Add ECDH support.

Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>

24 files changed, 1438 insertions, 143 deletions

diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index 55e970baec..42a01e194a 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -28,7 +28,7 @@ LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh dso engine aes \
+	bn ec rsa dsa ecdsa ecdh dh dso engine aes \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index fb01e38d79..873b5d793c 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -55,6 +55,11 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <stdio.h>
 #include "cryptlib.h"
@@ -333,10 +338,21 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
 			goto err;
 			}
 
-		if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+		if (EC_METHOD_get_field_type(EC_GROUP_method_of(x)) == NID_X9_62_prime_field) 
 			{
-			reason = ERR_R_EC_LIB;
-			goto err;
+			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+				{
+				reason = ERR_R_EC_LIB;
+				goto err;
+				}
+			}
+		else
+			{
+			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+				{
+				reason = ERR_R_EC_LIB;
+				goto err;
+				}
 			}
 
 		if ((point = EC_GROUP_get0_generator(x)) == NULL)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 9a7ed2cf75..b72f7fb015 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -55,6 +55,11 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <stdio.h>
 #include <string.h>
@@ -105,7 +110,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ui",
 	"ecdsa",
 	"ec",
-#if CRYPTO_NUM_LOCKS != 33
+	"ecdh",
+#if CRYPTO_NUM_LOCKS != 34
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 0991cf294c..e4d1526e0e 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -55,6 +55,11 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_CRYPTO_H
 #define HEADER_CRYPTO_H
@@ -128,7 +133,8 @@ extern "C" {
 #define	CRYPTO_LOCK_UI			30
 #define CRYPTO_LOCK_ECDSA               31
 #define CRYPTO_LOCK_EC			32
-#define	CRYPTO_NUM_LOCKS		33
+#define CRYPTO_LOCK_ECDH			33
+#define	CRYPTO_NUM_LOCKS		34
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
@@ -236,6 +242,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 #define CRYPTO_EX_INDEX_X509		10
 #define CRYPTO_EX_INDEX_UI		11
 #define CRYPTO_EX_INDEX_ECDSA		12
+#define CRYPTO_EX_INDEX_ECDH		13
 
 /* Dynamically assigned indexes start from this value (don't use directly, use
  * via CRYPTO_ex_data_new_class). */
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 4a1787f0b7..17083f23a2 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -386,6 +386,7 @@ EC_KEY *EC_KEY_new(void);
 void EC_KEY_free(EC_KEY *);
 EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
 EC_KEY *EC_KEY_dup(const EC_KEY *);
+int EC_KEY_up_ref(EC_KEY *);
 
 /* EC_KEY_generate_key() creates a ec private (public) key */
 int EC_KEY_generate_key(EC_KEY *);
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index bb81cfb3c3..fa38f5231f 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -57,6 +57,7 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#include <string.h>
 
 /* some structures needed for the asn1 encoding */
 typedef struct x9_62_fieldid_st {
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 790d930225..f9f98cfd9d 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -55,9 +55,15 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and 
+ * contributed to the OpenSSL project.
+ */
 
 #include "ec_lcl.h"
 #include <openssl/err.h>
+#include <string.h>
 
 EC_KEY *EC_KEY_new(void)
 	{
@@ -210,6 +216,22 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey)
 	return ret;
 	}
 
