summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--providers/implementations/exchange/ecdh_exch.c12
-rw-r--r--test/recipes/30-test_evp_data/evppkey_kas.txt7
-rw-r--r--test/ssl-tests/14-curves.cnf374
-rw-r--r--test/ssl-tests/14-curves.cnf.in7
4 files changed, 206 insertions, 194 deletions
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
index 8e6cf10dc5..83d119b02b 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -24,6 +24,7 @@
#include "prov/provider_ctx.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
+#include "prov/provider_util.h"
#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
static OSSL_FUNC_keyexch_newctx_fn ecdh_newctx;
@@ -110,7 +111,7 @@ int ecdh_init(void *vpecdhctx, void *vecdh)
pecdhctx->k = vecdh;
pecdhctx->cofactor_mode = -1;
pecdhctx->kdf_type = PROV_ECDH_KDF_NONE;
- return 1;
+ return ossl_prov_ec_check(vecdh, 1);
}
static
@@ -125,7 +126,7 @@ int ecdh_set_peer(void *vpecdhctx, void *vecdh)
return 0;
EC_KEY_free(pecdhctx->peerk);
pecdhctx->peerk = vecdh;
- return 1;
+ return ossl_prov_ec_check(vecdh, 1);
}
static
@@ -253,7 +254,12 @@ int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[])
EVP_MD_free(pectx->kdf_md);
pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops);
-
+#ifdef FIPS_MODULE
+ if (!ossl_prov_digest_get_approved_nid(pectx->kdf_md, 1)) {
+ EVP_MD_free(pectx->kdf_md);
+ pectx->kdf_md = NULL;
+ }
+#endif
if (pectx->kdf_md == NULL)
return 0;
}
diff --git a/test/recipes/30-test_evp_data/evppkey_kas.txt b/test/recipes/30-test_evp_data/evppkey_kas.txt
index 44be323f09..32ffe349d8 100644
--- a/test/recipes/30-test_evp_data/evppkey_kas.txt
+++ b/test/recipes/30-test_evp_data/evppkey_kas.txt
@@ -44,12 +44,17 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEQupt2Zad0qYf6hqsf46Y7cyJbG5V
hXzA375dfGH6yIsRgRveMo6KDRK/AanSBLUj
-----END PUBLIC KEY-----
-
+Availablein = default
Derive=KAS-ECC-CDH_P-192_C0
PeerKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=803d8ab2e5b6e6fca715737c3a82f7ce3c783124f6d51cd0
+Availablein = fips
+Derive=KAS-ECC-CDH_P-192_C0
+PeerKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC
+Result = DERIVE_SET_PEER_ERROR
+
PrivateKey=KAS-ECC-CDH_P-192_C1
-----BEGIN PRIVATE KEY-----
MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhW6FM0nZb+TEQkSNrL
diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf
index 26d0949f0d..1982c99db7 100644
--- a/test/ssl-tests/14-curves.cnf
+++ b/test/ssl-tests/14-curves.cnf
@@ -2,23 +2,23 @@
num_tests = 30
-test-0 = 0-curve-sect163k1
-test-1 = 1-curve-sect163r2
-test-2 = 2-curve-sect233k1
-test-3 = 3-curve-sect233r1
-test-4 = 4-curve-sect283k1
-test-5 = 5-curve-sect283r1
-test-6 = 6-curve-sect409k1
-test-7 = 7-curve-sect409r1
-test-8 = 8-curve-sect571k1
-test-9 = 9-curve-sect571r1
-test-10 = 10-curve-prime192v1
-test-11 = 11-curve-secp224r1
-test-12 = 12-curve-prime256v1
-test-13 = 13-curve-secp384r1
-test-14 = 14-curve-secp521r1
-test-15 = 15-curve-X25519
-test-16 = 16-curve-X448
+test-0 = 0-curve-sect233k1
+test-1 = 1-curve-sect233r1
+test-2 = 2-curve-sect283k1
+test-3 = 3-curve-sect283r1
+test-4 = 4-curve-sect409k1
+test-5 = 5-curve-sect409r1
+test-6 = 6-curve-sect571k1
+test-7 = 7-curve-sect571r1
+test-8 = 8-curve-secp224r1
+test-9 = 9-curve-prime256v1
+test-10 = 10-curve-secp384r1
+test-11 = 11-curve-secp521r1
+test-12 = 12-curve-X25519
+test-13 = 13-curve-X448
+test-14 = 14-curve-sect163k1
+test-15 = 15-curve-sect163r2
+test-16 = 16-curve-prime192v1
test-17 = 17-curve-sect163r1
test-18 = 18-curve-sect193r1
test-19 = 19-curve-sect193r2
@@ -34,478 +34,478 @@ test-28 = 28-curve-brainpoolP384r1
test-29 = 29-curve-brainpoolP512r1
