Add support for X9.62 KDF.

Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5dbc05c7359d1d7f472d50d65a9d876b7e)

5 files changed, 364 insertions, 6 deletions

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 4571152555..6c9e2cef46 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -971,8 +971,69 @@ int	EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 				EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
 				EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
 
+#define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)
+
+#define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)
+
+#define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)
+
+#define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)
+
+#define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md)
+
+#define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd)
+
+#define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)
+
+#define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+			EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen)
+
+#define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p)
+
+#define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p)
+
 #define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID		(EVP_PKEY_ALG_CTRL + 1)
 #define EVP_PKEY_CTRL_EC_PARAM_ENC			(EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR			(EVP_PKEY_ALG_CTRL + 3)
+#define EVP_PKEY_CTRL_EC_KDF_TYPE			(EVP_PKEY_ALG_CTRL + 4)
+#define EVP_PKEY_CTRL_EC_KDF_MD				(EVP_PKEY_ALG_CTRL + 5)
+#define EVP_PKEY_CTRL_GET_EC_KDF_MD			(EVP_PKEY_ALG_CTRL + 6)
+#define EVP_PKEY_CTRL_EC_KDF_OUTLEN			(EVP_PKEY_ALG_CTRL + 7)
+#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN			(EVP_PKEY_ALG_CTRL + 8)
+#define EVP_PKEY_CTRL_EC_KDF_UKM			(EVP_PKEY_ALG_CTRL + 9)
+#define EVP_PKEY_CTRL_GET_EC_KDF_UKM			(EVP_PKEY_ALG_CTRL + 10)
+/* KDF types */
+#define EVP_PKEY_ECDH_KDF_NONE				1
+#define EVP_PKEY_ECDH_KDF_X9_62				2
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -989,6 +1050,8 @@ void ERR_load_EC_strings(void);
 #define EC_F_D2I_ECPKPARAMETERS				 145
 #define EC_F_D2I_ECPRIVATEKEY				 146
 #define EC_F_DO_EC_KEY_PRINT				 221
+#define EC_F_ECDH_CMS_DECRYPT				 238
+#define EC_F_ECDH_CMS_SET_SHARED_INFO			 239
 #define EC_F_ECKEY_PARAM2TYPE				 223
 #define EC_F_ECKEY_PARAM_DECODE				 212
 #define EC_F_ECKEY_PRIV_DECODE				 213
@@ -1147,6 +1210,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_PENTANOMIAL_BASIS			 132
 #define EC_R_INVALID_PRIVATE_KEY			 123
 #define EC_R_INVALID_TRINOMIAL_BASIS			 137
+#define EC_R_KDF_PARAMETER_ERROR			 148
 #define EC_R_KEYS_NOT_SET				 140
 #define EC_R_MISSING_PARAMETERS				 124
 #define EC_R_MISSING_PRIVATE_KEY			 125
@@ -1157,9 +1221,11 @@ void ERR_load_EC_strings(void);
 #define EC_R_NO_FIELD_MOD				 133
 #define EC_R_NO_PARAMETERS_SET				 139
 #define EC_R_PASSED_NULL_PARAMETER			 134
+#define EC_R_PEER_KEY_ERROR				 149
 #define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
 #define EC_R_POINT_AT_INFINITY				 106
 #define EC_R_POINT_IS_NOT_ON_CURVE			 107
+#define EC_R_SHARED_INFO_ERROR				 150
 #define EC_R_SLOT_FULL					 108
 #define EC_R_UNDEFINED_GENERATOR			 113
 #define EC_R_UNDEFINED_ORDER				 128
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 4110d5e4f0..689a173468 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -60,6 +60,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/ec.h>
+#include "ec_lcl.h"
 #include <openssl/ecdsa.h>
 #include <openssl/evp.h>
 #include "evp_locl.h"
@@ -72,6 +73,20 @@ typedef struct
 	EC_GROUP *gen_group;
 	/* message digest */
 	const EVP_MD *md;
+	/* Duplicate key if custom cofactor needed */
+	EC_KEY *co_key;
+	/* Cofactor mode */
+	char cofactor_mode;
+	/* KDF (if any) to use for ECDH */
+	char kdf_type;
+	/* Message digest to use for key derivation */
+	const EVP_MD *kdf_md;
+	/* User key material */
+	unsigned char *kdf_ukm;
+	size_t kdf_ukmlen;
+	/* KDF output length */
+	size_t kdf_outlen;
+
 	} EC_PKEY_CTX;
 
 static int pkey_ec_init(EVP_PKEY_CTX *ctx)
@@ -83,6 +98,14 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx)
 	dctx->gen_group = NULL;
 	dctx->md = NULL;
 
