ecc api cleanup; summary:
authorNils Larsch <nils@openssl.org>
Mon, 16 May 2005 10:11:04 +0000 (10:11 +0000)
committerNils Larsch <nils@openssl.org>
Mon, 16 May 2005 10:11:04 +0000 (10:11 +0000)
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7

38 files changed:
apps/ec.c
apps/ecparam.c
apps/req.c
apps/s_server.c
apps/speed.c
crypto/asn1/d2i_pr.c
crypto/asn1/d2i_pu.c
crypto/asn1/i2d_pr.c
crypto/asn1/i2d_pu.c
crypto/asn1/t_pkey.c
crypto/asn1/t_req.c
crypto/asn1/t_spki.c
crypto/asn1/t_x509.c
crypto/asn1/x_pubkey.c
crypto/ec/ec.h
crypto/ec/ec_key.c
crypto/ec/ec_lcl.h
crypto/ec/ec_lib.c
crypto/ec/ec_mult.c
crypto/ecdh/ecdh.h
crypto/ecdh/ecdhtest.c
crypto/ecdh/ech_lib.c
crypto/ecdh/ech_locl.h
crypto/ecdh/ech_ossl.c
crypto/ecdsa/ecdsa.h
crypto/ecdsa/ecdsatest.c
crypto/ecdsa/ecs_lib.c
crypto/ecdsa/ecs_locl.h
crypto/ecdsa/ecs_ossl.c
crypto/ecdsa/ecs_sign.c
crypto/evp/evp.h
crypto/evp/evp_pkey.c
crypto/evp/p_lib.c
crypto/pem/pem_info.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssltest.c
util/libeay.num

index 392e6a2..a763daa 100644 (file)
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -3,7 +3,7 @@
  * Written by Nils Larsch for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -89,6 +89,7 @@ int MAIN(int argc, char **argv)
 #endif
        int     ret = 1;
        EC_KEY  *eckey = NULL;
+       const EC_GROUP *group;
        int     i, badops = 0;
        const EVP_CIPHER *enc = NULL;
        BIO     *in = NULL, *out = NULL;
@@ -328,14 +329,13 @@ bad:
                        }
                }
 
+       group = EC_KEY_get0_group(eckey);
+
        if (new_form)
-               {
-               EC_GROUP_set_point_conversion_form(eckey->group, form);
-               eckey->conv_form = form;
-               }
+               EC_KEY_set_conv_form(eckey, form);
 
        if (new_asn1_flag)
-               EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
+               EC_KEY_set_asn1_flag(eckey, asn1_flag);
 
        if (text) 
                if (!EC_KEY_print(out, eckey, 0))
@@ -352,7 +352,7 @@ bad:
        if (outformat == FORMAT_ASN1) 
                {
                if (param_out)
-                       i = i2d_ECPKParameters_bio(out, eckey->group);
+                       i = i2d_ECPKParameters_bio(out, group);
                else if (pubin || pubout) 
                        i = i2d_EC_PUBKEY_bio(out, eckey);
                else 
@@ -361,7 +361,7 @@ bad:
        else if (outformat == FORMAT_PEM) 
                {
                if (param_out)
-                       i = PEM_write_bio_ECPKParameters(out, eckey->group);
+                       i = PEM_write_bio_ECPKParameters(out, group);
                else if (pubin || pubout)
                        i = PEM_write_bio_EC_PUBKEY(out, eckey);
                else 
index b978628..167fd1f 100644 (file)
@@ -3,7 +3,7 @@
  * Written by Nils Larsch for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -647,11 +647,11 @@ bad:
 
                assert(need_rand);
 
-               eckey->group = group;
+               if (EC_KEY_set_group(eckey, group) == 0)
+                       goto end;
                
                if (!EC_KEY_generate_key(eckey))
                        {
-                       eckey->group = NULL;
                        EC_KEY_free(eckey);
                        goto end;
                        }
@@ -664,11 +664,9 @@ bad:
                        {
                        BIO_printf(bio_err, "bad output format specified "
                                "for outfile\n");
-                       eckey->group = NULL;
                        EC_KEY_free(eckey);
                        goto end;
                        }
-               eckey->group = NULL;
                EC_KEY_free(eckey);
                }
 
index db70dc2..764ef29 100644 (file)
@@ -344,6 +344,7 @@ int MAIN(int argc, char **argv)
                                {
                                X509 *xtmp=NULL;
                                EVP_PKEY *dtmp;
+                               EC_GROUP *group;
 
                                pkey_type=TYPE_EC;
                                p+=3;
@@ -354,10 +355,10 @@ int MAIN(int argc, char **argv)
                                        }
                                if ((ec_params = EC_KEY_new()) == NULL)
                                        goto end;
-                               if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL)
+                               group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+                               if (group == NULL)
                                        {
-                                       if (ec_params)
-                                               EC_KEY_free(ec_params);
+                                       EC_KEY_free(ec_params);
                                        ERR_clear_error();
                                        (void)BIO_reset(in);
                                        if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
@@ -369,7 +370,7 @@ int MAIN(int argc, char **argv)
                                        if ((dtmp=X509_get_pubkey(xtmp))==NULL)
                                                goto end;
                                        if (dtmp->type == EVP_PKEY_EC)
-                                               ec_params = ECParameters_dup(dtmp->pkey.eckey);
+                                               ec_params = EC_KEY_dup(dtmp->pkey.ec);
                                        EVP_PKEY_free(dtmp);
                                        X509_free(xtmp);
                                        if (ec_params == NULL)
@@ -378,12 +379,16 @@ int MAIN(int argc, char **argv)
                                                goto end;
                                                }
                                        }
+                               else
+                                       {
+                                       if (EC_KEY_set_group(ec_params, group) == 0)
+                                               goto end;
+                                       EC_GROUP_free(group);
+                                       }
 
                                BIO_free(in);
                                in=NULL;
-                               
-                               newkey = EC_GROUP_get_degree(ec_params->group);
-
+                               newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
                                }
                        else
 #endif
index ea19a50..59b6305 100644 (file)
@@ -981,13 +981,6 @@ bad:
                {
                EC_KEY *ecdh=NULL;
 
-               ecdh = EC_KEY_new();
-               if (ecdh == NULL)
-                       {
-                       BIO_printf(bio_err,"Could not create ECDH struct.\n");
-                       goto end;
-                       }
-
                if (named_curve)
                        {
                        int nid = OBJ_sn2nid(named_curve);
@@ -998,9 +991,8 @@ bad:
                                        named_curve);
                                goto end;
                                }
-
-                       ecdh->group = EC_GROUP_new_by_curve_name(nid);
-                       if (ecdh->group == NULL)
+                       ecdh = EC_KEY_new_by_curve_name(nid);
+                       if (ecdh == NULL)
                                {
                                BIO_printf(bio_err, "unable to create curve (%s)\n", 
                                        named_curve);
@@ -1008,15 +1000,15 @@ bad:
                                }
                        }
 
-               if (ecdh->group != NULL)
+               if (ecdh != NULL)
                        {
                        BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
                        }
                else
                        {
                        BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-                       ecdh->group=EC_GROUP_new_by_curve_name(NID_sect163r2);
-                       if (ecdh->group == NULL) 
+                       ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
+                       if (ecdh == NULL) 
                                {
                                BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
                                goto end;
index 2ecbb1e..50a110d 100644 (file)
@@ -2040,7 +2040,7 @@ int MAIN(int argc, char **argv)
                int ret;
 
                if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
-               ecdsa[j] = EC_KEY_new();
+               ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
                if (ecdsa[j] == NULL) 
                        {
                        BIO_printf(bio_err,"ECDSA failure.\n");
@@ -2049,100 +2049,89 @@ int MAIN(int argc, char **argv)
                        } 
                else 
                        {
-                       ecdsa[j]->group = EC_GROUP_new_by_curve_name(test_curves[j]);
-                       /* Could not obtain group information */
-                       if (ecdsa[j]->group == NULL) 
+#if 1
+                       EC_KEY_precompute_mult(ecdsa[j], NULL);
+#endif
+                       /* Perform ECDSA signature test */
+                       EC_KEY_generate_key(ecdsa[j]);
+                       ret = ECDSA_sign(0, buf, 20, ecdsasig, 
+                               &ecdsasiglen, ecdsa[j]);
+                       if (ret == 0) 
                                {
-                               BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
+                               BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
                                ERR_print_errors(bio_err);
                                rsa_count=1;
                                } 
                        else 
                                {
-#if 1
-                               EC_GROUP_precompute_mult(ecdsa[j]->group, NULL);
-#endif
-                               /* Perform ECDSA signature test */
-                               EC_KEY_generate_key(ecdsa[j]);
-                               ret = ECDSA_sign(0, buf, 20, ecdsasig, 
-                                       &ecdsasiglen, ecdsa[j]);
-                               if (ret == 0) 
-                                       {
-                                       BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
-                                       ERR_print_errors(bio_err);
-                                       rsa_count=1;
-                                       } 
-                               else 
+                               pkey_print_message("sign","ecdsa",
+                                       ecdsa_c[j][0], 
+                                       test_curves_bits[j],
+                                       ECDSA_SECONDS);
+
+                               Time_F(START);
+                               for (count=0,run=1; COND(ecdsa_c[j][0]);
+                                       count++) 
                                        {
-                                       pkey_print_message("sign","ecdsa",
-                                               ecdsa_c[j][0], 
-                                               test_curves_bits[j],
-                                               ECDSA_SECONDS);
-
-                                       Time_F(START);
-                                       for (count=0,run=1; COND(ecdsa_c[j][0]);
-                                               count++) 
+                                       ret=ECDSA_sign(0, buf, 20, 
+                                               ecdsasig, &ecdsasiglen,
+                                               ecdsa[j]);
+                                       if (ret == 0) 
                                                {
-                                               ret=ECDSA_sign(0, buf, 20, 
-                                                       ecdsasig, &ecdsasiglen,
-                                                       ecdsa[j]);
-                                               if (ret == 0) 
-                                                       {
-                                                       BIO_printf(bio_err, "ECDSA sign failure\n");
-                                                       ERR_print_errors(bio_err);
-                                                       count=1;
-                                                       break;
-                                                       }
+                                               BIO_printf(bio_err, "ECDSA sign failure\n");
+                                               ERR_print_errors(bio_err);
+                                               count=1;
+                                               break;
                                                }
-                                       d=Time_F(STOP);
-
-                                       BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
-                                               "%ld %d bit ECDSA signs in %.2fs \n", 
-                                               count, test_curves_bits[j], d);
-                                       ecdsa_results[j][0]=d/(double)count;
-                                       rsa_count=count;
                                        }
+                               d=Time_F(STOP);
 
-                               /* Perform ECDSA verification test */
-                               ret=ECDSA_verify(0, buf, 20, ecdsasig, 
-                                       ecdsasiglen, ecdsa[j]);
-                               if (ret != 1) 
-                                       {
-                                       BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
-                                       ERR_print_errors(bio_err);
-                                       ecdsa_doit[j] = 0;
-                                       } 
-                               else 
+                               BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
+                                       "%ld %d bit ECDSA signs in %.2fs \n", 
+                                       count, test_curves_bits[j], d);
+                               ecdsa_results[j][0]=d/(double)count;
+                               rsa_count=count;
+                               }
+
+                       /* Perform ECDSA verification test */
+                       ret=ECDSA_verify(0, buf, 20, ecdsasig, 
+                               ecdsasiglen, ecdsa[j]);
+                       if (ret != 1) 
+                               {
+                               BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
+                               ERR_print_errors(bio_err);
+                               ecdsa_doit[j] = 0;
+                               } 
+                       else 
+                               {
+                               pkey_print_message("verify","ecdsa",
+                               ecdsa_c[j][1],
+                               test_curves_bits[j],
+                               ECDSA_SECONDS);
+                               Time_F(START);
+                               for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
                                        {
-                                       pkey_print_message("verify","ecdsa",
-                                       ecdsa_c[j][1],
-                                       test_curves_bits[j],
-                                       ECDSA_SECONDS);
-                                       Time_F(START);
-                                       for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
+                                       ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+                                       if (ret != 1) 
                                                {
-                                               ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
-                                               if (ret != 1) 
-                                                       {
-                                                       BIO_printf(bio_err, "ECDSA verify failure\n");
-                                                       ERR_print_errors(bio_err);
-                                                       count=1;
-                                                       break;
-                                                       }
+                                               BIO_printf(bio_err, "ECDSA verify failure\n");
+                                               ERR_print_errors(bio_err);
+                                               count=1;
+                                               break;
                                                }
-                                       d=Time_F(STOP);
-                                       BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
-                                                       : "%ld %d bit ECDSA verify in %.2fs\n",
-                                       count, test_curves_bits[j], d);
-                                       ecdsa_results[j][1]=d/(double)count;
                                        }
+                               d=Time_F(STOP);
+                               BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
+                                               : "%ld %d bit ECDSA verify in %.2fs\n",
+                               count, test_curves_bits[j], d);
+                               ecdsa_results[j][1]=d/(double)count;
+                               }
 
-                               if (rsa_count <= 1) 
-                                       {
-                                       /* if longer than 10s, don't do any more */
-                                       for (j++; j<EC_NUM; j++)
-                                       ecdsa_doit[j]=0;
-                                       }
+                       if (rsa_count <= 1) 
+                               {
+                               /* if longer than 10s, don't do any more */
+                               for (j++; j<EC_NUM; j++)
+                               ecdsa_doit[j]=0;
                                }
                        }
                }
@@ -2158,8 +2147,8 @@ int MAIN(int argc, char **argv)
        for (j=0; j<EC_NUM; j++)
                {
                if (!ecdh_doit[j]) continue;
-               ecdh_a[j] = EC_KEY_new();
-               ecdh_b[j] = EC_KEY_new();
+               ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+               ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
                if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
                        {
                        BIO_printf(bio_err,"ECDH failure.\n");
@@ -2168,90 +2157,79 @@ int MAIN(int argc, char **argv)
                        }
                else
                        {
-                       ecdh_a[j]->group = EC_GROUP_new_by_curve_name(test_curves[j]);
-                       if (ecdh_a[j]->group == NULL)
+                       /* generate two ECDH key pairs */
+                       if (!EC_KEY_generate_key(ecdh_a[j]) ||
+                               !EC_KEY_generate_key(ecdh_b[j]))
                                {
-                               BIO_printf(bio_err,"ECDH failure.\n");
+                               BIO_printf(bio_err,"ECDH key generation failure.\n");
                                ERR_print_errors(bio_err);
-                               rsa_count=1;
+                               rsa_count=1;            
                                }
                        else
                                {
-                               ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group);
-
-                               /* generate two ECDH key pairs */
-                               if (!EC_KEY_generate_key(ecdh_a[j]) ||
-                                       !EC_KEY_generate_key(ecdh_b[j]))
+                               /* If field size is not more than 24 octets, then use SHA-1 hash of result;
+                                * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
+                                */
+                               int field_size, outlen;
+                               void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
+                               field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
+                               if (field_size <= 24 * 8)
                                        {
-                                       BIO_printf(bio_err,"ECDH key generation failure.\n");
-                                       ERR_print_errors(bio_err);
-                                       rsa_count=1;            
+                                       outlen = KDF1_SHA1_len;
+                                       kdf = KDF1_SHA1;
                                        }
                                else
                                        {
-                                       /* If field size is not more than 24 octets, then use SHA-1 hash of result;
-                                        * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
-                                        */
-                                       int field_size, outlen;
-                                       void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
-                                       field_size = EC_GROUP_get_degree(ecdh_a[j]->group);
-                                       if (field_size <= 24 * 8)
-                                               {
-                                               outlen = KDF1_SHA1_len;
-                                               kdf = KDF1_SHA1;
-                                               }
-                                       else
-                                               {
-                                               outlen = (field_size+7)/8;
-                                               kdf = NULL;
-                                               }
-                                       secret_size_a = ECDH_compute_key(secret_a, outlen,
-                                               ecdh_b[j]->pub_key,
-                                               ecdh_a[j], kdf);
-                                       secret_size_b = ECDH_compute_key(secret_b, outlen,
-                                               ecdh_a[j]->pub_key,
-                                               ecdh_b[j], kdf);
-                                       if (secret_size_a != secret_size_b) 
-                                               ecdh_checks = 0;
-                                       else
-                                               ecdh_checks = 1;
-
-                                       for (secret_idx = 0; 
-                                           (secret_idx < secret_size_a)
-                                               && (ecdh_checks == 1);
-                                           secret_idx++)
-                                               {
-                                               if (secret_a[secret_idx] != secret_b[secret_idx])
-                                               ecdh_checks = 0;
-                                               }
+                                       outlen = (field_size+7)/8;
+                                       kdf = NULL;
+                                       }
+                               secret_size_a = ECDH_compute_key(secret_a, outlen,
+                                       EC_KEY_get0_public_key(ecdh_b[j]),
+                                       ecdh_a[j], kdf);
+                               secret_size_b = ECDH_compute_key(secret_b, outlen,
+                                       EC_KEY_get0_public_key(ecdh_a[j]),
+                                       ecdh_b[j], kdf);
+                               if (secret_size_a != secret_size_b) 
+                                       ecdh_checks = 0;
+                               else
+                                       ecdh_checks = 1;
 
-                                       if (ecdh_checks == 0)
-                                               {
-                                               BIO_printf(bio_err,"ECDH computations don't match.\n");
-                                               ERR_print_errors(bio_err);
-                                               rsa_count=1;            
-                                               }
+                               for (secret_idx = 0; 
+                                   (secret_idx < secret_size_a)
+                                       && (ecdh_checks == 1);
+                                   secret_idx++)
+                                       {
+                                       if (secret_a[secret_idx] != secret_b[secret_idx])
+                                       ecdh_checks = 0;
+                                       }
 
-                                       pkey_print_message("","ecdh",
-                                       ecdh_c[j][0], 
-                                       test_curves_bits[j],
-                                       ECDH_SECONDS);
-                                       Time_F(START);
-                                       for (count=0,run=1; COND(ecdh_c[j][0]); count++)
-                                               {
-                                               ECDH_compute_key(secret_a, outlen,
-                                               ecdh_b[j]->pub_key,
-                                               ecdh_a[j], kdf);
-                                               }
-                                       d=Time_F(STOP);
-                                       BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
-                                       count, test_curves_bits[j], d);
-                                       ecdh_results[j][0]=d/(double)count;
-                                       rsa_count=count;
+                               if (ecdh_checks == 0)
+                                       {
+                                       BIO_printf(bio_err,"ECDH computations don't match.\n");
+                                       ERR_print_errors(bio_err);
+                                       rsa_count=1;            
                                        }
+
+                               pkey_print_message("","ecdh",
+                               ecdh_c[j][0], 
+                               test_curves_bits[j],
+                               ECDH_SECONDS);
+                               Time_F(START);
+                               for (count=0,run=1; COND(ecdh_c[j][0]); count++)
+                                       {
+                                       ECDH_compute_key(secret_a, outlen,
+                                       EC_KEY_get0_public_key(ecdh_b[j]),
+                                       ecdh_a[j], kdf);
+                                       }
+                               d=Time_F(STOP);
+                               BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
+                               count, test_curves_bits[j], d);
+                               ecdh_results[j][0]=d/(double)count;
+                               rsa_count=count;
                                }
                        }
 
+
                if (rsa_count <= 1)
                        {
                        /* if longer than 10s, don't do any more */
index 5f30585..207ccda 100644 (file)
@@ -113,7 +113,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
-               if ((ret->pkey.eckey = d2i_ECPrivateKey(NULL, 
+               if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
                        (const unsigned char **)pp, length)) == NULL)
                        {
                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
index 8a05810..3694f51 100644 (file)
@@ -113,7 +113,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
-               if (!o2i_ECPublicKey(&(ret->pkey.eckey),
+               if (!o2i_ECPublicKey(&(ret->pkey.ec),
                                     (const unsigned char **)pp, length))
                        {
                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
index bbf2a0d..0be52c5 100644 (file)
@@ -89,7 +89,7 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 #ifndef OPENSSL_NO_EC
        if (a->type == EVP_PKEY_EC)
                {
-               return(i2d_ECPrivateKey(a->pkey.eckey, pp));
+               return(i2d_ECPrivateKey(a->pkey.ec, pp));
                }
 #endif
 
index 44f1864..34286db 100644 (file)
@@ -85,7 +85,7 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 #endif
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
-               return(i2o_ECPublicKey(a->pkey.eckey, pp));
+               return(i2o_ECPublicKey(a->pkey.ec, pp));
 #endif
        default:
                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
index 687a2bd..7dd4ae3 100644 (file)
@@ -79,7 +79,7 @@
 #include <openssl/ec.h>
 #endif
 