# ===========================================================
-[0-curve-sect163k1]
-ssl_conf = 0-curve-sect163k1-ssl
+[0-curve-sect233k1]
+ssl_conf = 0-curve-sect233k1-ssl
-[0-curve-sect163k1-ssl]
-server = 0-curve-sect163k1-server
-client = 0-curve-sect163k1-client
+[0-curve-sect233k1-ssl]
+server = 0-curve-sect233k1-server
+client = 0-curve-sect233k1-client
-[0-curve-sect163k1-server]
+[0-curve-sect233k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect163k1
+Curves = sect233k1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[0-curve-sect163k1-client]
+[0-curve-sect233k1-client]
CipherString = ECDHE
-Curves = sect163k1
+Curves = sect233k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
ExpectedResult = Success
-ExpectedTmpKeyType = sect163k1
+ExpectedTmpKeyType = sect233k1
# ===========================================================
-[1-curve-sect163r2]
-ssl_conf = 1-curve-sect163r2-ssl
+[1-curve-sect233r1]
+ssl_conf = 1-curve-sect233r1-ssl
-[1-curve-sect163r2-ssl]
-server = 1-curve-sect163r2-server
-client = 1-curve-sect163r2-client
+[1-curve-sect233r1-ssl]
+server = 1-curve-sect233r1-server
+client = 1-curve-sect233r1-client
-[1-curve-sect163r2-server]
+[1-curve-sect233r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect163r2
+Curves = sect233r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-curve-sect163r2-client]
+[1-curve-sect233r1-client]
CipherString = ECDHE
-Curves = sect163r2
+Curves = sect233r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
ExpectedResult = Success
-ExpectedTmpKeyType = sect163r2
+ExpectedTmpKeyType = sect233r1
# ===========================================================
-[2-curve-sect233k1]
-ssl_conf = 2-curve-sect233k1-ssl
+[2-curve-sect283k1]
+ssl_conf = 2-curve-sect283k1-ssl
-[2-curve-sect233k1-ssl]
-server = 2-curve-sect233k1-server
-client = 2-curve-sect233k1-client
+[2-curve-sect283k1-ssl]
+server = 2-curve-sect283k1-server
+client = 2-curve-sect283k1-client
-[2-curve-sect233k1-server]
+[2-curve-sect283k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect233k1
+Curves = sect283k1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[2-curve-sect233k1-client]
+[2-curve-sect283k1-client]
CipherString = ECDHE
-Curves = sect233k1
+Curves = sect283k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-2]
ExpectedResult = Success
-ExpectedTmpKeyType = sect233k1
+ExpectedTmpKeyType = sect283k1
# ===========================================================
-[3-curve-sect233r1]
-ssl_conf = 3-curve-sect233r1-ssl
+[3-curve-sect283r1]
+ssl_conf = 3-curve-sect283r1-ssl
-[3-curve-sect233r1-ssl]
-server = 3-curve-sect233r1-server
-client = 3-curve-sect233r1-client
+[3-curve-sect283r1-ssl]
+server = 3-curve-sect283r1-server
+client = 3-curve-sect283r1-client
-[3-curve-sect233r1-server]
+[3-curve-sect283r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect233r1
+Curves = sect283r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[3-curve-sect233r1-client]
+[3-curve-sect283r1-client]
CipherString = ECDHE
-Curves = sect233r1
+Curves = sect283r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-3]
ExpectedResult = Success
-ExpectedTmpKeyType = sect233r1
+ExpectedTmpKeyType = sect283r1
# ===========================================================
-[4-curve-sect283k1]
-ssl_conf = 4-curve-sect283k1-ssl
+[4-curve-sect409k1]
+ssl_conf = 4-curve-sect409k1-ssl
-[4-curve-sect283k1-ssl]
-server = 4-curve-sect283k1-server
-client = 4-curve-sect283k1-client
+[4-curve-sect409k1-ssl]
+server = 4-curve-sect409k1-server
+client = 4-curve-sect409k1-client
-[4-curve-sect283k1-server]
+[4-curve-sect409k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect283k1
