You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
622 lines
25 KiB
622 lines
25 KiB
diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c
|
|
--- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200
|
|
+++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200
|
|
@@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1];
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
enum ec_curves_t {
|
|
- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
|
-#ifndef OPENSSL_NO_EC2M
|
|
- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
|
|
- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
|
|
-#endif
|
|
- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
|
|
- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
|
|
+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
|
+ ECDSA_NUM
|
|
};
|
|
/* list of ecdsa curves */
|
|
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
|
|
- {"ecdsap160", R_EC_P160},
|
|
- {"ecdsap192", R_EC_P192},
|
|
{"ecdsap224", R_EC_P224},
|
|
{"ecdsap256", R_EC_P256},
|
|
{"ecdsap384", R_EC_P384},
|
|
{"ecdsap521", R_EC_P521},
|
|
-#ifndef OPENSSL_NO_EC2M
|
|
- {"ecdsak163", R_EC_K163},
|
|
- {"ecdsak233", R_EC_K233},
|
|
- {"ecdsak283", R_EC_K283},
|
|
- {"ecdsak409", R_EC_K409},
|
|
- {"ecdsak571", R_EC_K571},
|
|
- {"ecdsab163", R_EC_B163},
|
|
- {"ecdsab233", R_EC_B233},
|
|
- {"ecdsab283", R_EC_B283},
|
|
- {"ecdsab409", R_EC_B409},
|
|
- {"ecdsab571", R_EC_B571},
|
|
-#endif
|
|
- {"ecdsabrp256r1", R_EC_BRP256R1},
|
|
- {"ecdsabrp256t1", R_EC_BRP256T1},
|
|
- {"ecdsabrp384r1", R_EC_BRP384R1},
|
|
- {"ecdsabrp384t1", R_EC_BRP384T1},
|
|
- {"ecdsabrp512r1", R_EC_BRP512R1},
|
|
- {"ecdsabrp512t1", R_EC_BRP512T1}
|
|
};
|
|
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
|
|
/* list of ecdh curves, extension of |ecdsa_choices| list above */
|
|
static const OPT_PAIR ecdh_choices[EC_NUM] = {
|
|
- {"ecdhp160", R_EC_P160},
|
|
- {"ecdhp192", R_EC_P192},
|
|
{"ecdhp224", R_EC_P224},
|
|
{"ecdhp256", R_EC_P256},
|
|
{"ecdhp384", R_EC_P384},
|
|
{"ecdhp521", R_EC_P521},
|
|
-#ifndef OPENSSL_NO_EC2M
|
|
- {"ecdhk163", R_EC_K163},
|
|
- {"ecdhk233", R_EC_K233},
|
|
- {"ecdhk283", R_EC_K283},
|
|
- {"ecdhk409", R_EC_K409},
|
|
- {"ecdhk571", R_EC_K571},
|
|
- {"ecdhb163", R_EC_B163},
|
|
- {"ecdhb233", R_EC_B233},
|
|
- {"ecdhb283", R_EC_B283},
|
|
- {"ecdhb409", R_EC_B409},
|
|
- {"ecdhb571", R_EC_B571},
|
|
-#endif
|
|
- {"ecdhbrp256r1", R_EC_BRP256R1},
|
|
- {"ecdhbrp256t1", R_EC_BRP256T1},
|
|
- {"ecdhbrp384r1", R_EC_BRP384R1},
|
|
- {"ecdhbrp384t1", R_EC_BRP384T1},
|
|
- {"ecdhbrp512r1", R_EC_BRP512R1},
|
|
- {"ecdhbrp512t1", R_EC_BRP512T1},
|
|
{"ecdhx25519", R_EC_X25519},
|
|
{"ecdhx448", R_EC_X448}
|
|
};
|
|
@@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv)
|
|
*/
|
|
static const EC_CURVE ec_curves[EC_NUM] = {
|
|
/* Prime Curves */
|
|
- {"secp160r1", NID_secp160r1, 160},
|
|
- {"nistp192", NID_X9_62_prime192v1, 192},
|
|
{"nistp224", NID_secp224r1, 224},
|
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
|
{"nistp384", NID_secp384r1, 384},
|
|
{"nistp521", NID_secp521r1, 521},
|
|
-#ifndef OPENSSL_NO_EC2M
|
|
- /* Binary Curves */
|
|
- {"nistk163", NID_sect163k1, 163},
|
|
- {"nistk233", NID_sect233k1, 233},
|
|
- {"nistk283", NID_sect283k1, 283},
|
|
- {"nistk409", NID_sect409k1, 409},
|
|
- {"nistk571", NID_sect571k1, 571},
|
|
- {"nistb163", NID_sect163r2, 163},
|
|
- {"nistb233", NID_sect233r1, 233},
|
|
- {"nistb283", NID_sect283r1, 283},
|
|
- {"nistb409", NID_sect409r1, 409},
|
|
- {"nistb571", NID_sect571r1, 571},
|
|
-#endif
|
|
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
|
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
|
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
|
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
|
|
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
|
|
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
|
|
/* Other and ECDH only ones */
|
|
{"X25519", NID_X25519, 253},
|
|
{"X448", NID_X448, 448}
|
|
diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h
|
|
--- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200
|
|
+++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200
