- diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c

- --- openssl-3.0.0-alpha13/apps/speed.c.ec-curves	2021-04-10 12:12:00.620129302 +0200

- +++ openssl-3.0.0-alpha13/apps/speed.c	2021-04-10 12:18:11.872369417 +0200

- @@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1];

- -#ifndef OPENSSL_NO_EC2M

- -    R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,

- -    R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,

- -#endif

- -    R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,

- -    R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM

- +    ECDSA_NUM

-      {"ecdsap521", R_EC_P521},

- -#ifndef OPENSSL_NO_EC2M

- -    {"ecdsak163", R_EC_K163},

- -    {"ecdsak233", R_EC_K233},

- -    {"ecdsak283", R_EC_K283},

- -    {"ecdsak409", R_EC_K409},

- -    {"ecdsak571", R_EC_K571},

- -    {"ecdsab163", R_EC_B163},

- -    {"ecdsab233", R_EC_B233},

- -    {"ecdsab283", R_EC_B283},

- -    {"ecdsab409", R_EC_B409},

- -    {"ecdsab571", R_EC_B571},

- -#endif

- -    {"ecdsabrp256r1", R_EC_BRP256R1},

- -    {"ecdsabrp256t1", R_EC_BRP256T1},

- -    {"ecdsabrp384r1", R_EC_BRP384R1},

- -    {"ecdsabrp384t1", R_EC_BRP384T1},

- -    {"ecdsabrp512r1", R_EC_BRP512R1},

- -    {"ecdsabrp512t1", R_EC_BRP512T1}

-  };

-      {"ecdhp521", R_EC_P521},

- -#ifndef OPENSSL_NO_EC2M

- -    {"ecdhk163", R_EC_K163},

- -    {"ecdhk233", R_EC_K233},

- -    {"ecdhk283", R_EC_K283},

- -    {"ecdhk409", R_EC_K409},

- -    {"ecdhk571", R_EC_K571},

- -    {"ecdhb163", R_EC_B163},

- -    {"ecdhb233", R_EC_B233},

- -    {"ecdhb283", R_EC_B283},

- -    {"ecdhb409", R_EC_B409},

- -    {"ecdhb571", R_EC_B571},

- -#endif

- -    {"ecdhbrp256r1", R_EC_BRP256R1},

- -    {"ecdhbrp256t1", R_EC_BRP256T1},

- -    {"ecdhbrp384r1", R_EC_BRP384R1},

- -    {"ecdhbrp384t1", R_EC_BRP384T1},

- -    {"ecdhbrp512r1", R_EC_BRP512R1},

- -    {"ecdhbrp512t1", R_EC_BRP512T1},

-      {"ecdhx25519", R_EC_X25519},

-      {"ecdhx448", R_EC_X448}

-  };

- @@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv)

-          {"nistp521", NID_secp521r1, 521},

- -#ifndef OPENSSL_NO_EC2M

- -        /* Binary Curves */

- -        {"nistk163", NID_sect163k1, 163},

- -        {"nistk233", NID_sect233k1, 233},

- -        {"nistk283", NID_sect283k1, 283},

- -        {"nistk409", NID_sect409k1, 409},

- -        {"nistk571", NID_sect571k1, 571},

- -        {"nistb163", NID_sect163r2, 163},

- -        {"nistb233", NID_sect233r1, 233},

- -        {"nistb283", NID_sect283r1, 283},

- -        {"nistb409", NID_sect409r1, 409},

- -        {"nistb571", NID_sect571r1, 571},

- -#endif

- -        {"brainpoolP256r1", NID_brainpoolP256r1, 256},

- -        {"brainpoolP256t1", NID_brainpoolP256t1, 256},

- -        {"brainpoolP384r1", NID_brainpoolP384r1, 384},

- -        {"brainpoolP384t1", NID_brainpoolP384t1, 384},

- -        {"brainpoolP512r1", NID_brainpoolP512r1, 512},

- -        {"brainpoolP512t1", NID_brainpoolP512t1, 512},

-          /* Other and ECDH only ones */

-          {"X25519", NID_X25519, 253},

-          {"X448", NID_X448, 448}

- diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h

- --- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves	2021-04-10 12:07:43.158013028 +0200