+	dctx->cofactor_mode = -1;
+	dctx->co_key = NULL;
+	dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
+	dctx->kdf_md = NULL;
+	dctx->kdf_outlen = 0;
+	dctx->kdf_ukm = NULL;
+	dctx->kdf_ukmlen = 0;
+
 	ctx->data = dctx;
 
 	return 1;
@@ -102,6 +125,25 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 			return 0;
 		}
 	dctx->md = sctx->md;
+
+	if (sctx->co_key)
+		{
+		dctx->co_key = EC_KEY_dup(sctx->co_key);
+		if (!dctx->co_key)
+			return 0;
+		}
+	dctx->kdf_type = sctx->kdf_type;
+	dctx->kdf_md = sctx->kdf_md;
+	dctx->kdf_outlen = sctx->kdf_outlen;
+	if (sctx->kdf_ukm)
+		{
+		dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+		if (!dctx->kdf_ukm)
+			return 0;
+		}
+	else
+		dctx->kdf_ukm = NULL;
+	dctx->kdf_ukmlen = sctx->kdf_ukmlen;
 	return 1;
 	}
 
@@ -112,6 +154,10 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
 		{
 		if (dctx->gen_group)
 			EC_GROUP_free(dctx->gen_group);
+		if (dctx->co_key)
+			EC_KEY_free(dctx->co_key);
+		if (dctx->kdf_ukm)
+			OPENSSL_free(dctx->kdf_ukm);
 		OPENSSL_free(dctx);
 		}
 	}
@@ -172,20 +218,23 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 	int ret;
 	size_t outlen;
 	const EC_POINT *pubkey = NULL;
+	EC_KEY *eckey;
+	EC_PKEY_CTX *dctx = ctx->data;
 	if (!ctx->pkey || !ctx->peerkey)
 		{
 		ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
 		return 0;
 		}
 
+	eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
+
 	if (!key)
 		{
 		const EC_GROUP *group;
-		group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
+		group = EC_KEY_get0_group(eckey);
 		*keylen = (EC_GROUP_get_degree(group) + 7)/8;
 		return 1;
 		}
-
 	pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
 
 	/* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
@@ -194,13 +243,52 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 
 	outlen = *keylen;
 		
-	ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0);
+	ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
 	if (ret < 0)
 		return ret;
 	*keylen = ret;
 	return 1;
 	}
 
+static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
+				unsigned char *key, size_t *keylen)
+	{
+	EC_PKEY_CTX *dctx = ctx->data;
+	unsigned char *ktmp = NULL;
+	size_t ktmplen;
+	int rv = 0;
+	if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE)
+		return pkey_ec_derive(ctx, key, keylen);
+	if (!key)
+		{
+		*keylen = dctx->kdf_outlen;
+		return 1;
+		}
+	if (*keylen != dctx->kdf_outlen)
+		return 0;
+	if (!pkey_ec_derive(ctx, NULL, &ktmplen))
+		return 0;
+	ktmp = OPENSSL_malloc(ktmplen);
+	if (!ktmp)
+		return 0;
+	if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
+		goto err;
+	/* Do KDF stuff */
+	if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, 
+				dctx->kdf_ukm, dctx->kdf_ukmlen,
+				dctx->kdf_md))
+		goto err;
+	rv = 1;
+
+	err:
+	if (ktmp)
+		{
+		OPENSSL_cleanse(ktmp, ktmplen);
+		OPENSSL_free(ktmp);
+		}
+	return rv;
+	}
+
 static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 	{
 	EC_PKEY_CTX *dctx = ctx->data;
@@ -228,6 +316,89 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
 		return 1;
 