-static int print(BIO *fp,const char *str,BIGNUM *num,
+static int print(BIO *fp,const char *str, const BIGNUM *num,
                unsigned char *buf,int off);
 static int print_bin(BIO *fp, const char *str, const unsigned char *num,
                size_t len, int off);
@@ -279,7 +279,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
        size_t  buf_len=0, i;
        int     ret=0, reason=ERR_R_BIO_LIB;
        BN_CTX  *ctx=NULL;
-       EC_POINT *point=NULL;
+       const EC_POINT *point=NULL;
        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
                *order=NULL, *cofactor=NULL;
        const unsigned char *seed;
@@ -481,24 +481,29 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
        int     ret=0, reason=ERR_R_BIO_LIB;
        BIGNUM  *pub_key=NULL, *order=NULL;
        BN_CTX  *ctx=NULL;
+       const EC_GROUP *group;
+       const EC_POINT *public_key;
+       const BIGNUM *priv_key;
  
-       if (!x || !x->group)
+       if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
                {
                reason = ERR_R_PASSED_NULL_PARAMETER;
                goto err;
                }
 
-       if ((pub_key = EC_POINT_point2bn(x->group, x->pub_key,
-               x->conv_form, NULL, ctx)) == NULL)
+       public_key = EC_KEY_get0_public_key(x);
+       if ((pub_key = EC_POINT_point2bn(group, public_key,
+               EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
                {
                reason = ERR_R_EC_LIB;
                goto err;
                }
 
        buf_len = (size_t)BN_num_bytes(pub_key);
-       if (x->priv_key)
+       priv_key = EC_KEY_get0_private_key(x);
+       if (priv_key != NULL)
                {
-               if ((i = (size_t)BN_num_bytes(x->priv_key)) > buf_len)
+               if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
                        buf_len = i;
                }
 
@@ -509,25 +514,25 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
                goto err;
                }
 
-       if (x->priv_key != NULL)
+       if (priv_key != NULL)
                {
                if (!BIO_indent(bp, off, 128))
                        goto err;
                if ((order = BN_new()) == NULL)
                        goto err;
-               if (!EC_GROUP_get_order(x->group, order, NULL))
+               if (!EC_GROUP_get_order(group, order, NULL))
                        goto err;
                if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
                        BN_num_bits(order)) <= 0) goto err;
                }
   
-       if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, 
+       if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
                buffer, off))
                goto err;
        if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
                buffer, off))
                goto err;
-       if (!ECPKParameters_print(bp, x->group, off))
+       if (!ECPKParameters_print(bp, group, off))
                goto err;
        ret=1;
 err:
@@ -545,7 +550,7 @@ err:
        }
 #endif /* OPENSSL_NO_EC */
 
-static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
+static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
             int off)
        {
        int n,i;
@@ -770,8 +775,9 @@ int ECParameters_print(BIO *bp, const EC_KEY *x)
        {
        int     reason=ERR_R_EC_LIB, ret=0;
        BIGNUM  *order=NULL;
+       const EC_GROUP *group;
  
-       if (!x || !x->group)
+       if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
                {
                reason = ERR_R_PASSED_NULL_PARAMETER;;
                goto err;
@@ -783,7 +789,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *x)
                goto err;
                }
 
-       if (!EC_GROUP_get_order(x->group, order, NULL))
+       if (!EC_GROUP_get_order(group, order, NULL))
                {
                reason = ERR_R_EC_LIB;
                goto err;
@@ -792,7 +798,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *x)
        if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
                BN_num_bits(order)) <= 0)
                goto err;
-       if (!ECPKParameters_print(bp, x->group, 4))
+       if (!ECPKParameters_print(bp, group, 4))
                goto err;
        ret=1;
 err:
index 4056cf6..204ca10 100644 (file)
@@ -166,7 +166,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
                if (pkey->type == EVP_PKEY_EC)
                {
                        BIO_printf(bp, "%12sEC Public Key: \n","");
-                       EC_KEY_print(bp, pkey->pkey.eckey, 16);
+                       EC_KEY_print(bp, pkey->pkey.ec, 16);
                }
        else
 #endif
index e84bae6..23ab3b9 100644 (file)
@@ -100,7 +100,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
                if (pkey->type == EVP_PKEY_EC)
                {
                        BIO_printf(out, "  EC Public Key:\n");
-                       EC_KEY_print(out, pkey->pkey.eckey,2);
+                       EC_KEY_print(out, pkey->pkey.ec,2);
                }
                else
 #endif
index 4bf5c89..61f48d1 100644 (file)
@@ -236,7 +236,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                if (pkey->type == EVP_PKEY_EC)
                        {
                        BIO_printf(bp, "%12sEC Public Key:\n","");
-                       EC_KEY_print(bp, pkey->pkey.eckey, 16);
+                       EC_KEY_print(bp, pkey->pkey.ec, 16);
                        }
                else
 #endif
index c371e4c..50faa4a 100644 (file)
@@ -159,9 +159,10 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                {
                int nid=0;
                unsigned char *pp;
-               EC_KEY *eckey;
+               EC_KEY *ec_key;
+               const EC_GROUP *group;
                
-               eckey = pkey->pkey.eckey;
+               ec_key = pkey->pkey.ec;
                ASN1_TYPE_free(a->parameter);
 
                if ((a->parameter = ASN1_TYPE_new()) == NULL)
@@ -170,8 +171,9 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                        goto err;
                        }
 
-               if (EC_GROUP_get_asn1_flag(eckey->group)
-                     && (nid = EC_GROUP_get_curve_name(eckey->group)))
+               group = EC_KEY_get0_group(ec_key);
+               if (EC_GROUP_get_asn1_flag(group)
+                     && (nid = EC_GROUP_get_curve_name(group)))
                        {
                        /* just set the OID */
                        a->parameter->type = V_ASN1_OBJECT;
@@ -179,7 +181,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                        }
                else /* explicit parameters */
                        {
-                       if ((i = i2d_ECParameters(eckey, NULL)) == 0)
+                       if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
                                {
                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
                                goto err;
@@ -190,7 +192,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                                goto err;
                                }       
                        pp = p;
-                       if (!i2d_ECParameters(eckey, &pp))
+                       if (!i2d_ECParameters(ec_key, &pp))
                                {
                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
                                OPENSSL_free(p);
@@ -313,7 +315,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                        /* type == V_ASN1_SEQUENCE => we have explicit parameters
                          * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
                         */
-                       if ((ret->pkey.eckey= EC_KEY_new()) == NULL)
+                       if ((ret->pkey.ec= EC_KEY_new()) == NULL)
                                {
                                X509err(X509_F_X509_PUBKEY_GET, 
                                        ERR_R_MALLOC_FAILURE);
@@ -321,7 +323,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                                }
                        cp = p = a->parameter->value.sequence->data;
                        j = a->parameter->value.sequence->length;
-                       if (!d2i_ECParameters(&ret->pkey.eckey, &cp, (long)j))
+                       if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
                                {
                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
                                goto err;
@@ -332,17 +334,21 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                        /* type == V_ASN1_OBJECT => the parameters are given
                         * by an asn1 OID
                         */
-                       EC_KEY *eckey;
-                       if (ret->pkey.eckey == NULL)
-                               ret->pkey.eckey = EC_KEY_new();
-                       eckey = ret->pkey.eckey;
-                       if (eckey->group)
-                               EC_GROUP_free(eckey->group);
-                       if ((eckey->group = EC_GROUP_new_by_curve_name(
-                             OBJ_obj2nid(a->parameter->value.object))) == NULL)
+                       EC_KEY   *ec_key;
+                       EC_GROUP *group;
+
+                       if (ret->pkey.ec == NULL)
+                               ret->pkey.ec = EC_KEY_new();
+                       ec_key = ret->pkey.ec;
+                       if (ec_key == NULL)
+                               goto err;
+                       group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
+                       if (group == NULL)
+                               goto err;
+                       EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+                       if (EC_KEY_set_group(ec_key, group) == 0)
                                goto err;
-                       EC_GROUP_set_asn1_flag(eckey->group, 
-                                               OPENSSL_EC_NAMED_CURVE);
+                       EC_GROUP_free(group);
                        }
                        /* the case implicitlyCA is currently not implemented */
                ret->save_parameters = 1;
index c706669..a19a075 100644 (file)
@@ -139,7 +139,7 @@ const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
 int EC_METHOD_get_field_type(const EC_METHOD *);
 
 int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
 int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
 int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
 
@@ -292,36 +292,37 @@ int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
 /* the EC_KEY stuff */
 typedef struct ec_key_st EC_KEY;
 
-typedef struct ec_key_meth_data_st {
-       int (*init)(EC_KEY *);
-       void (*finish)(EC_KEY *);
-       } EC_KEY_METH_DATA;
-
-struct ec_key_st {
-       int version;
-
-       EC_GROUP *group;
-
-       EC_POINT *pub_key;
-       BIGNUM   *priv_key;
-
-       unsigned int enc_flag;
-       point_conversion_form_t conv_form;
-
-       int     references;
-
-       EC_KEY_METH_DATA *meth_data;
-       }/* EC_KEY */;
 /* some values for the encoding_flag */
 #define EC_PKEY_NO_PARAMETERS  0x001
 #define EC_PKEY_NO_PUBKEY      0x002
 
 EC_KEY *EC_KEY_new(void);
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
 void EC_KEY_free(EC_KEY *);
 EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
 EC_KEY *EC_KEY_dup(const EC_KEY *);
+
 int EC_KEY_up_ref(EC_KEY *);
 
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);
+int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);
+int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
+int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
+unsigned EC_KEY_get_enc_flags(const EC_KEY *);
+void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
+void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+/* functions to set/get method specific data  */
+void *EC_KEY_get_key_method_data(EC_KEY *, 
+       void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+       void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+/* wrapper functions for the underlying EC_GROUP object */
+void EC_KEY_set_asn1_flag(EC_KEY *, int);
+int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);
+
 /* EC_KEY_generate_key() creates a ec private (public) key */
 int EC_KEY_generate_key(EC_KEY *);
 /* EC_KEY_check_key() */
index 68aba43..66d9c8d 100644 (file)
@@ -3,7 +3,7 @@
  * Written by Nils Larsch for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -84,10 +84,23 @@ EC_KEY *EC_KEY_new(void)
        ret->enc_flag= 0; 
        ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
        ret->references= 1;
-       ret->meth_data = NULL;
+       ret->method_data = NULL;
        return(ret);
        }
 
+EC_KEY *EC_KEY_new_by_curve_name(int nid)
+       {
+       EC_KEY *ret = EC_KEY_new();
+       if (ret == NULL)
+               return NULL;
+       ret->group = EC_GROUP_new_by_curve_name(nid);
+       if (ret->group == NULL)
+               {
+               EC_KEY_free(ret);
+               return NULL;
+               }
+       return ret;
+       }
 
 void EC_KEY_free(EC_KEY *r)
        {
@@ -115,8 +128,7 @@ void EC_KEY_free(EC_KEY *r)
        if (r->priv_key != NULL)
                BN_clear_free(r->priv_key);
 
-       if (r->meth_data && r->meth_data->finish)
-               r->meth_data->finish(r);
+       EC_EX_DATA_free_all_data(&r->method_data);
 
        OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
 
@@ -125,6 +137,8 @@ void EC_KEY_free(EC_KEY *r)
 
 EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
        {
+       EC_EXTRA_DATA *d;
+
        if (dest == NULL || src == NULL)
                {
                ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
@@ -166,6 +180,19 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
                if (!BN_copy(dest->priv_key, src->priv_key))
                        return NULL;
                }
+       /* copy method/extra data */
+       EC_EX_DATA_free_all_data(&dest->method_data);
+
+       for (d = src->method_data; d != NULL; d = d->next)
+               {
+               void *t = d->dup_func(d->data);
+               
+               if (t == NULL)
+                       return 0;
+               if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))
+                       return 0;
+               }
+
        /* copy the rest */
        dest->enc_flag  = src->enc_flag;
        dest->conv_form = src->conv_form;
@@ -375,3 +402,94 @@ err:
                EC_POINT_free(point);
        return(ok);
        }
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
+       {
+       return key->group;
+       }
+
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
+       {
+       if (key->group != NULL)
+               EC_GROUP_free(key->group);
+       key->group = EC_GROUP_dup(group);
+       return (key->group == NULL) ? 0 : 1;
+       }
+
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
+       {
+       return key->priv_key;
+       }
+
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+       {
+       if (key->priv_key)
+               BN_clear_free(key->priv_key);
+       key->priv_key = BN_dup(priv_key);
+       return (key->priv_key == NULL) ? 0 : 1;
+       }
+
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
+       {
+       return key->pub_key;
+       }
+
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
+       {
+       if (key->pub_key != NULL)
+               EC_POINT_free(key->pub_key);
+       key->pub_key = EC_POINT_dup(pub_key, key->group);
+       return (key->pub_key == NULL) ? 0 : 1;
+       }
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
+       {
+       return key->enc_flag;
+       }
+
+void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
+       {
+       key->enc_flag = flags;
+       }
+
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
+       {
+       return key->conv_form;
+       }
+
+void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
+       {
+       key->conv_form = cform;
+       if (key->group != NULL)
+               EC_GROUP_set_point_conversion_form(key->group, cform);
+       }
+
+void *EC_KEY_get_key_method_data(EC_KEY *key,
+       void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
+       {
+       return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+       }
+
+void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+       void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
+       {
+       EC_EXTRA_DATA *ex_data;
+       CRYPTO_w_lock(CRYPTO_LOCK_EC);
+       ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+       if (ex_data == NULL)
+               EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
+       CRYPTO_w_unlock(CRYPTO_LOCK_EC);
+       }
+
+void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
+       {
+       if (key->group != NULL)
+               EC_GROUP_set_asn1_flag(key->group, flag);
+       }
+
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
+       {
+       if (key->group == NULL)
+               return 0;
+       return EC_GROUP_precompute_mult(key->group, ctx);
+       }
index c878081..fdd7aa2 100644 (file)
@@ -229,22 +229,37 @@ struct ec_group_st {
        int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */
 } /* EC_GROUP */;
 
+struct ec_key_st {
+       int version;
 
-/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
+       EC_GROUP *group;
+
+       EC_POINT *pub_key;
+       BIGNUM   *priv_key;
+
+       unsigned int enc_flag;
+       point_conversion_form_t conv_form;
+
+       int     references;
+
+       EC_EXTRA_DATA *method_data;
+} /* EC_KEY */;
+
+/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only
  * (with visibility limited to 'package' level for now).
  * We use the function pointers as index for retrieval; this obviates
  * global ex_data-style index tables.
  */
-int EC_GROUP_set_extra_data(EC_GROUP *, void *data,
+int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void *EC_GROUP_get_extra_data(const EC_GROUP *,
+void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_GROUP_free_extra_data(EC_GROUP*,
+void EC_EX_DATA_free_data(EC_EXTRA_DATA **,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_GROUP_clear_free_extra_data(EC_GROUP*,
+void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_GROUP_free_all_extra_data(EC_GROUP *);
-void EC_GROUP_clear_free_all_extra_data(EC_GROUP *);
+void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
+void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
 
 
 
index ae9ee08..6d3a562 100644 (file)
@@ -127,7 +127,7 @@ void EC_GROUP_free(EC_GROUP *group)
        if (group->meth->group_finish != 0)
                group->meth->group_finish(group);
 
-       EC_GROUP_free_all_extra_data(group);
+       EC_EX_DATA_free_all_data(&group->extra_data);
 
        if (group->generator != NULL)
                EC_POINT_free(group->generator);
@@ -150,7 +150,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
        else if (group->meth != NULL && group->meth->group_finish != 0)
                group->meth->group_finish(group);
 
-       EC_GROUP_clear_free_all_extra_data(group);
+       EC_EX_DATA_clear_free_all_data(&group->extra_data);
 
        if (group->generator != NULL)
                EC_POINT_clear_free(group->generator);
@@ -185,7 +185,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
        if (dest == src)
                return 1;
        
-       EC_GROUP_free_all_extra_data(dest);
+       EC_EX_DATA_free_all_data(&dest->extra_data);
 
        for (d = src->extra_data; d != NULL; d = d->next)
                {
@@ -193,7 +193,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
                
                if (t == NULL)
                        return 0;
-               if (!EC_GROUP_set_extra_data(dest, t, d->dup_func, d->free_func, d->clear_free_func))
+               if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))
                        return 0;
                }
 
@@ -310,7 +310,7 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIG
        }
 
 
-EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
        {
        return group->generator;
        }
@@ -546,15 +546,15 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
 
 
 /* this has 'package' visibility */
-int EC_GROUP_set_extra_data(EC_GROUP *group, void *data,
+int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
        EC_EXTRA_DATA *d;
 
-       if (group == NULL)
+       if (ex_data == NULL)
                return 0;
 
-       for (d = group->extra_data; d != NULL; d = d->next)
+       for (d = *ex_data; d != NULL; d = d->next)
                {
                if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
                        {
@@ -576,22 +576,19 @@ int EC_GROUP_set_extra_data(EC_GROUP *group, void *data,
        d->free_func = free_func;
        d->clear_free_func = clear_free_func;
 
-       d->next = group->extra_data;
-       group->extra_data = d;
+       d->next = *ex_data;
+       *ex_data = d;
 
        return 1;
        }
 
 /* this has 'package' visibility */
-void *EC_GROUP_get_extra_data(const EC_GROUP *group,
+void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
-       EC_EXTRA_DATA *d;
-
-       if (group == NULL)
-               return NULL;
+       const EC_EXTRA_DATA *d;
 
-       for (d = group->extra_data; d != NULL; d = d->next)
+       for (d = ex_data; d != NULL; d = d->next)
                {
                if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
                        return d->data;
@@ -601,15 +598,15 @@ void *EC_GROUP_get_extra_data(const EC_GROUP *group,
        }
 
 /* this has 'package' visibility */
-void EC_GROUP_free_extra_data(EC_GROUP *group,
+void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
        EC_EXTRA_DATA **p;
 
-       if (group == NULL)
+       if (ex_data == NULL)
                return;
 
-       for (p = &group->extra_data; *p != NULL; p = &((*p)->next))
+       for (p = ex_data; *p != NULL; p = &((*p)->next))
                {
                if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
                        {
@@ -625,15 +622,15 @@ void EC_GROUP_free_extra_data(EC_GROUP *group,
        }
 
 /* this has 'package' visibility */
-void EC_GROUP_clear_free_extra_data(EC_GROUP *group,
+void EC_EX_DATA_clear_free_extra_data(EC_EXTRA_DATA **ex_data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
        EC_EXTRA_DATA **p;
 
-       if (group == NULL)
+       if (ex_data == NULL)
                return;
 
-       for (p = &group->extra_data; *p != NULL; p = &((*p)->next))
+       for (p = ex_data; *p != NULL; p = &((*p)->next))
                {
                if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
                        {
@@ -649,14 +646,14 @@ void EC_GROUP_clear_free_extra_data(EC_GROUP *group,
        }
 
 /* this has 'package' visibility */
-void EC_GROUP_free_all_extra_data(EC_GROUP *group)
+void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
        {
        EC_EXTRA_DATA *d;
 
-       if (group == NULL)
+       if (ex_data == NULL)
                return;
 
-       d = group->extra_data;
+       d = *ex_data;
        while (d)
                {
                EC_EXTRA_DATA *next = d->next;
@@ -666,18 +663,18 @@ void EC_GROUP_free_all_extra_data(EC_GROUP *group)
                
                d = next;
                }
-       group->extra_data = NULL;
+       *ex_data = NULL;
        }
 
 /* this has 'package' visibility */
-void EC_GROUP_clear_free_all_extra_data(EC_GROUP *group)
+void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
        {
        EC_EXTRA_DATA *d;
 
-       if (group == NULL)
+       if (ex_data == NULL)
                return;
 
