generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ECDH support.

Browse Source 
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
This commit is contained in:
Bodo Möller 2002-08-09 08:43:04 +00:00
parent f8fe7fa491
commit e172d60ddb
31 changed files with 2129 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -4,6 +4,12 @@
Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
*) Add ECDH engine support.
[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
*) Add ECDH in new directory crypto/ecdh/.
[Douglas Stebila (Sun Microsystems Laboratories)]
*) Let BN_rand_range() abort with an error after 100 iterations
without success (which indicates a broken PRNG).
[Bodo Moeller]
@ -214,7 +220,8 @@
- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
them suitable for ECDSA where domain parameters must be
extracted before the specific public key.
extracted before the specific public key;
- ECDSA engine support has been added.
[Nils Larsch <nla@trustcenter.de>]
*) Include some named elliptic curves, and add OIDs from X9.62,

15
Configure
View File

@ -747,7 +747,20 @@ PROCESS_ARGS:
$depflags .= "-DOPENSSL_NO_MDC2 ";
$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
}
if ($algo eq "EC" || $algo eq "SHA" || $algo eq "SHA1")
if ($algo eq "EC")
{
push @skip, "ecdsa";
push @skip, "ecdh";
$options .= " no-ecdsa";
$options .= " no-ecdh";
$flags .= "-DOPENSSL_NO_ECDSA ";
$flags .= "-DOPENSSL_NO_ECDH ";
$depflags .= "-DOPENSSL_NO_ECDSA ";
$depflags .= "-DOPENSSL_NO_ECDH ";
$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDH\n";
}
if ($algo eq "SHA" || $algo eq "SHA1")
{
push @skip, "ecdsa";
$options .= " no-ecdsa";

2
Makefile.org
View File

@ -167,7 +167,7 @@ SHLIBDIRS= crypto ssl
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa ecdsa dh dso engine aes \
bn ec rsa dsa ecdsa dh ecdh dso engine aes \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

11
apps/req.c
View File

@ -369,16 +369,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
in=NULL;
{
BIGNUM *order = BN_new();
if (!order)
goto end;
if (!EC_GROUP_get_order(ec_params->group, order, NULL))
goto end;
newkey = BN_num_bits(order);
BN_free(order);
}
newkey = EC_GROUP_get_degree(ec_params->group);
}
else

