aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2002-08-09 08:43:04 +0000
committerBodo Möller <bodo@openssl.org>2002-08-09 08:43:04 +0000
commite172d60ddbba3dd37748c8c468064c99213b9e60 (patch)
tree1ededc75b7669b610533758ac42f0ad91f59330b /crypto
parentf8fe7fa4913d34f33fac12181a0fc722ef367238 (diff)
downloadopenssl-e172d60ddbba3dd37748c8c468064c99213b9e60.zip
openssl-e172d60ddbba3dd37748c8c468064c99213b9e60.tar.gz
openssl-e172d60ddbba3dd37748c8c468064c99213b9e60.tar.bz2
Add ECDH support.
Additional changes: - use EC_GROUP_get_degree() in apps/req.c - add ECDSA and ECDH to apps/speed.c - adds support for EC curves over binary fields to ECDSA - new function EC_KEY_up_ref() in crypto/ec/ec_key.c - reorganize crypto/ecdsa/ecdsatest.c - add engine support for ECDH - fix a few bugs in ECDSA engine support Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Makefile.ssl2
-rw-r--r--crypto/asn1/t_pkey.c22
-rw-r--r--crypto/cryptlib.c8
-rw-r--r--crypto/crypto.h9
-rw-r--r--crypto/ec/ec.h1
-rw-r--r--crypto/ec/ec_asn1.c1
-rw-r--r--crypto/ec/ec_key.c22
-rw-r--r--crypto/ecdh/Makefile.ssl121
-rw-r--r--crypto/ecdh/ecdh.h164
-rw-r--r--crypto/ecdh/ecdhtest.c288
-rw-r--r--crypto/ecdh/ech_err.c97
-rw-r--r--crypto/ecdh/ech_key.c92
-rw-r--r--crypto/ecdh/ech_lib.c248
-rw-r--r--crypto/ecdh/ech_ossl.c187
-rw-r--r--crypto/ecdsa/ecdsatest.c210
-rw-r--r--crypto/engine/Makefile.ssl26
-rw-r--r--crypto/engine/eng_fat.c23
-rw-r--r--crypto/engine/eng_int.h6
-rw-r--r--crypto/engine/eng_list.c8
-rw-r--r--crypto/engine/eng_openssl.c11
-rw-r--r--crypto/engine/engine.h22
-rw-r--r--crypto/err/err.h3
-rw-r--r--crypto/err/openssl.ec1
-rw-r--r--crypto/x509/x509.h9
24 files changed, 1438 insertions, 143 deletions
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index 55e970b..42a01e1 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -28,7 +28,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
- bn ec rsa dsa ecdsa dh dso engine aes \
+ bn ec rsa dsa ecdsa ecdh dh dso engine aes \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index fb01e38..873b5d7 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <stdio.h>
#include "cryptlib.h"
@@ -333,10 +338,21 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err;
}
- if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(x)) == NID_X9_62_prime_field)
{
- reason = ERR_R_EC_LIB;
- goto err;
+ if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ }
+ else
+ {
+ if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+ {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
}
if ((point = EC_GROUP_get0_generator(x)) == NULL)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 9a7ed2c..b72f7fb 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <stdio.h>
#include <string.h>
@@ -105,7 +110,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"ui",
"ecdsa",
"ec",
-#if CRYPTO_NUM_LOCKS != 33
+ "ecdh",
+#if CRYPTO_NUM_LOCKS != 34
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 0991cf2..e4d1526 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H
@@ -128,7 +133,8 @@ extern "C" {
#define CRYPTO_LOCK_UI 30
#define CRYPTO_LOCK_ECDSA 31
#define CRYPTO_LOCK_EC 32
-#define CRYPTO_NUM_LOCKS 33
+#define CRYPTO_LOCK_ECDH 33
+#define CRYPTO_NUM_LOCKS 34
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
@@ -236,6 +242,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
#define CRYPTO_EX_INDEX_X509 10
#define CRYPTO_EX_INDEX_UI 11
#define CRYPTO_EX_INDEX_ECDSA 12
+#define CRYPTO_EX_INDEX_ECDH 13
/* Dynamically assigned indexes start from this value (don't use directly, use
* via CRYPTO_ex_data_new_class). */
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 4a1787f..17083f2 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -386,6 +386,7 @@ EC_KEY *EC_KEY_new(void);
void EC_KEY_free(EC_KEY *);
EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
EC_KEY *EC_KEY_dup(const EC_KEY *);
+int EC_KEY_up_ref(EC_KEY *);
/* EC_KEY_generate_key() creates a ec private (public) key */
int EC_KEY_generate_key(EC_KEY *);
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index bb81cfb..fa38f52 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -57,6 +57,7 @@
#include <openssl/err.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
+#include <string.h>
/* some structures needed for the asn1 encoding */
typedef struct x9_62_fieldid_st {
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 790d930..f9f98cf 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -55,9 +55,15 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and
+ * contributed to the OpenSSL project.
