Add key derivation support.

crypto/dh/dh_pmeth.c

@@ -209,6 +209,8 @@ const EVP_PKEY_METHOD dh_pkey_meth =
 
 	0,0,
 
+	0,0,
+
 	pkey_dh_ctrl,
 	pkey_dh_ctrl_str
 

crypto/dsa/dsa_pmeth.c

@@ -245,6 +245,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth =
 
 	0,0,
 
+	0,0,
+
 	pkey_dsa_ctrl,
 	pkey_dsa_ctrl_str
 

crypto/evp/evp.h

@@ -1016,6 +1016,8 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_PKEY_DECRYPT				 104
 #define EVP_F_EVP_PKEY_DECRYPT_INIT			 138
 #define EVP_F_EVP_PKEY_DECRYPT_OLD			 151
+#define EVP_F_EVP_PKEY_DERIVE				 153
+#define EVP_F_EVP_PKEY_DERIVE_INIT			 154
 #define EVP_F_EVP_PKEY_ENCRYPT				 105
 #define EVP_F_EVP_PKEY_ENCRYPT_INIT			 139
 #define EVP_F_EVP_PKEY_ENCRYPT_OLD			 152

crypto/evp/evp_err.c

@@ -95,6 +95,8 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),	"EVP_PKEY_decrypt"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT),	"EVP_PKEY_decrypt_init"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD),	"EVP_PKEY_decrypt_old"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE),	"EVP_PKEY_DERIVE"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT),	"EVP_PKEY_DERIVE_INIT"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),	"EVP_PKEY_encrypt"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT),	"EVP_PKEY_encrypt_init"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD),	"EVP_PKEY_encrypt_old"},

crypto/evp/evp_locl.h

@@ -241,6 +241,8 @@ struct evp_pkey_ctx_st
 	const EVP_PKEY_METHOD *pmeth;
 	/* Key: may be NULL */
 	EVP_PKEY *pkey;
+	/* Peer key for key agreement, may be NULL */
+	EVP_PKEY *peerkey;
 	/* Actual operation */
 	int operation;
 	/* Algorithm specific data */
@@ -297,6 +299,9 @@ struct evp_pkey_method_st
 	int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
 					const unsigned char *in, int inlen);
 
+	int (*derive_init)(EVP_PKEY_CTX *ctx);
+	int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, int *keylen);
+
 	int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
 	int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
 

crypto/evp/pmeth_fn.c

@@ -243,3 +243,38 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
 	return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
 	}
 
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+	{
+	int ret;
+	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+		{
+		EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+		return -2;
+		}
+	ctx->operation = EVP_PKEY_OP_DERIVE;
+	if (!ctx->pmeth->derive_init)
+		return 1;
+	ret = ctx->pmeth->derive_init(ctx);
+	if (ret <= 0)
+		ctx->operation = EVP_PKEY_OP_UNDEFINED;
+	return ret;
+	}
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, int *pkeylen)
+	{
+	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+		{
+		EVPerr(EVP_F_EVP_PKEY_DERIVE,
+			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+		return -2;
+		}
+	if (ctx->operation != EVP_PKEY_OP_DERIVE)
+		{
+		EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+		return -1;
+		}
+	return ctx->pmeth->derive(ctx, key, pkeylen);
+	}
+

crypto/evp/pmeth_lib.c

@@ -120,6 +120,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
 	ret->pmeth = pmeth;
 	ret->operation = EVP_PKEY_OP_UNDEFINED;
 	ret->pkey = pkey;
+	ret->peerkey = NULL;
 	if (pkey)
 		CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 	ret->data = NULL;

crypto/rsa/rsa_pmeth.c

@@ -524,6 +524,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
 	0,
 	pkey_rsa_decrypt,
 
+	0,0,
+
 	pkey_rsa_ctrl,
 	pkey_rsa_ctrl_str