635
apps/speed.c
View File

@ -55,6 +55,32 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the Contribution as delivered hereunder
* (or portions thereof), provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the Contribution;
* 2) separates from the Contribution; or
* 3) for infringements caused by:
* i) the modification of the Contribution or
* ii) the combination of the Contribution with other software or
* devices where such combination causes the infringement.
*
* The ECDH and ECDSA speed test software is originally written by
* Sumit Gupta of Sun Microsystems Laboratories.
*
*/
/* most of this code has been pilfered from my libdes speed.c program */
@ -62,6 +88,8 @@
#define SECONDS 3
#define RSA_SECONDS 10
#define DSA_SECONDS 10
#define ECDSA_SECONDS 10
#define ECDH_SECONDS 10
/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
@ -184,6 +212,12 @@
#ifndef OPENSSL_NO_DSA
#include "./testdsa.h"
#endif
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
/* The following if from times(3) man page. It may need to be changed */
#ifndef HZ
@ -226,6 +260,10 @@ static int do_multi(int multi);
#define SIZE_NUM 5
#define RSA_NUM 4
#define DSA_NUM 3
#define EC_NUM 15
#define MAX_ECDH_SIZE 256
static const char *names[ALGOR_NUM]={
"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
"des cbc","des ede3","idea cbc",
@ -235,6 +273,9 @@ static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
static double rsa_results[RSA_NUM][2];
static double dsa_results[DSA_NUM][2];
static double ecdsa_results[EC_NUM][2];
static double ecdh_results[EC_NUM][1];
#ifdef SIGALRM
#if defined(__STDC__) || defined(sgi) || defined(_AIX)
@ -477,6 +518,23 @@ int MAIN(int argc, char **argv)
#define R_RSA_1024 1
#define R_RSA_2048 2
#define R_RSA_4096 3
#define R_EC_P160 0
#define R_EC_P224 1
#define R_EC_P256 2
#define R_EC_P384 3
#define R_EC_P521 4
#define R_EC_K163 5
#define R_EC_K233 6
#define R_EC_K283 7
#define R_EC_K409 8
#define R_EC_K571 9
#define R_EC_B163 10
#define R_EC_B233 11
#define R_EC_B283 12
#define R_EC_B409 13
#define R_EC_B571 14
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
long rsa_c[RSA_NUM][2];
@ -492,8 +550,81 @@ int MAIN(int argc, char **argv)
long dsa_c[DSA_NUM][2];
static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
#endif
#ifndef OPENSSL_NO_EC
/* We only test over the following curves as they are representative,
* To add tests over more curves, simply add the curve NID
* and curve name to the following arrays and increase the
* EC_NUM value accordingly.
*/
static unsigned int test_curves[EC_NUM] =
{
/* Prime Curves */
EC_GROUP_SECG_PRIME_160R1,
EC_GROUP_NIST_PRIME_224,
EC_GROUP_NIST_PRIME_256,
EC_GROUP_NIST_PRIME_384,
EC_GROUP_NIST_PRIME_521,
/* Binary Curves */
EC_GROUP_NIST_CHAR2_K163,
EC_GROUP_NIST_CHAR2_K233,
EC_GROUP_NIST_CHAR2_K283,
EC_GROUP_NIST_CHAR2_K409,
EC_GROUP_NIST_CHAR2_K571,
EC_GROUP_NIST_CHAR2_B163,
EC_GROUP_NIST_CHAR2_B233,
EC_GROUP_NIST_CHAR2_B283,
EC_GROUP_NIST_CHAR2_B409,
EC_GROUP_NIST_CHAR2_B571
};
static char * test_curves_names[EC_NUM] =
{
/* Prime Curves */
"secp160r1",
"nistp224",
"nistp256",
"nistp384",
"nistp521",
/* Binary Curves */
"nistk163",
"nistk233",
"nistk283",
"nistk409",
"nistk571",
"nistb163",
"nistb233",
"nistb283",
"nistb409",
"nistb571"
};
static int test_curves_bits[EC_NUM] =
{
160, 224, 256, 384, 521,
163, 233, 283, 409, 571,
163, 233, 283, 409, 571
};
#endif
#ifndef OPENSSL_NO_ECDSA
unsigned char ecdsasig[256];
unsigned int ecdsasiglen;
EC_KEY *ecdsa[EC_NUM];
long ecdsa_c[EC_NUM][2];
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
int secret_size_a, secret_size_b;
int ecdh_check = 0;
int secret_idx = 0;
long ecdh_c[EC_NUM][2];
#endif
int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM];
int ecdsa_doit[EC_NUM];
int ecdh_doit[EC_NUM];
int doit[ALGOR_NUM];
int pr_header=0;
const EVP_CIPHER *evp_cipher=NULL;
@ -512,6 +643,17 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
memset(dsa_key,0,sizeof(dsa_key));
#endif
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
{
ecdh_a[i] = NULL;
ecdh_b[i] = NULL;
}
#endif
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
@ -550,6 +692,15 @@ int MAIN(int argc, char **argv)
rsa_doit[i]=0;
for (i=0; i<DSA_NUM; i++)
dsa_doit[i]=0;
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++)
ecdsa_doit[i]=0;
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
ecdh_doit[i]=0;
#endif
j=0;
argc--;
@ -768,6 +919,52 @@ int MAIN(int argc, char **argv)
dsa_doit[R_DSA_1024]=1;
}
else
#endif
#ifndef OPENSSL_NO_ECDSA
if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
else if (strcmp(*argv,"ecdsa") == 0)
{
for (i=0; i < EC_NUM; i++)
ecdsa_doit[i]=1;
}
else
#endif
#ifndef OPENSSL_NO_ECDH
if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
else if (strcmp(*argv,"ecdh") == 0)
{
for (i=0; i < EC_NUM; i++)
ecdh_doit[i]=1;
}
else
#endif
{
BIO_printf(bio_err,"Error: bad option or value\n");
@ -834,6 +1031,18 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
#endif
#ifndef OPENSSL_NO_ECDSA
BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err,"ecdsa\n");
#endif
#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err,"ecdhp160 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
BIO_printf(bio_err,"ecdh\n");
#endif
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,"idea ");
@ -1063,6 +1272,114 @@ int MAIN(int argc, char **argv)
}
#endif
#ifndef OPENSSL_NO_ECDSA
ecdsa_c[R_EC_P160][0]=count/1000;
ecdsa_c[R_EC_P160][1]=count/1000/2;
for (i=R_EC_P224; i<=R_EC_P521; i++)
{
ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
ecdsa_doit[i]=0;
else
{
if (ecdsa_c[i] == 0)
{
ecdsa_c[i][0]=1;
ecdsa_c[i][1]=1;
}
}
}
ecdsa_c[R_EC_K163][0]=count/1000;
ecdsa_c[R_EC_K163][1]=count/1000/2;
for (i=R_EC_K233; i<=R_EC_K571; i++)
{
ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
ecdsa_doit[i]=0;
else
{
if (ecdsa_c[i] == 0)
{
ecdsa_c[i][0]=1;
ecdsa_c[i][1]=1;
}
}
}
ecdsa_c[R_EC_B163][0]=count/1000;
ecdsa_c[R_EC_B163][1]=count/1000/2;
for (i=R_EC_B233; i<=R_EC_B571; i++)
{
ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
ecdsa_doit[i]=0;
else
{
if (ecdsa_c[i] == 0)
{
ecdsa_c[i][0]=1;
ecdsa_c[i][1]=1;
}
}
}
#endif
#ifndef OPENSSL_NO_ECDH
ecdh_c[R_EC_P160][0]=count/1000;
ecdh_c[R_EC_P160][1]=count/1000;
for (i=R_EC_P224; i<=R_EC_P521; i++)
{
ecdh_c[i][0]=ecdh_c[i-1][0]/2;
ecdh_c[i][1]=ecdh_c[i-1][1]/2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
ecdh_doit[i]=0;
else
{
if (ecdh_c[i] == 0)
{
ecdh_c[i][0]=1;
ecdh_c[i][1]=1;
}
}
}
ecdh_c[R_EC_K163][0]=count/1000;
ecdh_c[R_EC_K163][1]=count/1000;
for (i=R_EC_K233; i<=R_EC_K571; i++)
