diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c --- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200 +++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200 @@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1]; #endif /* OPENSSL_NO_DH */ enum ec_curves_t { - R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -#ifndef OPENSSL_NO_EC2M - R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, - R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -#endif - R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, - R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM + R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, + ECDSA_NUM }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { - {"ecdsap160", R_EC_P160}, - {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, {"ecdsap521", R_EC_P521}, -#ifndef OPENSSL_NO_EC2M - {"ecdsak163", R_EC_K163}, - {"ecdsak233", R_EC_K233}, - {"ecdsak283", R_EC_K283}, - {"ecdsak409", R_EC_K409}, - {"ecdsak571", R_EC_K571}, - {"ecdsab163", R_EC_B163}, - {"ecdsab233", R_EC_B233}, - {"ecdsab283", R_EC_B283}, - {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571}, -#endif - {"ecdsabrp256r1", R_EC_BRP256R1}, - {"ecdsabrp256t1", R_EC_BRP256T1}, - {"ecdsabrp384r1", R_EC_BRP384R1}, - {"ecdsabrp384t1", R_EC_BRP384T1}, - {"ecdsabrp512r1", R_EC_BRP512R1}, - {"ecdsabrp512t1", R_EC_BRP512T1} }; enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { - {"ecdhp160", R_EC_P160}, - {"ecdhp192", R_EC_P192}, {"ecdhp224", R_EC_P224}, {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, {"ecdhp521", R_EC_P521}, -#ifndef OPENSSL_NO_EC2M - {"ecdhk163", R_EC_K163}, - {"ecdhk233", R_EC_K233}, - {"ecdhk283", R_EC_K283}, - {"ecdhk409", R_EC_K409}, - {"ecdhk571", R_EC_K571}, - {"ecdhb163", R_EC_B163}, - {"ecdhb233", R_EC_B233}, - {"ecdhb283", R_EC_B283}, - {"ecdhb409", R_EC_B409}, - {"ecdhb571", R_EC_B571}, -#endif - {"ecdhbrp256r1", R_EC_BRP256R1}, - {"ecdhbrp256t1", R_EC_BRP256T1}, - {"ecdhbrp384r1", R_EC_BRP384R1}, - {"ecdhbrp384t1", R_EC_BRP384T1}, - {"ecdhbrp512r1", R_EC_BRP512R1}, - {"ecdhbrp512t1", R_EC_BRP512T1}, {"ecdhx25519", R_EC_X25519}, {"ecdhx448", R_EC_X448} }; @@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ - {"secp160r1", NID_secp160r1, 160}, - {"nistp192", NID_X9_62_prime192v1, 192}, {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, {"nistp521", NID_secp521r1, 521}, -#ifndef OPENSSL_NO_EC2M - /* Binary Curves */ - {"nistk163", NID_sect163k1, 163}, - {"nistk233", NID_sect233k1, 233}, - {"nistk283", NID_sect283k1, 283}, - {"nistk409", NID_sect409k1, 409}, - {"nistk571", NID_sect571k1, 571}, - {"nistb163", NID_sect163r2, 163}, - {"nistb233", NID_sect233r1, 233}, - {"nistb283", NID_sect283r1, 283}, - {"nistb409", NID_sect409r1, 409}, - {"nistb571", NID_sect571r1, 571}, -#endif - {"brainpoolP256r1", NID_brainpoolP256r1, 256}, - {"brainpoolP256t1", NID_brainpoolP256t1, 256}, - {"brainpoolP384r1", NID_brainpoolP384r1, 384}, - {"brainpoolP384t1", NID_brainpoolP384t1, 384}, - {"brainpoolP512r1", NID_brainpoolP512r1, 512}, - {"brainpoolP512t1", NID_brainpoolP512t1, 512}, /* Other and ECDH only ones */ {"X25519", NID_X25519, 253}, {"X448", NID_X448, 448} diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h --- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200 +++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200 @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { - /* prime KATs from X9.62 */ - {NID_X9_62_prime192v1, NID_sha1, - "616263", /* "abc" */ - "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", - "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" - "5ca5c0d69716dfcb3474373902", - "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", - "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", - "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, - {NID_X9_62_prime239v1, NID_sha1, - "616263", /* "abc" */ - "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", - "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" - "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", - "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", - "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", - "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t --- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200 +++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200 @@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport if disabled("ec"); my @prime_curves = qw( - secp112r1 - secp112r2 - secp128r1 - secp128r2 - secp160k1 - secp160r1 - secp160r2 - secp192k1 - secp224k1 