f6aa5774 RL	243	EVP_KEYMGMT_free(ctx->keymgmt);
	244	ctx->keymgmt = tmp_keymgmt;
	245
	246	if (ctx->keymgmt->query_operation_name != NULL)
	247	supported_exch = ctx->keymgmt->query_operation_name(OSSL_OP_KEYEXCH);
	248
	249	/*
	250	* If we didn't get a supported exch, assume there is one with the
	251	* same name as the key type.
	252	*/
	253	if (supported_exch == NULL)
	254	supported_exch = ctx->keytype;
	255
	256	/*
	257	* Because we cleared out old ops, we shouldn't need to worry about
	258	* checking if exchange is already there.
	259	*/
	260	exchange = EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery);
	261
	262	if (exchange == NULL
c0e0984f RL	263	\|\| (EVP_KEYMGMT_provider(ctx->keymgmt)
c0e0984f RL	264	!= EVP_KEYEXCH_provider(exchange))) {
ff64702b	265	/*
0b9dd384 RL	266	* We don't need to free ctx->keymgmt here, as it's not necessarily
0b9dd384 RL	267	* tied to this operation. It will be freed by EVP_PKEY_CTX_free().
ff64702b	268	*/
c0e0984f RL	269	EVP_KEYEXCH_free(exchange);
c0e0984f RL	270	goto legacy;
ff64702b MC	271	}
ff64702b MC	272
0b9dd384 RL	273	/*
	274	* TODO remove this when legacy is gone
	275	* If we don't have the full support we need with provided methods,
	276	* let's go see if legacy does.
	277	*/
	278	ERR_pop_to_mark();
	279
	280	/* No more legacy from here down to legacy: */
c0e0984f	281
864b89ce	282	ctx->op.kex.exchange = exchange;
864b89ce MC	283	ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
864b89ce MC	284	if (ctx->op.kex.exchprovctx == NULL) {
8b84b075	285	/* The provider key can stay in the cache */
9311d0c4	286	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
ff64702b MC	287	goto err;
ff64702b MC	288	}
4b58d9b4	289	ret = exchange->init(ctx->op.kex.exchprovctx, provkey, params);
ff64702b MC	290
	291	return ret ? 1 : 0;
	292	err:
c7fa9297	293	evp_pkey_ctx_free_old_ops(ctx);
ff64702b MC	294	ctx->operation = EVP_PKEY_OP_UNDEFINED;
	295	return 0;
	296
	297	legacy:
0b9dd384 RL	298	/*
	299	* TODO remove this when legacy is gone
	300	* If we don't have the full support we need with provided methods,
	301	* let's go see if legacy does.
	302	*/
	303	ERR_pop_to_mark();
	304
f844f9eb	305	#ifdef FIPS_MODULE
62f49b90 SL	306	return 0;
62f49b90 SL	307	#else
e0d8523e	308	if (ctx->pmeth == NULL \|\| ctx->pmeth->derive == NULL) {
9311d0c4	309	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ff64702b MC	310	return -2;
	311	}
	312
	313	if (ctx->pmeth->derive_init == NULL)
	314	return 1;
	315	ret = ctx->pmeth->derive_init(ctx);
	316	if (ret <= 0)
	317	ctx->operation = EVP_PKEY_OP_UNDEFINED;
	318	return ret;
62f49b90	319	#endif
ff64702b MC	320	}
ff64702b MC	321
e454a393 SL	322	int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX ctx, EVP_PKEY peer,
e454a393 SL	323	int validate_peer)
ff64702b	324	{
e454a393	325	int ret = 0, check;
8b84b075	326	void *provkey = NULL;
e454a393	327	EVP_PKEY_CTX *check_ctx = NULL;
ff64702b MC	328
ff64702b MC	329	if (ctx == NULL) {
6d9a54c6 TM	330	ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
6d9a54c6 TM	331	return -1;
ff64702b MC	332	}
ff64702b MC	333
864b89ce	334	if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \|\| ctx->op.kex.exchprovctx == NULL)
ff64702b MC	335	goto legacy;
ff64702b MC	336
864b89ce	337	if (ctx->op.kex.exchange->set_peer == NULL) {
9311d0c4	338	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ff64702b MC	339	return -2;
	340	}
	341
e454a393 SL	342	if (validate_peer) {
	343	check_ctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, peer, ctx->propquery);
	344	if (check_ctx == NULL)
	345	return -1;
	346	check = EVP_PKEY_public_check(check_ctx);
	347	EVP_PKEY_CTX_free(check_ctx);
	348	if (check <= 0)
	349	return -1;
	350	}
	351
3c6ed955 RL	352	provkey = evp_pkey_export_to_provider(peer, ctx->libctx, &ctx->keymgmt,
3c6ed955 RL	353	ctx->propquery);
3f7ce7f1 RL	354	/*
	355	* If making the key provided wasn't possible, legacy may be able to pick
	356	* it up
	357	*/
e0d8523e RL	358	if (provkey == NULL)
e0d8523e RL	359	goto legacy;
864b89ce	360	return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
ff64702b MC	361
ff64702b MC	362	legacy:
f844f9eb	363	#ifdef FIPS_MODULE
62f49b90 SL	364	return ret;
62f49b90 SL	365	#else
ff64702b MC	366	if (ctx->pmeth == NULL
	367	\|\| !(ctx->pmeth->derive != NULL
	368	\|\| ctx->pmeth->encrypt != NULL
	369	\|\| ctx->pmeth->decrypt != NULL)
	370	\|\| ctx->pmeth->ctrl == NULL) {
9311d0c4	371	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ff64702b MC	372	return -2;
	373	}
	374	if (ctx->operation != EVP_PKEY_OP_DERIVE
	375	&& ctx->operation != EVP_PKEY_OP_ENCRYPT
	376	&& ctx->operation != EVP_PKEY_OP_DECRYPT) {
bf23b9a1	377	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
ff64702b MC	378	return -1;
	379	}
	380
	381	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
	382
	383	if (ret <= 0)
	384	return ret;
	385
	386	if (ret == 2)
	387	return 1;
	388
	389	if (ctx->pkey == NULL) {
9311d0c4	390	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
ff64702b MC	391	return -1;
	392	}
	393
	394	if (ctx->pkey->type != peer->type) {
9311d0c4	395	ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
ff64702b MC	396	return -1;
	397	}
	398
	399	/*
	400	* For clarity. The error is if parameters in peer are
c74aaa39	401	* present (!missing) but don't match. EVP_PKEY_parameters_eq may return
ff64702b MC	402	* 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
	403	* (different key types) is impossible here because it is checked earlier.