+Curves = sect409k1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[4-curve-sect283k1-client]
+[4-curve-sect409k1-client]
CipherString = ECDHE
-Curves = sect283k1
+Curves = sect409k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-4]
ExpectedResult = Success
-ExpectedTmpKeyType = sect283k1
+ExpectedTmpKeyType = sect409k1
# ===========================================================
-[5-curve-sect283r1]
-ssl_conf = 5-curve-sect283r1-ssl
+[5-curve-sect409r1]
+ssl_conf = 5-curve-sect409r1-ssl
-[5-curve-sect283r1-ssl]
-server = 5-curve-sect283r1-server
-client = 5-curve-sect283r1-client
+[5-curve-sect409r1-ssl]
+server = 5-curve-sect409r1-server
+client = 5-curve-sect409r1-client
-[5-curve-sect283r1-server]
+[5-curve-sect409r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect283r1
+Curves = sect409r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[5-curve-sect283r1-client]
+[5-curve-sect409r1-client]
CipherString = ECDHE
-Curves = sect283r1
+Curves = sect409r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-5]
ExpectedResult = Success
-ExpectedTmpKeyType = sect283r1
+ExpectedTmpKeyType = sect409r1
# ===========================================================
-[6-curve-sect409k1]
-ssl_conf = 6-curve-sect409k1-ssl
+[6-curve-sect571k1]
+ssl_conf = 6-curve-sect571k1-ssl
-[6-curve-sect409k1-ssl]
-server = 6-curve-sect409k1-server
-client = 6-curve-sect409k1-client
+[6-curve-sect571k1-ssl]
+server = 6-curve-sect571k1-server
+client = 6-curve-sect571k1-client
-[6-curve-sect409k1-server]
+[6-curve-sect571k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect409k1
+Curves = sect571k1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[6-curve-sect409k1-client]
+[6-curve-sect571k1-client]
CipherString = ECDHE
-Curves = sect409k1
+Curves = sect571k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-6]
ExpectedResult = Success
-ExpectedTmpKeyType = sect409k1
+ExpectedTmpKeyType = sect571k1
# ===========================================================
-[7-curve-sect409r1]
-ssl_conf = 7-curve-sect409r1-ssl
+[7-curve-sect571r1]
+ssl_conf = 7-curve-sect571r1-ssl
-[7-curve-sect409r1-ssl]
-server = 7-curve-sect409r1-server
-client = 7-curve-sect409r1-client
+[7-curve-sect571r1-ssl]
+server = 7-curve-sect571r1-server
+client = 7-curve-sect571r1-client
-[7-curve-sect409r1-server]
+[7-curve-sect571r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect409r1
+Curves = sect571r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[7-curve-sect409r1-client]
+[7-curve-sect571r1-client]
CipherString = ECDHE
-Curves = sect409r1
+Curves = sect571r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-7]
ExpectedResult = Success
-ExpectedTmpKeyType = sect409r1
+ExpectedTmpKeyType = sect571r1
# ===========================================================
-[8-curve-sect571k1]
-ssl_conf = 8-curve-sect571k1-ssl
+[8-curve-secp224r1]
+ssl_conf = 8-curve-secp224r1-ssl
-[8-curve-sect571k1-ssl]
-server = 8-curve-sect571k1-server
-client = 8-curve-sect571k1-client
+[8-curve-secp224r1-ssl]
+server = 8-curve-secp224r1-server
+client = 8-curve-secp224r1-client
-[8-curve-sect571k1-server]
+[8-curve-secp224r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect571k1
+Curves = secp224r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[8-curve-sect571k1-client]
+[8-curve-secp224r1-client]
CipherString = ECDHE
-Curves = sect571k1
+Curves = secp224r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-8]
ExpectedResult = Success
-ExpectedTmpKeyType = sect571k1
+ExpectedTmpKeyType = secp224r1
# ===========================================================
-[9-curve-sect571r1]
-ssl_conf = 9-curve-sect571r1-ssl
+[9-curve-prime256v1]
