1 files changed, 67 insertions, 31 deletions
diff --git a/kex.h b/kex.h
index 4e5ead839..39f67bbc1 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.107 2019/01/23 00:30:41 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -27,6 +27,7 @@
 #define KEX_H
 #include "mac.h"
+#include "crypto_api.h"
 #ifdef WITH_LEAKMALLOC
 #include "leakmalloc.h"
@@ -62,6 +63,7 @@
 #define KEX_ECDH_SHA2_NISTP521          "ecdh-sha2-nistp521"
 #define KEX_CURVE25519_SHA256           "curve25519-sha256"
 #define KEX_CURVE25519_SHA256_OLD       "curve25519-sha256@libssh.org"
+#define KEX_SNTRUP4591761X25519_SHA512  "sntrup4591761x25519-sha512@tinyssh.org"
 #define COMP_NONE       0
 /* pre-auth compression (COMP_ZLIB) is only supported in the client */
@@ -100,13 +102,21 @@ enum kex_exchange {
        KEX_DH_GEX_SHA256,
        KEX_ECDH_SHA2,
        KEX_C25519_SHA256,
+        KEX_KEM_SNTRUP4591761X25519_SHA512,
+#ifdef GSSAPI
        KEX_GSS_GRP1_SHA1,
        KEX_GSS_GRP14_SHA1,
+        KEX_GSS_GRP14_SHA256,
+        KEX_GSS_GRP16_SHA512,
        KEX_GSS_GEX_SHA1,
+        KEX_GSS_NISTP256_SHA256,
+        KEX_GSS_C25519_SHA256,
+#endif
        KEX_MAX
 };
 #define KEX_INIT_SENT   0x0001
+#define KEX_INITIAL     0x0002
 struct sshenc {
        char    *name;
@@ -147,6 +157,8 @@ struct kex {
        int     ext_info_c;
        struct sshbuf *my;
        struct sshbuf *peer;
+        struct sshbuf *client_version;
+        struct sshbuf *server_version;
        sig_atomic_t done;
        u_int   flags;
        int     hash_alg;
@@ -157,31 +169,36 @@ struct kex {
        char    *gss_host;
        char    *gss_client;
 #endif
-        char    *client_version_string;
-        char    *server_version_string;
        char    *failed_choice;
        int     (*verify_host_key)(struct sshkey *, struct ssh *);
        struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
        struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
        int     (*host_key_index)(struct sshkey *, int, struct ssh *);
-        int     (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *,
+        int     (*sign)(struct ssh *, struct sshkey *, struct sshkey *,
-            const u_char *, size_t, const char *, u_int);
+            u_char **, size_t *, const u_char *, size_t, const char *);
        int     (*kex[KEX_MAX])(struct ssh *);
        /* kex specific state */
        DH      *dh;                    /* DH */
        u_int   min, max, nbits;        /* GEX */
        EC_KEY  *ec_client_key;         /* ECDH */
        const EC_GROUP *ec_group;       /* ECDH */
-        u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+        u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
        u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
+        u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
+        struct sshbuf *client_pub;
 };
 int      kex_names_valid(const char *);
 char    *kex_alg_list(char);
+char    *kex_gss_alg_list(char);
 char    *kex_names_cat(const char *, const char *);
 int      kex_assemble_names(char **, const char *, const char *);
+int      kex_gss_names_valid(const char *);
+int      kex_exchange_identification(struct ssh *, int, int, const char *);
-int      kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
+struct kex *kex_new(void);
+int      kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
 int      kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
 void     kex_free_newkeys(struct newkeys *);
 void     kex_free(struct kex *);
@@ -189,48 +206,63 @@ void	 kex_free(struct kex *);
 int      kex_buf2prop(struct sshbuf *, int *, char ***);
 int      kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
 void     kex_prop_free(char **);
