From fa5df9d74baa32d9633f6215bb8395d842bb21f5 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Tue, 17 Oct 2023 13:26:14 +0200
Subject: [PATCH] Forbid explicit curves when created via EVP_PKEY_fromdata

Resolves: RHEL-5304
---
 0012-Disable-explicit-ec.patch | 88 ++++++++++++++++++++++++++++++++++
 openssl.spec                   |  2 +
 2 files changed, 90 insertions(+)

diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch
index 550cdf4..aea4ccf 100644
--- a/0012-Disable-explicit-ec.patch
+++ b/0012-Disable-explicit-ec.patch
@@ -26,6 +26,94 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
      ret->version = priv_key->version;
  
      if (priv_key->privateKey) {
+diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
+index a84e088c19..6c37bf78ae 100644
+--- a/crypto/ec/ec_lib.c
++++ b/crypto/ec/ec_lib.c
+@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+         goto err;
+     }
+     if (named_group == group) {
++        if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
++            ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
++            goto err;
++        }
++#if 0
+         /*
+          * If we did not find a named group then the encoding should be explicit
+          * if it was specified
+@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+             goto err;
+         }
+         EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
++#endif
+     } else {
+         EC_GROUP_free(group);
+         group = named_group;
+diff --git a/test/ectest.c b/test/ectest.c
+index 4890b0555e..e11aec5b3b 100644
+--- a/test/ectest.c
++++ b/test/ectest.c
+@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+         || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
+         || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+-        || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
++        || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
+                                           EVP_PKEY_KEY_PARAMETERS, params), 0))
+         goto err;
+-
++/* As creating the key should fail, the rest of the test is pointless */
++# if 0
+     /*- Check that all the set values are retrievable -*/
+ 
+     /* There should be no match to a group name since the generator changed */
+@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+ #endif
+         )
+         goto err;
++#endif
+     ret = 1;
+ err:
+     BN_free(order_out);
+@@ -2714,21 +2716,21 @@ static int custom_params_test(int id)
+ 
+     /* Compute keyexchange in both directions */
+     if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
+-            || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
+-            || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
++            || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
++/*          || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
+             || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
+             || !TEST_int_gt(bsize, sslen)
+-            || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
++            || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
+         goto err;
+     if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
+-            || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
+-            || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
++            || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
++/*          || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
+             || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
+             || !TEST_int_gt(bsize, t)
+             || !TEST_int_le(sslen, t)
+-            || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
++            || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
+         goto err;
+-
++#if 0
+     /* Both sides should expect the same shared secret */
+     if (!TEST_mem_eq(buf1, sslen, buf2, t))
+         goto err;
+@@ -2780,7 +2782,7 @@ static int custom_params_test(int id)
+             /* compare with previous result */
+             || !TEST_mem_eq(buf1, t, buf2, sslen))
+         goto err;
+-
++#endif
+     ret = 1;
+ 
+  err:
 diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
 --- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec	2022-03-21 16:55:46.005558779 +0100
 +++ openssl-3.0.1/test/endecode_test.c	2022-03-21 16:56:12.636792762 +0100
diff --git a/openssl.spec b/openssl.spec
index 8e041aa..d6b3ddd 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -531,6 +531,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
   Resolves: RHEL-11439
 - Avoid implicit function declaration when building openssl
   Resolves: RHEL-1780
+- Forbid explicit curves when created via EVP_PKEY_fromdata
+  Resolves: RHEL-5304
 
 * Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
 - Make FIPS module configuration more crypto-policies friendly