+ssl_conf = 9-curve-prime256v1-ssl
-[9-curve-sect571r1-ssl]
-server = 9-curve-sect571r1-server
-client = 9-curve-sect571r1-client
+[9-curve-prime256v1-ssl]
+server = 9-curve-prime256v1-server
+client = 9-curve-prime256v1-client
-[9-curve-sect571r1-server]
+[9-curve-prime256v1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect571r1
+Curves = prime256v1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[9-curve-sect571r1-client]
+[9-curve-prime256v1-client]
CipherString = ECDHE
-Curves = sect571r1
+Curves = prime256v1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-9]
ExpectedResult = Success
-ExpectedTmpKeyType = sect571r1
+ExpectedTmpKeyType = prime256v1
# ===========================================================
-[10-curve-prime192v1]
-ssl_conf = 10-curve-prime192v1-ssl
+[10-curve-secp384r1]
+ssl_conf = 10-curve-secp384r1-ssl
-[10-curve-prime192v1-ssl]
-server = 10-curve-prime192v1-server
-client = 10-curve-prime192v1-client
+[10-curve-secp384r1-ssl]
+server = 10-curve-secp384r1-server
+client = 10-curve-secp384r1-client
-[10-curve-prime192v1-server]
+[10-curve-secp384r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = prime192v1
+Curves = secp384r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[10-curve-prime192v1-client]
+[10-curve-secp384r1-client]
CipherString = ECDHE
-Curves = prime192v1
+Curves = secp384r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-10]
ExpectedResult = Success
-ExpectedTmpKeyType = prime192v1
+ExpectedTmpKeyType = secp384r1
# ===========================================================
-[11-curve-secp224r1]
-ssl_conf = 11-curve-secp224r1-ssl
+[11-curve-secp521r1]
+ssl_conf = 11-curve-secp521r1-ssl
-[11-curve-secp224r1-ssl]
-server = 11-curve-secp224r1-server
-client = 11-curve-secp224r1-client
+[11-curve-secp521r1-ssl]
+server = 11-curve-secp521r1-server
+client = 11-curve-secp521r1-client
-[11-curve-secp224r1-server]
+[11-curve-secp521r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = secp224r1
+Curves = secp521r1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[11-curve-secp224r1-client]
+[11-curve-secp521r1-client]
CipherString = ECDHE
-Curves = secp224r1
+Curves = secp521r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-11]
ExpectedResult = Success
-ExpectedTmpKeyType = secp224r1
+ExpectedTmpKeyType = secp521r1
# ===========================================================
-[12-curve-prime256v1]
-ssl_conf = 12-curve-prime256v1-ssl
+[12-curve-X25519]
+ssl_conf = 12-curve-X25519-ssl
-[12-curve-prime256v1-ssl]
-server = 12-curve-prime256v1-server
-client = 12-curve-prime256v1-client
+[12-curve-X25519-ssl]
+server = 12-curve-X25519-server
+client = 12-curve-X25519-client
-[12-curve-prime256v1-server]
+[12-curve-X25519-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = prime256v1
+Curves = X25519
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[12-curve-prime256v1-client]
+[12-curve-X25519-client]
CipherString = ECDHE
-Curves = prime256v1
+Curves = X25519
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-12]
ExpectedResult = Success
-ExpectedTmpKeyType = prime256v1
+ExpectedTmpKeyType = X25519
# ===========================================================
-[13-curve-secp384r1]
-ssl_conf = 13-curve-secp384r1-ssl
+[13-curve-X448]
+ssl_conf = 13-curve-X448-ssl
-[13-curve-secp384r1-ssl]
-server = 13-curve-secp384r1-server
-client = 13-curve-secp384r1-client
+[13-curve-X448-ssl]
+server = 13-curve-X448-server
+client = 13-curve-X448-client
-[13-curve-secp384r1-server]
+[13-curve-X448-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = secp384r1
+Curves = X448
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[13-curve-secp384r1-client]
