diff options
55 files changed, 511 insertions, 200 deletions
diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index 9d9c89a434..779dfd390e 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -29,6 +29,7 @@ jobs: no-unit-test, enable-weak-ssl-ciphers, enable-zlib, + no-ecx, ] runs-on: ubuntu-latest steps: @@ -449,6 +449,7 @@ my @disablables = ( "ec_nistp_64_gcc_128", "ecdh", "ecdsa", + "ecx", "egd", "engine", "err", @@ -611,7 +612,7 @@ my @disable_cascades = ( "brotli" => [ "brotli-dynamic" ], "zstd" => [ "zstd-dynamic" ], "des" => [ "mdc2" ], - "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ], + "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost", "ecx" ], "dgram" => [ "dtls", "quic", "sctp" ], "sock" => [ "dgram", "tfo" ], "dtls" => [ @dtls ], diff --git a/apps/list.c b/apps/list.c index 2ccd41277a..56b0917d11 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1337,6 +1337,9 @@ static void list_disabled(void) #ifdef OPENSSL_NO_EC BIO_puts(bio_out, "EC\n"); #endif +#ifdef OPENSSL_NO_ECX + BIO_puts(bio_out, "ECX\n"); +#endif #ifdef OPENSSL_NO_EC2M BIO_puts(bio_out, "EC2M\n"); #endif diff --git a/apps/speed.c b/apps/speed.c index 1d8304f105..de4f9994db 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -436,7 +436,13 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { {"ecdsabrp512r1", R_EC_BRP512R1}, {"ecdsabrp512t1", R_EC_BRP512T1} }; -enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; +enum { +#ifndef OPENSSL_NO_ECX + R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM +#else + EC_NUM = ECDSA_NUM +#endif +}; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { {"ecdhp160", R_EC_P160}, @@ -463,13 +469,16 @@ static const OPT_PAIR ecdh_choices[EC_NUM] = { {"ecdhbrp384t1", R_EC_BRP384T1}, {"ecdhbrp512r1", R_EC_BRP512R1}, {"ecdhbrp512t1", R_EC_BRP512T1}, +#ifndef OPENSSL_NO_ECX {"ecdhx25519", R_EC_X25519}, {"ecdhx448", R_EC_X448} +#endif }; static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ +#ifndef OPENSSL_NO_ECX enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM }; static const OPT_PAIR eddsa_choices[EdDSA_NUM] = { {"ed25519", R_EC_Ed25519}, @@ -477,6 +486,7 @@ static const OPT_PAIR eddsa_choices[EdDSA_NUM] = { }; static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 enum { R_EC_CURVESM2, SM2_NUM }; @@ -518,8 +528,10 @@ typedef struct loopargs_st { EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM]; EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM]; EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; +#ifndef OPENSSL_NO_ECX EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM]; +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 EVP_MD_CTX *sm2_ctx[SM2_NUM]; EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM]; @@ -1054,6 +1066,7 @@ static int ECDH_EVP_derive_key_loop(void *args) return count; } +#ifndef OPENSSL_NO_ECX static int EdDSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -1095,6 +1108,7 @@ static int EdDSA_verify_loop(void *args) } return count; } +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 static int SM2_sign_loop(void *args) @@ -1726,15 +1740,19 @@ int speed_main(int argc, char **argv) {"brainpoolP384t1", NID_brainpoolP384t1, 384}, {"brainpoolP512r1", NID_brainpoolP512r1, 512}, {"brainpoolP512t1", NID_brainpoolP512t1, 512}, +#ifndef OPENSSL_NO_ECX /* Other and ECDH only ones */ {"X25519", NID_X25519, 253}, {"X448", NID_X448, 448} +#endif }; +#ifndef OPENSSL_NO_ECX static const EC_CURVE ed_curves[EdDSA_NUM] = { /* EdDSA */ {"Ed25519", NID_ED25519, 253, 64}, {"Ed448", NID_ED448, 456, 114} }; +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 static const EC_CURVE sm2_curves[SM2_NUM] = { /* SM2 */ @@ -1744,7 +1762,9 @@ int speed_main(int argc, char **argv) #endif uint8_t ecdsa_doit[ECDSA_NUM] = { 0 }; uint8_t ecdh_doit[EC_NUM] = { 0 }; +#ifndef OPENSSL_NO_ECX uint8_t eddsa_doit[EdDSA_NUM] = { 0 }; +#endif /* OPENSSL_NO_ECX */ uint8_t kems_doit[MAX_KEM_NUM] = { 0 }; uint8_t sigs_doit[MAX_SIG_NUM] = { 0 }; @@ -1753,6 +1773,7 @@ int speed_main(int argc, char **argv) uint8_t do_sigs = 0; /* checks declared curves against choices list. */ +#ifndef