openssl/0011-Remove-EC-curves.patch
Sahana Prasad ec7ef62793 Rebase to OpenSSL version 3.0.0
Note: This is a W.I.P as this is a huge rebase.
Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-04-12 00:34:30 +02:00

622 lines
25 KiB
Diff

diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c
--- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200
+++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200
@@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1];
#endif /* OPENSSL_NO_DH */
enum ec_curves_t {
- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
-#ifndef OPENSSL_NO_EC2M
- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
-#endif
- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
+ ECDSA_NUM
};
/* list of ecdsa curves */
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
- {"ecdsap160", R_EC_P160},
- {"ecdsap192", R_EC_P192},
{"ecdsap224", R_EC_P224},
{"ecdsap256", R_EC_P256},
{"ecdsap384", R_EC_P384},
{"ecdsap521", R_EC_P521},
-#ifndef OPENSSL_NO_EC2M
- {"ecdsak163", R_EC_K163},
- {"ecdsak233", R_EC_K233},
- {"ecdsak283", R_EC_K283},
- {"ecdsak409", R_EC_K409},
- {"ecdsak571", R_EC_K571},
- {"ecdsab163", R_EC_B163},
- {"ecdsab233", R_EC_B233},
- {"ecdsab283", R_EC_B283},
- {"ecdsab409", R_EC_B409},
- {"ecdsab571", R_EC_B571},
-#endif
- {"ecdsabrp256r1", R_EC_BRP256R1},
- {"ecdsabrp256t1", R_EC_BRP256T1},
- {"ecdsabrp384r1", R_EC_BRP384R1},
- {"ecdsabrp384t1", R_EC_BRP384T1},
- {"ecdsabrp512r1", R_EC_BRP512R1},
- {"ecdsabrp512t1", R_EC_BRP512T1}
};
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
/* list of ecdh curves, extension of |ecdsa_choices| list above */
static const OPT_PAIR ecdh_choices[EC_NUM] = {
- {"ecdhp160", R_EC_P160},
- {"ecdhp192", R_EC_P192},
{"ecdhp224", R_EC_P224},
{"ecdhp256", R_EC_P256},
{"ecdhp384", R_EC_P384},
{"ecdhp521", R_EC_P521},
-#ifndef OPENSSL_NO_EC2M
- {"ecdhk163", R_EC_K163},
- {"ecdhk233", R_EC_K233},
- {"ecdhk283", R_EC_K283},
- {"ecdhk409", R_EC_K409},
- {"ecdhk571", R_EC_K571},
- {"ecdhb163", R_EC_B163},
- {"ecdhb233", R_EC_B233},
- {"ecdhb283", R_EC_B283},
- {"ecdhb409", R_EC_B409},
- {"ecdhb571", R_EC_B571},
-#endif
- {"ecdhbrp256r1", R_EC_BRP256R1},
- {"ecdhbrp256t1", R_EC_BRP256T1},
- {"ecdhbrp384r1", R_EC_BRP384R1},
- {"ecdhbrp384t1", R_EC_BRP384T1},
- {"ecdhbrp512r1", R_EC_BRP512R1},
- {"ecdhbrp512t1", R_EC_BRP512T1},
{"ecdhx25519", R_EC_X25519},
{"ecdhx448", R_EC_X448}
};
@@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv)
*/
static const EC_CURVE ec_curves[EC_NUM] = {
/* Prime Curves */
- {"secp160r1", NID_secp160r1, 160},
- {"nistp192", NID_X9_62_prime192v1, 192},
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
{"nistp384", NID_secp384r1, 384},
{"nistp521", NID_secp521r1, 521},
-#ifndef OPENSSL_NO_EC2M
- /* Binary Curves */
- {"nistk163", NID_sect163k1, 163},
- {"nistk233", NID_sect233k1, 233},
- {"nistk283", NID_sect283k1, 283},
- {"nistk409", NID_sect409k1, 409},
- {"nistk571", NID_sect571k1, 571},
- {"nistb163", NID_sect163r2, 163},
- {"nistb233", NID_sect233r1, 233},
- {"nistb283", NID_sect283r1, 283},
- {"nistb409", NID_sect409r1, 409},
- {"nistb571", NID_sect571r1, 571},
-#endif
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
/* Other and ECDH only ones */
{"X25519", NID_X25519, 253},
{"X448", NID_X448, 448}
diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h
--- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200
+++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200
@@ -32,23 +32,6 @@ typedef struct {
} ecdsa_cavs_kat_t;
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
- /* prime KATs from X9.62 */
- {NID_X9_62_prime192v1, NID_sha1,
- "616263", /* "abc" */
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
- "5ca5c0d69716dfcb3474373902",
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
- {NID_X9_62_prime239v1, NID_sha1,
- "616263", /* "abc" */
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
/* prime KATs from NIST CAVP */
{NID_secp224r1, NID_sha224,
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t
--- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200