{
ecdh_c[i][0]=ecdh_c[i-1][0]/2;
ecdh_c[i][1]=ecdh_c[i-1][1]/2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
ecdh_doit[i]=0;
else
{
if (ecdh_c[i] == 0)
{
ecdh_c[i][0]=1;
ecdh_c[i][1]=1;
}
}
}
ecdh_c[R_EC_B163][0]=count/1000;
ecdh_c[R_EC_B163][1]=count/1000;
for (i=R_EC_B233; i<=R_EC_B571; i++)
{
ecdh_c[i][0]=ecdh_c[i-1][0]/2;
ecdh_c[i][1]=ecdh_c[i-1][1]/2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
ecdh_doit[i]=0;
else
{
if (ecdh_c[i] == 0)
{
ecdh_c[i][0]=1;
ecdh_c[i][1]=1;
}
}
}
#endif
#define COND(d) (count < (d))
#define COUNT(d) (d)
#else
@ -1587,6 +1904,215 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake) RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1)
{
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
}
for (j=0; j<EC_NUM; j++)
{
int ret;
if (!ecdsa_doit[j]) continue; /* Ignore Curve */
ecdsa[j] = EC_KEY_new();
if (ecdsa[j] == NULL)
{
BIO_printf(bio_err,"ECDSA failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
/* Could not obtain group information */
if (ecdsa[j]->group == NULL)
{
BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
/* Perform ECDSA signature test */
EC_KEY_generate_key(ecdsa[j]);
ret = ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig,
&ecdsasiglen, ecdsa[j]);
if (ret == 0)
{
BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
pkey_print_message("sign","ecdsa",
ecdsa_c[j][0],
test_curves_bits[j],
ECDSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(ecdsa_c[j][0]); count++)
{
ret=ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
if (ret == 0)
{
BIO_printf(bio_err, "ECDSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP);
BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
"%ld %d bit ECDSA signs in %.2fs \n",
count, test_curves_bits[j], d);
ecdsa_results[j][0]=d/(double)count;
rsa_count=count;
}
/* Perform ECDSA verification test */
ret=ECDSA_verify(EVP_PKEY_ECDSA, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
if (ret != 1)
{
BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
ERR_print_errors(bio_err);
ecdsa_doit[j] = 0;
}
else
{
pkey_print_message("verify","ecdsa",
ecdsa_c[j][1],
test_curves_bits[j],
ECDSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
{
ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
if (ret != 1)
{
BIO_printf(bio_err, "ECDSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP);
BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
: "%ld %d bit ECDSA verify in %.2fs\n",
count, test_curves_bits[j], d);
ecdsa_results[j][1]=d/(double)count;
}
if (rsa_count <= 1)
{
/* if longer than 10s, don't do any more */
for (j++; j<EC_NUM; j++)
ecdsa_doit[j]=0;
}
}
}
}
if (rnd_fake) RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1)
{
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
}
for (j=0; j<EC_NUM; j++)
{
if (!ecdh_doit[j]) continue;
ecdh_a[j] = EC_KEY_new();
ecdh_b[j] = EC_KEY_new();
if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
{
BIO_printf(bio_err,"ECDH failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
if (ecdh_a[j]->group == NULL)
{
BIO_printf(bio_err,"ECDH failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
ecdh_b[j]->group = ecdh_a[j]->group;
/* generate two ECDH key pairs */
if (!EC_KEY_generate_key(ecdh_a[j]) ||
!EC_KEY_generate_key(ecdh_b[j]))
{
BIO_printf(bio_err,"ECDH key generation failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
secret_size_a = ECDH_compute_key(secret_a,
ecdh_b[j]->pub_key,
ecdh_a[j]);
secret_size_b = ECDH_compute_key(secret_b,
ecdh_a[j]->pub_key,
ecdh_b[j]);
if (secret_size_a != secret_size_b)
ecdh_check = 0;
else
ecdh_check = 1;
for (secret_idx = 0;
(secret_idx < secret_size_a) && (ecdh_check == 1);
secret_idx++)
{
if (secret_a[secret_idx] != secret_b[secret_idx])
ecdh_check = 0;
}
if (ecdh_check == 0)
{
BIO_printf(bio_err,"ECDH computations don't match.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
pkey_print_message("","ecdh",
ecdh_c[j][0],
test_curves_bits[j],
ECDH_SECONDS);
Time_F(START);
for (count=0,run=1; COND(ecdh_c[j][0]); count++)
{
ECDH_compute_key(secret_a,
ecdh_b[j]->pub_key,
ecdh_a[j]);
}
d=Time_F(STOP);
BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
count, test_curves_bits[j], d);
ecdh_results[j][0]=d/(double)count;
rsa_count=count;
}
}
}
if (rsa_count <= 1)
{
/* if longer than 10s, don't do any more */
for (j++; j<EC_NUM; j++)
ecdh_doit[j]=0;
}
}
if (rnd_fake) RAND_cleanup();
#endif
#ifdef HAVE_FORK
show_res:
#endif
@ -1712,7 +2238,57 @@ show_res:
1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
}
#endif
#ifndef OPENSSL_NO_ECDSA
j=1;
for (k=0; k<EC_NUM; k++)
{
if (!ecdsa_doit[k]) continue;
if (j && !mr)
{
printf("%30ssign verify sign/s verify/s\n"," ");
j=0;
}
if (mr)
fprintf(stdout,"+F4:%u:%u:%f:%f\n",
k, test_curves_bits[k],
ecdsa_results[k][0],ecdsa_results[k][1]);
else
fprintf(stdout,
"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
test_curves_bits[k],
test_curves_names[k],
ecdsa_results[k][0],ecdsa_results[k][1],
1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
}
#endif
#ifndef OPENSSL_NO_ECDH
j=1;
for (k=0; k<EC_NUM; k++)
{
if (!ecdh_doit[k]) continue;
if (j && !mr)
{
printf("%30sop op/s\n"," ");
j=0;
}
if (mr)
fprintf(stdout,"+F5:%u:%u:%f:%f\n",
k, test_curves_bits[k],
ecdh_results[k][0], 1.0/ecdh_results[k][0]);
else
fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
test_curves_bits[k],
test_curves_names[k],
ecdh_results[k][0], 1.0/ecdh_results[k][0]);
}
#endif
mret=0;
end:
ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf);
@ -1727,6 +2303,22 @@ end:
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++)
if (ecdsa[i] != NULL)
EC_KEY_free(ecdsa[i]);
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
{
if (ecdh_a[i] != NULL)
EC_KEY_free(ecdh_a[i]);
if (ecdh_b[i] != NULL)
EC_KEY_free(ecdh_b[i]);
}
#endif
apps_shutdown();
EXIT(mret);
}
@ -1928,6 +2520,49 @@ static int do_multi(int multi)
else
dsa_results[k][1]=d;
}
#ifndef OPENSSL_NO_ECDSA
else if(!strncmp(buf,"+F4:",4))
{
int k;
double d;
p=buf+4;
k=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
d=atof(sstrsep(&p,sep));
if(n)
ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
else
ecdsa_results[k][0]=d;
d=atof(sstrsep(&p,sep));
if(n)
ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
else
ecdsa_results[k][1]=d;
}
#endif
#ifndef OPENSSL_NO_ECDH
else if(!strncmp(buf,"+F5:",4))
{
int k;
double d;
p=buf+4;
k=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
d=atof(sstrsep(&p,sep));
if(n)
ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
else
ecdh_results[k][0]=d;
}
#endif
else if(!strncmp(buf,"+H:",3))
{
}