-       d = group->extra_data;
+       d = *ex_data;
        while (d)
                {
                EC_EXTRA_DATA *next = d->next;
@@ -687,7 +684,7 @@ void EC_GROUP_clear_free_all_extra_data(EC_GROUP *group)
                
                d = next;
                }
-       group->extra_data = NULL;
+       *ex_data = NULL;
        }
 
 
index 101f44a..7320e31 100644 (file)
@@ -325,7 +325,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
        {
        BN_CTX *new_ctx = NULL;
-       EC_POINT *generator = NULL;
+       const EC_POINT *generator = NULL;
        EC_POINT *tmp = NULL;
        size_t totalnum;
        size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
@@ -385,7 +385,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                
                /* look if we can use precomputed multiples of generator */
 
-               pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
+               pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
 
                if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0))
                        {
@@ -744,7 +744,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
        int ret = 0;
 
        /* if there is an old EC_PRE_COMP object, throw it away */
-       EC_GROUP_free_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
+       EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
 
        if ((pre_comp = ec_pre_comp_new(group)) == NULL)
                return 0;
@@ -872,7 +872,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
        points = NULL;
        pre_comp->num = num;
 
-       if (!EC_GROUP_set_extra_data(group, pre_comp,
+       if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
                ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))
                goto err;
        pre_comp = NULL;
@@ -902,7 +902,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
 
 int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
        {
-       if (EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)
+       if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)
                return 1;
        else
                return 0;
index 98b8bb2..b4b58ee 100644 (file)
 extern "C" {
 #endif
 
-typedef struct ecdh_data_st ECDH_DATA;
-
-/* ECDH_DATA functions */
-ECDH_DATA *ECDH_DATA_new(void);
-ECDH_DATA *ECDH_DATA_new_method(ENGINE *);
-void ECDH_DATA_free(ECDH_DATA *);
-
 const ECDH_METHOD *ECDH_OpenSSL(void);
 
 void     ECDH_set_default_method(const ECDH_METHOD *);
index f4e0296..c0414b9 100644 (file)
@@ -119,9 +119,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
        }
 
 
-int test_ecdh_curve(int , char *, BN_CTX *, BIO *);
-
-int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
        {
        EC_KEY *a=NULL;
        EC_KEY *b=NULL;
@@ -130,12 +128,14 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
        char buf[12];
        unsigned char *abuf=NULL,*bbuf=NULL;
        int i,alen,blen,aout,bout,ret=0;
+       const EC_GROUP *group;
 
-       if ((a=EC_KEY_new()) == NULL) goto err;
-       if ((a->group=EC_GROUP_new_by_curve_name(nid)) == NULL) goto err;
+       a = EC_KEY_new_by_curve_name(nid);
+       b = EC_KEY_new_by_curve_name(nid);
+       if (a == NULL || b == NULL)
+               goto err;
 
-       if ((b=EC_KEY_new()) == NULL) goto err;
-       b->group = a->group;
+       group = EC_KEY_get0_group(a);
 
        if ((x_a=BN_new()) == NULL) goto err;
        if ((y_a=BN_new()) == NULL) goto err;
@@ -152,13 +152,15 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
 
        if (!EC_KEY_generate_key(a)) goto err;
        
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field) 
+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
                {
-               if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x_a, y_a, ctx)) goto err;
+               if (!EC_POINT_get_affine_coordinates_GFp(group,
+                       EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
                }
        else
                {
-               if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x_a, y_a, ctx)) goto err;
+               if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                       EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
                }
 #ifdef NOISY
        BIO_puts(out,"  pri 1=");
@@ -175,13 +177,15 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
 
        if (!EC_KEY_generate_key(b)) goto err;
 
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field) 
+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
                {
-               if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x_b, y_b, ctx)) goto err;
+               if (!EC_POINT_get_affine_coordinates_GFp(group, 
+                       EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
                }
        else
                {
-               if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x_b, y_b, ctx)) goto err;
+               if (!EC_POINT_get_affine_coordinates_GF2m(group, 
+                       EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
                }
 
 #ifdef NOISY
@@ -199,7 +203,7 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
 
        alen=KDF1_SHA1_len;
        abuf=(unsigned char *)OPENSSL_malloc(alen);
-       aout=ECDH_compute_key(abuf,alen,b->pub_key,a,KDF1_SHA1);
+       aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
 
 #ifdef NOISY
        BIO_puts(out,"  key1 =");
@@ -216,7 +220,7 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
 
        blen=KDF1_SHA1_len;
        bbuf=(unsigned char *)OPENSSL_malloc(blen);
-       bout=ECDH_compute_key(bbuf,blen,a->pub_key,b,KDF1_SHA1);
+       bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
 
 #ifdef NOISY
        BIO_puts(out,"  key2 =");
@@ -237,7 +241,7 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
                BIO_printf(out, " failed\n\n");
                BIO_printf(out, "key a:\n");
                BIO_printf(out, "private key: ");
-               BN_print(out, a->priv_key);
+               BN_print(out, EC_KEY_get0_private_key(a));
                BIO_printf(out, "\n");
                BIO_printf(out, "public key (x,y): ");
                BN_print(out, x_a);
@@ -245,7 +249,7 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
                BN_print(out, y_a);
                BIO_printf(out, "\nkey b:\n");
                BIO_printf(out, "private key: ");
-               BN_print(out, b->priv_key);
+               BN_print(out, EC_KEY_get0_private_key(b));
                BIO_printf(out, "\n");
                BIO_printf(out, "public key (x,y): ");
                BN_print(out, x_b);
@@ -286,8 +290,6 @@ err:
        if (y_a) BN_free(y_a);
        if (x_b) BN_free(x_b);
        if (y_b) BN_free(y_b);
-       if (a->group) EC_GROUP_free(a->group);
-       a->group = b->group = NULL;
        if (b) EC_KEY_free(b);
        if (a) EC_KEY_free(a);
        return(ret);
index a6392bc..85fbfc5 100644 (file)
 
 const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
 
-static void ecdh_finish(EC_KEY *);
-
 static const ECDH_METHOD *default_ECDH_method = NULL;
 
+static void *ecdh_data_dup(void *);
+static void  ecdh_data_free(void *);
+
 void ECDH_set_default_method(const ECDH_METHOD *meth)
        {
        default_ECDH_method = meth;
@@ -122,12 +123,7 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
         return 1;
        }
 
-ECDH_DATA *ECDH_DATA_new(void)
-       {
-       return ECDH_DATA_new_method(NULL);
-       }
-
-ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
+static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
        {
        ECDH_DATA *ret;
 
@@ -139,7 +135,6 @@ ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
                }
 
        ret->init = NULL;
-       ret->finish = ecdh_finish;
 
        ret->meth = ECDH_get_default_method();
        ret->engine = engine;
@@ -172,12 +167,26 @@ ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
        return(ret);
        }
 
-void ECDH_DATA_free(ECDH_DATA *r)
+void *ecdh_data_new(void)
        {
-#if 0
-       if (r->meth->finish)
-               r->meth->finish(r);
-#endif
+       return (void *)ECDH_DATA_new_method(NULL);
+       }
+
+static void *ecdh_data_dup(void *data)
+{
+       ECDH_DATA *r = (ECDH_DATA *)data;
+
+       /* XXX: dummy operation */
+       if (r == NULL)
+               return NULL;
+
+       return (void *)ecdh_data_new();
+}
+
+void ecdh_data_free(void *data)
+       {
+       ECDH_DATA *r = (ECDH_DATA *)data;
+
 #ifndef OPENSSL_NO_ENGINE
        if (r->engine)
                ENGINE_finish(r->engine);
@@ -192,25 +201,24 @@ void ECDH_DATA_free(ECDH_DATA *r)
 
 ECDH_DATA *ecdh_check(EC_KEY *key)
        {
-       if (key->meth_data)
-               {
-               if (key->meth_data->finish != ecdh_finish)
-                       {
-                       key->meth_data->finish(key);
-                       key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
-                       }
-               }
-       else
-               key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
-       return (ECDH_DATA *)key->meth_data;
-       }
-
-static void ecdh_finish(EC_KEY *key)
+       ECDH_DATA *ecdh_data;
+       void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
+                                       ecdh_data_free, ecdh_data_free);
+       if (data == NULL)
        {
-       if (key->meth_data && key->meth_data->finish == ecdh_finish)
-               ECDH_DATA_free((ECDH_DATA *)key->meth_data);
+               ecdh_data = (ECDH_DATA *)ecdh_data_new();
+               if (ecdh_data == NULL)
+                       return NULL;
+               EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+                       ecdh_data_dup, ecdh_data_free, ecdh_data_free);
        }
+       else
+               ecdh_data = (ECDH_DATA *)data;
+       
 
+       return ecdh_data;
+       }
 
 int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
index 1a2db43..f658526 100644 (file)
@@ -75,16 +75,15 @@ struct ecdh_method
        char *app_data;
        };
 
-struct ecdh_data_st {
+typedef struct ecdh_data_st {
        /* EC_KEY_METH_DATA part */
        int (*init)(EC_KEY *);
-       void (*finish)(EC_KEY *);
        /* method specific part */
        ENGINE  *engine;
        int     flags;
        const ECDH_METHOD *meth;
        CRYPTO_EX_DATA ex_data;
-};
+} ECDH_DATA;
 
 ECDH_DATA *ecdh_check(EC_KEY *);
 
index dab7e8e..2a40ff1 100644 (file)
@@ -112,6 +112,8 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
        BN_CTX *ctx;
        EC_POINT *tmp=NULL;
        BIGNUM *x=NULL, *y=NULL;
+       const BIGNUM *priv_key;
+       const EC_GROUP* group;
        int ret= -1;
        size_t buflen, len;
        unsigned char *buf=NULL;
@@ -127,27 +129,29 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
        x = BN_CTX_get(ctx);
        y = BN_CTX_get(ctx);
        
-       if (ecdh->priv_key == NULL)
+       priv_key = EC_KEY_get0_private_key(ecdh);
+       if (priv_key == NULL)
                {
                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
                goto err;
                }
 
-       if ((tmp=EC_POINT_new(ecdh->group)) == NULL)
+       group = EC_KEY_get0_group(ecdh);
+       if ((tmp=EC_POINT_new(group)) == NULL)
                {
                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
                goto err;
                }
 
-       if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx)) 
+       if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
                {
                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
                goto err;
                }
                
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field) 
+       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
                {
-               if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx)) 
+               if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
                        {
                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
                        goto err;
@@ -155,14 +159,14 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                }
        else
                {
-               if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx)) 
+               if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
                        {
                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
                        goto err;
                        }
                }
 
-       buflen = (EC_GROUP_get_degree(ecdh->group) + 7)/8;
+       buflen = (EC_GROUP_get_degree(group) + 7)/8;
        len = BN_num_bytes(x);
        if (len > buflen)
                {
index 14bb363..76c5a4a 100644 (file)
@@ -81,9 +81,6 @@ typedef struct ECDSA_SIG_st
        BIGNUM *s;
        } ECDSA_SIG;
 
-/* ecdsa_data_st is defined in ecs_locl.h  */
-typedef struct ecdsa_data_st ECDSA_DATA;
-
 /** ECDSA_SIG *ECDSA_SIG_new(void)
  * allocates and initialize a ECDSA_SIG structure
  * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
@@ -115,25 +112,6 @@ int          i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
  */
 ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
 
-/** ECDSA_DATA_new
- * creates a new ECDSA_DATA object
- * \return pointer to a newly allocated (and initialized) ECDSA_DATA object
- */
-ECDSA_DATA *ECDSA_DATA_new(void);
-
-/** ECDSA_DATA_new_method
- * creates a new ECDSA_DATA object using a specified ENGINE
- * \param eng pointer to a ENGINE structure
- * \return pointer to a newly allocated (and initialized) ECDSA_DATA object
- */
-ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *eng);
-
-/** ECDSA_DATA_free
- * frees ECDSA_DATA structure
- * \param data pointer to a ECDSA_DATA structure
- */
-void ECDSA_DATA_free(ECDSA_DATA *data);
-
 /** ECDSA_do_sign
  * computes the ECDSA signature of the given hash value using
  * the supplied private key and returns the created signature.
@@ -144,6 +122,20 @@ void ECDSA_DATA_free(ECDSA_DATA *data);
  */
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
 
+/** ECDSA_do_sign_ex
+ * computes ECDSA signature of a given hash value using the supplied
+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ * \param dgst pointer to the hash value to sign
+ * \param dgstlen length of the hash value
+ * \param kinv optional pointer to a pre-computed inverse k
+ * \param rp optional pointer to the pre-computed rp value (see 
+ *        ECDSA_sign_setup
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \return pointer to a ECDSA_SIG structure or NULL
+ */
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
+               const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
 /** ECDSA_do_verify
  * verifies that the supplied signature is a valid ECDSA
  * signature of the supplied hash value using the supplied public key.
@@ -186,9 +178,7 @@ int           ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
 int      ECDSA_size(const EC_KEY *eckey);
 
 /** ECDSA_sign_setup
- * precompute parts of the signing operation (the computed values may be
- * passed to ECDSA_DATA->kinv and ECDSA_DATA->r for a later signature
- * computation).
+ * precompute parts of the signing operation. 
  * \param eckey pointer to the EC_KEY object containing a private EC key
  * \param ctx  pointer to a BN_CTX object (may be NULL)
  * \param kinv pointer to a BIGNUM pointer for the inverse of k
@@ -212,6 +202,25 @@ int          ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
 int      ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 
                unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
 
+
+/** ECDSA_sign_ex
+ * computes ECDSA signature of a given hash value using the supplied
+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ * \param type this parameter is ignored
+ * \param dgst pointer to the hash value to sign
+ * \param dgstlen length of the hash value
+ * \param sig buffer to hold the DER encoded signature
+ * \param siglen pointer to the length of the returned signature
+ * \param kinv optional pointer to a pre-computed inverse k
+ * \param rp optional pointer to the pre-computed rp value (see 
+ *        ECDSA_sign_setup
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \return 1 on success and 0 otherwise
+ */
+int      ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 
+               unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+               const BIGNUM *rp, EC_KEY *eckey);
+
 /** ECDSA_verify
  * verifies that the given signature is valid ECDSA signature
  * of the supplied hash value using the specified public key.
index 5315d90..70f2cc4 100644 (file)
@@ -3,7 +3,7 @@
  * Written by Nils Larsch for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -201,9 +201,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
 
        BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
        /* create the key */
-       if ((key = EC_KEY_new()) == NULL)
-               goto x962_int_err;
-       if ((key->group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+       if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
                goto x962_int_err;
        if (!EC_KEY_generate_key(key))
                goto x962_int_err;
@@ -291,6 +289,7 @@ int test_builtin(BIO *out)
        EC_builtin_curve *curves = NULL;
        size_t          crv_len = 0, n = 0;
        EC_KEY          *eckey = NULL, *wrong_eckey = NULL;
+       EC_GROUP        *group;
        unsigned char   digest[20], wrong_digest[20];
        unsigned char   *signature = NULL; 
        unsigned int    sig_len;
@@ -337,9 +336,13 @@ int test_builtin(BIO *out)
                /* create new ecdsa key (== EC_KEY) */
                if ((eckey = EC_KEY_new()) == NULL)
                        goto builtin_err;
-               if ((eckey->group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+               group = EC_GROUP_new_by_curve_name(nid);
+               if (group == NULL)
+                       goto builtin_err;
+               if (EC_KEY_set_group(eckey, group) == 0)
                        goto builtin_err;
-               if (EC_GROUP_get_degree(eckey->group) < 160)
+               EC_GROUP_free(group);
+               if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
                        /* drop the curve */ 
                        {
                        EC_KEY_free(eckey);
@@ -356,8 +359,12 @@ int test_builtin(BIO *out)
                /* create second key */
                if ((wrong_eckey = EC_KEY_new()) == NULL)
                        goto builtin_err;
-               if ((wrong_eckey->group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+               group = EC_GROUP_new_by_curve_name(nid);
+               if (group == NULL)
+                       goto builtin_err;
+               if (EC_KEY_set_group(wrong_eckey, group) == 0)
                        goto builtin_err;
+               EC_GROUP_free(group);
                if (!EC_KEY_generate_key(wrong_eckey))
                        {
                        BIO_printf(out, " failed\n");
index 645a708..8a6d4ad 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/ecdsa/ecs_lib.c */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 
 const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT;
 
-static void ecdsa_finish(EC_KEY *);
-
 static const ECDSA_METHOD *default_ECDSA_method = NULL;
 
+static void *ecdsa_data_dup(void *);
+static void  ecdsa_data_free(void *);
+
 void ECDSA_set_default_method(const ECDSA_METHOD *meth)
 {
        default_ECDSA_method = meth;
@@ -90,10 +91,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
                return 0;
 
         mtmp = ecdsa->meth;
-#if 0
-        if (mtmp->finish)
-               mtmp->finish(eckey);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (ecdsa->engine)
        {
@@ -102,19 +99,11 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
        }
 #endif
         ecdsa->meth = meth;
-#if 0
-        if (meth->init) 
-               meth->init(eckey);
-#endif
-        return 1;
-}
 
-ECDSA_DATA *ECDSA_DATA_new(void)
-{
-       return ECDSA_DATA_new_method(NULL);
+        return 1;
 }
 
-ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
+static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
 {
        ECDSA_DATA *ret;
 
@@ -126,10 +115,6 @@ ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
        }
 
        ret->init = NULL;
-       ret->finish = ecdsa_finish;
-
-       ret->kinv = NULL;
-       ret->r    = NULL;
 
        ret->meth = ECDSA_get_default_method();
        ret->engine = engine;
@@ -162,22 +147,30 @@ ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
        return(ret);
 }
 
-void ECDSA_DATA_free(ECDSA_DATA *r)
+void *ecdsa_data_new(void)
 {
-       if (r->kinv)
-               BN_clear_free(r->kinv);
-       if (r->r)
-               BN_clear_free(r->r);
+       return (void *)ECDSA_DATA_new_method(NULL);
+}
+
+static void *ecdsa_data_dup(void *data)
+{
+       ECDSA_DATA *r = (ECDSA_DATA *)data;
+
+       /* XXX: dummy operation */
+       if (r == NULL)
+               return NULL;
+
+       return ecdsa_data_new();
+}
+
+static void ecdsa_data_free(void *data)
+{
+       ECDSA_DATA *r = (ECDSA_DATA *)data;
 
-#if 0
-       if (r->meth->finish)
-               r->meth->finish(r);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (r->engine)
                ENGINE_finish(r->engine);
 #endif
-
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
 
        OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
@@ -187,23 +180,23 @@ void ECDSA_DATA_free(ECDSA_DATA *r)
 
 ECDSA_DATA *ecdsa_check(EC_KEY *key)
 {
-       if (key->meth_data)
+       ECDSA_DATA *ecdsa_data;
+       void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
+                                       ecdsa_data_free, ecdsa_data_free);
+       if (data == NULL)
        {
-               if (key->meth_data->finish != ecdsa_finish)
-               {
-                       key->meth_data->finish(key);
-                       key->meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new();
-               }
+               ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
+               if (ecdsa_data == NULL)
+                       return NULL;
+               EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+                       ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
        }
        else
-               key->meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new();
-       return (ECDSA_DATA *)key->meth_data;
-}
+               ecdsa_data = (ECDSA_DATA *)data;
+       
 
-static void ecdsa_finish(EC_KEY *key)
-{
-       if (key->meth_data && key->meth_data->finish == ecdsa_finish)
-               ECDSA_DATA_free((ECDSA_DATA *)key->meth_data);
+       return ecdsa_data;
 }
 
 int ECDSA_size(const EC_KEY *r)
@@ -212,11 +205,12 @@ int ECDSA_size(const EC_KEY *r)
        ASN1_INTEGER bs;
        BIGNUM  *order=NULL;
        unsigned char buf[4];
+       const EC_GROUP *group = EC_KEY_get0_group(r);
 
-       if (r == NULL || r->group == NULL)
+       if (r == NULL || group == NULL)
                return 0;
        if ((order = BN_new()) == NULL) return 0;
-       if (!EC_GROUP_get_order(r->group,order,NULL))
+       if (!EC_GROUP_get_order(group,order,NULL))
        {
                BN_clear_free(order);
                return 0;
index 343b866..3a69a84 100644 (file)
@@ -69,7 +69,7 @@ struct ecdsa_method
        {
        const char *name;
        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
-                       EC_KEY *eckey);
+                       const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
        int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
                        BIGNUM **r);
        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
@@ -82,18 +82,15 @@ struct ecdsa_method
        char *app_data;
        };
 