- +++ openssl-3.0.0-alpha13/test/ecdsatest.h	2021-04-10 12:11:21.601828737 +0200

- @@ -32,23 +32,6 @@ typedef struct {

-  } ecdsa_cavs_kat_t;

-  

-  static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {

- -    /* prime KATs from X9.62 */

- -    {NID_X9_62_prime192v1, NID_sha1,

- -     "616263",                  /* "abc" */

- -     "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",

- -     "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"

- -     "5ca5c0d69716dfcb3474373902",

- -     "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",

- -     "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",

- -     "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},

- -    {NID_X9_62_prime239v1, NID_sha1,

- -     "616263",                  /* "abc" */

- -     "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",

- -     "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"

- -     "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",

- -     "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",

- -     "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",

- -     "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},

-      /* prime KATs from NIST CAVP */

-      {NID_secp224r1, NID_sha224,

-       "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"

- diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t

- --- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves	2021-04-10 11:59:37.453332668 +0200

- +++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t	2021-04-10 12:03:43.363538976 +0200

- @@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport

-      if disabled("ec");

-  

-  my @prime_curves = qw(

- -    secp112r1

- -    secp112r2

- -    secp128r1

- -    secp128r2

- -    secp160k1

- -    secp160r1

- -    secp160r2

- -    secp192k1

- -    secp224k1

-      secp224r1

-      secp256k1

-      secp384r1

-      secp521r1

- -    prime192v1

- -    prime192v2

- -    prime192v3

- -    prime239v1

- -    prime239v2

- -    prime239v3

-      prime256v1

- -    wap-wsg-idm-ecid-wtls6

- -    wap-wsg-idm-ecid-wtls7

- -    wap-wsg-idm-ecid-wtls8

- -    wap-wsg-idm-ecid-wtls9

- -    wap-wsg-idm-ecid-wtls12

- -    brainpoolP160r1

- -    brainpoolP160t1

- -    brainpoolP192r1

- -    brainpoolP192t1

- -    brainpoolP224r1

- -    brainpoolP224t1

- -    brainpoolP256r1

- -    brainpoolP256t1

- -    brainpoolP320r1

- -    brainpoolP320t1

- -    brainpoolP384r1

- -    brainpoolP384t1

- -    brainpoolP512r1

- -    brainpoolP512t1

-  );

-  

-  my @binary_curves = qw(

- @@ -136,7 +102,6 @@ push(@other_curves, 'SM2')

-      if !disabled("sm2");

-  

-  my @curve_aliases = qw(

- -    P-192

-      P-224

-      P-256

-      P-384

- diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t

- --- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves	2021-04-10 12:40:59.871858764 +0200

- +++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t	2021-04-10 12:41:41.140455070 +0200

- @@ -33,7 +33,7 @@ my %certs_info =

-           'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit',

-           'ee-cert-ec-named-named' => 'ca-cert-ec-named',

-           # 'server-ed448-cert' => 'root-ed448-cert'

- -         'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',

- +		 # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',

-          )

-       )

-      );

- diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t

- diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t

- diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t

- diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf

- --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves	2021-04-10 13:21:52.123040226 +0200

- +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf	2021-04-10 13:28:20.856023985 +0200

- @@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server

-  client = 22-ECDSA with brainpool-client

-  

-  [22-ECDSA with brainpool-server]

- -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem

- +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

-  CipherString = DEFAULT

- -Groups = brainpoolP256r1

- -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem

- +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

-  

-  [22-ECDSA with brainpool-client]

-  CipherString = aECDSA

- -Groups = brainpoolP256r1

-  MaxProtocol = TLSv1.2

-  RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

-  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

- @@ -791,9 +789,6 @@ VerifyMode = Peer

-  

-  [test-22]

