openssl/openssl-1.0.2c-ecc-suiteb.patch

196 lines
8.5 KiB
Diff

diff -up openssl-1.0.2c/apps/speed.c.suiteb openssl-1.0.2c/apps/speed.c
--- openssl-1.0.2c/apps/speed.c.suiteb 2015-06-15 17:37:06.285083685 +0200
+++ openssl-1.0.2c/apps/speed.c 2015-06-15 17:37:06.335084836 +0200
@@ -996,78 +996,26 @@ int MAIN(int argc, char **argv)
} else
# endif
# ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv, "ecdsap160") == 0)
- ecdsa_doit[R_EC_P160] = 2;
- else if (strcmp(*argv, "ecdsap192") == 0)
- ecdsa_doit[R_EC_P192] = 2;
- else if (strcmp(*argv, "ecdsap224") == 0)
- ecdsa_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdsap256") == 0)
+ if (strcmp(*argv, "ecdsap256") == 0)
ecdsa_doit[R_EC_P256] = 2;
else if (strcmp(*argv, "ecdsap384") == 0)
ecdsa_doit[R_EC_P384] = 2;
else if (strcmp(*argv, "ecdsap521") == 0)
ecdsa_doit[R_EC_P521] = 2;
- else if (strcmp(*argv, "ecdsak163") == 0)
- ecdsa_doit[R_EC_K163] = 2;
- else if (strcmp(*argv, "ecdsak233") == 0)
- ecdsa_doit[R_EC_K233] = 2;
- else if (strcmp(*argv, "ecdsak283") == 0)
- ecdsa_doit[R_EC_K283] = 2;
- else if (strcmp(*argv, "ecdsak409") == 0)
- ecdsa_doit[R_EC_K409] = 2;
- else if (strcmp(*argv, "ecdsak571") == 0)
- ecdsa_doit[R_EC_K571] = 2;
- else if (strcmp(*argv, "ecdsab163") == 0)
- ecdsa_doit[R_EC_B163] = 2;
- else if (strcmp(*argv, "ecdsab233") == 0)
- ecdsa_doit[R_EC_B233] = 2;
- else if (strcmp(*argv, "ecdsab283") == 0)
- ecdsa_doit[R_EC_B283] = 2;
- else if (strcmp(*argv, "ecdsab409") == 0)
- ecdsa_doit[R_EC_B409] = 2;
- else if (strcmp(*argv, "ecdsab571") == 0)
- ecdsa_doit[R_EC_B571] = 2;
else if (strcmp(*argv, "ecdsa") == 0) {
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
ecdsa_doit[i] = 1;
} else
# endif
# ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv, "ecdhp160") == 0)
- ecdh_doit[R_EC_P160] = 2;
- else if (strcmp(*argv, "ecdhp192") == 0)
- ecdh_doit[R_EC_P192] = 2;
- else if (strcmp(*argv, "ecdhp224") == 0)
- ecdh_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdhp256") == 0)
+ if (strcmp(*argv, "ecdhp256") == 0)
ecdh_doit[R_EC_P256] = 2;
else if (strcmp(*argv, "ecdhp384") == 0)
ecdh_doit[R_EC_P384] = 2;
else if (strcmp(*argv, "ecdhp521") == 0)
ecdh_doit[R_EC_P521] = 2;
- else if (strcmp(*argv, "ecdhk163") == 0)
- ecdh_doit[R_EC_K163] = 2;
- else if (strcmp(*argv, "ecdhk233") == 0)
- ecdh_doit[R_EC_K233] = 2;
- else if (strcmp(*argv, "ecdhk283") == 0)
- ecdh_doit[R_EC_K283] = 2;
- else if (strcmp(*argv, "ecdhk409") == 0)
- ecdh_doit[R_EC_K409] = 2;
- else if (strcmp(*argv, "ecdhk571") == 0)
- ecdh_doit[R_EC_K571] = 2;
- else if (strcmp(*argv, "ecdhb163") == 0)
- ecdh_doit[R_EC_B163] = 2;
- else if (strcmp(*argv, "ecdhb233") == 0)
- ecdh_doit[R_EC_B233] = 2;
- else if (strcmp(*argv, "ecdhb283") == 0)
- ecdh_doit[R_EC_B283] = 2;
- else if (strcmp(*argv, "ecdhb409") == 0)
- ecdh_doit[R_EC_B409] = 2;
- else if (strcmp(*argv, "ecdhb571") == 0)
- ecdh_doit[R_EC_B571] = 2;
else if (strcmp(*argv, "ecdh") == 0) {
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
ecdh_doit[i] = 1;
} else
# endif
@@ -1156,21 +1104,11 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
