1 files changed, 21 insertions, 8 deletions
diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c
index bac5b6e28d..5efb49ba59 100644
--- a/src/lib/libcrypto/ecdh/ech_key.c
+++ b/src/lib/libcrypto/ecdh/ech_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_key.c,v 1.32 2023/07/02 11:29:36 tb Exp $ */
+/* $OpenBSD: ech_key.c,v 1.33 2023/07/05 08:39:40 tb Exp $ */
 /* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
@@ -85,12 +85,11 @@
 */
 /* XXX - KDF handling moved to ECDH_compute_key().  See OpenSSL e2285d87. */
 int
-ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-    EC_KEY *ecdh,
    void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
 {
        BN_CTX *ctx;
-        BIGNUM *x;
+        BIGNUM *cofactor, *x;
        const BIGNUM *priv_key;
        const EC_GROUP *group;
        EC_POINT *point = NULL;
@@ -111,11 +110,8 @@ ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
        if ((x = BN_CTX_get(ctx)) == NULL)
                goto err;
+        if ((cofactor = BN_CTX_get(ctx)) == NULL)
-        if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) {
-                ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
                goto err;
-        }
        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
                goto err;
@@ -128,6 +124,23 @@ ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                goto err;
        }
+        if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) {
+                ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
+                goto err;
+        }
+        if ((EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) != 0) {
+                if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
+                        ECDHerror(ERR_R_EC_LIB);
+                        goto err;
+                }
+                if (!BN_mul(cofactor, cofactor, priv_key, ctx)) {
+                        ECDHerror(ERR_R_BN_LIB);
+                        goto err;
+                }
+                priv_key = cofactor;
+        }
        if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) {
                ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
                goto err;

diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c index bac5b6e28d..5efb49ba59 100644 --- a/src/lib/libcrypto/ecdh/ech_key.c +++ b/src/lib/libcrypto/ecdh/ech_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ech_key.c,v 1.32 2023/07/02 11:29:36 tb Exp $ */	1	/* $OpenBSD: ech_key.c,v 1.33 2023/07/05 08:39:40 tb Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.	3	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4	*	4	*
@@ -85,12 +85,11 @@
85	*/	85	*/
86	/* XXX - KDF handling moved to ECDH_compute_key(). See OpenSSL e2285d87. */	86	/* XXX - KDF handling moved to ECDH_compute_key(). See OpenSSL e2285d87. */
87	int	87	int
88	ossl_ecdh_compute_key(void out, size_t outlen, const EC_POINT pub_key,	88	ecdh_compute_key(void out, size_t outlen, const EC_POINT pub_key, EC_KEY *ecdh,
89	EC_KEY *ecdh,
90	void (KDF)(const void in, size_t inlen, void out, size_t *outlen))	89	void (KDF)(const void in, size_t inlen, void out, size_t *outlen))
91	{	90	{
92	BN_CTX *ctx;	91	BN_CTX *ctx;
93	BIGNUM *x;	92	BIGNUM cofactor, x;
94	const BIGNUM *priv_key;	93	const BIGNUM *priv_key;
95	const EC_GROUP *group;	94	const EC_GROUP *group;
96	EC_POINT *point = NULL;	95	EC_POINT *point = NULL;
@@ -111,11 +110,8 @@ ossl_ecdh_compute_key(void out, size_t outlen, const EC_POINT pub_key,
111		110
112	if ((x = BN_CTX_get(ctx)) == NULL)	111	if ((x = BN_CTX_get(ctx)) == NULL)
113	goto err;	112	goto err;
114		113	if ((cofactor = BN_CTX_get(ctx)) == NULL)
115	if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) {
116	ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
117	goto err;	114	goto err;
118	}
119		115
120	if ((group = EC_KEY_get0_group(ecdh)) == NULL)	116	if ((group = EC_KEY_get0_group(ecdh)) == NULL)
121	goto err;	117	goto err;
@@ -128,6 +124,23 @@ ossl_ecdh_compute_key(void out, size_t outlen, const EC_POINT pub_key,
128	goto err;	124	goto err;
129	}	125	}
130		126
		127	if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) {
		128	ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
		129	goto err;
		130	}
		131
		132	if ((EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) != 0) {
		133	if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
		134	ECDHerror(ERR_R_EC_LIB);
		135	goto err;
		136	}
		137	if (!BN_mul(cofactor, cofactor, priv_key, ctx)) {
		138	ECDHerror(ERR_R_BN_LIB);
		139	goto err;
		140	}
		141	priv_key = cofactor;
		142	}
		143
131	if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) {	144	if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) {
132	ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);	145	ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
133	goto err;	146	goto err;