7 files changed, 1225 insertions, 0 deletions
diff --git a/main/openssl/crypto/ecdh/ecdh.h b/main/openssl/crypto/ecdh/ecdh.h
new file mode 100644
index 00000000..b4b58ee6
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ecdh.h
@@ -0,0 +1,123 @@
+/* crypto/ecdh/ecdh.h */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDH_H
+#define HEADER_ECDH_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_ECDH
+#error ECDH is disabled.
+#endif
+
+#include <openssl/ec.h>
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+const ECDH_METHOD *ECDH_OpenSSL(void);
+
+void	  ECDH_set_default_method(const ECDH_METHOD *);
+const ECDH_METHOD *ECDH_get_default_method(void);
+int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+
+int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
+		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
+void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDH_strings(void);
+
+/* Error codes for the ECDH functions. */
+
+/* Function codes. */
+#define ECDH_F_ECDH_COMPUTE_KEY				 100
+#define ECDH_F_ECDH_DATA_NEW_METHOD			 101
+
+/* Reason codes. */
+#define ECDH_R_KDF_FAILED				 102
+#define ECDH_R_NO_PRIVATE_VALUE				 100
+#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/main/openssl/crypto/ecdh/ecdhtest.c b/main/openssl/crypto/ecdh/ecdhtest.c
new file mode 100644
index 00000000..212a87ef
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ecdhtest.c
@@ -0,0 +1,368 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h>	/* for OPENSSL_NO_ECDH */
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+    printf("No ECDH support\n");
+    return(0);
+}
+#else
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK	_far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+	{
+#ifndef OPENSSL_NO_SHA
+	if (*outlen < SHA_DIGEST_LENGTH)
+		return NULL;
+	else
+		*outlen = SHA_DIGEST_LENGTH;
+	return SHA1(in, inlen, out);
+#else
+	return NULL;
+#endif
+	}
+
+
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+	{
+	EC_KEY *a=NULL;
+	EC_KEY *b=NULL;
+	BIGNUM *x_a=NULL, *y_a=NULL,
+	       *x_b=NULL, *y_b=NULL;
+	char buf[12];
+	unsigned char *abuf=NULL,*bbuf=NULL;
+	int i,alen,blen,aout,bout,ret=0;
+	const EC_GROUP *group;
+
+	a = EC_KEY_new_by_curve_name(nid);
+	b = EC_KEY_new_by_curve_name(nid);
+	if (a == NULL || b == NULL)
+		goto err;
+
+	group = EC_KEY_get0_group(a);
+
+	if ((x_a=BN_new()) == NULL) goto err;
+	if ((y_a=BN_new()) == NULL) goto err;
+	if ((x_b=BN_new()) == NULL) goto err;
+	if ((y_b=BN_new()) == NULL) goto err;
+
+	BIO_puts(out,"Testing key generation with ");
+	BIO_puts(out,text);
+#ifdef NOISY
+	BIO_puts(out,"\n");
+#else
+	(void)BIO_flush(out);
+#endif
+
+	if (!EC_KEY_generate_key(a)) goto err;
+	
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(group,
+			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(group,
+			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+		}
+#ifdef NOISY
+	BIO_puts(out,"  pri 1=");
+	BN_print(out,a->priv_key);
+	BIO_puts(out,"\n  pub 1=");
+	BN_print(out,x_a);
+	BIO_puts(out,",");
+	BN_print(out,y_a);
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out," .");
+	(void)BIO_flush(out);
+#endif
+
+	if (!EC_KEY_generate_key(b)) goto err;
+
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(group, 
+			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, 
+			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+		}
+
+#ifdef NOISY
+	BIO_puts(out,"  pri 2=");
+	BN_print(out,b->priv_key);
+	BIO_puts(out,"\n  pub 2=");
+	BN_print(out,x_b);
+	BIO_puts(out,",");
+	BN_print(out,y_b);
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out,".");
+	(void)BIO_flush(out);
+#endif
+
+	alen=KDF1_SHA1_len;
+	abuf=(unsigned char *)OPENSSL_malloc(alen);
+	aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
+
+#ifdef NOISY
+	BIO_puts(out,"  key1 =");
+	for (i=0; i<aout; i++)
+		{
+		sprintf(buf,"%02X",abuf[i]);