|
|
@@ -32,23 +32,6 @@ typedef struct {
|
|
} ecdsa_cavs_kat_t;
|
|
|
|
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
|
- /* prime KATs from X9.62 */
|
|
- {NID_X9_62_prime192v1, NID_sha1,
|
|
- "616263", /* "abc" */
|
|
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
|
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
|
- "5ca5c0d69716dfcb3474373902",
|
|
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
|
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
|
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
|
- {NID_X9_62_prime239v1, NID_sha1,
|
|
- "616263", /* "abc" */
|
|
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
|
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
|
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
|
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
|
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
|
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
|
/* prime KATs from NIST CAVP */
|
|
{NID_secp224r1, NID_sha224,
|
|
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t
|
|
--- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200
|
|
+++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200
|
|
@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport
|
|
if disabled("ec");
|
|
|
|
my @prime_curves = qw(
|
|
- secp112r1
|
|
- secp112r2
|
|
- secp128r1
|
|
- secp128r2
|
|
- secp160k1
|
|
- secp160r1
|
|
- secp160r2
|
|
- secp192k1
|
|
- secp224k1
|
|
secp224r1
|
|
secp256k1
|
|
secp384r1
|
|
secp521r1
|
|
- prime192v1
|
|
- prime192v2
|
|
- prime192v3
|
|
- prime239v1
|
|
- prime239v2
|
|
- prime239v3
|
|
prime256v1
|
|
- wap-wsg-idm-ecid-wtls6
|
|
- wap-wsg-idm-ecid-wtls7
|
|
- wap-wsg-idm-ecid-wtls8
|
|
- wap-wsg-idm-ecid-wtls9
|
|
- wap-wsg-idm-ecid-wtls12
|
|
- brainpoolP160r1
|
|
- brainpoolP160t1
|
|
- brainpoolP192r1
|
|
- brainpoolP192t1
|
|
- brainpoolP224r1
|
|
- brainpoolP224t1
|
|
- brainpoolP256r1
|
|
- brainpoolP256t1
|
|
- brainpoolP320r1
|
|
- brainpoolP320t1
|
|
- brainpoolP384r1
|
|
- brainpoolP384t1
|
|
- brainpoolP512r1
|
|
- brainpoolP512t1
|
|
);
|
|
|
|
my @binary_curves = qw(
|
|
@@ -136,7 +102,6 @@ push(@other_curves, 'SM2')
|
|
if !disabled("sm2");
|
|
|
|
my @curve_aliases = qw(
|
|
- P-192
|
|
P-224
|
|
P-256
|
|
P-384
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t
|
|
--- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200
|
|
+++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200
|
|
@@ -33,7 +33,7 @@ my %certs_info =
|
|
'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit',
|
|
'ee-cert-ec-named-named' => 'ca-cert-ec-named',
|
|
# 'server-ed448-cert' => 'root-ed448-cert'
|
|
- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',
|
|
+ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',
|
|
)
|
|
)
|
|
);
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t
|
|
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf
|
|
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200
|
|
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200
|
|
@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server
|
|
client = 22-ECDSA with brainpool-client
|
|
|
|
[22-ECDSA with brainpool-server]
|
|
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
|
CipherString = DEFAULT
|
|
-Groups = brainpoolP256r1
|
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
|
|
|
[22-ECDSA with brainpool-client]
|
|
CipherString = aECDSA
|
|
-Groups = brainpoolP256r1
|
|
MaxProtocol = TLSv1.2
|
|
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
@@ -791,9 +789,6 @@ VerifyMode = Peer
|
|
|
|
[test-22]
|
|
ExpectedResult = Success
|
|
-ExpectedServerCANames = empty
|
|
-ExpectedServerCertType = brainpoolP256r1
|
|
-ExpectedServerSignType = EC
|
|
|
|
|
|
# ===========================================================
|
|
@@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool
|
|
client = 53-TLS 1.3 ECDSA with brainpool-client
|
|
|
|
[53-TLS 1.3 ECDSA with brainpool-server]
|
|
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
|
CipherString = DEFAULT
|
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
|
|
|
[53-TLS 1.3 ECDSA with brainpool-client]