+		case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
+		if (p1 == -2)
+			{
+			if (dctx->co_key)
+				return dctx->cofactor_mode;
+			else
+				{
+				EC_KEY *ec_key = ctx->pkey->pkey.ec;
+				return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
+				}
+			}
+		else if (p1 < -1 || p1 > 1)
+			return -2;
+		dctx->cofactor_mode = p1;
+		if (p1 != -1)
+			{
+			EC_KEY *ec_key = ctx->pkey->pkey.ec;
+			if (!ec_key->group)
+				return -2;
+			/* If cofactor is 1 cofactor mode does nothing */
+			if (BN_is_one(&ec_key->group->cofactor))
+				return 1;
+			if (!dctx->co_key)
+				{
+				dctx->co_key = EC_KEY_dup(ec_key);
+				if (!dctx->co_key)
+					return 0;
+				}
+			if (p1)
+				EC_KEY_set_flags(dctx->co_key,
+							EC_FLAG_COFACTOR_ECDH);
+			else
+				EC_KEY_clear_flags(dctx->co_key,
+							EC_FLAG_COFACTOR_ECDH);
+			}
+		else if (dctx->co_key)
+			{
+			EC_KEY_free(dctx->co_key);
+			dctx->co_key = NULL;
+			}
+		return 1;
+
+		case EVP_PKEY_CTRL_EC_KDF_TYPE:
+		if (p1 == -2)
+			return dctx->kdf_type;
+		if (p1 != EVP_PKEY_ECDH_KDF_NONE &&
+		    p1 != EVP_PKEY_ECDH_KDF_X9_62)
+			return -2;
+		dctx->kdf_type = p1;
+		return 1;
+
+		case EVP_PKEY_CTRL_EC_KDF_MD:
+		dctx->kdf_md = p2;
+		return 1;
+
+		case EVP_PKEY_CTRL_GET_EC_KDF_MD:
+		*(const EVP_MD **)p2 = dctx->kdf_md;
+		return 1;
+
+		case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
+		if (p1 <= 0)
+			return -2;
+		dctx->kdf_outlen = (size_t)p1;
+		return 1;
+
+		case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
+		*(int *)p2 = dctx->kdf_outlen;
+		return 1;
+
+		case EVP_PKEY_CTRL_EC_KDF_UKM:
+		if (dctx->kdf_ukm)
+			OPENSSL_free(dctx->kdf_ukm);
+		dctx->kdf_ukm = p2;
+		if (p2)
+			dctx->kdf_ukmlen = p1;
+		else
+			dctx->kdf_ukmlen = 0;
+		return 1;
+
+		case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
+		*(unsigned char **)p2 = dctx->kdf_ukm;
+		return dctx->kdf_ukmlen;
+
 		case EVP_PKEY_CTRL_MD:
 		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
@@ -369,7 +540,7 @@ const EVP_PKEY_METHOD ec_pkey_meth =
 	0,0,
 
 	0,
-	pkey_ec_derive,
+	pkey_ec_kdf_derive,
 
 	pkey_ec_ctrl,
 	pkey_ec_ctrl_str
diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile
index ba05fea05c..0de446d27b 100644
--- a/crypto/ecdh/Makefile
+++ b/crypto/ecdh/Makefile
@@ -17,9 +17,9 @@ TEST=ecdhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c
+LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_kdf.c
 
-LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o
+LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o ech_kdf.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
index 8887102c0b..98c6cdf9be 100644
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -99,6 +99,11 @@ int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
 int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
 void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
 
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, 
+		const unsigned char *Z, size_t Zlen,
+		const unsigned char *sinfo, size_t sinfolen,
+		const EVP_MD *md);
+
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c
new file mode 100644
index 0000000000..84bf108b90
--- /dev/null
+++ b/crypto/ecdh/ech_kdf.c
@@ -0,0 +1,116 @@
+/* crypto/ecdh/ec_kdf.c */
+/*
+ * Written by Stephen Henson for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/ecdh.h>
+#include <openssl/evp.h>
+
+
+/* Key derivation function from X9.62/SECG */
+
+#define ECDH_KDF_MAX	(1L << 31)
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, 
+		const unsigned char *Z, size_t Zlen,
+		const unsigned char *sinfo, size_t sinfolen,
+		const EVP_MD *md)
+	{
+	EVP_MD_CTX mctx;
+	int rv = 0;
+	unsigned int i;
+	size_t mdlen;
+	unsigned char ctr[4];
+	if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX)
+		return 0;
+	mdlen = EVP_MD_size(md);
+	EVP_MD_CTX_init(&mctx);
+	for (i = 1;;i++)
+		{
+		unsigned char mtmp[EVP_MAX_MD_SIZE];
+		EVP_DigestInit_ex(&mctx, md, NULL);
+		ctr[3] = i & 0xFF;
+		ctr[2] = (i >> 8) & 0xFF;
+		ctr[1] = (i >> 16) & 0xFF;
+		ctr[0] = (i >> 24) & 0xFF;
+		if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+			goto err;
+		if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)))
+			goto err;
+		if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen))
+			goto err;
+		if (outlen > mdlen)
+			{
+			if (!EVP_DigestFinal(&mctx, out, NULL))
+				goto err;
+			outlen -= mdlen;
+			if (outlen == 0)
+				break;
+			out += mdlen;
+			}
+		else
+			{
+			if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+				goto err;
+			memcpy(out, mtmp, outlen);
+			OPENSSL_cleanse(mtmp, mdlen);
+			break;
+			}
+		}
+	rv = 1;
+	err:
+	EVP_MD_CTX_cleanup(&mctx);
+	return rv;
+	}
+