+ */
#include "ec_lcl.h"
#include <openssl/err.h>
+#include <string.h>
EC_KEY *EC_KEY_new(void)
{
@@ -210,6 +216,22 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey)
return ret;
}
+int EC_KEY_up_ref(EC_KEY *r)
+ {
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
+#ifdef REF_PRINT
+ REF_PRINT("EC_KEY",r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2)
+ {
+ fprintf(stderr, "EC_KEY_up, bad reference count\n");
+ abort();
+ }
+#endif
+ return ((i > 1) ? 1 : 0);
+ }
+
int EC_KEY_generate_key(EC_KEY *eckey)
{
int ok = 0;
diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl
new file mode 100644
index 0000000..f8a4746
--- /dev/null
+++ b/crypto/ecdh/Makefile.ssl
@@ -0,0 +1,121 @@
+#
+# crypto/ecdh/Makefile
+#
+
+DIR= ecdh
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile.ssl
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
+
+LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdh.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+ @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @for i in $(EXHEADER) ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ech_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ech_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ecdh.h
+ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_err.o: ../../include/openssl/symhacks.h ech_err.c
+ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
+ech_key.o: ech_key.c
+ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
+ech_lib.o: ech_lib.c
+ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_ossl.o: ecdh.h ech_ossl.c
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
new file mode 100644
index 0000000..b5b877b
--- /dev/null
+++ b/crypto/ecdh/ecdh.h
@@ -0,0 +1,164 @@
+/* crypto/ecdh/ecdh.h */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDH_H
+#define HEADER_ECDH_H
+
+#ifdef OPENSSL_NO_ECDH
+#error ECDH is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ecdh_method
+{
+ const char *name;
+ int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
+#if 0
+ int (*init)(EC_KEY *eckey);
+ int (*finish)(EC_KEY *eckey);
+#endif
+ int flags;
+ char *app_data;
+} ECDH_METHOD;
+
+typedef struct ecdh_data_st {
+ /* EC_KEY_METH_DATA part */
+ int (*init)(EC_KEY *);
+ void (*finish)(EC_KEY *);
+ /* method specific part */
+ ENGINE *engine;
+ int flags;
+ const ECDH_METHOD *meth;
+ CRYPTO_EX_DATA ex_data;
+} ECDH_DATA;
+
+/* ECDH_DATA functions */
+ECDH_DATA *ECDH_DATA_new(void);
+ECDH_DATA *ECDH_DATA_new_method(ENGINE *);
+void ECDH_DATA_free(ECDH_DATA *);
+
+ECDH_DATA *ecdh_check(EC_KEY *);
+
+
+const ECDH_METHOD *ECDH_OpenSSL(void);
+
+void ECDH_set_default_method(const ECDH_METHOD *);
+const ECDH_METHOD *ECDH_get_default_method(void);
+int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+
+int ECDH_size(const EC_KEY *);
+int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
+
+
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
+ *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
+void *ECDH_get_ex_data(EC_KEY *d, int idx);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDH_strings(void);
+
+/* Error codes for the ECDH functions. */
+
+/* Function codes. */
+#define ECDH_F_ECDH_COMPUTE_KEY 100
+#define ECDH_F_ECDH_DATA_NEW 101
+
+/* Reason codes. */
+#define ECDH_R_NO_PRIVATE_VALUE 100
+#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
+#define ECDH_R_SHA1_DIGEST_FAILED 102
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000..65d0d14
--- /dev/null
+++ b/crypto/ecdh/ecdhtest.c
@@ -0,0 +1,288 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_SYS_WINDOWS
+#include "../bio/bss_file.c"
+#endif
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+ printf("No ECDH support\n");
+ return(0);
+}
+#else
+#include <openssl/ecdh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+
+int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
+ {
+ EC_KEY *a=NULL;
+ EC_KEY *b=NULL;
+ BIGNUM *x=NULL, *y=NULL;
+ char buf[12];
+ unsigned char *abuf=NULL,*bbuf=NULL;