-  ExpectedResult = Success

- -ExpectedServerCANames = empty

- -ExpectedServerCertType = brainpoolP256r1

- -ExpectedServerSignType = EC

-  

-  

-  # ===========================================================

- @@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool

-  client = 53-TLS 1.3 ECDSA with brainpool-client

-  

-  [53-TLS 1.3 ECDSA with brainpool-server]

- -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem

- +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

-  CipherString = DEFAULT

- -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem

- +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

-  

-  [53-TLS 1.3 ECDSA with brainpool-client]

-  CipherString = DEFAULT

- @@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro

-  VerifyMode = Peer

-  

-  [test-53]

- -ExpectedResult = ServerFail

- +ExpectedResult = Success

-  

-  

-  # ===========================================================

- diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in

- --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves	2021-04-10 13:22:06.275221662 +0200

- +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in	2021-04-10 13:35:18.774623319 +0200

- @@ -428,21 +428,21 @@ my @tests_non_fips = (

-      {

-          name => "ECDSA with brainpool",

-          server =>  {

- -            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),

- -            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),

- -            "Groups" => "brainpoolP256r1",

- +            "Certificate" => test_pem("server-ecdsa-cert.pem"),

- +            "PrivateKey" => test_pem("server-ecdsa-key.pem"),

- +			#"Groups" => "brainpoolP256r1",

-          },

-          client => {

-              "MaxProtocol" => "TLSv1.2",

-              "CipherString" => "aECDSA",

-              "RequestCAFile" => test_pem("root-cert.pem"),

- -            "Groups" => "brainpoolP256r1",

- +			#"Groups" => "brainpoolP256r1",

-          },

-          test   => {

- -            "ExpectedServerCertType" =>, "brainpoolP256r1",

- -            "ExpectedServerSignType" =>, "EC",

- +            #"ExpectedServerCertType" =>, "brainpoolP256r1",

- +            #"ExpectedServerSignType" =>, "EC",

-              # Note: certificate_authorities not sent for TLS < 1.3

- -            "ExpectedServerCANames" =>, "empty",

- +            #"ExpectedServerCANames" =>, "empty",

-              "ExpectedResult" => "Success"

-          },

-      },

- @@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = (

-      {

-          name => "TLS 1.3 ECDSA with brainpool",

-          server =>  {

- -            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),

- -            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),

- +            "Certificate" => test_pem("server-ecdsa-cert.pem"),

- +            "PrivateKey" => test_pem("server-ecdsa-key.pem"),

-          },

-          client => {

-              "RequestCAFile" => test_pem("root-cert.pem"),

- @@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = (

-              "MaxProtocol" => "TLSv1.3"

-          },

-          test   => {

- -            "ExpectedResult" => "ServerFail"

- +            "ExpectedResult" => "Success"

-          },

-      },

-  );

- diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t

- --- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves	2021-04-10 14:00:22.482782216 +0200

- +++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t	2021-04-10 14:08:50.769727651 +0200

- @@ -158,60 +158,6 @@ sub tsignverify {

-         $testtext);

-  }

-  

- -SKIP : {

- -    skip "FIPS EC tests because of no ec in this build", 1

- -        if disabled("ec");

- -

- -    subtest EC => sub {

- -        my $testtext_prefix = 'EC';

- -        my $a_fips_curve = 'prime256v1';

- -        my $fips_key = $testtext_prefix.'.fips.priv.pem';

- -        my $fips_pub_key = $testtext_prefix.'.fips.pub.pem';

- -        my $a_nonfips_curve = 'brainpoolP256r1';

- -        my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem';

- -        my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem';

- -        my $testtext = '';

- -        my $curvename = '';

- -

- -        plan tests => 5 + $tsignverify_count;

- -

- -        $ENV{OPENSSL_CONF} = $defaultconf;

- -        $curvename = $a_nonfips_curve;

- -        $testtext = $testtext_prefix.': '.

