|
|
|
@ -26,6 +26,94 @@ diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/cry
|
|
|
|
ret->version = priv_key->version;
|
|
|
|
ret->version = priv_key->version;
|
|
|
|
|
|
|
|
|
|
|
|
if (priv_key->privateKey) {
|
|
|
|
if (priv_key->privateKey) {
|
|
|
|
|
|
|
|
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
|
|
|
|
|
|
|
index a84e088c19..6c37bf78ae 100644
|
|
|
|
|
|
|
|
--- a/crypto/ec/ec_lib.c
|
|
|
|
|
|
|
|
+++ b/crypto/ec/ec_lib.c
|
|
|
|
|
|
|
|
@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (named_group == group) {
|
|
|
|
|
|
|
|
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
|
|
|
|
|
|
|
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
|
|
|
|
|
|
|
+ goto err;
|
|
|
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
+#if 0
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
* If we did not find a named group then the encoding should be explicit
|
|
|
|
|
|
|
|
* if it was specified
|
|
|
|
|
|
|
|
@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
|
|
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
EC_GROUP_free(group);
|
|
|
|
|
|
|
|
group = named_group;
|
|
|
|
|
|
|
|
diff --git a/test/ectest.c b/test/ectest.c
|
|
|
|
|
|
|
|
index 4890b0555e..e11aec5b3b 100644
|
|
|
|
|
|
|
|
--- a/test/ectest.c
|
|
|
|
|
|
|
|
+++ b/test/ectest.c
|
|
|
|
|
|
|
|
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
|
|
|
|
|
|
|
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|
|
|
|
|
|
|
|
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|
|
|
|
|
|
|
|
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
|
|
|
|
|
|
|
|
- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
|
|
|
|
|
|
|
+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
|
|
|
|
|
|
|
EVP_PKEY_KEY_PARAMETERS, params), 0))
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
-
|
|
|
|
|
|
|
|
+/* As creating the key should fail, the rest of the test is pointless */
|
|
|
|
|
|
|
|
+# if 0
|
|
|
|
|
|
|
|
/*- Check that all the set values are retrievable -*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* There should be no match to a group name since the generator changed */
|
|
|
|
|
|
|
|
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
ret = 1;
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
|
|
|
BN_free(order_out);
|
|
|
|
|
|
|
|
@@ -2714,21 +2716,21 @@ static int custom_params_test(int id)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Compute keyexchange in both directions */
|
|
|
|
|
|
|
|
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
|
|
|
|
|
|
|
|
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
|
|
|
|
|
|
|
|
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
|
|
|
|
|
|
|
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
|
|
|
|
|
|
|
|
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
|
|
|
|
|
|
|
|| !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
|
|
|
|
|
|
|
|
|| !TEST_int_gt(bsize, sslen)
|
|
|
|
|
|
|
|
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
|
|
|
|
|
|
|
|
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
|
|
|
|
|
|
|
|
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
|
|
|
|
|
|
|
|
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
|
|
|
|
|
|
|
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
|
|
|
|
|
|
|
|
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
|
|
|
|
|
|
|
|| !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
|
|
|
|
|
|
|
|
|| !TEST_int_gt(bsize, t)
|
|
|
|
|
|
|
|
|| !TEST_int_le(sslen, t)
|
|
|
|
|
|
|
|
- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
|
|
|
|
|
|
|
|
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
-
|
|
|
|
|
|
|
|
+#if 0
|
|
|
|
|
|
|
|
/* Both sides should expect the same shared secret */
|
|
|
|
|
|
|
|
if (!TEST_mem_eq(buf1, sslen, buf2, t))
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
@@ -2780,7 +2782,7 @@ static int custom_params_test(int id)
|
|
|
|
|
|
|
|
/* compare with previous result */
|
|
|
|
|
|
|
|
|| !TEST_mem_eq(buf1, t, buf2, sslen))
|
|
|
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
-
|
|
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
ret = 1;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
err:
|
|
|
|
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
|
|
|
|
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
|
|
|
|
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
|
|
|
|
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
|
|
|
|
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
|
|
|
|
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
|
|
|
|
|
Dmitry Belyavskiy
1 year ago