2
crypto/Makefile.ssl
View File

@ -28,7 +28,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa ecdsa dh dso engine aes \
bn ec rsa dsa ecdsa ecdh dh dso engine aes \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

16
crypto/asn1/t_pkey.c
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Binary polynomial ECC support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h>
#include "cryptlib.h"
@ -333,11 +338,22 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(x)) == NID_X9_62_prime_field)
{
if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
{
reason = ERR_R_EC_LIB;
goto err;
}
}
else
{
if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
{
reason = ERR_R_EC_LIB;
goto err;
}
}
if ((point = EC_GROUP_get0_generator(x)) == NULL)
{

8
crypto/cryptlib.c
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h>
#include <string.h>
@ -105,7 +110,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"ui",
"ecdsa",
"ec",
#if CRYPTO_NUM_LOCKS != 33
"ecdh",
#if CRYPTO_NUM_LOCKS != 34
# error "Inconsistency between crypto.h and cryptlib.c"
#endif
};

9
crypto/crypto.h
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H
@ -128,7 +133,8 @@ extern "C" {
#define CRYPTO_LOCK_UI 30
#define CRYPTO_LOCK_ECDSA 31
#define CRYPTO_LOCK_EC 32
#define CRYPTO_NUM_LOCKS 33
#define CRYPTO_LOCK_ECDH 33
#define CRYPTO_NUM_LOCKS 34
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
@ -236,6 +242,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
#define CRYPTO_EX_INDEX_X509 10
#define CRYPTO_EX_INDEX_UI 11
#define CRYPTO_EX_INDEX_ECDSA 12
#define CRYPTO_EX_INDEX_ECDH 13
/* Dynamically assigned indexes start from this value (don't use directly, use
* via CRYPTO_ex_data_new_class). */

1
crypto/ec/ec.h
View File

@ -386,6 +386,7 @@ EC_KEY *EC_KEY_new(void);
void EC_KEY_free(EC_KEY *);
EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
EC_KEY *EC_KEY_dup(const EC_KEY *);
int EC_KEY_up_ref(EC_KEY *);
/* EC_KEY_generate_key() creates a ec private (public) key */
int EC_KEY_generate_key(EC_KEY *);

1
crypto/ec/ec_asn1.c
View File

@ -57,6 +57,7 @@
#include <openssl/err.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
#include <string.h>
/* some structures needed for the asn1 encoding */
typedef struct x9_62_fieldid_st {

22
crypto/ec/ec_key.c
View File

@ -55,9 +55,15 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions originally developed by SUN MICROSYSTEMS, INC., and
* contributed to the OpenSSL project.
*/
#include "ec_lcl.h"
#include <openssl/err.h>
#include <string.h>
EC_KEY *EC_KEY_new(void)
{
@ -210,6 +216,22 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey)
return ret;
}
int EC_KEY_up_ref(EC_KEY *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
#ifdef REF_PRINT
REF_PRINT("EC_KEY",r);
#endif
#ifdef REF_CHECK
if (i < 2)
{
fprintf(stderr, "EC_KEY_up, bad reference count\n");
abort();
}
#endif
return ((i > 1) ? 1 : 0);
}
int EC_KEY_generate_key(EC_KEY *eckey)
{
int ok = 0;

121
crypto/ecdh/Makefile.ssl Normal file
View File

@ -0,0 +1,121 @@
#
# crypto/ecdh/Makefile
#
DIR= ecdh
TOP= ../..
CC= cc
INCLUDES= -I.. -I$(TOP) -I../../include
CFLAG=-g -Wall
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile.ssl
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=ecdhtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
SRC= $(LIBSRC)
EXHEADER= ecdh.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
ech_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
ech_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ecdh.h
ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ech_err.o: ../../include/openssl/symhacks.h ech_err.c
ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
ech_key.o: ech_key.c
ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
ech_lib.o: ech_lib.c
ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ech_ossl.o: ecdh.h ech_ossl.c

164
crypto/ecdh/ecdh.h Normal file
View File

@ -0,0 +1,164 @@
/* crypto/ecdh/ecdh.h */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ECDH_H
#define HEADER_ECDH_H
#ifdef OPENSSL_NO_ECDH
#error ECDH is disabled.
#endif
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ossl_typ.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct ecdh_method
{
const char *name;
int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
#if 0
int (*init)(EC_KEY *eckey);
int (*finish)(EC_KEY *eckey);
#endif
int flags;
char *app_data;
} ECDH_METHOD;
typedef struct ecdh_data_st {
/* EC_KEY_METH_DATA part */
int (*init)(EC_KEY *);
void (*finish)(EC_KEY *);
/* method specific part */
ENGINE *engine;
int flags;
const ECDH_METHOD *meth;
CRYPTO_EX_DATA ex_data;
} ECDH_DATA;
/* ECDH_DATA functions */
ECDH_DATA *ECDH_DATA_new(void);
ECDH_DATA *ECDH_DATA_new_method(ENGINE *);
void ECDH_DATA_free(ECDH_DATA *);
ECDH_DATA *ecdh_check(EC_KEY *);
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
const ECDH_METHOD *ECDH_get_default_method(void);
int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
int ECDH_size(const EC_KEY *);
int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
void *ECDH_get_ex_data(EC_KEY *d, int idx);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ECDH_strings(void);
/* Error codes for the ECDH functions. */
/* Function codes. */
#define ECDH_F_ECDH_COMPUTE_KEY 100
#define ECDH_F_ECDH_DATA_NEW 101
/* Reason codes. */
#define ECDH_R_NO_PRIVATE_VALUE 100
#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
#define ECDH_R_SHA1_DIGEST_FAILED 102
#ifdef __cplusplus
}
#endif
#endif

