Add the ability to set PKCS#3 DH padding in providers

This also adds the ability to set arbitrary parameters on key exchange algorithms. The ability to pad the output is one such parameter for DH. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9266)
author: Matt Caswell <matt@openssl.org> 2019-06-27 16:37:44 +0100
committer: Matt Caswell <matt@openssl.org> 2019-07-16 10:16:32 +0100
commit: 35aca9eccbaf0abbd0d7f350e199a7c97274845a (patch)
tree: d3c32308bc57ed087f788e133ce1b1a62e5af5c9 /include
parent: 94b40fb77c4e345526c2aff1d8f8b9186fb4a179 (diff)
4 files changed, 9 insertions, 3 deletions
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 143668a0b9..d1ba624d65 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -65,6 +65,10 @@ extern "C" {
 #define OSSL_PKEY_PARAM_DH_PUB_KEY   "dh-pub"
 #define OSSL_PKEY_PARAM_DH_PRIV_KEY  "dh-priv"
 
+/* Key Exchange parameters */
+
+#define OSSL_EXCHANGE_PARAM_PAD           "exchange-pad"
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index 0a61c21bf7..c5892431e4 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -239,6 +239,7 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx,
 # define OSSL_FUNC_KEYEXCH_SET_PEER                    4
 # define OSSL_FUNC_KEYEXCH_FREECTX                     5
 # define OSSL_FUNC_KEYEXCH_DUPCTX                      6
+# define OSSL_FUNC_KEYEXCH_SET_PARAMS                  7
 
 OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx,
@@ -249,6 +250,8 @@ OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx,
                                                OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx))
 OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx))
+OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_params, (void *ctx,
+                                                 OSSL_PARAM params[]))
 
 # ifdef __cplusplus
 }
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 18858ebf20..e96c81154d 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -253,9 +253,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm,
                         EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
                         EVP_PKEY_CTRL_DH_NID, nid, NULL)
 
-# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
-                          EVP_PKEY_CTRL_DH_PAD, pad, NULL)
+int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
 
 # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index a2cb66aaf3..377b4b16c0 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1416,6 +1416,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
 
+int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
                       int cmd, int p1, void *p2);
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
author	Matt Caswell <matt@openssl.org>	2019-06-27 16:37:44 +0100
committer	Matt Caswell <matt@openssl.org>	2019-07-16 10:16:32 +0100
commit	35aca9eccbaf0abbd0d7f350e199a7c97274845a (patch)
tree	d3c32308bc57ed087f788e133ce1b1a62e5af5c9 /include
parent	94b40fb77c4e345526c2aff1d8f8b9186fb4a179 (diff)