1 files changed, 266 insertions, 0 deletions
diff --git a/openssl-1.1.1-ec-curves.patch b/openssl-1.1.1-ec-curves.patch
new file mode 100644
index 0000000..27f23ca
--- /dev/null
+++ b/openssl-1.1.1-ec-curves.patch
@@ -0,0 +1,266 @@
+diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c
+--- openssl-1.1.1h/apps/speed.c.curves	2020-09-22 14:55:07.000000000 +0200
++++ openssl-1.1.1h/apps/speed.c	2020-11-06 13:27:15.659288431 +0100
+@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
+ #endif /* OPENSSL_NO_RSA */
+ 
+ enum {
+-    R_EC_P160,
+-    R_EC_P192,
+     R_EC_P224,
+     R_EC_P256,
+     R_EC_P384,
+     R_EC_P521,
+-#ifndef OPENSSL_NO_EC2M
+-    R_EC_K163,
+-    R_EC_K233,
+-    R_EC_K283,
+-    R_EC_K409,
+-    R_EC_K571,
+-    R_EC_B163,
+-    R_EC_B233,
+-    R_EC_B283,
+-    R_EC_B409,
+-    R_EC_B571,
+-#endif
+-    R_EC_BRP256R1,
+-    R_EC_BRP256T1,
+-    R_EC_BRP384R1,
+-    R_EC_BRP384T1,
+-    R_EC_BRP512R1,
+-    R_EC_BRP512T1,
+     R_EC_X25519,
+     R_EC_X448
+ };
+ 
+ #ifndef OPENSSL_NO_EC
+ static OPT_PAIR ecdsa_choices[] = {
+-    {"ecdsap160", R_EC_P160},
+-    {"ecdsap192", R_EC_P192},
+     {"ecdsap224", R_EC_P224},
+     {"ecdsap256", R_EC_P256},
+     {"ecdsap384", R_EC_P384},
+     {"ecdsap521", R_EC_P521},
+-# ifndef OPENSSL_NO_EC2M
+-    {"ecdsak163", R_EC_K163},
+-    {"ecdsak233", R_EC_K233},
+-    {"ecdsak283", R_EC_K283},
+-    {"ecdsak409", R_EC_K409},
+-    {"ecdsak571", R_EC_K571},
+-    {"ecdsab163", R_EC_B163},
+-    {"ecdsab233", R_EC_B233},
+-    {"ecdsab283", R_EC_B283},
+-    {"ecdsab409", R_EC_B409},
+-    {"ecdsab571", R_EC_B571},
+-# endif
+-    {"ecdsabrp256r1", R_EC_BRP256R1},
+-    {"ecdsabrp256t1", R_EC_BRP256T1},
+-    {"ecdsabrp384r1", R_EC_BRP384R1},
+-    {"ecdsabrp384t1", R_EC_BRP384T1},
+-    {"ecdsabrp512r1", R_EC_BRP512R1},
+-    {"ecdsabrp512t1", R_EC_BRP512T1}
+ };
+ # define ECDSA_NUM       OSSL_NELEM(ecdsa_choices)
+ 
+ static double ecdsa_results[ECDSA_NUM][2];    /* 2 ops: sign then verify */
+ 
+ static const OPT_PAIR ecdh_choices[] = {
+-    {"ecdhp160", R_EC_P160},
+-    {"ecdhp192", R_EC_P192},
+     {"ecdhp224", R_EC_P224},
+     {"ecdhp256", R_EC_P256},
+     {"ecdhp384", R_EC_P384},
+     {"ecdhp521", R_EC_P521},
+-# ifndef OPENSSL_NO_EC2M
+-    {"ecdhk163", R_EC_K163},
+-    {"ecdhk233", R_EC_K233},
+-    {"ecdhk283", R_EC_K283},
+-    {"ecdhk409", R_EC_K409},
+-    {"ecdhk571", R_EC_K571},
+-    {"ecdhb163", R_EC_B163},
+-    {"ecdhb233", R_EC_B233},
+-    {"ecdhb283", R_EC_B283},
+-    {"ecdhb409", R_EC_B409},
+-    {"ecdhb571", R_EC_B571},
+-# endif
+-    {"ecdhbrp256r1", R_EC_BRP256R1},
+-    {"ecdhbrp256t1", R_EC_BRP256T1},
+-    {"ecdhbrp384r1", R_EC_BRP384R1},
+-    {"ecdhbrp384t1", R_EC_BRP384T1},
+-    {"ecdhbrp512r1", R_EC_BRP512R1},
+-    {"ecdhbrp512t1", R_EC_BRP512T1},
+     {"ecdhx25519", R_EC_X25519},
+     {"ecdhx448", R_EC_X448}
+ };
+@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv)
+         unsigned int bits;
+     } test_curves[] = {
+         /* Prime Curves */
+-        {"secp160r1", NID_secp160r1, 160},
+-        {"nistp192", NID_X9_62_prime192v1, 192},
+         {"nistp224", NID_secp224r1, 224},
+         {"nistp256", NID_X9_62_prime256v1, 256},
+         {"nistp384", NID_secp384r1, 384},
+         {"nistp521", NID_secp521r1, 521},
+-# ifndef OPENSSL_NO_EC2M
+-        /* Binary Curves */
+-        {"nistk163", NID_sect163k1, 163},
+-        {"nistk233", NID_sect233k1, 233},
+-        {"nistk283", NID_sect283k1, 283},
+-        {"nistk409", NID_sect409k1, 409},
+-        {"nistk571", NID_sect571k1, 571},
+-        {"nistb163", NID_sect163r2, 163},
+-        {"nistb233", NID_sect233r1, 233},
+-        {"nistb283", NID_sect283r1, 283},
+-        {"nistb409", NID_sect409r1, 409},
+-        {"nistb571", NID_sect571r1, 571},
+-# endif
+-        {"brainpoolP256r1", NID_brainpoolP256r1, 256},
+-        {"brainpoolP256t1", NID_brainpoolP256t1, 256},
+-        {"brainpoolP384r1", NID_brainpoolP384r1, 384},
+-        {"brainpoolP384t1", NID_brainpoolP384t1, 384},
+-        {"brainpoolP512r1", NID_brainpoolP512r1, 512},
+-        {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+         /* Other and ECDH only ones */
+         {"X25519", NID_X25519, 253},
+         {"X448", NID_X448, 448}
+@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv)
+ #  endif
+ 
+ #  ifndef OPENSSL_NO_EC
+-    ecdsa_c[R_EC_P160][0] = count / 1000;
+-    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+-    for (i = R_EC_P192; i <= R_EC_P521; i++) {
++    ecdsa_c[R_EC_P224][0] = count / 1000;
++    ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
++    for (i = R_EC_P256; i <= R_EC_P521; i++) {
+         ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+         ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+         if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv)
+             }
+         }
+     }
+-#   ifndef OPENSSL_NO_EC2M
++#   if 0
+     ecdsa_c[R_EC_K163][0] = count / 1000;
+     ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+     for (i = R_EC_K233; i <= R_EC_K571; i++) {
+@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv)
+     }
+ #   endif
+ 
+-    ecdh_c[R_EC_P160][0] = count / 1000;
+-    for (i = R_EC_P192; i <= R_EC_P521; i++) {
++    ecdh_c[R_EC_P224][0] = count / 1000;
++    for (i = R_EC_P256; i <= R_EC_P521; i++) {
+         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+         if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+             ecdh_doit[i] = 0;
+@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv)
+             }
+         }
+     }
+-#   ifndef OPENSSL_NO_EC2M
++#   if 0
+     ecdh_c[R_EC_K163][0] = count / 1000;
+     for (i = R_EC_K233; i <= R_EC_K571; i++) {
+         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c
+--- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves	2020-09-22 14:55:07.000000000 +0200
++++ openssl-1.1.1h/crypto/ec/ecp_smpl.c	2020-11-06 13:27:15.659288431 +0100
+@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
+         return 0;
+     }
+ 
++    if (BN_num_bits(p) < 224) {
++        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
++        return 0;
++    }
++
+     if (ctx == NULL) {
+         ctx = new_ctx = BN_CTX_new();
+         if (ctx == NULL)
+diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h
+--- openssl-1.1.1h/test/ecdsatest.h.curves	2020-11-06 13:27:15.627288114 +0100
++++ openssl-1.1.1h/test/ecdsatest.h	2020-11-06 13:27:15.660288441 +0100
+@@ -32,23 +32,6 @@ typedef struct {
+ } ecdsa_cavs_kat_t;
+ 
+ static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
+-    /* prime KATs from X9.62 */
+-    {NID_X9_62_prime192v1, NID_sha1,
+-     "616263",                  /* "abc" */
+-     "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
+-     "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
+-     "5ca5c0d69716dfcb3474373902",
+-     "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
+-     "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
+-     "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
+-    {NID_X9_62_prime239v1, NID_sha1,
+-     "616263",                  /* "abc" */
+-     "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
+-     "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
+-     "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
+-     "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
+-     "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
+-     "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
+     /* prime KATs from NIST CAVP */
+     {NID_secp224r1, NID_sha224,
+      "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
+--- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves	2020-11-06 13:58:36.402895540 +0100
++++ openssl-1.1.1h/test/recipes/15-test_genec.t	2020-11-06 13:59:38.508484498 +0100
+@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport
+     if disabled("ec");
+ 
+ my @prime_curves = qw(
+-    secp112r1
+-    secp112r2
+-    secp128r1
+-    secp128r2
+-    secp160k1
+-    secp160r1
+-    secp160r2
+-    secp192k1
+-    secp224k1
+     secp224r1
+     secp256k1
+     secp384r1
+     secp521r1
+-    prime192v1
+-    prime192v2
+-    prime192v3
+-    prime239v1
+-    prime239v2
+-    prime239v3
+     prime256v1
+-    wap-wsg-idm-ecid-wtls6
+-    wap-wsg-idm-ecid-wtls7
+-    wap-wsg-idm-ecid-wtls8
+-    wap-wsg-idm-ecid-wtls9
+-    wap-wsg-idm-ecid-wtls12
+-    brainpoolP160r1
+-    brainpoolP160t1
+-    brainpoolP192r1
+-    brainpoolP192t1
+-    brainpoolP224r1
+-    brainpoolP224t1
+-    brainpoolP256r1
+-    brainpoolP256t1
+-    brainpoolP320r1
+-    brainpoolP320t1
+-    brainpoolP384r1
+-    brainpoolP384t1
+-    brainpoolP512r1
+-    brainpoolP512t1
+ );
+ 
+ my @binary_curves = qw(
+@@ -115,7 +81,6 @@ push(@other_curves, 'SM2')
+     if !disabled("sm2");
+ 
+ my @curve_aliases = qw(
+-    P-192
+     P-224
+     P-256
+     P-384