secp224r1 secp256k1 secp384r1 secp521r1 - prime192v1 - prime192v2 - prime192v3 - prime239v1 - prime239v2 - prime239v3 prime256v1 - wap-wsg-idm-ecid-wtls6 - wap-wsg-idm-ecid-wtls7 - wap-wsg-idm-ecid-wtls8 - wap-wsg-idm-ecid-wtls9 - wap-wsg-idm-ecid-wtls12 - brainpoolP160r1 - brainpoolP160t1 - brainpoolP192r1 - brainpoolP192t1 - brainpoolP224r1 - brainpoolP224t1 - brainpoolP256r1 - brainpoolP256t1 - brainpoolP320r1 - brainpoolP320t1 - brainpoolP384r1 - brainpoolP384t1 - brainpoolP512r1 - brainpoolP512t1 ); my @binary_curves = qw( @@ -136,7 +102,6 @@ push(@other_curves, 'SM2') if !disabled("sm2"); my @curve_aliases = qw( - P-192 P-224 P-256 P-384 diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t --- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200 +++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200 @@ -33,7 +33,7 @@ my %certs_info = 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', 'ee-cert-ec-named-named' => 'ca-cert-ec-named', # 'server-ed448-cert' => 'root-ed448-cert' - 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', + # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', ) ) ); diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200 +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200 @@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server client = 22-ECDSA with brainpool-client [22-ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem [22-ECDSA with brainpool-client] CipherString = aECDSA -Groups = brainpoolP256r1 MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -791,9 +789,6 @@ VerifyMode = Peer [test-22] ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = brainpoolP256r1 -ExpectedServerSignType = EC # =========================================================== @@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool client = 53-TLS 1.3 ECDSA with brainpool-client [53-TLS 1.3 ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem [53-TLS 1.3 ECDSA with brainpool-client] CipherString = DEFAULT @@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro VerifyMode = Peer [test-53] -ExpectedResult = ServerFail +ExpectedResult = Success # =========================================================== diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200 +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200 @@ -428,21 +428,21 @@ my @tests_non_fips = ( { name => "ECDSA with brainpool", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", + "Certificate" => test_pem("server-ecdsa-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-key.pem"), + #"Groups" => "brainpoolP256r1", }, client => { "MaxProtocol" => "TLSv1.2", "CipherString" => "aECDSA", "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", + #"Groups" => "brainpoolP256r1", }, test => { - "ExpectedServerCertType" =>, "brainpoolP256r1", - "ExpectedServerSignType" =>, "EC", + #"ExpectedServerCertType" =>, "brainpoolP256r1", + #"ExpectedServerSignType" =>, "EC", # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", + #"ExpectedServerCANames" =>, "empty", "ExpectedResult" => "Success" }, }, @@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = ( { name => "TLS 1.3 ECDSA with brainpool", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Certificate" => test_pem("server-ecdsa-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-key.pem"), }, client => { "RequestCAFile" => test_pem("root-cert.pem"), @@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( "MaxProtocol" => "TLSv1.3" }, test => { - "ExpectedResult" => "ServerFail" + "ExpectedResult" => "Success" }, }, ); diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha13/test/evp_extra_test.c --- openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves 2021-04-10 13:49:53.381742691 +0200 +++ openssl-3.0.0-alpha13/test/evp_extra_test.c 2021-04-10 13:56:11.742776705 +0200 @@ -2414,13 +2414,13 @@ err: } #ifndef OPENSSL_NO_EC -static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1, +static int ecpub_nids[] = {NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, #ifndef OPENSSL_NO_EC2M NID_sect233k1, NID_sect233r1, NID_sect283r1, NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, #endif - NID_brainpoolP384r1, NID_brainpoolP512r1}; + }; static int test_ecpub(int idx) { diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t --- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200 +++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200 @@ -158,60 +158,6 @@ sub tsignverify { $testtext); } -SKIP : { - skip "FIPS EC tests because of no ec in this build", 1 - if disabled("ec"); - - subtest EC => sub { - my $testtext_prefix = 'EC'; - my $a_fips_curve = 'prime256v1'; - my $fips_key = $testtext_prefix.'