rpm/backport-Support-NIST-P-521.patch

From 6344fec232cdd0e9d821a0b17e480494f4dcfd4b Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Mon, 22 Apr 2024 12:54:32 +0200
Subject: [PATCH] Support NIST P-521

Conflict:don't modify digest_libgcrypt.c;modify digest_openssl.c in rpmio;
Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/6344fec232cdd0e9d821a0b17e480494f4dcfd4b

Because the standard says we SHOULD.
---
 rpmio/digest_openssl.c   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
index 662b469..42eec66 100644
--- a/rpmio/digest_openssl.c
+++ b/rpmio/digest_openssl.c
@@ -556,6 +556,13 @@ static int constructECDSASigningKey(struct pgpDigKeyECDSA_s *key, int curve)
 	    OSSL_PARAM_END
 	};
 	key->evp_pkey = construct_pkey_from_param(EVP_PKEY_EC, params);
+    } else if (curve == PGPCURVE_NIST_P_521) {
+	OSSL_PARAM params[] = {
+	    OSSL_PARAM_utf8_string("group", "P-521", 5),
+	    OSSL_PARAM_octet_string("pub", key->q, key->qlen),
+	    OSSL_PARAM_END
+	};
+	key->evp_pkey = construct_pkey_from_param(EVP_PKEY_EC, params);
     }
     return key->evp_pkey ? 1 : 0;
 #else
@@ -565,6 +572,8 @@ static int constructECDSASigningKey(struct pgpDigKeyECDSA_s *key, int curve)
 	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
     else if (curve == PGPCURVE_NIST_P_384)
 	ec = EC_KEY_new_by_curve_name(NID_secp384r1);
+    else if (curve == PGPCURVE_NIST_P_521)
+	ec = EC_KEY_new_by_curve_name(NID_secp521r1);
     if (!ec)
 	return 0;
 
@@ -817,6 +826,8 @@ static int pgpSupportedCurve(int algo, int curve)
 	return 1;
     if (algo == PGPPUBKEYALGO_ECDSA && curve == PGPCURVE_NIST_P_384)
 	return 1;
+    if (algo == PGPPUBKEYALGO_ECDSA && curve == PGPCURVE_NIST_P_521)
+	return 1;
     return 0;
 }
 
-- 
2.23.0
Support sm2p256v1 of ECDSA and sm3 of hash 2024-10-29 14:18:24 +08:00			`From 6344fec232cdd0e9d821a0b17e480494f4dcfd4b Mon Sep 17 00:00:00 2001`
			`From: Michael Schroeder <mls@suse.de>`
			`Date: Mon, 22 Apr 2024 12:54:32 +0200`
			`Subject: [PATCH] Support NIST P-521`

			`Conflict:don't modify digest_libgcrypt.c;modify digest_openssl.c in rpmio;`
			`Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/6344fec232cdd0e9d821a0b17e480494f4dcfd4b`

			`Because the standard says we SHOULD.`
			`---`
			`rpmio/digest_openssl.c \| 11 +++++++++++`
			`1 file changed, 11 insertions(+)`

			`diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c`
			`index 662b469..42eec66 100644`
			`--- a/rpmio/digest_openssl.c`
			`+++ b/rpmio/digest_openssl.c`
			`@@ -556,6 +556,13 @@ static int constructECDSASigningKey(struct pgpDigKeyECDSA_s *key, int curve)`
			`OSSL_PARAM_END`
			`};`
			`key->evp_pkey = construct_pkey_from_param(EVP_PKEY_EC, params);`
			`+ } else if (curve == PGPCURVE_NIST_P_521) {`
			`+ OSSL_PARAM params[] = {`
			`+ OSSL_PARAM_utf8_string("group", "P-521", 5),`
			`+ OSSL_PARAM_octet_string("pub", key->q, key->qlen),`
			`+ OSSL_PARAM_END`
			`+ };`
			`+ key->evp_pkey = construct_pkey_from_param(EVP_PKEY_EC, params);`
			`}`
			`return key->evp_pkey ? 1 : 0;`
			`#else`
			`@@ -565,6 +572,8 @@ static int constructECDSASigningKey(struct pgpDigKeyECDSA_s *key, int curve)`
			`ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);`
			`else if (curve == PGPCURVE_NIST_P_384)`
			`ec = EC_KEY_new_by_curve_name(NID_secp384r1);`
			`+ else if (curve == PGPCURVE_NIST_P_521)`
			`+ ec = EC_KEY_new_by_curve_name(NID_secp521r1);`
			`if (!ec)`
			`return 0;`

			`@@ -817,6 +826,8 @@ static int pgpSupportedCurve(int algo, int curve)`
			`return 1;`
			`if (algo == PGPPUBKEYALGO_ECDSA && curve == PGPCURVE_NIST_P_384)`
			`return 1;`
			`+ if (algo == PGPPUBKEYALGO_ECDSA && curve == PGPCURVE_NIST_P_521)`
			`+ return 1;`
			`return 0;`
			`}`

			`--`
			`2.23.0`