|
|
CipherString = DEFAULT
|
|
@@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
|
VerifyMode = Peer
|
|
|
|
[test-53]
|
|
-ExpectedResult = ServerFail
|
|
+ExpectedResult = Success
|
|
|
|
|
|
# ===========================================================
|
|
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in
|
|
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200
|
|
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200
|
|
@@ -428,21 +428,21 @@ my @tests_non_fips = (
|
|
{
|
|
name => "ECDSA with brainpool",
|
|
server => {
|
|
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
|
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
|
- "Groups" => "brainpoolP256r1",
|
|
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
+ #"Groups" => "brainpoolP256r1",
|
|
},
|
|
client => {
|
|
"MaxProtocol" => "TLSv1.2",
|
|
"CipherString" => "aECDSA",
|
|
"RequestCAFile" => test_pem("root-cert.pem"),
|
|
- "Groups" => "brainpoolP256r1",
|
|
+ #"Groups" => "brainpoolP256r1",
|
|
},
|
|
test => {
|
|
- "ExpectedServerCertType" =>, "brainpoolP256r1",
|
|
- "ExpectedServerSignType" =>, "EC",
|
|
+ #"ExpectedServerCertType" =>, "brainpoolP256r1",
|
|
+ #"ExpectedServerSignType" =>, "EC",
|
|
# Note: certificate_authorities not sent for TLS < 1.3
|
|
- "ExpectedServerCANames" =>, "empty",
|
|
+ #"ExpectedServerCANames" =>, "empty",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
@@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = (
|
|
{
|
|
name => "TLS 1.3 ECDSA with brainpool",
|
|
server => {
|
|
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
|
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
|
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
},
|
|
client => {
|
|
"RequestCAFile" => test_pem("root-cert.pem"),
|
|
@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = (
|
|
"MaxProtocol" => "TLSv1.3"
|
|
},
|
|
test => {
|
|
- "ExpectedResult" => "ServerFail"
|
|
+ "ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
);
|
|
diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha13/test/evp_extra_test.c
|
|
--- openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves 2021-04-10 13:49:53.381742691 +0200
|
|
+++ openssl-3.0.0-alpha13/test/evp_extra_test.c 2021-04-10 13:56:11.742776705 +0200
|
|
@@ -2414,13 +2414,13 @@ err:
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_EC
|
|
-static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
|
|
+static int ecpub_nids[] = {NID_X9_62_prime256v1,
|
|
NID_secp384r1, NID_secp521r1,
|
|
#ifndef OPENSSL_NO_EC2M
|
|
NID_sect233k1, NID_sect233r1, NID_sect283r1,
|
|
NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
|
|
#endif
|
|
- NID_brainpoolP384r1, NID_brainpoolP512r1};
|
|
+ };
|
|
|
|
static int test_ecpub(int idx)
|
|
{
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
|
|
--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200
|
|
+++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200
|
|
@@ -158,60 +158,6 @@ sub tsignverify {
|
|
$testtext);
|
|
}
|
|
|
|
-SKIP : {
|
|
- skip "FIPS EC tests because of no ec in this build", 1
|
|
- if disabled("ec");
|
|
-
|
|
- subtest EC => sub {
|
|
- my $testtext_prefix = 'EC';
|
|
- my $a_fips_curve = 'prime256v1';
|
|
- my $fips_key = $testtext_prefix.'.fips.priv.pem';
|
|
- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem';
|
|
- my $a_nonfips_curve = 'brainpoolP256r1';
|
|
- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem';
|
|
- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem';
|
|
- my $testtext = '';
|
|
- my $curvename = '';
|
|
-
|
|
- plan tests => 5 + $tsignverify_count;
|
|
-
|
|
- $ENV{OPENSSL_CONF} = $defaultconf;
|
|
- $curvename = $a_nonfips_curve;
|
|
- $testtext = $testtext_prefix.': '.
|
|
- 'Generate a key with a non-FIPS algorithm with the default provider';
|
|
- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
|
|
- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
|
|
- '-out', $nonfips_key])),
|
|
- $testtext);
|
|
-
|
|
- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");
|
|
-
|
|
- $ENV{OPENSSL_CONF} = $fipsconf;
|
|
-
|
|
- $curvename = $a_fips_curve;
|
|
- $testtext = $testtext_prefix.': '.