+int      kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **);
+int      kex_verify_host_key(struct ssh *, struct sshkey *);
 int      kex_send_kexinit(struct ssh *);
 int      kex_input_kexinit(int, u_int32_t, struct ssh *);
 int      kex_input_ext_info(int, u_int32_t, struct ssh *);
 int      kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
-int      kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
 int      kex_send_newkeys(struct ssh *);
 int      kex_start_rekex(struct ssh *);
-int      kexdh_client(struct ssh *);
-int      kexdh_server(struct ssh *);
 int      kexgex_client(struct ssh *);
 int      kexgex_server(struct ssh *);
-int      kexecdh_client(struct ssh *);
+int      kex_gen_client(struct ssh *);
-int      kexecdh_server(struct ssh *);
+int      kex_gen_server(struct ssh *);
-int      kexc25519_client(struct ssh *);
+#if defined(GSSAPI) && defined(WITH_OPENSSL)
-int      kexc25519_server(struct ssh *);
+int      kexgssgex_client(struct ssh *);
+int      kexgssgex_server(struct ssh *);
-#ifdef GSSAPI
 int      kexgss_client(struct ssh *);
 int      kexgss_server(struct ssh *);
 #endif
-int      kex_dh_hash(int, const char *, const char *,
+int      kex_dh_keypair(struct kex *);
-    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+int      kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
-    const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
+    struct sshbuf **);
+int      kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
+int      kex_ecdh_keypair(struct kex *);
+int      kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
+    struct sshbuf **);
+int      kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
-int      kexgex_hash(int, const char *, const char *,
+int      kex_c25519_keypair(struct kex *);
-    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+int      kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
+    struct sshbuf **);
+int      kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
+int      kex_kem_sntrup4591761x25519_keypair(struct kex *);
+int      kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *,
+    struct sshbuf **, struct sshbuf **);
+int      kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *,
+    struct sshbuf **);
+int      kex_dh_keygen(struct kex *);
+int      kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);
+int      kexgex_hash(int, const struct sshbuf *, const struct sshbuf *,
+    const struct sshbuf *, const struct sshbuf *, const struct sshbuf *,
    int, int, int,
    const BIGNUM *, const BIGNUM *, const BIGNUM *,
-    const BIGNUM *, const BIGNUM *,
+    const BIGNUM *, const u_char *, size_t,
    u_char *, size_t *);
-int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
+int      kex_gen_hash(int hash_alg, const struct sshbuf *client_version,
-    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+    const struct sshbuf *server_version, const struct sshbuf *client_kexinit,
-    const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
+    const struct sshbuf *server_kexinit, const struct sshbuf *server_host_key_blob,
+    const struct sshbuf *client_pub, const struct sshbuf *server_pub,
-int      kex_c25519_hash(int, const char *, const char *,
+    const struct sshbuf *shared_secret, u_char *hash, size_t *hashlen);
-    const u_char *, size_t, const u_char *, size_t,
-    const u_char *, size_t, const u_char *, const u_char *,
-    const u_char *, size_t, u_char *, size_t *);
 void    kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
@@ -239,9 +271,13 @@ int	kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
    const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
        __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+int     kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
