OpenSSL 1.1.0 X25519 implementation #2048
Description
I'm trying to develop an application that uses X25519 (or ECDH over Curve25519), which is supposed to be supported since version 1.1.0 (issue #309). But, when looking for examples, I realised that in the code this curve is not tested under test/ecdhtest.c. Literally:
* Skipped for X25519 because affine coordinate operations are not
* supported for this curve.
* Higher level ECDH tests are performed in evptests.txt instead.
In test/evptest.c it is only tested that the generated secret key is what was expected. There is no key generation.
Another test that I tried to do was to run openssl speed ecdhx25519, which crashes:
ECDH failure.
139633730975552:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:3100:
139633730975552:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:3100:
OpenSSL 1.1.0 25 Aug 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wa,--noexecstack
op op/s
253 bit ecdh (X25519) 0.0000s inf
It works perfectly with whichever another curve. I've tried to run the same with two versions (1.1.0 and 1.1.0c) and on two different machines, with identical result.
So, is X25519 100% supported in 1.1.0? If so, where is my mistake?