From 163057e585592ae1a3a91ffca88ed17d8d74453b Mon Sep 17 00:00:00 2001 From: Richard W.M. Jones Date: Jan 11 2024 10:34:51 +0000 Subject: Update to 3.1.4 Notes: - Updated sources to 3.1.4 (copied from rawhide/openssl) - Copied all the patches over from rawhide/openssl - I had to disable a handful of patches which caused build errors Apart from that it's pretty much unmodified. There are changes to the rawhide/openssl package that we should probably reflect here, but they are quite deep. --- diff --git a/.gitignore b/.gitignore index c9ffa4b..1b06cde 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.0.5-hobbled.tar.xz /openssl-3.0.7-hobbled.tar.xz /openssl-3.0.9.tar.gz +/openssl-3.1.4.tar.gz diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch index b5b6bb4..e5d23ba 100644 --- a/0001-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -1,7 +1,18 @@ -diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3.0.9-new/Configurations/10-main.conf ---- openssl-3.0.9/Configurations/10-main.conf 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 16:36:50.335282918 +0200 -@@ -730,6 +730,7 @@ my %targets = ( +From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:01:41 +0200 +Subject: Aarch64 and ppc64le use lib64 + +(Was openssl-1.1.1-build.patch) +--- + Configurations/10-main.conf | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf +index d7580bf3e1..a7dbfd7f40 100644 +--- a/Configurations/10-main.conf ++++ b/Configurations/10-main.conf +@@ -723,6 +723,7 @@ my %targets = ( lib_cppflags => add("-DL_ENDIAN"), asm_arch => 'ppc64', perlasm_scheme => "linux64le", @@ -9,7 +20,7 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3. }, "linux-armv4" => { -@@ -772,6 +773,7 @@ my %targets = ( +@@ -765,6 +766,7 @@ my %targets = ( inherit_from => [ "linux-generic64" ], asm_arch => 'aarch64', perlasm_scheme => "linux64", @@ -17,3 +28,6 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3. }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32" ], +-- +2.26.2 + diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch index c241062..83ed599 100644 --- a/0002-Use-more-general-default-values-in-openssl.cnf.patch +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -1,7 +1,21 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf ---- openssl-3.0.9/apps/openssl.cnf 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 16:36:50.587282180 +0200 -@@ -111,7 +111,7 @@ cert_opt = ca_default # Certificate fi +From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:03:40 +0200 +Subject: Use more general default values in openssl.cnf + +Also set sha256 as default hash, although that should not be +necessary anymore. + +(was openssl-1.1.1-defaults.patch) +--- + apps/openssl.cnf | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 97567a67be..eb25a0ac48 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL @@ -10,7 +24,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look -@@ -143,6 +143,7 @@ emailAddress = optional +@@ -136,6 +136,7 @@ emailAddress = optional #################################################################### [ req ] default_bits = 2048 @@ -18,7 +32,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes -@@ -165,17 +166,18 @@ string_mask = utf8only +@@ -158,17 +159,18 @@ string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) @@ -40,7 +54,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) -@@ -184,7 +186,7 @@ localityName = Locality Name (eg, city +@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = @@ -49,3 +63,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app commonName_max = 64 emailAddress = Email Address +-- +2.26.2 + diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch index d044dac..c31e09b 100644 --- a/0003-Do-not-install-html-docs.patch +++ b/0003-Do-not-install-html-docs.patch @@ -1,7 +1,22 @@ -diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl openssl-3.0.9-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 16:36:50.836281451 +0200 -@@ -611,7 +611,7 @@ install_sw: install_dev install_engines +From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 19 Oct 2023 13:12:39 +0200 +Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch + +Patch-name: 0003-Do-not-install-html-docs.patch +Patch-id: 3 +Patch-status: | + # # Do not install html docs +From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 +--- + Configurations/unix-Makefile.tmpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index a48fae5fb8..56b42926e7 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev @@ -9,4 +24,7 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl open +install_docs: install_man_docs uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r $(DESTDIR)$(DOCDIR) + $(RM) -r "$(DESTDIR)$(DOCDIR)" +-- +2.41.0 + diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index b5a58e8..7f20774 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,6 +1,23 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/CA.pl.in openssl-3.0.9-new/apps/CA.pl.in ---- openssl-3.0.9/apps/CA.pl.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/CA.pl.in 2023-05-31 16:36:51.078280742 +0200 +From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 04/35] + 0004-Override-default-paths-for-the-CA-directory-tree.patch + +Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch +Patch-id: 4 +Patch-status: | + # Override default paths for the CA directory tree +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/CA.pl.in | 2 +- + apps/openssl.cnf | 13 +++++++++++-- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/apps/CA.pl.in b/apps/CA.pl.in +index f029470005..729f104a7e 100644 +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; my $PKCS12 = "$openssl pkcs12"; @@ -10,9 +27,10 @@ diff -rupN --no-dereference openssl-3.0.9/apps/CA.pl.in openssl-3.0.9-new/apps/C my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf ---- openssl-3.0.9/apps/openssl.cnf 2023-05-31 16:36:50.830281468 +0200 -+++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 16:36:51.078280742 +0200 +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 8141ab20cd..3956235fda 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf @@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] @@ -36,7 +54,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app #################################################################### [ ca ] -@@ -79,7 +88,7 @@ default_ca = CA_default # The default c +@@ -79,7 +88,7 @@ default_ca = CA_default # The default ca section #################################################################### [ CA_default ] @@ -45,7 +63,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. -@@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default +@@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. @@ -54,3 +72,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsacert.pem # The TSA signing certificate +-- +2.41.0 + diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch index 6ecd734..1fed4c4 100644 --- a/0005-apps-ca-fix-md-option-help-text.patch +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -1,7 +1,20 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/ca.c openssl-3.0.9-new/apps/ca.c ---- openssl-3.0.9/apps/ca.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/ca.c 2023-05-31 16:36:51.336279987 +0200 -@@ -210,7 +210,7 @@ const OPTIONS ca_options[] = { +From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:27:18 +0200 +Subject: apps/ca: fix md option help text + +upstreamable + +(was openssl-1.1.1-apps-dgst.patch) +--- + apps/ca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/apps/ca.c b/apps/ca.c +index 0f21b4fa1c..3d4b2c1673 100755 +--- a/apps/ca.c ++++ b/apps/ca.c +@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, OPT_SECTION("Signing"), @@ -10,3 +23,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/ca.c openssl-3.0.9-new/apps/ca.c {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, +-- +2.26.2 + diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch index d525118..f9dd2dd 100644 --- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -1,7 +1,18 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/asn1/a_verify.c openssl-3.0.9-new/crypto/asn1/a_verify.c ---- openssl-3.0.9/crypto/asn1/a_verify.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/asn1/a_verify.c 2023-05-31 16:36:51.578279278 +0200 -@@ -153,6 +153,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM +From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:51:34 +0200 +Subject: Disable signature verification with totally unsafe hash algorithms + +(was openssl-1.1.1-no-weak-verify.patch) +--- + crypto/asn1/a_verify.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c +index b7eed914b0..af62f0ef08 100644 +--- a/crypto/asn1/a_verify.c ++++ b/crypto/asn1/a_verify.c +@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) goto err; @@ -13,3 +24,6 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/asn1/a_verify.c openssl-3.0.9-n } else { const EVP_MD *type = NULL; +-- +2.26.2 + diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 12152b5..2ac82fa 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,6 +1,29 @@ -diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl openssl-3.0.9-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-31 16:36:51.074280754 +0200 -+++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 16:36:51.814278587 +0200 +From 66b728801f141c9db8e647ab02421c83694ade79 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 07/35] + 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch + +Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +Patch-id: 7 +Patch-status: | + # Add support for PROFILE=SYSTEM system default cipherlist +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + Configurations/unix-Makefile.tmpl | 5 ++ + Configure | 11 +++- + doc/man1/openssl-ciphers.pod.in | 9 ++++ + include/openssl/ssl.h.in | 5 ++ + ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++---- + ssl/ssl_lib.c | 4 +- + test/cipherlist_test.c | 2 + + util/libcrypto.num | 1 + + 8 files changed, 110 insertions(+), 14 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index f29cdc7f38..c0df026de3 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -20,9 +43,10 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl open (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -diff -rupN --no-dereference openssl-3.0.9/Configure openssl-3.0.9-new/Configure ---- openssl-3.0.9/Configure 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/Configure 2023-05-31 16:36:51.815278584 +0200 +diff --git a/Configure b/Configure +index 456995240b..93be83be94 100755 +--- a/Configure ++++ b/Configure @@ -27,7 +27,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -62,10 +86,11 @@ diff -rupN --no-dereference openssl-3.0.9/Configure openssl-3.0.9-new/Configure elsif (/^--banner=(.*)$/) { $banner = $1 . "\n"; -diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-ciphers.pod.in openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in ---- openssl-3.0.9/doc/man1/openssl-ciphers.pod.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in 2023-05-31 16:36:51.815278584 +0200 -@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher s +diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in +index 658730ec53..04e66bcebe 100644 +--- a/doc/man1/openssl-ciphers.pod.in ++++ b/doc/man1/openssl-ciphers.pod.in +@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. The cipher suites not enabled by B, currently B. @@ -81,10 +106,11 @@ diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-ciphers.pod.in openss =item B "High" encryption cipher suites. This currently means those with key lengths -diff -rupN --no-dereference openssl-3.0.9/include/openssl/ssl.h.in openssl-3.0.9-new/include/openssl/ssl.h.in ---- openssl-3.0.9/include/openssl/ssl.h.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/ssl.h.in 2023-05-31 16:36:51.816278581 +0200 -@@ -205,6 +205,11 @@ extern "C" { +diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in +index f03f52fbd8..0b6de603e2 100644 +--- a/include/openssl/ssl.h.in ++++ b/include/openssl/ssl.h.in +@@ -208,6 +208,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ @@ -96,10 +122,11 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/ssl.h.in openssl-3.0.9 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/ssl_ciph.c ---- openssl-3.0.9/ssl/ssl_ciph.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/ssl/ssl_ciph.c 2023-05-31 16:36:51.816278581 +0200 -@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 93de9cf8fd..a5e60e8839 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } @@ -153,7 +180,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1452,15 +1499,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -181,7 +208,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s /* * To reduce the work to do we only want to process the compiled -@@ -1482,7 +1539,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1487,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -190,7 +217,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1548,8 +1605,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -200,7 +227,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s } /* -@@ -1593,9 +1649,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1598,9 +1654,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -211,7 +238,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1621,8 +1676,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1626,8 +1681,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -221,7 +248,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s } /* -@@ -1630,10 +1684,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1635,10 +1689,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -237,7 +264,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1685,6 +1742,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -252,10 +279,11 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_lib.c openssl-3.0.9-new/ssl/ssl_lib.c ---- openssl-3.0.9/ssl/ssl_lib.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/ssl/ssl_lib.c 2023-05-31 16:36:51.817278578 +0200 -@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index f12ad6d034..a059bcd83b 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -264,7 +292,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_lib.c openssl-3.0.9-new/ssl/ss if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3285,7 +3285,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li +@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -273,9 +301,10 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_lib.c openssl-3.0.9-new/ssl/ss || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -rupN --no-dereference openssl-3.0.9/test/cipherlist_test.c openssl-3.0.9-new/test/cipherlist_test.c ---- openssl-3.0.9/test/cipherlist_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/cipherlist_test.c 2023-05-31 16:36:51.817278578 +0200 +diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c +index 2d166e2b46..4ff2aa12d6 100644 +--- a/test/cipherlist_test.c ++++ b/test/cipherlist_test.c @@ -246,7 +246,9 @@ end: int setup_tests(void) @@ -286,11 +315,15 @@ diff -rupN --no-dereference openssl-3.0.9/test/cipherlist_test.c openssl-3.0.9-n ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); return 1; -diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num ---- openssl-3.0.9/util/libcrypto.num 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 16:36:51.818278575 +0200 -@@ -5429,3 +5429,4 @@ OPENSSL_strcasecmp - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP - OSSL_CMP_MSG_update_recipNonce 5559 3_0_9 EXIST::FUNCTION:CMP +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 406392a7d9..9cb8a4dda2 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5435,3 +5435,4 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION: + EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +-- +2.41.0 + diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch index 7ccbc70..c05aa79 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,18 +1,25 @@ -diff -rupN --no-dereference openssl-3.0.9/include/openssl/crypto.h.in openssl-3.0.9-new/include/openssl/crypto.h.in ---- openssl-3.0.9/include/openssl/crypto.h.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/crypto.h.in 2023-05-31 16:36:52.081277805 +0200 -@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack - # include - # include - # include -+# include - - # ifdef CHARSET_EBCDIC - # include -diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-new/include/openssl/fips.h ---- openssl-3.0.9/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/include/openssl/fips.h 2023-05-31 16:36:52.081277805 +0200 -@@ -0,0 +1,25 @@ +From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch + +Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch +Patch-id: 8 +Patch-status: | + # Add FIPS_mode() compatibility macro +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + include/openssl/fips.h | 26 ++++++++++++++++++++++++++ + test/property_test.c | 14 ++++++++++++++ + 2 files changed, 40 insertions(+) + create mode 100644 include/openssl/fips.h + +diff --git a/include/openssl/fips.h b/include/openssl/fips.h +new file mode 100644 +index 0000000000..4162cbf88e +--- /dev/null ++++ b/include/openssl/fips.h +@@ -0,0 +1,26 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * @@ -26,6 +33,7 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-n +# define OPENSSL_FIPS_H +# pragma once + ++# include +# include + +# ifdef __cplusplus @@ -38,13 +46,15 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-n +} +# endif +#endif -diff -rupN --no-dereference openssl-3.0.9/test/property_test.c openssl-3.0.9-new/test/property_test.c ---- openssl-3.0.9/test/property_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/property_test.c 2023-05-31 16:36:52.082277802 +0200 -@@ -648,6 +648,18 @@ static int test_property_list_to_string( +diff --git a/test/property_test.c b/test/property_test.c +index 45b1db3e85..8894c1c1cb 100644 +--- a/test/property_test.c ++++ b/test/property_test.c +@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i) return ret; } ++#include +static int test_downstream_FIPS_mode(void) +{ + int ret = 0; @@ -60,7 +70,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/property_test.c openssl-3.0.9-new int setup_tests(void) { ADD_TEST(test_property_string); -@@ -661,6 +673,7 @@ int setup_tests(void) +@@ -690,6 +703,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); @@ -68,3 +78,6 @@ diff -rupN --no-dereference openssl-3.0.9/test/property_test.c openssl-3.0.9-new ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); return 1; } +-- +2.41.0 + diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch index ed997db..7b7a223 100644 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -1,24 +1,32 @@ -diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c ---- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 -+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 -@@ -12,11 +12,54 @@ - #include "internal/bio.h" +From aa3aebf132959e7e44876042efaf9ff24ffe0f2b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 09/35] 0009-Add-Kernel-FIPS-mode-flag-support.patch + +Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch +Patch-id: 9 +Patch-status: | + # Add check to see if fips flag is enabled in kernel +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/context.c | 36 ++++++++++++++++++++++++++++++++++++ + include/internal/provider.h | 3 +++ + 2 files changed, 39 insertions(+) + +diff --git a/crypto/context.c b/crypto/context.c +index e294ea1512..51002ba79a 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -16,6 +16,41 @@ #include "internal/provider.h" + #include "crypto/context.h" -+#ifndef FIPS_MODULE +# include +# include +# include +# include +# include -+#endif + - struct ossl_lib_ctx_onfree_list_st { - ossl_lib_ctx_onfree_fn *fn; - struct ossl_lib_ctx_onfree_list_st *next; - }; - -+# ifndef FIPS_MODULE +# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + +static int kernel_fips_flag; @@ -42,38 +50,37 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 + return; +} + -+static int apply_kernel_fips_flag(OSSL_LIB_CTX *ctx) ++int ossl_get_kernel_fips_flag() +{ -+ if (kernel_fips_flag) { -+ return EVP_default_properties_enable_fips(ctx, 1); -+ } -+ -+ return 1; ++ return kernel_fips_flag; +} -+# endif + + struct ossl_lib_ctx_st { - CRYPTO_RWLOCK *lock; - CRYPTO_EX_DATA data; -@@ -74,6 +117,12 @@ static int context_init(OSSL_LIB_CTX *ct - if (!ossl_property_parse_init(ctx)) - goto err; - -+# ifndef FIPS_MODULE -+ /* Preset the fips=yes default property with kernel FIPS mode */ -+ if (!apply_kernel_fips_flag(ctx)) -+ goto err; -+# endif -+ - return 1; - err: - if (exdata_done) -@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte + CRYPTO_RWLOCK *lock, *rand_crngt_lock; + OSSL_EX_DATA_GLOBAL global; +@@ -336,6 +371,7 @@ static int default_context_inited = 0; DEFINE_RUN_ONCE_STATIC(default_context_do_init) { + read_kernel_fips_flag(); - return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) - && context_init(&default_context_int); + if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)) + goto err; + +diff --git a/include/internal/provider.h b/include/internal/provider.h +index 18937f84c7..1446bf7afb 100644 +--- a/include/internal/provider.h ++++ b/include/internal/provider.h +@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, + const OSSL_DISPATCH *in); + void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + ++/* FIPS flag access */ ++int ossl_get_kernel_fips_flag(void); ++ + # ifdef __cplusplus } + # endif +-- +2.41.0 + diff --git a/0010-Add-changes-to-ectest-and-eccurve.patch b/0010-Add-changes-to-ectest-and-eccurve.patch new file mode 100644 index 0000000..876ddb3 --- /dev/null +++ b/0010-Add-changes-to-ectest-and-eccurve.patch @@ -0,0 +1,1148 @@ +From 37fae351c6fef272baf383469181aecfcac87592 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:27 +0200 +Subject: [PATCH 10/35] 0010-Add-changes-to-ectest-and-eccurve.patch + +Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch +Patch-id: 10 +Patch-status: | + # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so + # that new modifications made to these files by upstream are not lost. +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_curve.c | 844 ------------------------------------------- + test/ectest.c | 174 +-------- + 2 files changed, 8 insertions(+), 1010 deletions(-) + +diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c +index b5b2f3342d..d32a768fe6 100644 +--- a/crypto/ec/ec_curve.c ++++ b/crypto/ec/ec_curve.c +@@ -30,38 +30,6 @@ typedef struct { + } EC_CURVE_DATA; + + /* the nist prime curves */ +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 24 * 6]; +-} _EC_NIST_PRIME_192 = { +- { +- NID_X9_62_prime_field, 20, 24, 1 +- }, +- { +- /* seed */ +- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28, +- 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, +- 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1, +- /* x */ +- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, +- 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12, +- /* y */ +- 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, +- 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 +- } +-}; +- + static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; +@@ -200,187 +168,6 @@ static const struct { + } + }; + +-# ifndef FIPS_MODULE +-/* the x9.62 prime curves (minus the nist prime curves) */ +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 24 * 6]; +-} _EC_X9_62_PRIME_192V2 = { +- { +- NID_X9_62_prime_field, 20, 24, 1 +- }, +- { +- /* seed */ +- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E, +- 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63, +- 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53, +- /* x */ +- 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69, +- 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A, +- /* y */ +- 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a, +- 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, +- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 24 * 6]; +-} _EC_X9_62_PRIME_192V3 = { +- { +- NID_X9_62_prime_field, 20, 24, 1 +- }, +- { +- /* seed */ +- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9, +- 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE, +- 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16, +- /* x */ +- 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16, +- 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96, +- /* y */ +- 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6, +- 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 30 * 6]; +-} _EC_X9_62_PRIME_239V1 = { +- { +- NID_X9_62_prime_field, 20, 30, 1 +- }, +- { +- /* seed */ +- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79, +- 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, +- /* p */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92, +- 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, +- 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A, +- /* x */ +- 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64, +- 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, +- 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF, +- /* y */ +- 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca, +- 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39, +- 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, +- /* order */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, +- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 30 * 6]; +-} _EC_X9_62_PRIME_239V2 = { +- { +- NID_X9_62_prime_field, 20, 30, 1 +- }, +- { +- /* seed */ +- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99, +- 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, +- /* p */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99, +- 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, +- 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C, +- /* x */ +- 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB, +- 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, +- 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7, +- /* y */ +- 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc, +- 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60, +- 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, +- /* order */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, +- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 30 * 6]; +-} _EC_X9_62_PRIME_239V3 = { +- { +- NID_X9_62_prime_field, 20, 30, 1 +- }, +- { +- /* seed */ +- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76, +- 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, +- /* p */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03, +- 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, +- 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E, +- /* x */ +- 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94, +- 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, +- 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A, +- /* y */ +- 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b, +- 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99, +- 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, +- /* order */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, +- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 +- } +-}; +-#endif /* FIPS_MODULE */ +- + static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 32 * 6]; +@@ -421,294 +208,6 @@ static const struct { + + #ifndef FIPS_MODULE + /* the secg prime curves (minus the nist and x9.62 prime curves) */ +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 14 * 6]; +-} _EC_SECG_PRIME_112R1 = { +- { +- NID_X9_62_prime_field, 20, 14, 1 +- }, +- { +- /* seed */ +- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, +- /* p */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, +- 0x20, 0x8B, +- /* a */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, +- 0x20, 0x88, +- /* b */ +- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70, +- 0x2B, 0x22, +- /* x */ +- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2, +- 0xF0, 0x98, +- /* y */ +- 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7, +- 0x75, 0x00, +- /* order */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, +- 0x61, 0xC5 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 14 * 6]; +-} _EC_SECG_PRIME_112R2 = { +- { +- NID_X9_62_prime_field, 20, 14, 4 +- }, +- { +- /* seed */ +- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, +- /* p */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, +- 0x20, 0x8B, +- /* a */ +- 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E, +- 0xF0, 0x2C, +- /* b */ +- 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85, +- 0xD7, 0x09, +- /* x */ +- 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92, +- 0x86, 0x43, +- /* y */ +- 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95, +- 0x6e, 0x97, +- /* order */ +- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, +- 0xD0, 0x4B +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 16 * 6]; +-} _EC_SECG_PRIME_128R1 = { +- { +- NID_X9_62_prime_field, 20, 16, 1 +- }, +- { +- /* seed */ +- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, +- 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C, +- 0x2C, 0xEE, 0x5E, 0xD3, +- /* x */ +- 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C, +- 0xA5, 0x2C, 0x5B, 0x86, +- /* y */ +- 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92, +- 0xdd, 0xed, 0x7a, 0x83, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, +- 0x90, 0x38, 0xA1, 0x15 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 16 * 6]; +-} _EC_SECG_PRIME_128R2 = { +- { +- NID_X9_62_prime_field, 20, 16, 4 +- }, +- { +- /* seed */ +- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8, +- 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B, +- 0xBF, 0xF9, 0xAE, 0xE1, +- /* b */ +- 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58, +- 0xBB, 0x6D, 0x8A, 0x5D, +- /* x */ +- 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7, +- 0xCD, 0xEB, 0xC1, 0x40, +- /* y */ +- 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80, +- 0x5f, 0xc3, 0x4b, 0x44, +- /* order */ +- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, +- 0x06, 0x13, 0xB5, 0xA3 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 21 * 6]; +-} _EC_SECG_PRIME_160K1 = { +- { +- NID_X9_62_prime_field, 0, 21, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, +- /* x */ +- 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E, +- 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB, +- /* y */ +- 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82, +- 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, +- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 21 * 6]; +-} _EC_SECG_PRIME_160R1 = { +- { +- NID_X9_62_prime_field, 20, 21, 1 +- }, +- { +- /* seed */ +- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, +- 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8, +- 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45, +- /* x */ +- 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69, +- 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82, +- /* y */ +- 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9, +- 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, +- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 21 * 6]; +-} _EC_SECG_PRIME_160R2 = { +- { +- NID_X9_62_prime_field, 20, 21, 1 +- }, +- { +- /* seed */ +- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6, +- 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, +- /* a */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70, +- /* b */ +- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27, +- 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA, +- /* x */ +- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1, +- 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D, +- /* y */ +- 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa, +- 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, +- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 24 * 6]; +-} _EC_SECG_PRIME_192K1 = { +- { +- NID_X9_62_prime_field, 0, 24, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, +- /* x */ +- 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02, +- 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D, +- /* y */ +- 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0, +- 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, +- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 29 * 6]; +-} _EC_SECG_PRIME_224K1 = { +- { +- NID_X9_62_prime_field, 0, 29, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFE, 0xFF, 0xFF, 0xE5, 0x6D, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x05, +- /* x */ +- 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28, +- 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, +- 0x0E, 0xB6, 0xB7, 0xA4, 0x5C, +- /* y */ +- 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb, +- 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b, +- 0xdb, 0x55, 0x6d, 0x61, 0xa5, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, +- 0x71, 0x76, 0x9F, 0xB1, 0xF7 +- } +-}; +- + static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +@@ -745,102 +244,6 @@ static const struct { + } + }; + +-/* some wap/wtls curves */ +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 15 * 6]; +-} _EC_WTLS_8 = { +- { +- NID_X9_62_prime_field, 0, 15, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFD, 0xE7, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x03, +- /* x */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x01, +- /* y */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x02, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A, +- 0xD8, 0x37, 0xE9 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 21 * 6]; +-} _EC_WTLS_9 = { +- { +- NID_X9_62_prime_field, 0, 21, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, +- /* x */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, +- /* y */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD, +- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 28 * 6]; +-} _EC_WTLS_12 = { +- { +- NID_X9_62_prime_field, 0, 28, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x01, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, +- /* b */ +- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, +- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, +- 0x23, 0x55, 0xFF, 0xB4, +- /* x */ +- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, +- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, +- 0x11, 0x5C, 0x1D, 0x21, +- /* y */ +- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, +- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, +- 0x85, 0x00, 0x7e, 0x34, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, +- 0x5C, 0x5C, 0x2A, 0x3D +- } +-}; + #endif /* FIPS_MODULE */ + + #ifndef OPENSSL_NO_EC2M +@@ -2236,198 +1639,6 @@ static const struct { + */ + + #ifndef FIPS_MODULE +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 20 * 6]; +-} _EC_brainpoolP160r1 = { +- { +- NID_X9_62_prime_field, 0, 20, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, +- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, +- /* a */ +- 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA, +- 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00, +- /* b */ +- 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D, +- 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58, +- /* x */ +- 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46, +- 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3, +- /* y */ +- 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41, +- 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, +- /* order */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, +- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 20 * 6]; +-} _EC_brainpoolP160t1 = { +- { +- NID_X9_62_prime_field, 0, 20, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, +- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, +- /* a */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, +- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C, +- /* b */ +- 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D, +- 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80, +- /* x */ +- 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA, +- 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78, +- /* y */ +- 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84, +- 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, +- /* order */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, +- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 24 * 6]; +-} _EC_brainpoolP192r1 = { +- { +- NID_X9_62_prime_field, 0, 24, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, +- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, +- /* a */ +- 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31, +- 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF, +- /* b */ +- 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04, +- 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9, +- /* x */ +- 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5, +- 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6, +- /* y */ +- 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28, +- 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F, +- /* order */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, +- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 24 * 6]; +-} _EC_brainpoolP192t1 = { +- { +- NID_X9_62_prime_field, 0, 24, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, +- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, +- /* a */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, +- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94, +- /* b */ +- 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4, +- 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79, +- /* x */ +- 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7, +- 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29, +- /* y */ +- 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA, +- 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9, +- /* order */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, +- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 28 * 6]; +-} _EC_brainpoolP224r1 = { +- { +- NID_X9_62_prime_field, 0, 28, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, +- 0x7E, 0xC8, 0xC0, 0xFF, +- /* a */ +- 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6, +- 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, +- 0xCA, 0xD2, 0x9F, 0x43, +- /* b */ +- 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1, +- 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, +- 0x38, 0x6C, 0x40, 0x0B, +- /* x */ +- 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2, +- 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, +- 0xEE, 0x12, 0xC0, 0x7D, +- /* y */ +- 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E, +- 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, +- 0x76, 0x14, 0x02, 0xCD, +- /* order */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, +- 0xA5, 0xA7, 0x93, 0x9F +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 28 * 6]; +-} _EC_brainpoolP224t1 = { +- { +- NID_X9_62_prime_field, 0, 28, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, +- 0x7E, 0xC8, 0xC0, 0xFF, +- /* a */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, +- 0x7E, 0xC8, 0xC0, 0xFC, +- /* b */ +- 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6, +- 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, +- 0x8A, 0x60, 0x88, 0x8D, +- /* x */ +- 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F, +- 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, +- 0x29, 0xB4, 0xD5, 0x80, +- /* y */ +- 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D, +- 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, +- 0x1A, 0x46, 0xDB, 0x4C, +- /* order */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, +- 0xA5, 0xA7, 0x93, 0x9F +- } +-}; +- + static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[] = { + "NIST/SECG curve over a 521 bit prime field"}, + + /* X9.62 curves */ +- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, +- "NIST/X9.62/SECG curve over a 192 bit prime field"}, + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + # if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[] = { + static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, +- "SECG/WTLS curve over a 112 bit prime field"}, +- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, +- "SECG curve over a 112 bit prime field"}, +- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, +- "SECG curve over a 128 bit prime field"}, +- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, +- "SECG curve over a 128 bit prime field"}, +- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, +- "SECG curve over a 160 bit prime field"}, +- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, +- "SECG curve over a 160 bit prime field"}, +- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, +- "SECG/WTLS curve over a 160 bit prime field"}, +- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ +- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, +- "SECG curve over a 192 bit prime field"}, +- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, +- "SECG curve over a 224 bit prime field"}, + # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[] = { + # endif + "NIST/SECG curve over a 521 bit prime field"}, + /* X9.62 curves */ +- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, +- "NIST/X9.62/SECG curve over a 192 bit prime field"}, +- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, +- "X9.62 curve over a 192 bit prime field"}, +- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, +- "X9.62 curve over a 192 bit prime field"}, +- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, +- "X9.62 curve over a 239 bit prime field"}, +- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, +- "X9.62 curve over a 239 bit prime field"}, +- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, +- "X9.62 curve over a 239 bit prime field"}, + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + # if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[] = { + {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, + "X9.62 curve over a 163 bit binary field"}, + # endif +- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, +- "SECG/WTLS curve over a 112 bit prime field"}, +- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, +- "SECG/WTLS curve over a 160 bit prime field"}, +- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, +- "WTLS curve over a 112 bit prime field"}, +- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, +- "WTLS curve over a 160 bit prime field"}, + # ifndef OPENSSL_NO_EC2M + {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field"}, + {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field"}, + # endif +- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, +- "WTLS curve over a 224 bit prime field"}, + # ifndef OPENSSL_NO_EC2M + /* IPSec curves */ + {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, +@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[] = { + "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, + # endif + /* brainpool curves */ +- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, +- "RFC 5639 curve over a 160 bit prime field"}, +- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, +- "RFC 5639 curve over a 160 bit prime field"}, +- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, +- "RFC 5639 curve over a 192 bit prime field"}, +- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, +- "RFC 5639 curve over a 192 bit prime field"}, +- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, +- "RFC 5639 curve over a 224 bit prime field"}, +- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, +- "RFC 5639 curve over a 224 bit prime field"}, + {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, + "RFC 5639 curve over a 256 bit prime field"}, + {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, +diff --git a/test/ectest.c b/test/ectest.c +index afef85b0e6..4890b0555e 100644 +--- a/test/ectest.c ++++ b/test/ectest.c +@@ -175,184 +175,26 @@ static int prime_field_tests(void) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) +- || !TEST_true(BN_hex2bn(&p, "17")) +- || !TEST_true(BN_hex2bn(&a, "1")) +- || !TEST_true(BN_hex2bn(&b, "1")) +- || !TEST_ptr(group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) +- || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) ++ /* ++ * applications should use EC_GROUP_new_curve_GFp so ++ * that the library gets to choose the EC_METHOD ++ */ ++ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) + goto err; + +- TEST_info("Curve defined by Weierstrass equation"); +- TEST_note(" y^2 = x^3 + a*x + b (mod p)"); +- test_output_bignum("a", a); +- test_output_bignum("b", b); +- test_output_bignum("p", p); +- + buf[0] = 0; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) +- || !TEST_true(EC_POINT_set_to_infinity(group, P)) +- || !TEST_true(EC_POINT_is_at_infinity(group, P)) +- || !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx)) +- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)) +- || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) +- || !TEST_ptr(yplusone = BN_new()) +- || !TEST_true(BN_hex2bn(&x, "D")) +- || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))) +- goto err; +- +- if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { +- if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) +- goto err; +- TEST_info("Point is not on curve"); +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- goto err; +- } +- +- TEST_note("A cyclic subgroup:"); +- k = 100; +- do { +- if (!TEST_int_ne(k--, 0)) +- goto err; +- +- if (EC_POINT_is_at_infinity(group, P)) { +- TEST_note(" point at infinity"); +- } else { +- if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, +- ctx))) +- goto err; +- +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- } +- +- if (!TEST_true(EC_POINT_copy(R, P)) +- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))) +- goto err; +- +- } while (!EC_POINT_is_at_infinity(group, P)); +- +- if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx)) +- || !TEST_true(EC_POINT_is_at_infinity(group, P))) +- goto err; +- +- len = +- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, +- sizeof(buf), ctx); +- if (!TEST_size_t_ne(len, 0) +- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) +- goto err; +- test_output_memory("Generator as octet string, compressed form:", +- buf, len); +- +- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, +- buf, sizeof(buf), ctx); +- if (!TEST_size_t_ne(len, 0) +- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) +- goto err; +- test_output_memory("Generator as octet string, uncompressed form:", +- buf, len); +- +- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, +- buf, sizeof(buf), ctx); +- if (!TEST_size_t_ne(len, 0) +- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) +- goto err; +- test_output_memory("Generator as octet string, hybrid form:", +- buf, len); +- +- if (!TEST_true(EC_POINT_invert(group, P, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) +- +- /* +- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, +- * 2000) -- not a NIST curve, but commonly used +- */ +- +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) +- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) +- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) +- || !TEST_true(BN_hex2bn(&b, "1C97BEFC" +- "54BD7A8B65ACF89F81D4D4ADC565FA45")) +- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) +- || !TEST_true(BN_hex2bn(&x, "4A96B568" +- "8EF573284664698968C38BB913CBFC82")) +- || !TEST_true(BN_hex2bn(&y, "23a62855" +- "3168947d59dcc912042351377ac5fb32")) +- || !TEST_true(BN_add(yplusone, y, BN_value_one())) +- /* +- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, +- * and therefore setting the coordinates should fail. +- */ +- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, +- ctx)) +- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) +- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) +- || !TEST_true(BN_hex2bn(&z, "0100000000" +- "000000000001F4C8F927AED3CA752257")) +- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) +- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) +- goto err; +- TEST_info("SEC2 curve secp160r1 -- Generator"); +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- /* G_y value taken from the standard: */ +- if (!TEST_true(BN_hex2bn(&z, "23a62855" +- "3168947d59dcc912042351377ac5fb32")) +- || !TEST_BN_eq(y, z) +- || !TEST_int_eq(EC_GROUP_get_degree(group), 160) +- || !group_order_tests(group) +- +- /* Curve P-192 (FIPS PUB 186-2, App. 6) */ +- +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) +- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) +- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) +- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" +- "0FA7E9AB72243049FEB8DEECC146B9B1")) +- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) +- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" +- "7CBF20EB43A18800F4FF0AFD82FF1012")) +- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) +- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) +- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" +- "FFFFFFFF99DEF836146BC9B1B4D22831")) +- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) +- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) ++ || !TEST_ptr(yplusone = BN_new())) + goto err; + +- TEST_info("NIST curve P-192 -- Generator"); +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- /* G_y value taken from the standard: */ +- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" +- "631011ED6B24CDD573F977A11E794811")) +- || !TEST_BN_eq(y, z) +- || !TEST_true(BN_add(yplusone, y, BN_value_one())) +- /* +- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, +- * and therefore setting the coordinates should fail. +- */ +- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, +- ctx)) +- || !TEST_int_eq(EC_GROUP_get_degree(group), 192) +- || !group_order_tests(group) +- + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" ++ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" +@@ -3015,7 +2857,7 @@ int setup_tests(void) + return 0; + + ADD_TEST(parameter_test); +- ADD_TEST(cofactor_range_test); ++ /* ADD_TEST(cofactor_range_test); */ + ADD_ALL_TESTS(cardinality_test, crv_len); + ADD_TEST(prime_field_tests); + #ifndef OPENSSL_NO_EC2M +-- +2.41.0 + diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index d7c9dba..cbc0a7f 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -1,19 +1,34 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/speed.c ---- openssl-3.0.9/apps/speed.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/speed.c 2023-05-31 16:36:52.317277114 +0200 -@@ -366,68 +366,23 @@ static double ffdh_results[FFDH_NUM][1]; +From 4a275f852b61238161c053774736dc07b3ade200 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 11:46:40 +0200 +Subject: [PATCH 11/48] 0011-Remove-EC-curves.patch + +Patch-name: 0011-Remove-EC-curves.patch +Patch-id: 11 +Patch-status: | + # remove unsupported EC curves +--- + apps/speed.c | 8 +--- + crypto/evp/ec_support.c | 87 ------------------------------------ + test/acvp_test.inc | 9 ---- + test/ecdsatest.h | 17 ------- + test/recipes/15-test_genec.t | 27 ----------- + 5 files changed, 1 insertion(+), 147 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index cace25eda1..d527f12f18 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ #endif /* OPENSSL_NO_DH */ enum ec_curves_t { - R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, --#ifndef OPENSSL_NO_EC2M -- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, -- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, --#endif -- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, -- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM + R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -+ ECDSA_NUM + #ifndef OPENSSL_NO_EC2M + R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, + R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +@@ -395,8 +395,6 @@ enum ec_curves_t { }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { @@ -22,26 +37,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/sp {"ecdsap224", R_EC_P224}, {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, - {"ecdsap521", R_EC_P521}, --#ifndef OPENSSL_NO_EC2M -- {"ecdsak163", R_EC_K163}, -- {"ecdsak233", R_EC_K233}, -- {"ecdsak283", R_EC_K283}, -- {"ecdsak409", R_EC_K409}, -- {"ecdsak571", R_EC_K571}, -- {"ecdsab163", R_EC_B163}, -- {"ecdsab233", R_EC_B233}, -- {"ecdsab283", R_EC_B283}, -- {"ecdsab409", R_EC_B409}, -- {"ecdsab571", R_EC_B571}, --#endif -- {"ecdsabrp256r1", R_EC_BRP256R1}, -- {"ecdsabrp256t1", R_EC_BRP256T1}, -- {"ecdsabrp384r1", R_EC_BRP384R1}, -- {"ecdsabrp384t1", R_EC_BRP384T1}, -- {"ecdsabrp512r1", R_EC_BRP512R1}, -- {"ecdsabrp512t1", R_EC_BRP512T1} - }; +@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { @@ -50,29 +46,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/sp {"ecdhp224", R_EC_P224}, {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, - {"ecdhp521", R_EC_P521}, --#ifndef OPENSSL_NO_EC2M -- {"ecdhk163", R_EC_K163}, -- {"ecdhk233", R_EC_K233}, -- {"ecdhk283", R_EC_K283}, -- {"ecdhk409", R_EC_K409}, -- {"ecdhk571", R_EC_K571}, -- {"ecdhb163", R_EC_B163}, -- {"ecdhb233", R_EC_B233}, -- {"ecdhb283", R_EC_B283}, -- {"ecdhb409", R_EC_B409}, -- {"ecdhb571", R_EC_B571}, --#endif -- {"ecdhbrp256r1", R_EC_BRP256R1}, -- {"ecdhbrp256t1", R_EC_BRP256T1}, -- {"ecdhbrp384r1", R_EC_BRP384R1}, -- {"ecdhbrp384t1", R_EC_BRP384T1}, -- {"ecdhbrp512r1", R_EC_BRP512R1}, -- {"ecdhbrp512t1", R_EC_BRP512T1}, - {"ecdhx25519", R_EC_X25519}, - {"ecdhx448", R_EC_X448} - }; -@@ -1422,31 +1377,10 @@ int speed_main(int argc, char **argv) +@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ @@ -81,44 +55,11 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/sp {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, - {"nistp521", NID_secp521r1, 521}, --#ifndef OPENSSL_NO_EC2M -- /* Binary Curves */ -- {"nistk163", NID_sect163k1, 163}, -- {"nistk233", NID_sect233k1, 233}, -- {"nistk283", NID_sect283k1, 283}, -- {"nistk409", NID_sect409k1, 409}, -- {"nistk571", NID_sect571k1, 571}, -- {"nistb163", NID_sect163r2, 163}, -- {"nistb233", NID_sect233r1, 233}, -- {"nistb283", NID_sect283r1, 283}, -- {"nistb409", NID_sect409r1, 409}, -- {"nistb571", NID_sect571r1, 571}, --#endif -- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, -- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, -- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, -- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, -- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, -- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, - /* Other and ECDH only ones */ - {"X25519", NID_X25519, 253}, - {"X448", NID_X448, 448} -@@ -1474,8 +1408,8 @@ int speed_main(int argc, char **argv) - OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); - OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); - -- OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); -- OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); -+ OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1); -+ OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0); - - #ifndef OPENSSL_NO_SM2 - OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9-new/crypto/evp/ec_support.c ---- openssl-3.0.9/crypto/evp/ec_support.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/evp/ec_support.c 2023-05-31 16:36:52.317277114 +0200 -@@ -20,99 +20,12 @@ typedef struct ec_name2nid_st { +diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c +index 1ec10143d2..82b95294b4 100644 +--- a/crypto/evp/ec_support.c ++++ b/crypto/evp/ec_support.c +@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ /* secg curves */ @@ -143,8 +84,8 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9- - {"prime239v2", NID_X9_62_prime239v2 }, - {"prime239v3", NID_X9_62_prime239v3 }, {"prime256v1", NID_X9_62_prime256v1 }, -- /* characteristic two field curves */ -- /* NIST/SECG curves */ + /* characteristic two field curves */ + /* NIST/SECG curves */ - {"sect113r1", NID_sect113r1 }, - {"sect113r2", NID_sect113r2 }, - {"sect131r1", NID_sect131r1 }, @@ -198,33 +139,52 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9- - /* IPSec curves */ - {"Oakley-EC2N-3", NID_ipsec3 }, - {"Oakley-EC2N-4", NID_ipsec4 }, -- /* brainpool curves */ + /* brainpool curves */ - {"brainpoolP160r1", NID_brainpoolP160r1 }, - {"brainpoolP160t1", NID_brainpoolP160t1 }, - {"brainpoolP192r1", NID_brainpoolP192r1 }, - {"brainpoolP192t1", NID_brainpoolP192t1 }, - {"brainpoolP224r1", NID_brainpoolP224r1 }, - {"brainpoolP224t1", NID_brainpoolP224t1 }, -- {"brainpoolP256r1", NID_brainpoolP256r1 }, -- {"brainpoolP256t1", NID_brainpoolP256t1 }, -- {"brainpoolP320r1", NID_brainpoolP320r1 }, -- {"brainpoolP320t1", NID_brainpoolP320t1 }, -- {"brainpoolP384r1", NID_brainpoolP384r1 }, -- {"brainpoolP384t1", NID_brainpoolP384t1 }, -- {"brainpoolP512r1", NID_brainpoolP512r1 }, -- {"brainpoolP512t1", NID_brainpoolP512t1 }, + {"brainpoolP256r1", NID_brainpoolP256r1 }, + {"brainpoolP256t1", NID_brainpoolP256t1 }, + {"brainpoolP320r1", NID_brainpoolP320r1 }, +@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = { + {"brainpoolP384t1", NID_brainpoolP384t1 }, + {"brainpoolP512r1", NID_brainpoolP512r1 }, + {"brainpoolP512t1", NID_brainpoolP512t1 }, - /* SM2 curve */ - {"SM2", NID_sm2 }, }; const char *OSSL_EC_curve_nid2name(int nid) -diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/test/acvp_test.inc ---- openssl-3.0.9/test/acvp_test.inc 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/acvp_test.inc 2023-05-31 16:36:52.318277111 +0200 -@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ +@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name) + /* Functions to translate between common NIST curve names and NIDs */ + + static const EC_NAME2NID nist_curves[] = { +- {"B-163", NID_sect163r2}, +- {"B-233", NID_sect233r1}, +- {"B-283", NID_sect283r1}, +- {"B-409", NID_sect409r1}, +- {"B-571", NID_sect571r1}, +- {"K-163", NID_sect163k1}, +- {"K-233", NID_sect233k1}, +- {"K-283", NID_sect283k1}, +- {"K-409", NID_sect409k1}, +- {"K-571", NID_sect571k1}, +- {"P-192", NID_X9_62_prime192v1}, + {"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index ad11d3ae1e..894a0bff9d 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = { + 0xB1, 0xAC, }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { - { +- { - "SHA-1", - "P-192", - ITM(ecdsa_sigver_msg0), @@ -233,13 +193,13 @@ diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/t - ITM(ecdsa_sigver_s0), - PASS, - }, -- { + { "SHA2-512", "P-521", - ITM(ecdsa_sigver_msg1), -diff -rupN --no-dereference openssl-3.0.9/test/ecdsatest.h openssl-3.0.9-new/test/ecdsatest.h ---- openssl-3.0.9/test/ecdsatest.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/ecdsatest.h 2023-05-31 16:36:52.319277108 +0200 +diff --git a/test/ecdsatest.h b/test/ecdsatest.h +index 63fe319025..06b5c0aac5 100644 +--- a/test/ecdsatest.h ++++ b/test/ecdsatest.h @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; @@ -264,40 +224,11 @@ diff -rupN --no-dereference openssl-3.0.9/test/ecdsatest.h openssl-3.0.9-new/tes /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" -diff -rupN --no-dereference openssl-3.0.9/test/evp_extra_test.c openssl-3.0.9-new/test/evp_extra_test.c ---- openssl-3.0.9/test/evp_extra_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/evp_extra_test.c 2023-05-31 16:36:52.320277105 +0200 -@@ -3396,13 +3396,12 @@ err: - - #ifndef OPENSSL_NO_EC - static int ecpub_nids[] = { -- NID_brainpoolP256r1, NID_X9_62_prime256v1, -+ NID_X9_62_prime256v1, - NID_secp384r1, NID_secp521r1, - # ifndef OPENSSL_NO_EC2M - NID_sect233k1, NID_sect233r1, NID_sect283r1, - NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, - # endif -- NID_brainpoolP384r1, NID_brainpoolP512r1 - }; - - static int test_ecpub(int idx) -diff -rupN --no-dereference openssl-3.0.9/test/recipes/06-test_algorithmid.t openssl-3.0.9-new/test/recipes/06-test_algorithmid.t ---- openssl-3.0.9/test/recipes/06-test_algorithmid.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/06-test_algorithmid.t 2023-05-31 16:36:52.321277102 +0200 -@@ -33,7 +33,7 @@ my %certs_info = - 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', - 'ee-cert-ec-named-named' => 'ca-cert-ec-named', - # 'server-ed448-cert' => 'root-ed448-cert' -- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', -+ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', - ) - ) - ); -diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3.0.9-new/test/recipes/15-test_genec.t ---- openssl-3.0.9/test/recipes/15-test_genec.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/15-test_genec.t 2023-05-31 16:36:52.321277102 +0200 -@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport +diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t +index 2dfed387ca..c733b68f83 100644 +--- a/test/recipes/15-test_genec.t ++++ b/test/recipes/15-test_genec.t +@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build" if disabled("ec"); my @prime_curves = qw( @@ -332,18 +263,10 @@ diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3 - brainpoolP192t1 - brainpoolP224r1 - brainpoolP224t1 -- brainpoolP256r1 -- brainpoolP256t1 -- brainpoolP320r1 -- brainpoolP320t1 -- brainpoolP384r1 -- brainpoolP384t1 -- brainpoolP512r1 -- brainpoolP512t1 - ); - - my @binary_curves = qw( -@@ -136,7 +102,6 @@ push(@other_curves, 'SM2') + brainpoolP256r1 + brainpoolP256t1 + brainpoolP320r1 +@@ -136,7 +110,6 @@ push(@other_curves, 'SM2') if !disabled("sm2"); my @curve_aliases = qw( @@ -351,4611 +274,6 @@ diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3 P-224 P-256 P-384 -diff -rupN --no-dereference openssl-3.0.9/test/recipes/20-test_cli_fips.t openssl-3.0.9-new/test/recipes/20-test_cli_fips.t ---- openssl-3.0.9/test/recipes/20-test_cli_fips.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/20-test_cli_fips.t 2023-05-31 16:36:52.321277102 +0200 -@@ -26,7 +26,7 @@ use platform; - my $no_check = disabled("fips") || disabled('fips-securitychecks'); - plan skip_all => "Test only supported in a fips build with security checks" - if $no_check; --plan tests => 11; -+plan tests => 10; - - my $fipsmodule = bldtop_file('providers', platform->dso('fips')); - my $fipsconf = srctop_file("test", "fips-and-base.cnf"); -@@ -170,60 +170,6 @@ sub tsignverify { - $testtext); - } - --SKIP : { -- skip "FIPS EC tests because of no ec in this build", 1 -- if disabled("ec"); -- -- subtest EC => sub { -- my $testtext_prefix = 'EC'; -- my $a_fips_curve = 'prime256v1'; -- my $fips_key = $testtext_prefix.'.fips.priv.pem'; -- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; -- my $a_nonfips_curve = 'brainpoolP256r1'; -- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; -- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; -- my $testtext = ''; -- my $curvename = ''; -- -- plan tests => 5 + $tsignverify_count; -- -- $ENV{OPENSSL_CONF} = $defaultconf; -- $curvename = $a_nonfips_curve; -- $testtext = $testtext_prefix.': '. -- 'Generate a key with a non-FIPS algorithm with the default provider'; -- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', -- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, -- '-out', $nonfips_key])), -- $testtext); -- -- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); -- -- $ENV{OPENSSL_CONF} = $fipsconf; -- -- $curvename = $a_fips_curve; -- $testtext = $testtext_prefix.': '. -- 'Generate a key with a FIPS algorithm'; -- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', -- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, -- '-out', $fips_key])), -- $testtext); -- -- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); -- -- $curvename = $a_nonfips_curve; -- $testtext = $testtext_prefix.': '. -- 'Generate a key with a non-FIPS algorithm'. -- ' (should fail)'; -- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', -- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, -- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), -- $testtext); -- -- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, -- $nonfips_pub_key); -- }; --} -- - SKIP: { - skip "FIPS RSA tests because of no rsa in this build", 1 - if disabled("rsa"); -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecc.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecc.txt 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2023-05-31 16:36:52.322277099 +0200 -@@ -1,3 +1,4 @@ -+ - # - # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - # -@@ -11,1949 +12,6 @@ - # PrivPubKeyPair Sign Verify VerifyRecover - # and continue until a blank line. Lines starting with a pound sign are ignored. - --Title=c2pnb163v1 curve tests -- --PrivateKey=ALICE_cf_c2pnb163v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb163v1_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B --4G8rKQXbrc0mvWsF -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB -- --PrivateKey=BOB_cf_c2pnb163v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb163v1_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ --KuBh8tP8VSTHPCHF -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v1 --PeerKey=BOB_cf_c2pnb163v1_PUB --SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v1 --PeerKey=ALICE_cf_c2pnb163v1_PUB --SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v1 --PeerKey=BOB_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v1 --PeerKey=ALICE_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 -- --PublicKey=MALICE_cf_c2pnb163v1_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN --/piKdhDD3dDKXUih -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb163v1 --PeerKey=MALICE_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb163v1 --PeerKey=MALICE_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb163v2 curve tests -- --PrivateKey=ALICE_cf_c2pnb163v2 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb163v2_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q --4PzawHXQoYm/qgDd -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB -- --PrivateKey=BOB_cf_c2pnb163v2 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb163v2_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy --kBF3juAQuARgxuT6 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v2 --PeerKey=BOB_cf_c2pnb163v2_PUB --SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v2 --PeerKey=ALICE_cf_c2pnb163v2_PUB --SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v2 --PeerKey=BOB_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v2 --PeerKey=ALICE_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 -- --PublicKey=MALICE_cf_c2pnb163v2_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY --n6HANPEoMoK+7Sv0 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb163v2 --PeerKey=MALICE_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb163v2 --PeerKey=MALICE_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb163v3 curve tests -- --PrivateKey=ALICE_cf_c2pnb163v3 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb163v3_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK --YnObLnq34LRuWznb -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB -- --PrivateKey=BOB_cf_c2pnb163v3 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb163v3_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J --DZnBLhxBwtqnfUpA -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v3 --PeerKey=BOB_cf_c2pnb163v3_PUB --SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v3 --PeerKey=ALICE_cf_c2pnb163v3_PUB --SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v3 --PeerKey=BOB_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v3 --PeerKey=ALICE_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 -- --PublicKey=MALICE_cf_c2pnb163v3_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK --LwAuHF8g5Y0JjJnI -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb163v3 --PeerKey=MALICE_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb163v3 --PeerKey=MALICE_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb176v1 curve tests -- --PrivateKey=ALICE_cf_c2pnb176v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb176v1_PUB -------BEGIN PUBLIC KEY----- --MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI --iw3girDLhNzOu3IQ8Ac= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB -- --PrivateKey=BOB_cf_c2pnb176v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb176v1_PUB -------BEGIN PUBLIC KEY----- --MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX --uMtp6pzy63rCEK53bgs= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb176v1 --PeerKey=BOB_cf_c2pnb176v1_PUB --SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb176v1 --PeerKey=ALICE_cf_c2pnb176v1_PUB --SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb176v1 --PeerKey=BOB_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb176v1 --PeerKey=ALICE_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac -- --PublicKey=MALICE_cf_c2pnb176v1_PUB -------BEGIN PUBLIC KEY----- --MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL --zXV3l5j8K3pow+GJBE4= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb176v1 --PeerKey=MALICE_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb176v1 --PeerKey=MALICE_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb208w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb208w1 -------BEGIN PRIVATE KEY----- --MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd --XF2k -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb208w1_PUB -------BEGIN PUBLIC KEY----- --ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y --Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB -- --PrivateKey=BOB_cf_c2pnb208w1 -------BEGIN PRIVATE KEY----- --MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP --cJot -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb208w1_PUB -------BEGIN PUBLIC KEY----- --ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 --cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb208w1 --PeerKey=BOB_cf_c2pnb208w1_PUB --SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb208w1 --PeerKey=ALICE_cf_c2pnb208w1_PUB --SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb208w1 --PeerKey=BOB_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb208w1 --PeerKey=ALICE_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b -- --PublicKey=MALICE_cf_c2pnb208w1_PUB -------BEGIN PUBLIC KEY----- --ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ --oPkHxRWnu5e7qI2idMcqaKDeeniUaA== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb208w1 --PeerKey=MALICE_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb208w1 --PeerKey=MALICE_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb272w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb272w1 -------BEGIN PRIVATE KEY----- --MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f --StHU67fpP7YoF8U= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb272w1_PUB -------BEGIN PUBLIC KEY----- --MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ --DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB -- --PrivateKey=BOB_cf_c2pnb272w1 -------BEGIN PRIVATE KEY----- --MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn --MOsOJ6xObBph3zQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb272w1_PUB -------BEGIN PUBLIC KEY----- --MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 --cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb272w1 --PeerKey=BOB_cf_c2pnb272w1_PUB --SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb272w1 --PeerKey=ALICE_cf_c2pnb272w1_PUB --SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb272w1 --PeerKey=BOB_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb272w1 --PeerKey=ALICE_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 -- --PublicKey=MALICE_cf_c2pnb272w1_PUB -------BEGIN PUBLIC KEY----- --MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN --oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb272w1 --PeerKey=MALICE_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb272w1 --PeerKey=MALICE_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb304w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb304w1 -------BEGIN PRIVATE KEY----- --MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ --8jy/v5cFcO0X6dykHgnZ -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb304w1_PUB -------BEGIN PUBLIC KEY----- --MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q --iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB -- --PrivateKey=BOB_cf_c2pnb304w1 -------BEGIN PRIVATE KEY----- --MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt --X9BbqYM9GQfVNSLHntTg -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb304w1_PUB -------BEGIN PUBLIC KEY----- --MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb --kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb304w1 --PeerKey=BOB_cf_c2pnb304w1_PUB --SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb304w1 --PeerKey=ALICE_cf_c2pnb304w1_PUB --SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb304w1 --PeerKey=BOB_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb304w1 --PeerKey=ALICE_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 -- --PublicKey=MALICE_cf_c2pnb304w1_PUB -------BEGIN PUBLIC KEY----- --MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP --fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb304w1 --PeerKey=MALICE_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb304w1 --PeerKey=MALICE_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb368w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb368w1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi --KfLLIa1c29BTmM//oWdKpqeuvwMIBto= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb368w1_PUB -------BEGIN PUBLIC KEY----- --MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI --euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd --3makbwQ= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB -- --PrivateKey=BOB_cf_c2pnb368w1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz --Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb368w1_PUB -------BEGIN PUBLIC KEY----- --MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v --At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra --gqfRaOs= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb368w1 --PeerKey=BOB_cf_c2pnb368w1_PUB --SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb368w1 --PeerKey=ALICE_cf_c2pnb368w1_PUB --SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb368w1 --PeerKey=BOB_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb368w1 --PeerKey=ALICE_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 -- --PublicKey=MALICE_cf_c2pnb368w1_PUB -------BEGIN PUBLIC KEY----- --MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd --ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj --726e1BE= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb368w1 --PeerKey=MALICE_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb368w1 --PeerKey=MALICE_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb191v1 curve tests -- --PrivateKey=ALICE_cf_c2tnb191v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x --Jk4= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb191v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 --7lRimqLWHPyvKgcP+PRCIUom -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB -- --PrivateKey=BOB_cf_c2tnb191v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0 --MTU= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb191v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ --adqalcB6SIWOfoJReDLcpxAD -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v1 --PeerKey=BOB_cf_c2tnb191v1_PUB --SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v1 --PeerKey=ALICE_cf_c2tnb191v1_PUB --SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v1 --PeerKey=BOB_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v1 --PeerKey=ALICE_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 -- --PublicKey=MALICE_cf_c2tnb191v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj --iNoFyzyANZl8IDB0fF1RmZD6 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb191v1 --PeerKey=MALICE_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb191v1 --PeerKey=MALICE_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb191v2 curve tests -- --PrivateKey=ALICE_cf_c2tnb191v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP --jbo= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb191v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI --UVvJT/Jv9m462J6Iz1XOohhP -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB -- --PrivateKey=BOB_cf_c2tnb191v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7 --wcs= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb191v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY --JBIoz1RNNXTcgdpguLcrvcPJ -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v2 --PeerKey=BOB_cf_c2tnb191v2_PUB --SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v2 --PeerKey=ALICE_cf_c2tnb191v2_PUB --SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v2 --PeerKey=BOB_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v2 --PeerKey=ALICE_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce -- --PublicKey=MALICE_cf_c2tnb191v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U --2vqunpWef+/CaO2pFBcwwW+x -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb191v2 --PeerKey=MALICE_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb191v2 --PeerKey=MALICE_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb191v3 curve tests -- --PrivateKey=ALICE_cf_c2tnb191v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b --erU= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb191v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX --HWsGvDE2HC+6pL2BMl3MRCty -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB -- --PrivateKey=BOB_cf_c2tnb191v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH --iSQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb191v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe --QFIb5QwXAdbg2tEOl7yj9qkk -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v3 --PeerKey=BOB_cf_c2tnb191v3_PUB --SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v3 --PeerKey=ALICE_cf_c2tnb191v3_PUB --SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v3 --PeerKey=BOB_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v3 --PeerKey=ALICE_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 -- --PublicKey=MALICE_cf_c2tnb191v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk --n5vQBTxUzkIkMjL33v6Lr3z7 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb191v3 --PeerKey=MALICE_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb191v3 --PeerKey=MALICE_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb239v1 curve tests -- --PrivateKey=ALICE_cf_c2tnb239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG --rJMnJLIXiCI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 --dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB -- --PrivateKey=BOB_cf_c2tnb239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH --sfpZeV3i5FM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc --G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v1 --PeerKey=BOB_cf_c2tnb239v1_PUB --SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v1 --PeerKey=ALICE_cf_c2tnb239v1_PUB --SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v1 --PeerKey=BOB_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v1 --PeerKey=ALICE_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 -- --PublicKey=MALICE_cf_c2tnb239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT --Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb239v1 --PeerKey=MALICE_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb239v1 --PeerKey=MALICE_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb239v2 curve tests -- --PrivateKey=ALICE_cf_c2tnb239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6 --GbEcp4PbJKU= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 --VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB -- --PrivateKey=BOB_cf_c2tnb239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+ --JLwCwn7lYx0= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku --N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v2 --PeerKey=BOB_cf_c2tnb239v2_PUB --SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v2 --PeerKey=ALICE_cf_c2tnb239v2_PUB --SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v2 --PeerKey=BOB_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v2 --PeerKey=ALICE_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 -- --PublicKey=MALICE_cf_c2tnb239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3 --JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb239v2 --PeerKey=MALICE_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb239v2 --PeerKey=MALICE_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb239v3 curve tests -- --PrivateKey=ALICE_cf_c2tnb239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv --rDl2fV9ObC8= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD --H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB -- --PrivateKey=BOB_cf_c2tnb239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef --XG3HcQX+4i0= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K --BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v3 --PeerKey=BOB_cf_c2tnb239v3_PUB --SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v3 --PeerKey=ALICE_cf_c2tnb239v3_PUB --SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v3 --PeerKey=BOB_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v3 --PeerKey=ALICE_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce -- --PublicKey=MALICE_cf_c2tnb239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d --LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb239v3 --PeerKey=MALICE_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb239v3 --PeerKey=MALICE_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb359v1 curve tests -- --PrivateKey=ALICE_cf_c2tnb359v1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP --Bd5HaS33laTZkCdNLITw1UUrESUIOiU= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb359v1_PUB -------BEGIN PUBLIC KEY----- --MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY --RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x --fN3Y -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB -- --PrivateKey=BOB_cf_c2tnb359v1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr --esHVfU53i6ucCsnPTWSDWSb5CePtI9g= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb359v1_PUB -------BEGIN PUBLIC KEY----- --MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5 --ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b --R8fe -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb359v1 --PeerKey=BOB_cf_c2tnb359v1_PUB --SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb359v1 --PeerKey=ALICE_cf_c2tnb359v1_PUB --SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb359v1 --PeerKey=BOB_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb359v1 --PeerKey=ALICE_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 -- --PublicKey=MALICE_cf_c2tnb359v1_PUB -------BEGIN PUBLIC KEY----- --MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl --++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53 --OEQw -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb359v1 --PeerKey=MALICE_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb359v1 --PeerKey=MALICE_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb431r1 curve tests -- --PrivateKey=ALICE_cf_c2tnb431r1 -------BEGIN PRIVATE KEY----- --MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz --Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb431r1_PUB -------BEGIN PUBLIC KEY----- --MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ --pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM --7VQJLEsBpJ/WUonwMJXknjgfONP7GA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB -- --PrivateKey=BOB_cf_c2tnb431r1 -------BEGIN PRIVATE KEY----- --MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/ --VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb431r1_PUB -------BEGIN PUBLIC KEY----- --MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc --fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ --8Cg6YpgbK314SK5STziqoZwzEISJ9w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb431r1 --PeerKey=BOB_cf_c2tnb431r1_PUB --SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb431r1 --PeerKey=ALICE_cf_c2tnb431r1_PUB --SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb431r1 --PeerKey=BOB_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb431r1 --PeerKey=ALICE_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 -- --PublicKey=MALICE_cf_c2tnb431r1_PUB -------BEGIN PUBLIC KEY----- --MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a --5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr --F3Cls9x60wuFYNc9d6eIe4B+puz9IQ== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb431r1 --PeerKey=MALICE_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb431r1 --PeerKey=MALICE_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=prime192v2 curve tests -- --PrivateKey=ALICE_cf_prime192v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX --sMM= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime192v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d --g5IzsS/XMJzifjCJZgNsb7mi -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB -- --PrivateKey=BOB_cf_prime192v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M --xqI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime192v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u --Y6OU1aHkkspZTC1uUVWjchy5 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime192v2 --PeerKey=BOB_cf_prime192v2_PUB --SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime192v2 --PeerKey=ALICE_cf_prime192v2_PUB --SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 -- --Title=prime192v3 curve tests -- --PrivateKey=ALICE_cf_prime192v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx --Igw= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime192v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi --MsDRFCB6/h8TcCUFuospu5l0 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB -- --PrivateKey=BOB_cf_prime192v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu --92g= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime192v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 --vMWAgEeLhzar86BUlS7dZwS7 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime192v3 --PeerKey=BOB_cf_prime192v3_PUB --SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime192v3 --PeerKey=ALICE_cf_prime192v3_PUB --SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 -- --Title=prime239v1 curve tests -- --PrivateKey=ALICE_cf_prime239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY --SF/w+SUTNqY= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW --RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB -- --PrivateKey=BOB_cf_prime239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB --jZ9gplgXxzk= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT --L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime239v1 --PeerKey=BOB_cf_prime239v1_PUB --SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime239v1 --PeerKey=ALICE_cf_prime239v1_PUB --SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 -- --Title=prime239v2 curve tests -- --PrivateKey=ALICE_cf_prime239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h --+tFevsg1pPE= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd --CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB -- --PrivateKey=BOB_cf_prime239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT --KY0wlvJdo/w= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 --dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime239v2 --PeerKey=BOB_cf_prime239v2_PUB --SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime239v2 --PeerKey=ALICE_cf_prime239v2_PUB --SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf -- --Title=prime239v3 curve tests -- --PrivateKey=ALICE_cf_prime239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu --Y9AfhA2G+mI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb --GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB -- --PrivateKey=BOB_cf_prime239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I --d9bmIVvG3dM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 --LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime239v3 --PeerKey=BOB_cf_prime239v3_PUB --SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime239v3 --PeerKey=ALICE_cf_prime239v3_PUB --SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 -- --Title=secp112r1 curve tests -- --PrivateKey=ALICE_cf_secp112r1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp112r1_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB -- --PrivateKey=BOB_cf_secp112r1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp112r1_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp112r1 --PeerKey=BOB_cf_secp112r1_PUB --SharedSecret=4ddd1d504b444d4be67ba2e4610a -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp112r1 --PeerKey=ALICE_cf_secp112r1_PUB --SharedSecret=4ddd1d504b444d4be67ba2e4610a -- --Title=secp112r2 curve tests -- --PrivateKey=ALICE_cf_secp112r2 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB -- --PrivateKey=BOB_cf_secp112r2 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp112r2 --PeerKey=BOB_cf_secp112r2_PUB --SharedSecret=a6d05c7ba5128a9685c705b5030b -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp112r2 --PeerKey=ALICE_cf_secp112r2_PUB --SharedSecret=a6d05c7ba5128a9685c705b5030b -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp112r2 --PeerKey=BOB_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04f3280e92c269d794aa779efcef -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp112r2 --PeerKey=ALICE_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04f3280e92c269d794aa779efcef -- --PublicKey=MALICE_cf_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_secp112r2 --PeerKey=MALICE_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_secp112r2 --PeerKey=MALICE_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=secp128r1 curve tests -- --PrivateKey=ALICE_cf_secp128r1 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp128r1_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB -- --PrivateKey=BOB_cf_secp128r1 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp128r1_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp128r1 --PeerKey=BOB_cf_secp128r1_PUB --SharedSecret=5020f1b759da1f737a61a29a268d7669 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp128r1 --PeerKey=ALICE_cf_secp128r1_PUB --SharedSecret=5020f1b759da1f737a61a29a268d7669 -- --Title=secp128r2 curve tests -- --PrivateKey=ALICE_cf_secp128r2 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp128r2_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB -- --PrivateKey=BOB_cf_secp128r2 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp128r2_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp128r2 --PeerKey=BOB_cf_secp128r2_PUB --SharedSecret=8f4d8c75141e9b084328222440eb5dfa -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp128r2 --PeerKey=ALICE_cf_secp128r2_PUB --SharedSecret=8f4d8c75141e9b084328222440eb5dfa -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp128r2 --PeerKey=BOB_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=baaa0c16e16eef291001475d638e4830 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp128r2 --PeerKey=ALICE_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=baaa0c16e16eef291001475d638e4830 -- --PublicKey=MALICE_cf_secp128r2_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_secp128r2 --PeerKey=MALICE_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_secp128r2 --PeerKey=MALICE_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=secp160k1 curve tests -- --PrivateKey=ALICE_cf_secp160k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp160k1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT --EvqPyLS64w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB -- --PrivateKey=BOB_cf_secp160k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp160k1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ --bxT/CqEkyw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp160k1 --PeerKey=BOB_cf_secp160k1_PUB --SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp160k1 --PeerKey=ALICE_cf_secp160k1_PUB --SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 -- --Title=secp160r1 curve tests -- --PrivateKey=ALICE_cf_secp160r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp160r1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb --OoNj/A+W9w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB -- --PrivateKey=BOB_cf_secp160r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp160r1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J --Jwy17FaNNg== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp160r1 --PeerKey=BOB_cf_secp160r1_PUB --SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp160r1 --PeerKey=ALICE_cf_secp160r1_PUB --SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 -- --Title=secp160r2 curve tests -- --PrivateKey=ALICE_cf_secp160r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp160r2_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj --mSqCCA6gUw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB -- --PrivateKey=BOB_cf_secp160r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp160r2_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH --nN+SfWr6aQ== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp160r2 --PeerKey=BOB_cf_secp160r2_PUB --SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp160r2 --PeerKey=ALICE_cf_secp160r2_PUB --SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 -- --Title=secp192k1 curve tests -- --PrivateKey=ALICE_cf_secp192k1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp192k1_PUB -------BEGIN PUBLIC KEY----- --MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 --6EAu7gVvYDTpnRkymKyH -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB -- --PrivateKey=BOB_cf_secp192k1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp192k1_PUB -------BEGIN PUBLIC KEY----- --MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF --OZ2oFMP0Kfcr7HbI7a5j -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp192k1 --PeerKey=BOB_cf_secp192k1_PUB --SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp192k1 --PeerKey=ALICE_cf_secp192k1_PUB --SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d -- --Title=secp224k1 curve tests -- --PrivateKey=ALICE_cf_secp224k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W --w40Qyg== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp224k1_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 --e3m7uC92ZQhduF9lJli4dXD5en/1wkE= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB -- --PrivateKey=BOB_cf_secp224k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe --q2xUfA== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp224k1_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K --KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp224k1 --PeerKey=BOB_cf_secp224k1_PUB --SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp224k1 --PeerKey=ALICE_cf_secp224k1_PUB --SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 -- - Title=secp256k1 curve tests - - PrivateKey=ALICE_cf_secp256k1 -@@ -1998,1604 +56,6 @@ Derive=BOB_cf_secp256k1 - PeerKey=ALICE_cf_secp256k1_PUB - SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 - --Title=sect113r1 curve tests -- --PrivateKey=ALICE_cf_sect113r1 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect113r1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB -- --PrivateKey=BOB_cf_sect113r1 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect113r1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r1 --PeerKey=BOB_cf_sect113r1_PUB --SharedSecret=01ed16f1948dcb368a54004237842d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r1 --PeerKey=ALICE_cf_sect113r1_PUB --SharedSecret=01ed16f1948dcb368a54004237842d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r1 --PeerKey=BOB_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e5f3e348c2a8a88d9590a639219 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r1 --PeerKey=ALICE_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e5f3e348c2a8a88d9590a639219 -- --PublicKey=MALICE_cf_sect113r1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect113r1 --PeerKey=MALICE_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect113r1 --PeerKey=MALICE_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect113r2 curve tests -- --PrivateKey=ALICE_cf_sect113r2 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect113r2_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB -- --PrivateKey=BOB_cf_sect113r2 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect113r2_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r2 --PeerKey=BOB_cf_sect113r2_PUB --SharedSecret=0057a287ba1ea05cb4735e673647e1 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r2 --PeerKey=ALICE_cf_sect113r2_PUB --SharedSecret=0057a287ba1ea05cb4735e673647e1 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r2 --PeerKey=BOB_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00fec2454e46732aca42b22b6d4f13 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r2 --PeerKey=ALICE_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00fec2454e46732aca42b22b6d4f13 -- --PublicKey=MALICE_cf_sect113r2_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect113r2 --PeerKey=MALICE_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect113r2 --PeerKey=MALICE_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect131r1 curve tests -- --PrivateKey=ALICE_cf_sect131r1 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect131r1_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ --Ag== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB -- --PrivateKey=BOB_cf_sect131r1 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect131r1_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 --5A== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r1 --PeerKey=BOB_cf_sect131r1_PUB --SharedSecret=05346248f77f81fff50cc656e119976871 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r1 --PeerKey=ALICE_cf_sect131r1_PUB --SharedSecret=05346248f77f81fff50cc656e119976871 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r1 --PeerKey=BOB_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01f151ae26efa507acc2597356baf7e8ab -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r1 --PeerKey=ALICE_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01f151ae26efa507acc2597356baf7e8ab -- --PublicKey=MALICE_cf_sect131r1_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK --zw== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect131r1 --PeerKey=MALICE_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect131r1 --PeerKey=MALICE_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect131r2 curve tests -- --PrivateKey=ALICE_cf_sect131r2 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect131r2_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d --dw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB -- --PrivateKey=BOB_cf_sect131r2 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect131r2_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z --pA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r2 --PeerKey=BOB_cf_sect131r2_PUB --SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r2 --PeerKey=ALICE_cf_sect131r2_PUB --SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r2 --PeerKey=BOB_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r2 --PeerKey=ALICE_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 -- --PublicKey=MALICE_cf_sect131r2_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY --1w== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect131r2 --PeerKey=MALICE_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect131r2 --PeerKey=MALICE_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect163r1 curve tests -- --PrivateKey=ALICE_cf_sect163r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect163r1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ --sbtEXluCzANF -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB -- --PrivateKey=BOB_cf_sect163r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect163r1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r --9FHWU5LC5pDM -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r1 --PeerKey=BOB_cf_sect163r1_PUB --SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r1 --PeerKey=ALICE_cf_sect163r1_PUB --SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r1 --PeerKey=BOB_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r1 --PeerKey=ALICE_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 -- --PublicKey=MALICE_cf_sect163r1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk --cs0Bv7iJuVg1 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect163r1 --PeerKey=MALICE_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect163r1 --PeerKey=MALICE_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect193r1 curve tests -- --PrivateKey=ALICE_cf_sect193r1 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect193r1_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY --1TYShZZgBr0R6a5dUGCbiF0= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB -- --PrivateKey=BOB_cf_sect193r1 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect193r1_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK --f40zok8PJS6ratIcZwk/n20= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r1 --PeerKey=BOB_cf_sect193r1_PUB --SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r1 --PeerKey=ALICE_cf_sect193r1_PUB --SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r1 --PeerKey=BOB_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r1 --PeerKey=ALICE_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 -- --PublicKey=MALICE_cf_sect193r1_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n --zROUg6/STkLp1D+L51L9+wY= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect193r1 --PeerKey=MALICE_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect193r1 --PeerKey=MALICE_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect193r2 curve tests -- --PrivateKey=ALICE_cf_sect193r2 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect193r2_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT --kJ+Tit6e4RpgkB/dph4V+uI= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB -- --PrivateKey=BOB_cf_sect193r2 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect193r2_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp --xiDevOQ/xE9SpMX25W7YqkU= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r2 --PeerKey=BOB_cf_sect193r2_PUB --SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r2 --PeerKey=ALICE_cf_sect193r2_PUB --SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r2 --PeerKey=BOB_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r2 --PeerKey=ALICE_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 -- --PublicKey=MALICE_cf_sect193r2_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO --Y7+6QpEvOay9A4MJCUZfZmI= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect193r2 --PeerKey=MALICE_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect193r2 --PeerKey=MALICE_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect239k1 curve tests -- --PrivateKey=ALICE_cf_sect239k1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5 --5z6lf7o= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect239k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF --lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB -- --PrivateKey=BOB_cf_sect239k1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx --Ly4Klfg= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect239k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc --TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect239k1 --PeerKey=BOB_cf_sect239k1_PUB --SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect239k1 --PeerKey=ALICE_cf_sect239k1_PUB --SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect239k1 --PeerKey=BOB_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect239k1 --PeerKey=ALICE_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 -- --PublicKey=MALICE_cf_sect239k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect239k1 --PeerKey=MALICE_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect239k1 --PeerKey=MALICE_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls10 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp --SJiGyw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 --/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0 --dKPkQg== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT --IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB --SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls11 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k --5jp+FiY= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H --zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5 --h/kzfNM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE --ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB --SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 --Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls12 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12 -------BEGIN PRIVATE KEY----- --MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP --LI9a -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li --bqn5udrckL6s3stwCTVFaZUfY2qS9QE= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 -------BEGIN PRIVATE KEY----- --MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q --K3Ax -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx --+xsOK9/QB7hzipq9cXx1K/dXu58EoSY= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB --SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls12 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB --SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b -- --Title=wap-wsg-idm-ecid-wtls1 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB --SharedSecret=0040ba2fadc1da97c973e5e59ade31 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --SharedSecret=0040ba2fadc1da97c973e5e59ade31 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008919696215a89e03d6c4c9265d6b -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008919696215a89e03d6c4c9265d6b -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls3 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI --01f8oGBuXMQH -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 --hlBUf5kmG4Yn -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB --SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls4 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB --SharedSecret=0077378ddfdadff704a0b6646949e7 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --SharedSecret=0077378ddfdadff704a0b6646949e7 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008f3713fe1ff1fa5d5041899817d1 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008f3713fe1ff1fa5d5041899817d1 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls5 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk --uFzn9fPvIDe6 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR --jdoMGRgUuJmO -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB --SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK --dhDD3dDKXUih -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls6 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB --SharedSecret=b4cae255268f11a1e46fecad04c2 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls6 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB --SharedSecret=b4cae255268f11a1e46fecad04c2 -- --Title=wap-wsg-idm-ecid-wtls7 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT --feGY4CNH0w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 --QneRu3xwPA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB --SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls7 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB --SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a -- --Title=wap-wsg-idm-ecid-wtls8 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB --SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls8 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB --SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 -- --Title=wap-wsg-idm-ecid-wtls9 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw --DB/RYdZuUg== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov --a3EVJ9yK1A== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB --SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls9 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB --SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 -- --# tests: 484 -- --Title=zero x-coord regression tests -- --PrivateKey=ALICE_zero_prime192v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhaPNk8jG5hSG6y8tUqUoOaNNsZ3APU --pps= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime192v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2hWBe5g --DLNj216pEvK7XjoKLg5gNg8S -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime192v1 --PeerKey=BOB_zero_prime192v1_PUB --SharedSecret=baaffd49a8399d2ad52cbbe24d47b67afb4b3cf436f1cd65 -- --PrivateKey=ALICE_zero_prime192v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to --41k= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime192v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Gj7Qqt --2wx/jwFlKgvE4rnd50LspdMk -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime192v2 --PeerKey=BOB_zero_prime192v2_PUB --SharedSecret=b8f200a4b87064f2e8600685ca3e69b8e661a117aabc770b -- --PrivateKey=ALICE_zero_prime192v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBh/maLQMSlea9BfLqGy5NPuK0YAH/cz --GqI= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime192v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZEzb63e2 --3MKatRLR9Y1M5JEdI9jwMocI -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime192v3 --PeerKey=BOB_zero_prime192v3_PUB --SharedSecret=b5de857d355bc5b9e270a4c290ea9728d764d8b243ff5d8d -- --PrivateKey=ALICE_zero_prime239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5pYWzRYI+c6O7NXCt0H2kw8XRL3rhe --4MrJT8j++CI= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --Ox02uwNNLFuvDRn5ip8TxvW0W22R7UzJa9Av6/nh -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime239v1 --PeerKey=BOB_zero_prime239v1_PUB --SharedSecret=6b6206408bd05d42daa2cd224c401a1230b44e184f17b82f385f22dac215 -- --PrivateKey=ALICE_zero_prime239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5l8bB7Cpmr7vyx9FiOT2wEF3YOFbDG --bmRr3Vi/xr4= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --IOg3VJGQ89d1GWg4Igxcj5xpDmJiP8tv+e4mxt5U -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime239v2 --PeerKey=BOB_zero_prime239v2_PUB --SharedSecret=772c2819c960c78f28f21f6542b7409294fad1f84567c44c4b7678dc0e42 -- --PrivateKey=ALICE_zero_prime239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5HF5FABzUOTYMZg9UdZTx/oRERm/fU --M/+otKzpLjA= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AsZ4u6r3qQI78EYBpiSgWjqNpoeShjr5piecMBWj -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime239v3 --PeerKey=BOB_zero_prime239v3_PUB --SharedSecret=56a71f5dd1611e8032c3e2d8224d86e5e8c2fc6480d74c0e282282decd43 -- --PrivateKey=ALICE_zero_prime256v1 -------BEGIN PRIVATE KEY----- --MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDXhMb6aR4JR2+l2tmgYqP0r8S4jtym --yH++awvF2nGhhg== -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime256v1_PUB -------BEGIN PUBLIC KEY----- --MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AABmSFx4Di+D1yQzvV2EoGu2VBwq8x2uhxcov4VqF0+T9A== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime256v1 --PeerKey=BOB_zero_prime256v1_PUB --SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c -- --PrivateKey=ALICE_zero_secp112r2 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4hh3tRkG3tnA0496ffMw== -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEAAAAAAAAAAAAAAAAAAAS5eEOWDV/Wk7w4djyDQ== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp112r2 --PeerKey=BOB_zero_secp112r2_PUB --SharedSecret=958cc1cb425713678830a4d7d95e -- --PrivateKey=ALICE_zero_secp128r1 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBCykSzic/h3T2K6SkSP1SGt -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp128r1_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEAAAAAAAAAAAAAAAAAAAAAABya8M5aeOpNG3z799IdHc= -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp128r1 --PeerKey=BOB_zero_secp128r1_PUB --SharedSecret=5235d452066f126cd7e99eea00fd3068 -- --PrivateKey=ALICE_zero_secp160r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUACoRnbig69XLlh5VcRexpbbn5zwA= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp160r1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAG/w1po29wYlxlygXs --MGfbiGg5ng== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp160r1 --PeerKey=BOB_zero_secp160r1_PUB --SharedSecret=9ccd0ab8d093b6acdb3fe14c3736a0dfe61a4666 -- --PrivateKey=ALICE_zero_secp160r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAQFGxInSw1eAvd45E9TUdbXtJGnA= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp160r2_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 --ZZZl2JFxDg== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp160r2 --PeerKey=BOB_zero_secp160r2_PUB --SharedSecret=303e0a282ac86f463fe834cb51b0057be42ed5ab -- --PrivateKey=ALICE_zero_secp384r1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi --VVHJeYRSnNpFOiFLaOsGOmwoeZzj6jc= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp384r1_PUB -------BEGIN PUBLIC KEY----- --MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAPPme8E9RpepjC6P5+WDdWToUyb45/SvSFdO0sIqq+Gu/kn8sRuUqsG+3 --QriFDlIe -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp384r1 --PeerKey=BOB_zero_secp384r1_PUB --SharedSecret=b1cfeaeef51dfd487d3a8b2849f1592e04d63f2d2c88b310a6290ebfe5399f5ffe954eabd0619231393e56c35b242986 -- --PrivateKey=ALICE_zero_secp521r1 -------BEGIN PRIVATE KEY----- --MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAbddDLMUWbAsY7l3vbNDmntXuAUcDYPg5 --w/cgUwSCIvrV9MBeSG8AWqT16riHmHlsn+XI5PAJM6eij3JDahnu9Mo= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp521r1_PUB -------BEGIN PUBLIC KEY----- --MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0g7J/qa1d8ENJsobtEb0CymeZIsa --1Qiq0GiJb+4/jmFLxjBU1Xcr8Bpl1BLgvKqOll0vXTMtfzn4RtRArgAfT4c= -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp521r1 --PeerKey=BOB_zero_secp521r1_PUB --SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 -- --PrivateKey=ALICE_zero_wap-wsg-idm-ecid-wtls7 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAoGng7WzYr4P9vtdc3BS/UiNWmc0= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 --ZZZl2JFxDg== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_wap-wsg-idm-ecid-wtls7 --PeerKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB --SharedSecret=6582fc03bbb340fcf24a5fe8fcdf722655efa8b9 -- --# tests: 14 -- --Title=prime192v1 curve tests -- --PrivateKey=ALICE_cf_prime192v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 --TeI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime192v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK --PZ78UrllIr69kgrYUKsRg4sd -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB -- --PrivateKey=BOB_cf_prime192v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI --CWM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime192v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp --bAekMot69VorE8ibSzgJixXJ -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime192v1 --PeerKey=BOB_cf_prime192v1_PUB --SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime192v1 --PeerKey=ALICE_cf_prime192v1_PUB --SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 -- --# ECDH Bob with Alice peer : curves with less than 112 bits of strength cannot --# be used for Key agreement in fips mode --Availablein = fips --Derive=BOB_cf_prime192v1 --Securitycheck = 1 --PeerKey=ALICE_cf_prime192v1_PUB --SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 --Result = DERIVE_SET_PEER_ERROR -- - Title=prime256v1 curve tests - - PrivateKey=ALICE_cf_prime256v1 -@@ -3759,743 +219,3 @@ SharedSecret=01dd4aa9037bb4ad298b420998d - Derive=BOB_cf_secp521r1 - PeerKey=ALICE_cf_secp521r1_PUB - SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 -- --Title=sect163k1 curve tests -- --PrivateKey=ALICE_cf_sect163k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect163k1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV --1UVeTRnyAlWU -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB -- --PrivateKey=BOB_cf_sect163k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect163k1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk --nsdg7isQ8XBD -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163k1 --PeerKey=BOB_cf_sect163k1_PUB --SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163k1 --PeerKey=ALICE_cf_sect163k1_PUB --SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163k1 --PeerKey=BOB_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163k1 --PeerKey=ALICE_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 -- --PublicKey=MALICE_cf_sect163k1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect163k1 --PeerKey=MALICE_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect163k1 --PeerKey=MALICE_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect163r2 curve tests -- --PrivateKey=ALICE_cf_sect163r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect163r2_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu --YwVrmqhgqH/C -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB -- --PrivateKey=BOB_cf_sect163r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect163r2_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 --8vT5zU3aq6HV -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r2 --PeerKey=BOB_cf_sect163r2_PUB --SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r2 --PeerKey=ALICE_cf_sect163r2_PUB --SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r2 --PeerKey=BOB_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r2 --PeerKey=ALICE_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f -- --PublicKey=MALICE_cf_sect163r2_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD --ZtqJwDlp802l -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect163r2 --PeerKey=MALICE_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect163r2 --PeerKey=MALICE_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect233k1 curve tests -- --PrivateKey=ALICE_cf_sect233k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y --Gua8Kw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect233k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf --MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB -- --PrivateKey=BOB_cf_sect233k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA --DFMTUA== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect233k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 --ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect233k1 --PeerKey=BOB_cf_sect233k1_PUB --SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect233k1 --PeerKey=ALICE_cf_sect233k1_PUB --SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect233k1 --PeerKey=BOB_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect233k1 --PeerKey=ALICE_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d -- --PublicKey=MALICE_cf_sect233k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect233k1 --PeerKey=MALICE_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect233k1 --PeerKey=MALICE_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect233r1 curve tests -- --PrivateKey=ALICE_cf_sect233r1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm --HP3Pt8Y= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect233r1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD --NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB -- --PrivateKey=BOB_cf_sect233r1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 --mQVC2pw= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect233r1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl --TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect233r1 --PeerKey=BOB_cf_sect233r1_PUB --SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect233r1 --PeerKey=ALICE_cf_sect233r1_PUB --SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect233r1 --PeerKey=BOB_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect233r1 --PeerKey=ALICE_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 -- --PublicKey=MALICE_cf_sect233r1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 --Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect233r1 --PeerKey=MALICE_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect233r1 --PeerKey=MALICE_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect283k1 curve tests -- --PrivateKey=ALICE_cf_sect283k1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 --5EFCgxyvkaLManw= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect283k1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd --5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB -- --PrivateKey=BOB_cf_sect283k1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD --1J6957vBTPSQdH0= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect283k1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM --QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect283k1 --PeerKey=BOB_cf_sect283k1_PUB --SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect283k1 --PeerKey=ALICE_cf_sect283k1_PUB --SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect283k1 --PeerKey=BOB_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect283k1 --PeerKey=ALICE_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 -- --PublicKey=MALICE_cf_sect283k1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect283k1 --PeerKey=MALICE_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect283k1 --PeerKey=MALICE_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect283r1 curve tests -- --PrivateKey=ALICE_cf_sect283r1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf --4Pi0hpGr4ubZcHE= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect283r1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ --kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB -- --PrivateKey=BOB_cf_sect283r1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q --UdFnP6YIykt7+Pg= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect283r1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO --PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect283r1 --PeerKey=BOB_cf_sect283r1_PUB --SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect283r1 --PeerKey=ALICE_cf_sect283r1_PUB --SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect283r1 --PeerKey=BOB_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect283r1 --PeerKey=ALICE_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 -- --PublicKey=MALICE_cf_sect283r1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect283r1 --PeerKey=MALICE_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect283r1 --PeerKey=MALICE_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect409k1 curve tests -- --PrivateKey=ALICE_cf_sect409k1 -------BEGIN PRIVATE KEY----- --MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb --bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect409k1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW --5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e --aAzayZ1+UCEj8skbC9U= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB -- --PrivateKey=BOB_cf_sect409k1 -------BEGIN PRIVATE KEY----- --MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 --6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect409k1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY --Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 --vuu4aApQiWE3yQd9v/I= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect409k1 --PeerKey=BOB_cf_sect409k1_PUB --SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect409k1 --PeerKey=ALICE_cf_sect409k1_PUB --SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect409k1 --PeerKey=BOB_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect409k1 --PeerKey=ALICE_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee -- --PublicKey=MALICE_cf_sect409k1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAA= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect409k1 --PeerKey=MALICE_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect409k1 --PeerKey=MALICE_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect409r1 curve tests -- --PrivateKey=ALICE_cf_sect409r1 -------BEGIN PRIVATE KEY----- --MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON --+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect409r1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui --iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q --fGZqa3D+bDVMwrhmZto= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB -- --PrivateKey=BOB_cf_sect409r1 -------BEGIN PRIVATE KEY----- --MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU --7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect409r1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf --sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ --+sUmumbIuGzbrjtMRmw= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect409r1 --PeerKey=BOB_cf_sect409r1_PUB --SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect409r1 --PeerKey=ALICE_cf_sect409r1_PUB --SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect409r1 --PeerKey=BOB_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect409r1 --PeerKey=ALICE_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad -- --PublicKey=MALICE_cf_sect409r1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My --bFKKSOJ7hyrM8Lwl1e8= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect409r1 --PeerKey=MALICE_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect409r1 --PeerKey=MALICE_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect571k1 curve tests -- --PrivateKey=ALICE_cf_sect571k1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB --zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect571k1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX --dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa --sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB -- --PrivateKey=BOB_cf_sect571k1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ --p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect571k1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r --rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 --3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect571k1 --PeerKey=BOB_cf_sect571k1_PUB --SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect571k1 --PeerKey=ALICE_cf_sect571k1_PUB --SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect571k1 --PeerKey=BOB_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect571k1 --PeerKey=ALICE_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 -- --PublicKey=MALICE_cf_sect571k1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect571k1 --PeerKey=MALICE_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect571k1 --PeerKey=MALICE_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect571r1 curve tests -- --PrivateKey=ALICE_cf_sect571r1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk --+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect571r1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS --fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R --Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB -- --PrivateKey=BOB_cf_sect571r1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA --G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect571r1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh --kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT --c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect571r1 --PeerKey=BOB_cf_sect571r1_PUB --SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect571r1 --PeerKey=ALICE_cf_sect571r1_PUB --SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect571r1 --PeerKey=BOB_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect571r1 --PeerKey=ALICE_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 -- --PublicKey=MALICE_cf_sect571r1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC --aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect571r1 --PeerKey=MALICE_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect571r1 --PeerKey=MALICE_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2023-05-31 16:36:52.323277096 +0200 -@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP - x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== - -----END PUBLIC KEY----- - --PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe --53YiHHK4SzR844PzgGe4nD6a -------END PUBLIC KEY----- -- - PrivateKey = RSA-2048 - -----BEGIN PRIVATE KEY----- - MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV -@@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH - - PrivPubKeyPair = RSA-2048:P-256-PUBLIC - Result = KEYPAIR_TYPE_MISMATCH -- --PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC --Result = KEYPAIR_TYPE_MISMATCH -- --PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC --Result = KEYPAIR_TYPE_MISMATCH -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t ---- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 16:36:52.323277096 +0200 -@@ -116,7 +116,6 @@ my @defltfiles = qw( - evppkey_kdf_tls1_prf.txt - evppkey_rsa.txt - ); --push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; - push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; - - plan tests => -diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_protect.t openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t ---- openssl-3.0.9/test/recipes/65-test_cmp_protect.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t 2023-05-31 16:36:52.323277096 +0200 -@@ -7,7 +7,6 @@ - # this file except in compliance with the License. You can obtain a copy - # in the file LICENSE in the source distribution or at - # https://www.openssl.org/source/license.html -- - use strict; - use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; - use OpenSSL::Test::Utils; -@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo - plan skip_all => "This test is not supported in a shared library build on Windows" - if $^O eq 'MSWin32' && !disabled("shared"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_protect_test", - data_file("server.pem"), -diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_vfy.t openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t ---- openssl-3.0.9/test/recipes/65-test_cmp_vfy.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t 2023-05-31 16:36:52.323277096 +0200 -@@ -7,7 +7,6 @@ - # this file except in compliance with the License. You can obtain a copy - # in the file LICENSE in the source distribution or at - # https://www.openssl.org/source/license.html -- - use strict; - use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; - use OpenSSL::Test::Utils; -@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo - plan skip_all => "This test is not supported in a no-ec build" - if disabled("ec"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_vfy_test", - data_file("server.crt"), data_file("client.crt"), -diff -rupN --no-dereference openssl-3.0.9/test/ssl-tests/20-cert-select.cnf openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf ---- openssl-3.0.9/test/ssl-tests/20-cert-select.cnf 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf 2023-05-31 16:36:52.324277093 +0200 -@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server - client = 22-ECDSA with brainpool-client - - [22-ECDSA with brainpool-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --Groups = brainpoolP256r1 --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [22-ECDSA with brainpool-client] - CipherString = aECDSA --Groups = brainpoolP256r1 - MaxProtocol = TLSv1.2 - RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -@@ -791,9 +789,6 @@ VerifyMode = Peer - - [test-22] - ExpectedResult = Success --ExpectedServerCANames = empty --ExpectedServerCertType = brainpoolP256r1 --ExpectedServerSignType = EC - - - # =========================================================== -@@ -1715,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool - client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client - - [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --Groups = brainpoolP256r1 --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] - CipherString = aECDSA --Groups = brainpoolP256r1 - RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - - [test-52] --ExpectedResult = ClientFail -+ExpectedResult = Success - - - # =========================================================== -@@ -1741,9 +1734,9 @@ server = 53-TLS 1.3 ECDSA with brainpool - client = 53-TLS 1.3 ECDSA with brainpool-client - - [53-TLS 1.3 ECDSA with brainpool-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [53-TLS 1.3 ECDSA with brainpool-client] - CipherString = DEFAULT -@@ -1754,7 +1747,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro - VerifyMode = Peer - - [test-53] --ExpectedResult = ServerFail -+ExpectedResult = Success - - - # =========================================================== -diff -rupN --no-dereference openssl-3.0.9/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf.in ---- openssl-3.0.9/test/ssl-tests/20-cert-select.cnf.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf.in 2023-05-31 16:36:52.324277093 +0200 -@@ -428,21 +428,21 @@ my @tests_non_fips = ( - { - name => "ECDSA with brainpool", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -- "Groups" => "brainpoolP256r1", -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), -+ #"Groups" => "brainpoolP256r1", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), -- "Groups" => "brainpoolP256r1", -+ #"Groups" => "brainpoolP256r1", - }, - test => { -- "ExpectedServerCertType" =>, "brainpoolP256r1", -- "ExpectedServerSignType" =>, "EC", -+ #"ExpectedServerCertType" =>, "brainpoolP256r1", -+ #"ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 -- "ExpectedServerCANames" =>, "empty", -+ #"ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, -@@ -896,27 +896,27 @@ my @tests_tls_1_3_non_fips = ( - { - name => "TLS 1.3 ECDSA with brainpool but no suitable groups", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -- "Groups" => "brainpoolP256r1", -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), -+ #"Groups" => "brainpoolP256r1", - }, - client => { - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), -- "Groups" => "brainpoolP256r1", -+ #"Groups" => "brainpoolP256r1", - }, - test => { - #We only configured brainpoolP256r1 on the client side, but TLSv1.3 - #is enabled and this group is not allowed in TLSv1.3. Therefore this - #should fail -- "ExpectedResult" => "ClientFail" -+ "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA with brainpool", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), - }, - client => { - "RequestCAFile" => test_pem("root-cert.pem"), -@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( - "MaxProtocol" => "TLSv1.3" - }, - test => { -- "ExpectedResult" => "ServerFail" -+ "ExpectedResult" => "Success" - }, - }, - ); +-- +2.41.0 + diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index e0e81c9..9b86309 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -1,7 +1,27 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_asn1.c openssl-3.0.9-new/crypto/ec/ec_asn1.c ---- openssl-3.0.9/crypto/ec/ec_asn1.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_asn1.c 2023-05-31 16:36:52.583276335 +0200 -@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** +From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch + +Patch-name: 0012-Disable-explicit-ec.patch +Patch-id: 12 +Patch-status: | + # Disable explicit EC curves + # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_asn1.c | 11 ++++++++++ + crypto/ec/ec_lib.c | 6 +++++ + test/ectest.c | 22 ++++++++++--------- + test/endecode_test.c | 20 ++++++++--------- + .../30-test_evp_data/evppkey_ecdsa.txt | 12 ---------- + 5 files changed, 39 insertions(+), 32 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 7a0b35a594..d19d57344e 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) group->decoded_from_explicit_params = 1; @@ -14,7 +34,7 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_asn1.c openssl-3.0.9-new/ if (a) { EC_GROUP_free(*a); *a = group; -@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con +@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) goto err; } @@ -26,10 +46,99 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_asn1.c openssl-3.0.9-new/ ret->version = priv_key->version; if (priv_key->privateKey) { -diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new/test/endecode_test.c ---- openssl-3.0.9/test/endecode_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/endecode_test.c 2023-05-31 16:36:52.583276335 +0200 -@@ -58,7 +58,7 @@ static BN_CTX *bnctx = NULL; +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index a84e088c19..6c37bf78ae 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + goto err; + } + if (named_group == group) { ++ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) { ++ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); ++ goto err; ++ } ++#if 0 + /* + * If we did not find a named group then the encoding should be explicit + * if it was specified +@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + goto err; + } + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); ++#endif + } else { + EC_GROUP_free(group); + group = named_group; +diff --git a/test/ectest.c b/test/ectest.c +index 4890b0555e..e11aec5b3b 100644 +--- a/test/ectest.c ++++ b/test/ectest.c +@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) +- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, ++ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam, + EVP_PKEY_KEY_PARAMETERS, params), 0)) + goto err; +- ++/* As creating the key should fail, the rest of the test is pointless */ ++# if 0 + /*- Check that all the set values are retrievable -*/ + + /* There should be no match to a group name since the generator changed */ +@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + #endif + ) + goto err; ++#endif + ret = 1; + err: + BN_free(order_out); +@@ -2714,21 +2716,21 @@ static int custom_params_test(int id) + + /* Compute keyexchange in both directions */ + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) +- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) +- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) ++ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0) ++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) +- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) ++ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/) + goto err; + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) +- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) +- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) ++ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1) ++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) +- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) ++ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */) + goto err; +- ++#if 0 + /* Both sides should expect the same shared secret */ + if (!TEST_mem_eq(buf1, sslen, buf2, t)) + goto err; +@@ -2780,7 +2782,7 @@ static int custom_params_test(int id) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) + goto err; +- ++#endif + ret = 1; + + err: +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 14648287eb..9a437d8c64 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL; static OSSL_PARAM_BLD *bld_prime_nc = NULL; static OSSL_PARAM_BLD *bld_prime = NULL; static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; @@ -38,7 +147,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new # ifndef OPENSSL_NO_EC2M static OSSL_PARAM_BLD *bld_tri_nc = NULL; -@@ -1005,9 +1005,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") +@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") @@ -51,7 +160,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) -@@ -1338,7 +1338,7 @@ int setup_tests(void) +@@ -1352,7 +1352,7 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) @@ -60,7 +169,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new # ifndef OPENSSL_NO_EC2M || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) -@@ -1366,7 +1366,7 @@ int setup_tests(void) +@@ -1380,7 +1380,7 @@ int setup_tests(void) TEST_info("Generating EC keys..."); MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); @@ -69,7 +178,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new # ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); -@@ -1409,8 +1409,8 @@ int setup_tests(void) +@@ -1423,8 +1423,8 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(EC); ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); @@ -80,7 +189,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new # ifndef OPENSSL_NO_EC2M ADD_TEST_SUITE(ECExplicitTriNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); -@@ -1447,7 +1447,7 @@ void cleanup_tests(void) +@@ -1461,7 +1461,7 @@ void cleanup_tests(void) { #ifndef OPENSSL_NO_EC OSSL_PARAM_free(ec_explicit_prime_params_nc); @@ -89,7 +198,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new OSSL_PARAM_BLD_free(bld_prime_nc); OSSL_PARAM_BLD_free(bld_prime); # ifndef OPENSSL_NO_EC2M -@@ -1469,7 +1469,7 @@ void cleanup_tests(void) +@@ -1483,7 +1483,7 @@ void cleanup_tests(void) #ifndef OPENSSL_NO_EC FREE_DOMAIN_KEYS(EC); FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); @@ -98,10 +207,11 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new # ifndef OPENSSL_NO_EC2M FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 16:36:52.583276335 +0200 -@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +index ec3c032aba..584ecee0eb 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl -----END PRIVATE KEY----- @@ -120,3 +230,6 @@ diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ PrivateKey = B-163 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K +-- +2.41.0 + diff --git a/0013-skipped-tests-EC-curves.patch b/0013-skipped-tests-EC-curves.patch new file mode 100644 index 0000000..3cf7a78 --- /dev/null +++ b/0013-skipped-tests-EC-curves.patch @@ -0,0 +1,58 @@ +From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch + +Patch-name: 0013-skipped-tests-EC-curves.patch +Patch-id: 13 +Patch-status: | + # Skipped tests from former 0011-Remove-EC-curves.patch +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + test/recipes/15-test_ec.t | 2 +- + test/recipes/65-test_cmp_protect.t | 2 +- + test/recipes/65-test_cmp_vfy.t | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t +index 0638d626e7..c0efd77649 100644 +--- a/test/recipes/15-test_ec.t ++++ b/test/recipes/15-test_ec.t +@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub { + + subtest 'Check loading of fips and non-fips keys' => sub { + plan skip_all => "FIPS is disabled" +- if $no_fips; ++ if 1; #Red Hat specific, original value is $no_fips; + + plan tests => 2; + +diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t +index 631603df7c..4cb2ffebbc 100644 +--- a/test/recipes/65-test_cmp_protect.t ++++ b/test/recipes/65-test_cmp_protect.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("server.pem"), +diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t +index f722800e27..26a01786bb 100644 +--- a/test/recipes/65-test_cmp_vfy.t ++++ b/test/recipes/65-test_cmp_vfy.t +@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build" + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), +-- +2.41.0 + diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index 7258682..2997d1e 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -1,6 +1,22 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf ---- openssl-3.0.9/apps/openssl.cnf 2023-05-31 16:36:51.330280004 +0200 -+++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 16:36:52.828275617 +0200 +From 69636828729ecc287863366dcdd6548dee78c7a4 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 14/35] 0024-load-legacy-prov.patch + +Patch-name: 0024-load-legacy-prov.patch +Patch-id: 24 +Patch-status: | + # Instructions to load legacy provider in openssl.cnf +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/openssl.cnf | 37 +++++++++++++++---------------------- + doc/man5/config.pod | 8 ++++++++ + 2 files changed, 23 insertions(+), 22 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 3956235fda..bddb6bc029 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -19,11 +35,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app ssl_conf = ssl_module -# List of providers to load --[provider_sect] --default = default_sect --# The fips section name should match the section name inside the --# included fipsmodule.cnf. --# fips = fips_sect +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 @@ -32,7 +43,13 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. - ++ + [provider_sect] + default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect +- -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# @@ -41,23 +58,21 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. --[default_sect] --# activate = 1 -+[provider_sect] -+##default = default_sect +##legacy = legacy_sect +## -+##[default_sect] -+##activate = 1 -+## + [default_sect] +-# activate = 1 ++activate = 1 ++ +##[legacy_sect] +##activate = 1 [ ssl_module ] -diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod ---- openssl-3.0.9/doc/man5/config.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 16:36:52.828275617 +0200 +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index 8d312c661f..714a10437b 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. @@ -73,3 +88,6 @@ diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/ =head3 Default provider and its activation If no providers are activated explicitly, the default one is activated implicitly. +-- +2.41.0 + diff --git a/0025-for-tests.patch b/0025-for-tests.patch new file mode 100644 index 0000000..aef200b --- /dev/null +++ b/0025-for-tests.patch @@ -0,0 +1,18 @@ +diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf +--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100 ++++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100 +@@ -55,11 +55,11 @@ providers = provider_sect + # to side-channel attacks and as such have been deprecated. + + [provider_sect] +-default = default_sect ++##default = default_sect + ##legacy = legacy_sect + ## +-[default_sect] +-activate = 1 ++##[default_sect] ++##activate = 1 + + ##[legacy_sect] + ##activate = 1 diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch new file mode 100644 index 0000000..e114fca --- /dev/null +++ b/0032-Force-fips.patch @@ -0,0 +1,69 @@ +From 2c110cf5551a3869514e697d8dc06682b62ca57d Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 11:59:02 +0200 +Subject: [PATCH 16/48] 0032-Force-fips.patch + +Patch-name: 0032-Force-fips.patch +Patch-id: 32 +Patch-status: | + # We load FIPS provider and set FIPS properties implicitly +--- + crypto/provider_conf.c | 28 +++++++++++++++++++++++++++- + 1 file changed, 27 insertions(+), 1 deletion(-) + +diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c +index 058fb58837..5274265a70 100644 +--- a/crypto/provider_conf.c ++++ b/crypto/provider_conf.c +@@ -10,6 +10,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, + if (path != NULL) + ossl_provider_set_module_path(prov, path); + +- ok = provider_conf_params(prov, NULL, NULL, value, cnf); ++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; + + if (ok) { + if (!ossl_provider_activate(prov, 1, 0)) { +@@ -309,6 +311,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) + return 0; + } + ++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ ++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); ++# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf" ++ ++ if (access(FIPS_LOCAL_CONF, R_OK) == 0) { ++ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default()); ++ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0) ++ return 0; ++ ++ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) { ++ NCONF_free(fips_conf); ++ return 0; ++ } ++ NCONF_free(fips_conf); ++ } else { ++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ } ++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (EVP_default_properties_enable_fips(libctx, 1) != 1) ++ return 0; ++ } ++ + return 1; + } + +-- +2.41.0 + diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch new file mode 100644 index 0000000..3894422 --- /dev/null +++ b/0033-FIPS-embed-hmac.patch @@ -0,0 +1,250 @@ +From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 19 Oct 2023 13:12:40 +0200 +Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch + +Patch-name: 0033-FIPS-embed-hmac.patch +Patch-id: 33 +Patch-status: | + # # Embed HMAC into the fips.so +From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 +--- + providers/fips/self_test.c | 70 ++++++++++++++++++++++++--- + test/fipsmodule.cnf | 2 + + test/recipes/00-prep_fipsmodule_cnf.t | 2 +- + test/recipes/01-test_fipsmodule_cnf.t | 2 +- + test/recipes/03-test_fipsinstall.t | 2 +- + test/recipes/30-test_defltfips.t | 2 +- + test/recipes/80-test_ssl_new.t | 2 +- + test/recipes/90-test_sslapi.t | 2 +- + 8 files changed, 71 insertions(+), 13 deletions(-) + create mode 100644 test/fipsmodule.cnf + +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index b8dc9817b2..e3a629018a 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -230,11 +230,27 @@ err: + return ok; + } + ++#define HMAC_LEN 32 ++/* ++ * The __attribute__ ensures we've created the .rodata1 section ++ * static ensures it's zero filled ++*/ ++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; ++ + /* + * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify + * the result matches the expected value. + * Return 1 if verified, or 0 if it fails. + */ ++#ifndef __USE_GNU ++#define __USE_GNU ++#include ++#undef __USE_GNU ++#else ++#include ++#endif ++#include ++ + static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, + unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, +@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex + EVP_MAC *mac = NULL; + EVP_MAC_CTX *ctx = NULL; + OSSL_PARAM params[2], *p = params; ++ Dl_info info; ++ void *extra_info = NULL; ++ struct link_map *lm = NULL; ++ unsigned long paddr; ++ unsigned long off = 0; + + if (!integrity_self_test(ev, libctx)) + goto err; + + OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); + ++ if (!dladdr1 ((const void *)fips_hmac_container, ++ &info, &extra_info, RTLD_DL_LINKMAP)) ++ goto err; ++ lm = extra_info; ++ paddr = (unsigned long)fips_hmac_container - lm->l_addr; ++ + mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); + if (mac == NULL) + goto err; +@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex + if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) + goto err; + +- while (1) { +- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); ++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ if (off + INTEGRITY_BUF_SIZE > paddr) { ++ int delta = paddr - off; ++ status = read_ex_cb(bio, buf, delta, &bytes_read); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ memset(buf, 0, HMAC_LEN); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ while (bytes_read > 0) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); + if (status != 1) + break; + if (!EVP_MAC_update(ctx, buf, bytes_read)) + goto err; ++ off += bytes_read; + } ++ + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) + goto err; + +@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex + goto err; + ret = 1; + err: ++ OPENSSL_cleanse(out, sizeof(out)); + OSSL_SELF_TEST_onend(ev, ret); + EVP_MAC_CTX_free(ctx); + EVP_MAC_free(mac); +@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + return 0; + } + +- if (st == NULL +- || st->module_checksum_data == NULL) { ++ if (st == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); + goto end; + } +@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + if (ev == NULL) + goto end; + +- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, +- &checksum_len); ++ module_checksum = fips_hmac_container; ++ checksum_len = sizeof(fips_hmac_container); ++ + if (module_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); + goto end; +@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + end: + EVP_RAND_free(testrand); + OSSL_SELF_TEST_free(ev); +- OPENSSL_free(module_checksum); + OPENSSL_free(indicator_checksum); + + if (st != NULL) { +diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf +new file mode 100644 +index 0000000000..f05d0dedbe +--- /dev/null ++++ b/test/fipsmodule.cnf +@@ -0,0 +1,2 @@ ++[fips_sect] ++activate = 1 +diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t +index 4e3a6d85e8..e8255ba974 100644 +--- a/test/recipes/00-prep_fipsmodule_cnf.t ++++ b/test/recipes/00-prep_fipsmodule_cnf.t +@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "FIPS module config file only supported in a fips build" + if $no_check; + +diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t +index ce594817d5..00cebacff8 100644 +--- a/test/recipes/01-test_fipsmodule_cnf.t ++++ b/test/recipes/01-test_fipsmodule_cnf.t +@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "Test only supported in a fips build" + if $no_check; + plan tests => 1; +diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t +index b8b136d110..8242f4ebc3 100644 +--- a/test/recipes/03-test_fipsinstall.t ++++ b/test/recipes/03-test_fipsinstall.t +@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + +-plan skip_all => "Test only supported in a fips build" if disabled("fips"); ++plan skip_all => "Test only supported in a fips build" if 1; + + # Compatible options for pedantic FIPS compliance + my @pedantic_okay = +diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t +index c8f145405b..56a2ec5dc4 100644 +--- a/test/recipes/30-test_defltfips.t ++++ b/test/recipes/30-test_defltfips.t +@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); + plan skip_all => "Configuration loading is turned off" + if disabled("autoload-config"); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan tests => + ($no_fips ? 1 : 5); +diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t +index 0c6d6402d9..e45f9cb560 100644 +--- a/test/recipes/80-test_ssl_new.t ++++ b/test/recipes/80-test_ssl_new.t +@@ -27,7 +27,7 @@ setup("test_ssl_new"); + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); + +diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t +index 9e9e32b51e..1a1a7159b5 100644 +--- a/test/recipes/90-test_sslapi.t ++++ b/test/recipes/90-test_sslapi.t +@@ -17,7 +17,7 @@ setup("test_sslapi"); + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + my $fipsmodcfg_filename = "fipsmodule.cnf"; + my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); + +-- +2.41.0 + diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch new file mode 100644 index 0000000..f1d7b27 --- /dev/null +++ b/0034.fipsinstall_disable.patch @@ -0,0 +1,473 @@ +From a9825123e7ab3474d2794a5706d9bed047959c9c Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 18/35] 0034.fipsinstall_disable.patch + +Patch-name: 0034.fipsinstall_disable.patch +Patch-id: 34 +Patch-status: | + # Comment out fipsinstall command-line utility +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/fipsinstall.c | 3 + + doc/man1/openssl-fipsinstall.pod.in | 272 +--------------------------- + doc/man1/openssl.pod | 4 - + doc/man5/config.pod | 1 - + doc/man5/fips_config.pod | 104 +---------- + doc/man7/OSSL_PROVIDER-FIPS.pod | 1 - + 6 files changed, 10 insertions(+), 375 deletions(-) + +diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c +index e1ef645b60..db92cb5fb2 100644 +--- a/apps/fipsinstall.c ++++ b/apps/fipsinstall.c +@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **argv) + EVP_MAC *mac = NULL; + CONF *conf = NULL; + ++ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); ++ return 1; ++ + if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; + +diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in +index b1768b7f91..b6b00e27d8 100644 +--- a/doc/man1/openssl-fipsinstall.pod.in ++++ b/doc/man1/openssl-fipsinstall.pod.in +@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation + =head1 SYNOPSIS + + B +-[B<-help>] +-[B<-in> I] +-[B<-out> I] +-[B<-module> I] +-[B<-provider_name> I] +-[B<-section_name> I] +-[B<-verify>] +-[B<-mac_name> I] +-[B<-macopt> I:I] +-[B<-noout>] +-[B<-quiet>] +-[B<-pedantic>] +-[B<-no_conditional_errors>] +-[B<-no_security_checks>] +-[B<-ems_check>] +-[B<-no_drbg_truncated_digests>] +-[B<-self_test_onload>] +-[B<-self_test_oninstall>] +-[B<-corrupt_desc> I] +-[B<-corrupt_type> I] +-[B<-config> I] +- +-=head1 DESCRIPTION +- +-This command is used to generate a FIPS module configuration file. +-This configuration file can be used each time a FIPS module is loaded +-in order to pass data to the FIPS module self tests. The FIPS module always +-verifies its MAC, but optionally only needs to run the KAT's once, +-at installation. +- +-The generated configuration file consists of: +- +-=over 4 +- +-=item - A MAC of the FIPS module file. +- +-=item - A test status indicator. +- +-This indicates if the Known Answer Self Tests (KAT's) have successfully run. +- +-=item - A MAC of the status indicator. +- +-=item - A control for conditional self tests errors. +- +-By default if a continuous test (e.g a key pair test) fails then the FIPS module +-will enter an error state, and no services or cryptographic algorithms will be +-able to be accessed after this point. +-The default value of '1' will cause the fips module error state to be entered. +-If the value is '0' then the module error state will not be entered. +-Regardless of whether the error state is entered or not, the current operation +-(e.g. key generation) will return an error. The user is responsible for retrying +-the operation if the module error state is not entered. +- +-=item - A control to indicate whether run-time security checks are done. +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-The default value of '1' will perform the checks. +-If the value is '0' the checks are not performed and FIPS compliance must +-be done by procedures documented in the relevant Security Policy. +- +-=back +- +-This file is described in L. +- +-=head1 OPTIONS +- +-=over 4 +- +-=item B<-help> +- +-Print a usage message. +- +-=item B<-module> I +- +-Filename of the FIPS module to perform an integrity check on. +-The path provided in the filename is used to load the module when it is +-activated, and this overrides the environment variable B. +- +-=item B<-out> I +- +-Filename to output the configuration data to; the default is standard output. +- +-=item B<-in> I +- +-Input filename to load configuration data from. +-Must be used if the B<-verify> option is specified. +- +-=item B<-verify> +- +-Verify that the input configuration file contains the correct information. +- +-=item B<-provider_name> I +- +-Name of the provider inside the configuration file. +-The default value is C. +- +-=item B<-section_name> I +- +-Name of the section inside the configuration file. +-The default value is C. +- +-=item B<-mac_name> I +- +-Specifies the name of a supported MAC algorithm which will be used. +-The MAC mechanisms that are available will depend on the options +-used when building OpenSSL. +-To see the list of supported MAC's use the command +-C. The default is B. +- +-=item B<-macopt> I:I +- +-Passes options to the MAC algorithm. +-A comprehensive list of controls can be found in the EVP_MAC implementation +-documentation. +-Common control strings used for this command are: +- +-=over 4 +- +-=item B:I +- +-Specifies the MAC key as an alphanumeric string (use if the key contains +-printable characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Specifies the MAC key in hexadecimal form (two hex digits per byte). +-The key length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Used by HMAC as an alphanumeric string (use if the key contains printable +-characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-To see the list of supported digests, use the command +-C. +-The default digest is SHA-256. +- +-=back +- +-=item B<-noout> +- +-Disable logging of the self tests. +- +-=item B<-pedantic> +- +-Configure the module so that it is strictly FIPS compliant rather +-than being backwards compatible. This enables conditional errors, +-security checks etc. Note that any previous configuration options will +-be overwritten and any subsequent configuration options that violate +-FIPS compliance will result in an error. +- +-=item B<-no_conditional_errors> +- +-Configure the module to not enter an error state if a conditional self test +-fails as described above. +- +-=item B<-no_security_checks> +- +-Configure the module to not perform run-time security checks as described above. +- +-Enabling the configuration option "no-fips-securitychecks" provides another way to +-turn off the check at compile time. +- +-=item B<-ems_check> +- +-Configure the module to enable a run-time Extended Master Secret (EMS) check +-when using the TLS1_PRF KDF algorithm. This check is disabled by default. +-See RFC 7627 for information related to EMS. +- +-=item B<-no_drbg_truncated_digests> +- +-Configure the module to not allow truncated digests to be used with Hash and +-HMAC DRBGs. See FIPS 140-3 IG D.R for details. +- +-=item B<-self_test_onload> +- +-Do not write the two fields related to the "test status indicator" and +-"MAC status indicator" to the output configuration file. Without these fields +-the self tests KATS will run each time the module is loaded. This option could be +-used for cross compiling, since the self tests need to run at least once on each +-target machine. Once the self tests have run on the target machine the user +-could possibly then add the 2 fields into the configuration using some other +-mechanism. +- +-This is the default. +- +-=item B<-self_test_oninstall> +- +-The converse of B<-self_test_oninstall>. The two fields related to the +-"test status indicator" and "MAC status indicator" are written to the +-output configuration file. +- +-=item B<-quiet> +- +-Do not output pass/fail messages. Implies B<-noout>. +- +-=item B<-corrupt_desc> I, +-B<-corrupt_type> I +- +-The corrupt options can be used to test failure of one or more self tests by +-name. +-Either option or both may be used to select the tests to corrupt. +-Refer to the entries for B and B in L for +-values that can be used. +- +-=item B<-config> I +- +-Test that a FIPS provider can be loaded from the specified configuration file. +-A previous call to this application needs to generate the extra configuration +-data that is included by the base C configuration file. +-See L for further information on how to set up a provider section. +-All other options are ignored if '-config' is used. +- +-=back +- +-=head1 NOTES +- +-Self tests results are logged by default if the options B<-quiet> and B<-noout> +-are not specified, or if either of the options B<-corrupt_desc> or +-B<-corrupt_type> are used. +-If the base configuration file is set up to autoload the fips module, then the +-fips module will be loaded and self tested BEFORE the fipsinstall application +-has a chance to set up its own self test callback. As a result of this the self +-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored. +-For normal usage the base configuration file should use the default provider +-when generating the fips configuration file. +- +-The B<-self_test_oninstall> option was added and the +-B<-self_test_onload> option was made the default in OpenSSL 3.1. +- +-The command and all remaining options were added in OpenSSL 3.0. +- +-=head1 EXAMPLES +- +-Calculate the mac of a FIPS module F and run a FIPS self test +-for the module, and save the F configuration file: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips +- +-Verify that the configuration file F contains the correct info: +- +- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify +- +-Corrupt any self tests which have the description C: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ +- -corrupt_desc 'SHA1' +- +-Validate that the fips module can be loaded from a base configuration file: +- +- export OPENSSL_CONF_INCLUDE= +- export OPENSSL_MODULES= +- openssl fipsinstall -config' 'default.cnf' +- +- +-=head1 SEE ALSO +- +-L, +-L, +-L, +-L ++This command is disabled. ++Please consult Red Hat Enterprise Linux documentation to learn how to correctly ++enable FIPS mode on Red Hat Enterprise + + =head1 COPYRIGHT + +diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod +index d9c22a580f..d5ec3b9a6a 100644 +--- a/doc/man1/openssl.pod ++++ b/doc/man1/openssl.pod +@@ -135,10 +135,6 @@ Engine (loadable module) information and manipulation. + + Error Number to Error String Conversion. + +-=item B +- +-FIPS configuration installation. +- + =item B + + Generation of DSA Private Key from Parameters. Superseded by +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index 714a10437b..bd05736220 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -573,7 +573,6 @@ configuration files using that syntax will have to be modified. + =head1 SEE ALSO + + L, L, L, +-L, + L, + L, + L, +diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod +index 2255464304..1c15e32a5c 100644 +--- a/doc/man5/fips_config.pod ++++ b/doc/man5/fips_config.pod +@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration + + =head1 DESCRIPTION + +-A separate configuration file, using the OpenSSL L syntax, +-is used to hold information about the FIPS module. This includes a digest +-of the shared library file, and status about the self-testing. +-This data is used automatically by the module itself for two +-purposes: +- +-=over 4 +- +-=item - Run the startup FIPS self-test known answer tests (KATS). +- +-This is normally done once, at installation time, but may also be set up to +-run each time the module is used. +- +-=item - Verify the module's checksum. +- +-This is done each time the module is used. +- +-=back +- +-This file is generated by the L program, and +-used internally by the FIPS module during its initialization. +- +-The following options are supported. They should all appear in a section +-whose name is identified by the B option in the B +-section, as described in L. +- +-=over 4 +- +-=item B +- +-If present, the module is activated. The value assigned to this name is not +-significant. +- +-=item B +- +-A version number for the fips install process. Should be 1. +- +-=item B +- +-The FIPS module normally enters an internal error mode if any self test fails. +-Once this error mode is active, no services or cryptographic algorithms are +-accessible from this point on. +-Continuous tests are a subset of the self tests (e.g., a key pair test during key +-generation, or the CRNG output test). +-Setting this value to C<0> allows the error mode to not be triggered if any +-continuous test fails. The default value of C<1> will trigger the error mode. +-Regardless of the value, the operation (e.g., key generation) that called the +-continuous test will return an error code if its continuous test fails. The +-operation may then be retried if the error mode has not been triggered. +- +-=item B +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-A value of '1' will perform the checks, otherwise if the value is '0' the checks +-are not performed and FIPS compliance must be done by procedures documented in +-the relevant Security Policy. +- +-=item B +- +-The calculated MAC of the FIPS provider file. +- +-=item B +- +-An indicator that the self-tests were successfully run. +-This should only be written after the module has +-successfully passed its self tests during installation. +-If this field is not present, then the self tests will run when the module +-loads. +- +-=item B +- +-A MAC of the value of the B option, to prevent accidental +-changes to that value. +-It is written-to at the same time as B is updated. +- +-=back +- +-For example: +- +- [fips_sect] +- activate = 1 +- install-version = 1 +- conditional-errors = 1 +- security-checks = 1 +- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +- install-status = INSTALL_SELF_TEST_KATS_RUN +- +-=head1 NOTES +- +-When using the FIPS provider, it is recommended that the +-B option is enabled to prevent accidental use of +-non-FIPS validated algorithms via broken or mistaken configuration. +-See L. +- +-=head1 SEE ALSO +- +-L +-L ++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is ++automatically loaded when the system is booted in FIPS mode, or when the ++environment variable B is set. See the documentation ++for more information. + + =head1 HISTORY + +diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod +index 4f908888ba..ef00247770 100644 +--- a/doc/man7/OSSL_PROVIDER-FIPS.pod ++++ b/doc/man7/OSSL_PROVIDER-FIPS.pod +@@ -444,7 +444,6 @@ want to operate in a FIPS approved manner. The algorithms are: + + =head1 SEE ALSO + +-L, + L, + L, + L, +-- +2.41.0 + diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch new file mode 100644 index 0000000..d52d5e1 --- /dev/null +++ b/0035-speed-skip-unavailable-dgst.patch @@ -0,0 +1,31 @@ +From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch + +Patch-name: 0035-speed-skip-unavailable-dgst.patch +Patch-id: 35 +Patch-status: | + # Skip unavailable algorithms running `openssl speed` +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + apps/speed.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/apps/speed.c b/apps/speed.c +index d527f12f18..2ff3eb53bd 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args) + for (count = 0; COND(c[algindex][testnum]); count++) { + size_t outl; + ++ if (mctx == NULL) ++ return -1; ++ + if (!EVP_MAC_init(mctx, NULL, 0, NULL) + || !EVP_MAC_update(mctx, buf, lengths[testnum]) + || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) +-- +2.41.0 + diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch new file mode 100644 index 0000000..50e385c --- /dev/null +++ b/0044-FIPS-140-3-keychecks.patch @@ -0,0 +1,388 @@ +From b300beb172d5813b01b93bfd62fe191f8187fe1e Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 12:05:23 +0200 +Subject: [PATCH 20/48] 0044-FIPS-140-3-keychecks.patch + +Patch-name: 0044-FIPS-140-3-keychecks.patch +Patch-id: 44 +Patch-status: | + # Extra public/private key checks required by FIPS-140-3 +--- + crypto/dh/dh_key.c | 26 ++++++++++ + .../implementations/exchange/ecdh_exch.c | 19 ++++++++ + providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++- + providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++ + .../implementations/signature/ecdsa_sig.c | 37 +++++++++++++-- + providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++-- + 6 files changed, 162 insertions(+), 9 deletions(-) + +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 4e9705beef..83773cceea 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + BN_MONT_CTX *mont = NULL; + BIGNUM *z = NULL, *pminus1; + int ret = -1; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + return 0; + } + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ return 0; ++ } ++#endif ++ + ctx = BN_CTX_new_ex(dh->libctx); + if (ctx == NULL) + goto err; +@@ -262,6 +272,9 @@ static int generate_key(DH *dh) + #endif + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -354,8 +367,21 @@ static int generate_key(DH *dh) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) + goto err; + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->pub_key = pub_key; + dh->priv_key = priv_key; ++#ifdef FIPS_MODULE ++ if (ossl_dh_check_pairwise(dh) <= 0) { ++ abort(); ++ } ++#endif ++ + dh->dirty_cnt++; + ok = 1; + err: +diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c +index 43caedb6df..73873f9758 100644 +--- a/providers/implementations/exchange/ecdh_exch.c ++++ b/providers/implementations/exchange/ecdh_exch.c +@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, + } + + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); ++#ifdef FIPS_MODULE ++ { ++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); ++ int check = 0; ++ ++ if (bn_ctx == NULL) { ++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); ++ BN_CTX_free(bn_ctx); ++ ++ if (check <= 0) { ++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); ++ goto end; ++ } ++ } ++#endif + + retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); + +diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c +index a37cbbdba8..bca3f3c674 100644 +--- a/providers/implementations/keymgmt/ec_kmgmt.c ++++ b/providers/implementations/keymgmt/ec_kmgmt.c +@@ -989,8 +989,17 @@ struct ec_gen_ctx { + int selection; + int ecdh_mode; + EC_GROUP *gen_group; ++#ifdef FIPS_MODULE ++ void *ecdsa_sig_ctx; ++#endif + }; + ++#ifdef FIPS_MODULE ++void *ecdsa_newctx(void *provctx, const char *propq); ++void ecdsa_freectx(void *vctx); ++int do_ec_pct(void *, const char *, void *); ++#endif ++ + static void *ec_gen_init(void *provctx, int selection, + const OSSL_PARAM params[]) + { +@@ -1009,6 +1018,10 @@ static void *ec_gen_init(void *provctx, int selection, + gctx = NULL; + } + } ++#ifdef FIPS_MODULE ++ if (gctx != NULL) ++ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL); ++#endif + return gctx; + } + +@@ -1279,6 +1292,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) + + if (gctx->ecdh_mode != -1) + ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); ++#ifdef FIPS_MODULE ++ /* Pairwise consistency test */ ++ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ++ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1) ++ abort(); ++#endif + + if (gctx->group_check != NULL) + ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check); +@@ -1348,7 +1367,10 @@ static void ec_gen_cleanup(void *genctx) + + if (gctx == NULL) + return; +- ++#ifdef FIPS_MODULE ++ ecdsa_freectx(gctx->ecdsa_sig_ctx); ++ gctx->ecdsa_sig_ctx = NULL; ++#endif + EC_GROUP_free(gctx->gen_group); + BN_free(gctx->p); + BN_free(gctx->a); +diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c +index 3ba12c4889..ff49f8fcd8 100644 +--- a/providers/implementations/keymgmt/rsa_kmgmt.c ++++ b/providers/implementations/keymgmt/rsa_kmgmt.c +@@ -434,6 +434,7 @@ struct rsa_gen_ctx { + #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + /* ACVP test parameters */ + OSSL_PARAM *acvp_test_params; ++ void *prov_rsa_ctx; + #endif + }; + +@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) + return gctx->cb(params, gctx->cbarg); + } + ++#ifdef FIPS_MODULE ++void *rsa_newctx(void *provctx, const char *propq); ++void rsa_freectx(void *vctx); ++int do_rsa_pct(void *, const char *, void *); ++#endif ++ + static void *gen_init(void *provctx, int selection, int rsa_type, + const OSSL_PARAM params[]) + { +@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type, + + if (!rsa_gen_set_params(gctx, params)) + goto err; ++#ifdef FIPS_MODULE ++ if (gctx != NULL) ++ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL); ++#endif + return gctx; + + err: +@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) + + rsa = rsa_tmp; + rsa_tmp = NULL; ++#ifdef FIPS_MODULE ++ /* Pairwise consistency test */ ++ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1) ++ abort(); ++#endif + err: + BN_GENCB_free(gencb); + RSA_free(rsa_tmp); +@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx) + #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); + gctx->acvp_test_params = NULL; ++ rsa_freectx(gctx->prov_rsa_ctx); ++ gctx->prov_rsa_ctx = NULL; + #endif + BN_clear_free(gctx->pub_exp); + OPENSSL_free(gctx); +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 865d49d100..ebeb30e002 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -32,7 +32,7 @@ + #include "crypto/ec.h" + #include "prov/der_ec.h" + +-static OSSL_FUNC_signature_newctx_fn ecdsa_newctx; ++OSSL_FUNC_signature_newctx_fn ecdsa_newctx; + static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init; + static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init; + static OSSL_FUNC_signature_sign_fn ecdsa_sign; +@@ -43,7 +43,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final; + static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init; + static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update; + static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final; +-static OSSL_FUNC_signature_freectx_fn ecdsa_freectx; ++OSSL_FUNC_signature_freectx_fn ecdsa_freectx; + static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx; + static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params; + static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params; +@@ -104,7 +104,7 @@ typedef struct { + #endif + } PROV_ECDSA_CTX; + +-static void *ecdsa_newctx(void *provctx, const char *propq) ++void *ecdsa_newctx(void *provctx, const char *propq) + { + PROV_ECDSA_CTX *ctx; + +@@ -370,7 +370,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, + return ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen); + } + +-static void ecdsa_freectx(void *vctx) ++void ecdsa_freectx(void *vctx) + { + PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; + +@@ -581,6 +581,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) + return EVP_MD_settable_ctx_params(ctx->md); + } + ++#ifdef FIPS_MODULE ++int do_ec_pct(void *vctx, const char *mdname, void *ec) ++{ ++ static const unsigned char data[32]; ++ unsigned char sigbuf[256]; ++ size_t siglen = sizeof(sigbuf); ++ ++ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) ++ return 0; ++ ++ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0) ++ return 0; ++ ++ return 1; ++} ++#endif ++ + const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = { + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index cd5de6bd51..d4261e8f7d 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -34,7 +34,7 @@ + + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 + +-static OSSL_FUNC_signature_newctx_fn rsa_newctx; ++OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; + static OSSL_FUNC_signature_verify_init_fn rsa_verify_init; + static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init; +@@ -47,7 +47,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final; + static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init; + static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_signverify_update; + static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final; +-static OSSL_FUNC_signature_freectx_fn rsa_freectx; ++OSSL_FUNC_signature_freectx_fn rsa_freectx; + static OSSL_FUNC_signature_dupctx_fn rsa_dupctx; + static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params; + static OSSL_FUNC_signature_gettable_ctx_params_fn rsa_gettable_ctx_params; +@@ -170,7 +170,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen) + return 1; + } + +-static void *rsa_newctx(void *provctx, const char *propq) ++void *rsa_newctx(void *provctx, const char *propq) + { + PROV_RSA_CTX *prsactx = NULL; + char *propq_copy = NULL; +@@ -977,7 +977,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, + return rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen); + } + +-static void rsa_freectx(void *vprsactx) ++void rsa_freectx(void *vprsactx) + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + +@@ -1455,6 +1455,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) + return EVP_MD_settable_ctx_params(prsactx->md); + } + ++#ifdef FIPS_MODULE ++int do_rsa_pct(void *vctx, const char *mdname, void *rsa) ++{ ++ static const unsigned char data[32]; ++ unsigned char *sigbuf = NULL; ++ size_t siglen = 0; ++ int ret = 0; ++ ++ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0) ++ return 0; ++ ++ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) ++ return 0; ++ ++ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0) ++ return 0; ++ ++ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL) ++ return 0; ++ ++ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0) ++ goto err; ++ ++ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0) ++ goto err; ++ ++ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0) ++ goto err; ++ ++ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0) ++ goto err; ++ ret = 1; ++ ++ err: ++ OPENSSL_free(sigbuf); ++ return ret; ++} ++#endif ++ + const OSSL_DISPATCH ossl_rsa_signature_functions[] = { + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, +-- +2.41.0 + diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch new file mode 100644 index 0000000..891f659 --- /dev/null +++ b/0045-FIPS-services-minimize.patch @@ -0,0 +1,771 @@ +From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 12:55:57 +0200 +Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch + +Patch-name: 0045-FIPS-services-minimize.patch +Patch-id: 45 +Patch-status: | + # Minimize fips services +--- + apps/ecparam.c | 7 +++ + apps/req.c | 2 +- + providers/common/capabilities.c | 2 +- + providers/fips/fipsprov.c | 44 +++++++++++-------- + providers/fips/self_test_data.inc | 9 +++- + providers/implementations/signature/rsa_sig.c | 26 +++++++++++ + ssl/ssl_ciph.c | 3 ++ + test/acvp_test.c | 2 + + test/endecode_test.c | 4 ++ + test/evp_libctx_test.c | 9 +++- + test/recipes/15-test_gendsa.t | 2 +- + test/recipes/20-test_cli_fips.t | 3 +- + test/recipes/30-test_evp.t | 16 +++---- + .../30-test_evp_data/evpmac_common.txt | 22 ++++++++++ + test/recipes/80-test_cms.t | 22 +++++----- + test/recipes/80-test_ssl_old.t | 2 +- + 16 files changed, 128 insertions(+), 47 deletions(-) + +diff --git a/apps/ecparam.c b/apps/ecparam.c +index 9e9ad13683..9c66cf2434 100644 +--- a/apps/ecparam.c ++++ b/apps/ecparam.c +@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out) + const char *comment = curves[n].comment; + const char *sname = OBJ_nid2sn(curves[n].nid); + ++ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1) ++ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1) ++ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1) ++ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1) ++ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL)) ++ continue; ++ + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) +diff --git a/apps/req.c b/apps/req.c +index 23757044ab..5916914978 100644 +--- a/apps/req.c ++++ b/apps/req.c +@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) + unsigned long chtype = MBSTRING_ASC, reqflag = 0; + + #ifndef OPENSSL_NO_DES +- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); ++ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); + #endif + + prog = opt_init(argc, argv, req_options); +diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c +index ed37e76969..eb836dfa6a 100644 +--- a/providers/common/capabilities.c ++++ b/providers/common/capabilities.c +@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { + TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), + TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), + TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), +-# endif + TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), + TLS_GROUP_ENTRY("x448", "X448", "X448", 29), ++# endif + # endif /* OPENSSL_NO_EC */ + # ifndef OPENSSL_NO_DH + /* Security bit values for FFDHE groups are as per RFC 7919 */ +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index 518226dfc6..29438faea8 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) + OSSL_LIB_CTX_FIPS_PROV_INDEX); + + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider")) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); + if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) +@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = { + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KMAC128 and KMAC256. + */ +- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, ++ /* We don't certify KECCAK in our FIPS provider */ ++ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, + ossl_keccak_kmac_128_functions }, + { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, +- ossl_keccak_kmac_256_functions }, ++ ossl_keccak_kmac_256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { + ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, + ossl_cipher_capable_aes_cbc_hmac_sha256), + #ifndef OPENSSL_NO_DES +- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), +- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), ++ /* We don't certify 3DES in our FIPS provider */ ++ /* UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), ++ UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ + #endif /* OPENSSL_NO_DES */ + { { NULL, NULL, NULL }, NULL } + }; +@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = { + #endif + { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, +- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, +- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, ++ /* We don't certify KMAC in our FIPS provider */ ++ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, ++ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { + #endif + #ifndef OPENSSL_NO_EC + { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, +- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, +- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, ++ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/ + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, + ossl_kdf_tls1_prf_keyexch_functions }, +@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = { + + static const OSSL_ALGORITHM fips_signature[] = { + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + #ifndef OPENSSL_NO_EC +- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, + ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, ++ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, */ + { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + #endif + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, +@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { + PROV_DESCS_DHX }, + #endif + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, +- PROV_DESCS_DSA }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, ++ PROV_DESCS_DSA }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, + PROV_DESCS_RSA }, +@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { + #ifndef OPENSSL_NO_EC + { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, + PROV_DESCS_EC }, +- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, + PROV_DESCS_X25519 }, + { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, + PROV_DESCS_X448 }, + { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, + PROV_DESCS_ED25519 }, + { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions, +- PROV_DESCS_ED448 }, ++ PROV_DESCS_ED448 }, */ + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, + PROV_DESCS_TLS1_PRF_SIGN }, +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index 2057378d3d..4b80bb70b9 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = + /*- CIPHER TEST DATA */ + + /* DES3 test data */ ++#if 0 + static const unsigned char des_ede3_cbc_pt[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, +@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = { + 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, + 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 + }; +- ++#endif + /* AES-256 GCM test data */ + static const unsigned char aes_256_gcm_key[] = { + 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, +@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = { + # endif /* OPENSSL_NO_EC2M */ + #endif /* OPENSSL_NO_EC */ + +-#ifndef OPENSSL_NO_DSA + /* dsa 2048 */ ++#if 0 ++#ifndef OPENSSL_NO_DSA + static const unsigned char dsa_p[] = { + 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, + 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, +@@ -1590,6 +1592,7 @@ static const ST_KAT_PARAM dsa_key[] = { + ST_KAT_PARAM_END() + }; + #endif /* OPENSSL_NO_DSA */ ++#endif + + /* Hash DRBG inputs for signature KATs */ + static const unsigned char sig_kat_entropyin[] = { +@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + }, + # endif + #endif /* OPENSSL_NO_EC */ ++#if 0 + #ifndef OPENSSL_NO_DSA + { + OSSL_SELF_TEST_DESC_SIGN_DSA, +@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { + ITM(dsa_expected_sig) + }, + #endif /* OPENSSL_NO_DSA */ ++#endif + }; + + static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index d4261e8f7d..2a5504d104 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -689,6 +689,19 @@ static int rsa_verify_recover(void *vprsactx, + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + int ret; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +@@ -777,6 +790,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t rslen; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index a5e60e8839..f9af07d12b 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) + ctx->disabled_mkey_mask = 0; + ctx->disabled_auth_mask = 0; + ++ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) ++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; ++ + /* + * We ignore any errors from the fetches below. They are expected to fail + * if theose algorithms are not available. +diff --git a/test/acvp_test.c b/test/acvp_test.c +index fee880d441..13d7a0ea8b 100644 +--- a/test/acvp_test.c ++++ b/test/acvp_test.c +@@ -1476,6 +1476,7 @@ int setup_tests(void) + OSSL_NELEM(dh_safe_prime_keyver_data)); + #endif /* OPENSSL_NO_DH */ + ++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ + #ifndef OPENSSL_NO_DSA + ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); + ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); +@@ -1483,6 +1484,7 @@ int setup_tests(void) + ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); + ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); + #endif /* OPENSSL_NO_DSA */ ++#endif + + #ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 9a437d8c64..53385028fc 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -1407,6 +1407,7 @@ int setup_tests(void) + * so no legacy tests. + */ + #endif ++ if (is_fips == 0) { + #ifndef OPENSSL_NO_DSA + ADD_TEST_SUITE(DSA); + ADD_TEST_SUITE_PARAMS(DSA); +@@ -1417,6 +1418,7 @@ int setup_tests(void) + ADD_TEST_SUITE_PROTECTED_PVK(DSA); + # endif + #endif ++ } + #ifndef OPENSSL_NO_EC + ADD_TEST_SUITE(EC); + ADD_TEST_SUITE_PARAMS(EC); +@@ -1431,10 +1433,12 @@ int setup_tests(void) + ADD_TEST_SUITE(ECExplicitTri2G); + ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); + # endif ++ if (is_fips == 0) { + ADD_TEST_SUITE(ED25519); + ADD_TEST_SUITE(ED448); + ADD_TEST_SUITE(X25519); + ADD_TEST_SUITE(X448); ++ } + /* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. +diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c +index 2448c35a14..a7913cda4c 100644 +--- a/test/evp_libctx_test.c ++++ b/test/evp_libctx_test.c +@@ -21,6 +21,7 @@ + */ + #include "internal/deprecated.h" + #include ++#include + #include + #include + #include +@@ -726,7 +727,9 @@ int setup_tests(void) + return 0; + + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) +- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); ++ } + #endif + #ifndef OPENSSL_NO_DH + ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); +@@ -746,7 +749,9 @@ int setup_tests(void) + ADD_TEST(kem_invalid_keytype); + #endif + #ifndef OPENSSL_NO_DES +- ADD_TEST(test_cipher_tdes_randkey); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_TEST(test_cipher_tdes_randkey); ++ } + #endif + return 1; + } +diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t +index b495b08bda..69bd299521 100644 +--- a/test/recipes/15-test_gendsa.t ++++ b/test/recipes/15-test_gendsa.t +@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); + plan skip_all => "This test is unsupported in a no-dsa build" + if disabled("dsa"); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; + + plan tests => + ($no_fips ? 