- -            'Generate a key with a non-FIPS algorithm with the default provider';

- -        ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',

- -                    '-pkeyopt', 'ec_paramgen_curve:'.$curvename,

- -                    '-out', $nonfips_key])),

- -           $testtext);

- -

- -        pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");

- -

- -        $ENV{OPENSSL_CONF} = $fipsconf;

- -

- -        $curvename = $a_fips_curve;

- -        $testtext = $testtext_prefix.': '.

- -            'Generate a key with a FIPS algorithm';

- -        ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',

- -                    '-pkeyopt', 'ec_paramgen_curve:'.$curvename,

- -                    '-out', $fips_key])),

- -           $testtext);

- -

- -        pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS");

- -

- -        $curvename = $a_nonfips_curve;

- -        $testtext = $testtext_prefix.': '.

- -            'Generate a key with a non-FIPS algorithm'.

- -            ' (should fail)';

- -        ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC',

- -                     '-pkeyopt', 'ec_paramgen_curve:'.$curvename,

- -                     '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])),

- -           $testtext);

- -

- -        tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key,

- -                    $nonfips_pub_key);

- -    };

- -}

- -

-  SKIP: {

-      skip "FIPS RSA tests because of no rsa in this build", 1

-          if disabled("rsa");

- diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t

- --- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves	2021-04-10 14:23:09.805468483 +0200

- +++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t	2021-04-10 14:23:33.002784265 +0200

- @@ -26,7 +26,7 @@ use platform;

-  my $no_check = disabled("fips") || disabled('fips-securitychecks');

-  plan skip_all => "Test only supported in a fips build with security checks"

-      if $no_check;

- -plan tests => 11;

- +plan tests => 10;

-  

-  my $fipsmodule = bldtop_file('providers', platform->dso('fips'));

-  my $fipsconf = srctop_file("test", "fips-and-base.cnf");

- diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf

- --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves	2021-04-10 17:52:46.478721611 +0200

- +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf	2021-04-10 17:54:11.371688446 +0200

- @@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool

-  client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client

-  

-  [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]

- -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem

- +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

-  CipherString = DEFAULT

- -Groups = brainpoolP256r1

- -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem

- +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

-  

-  [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]

-  CipherString = aECDSA

- -Groups = brainpoolP256r1

-  RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

-  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

-  VerifyMode = Peer

-  

-  [test-52]

- -ExpectedResult = ClientFail

- +ExpectedResult = Success

-  

-  

-  # ===========================================================

- diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in

- --- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves	2021-04-10 17:53:03.317913390 +0200

- +++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in	2021-04-10 17:55:22.507498606 +0200

- @@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = (

-      {

-          name => "TLS 1.3 ECDSA with brainpool but no suitable groups",

-          server =>  {

- -            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),

- -            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),

- -            "Groups" => "brainpoolP256r1",

- +            "Certificate" => test_pem("server-ecdsa-cert.pem"),

- +            "PrivateKey" => test_pem("server-ecdsa-key.pem"),

- +            #"Groups" => "brainpoolP256r1",

-          },

-          client => {

-              "CipherString" => "aECDSA",

-              "RequestCAFile" => test_pem("root-cert.pem"),

- -            "Groups" => "brainpoolP256r1",

- +            #"Groups" => "brainpoolP256r1",

-          },

-          test   => {

-              #We only configured brainpoolP256r1 on the client side, but TLSv1.3

-              #is enabled and this group is not allowed in TLSv1.3. Therefore this

-              #should fail

- -            "ExpectedResult" => "ClientFail"

- +            "ExpectedResult" => "Success"

-          },

-      },

-      {

- diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c

- --- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves	2021-04-11 11:13:14.236891844 +0200

- +++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c	2021-04-11 11:12:05.128098714 +0200