-struct ecdsa_data_st {
+typedef struct ecdsa_data_st {
        /* EC_KEY_METH_DATA part */
        int (*init)(EC_KEY *);
-       void (*finish)(EC_KEY *);
        /* method (ECDSA) specific part */
-       BIGNUM  *kinv;  /* signing pre-calc */
-       BIGNUM  *r;     /* signing pre-calc */
        ENGINE  *engine;
        int     flags;
        const ECDSA_METHOD *meth;
        CRYPTO_EX_DATA ex_data;
-};
+} ECDSA_DATA;
 
 /** ecdsa_check
  * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
index ea776db..8be45dd 100644 (file)
@@ -62,7 +62,7 @@
 #include <openssl/bn.h>
 
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
-               EC_KEY *eckey);
+               const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
 static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
                BIGNUM **rp);
 static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 
@@ -92,14 +92,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
        BN_CTX   *ctx = NULL;
        BIGNUM   *k = NULL, *r = NULL, *order = NULL, *X = NULL;
        EC_POINT *tmp_point=NULL;
-       EC_GROUP *group;
+       const EC_GROUP *group;
        int      ret = 0;
-       if (!eckey  || !eckey->group || !eckey->pub_key || !eckey->priv_key)
+
+       if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
        {
                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
                return 0;
        }
-       group = eckey->group;
 
        if (ctx_in == NULL) 
        {
@@ -210,24 +210,27 @@ err:
 
 
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
-               EC_KEY *eckey)
+               const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
 {
        int     ok = 0;
-       BIGNUM *kinv=NULL, *r, *s, *m=NULL,*tmp=NULL,*order=NULL;
+       BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
+       const BIGNUM *ckinv;
        BN_CTX     *ctx = NULL;
-       EC_GROUP   *group;
+       const EC_GROUP   *group;
        ECDSA_SIG  *ret;
        ECDSA_DATA *ecdsa;
+       const BIGNUM *priv_key;
 
-       ecdsa = ecdsa_check(eckey);
-
-       if (!eckey->group || !eckey->pub_key || !eckey->priv_key || !ecdsa)
+       ecdsa    = ecdsa_check(eckey);
+       group    = EC_KEY_get0_group(eckey);
+       priv_key = EC_KEY_get0_private_key(eckey);
+       
+       if (group == NULL || priv_key == NULL || ecdsa == NULL)
        {
                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
                return NULL;
        }
 
-       group = eckey->group;
        ret = ECDSA_SIG_new();
        if (!ret)
        {
@@ -262,26 +265,26 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
        }
        do
        {
-               if (ecdsa->kinv == NULL || ecdsa->r == NULL)
+               if (in_kinv == NULL || in_r == NULL)
                {
                        if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r))
                        {
                                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
                                goto err;
                        }
-                       r = ret->r;
+                       ckinv = kinv;
                }
                else
                {
-                       BN_free(ret->r);
-                       kinv   = ecdsa->kinv;
-                       r      = ecdsa->r;
-                       ret->r = r;
-                       ecdsa->kinv = NULL;
-                       ecdsa->r    = NULL;
+                       ckinv  = in_kinv;
+                       if (BN_copy(ret->r, in_r) == NULL)
+                       {
+                               ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                               goto err;
+                       }
                }
 
-               if (!BN_mod_mul(tmp, eckey->priv_key, r, order, ctx))
+               if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx))
                {
                        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
                        goto err;
@@ -291,7 +294,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
                        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
                        goto err;
                }
-               if (!BN_mod_mul(s, s, kinv, order, ctx))
+               if (!BN_mod_mul(s, s, ckinv, order, ctx))
                {
                        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
                        goto err;
@@ -326,16 +329,17 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
        BN_CTX   *ctx;
        BIGNUM   *order, *u1, *u2, *m, *X;
        EC_POINT *point = NULL;
-       EC_GROUP *group;
+       const EC_GROUP *group;
+       const EC_POINT *pub_key;
+
        /* check input values */
-       if (!eckey || !eckey->group || !eckey->pub_key || !sig)
+       if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+           (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
        {
                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
                return -1;
        }
 
-       group = eckey->group;
-
        ctx = BN_CTX_new();
        if (!ctx)
        {
@@ -398,7 +402,7 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-       if (!EC_POINT_mul(group, point, u1, eckey->pub_key, u2, ctx))
+       if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))
        {
                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
                goto err;
index ee6aef8..5143923 100644 (file)
 #include <openssl/engine.h>
 #endif
 
-ECDSA_SIG * ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+       return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+}
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
+       const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)
 {
        ECDSA_DATA *ecdsa = ecdsa_check(eckey);
        if (ecdsa == NULL)
                return NULL;
-       return ecdsa->meth->ecdsa_do_sign(dgst, dlen, eckey);
+       return ecdsa->meth->ecdsa_do_sign(dgst, dlen, NULL, NULL, eckey);
 }
 
 int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 
                *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+       return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+}
+
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char 
+       *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, 
+       EC_KEY *eckey)
 {
        ECDSA_SIG *s;
-       s=ECDSA_do_sign(dgst,dlen,eckey);
+       s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
        if (s == NULL)
        {
                *siglen=0;
-               return(0);
+               return 0;
        }
-       *siglen=i2d_ECDSA_SIG(s,&sig);
+       *siglen = i2d_ECDSA_SIG(s, &sig);
        ECDSA_SIG_free(s);
-       return(1);
+       return 1;
 }
 
 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
index 4d38425..e35d472 100644 (file)
@@ -140,7 +140,7 @@ struct evp_pkey_st
                struct dh_st *dh;       /* DH */
 #endif
 #ifndef OPENSSL_NO_EC
-               struct ec_key_st *eckey;/* ECC */
+               struct ec_key_st *ec;   /* ECC */
 #endif
                } pkey;
        int save_parameters;
index 6510ed5..b71555e 100644 (file)
@@ -250,6 +250,7 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
                }
                else
                {
+                       EC_GROUP *group;
                        cp = p = param->value.object->data;
                        plen = param->value.object->length;
 
@@ -262,11 +263,13 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
                                        ERR_R_MALLOC_FAILURE);
                                goto ecerr;
                        }
-                       if ((eckey->group = EC_GROUP_new_by_curve_name(
-                             OBJ_obj2nid(a->parameter->value.object))) == NULL)
+                       group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
+                       if (group == NULL)
                                goto ecerr;
-                       EC_GROUP_set_asn1_flag(eckey->group, 
-                                               OPENSSL_EC_NAMED_CURVE);
+                       EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+                       if (EC_KEY_set_group(eckey, group) == 0)
+                               goto ecerr;
+                       EC_GROUP_free(group);
                }
 
                /* We have parameters now set private key */
@@ -277,28 +280,40 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
                }
 
                /* calculate public key (if necessary) */
-               if (!eckey->pub_key)
+               if (EC_KEY_get0_public_key(eckey) == NULL)
                {
+                       const BIGNUM *priv_key;
+                       const EC_GROUP *group;
+                       EC_POINT *pub_key;
                        /* the public key was not included in the SEC1 private
                         * key => calculate the public key */
-                       eckey->pub_key = EC_POINT_new(eckey->group);
-                       if (!eckey->pub_key)
+                       group   = EC_KEY_get0_group(eckey);
+                       pub_key = EC_POINT_new(group);
+                       if (pub_key == NULL)
+                       {
+                               EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+                               goto ecerr;
+                       }
+                       if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
                        {
+                               EC_POINT_free(pub_key);
                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
                                goto ecerr;
                        }
-                       if (!EC_POINT_copy(eckey->pub_key, 
-                               EC_GROUP_get0_generator(eckey->group)))
+                       priv_key = EC_KEY_get0_private_key(eckey);
+                       if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
                        {
+                               EC_POINT_free(pub_key);
                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
                                goto ecerr;
                        }
-                       if (!EC_POINT_mul(eckey->group, eckey->pub_key, 
-                               eckey->priv_key, NULL, NULL, ctx))
+                       if (EC_KEY_set_public_key(eckey, pub_key) == 0)
                        {
+                               EC_POINT_free(pub_key);
                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
                                goto ecerr;
                        }
+                       EC_POINT_free(pub_key);
                }
 
                EVP_PKEY_assign_EC_KEY(pkey, eckey);
@@ -583,17 +598,18 @@ err:
 #ifndef OPENSSL_NO_EC
 static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 {
-       EC_KEY          *eckey;
+       EC_KEY          *ec_key;
+       const EC_GROUP  *group;
        unsigned char   *p, *pp;
        int             nid, i, ret = 0;
-       unsigned int    tmp_flags;
+       unsigned int    tmp_flags, old_flags;
 
-       if (pkey->pkey.eckey == NULL || pkey->pkey.eckey->group == NULL)
+       ec_key = pkey->pkey.ec;
+       if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
        {
                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
                return 0;
        }
-       eckey = pkey->pkey.eckey;
 
        /* set the ec parameters OID */
        if (p8->pkeyalg->algorithm)
@@ -615,8 +631,8 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                return 0;
        }
        
-       if (EC_GROUP_get_asn1_flag(eckey->group)
-                     && (nid = EC_GROUP_get_curve_name(eckey->group)))
+       if (EC_GROUP_get_asn1_flag(group)
+                     && (nid = EC_GROUP_get_curve_name(group)))
        {
                /* we have a 'named curve' => just set the OID */
                p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
@@ -624,7 +640,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
        }
        else    /* explicit parameters */
        {
-               if ((i = i2d_ECParameters(eckey, NULL)) == 0)
+               if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
                {
                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
                        return 0;
@@ -635,7 +651,7 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                        return 0;
                }       
                pp = p;
-               if (!i2d_ECParameters(eckey, &pp))
+               if (!i2d_ECParameters(ec_key, &pp))
                {
                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
                        OPENSSL_free(p);
@@ -657,32 +673,33 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 
        /* do not include the parameters in the SEC1 private key
         * see PKCS#11 12.11 */
-       tmp_flags  = pkey->pkey.eckey->enc_flag;
-       pkey->pkey.eckey->enc_flag |= EC_PKEY_NO_PARAMETERS;
-       i = i2d_ECPrivateKey(pkey->pkey.eckey, NULL);
+       old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
+       tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
+       EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
+       i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
        if (!i)
        {
-               pkey->pkey.eckey->enc_flag = tmp_flags;
+               EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
                return 0;
        }
        p = (unsigned char *) OPENSSL_malloc(i);
        if (!p)
        {
-               pkey->pkey.eckey->enc_flag = tmp_flags;
+               EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
                return 0;
        }
        pp = p;
-       if (!i2d_ECPrivateKey(pkey->pkey.eckey, &pp))
+       if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
        {
-               pkey->pkey.eckey->enc_flag = tmp_flags;
+               EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
                OPENSSL_free(p);
                return 0;
        }
        /* restore old encoding flags */
-       pkey->pkey.eckey->enc_flag = tmp_flags;
+       EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
 
        switch(p8->broken) {
 
index 85caa47..04b57e8 100644 (file)
@@ -86,6 +86,7 @@ int EVP_PKEY_bits(EVP_PKEY *pkey)
        else if (pkey->type == EVP_PKEY_EC)
                {
                BIGNUM *order = BN_new();
+               const EC_GROUP *group;
                int ret;
 
                if (!order)
@@ -93,7 +94,8 @@ int EVP_PKEY_bits(EVP_PKEY *pkey)
                        ERR_clear_error();
                        return 0;
                        }
-               if (!EC_GROUP_get_order(pkey->pkey.eckey->group, order, NULL))
+               group = EC_KEY_get0_group(pkey->pkey.ec);
+               if (!EC_GROUP_get_order(group, order, NULL))
                        {
                        ERR_clear_error();
                        return 0;
@@ -122,7 +124,7 @@ int EVP_PKEY_size(EVP_PKEY *pkey)
 #endif
 #ifndef OPENSSL_NO_ECDSA
                if (pkey->type == EVP_PKEY_EC)
-               return(ECDSA_size(pkey->pkey.eckey));
+               return(ECDSA_size(pkey->pkey.ec));
 #endif
 
        return(0);
@@ -187,13 +189,12 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 #ifndef OPENSSL_NO_EC
        if (to->type == EVP_PKEY_EC)
                {
-               if (to->pkey.eckey->group != NULL)
-                       EC_GROUP_free(to->pkey.eckey->group);
-               if ((to->pkey.eckey->group = EC_GROUP_new(
-                       EC_GROUP_method_of(from->pkey.eckey->group))) == NULL) 
+               EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+               if (group == NULL)
                        goto err;
-               if (!EC_GROUP_copy(to->pkey.eckey->group,
-                       from->pkey.eckey->group)) goto err;
+               if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+                       goto err;
+               EC_GROUP_free(group);
                }
 #endif
        return(1);
@@ -216,7 +217,7 @@ int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
 #ifndef OPENSSL_NO_EC
        if (pkey->type == EVP_PKEY_EC)
                {
-               if (pkey->pkey.eckey->group == NULL)
+               if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
                        return(1);
                }
 #endif
@@ -240,7 +241,9 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 #ifndef OPENSSL_NO_EC
        if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
                {
-               if (EC_GROUP_cmp(a->pkey.eckey->group, b->pkey.eckey->group, NULL))
+               const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+                              *group_b = EC_KEY_get0_group(b->pkey.ec);
+               if (EC_GROUP_cmp(group_a, group_b, NULL))
                        return 0;
                else
                        return 1;
@@ -275,8 +278,11 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
                {
-               int  r = EC_POINT_cmp(b->pkey.eckey->group, 
-                       b->pkey.eckey->pub_key,a->pkey.eckey->pub_key,NULL);
+               int  r;
+               const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+               const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+                              *pb = EC_KEY_get0_public_key(b->pkey.ec);
+               r = EC_POINT_cmp(group, pa, pb, NULL);
                if (r != 0)
                        {
                        if (r == 1)
@@ -372,8 +378,9 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
 {
        int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
-       if (ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EC);
-               return ret;
+       if (ret)
+               EC_KEY_up_ref(key);
+       return ret;
 }
 
 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
@@ -383,8 +390,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
                EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
                return NULL;
        }
-       CRYPTO_add(&pkey->pkey.eckey->references, 1, CRYPTO_LOCK_EC);
-       return pkey->pkey.eckey;
+       EC_KEY_up_ref(pkey->pkey.ec);
+       return pkey->pkey.ec;
 }
 #endif
 
@@ -476,7 +483,7 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
 #endif
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
-               EC_KEY_free(x->pkey.eckey);
+               EC_KEY_free(x->pkey.ec);
                break;
 #endif
 #ifndef OPENSSL_NO_DH
index c8980bb..489e71a 100644 (file)
@@ -225,7 +225,7 @@ start:
                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
                                goto err;
                        xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
-                       pp=&(xi->x_pkey->dec_pkey->pkey.eckey);
+                       pp=&(xi->x_pkey->dec_pkey->pkey.ec);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
index d0d1e51..d4f7cec 100644 (file)
@@ -1189,6 +1189,9 @@ int ssl3_get_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_ECDH
        else if (alg & SSL_kECDHE)
                {
+               EC_GROUP *ngroup;
+               const EC_GROUP *group;
+
                if ((ecdh=EC_KEY_new()) == NULL)
                        {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
@@ -1214,14 +1217,23 @@ int ssl3_get_key_exchange(SSL *s)
                        goto f_err;
                        }
 
-               if (!(ecdh->group=EC_GROUP_new_by_curve_name(curve_nid)))
+               ngroup = EC_GROUP_new_by_curve_name(curve_nid);
+               if (ngroup == NULL)
+                       {
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
+                       goto err;
+                       }
+               if (EC_KEY_set_group(ecdh, ngroup) == 0)
                        {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
                        goto err;
                        }
+               EC_GROUP_free(ngroup);
+
+               group = EC_KEY_get0_group(ecdh);
 
                if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-                   (EC_GROUP_get_degree(ecdh->group) > 163))
+                   (EC_GROUP_get_degree(group) > 163))
                        {
                        al=SSL_AD_EXPORT_RESTRICTION;
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
@@ -1231,7 +1243,7 @@ int ssl3_get_key_exchange(SSL *s)
                p+=2;
 
                /* Next, get the encoded ECPoint */
-               if (((srvr_ecpoint = EC_POINT_new(ecdh->group)) == NULL) ||
+               if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
                    ((bn_ctx = BN_CTX_new()) == NULL))
                        {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
@@ -1242,7 +1254,7 @@ int ssl3_get_key_exchange(SSL *s)
                p+=1;
                param_len += (1 + encoded_pt_len);
                if ((param_len > n) ||
-                   (EC_POINT_oct2point(ecdh->group, srvr_ecpoint, 
+                   (EC_POINT_oct2point(group, srvr_ecpoint, 
                        p, encoded_pt_len, bn_ctx) == 0))
                        {
                        al=SSL_AD_DECODE_ERROR;
@@ -1267,10 +1279,11 @@ int ssl3_get_key_exchange(SSL *s)
                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
 #endif
                /* else anonymous ECDH, so no certificate or pkey. */
-               ecdh->pub_key = srvr_ecpoint;
+               EC_KEY_set_public_key(ecdh, srvr_ecpoint);
                s->session->sess_cert->peer_ecdh_tmp=ecdh;
                ecdh=NULL;
                BN_CTX_free(bn_ctx);
+               EC_POINT_free(srvr_ecpoint);
                srvr_ecpoint = NULL;
                }
        else if (alg & SSL_kECDH)
@@ -1623,7 +1636,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *clnt_ecdh = NULL;
-       EC_POINT *srvr_ecpoint = NULL;
+       const EC_POINT *srvr_ecpoint = NULL;
        EVP_PKEY *srvr_pub_pkey = NULL;
        unsigned char *encodedPoint = NULL;
        int encoded_pt_len = 0;
@@ -1890,7 +1903,8 @@ int ssl3_send_client_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_ECDH 
                else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
                        {
-                       EC_GROUP *srvr_group = NULL;
+                       const EC_GROUP *srvr_group = NULL;
+                       EC_KEY *tkey;
                        int ecdh_clnt_cert = 0;
                        int field_size = 0;
 
@@ -1924,10 +1938,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 
                        if (s->session->sess_cert->peer_ecdh_tmp != NULL)
                                {
-                               srvr_group = s->session->sess_cert-> \
-                                   peer_ecdh_tmp->group;
-                               srvr_ecpoint = s->session->sess_cert-> \
-                                   peer_ecdh_tmp->pub_key;
+                               tkey = s->session->sess_cert->peer_ecdh_tmp;
                                }
                        else
                                {
@@ -1936,18 +1947,19 @@ int ssl3_send_client_key_exchange(SSL *s)
                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
                                if ((srvr_pub_pkey == NULL) ||
                                    (srvr_pub_pkey->type != EVP_PKEY_EC) ||
-                                   (srvr_pub_pkey->pkey.eckey == NULL))
+                                   (srvr_pub_pkey->pkey.ec == NULL))
                                        {
                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                            ERR_R_INTERNAL_ERROR);
                                        goto err;
                                        }
 
-                               srvr_group = srvr_pub_pkey->pkey.eckey->group;
-                               srvr_ecpoint = 
-                                   srvr_pub_pkey->pkey.eckey->pub_key;
+                               tkey = srvr_pub_pkey->pkey.ec;
                                }
 
+                       srvr_group   = EC_KEY_get0_group(tkey);
+                       srvr_ecpoint = EC_KEY_get0_public_key(tkey);
+
                        if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -1961,15 +1973,30 @@ int ssl3_send_client_key_exchange(SSL *s)
                                goto err;
                                }
 
-                       clnt_ecdh->group = srvr_group;
+                       if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
+                               goto err;
+                               }
                        if (ecdh_clnt_cert) 
                                { 
                                /* Reuse key info from our certificate
                                 * We only need our private key to perform
                                 * the ECDH computation.
                                 */
-                               clnt_ecdh->priv_key = BN_dup(s->cert->key-> \
-                                   privatekey->pkey.eckey->priv_key);
+                               const BIGNUM *priv_key;
+                               tkey = s->cert->key->privatekey->pkey.ec;
+                               priv_key = EC_KEY_get0_private_key(tkey);
+                               if (priv_key == NULL)
+                                       {
+                                       SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                                       goto err;
+                                       }
+                               if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
+                                       {
+                                       SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
+                                       goto err;
+                                       }
                                }
                        else 
                                {
@@ -1985,7 +2012,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                         * make sure to clear it out afterwards
                         */
 
