aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-12-02 08:34:52 -0500
committerJack Lloyd <[email protected]>2015-12-02 08:34:52 -0500
commit44c1aa4a0213a16ea928de4285d2481410d194d3 (patch)
tree989a27df241b7c896d962274ad42064fecbe31df
parent4bc4cc6390f55d1eed65fe0d6b5170b5e65ae058 (diff)
Remove support for broken 112 and 128 bit SECP ECC groups.
-rw-r--r--doc/news.rst3
-rw-r--r--src/lib/asn1/oid_lookup/default.cpp6
-rw-r--r--src/lib/pubkey/ec_group/named.cpp46
-rw-r--r--src/tests/unit_ecc.cpp4
4 files changed, 5 insertions, 54 deletions
diff --git a/doc/news.rst b/doc/news.rst
index bf6b91535..cce298ffd 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -15,6 +15,9 @@ Version 1.11.25, Not Yet Released
by ensuring the table is loaded into memory at start and computing the table
at runtime to avoid flush+reload based attacks due to shared VMM mappings.
+* Support for the insecure ECC groups secp112r1, secp112r2, secp128r1, and
+ secp128r2 has been removed.
+
* The OpenSSL implementation of RC4 would return the wrong value from `name` if
leading bytes of the keystream had been skipped in the output.
diff --git a/src/lib/asn1/oid_lookup/default.cpp b/src/lib/asn1/oid_lookup/default.cpp
index 0e23b18a2..2034ab25c 100644
--- a/src/lib/asn1/oid_lookup/default.cpp
+++ b/src/lib/asn1/oid_lookup/default.cpp
@@ -202,13 +202,9 @@ const char* default_oid_list()
"1.3.6.1.5.5.7.48.1.1 = PKIX.OCSP.BasicResponse" "\n"
// ECC param sets
- "1.3.132.0.6 = secp112r1" "\n"
- "1.3.132.0.7 = secp112r2" "\n"
"1.3.132.0.8 = secp160r1" "\n"
"1.3.132.0.9 = secp160k1" "\n"
"1.3.132.0.10 = secp256k1" "\n"
- "1.3.132.0.28 = secp128r1" "\n"
- "1.3.132.0.29 = secp128r2" "\n"
"1.3.132.0.30 = secp160r2" "\n"
"1.3.132.0.31 = secp192k1" "\n"
"1.3.132.0.32 = secp224k1" "\n"
@@ -232,6 +228,8 @@ const char* default_oid_list()
"1.3.36.3.3.2.8.1.1.11 = brainpool384r1" "\n"
"1.3.36.3.3.2.8.1.1.13 = brainpool512r1" "\n"
+ "1.3.6.1.4.1.8301.3.1.2.9.0.38 = secp521r1" "\n"
+
"1.2.643.2.2.35.1 = gost_256A" "\n"
"1.2.643.2.2.36.0 = gost_256A" "\n"
diff --git a/src/lib/pubkey/ec_group/named.cpp b/src/lib/pubkey/ec_group/named.cpp
index 9a2497c27..3ee791053 100644
--- a/src/lib/pubkey/ec_group/named.cpp
+++ b/src/lib/pubkey/ec_group/named.cpp
@@ -11,38 +11,6 @@ namespace Botan {
const char* EC_Group::PEM_for_named_group(const std::string& name)
{
- if(name == "secp112r1")
- return
- "-----BEGIN EC PARAMETERS-----"
- "MHQCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDtt8Kr9i415mgHa+"
- "rSCIBA5lnvi6BDkW7t6JEXArIgQdBAlIcjmZWl7na1X5wvCYqJzlr4ckwKI+Dg/3"
- "dQACDwDbfCq/YuNedijfrGVhxQIBAQ=="
- "-----END EC PARAMETERS-----";
-
- if(name == "secp112r2")
- return
- "-----BEGIN EC PARAMETERS-----"
- "MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZc"
- "DvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826V"
- "bpcCDjbfCq/YuNdZfKEFINBLAgEB"
- "-----END EC PARAMETERS-----";
-
- if(name == "secp128r1")
- return
- "-----BEGIN EC PARAMETERS-----"
- "MIGAAgEBMBwGByqGSM49AQECEQD////9////////////////MCQEEP////3/////"
- "//////////wEEOh1ecEQefQ92CSZPCzuXtMEIQQWH/dSi4mbLQwoYHylLFuGz1rI"
- "OVuv6xPALaKS3e16gwIRAP////4AAAAAdaMNG5A4oRUCAQE="
- "-----END EC PARAMETERS-----";
-
- if(name == "secp128r2")
- return
- "-----BEGIN EC PARAMETERS-----"
- "MH8CAQEwHAYHKoZIzj0BAQIRAP////3///////////////8wJAQQ1gMZmNGzu/6/"
- "Wcybv/mu4QQQXu78o4DQKRncLGVYu22KXQQhBHtqpdheVymD5vsyp83rwUAntpFq"
- "iU067nEG/oBfw0tEAhA/////f////74AJHIGE7WjAgEE"
- "-----END EC PARAMETERS-----";
-
if(name == "secp160k1")
return
"-----BEGIN EC PARAMETERS-----"
@@ -154,20 +122,6 @@ const char* EC_Group::PEM_for_named_group(const std::string& name)
"////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEB"
"-----END EC PARAMETERS-----";
- if(name == "1.3.6.1.4.1.8301.3.1.2.9.0.38")
- return
- "-----BEGIN EC PARAMETERS-----"
- "MIIBrAIBATBNBgcqhkjOPQEBAkIB////////////////////////////////////"
- "//////////////////////////////////////////////////8wgYgEQgH/////"
- "////////////////////////////////////////////////////////////////"
- "/////////////////ARCAFGVPrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ"
- "4VYZOVHsfpN7FlLAvTuxvwc1c9+IPSw08e9FH9RrUD8ABIGFBADGhY4GtwQE6c2e"
- "PstmI5W0QpxkgTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5"
- "fn4xwuW9ZgEYOSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQm"
- "QMVQuQE/rQdhNTxwhqJywkCIvpR2n9FmUAJCAf//////////////////////////"
- "////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEB"
- "-----END EC PARAMETERS-----";
-
if(name == "brainpool160r1")
return
"-----BEGIN EC PARAMETERS-----"
diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp
index 0d6c34213..92dee8ba4 100644
--- a/src/tests/unit_ecc.cpp
+++ b/src/tests/unit_ecc.cpp
@@ -33,10 +33,6 @@ const std::vector<std::string> ec_groups = {
"brainpool384r1",
"brainpool512r1",
"gost_256A",
- "secp112r1",
- "secp112r2",
- "secp128r1",
- "secp128r2",
"secp160k1",
"secp160r1",
"secp160r2",