OPENSSL_NO_ECX OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448); OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0); @@ -1761,6 +1782,7 @@ int speed_main(int argc, char **argv) OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); @@ -2106,6 +2128,7 @@ int speed_main(int argc, char **argv) algo_found = 1; } } +#ifndef OPENSSL_NO_ECX if (strcmp(algo, "eddsa") == 0) { memset(eddsa_doit, 1, sizeof(eddsa_doit)); algo_found = 1; @@ -2114,6 +2137,7 @@ int speed_main(int argc, char **argv) eddsa_doit[i] = 2; algo_found = 1; } +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 if (strcmp(algo, "sm2") == 0) { memset(sm2_doit, 1, sizeof(sm2_doit)); @@ -2294,9 +2318,11 @@ int speed_main(int argc, char **argv) memset(ffdh_doit, 1, sizeof(ffdh_doit)); #endif memset(dsa_doit, 1, sizeof(dsa_doit)); +#ifndef OPENSSL_NO_ECX memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); memset(ecdh_doit, 1, sizeof(ecdh_doit)); memset(eddsa_doit, 1, sizeof(eddsa_doit)); +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 memset(sm2_doit, 1, sizeof(sm2_doit)); #endif @@ -3106,6 +3132,7 @@ skip_hmac: } } +#ifndef OPENSSL_NO_ECX for (testnum = 0; testnum < EdDSA_NUM; testnum++) { int st = 1; EVP_PKEY *ed_pkey = NULL; @@ -3218,6 +3245,7 @@ skip_hmac: } } } +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 for (testnum = 0; testnum < SM2_NUM; testnum++) { @@ -4008,6 +4036,7 @@ skip_hmac: 1.0 / ecdh_results[k][0], ecdh_results[k][0]); } +#ifndef OPENSSL_NO_ECX testnum = 1; for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) { if (!eddsa_doit[k]) @@ -4027,6 +4056,7 @@ skip_hmac: 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1], eddsa_results[k][0], eddsa_results[k][1]); } +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 testnum = 1; @@ -4142,10 +4172,12 @@ skip_hmac: } for (k = 0; k < EC_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); +#ifndef OPENSSL_NO_ECX for (k = 0; k < EdDSA_NUM; k++) { EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]); EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]); } +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_SM2 for (k = 0; k < SM2_NUM; k++) { EVP_PKEY_CTX *pctx = NULL; @@ -4402,6 +4434,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); ecdh_results[k][0] += d; } +# ifndef OPENSSL_NO_ECX } else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) { tk = sstrsep(&p, sep); if (strtoint(tk, 0, OSSL_NELEM(eddsa_results), &k)) { @@ -4414,6 +4447,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); eddsa_results[k][1] += d; } +# endif /* OPENSSL_NO_ECX */ # ifndef OPENSSL_NO_SM2 } else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) { tk = sstrsep(&p, sep); diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h index 0b0c7ef686..0e2cdbd50e 100644 --- a/crypto/asn1/standard_methods.h +++ b/crypto/asn1/standard_methods.h @@ -32,11 +32,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_DH &ossl_dhx_asn1_meth, #endif -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX &ossl_ecx25519_asn1_meth, &ossl_ecx448_asn1_meth, -#endif -#ifndef OPENSSL_NO_EC &ossl_ed25519_asn1_meth, &ossl_ed448_asn1_meth, #endif diff --git a/crypto/ec/build.info b/crypto/ec/build.info index e4799ad37a..6fd73e4573 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -3,9 +3,12 @@ IF[{- !$disabled{asm} -}] $ECASM_x86=ecp_nistz256.c ecp_nistz256-x86.S $ECDEF_x86=ECP_NISTZ256_ASM - $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s - $ECDEF_x86_64=ECP_NISTZ256_ASM X25519_ASM - + $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s + $ECDEF_x86_64=ECP_NISTZ256_ASM + IF[{- !$disabled{'ecx'} -}] + $ECASM_x86_64=$ECASM_x86_64 x25519-x86_64.s + $ECDEF_x86_64=$ECDEF_x86_64 X25519_ASM + ENDIF $ECASM_ia64= $ECASM_sparcv9=ecp_nistz256.c ecp_nistz256-sparcv9.S @@ -18,7 +21,10 @@ IF[{- !$disabled{asm} -}] $ECASM_mips32= $ECASM_mips64= - $ECASM_s390x=ecp_s390x_nistp.c ecx_s390x.c + $ECASM_s390x=ecp_s390x_nistp.c + IF[{- !$disabled{'ecx'} -}] + $ECASM_s390x=$ECASM_s390x ecx_s390x.c + ENDIF $ECDEF_s390x=S390X_EC_ASM $ECASM_armv4=ecp_nistz256.c ecp_nistz256-armv4.S @@ -30,13 +36,18 @@ IF[{- !