+[13-curve-X448-client]
CipherString = ECDHE
-Curves = secp384r1
+Curves = X448
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-13]
ExpectedResult = Success
-ExpectedTmpKeyType = secp384r1
+ExpectedTmpKeyType = X448
# ===========================================================
-[14-curve-secp521r1]
-ssl_conf = 14-curve-secp521r1-ssl
+[14-curve-sect163k1]
+ssl_conf = 14-curve-sect163k1-ssl
-[14-curve-secp521r1-ssl]
-server = 14-curve-secp521r1-server
-client = 14-curve-secp521r1-client
+[14-curve-sect163k1-ssl]
+server = 14-curve-sect163k1-server
+client = 14-curve-sect163k1-client
-[14-curve-secp521r1-server]
+[14-curve-sect163k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = secp521r1
+Curves = sect163k1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[14-curve-secp521r1-client]
+[14-curve-sect163k1-client]
CipherString = ECDHE
-Curves = secp521r1
+Curves = sect163k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-14]
ExpectedResult = Success
-ExpectedTmpKeyType = secp521r1
+ExpectedTmpKeyType = sect163k1
# ===========================================================
-[15-curve-X25519]
-ssl_conf = 15-curve-X25519-ssl
+[15-curve-sect163r2]
+ssl_conf = 15-curve-sect163r2-ssl
-[15-curve-X25519-ssl]
-server = 15-curve-X25519-server
-client = 15-curve-X25519-client
+[15-curve-sect163r2-ssl]
+server = 15-curve-sect163r2-server
+client = 15-curve-sect163r2-client
-[15-curve-X25519-server]
+[15-curve-sect163r2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = X25519
+Curves = sect163r2
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[15-curve-X25519-client]
+[15-curve-sect163r2-client]
CipherString = ECDHE
-Curves = X25519
+Curves = sect163r2
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-15]
ExpectedResult = Success
-ExpectedTmpKeyType = X25519
+ExpectedTmpKeyType = sect163r2
# ===========================================================
-[16-curve-X448]
-ssl_conf = 16-curve-X448-ssl
+[16-curve-prime192v1]
+ssl_conf = 16-curve-prime192v1-ssl
-[16-curve-X448-ssl]
-server = 16-curve-X448-server
-client = 16-curve-X448-client
+[16-curve-prime192v1-ssl]
+server = 16-curve-prime192v1-server
+client = 16-curve-prime192v1-client
-[16-curve-X448-server]
+[16-curve-prime192v1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = X448
+Curves = prime192v1
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[16-curve-X448-client]
+[16-curve-prime192v1-client]
CipherString = ECDHE
-Curves = X448
+Curves = prime192v1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-16]
ExpectedResult = Success
-ExpectedTmpKeyType = X448
+ExpectedTmpKeyType = prime192v1
# ===========================================================
diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in
index d074e561c9..b5ee4d2827 100644
--- a/test/ssl-tests/14-curves.cnf.in
+++ b/test/ssl-tests/14-curves.cnf.in
@@ -12,13 +12,14 @@ use OpenSSL::Test::Utils qw(anydisabled);
our $fips_mode;
-my @curves = ("sect163k1", "sect163r2", "sect233k1", "sect233r1",
+my @curves = ("sect233k1", "sect233r1",
"sect283k1", "sect283r1", "sect409k1", "sect409r1",
- "sect571k1", "sect571r1", "prime192v1", "secp224r1",
+ "sect571k1", "sect571r1", "secp224r1",
"prime256v1", "secp384r1", "secp521r1", "X25519",
"X448");
-my @curves_non_fips = ("sect163r1", "sect193r1", "sect193r2", "sect239k1",
+my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
+ "sect163r1", "sect193r1", "sect193r2", "sect239k1",
"secp160k1", "secp160r1", "secp160r2", "secp192k1",
"secp224k1", "secp256k1", "brainpoolP256r1",
"brainpoolP384r1", "brainpoolP512r1");
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 02:32:46 +0000