-                       field_size = EC_GROUP_get_degree(clnt_ecdh->group);
+                       field_size = EC_GROUP_get_degree(srvr_group);
                        if (field_size <= 0)
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 
@@ -2026,8 +2053,8 @@ int ssl3_send_client_key_exchange(SSL *s)
                                 * allocate memory accordingly.
                                 */
                                encoded_pt_len = 
-                                   EC_POINT_point2oct(clnt_ecdh->group, 
-                                       clnt_ecdh->pub_key
+                                   EC_POINT_point2oct(srvr_group, 
+                                       EC_KEY_get0_public_key(clnt_ecdh)
                                        POINT_CONVERSION_UNCOMPRESSED, 
                                        NULL, 0, NULL);
 
@@ -2043,8 +2070,8 @@ int ssl3_send_client_key_exchange(SSL *s)
                                        }
 
                                /* Encode the public key */
-                               n = EC_POINT_point2oct(clnt_ecdh->group, 
-                                   clnt_ecdh->pub_key
+                               n = EC_POINT_point2oct(srvr_group, 
+                                   EC_KEY_get0_public_key(clnt_ecdh)
                                    POINT_CONVERSION_UNCOMPRESSED, 
                                    encodedPoint, encoded_pt_len, bn_ctx);
 
@@ -2061,11 +2088,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        BN_CTX_free(bn_ctx);
                        if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
                        if (clnt_ecdh != NULL) 
-                               {
-                                /* group is shared */
-                                clnt_ecdh->group = NULL; 
                                 EC_KEY_free(clnt_ecdh);
-                               }
                        EVP_PKEY_free(srvr_pub_pkey);
                        }
 #endif /* !OPENSSL_NO_ECDH */
@@ -2094,11 +2117,7 @@ err:
        BN_CTX_free(bn_ctx);
        if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
        if (clnt_ecdh != NULL) 
-               {
-               /* group is shared */
-               clnt_ecdh->group = NULL; 
                EC_KEY_free(clnt_ecdh);
-               }
        EVP_PKEY_free(srvr_pub_pkey);
 #endif
        return(-1);
@@ -2165,7 +2184,7 @@ int ssl3_send_client_verify(SSL *s)
                        if (!ECDSA_sign(pkey->save_type,
                                &(data[MD5_DIGEST_LENGTH]),
                                SHA_DIGEST_LENGTH,&(p[2]),
-                               (unsigned int *)&j,pkey->pkey.eckey))
+                               (unsigned int *)&j,pkey->pkey.ec))
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
                                    ERR_R_ECDSA_LIB);
index a34fc72..4b1931a 100644 (file)
@@ -1261,6 +1261,8 @@ int ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_ECDH
                        if (type & SSL_kECDHE)
                        {
+                       const EC_GROUP *group;
+
                        ecdhp=cert->ecdh_tmp;
                        if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
                                {
@@ -1296,8 +1298,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                        ecdh = ecdhp;
 
                        s->s3->tmp.ecdh=ecdh;
-                       if ((ecdh->pub_key == NULL) ||
-                           (ecdh->priv_key == NULL) ||
+                       if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+                           (EC_KEY_get0_private_key(ecdh) == NULL) ||
                            (s->options & SSL_OP_SINGLE_ECDH_USE))
                                {
                                if(!EC_KEY_generate_key(ecdh))
@@ -1307,16 +1309,16 @@ int ssl3_send_server_key_exchange(SSL *s)
                                    }
                                }
 
-                       if ((ecdh->group == NULL) ||
-                           (ecdh->pub_key == NULL) ||
-                           (ecdh->priv_key == NULL))
+                       if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+                           (EC_KEY_get0_public_key(ecdh)  == NULL) ||
+                           (EC_KEY_get0_private_key(ecdh) == NULL))
                                {
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
 
                        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-                           (EC_GROUP_get_degree(ecdh->group) > 163)) 
+                           (EC_GROUP_get_degree(group) > 163)) 
                                {
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
                                goto err;
@@ -1327,7 +1329,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                         * supported named curves, curve_id is non-zero.
                         */
                        if ((curve_id = 
-                           nid2curve_id(EC_GROUP_get_curve_name(ecdh->group)))
+                           nid2curve_id(EC_GROUP_get_curve_name(group)))
                            == 0)
                                {
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
@@ -1338,8 +1340,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                         * First check the size of encoding and
                         * allocate memory accordingly.
                         */
-                       encodedlen = EC_POINT_point2oct(ecdh->group, 
-                           ecdh->pub_key, 
+                       encodedlen = EC_POINT_point2oct(group, 
+                           EC_KEY_get0_public_key(ecdh),
                            POINT_CONVERSION_UNCOMPRESSED, 
                            NULL, 0, NULL);
 
@@ -1353,8 +1355,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                                }
 
 
-                       encodedlen = EC_POINT_point2oct(ecdh->group, 
-                           ecdh->pub_key
+                       encodedlen = EC_POINT_point2oct(group, 
+                           EC_KEY_get0_public_key(ecdh)
                            POINT_CONVERSION_UNCOMPRESSED, 
                            encodedPoint, encodedlen, bn_ctx);
 
@@ -2040,6 +2042,9 @@ int ssl3_get_client_key_exchange(SSL *s)
                {
                int ret = 1;
                int field_size = 0;
+               const EC_KEY   *tkey;
+               const EC_GROUP *group;
+               const BIGNUM *priv_key;
 
                 /* initialize structures for server's ECDH key pair */
                if ((srvr_ecdh = EC_KEY_new()) == NULL) 
@@ -2053,23 +2058,29 @@ int ssl3_get_client_key_exchange(SSL *s)
                if (l & SSL_kECDH) 
                        { 
                         /* use the certificate */
-                       srvr_ecdh->group = s->cert->key->privatekey-> \
-                           pkey.eckey->group;
-                       srvr_ecdh->priv_key = s->cert->key->privatekey-> \
-                           pkey.eckey->priv_key;
+                       tkey = s->cert->key->privatekey->pkey.ec;
                        }
                else
                        {
                        /* use the ephermeral values we saved when
                         * generating the ServerKeyExchange msg.
                         */
-                       srvr_ecdh->group = s->s3->tmp.ecdh->group;
-                       srvr_ecdh->priv_key = s->s3->tmp.ecdh->priv_key;
+                       tkey = s->s3->tmp.ecdh;
+                       }
+
+               group    = EC_KEY_get0_group(tkey);
+               priv_key = EC_KEY_get0_private_key(tkey);
+
+               if (!EC_KEY_set_group(srvr_ecdh, group) ||
+                   !EC_KEY_set_private_key(srvr_ecdh, priv_key))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                              ERR_R_EC_LIB);
+                       goto err;
                        }
 
                /* Let's get client's public key */
-               if ((clnt_ecpoint = EC_POINT_new(srvr_ecdh->group))
-                   == NULL) 
+               if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                            ERR_R_MALLOC_FAILURE);
@@ -2108,7 +2119,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                                }
 
                        EC_POINT_copy(clnt_ecpoint,
-                           clnt_pub_pkey->pkey.eckey->pub_key);
+                           EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec));
                         ret = 2; /* Skip certificate verify processing */
                         }
                 else
@@ -2126,7 +2137,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                         /* Get encoded point length */
                         i = *p; 
                        p += 1;
-                        if (EC_POINT_oct2point(srvr_ecdh->group, 
+                        if (EC_POINT_oct2point(group, 
                            clnt_ecpoint, p, i, bn_ctx) == 0)
                                {
                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2140,7 +2151,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                         }
 
                /* Compute the shared pre-master secret */
-               field_size = EC_GROUP_get_degree(srvr_ecdh->group);
+               field_size = EC_GROUP_get_degree(group);
                if (field_size <= 0)
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 
@@ -2165,11 +2176,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                EVP_PKEY_free(clnt_pub_pkey);
                EC_POINT_free(clnt_ecpoint);
                if (srvr_ecdh != NULL) 
-                       {
-                       srvr_ecdh->priv_key = NULL;
-                       srvr_ecdh->group = NULL;
                        EC_KEY_free(srvr_ecdh);
-                       }
                BN_CTX_free(bn_ctx);
 
                /* Compute the master secret */
@@ -2198,11 +2205,7 @@ err:
        EVP_PKEY_free(clnt_pub_pkey);
        EC_POINT_free(clnt_ecpoint);
        if (srvr_ecdh != NULL) 
-               {
-               srvr_ecdh->priv_key = NULL;
-               srvr_ecdh->group = NULL;
                EC_KEY_free(srvr_ecdh);
-               }
        BN_CTX_free(bn_ctx);
 #endif
        return(-1);
@@ -2333,7 +2336,7 @@ int ssl3_get_cert_verify(SSL *s)
                {
                j=ECDSA_verify(pkey->save_type,
                        &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-                       SHA_DIGEST_LENGTH,p,i,pkey->pkey.eckey);
+                       SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
                if (j <= 0)
                        {
                        /* bad signature */
index 085456c..f8e86c3 100644 (file)
@@ -720,36 +720,30 @@ bad:
 #ifndef OPENSSL_NO_ECDH
        if (!no_ecdhe)
                {
-               ecdh = EC_KEY_new();
-               if (ecdh != NULL)
-                       {
-                       if (named_curve)
-                               {
-                               int nid = OBJ_sn2nid(named_curve);
-
-                               if (nid == 0)
-                                       {
-                                       BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
-                                       EC_KEY_free(ecdh);
-                                       goto end;
-                                       }
+               int nid;
 
-                               ecdh->group = EC_GROUP_new_by_curve_name(nid);
-                               if (ecdh->group == NULL)
-                                       {
-                                       BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve);
-                                       EC_KEY_free(ecdh);
-                                       goto end;
-                                       }
+               if (named_curve != NULL)
+                       {
+                       nid = OBJ_sn2nid(named_curve);
+                       if (nid == 0)
+                       {
+                               BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+                               goto end;
                                }
-                       
-                       if (ecdh->group == NULL)
-                               ecdh->group=EC_GROUP_new_by_curve_name(NID_sect163r2);
+                       }
+               else
+                       nid = NID_sect163r2;
 