+		BIO_puts(out,buf);
+		}
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out,".");
+	(void)BIO_flush(out);
+#endif
+
+	blen=KDF1_SHA1_len;
+	bbuf=(unsigned char *)OPENSSL_malloc(blen);
+	bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
+
+#ifdef NOISY
+	BIO_puts(out,"  key2 =");
+	for (i=0; i<bout; i++)
+		{
+		sprintf(buf,"%02X",bbuf[i]);
+		BIO_puts(out,buf);
+		}
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out,".");
+	(void)BIO_flush(out);
+#endif
+
+	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+		{
+#ifndef NOISY
+		BIO_printf(out, " failed\n\n");
+		BIO_printf(out, "key a:\n");
+		BIO_printf(out, "private key: ");
+		BN_print(out, EC_KEY_get0_private_key(a));
+		BIO_printf(out, "\n");
+		BIO_printf(out, "public key (x,y): ");
+		BN_print(out, x_a);
+		BIO_printf(out, ",");
+		BN_print(out, y_a);
+		BIO_printf(out, "\nkey b:\n");
+		BIO_printf(out, "private key: ");
+		BN_print(out, EC_KEY_get0_private_key(b));
+		BIO_printf(out, "\n");
+		BIO_printf(out, "public key (x,y): ");
+		BN_print(out, x_b);
+		BIO_printf(out, ",");
+		BN_print(out, y_b);
+		BIO_printf(out, "\n");
+		BIO_printf(out, "generated key a: ");
+		for (i=0; i<bout; i++)
+			{
+			sprintf(buf, "%02X", bbuf[i]);
+			BIO_puts(out, buf);
+			}
+		BIO_printf(out, "\n");
+		BIO_printf(out, "generated key b: ");
+		for (i=0; i<aout; i++)
+			{
+			sprintf(buf, "%02X", abuf[i]);
+			BIO_puts(out,buf);
+			}
+		BIO_printf(out, "\n");
+#endif
+		fprintf(stderr,"Error in ECDH routines\n");
+		ret=0;
+		}
+	else
+		{
+#ifndef NOISY
+		BIO_printf(out, " ok\n");
+#endif
+		ret=1;
+		}
+err:
+	ERR_print_errors_fp(stderr);
+
+	if (abuf != NULL) OPENSSL_free(abuf);
+	if (bbuf != NULL) OPENSSL_free(bbuf);
+	if (x_a) BN_free(x_a);
+	if (y_a) BN_free(y_a);
+	if (x_b) BN_free(x_b);
+	if (y_b) BN_free(y_b);
+	if (b) EC_KEY_free(b);
+	if (a) EC_KEY_free(a);
+	return(ret);
+	}
+
+int main(int argc, char *argv[])
+	{
+	BN_CTX *ctx=NULL;
+	int ret=1;
+	BIO *out;
+
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+	CRYPTO_malloc_init();
+#endif
+
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) EXIT(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+	/* NIST PRIME CURVES TESTS */
+	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+	/* NIST BINARY CURVES TESTS */
+	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+
+	ret = 0;
+
+err:
+	ERR_print_errors_fp(stderr);
+	if (ctx) BN_CTX_free(ctx);
+	BIO_free(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_thread_state(NULL);
+	CRYPTO_mem_leaks_fp(stderr);
+	EXIT(ret);
+	return(ret);
+	}
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
+#ifdef LINT
+	p=n;
+#endif
+	}
+#endif
+#endif
diff --git a/main/openssl/crypto/ecdh/ech_err.c b/main/openssl/crypto/ecdh/ech_err.c
new file mode 100644
index 00000000..6f4b0c99
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ech_err.c
@@ -0,0 +1,98 @@
+/* crypto/ecdh/ech_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ecdh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
+
+static ERR_STRING_DATA ECDH_str_functs[]=
+	{
+{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},
+{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_new_method"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ECDH_str_reasons[]=
+	{
+{ERR_REASON(ECDH_R_KDF_FAILED)           ,"KDF failed"},
+{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     ,"no private value"},
+{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_ECDH_strings(void)
+	{
+#ifndef OPENSSL_NO_ERR
+
+	if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)
+		{
+		ERR_load_strings(0,ECDH_str_functs);
+		ERR_load_strings(0,ECDH_str_reasons);
+		}
+#endif
+	}
diff --git a/main/openssl/crypto/ecdh/ech_key.c b/main/openssl/crypto/ecdh/ech_key.c
new file mode 100644
index 00000000..f44da929
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ech_key.c
