Add support for X9.62 KDF.

Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5dbc05c7359d1d7f472d50d65a9d876b7e)

3 files changed, 123 insertions, 2 deletions

diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile
index ba05fea05c..0de446d27b 100644
--- a/crypto/ecdh/Makefile
+++ b/crypto/ecdh/Makefile
@@ -17,9 +17,9 @@ TEST=ecdhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c
+LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_kdf.c
 
-LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o
+LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o ech_kdf.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
index 8887102c0b..98c6cdf9be 100644
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -99,6 +99,11 @@ int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
 int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
 void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
 
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, 
+		const unsigned char *Z, size_t Zlen,
+		const unsigned char *sinfo, size_t sinfolen,
+		const EVP_MD *md);
+
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c
new file mode 100644
index 0000000000..84bf108b90
--- /dev/null
+++ b/crypto/ecdh/ech_kdf.c
@@ -0,0 +1,116 @@
+/* crypto/ecdh/ec_kdf.c */
+/*
+ * Written by Stephen Henson for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/ecdh.h>
+#include <openssl/evp.h>
+
+
+/* Key derivation function from X9.62/SECG */
+
+#define ECDH_KDF_MAX	(1L << 31)
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, 
+		const unsigned char *Z, size_t Zlen,
+		const unsigned char *sinfo, size_t sinfolen,
+		const EVP_MD *md)
+	{
+	EVP_MD_CTX mctx;
+	int rv = 0;
+	unsigned int i;
+	size_t mdlen;
+	unsigned char ctr[4];
+	if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX)
+		return 0;
+	mdlen = EVP_MD_size(md);
+	EVP_MD_CTX_init(&mctx);
+	for (i = 1;;i++)
+		{
+		unsigned char mtmp[EVP_MAX_MD_SIZE];
+		EVP_DigestInit_ex(&mctx, md, NULL);
+		ctr[3] = i & 0xFF;
+		ctr[2] = (i >> 8) & 0xFF;
+		ctr[1] = (i >> 16) & 0xFF;
+		ctr[0] = (i >> 24) & 0xFF;
+		if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+			goto err;
+		if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)))
+			goto err;
+		if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen))
+			goto err;
+		if (outlen > mdlen)
+			{
+			if (!EVP_DigestFinal(&mctx, out, NULL))
+				goto err;
+			outlen -= mdlen;
+			if (outlen == 0)
+				break;
+			out += mdlen;
+			}
+		else
+			{
+			if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+				goto err;
+			memcpy(out, mtmp, outlen);
+			OPENSSL_cleanse(mtmp, mdlen);
+			break;
+			}
+		}
+	rv = 1;
+	err:
+	EVP_MD_CTX_cleanup(&mctx);
+	return rv;
+	}
+