+ int i,alen,blen,aout,bout,ret=0;
+
+ if ((a=EC_KEY_new()) == NULL) goto err;
+ if ((a->group=EC_GROUP_new_by_name(nid)) == NULL) goto err;
+
+ if ((b=EC_KEY_new()) == NULL) goto err;
+ b->group = a->group;
+
+ if ((x=BN_new()) == NULL) goto err;
+ if ((y=BN_new()) == NULL) goto err;
+
+ BIO_puts(out,"Testing key generation with ");
+ BIO_puts(out,text);
+ BIO_puts(out,"\n");
+
+ if (!EC_KEY_generate_key(a)) goto err;
+ BIO_puts(out," pri 1=");
+ BN_print(out,a->priv_key);
+ BIO_puts(out,"\n pub 1=");
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x, y, ctx)) goto err;
+ }
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x, y, ctx)) goto err;
+ }
+ BN_print(out,x);
+ BIO_puts(out,",");
+ BN_print(out,y);
+ BIO_puts(out,"\n");
+
+ if (!EC_KEY_generate_key(b)) goto err;
+ BIO_puts(out," pri 2=");
+ BN_print(out,b->priv_key);
+ BIO_puts(out,"\n pub 2=");
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x, y, ctx)) goto err;
+ }
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x, y, ctx)) goto err;
+ }
+ BN_print(out,x);
+ BIO_puts(out,",");
+ BN_print(out,y);
+ BIO_puts(out,"\n");
+
+ alen=ECDH_size(a);
+ abuf=(unsigned char *)OPENSSL_malloc(alen);
+ aout=ECDH_compute_key(abuf,b->pub_key,a);
+
+ BIO_puts(out," key1 =");
+ for (i=0; i<aout; i++)
+ {
+ sprintf(buf,"%02X",abuf[i]);
+ BIO_puts(out,buf);
+ }
+ BIO_puts(out,"\n");
+
+ blen=ECDH_size(b);
+ bbuf=(unsigned char *)OPENSSL_malloc(blen);
+ bout=ECDH_compute_key(bbuf,a->pub_key,b);
+
+ BIO_puts(out," key2 =");
+ for (i=0; i<bout; i++)
+ {
+ sprintf(buf,"%02X",bbuf[i]);
+ BIO_puts(out,buf);
+ }
+ BIO_puts(out,"\n");
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+ {
+ fprintf(stderr,"Error in ECDH routines\n");
+ ret=0;
+ }
+ else
+ ret=1;
+err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL) OPENSSL_free(abuf);
+ if (bbuf != NULL) OPENSSL_free(bbuf);
+ if (x) BN_free(x);
+ if (y) BN_free(y);
+ if (a->group) EC_GROUP_free(a->group);
+ a->group = b->group = NULL;
+ if (b) EC_KEY_free(b);
+ if (a) EC_KEY_free(a);
+ return(ret);
+ }
+
+int main(int argc, char *argv[])
+ {
+ BN_CTX *ctx=NULL;
+ int ret=1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+ CRYPTO_malloc_init();
+#endif
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) exit(1);
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ /* NIST PRIME CURVES TESTS */
+ if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_192, "NIST Prime-Curve P-192", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_224, "NIST Prime-Curve P-224", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_256, "NIST Prime-Curve P-256", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_384, "NIST Prime-Curve P-384", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_521, "NIST Prime-Curve P-521", ctx, out)) goto err;
+ /* NIST BINARY CURVES TESTS */
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K163, "NIST Binary-Curve K-163", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B163, "NIST Binary-Curve B-163", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K233, "NIST Binary-Curve K-233", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B233, "NIST Binary-Curve B-233", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K283, "NIST Binary-Curve K-283", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B283, "NIST Binary-Curve B-283", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K409, "NIST Binary-Curve K-409", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B409, "NIST Binary-Curve B-409", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K571, "NIST Binary-Curve K-571", ctx, out)) goto err;
+ if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B571, "NIST Binary-Curve B-571", ctx, out)) goto err;
+
+ ret = 0;
+
+err:
+ ERR_print_errors_fp(stderr);
+ if (ctx) BN_CTX_free(ctx);
+ BIO_free(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks_fp(stderr);
+ exit(ret);
+ return(ret);
+ }
+