@@ -0,0 +1,83 @@
+/* crypto/ecdh/ecdh_key.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ech_locl.h"
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+	EC_KEY *eckey,
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+{
+	ECDH_DATA *ecdh = ecdh_check(eckey);
+	if (ecdh == NULL)
+		return 0;
+	return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+}
diff --git a/main/openssl/crypto/ecdh/ech_lib.c b/main/openssl/crypto/ecdh/ech_lib.c
new file mode 100644
index 00000000..4d8ea03d
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ech_lib.c
@@ -0,0 +1,246 @@
+/* crypto/ecdh/ech_lib.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ech_locl.h"
+#include <string.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+
+const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
+
+static const ECDH_METHOD *default_ECDH_method = NULL;
+
+static void *ecdh_data_new(void);
+static void *ecdh_data_dup(void *);
+static void  ecdh_data_free(void *);
+
+void ECDH_set_default_method(const ECDH_METHOD *meth)
+	{
+	default_ECDH_method = meth;
+	}
+
+const ECDH_METHOD *ECDH_get_default_method(void)
+	{
+	if(!default_ECDH_method) 
+		default_ECDH_method = ECDH_OpenSSL();
+	return default_ECDH_method;
+	}
+
+int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
+	{
+	ECDH_DATA *ecdh;
+
+	ecdh = ecdh_check(eckey);
+
+	if (ecdh == NULL)
+		return 0;
+
+#if 0
+        mtmp = ecdh->meth;
+        if (mtmp->finish)
+		mtmp->finish(eckey);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+	if (ecdh->engine)
+		{
+		ENGINE_finish(ecdh->engine);
+		ecdh->engine = NULL;
+		}
+#endif
+        ecdh->meth = meth;
+#if 0
+        if (meth->init) 
+		meth->init(eckey);
+#endif
+        return 1;
+	}
+
+static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
+	{
+	ECDH_DATA *ret;
+
+	ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
+	if (ret == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	ret->init = NULL;
+
+	ret->meth = ECDH_get_default_method();
+	ret->engine = engine;
+#ifndef OPENSSL_NO_ENGINE
+	if (!ret->engine)
+		ret->engine = ENGINE_get_default_ECDH();
+	if (ret->engine)
+		{
+		ret->meth = ENGINE_get_ECDH(ret->engine);
+		if (!ret->meth)
+			{
+			ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
+#endif
+
+	ret->flags = ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+#if 0
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+		{
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+		OPENSSL_free(ret);
+		ret=NULL;
+		}
+#endif	
+	return(ret);
+	}
+
+static void *ecdh_data_new(void)
+	{
+	return (void *)ECDH_DATA_new_method(NULL);
+	}
+
+static void *ecdh_data_dup(void *data)
+{
+	ECDH_DATA *r = (ECDH_DATA *)data;
+
+	/* XXX: dummy operation */
+	if (r == NULL)
+		return NULL;
+
+	return (void *)ecdh_data_new();
+}
+
+void ecdh_data_free(void *data)
+	{
+	ECDH_DATA *r = (ECDH_DATA *)data;
+
+#ifndef OPENSSL_NO_ENGINE
+	if (r->engine)
+		ENGINE_finish(r->engine);
+#endif
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+
+	OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
+
+	OPENSSL_free(r);
+	}
+
+ECDH_DATA *ecdh_check(EC_KEY *key)
+	{
+	ECDH_DATA *ecdh_data;
+ 
+	void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
+					ecdh_data_free, ecdh_data_free);
+	if (data == NULL)
+	{
+		ecdh_data = (ECDH_DATA *)ecdh_data_new();
+		if (ecdh_data == NULL)
+			return NULL;
+		EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+			ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+	}
+	else
+		ecdh_data = (ECDH_DATA *)data;
+	
+
+	return ecdh_data;
+	}
+
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+				new_func, dup_func, free_func);
+	}
+
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
+	{
+	ECDH_DATA *ecdh;
+	ecdh = ecdh_check(d);
+	if (ecdh == NULL)
+		return 0;
+	return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
+	}
+
+void *ECDH_get_ex_data(EC_KEY *d, int idx)
+	{
+	ECDH_DATA *ecdh;
+	ecdh = ecdh_check(d);
+	if (ecdh == NULL)
+		return NULL;
+	return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
+	}
diff --git a/main/openssl/crypto/ecdh/ech_locl.h b/main/openssl/crypto/ecdh/ech_locl.h
new file mode 100644
index 00000000..f658526a
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ech_locl.h
@@ -0,0 +1,94 @@
+/* crypto/ecdh/ech_locl.h */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ECH_LOCL_H
+#define HEADER_ECH_LOCL_H
+
+#include <openssl/ecdh.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct ecdh_method 
+	{
+	const char *name;
+	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+#if 0
+	int (*init)(EC_KEY *eckey);
+	int (*finish)(EC_KEY *eckey);
+#endif
+	int flags;
+	char *app_data;
+	};
+
+typedef struct ecdh_data_st {
+	/* EC_KEY_METH_DATA part */
+	int (*init)(EC_KEY *);
+	/* method specific part */
+	ENGINE	*engine;
+	int	flags;
+	const ECDH_METHOD *meth;
+	CRYPTO_EX_DATA ex_data;
+} ECDH_DATA;
+
+ECDH_DATA *ecdh_check(EC_KEY *);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ECH_LOCL_H */
diff --git a/main/openssl/crypto/ecdh/ech_ossl.c b/main/openssl/crypto/ecdh/ech_ossl.c
new file mode 100644
index 00000000..2a40ff12
--- /dev/null
+++ b/main/openssl/crypto/ecdh/ech_ossl.c
@@ -0,0 +1,213 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <string.h>
+#include <limits.h>
+
+#include "cryptlib.h"
+
+#include "ech_locl.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+	EC_KEY *ecdh, 
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+
+static ECDH_METHOD openssl_ecdh_meth = {
+	"OpenSSL ECDH method",
+	ecdh_compute_key,
+#if 0
+	NULL, /* init     */
+	NULL, /* finish   */
+#endif
+	0,    /* flags    */
+	NULL  /* app_data */
+};
+
+const ECDH_METHOD *ECDH_OpenSSL(void)
+	{
+	return &openssl_ecdh_meth;
+	}
+
+
+/* This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ * Finally an optional KDF is applied.
+ */
+static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+	EC_KEY *ecdh,
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+	{
+	BN_CTX *ctx;
+	EC_POINT *tmp=NULL;
+	BIGNUM *x=NULL, *y=NULL;
+	const BIGNUM *priv_key;
+	const EC_GROUP* group;
+	int ret= -1;
+	size_t buflen, len;
+	unsigned char *buf=NULL;
+
+	if (outlen > INT_MAX)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
+		return -1;
+		}
+
+	if ((ctx = BN_CTX_new()) == NULL) goto err;
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	
+	priv_key = EC_KEY_get0_private_key(ecdh);
+	if (priv_key == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+		goto err;
+		}
+
+	group = EC_KEY_get0_group(ecdh);
+	if ((tmp=EC_POINT_new(group)) == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+		goto err;
+		}
+		
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
+			{
+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+			goto err;
+			}
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
+			{
+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+			goto err;
+			}
+		}
+
+	buflen = (EC_GROUP_get_degree(group) + 7)/8;
+	len = BN_num_bytes(x);
+	if (len > buflen)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	if ((buf = OPENSSL_malloc(buflen)) == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	memset(buf, 0, buflen - len);
+	if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
+		goto err;
+		}
+
+	if (KDF != 0)
+		{
+		if (KDF(buf, buflen, out, &outlen) == NULL)
+			{
+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
+			goto err;
+			}
+		ret = outlen;
+		}
+	else
+		{
+		/* no KDF, just copy as much as we can */
+		if (outlen > buflen)
+			outlen = buflen;
+		memcpy(out, buf, outlen);
+		ret = outlen;
+		}
+	
+err:
+	if (tmp) EC_POINT_free(tmp);
+	if (ctx) BN_CTX_end(ctx);
+	if (ctx) BN_CTX_free(ctx);
+	if (buf) OPENSSL_free(buf);
+	return(ret);
+	}