288
crypto/ecdh/ecdhtest.c Normal file
View File

@ -0,0 +1,288 @@
/* crypto/ecdh/ecdhtest.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/objects.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#ifdef OPENSSL_NO_ECDH
int main(int argc, char *argv[])
{
printf("No ECDH support\n");
return(0);
}
#else
#include <openssl/ecdh.h>
#ifdef OPENSSL_SYS_WIN16
#define MS_CALLBACK _far _loadds
#else
#define MS_CALLBACK
#endif
static void MS_CALLBACK cb(int p, int n, void *arg);
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#include "bss_file.c"
#endif
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
{
EC_KEY *a=NULL;
EC_KEY *b=NULL;
BIGNUM *x=NULL, *y=NULL;
char buf[12];
unsigned char *abuf=NULL,*bbuf=NULL;
int i,alen,blen,aout,bout,ret=0;
if ((a=EC_KEY_new()) == NULL) goto err;
if ((a->group=EC_GROUP_new_by_name(nid)) == NULL) goto err;
if ((b=EC_KEY_new()) == NULL) goto err;
b->group = a->group;
if ((x=BN_new()) == NULL) goto err;
if ((y=BN_new()) == NULL) goto err;
BIO_puts(out,"Testing key generation with ");
BIO_puts(out,text);
BIO_puts(out,"\n");
if (!EC_KEY_generate_key(a)) goto err;
BIO_puts(out," pri 1=");
BN_print(out,a->priv_key);
BIO_puts(out,"\n pub 1=");
if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x, y, ctx)) goto err;
}
else
{
if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x, y, ctx)) goto err;
}
BN_print(out,x);
BIO_puts(out,",");
BN_print(out,y);
BIO_puts(out,"\n");
if (!EC_KEY_generate_key(b)) goto err;
BIO_puts(out," pri 2=");
BN_print(out,b->priv_key);
BIO_puts(out,"\n pub 2=");
if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x, y, ctx)) goto err;
}
else
{
if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x, y, ctx)) goto err;
}
BN_print(out,x);
BIO_puts(out,",");
BN_print(out,y);
BIO_puts(out,"\n");
alen=ECDH_size(a);
abuf=(unsigned char *)OPENSSL_malloc(alen);
aout=ECDH_compute_key(abuf,b->pub_key,a);
BIO_puts(out," key1 =");
for (i=0; i<aout; i++)
{
sprintf(buf,"%02X",abuf[i]);
BIO_puts(out,buf);
}
BIO_puts(out,"\n");
blen=ECDH_size(b);
bbuf=(unsigned char *)OPENSSL_malloc(blen);
bout=ECDH_compute_key(bbuf,a->pub_key,b);
BIO_puts(out," key2 =");
for (i=0; i<bout; i++)
{
sprintf(buf,"%02X",bbuf[i]);
BIO_puts(out,buf);
}
BIO_puts(out,"\n");
if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
{
fprintf(stderr,"Error in ECDH routines\n");
ret=0;
}
else
ret=1;
err:
ERR_print_errors_fp(stderr);
if (abuf != NULL) OPENSSL_free(abuf);
if (bbuf != NULL) OPENSSL_free(bbuf);
if (x) BN_free(x);
if (y) BN_free(y);
if (a->group) EC_GROUP_free(a->group);
a->group = b->group = NULL;
if (b) EC_KEY_free(b);
if (a) EC_KEY_free(a);
return(ret);
}
int main(int argc, char *argv[])
{
BN_CTX *ctx=NULL;
int ret=1;
BIO *out;
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#ifdef OPENSSL_SYS_WIN32
CRYPTO_malloc_init();
#endif
RAND_seed(rnd_seed, sizeof rnd_seed);
out=BIO_new(BIO_s_file());
if (out == NULL) exit(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
if ((ctx=BN_CTX_new()) == NULL) goto err;
/* NIST PRIME CURVES TESTS */
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_192, "NIST Prime-Curve P-192", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_224, "NIST Prime-Curve P-224", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_256, "NIST Prime-Curve P-256", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_384, "NIST Prime-Curve P-384", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_521, "NIST Prime-Curve P-521", ctx, out)) goto err;
/* NIST BINARY CURVES TESTS */
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K163, "NIST Binary-Curve K-163", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B163, "NIST Binary-Curve B-163", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K233, "NIST Binary-Curve K-233", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B233, "NIST Binary-Curve B-233", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K283, "NIST Binary-Curve K-283", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B283, "NIST Binary-Curve B-283", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K409, "NIST Binary-Curve K-409", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B409, "NIST Binary-Curve B-409", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K571, "NIST Binary-Curve K-571", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B571, "NIST Binary-Curve B-571", ctx, out)) goto err;
ret = 0;
err:
ERR_print_errors_fp(stderr);
if (ctx) BN_CTX_free(ctx);
BIO_free(out);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
CRYPTO_mem_leaks_fp(stderr);
exit(ret);
return(ret);
}
static void MS_CALLBACK cb(int p, int n, void *arg)
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
#ifdef LINT
p=n;
#endif
}
#endif

97
crypto/ecdh/ech_err.c Normal file
View File

@ -0,0 +1,97 @@
/* crypto/ecdh/ech_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ecdh.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA ECDH_str_functs[]=
{
{ERR_PACK(0,ECDH_F_ECDH_COMPUTE_KEY,0), "ECDH_compute_key"},
{ERR_PACK(0,ECDH_F_ECDH_DATA_NEW,0), "ECDH_DATA_new"},
{0,NULL}
};
static ERR_STRING_DATA ECDH_str_reasons[]=
{
{ECDH_R_NO_PRIVATE_VALUE ,"no private value"},
{ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"},
{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"},
{0,NULL}
};
#endif
void ERR_load_ECDH_strings(void)
{
static int init=1;
if (init)
{
init=0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ERR_LIB_ECDH,ECDH_str_functs);
ERR_load_strings(ERR_LIB_ECDH,ECDH_str_reasons);
#endif
}
}

92
crypto/ecdh/ech_key.c Normal file
View File

@ -0,0 +1,92 @@
/* crypto/ecdh/ecdh_key.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ecdh.h"
#include <openssl/engine.h>
int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey)
{
ECDH_DATA *ecdh = ecdh_check(eckey);
if (ecdh == NULL)
return NULL;
return ecdh->meth->compute_key(key, pub_key, eckey);
}