|
|
- 'Generate a key with a FIPS algorithm';
|
|
- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
|
|
- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
|
|
- '-out', $fips_key])),
|
|
- $testtext);
|
|
-
|
|
- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS");
|
|
-
|
|
- $curvename = $a_nonfips_curve;
|
|
- $testtext = $testtext_prefix.': '.
|
|
- 'Generate a key with a non-FIPS algorithm'.
|
|
- ' (should fail)';
|
|
- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC',
|
|
- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
|
|
- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])),
|
|
- $testtext);
|
|
-
|
|
- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key,
|
|
- $nonfips_pub_key);
|
|
- };
|
|
-}
|
|
-
|
|
SKIP: {
|
|
skip "FIPS RSA tests because of no rsa in this build", 1
|
|
if disabled("rsa");
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
|
|
--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200
|
|
+++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200
|
|
@@ -26,7 +26,7 @@ use platform;
|
|
my $no_check = disabled("fips") || disabled('fips-securitychecks');
|
|
plan skip_all => "Test only supported in a fips build with security checks"
|
|
if $no_check;
|
|
-plan tests => 11;
|
|
+plan tests => 10;
|
|
|
|
my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
|
|
my $fipsconf = srctop_file("test", "fips-and-base.cnf");
|
|
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf
|
|
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200
|
|
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200
|
|
@@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool
|
|
client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
|
|
|
|
[52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
|
|
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
|
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
|
CipherString = DEFAULT
|
|
-Groups = brainpoolP256r1
|
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
|
|
|
[52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
|
|
CipherString = aECDSA
|
|
-Groups = brainpoolP256r1
|
|
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
VerifyMode = Peer
|
|
|
|
[test-52]
|
|
-ExpectedResult = ClientFail
|
|
+ExpectedResult = Success
|
|
|
|
|
|
# ===========================================================
|
|
diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in
|
|
--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200
|
|
+++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200
|
|
@@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = (
|
|
{
|
|
name => "TLS 1.3 ECDSA with brainpool but no suitable groups",
|
|
server => {
|
|
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
|
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
|
- "Groups" => "brainpoolP256r1",
|
|
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
+ #"Groups" => "brainpoolP256r1",
|
|
},
|
|
client => {
|
|
"CipherString" => "aECDSA",
|
|
"RequestCAFile" => test_pem("root-cert.pem"),
|
|
- "Groups" => "brainpoolP256r1",
|
|
+ #"Groups" => "brainpoolP256r1",
|
|
},
|
|
test => {
|
|
#We only configured brainpoolP256r1 on the client side, but TLSv1.3
|
|
#is enabled and this group is not allowed in TLSv1.3. Therefore this
|
|
#should fail
|
|
- "ExpectedResult" => "ClientFail"
|
|
+ "ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c
|
|
--- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200
|
|
+++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200
|
|
@@ -20,99 +20,13 @@ typedef struct ec_name2nid_st {
|
|
static const EC_NAME2NID curve_list[] = {
|
|
/* prime field curves */
|
|
/* secg curves */
|
|
- {"secp112r1", NID_secp112r1 },
|
|
- {"secp112r2", NID_secp112r2 },
|
|
- {"secp128r1", NID_secp128r1 },
|
|
- {"secp128r2", NID_secp128r2 },
|
|
- {"secp160k1", NID_secp160k1 },
|
|
- {"secp160r1", NID_secp160r1 },
|
|
- {"secp160r2", NID_secp160r2 },
|
|
- {"secp192k1", NID_secp192k1 },
|
|
{"secp224k1", NID_secp224k1 },
|
|
{"secp224r1", NID_secp224r1 },
|
|
{"secp256k1", NID_secp256k1 },
|
|
{"secp384r1", NID_secp384r1 },
|
|
{"secp521r1", NID_secp521r1 },
|
|
/* X9.62 curves */
|
|
- {"prime192v1", NID_X9_62_prime192v1 },
|
|
- {"prime192v2", NID_X9_62_prime192v2 },
|
|
- {"prime192v3", NID_X9_62_prime192v3 },
|
|
- {"prime239v1", NID_X9_62_prime239v1 },
|
|
- {"prime239v2", NID_X9_62_prime239v2 },
|
|
- {"prime239v3", NID_X9_62_prime239v3 },
|
|
{"prime256v1", NID_X9_62_prime256v1 },
|
|
- /* characteristic two field curves */
|
|
- /* NIST/SECG curves */
|
|
- {"sect113r1", NID_sect113r1 },
|
|
- {"sect113r2", NID_sect113r2 },
|
|
- {"sect131r1", NID_sect131r1 },
|
|
- {"sect131r2", NID_sect131r2 },
|
|
- {"sect163k1", NID_sect163k1 },
|
|
- {"sect163r1", NID_sect163r1 },
|
|
- {"sect163r2", NID_sect163r2 },
|
|
- {"sect193r1", NID_sect193r1 },
|
|
- {"sect193r2", NID_sect193r2 },
|
|
- {"sect233k1", NID_sect233k1 },
|
|