$disabled{asm} -}] $ECASM_parisc20_64= $ECASM_ppc32= - $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s - $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM + $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s + $ECDEF_ppc64=ECP_NISTZ256_ASM IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP521_ASM INCLUDE[ecp_nistp521.o]=.. ENDIF + IF[{- !$disabled{'ecx'} -}] + $ECASM_ppc64=$ECASM_ppc64 x25519-ppc64.s + $ECDEF_ppc64=$ECDEF_ppc64 X25519_ASM + INCLUDE[ecx_s390x.o]=.. + ENDIF $ECASM_c64xplus= @@ -49,22 +60,29 @@ IF[{- !$disabled{asm} -}] ENDIF $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \ + ec_curve.c ec_check.c ec_key.c ec_kmeth.c ec_asn1.c \ ec2_smpl.c \ ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \ - ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ - curve448/f_generic.c curve448/scalar.c \ - curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ - $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \ - curve448/arch_32/f_impl32.c + ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c \ + $ECASM ec_backend.c ecdh_kdf.c + +IF[{- !$disabled{'ecx'} -}] + $COMMON=$COMMON curve25519.c curve448/f_generic.c curve448/scalar.c \ + curve448/arch_64/f_impl64.c ecx_backend.c curve448/arch_32/f_impl32.c \ + curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ + ecx_key.c +ENDIF IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c ENDIF -SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \ +SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c \ ec_err.c eck_prn.c \ ec_deprecated.c ec_print.c +IF[{- !$disabled{'ecx'} -}] + SOURCE[../../libcrypto]=ecx_meth.c +ENDIF SOURCE[../../providers/libfips.a]=$COMMON # Implementations are now spread across several libraries, so the defines @@ -90,9 +108,10 @@ GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl INCLUDE[ecp_nistz256-sparcv9.o]=.. INCLUDE[ecp_s390x_nistp.o]=.. -INCLUDE[ecx_s390x.o]=.. -INCLUDE[ecx_meth.o]=.. -INCLUDE[ecx_key.o]=.. +IF[{- !$disabled{'ecx'} -}] + INCLUDE[ecx_meth.o]=.. + INCLUDE[ecx_key.o]=.. +ENDIF GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl INCLUDE[ecp_nistz256-armv4.o]=.. @@ -102,5 +121,7 @@ GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl +IF[{- !$disabled{'ecx'} -}] GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl +ENDIF diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d0a7fde1e6..b26b606505 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -872,7 +872,7 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) } # endif /* OPENSSL_NO_DSA */ -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { if (EVP_PKEY_get_base_id(pkey) != type) { @@ -901,7 +901,7 @@ IMPLEMENT_ECX_VARIANT(X448) IMPLEMENT_ECX_VARIANT(ED25519) IMPLEMENT_ECX_VARIANT(ED448) -# endif +# endif /* OPENSSL_NO_ECX */ # if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index caf10b2d5c..4b5225e439 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -66,11 +66,9 @@ static pmeth_fn standard_methods[] = { # ifndef OPENSSL_NO_DH ossl_dhx_pkey_method, # endif -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX ossl_ecx25519_pkey_method, ossl_ecx448_pkey_method, -# endif -# ifndef OPENSSL_NO_EC ossl_ed25519_pkey_method, ossl_ed448_pkey_method, # endif diff --git a/crypto/hpke/hpke_util.c b/crypto/hpke/hpke_util.c index 2591ff6c75..b7a40b1591 100644 --- a/crypto/hpke/hpke_util.c +++ b/crypto/hpke/hpke_util.c @@ -66,12 +66,14 @@ static const OSSL_HPKE_KEM_INFO hpke_kem_tab[] = { LN_sha384, SHA384_DIGEST_LENGTH, 97, 97, 48, 0xFF }, { OSSL_HPKE_KEM_ID_P521, "EC", OSSL_HPKE_KEMSTR_P521, LN_sha512, SHA512_DIGEST_LENGTH, 133, 133, 66, 0x01 }, +# ifndef OPENSSL_NO_ECX { OSSL_HPKE_KEM_ID_X25519, OSSL_HPKE_KEMSTR_X25519, NULL, LN_sha256, SHA256_DIGEST_LENGTH, X25519_KEYLEN, X25519_KEYLEN, X25519_KEYLEN, 0x00 }, { OSSL_HPKE_KEM_ID_X448, OSSL_HPKE_KEMSTR_X448, NULL, LN_sha512, SHA512_DIGEST_LENGTH, X448_KEYLEN, X448_KEYLEN, X448_KEYLEN, 0x00 } +# endif #else { OSSL_HPKE_KEM_ID_RESERVED, NULL, NULL, NULL, 0, 0, 0, 0, 0x00 } #endif @@ -122,10 +124,12 @@ static const synonymttab_t kemstrtab[] = { {OSSL_HPKE_KEMSTR_P384, "0x11", "0x11", "17" }}, {OSSL_HPKE_KEM_ID_P521, {OSSL_HPKE_KEMSTR_P521, "0x12", "0x12", "18" }}, +# ifndef