-                       SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
-                       SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
-                       EC_KEY_free(ecdh);
+               ecdh = EC_KEY_new_by_curve_name(nid);
+               if (ecdh == NULL)
+                       {
+                       BIO_printf(bio_err, "unable to create curve\n");
+                       goto end;
                        }
+
+               SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
+               SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
+               EC_KEY_free(ecdh);
                }
 #else
        (void)no_ecdhe;
index b8c2184..4788194 100755 (executable)
@@ -2876,472 +2876,483 @@ EVP_sha256                              3315  EXIST::FUNCTION:SHA,SHA256
 FIPS_selftest_hmac                      3316   NOEXIST::FUNCTION:
 FIPS_corrupt_rng                        3317   NOEXIST::FUNCTION:
 BN_mod_exp_mont_consttime               3318   EXIST::FUNCTION:
-BIO_new_dgram                           3319   EXIST::FUNCTION:
-BN_get0_nist_prime_384                  3320   EXIST::FUNCTION:
-ERR_set_mark                            3321   EXIST::FUNCTION:
-X509_STORE_CTX_set0_crls                3322   EXIST::FUNCTION:
-ENGINE_set_STORE                        3323   EXIST::FUNCTION:ENGINE
-ENGINE_register_ECDSA                   3324   EXIST::FUNCTION:ENGINE
-STORE_method_set_list_start_function    3325   EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_start_fn            3325   EXIST:VMS:FUNCTION:
-BN_BLINDING_invert_ex                   3326   EXIST::FUNCTION:
-NAME_CONSTRAINTS_free                   3327   EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number              3328   EXIST::FUNCTION:
-BN_BLINDING_get_thread_id               3329   EXIST::FUNCTION:
-X509_STORE_CTX_set0_param               3330   EXIST::FUNCTION:
-POLICY_MAPPING_it                       3331   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPING_it                       3331   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_parse_attrs_start                 3332   EXIST::FUNCTION:
-POLICY_CONSTRAINTS_free                 3333   EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_NID               3334   EXIST::FUNCTION:
-BN_nist_mod_192                         3335   EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis            3336   EXIST::FUNCTION:EC
-STORE_set_method                        3337   EXIST::FUNCTION:
-GENERAL_SUBTREE_free                    3338   EXIST::FUNCTION:
-NAME_CONSTRAINTS_it                     3339   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAME_CONSTRAINTS_it                     3339   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ECDH_get_default_method                 3340   EXIST::FUNCTION:ECDH
-PKCS12_add_safe                         3341   EXIST::FUNCTION:
-STORE_method_get_update_store_function  3342   EXIST:!VMS:FUNCTION:
-STORE_meth_get_update_store_fn          3342   EXIST:VMS:FUNCTION:
-ENGINE_register_ECDH                    3343   EXIST::FUNCTION:ENGINE
-SHA512_Update                           3344   EXIST::FUNCTION:SHA,SHA512
-i2d_ECPrivateKey                        3345   EXIST::FUNCTION:EC
-BN_get0_nist_prime_192                  3346   EXIST::FUNCTION:
-STORE_modify_certificate                3347   EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GF2m    3348   EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GF2m         3348   EXIST:VMS:FUNCTION:EC
-BN_GF2m_mod_exp_arr                     3349   EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_number           3350   EXIST::FUNCTION:
-X509_keyid_get0                         3351   EXIST::FUNCTION:
-ENGINE_load_gmp                         3352   EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
-pitem_new                               3353   EXIST::FUNCTION:
-BN_GF2m_mod_mul_arr                     3354   EXIST::FUNCTION:
-STORE_list_public_key_endp              3355   EXIST::FUNCTION:
-o2i_ECPublicKey                         3356   EXIST::FUNCTION:EC
-EC_KEY_copy                             3357   EXIST::FUNCTION:EC
-BIO_dump_fp                             3358   EXIST::FUNCTION:FP_API
-X509_policy_node_get0_parent            3359   EXIST::FUNCTION:
-EC_GROUP_check_discriminant             3360   EXIST::FUNCTION:EC
-i2o_ECPublicKey                         3361   EXIST::FUNCTION:EC
-a2i_IPADDRESS                           3362   EXIST::FUNCTION:
-STORE_method_set_initialise_function    3363   EXIST:!VMS:FUNCTION:
-STORE_meth_set_initialise_fn            3363   EXIST:VMS:FUNCTION:
-X509_STORE_CTX_set_depth                3364   EXIST::FUNCTION:
-X509_VERIFY_PARAM_inherit               3365   EXIST::FUNCTION:
-EC_POINT_point2bn                       3366   EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_dn                  3367   EXIST::FUNCTION:
-X509_policy_tree_get0_policies          3368   EXIST::FUNCTION:
-EC_GROUP_new_curve_GF2m                 3369   EXIST::FUNCTION:EC
-STORE_destroy_method                    3370   EXIST::FUNCTION:
-ENGINE_unregister_STORE                 3371   EXIST::FUNCTION:ENGINE
-EVP_PKEY_get1_EC_KEY                    3372   EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_number             3373   EXIST::FUNCTION:
-ENGINE_get_default_ECDH                 3374   EXIST::FUNCTION:ENGINE
-ASN1_OCTET_STRING_NDEF_it               3375   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_NDEF_it               3375   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_delete_public_key                 3376   EXIST::FUNCTION:
-STORE_get_public_key                    3377   EXIST::FUNCTION:
-STORE_modify_arbitrary                  3378   EXIST::FUNCTION:
-ENGINE_get_static_state                 3379   EXIST::FUNCTION:ENGINE
-pqueue_iterator                         3380   EXIST::FUNCTION:
-ECDSA_SIG_new                           3381   EXIST::FUNCTION:ECDSA
-OPENSSL_DIR_end                         3382   EXIST::FUNCTION:
-BN_GF2m_mod_sqr                         3383   EXIST::FUNCTION:
-EC_POINT_bn2point                       3384   EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_depth             3385   EXIST::FUNCTION:
-STORE_get_method                        3386   EXIST::FUNCTION:
-STORE_parse_attrs_end                   3387   EXIST::FUNCTION:
-EC_GROUP_get_point_conversion_form      3388   EXIST:!VMS:FUNCTION:EC
-EC_GROUP_get_point_conv_form            3388   EXIST:VMS:FUNCTION:EC
-STORE_method_set_store_function         3389   EXIST::FUNCTION:
-STORE_ATTR_INFO_in                      3390   EXIST::FUNCTION:
-PEM_read_bio_ECPKParameters             3391   EXIST::FUNCTION:EC
-EC_GROUP_get_pentanomial_basis          3392   EXIST::FUNCTION:EC
-EVP_PKEY_add1_attr_by_txt               3393   EXIST::FUNCTION:
-BN_BLINDING_set_flags                   3394   EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_policies         3395   EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_name             3396   EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_purpose           3397   EXIST::FUNCTION:
-STORE_get_number                        3398   EXIST::FUNCTION:
-ECDSA_sign_setup                        3399   EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_solve_quad_arr              3400   EXIST::FUNCTION:
-EC_KEY_up_ref                           3401   EXIST::FUNCTION:EC
-POLICY_MAPPING_free                     3402   EXIST::FUNCTION:
-BN_GF2m_mod_div                         3403   EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_flags             3404   EXIST::FUNCTION:
-EC_KEY_free                             3405   EXIST::FUNCTION:EC
-STORE_method_set_list_next_function     3406   EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_next_fn             3406   EXIST:VMS:FUNCTION:
-PEM_write_bio_ECPrivateKey              3407   EXIST::FUNCTION:EC
-d2i_EC_PUBKEY                           3408   EXIST::FUNCTION:EC
-STORE_method_get_generate_function      3409   EXIST:!VMS:FUNCTION:
-STORE_meth_get_generate_fn              3409   EXIST:VMS:FUNCTION:
-STORE_method_set_list_end_function      3410   EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_end_fn              3410   EXIST:VMS:FUNCTION:
-pqueue_print                            3411   EXIST::FUNCTION:
-EC_GROUP_have_precompute_mult           3412   EXIST::FUNCTION:EC
-EC_KEY_print_fp                         3413   EXIST::FUNCTION:EC,FP_API
-BN_GF2m_mod_arr                         3414   EXIST::FUNCTION:
-PEM_write_bio_X509_CERT_PAIR            3415   EXIST::FUNCTION:
-EVP_PKEY_cmp                            3416   EXIST::FUNCTION:
-X509_policy_level_node_count            3417   EXIST::FUNCTION:
-STORE_new_engine                        3418   EXIST::FUNCTION:
-STORE_list_public_key_start             3419   EXIST::FUNCTION:
-X509_VERIFY_PARAM_new                   3420   EXIST::FUNCTION:
-ECDH_get_ex_data                        3421   EXIST::FUNCTION:ECDH
-EVP_PKEY_get_attr                       3422   EXIST::FUNCTION:
-ECDSA_do_sign                           3423   EXIST::FUNCTION:ECDSA
-ENGINE_unregister_ECDH                  3424   EXIST::FUNCTION:ENGINE
-ECDH_OpenSSL                            3425   EXIST::FUNCTION:ECDH
-EC_POINT_dup                            3426   EXIST::FUNCTION:EC
-GENERAL_SUBTREE_new                     3427   EXIST::FUNCTION:
-STORE_list_crl_endp                     3428   EXIST::FUNCTION:
-EC_get_builtin_curves                   3429   EXIST::FUNCTION:EC
-X509_policy_node_get0_qualifiers        3430   EXIST:!VMS:FUNCTION:
-X509_pcy_node_get0_qualifiers           3430   EXIST:VMS:FUNCTION:
-STORE_list_crl_end                      3431   EXIST::FUNCTION:
-EVP_PKEY_set1_EC_KEY                    3432   EXIST::FUNCTION:EC
-BN_GF2m_mod_sqrt_arr                    3433   EXIST::FUNCTION:
-i2d_ECPrivateKey_bio                    3434   EXIST::FUNCTION:BIO,EC
-ECPKParameters_print_fp                 3435   EXIST::FUNCTION:EC,FP_API
-pqueue_find                             3436   EXIST::FUNCTION:
-ECDSA_SIG_free                          3437   EXIST::FUNCTION:ECDSA
-PEM_write_bio_ECPKParameters            3438   EXIST::FUNCTION:EC
-STORE_method_set_ctrl_function          3439   EXIST::FUNCTION:
-STORE_list_public_key_end               3440   EXIST::FUNCTION:
-pqueue_peek                             3441   EXIST::FUNCTION:
-STORE_get_arbitrary                     3442   EXIST::FUNCTION:
-STORE_store_crl                         3443   EXIST::FUNCTION:
-X509_policy_node_get0_policy            3444   EXIST::FUNCTION:
-PKCS12_add_safes                        3445   EXIST::FUNCTION:
-BN_BLINDING_convert_ex                  3446   EXIST::FUNCTION:
-X509_policy_tree_free                   3447   EXIST::FUNCTION:
-OPENSSL_ia32cap_loc                     3448   EXIST::FUNCTION:
-BN_GF2m_poly2arr                        3449   EXIST::FUNCTION:
-STORE_ctrl                              3450   EXIST::FUNCTION:
-STORE_ATTR_INFO_compare                 3451   EXIST::FUNCTION:
-BN_get0_nist_prime_224                  3452   EXIST::FUNCTION:
-i2d_ECParameters                        3453   EXIST::FUNCTION:EC
-i2d_ECPKParameters                      3454   EXIST::FUNCTION:EC
-BN_GENCB_call                           3455   EXIST::FUNCTION:
-d2i_ECPKParameters                      3456   EXIST::FUNCTION:EC
-STORE_method_set_generate_function      3457   EXIST:!VMS:FUNCTION:
-STORE_meth_set_generate_fn              3457   EXIST:VMS:FUNCTION:
-ENGINE_set_ECDH                         3458   EXIST::FUNCTION:ENGINE
-NAME_CONSTRAINTS_new                    3459   EXIST::FUNCTION:
-SHA256_Init                             3460   EXIST::FUNCTION:SHA,SHA256
-PEM_write_bio_EC_PUBKEY                 3461   EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_cstr                3462   EXIST::FUNCTION:
-STORE_list_crl_next                     3463   EXIST::FUNCTION:
-STORE_ATTR_INFO_in_range                3464   EXIST::FUNCTION:
-ECParameters_print                      3465   EXIST::FUNCTION:BIO,EC
-STORE_method_set_delete_function        3466   EXIST:!VMS:FUNCTION:
-STORE_meth_set_delete_fn                3466   EXIST:VMS:FUNCTION:
-STORE_list_certificate_next             3467   EXIST::FUNCTION:
-ASN1_generate_nconf                     3468   EXIST::FUNCTION:
-BUF_memdup                              3469   EXIST::FUNCTION:
-BN_GF2m_mod_mul                         3470   EXIST::FUNCTION:
-STORE_method_get_list_next_function     3471   EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_next_fn             3471   EXIST:VMS:FUNCTION:
-STORE_ATTR_INFO_get0_dn                 3472   EXIST::FUNCTION:
-STORE_list_private_key_next             3473   EXIST::FUNCTION:
-EC_GROUP_set_seed                       3474   EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_trust             3475   EXIST::FUNCTION:
-STORE_ATTR_INFO_free                    3476   EXIST::FUNCTION:
-STORE_get_private_key                   3477   EXIST::FUNCTION:
-EVP_PKEY_get_attr_count                 3478   EXIST::FUNCTION:
-STORE_ATTR_INFO_new                     3479   EXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m                 3480   EXIST::FUNCTION:EC
-STORE_method_set_revoke_function        3481   EXIST:!VMS:FUNCTION:
-STORE_meth_set_revoke_fn                3481   EXIST:VMS:FUNCTION:
-STORE_store_number                      3482   EXIST::FUNCTION:
-BN_is_prime_ex                          3483   EXIST::FUNCTION:
-STORE_revoke_public_key                 3484   EXIST::FUNCTION:
-X509_STORE_CTX_get0_param               3485   EXIST::FUNCTION:
-STORE_delete_arbitrary                  3486   EXIST::FUNCTION:
-PEM_read_X509_CERT_PAIR                 3487   EXIST:!WIN16:FUNCTION:
-X509_STORE_set_depth                    3488   EXIST::FUNCTION:
-ECDSA_get_ex_data                       3489   EXIST::FUNCTION:ECDSA
-SHA224                                  3490   EXIST::FUNCTION:SHA,SHA256
-BIO_dump_indent_fp                      3491   EXIST::FUNCTION:FP_API
-BUF_strndup                             3492   EXIST::FUNCTION:
-STORE_list_certificate_start            3493   EXIST::FUNCTION:
-BN_GF2m_mod                             3494   EXIST::FUNCTION:
-X509_REQ_check_private_key              3495   EXIST::FUNCTION:
-EC_GROUP_get_seed_len                   3496   EXIST::FUNCTION:EC
-ERR_load_STORE_strings                  3497   EXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY                  3498   EXIST::FUNCTION:EC
-STORE_list_private_key_end              3499   EXIST::FUNCTION:
-i2d_EC_PUBKEY                           3500   EXIST::FUNCTION:EC
-ECDSA_get_default_method                3501   EXIST::FUNCTION:ECDSA
-ASN1_put_eoc                            3502   EXIST::FUNCTION:
-X509_STORE_CTX_get_explicit_policy      3503   EXIST:!VMS:FUNCTION:
-X509_STORE_CTX_get_expl_policy          3503   EXIST:VMS:FUNCTION:
-ECDSA_DATA_free                         3504   EXIST::FUNCTION:ECDSA
-X509_VERIFY_PARAM_table_cleanup         3505   EXIST::FUNCTION:
-STORE_modify_private_key                3506   EXIST::FUNCTION:
-X509_VERIFY_PARAM_free                  3507   EXIST::FUNCTION:
-EC_METHOD_get_field_type                3508   EXIST::FUNCTION:EC
-EC_GFp_nist_method                      3509   EXIST::FUNCTION:EC
-STORE_method_set_modify_function        3510   EXIST:!VMS:FUNCTION:
-STORE_meth_set_modify_fn                3510   EXIST:VMS:FUNCTION:
-STORE_parse_attrs_next                  3511   EXIST::FUNCTION:
-ENGINE_load_padlock                     3512   EXIST::FUNCTION:ENGINE
-EC_GROUP_set_curve_name                 3513   EXIST::FUNCTION:EC
-X509_CERT_PAIR_it                       3514   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_PAIR_it                       3514   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_method_get_revoke_function        3515   EXIST:!VMS:FUNCTION:
-STORE_meth_get_revoke_fn                3515   EXIST:VMS:FUNCTION:
-STORE_method_set_get_function           3516   EXIST::FUNCTION:
-STORE_modify_number                     3517   EXIST::FUNCTION:
-STORE_method_get_store_function         3518   EXIST::FUNCTION:
-STORE_store_private_key                 3519   EXIST::FUNCTION:
-BN_GF2m_mod_sqr_arr                     3520   EXIST::FUNCTION:
-RSA_setup_blinding                      3521   EXIST::FUNCTION:RSA
-BIO_s_datagram                          3522   EXIST::FUNCTION:DGRAM
-STORE_Memory                            3523   EXIST::FUNCTION:
-sk_find_ex                              3524   EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m                 3525   EXIST::FUNCTION:EC
-ENGINE_set_default_ECDSA                3526   EXIST::FUNCTION:ENGINE
-POLICY_CONSTRAINTS_new                  3527   EXIST::FUNCTION:
-BN_GF2m_mod_sqrt                        3528   EXIST::FUNCTION:
-ECDH_set_default_method                 3529   EXIST::FUNCTION:ECDH
-EC_KEY_generate_key                     3530   EXIST::FUNCTION:EC
-SHA384_Update                           3531   EXIST::FUNCTION:SHA,SHA512
-BN_GF2m_arr2poly                        3532   EXIST::FUNCTION:
-STORE_method_get_get_function           3533   EXIST::FUNCTION:
-STORE_method_set_cleanup_function       3534   EXIST:!VMS:FUNCTION:
-STORE_meth_set_cleanup_fn               3534   EXIST:VMS:FUNCTION:
-EC_GROUP_check                          3535   EXIST::FUNCTION:EC
-d2i_ECPrivateKey_bio                    3536   EXIST::FUNCTION:BIO,EC
-STORE_method_get_lock_store_function    3537   EXIST:!VMS:FUNCTION:
-STORE_meth_get_lock_store_fn            3537   EXIST:VMS:FUNCTION:
-X509_VERIFY_PARAM_get_depth             3538   EXIST::FUNCTION:
-SHA224_Final                            3539   EXIST::FUNCTION:SHA,SHA256
-STORE_method_set_update_store_function  3540   EXIST:!VMS:FUNCTION:
-STORE_meth_set_update_store_fn          3540   EXIST:VMS:FUNCTION:
-SHA224_Update                           3541   EXIST::FUNCTION:SHA,SHA256
-d2i_ECPrivateKey                        3542   EXIST::FUNCTION:EC
-ASN1_item_ndef_i2d                      3543   EXIST::FUNCTION:
-STORE_delete_private_key                3544   EXIST::FUNCTION:
-ERR_pop_to_mark                         3545   EXIST::FUNCTION:
-ENGINE_register_all_STORE               3546   EXIST::FUNCTION:ENGINE
-X509_policy_level_get0_node             3547   EXIST::FUNCTION:
-i2d_PKCS7_NDEF                          3548   EXIST::FUNCTION:
-EC_GROUP_get_degree                     3549   EXIST::FUNCTION:EC
-ASN1_generate_v3                        3550   EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr             3551   EXIST::FUNCTION:
-X509_policy_tree_level_count            3552   EXIST::FUNCTION:
-BN_GF2m_add                             3553   EXIST::FUNCTION:
-STORE_generate_crl                      3554   EXIST::FUNCTION:
-STORE_store_public_key                  3555   EXIST::FUNCTION:
-X509_CERT_PAIR_free                     3556   EXIST::FUNCTION:
-STORE_revoke_private_key                3557   EXIST::FUNCTION:
-BN_nist_mod_224                         3558   EXIST::FUNCTION:
-SHA512_Final                            3559   EXIST::FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_modify_dn               3560   EXIST::FUNCTION:
-STORE_method_get_initialise_function    3561   EXIST:!VMS:FUNCTION:
-STORE_meth_get_initialise_fn            3561   EXIST:VMS:FUNCTION:
-STORE_delete_number                     3562   EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio                       3563   EXIST::FUNCTION:BIO,EC
-BIO_dgram_non_fatal_error               3564   EXIST::FUNCTION:
-EC_GROUP_get_asn1_flag                  3565   EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_ex                   3566   EXIST::FUNCTION:
-STORE_list_crl_start                    3567   EXIST::FUNCTION:
-ECDH_get_ex_new_index                   3568   EXIST::FUNCTION:ECDH
-STORE_method_get_modify_function        3569   EXIST:!VMS:FUNCTION:
-STORE_meth_get_modify_fn                3569   EXIST:VMS:FUNCTION:
-v2i_ASN1_BIT_STRING                     3570   EXIST::FUNCTION:
-STORE_store_certificate                 3571   EXIST::FUNCTION:
-OBJ_bsearch_ex                          3572   EXIST::FUNCTION:
-X509_STORE_CTX_set_default              3573   EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str             3574   EXIST::FUNCTION:
-BN_GF2m_mod_inv                         3575   EXIST::FUNCTION:
-BN_GF2m_mod_exp                         3576   EXIST::FUNCTION:
-STORE_modify_public_key                 3577   EXIST::FUNCTION:
-STORE_method_get_list_start_function    3578   EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_start_fn            3578   EXIST:VMS:FUNCTION:
-EC_GROUP_get0_seed                      3579   EXIST::FUNCTION:EC
-STORE_store_arbitrary                   3580   EXIST::FUNCTION:
-STORE_method_set_unlock_store_function  3581   EXIST:!VMS:FUNCTION:
-STORE_meth_set_unlock_store_fn          3581   EXIST:VMS:FUNCTION:
-BN_GF2m_mod_div_arr                     3582   EXIST::FUNCTION:
-ENGINE_set_ECDSA                        3583   EXIST::FUNCTION:ENGINE
-STORE_create_method                     3584   EXIST::FUNCTION:
-ECPKParameters_print                    3585   EXIST::FUNCTION:BIO,EC
-PEM_write_EC_PUBKEY                     3586   EXIST:!WIN16:FUNCTION:EC
-X509_VERIFY_PARAM_set1                  3587   EXIST::FUNCTION:
-ECDH_set_method                         3588   EXIST::FUNCTION:ECDH
-v2i_GENERAL_NAME_ex                     3589   EXIST::FUNCTION:
-ECDH_set_ex_data                        3590   EXIST::FUNCTION:ECDH
-STORE_generate_key                      3591   EXIST::FUNCTION:
-BN_nist_mod_521                         3592   EXIST::FUNCTION:
-X509_policy_tree_get0_level             3593   EXIST::FUNCTION:
-EC_GROUP_set_point_conversion_form      3594   EXIST:!VMS:FUNCTION:EC
-EC_GROUP_set_point_conv_form            3594   EXIST:VMS:FUNCTION:EC
-PEM_read_EC_PUBKEY                      3595   EXIST:!WIN16:FUNCTION:EC
-i2d_ECDSA_SIG                           3596   EXIST::FUNCTION:ECDSA
-ECDSA_OpenSSL                           3597   EXIST::FUNCTION:ECDSA