# endif
# ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
- "ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,
- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,
- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+ BIO_printf(bio_err, "ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err, "ecdsa\n");
# endif
# ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
- "ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,
- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,
- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
+ BIO_printf(bio_err, "ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err, "ecdh\n");
# endif
@@ -1255,11 +1193,11 @@ int MAIN(int argc, char **argv)
if (!FIPS_mode() || i != R_DSA_512)
dsa_doit[i] = 1;
# ifndef OPENSSL_NO_ECDSA
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
ecdsa_doit[i] = 1;
# endif
# ifndef OPENSSL_NO_ECDH
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
ecdh_doit[i] = 1;
# endif
}
diff -up openssl-1.0.2c/ssl/t1_lib.c.suiteb openssl-1.0.2c/ssl/t1_lib.c
--- openssl-1.0.2c/ssl/t1_lib.c.suiteb 2015-06-12 16:51:27.000000000 +0200
+++ openssl-1.0.2c/ssl/t1_lib.c 2015-06-15 17:44:03.578681271 +0200
@@ -268,11 +268,7 @@ static const unsigned char eccurves_auto
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
0, 25, /* secp521r1 (25) */
- 0, 28, /* brainpool512r1 (28) */
- 0, 27, /* brainpoolP384r1 (27) */
0, 24, /* secp384r1 (24) */
- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
# ifndef OPENSSL_NO_EC2M
/* >= 256-bit binary curves. */
0, 14, /* sect571r1 (14) */
@@ -289,11 +285,7 @@ static const unsigned char eccurves_all[
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
0, 25, /* secp521r1 (25) */
- 0, 28, /* brainpool512r1 (28) */
- 0, 27, /* brainpoolP384r1 (27) */
0, 24, /* secp384r1 (24) */
- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
# ifndef OPENSSL_NO_EC2M
/* >= 256-bit binary curves. */
0, 14, /* sect571r1 (14) */
@@ -307,13 +299,6 @@ static const unsigned char eccurves_all[
* Remaining curves disabled by default but still permitted if set
* via an explicit callback or parameters.
*/
- 0, 20, /* secp224k1 (20) */
- 0, 21, /* secp224r1 (21) */
- 0, 18, /* secp192k1 (18) */
- 0, 19, /* secp192r1 (19) */
- 0, 15, /* secp160k1 (15) */
- 0, 16, /* secp160r1 (16) */
- 0, 17, /* secp160r2 (17) */
# ifndef OPENSSL_NO_EC2M
0, 8, /* sect239k1 (8) */
0, 6, /* sect233k1 (6) */
@@ -348,29 +333,21 @@ static const unsigned char fips_curves_d
0, 9, /* sect283k1 (9) */
0, 10, /* sect283r1 (10) */
# endif
- 0, 22, /* secp256k1 (22) */
0, 23, /* secp256r1 (23) */
# ifndef OPENSSL_NO_EC2M
0, 8, /* sect239k1 (8) */
0, 6, /* sect233k1 (6) */
0, 7, /* sect233r1 (7) */
# endif
- 0, 20, /* secp224k1 (20) */
- 0, 21, /* secp224r1 (21) */
# ifndef OPENSSL_NO_EC2M
0, 4, /* sect193r1 (4) */
0, 5, /* sect193r2 (5) */
# endif
- 0, 18, /* secp192k1 (18) */
- 0, 19, /* secp192r1 (19) */
# ifndef OPENSSL_NO_EC2M
0, 1, /* sect163k1 (1) */
0, 2, /* sect163r1 (2) */
0, 3, /* sect163r2 (3) */
# endif
- 0, 15, /* secp160k1 (15) */
- 0, 16, /* secp160r1 (16) */
- 0, 17, /* secp160r2 (17) */
};
# endif