248
crypto/ecdh/ech_lib.c Normal file
View File

@ -0,0 +1,248 @@
/* crypto/ecdh/ech_lib.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ecdh.h"
#include <string.h>
#include <openssl/engine.h>
const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
static void ecdh_finish(EC_KEY *);
static const ECDH_METHOD *default_ECDH_method = NULL;
void ECDH_set_default_method(const ECDH_METHOD *meth)
{
default_ECDH_method = meth;
}
const ECDH_METHOD *ECDH_get_default_method(void)
{
if(!default_ECDH_method)
default_ECDH_method = ECDH_OpenSSL();
return default_ECDH_method;
}
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
{
const ECDH_METHOD *mtmp;
ECDH_DATA *ecdh;
ecdh = ecdh_check(eckey);
if (ecdh == NULL)
return 0;
mtmp = ecdh->meth;
#if 0
if (mtmp->finish)
mtmp->finish(eckey);
#endif
if (ecdh->engine)
{
ENGINE_finish(ecdh->engine);
ecdh->engine = NULL;
}
ecdh->meth = meth;
#if 0
if (meth->init)
meth->init(eckey);
#endif
return 1;
}
ECDH_DATA *ECDH_DATA_new(void)
{
return ECDH_DATA_new_method(NULL);
}
ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
{
ECDH_DATA *ret;
ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
if (ret == NULL)
{
ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_MALLOC_FAILURE);
return(NULL);
}
ret->init = NULL;
ret->finish = ecdh_finish;
ret->meth = ECDH_get_default_method();
ret->engine = engine;
if (!ret->engine)
ret->engine = ENGINE_get_default_ECDH();
if (ret->engine)
{
ret->meth = ENGINE_get_ECDH(ret->engine);
if (!ret->meth)
{
ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
ret->flags = ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
#if 0
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
#endif
return(ret);
}
void ECDH_DATA_free(ECDH_DATA *r)
{
#if 0
if (r->meth->finish)
r->meth->finish(r);
#endif
if (r->engine)
ENGINE_finish(r->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
memset((void *)r, 0x0, sizeof(ECDH_DATA));
OPENSSL_free(r);
}
ECDH_DATA *ecdh_check(EC_KEY *key)
{
if (key->meth_data)
{
if (key->meth_data->finish != ecdh_finish)
{
key->meth_data->finish(key);
key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
}
}
else
key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
return (ECDH_DATA *)key->meth_data;
}
static void ecdh_finish(EC_KEY *key)
{
if (key->meth_data && key->meth_data->finish == ecdh_finish)
ECDH_DATA_free((ECDH_DATA *)key->meth_data);
}
int ECDH_size(const EC_KEY *ecdh)
{
return 20;
}
int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
new_func, dup_func, free_func);
}
int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
{
ECDH_DATA *ecdh;
ecdh = ecdh_check(d);
if (ecdh == NULL)
return 0;
return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
}
void *ECDH_get_ex_data(EC_KEY *d, int idx)
{
ECDH_DATA *ecdh;
ecdh = ecdh_check(d);
if (ecdh == NULL)
return NULL;
return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
}

187
crypto/ecdh/ech_ossl.c Normal file
View File

@ -0,0 +1,187 @@
/* crypto/ecdh/ech_ossl.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ecdh.h"
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/obj_mac.h>
static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh);
static ECDH_METHOD openssl_ecdh_meth = {
"OpenSSL ECDH method",
ecdh_compute_key,
#if 0
NULL, /* init */
NULL, /* finish */
#endif
0, /* flags */
NULL /* app_data */
};
const ECDH_METHOD *ECDH_OpenSSL(void)
{
return &openssl_ecdh_meth;
}
/* This implementation is based on the following primitives in the IEEE 1363 standard:
* - ECKAS-DH1
* - ECSVDP-DH
* - KDF1 with SHA-1
*/
static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh)
{
BN_CTX *ctx;
EC_POINT *tmp=NULL;
BIGNUM *x=NULL, *y=NULL;
int ret= -1, len;
unsigned char *buf=NULL;
if ((ctx = BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
if (ecdh->priv_key == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
goto err;
}
if ((tmp=EC_POINT_new(ecdh->group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
}
else
{
if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
}
if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
goto err;
}
if ((len = BN_bn2bin(x,buf)) <= 0)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
}
if ((SHA1(buf, len, key) == NULL))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED);
goto err;
}
ret = 20;
err:
if (tmp) EC_POINT_free(tmp);
if (ctx) BN_CTX_end(ctx);
if (ctx) BN_CTX_free(ctx);
if (buf) OPENSSL_free(buf);
return(ret);
}

204
crypto/ecdsa/ecdsatest.c
View File

@ -52,6 +52,33 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the Contribution as delivered hereunder
* (or portions thereof), provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the Contribution;
* 2) separates from the Contribution; or
* 3) for infringements caused by:
* i) the modification of the Contribution or
* ii) the combination of the Contribution with other software or
* devices where such combination causes the infringement.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -520,149 +547,63 @@ int main(void)
OPENSSL_free(dgst);
dgst = NULL;
/* NIST PRIME CURVES TESTS */
/* EC_GROUP_NIST_PRIME_192 */
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!RAND_bytes(digest[i], 20)) goto err;
BIO_printf(bio_err, "\nTesting sign & verify with NIST Prime-Curve P-192 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192))
== NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
BIO_printf(bio_err, "\n");
/* Macro for each test */
#define ECDSA_GROUP_TEST(text, curve) \
BIO_printf(bio_err, "Testing sign & verify with %s : \n", text); \
EC_KEY_free(ecdsa); \
if ((ecdsa = EC_KEY_new()) == NULL) goto err; \
if ((ecdsa->group = EC_GROUP_new_by_name(curve)) == NULL) goto err; \
if (!EC_KEY_generate_key(ecdsa)) goto err; \
tim = clock(); \
for (i=0; i<ECDSA_NIST_TESTS; i++) \
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; \
tim = clock() - tim; \
tim_d = (double)tim / CLOCKS_PER_SEC; \
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" \
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \
tim = clock(); \
for (i=0; i<ECDSA_NIST_TESTS; i++) \
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; \
tim = clock() - tim; \
tim_d = (double)tim / CLOCKS_PER_SEC; \
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" \
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \
for (i=0; i<ECDSA_NIST_TESTS; i++) \
{ \
ECDSA_SIG_free(signatures[i]); \
signatures[i] = NULL; \
}
/* EC_GROUP_NIST_PRIME_224 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-224 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* NIST PRIME CURVES TESTS */
ECDSA_GROUP_TEST("NIST Prime-Curve P-192", EC_GROUP_NIST_PRIME_192);
ECDSA_GROUP_TEST("NIST Prime-Curve P-224", EC_GROUP_NIST_PRIME_224);
ECDSA_GROUP_TEST("NIST Prime-Curve P-256", EC_GROUP_NIST_PRIME_256);
ECDSA_GROUP_TEST("NIST Prime-Curve P-384", EC_GROUP_NIST_PRIME_384);
ECDSA_GROUP_TEST("NIST Prime-Curve P-521", EC_GROUP_NIST_PRIME_521);
/* NIST BINARY CURVES TESTS */
ECDSA_GROUP_TEST("NIST Binary-Curve K-163", EC_GROUP_NIST_CHAR2_K163);
ECDSA_GROUP_TEST("NIST Binary-Curve B-163", EC_GROUP_NIST_CHAR2_B163);
ECDSA_GROUP_TEST("NIST Binary-Curve K-233", EC_GROUP_NIST_CHAR2_K233);
ECDSA_GROUP_TEST("NIST Binary-Curve B-233", EC_GROUP_NIST_CHAR2_B233);
ECDSA_GROUP_TEST("NIST Binary-Curve K-283", EC_GROUP_NIST_CHAR2_K283);
ECDSA_GROUP_TEST("NIST Binary-Curve B-283", EC_GROUP_NIST_CHAR2_B283);
ECDSA_GROUP_TEST("NIST Binary-Curve K-409", EC_GROUP_NIST_CHAR2_K409);
ECDSA_GROUP_TEST("NIST Binary-Curve B-409", EC_GROUP_NIST_CHAR2_B409);
ECDSA_GROUP_TEST("NIST Binary-Curve K-571", EC_GROUP_NIST_CHAR2_K571);
ECDSA_GROUP_TEST("NIST Binary-Curve B-571", EC_GROUP_NIST_CHAR2_B571);
#undef ECDSA_GROUP_TEST
/* EC_GROUP_NIST_PRIME_256 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-256 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* EC_GROUP_NIST_PRIME_384 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-384 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* EC_GROUP_NIST_PRIME_521 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-521 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
EC_KEY_free(ecdsa);
ecdsa = NULL;
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
OPENSSL_free(buffer);
buffer = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
ecdsa = NULL;
ret = 1;
err: if (!ret)
@ -675,6 +616,7 @@ err: if (!ret)
if (d) BN_free(d);
if (dgst) OPENSSL_free(dgst);
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
if (pkey) EVP_PKEY_free(pkey);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
ERR_free_strings();