+int EC_KEY_up_ref(EC_KEY *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
+#ifdef REF_PRINT
+	REF_PRINT("EC_KEY",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "EC_KEY_up, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
 int EC_KEY_generate_key(EC_KEY *eckey)
 	{	
 	int	ok = 0;
diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl
new file mode 100644
index 0000000000..f8a474631c
--- /dev/null
+++ b/crypto/ecdh/Makefile.ssl
@@ -0,0 +1,121 @@
+#
+# crypto/ecdh/Makefile
+#
+
+DIR=	ecdh
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c
+
+LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdh.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ech_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ech_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ecdh.h
+ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_err.o: ../../include/openssl/symhacks.h ech_err.c
+ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
+ech_key.o: ech_key.c
+ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
+ech_lib.o: ech_lib.c
+ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_ossl.o: ecdh.h ech_ossl.c
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
new file mode 100644
index 0000000000..b5b877b55f
--- /dev/null
+++ b/crypto/ecdh/ecdh.h
@@ -0,0 +1,164 @@
+/* crypto/ecdh/ecdh.h */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ *  1) for code that a licensee deletes from the ECC Code;
+ *  2) separates from the ECC Code; or
+ *  3) for infringements caused by:
+ *       i) the modification of the ECC Code or
+ *      ii) the combination of the ECC Code with other software or
+ *          devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDH_H
+#define HEADER_ECDH_H
+
+#ifdef OPENSSL_NO_ECDH
+#error ECDH is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ecdh_method 
+{
+	const char *name;
+	int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
+#if 0
+	int (*init)(EC_KEY *eckey);
+	int (*finish)(EC_KEY *eckey);
+#endif
+	int flags;
+	char *app_data;
+} ECDH_METHOD;
+
+typedef struct ecdh_data_st {
+	/* EC_KEY_METH_DATA part */
+	int (*init)(EC_KEY *);
+	void (*finish)(EC_KEY *);
+	/* method specific part */
+	ENGINE	*engine;
+	int	flags;
+	const ECDH_METHOD *meth;
+	CRYPTO_EX_DATA ex_data;
+} ECDH_DATA; 
+
+/* ECDH_DATA functions */
+ECDH_DATA *ECDH_DATA_new(void);
+ECDH_DATA *ECDH_DATA_new_method(ENGINE *);
+void ECDH_DATA_free(ECDH_DATA *);
+
+ECDH_DATA *ecdh_check(EC_KEY *);
+
+
+const ECDH_METHOD *ECDH_OpenSSL(void);
+
+void	  ECDH_set_default_method(const ECDH_METHOD *);
+const ECDH_METHOD *ECDH_get_default_method(void);
+int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+
+int	  ECDH_size(const EC_KEY *);
+int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
+
+
+int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
+		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
+void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDH_strings(void);
+
+/* Error codes for the ECDH functions. */
+
+/* Function codes. */
+#define ECDH_F_ECDH_COMPUTE_KEY				 100
+#define ECDH_F_ECDH_DATA_NEW				 101
+
+/* Reason codes. */
+#define ECDH_R_NO_PRIVATE_VALUE				 100
+#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101
+#define ECDH_R_SHA1_DIGEST_FAILED			 102
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000000..65d0d14c35
--- /dev/null
+++ b/crypto/ecdh/ecdhtest.c
@@ -0,0 +1,288 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ *  1) for code that a licensee deletes from the ECC Code;
+ *  2) separates from the ECC Code; or
+ *  3) for infringements caused by:
+ *       i) the modification of the ECC Code or
+ *      ii) the combination of the ECC Code with other software or
+ *          devices where such combination causes the infringement.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_SYS_WINDOWS
+#include "../bio/bss_file.c" 
+#endif
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+    printf("No ECDH support\n");
+    return(0);
+}
+#else
+#include <openssl/ecdh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK	_far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+
+int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
+	{
+	EC_KEY *a=NULL;
+	EC_KEY *b=NULL;
+	BIGNUM *x=NULL, *y=NULL;
+	char buf[12];
+	unsigned char *abuf=NULL,*bbuf=NULL;