+    const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
+        __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+        __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
-void    dump_digest(char *, u_char *, int);
+void    dump_digest(const char *, const u_char *, int);
 #endif
 #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)

diff --git a/kex.h b/kex.h index 4e5ead839..39f67bbc1 100644 --- a/kex.h +++ b/kex.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */	1	/* $OpenBSD: kex.h,v 1.107 2019/01/23 00:30:41 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -27,6 +27,7 @@
27	#define KEX_H	27	#define KEX_H
28		28
29	#include "mac.h"	29	#include "mac.h"
		30	#include "crypto_api.h"
30		31
31	#ifdef WITH_LEAKMALLOC	32	#ifdef WITH_LEAKMALLOC
32	#include "leakmalloc.h"	33	#include "leakmalloc.h"
@@ -62,6 +63,7 @@
62	#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"	63	#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
63	#define KEX_CURVE25519_SHA256 "curve25519-sha256"	64	#define KEX_CURVE25519_SHA256 "curve25519-sha256"
64	#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"	65	#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
		66	#define KEX_SNTRUP4591761X25519_SHA512 "sntrup4591761x25519-sha512@tinyssh.org"
65		67
66	#define COMP_NONE 0	68	#define COMP_NONE 0
67	/* pre-auth compression (COMP_ZLIB) is only supported in the client */	69	/* pre-auth compression (COMP_ZLIB) is only supported in the client */
@@ -100,13 +102,21 @@ enum kex_exchange {
100	KEX_DH_GEX_SHA256,	102	KEX_DH_GEX_SHA256,
101	KEX_ECDH_SHA2,	103	KEX_ECDH_SHA2,
102	KEX_C25519_SHA256,	104	KEX_C25519_SHA256,
		105	KEX_KEM_SNTRUP4591761X25519_SHA512,
		106	#ifdef GSSAPI
103	KEX_GSS_GRP1_SHA1,	107	KEX_GSS_GRP1_SHA1,
104	KEX_GSS_GRP14_SHA1,	108	KEX_GSS_GRP14_SHA1,
		109	KEX_GSS_GRP14_SHA256,
		110	KEX_GSS_GRP16_SHA512,
105	KEX_GSS_GEX_SHA1,	111	KEX_GSS_GEX_SHA1,
		112	KEX_GSS_NISTP256_SHA256,
		113	KEX_GSS_C25519_SHA256,
		114	#endif
106	KEX_MAX	115	KEX_MAX
107	};	116	};
108		117
109	#define KEX_INIT_SENT 0x0001	118	#define KEX_INIT_SENT 0x0001
		119	#define KEX_INITIAL 0x0002
110		120
111	struct sshenc {	121	struct sshenc {
112	char *name;	122	char *name;
@@ -147,6 +157,8 @@ struct kex {
147	int ext_info_c;	157	int ext_info_c;
148	struct sshbuf *my;	158	struct sshbuf *my;
149	struct sshbuf *peer;	159	struct sshbuf *peer;
		160	struct sshbuf *client_version;
		161	struct sshbuf *server_version;
150	sig_atomic_t done;	162	sig_atomic_t done;
151	u_int flags;	163	u_int flags;
152	int hash_alg;	164	int hash_alg;
@@ -157,31 +169,36 @@ struct kex {
157	char *gss_host;	169	char *gss_host;
158	char *gss_client;	170	char *gss_client;
159	#endif	171	#endif
160	char *client_version_string;
161	char *server_version_string;
162	char *failed_choice;	172	char *failed_choice;
163	int (verify_host_key)(struct sshkey , struct ssh *);	173	int (verify_host_key)(struct sshkey , struct ssh *);
164	struct sshkey (load_host_public_key)(int, int, struct ssh *);	174	struct sshkey (load_host_public_key)(int, int, struct ssh *);
165	struct sshkey (load_host_private_key)(int, int, struct ssh *);	175	struct sshkey (load_host_private_key)(int, int, struct ssh *);
166	int (host_key_index)(struct sshkey , int, struct ssh *);	176	int (host_key_index)(struct sshkey , int, struct ssh *);
167	int (sign)(struct sshkey , struct sshkey , u_char , size_t ,	177	int (sign)(struct ssh , struct sshkey , struct sshkey ,
168	const u_char , size_t, const char , u_int);	178	u_char *, size_t , const u_char , size_t, const char );
169	int (kex[KEX_MAX])(struct ssh );	179	int (kex[KEX_MAX])(struct ssh );
170	/* kex specific state */	180	/* kex specific state */
171	DH dh; / DH */	181	DH dh; / DH */
172	u_int min, max, nbits; /* GEX */	182	u_int min, max, nbits; /* GEX */
173	EC_KEY ec_client_key; / ECDH */	183	EC_KEY ec_client_key; / ECDH */
174	const EC_GROUP ec_group; / ECDH */	184	const EC_GROUP ec_group; / ECDH */
175	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */	185	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
176	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */	186	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
		187	u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
		188	struct sshbuf *client_pub;
177	};	189	};
178		190
179	int kex_names_valid(const char *);	191	int kex_names_valid(const char *);
180	char *kex_alg_list(char);	192	char *kex_alg_list(char);
		193	char *kex_gss_alg_list(char);
181	char kex_names_cat(const char , const char *);	194	char kex_names_cat(const char , const char *);
182	int kex_assemble_names(char *, const char , const char *);	195	int kex_assemble_names(char *, const char , const char *);
		196	int kex_gss_names_valid(const char *);
		197
		198	int kex_exchange_identification(struct ssh , int, int, const char );
183		199
184	int kex_new(struct ssh , char [PROPOSAL_MAX], struct kex **);	200	struct kex *kex_new(void);
		201	int kex_ready(struct ssh , char [PROPOSAL_MAX]);
185	int kex_setup(struct ssh , char [PROPOSAL_MAX]);	202	int kex_setup(struct ssh , char [PROPOSAL_MAX]);
186	void kex_free_newkeys(struct newkeys *);	203	void kex_free_newkeys(struct newkeys *);
187	void kex_free(struct kex *);	204	void kex_free(struct kex *);
@@ -189,48 +206,63 @@ void kex_free(struct kex *);
189	int kex_buf2prop(struct sshbuf , int , char ***);	206	int kex_buf2prop(struct sshbuf , int , char ***);
190	int kex_prop2buf(struct sshbuf , char proposal[PROPOSAL_MAX]);	207	int kex_prop2buf(struct sshbuf , char proposal[PROPOSAL_MAX]);
191	void kex_prop_free(char **);	208	void kex_prop_free(char **);
		209	int kex_load_hostkey(struct ssh , struct sshkey , struct sshkey *);
		210	int kex_verify_host_key(struct ssh , struct sshkey );
192		211
193	int kex_send_kexinit(struct ssh *);	212	int kex_send_kexinit(struct ssh *);
194	int kex_input_kexinit(int, u_int32_t, struct ssh *);	213	int kex_input_kexinit(int, u_int32_t, struct ssh *);
195	int kex_input_ext_info(int, u_int32_t, struct ssh *);	214	int kex_input_ext_info(int, u_int32_t, struct ssh *);
196	int kex_derive_keys(struct ssh , u_char , u_int, const struct sshbuf *);	215	int kex_derive_keys(struct ssh , u_char , u_int, const struct sshbuf *);
197	int kex_derive_keys_bn(struct ssh , u_char , u_int, const BIGNUM *);
198	int kex_send_newkeys(struct ssh *);	216	int kex_send_newkeys(struct ssh *);
199	int kex_start_rekex(struct ssh *);	217	int kex_start_rekex(struct ssh *);
200		218
201	int kexdh_client(struct ssh *);
202	int kexdh_server(struct ssh *);
203	int kexgex_client(struct ssh *);	219	int kexgex_client(struct ssh *);
204	int kexgex_server(struct ssh *);	220	int kexgex_server(struct ssh *);
205	int kexecdh_client(struct ssh *);	221	int kex_gen_client(struct ssh *);
206	int kexecdh_server(struct ssh *);	222	int kex_gen_server(struct ssh *);
207	int kexc25519_client(struct ssh *);	223	#if defined(GSSAPI) && defined(WITH_OPENSSL)
208	int kexc25519_server(struct ssh *);	224	int kexgssgex_client(struct ssh *);
209		225	int kexgssgex_server(struct ssh *);
210	#ifdef GSSAPI
211	int kexgss_client(struct ssh *);	226	int kexgss_client(struct ssh *);
212	int kexgss_server(struct ssh *);	227	int kexgss_server(struct ssh *);
213	#endif	228	#endif
214		229
215	int kex_dh_hash(int, const char , const char ,	230	int kex_dh_keypair(struct kex *);
216	const u_char , size_t, const u_char , size_t, const u_char *, size_t,	231	int kex_dh_enc(struct kex , const struct sshbuf , struct sshbuf **,