OPENSSL_NO_ECX {OSSL_HPKE_KEM_ID_X25519, {OSSL_HPKE_KEMSTR_X25519, "0x20", "0x20", "32" }}, {OSSL_HPKE_KEM_ID_X448, {OSSL_HPKE_KEMSTR_X448, "0x21", "0x21", "33" }} +# endif }; static const synonymttab_t kdfstrtab[] = { {OSSL_HPKE_KDF_ID_HKDF_SHA256, diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 6726cac857..ec7d74af5f 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -835,6 +835,7 @@ int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp) return ret; } +# ifndef OPENSSL_NO_ECX ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, const unsigned char **pp, long length) { @@ -1002,6 +1003,7 @@ int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp) return ret; } +# endif /* OPENSSL_NO_ECX */ #endif void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index e6b61b5a79..5ae38d7c9c 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -15,7 +15,7 @@ # include <openssl/opensslconf.h> -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX # include <openssl/core.h> # include <openssl/e_os2.h> @@ -155,5 +155,5 @@ ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED448(EVP_PKEY *pkey); -# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_ECX */ #endif diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 4e9cf7bb6d..30c5aa2b1d 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -647,7 +647,9 @@ union legacy_pkey_st { # endif # ifndef OPENSSL_NO_EC struct ec_key_st *ec; /* ECC */ +# ifndef OPENSSL_NO_ECX ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +# endif # endif }; diff --git a/include/openssl/hpke.h b/include/openssl/hpke.h index 26149b0ac1..8f615edbdc 100644 --- a/include/openssl/hpke.h +++ b/include/openssl/hpke.h @@ -82,12 +82,21 @@ typedef struct { * Suite constants, use this like: * OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT; */ -# define OSSL_HPKE_SUITE_DEFAULT \ +# ifndef OPENSSL_NO_ECX +# define OSSL_HPKE_SUITE_DEFAULT \ {\ OSSL_HPKE_KEM_ID_X25519, \ OSSL_HPKE_KDF_ID_HKDF_SHA256, \ OSSL_HPKE_AEAD_ID_AES_GCM_128 \ } +# else +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_P256, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +#endif typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX; diff --git a/providers/common/der/build.info b/providers/common/der/build.info index b81413e11b..764bff539e 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -57,7 +57,7 @@ IF[{- !$disabled{ec} -}] ENDIF #----- ECX -IF[{- !$disabled{ec} -}] +IF[{- !$disabled{ecx} -}] $DER_ECX_H=$INCDIR/der_ecx.h $DER_ECX_GEN=der_ecx_gen.c $DER_ECX_AUX=der_ecx_key.c @@ -107,7 +107,9 @@ ENDIF IF[{- !$disabled{ec} -}] $COMMON = $COMMON $DER_EC_GEN $DER_EC_AUX - $COMMON = $COMMON $DER_ECX_GEN $DER_ECX_AUX + IF[{- !$disabled{ecx} -}] + $COMMON = $COMMON $DER_ECX_GEN $DER_ECX_AUX + ENDIF ENDIF IF[{- !$disabled{sm2} -}] diff --git a/providers/decoders.inc b/providers/decoders.inc index edca39ea36..f0bbad807c 100644 --- a/providers/decoders.inc +++ b/providers/decoders.inc @@ -58,6 +58,7 @@ DECODER_w_structure("EC", der, PrivateKeyInfo, ec, yes), DECODER_w_structure("EC", der, SubjectPublicKeyInfo, ec, yes), DECODER_w_structure("EC", der, type_specific_no_pub, ec, yes), DECODER_w_structure("EC", der, EC, ec, yes), +# ifndef OPENSSL_NO_ECX DECODER_w_structure("ED25519", der, PrivateKeyInfo, ed25519, yes), DECODER_w_structure("ED25519", der, SubjectPublicKeyInfo, ed25519, yes), DECODER_w_structure("ED448", der, PrivateKeyInfo, ed448, yes), @@ -66,6 +67,7 @@ DECODER_w_structure("X25519", der, PrivateKeyInfo, x25519, yes), DECODER_w_structure("X25519", der, SubjectPublicKeyInfo, x25519, yes), DECODER_w_structure("X448", der, PrivateKeyInfo, x448, yes), DECODER_w_structure("X448", der, SubjectPublicKeyInfo, x448, yes), +# endif # ifndef OPENSSL_NO_SM2 DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, no), DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no), diff --git a/providers/defltprov.c b/providers/defltprov.c index 4f8921f80a..8b2ae6bfbf 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -369,8 +369,10 @@ static const OSSL_ALGORITHM deflt_keyexch[] = { |