26
crypto/engine/Makefile.ssl
View File

@ -25,13 +25,13 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \
eng_openssl.c eng_dyn.c eng_cnf.c \
hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
eng_table.o eng_pkey.o eng_fat.o eng_all.o \
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \
eng_openssl.o eng_dyn.o eng_cnf.o \
hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o
@ -540,6 +540,28 @@ tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
tb_dsa.o: eng_int.h tb_dsa.c
tb_ecdh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
tb_ecdh.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tb_ecdh.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
tb_ecdh.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
tb_ecdh.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/engine.h
tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
tb_ecdh.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
tb_ecdh.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
tb_ecdh.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
tb_ecdh.o: ../../include/openssl/opensslconf.h
tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_ecdh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
tb_ecdh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
tb_ecdh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
tb_ecdh.o: eng_int.h tb_ecdh.c
tb_ecdsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h

23
crypto/engine/eng_fat.c
View File

@ -52,6 +52,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <openssl/crypto.h>
#include "cryptlib.h"
@ -76,6 +81,14 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
#ifndef OPENSSL_NO_DH
if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDH
if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDSA
if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e))
return 0;
#endif
if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
return 0;
@ -93,6 +106,10 @@ static int int_def_cb(const char *alg, int len, void *arg)
*pflags |= ENGINE_METHOD_RSA;
else if (!strncmp(alg, "DSA", len))
*pflags |= ENGINE_METHOD_DSA;
else if (!strncmp(alg, "ECDH", len))
*pflags |= ENGINE_METHOD_ECDH;
else if (!strncmp(alg, "ECDSA", len))
*pflags |= ENGINE_METHOD_ECDSA;
else if (!strncmp(alg, "DH", len))
*pflags |= ENGINE_METHOD_DH;
else if (!strncmp(alg, "RAND", len))
@ -132,6 +149,12 @@ int ENGINE_register_complete(ENGINE *e)
#endif
#ifndef OPENSSL_NO_DH
ENGINE_register_DH(e);
#endif
#ifndef OPENSSL_NO_ECDH
ENGINE_register_ECDH(e);
#endif
#ifndef OPENSSL_NO_ECDSA
ENGINE_register_ECDSA(e);
#endif
ENGINE_register_RAND(e);
return 1;

6
crypto/engine/eng_int.h
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H
@ -146,6 +151,7 @@ struct engine_st
const RSA_METHOD *rsa_meth;
const DSA_METHOD *dsa_meth;
const DH_METHOD *dh_meth;
const ECDH_METHOD *ecdh_meth;
const ECDSA_METHOD *ecdsa_meth;
const RAND_METHOD *rand_meth;
/* Cipher handling is via this callback */

8
crypto/engine/eng_list.c
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <openssl/crypto.h>
#include "cryptlib.h"
@ -324,6 +329,9 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
#ifndef OPENSSL_NO_DH
dest->dh_meth = src->dh_meth;
#endif
#ifndef OPENSSL_NO_ECDH
dest->ecdh_meth = src->ecdh_meth;
#endif
#ifndef OPENSSL_NO_ECDSA
dest->ecdsa_meth = src->ecdsa_meth;
#endif

11
crypto/engine/eng_openssl.c
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h>
@ -109,6 +114,12 @@ static int bind_helper(ENGINE *e)
#ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
#ifndef OPENSSL_NO_ECDH
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
#endif

