|
 |
1eb7adc |
From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001
|
|
|
1eb7adc |
From: rpm-build <rpm-build>
|
|
|
1eb7adc |
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
|
|
1eb7adc |
Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch
|
|
|
1eb7adc |
|
|
|
1eb7adc |
Patch-name: 0012-Disable-explicit-ec.patch
|
|
|
1eb7adc |
Patch-id: 12
|
|
|
1eb7adc |
Patch-status: |
|
|
|
1eb7adc |
# Disable explicit EC curves
|
|
|
1eb7adc |
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
|
|
|
1eb7adc |
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
|
|
1eb7adc |
---
|
|
|
1eb7adc |
crypto/ec/ec_asn1.c | 11 ++++++++++
|
|
|
1eb7adc |
crypto/ec/ec_lib.c | 6 +++++
|
|
|
1eb7adc |
test/ectest.c | 22 ++++++++++---------
|
|
|
1eb7adc |
test/endecode_test.c | 20 ++++++++---------
|
|
|
1eb7adc |
.../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
|
|
|
1eb7adc |
5 files changed, 39 insertions(+), 32 deletions(-)
|
|
|
1eb7adc |
|
|
|
1eb7adc |
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
|
|
|
1eb7adc |
index 7a0b35a594..d19d57344e 100644
|
|
|
1eb7adc |
--- a/crypto/ec/ec_asn1.c
|
|
|
1eb7adc |
+++ b/crypto/ec/ec_asn1.c
|
|
|
1eb7adc |
@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
|
|
 |
080143c |
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
|
|
|
080143c |
group->decoded_from_explicit_params = 1;
|
|
|
a0bd929 |
|
|
|
080143c |
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
|
|
080143c |
+ EC_GROUP_free(group);
|
|
|
080143c |
+ ECPKPARAMETERS_free(params);
|
|
|
080143c |
+ return NULL;
|
|
|
080143c |
+ }
|
|
|
080143c |
+
|
|
|
080143c |
if (a) {
|
|
|
080143c |
EC_GROUP_free(*a);
|
|
|
080143c |
*a = group;
|
|
|
1eb7adc |
@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
|
|
|
080143c |
goto err;
|
|
|
a0bd929 |
}
|
|
|
a0bd929 |
|
|
|
080143c |
+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
|
|
|
080143c |
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
|
|
080143c |
+ goto err;
|
|
|
a0bd929 |
+ }
|
|
|
080143c |
+
|
|
|
080143c |
ret->version = priv_key->version;
|
|
|
a0bd929 |
|
|
|
080143c |
if (priv_key->privateKey) {
|
|
|
1eb7adc |
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
|
|
1eb7adc |
index a84e088c19..6c37bf78ae 100644
|
|
|
1eb7adc |
--- a/crypto/ec/ec_lib.c
|
|
|
1eb7adc |
+++ b/crypto/ec/ec_lib.c
|
|
|
1eb7adc |
@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
2b0eda8 |
goto err;
|
|
|
2b0eda8 |
}
|
|
|
2b0eda8 |
if (named_group == group) {
|
|
|
2b0eda8 |
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
|
|
2b0eda8 |
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
|
|
2b0eda8 |
+ goto err;
|
|
|
2b0eda8 |
+ }
|
|
|
2b0eda8 |
+#if 0
|
|
|
2b0eda8 |
/*
|
|
|
2b0eda8 |
* If we did not find a named group then the encoding should be explicit
|
|
|
2b0eda8 |
* if it was specified
|
|
|
1eb7adc |
@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
2b0eda8 |
goto err;
|
|
|
2b0eda8 |
}
|
|
|
2b0eda8 |
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
|
|
|
2b0eda8 |
+#endif
|
|
|
2b0eda8 |
} else {
|
|
|
2b0eda8 |
EC_GROUP_free(group);
|
|
|
2b0eda8 |
group = named_group;
|
|
|
1eb7adc |
diff --git a/test/ectest.c b/test/ectest.c
|
|
|
1eb7adc |
index 4890b0555e..e11aec5b3b 100644
|
|
|
1eb7adc |
--- a/test/ectest.c
|
|
|
1eb7adc |
+++ b/test/ectest.c
|
|
|
1eb7adc |
@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
|
|
1eb7adc |
if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
|
|
|
1eb7adc |
|| !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
|
|
|
1eb7adc |
|| !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
|
|
|
1eb7adc |
- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
|
|
1eb7adc |
+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
|
|
|
1eb7adc |
EVP_PKEY_KEY_PARAMETERS, params), 0))
|
|
|
1eb7adc |
goto err;
|
|
|
1eb7adc |
-
|
|
|
1eb7adc |
+/* As creating the key should fail, the rest of the test is pointless */
|
|
|
1eb7adc |
+# if 0
|
|
|
1eb7adc |
/*- Check that all the set values are retrievable -*/
|
|
|
1eb7adc |
|
|
|
1eb7adc |
/* There should be no match to a group name since the generator changed */
|
|
|
1eb7adc |
@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
|
|
|
1eb7adc |
#endif
|
|
|
1eb7adc |
)
|
|
|
1eb7adc |
goto err;
|
|
|
1eb7adc |
+#endif
|
|
|
1eb7adc |
ret = 1;
|
|
|
1eb7adc |
err:
|
|
|
1eb7adc |
BN_free(order_out);
|
|
|
1eb7adc |
@@ -2714,21 +2716,21 @@ static int custom_params_test(int id)
|
|
|
1eb7adc |
|
|
|
1eb7adc |
/* Compute keyexchange in both directions */
|
|
|
1eb7adc |
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
|
|
|
1eb7adc |
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
|
|
|
1eb7adc |
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
|
|
1eb7adc |
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
|
|
|
1eb7adc |
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
|
|
|
1eb7adc |
|| !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
|
|
|
1eb7adc |
|| !TEST_int_gt(bsize, sslen)
|
|
|
1eb7adc |
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
|
|
|
1eb7adc |
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
|
|
|
1eb7adc |
goto err;
|
|
|
1eb7adc |
if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
|
|
|
1eb7adc |
- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
|
|
|
1eb7adc |
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
|
|
1eb7adc |
+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
|
|
|
1eb7adc |
+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
|
|
|
1eb7adc |
|| !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
|
|
|
1eb7adc |
|| !TEST_int_gt(bsize, t)
|
|
|
1eb7adc |
|| !TEST_int_le(sslen, t)
|
|
|
1eb7adc |
- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
|
|
|
1eb7adc |
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
|
|
|
1eb7adc |
goto err;
|
|
|
1eb7adc |
-
|
|
|
1eb7adc |
+#if 0
|
|
|
1eb7adc |
/* Both sides should expect the same shared secret */
|
|
|
1eb7adc |
if (!TEST_mem_eq(buf1, sslen, buf2, t))
|
|
|
1eb7adc |
goto err;
|
|
|
1eb7adc |
@@ -2780,7 +2782,7 @@ static int custom_params_test(int id)
|
|
|
1eb7adc |
/* compare with previous result */
|
|
|
1eb7adc |
|| !TEST_mem_eq(buf1, t, buf2, sslen))
|
|
|
1eb7adc |
goto err;
|
|
|
1eb7adc |
-
|
|
|
1eb7adc |
+#endif
|
|
|
1eb7adc |
ret = 1;
|
|
|
1eb7adc |
|
|
|
1eb7adc |
err:
|
|
|
1eb7adc |
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
|
|
1eb7adc |
index 14648287eb..9a437d8c64 100644
|
|
|
1eb7adc |
--- a/test/endecode_test.c
|
|
|
1eb7adc |
+++ b/test/endecode_test.c
|
|
|
1eb7adc |
@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL;
|
|
|
080143c |
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
|
|
|
080143c |
static OSSL_PARAM_BLD *bld_prime = NULL;
|
|
|
080143c |
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
|
|
|
080143c |
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
|
|
|
080143c |
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
|
|
|
a0bd929 |
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
080143c |
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
|
|
|
1eb7adc |
@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
|
|
080143c |
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
|
|
080143c |
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
|
|
080143c |
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
|
|
080143c |
-DOMAIN_KEYS(ECExplicitPrime2G);
|
|
|
080143c |
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
|
|
|
080143c |
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
|
|
|
080143c |
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
|
|
080143c |
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
|
|
080143c |
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
080143c |
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
|
|
080143c |
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
|
|
1eb7adc |
@@ -1352,7 +1352,7 @@ int setup_tests(void)
|
|
|
080143c |
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|
|
|
080143c |
|| !create_ec_explicit_prime_params(bld_prime)
|
|
|
080143c |
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
|
|
|
080143c |
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
|
|
|
080143c |
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
080143c |
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|
|
|
080143c |
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
|
|
|
1eb7adc |
@@ -1380,7 +1380,7 @@ int setup_tests(void)
|
|
|
080143c |
TEST_info("Generating EC keys...");
|
|
|
080143c |
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
|
|
|
080143c |
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
|
|
|
080143c |
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
|
|
|
080143c |
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
080143c |
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
|
|
|
080143c |
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
|
|
|
1eb7adc |
@@ -1423,8 +1423,8 @@ int setup_tests(void)
|
|
|
080143c |
ADD_TEST_SUITE_LEGACY(EC);
|
|
|
080143c |
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
|
|
|
080143c |
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
|
|
|
080143c |
- ADD_TEST_SUITE(ECExplicitPrime2G);
|
|
|
080143c |
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
|
|
|
080143c |
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
|
|
|
080143c |
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
080143c |
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
|
|
|
080143c |
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
|
|
|
1eb7adc |
@@ -1461,7 +1461,7 @@ void cleanup_tests(void)
|
|
|
080143c |
{
|
|
|
080143c |
#ifndef OPENSSL_NO_EC
|
|
|
080143c |
OSSL_PARAM_free(ec_explicit_prime_params_nc);
|
|
|
080143c |
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
|
|
|
080143c |
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
|
|
|
080143c |
OSSL_PARAM_BLD_free(bld_prime_nc);
|
|
|
080143c |
OSSL_PARAM_BLD_free(bld_prime);
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
1eb7adc |
@@ -1483,7 +1483,7 @@ void cleanup_tests(void)
|
|
|
080143c |
#ifndef OPENSSL_NO_EC
|
|
|
080143c |
FREE_DOMAIN_KEYS(EC);
|
|
|
080143c |
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
|
|
080143c |
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
|
|
|
080143c |
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
|
|
|
080143c |
# ifndef OPENSSL_NO_EC2M
|
|
|
080143c |
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
|
|
080143c |
FREE_DOMAIN_KEYS(ECExplicitTri2G);
|
|
|
1eb7adc |
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
|
1eb7adc |
index ec3c032aba..584ecee0eb 100644
|
|
|
1eb7adc |
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
|
1eb7adc |
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
|
1eb7adc |
@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
|
|
|
080143c |
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
|
|
|
080143c |
-----END PRIVATE KEY-----
|
|
|
a0bd929 |
|
|
|
080143c |
-PrivateKey = EC_EXPLICIT
|
|
|
080143c |
------BEGIN PRIVATE KEY-----
|
|
|
080143c |
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
|
|
|
080143c |
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
|
|
|
080143c |
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
|
|
|
080143c |
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
|
|
|
080143c |
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
|
|
|
080143c |
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
|
|
|
080143c |
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
|
|
|
080143c |
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
|
|
|
080143c |
------END PRIVATE KEY-----
|
|
|
080143c |
-
|
|
|
080143c |
PrivateKey = B-163
|
|
|
080143c |
-----BEGIN PRIVATE KEY-----
|
|
|
080143c |
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
|
|
|
1eb7adc |
--
|
|
|
1eb7adc |
2.41.0
|
|
|
1eb7adc |
|