+static void MS_CALLBACK cb(int p, int n, void *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write((BIO *)arg,&c,1);
+ (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+ p=n;
+#endif
+ }
+#endif
diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c
new file mode 100644
index 0000000..819b8ab
--- /dev/null
+++ b/crypto/ecdh/ech_err.c
@@ -0,0 +1,97 @@
+/* crypto/ecdh/ech_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ecdh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ECDH_str_functs[]=
+ {
+{ERR_PACK(0,ECDH_F_ECDH_COMPUTE_KEY,0), "ECDH_compute_key"},
+{ERR_PACK(0,ECDH_F_ECDH_DATA_NEW,0), "ECDH_DATA_new"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA ECDH_str_reasons[]=
+ {
+{ECDH_R_NO_PRIVATE_VALUE ,"no private value"},
+{ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"},
+{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_ECDH_strings(void)
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(ERR_LIB_ECDH,ECDH_str_functs);
+ ERR_load_strings(ERR_LIB_ECDH,ECDH_str_reasons);
+#endif
+
+ }
+ }
diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c
new file mode 100644
index 0000000..d2fd363
--- /dev/null
+++ b/crypto/ecdh/ech_key.c
@@ -0,0 +1,92 @@
+/* crypto/ecdh/ecdh_key.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdh.h"
+#include <openssl/engine.h>
+
+int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey)
+{
+ ECDH_DATA *ecdh = ecdh_check(eckey);
+ if (ecdh == NULL)
+ return NULL;
+ return ecdh->meth->compute_key(key, pub_key, eckey);
+}
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
new file mode 100644
index 0000000..d7f2e1a
--- /dev/null
+++ b/crypto/ecdh/ech_lib.c
@@ -0,0 +1,248 @@
+/* crypto/ecdh/ech_lib.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdh.h"
+#include <string.h>
+#include <openssl/engine.h>
+
+const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
+
+static void ecdh_finish(EC_KEY *);
+
+static const ECDH_METHOD *default_ECDH_method = NULL;
+
+void ECDH_set_default_method(const ECDH_METHOD *meth)
+ {
+ default_ECDH_method = meth;
+ }
+
+const ECDH_METHOD *ECDH_get_default_method(void)
+ {
+ if(!default_ECDH_method)
+ default_ECDH_method = ECDH_OpenSSL();
+ return default_ECDH_method;
+ }
+
+int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
+ {
+ const ECDH_METHOD *mtmp;
+ ECDH_DATA *ecdh;
+
+ ecdh = ecdh_check(eckey);
+
+ if (ecdh == NULL)
+ return 0;
+
+ mtmp = ecdh->meth;
+#if 0
+ if (mtmp->finish)
+ mtmp->finish(eckey);
+#endif
+ if (ecdh->engine)
+ {
+ ENGINE_finish(ecdh->engine);
+ ecdh->engine = NULL;
+ }
+ ecdh->meth = meth;
+#if 0
+ if (meth->init)
+ meth->init(eckey);
+#endif
+ return 1;
+ }
+
+ECDH_DATA *ECDH_DATA_new(void)
+ {
+ return ECDH_DATA_new_method(NULL);
+ }
+
+ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
+ {
+ ECDH_DATA *ret;
+
+ ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
+ if (ret == NULL)
+ {
+ ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+
+ ret->init = NULL;
+ ret->finish = ecdh_finish;
+
+ ret->meth = ECDH_get_default_method();
+ ret->engine = engine;
+ if (!ret->engine)
+ ret->engine = ENGINE_get_default_ECDH();
+ if (ret->engine)
+ {
+ ret->meth = ENGINE_get_ECDH(ret->engine);
+ if (!ret->meth)
+ {
+ ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+
+ ret->flags = ret->meth->flags;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+#if 0
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret=NULL;
+ }
+#endif
+ return(ret);
+ }
+
+void ECDH_DATA_free(ECDH_DATA *r)
+ {
+#if 0
+ if (r->meth->finish)
+ r->meth->finish(r);
+#endif
+ if (r->engine)
+ ENGINE_finish(r->engine);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+
+ memset((void *)r, 0x0, sizeof(ECDH_DATA));
+
+ OPENSSL_free(r);
+ }
+
+ECDH_DATA *ecdh_check(EC_KEY *key)
+ {
+ if (key->meth_data)
+ {
+ if (key->meth_data->finish != ecdh_finish)
+ {
+ key->meth_data->finish(key);
+ key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
+ }
+ }
+ else
+ key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