-STORE_delete_crl                        3598   EXIST::FUNCTION:
-ASN1_const_check_infinite_end           3599   EXIST::FUNCTION:
-EVP_PKEY_delete_attr                    3600   EXIST::FUNCTION:
-ECDSA_set_default_method                3601   EXIST::FUNCTION:ECDSA
-EC_POINT_set_compressed_coordinates_GF2m 3602  EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GF2m          3602   EXIST:VMS:FUNCTION:EC
-EC_GROUP_cmp                            3603   EXIST::FUNCTION:EC
-STORE_revoke_certificate                3604   EXIST::FUNCTION:
-ECDH_DATA_new_method                    3605   EXIST::FUNCTION:ECDH
-BN_get0_nist_prime_256                  3606   EXIST::FUNCTION:
-STORE_method_get_delete_function        3607   EXIST:!VMS:FUNCTION:
-STORE_meth_get_delete_fn                3607   EXIST:VMS:FUNCTION:
-SHA224_Init                             3608   EXIST::FUNCTION:SHA,SHA256
-PEM_read_ECPrivateKey                   3609   EXIST:!WIN16:FUNCTION:EC
-SHA512_Init                             3610   EXIST::FUNCTION:SHA,SHA512
-STORE_parse_attrs_endp                  3611   EXIST::FUNCTION:
-BN_set_negative                         3612   EXIST::FUNCTION:
-ERR_load_ECDSA_strings                  3613   EXIST::FUNCTION:ECDSA
-EC_GROUP_get_basis_type                 3614   EXIST::FUNCTION:EC
-ECDH_DATA_new                           3615   EXIST::FUNCTION:ECDH
-STORE_list_public_key_next              3616   EXIST::FUNCTION:
-i2v_ASN1_BIT_STRING                     3617   EXIST::FUNCTION:
-STORE_OBJECT_free                       3618   EXIST::FUNCTION:
-BN_nist_mod_384                         3619   EXIST::FUNCTION:
-i2d_X509_CERT_PAIR                      3620   EXIST::FUNCTION:
-PEM_write_ECPKParameters                3621   EXIST:!WIN16:FUNCTION:EC
-ECDH_compute_key                        3622   EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_get0_sha1str            3623   EXIST::FUNCTION:
-ENGINE_register_all_ECDH                3624   EXIST::FUNCTION:ENGINE
-pqueue_pop                              3625   EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_cstr               3626   EXIST::FUNCTION:
-POLICY_CONSTRAINTS_it                   3627   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_CONSTRAINTS_it                   3627   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_get_ex_new_index                  3628   EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_OBJ                3629   EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_policy           3630   EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad                  3631   EXIST::FUNCTION:
-SHA256                                  3632   EXIST::FUNCTION:SHA,SHA256
-i2d_ECPrivateKey_fp                     3633   EXIST::FUNCTION:EC,FP_API
-X509_policy_tree_get0_user_policies     3634   EXIST:!VMS:FUNCTION:
-X509_pcy_tree_get0_usr_policies         3634   EXIST:VMS:FUNCTION:
-OPENSSL_DIR_read                        3635   EXIST::FUNCTION:
-ENGINE_register_all_ECDSA               3636   EXIST::FUNCTION:ENGINE
-X509_VERIFY_PARAM_lookup                3637   EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m    3638   EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GF2m         3638   EXIST:VMS:FUNCTION:EC
-EC_GROUP_dup                            3639   EXIST::FUNCTION:EC
-ENGINE_get_default_ECDSA                3640   EXIST::FUNCTION:ENGINE
-EC_KEY_new                              3641   EXIST::FUNCTION:EC
-SHA256_Transform                        3642   EXIST::FUNCTION:SHA,SHA256
-ECDSA_verify                            3643   EXIST::FUNCTION:ECDSA
-EC_POINT_point2hex                      3644   EXIST::FUNCTION:EC
-ENGINE_get_STORE                        3645   EXIST::FUNCTION:ENGINE
-SHA512                                  3646   EXIST::FUNCTION:SHA,SHA512
-STORE_get_certificate                   3647   EXIST::FUNCTION:
-ECDSA_do_verify                         3648   EXIST::FUNCTION:ECDSA
-d2i_ECPrivateKey_fp                     3649   EXIST::FUNCTION:EC,FP_API
-STORE_delete_certificate                3650   EXIST::FUNCTION:
-SHA512_Transform                        3651   EXIST::FUNCTION:SHA,SHA512
-X509_STORE_set1_param                   3652   EXIST::FUNCTION:
-STORE_method_get_ctrl_function          3653   EXIST::FUNCTION:
-STORE_free                              3654   EXIST::FUNCTION:
-PEM_write_ECPrivateKey                  3655   EXIST:!WIN16:FUNCTION:EC
-STORE_method_get_unlock_store_function  3656   EXIST:!VMS:FUNCTION:
-STORE_meth_get_unlock_store_fn          3656   EXIST:VMS:FUNCTION:
-STORE_get_ex_data                       3657   EXIST::FUNCTION:
-PEM_read_ECPKParameters                 3658   EXIST:!WIN16:FUNCTION:EC
-X509_CERT_PAIR_new                      3659   EXIST::FUNCTION:
-ENGINE_register_STORE                   3660   EXIST::FUNCTION:ENGINE
-RSA_generate_key_ex                     3661   EXIST::FUNCTION:RSA
-DSA_generate_parameters_ex              3662   EXIST::FUNCTION:DSA
-ECParameters_print_fp                   3663   EXIST::FUNCTION:EC,FP_API
-X509V3_NAME_from_section                3664   EXIST::FUNCTION:
-EVP_PKEY_add1_attr                      3665   EXIST::FUNCTION:
-STORE_modify_crl                        3666   EXIST::FUNCTION:
-STORE_list_private_key_start            3667   EXIST::FUNCTION:
-POLICY_MAPPINGS_it                      3668   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPINGS_it                      3668   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_SUBTREE_it                      3669   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_SUBTREE_it                      3669   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ECDH_DATA_free                          3670   EXIST::FUNCTION:ECDH
-EC_GROUP_get_curve_name                 3671   EXIST::FUNCTION:EC
-PEM_write_X509_CERT_PAIR                3672   EXIST:!WIN16:FUNCTION:
-BIO_dump_indent_cb                      3673   EXIST::FUNCTION:
-d2i_X509_CERT_PAIR                      3674   EXIST::FUNCTION:
-STORE_list_private_key_endp             3675   EXIST::FUNCTION:
-asn1_const_Finish                       3676   EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp                        3677   EXIST::FUNCTION:EC,FP_API
-BN_nist_mod_256                         3678   EXIST::FUNCTION:
-ECDSA_DATA_new                          3679   EXIST::FUNCTION:ECDSA
-X509_VERIFY_PARAM_add0_table            3680   EXIST::FUNCTION:
-pqueue_free                             3681   EXIST::FUNCTION:
-BN_BLINDING_create_param                3682   EXIST::FUNCTION:
-ECDSA_size                              3683   EXIST::FUNCTION:ECDSA
-d2i_EC_PUBKEY_bio                       3684   EXIST::FUNCTION:BIO,EC
-BN_get0_nist_prime_521                  3685   EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_sha1str          3686   EXIST::FUNCTION:
-BN_generate_prime_ex                    3687   EXIST::FUNCTION:
-EC_GROUP_new_by_curve_name              3688   EXIST::FUNCTION:EC
-SHA256_Final                            3689   EXIST::FUNCTION:SHA,SHA256
-DH_generate_parameters_ex               3690   EXIST::FUNCTION:DH
-PEM_read_bio_ECPrivateKey               3691   EXIST::FUNCTION:EC
-STORE_method_get_cleanup_function       3692   EXIST:!VMS:FUNCTION:
-STORE_meth_get_cleanup_fn               3692   EXIST:VMS:FUNCTION:
-ENGINE_get_ECDH                         3693   EXIST::FUNCTION:ENGINE
-d2i_ECDSA_SIG                           3694   EXIST::FUNCTION:ECDSA
-BN_is_prime_fasttest_ex                 3695   EXIST::FUNCTION:
-ECDSA_sign                              3696   EXIST::FUNCTION:ECDSA
-X509_policy_check                       3697   EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_NID                3698   EXIST::FUNCTION:
-STORE_set_ex_data                       3699   EXIST::FUNCTION:
-ENGINE_get_ECDSA                        3700   EXIST::FUNCTION:ENGINE
-EVP_ecdsa                               3701   EXIST::FUNCTION:SHA
-BN_BLINDING_get_flags                   3702   EXIST::FUNCTION:
-PKCS12_add_cert                         3703   EXIST::FUNCTION:
-STORE_OBJECT_new                        3704   EXIST::FUNCTION:
-ERR_load_ECDH_strings                   3705   EXIST::FUNCTION:ECDH
-EC_KEY_dup                              3706   EXIST::FUNCTION:EC
-EVP_CIPHER_CTX_rand_key                 3707   EXIST::FUNCTION:
-ECDSA_set_method                        3708   EXIST::FUNCTION:ECDSA
-a2i_IPADDRESS_NC                        3709   EXIST::FUNCTION:
-d2i_ECParameters                        3710   EXIST::FUNCTION:EC
-STORE_list_certificate_end              3711   EXIST::FUNCTION:
-STORE_get_crl                           3712   EXIST::FUNCTION:
-X509_POLICY_NODE_print                  3713   EXIST::FUNCTION:
-SHA384_Init                             3714   EXIST::FUNCTION:SHA,SHA512
-EC_GF2m_simple_method                   3715   EXIST::FUNCTION:EC
-ECDSA_set_ex_data                       3716   EXIST::FUNCTION:ECDSA
-SHA384_Final                            3717   EXIST::FUNCTION:SHA,SHA512
-PKCS7_set_digest                        3718   EXIST::FUNCTION:
-EC_KEY_print                            3719   EXIST::FUNCTION:BIO,EC
-STORE_method_set_lock_store_function    3720   EXIST:!VMS:FUNCTION:
-STORE_meth_set_lock_store_fn            3720   EXIST:VMS:FUNCTION:
-ECDSA_get_ex_new_index                  3721   EXIST::FUNCTION:ECDSA
-SHA384                                  3722   EXIST::FUNCTION:SHA,SHA512
-POLICY_MAPPING_new                      3723   EXIST::FUNCTION:
-STORE_list_certificate_endp             3724   EXIST::FUNCTION:
-X509_STORE_CTX_get0_policy_tree         3725   EXIST::FUNCTION:
-EC_GROUP_set_asn1_flag                  3726   EXIST::FUNCTION:EC
-EC_KEY_check_key                        3727   EXIST::FUNCTION:EC
-d2i_EC_PUBKEY_fp                        3728   EXIST::FUNCTION:EC,FP_API
-PKCS7_set0_type_other                   3729   EXIST::FUNCTION:
-ECDSA_DATA_new_method                   3730   EXIST::FUNCTION:ECDSA
-PEM_read_bio_X509_CERT_PAIR             3731   EXIST::FUNCTION:
-pqueue_next                             3732   EXIST::FUNCTION:
-STORE_method_get_list_end_function      3733   EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_end_fn              3733   EXIST:VMS:FUNCTION:
-EVP_PKEY_add1_attr_by_OBJ               3734   EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_time              3735   EXIST::FUNCTION:
-pqueue_new                              3736   EXIST::FUNCTION:
-ENGINE_set_default_ECDH                 3737   EXIST::FUNCTION:ENGINE
-STORE_new_method                        3738   EXIST::FUNCTION:
-PKCS12_add_key                          3739   EXIST::FUNCTION:
-DSO_merge                               3740   EXIST::FUNCTION:
-EC_POINT_hex2point                      3741   EXIST::FUNCTION:EC
-BIO_dump_cb                             3742   EXIST::FUNCTION:
-SHA256_Update                           3743   EXIST::FUNCTION:SHA,SHA256
-pqueue_insert                           3744   EXIST::FUNCTION:
-pitem_free                              3745   EXIST::FUNCTION:
-BN_GF2m_mod_inv_arr                     3746   EXIST::FUNCTION:
-ENGINE_unregister_ECDSA                 3747   EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id               3748   EXIST::FUNCTION:
+EVP_PKEY_cmp                            3319   EXIST::FUNCTION:
+PEM_write_ECPKParameters                3320   EXIST:!WIN16:FUNCTION:EC
+STORE_list_private_key_end              3321   EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       3322   EXIST::FUNCTION:BIO,EC
+BUF_memdup                              3323   EXIST::FUNCTION:
+NAME_CONSTRAINTS_it                     3324   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it                     3324   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_KEY_copy                             3325   EXIST::FUNCTION:EC
+STORE_ATTR_INFO_get0_cstr               3326   EXIST::FUNCTION:
+STORE_list_crl_end                      3327   EXIST::FUNCTION:
+EC_KEY_set_asn1_flag                    3328   EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_free                  3329   EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GF2m 3330  EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GF2m          3330   EXIST:VMS:FUNCTION:EC
+ASN1_generate_nconf                     3331   EXIST::FUNCTION:
+ECPKParameters_print                    3332   EXIST::FUNCTION:BIO,EC
+OBJ_bsearch_ex                          3333   EXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m                 3334   EXIST::FUNCTION:EC
+STORE_method_set_store_function         3335   EXIST::FUNCTION:
+d2i_ECPrivateKey_fp                     3336   EXIST::FUNCTION:EC,FP_API
+EC_KEY_up_ref                           3337   EXIST::FUNCTION:EC
+SHA384_Final                            3338   EXIST::FUNCTION:SHA,SHA512
+EC_POINT_point2bn                       3339   EXIST::FUNCTION:EC
+STORE_modify_private_key                3340   EXIST::FUNCTION:
+ENGINE_get_ECDSA                        3341   EXIST::FUNCTION:ENGINE
+ECDSA_verify                            3342   EXIST::FUNCTION:ECDSA
+STORE_list_certificate_next             3343   EXIST::FUNCTION:
+BN_GF2m_mod_sqr_arr                     3344   EXIST::FUNCTION:
+STORE_OBJECT_free                       3345   EXIST::FUNCTION:
+STORE_delete_crl                        3346   EXIST::FUNCTION:
+X509_CERT_PAIR_it                       3347   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it                       3347   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_VERIFY_PARAM_set_purpose           3348   EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag                  3349   EXIST::FUNCTION:EC
+EC_POINT_set_affine_coordinates_GF2m    3350   EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GF2m         3350   EXIST:VMS:FUNCTION:EC
+X509_VERIFY_PARAM_set1_name             3351   EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_depth             3352   EXIST::FUNCTION:
+OPENSSL_ia32cap_loc                     3353   EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1                  3354   EXIST::FUNCTION:
+PEM_write_ECPrivateKey                  3355   EXIST:!WIN16:FUNCTION:EC
+EC_GROUP_cmp                            3356   EXIST::FUNCTION:EC
+STORE_ATTR_INFO_modify_sha1str          3357   EXIST::FUNCTION:
+i2o_ECPublicKey                         3358   EXIST::FUNCTION:EC
+EVP_PKEY_get_attr_by_NID                3359   EXIST::FUNCTION:
+ASN1_item_ndef_i2d                      3360   EXIST::FUNCTION:
+STORE_method_set_modify_function        3361   EXIST:!VMS:FUNCTION:
+STORE_meth_set_modify_fn                3361   EXIST:VMS:FUNCTION:
+POLICY_CONSTRAINTS_new                  3362   EXIST::FUNCTION:
+STORE_method_get_generate_function      3363   EXIST:!VMS:FUNCTION:
+STORE_meth_get_generate_fn              3363   EXIST:VMS:FUNCTION:
+STORE_list_public_key_endp              3364   EXIST::FUNCTION:
+BN_BLINDING_convert_ex                  3365   EXIST::FUNCTION:
+STORE_get_ex_new_index                  3366   EXIST::FUNCTION:
+X509_policy_node_get0_qualifiers        3367   EXIST:!VMS:FUNCTION:
+X509_pcy_node_get0_qualifiers           3367   EXIST:VMS:FUNCTION:
+EC_GF2m_simple_method                   3368   EXIST::FUNCTION:EC
+STORE_method_get_get_function           3369   EXIST::FUNCTION:
+EC_GROUP_get_curve_name                 3370   EXIST::FUNCTION:EC
+PEM_write_X509_CERT_PAIR                3371   EXIST:!WIN16:FUNCTION:
+ENGINE_set_default_ECDH                 3372   EXIST::FUNCTION:ENGINE
+ERR_set_mark                            3373   EXIST::FUNCTION:
+sk_find_ex                              3374   EXIST::FUNCTION:
+PEM_read_bio_ECPrivateKey               3375   EXIST::FUNCTION:EC
+BN_GF2m_mod_div_arr                     3376   EXIST::FUNCTION:
+i2d_X509_CERT_PAIR                      3377   EXIST::FUNCTION:
+BN_BLINDING_get_thread_id               3378   EXIST::FUNCTION:
+EC_get_builtin_curves                   3379   EXIST::FUNCTION:EC
+NAME_CONSTRAINTS_new                    3380   EXIST::FUNCTION:
+EVP_PKEY_delete_attr                    3381   EXIST::FUNCTION:
+DSA_generate_parameters_ex              3382   EXIST::FUNCTION:DSA
+X509_VERIFY_PARAM_set_time              3383   EXIST::FUNCTION:
+STORE_delete_private_key                3384   EXIST::FUNCTION:
+STORE_method_set_cleanup_function       3385   EXIST:!VMS:FUNCTION:
+STORE_meth_set_cleanup_fn               3385   EXIST:VMS:FUNCTION:
+PEM_read_bio_X509_CERT_PAIR             3386   EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_number             3387   EXIST::FUNCTION:
+BN_generate_prime_ex                    3388   EXIST::FUNCTION:
+STORE_get_number                        3389   EXIST::FUNCTION:
+ECDH_compute_key                        3390   EXIST::FUNCTION:ECDH
+asn1_const_Finish                       3391   EXIST::FUNCTION:
+STORE_method_get_store_function         3392   EXIST::FUNCTION:
+STORE_parse_attrs_endp                  3393   EXIST::FUNCTION:
+STORE_list_private_key_endp             3394   EXIST::FUNCTION:
+BN_BLINDING_set_thread_id               3395   EXIST::FUNCTION:
+STORE_destroy_method                    3396   EXIST::FUNCTION:
+BN_nist_mod_521                         3397   EXIST::FUNCTION:
+EC_KEY_precompute_mult                  3398   EXIST::FUNCTION:EC
+STORE_ATTR_INFO_free                    3399   EXIST::FUNCTION:
+STORE_store_crl                         3400   EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_OBJ               3401   EXIST::FUNCTION:
+PKCS7_set_digest                        3402   EXIST::FUNCTION:
+ECDH_get_ex_data                        3403   EXIST::FUNCTION:ECDH
+d2i_ECPrivateKey_bio                    3404   EXIST::FUNCTION:BIO,EC
+BN_GF2m_mod_sqr                         3405   EXIST::FUNCTION:
+STORE_list_certificate_start            3406   EXIST::FUNCTION:
+i2d_ECPrivateKey_bio                    3407   EXIST::FUNCTION:BIO,EC
+STORE_modify_crl                        3408   EXIST::FUNCTION:
+BN_GF2m_mod_div                         3409   EXIST::FUNCTION:
+STORE_new_method                        3410   EXIST::FUNCTION:
+ENGINE_register_STORE                   3411   EXIST::FUNCTION:ENGINE
+STORE_method_get_delete_function        3412   EXIST:!VMS:FUNCTION:
+STORE_meth_get_delete_fn                3412   EXIST:VMS:FUNCTION:
+STORE_list_crl_start                    3413   EXIST::FUNCTION:
+ECDH_set_default_method                 3414   EXIST::FUNCTION:ECDH
+STORE_method_get_cleanup_function       3415   EXIST:!VMS:FUNCTION:
+STORE_meth_get_cleanup_fn               3415   EXIST:VMS:FUNCTION:
+ECDSA_SIG_new                           3416   EXIST::FUNCTION:ECDSA
+OPENSSL_DIR_end                         3417   EXIST::FUNCTION:
+ECDSA_SIG_free                          3418   EXIST::FUNCTION:ECDSA
+BIO_dump_indent_fp                      3419   EXIST::FUNCTION:FP_API
+EC_GROUP_get_basis_type                 3420   EXIST::FUNCTION:EC
+pqueue_insert                           3421   EXIST::FUNCTION:
+EC_KEY_print                            3422   EXIST::FUNCTION:BIO,EC
+STORE_revoke_certificate                3423   EXIST::FUNCTION:
+STORE_method_get_list_end_function      3424   EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_end_fn              3424   EXIST:VMS:FUNCTION:
+EC_METHOD_get_field_type                3425   EXIST::FUNCTION:EC
+PEM_write_EC_PUBKEY                     3426   EXIST:!WIN16:FUNCTION:EC
+EC_POINT_point2hex                      3427   EXIST::FUNCTION:EC
+STORE_store_number                      3428   EXIST::FUNCTION:
+DH_generate_parameters_ex               3429   EXIST::FUNCTION:DH
+STORE_Memory                            3430   EXIST::FUNCTION:
+SHA224_Final                            3431   EXIST::FUNCTION:SHA,SHA256
+EC_GROUP_get0_seed                      3432   EXIST::FUNCTION:EC
+EVP_ecdsa                               3433   EXIST::FUNCTION:SHA
+EVP_PKEY_get_attr                       3434   EXIST::FUNCTION:
+X509_VERIFY_PARAM_lookup                3435   EXIST::FUNCTION:
+ECDSA_get_ex_data                       3436   EXIST::FUNCTION:ECDSA
+STORE_get_certificate                   3437   EXIST::FUNCTION:
+BN_GF2m_mod                             3438   EXIST::FUNCTION:
+ENGINE_set_ECDH                         3439   EXIST::FUNCTION:ENGINE
+NAME_CONSTRAINTS_free                   3440   EXIST::FUNCTION:
+X509_policy_node_get0_parent            3441   EXIST::FUNCTION:
+BN_GF2m_mod_exp_arr                     3442   EXIST::FUNCTION:
+ENGINE_unregister_ECDH                  3443   EXIST::FUNCTION:ENGINE
+BIO_new_dgram                           3444   EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID               3445   EXIST::FUNCTION:
+EC_KEY_get_conv_form                    3446   EXIST::FUNCTION:EC
+v2i_GENERAL_NAME_ex                     3447   EXIST::FUNCTION:
+STORE_store_private_key                 3448   EXIST::FUNCTION:
+STORE_method_set_revoke_function        3449   EXIST:!VMS:FUNCTION:
+STORE_meth_set_revoke_fn                3449   EXIST:VMS:FUNCTION:
+EC_GROUP_get_seed_len                   3450   EXIST::FUNCTION:EC
+POLICY_MAPPINGS_it                      3451   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it                      3451   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_KEY_check_key                        3452   EXIST::FUNCTION:EC
+X509_STORE_CTX_get_explicit_policy      3453   EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get_expl_policy          3453   EXIST:VMS:FUNCTION:
+STORE_ATTR_INFO_modify_number           3454   EXIST::FUNCTION:
+STORE_modify_number                     3455   EXIST::FUNCTION:
+OPENSSL_DIR_read                        3456   EXIST::FUNCTION:
+STORE_new_engine                        3457   EXIST::FUNCTION:
+ASN1_const_check_infinite_end           3458   EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str             3459   EXIST::FUNCTION:
+i2d_PKCS7_NDEF                          3460   EXIST::FUNCTION:
+SHA512_Update                           3461   EXIST::FUNCTION:SHA,SHA512
+PKCS12_add_safes                        3462   EXIST::FUNCTION:
+BN_get0_nist_prime_384                  3463   EXIST::FUNCTION:
+BN_is_prime_ex                          3464   EXIST::FUNCTION:
+BN_GENCB_call                           3465   EXIST::FUNCTION:
+EC_KEY_get0_public_key                  3466   EXIST::FUNCTION:EC
+ERR_pop_to_mark                         3467   EXIST::FUNCTION:
+EC_KEY_get_key_method_data              3468   EXIST::FUNCTION:EC
+STORE_parse_attrs_next                  3469   EXIST::FUNCTION:
+v2i_ASN1_BIT_STRING                     3470   EXIST::FUNCTION:
+STORE_create_method                     3471   EXIST::FUNCTION:
+PKCS12_add_key                          3472   EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy           3473   EXIST::FUNCTION:
+STORE_set_method                        3474   EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_depth             3475   EXIST::FUNCTION:
+STORE_list_public_key_start             3476   EXIST::FUNCTION:
+BN_GF2m_mod_mul_arr                     3477   EXIST::FUNCTION:
+d2i_X509_CERT_PAIR                      3478   EXIST::FUNCTION:
+BN_nist_mod_192                         3479   EXIST::FUNCTION:
+i2d_ECPrivateKey_fp                     3480   EXIST::FUNCTION:EC,FP_API
+EC_GROUP_check_discriminant             3481   EXIST::FUNCTION:EC
+ECPKParameters_print_fp                 3482   EXIST::FUNCTION:EC,FP_API
+POLICY_CONSTRAINTS_it                   3483   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it                   3483   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+o2i_ECPublicKey                         3484   EXIST::FUNCTION:EC
+STORE_method_set_get_function           3485   EXIST::FUNCTION:
+X509_policy_node_get0_policy            3486   EXIST::FUNCTION:
+ENGINE_set_default_ECDSA                3487   EXIST::FUNCTION:ENGINE
+STORE_get_public_key                    3488   EXIST::FUNCTION:
+d2i_ECDSA_SIG                           3489   EXIST::FUNCTION:ECDSA
+SHA256_Init                             3490   EXIST::FUNCTION:SHA,SHA256
+EC_GROUP_have_precompute_mult           3491   EXIST::FUNCTION:EC
+EVP_PKEY_add1_attr                      3492   EXIST::FUNCTION:
+d2i_EC_PUBKEY_fp                        3493   EXIST::FUNCTION:EC,FP_API
+PEM_read_ECPrivateKey                   3494   EXIST:!WIN16:FUNCTION:EC
+BN_GF2m_mod_inv_arr                     3495   EXIST::FUNCTION:
+STORE_method_set_unlock_store_function  3496   EXIST:!VMS:FUNCTION:
+STORE_meth_set_unlock_store_fn          3496   EXIST:VMS:FUNCTION:
+STORE_list_crl_next                     3497   EXIST::FUNCTION:
+EC_POINT_dup                            3498   EXIST::FUNCTION:EC
+ENGINE_set_STORE                        3499   EXIST::FUNCTION:ENGINE
+STORE_method_get_list_next_function     3500   EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_next_fn             3500   EXIST:VMS:FUNCTION:
+PKCS7_set0_type_other                   3501   EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number              3502   EXIST::FUNCTION:
+STORE_get_private_key                   3503   EXIST::FUNCTION:
+SHA384_Init                             3504   EXIST::FUNCTION:SHA,SHA512
+SHA384_Update                           3505   EXIST::FUNCTION:SHA,SHA512
+EC_GROUP_get_pentanomial_basis          3506   EXIST::FUNCTION:EC
+EC_KEY_free                             3507   EXIST::FUNCTION:EC
+BN_GF2m_mod_mul                         3508   EXIST::FUNCTION:
+X509_CERT_PAIR_new                      3509   EXIST::FUNCTION:
+X509_policy_check                       3510   EXIST::FUNCTION:
+EC_KEY_insert_key_method_data           3511   EXIST::FUNCTION:EC
+ENGINE_register_all_ECDSA               3512   EXIST::FUNCTION:ENGINE
+ECDSA_set_ex_data                       3513   EXIST::FUNCTION:ECDSA
+SHA384                                  3514   EXIST::FUNCTION:SHA,SHA512
+BN_GF2m_mod_inv                         3515   EXIST::FUNCTION:
+PEM_write_bio_ECPKParameters            3516   EXIST::FUNCTION:EC
+STORE_delete_public_key                 3517   EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_flags             3518   EXIST::FUNCTION:
+i2d_ECParameters                        3519   EXIST::FUNCTION:EC
+BN_GF2m_arr2poly                        3520   EXIST::FUNCTION:
+STORE_method_set_delete_function        3521   EXIST:!VMS:FUNCTION:
+STORE_meth_set_delete_fn                3521   EXIST:VMS:FUNCTION:
+EC_GROUP_new_by_curve_name              3522   EXIST::FUNCTION:EC
+X509_policy_level_get0_node             3523   EXIST::FUNCTION:
+d2i_ECPrivateKey                        3524   EXIST::FUNCTION:EC
+STORE_method_set_update_store_function  3525   EXIST:!VMS:FUNCTION:
+STORE_meth_set_update_store_fn          3525   EXIST:VMS:FUNCTION:
+ERR_load_ECDH_strings                   3526   EXIST::FUNCTION:ECDH
+STORE_ATTR_INFO_modify_dn               3527   EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 3528   EXIST::FUNCTION:EC
+X509_STORE_CTX_get0_param               3529   EXIST::FUNCTION:
+SHA224_Update                           3530   EXIST::FUNCTION:SHA,SHA256
+SHA256_Update                           3531   EXIST::FUNCTION:SHA,SHA256
+EC_KEY_set_group                        3532   EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY                 3533   EXIST::FUNCTION:EC
+pqueue_free                             3534   EXIST::FUNCTION:
+POLICY_MAPPING_new                      3535   EXIST::FUNCTION:
+EC_KEY_new                              3536   EXIST::FUNCTION:EC
+STORE_list_public_key_next              3537   EXIST::FUNCTION:
+X509_CERT_PAIR_free                     3538   EXIST::FUNCTION:
+BN_set_negative                         3539   EXIST::FUNCTION:
+BN_nist_mod_256                         3540   EXIST::FUNCTION:
+BN_get0_nist_prime_256                  3541   EXIST::FUNCTION:
+RSA_generate_key_ex                     3542   EXIST::FUNCTION:RSA
+BN_GF2m_mod_sqrt                        3543   EXIST::FUNCTION:
+ASN1_put_eoc                            3544   EXIST::FUNCTION:
+X509_policy_tree_get0_policies          3545   EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_trust             3546   EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis            3547   EXIST::FUNCTION:EC
+ECDSA_sign_setup                        3548   EXIST::FUNCTION:ECDSA
+X509_VERIFY_PARAM_table_cleanup         3549   EXIST::FUNCTION:
+ENGINE_unregister_ECDSA                 3550   EXIST::FUNCTION:ENGINE
+STORE_generate_key                      3551   EXIST::FUNCTION:
+ENGINE_register_ECDH                    3552   EXIST::FUNCTION:ENGINE
+SHA512_Transform                        3553   EXIST::FUNCTION:SHA,SHA512
+X509_STORE_CTX_set_depth                3554   EXIST::FUNCTION:
+STORE_list_crl_endp                     3555   EXIST::FUNCTION:
+EVP_PKEY_get1_EC_KEY                    3556   EXIST::FUNCTION:EC
+STORE_get_ex_data                       3557   EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table            3558   EXIST::FUNCTION:
+BN_GF2m_mod_sqrt_arr                    3559   EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_txt               3560   EXIST::FUNCTION:
+X509_STORE_CTX_set_default              3561   EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3562   EXIST::FUNCTION:EC,FP_API
+BN_BLINDING_invert_ex                   3563   EXIST::FUNCTION:
+EC_POINT_hex2point                      3564   EXIST::FUNCTION:EC
+PEM_read_bio_ECPKParameters             3565   EXIST::FUNCTION:EC
+PEM_write_bio_X509_CERT_PAIR            3566   EXIST::FUNCTION:
+EC_KEY_new_by_curve_name                3567   EXIST::FUNCTION:EC
+STORE_ATTR_INFO_in_range                3568   EXIST::FUNCTION:
+STORE_method_get_initialise_function    3569   EXIST:!VMS:FUNCTION:
+STORE_meth_get_initialise_fn            3569   EXIST:VMS:FUNCTION:
+STORE_ATTR_INFO_get0_dn                 3570   EXIST::FUNCTION:
+STORE_set_ex_data                       3571   EXIST::FUNCTION:
+X509_REQ_check_private_key              3572   EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_sha1str            3573   EXIST::FUNCTION:
+EC_GROUP_set_asn1_flag                  3574   EXIST::FUNCTION:EC
+ECDH_set_method                         3575   EXIST::FUNCTION:ECDH
+ECDSA_do_sign                           3576   EXIST::FUNCTION:ECDSA
+STORE_ATTR_INFO_new                     3577   EXIST::FUNCTION:
+STORE_method_get_lock_store_function    3578   EXIST:!VMS:FUNCTION:
+STORE_meth_get_lock_store_fn            3578   EXIST:VMS:FUNCTION:
+EC_KEY_set_public_key                   3579   EXIST::FUNCTION:EC
+BUF_strndup                             3580   EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr             3581   EXIST::FUNCTION:
+POLICY_MAPPING_free                     3582   EXIST::FUNCTION:
+BN_get0_nist_prime_192                  3583   EXIST::FUNCTION:
+i2d_EC_PUBKEY                           3584   EXIST::FUNCTION:EC
+STORE_method_set_lock_store_function    3585   EXIST:!VMS:FUNCTION:
+STORE_meth_set_lock_store_fn            3585   EXIST:VMS:FUNCTION:
+PKCS12_add_safe                         3586   EXIST::FUNCTION:
+STORE_free                              3587   EXIST::FUNCTION:
+GENERAL_SUBTREE_it                      3588   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it                      3588   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ECDSA_do_verify                         3589   EXIST::FUNCTION:ECDSA
+GENERAL_SUBTREE_free                    3590   EXIST::FUNCTION:
+EC_KEY_get0_private_key                 3591   EXIST::FUNCTION:EC
+ECDSA_get_ex_new_index                  3592   EXIST::FUNCTION:ECDSA
+SHA224                                  3593   EXIST::FUNCTION:SHA,SHA256
+STORE_delete_certificate                3594   EXIST::FUNCTION:
+ECDSA_sign_ex                           3595   EXIST::FUNCTION:ECDSA
+BN_is_prime_fasttest_ex                 3596   EXIST::FUNCTION:
+EC_GROUP_set_curve_name                 3597   EXIST::FUNCTION:EC
+EVP_PKEY_set1_EC_KEY                    3598   EXIST::FUNCTION:EC
+STORE_store_arbitrary                   3599   EXIST::FUNCTION:
+EC_KEY_print_fp                         3600   EXIST::FUNCTION:EC,FP_API
+STORE_list_public_key_end               3601   EXIST::FUNCTION:
+SHA256_Transform                        3602   EXIST::FUNCTION:SHA,SHA256
+X509_policy_tree_level_count            3603   EXIST::FUNCTION:
+SHA512_Init                             3604   EXIST::FUNCTION:SHA,SHA512
+STORE_ATTR_INFO_in                      3605   EXIST::FUNCTION:
+ENGINE_get_default_ECDSA                3606   EXIST::FUNCTION:ENGINE
+ENGINE_get_static_state                 3607   EXIST::FUNCTION:ENGINE
+ECParameters_print                      3608   EXIST::FUNCTION:BIO,EC
+STORE_get_arbitrary                     3609   EXIST::FUNCTION:
+BN_BLINDING_set_flags                   3610   EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3611   EXIST::FUNCTION:
+STORE_delete_number                     3612   EXIST::FUNCTION:
+STORE_method_get_revoke_function        3613   EXIST:!VMS:FUNCTION:
+STORE_meth_get_revoke_fn                3613   EXIST:VMS:FUNCTION:
+STORE_ATTR_INFO_set_cstr                3614   EXIST::FUNCTION:
+BIO_dump_indent_cb                      3615   EXIST::FUNCTION:
+EC_KEY_dup                              3616   EXIST::FUNCTION:EC
+X509_keyid_get0                         3617   EXIST::FUNCTION:
+STORE_get_method                        3618   EXIST::FUNCTION:
+PKCS12_add_cert                         3619   EXIST::FUNCTION:
+X509_STORE_set1_param                   3620   EXIST::FUNCTION:
+BN_BLINDING_create_param                3621   EXIST::FUNCTION:
+BN_BLINDING_get_flags                   3622   EXIST::FUNCTION:
+EVP_PKEY_get_attr_count                 3623   EXIST::FUNCTION:
+STORE_parse_attrs_start                 3624   EXIST::FUNCTION:
+STORE_method_set_list_next_function     3625   EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_next_fn             3625   EXIST:VMS:FUNCTION:
+STORE_parse_attrs_end                   3626   EXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form      3627   EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form            3627   EXIST:VMS:FUNCTION:EC
+EC_KEY_get0_group                       3628   EXIST::FUNCTION:EC
+SHA256                                  3629   EXIST::FUNCTION:SHA,SHA256
+EC_GROUP_set_seed                       3630   EXIST::FUNCTION:EC
+pqueue_pop                              3631   EXIST::FUNCTION:
+i2d_ECPKParameters                      3632   EXIST::FUNCTION:EC
+pitem_new                               3633   EXIST::FUNCTION:
+ENGINE_set_ECDSA                        3634   EXIST::FUNCTION:ENGINE
+X509_STORE_CTX_set0_param               3635   EXIST::FUNCTION:
+X509_policy_tree_get0_user_policies     3636   EXIST:!VMS:FUNCTION:
+X509_pcy_tree_get0_usr_policies         3636   EXIST:VMS:FUNCTION:
+X509V3_NAME_from_section                3637   EXIST::FUNCTION:
+pqueue_peek                             3638   EXIST::FUNCTION:
+STORE_method_set_initialise_function    3639   EXIST:!VMS:FUNCTION:
+STORE_meth_set_initialise_fn            3639   EXIST:VMS:FUNCTION:
+EC_POINT_bn2point                       3640   EXIST::FUNCTION:EC
+ENGINE_load_gmp                         3641   EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
+pitem_free                              3642   EXIST::FUNCTION:
+ASN1_OCTET_STRING_NDEF_it               3643   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               3643   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_ctrl                              3644   EXIST::FUNCTION:
+STORE_method_get_list_start_function    3645   EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_start_fn            3645   EXIST:VMS:FUNCTION:
+pqueue_iterator                         3646   EXIST::FUNCTION:
+STORE_list_private_key_start            3647   EXIST::FUNCTION:
+BIO_dgram_non_fatal_error               3648   EXIST::FUNCTION:
+pqueue_next                             3649   EXIST::FUNCTION:
+BN_get0_nist_prime_521                  3650   EXIST::FUNCTION:
+PEM_read_EC_PUBKEY                      3651   EXIST:!WIN16:FUNCTION:EC
+EC_POINT_get_affine_coordinates_GF2m    3652   EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GF2m         3652   EXIST:VMS:FUNCTION:EC
+X509_policy_level_node_count            3653   EXIST::FUNCTION:
+SHA512                                  3654   EXIST::FUNCTION:SHA,SHA512
+STORE_ATTR_INFO_set_dn                  3655   EXIST::FUNCTION:
+ECDSA_set_default_method                3656   EXIST::FUNCTION:ECDSA
+STORE_ATTR_INFO_in_ex                   3657   EXIST::FUNCTION:
+d2i_ECParameters                        3658   EXIST::FUNCTION:EC
+EC_GROUP_dup                            3659   EXIST::FUNCTION:EC
+STORE_generate_crl                      3660   EXIST::FUNCTION:
+STORE_OBJECT_new                        3661   EXIST::FUNCTION:
+POLICY_CONSTRAINTS_free                 3662   EXIST::FUNCTION:
+a2i_IPADDRESS_NC                        3663   EXIST::FUNCTION:
+STORE_delete_arbitrary                  3664   EXIST::FUNCTION:
+STORE_method_set_generate_function      3665   EXIST:!VMS:FUNCTION:
+STORE_meth_set_generate_fn              3665   EXIST:VMS:FUNCTION:
+EC_GROUP_check                          3666   EXIST::FUNCTION:EC
+ECDSA_get_default_method                3667   EXIST::FUNCTION:ECDSA
+ECDSA_sign                              3668   EXIST::FUNCTION:ECDSA
+i2v_ASN1_BIT_STRING                     3669   EXIST::FUNCTION:
+STORE_modify_arbitrary                  3670   EXIST::FUNCTION:
+EVP_CIPHER_CTX_rand_key                 3671   EXIST::FUNCTION:
+BN_nist_mod_224                         3672   EXIST::FUNCTION:
+STORE_revoke_public_key                 3673   EXIST::FUNCTION:
+STORE_method_get_unlock_store_function  3674   EXIST:!VMS:FUNCTION:
+STORE_meth_get_unlock_store_fn          3674   EXIST:VMS:FUNCTION:
+d2i_EC_PUBKEY_bio                       3675   EXIST::FUNCTION:BIO,EC
+EC_GFp_nist_method                      3676   EXIST::FUNCTION:EC
+EC_GROUP_get_degree                     3677   EXIST::FUNCTION:EC
+pqueue_new                              3678   EXIST::FUNCTION:
+EC_GROUP_new_curve_GF2m                 3679   EXIST::FUNCTION:EC
+ENGINE_register_ECDSA                   3680   EXIST::FUNCTION:ENGINE
+STORE_list_certificate_endp             3681   EXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY                  3682   EXIST::FUNCTION:EC
+ENGINE_unregister_STORE                 3683   EXIST::FUNCTION:ENGINE
+d2i_ECPKParameters                      3684   EXIST::FUNCTION:EC
+BN_GF2m_poly2arr                        3685   EXIST::FUNCTION:
+SHA512_Final                            3686   EXIST::FUNCTION:SHA,SHA512
+EC_KEY_set_conv_form                    3687   EXIST::FUNCTION:EC
+BN_GF2m_mod_solve_quad_arr              3688   EXIST::FUNCTION:
+PEM_write_bio_ECPrivateKey              3689   EXIST::FUNCTION:EC
+X509_policy_tree_free                   3690   EXIST::FUNCTION:
+STORE_list_certificate_end              3691   EXIST::FUNCTION:
+BIO_dump_cb                             3692   EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ                3693   EXIST::FUNCTION:
+STORE_method_set_ctrl_function          3694   EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      3695   EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form            3695   EXIST:VMS:FUNCTION:EC
+STORE_modify_certificate                3696   EXIST::FUNCTION:
+STORE_ATTR_INFO_compare                 3697   EXIST::FUNCTION:
+STORE_store_public_key                  3698   EXIST::FUNCTION:
+ECDH_OpenSSL                            3699   EXIST::FUNCTION:ECDH
+STORE_modify_public_key                 3700   EXIST::FUNCTION:
+ECDSA_size                              3701   EXIST::FUNCTION:ECDSA
+ENGINE_get_STORE                        3702   EXIST::FUNCTION:ENGINE
+EC_KEY_get_enc_flags                    3703   EXIST::FUNCTION:EC
+STORE_get_crl                           3704   EXIST::FUNCTION:
+ECDH_get_default_method                 3705   EXIST::FUNCTION:ECDH
+ECDH_get_ex_new_index                   3706   EXIST::FUNCTION:ECDH
+PEM_read_X509_CERT_PAIR                 3707   EXIST:!WIN16:FUNCTION:
+ERR_load_ECDSA_strings                  3708   EXIST::FUNCTION:ECDSA
+BN_nist_mod_384                         3709   EXIST::FUNCTION:
+ENGINE_get_default_ECDH                 3710   EXIST::FUNCTION:ENGINE
+X509_VERIFY_PARAM_inherit               3711   EXIST::FUNCTION:
+ENGINE_load_padlock                     3712   EXIST::FUNCTION:ENGINE
+BN_get0_nist_prime_224                  3713   EXIST::FUNCTION:
+X509_STORE_set_depth                    3714   EXIST::FUNCTION:
+a2i_IPADDRESS                           3715   EXIST::FUNCTION:
+ECDSA_OpenSSL                           3716   EXIST::FUNCTION:ECDSA
+STORE_list_private_key_next             3717   EXIST::FUNCTION:
+STORE_store_certificate                 3718   EXIST::FUNCTION:
+STORE_method_set_list_start_function    3719   EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_start_fn            3719   EXIST:VMS:FUNCTION:
+X509_STORE_CTX_get0_policy_tree         3720   EXIST::FUNCTION:
+SHA224_Init                             3721   EXIST::FUNCTION:SHA,SHA256
+pqueue_print                            3722   EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_policies         3723   EXIST::FUNCTION:
+ASN1_generate_v3                        3724   EXIST::FUNCTION:
+pqueue_find                             3725   EXIST::FUNCTION:
+i2d_ECDSA_SIG                           3726   EXIST::FUNCTION:ECDSA
+STORE_method_get_ctrl_function          3727   EXIST::FUNCTION:
+ECDH_set_ex_data                        3728   EXIST::FUNCTION:ECDH
+ECParameters_print_fp                   3729   EXIST::FUNCTION:EC,FP_API
+STORE_method_set_list_end_function      3730   EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_end_fn              3730   EXIST:VMS:FUNCTION:
+ENGINE_register_all_STORE               3731   EXIST::FUNCTION:ENGINE
+EC_KEY_set_private_key                  3732   EXIST::FUNCTION:EC
+ECDSA_do_sign_ex                        3733   EXIST::FUNCTION:ECDSA
+X509_policy_tree_get0_level             3734   EXIST::FUNCTION:
+X509_POLICY_NODE_print                  3735   EXIST::FUNCTION:
+ENGINE_get_ECDH                         3736   EXIST::FUNCTION:ENGINE
+BIO_s_datagram                          3737   EXIST::FUNCTION:DGRAM
+PEM_read_ECPKParameters                 3738   EXIST:!WIN16:FUNCTION:EC
+ECDSA_set_method                        3739   EXIST::FUNCTION:ECDSA
+ERR_load_STORE_strings                  3740   EXIST::FUNCTION:
+STORE_method_get_modify_function        3741   EXIST:!VMS:FUNCTION:
+STORE_meth_get_modify_fn                3741   EXIST:VMS:FUNCTION:
+EC_KEY_set_enc_flags                    3742   EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           3743   EXIST::FUNCTION:EC
+SHA256_Final                            3744   EXIST::FUNCTION:SHA,SHA256
+BN_GF2m_add                             3745   EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls                3746   EXIST::FUNCTION:
+GENERAL_SUBTREE_new                     3747   EXIST::FUNCTION:
+STORE_revoke_private_key                3748   EXIST::FUNCTION:
+X509_VERIFY_PARAM_new                   3749   EXIST::FUNCTION:
+BIO_dump_fp                             3750   EXIST::FUNCTION:FP_API
+BN_GF2m_mod_arr                         3751   EXIST::FUNCTION:
+BN_GF2m_mod_exp                         3752   EXIST::FUNCTION:
+EC_KEY_generate_key                     3753   EXIST::FUNCTION:EC
+RSA_setup_blinding                      3754   EXIST::FUNCTION:RSA
+POLICY_MAPPING_it                       3755   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it                       3755   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_merge                               3756   EXIST::FUNCTION:
+STORE_method_get_update_store_function  3757   EXIST:!VMS:FUNCTION:
+STORE_meth_get_update_store_fn          3757   EXIST:VMS:FUNCTION:
+ENGINE_register_all_ECDH                3758   EXIST::FUNCTION:ENGINE
+i2d_ECPrivateKey                        3759   EXIST::FUNCTION:EC