22
crypto/engine/engine.h
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_ENGINE_H
#define HEADER_ENGINE_H
@ -70,6 +75,9 @@
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
@ -92,6 +100,9 @@ typedef void DSA_METHOD;
#ifdef OPENSSL_NO_DH
typedef void DH_METHOD;
#endif
#ifdef OPENSSL_NO_ECDH
typedef void ECDH_METHOD;
#endif
#ifdef OPENSSL_NO_ECDSA
typedef void ECDSA_METHOD;
#endif
@ -102,7 +113,8 @@ typedef void ECDSA_METHOD;
#define ENGINE_METHOD_DSA (unsigned int)0x0002
#define ENGINE_METHOD_DH (unsigned int)0x0004
#define ENGINE_METHOD_RAND (unsigned int)0x0008
#define ENGINE_METHOD_ECDSA (unsigned int)0x000F
#define ENGINE_METHOD_ECDH (unsigned int)0x0010
#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
/* Obvious all-or-nothing cases. */
@ -338,6 +350,10 @@ int ENGINE_register_DSA(ENGINE *e);
void ENGINE_unregister_DSA(ENGINE *e);
void ENGINE_register_all_DSA(void);
int ENGINE_register_ECDH(ENGINE *e);
void ENGINE_unregister_ECDH(ENGINE *e);
void ENGINE_register_all_ECDH(void);
int ENGINE_register_ECDSA(ENGINE *e);
void ENGINE_unregister_ECDSA(ENGINE *e);
void ENGINE_register_all_ECDSA(void);
@ -421,6 +437,7 @@ int ENGINE_set_id(ENGINE *e, const char *id);
int ENGINE_set_name(ENGINE *e, const char *name);
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
@ -454,6 +471,7 @@ const char *ENGINE_get_id(const ENGINE *e);
const char *ENGINE_get_name(const ENGINE *e);
const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
@ -507,6 +525,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void);
ENGINE *ENGINE_get_default_ECDH(void);
ENGINE *ENGINE_get_default_ECDSA(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
@ -523,6 +542,7 @@ int ENGINE_set_default_RSA(ENGINE *e);
int ENGINE_set_default_string(ENGINE *e, const char *list);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_ECDH(ENGINE *e);
int ENGINE_set_default_ECDSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);

3
crypto/err/err.h
View File

@ -132,6 +132,7 @@ typedef struct err_state_st
#define ERR_LIB_UI 40
#define ERR_LIB_COMP 41
#define ERR_LIB_ECDSA 42
#define ERR_LIB_ECDH 43
#define ERR_LIB_USER 128
@ -161,6 +162,7 @@ typedef struct err_state_st
#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
@ -214,6 +216,7 @@ typedef struct err_state_st
#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */
#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */
#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */
#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */
#define ERR_R_NESTED_ASN1_ERROR 58
#define ERR_R_BAD_ASN1_OBJECT_HEADER 59

1
crypto/err/openssl.ec
View File

@ -28,6 +28,7 @@ L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L UI crypto/ui/ui.h crypto/ui/ui_err.c
L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c
L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE

9
crypto/x509/x509.h
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_X509_H
#define HEADER_X509_H
@ -89,6 +94,10 @@
#include <openssl/ecdsa.h>
#endif
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif

31
test/Makefile.ssl
View File

@ -34,6 +34,7 @@ LIBSSL= -L.. -lssl
BNTEST= bntest
ECTEST= ectest
ECDSATEST= ecdsatest
ECDHTEST= ecdhtest
EXPTEST= exptest
IDEATEST= ideatest
SHATEST= shatest
@ -61,7 +62,7 @@ EVPTEST= evp_test
TESTS= alltests
EXE= $(BNTEST) $(ECTEST) $(ECDSATEST) $(IDEATEST) \
EXE= $(BNTEST) $(ECTEST) $(ECDSATEST) $(ECDHTEST) $(IDEATEST) \
$(MD2TEST) $(MD4TEST) $(MD5TEST) $(HMACTEST) \
$(RC2TEST) $(RC4TEST) $(RC5TEST) \
$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
@ -71,7 +72,7 @@ EXE= $(BNTEST) $(ECTEST) $(ECDSATEST) $(IDEATEST) \
# $(METHTEST)
OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(IDEATEST).o \
OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
@ -79,7 +80,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(IDEATEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(IDEATEST).c \
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
@ -130,7 +131,7 @@ alltests.chooser: \
test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
test_rand test_bn test_ec test_ecdsa \
test_rand test_bn test_ec test_ecdsa test_ecdh \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_ssl
@ -230,6 +231,10 @@ test_ecdsa:
@echo 'test ecdsa'
./$(ECDSATEST)
test_ecdh:
@echo 'test ecdh'
./$(ECDHTEST)
test_verify:
@echo "The following command should have some OK's and some failures"
@echo "There are definitly a few expired certificates"
@ -372,6 +377,9 @@ $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
$(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO)
$(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
$(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO)
$(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
#$(RDTEST).o: $(RDTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
@ -466,6 +474,21 @@ ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c
ecdhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
ecdhtest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
ecdhtest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ecdhtest.o: ../include/openssl/engine.h ../include/openssl/err.h
ecdhtest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
ecdhtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ecdhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ecdhtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
ecdhtest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
ecdhtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ecdhtest.o: ../include/openssl/ui.h ../include/openssl/x509.h
ecdhtest.o: ../include/openssl/x509_vfy.h ecdhtest.c
enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h

7
util/mkdef.pl
View File

@ -84,7 +84,7 @@ my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
"RIPEMD",
"MDC2", "RSA", "DSA", "DH", "EC", "ECDSA", "HMAC", "AES",
"MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES",
# Envelope "algorithms"
"EVP", "X509", "ASN1_TYPEDEFS",
# Helper "algorithms"
@ -107,7 +107,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
my $no_cast;
my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa;
my $no_ec; my $no_ecdsa; my $no_ecdh;
my $no_fp_api;
foreach (@ARGV, split(/ /, $options))
@ -165,6 +165,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-dh$/) { $no_dh=1; }
elsif (/^no-ec$/) { $no_ec=1; }
elsif (/^no-ecdsa$/) { $no_ecdsa=1; }
elsif (/^no-ecdh$/) { $no_ecdh=1; }
elsif (/^no-hmac$/) { $no_hmac=1; }
elsif (/^no-aes$/) { $no_aes=1; }
elsif (/^no-evp$/) { $no_evp=1; }
@ -235,6 +236,7 @@ $crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
$crypto.=" crypto/engine/engine.h";
@ -1044,6 +1046,7 @@ sub is_valid
if ($keyword eq "DH" && $no_dh) { return 0; }
if ($keyword eq "EC" && $no_ec) { return 0; }
if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
if ($keyword eq "HMAC" && $no_hmac) { return 0; }
if ($keyword eq "AES" && $no_aes) { return 0; }
if ($keyword eq "EVP" && $no_evp) { return 0; }