217	const BIGNUM , const BIGNUM , const BIGNUM , u_char , size_t *);	232	struct sshbuf **);
		233	int kex_dh_dec(struct kex , const struct sshbuf , struct sshbuf **);
		234
		235	int kex_ecdh_keypair(struct kex *);
		236	int kex_ecdh_enc(struct kex , const struct sshbuf , struct sshbuf **,
		237	struct sshbuf **);
		238	int kex_ecdh_dec(struct kex , const struct sshbuf , struct sshbuf **);
218		239
219	int kexgex_hash(int, const char , const char ,	240	int kex_c25519_keypair(struct kex *);
220	const u_char , size_t, const u_char , size_t, const u_char *, size_t,	241	int kex_c25519_enc(struct kex , const struct sshbuf , struct sshbuf **,
		242	struct sshbuf **);
		243	int kex_c25519_dec(struct kex , const struct sshbuf , struct sshbuf **);
		244
		245	int kex_kem_sntrup4591761x25519_keypair(struct kex *);
		246	int kex_kem_sntrup4591761x25519_enc(struct kex , const struct sshbuf ,
		247	struct sshbuf , struct sshbuf );
		248	int kex_kem_sntrup4591761x25519_dec(struct kex , const struct sshbuf ,
		249	struct sshbuf **);
		250
		251	int kex_dh_keygen(struct kex *);
		252	int kex_dh_compute_key(struct kex , BIGNUM , struct sshbuf *);
		253
		254	int kexgex_hash(int, const struct sshbuf , const struct sshbuf ,
		255	const struct sshbuf , const struct sshbuf , const struct sshbuf *,
221	int, int, int,	256	int, int, int,
222	const BIGNUM , const BIGNUM , const BIGNUM *,	257	const BIGNUM , const BIGNUM , const BIGNUM *,
223	const BIGNUM , const BIGNUM ,	258	const BIGNUM , const u_char , size_t,
224	u_char , size_t );	259	u_char , size_t );
225		260
226	int kex_ecdh_hash(int, const EC_GROUP , const char , const char *,	261	int kex_gen_hash(int hash_alg, const struct sshbuf *client_version,
227	const u_char , size_t, const u_char , size_t, const u_char *, size_t,	262	const struct sshbuf server_version, const struct sshbuf client_kexinit,
228	const EC_POINT , const EC_POINT , const BIGNUM , u_char , size_t *);	263	const struct sshbuf server_kexinit, const struct sshbuf server_host_key_blob,
229		264	const struct sshbuf client_pub, const struct sshbuf server_pub,
230	int kex_c25519_hash(int, const char , const char ,	265	const struct sshbuf shared_secret, u_char hash, size_t *hashlen);
231	const u_char , size_t, const u_char , size_t,
232	const u_char , size_t, const u_char , const u_char *,
233	const u_char , size_t, u_char , size_t *);
234		266
235	void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])	267	void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
236	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))	268	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
@@ -239,9 +271,13 @@ int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
239	const u_char pub[CURVE25519_SIZE], struct sshbuf *out)	271	const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
240	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))	272	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
241	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));	273	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
		274	int kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
		275	const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
		276	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
		277	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
242		278
243	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH) \|\| defined(DEBUG_KEXECDH)	279	#if defined(DEBUG_KEX) \|\| defined(DEBUG_KEXDH) \|\| defined(DEBUG_KEXECDH)
244	void dump_digest(char , u_char , int);	280	void dump_digest(const char , const u_char , int);
245	#endif	281	#endif
246		282
247	#if !defined(WITH_OPENSSL) \|\| !defined(OPENSSL_HAS_ECC)	283	#if !defined(WITH_OPENSSL) \|\| !defined(OPENSSL_HAS_ECC)