.fips.priv.pem'; - my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; - my $a_nonfips_curve = 'brainpoolP256r1'; - my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; - my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; - my $testtext = ''; - my $curvename = ''; - - plan tests => 5 + $tsignverify_count; - - $ENV{OPENSSL_CONF} = $defaultconf; - $curvename = $a_nonfips_curve; - $testtext = $testtext_prefix.': '. - 'Generate a key with a non-FIPS algorithm with the default provider'; - ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:'.$curvename, - '-out', $nonfips_key])), - $testtext); - - pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); - - $ENV{OPENSSL_CONF} = $fipsconf; - - $curvename = $a_fips_curve; - $testtext = $testtext_prefix.': '. - 'Generate a key with a FIPS algorithm'; - ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:'.$curvename, - '-out', $fips_key])), - $testtext); - - pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); - - $curvename = $a_nonfips_curve; - $testtext = $testtext_prefix.': '. - 'Generate a key with a non-FIPS algorithm'. - ' (should fail)'; - ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:'.$curvename, - '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), - $testtext); - - tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, - $nonfips_pub_key); - }; -} - SKIP: { skip "FIPS RSA tests because of no rsa in this build", 1 if disabled("rsa"); diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t --- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200 +++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200 @@ -26,7 +26,7 @@ use platform; my $no_check = disabled("fips") || disabled('fips-securitychecks'); plan skip_all => "Test only supported in a fips build with security checks" if $no_check; -plan tests => 11; +plan tests => 10; my $fipsmodule = bldtop_file('providers', platform->dso('fips')); my $fipsconf = srctop_file("test", "fips-and-base.cnf"); diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200 +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200 @@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] CipherString = aECDSA -Groups = brainpoolP256r1 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedResult = ClientFail +ExpectedResult = Success # =========================================================== diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200 +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200 @@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = ( { name => "TLS 1.3 ECDSA with brainpool but no suitable groups", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", + "Certificate" => test_pem("server-ecdsa-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-key.pem"), + #"Groups" => "brainpoolP256r1", }, client => { "CipherString" => "aECDSA", "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", + #"Groups" => "brainpoolP256r1", }, test => { #We only configured brainpoolP256r1 on the client side, but TLSv1.3 #is enabled and this group is not allowed in TLSv1.3. Therefore this #should fail - "ExpectedResult" => "ClientFail" + "ExpectedResult" => "Success" }, }, { diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c --- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200 +++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200 @@ -20,99 +20,13 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ /* secg curves */ - {"secp112r1", NID_secp112r1 }, - {"secp112r2", NID_secp112r2 }, - {"secp128r1", NID_secp128r1 }, - {"secp128r2", NID_secp128r2 }, - {"secp160k1", NID_secp160k1 }, - {"secp160r1", NID_secp160r1 }, - {"secp160r2", NID_secp160r2 }, - {"secp192k1", NID_secp192k1 }, {"secp224k1", NID_secp224k1 }, {"secp224r1", NID_secp224r1 }, {"secp256k1", NID_secp256k1 }, {"secp384r1", NID_secp384r1 }, {"secp521r1", NID_secp521r1 }, /* X9.62 curves */ - {"prime192v1", NID_X9_62_prime192v1 }, - {"prime192v2", NID_X9_62_prime192v2 }, - {"prime192v3", NID_X9_62_prime192v3 }, - {"prime239v1", NID_X9_62_prime239v1 }, - {"prime239v2", NID_X9_62_prime239v2 }, - {"prime239v3", NID_X9_62_prime239v3 }, {"prime256v1", NID_X9_62_prime256v1 }, - /* characteristic two field curves */ - /* NIST/SECG curves */ - {"sect113r1", NID_sect113r1 }, - {"sect113r2", NID_sect113r2 }, - {"sect131r1", NID_sect131r1 }, - {"sect131r2", NID_sect131r2 }, - {"sect163k1", NID_sect163k1 }, - {"sect163r1", NID_sect163r1 }, - {"sect163r2", NID_sect163r2 }, - {"sect193r1", NID_sect193r1 }, - {"sect193r2", NID_sect193r2 }, - {"sect233k1", NID_sect233k1 }, - {"sect233r1", NID_sect233r1 }, - {"sect239k1", NID_sect239k1 }, - {"sect283k1", NID_sect283k1 }, - {"sect283r1", NID_sect283r1 }, - {"sect409k1", NID_sect409k1 }, - {"sect409r1", NID_sect409r1 }, - {"sect571k1", NID_sect571k1 }, - {"sect571r1", NID_sect571r1 }, - /* X9.62 curves */ - {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, - {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, - {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, - {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, - {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, - {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, - {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, - {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, - {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, - {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, - {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, - {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, - {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, - {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, - {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, - {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, - /* - * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves - * from X9.62] - */ - {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, - {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, - {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, - {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, - {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, - {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, - {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, - {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, - {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, - {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, - {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, - /* IPSec curves */ - {"Oakley-EC2N-3", NID_ipsec3 }, - {"Oakley-EC2N-4", NID_ipsec4 }, - /* brainpool curves */ - {"brainpoolP160r1", NID_brainpoolP160r1 }, - {"brainpoolP160t1", NID_brainpoolP160t1 }, - {"brainpoolP192r1", NID_brainpoolP192r1 }, - {"brainpoolP192t1", NID_brainpoolP192t1 }, - {"brainpoolP224r1", NID_brainpoolP224r1 }, - {"brainpoolP224t1", NID_brainpoolP224t1 }, - {"brainpoolP256r1", NID_brainpoolP256r1 }, - {"brainpoolP256t1", NID_brainpoolP256t1 }, - {"brainpoolP320r1", NID_brainpoolP320r1 }, - {"brainpoolP320t1", NID_brainpoolP320t1 }, - {"brainpoolP384r1", NID_brainpoolP384r1 }, - {"brainpoolP384t1", NID_brainpoolP384t1 }, - {"brainpoolP512r1", NID_brainpoolP512r1 }, - {"brainpoolP512t1", NID_brainpoolP512t1 }, - /* SM2 curve */ - {"SM2", NID_sm2 }, }; const char *ossl_ec_curve_nid2name(int nid) diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc --- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200 +++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200 @@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { { - "SHA-1", - "P-192", - ITM(ecdsa_sigver_msg0), - ITM(ecdsa_sigver_pub0), - ITM(ecdsa_sigver_r0), - ITM(ecdsa_sigver_s0), - PASS, - }, - { "SHA2-512", "P-521", ITM(ecdsa_sigver_msg1), diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t --- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200 +++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200 @@ -7,7 +7,6 @@ # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - use strict; use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; use OpenSSL::Test::Utils; @@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo plan skip_all => "This test is not supported in a shared library build on Windows" if $^O eq 'MSWin32' && !disabled("shared"); -plan tests => 2 + ($no_fips ? 0 : 1); #fips test +plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_protect_test", data_file("server.pem"), diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t --- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200 +++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200 @@ -7,7 +7,6 @@ # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - use strict; use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; use OpenSSL::Test::Utils; @@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo plan skip_all => "This test is not supported in a no-ec build" if disabled("ec"); -plan tests => 2 + ($no_fips ? 0 : 1); #fips test +plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"),