+ return (ECDH_DATA *)key->meth_data;
+ }
+
+static void ecdh_finish(EC_KEY *key)
+ {
+ if (key->meth_data && key->meth_data->finish == ecdh_finish)
+ ECDH_DATA_free((ECDH_DATA *)key->meth_data);
+ }
+
+
+int ECDH_size(const EC_KEY *ecdh)
+ {
+ return 20;
+ }
+
+
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+ {
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+ new_func, dup_func, free_func);
+ }
+
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
+ {
+ ECDH_DATA *ecdh;
+ ecdh = ecdh_check(d);
+ if (ecdh == NULL)
+ return 0;
+ return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
+ }
+
+void *ECDH_get_ex_data(EC_KEY *d, int idx)
+ {
+ ECDH_DATA *ecdh;
+ ecdh = ecdh_check(d);
+ if (ecdh == NULL)
+ return NULL;
+ return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
+ }
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
new file mode 100644
index 0000000..105bc57
--- /dev/null
+++ b/crypto/ecdh/ech_ossl.c
@@ -0,0 +1,187 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include "ecdh.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+
+static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh);
+
+static ECDH_METHOD openssl_ecdh_meth = {
+ "OpenSSL ECDH method",
+ ecdh_compute_key,
+#if 0
+ NULL, /* init */
+ NULL, /* finish */
+#endif
+ 0, /* flags */
+ NULL /* app_data */
+};
+
+const ECDH_METHOD *ECDH_OpenSSL(void)
+ {
+ return &openssl_ecdh_meth;
+ }
+
+
+/* This implementation is based on the following primitives in the IEEE 1363 standard:
+ * - ECKAS-DH1
+ * - ECSVDP-DH
+ * - KDF1 with SHA-1
+ */
+static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh)
+ {
+ BN_CTX *ctx;
+ EC_POINT *tmp=NULL;
+ BIGNUM *x=NULL, *y=NULL;
+ int ret= -1, len;
+ unsigned char *buf=NULL;
+
+ if ((ctx = BN_CTX_new()) == NULL) goto err;
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+
+ if (ecdh->priv_key == NULL)
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ if ((tmp=EC_POINT_new(ecdh->group)) == NULL)
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx))
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx))
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+ }
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx))
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+ }
+
+ if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL)
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if ((len = BN_bn2bin(x,buf)) <= 0)
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if ((SHA1(buf, len, key) == NULL))
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED);
+ goto err;
+ }
+
+ ret = 20;
+
+err:
+ if (tmp) EC_POINT_free(tmp);
+ if (ctx) BN_CTX_end(ctx);
+ if (ctx) BN_CTX_free(ctx);
+ if (buf) OPENSSL_free(buf);
+ return(ret);
+ }
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index daf6427..f69d8e9 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -52,6 +52,33 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the Contribution as delivered hereunder
+ * (or portions thereof), provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the Contribution;
+ * 2) separates from the Contribution; or
+ * 3) for infringements caused by:
+ * i) the modification of the Contribution or
+ * ii) the combination of the Contribution with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -520,149 +547,63 @@ int main(void)
OPENSSL_free(dgst);
dgst = NULL;
-
- /* NIST PRIME CURVES TESTS */
- /* EC_GROUP_NIST_PRIME_192 */
for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!RAND_bytes(digest[i], 20)) goto err;
-
- BIO_printf(bio_err, "\nTesting sign & verify with NIST Prime-Curve P-192 : \n");
- EC_KEY_free(ecdsa);
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
- if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192))
- == NULL) goto err;
- if (!EC_KEY_generate_key(ecdsa)) goto err;
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- {
- ECDSA_SIG_free(signatures[i]);
- signatures[i] = NULL;
- }
-
- /* EC_GROUP_NIST_PRIME_224 */
- BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-224 : \n");
- EC_KEY_free(ecdsa);
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
- if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err;
- if (!EC_KEY_generate_key(ecdsa)) goto err;
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- {
- ECDSA_SIG_free(signatures[i]);
- signatures[i] = NULL;
- }
-
- /* EC_GROUP_NIST_PRIME_256 */
- BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-256 : \n");
- EC_KEY_free(ecdsa);
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
- if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err;
- if (!EC_KEY_generate_key(ecdsa)) goto err;
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- {
- ECDSA_SIG_free(signatures[i]);
- signatures[i] = NULL;
- }
-
- /* EC_GROUP_NIST_PRIME_384 */
- BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-384 : \n");
- EC_KEY_free(ecdsa);
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
- if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err;
- if (!EC_KEY_generate_key(ecdsa)) goto err;
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- {
- ECDSA_SIG_free(signatures[i]);
- signatures[i] = NULL;
+ if (!RAND_bytes(digest[i], 20)) goto err;
+
+ BIO_printf(bio_err, "\n");
+
+/* Macro for each test */
+#define ECDSA_GROUP_TEST(text, curve) \
+ BIO_printf(bio_err, "Testing sign & verify with %s : \n", text); \
+ EC_KEY_free(ecdsa); \
+ if ((ecdsa = EC_KEY_new()) == NULL) goto err; \
+ if ((ecdsa->group = EC_GROUP_new_by_name(curve)) == NULL) goto err; \
+ if (!EC_KEY_generate_key(ecdsa)) goto err; \
+ tim = clock(); \
+ for (i=0; i<ECDSA_NIST_TESTS; i++) \
+ if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; \
+ tim = clock() - tim; \
+ tim_d = (double)tim / CLOCKS_PER_SEC; \
+ BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" \
+ , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \
+ tim = clock(); \
+ for (i=0; i<ECDSA_NIST_TESTS; i++) \
+ if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; \
+ tim = clock() - tim; \
+ tim_d = (double)tim / CLOCKS_PER_SEC; \
+ BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" \
+ , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \
+ for (i=0; i<ECDSA_NIST_TESTS; i++) \
+ { \
+ ECDSA_SIG_free(signatures[i]); \
+ signatures[i] = NULL; \
}
+
+ /* NIST PRIME CURVES TESTS */
+ ECDSA_GROUP_TEST("NIST Prime-Curve P-192", EC_GROUP_NIST_PRIME_192);
+ ECDSA_GROUP_TEST("NIST Prime-Curve P-224", EC_GROUP_NIST_PRIME_224);
+ ECDSA_GROUP_TEST("NIST Prime-Curve P-256", EC_GROUP_NIST_PRIME_256);
+ ECDSA_GROUP_TEST("NIST Prime-Curve P-384", EC_GROUP_NIST_PRIME_384);
+ ECDSA_GROUP_TEST("NIST Prime-Curve P-521", EC_GROUP_NIST_PRIME_521);
+ /* NIST BINARY CURVES TESTS */
+ ECDSA_GROUP_TEST("NIST Binary-Curve K-163", EC_GROUP_NIST_CHAR2_K163);
+ ECDSA_GROUP_TEST("NIST Binary-Curve B-163", EC_GROUP_NIST_CHAR2_B163);
+ ECDSA_GROUP_TEST("NIST Binary-Curve K-233", EC_GROUP_NIST_CHAR2_K233);
+ ECDSA_GROUP_TEST("NIST Binary-Curve B-233", EC_GROUP_NIST_CHAR2_B233);
+ ECDSA_GROUP_TEST("NIST Binary-Curve K-283", EC_GROUP_NIST_CHAR2_K283);
+ ECDSA_GROUP_TEST("NIST Binary-Curve B-283", EC_GROUP_NIST_CHAR2_B283);
+ ECDSA_GROUP_TEST("NIST Binary-Curve K-409", EC_GROUP_NIST_CHAR2_K409);
+ ECDSA_GROUP_TEST("NIST Binary-Curve B-409", EC_GROUP_NIST_CHAR2_B409);
+ ECDSA_GROUP_TEST("NIST Binary-Curve K-571", EC_GROUP_NIST_CHAR2_K571);
+ ECDSA_GROUP_TEST("NIST Binary-Curve B-571", EC_GROUP_NIST_CHAR2_B571);
+#undef ECDSA_GROUP_TEST
- /* EC_GROUP_NIST_PRIME_521 */
- BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-521 : \n");
- EC_KEY_free(ecdsa);
- if ((ecdsa = EC_KEY_new()) == NULL) goto err;
- if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err;
- if (!EC_KEY_generate_key(ecdsa)) goto err;
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
- tim = clock();
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
- tim = clock() - tim;
- tim_d = (double)tim / CLOCKS_PER_SEC;
- BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
- , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
EC_KEY_free(ecdsa);
ecdsa = NULL;
- for (i=0; i<ECDSA_NIST_TESTS; i++)
- {
- ECDSA_SIG_free(signatures[i]);
- signatures[i] = NULL;
- }
-
OPENSSL_free(buffer);
buffer = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
- ecdsa = NULL;
ret = 1;
err: if (!ret)
@@ -675,6 +616,7 @@ err: if (!ret)
if (d) BN_free(d);
if (dgst) OPENSSL_free(dgst);
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
+ if (pkey) EVP_PKEY_free(pkey);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
ERR_free_strings();
diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl
index 1b3680b..4dab2dc 100644
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@@ -25,13 +25,13 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \
eng_openssl.c eng_dyn.c eng_cnf.c \
hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \
eng_openssl.o eng_dyn.o eng_cnf.o \
hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o
@@ -540,6 +540,28 @@ tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
tb_dsa.o: eng_int.h tb_dsa.c
+tb_ecdh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_ecdh.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tb_ecdh.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+tb_ecdh.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+tb_ecdh.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/engine.h
+tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_ecdh.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_ecdh.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_ecdh.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdh.o: ../../include/openssl/opensslconf.h
+tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_ecdh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_ecdh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_ecdh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_ecdh.o: eng_int.h tb_ecdh.c
tb_ecdsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
index f7edb5a..c0d03cc 100644
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
@@ -52,6 +52,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <openssl/crypto.h>
#include "cryptlib.h"
@@ -77,6 +82,14 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
return 0;
#endif
+#ifndef OPENSSL_NO_ECDH
+ if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e))
+ return 0;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e))
+ return 0;
+#endif
if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
return 0;
return 1;
@@ -93,6 +106,10 @@ static int int_def_cb(const char *alg, int len, void *arg)
*pflags |= ENGINE_METHOD_RSA;
else if (!strncmp(alg, "DSA", len))
*pflags |= ENGINE_METHOD_DSA;
+ else if (!strncmp(alg, "ECDH", len))
+ *pflags |= ENGINE_METHOD_ECDH;
+ else if (!strncmp(alg, "ECDSA", len))
+ *pflags |= ENGINE_METHOD_ECDSA;
else if (!strncmp(alg, "DH", len))
*pflags |= ENGINE_METHOD_DH;
else if (!strncmp(alg, "RAND", len))
@@ -133,6 +150,12 @@ int ENGINE_register_complete(ENGINE *e)
#ifndef OPENSSL_NO_DH
ENGINE_register_DH(e);
#endif
+#ifndef OPENSSL_NO_ECDH
+ ENGINE_register_ECDH(e);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ ENGINE_register_ECDSA(e);
+#endif
ENGINE_register_RAND(e);
return 1;
}
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
index 0407de9..2c82861 100644
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H
@@ -146,6 +151,7 @@ struct engine_st
const RSA_METHOD *rsa_meth;
const DSA_METHOD *dsa_meth;
const DH_METHOD *dh_meth;
+ const ECDH_METHOD *ecdh_meth;
const ECDSA_METHOD *ecdsa_meth;
const RAND_METHOD *rand_meth;
/* Cipher handling is via this callback */
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index da53c1c..5018856 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <openssl/crypto.h>
#include "cryptlib.h"
@@ -324,6 +329,9 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
#ifndef OPENSSL_NO_DH
dest->dh_meth = src->dh_meth;
#endif
+#ifndef OPENSSL_NO_ECDH
+ dest->ecdh_meth = src->ecdh_meth;