	404	* -2 is OK for us here, as well as 1, so we can check for 0 only.
	405	*/
	406	if (!EVP_PKEY_missing_parameters(peer) &&
c74aaa39	407	!EVP_PKEY_parameters_eq(ctx->pkey, peer)) {
9311d0c4	408	ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS);
ff64702b MC	409	return -1;
	410	}
	411
	412	EVP_PKEY_free(ctx->peerkey);
	413	ctx->peerkey = peer;
	414
	415	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
	416
	417	if (ret <= 0) {
	418	ctx->peerkey = NULL;
	419	return ret;
	420	}
	421
	422	EVP_PKEY_up_ref(peer);
	423	return 1;
62f49b90	424	#endif
ff64702b MC	425	}
ff64702b MC	426
e454a393 SL	427	int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX ctx, EVP_PKEY peer)
	428	{
	429	return EVP_PKEY_derive_set_peer_ex(ctx, peer, 1);
	430	}
	431
ff64702b MC	432	int EVP_PKEY_derive(EVP_PKEY_CTX ctx, unsigned char key, size_t *pkeylen)
	433	{
	434	int ret;
	435
6d9a54c6 TM	436	if (ctx == NULL \|\| pkeylen == NULL) {
	437	ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
	438	return -1;
ff64702b MC	439	}
ff64702b MC	440
864b89ce	441	if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
bf23b9a1	442	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
ff64702b MC	443	return -1;
	444	}
	445
864b89ce	446	if (ctx->op.kex.exchprovctx == NULL)
ff64702b MC	447	goto legacy;
ff64702b MC	448
864b89ce	449	ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen,
6d9a54c6	450	key != NULL ? *pkeylen : 0);
ff64702b MC	451
	452	return ret;
	453	legacy:
6d9a54c6	454	if (ctx->pmeth == NULL \|\| ctx->pmeth->derive == NULL) {
9311d0c4	455	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ff64702b MC	456	return -2;
	457	}
	458
	459	M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
	460	return ctx->pmeth->derive(ctx, key, pkeylen);
	461	}
251e610c	462
506cb0f6 RL	463	int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch)
	464	{
	465	return keyexch->name_id;
	466	}
	467
03888233 RL	468	const char EVP_KEYEXCH_description(const EVP_KEYEXCH keyexch)
	469	{
	470	return keyexch->description;
	471	}
	472
251e610c RL	473	int EVP_KEYEXCH_is_a(const EVP_KEYEXCH keyexch, const char name)
251e610c RL	474	{
e4a1d023	475	return evp_is_a(keyexch->prov, keyexch->name_id, NULL, name);
251e610c RL	476	}
251e610c RL	477
b4250010	478	void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx,
251e610c RL	479	void (fn)(EVP_KEYEXCH keyexch, void *arg),
	480	void *arg)
	481	{
251e610c RL	482	evp_generic_do_all(libctx, OSSL_OP_KEYEXCH,
251e610c RL	483	(void ()(void , void *))fn, arg,
309a78aa	484	evp_keyexch_from_algorithm,
251e610c RL	485	(void ()(void ))EVP_KEYEXCH_free);
251e610c RL	486	}
f651c727	487
d84f5515 MC	488	int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch,
	489	void (fn)(const char name, void *data),
	490	void *data)
f651c727 RL	491	{
f651c727 RL	492	if (keyexch->prov != NULL)
d84f5515 MC	493	return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data);
	494
	495	return 1;
f651c727	496	}
e3efe7a5 SL	497
	498	const OSSL_PARAM EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH keyexch)
	499	{
	500	void *provctx;
	501
	502	if (keyexch == NULL \|\| keyexch->gettable_ctx_params == NULL)
	503	return NULL;
	504
	505	provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch));
fb67126e	506	return keyexch->gettable_ctx_params(NULL, provctx);
e3efe7a5 SL	507	}
	508
	509	const OSSL_PARAM EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH keyexch)
	510	{
	511	void *provctx;
	512
	513	if (keyexch == NULL \|\| keyexch->settable_ctx_params == NULL)
	514	return NULL;
	515	provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch));
fb67126e	516	return keyexch->settable_ctx_params(NULL, provctx);
e3efe7a5	517	}