- @@ -20,99 +20,13 @@ typedef struct ec_name2nid_st {

-      {"secp224k1", NID_secp224k1 },

- -    /* characteristic two field curves */

- -    /* NIST/SECG curves */

- -    /* brainpool curves */

- -    {"brainpoolP256r1", NID_brainpoolP256r1 },

- -    {"brainpoolP256t1", NID_brainpoolP256t1 },

- -    {"brainpoolP320r1", NID_brainpoolP320r1 },

- -    {"brainpoolP320t1", NID_brainpoolP320t1 },

- -    {"brainpoolP384r1", NID_brainpoolP384r1 },

- -    {"brainpoolP384t1", NID_brainpoolP384t1 },

- -    {"brainpoolP512r1", NID_brainpoolP512r1 },

- -    {"brainpoolP512t1", NID_brainpoolP512t1 },

- diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc

- --- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves	2021-04-11 13:46:57.286828933 +0200

- +++ openssl-3.0.0-alpha13/test/acvp_test.inc	2021-04-11 13:48:01.356704526 +0200

- diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t

- --- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves	2021-04-11 21:45:04.949948725 +0200

- +++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t	2021-04-11 21:44:09.585283604 +0200

- @@ -7,7 +7,6 @@

-  # this file except in compliance with the License.  You can obtain a copy

-  # in the file LICENSE in the source distribution or at

-  # https://www.openssl.org/source/license.html

- -

-  use strict;

-  use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;

-  use OpenSSL::Test::Utils;

- @@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo

-  plan skip_all => "This test is not supported in a shared library build on Windows"

-      if $^O eq 'MSWin32' && !disabled("shared");

-  

- -plan tests => 2 + ($no_fips ? 0 : 1); #fips test

- +plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test

-  my @basic_cmd = ("cmp_protect_test",

-                   data_file("server.pem"),

- diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t

- --- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves	2021-04-11 21:45:25.414194574 +0200

- +++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t	2021-04-11 21:44:40.786658440 +0200

- @@ -7,7 +7,6 @@

-  # this file except in compliance with the License.  You can obtain a copy

-  # in the file LICENSE in the source distribution or at

-  # https://www.openssl.org/source/license.html

- -

-  use strict;

-  use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;

-  use OpenSSL::Test::Utils;

- @@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo

-  plan skip_all => "This test is not supported in a no-ec build"

- 

- -plan tests => 2 + ($no_fips ? 0 : 1); #fips test

- +plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test

- 

-  my @basic_cmd = ("cmp_vfy_test",

-                   data_file("server.crt"),     data_file("client.crt"),

- diff -up openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha15/crypto/evp/ec_support.c

- --- openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves	2021-04-23 18:15:12.571691284 +0200

- +++ openssl-3.0.0-alpha15/crypto/evp/ec_support.c	2021-04-23 18:16:00.803087403 +0200

- @@ -28,7 +28,6 @@ static const EC_NAME2NID curve_list[] =

-  static const EC_NAME2NID curve_list[] = {

-      /* prime field curves */

-      /* secg curves */

- -    {"secp224k1", NID_secp224k1 },

-      {"secp224r1", NID_secp224r1 },

-      {"secp256k1", NID_secp256k1 },

-      {"secp384r1", NID_secp384r1 },

- diff -up openssl-3.0.0-alpha15/apps/speed.c.ec-curves openssl-3.0.0-alpha15/apps/speed.c

- --- openssl-3.0.0-alpha15/apps/speed.c.ec-curves	2021-04-26 14:25:44.049991942 +0200

- +++ openssl-3.0.0-alpha15/apps/speed.c	2021-04-26 14:36:10.643570273 +0200

- @@ -1439,8 +1439,8 @@ int speed_main(int argc, char **argv)

-      OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);

-      OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);

-  

- -    OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);

- -    OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);

- +    OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1);

- +    OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0);

-  

-  #ifndef OPENSSL_NO_SM2

-      OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);

- diff -up openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha16/test/evp_extra_test.c

- --- openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves	2021-05-10 14:44:28.932751551 +0200

- +++ openssl-3.0.0-alpha16/test/evp_extra_test.c	2021-05-10 14:45:21.537238883 +0200

- @@ -2701,13 +2701,12 @@ err:

-  

-  #ifndef OPENSSL_NO_EC

-  static int ecpub_nids[] = {

- -    NID_brainpoolP256r1, NID_X9_62_prime256v1,

- +    NID_X9_62_prime256v1,

-      NID_secp384r1, NID_secp521r1,

-  # ifndef OPENSSL_NO_EC2M

-      NID_sect233k1, NID_sect233r1, NID_sect283r1,

-      NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,

-  # endif

- -    NID_brainpoolP384r1, NID_brainpoolP512r1

-  };

-  

-  static int test_ecpub(int idx)

- diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt

- --- openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves	2021-05-17 10:45:03.968368782 +0200

- +++ openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt	2021-05-17 10:45:54.211747865 +0200

- @@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP

-  x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==

-  -----END PUBLIC KEY-----

-  

- -PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC

- ------BEGIN PUBLIC KEY-----

- -MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe

- -53YiHHK4SzR844PzgGe4nD6a

- ------END PUBLIC KEY-----

- -

-  PrivateKey = RSA-2048

-  -----BEGIN PRIVATE KEY-----

-  MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV

- @@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH

-  

-  PrivPubKeyPair = RSA-2048:P-256-PUBLIC

-  Result = KEYPAIR_TYPE_MISMATCH

- -

- -PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC

- -Result = KEYPAIR_TYPE_MISMATCH

- -

- -PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC

- -Result = KEYPAIR_TYPE_MISMATCH

- diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp.t

- --- openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves	2021-05-17 10:49:28.050844977 +0200

- +++ openssl-3.0.0-alpha16/test/recipes/30-test_evp.t	2021-05-17 10:53:53.480444576 +0200

- @@ -111,7 +111,6 @@ my @defltfiles = qw(

-                       evppkey_kdf_tls1_prf.txt

-                       evppkey_rsa.txt

-                      );

- -push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;

-  push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;

-  

-  plan tests =>

- diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt

- --- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec	2021-06-29 16:24:56.863303499 +0200

- +++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt	2021-06-29 16:38:04.189996425 +0200

- @@ -11,1949 +11,6 @@

-  #       PrivPubKeyPair Sign Verify VerifyRecover

-  # and continue until a blank line. Lines starting with a pound sign are ignored.

-  

- -Title=c2pnb163v1 curve tests

- -

- -PrivateKey=ALICE_cf_c2pnb163v1

- ------BEGIN PRIVATE KEY-----

- -MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y=

- ------END PRIVATE KEY-----

- -

- -PublicKey=ALICE_cf_c2pnb163v1_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B

- -4G8rKQXbrc0mvWsF

- ------END PUBLIC KEY-----

- -

- -Availablein = default

- -PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB

- -

- -PrivateKey=BOB_cf_c2pnb163v1

- ------BEGIN PRIVATE KEY-----

- -MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI=

- ------END PRIVATE KEY-----

- -

- -PublicKey=BOB_cf_c2pnb163v1_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ

- -KuBh8tP8VSTHPCHF

- ------END PUBLIC KEY-----

- -

- -Availablein = default

- -PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB

- -

- -# ECDH Alice with Bob peer

- -Availablein = default

- -Derive=ALICE_cf_c2pnb163v1

- -PeerKey=BOB_cf_c2pnb163v1_PUB

- -SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd

- -

- -# ECDH Bob with Alice peer

- -Availablein = default

- -Derive=BOB_cf_c2pnb163v1

- -PeerKey=ALICE_cf_c2pnb163v1_PUB

- -SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd

- -

- -# ECC CDH Alice with Bob peer

- -Availablein = default

- -Derive=ALICE_cf_c2pnb163v1

- -PeerKey=BOB_cf_c2pnb163v1_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585

- -

- -# ECC CDH Bob with Alice peer

- -Availablein = default

- -Derive=BOB_cf_c2pnb163v1

- -PeerKey=ALICE_cf_c2pnb163v1_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585

- -

- -PublicKey=MALICE_cf_c2pnb163v1_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN

- -/piKdhDD3dDKXUih

- ------END PUBLIC KEY-----

- -

- -# ECC CDH Bob with Malice peer

- -Availablein = default

- -Derive=BOB_cf_c2pnb163v1

- -PeerKey=MALICE_cf_c2pnb163v1_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -Result=DERIVE_ERROR

- -Reason=point at infinity

- -

- -# ECC CDH Alice with Malice peer

- -Availablein = default

- -Derive=ALICE_cf_c2pnb163v1

- -PeerKey=MALICE_cf_c2pnb163v1_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -Result=DERIVE_ERROR

- -Reason=point at infinity

- -

- -Title=c2pnb163v2 curve tests

- -

- -PrivateKey=ALICE_cf_c2pnb163v2

- ------BEGIN PRIVATE KEY-----

- -MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI=

- ------END PRIVATE KEY-----

- -

- -PublicKey=ALICE_cf_c2pnb163v2_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q

- -4PzawHXQoYm/qgDd

- ------END PUBLIC KEY-----

- -

- -Availablein = default

- -PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB

- -

- -PrivateKey=BOB_cf_c2pnb163v2

- ------BEGIN PRIVATE KEY-----

- -MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ=

- ------END PRIVATE KEY-----

- -

- -PublicKey=BOB_cf_c2pnb163v2_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy

- -kBF3juAQuARgxuT6

- ------END PUBLIC KEY-----

- -

- -Availablein = default

- -PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB

- -

- -# ECDH Alice with Bob peer

- -Availablein = default

- -Derive=ALICE_cf_c2pnb163v2

- -PeerKey=BOB_cf_c2pnb163v2_PUB

- -SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4

- -

- -# ECDH Bob with Alice peer

- -Availablein = default

- -Derive=BOB_cf_c2pnb163v2

- -PeerKey=ALICE_cf_c2pnb163v2_PUB

- -SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4

- -

- -# ECC CDH Alice with Bob peer

- -Availablein = default

- -Derive=ALICE_cf_c2pnb163v2

- -PeerKey=BOB_cf_c2pnb163v2_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41

- -

- -# ECC CDH Bob with Alice peer

- -Availablein = default

- -Derive=BOB_cf_c2pnb163v2

- -PeerKey=ALICE_cf_c2pnb163v2_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41

- -

- -PublicKey=MALICE_cf_c2pnb163v2_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY

- -n6HANPEoMoK+7Sv0

- ------END PUBLIC KEY-----

- -

- -# ECC CDH Bob with Malice peer

- -Availablein = default

- -Derive=BOB_cf_c2pnb163v2

- -PeerKey=MALICE_cf_c2pnb163v2_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -Result=DERIVE_ERROR

- -Reason=point at infinity

- -

- -# ECC CDH Alice with Malice peer

- -Availablein = default

- -Derive=ALICE_cf_c2pnb163v2

- -PeerKey=MALICE_cf_c2pnb163v2_PUB

- -Ctrl=ecdh_cofactor_mode:1

- -Result=DERIVE_ERROR

- -Reason=point at infinity

- -

- -Title=c2pnb163v3 curve tests

- -

- -PrivateKey=ALICE_cf_c2pnb163v3

- ------BEGIN PRIVATE KEY-----

- -MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc=

- ------END PRIVATE KEY-----

- -

- -PublicKey=ALICE_cf_c2pnb163v3_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK

- -YnObLnq34LRuWznb

- ------END PUBLIC KEY-----

- -

- -Availablein = default

- -PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB

- -

- -PrivateKey=BOB_cf_c2pnb163v3

- ------BEGIN PRIVATE KEY-----

- -MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M=

- ------END PRIVATE KEY-----

- -

- -PublicKey=BOB_cf_c2pnb163v3_PUB

- ------BEGIN PUBLIC KEY-----

- -MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J

- -DZnBLhxBwtqnfUpA

- ------END PUBLIC KEY-----

- -

- -Availablein = default

- -PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB