While we don't explicitly support curve secp256r1, we can run 1250 tests

against its ANSI equivalent prime256v1 (compare RFC 4492, Appendix A).

1 files changed, 2 insertions, 11 deletions

diff --git a/regress/lib/libcrypto/wycheproof/wycheproof.go b/regress/lib/libcrypto/wycheproof/wycheproof.go
index e00edc03a23..92313f4afcc 100644
--- a/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.67 2018/09/30 10:56:46 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.68 2018/10/04 18:25:50 tb Exp $ */
 /*
  * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -274,6 +274,7 @@ var nids = map[string]int{
 	"brainpoolP512t1": C.NID_brainpoolP512t1,
 	"secp224r1":       C.NID_secp224r1,
 	"secp256k1":       C.NID_secp256k1,
+	"secp256r1":       C.NID_X9_62_prime256v1, // RFC 4492, Table 6, p.32
 	"secp384r1":       C.NID_secp384r1,
 	"secp521r1":       C.NID_secp521r1,
 	"SHA-1":           C.NID_sha1,
@@ -1224,11 +1225,6 @@ func runECDHTest(nid int, doECpoint bool, wt *wycheproofTestECDH) bool {
 }
 
 func runECDHTestGroup(algorithm string, wtg *wycheproofTestGroupECDH) bool {
-	// No secp256r1 support.
-	if wtg.Curve == "secp256r1" {
-		return true
-	}
-
 	doECpoint := false
 	if wtg.Encoding == "ecpoint" {
 		doECpoint = true
@@ -1288,11 +1284,6 @@ func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA
 }
 
 func runECDSATestGroup(algorithm string, wtg *wycheproofTestGroupECDSA) bool {
-	// No secp256r1 support.
-	if wtg.Key.Curve == "secp256r1" {
-		return true
-	}
-
 	fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
 
 	nid, err := nidFromString(wtg.Key.Curve)