+#endif
#ifndef OPENSSL_NO_ECDSA
dest->ecdsa_meth = src->ecdsa_meth;
#endif
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index e9d976f..45fa618 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <stdio.h>
@@ -109,6 +114,12 @@ static int bind_helper(ENGINE *e)
#ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
+#ifndef OPENSSL_NO_ECDH
+ || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
+#endif
#ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
#endif
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 1cd27f8..50638d4 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_ENGINE_H
#define HEADER_ENGINE_H
@@ -70,6 +75,9 @@
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ecdh.h>
+#endif
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
@@ -92,6 +100,9 @@ typedef void DSA_METHOD;
#ifdef OPENSSL_NO_DH
typedef void DH_METHOD;
#endif
+#ifdef OPENSSL_NO_ECDH
+typedef void ECDH_METHOD;
+#endif
#ifdef OPENSSL_NO_ECDSA
typedef void ECDSA_METHOD;
#endif
@@ -102,7 +113,8 @@ typedef void ECDSA_METHOD;
#define ENGINE_METHOD_DSA (unsigned int)0x0002
#define ENGINE_METHOD_DH (unsigned int)0x0004
#define ENGINE_METHOD_RAND (unsigned int)0x0008
-#define ENGINE_METHOD_ECDSA (unsigned int)0x000F
+#define ENGINE_METHOD_ECDH (unsigned int)0x0010
+#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
/* Obvious all-or-nothing cases. */
@@ -338,6 +350,10 @@ int ENGINE_register_DSA(ENGINE *e);
void ENGINE_unregister_DSA(ENGINE *e);
void ENGINE_register_all_DSA(void);
+int ENGINE_register_ECDH(ENGINE *e);
+void ENGINE_unregister_ECDH(ENGINE *e);
+void ENGINE_register_all_ECDH(void);
+
int ENGINE_register_ECDSA(ENGINE *e);
void ENGINE_unregister_ECDSA(ENGINE *e);
void ENGINE_register_all_ECDSA(void);
@@ -421,6 +437,7 @@ int ENGINE_set_id(ENGINE *e, const char *id);
int ENGINE_set_name(ENGINE *e, const char *name);
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
@@ -454,6 +471,7 @@ const char *ENGINE_get_id(const ENGINE *e);
const char *ENGINE_get_name(const ENGINE *e);
const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
@@ -507,6 +525,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_ECDH(void);
ENGINE *ENGINE_get_default_ECDSA(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
@@ -523,6 +542,7 @@ int ENGINE_set_default_RSA(ENGINE *e);
int ENGINE_set_default_string(ENGINE *e, const char *list);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_ECDH(ENGINE *e);
int ENGINE_set_default_ECDSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);
diff --git a/crypto/err/err.h b/crypto/err/err.h
index b591d11..ec895c4 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -132,6 +132,7 @@ typedef struct err_state_st
#define ERR_LIB_UI 40
#define ERR_LIB_COMP 41
#define ERR_LIB_ECDSA 42
+#define ERR_LIB_ECDH 43
#define ERR_LIB_USER 128
@@ -161,6 +162,7 @@ typedef struct err_state_st
#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
+#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
@@ -214,6 +216,7 @@ typedef struct err_state_st
#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */
#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */
#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */
+#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */
#define ERR_R_NESTED_ASN1_ERROR 58
#define ERR_R_BAD_ASN1_OBJECT_HEADER 59
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 11bb1f9..38d68f2 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -28,6 +28,7 @@ L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L UI crypto/ui/ui.h crypto/ui/ui_err.c
L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c
+L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 46a6e5a..8b42b09 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#ifndef HEADER_X509_H
#define HEADER_X509_H
@@ -89,6 +94,10 @@
#include <openssl/ecdsa.h>
#endif
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ecdh.h>
+#endif
+
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif