477bb5e652
- Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672 Signed-off-by: Sahana Prasad <sahana@redhat.com>
237 lines
8.8 KiB
Diff
237 lines
8.8 KiB
Diff
diff -up ./apps/speed.c.ec-curves ./apps/speed.c
|
|
--- ./apps/speed.c.ec-curves 2023-03-14 04:44:12.545437892 +0100
|
|
+++ ./apps/speed.c 2023-03-14 04:48:28.606729067 +0100
|
|
@@ -366,7 +366,7 @@ static double ffdh_results[FFDH_NUM][1];
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
enum ec_curves_t {
|
|
- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
|
+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
|
#ifndef OPENSSL_NO_EC2M
|
|
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
|
|
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
|
|
@@ -376,8 +376,6 @@ enum ec_curves_t {
|
|
};
|
|
/* list of ecdsa curves */
|
|
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
|
|
- {"ecdsap160", R_EC_P160},
|
|
- {"ecdsap192", R_EC_P192},
|
|
{"ecdsap224", R_EC_P224},
|
|
{"ecdsap256", R_EC_P256},
|
|
{"ecdsap384", R_EC_P384},
|
|
@@ -404,8 +402,6 @@ static const OPT_PAIR ecdsa_choices[ECDS
|
|
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
|
|
/* list of ecdh curves, extension of |ecdsa_choices| list above */
|
|
static const OPT_PAIR ecdh_choices[EC_NUM] = {
|
|
- {"ecdhp160", R_EC_P160},
|
|
- {"ecdhp192", R_EC_P192},
|
|
{"ecdhp224", R_EC_P224},
|
|
{"ecdhp256", R_EC_P256},
|
|
{"ecdhp384", R_EC_P384},
|
|
@@ -1422,8 +1418,6 @@ int speed_main(int argc, char **argv)
|
|
*/
|
|
static const EC_CURVE ec_curves[EC_NUM] = {
|
|
/* Prime Curves */
|
|
- {"secp160r1", NID_secp160r1, 160},
|
|
- {"nistp192", NID_X9_62_prime192v1, 192},
|
|
{"nistp224", NID_secp224r1, 224},
|
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
|
{"nistp384", NID_secp384r1, 384},
|
|
diff -up ./crypto/evp/ec_support.c.ec-curves ./crypto/evp/ec_support.c
|
|
--- ./crypto/evp/ec_support.c.ec-curves 2023-03-14 06:22:41.542310442 +0100
|
|
+++ ./crypto/evp/ec_support.c 2023-03-21 11:24:18.378451683 +0100
|
|
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
|
|
static const EC_NAME2NID curve_list[] = {
|
|
/* prime field curves */
|
|
/* secg curves */
|
|
- {"secp112r1", NID_secp112r1 },
|
|
- {"secp112r2", NID_secp112r2 },
|
|
- {"secp128r1", NID_secp128r1 },
|
|
- {"secp128r2", NID_secp128r2 },
|
|
- {"secp160k1", NID_secp160k1 },
|
|
- {"secp160r1", NID_secp160r1 },
|
|
- {"secp160r2", NID_secp160r2 },
|
|
- {"secp192k1", NID_secp192k1 },
|
|
- {"secp224k1", NID_secp224k1 },
|
|
{"secp224r1", NID_secp224r1 },
|
|
{"secp256k1", NID_secp256k1 },
|
|
{"secp384r1", NID_secp384r1 },
|
|
{"secp521r1", NID_secp521r1 },
|
|
/* X9.62 curves */
|
|
- {"prime192v1", NID_X9_62_prime192v1 },
|
|
- {"prime192v2", NID_X9_62_prime192v2 },
|
|
- {"prime192v3", NID_X9_62_prime192v3 },
|
|
- {"prime239v1", NID_X9_62_prime239v1 },
|
|
- {"prime239v2", NID_X9_62_prime239v2 },
|
|
- {"prime239v3", NID_X9_62_prime239v3 },
|
|
{"prime256v1", NID_X9_62_prime256v1 },
|
|
/* characteristic two field curves */
|
|
/* NIST/SECG curves */
|
|
- {"sect113r1", NID_sect113r1 },
|
|
- {"sect113r2", NID_sect113r2 },
|
|
- {"sect131r1", NID_sect131r1 },
|
|
- {"sect131r2", NID_sect131r2 },
|
|
- {"sect163k1", NID_sect163k1 },
|
|
- {"sect163r1", NID_sect163r1 },
|
|
- {"sect163r2", NID_sect163r2 },
|
|
- {"sect193r1", NID_sect193r1 },
|
|
- {"sect193r2", NID_sect193r2 },
|
|
- {"sect233k1", NID_sect233k1 },
|
|
- {"sect233r1", NID_sect233r1 },
|
|
- {"sect239k1", NID_sect239k1 },
|
|
- {"sect283k1", NID_sect283k1 },
|
|
- {"sect283r1", NID_sect283r1 },
|
|
- {"sect409k1", NID_sect409k1 },
|
|
- {"sect409r1", NID_sect409r1 },
|
|
- {"sect571k1", NID_sect571k1 },
|
|
- {"sect571r1", NID_sect571r1 },
|
|
- /* X9.62 curves */
|
|
- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
|
|
- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
|
|
- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
|
|
- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
|
|
- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
|
|
- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
|
|
- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
|
|
- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
|
|
- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
|
|
- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
|
|
- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
|
|
- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
|
|
- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
|
|
- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
|
|
- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
|
|
- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
|
|
- /*
|
|
- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
|
|
- * from X9.62]
|
|
- */
|
|
- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
|
|
- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
|
|
- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
|
|
- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
|
|
- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
|
|
- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
|
|
- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
|
|
- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
|
|
- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
|
|
- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
|
|
- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
|
|
- /* IPSec curves */
|
|
- {"Oakley-EC2N-3", NID_ipsec3 },
|
|
- {"Oakley-EC2N-4", NID_ipsec4 },
|
|
/* brainpool curves */
|
|
- {"brainpoolP160r1", NID_brainpoolP160r1 },
|
|
- {"brainpoolP160t1", NID_brainpoolP160t1 },
|
|
- {"brainpoolP192r1", NID_brainpoolP192r1 },
|
|
- {"brainpoolP192t1", NID_brainpoolP192t1 },
|
|
- {"brainpoolP224r1", NID_brainpoolP224r1 },
|
|
- {"brainpoolP224t1", NID_brainpoolP224t1 },
|
|
{"brainpoolP256r1", NID_brainpoolP256r1 },
|
|
{"brainpoolP256t1", NID_brainpoolP256t1 },
|
|
{"brainpoolP320r1", NID_brainpoolP320r1 },
|
|
@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] =
|
|
{"brainpoolP384t1", NID_brainpoolP384t1 },
|
|
{"brainpoolP512r1", NID_brainpoolP512r1 },
|
|
{"brainpoolP512t1", NID_brainpoolP512t1 },
|
|
- /* SM2 curve */
|
|
- {"SM2", NID_sm2 },
|
|
};
|
|
|
|
const char *OSSL_EC_curve_nid2name(int nid)
|
|
diff -up ./test/acvp_test.inc.ec-curves ./test/acvp_test.inc
|
|
--- ./test/acvp_test.inc.ec-curves 2023-03-14 06:38:20.563712586 +0100
|
|
+++ ./test/acvp_test.inc 2023-03-14 06:39:01.631080059 +0100
|
|
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
|
|
};
|
|
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
|
|
{
|
|
- "SHA-1",
|
|
- "P-192",
|
|
- ITM(ecdsa_sigver_msg0),
|
|
- ITM(ecdsa_sigver_pub0),
|
|
- ITM(ecdsa_sigver_r0),
|
|
- ITM(ecdsa_sigver_s0),
|
|
- PASS,
|
|
- },
|
|
- {
|
|
"SHA2-512",
|
|
"P-521",
|
|
ITM(ecdsa_sigver_msg1),
|
|
diff -up ./test/ecdsatest.h.ec-curves ./test/ecdsatest.h
|
|
--- ./test/ecdsatest.h.ec-curves 2023-03-14 04:49:16.148154472 +0100
|
|
+++ ./test/ecdsatest.h 2023-03-14 04:51:01.376096037 +0100
|
|
@@ -32,23 +32,6 @@ typedef struct {
|
|
} ecdsa_cavs_kat_t;
|
|
|
|
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
|
- /* prime KATs from X9.62 */
|
|
- {NID_X9_62_prime192v1, NID_sha1,
|
|
- "616263", /* "abc" */
|
|
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
|
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
|
- "5ca5c0d69716dfcb3474373902",
|
|
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
|
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
|
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
|
- {NID_X9_62_prime239v1, NID_sha1,
|
|
- "616263", /* "abc" */
|
|
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
|
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
|
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
|
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
|
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
|
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
|
/* prime KATs from NIST CAVP */
|
|
{NID_secp224r1, NID_sha224,
|
|
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
|
diff -up ./test/recipes/15-test_genec.t.ec-curves ./test/recipes/15-test_genec.t
|
|
--- ./test/recipes/15-test_genec.t.ec-curves 2023-03-14 04:51:45.215488277 +0100
|
|
+++ ./test/recipes/15-test_genec.t 2023-03-21 11:26:58.613885435 +0100
|
|
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport
|
|
if disabled("ec");
|
|
|
|
my @prime_curves = qw(
|
|
- secp112r1
|
|
- secp112r2
|
|
- secp128r1
|
|
- secp128r2
|
|
- secp160k1
|
|
- secp160r1
|
|
- secp160r2
|
|
- secp192k1
|
|
- secp224k1
|
|
secp224r1
|
|
secp256k1
|
|
secp384r1
|
|
secp521r1
|
|
- prime192v1
|
|
- prime192v2
|
|
- prime192v3
|
|
- prime239v1
|
|
- prime239v2
|
|
- prime239v3
|
|
prime256v1
|
|
- wap-wsg-idm-ecid-wtls6
|
|
- wap-wsg-idm-ecid-wtls7
|
|
- wap-wsg-idm-ecid-wtls8
|
|
- wap-wsg-idm-ecid-wtls9
|
|
- wap-wsg-idm-ecid-wtls12
|
|
- brainpoolP160r1
|
|
- brainpoolP160t1
|
|
- brainpoolP192r1
|
|
- brainpoolP192t1
|
|
- brainpoolP224r1
|
|
- brainpoolP224t1
|
|
brainpoolP256r1
|
|
brainpoolP256t1
|
|
brainpoolP320r1
|
|
@@ -136,7 +110,6 @@ push(@other_curves, 'SM2')
|
|
if !disabled("sm2");
|
|
|
|
my @curve_aliases = qw(
|
|
- P-192
|
|
P-224
|
|
P-256
|
|
P-384
|