+++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200
@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport
if disabled("ec");
my @prime_curves = qw(
- secp112r1
- secp112r2
- secp128r1
- secp128r2
- secp160k1
- secp160r1
- secp160r2
- secp192k1
- secp224k1
secp224r1
secp256k1
secp384r1
secp521r1
- prime192v1
- prime192v2
- prime192v3
- prime239v1
- prime239v2
- prime239v3
prime256v1
- wap-wsg-idm-ecid-wtls6
- wap-wsg-idm-ecid-wtls7
- wap-wsg-idm-ecid-wtls8
- wap-wsg-idm-ecid-wtls9
- wap-wsg-idm-ecid-wtls12
- brainpoolP160r1
- brainpoolP160t1
- brainpoolP192r1
- brainpoolP192t1
- brainpoolP224r1
- brainpoolP224t1
- brainpoolP256r1
- brainpoolP256t1
- brainpoolP320r1
- brainpoolP320t1
- brainpoolP384r1
- brainpoolP384t1
- brainpoolP512r1
- brainpoolP512t1
);
my @binary_curves = qw(
@@ -136,7 +102,6 @@ push(@other_curves, 'SM2')
if !disabled("sm2");
my @curve_aliases = qw(
- P-192
P-224
P-256
P-384
diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t
--- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200
+++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200
@@ -33,7 +33,7 @@ my %certs_info =
'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit',
'ee-cert-ec-named-named' => 'ca-cert-ec-named',
# 'server-ed448-cert' => 'root-ed448-cert'
- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',
+ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',
)
)
);
diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t
diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200
@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server
client = 22-ECDSA with brainpool-client
[22-ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[22-ECDSA with brainpool-client]
CipherString = aECDSA
-Groups = brainpoolP256r1
MaxProtocol = TLSv1.2
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@@ -791,9 +789,6 @@ VerifyMode = Peer
[test-22]
ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = brainpoolP256r1
-ExpectedServerSignType = EC
# ===========================================================
@@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool
client = 53-TLS 1.3 ECDSA with brainpool-client
[53-TLS 1.3 ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[53-TLS 1.3 ECDSA with brainpool-client]
CipherString = DEFAULT
@@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
VerifyMode = Peer
[test-53]
-ExpectedResult = ServerFail
+ExpectedResult = Success
# ===========================================================
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200
@@ -428,21 +428,21 @@ my @tests_non_fips = (
{
name => "ECDSA with brainpool",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
- "Groups" => "brainpoolP256r1",
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+ #"Groups" => "brainpoolP256r1",
},
client => {
"MaxProtocol" => "TLSv1.2",
"CipherString" => "aECDSA",
"RequestCAFile" => test_pem("root-cert.pem"),
- "Groups" => "brainpoolP256r1",
+ #"Groups" => "brainpoolP256r1",
},
test => {
- "ExpectedServerCertType" =>, "brainpoolP256r1",
- "ExpectedServerSignType" =>, "EC",
+ #"ExpectedServerCertType" =>, "brainpoolP256r1",
+ #"ExpectedServerSignType" =>, "EC",
# Note: certificate_authorities not sent for TLS < 1.3
- "ExpectedServerCANames" =>, "empty",
+ #"ExpectedServerCANames" =>, "empty",
"ExpectedResult" => "Success"
},
},
@@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = (
{
name => "TLS 1.3 ECDSA with brainpool",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
},
client => {
"RequestCAFile" => test_pem("root-cert.pem"),
@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = (
"MaxProtocol" => "TLSv1.3"
},
test => {
- "ExpectedResult" => "ServerFail"
+ "ExpectedResult" => "Success"
},
},
);
diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha13/test/evp_extra_test.c
--- openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves 2021-04-10 13:49:53.381742691 +0200
+++ openssl-3.0.0-alpha13/test/evp_extra_test.c 2021-04-10 13:56:11.742776705 +0200
@@ -2414,13 +2414,13 @@ err:
}
#ifndef OPENSSL_NO_EC
-static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
+static int ecpub_nids[] = {NID_X9_62_prime256v1,
NID_secp384r1, NID_secp521r1,
#ifndef OPENSSL_NO_EC2M
NID_sect233k1, NID_sect233r1, NID_sect283r1,
NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
#endif
- NID_brainpoolP384r1, NID_brainpoolP512r1};
+ };
static int test_ecpub(int idx)
{
diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200
+++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200
@@ -158,60 +158,6 @@ sub tsignverify {
$testtext);
}
-SKIP : {
- skip "FIPS EC tests because of no ec in this build", 1
- if disabled("ec");
-
- subtest EC => sub {
- my $testtext_prefix = 'EC';
- my $a_fips_curve = 'prime256v1';
- my $fips_key = $testtext_prefix.'.fips.priv.pem';
- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem';
- my $a_nonfips_curve = 'brainpoolP256r1';
- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem';
- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem';
- my $testtext = '';
- my $curvename = '';
-
- plan tests => 5 + $tsignverify_count;
-
- $ENV{OPENSSL_CONF} = $defaultconf;
- $curvename = $a_nonfips_curve;
- $testtext = $testtext_prefix.': '.
- 'Generate a key with a non-FIPS algorithm with the default provider';
- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
- '-out', $nonfips_key])),
- $testtext);
-
- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");
-
- $ENV{OPENSSL_CONF} = $fipsconf;
-
- $curvename = $a_fips_curve;
- $testtext = $testtext_prefix.': '.
- 'Generate a key with a FIPS algorithm';
- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
- '-out', $fips_key])),
- $testtext);
-
- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS");
-
- $curvename = $a_nonfips_curve;
- $testtext = $testtext_prefix.': '.
- 'Generate a key with a non-FIPS algorithm'.
- ' (should fail)';
- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC',
- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])),
- $testtext);
-
- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key,
- $nonfips_pub_key);
- };
-}
-
SKIP: {
skip "FIPS RSA tests because of no rsa in this build", 1
if disabled("rsa");
diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200
+++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200
@@ -26,7 +26,7 @@ use platform;
my $no_check = disabled("fips") || disabled('fips-securitychecks');
plan skip_all => "Test only supported in a fips build with security checks"
if $no_check;
-plan tests => 11;
+plan tests => 10;
my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
my $fipsconf = srctop_file("test", "fips-and-base.cnf");
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200
@@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool
client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
[52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
CipherString = aECDSA
-Groups = brainpoolP256r1
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-52]
-ExpectedResult = ClientFail
+ExpectedResult = Success
# ===========================================================
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200
@@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = (
{
name => "TLS 1.3 ECDSA with brainpool but no suitable groups",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
- "Groups" => "brainpoolP256r1",
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+ #"Groups" => "brainpoolP256r1",
},
client => {
"CipherString" => "aECDSA",
"RequestCAFile" => test_pem("root-cert.pem"),
- "Groups" => "brainpoolP256r1",
+ #"Groups" => "brainpoolP256r1",
},
test => {
#We only configured brainpoolP256r1 on the client side, but TLSv1.3
#is enabled and this group is not allowed in TLSv1.3. Therefore this
#should fail
- "ExpectedResult" => "ClientFail"
+ "ExpectedResult" => "Success"
},
},
{
diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c
--- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200
+++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200
@@ -20,99 +20,13 @@ typedef struct ec_name2nid_st {
static const EC_NAME2NID curve_list[] = {
/* prime field curves */
/* secg curves */
- {"secp112r1", NID_secp112r1 },
- {"secp112r2", NID_secp112r2 },
- {"secp128r1", NID_secp128r1 },
- {"secp128r2", NID_secp128r2 },
- {"secp160k1", NID_secp160k1 },
- {"secp160r1", NID_secp160r1 },
- {"secp160r2", NID_secp160r2 },
- {"secp192k1", NID_secp192k1 },
{"secp224k1", NID_secp224k1 },
{"secp224r1", NID_secp224r1 },
{"secp256k1", NID_secp256k1 },
{"secp384r1", NID_secp384r1 },
{"secp521r1", NID_secp521r1 },
/* X9.62 curves */
- {"prime192v1", NID_X9_62_prime192v1 },
- {"prime192v2", NID_X9_62_prime192v2 },
- {"prime192v3", NID_X9_62_prime192v3 },
- {"prime239v1", NID_X9_62_prime239v1 },
- {"prime239v2", NID_X9_62_prime239v2 },
- {"prime239v3", NID_X9_62_prime239v3 },
{"prime256v1", NID_X9_62_prime256v1 },
- /* characteristic two field curves */
- /* NIST/SECG curves */
- {"sect113r1", NID_sect113r1 },
- {"sect113r2", NID_sect113r2 },
- {"sect131r1", NID_sect131r1 },
- {"sect131r2", NID_sect131r2 },
- {"sect163k1", NID_sect163k1 },
- {"sect163r1", NID_sect163r1 },
- {"sect163r2", NID_sect163r2 },
- {"sect193r1", NID_sect193r1 },
- {"sect193r2", NID_sect193r2 },
- {"sect233k1", NID_sect233k1 },
- {"sect233r1", NID_sect233r1 },
- {"sect239k1", NID_sect239k1 },
- {"sect283k1", NID_sect283k1 },
- {"sect283r1", NID_sect283r1 },
- {"sect409k1", NID_sect409k1 },
- {"sect409r1", NID_sect409r1 },
- {"sect571k1", NID_sect571k1 },
- {"sect571r1", NID_sect571r1 },
- /* X9.62 curves */
- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
- /*
- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
- * from X9.62]
- */
- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
- /* IPSec curves */
- {"Oakley-EC2N-3", NID_ipsec3 },
- {"Oakley-EC2N-4", NID_ipsec4 },
- /* brainpool curves */
- {"brainpoolP160r1", NID_brainpoolP160r1 },
- {"brainpoolP160t1", NID_brainpoolP160t1 },
- {"brainpoolP192r1", NID_brainpoolP192r1 },
- {"brainpoolP192t1", NID_brainpoolP192t1 },
- {"brainpoolP224r1", NID_brainpoolP224r1 },
- {"brainpoolP224t1", NID_brainpoolP224t1 },
- {"brainpoolP256r1", NID_brainpoolP256r1 },
- {"brainpoolP256t1", NID_brainpoolP256t1 },
- {"brainpoolP320r1", NID_brainpoolP320r1 },
- {"brainpoolP320t1", NID_brainpoolP320t1 },
- {"brainpoolP384r1", NID_brainpoolP384r1 },
- {"brainpoolP384t1", NID_brainpoolP384t1 },
- {"brainpoolP512r1", NID_brainpoolP512r1 },
- {"brainpoolP512t1", NID_brainpoolP512t1 },
- /* SM2 curve */
- {"SM2", NID_sm2 },
};
const char *ossl_ec_curve_nid2name(int nid)
diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc
--- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200
+++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
};
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
{
- "SHA-1",
- "P-192",
- ITM(ecdsa_sigver_msg0),
- ITM(ecdsa_sigver_pub0),
- ITM(ecdsa_sigver_r0),
- ITM(ecdsa_sigver_s0),
- PASS,
- },
- {
"SHA2-512",
"P-521",
ITM(ecdsa_sigver_msg1),
diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t
--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200
+++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200
@@ -7,7 +7,6 @@
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
-
use strict;
use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
use OpenSSL::Test::Utils;
@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo
plan skip_all => "This test is not supported in a shared library build on Windows"
if $^O eq 'MSWin32' && !disabled("shared");
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_protect_test",
data_file("server.pem"),
diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t
--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200
+++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200
@@ -7,7 +7,6 @@
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
-
use strict;
use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
use OpenSSL::Test::Utils;
@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo
plan skip_all => "This test is not supported in a no-ec build"
if disabled("ec");
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_vfy_test",
data_file("server.crt"), data_file("client.crt"),