- {"sect233r1", NID_sect233r1 },
|
|
- {"sect239k1", NID_sect239k1 },
|
|
- {"sect283k1", NID_sect283k1 },
|
|
- {"sect283r1", NID_sect283r1 },
|
|
- {"sect409k1", NID_sect409k1 },
|
|
- {"sect409r1", NID_sect409r1 },
|
|
- {"sect571k1", NID_sect571k1 },
|
|
- {"sect571r1", NID_sect571r1 },
|
|
- /* X9.62 curves */
|
|
- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
|
|
- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
|
|
- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
|
|
- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
|
|
- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
|
|
- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
|
|
- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
|
|
- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
|
|
- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
|
|
- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
|
|
- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
|
|
- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
|
|
- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
|
|
- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
|
|
- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
|
|
- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
|
|
- /*
|
|
- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
|
|
- * from X9.62]
|
|
- */
|
|
- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
|
|
- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
|
|
- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
|
|
- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
|
|
- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
|
|
- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
|
|
- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
|
|
- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
|
|
- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
|
|
- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
|
|
- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
|
|
- /* IPSec curves */
|
|
- {"Oakley-EC2N-3", NID_ipsec3 },
|
|
- {"Oakley-EC2N-4", NID_ipsec4 },
|
|
- /* brainpool curves */
|
|
- {"brainpoolP160r1", NID_brainpoolP160r1 },
|
|
- {"brainpoolP160t1", NID_brainpoolP160t1 },
|
|
- {"brainpoolP192r1", NID_brainpoolP192r1 },
|
|
- {"brainpoolP192t1", NID_brainpoolP192t1 },
|
|
- {"brainpoolP224r1", NID_brainpoolP224r1 },
|
|
- {"brainpoolP224t1", NID_brainpoolP224t1 },
|
|
- {"brainpoolP256r1", NID_brainpoolP256r1 },
|
|
- {"brainpoolP256t1", NID_brainpoolP256t1 },
|
|
- {"brainpoolP320r1", NID_brainpoolP320r1 },
|
|
- {"brainpoolP320t1", NID_brainpoolP320t1 },
|
|
- {"brainpoolP384r1", NID_brainpoolP384r1 },
|
|
- {"brainpoolP384t1", NID_brainpoolP384t1 },
|
|
- {"brainpoolP512r1", NID_brainpoolP512r1 },
|
|
- {"brainpoolP512t1", NID_brainpoolP512t1 },
|
|
- /* SM2 curve */
|
|
- {"SM2", NID_sm2 },
|
|
};
|
|
|
|
const char *ossl_ec_curve_nid2name(int nid)
|
|
diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc
|
|
--- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200
|
|
+++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200
|
|
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
|
|
};
|
|
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
|
|
{
|
|
- "SHA-1",
|
|
- "P-192",
|
|
- ITM(ecdsa_sigver_msg0),
|
|
- ITM(ecdsa_sigver_pub0),
|
|
- ITM(ecdsa_sigver_r0),
|
|
- ITM(ecdsa_sigver_s0),
|
|
- PASS,
|
|
- },
|
|
- {
|
|
"SHA2-512",
|
|
"P-521",
|
|
ITM(ecdsa_sigver_msg1),
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t
|
|
--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200
|
|
+++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200
|
|
@@ -7,7 +7,6 @@
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
-
|
|
use strict;
|
|
use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
|
|
use OpenSSL::Test::Utils;
|
|
@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo
|
|
plan skip_all => "This test is not supported in a shared library build on Windows"
|
|
if $^O eq 'MSWin32' && !disabled("shared");
|
|
|
|
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
|
|
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
|
|
|
|
my @basic_cmd = ("cmp_protect_test",
|
|
data_file("server.pem"),
|
|
diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t
|
|
--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200
|
|
+++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200
|
|
@@ -7,7 +7,6 @@
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
-
|
|
use strict;
|
|
use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
|
|
use OpenSSL::Test::Utils;
|
|
@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo
|
|
plan skip_all => "This test is not supported in a no-ec build"
|
|
if disabled("ec");
|
|
|
|
-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
|
|
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
|
|
|
|
my @basic_cmd = ("cmp_vfy_test",
|
|
data_file("server.crt"), data_file("client.crt"),
|