+	int i,alen,blen,aout,bout,ret=0;
+
+	if ((a=EC_KEY_new()) == NULL) goto err;
+	if ((a->group=EC_GROUP_new_by_name(nid)) == NULL) goto err;
+
+	if ((b=EC_KEY_new()) == NULL) goto err;
+	b->group = a->group;
+
+	if ((x=BN_new()) == NULL) goto err;
+	if ((y=BN_new()) == NULL) goto err;
+
+	BIO_puts(out,"Testing key generation with ");
+	BIO_puts(out,text);
+	BIO_puts(out,"\n");
+
+	if (!EC_KEY_generate_key(a)) goto err;
+	BIO_puts(out,"  pri 1=");
+	BN_print(out,a->priv_key);
+	BIO_puts(out,"\n  pub 1=");
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x, y, ctx)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x, y, ctx)) goto err;
+		}
+	BN_print(out,x);
+	BIO_puts(out,",");
+	BN_print(out,y);
+	BIO_puts(out,"\n");
+
+	if (!EC_KEY_generate_key(b)) goto err;
+	BIO_puts(out,"  pri 2=");
+	BN_print(out,b->priv_key);
+	BIO_puts(out,"\n  pub 2=");
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x, y, ctx)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x, y, ctx)) goto err;
+		}
+	BN_print(out,x);
+	BIO_puts(out,",");
+	BN_print(out,y);
+	BIO_puts(out,"\n");
+
+	alen=ECDH_size(a);
+	abuf=(unsigned char *)OPENSSL_malloc(alen);
+	aout=ECDH_compute_key(abuf,b->pub_key,a);
+
+	BIO_puts(out,"  key1 =");
+	for (i=0; i<aout; i++)
+		{
+		sprintf(buf,"%02X",abuf[i]);
+		BIO_puts(out,buf);
+		}
+	BIO_puts(out,"\n");
+
+	blen=ECDH_size(b);
+	bbuf=(unsigned char *)OPENSSL_malloc(blen);
+	bout=ECDH_compute_key(bbuf,a->pub_key,b);
+
+	BIO_puts(out,"  key2 =");
+	for (i=0; i<bout; i++)
+		{
+		sprintf(buf,"%02X",bbuf[i]);
+		BIO_puts(out,buf);
+		}
+	BIO_puts(out,"\n");
+	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+		{
+		fprintf(stderr,"Error in ECDH routines\n");
+		ret=0;
+		}
+	else
+		ret=1;
+err:
+	ERR_print_errors_fp(stderr);
+
+	if (abuf != NULL) OPENSSL_free(abuf);
+	if (bbuf != NULL) OPENSSL_free(bbuf);
+	if (x) BN_free(x);
+	if (y) BN_free(y);
+	if (a->group) EC_GROUP_free(a->group);
+	a->group = b->group = NULL;
+	if (b) EC_KEY_free(b);
+	if (a) EC_KEY_free(a);
+	return(ret);
+	}
+
+int main(int argc, char *argv[])
+	{
+	BN_CTX *ctx=NULL;
+	int ret=1;
+	BIO *out;
+
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+	CRYPTO_malloc_init();
+#endif
+
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) exit(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+	/* NIST PRIME CURVES TESTS */
+	if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_192, "NIST Prime-Curve P-192", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_224, "NIST Prime-Curve P-224", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_256, "NIST Prime-Curve P-256", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_384, "NIST Prime-Curve P-384", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_521, "NIST Prime-Curve P-521", ctx, out)) goto err;
+	/* NIST BINARY CURVES TESTS */
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K163, "NIST Binary-Curve K-163", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B163, "NIST Binary-Curve B-163", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K233, "NIST Binary-Curve K-233", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B233, "NIST Binary-Curve B-233", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K283, "NIST Binary-Curve K-283", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B283, "NIST Binary-Curve B-283", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K409, "NIST Binary-Curve K-409", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B409, "NIST Binary-Curve B-409", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K571, "NIST Binary-Curve K-571", ctx, out)) goto err;
+	if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B571, "NIST Binary-Curve B-571", ctx, out)) goto err;
+
+	ret = 0;
+
+err:
+	ERR_print_errors_fp(stderr);
+	if (ctx) BN_CTX_free(ctx);
+	BIO_free(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	exit(ret);
+	return(ret);
+	}
+
+static void MS_CALLBACK cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
+#ifdef LINT
+	p=n;
+#endif
+	}
+#endif
diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c
new file mode 100644
index 0000000000..819b8abf4d
--- /dev/null
+++ b/crypto/ecdh/ech_err.c
@@ -0,0 +1,97 @@
+/* crypto/ecdh/ech_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================