0 : 2) # FIPS related tests +diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t +index 6d3c5ba1bb..2ba47b5fca 100644 +--- a/test/recipes/20-test_cli_fips.t ++++ b/test/recipes/20-test_cli_fips.t +@@ -273,8 +273,7 @@ SKIP: { + } + + SKIP : { +- skip "FIPS DSA tests because of no dsa in this build", 1 +- if disabled("dsa"); ++ skip "FIPS DSA tests because of no dsa in this build", 1; + + subtest DSA => sub { + my $testtext_prefix = 'DSA'; +diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t +index 9d7040ced2..f8beb538d4 100644 +--- a/test/recipes/30-test_evp.t ++++ b/test/recipes/30-test_evp.t +@@ -42,10 +42,8 @@ my @files = qw( + evpciph_aes_cts.txt + evpciph_aes_wrap.txt + evpciph_aes_stitched.txt +- evpciph_des3_common.txt + evpkdf_hkdf.txt + evpkdf_kbkdf_counter.txt +- evpkdf_kbkdf_kmac.txt + evpkdf_pbkdf1.txt + evpkdf_pbkdf2.txt + evpkdf_ss.txt +@@ -65,12 +63,6 @@ push @files, qw( + evppkey_ffdhe.txt + evppkey_dh.txt + ) unless $no_dh; +-push @files, qw( +- evpkdf_x942_des.txt +- evpmac_cmac_des.txt +- ) unless $no_des; +-push @files, qw(evppkey_dsa.txt) unless $no_dsa; +-push @files, qw(evppkey_ecx.txt) unless $no_ec; + push @files, qw( + evppkey_ecc.txt + evppkey_ecdh.txt +@@ -91,6 +83,7 @@ my @defltfiles = qw( + evpciph_cast5.txt + evpciph_chacha.txt + evpciph_des.txt ++ evpciph_des3_common.txt + evpciph_idea.txt + evpciph_rc2.txt + evpciph_rc4.txt +@@ -114,10 +107,17 @@ my @defltfiles = qw( + evpmd_whirlpool.txt + evppbe_scrypt.txt + evppbe_pkcs12.txt ++ evpkdf_kbkdf_kmac.txt + evppkey_kdf_scrypt.txt + evppkey_kdf_tls1_prf.txt + evppkey_rsa.txt + ); ++push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa; ++push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec; ++push @defltfiles, qw( ++ evpkdf_x942_des.txt ++ evpmac_cmac_des.txt ++ ) unless $no_des; + push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + +diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt +index 93195df97c..315413cd9b 100644 +--- a/test/recipes/30-test_evp_data/evpmac_common.txt ++++ b/test/recipes/30-test_evp_data/evpmac_common.txt +@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C + Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 + Result = MAC_INIT_ERROR + ++Availablein = default + Title = KMAC Tests (From NIST) + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +@@ -350,12 +351,14 @@ Ctrl = xof:0 + OutputSize = 32 + BlockSize = 168 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Custom = "My Tagged Application" + Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -363,6 +366,7 @@ Custom = "My Tagged Application" + Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC + OutputSize = 64 + BlockSize = 136 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 + Custom = "" + Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -386,12 +392,14 @@ Ctrl = size:64 + + Title = KMAC XOF Tests (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -399,6 +407,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F + XOF = 1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -414,6 +424,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -421,6 +432,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -431,6 +443,7 @@ XOF = 1 + + Title = KMAC long customisation string (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -441,12 +454,14 @@ XOF = 1 + + Title = KMAC XOF Tests via ctrl (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -454,6 +469,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F + Ctrl = xof:1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -469,6 +486,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -476,6 +494,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -486,6 +505,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string via ctrl (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -496,6 +516,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string negative test + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR + + Title = KMAC output is too large + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 40dd585c18..cbec426137 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content DER format, DSA key", ++ [ "signed content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, DSA key", ++ [ "signed detached content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, add RSA signer (with DSA existing)", ++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", +@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, DSA key", ++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], +@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = ( + \&zero_compare + ], + +- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( + + my @smime_cms_tests = ( + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", $smrsa1, +@@ -261,7 +261,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -371,7 +371,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "encrypted content test streaming PEM format, triple DES key", ++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index 50b74a1e29..e2dcb68fb5 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -436,7 +436,7 @@ sub testssl { + my @exkeys = (); + my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; + +- if (!$no_dsa) { ++ if (!$no_dsa && $provider ne "fips") { + push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; + } + +-- +2.41.0 + diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch new file mode 100644 index 0000000..06dda9a --- /dev/null +++ b/0047-FIPS-early-KATS.patch @@ -0,0 +1,57 @@ +From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 19 Oct 2023 13:12:40 +0200 +Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch + +Patch-name: 0047-FIPS-early-KATS.patch +Patch-id: 47 +Patch-status: | + # # Execute KATS before HMAC verification +From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 +--- + providers/fips/self_test.c | 22 ++++++++++------------ + 1 file changed, 10 insertions(+), 12 deletions(-) + +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index e3a629018a..3c09bd8638 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + if (ev == NULL) + goto end; + ++ /* ++ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements ++ */ ++ if (kats_already_passed == 0) { ++ if (!SELF_TEST_kats(ev, st->libctx)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); ++ goto end; ++ } ++ } ++ + module_checksum = fips_hmac_container; + checksum_len = sizeof(fips_hmac_container); + +@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + } + } + +- /* +- * Only runs the KAT's during installation OR on_demand(). +- * NOTE: If the installation option 'self_test_onload' is chosen then this +- * path will always be run, since kats_already_passed will always be 0. +- */ +- if (on_demand_test || kats_already_passed == 0) { +- if (!SELF_TEST_kats(ev, st->libctx)) { +- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); +- goto end; +- } +- } +- + /* Verify that the RNG has been restored properly */ + rng = ossl_rand_get0_private_noncreating(st->libctx); + if (rng != NULL) +-- +2.41.0 + diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch new file mode 100644 index 0000000..c70537a --- /dev/null +++ b/0049-Allow-disabling-of-SHA1-signatures.patch @@ -0,0 +1,525 @@ +From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 13:07:07 +0200 +Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch + +Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch +Patch-id: 49 +Patch-status: | + # Selectively disallow SHA1 signatures rhbz#2070977 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/context.c | 14 ++++ + crypto/evp/evp_cnf.c | 13 +++ + crypto/evp/m_sigver.c | 79 +++++++++++++++++++ + crypto/evp/pmeth_lib.c | 15 ++++ + doc/man5/config.pod | 13 +++ + include/crypto/context.h | 3 + + include/internal/cryptlib.h | 3 +- + include/internal/sslconf.h | 4 + + providers/common/securitycheck.c | 20 +++++ + providers/common/securitycheck_default.c | 9 ++- + providers/implementations/signature/dsa_sig.c | 11 ++- + .../implementations/signature/ecdsa_sig.c | 4 + + providers/implementations/signature/rsa_sig.c | 20 ++++- + ssl/t1_lib.c | 8 ++ + util/libcrypto.num | 2 + + 15 files changed, 209 insertions(+), 9 deletions(-) + +diff --git a/crypto/context.c b/crypto/context.c +index 51002ba79a..e697974c9d 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st { + void *fips_prov; + #endif + ++ void *legacy_digest_signatures; ++ + unsigned int ischild:1; + }; + +@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx) + goto err; + #endif + ++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx); ++ if (ctx->legacy_digest_signatures == NULL) ++ goto err; ++ + /* Low priority. */ + #ifndef FIPS_MODULE + ctx->child_provider = ossl_child_prov_ctx_new(ctx); +@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) + } + #endif + ++ if (ctx->legacy_digest_signatures != NULL) { ++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures); ++ ctx->legacy_digest_signatures = NULL; ++ } ++ + /* Low priority. */ + #ifndef FIPS_MODULE + if (ctx->child_provider != NULL) { +@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) + return ctx->fips_prov; + #endif + ++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX: ++ return ctx->legacy_digest_signatures; ++ + default: + return NULL; + } +diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c +index 0e7fe64cf9..b9d3b6d226 100644 +--- a/crypto/evp/evp_cnf.c ++++ b/crypto/evp/evp_cnf.c +@@ -10,6 +10,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/sslconf.h" + #include + #include + #include +@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) + ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } ++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { ++ int m; ++ ++ /* Detailed error already reported. */ ++ if (!X509V3_get_value_bool(oval, &m)) ++ return 0; ++ ++ if (!ossl_ctx_legacy_digest_signatures_allowed_set( ++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); ++ return 0; ++ } + } else { + ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, + "name=%s, value=%s", oval->name, oval->value); +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index 630d339c35..6e4e9f5ae7 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -15,6 +15,73 @@ + #include "internal/provider.h" + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" ++#include "crypto/context.h" ++ ++typedef struct ossl_legacy_digest_signatures_st { ++ int allowed; ++} OSSL_LEGACY_DIGEST_SIGNATURES; ++ ++void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; ++ ++ if (ldsigs != NULL) { ++ OPENSSL_free(ldsigs); ++ } ++} ++ ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ ldsigs->allowed = 1; ++ return ldsigs; ++} ++ ++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( ++ OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++#ifndef FIPS_MODULE ++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) ++ return NULL; ++#endif ++ ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX); ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++#ifndef FIPS_MODULE ++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) ++ /* used in tests */ ++ return 1; ++#endif ++ ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ return ldsigs != NULL ? ldsigs->allowed : 1; ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++ if (ldsigs == NULL) { ++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ ldsigs->allowed = allow; ++ return 1; ++} + + #ifndef FIPS_MODULE + +@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + } + } + ++ if (ctx->reqdigest != NULL ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(ctx->reqdigest); ++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) ++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ goto err; ++ } ++ } ++ + if (ver) { + if (signature->digest_verify_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index ce6e1a1ccb..003926247b 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -33,6 +33,7 @@ + #include "internal/ffc.h" + #include "internal/numbers.h" + #include "internal/provider.h" ++#include "internal/sslconf.h" + #include "evp_local.h" + + #ifndef FIPS_MODULE +@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, + return -2; + } + ++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) ++ && md != NULL ++ && ctx->pkey != NULL ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ return -1; ++ } ++ } ++ + if (fallback) + return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); + +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index bd05736220..ed34ff4b9c 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -304,6 +304,19 @@ Within the algorithm properties section, the following names have meaning: + The value may be anything that is acceptable as a property query + string for EVP_set_default_properties(). + ++=item B ++ ++The value is a boolean that can be B or B. If the value is not set, ++it behaves as if it was set to B. ++ ++When set to B, any attempt to create or verify a signature with a SHA1 ++digest will fail. To test whether your software will work with future versions ++of OpenSSL, set this option to B. This setting also affects TLS, where ++signature algorithms that use SHA1 as digest will no longer be supported if ++this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as ++pseudorandom function (PRF) to derive key material, disabling ++B requires the use of TLS 1.2 or newer. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff --git a/include/crypto/context.h b/include/crypto/context.h +index cc06c71be8..e9f74a414d 100644 +--- a/include/crypto/context.h ++++ b/include/crypto/context.h +@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); + void ossl_thread_event_ctx_free(void *); + void ossl_fips_prov_ossl_ctx_free(void *); + void ossl_release_default_drbg_ctx(void); ++ ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); ++void ossl_ctx_legacy_digest_signatures_free(void *); +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index ac50eb3bbd..3b115cc7df 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { + # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 + # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 + # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +-# define OSSL_LIB_CTX_MAX_INDEXES 19 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19 ++# define OSSL_LIB_CTX_MAX_INDEXES 20 + + OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); +diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h +index fd7f7e3331..05464b0655 100644 +--- a/include/internal/sslconf.h ++++ b/include/internal/sslconf.h +@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); + void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + ++/* Methods to support disabling all signatures with legacy digests */ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig); + #endif +diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c +index 699ada7c52..e534ad0a5f 100644 +--- a/providers/common/securitycheck.c ++++ b/providers/common/securitycheck.c +@@ -19,6 +19,7 @@ + #include + #include + #include "prov/securitycheck.h" ++#include "internal/sslconf.h" + + /* + * FIPS requires a minimum security strength of 112 bits (for encryption or +@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, + mdnid = -1; /* disallowed by security checks */ + } + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ ++ if (mdnid == NID_sha1 && !sha1_allowed) ++ mdnid = -1; ++#endif ++ + return mdnid; + } + +@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) + if (ossl_securitycheck_enabled(ctx)) + return ossl_digest_get_approved_nid(md) != NID_undef; + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ return 0; ++ } ++#endif ++ + return 1; + } +diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c +index 246323493e..2ca7a59f39 100644 +--- a/providers/common/securitycheck_default.c ++++ b/providers/common/securitycheck_default.c +@@ -15,6 +15,7 @@ + #include + #include "prov/securitycheck.h" + #include "internal/nelem.h" ++#include "internal/sslconf.h" + + /* Disable the security checks in the default provider */ + int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) + } + + int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- ossl_unused int sha1_allowed) ++ int sha1_allowed) + { + int mdnid; ++ int ldsigs_allowed; + + static const OSSL_ITEM name_to_nid[] = { + { NID_md5, OSSL_DIGEST_NAME_MD5 }, +@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, + { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, + }; + +- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); ++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); + if (mdnid == NID_undef) + mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); ++ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) ++ mdnid = -1; + return mdnid; + } +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index 70d0ea5d24..3c482e0181 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + mdprops = ctx->propq; + + if (mdname != NULL) { +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + WPACKET pkt; + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, +- sha1_allowed); ++ int md_nid; + size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE ++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, ++ sha1_allowed); + + if (md == NULL || md_nid < 0) { + if (md == NULL) +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index ebeb30e002..c874f87bd5 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } ++#ifdef FIPS_MODULE + sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ sha1_allowed = 0; ++#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 2a5504d104..5f3a029566 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -25,6 +25,7 @@ + #include "internal/cryptlib.h" + #include "internal/nelem.h" + #include "internal/sizes.h" ++#include "internal/sslconf.h" + #include "crypto/rsa.h" + #include "prov/providercommon.h" + #include "prov/implementations.h" +@@ -33,6 +34,7 @@ + #include "prov/securitycheck.h" + + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 ++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 + + OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; +@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); ++ int md_nid; ++ size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); +- size_t mdname_len = strlen(mdname); + + if (md == NULL + || md_nid <= 0 +@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + prsactx->pad_mode = pad_mode; + + if (prsactx->md == NULL && pmdname == NULL +- && pad_mode == RSA_PKCS1_PSS_PADDING) ++ && pad_mode == RSA_PKCS1_PSS_PADDING) { + pmdname = RSA_DEFAULT_DIGEST_NAME; ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++ } ++#endif ++ } ++ + + if (pmgf1mdname != NULL + && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index e6f4bcc045..8bc550ea5b 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" + #include "internal/tlsgroups.h" +@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); + EVP_PKEY *tmpkey = EVP_PKEY_new(); + int ret = 0; ++ int ldsigs_allowed; + + if (cache == NULL || tmpkey == NULL) + goto err; + + ERR_set_mark(); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); + for (i = 0, lu = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + EVP_PKEY_CTX *pctx; +@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + cache[i].enabled = 0; + continue; + } ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && !ldsigs_allowed) { ++ cache[i].enabled = 0; ++ continue; ++ } + + if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { + cache[i].enabled = 0; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 9cb8a4dda2..feb660d030 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.41.0 + diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch deleted file mode 100644 index 253d31d..0000000 --- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch +++ /dev/null @@ -1,2124 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/doc/man7/EVP_KDF-KB.pod openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod ---- openssl-3.0.9/doc/man7/EVP_KDF-KB.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod 2023-05-31 16:36:53.079274882 +0200 -@@ -58,6 +58,13 @@ Set to B<0> to disable use of the option - (see SP800-108) that is placed between the Label and Context. - The default value of B<1> will be used if unspecified. - -+=item "r" (B) -+ -+Set the fixed value 'r', indicating the length of the counter in bits. -+ -+Supported values are B<8>, B<16>, B<24>, and B<32>. -+The default value of B<32> will be used if unspecified. -+ - =back - - Depending on whether mac is CMAC or HMAC, either digest or cipher is required -diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h ---- openssl-3.0.9/include/openssl/core_names.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 16:36:53.080274879 +0200 -@@ -217,6 +217,7 @@ extern "C" { - #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ - #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ - #define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ -+#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */ - #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" - #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" - #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/kbkdf.c openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c ---- openssl-3.0.9/providers/implementations/kdfs/kbkdf.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c 2023-05-31 16:36:53.081274876 +0200 -@@ -60,6 +60,7 @@ typedef struct { - EVP_MAC_CTX *ctx_init; - - /* Names are lowercased versions of those found in SP800-108. */ -+ int r; - unsigned char *ki; - size_t ki_len; - unsigned char *label; -@@ -100,6 +101,7 @@ static uint32_t be32(uint32_t host) - - static void init(KBKDF *ctx) - { -+ ctx->r = 32; - ctx->use_l = 1; - ctx->use_separator = 1; - } -@@ -152,7 +154,7 @@ static int derive(EVP_MAC_CTX *ctx_init, - size_t iv_len, unsigned char *label, size_t label_len, - unsigned char *context, size_t context_len, - unsigned char *k_i, size_t h, uint32_t l, int has_separator, -- unsigned char *ko, size_t ko_len) -+ unsigned char *ko, size_t ko_len, int r) - { - int ret = 0; - EVP_MAC_CTX *ctx = NULL; -@@ -186,7 +188,7 @@ static int derive(EVP_MAC_CTX *ctx_init, - if (mode == FEEDBACK && !EVP_MAC_update(ctx, k_i, k_i_len)) - goto done; - -- if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4) -+ if (!EVP_MAC_update(ctx, 4 - (r / 8) + (unsigned char *)&i, r / 8) - || !EVP_MAC_update(ctx, label, label_len) - || (has_separator && !EVP_MAC_update(ctx, &zero, 1)) - || !EVP_MAC_update(ctx, context, context_len) -@@ -217,6 +219,7 @@ static int kbkdf_derive(void *vctx, unsi - unsigned char *k_i = NULL; - uint32_t l = 0; - size_t h = 0; -+ uint64_t counter_max; - - if (!ossl_prov_is_running() || !kbkdf_set_ctx_params(ctx, params)) - return 0; -@@ -248,6 +251,15 @@ static int kbkdf_derive(void *vctx, unsi - goto done; - } - -+ if (ctx->mode == COUNTER) { -+ /* Fail if keylen is too large for r */ -+ counter_max = (uint64_t)1 << (uint64_t)ctx->r; -+ if ((uint64_t)(keylen / h) >= counter_max) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); -+ goto done; -+ } -+ } -+ - if (ctx->use_l != 0) - l = be32(keylen * 8); - -@@ -257,7 +269,7 @@ static int kbkdf_derive(void *vctx, unsi - - ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label, - ctx->label_len, ctx->context, ctx->context_len, k_i, h, l, -- ctx->use_separator, key, keylen); -+ ctx->use_separator, key, keylen, ctx->r); - done: - if (ret != 1) - OPENSSL_cleanse(key, keylen); -@@ -329,6 +341,17 @@ static int kbkdf_set_ctx_params(void *vc - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l)) - return 0; - -+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_R); -+ if (p != NULL) { -+ int new_r = 0; -+ -+ if (!OSSL_PARAM_get_int(p, &new_r)) -+ return 0; -+ if (new_r != 8 && new_r != 16 && new_r != 24 && new_r != 32) -+ return 0; -+ ctx->r = new_r; -+ } -+ - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator)) - return 0; -@@ -355,6 +378,7 @@ static const OSSL_PARAM *kbkdf_settable_ - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL), -+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_R, NULL), - OSSL_PARAM_END, - }; - return known_settable_ctx_params; -diff -rupN --no-dereference openssl-3.0.9/test/evp_kdf_test.c openssl-3.0.9-new/test/evp_kdf_test.c ---- openssl-3.0.9/test/evp_kdf_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/evp_kdf_test.c 2023-05-31 16:36:53.081274876 +0200 -@@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) - #endif - - static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key, -- size_t keylen, char *salt, char *info) -+ size_t keylen, char *salt, char *info, int *r) - { -- OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7); -+ OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8); - OSSL_PARAM *p = params; - - if (params == NULL) -@@ -1088,6 +1088,8 @@ static OSSL_PARAM *construct_kbkdf_param - OSSL_KDF_PARAM_SALT, salt, strlen(salt)); - *p++ = OSSL_PARAM_construct_octet_string( - OSSL_KDF_PARAM_INFO, info, strlen(info)); -+ *p++ = OSSL_PARAM_construct_int( -+ OSSL_KDF_PARAM_KBKDF_R, r); - *p = OSSL_PARAM_construct_end(); - - return params; -@@ -1100,8 +1102,9 @@ static int test_kdf_kbkdf_invalid_digest - OSSL_PARAM *params; - - static unsigned char key[] = {0x01}; -+ int r = 32; - -- params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1122,8 +1125,9 @@ static int test_kdf_kbkdf_invalid_mac(vo - OSSL_PARAM *params; - - static unsigned char key[] = {0x01}; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1137,6 +1141,30 @@ static int test_kdf_kbkdf_invalid_mac(vo - return ret; - } - -+static int test_kdf_kbkdf_invalid_r(void) -+{ -+ int ret; -+ EVP_KDF_CTX *kctx; -+ OSSL_PARAM *params; -+ -+ static unsigned char key[] = {0x01}; -+ int r = 31; -+ -+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); -+ if (!TEST_ptr(params)) -+ return 0; -+ -+ /* Negative test case - derive should fail */ -+ kctx = get_kdfbyname("KBKDF"); -+ ret = TEST_ptr(kctx) -+ && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); -+ -+ EVP_KDF_CTX_free(kctx); -+ OPENSSL_free(params); -+ return ret; -+} -+ -+ - static int test_kdf_kbkdf_empty_key(void) - { - int ret; -@@ -1145,8 +1173,9 @@ static int test_kdf_kbkdf_empty_key(void - - static unsigned char key[] = {0x01}; - unsigned char result[32] = { 0 }; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1169,8 +1198,9 @@ static int test_kdf_kbkdf_1byte_key(void - - static unsigned char key[] = {0x01}; - unsigned char result[32] = { 0 }; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1191,8 +1221,9 @@ static int test_kdf_kbkdf_zero_output_si - - static unsigned char key[] = {0x01}; - unsigned char result[32] = { 0 }; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1298,7 +1329,6 @@ static int test_kdf_kbkdf_8009_prf2(void - * Test vector taken from - * https://csrc.nist.gov/CSRC/media/Projects/ - * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip -- * Note: Only 32 bit counter is supported ([RLEN=32_BITS]) - */ - static int test_kdf_kbkdf_fixedinfo(void) - { -@@ -1636,6 +1666,7 @@ int setup_tests(void) - #endif - ADD_TEST(test_kdf_kbkdf_invalid_digest); - ADD_TEST(test_kdf_kbkdf_invalid_mac); -+ ADD_TEST(test_kdf_kbkdf_invalid_r); - ADD_TEST(test_kdf_kbkdf_zero_output_size); - ADD_TEST(test_kdf_kbkdf_empty_key); - ADD_TEST(test_kdf_kbkdf_1byte_key); -diff -rupN --no-dereference openssl-3.0.9/test/evp_test.c openssl-3.0.9-new/test/evp_test.c ---- openssl-3.0.9/test/evp_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/evp_test.c 2023-05-31 16:36:53.082274873 +0200 -@@ -2761,6 +2761,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV - TEST_info("skipping, '%s' is disabled", p); - t->skip = 1; - } -+ if (p != NULL -+ && (strcmp(name, "mac") == 0) -+ && is_mac_disabled(p)) { -+ TEST_info("skipping, '%s' is disabled", p); -+ t->skip = 1; -+ } - OPENSSL_free(name); - return 1; - } -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2023-05-31 16:36:53.083274870 +0200 -@@ -0,0 +1,1843 @@ -+# -+# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# Tests start with one of these keywords -+# Cipher Decrypt Derive Digest Encoding KDF MAC PBE -+# PrivPubKeyPair Sign Verify VerifyRecover -+# and continue until a blank line. Lines starting with a pound sign are ignored. -+ -+Title = KBKDF tests -+ -+# Test vectors taken from -+# https://csrc.nist.gov/CSRC/media/Projects/ -+# Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:dff1e50ac0b69dc40f1051d46c2b069c -+Ctrl.hexinfo = hexinfo:c16e6e02c5a3dcc8d78b9ac1306877761310455b4e41469951d9e6c2245a064b33fd8c3b01203a7824485bf0a64060c4648b707d2607935699316ea5 -+Output = 8be8f0869b3c0ba97b71863d1b9f7813 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:682e814d872397eba71170a693514904 -+Ctrl.hexinfo = hexinfo:e323cdfa7873a0d72cd86ffb4468744f097db60498f7d0e3a43bafd2d1af675e4a88338723b1236199705357c47bf1d89b2f4617a340980e6331625c -+Output = dac9b6ca405749cfb065a0f1e42c7c4224d3d5db32fdafe9dee6ca193316f2c7 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:7aa9973481d560f3be217ac3341144d8 -+Ctrl.hexinfo = hexinfo:46f88b5af7fb9e29262dd4e010143a0a9c465c627450ec74ab7251889529193e995c4b56ff55bc2fc8992a0df1ee8056f6816b7614fba4c12d3be1a5 -+Output = 1746ae4f09903f74bfbe1b8ae2b79d74576a3b09 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:e91e0d06ab23a4e495bbcc430efddcaf -+Ctrl.hexinfo = hexinfo:24acb8e9227b180f2ccebea48051cbdbcd1be2bf94400d1e92945fe9b887585a295f46c469036107697813a3e12c45ae2ffde9a940f8f8c181018a93 -+Output = e81ef2483729d4165aaa4866c17f26496e6c6924e2fe34f608efef0c35835f86df29a1e19ce166a8 -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:30ec5f6fa1def33cff008178c4454211 -+Ctrl.hexinfo = hexinfo:c95e7b1d4f2570259abfc05bb00730f0284c3bb9a61d07259848a1cb57c81d8a6c3382c500bf801dfc8f70726b082cf4c3fa34386c1e7bf0e5471438 -+Output = 00018fff9574994f5c4457f461c7a67e -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:145c9e9365041f075ebde8ce26aa2149 -+Ctrl.hexinfo = hexinfo:0d39b1c9c34d95b5b521971828c81d9f2dbdbc4af2ddd14f628721117e5c39faa030522b93cc07beb8f142fe36f674942453ec5518ca46c3e6842a73 -+Output = 8a204ce7eab882fae3e2b8317fe431dba16dabb8fe5235525e7b61135e1b3c16 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:6f3f8cbf40d2a694274cfa2eb2f265a3 -+Ctrl.hexinfo = hexinfo:e7b88baa4a2c22b3d78f41d509996c95468c8cb834b035dd5e09e0a455da254b8b5687a1433861751d2dd603f69b2d4ba4ae47776335d37c98b44b4b -+Output = d147f1c78121c583cbcb9d4b0d3767a357bd7232 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:5e534bea459e54c58a6942abfd4df8ab -+Ctrl.hexinfo = hexinfo:e9a5cc15d223aaa74abd122983b2a10512199b9cc87663fd8a62d417cef53770264fc51f683890fe42da2df7be0f60898c5b09d5c4932137b6b1e06e -+Output = 92480eb4860123ceda76f1e6bf2668520bea49ed72bb900ae50725bb8cfcdb733af1a9de71fe1af5 -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:ca1cf43e5ccd512cc719a2f9de41734c -+Ctrl.hexinfo = hexinfo:e3884ac963196f02ddd09fc04c20c88b60faa775b5ef6feb1faf8c5e098b5210e2b4e45d62cc0bf907fd68022ee7b15631b5c8daf903d99642c5b831 -+Output = 1cb2b12326cc5ec1eba248167f0efd58 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:1bfaf4cd6efd25a132e2a1d41b124465 -+Ctrl.hexinfo = hexinfo:b933cfbb223ea65ed0e8db822f83be64ee21d3b9ca1eb0bc32f9d77f145a3e4ed4e2cc72cb3d93ea44824ab81eefdf71bbdb62067e0eb34a79914e4f -+Output = 75f4d20c558d71646ec062d2ca75369a218cedb7104be3abf27026af003e98f3 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:80168f187848a68b0b82a7ef43b4eedc -+Ctrl.hexinfo = hexinfo:9357281df7665ae5ae961fe5f93a3124416cab3deb11583429c5e529af3fc71094aad560cbc279168fe1c3327787f91a414acfff063832bcd78ed1b5 -+Output = be4517c9e6de96929e655a08f5b6d5bb77364f85 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:26fa0e32e7e08f9b157ebae9f579710f -+Ctrl.hexinfo = hexinfo:ceab805efbe0c50a8aef62e59d95e7a54daa74ed86aa9b1ae8abf68b985b5af4b0ee150e83e6c063b59c7bf813ede9826af149237aed85b415898fa8 -+Output = f1d9138afcc3db6001eb54c4da567a5db3659fc0ed48e664a0408946bcee0742127c17cabf348c7a -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:c10b152e8c97b77e18704e0f0bd38305 -+Ctrl.hexinfo = hexinfo:98cd4cbbbebe15d17dc86e6dbad800a2dcbd64f7c7ad0e78e9cf94ffdba89d03e97eadf6c4f7b806caf52aa38f09d0eb71d71f497bcc6906b48d36c4 -+Output = 26faf61908ad9ee881b8305c221db53f -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:695f1b1a16c949cea51cdf2554ec9d42 -+Ctrl.hexinfo = hexinfo:4fce5942832a390aa1cbe8a0bf9d202cb799e986c9d6b51f45e4d597a6b57f06a4ebfec6467335d116b7f5f9c5b954062f661820f5db2a5bbb3e0625 -+Output = d34b601ec18c34dfa0f9e0b7523e218bdddb9befe8d08b6c0202d75ace0dba89 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:b523ae21fc36bc58cc46e5a3cda97493 -+Ctrl.hexinfo = hexinfo:8dbe6d4d9b09b2eabd165b6e6e97e3bc782f8335cb1ea04ad0403affd88a5071db5f36ce2e84ab296261730b2226a9189d867991fbd4ff86f43a3cfb -+Output = 530211df01975dd6c08064c34105f88a6007f2b2 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:b2fcf854b1029888aeb0274ca09bb21a -+Ctrl.hexinfo = hexinfo:a6b84baae7a6ceb1d63ed704757500c510c0a8bdc22d2f42af09f79c815f37f33b67dad0b30f428fc1e2d355f7f91f65acbedd2fdd5b8c38dd890407 -+Output = fe4c2c0242c5a295c008aeb87ae0815171de6173773292347f4f5ec07185c3f860b5667c199aad55 -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:53d1705caab7b06886e2dbb53eea349aa7419a034e2d92b9 -+Ctrl.hexinfo = hexinfo:b120f7ce30235784664deae3c40723ca0539b4521b9aece43501366cc5df1d9ea163c602702d0974665277c8a7f6a057733d66f928eb7548cf43e374 -+Output = eae32661a323f6d06d0116bb739bd76a -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:d10046bb18c3f363e87f4e57b961b294d4edf2ca91dc3e38 -+Ctrl.hexinfo = hexinfo:2d043069de979bffb1be38a3cef2869dc07d5d3e99bde2e2204f10138081743f423f0c0b1aec0735a25bc61a8e2936dec6a25bb0ae105ab46caf8a2a -+Output = 8991a58882a0488bb5478996f2893989adb66d08d5030ad90f6ce5fdfca7754b -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:bf0abb70098d6c203074f1bce3d7468116cd1e5e8e618f20 -+Ctrl.hexinfo = hexinfo:d9ce030a48668ada6c67a2ac163515ec22383c4b5332e18d06901bacbb63dd649c683cfd4fee2f33346817b23cb4c734060a1c727b0c72c12448f4f9 -+Output = ecd1eef152b5835376f1a4324cd968bcb0cf850a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:8725918ca07ad8e108473e5ffdf43eb1cf5c44baf0bd1cec -+Ctrl.hexinfo = hexinfo:f4a57b84a881cf282aac5402cfa8fc4ede0db6f8e902d5c0c41c4712077306484e626e3ffc4129d9b43b46cbb6c53d2838a811dc8aedad7253cf94d4 -+Output = 5a795fd0d7661968c478860b526cca40eb8702083fdbff3ff8adfa697e795398ca7106bc950fbb45 -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:d7e8eefc503a39e70d931f16645958ad06fb789f0cbc518b -+Ctrl.hexinfo = hexinfo:b10ea2d67904a8b3b7ce5eef7d9ee49768e8deb3506ee74a2ad8dd8661146fde74137a8f6dfc69a370945d15335e0d6403fa029da19d34140c7e3da0 -+Output = 95278b8883852f6676c587507b0aa162 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:5e6695d7c3f5b156c7b457c8c2b801ba2ae30c9c8a36ee61 -+Ctrl.hexinfo = hexinfo:1406756f40efb8e29d5455d2da4bf1993b3c3901d67ec90934895f5de7845f573ae8a0dc8a6ad77d80da29e81329440d61d63dda8eaa7851bc7a172d -+Output = 72046d5eed909f6ab25810ead446ace7422fd87e6bd496ff2e84b115b8e0d27e -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:e3b88f40c9974410955820a8f8392701e9c67cc6efd3b0ff -+Ctrl.hexinfo = hexinfo:a520f36b6b60dfce34dc1d1f6b16132efa82566efa49f3140113fbc59e309c40db42962c06123721f122f433fa417ce3319bca9c58b4184fd8c7be8f -+Output = 134b6236a80c257591cc1437ab007b3fa4bd7191 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:51574d47f2f1d202a30252823b52ba7858b729d5ed4c92f7 -+Ctrl.hexinfo = hexinfo:0819c17dd3f9a68493a958c46152d04ba450043908a0016b99cc124d5e75b0d11e7c26f27365609c110eee7f8baa88a7d99fecc690e617150f93bd6c -+Output = c46db4cd822e9841408fba79932d6c748bc7ab17421ed1ad188aed327c2a0d694e380c0cade8b37f -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:f7c1e0682a12f1f17d23dc8af5c463b8aa28f87ed82fad22 -+Ctrl.hexinfo = hexinfo:890ec4966a8ac3fd635bd264a4c726c87341611c6e282766b7ffe621080d0c00ac9cf8e2784a80166303505f820b2a309e9c3a463d2e3fd4814e3af5 -+Output = a71b0cbe30331fdbb63f8d51249ae50b -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:3eeed1560e17aaffe9f6ca9d81815b89a6879a56ebe4182a -+Ctrl.hexinfo = hexinfo:a643378a557af69ce2c606bc623a04b568a848207534d25bfa22664f9148997a6b4c00f4624b5100b4eb01857240b119876c3a86c1e8b02335475939 -+Output = 8a1dc0f616353bf3ecf5553d7a7651e9ea6d884a32172d3391ad342bfaf60785 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:c984c3f65cdc32e7503678764a9e84292a1f50e335167a36 -+Ctrl.hexinfo = hexinfo:0061cd40f9eef84d6c8b04e0142d70aa50d4690e0a1de8e3ff5f5cea10cd2d28281eb1df90c519b8b51f7aa0d63a313ebbf80538b54dd11a66115be6 -+Output = afe93ae91930261344e30ef9e1718e76f74225d9 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:993305e59f34a94f62931fd7662bb5b73c77d8d4bc6a33ba -+Ctrl.hexinfo = hexinfo:fcceb2d7ac6a68717c2490ec95bebea484c4930d156683c43164dc53bff0bafcbfb31e920109927ef08e12f66f258b6f8ba284908faee7d3376e1bac -+Output = 40e358cfdeee0286d152fcb4626ff22e67eea3b65d8750a273001b67645804cbf613832201b0a9ba -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:f4267280cb8667c2cf82bb37f389da6391f58cc74deba0cc -+Ctrl.hexinfo = hexinfo:34abbc9f7b12622309a827de5abfdd51fb5bb824838fcde88ca7bc5f3953abdcb445147f13e809e294f75e6d4e3f13b66e47f2dfc881ed392e3a1bf6 -+Output = 2d1b4b5694b6741b2ed9c02c05474225 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dc866a038c4f78f22d46caca65892bcdb15c1eb49b275827 -+Ctrl.hexinfo = hexinfo:b4a123bad4890c7a791f5e192bd8b6e9c8c3620329f99249f11e1eb517a5b27b9e5b047a6591b45f6fff53e6d04b32d82e052af2eb8519bd21c10f93 -+Output = 731a2e23ab2e58551490254041ee8fabd9c5a1918d76307f1048535be0763b20 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dd5e0f1a30b0b722b00626ee663df29601af58082708e18c -+Ctrl.hexinfo = hexinfo:b7c6eb48c80b071080fd07a827d0bfdc781599862084f7ffd968a4cbff0be9a6adef5ea206aa8af4d8a85705953e33cd7c4cbb69969c73698f54c6b8 -+Output = 84e1ca286776cda0784c4fc48b054384ca565d17 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:d64c598436507f4d05d7ebe780092996f281901dc9c8612f -+Ctrl.hexinfo = hexinfo:0ea737cfca2560856917f3a2ff5e2175930d0719bba85a9c8d8cb311a0a1b8caf8ffe03e9a86ab17046670011c9fec5c5cd697d9cd931f615cdfe649 -+Output = 3c26968bd3997c653f79bb725c36d784b590d18a64678cf312abe8a57b2891c27282e37b6a49cd73 -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:aeb7201d055f754212b3e497bd0b25789a49e51da9f363df414a0f80e6f4e42c -+Ctrl.hexinfo = hexinfo:11ec30761780d4c44acb1f26ca1eb770f87c0e74505e15b7e456b019ce0c38103c4d14afa1de71d340db51410596627512cf199fffa20ef8c5f4841e -+Output = 2a9e2fe078bd4f5d3076d14d46f39fb2 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:5402c978955128558789bee7b571465174a60582a7640037387f99ac16683173 -+Ctrl.hexinfo = hexinfo:5c7eb447481c2884a5398449eaecbb8b55f1f1981ba0fd187818d8b3581b430c3da52ab83d444e003625ff36fcbd160c67b18d85b6c9d00da1a15d15 -+Output = f22a4686abe599c2194d21fc9071ffceb023dd9b24c13f05a3d44cfc77fec44a -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:cac968a8ffd81c73948bdfb48bf8a29c1378517d3be294df9a8a80724075bdbd -+Ctrl.hexinfo = hexinfo:08817bcd560edf810aa004194c817e455fb66bbc3b84fef1d66df2d1cebb3403c24231fa822f130c5d8fe886217122dcab15cb725197bbcbeb8010f5 -+Output = 651c43e113b32026b204119af394301f0cb9831c -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:9debd1762a9643e967dbc174f2040e177b8053afb0829189a81fed94f8c365ee -+Ctrl.hexinfo = hexinfo:6c4e1e3fdd7f5c97d58bcdda792642cbd271d6968f6a8e368013d88763d0b306c832b7ab46b84d099596972d12220a4e9c81f82d6f5003d18b93c595 -+Output = 2518a44ea347e924b03a7b4c966ec4e4bd76c1456d09096be9387638c2737faeebba4e2b921b19db -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:4df60800bf8e2f6055c5ad6be43ee3deb54e2a445bc88a576e111b9f7f66756f -+Ctrl.hexinfo = hexinfo:962adcaf12764c87dad298dbd9ae234b1ff37fed24baee0649562d466a80c0dcf0a65f04fe5b477fd00db6767199fa4d1b26c68158c8e656e740ab4d -+Output = eca99d4894cdda31fe355b82059a845c -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:4c30b96d9beff5cc3c37527694eeec8207fae2c13ef295556919a7a46e5b90c1 -+Ctrl.hexinfo = hexinfo:86e1ad34bd7a998281a822129a23102f799812864cf5349f3f21cec7729f83ad8c8aa6517fafcc9521cde887686629048159ed3f15c01408984f547e -+Output = 815fe232e0e89f7eeaa87c3ba5007694a43c1577657ccb3018076c5a5c035d95 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:e508ce78aca2cc50c80a6cbdb2b178f8ee5e315dad71ddfa700eb6cf503239b3 -+Ctrl.hexinfo = hexinfo:28c47ddd23d349e3b30bf97975c5fa591f2158e001dae3faa154d93c615c89fc7449c901a2585e618f68a0b2cbd3f35f53424d5ea015cbf7e8e09f68 -+Output = 6bc69b4c11aa7c04ac3c03baa44daeac4a047992 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:ee0a0f88b3b441826264de7a31b890a66edf7c2a28d0286eab285846b586fb8e -+Ctrl.hexinfo = hexinfo:1ea9771ab763056260d885073e80e835e20e5d7ca9659fdf5dd3b7f2ae6286608f8bc7a6728e41346c55544942b1bf06642fb6a6738fb5b7f0128f9c -+Output = 5484f170b6602b505e9e6ccffccf2262b55c3554728244bba94daff0adbc619400b33f38013a2293 -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:1612a40daa7fce6c6788b3b71311188ffb850613fd81d0e87a891831348e2f28 -+Ctrl.hexinfo = hexinfo:1696438fcdf9a85284759b2604b64d7ea76199514709e711ecde5a505b5f27ae38d154aba14322481ddc9fd9169364b991460a0c9a05c7fcb2d099c9 -+Output = d101f4f2b5e239bae881cb488995bd52 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:77b50e24b859725d1cab531c885a6e60e7d5b0432f37408185ae688dffa5f6a5 -+Ctrl.hexinfo = hexinfo:0b2c907499cddaa1fcfb02002ab8b9756c5f1f9fea482d79b8a6aa9fa2fb48e69df94dca4cb6f2e90a462678279ddaacc482fdd76581996b43974a22 -+Output = c2a02b3743d506cdc1a41d4c2ae4c67610c5d607df0c26cbf7f4fe2198cb35f1 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:18a5c3e669967b42e9a29bad8fe86699f2b5d496ff767cd3171d1c7195ecef59 -+Ctrl.hexinfo = hexinfo:33231c50326592c25ec3eee2c61a3ad4c8a23c098dd83eafe5db411d0948eb122bb6eb7a1d04d2dbcd0b98d0b70b7ff305bb3ef6ac9d4e8e3f7ecd4f -+Output = e80afb5cd274cb5fa4952aa95177ae83337f4c8f -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:0b589e556b7583f0fa9144868603b59262f457dee1e887ffc0e39968218959b9 -+Ctrl.hexinfo = hexinfo:1b95b940e0b950a58f09ea09941b80852cb29838940bb146dc3db0ddcd87f72ee28813c09fcef773e95438c0ed3dbcf29e78de0c78377561c5869d5f -+Output = 260aef65eefd58816fe1a77120d047548b00c475c25178a2a33d4c801d49e8a0fb830513d0b3ff17 -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:d0b1b3b70b2393c48ca05159e7e28cbeadea93f28a7cdae964e5136070c45d5c -+Ctrl.hexinfo = hexinfo:dd2f151a3f173492a6fbbb602189d51ddf8ef79fc8e96b8fcbe6dabe73a35b48104f9dff2d63d48786d2b3af177091d646a9efae005bdfacb61a1214 -+Output = 8c449fb474d1c1d4d2a33827103b656a -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:d54b6fd94f7cf98fd955517f937e9927f9536caebe148fba1818c1ba46bba3a4 -+Ctrl.hexinfo = hexinfo:94c4a0c69526196c1377cebf0a2ae0fb4b57797c61bea8eeb0518ca08652d14a5e1bd1b116b1794ac8a476acbdbbcd4f6142d7b8515bad09ec72f7af -+Output = 2e1efed4aef3fdd324e098c0a07c0d97f8fd2c748a996ce29861ca042474daea -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:99f212241a343c1c8c2104ca6d28062413d985c21e6bba27fde0c622e2e4e6b7 -+Ctrl.hexinfo = hexinfo:af8dc1cb7d1f82ca834628c20f0fc81920eb3ff3f75d3f4e3000593e9c15872479711d99d1b7be794f58d80a31bb112219dc16e6354111ab1161e21d -+Output = 7f778c625bf0d083169a51584f6683f24af7c35e -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dabde95d751ff1c132bd49f80f4ee347bf39218cf8bfec61bc3ad865d9aa1182 -+Ctrl.hexinfo = hexinfo:55da554307ed756764d4e97febb77ce85391b53225ee09417ad57def48ead090e3d1e7c2ed04f02462a6324ea0163b18f86201c69db27fd50b4c42c5 -+Output = 5cc29221cfa6f3a4ded7afeef5a59c05bac787fc5e98a35ee0c96ba582b05c42f758966566084f69 -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:00a39bd547fb88b2d98727cf64c195c61e1cad6c -+Ctrl.hexinfo = hexinfo:98132c1ffaf59ae5cbc0a3133d84c551bb97e0c75ecaddfc30056f6876f59803009bffc7d75c4ed46f40b8f80426750d15bc1ddb14ac5dcb69a68242 -+Output = 0611e1903609b47ad7a5fc2c82e47702 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:1ee222f5cdd60b0ae956eeeaa838c51bd767672c -+Ctrl.hexinfo = hexinfo:4b10500ba5c9391da83d2ef78d01bcdccda32ff6f242960323324474b9d0685d99dc9143ac6d667a5b46dcc89784b3a4af7a7684b01efee41b144f48 -+Output = 806e342013853083a3f7294c63a9ec9a6dba75b256c62fac1e480ef26276cd4b -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:0e71d9e9c9e951978ada75c831d627dd5d3b4c59 -+Ctrl.hexinfo = hexinfo:08b6f69698e8eb6c8c63953abd3538531d722cc4e9ca7ffcb68abba4dd4b027b3787efa107902ace8abb54549bede4ffdadabec3f282865b2166d46e -+Output = 86137b96ec15b7954fdc5df8d371ee2d8016e97a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:f0e5ad280b3465e719afdf86377bbcda59f5c59b -+Ctrl.hexinfo = hexinfo:231b6d83f0194499f27848108fd1fcdcf9520e67522cf54486fb919a839532d165019388242ce373a89ce644d7818e7415f5730a0b743595ab19add4 -+Output = 9a9ddd19818bb085d24e48ee99d6e628235a422fb2ae383282b7bbbf0e5f5edf42d7237b8ed6aa1d -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:a510fe5ad1640d345a6dbba65d629c2a2fedd1ae -+Ctrl.hexinfo = hexinfo:9953de43418a85aa8db2278a1e380e83fb1e47744d902e8f0d1b3053f185bbcc734d12f219576e75477d7f7b799b7afed1a4847730be8fd2ef3f342e -+Output = c00707a18c57acdb84f17ef05a322da2 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:abec6c894ae9df32e5afdf5d06a0434e8940ca71 -+Ctrl.hexinfo = hexinfo:9a6574a0ea1123ab9580906f8a2c4a0ecba9a8a84079c37a6e283ad4d4e957c3d16db66ae4be99e688b221c359a8dd2505868beb6a49fd7ce6c35df4 -+Output = 5b37675aec199c7d08435ef6321cf6235c12453a4530072d4a73ba0ad34634a5 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:df4e835a2f201a3d0f840eab38a18adf72adf9eb -+Ctrl.hexinfo = hexinfo:84c6ca541d24a8b419037b9657ee4e0d5ef96d8b198355940a30b09bf8784e81d3b93558de21c46f04aec4afd610c3b230d17473c80b47b5004955e7 -+Output = 1202915544844b1f913caab512c582735bf76fed -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:cbe1d2895640dcd1545e60e04ce9d995707ec539 -+Ctrl.hexinfo = hexinfo:c80d735ec5fd0bf811a4a71c55e99373f83f4111194ec24a8e9fe24ef03f56ed15b4e135e02488d96dba8c0d60c26592df55a492691cf3b7eced40d1 -+Output = 1fd5a183be95c2d909deed31d686417d5c08bb88e6f75b150df330c8e7703bb8ccdffacb3e9ee3ff -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:928c170199473291bf719a1985a13673afb8f298 -+Ctrl.hexinfo = hexinfo:f54388503cde2bf544db4c9510ff7a2759ba9b4e66da3baf41c90ce796d5ea7045bc27424afb03e137abfafe95158954c832090abdba02d86bab569d -+Output = 8c01160c72c925178d616a5c953df0a7 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:df7ecebec20e14be6db5d46af2769fe4e4ed689c -+Ctrl.hexinfo = hexinfo:308ec6953d4945f075d37932d5dd335c7de0d2e7899a8321724a50b52240191fcdf991520c47a25b04ce6eecc835e4265b623c68d687afc615f74ae5 -+Output = c2129eeb33ee6783b6b187e5ae884f8f5bd78ca224e5e01c04a68ecef376ea38 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:2539c58bba8ae61be8b867b767ad698eb1f52a0b -+Ctrl.hexinfo = hexinfo:9f6de21c93176f8814e9290a40149f749f946d376eb65f888eddcc4a24a58dbdbb3222fb53487e0abb08efff6d6a43511b18c40f489abe4013647273 -+Output = 20bc5ab8c27dd3f6f6fa5485f2eed8bd8b8b3d35 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:66002f224106971edc62a7c6957931b2097aabc3 -+Ctrl.hexinfo = hexinfo:f5fe599fac3bac5b10a4296b0783e2fc78cb498347ff3f74e2d9d230dfb6653e1a274e7bc37f0319eac2b0b48533b7be9d3633eed32101837ee460ff -+Output = c195b9139fee020eda70b8a161aef28474977412c0612afafe23b16b1594871548b5889b38e0cf2a -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:f7591733c856593565130975351954d0155abf3c -+Ctrl.hexinfo = hexinfo:8e347ef55d5f5e99eab6de706b51de7ce004f3882889e259ff4e5cff102167a5a4bd711578d4ce17dd9abe56e51c1f2df950e2fc812ec1b217ca08d6 -+Output = 34fe44b0d8c41b93f5fa64fb96f00e5b -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:c1efb8d25affc61ed060d994fcd5017c2adfc388 -+Ctrl.hexinfo = hexinfo:b92fc055057fec71b9c53e7c44872423a57ed186d6ba66d980fecd1253bf71479320b7bf38d505ef79ca4d62d78ca662642cdcedb99503ea04c1dbe8 -+Output = 8db784cf90b573b06f9b7c7dca63a1ea16d93ee7d70ff9d87fa2558e83dc4eaa -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:e02ba5d5c410e855bbd13f840124273e6b864237 -+Ctrl.hexinfo = hexinfo:b14e227b4438f973d671141c6246acdc794eee91bc7efd1d5ff02a7b8fb044009fb6f1f0f64f35365fb1098e1995a34f8b70a71ed0265ed17ae7ae40 -+Output = f077c2d5d36a658031c74ef5a66aa48b4456530a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:693adb9037184627ad300f176985bd379f388a95 -+Ctrl.hexinfo = hexinfo:7f09570c2d9304ec743ab845a8761c126c18f5cf72358eada2b5d1deb43dc6a0f4ff8f933bef7af0bcfacb33fa07f8ca04a06afe231835d5075996be -+Output = 52f55f51010e9bd78e4f58cab274ecafa561bd4e0f20da84f0303a1e5ff9bebc514361ec6df5c77e -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:7e2f7a5ab3e82ef927a005308456823da473787bf33d18a864aca63f -+Ctrl.hexinfo = hexinfo:b35695a6e23a765105b87756468d442a53a60cd4225186dc94221c06c5d6f1e98462135656ebca90468a939f29112b811413567d498df9867914d94c -+Output = 10ba5c6ea609da8fa8abe8be552c97a1 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:667f72fc660e32943de386af9670c78e975c838cae91dca97f4f8508 -+Ctrl.hexinfo = hexinfo:e713e8c38e92c8ba0f0791cc4a0d00c98d8dda8f3137a775104e7aa65b5f04fed12ee78a88262b2931717b7ac5624162fd5f0307f4faef038dcc210c -+Output = 835b343242a489249eec3cd56384ea2a5b295e29a4430fec2aae0c8b9fa36d20 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:3344fb80fd655b16f08c78150516cbbc009fbdf1b510905f9113d275 -+Ctrl.hexinfo = hexinfo:dc2aa42084d645baeb822c0c1d9b8e200737e9a2c7dcd922d8f056d6c02552295d95a488758919724207eebb4c21887f71b51a2a7ce98827cf7af4bb -+Output = e281d09a31c57d053f0c2f902792c8bbb9a0f443 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:eb9386450d7b2da5492da5b139cf4b0b951a5b0c7d40c22ae2c20677 -+Ctrl.hexinfo = hexinfo:bd8b73969e3e2d7a943b937c3bffe3a9199d1cf27e289bb10c3b88696a5ae36b3b868b4fc6a20ca93dd0b328f3351f71ce656bb558fa33c74741398d -+Output = bc902dfba79fb4084339b6666c7f72b9f47675229dc24ec61068bb05082717eead35647ff147d7de -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:093b2ce84c6175d1723fbe94b9ee963b6251d018fcf8c05c2e3e9b0b -+Ctrl.hexinfo = hexinfo:083e114aca1f97166551b03f27b135c0c802294aa4845a46170b26ec0549cb59c70a85557a3fc3a37d23eed6947d50f10c15baf5c52a7b918ca80bf5 -+Output = 94ced61c3665616d4a368f83a7283648 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:ffb5c9d920522477cb2ecf16ae1e075587b7598348e019df85ca3d43 -+Ctrl.hexinfo = hexinfo:252743519ab4e03f8bb0ed137e2d315aac5010b951645c7626c6f5a77c4a6c4e0b0b4030abf937141f7142bcd702678b15d2d4e8850e0570ec782c79 -+Output = 3d1813da0322201ed45ac2aaf3542843913bb32fd832a33a5dc94bad964bfe56 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:7f0ea811340cddbbf261d0260b0c98dec790133cffd2b04b8f8be2b1 -+Ctrl.hexinfo = hexinfo:0a744543acddf7d8c0a205372a0450e32631a33bb89ad2e3bb2d9766c248ab755fec152a6da866ef50baeab607d88e5177042056970013aa18f9fb1e -+Output = e55120e7848cf61254159e79c2ac47a9a906a73c -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:6e237178c4884e13470b6b4848b40389d9856311735da4eefa2f6f38 -+Ctrl.hexinfo = hexinfo:9cd9f9ad88471668f3b25515851fff63d3a886b8c6cf371eae159bab58f997b83eda5815567a142c4264978d8f24d24fe2d513c0eeaff983b86fdbd8 -+Output = 1e6638ea717338cfeb7dea373785c3c763bd5e509358e4940e9a4e4fd0a3e0347973858bc20243b8 -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:f09e65e8de7500847b43bd95e6c3506e01aadd484e9699b027897542 -+Ctrl.hexinfo = hexinfo:c20f6188517b2ca10086b9f7f8d6f2d38d66f24193c037008d035f361c6bd74db26aef588a87aa8a1c3cdad2ba0207f7e7b39def0df797c4cb3bf614 -+Output = 73d30c2af54744eb1efb70429f8e303a -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:6079eafeba179a915e194b14e12ffee1e2bad56a62077897a4654e4b -+Ctrl.hexinfo = hexinfo:87686603814d619107aabfab85b4c4fe38ae1a5c2a4d78df12119871b8a4f85d583e7d842ee15e7fe03f61dd02b10784838ed163dc67cca43586d628 -+Output = d888a21e1a698654fa46288509ae7a28dc7b05e6fc696a909451c2437097056b -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:2efe2905a1b7e1993da0316f2a747be1e91415ca1e6ad14d04341fee -+Ctrl.hexinfo = hexinfo:4d283c0f6d209379facd8a26aa889780863cf6a81893dc3bd2c928a7f8d922ced9c829bf627d2c556441d0d41a1eb00c0deea78349429de56a275f04 -+Output = ec162b6ff6413f5eae9336fd489fab538d042db8 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:0b15638489d3ac7729a7db82797754e7a7c8d52da0cf3638a27a1a9c -+Ctrl.hexinfo = hexinfo:90988848764dacc6eeba817e0b74086b1233bca9d573717b8e3dd3bd23a532aac7db8b196e4c4702f54cc71bb8882dc776b0317457803a632b429776 -+Output = 481293e1e621ad8bab5c9f5090594bb2507a1456ee8ffc30db159cb5b02d69110c3e5270880bf4a7 -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:f5cb7cc6207f5920dd60155ddb68c3fbbdf5104365305d2c1abcd311 -+Ctrl.hexinfo = hexinfo:4e5ac7539803da89581ee088c7d10235a10536360054b72b8e9f18f77c25af01019b290656b60428024ce01fccf49022d831941407e6bd27ff9e2d28 -+Output = 0adbaab43edd532b560a322c84ac540e -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:992815121d88ffb26c337606723c02ef317713086e2cfbbd37e1a167 -+Ctrl.hexinfo = hexinfo:152d974eb2719b9027d32054a327312361125959df9d96a1832e2056c2571d4f1cf45f6e8f6544c87f15861cef627d2f16e9b0b4ab799bb3362f4aae -+Output = 475eda3a32d569932e043db64dbf0e9bb0945b54dcdfa203be1a28524c147075 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:2eabb6b922c24326ef9ae3c192dfd341caf57efe15dd649772a2ac3b -+Ctrl.hexinfo = hexinfo:c75f6f5a1561aab39ea0e22702a6cf7dba3ca4dd9f046bb0abea2d3284168fd9fb39ff725523a660d21f8c2ade03d18d4273c52fb6f22c9e39d6bc2e -+Output = ae50acebe308a1cf1747b9b178a0720748fa5fe5 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:9b75e7fa216c884037c7d6953092ed335c4efd88ca57a742d6ac3221 -+Ctrl.hexinfo = hexinfo:12bea97865df99315259ff620302432ecafc9dce2619e87dfb4979410456a524434315dd3920e2b1aa1c79d5e07132a758a7b7b71ef10bcf1bb877f3 -+Output = 60071bd0ceea0fe0f879223b940d3de7dde02ca6858f8450fb9c0032e49f968ef9cd9b5703163dbc -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:3edc6b5b8f7aadbd713732b482b8f979286e1ea3b8f8f99c30c884cfe3349b83 -+Ctrl.hexinfo = hexinfo:98e9988bb4cc8b34d7922e1c68ad692ba2a1d9ae15149571675f17a77ad49e80c8d2a85e831a26445b1f0ff44d7084a17206b4896c8112daad18605a -+Output = 6c037652990674a07844732d0ad985f9 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:f109513435d72f14863660dfc027118e47e13995ad44a02415c9c8f63d38675c -+Ctrl.hexinfo = hexinfo:53696208d6f42909136a575010e135e142e31f631d72386a631cc704e5ad4049a889422cd6da7f1805e59a273c6f4fa986bc3082952fca658979f1b0 -+Output = 1aaf080fd51b37585ea464a9c617bc3ab859cc78cbe1f2d5d557148ee36821a0 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:6ed1b41a1fc2ca8c7e09d5bccc410661683ec29d41a0fd01dd820a2e824ff672 -+Ctrl.hexinfo = hexinfo:f6dc72adbd8ad4ea91259b61237a042a02546f37d58d933d3efadc54a5e1936a8faf70c33e707c473125bd5006b7dfa6883c04bf27cf53010e1d10bc -+Output = 4090ee711fa361f03267a6ff2a5ace977c8c1db5 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:63a657fb6c5bacb9a124d3e7db8bbb7d42bfdfaf8f04cb6359cd888c70669652 -+Ctrl.hexinfo = hexinfo:2697b6ec112cab4d6f1714c991c17d44fb36a0b6ef0b0f5451619ab248950f56f403215c78711aa563683ced05be7246f32574fa294f162dbbeb3dee -+Output = 1992e75756fa64734d5caecc5f6420fcb28b8b90421eee97dc8b6140ce18518405688bea489d2aaa -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:743434c930fe923c350ec202bef28b768cd6062cf233324e21a86c31f9406583 -+Ctrl.hexinfo = hexinfo:9bdb8a454bd55ab30ced3fd420fde6d946252c875bfe986ed34927c7f7f0b106dab9cc85b4c702804965eb24c37ad883a8f695587a7b6094d3335bbc -+Output = 19c8a56db1d2a9afb793dc96fbde4c31 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:365592398d23d31f2cac8bf6211f1ad5f52608efcdc5997b144ea6ded3866cf6 -+Ctrl.hexinfo = hexinfo:07dce524556d3f68d2d91d4c15c9c6212635e0df1aef54938490db46f98737064d6a5624d7f938c263af01e632c45d9fe7a871b67f7d4bf110796eb4 -+Output = 5624c6911dc1b08e090c8c95347adf17895b696aae211932cde3ec8227fcbea8 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:c104e187e344668997b7bd9c8cdf097320518dd7dbcb541c414418b55b58cbb2 -+Ctrl.hexinfo = hexinfo:32f6bd59840c61909f2f92f98f54bd238083577e33c3d071c1abe4c694bd87c1ad235eb9a2d272b3dc67c955574d5e6cad84615120476d6e7e04f51f -+Output = 1b5d9e60aa909aeb973e76d9bf6be208327bb096 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:d4349c26108719debacc04e166a09063ffb5e17bcbaf8738dc2618aa7d1e97ae -+Ctrl.hexinfo = hexinfo:da1f5ed45ead428689b0ecca9dbc2569e76953cda0df085499cca6d5949d8995e1e42bbdc94b0dd78c164867c364a64c894de85294ad89d267ff443d -+Output = 00550ae0f29a2373269af175e7f829ec32c3d05099a39f8c0e02caa00b68afb7457669334383ffb2 -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:388e93e0273e62f086f52f6f5369d9e4626d143dce3b6afc7caf2c6e7344276b -+Ctrl.hexinfo = hexinfo:697bb34b3fbe6853864cac3e1bc6c8c44a4335565479403d949fcbb5e2c1795f9a3849df743389d1a99fe75ef566e6227c591104122a6477dd8e8c8e -+Output = d697442b3dd51f96cae949586357b9a6 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:f5207566ad012002ae6f2b501f0c24180228345889c20616d043b868a76d015a -+Ctrl.hexinfo = hexinfo:f36dbc8d1dfda60d4ba05214f8773aaa9f01944150bca68812d0d8deb5492f3f68f09809ba5e8b89e9dca86c70f6f353b3d5f49ef27e2fd01cfa911d -+Output = 0faed440796a0685a24a1c5e1cacde566c7a1a4189885229251c6308a53c3f6e -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:e2758918edcf15d957a556055602d283dbdf9c95b6025a3cddf1eeac1e0ac889 -+Ctrl.hexinfo = hexinfo:eda2f792580d6129b43e7b89c661786a29ab502ec6198f4a2bec6d0ffca1a75b8807d4313e7bf769a94fbf4b41c4cc309358a211105312c05818d8f3 -+Output = 67e3273b2cfa4c663377f5841606679aee420dce -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:c9063598d6cf8660300073b5c25603baf3ade910c182deea15d8107d6f6be295 -+Ctrl.hexinfo = hexinfo:22d27eec90c2dd4ae5cf4a705abecfd781b9051ba512b048ea9499364b791e9cdf63215db43680dacffe6f19d77fc93f8a46d84dd52146389d9ec308 -+Output = f3a5b521b435a8c83eaf2d264b5b1a6dcc32c21b4897511203f97f01f2a691eef080b4cd7ca4fc38 -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dd1d91b7d90b2bd3138533ce92b272fbf8a369316aefe242e659cc0ae238afe0 -+Ctrl.hexinfo = hexinfo:01322b96b30acd197979444e468e1c5c6859bf1b1cf951b7e725303e237e46b864a145fab25e517b08f8683d0315bb2911d80a0e8aba17f3b413faac -+Output = 10621342bfb0fd40046c0e29f2cfdbf0 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:e204d6d466aad507ffaf6d6dab0a5b26152c9e21e764370464e360c8fbc765c6 -+Ctrl.hexinfo = hexinfo:7b03b98d9f94b899e591f3ef264b71b193fba7043c7e953cde23bc5384bc1a6293580115fae3495fd845dadbd02bd6455cf48d0f62b33e62364a3a80 -+Output = 770dfab6a6a4a4bee0257ff335213f78d8287b4fd537d5c1fffa956910e7c779 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dc60338d884eecb72975c603c27b360605011756c697c4fc388f5176ef81efb1 -+Ctrl.hexinfo = hexinfo:44d7aa08feba26093c14979c122c2437c3117b63b78841cd10a4bc5ed55c56586ad8986d55307dca1d198edcffbc516a8fbe6152aa428cdd800c062d -+Output = 29ac07dccf1f28d506cd623e6e3fc2fa255bd60b -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:c4bedbddb66493e7c7259a3bbbc25f8c7e0ca7fe284d92d431d9cd99a0d214ac -+Ctrl.hexinfo = hexinfo:1c69c54766791e315c2cc5c47ecd3ffab87d0d273dd920e70955814c220eacace6a5946542da3dfe24ff626b4897898cafb7db83bdff3c14fa46fd4b -+Output = 1da47638d6c9c4d04d74d4640bbd42ab814d9e8cc22f4326695239f96b0693f12d0dd1152cf44430 -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:0be1999848a7a14a555649048fcadf2f644304d163190dc9b23a21b80e3c8c373515d6267d9c5cfd31b560ffd6a2cd5c -+Ctrl.hexinfo = hexinfo:11340cfbdb40f20f84cac4b8455bdd76c730adcecd0484af9011bacd46e22ff2d87755dfb4d5ba7217c37cb83259bdbe0983cc716adc2e6c826ed53c -+Output = c2ea7454de25afb27065f4676a392385 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:218f47301a3adf39a4e1ddc25a1df2b7db53d7780c207f47ab4cefcaa960ed82cb6cbc34b97b4c332d52ca81cc40cb9a -+Ctrl.hexinfo = hexinfo:60dcb116d7cfd3cca7315c9dc7e9650f886b67d9fbcd98c226239a0f66eff075da23c6cb750a2129ae71b9582934f57423a815249cac2c61f958b35d -+Output = 26b01d94c4dd51a9c8b54f78647257f9e937a8d67dffa78f85749cdfb22db620 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:426c4facbacecb654555bc9843f9864a53e14c9a5e19600abf57b03cf8b6f825f71191eaaf3cfd70961314acbf1e6e29 -+Ctrl.hexinfo = hexinfo:d224dc52dd16bde3391fab24fa875b695d63215e182efa970537904f4cd1d7f929f87c17fa97bd490f10cfc3bb80353ea4a4bb403f79e18677c39d29 -+Output = 431c73810e9fe4f4982202f55eb5f0212f302142 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:522a72c006a6b77911915c78952dd61848725a4b0789b2cfce3b29d947d9faa145417740c0365bd81a860a600012543b -+Ctrl.hexinfo = hexinfo:4a3cd102c4b95fe193660c4c174f02c725207449b785edb8fa8c4404f01a25bef3238637d3bae370758332c678deb578322e031ec3970876600196d2 -+Output = 2f5d52226949aecfe6359561a5fdd87a843457019e24faacacedd34177cda6cba18cc78cc8c78cef -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:26ef897e4b617b597f766ec8d8ccf44c543e790a7d218f029dcb4a3695ae2caccce9d3e935f6741581f2f53e49cd46f8 -+Ctrl.hexinfo = hexinfo:bc2c728f9dc6db426dd4e85fdb493826a31fec0607644209f9bf2264b6401b5db3004c1a76aa08d93f08d3d9e2ba434b682e480004fb0d9271a8e8cd -+Output = a43d31f07f0ee484455ae11805803f60 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:269cce234dd4783067ceaa04a70deb1c9700acf705548495767c22f78493851ca9c699077a002874caacb760106016c6 -+Ctrl.hexinfo = hexinfo:f64bfb4bdaac81b5801d2f9f08bc2e4d009990b67290fd49b3730c3a145696447aceae6a82f7508a19c396a548c9c33d943dab82b2538c18b8eee871 -+Output = ab4182261c5d9c0d23a26477f14a507dd7f5e9550d04f48de29e644ed55f3406 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:ec71de96c9520386f9d11bebe474bae0c0549e2b2e8fda6b2336050ee3acbec38bc57d56e6422d3cd493ead69772a059 -+Ctrl.hexinfo = hexinfo:4313d1efba21dded84ce12bf80b1be54400619d3bb1987f18bf85400e335103969e77c819a5360cf1dd3f4addb6b8eec0199508c75adfe2cfc067dc8 -+Output = 8e37ecc86dcb5ee7cf48d8a07f06c47cdce624cc -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:afe2d3a4746792908aca8ece67ba8562382000b4e26122414b3ef2e120511bae68448955cf186be87caf69eaced47e87 -+Ctrl.hexinfo = hexinfo:1f6dd0b17fed7f479c4f62927291a95292a4e232441c30ffcaa1d347543e50db939360bb37976eacb911f76c38ad8cce12a0c263875bbcd7f6011ffd -+Output = 17b671ca433cea81384b03b69c26a55257085cdfa48e6d8529431464bd439a881de560294afb0073 -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:4fab4f1e3512b5f443ec31d2f6425d5f0fc13a5f82c83f72788a48a1bd499495ff18fb7acc0d4c1666c99db12e28f725 -+Ctrl.hexinfo = hexinfo:f0f010f99fbd8ec1bd0f23cd12bb41b2b8acb8713bb031f927e439f616e6ae27aed3f5582f8206893deea1204df125cedce35ce2b01b32bcefb388fd -+Output = c3c263b5aa6d0cfe5304a7c9d21a44ba -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:af3cd100d14dcb5e63f8915eced4b59477936c48e0e2b9232449a97d53d3eddf9e00bf44a8f2370c38a13434c13e0977 -+Ctrl.hexinfo = hexinfo:81f178f11615309844af84e163ff694f1936f7528aba6f0e60d41b4afac87e9dd48fbb5aebe534733f576950484aab15b386b468a055a1e0be8982c0 -+Output = 0b52be4ebd8b2116df895a42317ac78808993673c99da6391f0eee13cc8470fa -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:fc3ba84439d8b7ead37ac6c825e088fc80152788bbc9c68569213dd6189d5fd552c37ab73b3d53ee9809a485194fb3cd -+Ctrl.hexinfo = hexinfo:df5728d5d146898b68d8713aa8053d03db52b7227d502d3effcd51a22d52ecd9175a4b01d2f27ecfc8abf02c1dd80f5c90a5e01396c1107dddb02226 -+Output = 87ff36ca26778fcaf4f9209d38095c55c40f5e22 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:08d867a61b13cd8c79d3a1cbec3493925ece900e06993063bc0dfe0247cd059ba50a5fb6afc65ac469793817a1f2dfee -+Ctrl.hexinfo = hexinfo:af0c83a659267869bd7cde387bf1c29c9c0ff3c6cabf512c73fd671748e4e9e49218de9350fc0dde27839eb1e2878f900689abeb7b540c70203e5a95 -+Output = 3fef69d875b9b6047c33f295619f6e7c7125c875d55409500100f71bee6551d511327fbde607ac41 -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:216ed044769c4c3908188ece61601af8819c30f501d12995df608e06f5e0e607ab54f542ee2da41906dfdb4971f20f9d -+Ctrl.hexinfo = hexinfo:638e9506a2c7be69ea346b84629a010c0e225b7548f508162c89f29c1ddbfd70472c2b58e7dc8aa6a5b06602f1c8ed4948cda79c62708218e26ac0e2 -+Output = d4b144bb40c7cabed13963d7d4318e72 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:8fca201473433f2dc8f6ae51e48de1a5654ce687e711d2d65f0dc5da6fee9a6a3db9d8535d3e4455ab53d35850c88272 -+Ctrl.hexinfo = hexinfo:195bd88aa2d4211912334fe2fd9bd24522f7d9fb08e04747609bc34f2538089a9d28bbc70b2e1336c3643753cec6e5cd3f246caa915e3c3a6b94d3b6 -+Output = f51ac86b0f462388d189ed0197ef99c2ff3a65816d8442e5ea304397b98dd11f -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:bc3157b8932e88d1b1cf8e4622137010a242d3527b1d23d6d9c0db9cc9edfc20e5135de823977bf4defafae44d6cdab6 -+Ctrl.hexinfo = hexinfo:b42a8e43cc2d4e5c69ee5e4f6b19ff6b8071d26bab4dfe45650b92b1f47652d25162d4b61441d8448c54918ae568ae2fb53091c624dbfffacee51d88 -+Output = 91314bdf542162031643247d6507838eaba50f1a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:582f968a54b8797b9ea8c655b42e397adb73d773b1984b1e1c429cd597b8015d2f91d59e4136a9d523bf6491a4733c7a -+Ctrl.hexinfo = hexinfo:e6d3c193eff34e34f8b7b00e66565aeb01f63206bb27e27aa281592afc06ae1ec5b7eb97a39684ce773d7c3528f2667c1f5d428406e78ce4cf39f652 -+Output = 691726c111e5030b5f9657069107861ecc18bc5835a814c3d2e5092c901cb1fb6c1a7cd3eb0be2a7 -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:6ea2c385bb3e7bbafc2225cee1d3ee103ce300c1fdf033d0c1e99c57e6a596e037020838e857c0434040b58a5ca5410be672b888ef9955bdd54eb6a67416ff6a -+Ctrl.hexinfo = hexinfo:be119901ed8679b243508b97663f35da322774d7d2012d6557da6657c1176a115ebc73b0f1bfa1dba6b8c3b124f0a47cff2998b230c955b0ea809784 -+Output = e0755fa6f116ef7a8e8361f47fd57511 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:0ef984d7b4ee76f5c9e080b27f45ccab4ac2362c4cafa68198786b18e239d0f69ee62148373643ad9aa42474700348ef651fee9973130a42e76b7e7633eba1e9 -+Ctrl.hexinfo = hexinfo:56ece7c14c1fc5467f8316f3a931a7ddfa490969f442d7a132f3755809f6ca11dbc9c6493a541c244c32be6656e13ef2868cb79415b807b3882f00d2 -+Output = 19aa765affdd3cc7294b2c97e1bd5adc368523a3283c387d0719761e938f83db -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:a35728d4ec0d7e94019a45d52264e5cd63c7540c21e30a9882d8d531cbb510edaa78e42c03994c18d8efcf7f826a1a9fdbbbacc55c640e7b532cc08e0615a093 -+Ctrl.hexinfo = hexinfo:f501cc527bad6fe5d8e4f1f0f53d416ab17235f380f7e0d1c90dca18206af1fb1d977551e2e0e25c1fe41a8f825fbae2c07c94b768e98ad5ab8ddb2e -+Output = 54cf238101418ce050eee03aae0c39c4602ab838 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:baed493b0294c9a5dbbe4547a30f0602c6124cedb549b45cff0ee4f3689a7ae5b695e5ecdfebf611bba1174e5e3a8824383e555daef396dc58c2842f77d5a674 -+Ctrl.hexinfo = hexinfo:1371182cb0725416b1eccf4ac9fb20cf4e0f77e7d006a531e0ab2b2b46e0859473dad9dcae65ba5eb902228787dae19e735d002c919a4b74012f8904 -+Output = 09bb55c9f3cee604f4bc5544a802be8b02b34b99f7928ceee696221975f947905f1b5979d9d4c2a1 -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:bb0c55c7201ceb2e1369a6c49e2cdc1ae5e4cd1d64638105072c3a9172b2fa6a127c4d6d55132585fb2644b5ae3cf9d347875e0d0bf80945eaabef3b4319605e -+Ctrl.hexinfo = hexinfo:89bf925033f00635c100e2c88a98ad9f08cd6a002b934617d4ebfffc0fe9bca1d19bd942da3704da127c7493cc62c67f507c415e4cb67d7d0be70005 -+Output = 05efd62522beb9bfff6492ecd24501a7 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:393eb889e9c2f251b95aa147d53e4cd029fd0391110be9c6b2f8ba32857864847c448a9a591686de88da7486d0a0f0f8c927560fa8f79c30e66a7efaacaa638f -+Ctrl.hexinfo = hexinfo:116bf7f9e5eb884c86cd0d3a2b33d41de7735677e6bd727e83fbde5c8113de56bf84c9f80610db760ae2df73f4f0db9df0cc1655ea9bc98bb06beeda -+Output = 212e4e4057a6871e166e7563205833bc7f01e86c724b6a61166d9311c55b5044 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:eeec4383a808fae57f24a7a5eb6157cca66483a613590c89ed39f59617ea97fcfa7cdfc83ba8140fa0d8542263d6423a9bcca70e11addb7a646f194ff0878cac -+Ctrl.hexinfo = hexinfo:b2565a20171eef1eaa04728e6c369405b251062bbd0a2b9171c8c6fedf0ff783691db787f153bbf5167301808f768a03df0deec99f2b9efb90cab571 -+Output = 4f31b7bcd54c74d8a7d31aca187b8736f0a59db7 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:62690d8ef259d175911d8eb52a331af29a8e3b797c4b315a67fa5cd1b00e585b2f7d97341284d0fcaa15a080732f7958e3b33e938e730623d1e651dbea9b2233 -+Ctrl.hexinfo = hexinfo:266535b58de26ed62f936bc7147c8c3b31ee0c1bb92c5ef63699ac7225e01cec5afd2e6e39cf095882324c7dc94b0daa2befc50f790da0547d7c6184 -+Output = 9336a88737d9ae01b5c43be5789c8545689557aad295ea3c03d2a2e0143603365fea1656175c20bf -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:d10933b0683f6787c33eccea1c311b8444270504fb3980bfd56443ba4068722184c31541d9174f71068b7789440bc34cec456e115067f9c65a5f2883c6868204 -+Ctrl.hexinfo = hexinfo:dcb2ea8d715821d6393bd49a3e35f69a6c2519edb614f80fbc3f7ae1d65ff4a04c499e75d08819a09092ddaadba510e03cb2ac898804590dbd61fb7e -+Output = 876d73040d03d569e2fcae33b241d98e -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:44e6e9abd8572a19ba127dfa2ca6a1b53beaef8c19a1ec5b67f1f6f7919671cd80ade7ded7c0f096525936ef427b152339de915f024964ca9ea908a120e2553a -+Ctrl.hexinfo = hexinfo:c2884a0c3ea2ff5b0bc848698f49f2c59eff511d77caddba897dec7714a0984e54f330dd9e9fdca9c033dfbc36d3293eca0ce7601e316463966ad4fd -+Output = b294537440bec490953bf6e9a77c4510536916b84a5a2f45b5bf9f76666d8f12 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:a39131ca2f8df817ea2f155aac72d58a696d915b66b7cbe172a0f48a407aa8af0edbaea051eb027fe8fcc435cc7f160feeb57bd39a39d94104fe35167dac1aae -+Ctrl.hexinfo = hexinfo:52b6d1f6381fc3dd44baf1c9d36f0c313e58bf4fdb936b78103afdb90373079de90e4bb7d7089e65e0aef23f2a34df5198b8392aac705eb998c1f8cd -+Output = e707c910b4db3a648815fcad5ca7af18e5354c2e -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:af5a39f0303b11bca55584ce24162dabd1625aed14ce54f9e407866e03efb24b12a36e164f96faf36bc92a08acd194285107173fb84caef787672d6471028459 -+Ctrl.hexinfo = hexinfo:1cd84829b89d3149948967494aece985f1df3d7ec7735e8cc468bb3e6fdb50964d32dcde5521a82402577371047bf77e34714437e9d213561055b9db -+Output = a0e81b336a6f4ab395aada28314d8ba96b9216ae389b01aaec158e166239e554a217e69f603988fb -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dd5dbd45593ee2ac139748e7645b450f223d2ff297b73fd71cbcebe71d41653c950b88500de5322d99ef18dfdd30428294c4b3094f4c954334e593bd982ec614 -+Ctrl.hexinfo = hexinfo:b50b0c963c6b3034b8cf19cd3f5c4ebe4f4985af0c03e575db62e6fdf1ecfe4f28b95d7ce16df85843246e1557ce95bb26cc9a21974bbd2eb69e8355 -+Output = e5993bf9bd2aa1c45746042e12598155 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:5be2bf7f5e2527e15fe65cde4507d98ba55457006867de9e4f36645bcff4ca38754f92898b1c5544718102593b8c26d45d1fceaea27d97ede9de8b9ebfe88093 -+Ctrl.hexinfo = hexinfo:004b13c1f628cb7a00d9498937bf437b71fe196cc916c47d298fa296c6b86188073543bbc66b7535eb17b5cf43c37944b6ca1225298a9e563413e5bb -+Output = cee0c11be2d8110b808f738523e718447d785878bbb783fb081a055160590072 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:9dd03864a31aa4156ca7a12000f541680ce0a5f4775eef1088ac13368200b447a78d0bf14416a1d583c54b0f11200ff4a8983dd775ce9c0302d262483e300ae6 -+Ctrl.hexinfo = hexinfo:037369f142d669fca9e87e9f37ae8f2c8d506b753fdfe8a3b72f75cac1c50fa1f8620883b8dcb8dcc67adcc95e70aa624adb9fe1b2cb396692b0d2e8 -+Output = 96e8d1bc01dc95c0bf42c3c38fc54c090373ced4 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:a9f4a2c5af839867f5db5a1e520ab3cca72a166ca60de512fd7fe7e64cf94f92cf1d8b636175f293e003275e021018c3f0ede495997a505ec9a2afeb0495be57 -+Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f -+Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 -+ -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t ---- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-31 16:36:52.577276352 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 16:36:53.083274870 +0200 -@@ -44,6 +44,7 @@ my @files = qw( - evpciph_aes_stitched.txt - evpciph_des3_common.txt - evpkdf_hkdf.txt -+ evpkdf_kbkdf_counter.txt - evpkdf_pbkdf1.txt - evpkdf_pbkdf2.txt - evpkdf_ss.txt diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch new file mode 100644 index 0000000..256cdc8 --- /dev/null +++ b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch @@ -0,0 +1,221 @@ +From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Tue, 1 Mar 2022 15:44:18 +0100 +Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures = + yes + +NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1 +in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because +on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level +to 2. + +On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security +level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and +we want the legacy crypto policy to allow SHA-1 in TLS, the only option +to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is +SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to +allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which +will allow SHA-1 in OpenSSL 3). + +The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because +rh-allow-sha1-signatures will default to yes in Fedora (according to our +current plans including until F38), and the security level in the +DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the +default configuration. + +Related: rhbz#2055796 +Related: rhbz#2070977 +--- + crypto/x509/x509_vfy.c | 20 ++++++++++- + doc/man5/config.pod | 7 ++++ + ssl/t1_lib.c | 67 ++++++++++++++++++++++++++++------- + test/recipes/25-test_verify.t | 4 +-- + 4 files changed, 82 insertions(+), 16 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 2f175ca517..bf0c608839 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -25,6 +25,7 @@ + #include + #include + #include "internal/dane.h" ++#include "internal/sslconf.h" + #include "crypto/x509.h" + #include "x509_local.h" + +@@ -3441,14 +3442,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) + { + int secbits = -1; + int level = ctx->param->auth_level; ++ int nid; ++ OSSL_LIB_CTX *libctx = NULL; + + if (level <= 0) + return 1; + if (level > NUM_AUTH_LEVELS) + level = NUM_AUTH_LEVELS; + +- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) ++ if (ctx->libctx) ++ libctx = ctx->libctx; ++ else if (cert->libctx) ++ libctx = cert->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) + return 0; + ++ if ((nid == NID_sha1 || nid == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ctx->param->auth_level < 2) ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ return 1; ++ + return secbits >= minbits_table[level - 1]; + } +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index 0c9110d28a..e0516d20b8 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -309,6 +309,13 @@ this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as + pseudorandom function (PRF) to derive key material, disabling + B requires the use of TLS 1.2 or newer. + ++Note that enabling B will allow TLS signature ++algorithms that use SHA1 in security level 1, despite the definition of ++security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet. ++This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on ++Fedora without requiring to set the security level to 0, which would include ++further insecure algorithms, and thus restores support for TLS 1.0 and 1.1. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index dcd487ec2e..0b50266b69 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "crypto/x509.h" + #include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" +@@ -1561,19 +1562,28 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); + return 0; + } +- /* +- * Make sure security callback allows algorithm. For historical +- * reasons we have to pass the sigalg as a two byte char array. +- */ +- sigalgstr[0] = (sig >> 8) & 0xff; +- sigalgstr[1] = sig & 0xff; +- secbits = sigalg_security_bits(s->ctx, lu); +- if (secbits == 0 || +- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, +- md != NULL ? EVP_MD_get_type(md) : NID_undef, +- (void *)sigalgstr)) { +- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); +- return 0; ++ ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 2) { ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ } else { ++ /* ++ * Make sure security callback allows algorithm. For historical ++ * reasons we have to pass the sigalg as a two byte char array. ++ */ ++ sigalgstr[0] = (sig >> 8) & 0xff; ++ sigalgstr[1] = sig & 0xff; ++ secbits = sigalg_security_bits(s->ctx, lu); ++ if (secbits == 0 || ++ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, ++ md != NULL ? EVP_MD_get_type(md) : NID_undef, ++ (void *)sigalgstr)) { ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); ++ return 0; ++ } + } + /* Store the sigalg the peer uses */ + s->s3.tmp.peer_sigalg = lu; +@@ -2106,6 +2116,15 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) + } + } + ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 2) { ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ return 1; ++ } ++ + /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(s->ctx, lu); + sigalgstr[0] = (lu->sigalg >> 8) & 0xff; +@@ -2977,6 +2996,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) + { + /* Lookup signature algorithm digest */ + int secbits, nid, pknid; ++ OSSL_LIB_CTX *libctx = NULL; ++ + /* Don't check signature if self signed */ + if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) + return 1; +@@ -2985,6 +3006,26 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) + /* If digest NID not defined use signature NID */ + if (nid == NID_undef) + nid = pknid; ++ ++ if (x && x->libctx) ++ libctx = x->libctx; ++ else if (ctx && ctx->libctx) ++ libctx = ctx->libctx; ++ else if (s && s->ctx && s->ctx->libctx) ++ libctx = s->ctx->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if ((nid == NID_sha1 || nid == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ((s != NULL && SSL_get_security_level(s) < 2) ++ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) ++ )) ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ return 1; ++ + if (s) + return ssl_security(s, op, secbits, nid, x); + else +diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t +index 700bbd849c..280477bc9d 100644 +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -387,8 +387,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), + "CA with PSS signature using SHA256"); + +-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), +- "Reject PSS signature using SHA1 and auth level 1"); ++ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), ++ "Reject PSS signature using SHA1 and auth level 2"); + + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "PSS signature using SHA256 and auth level 2"); +-- +2.35.1 + diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch new file mode 100644 index 0000000..dac2172 --- /dev/null +++ b/0056-strcasecmp.patch @@ -0,0 +1,78 @@ +From 8545e0c4c38934fda47b701043dd5ce89c99fe81 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 25/35] 0056-strcasecmp.patch + +Patch-name: 0056-strcasecmp.patch +Patch-id: 56 +Patch-status: | + # https://github.com/openssl/openssl/pull/18103 + # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 + # so the patch should persist +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/o_str.c | 14 ++++++++++++-- + test/recipes/01-test_symbol_presence.t | 1 + + util/libcrypto.num | 2 ++ + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/crypto/o_str.c b/crypto/o_str.c +index 3354ce0927..95b9538471 100644 +--- a/crypto/o_str.c ++++ b/crypto/o_str.c +@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) + #endif + } + +-int OPENSSL_strcasecmp(const char *s1, const char *s2) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strcasecmp(const char *s1, const char *s2) + { + int t; + +@@ -352,7 +357,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2) + return t; + } + +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { + int t; + size_t i; +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 5530ade0ad..238a8d762e 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -77,6 +77,7 @@ foreach my $libname (@libnames) { + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; ++ s|\@.+$||; + # Return the result + $_ + } +diff --git a/util/libcrypto.num b/util/libcrypto.num +index feb660d030..639074c5d0 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5435,6 +5435,8 @@ EVP_MD_CTX_dup 5562 3_1_0 EXIST::FUNCTION: + EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.41.0 + diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch new file mode 100644 index 0000000..31cb772 --- /dev/null +++ b/0058-FIPS-limit-rsa-encrypt.patch @@ -0,0 +1,568 @@ +From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch + +Patch-name: 0058-FIPS-limit-rsa-encrypt.patch +Patch-id: 58 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + providers/common/securitycheck.c | 1 + + .../implementations/asymciphers/rsa_enc.c | 35 +++++++++++ + .../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++- + test/recipes/80-test_cms.t | 5 +- + test/recipes/80-test_ssl_old.t | 27 +++++++-- + 5 files changed, 118 insertions(+), 8 deletions(-) + +diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c +index e534ad0a5f..c017c658e5 100644 +--- a/providers/common/securitycheck.c ++++ b/providers/common/securitycheck.c +@@ -27,6 +27,7 @@ + * Set protect = 1 for encryption or signing operations, or 0 otherwise. See + * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. + */ ++/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */ + int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) + { + int protect = 0; +diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c +index d865968058..872967bcb3 100644 +--- a/providers/implementations/asymciphers/rsa_enc.c ++++ b/providers/implementations/asymciphers/rsa_enc.c +@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa, + return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); + } + ++# ifdef FIPS_MODULE ++static int fips_padding_allowed(const PROV_RSA_CTX *prsactx) ++{ ++ if (prsactx->pad_mode == RSA_PKCS1_PADDING || prsactx->pad_mode == RSA_NO_PADDING ++ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) ++ return 0; ++ ++ return 1; ++} ++# endif ++ + static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + size_t outsize, const unsigned char *in, size_t inlen) + { +@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + if (!ossl_prov_is_running()) + return 0; + ++# ifdef FIPS_MODULE ++ if (fips_padding_allowed(prsactx) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return 0; ++ } ++ ++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++# endif ++ + if (out == NULL) { + size_t len = RSA_size(prsactx->rsa); + +@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, + if (!ossl_prov_is_running()) + return 0; + ++# ifdef FIPS_MODULE ++ if (fips_padding_allowed(prsactx) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return 0; ++ } ++ ++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++# endif ++ + if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { + if (out == NULL) { + *outlen = SSL_MAX_MASTER_KEY_LENGTH; +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +index 8680797b90..95d5d51102 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377 + Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef + + # RSA decrypt +- ++Availablein = default + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Output = "Hello World" + + # Corrupted ciphertext +-FIPSversion = <3.2.0 ++Availablein = default + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 + Output = "Hello World" +@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2 + h90qjKHS9PvY4Q== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a + Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 + Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb + Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 + Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 + Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8 + eG2e4XlBcKjI6A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e + Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 + Output=2d + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 + Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 + Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec + Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z + Ya4qnqZe1onjY5o= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 + Output=087820b569e8fa8d + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 + Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a + Output=d94cd0e08fa404ed89 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 + Output=6cc641b6b61e6f963974dad23a9013284ef1 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 + Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq + aD0x7TDrmEvkEro= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 + Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e + Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 + Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 + Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 + Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B + MSwGUGLx60i3nRyDyw== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 + Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad + Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 + Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf + Output=15c5b9ee1185 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 + Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC + Yejn5Ly8mU2q+jBcRQ== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 + Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f + Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 + Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 + Output=684e3038c5c041f7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab + Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS + FMlxv0gq65dqc3DC + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 + Output=47aae909 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 + Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b + Output=d976fc + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac + Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 + Output=bb47231ca5ea1d3ad46c99345d9a8a61 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM + 2MiPa249Z+lh3Luj0A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 + Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d + Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f + Output=8604ac56328c1ab5ad917861 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 + Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 + Output=4a5f4914bee25de3c69341de07 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo + tKo5Eb69iFQvBb4= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 + Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 + Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 + Output=fd326429df9b890e09b54b18b8f34f1e24 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 + Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e + Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index cbec426137..9ba7fbeed2 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -1022,6 +1022,9 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } + +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index e2dcb68fb5..0775112b40 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -493,6 +493,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; +@@ -504,11 +516,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; +-- +2.41.0 + diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch new file mode 100644 index 0000000..9991c5c --- /dev/null +++ b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch @@ -0,0 +1,570 @@ +From 5f4f350ce797a7cd2fdca84c474ee196da9d6fae Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Wed, 18 May 2022 17:25:59 +0200 +Subject: [PATCH] Deny SHA-1 signature verification in FIPS provider + +For RHEL, we already disable SHA-1 signatures by default in the default +provider, so it is unexpected that the FIPS provider would have a more +lenient configuration in this regard. Additionally, we do not think +continuing to accept SHA-1 signatures is a good idea due to the +published chosen-prefix collision attacks. + +As a consequence, disable verification of SHA-1 signatures in the FIPS +provider. + +This requires adjusting a few tests that would otherwise fail: +- 30-test_acvp: Remove the test vectors that use SHA-1. +- 30-test_evp: Mark tests in evppkey_rsa_common.txt and + evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default", + which will not run them when the FIPS provider is enabled. +- 80-test_cms: Re-create all certificates in test/smime-certificates + with SHA256 signatures while keeping the same private keys. These + certificates were signed with SHA-1 and thus fail verification in the + FIPS provider. + Fix some other tests by explicitly running them in the default + provider, where SHA-1 is available. +- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with + the FIPS provider. + +Signed-off-by: Clemens Lang +--- + providers/implementations/signature/dsa_sig.c | 4 -- + .../implementations/signature/ecdsa_sig.c | 4 -- + providers/implementations/signature/rsa_sig.c | 8 +-- + test/acvp_test.inc | 20 ------- + .../30-test_evp_data/evppkey_ecdsa.txt | 7 +++ + .../30-test_evp_data/evppkey_rsa_common.txt | 51 +++++++++++++++- + test/recipes/80-test_cms.t | 4 +- + test/recipes/80-test_ssl_old.t | 4 ++ + test/smime-certs/smdh.pem | 18 +++--- + test/smime-certs/smdsa1.pem | 60 +++++++++---------- + test/smime-certs/smdsa2.pem | 60 +++++++++---------- + test/smime-certs/smdsa3.pem | 60 +++++++++---------- + test/smime-certs/smec1.pem | 30 +++++----- + test/smime-certs/smec2.pem | 30 +++++----- + test/smime-certs/smec3.pem | 30 +++++----- + test/smime-certs/smroot.pem | 38 ++++++------ + test/smime-certs/smrsa1.pem | 38 ++++++------ + test/smime-certs/smrsa2.pem | 38 ++++++------ + test/smime-certs/smrsa3.pem | 38 ++++++------ + 19 files changed, 286 insertions(+), 256 deletions(-) + +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index fa3822f39f..c365d7b13a 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -128,11 +128,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + int md_nid; + size_t mdname_len = strlen(mdname); +-#ifdef FIPS_MODULE +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + int sha1_allowed = 0; +-#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 99b228e82c..44a22832ec 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } +-#ifdef FIPS_MODULE +- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + sha1_allowed = 0; +-#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index f66d7705c3..34f45175e8 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -292,11 +292,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + int md_nid; + size_t mdname_len = strlen(mdname); +-#ifdef FIPS_MODULE +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + int sha1_allowed = 0; +-#endif + md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); + +@@ -1355,8 +1351,10 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + + if (prsactx->md == NULL && pmdname == NULL + && pad_mode == RSA_PKCS1_PSS_PADDING) { ++#ifdef FIPS_MODULE ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++#else + pmdname = RSA_DEFAULT_DIGEST_NAME; +-#ifndef FIPS_MODULE + if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { + pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; + } +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index ad11d3ae1e..73b24bdb0c 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -1841,17 +1841,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { + NO_PSS_SALT_LEN, + FAIL + }, +- { +- "x931", +- 3072, +- "SHA1", +- ITM(rsa_sigverx931_0_msg), +- ITM(rsa_sigverx931_0_n), +- ITM(rsa_sigverx931_0_e), +- ITM(rsa_sigverx931_0_sig), +- NO_PSS_SALT_LEN, +- PASS +- }, + { + "x931", + 3072, +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +index f36982845d..51e507a61c 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC + + Title = ECDSA tests + ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + + # Digest too long ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF12345" +@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # Digest too short ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF123" +@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # Digest invalid ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1235" +@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # Invalid signature ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # BER signature ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 + Result = VERIFY_ERROR + ++Availablein = default + Verify = P-256-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +index b8d8bb2993..8dd566067b 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +@@ -96,6 +96,7 @@ NDL6WCBbets= + + Title = RSA tests + ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224 + Input = "0123456789ABCDEF123456789ABC" + Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:SHA1 + Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Output = "0123456789ABCDEF1234" + + # Leading zero in the signature ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:SHA1 + Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Result = KEYOP_ERROR + + # Mismatched digest ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1233" +@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2 + Result = VERIFY_ERROR + + # Corrupted signature ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1233" +@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2 + Result = VERIFY_ERROR + + # parameter is not NULLt ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" +@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e7 + Result = VERIFY_ERROR + + # embedded digest too long ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = KEYOP_ERROR + + # embedded digest too short ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = KEYOP_ERROR + + # Garbage after DigestInfo ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 + Result = KEYOP_ERROR + + # invalid tag for parameter ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" +@@ -195,6 +209,7 @@ Result = VERIFY_ERROR + + # Verify using public key + ++Availablein = default + Verify = RSA-2048-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -370,6 +385,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + + # Verify using salt length auto detect ++# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256 ++Availablein = default + Verify = RSA-2048-PUBLIC + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:auto +@@ -404,6 +421,10 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD + Result = VERIFY_ERROR + + # Verify using default parameters, explicitly setting parameters ++# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which ++# RHEL-9 does not support in FIPS mode; all these tests are thus marked ++# Availablein = default. ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:20 +@@ -412,6 +433,7 @@ Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + + # Verify explicitly setting parameters "digest" salt length ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:digest +@@ -420,18 +442,21 @@ Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + + # Verify using salt length larger than minimum ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:30 + Input="0123456789ABCDEF0123" + Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B + + # Verify using maximum salt length ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:max + Input="0123456789ABCDEF0123" + Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6 + + # Attempt to change salt length below minimum ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:0 + Result = PKEY_CTRL_ERROR +@@ -439,21 +464,25 @@ Result = PKEY_CTRL_ERROR + # Attempt to change padding mode + # Note this used to return PKEY_CTRL_INVALID + # but it is limited because setparams only returns 0 or 1. ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pkcs1 + Result = PKEY_CTRL_ERROR + + # Attempt to change digest ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = digest:sha256 + Result = PKEY_CTRL_ERROR + + # Invalid key: rejected when we try to init ++Availablein = default + Verify = RSA-PSS-BAD + Result = KEYOP_INIT_ERROR + Reason = invalid salt length + + # Invalid key: rejected when we try to init ++Availablein = default + Verify = RSA-PSS-BAD2 + Result = KEYOP_INIT_ERROR + Reason = invalid salt length +@@ -472,36 +501,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh + 4fINDOjP+yJJvZohNwIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e + Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd + Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0652ec67bcee30f9d2699122b91c19abdba89f91 + Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=39c21c4cceda9c1adf839c744e1212a6437575ec + Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=36dae913b77bd17cae6e7b09453d24544cebb33c + Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -517,36 +552,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+ESArV6D5KYZBKTySPs5cCc1fh + 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ== + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0 + Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=2dac956d53964748ac364d06595827c6b4f143cd + Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298 + Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e + Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a + Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -564,36 +605,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGu + BQIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4 + Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=b503319399277fd6c1c8f1033cbf04199ea21716 + Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=50aaede8536b2c307208b275a67ae2df196c7628 + Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294 + Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=fad3902c9750622a2bc672622c48270cc57d3ea8 + Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -1329,11 +1376,13 @@ Title = RSA FIPS tests + + # FIPS tests + +-# Verifying with SHA1 is permitted in fips mode for older applications ++# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode ++Availablein = fips + DigestVerify = SHA1 + Key = RSA-2048 + Input = "Hello " + Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859 ++Result = DIGESTVERIFYINIT_ERROR + + # Verifying with a 1024 bit key is permitted in fips mode for older applications + DigestVerify = SHA256 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 48a92f735d..34afe91b88 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -162,7 +162,7 @@ my @smime_pkcs7_tests = ( + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", + "-certfile", $smroot, + "-signer", $smrsa1, "-out", "{output}.cms" ], +- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", ++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], +@@ -170,7 +170,7 @@ my @smime_pkcs7_tests = ( + [ "signed zero-length content S/MIME format, RSA key SHA1", + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], +- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", ++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&zero_compare + ], +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index 8c52b637fc..ff75c5b6ec 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -394,6 +394,9 @@ sub testssl { + 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); + } + ++ SKIP: { ++ skip "SSLv3 is not supported by the FIPS provider", 4 ++ if $provider eq "fips"; + ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), + 'test sslv2/sslv3 with server authentication'); + ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), +@@ -402,6 +405,7 @@ sub testssl { + 'test sslv2/sslv3 with both client and server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); ++ } + + SKIP: { + skip "No IPv4 available on this machine", 4 diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch new file mode 100644 index 0000000..f1ad59d --- /dev/null +++ b/0062-fips-Expose-a-FIPS-indicator.patch @@ -0,0 +1,466 @@ +From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Tue, 7 Jun 2022 12:02:49 +0200 +Subject: [PATCH] fips: Expose a FIPS indicator + +FIPS 140-3 requires us to indicate whether an operation was using +approved services or not. The FIPS 140-3 implementation guidelines +provide two basic approaches to doing this: implicit indicators, and +explicit indicators. + +Implicit indicators are basically the concept of "if the operation +passes, it was approved". We were originally aiming for implicit +indicators in our copy of OpenSSL. However, this proved to be a problem, +because we wanted to certify a signature service, and FIPS 140-3 +requires that a signature service computes the digest to be signed +within the boundaries of the FIPS module. Since we were planning to +certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify +would have to be blocked. Unfortunately, EVP_SignFinal uses +EVP_PKEY_sign internally, but outside of fips.so and thus outside of the +FIPS module boundary. This means that using implicit indicators in +combination with certifying only fips.so would require us to block both +EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used +by most users of OpenSSL for signatures. + +EVP_DigestSign would be acceptable, but has only been added in 3.0 and +is thus not yet widely used. + +As a consequence, we've decided to introduce explicit indicators so that +EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but +FIPS-aware applications can query the explicit indicator to check +whether the operation was approved. + +To avoid affecting the ABI and public API too much, this is implemented +as an exported symbol in fips.so and a private header, so applications +that wish to use this will have to dlopen(3) fips.so, locate the +function using dlsym(3), and then call it. These applications will have +to build against the private header in order to use the returned +pointer. + +Modify util/mkdef.pl to support exposing a symbol only for a specific +provider identified by its name and path. + +Signed-off-by: Clemens Lang +--- + doc/build.info | 6 ++ + doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++ + providers/fips/fipsprov.c | 71 +++++++++++++ + providers/fips/indicator.h | 66 ++++++++++++ + util/mkdef.pl | 25 ++++- + util/providers.num | 1 + + 6 files changed, 322 insertions(+), 1 deletion(-) + create mode 100644 doc/man7/fips_module_indicators.pod + create mode 100644 providers/fips/indicator.h + +diff --git a/doc/build.info b/doc/build.info +index b0aa4297a4..af235113bb 100644 +--- a/doc/build.info ++++ b/doc/build.info +@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod + GENERATE[html/man7/fips_module.html]=man7/fips_module.pod + DEPEND[man/man7/fips_module.7]=man7/fips_module.pod + GENERATE[man/man7/fips_module.7]=man7/fips_module.pod ++DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod ++GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod ++DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod ++GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod + DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod + GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod + DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod +@@ -4631,6 +4635,7 @@ html/man7/ct.html \ + html/man7/des_modes.html \ + html/man7/evp.html \ + html/man7/fips_module.html \ ++html/man7/fips_module_indicators.html \ + html/man7/life_cycle-cipher.html \ + html/man7/life_cycle-digest.html \ + html/man7/life_cycle-kdf.html \ +@@ -4754,6 +4759,7 @@ man/man7/ct.7 \ + man/man7/des_modes.7 \ + man/man7/evp.7 \ + man/man7/fips_module.7 \ ++man/man7/fips_module_indicators.7 \ + man/man7/life_cycle-cipher.7 \ + man/man7/life_cycle-digest.7 \ + man/man7/life_cycle-kdf.7 \ +diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod +new file mode 100644 +index 0000000000..23db2b395c +--- /dev/null ++++ b/doc/man7/fips_module_indicators.pod +@@ -0,0 +1,154 @@ ++=pod ++ ++=head1 NAME ++ ++fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide ++ ++=head1 DESCRIPTION ++ ++This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider ++implements Approved Security Service Indicators according to the FIPS 140-3 ++Implementation Guidelines, section 2.4.C. See ++L ++for the FIPS 140-3 Implementation Guidelines. ++ ++For all approved services except signatures, the Red Hat OpenSSL FIPS provider ++uses the return code as the indicator as understood by FIPS 140-3. That means ++that every operation that succeeds denotes use of an approved security service. ++Operations that do not succeed may not have been approved security services, or ++may have been used incorrectly. ++ ++For signatures, an explicit indicator API is available to determine whether ++a selected operation is an approved security service, in combination with the ++return code of the operation. For a signature operation to be approved, the ++explicit indicator must claim it as approved, and it must succeed. ++ ++=head2 Querying the explicit indicator ++ ++The Red Hat OpenSSL FIPS provider exports a symbol named ++I that provides information on which signature ++operations are approved security functions. To use this function, either link ++against I directly, or load it at runtime using dlopen(3) and ++dlsym(3). ++ ++ #include ++ #include "providers/fips/indicator.h" ++ ++ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY); ++ if (provider == NULL) { ++ fprintf(stderr, "%s\n", dlerror()); ++ // handle error ++ } ++ ++ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \ ++ = dlsym(provider, "redhat_ossl_query_fipsindicator"); ++ if (redhat_ossl_query_fipsindicator == NULL) { ++ fprintf(stderr, "%s\n", dlerror()); ++ fprintf(stderr, "Does your copy of fips.so have the required Red Hat" ++ " patches?\n"); ++ // handle error ++ } ++ ++Note that this uses the I header, which is not ++public. Install the I package from the I ++repository using I and include ++I in the compiler's include path. ++ ++I expects an operation ID as its only ++argument. Currently, the only supported operation ID is I to ++obtain the indicators for signature operations. On success, the return value is ++a pointer to an array of Is. On failure, NULL is ++returned. The last entry in the array is indicated by I being ++NULL. ++ ++ typedef struct ossl_rh_fipsindicator_algorithm_st { ++ const char *algorithm_names; /* key */ ++ const char *property_definition; /* key */ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; ++ } OSSL_RH_FIPSINDICATOR_ALGORITHM; ++ ++ typedef struct ossl_rh_fipsindicator_dispatch_st { ++ int function_id; ++ int approved; ++ } OSSL_RH_FIPSINDICATOR_DISPATCH; ++ ++The I field is a colon-separated list of algorithm names from ++one of the I constants, e.g., I. strtok(3) can ++be used to locate the appropriate entry. See the example below, where ++I contains the algorithm name to search for: ++ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL; ++ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator = ++ redhat_ossl_query_fipsindicator(operation_id); ++ if (indicator == NULL) { ++ fprintf(stderr, "No indicator for operation, probably using implicit" ++ " indicators.\n"); ++ // handle error ++ } ++ ++ for (; indicator->algorithm_names != NULL; ++indicator) { ++ char *algorithm_names = strdup(indicator->algorithm_names); ++ if (algorithm_names == NULL) { ++ perror("strdup(3)"); ++ // handle error ++ } ++ ++ const char *algorithm_name = strtok(algorithm_names, ":"); ++ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) { ++ if (strcasecmp(algorithm_name, algorithm) == 0) { ++ indicator_dispatch = indicator->indicators; ++ free(algorithm_names); ++ algorithm_names = NULL; ++ break; ++ } ++ } ++ free(algorithm_names); ++ } ++ if (indicator_dispatch == NULL) { ++ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm); ++ // handle error ++ } ++ ++If an appropriate I array is available for the ++given algorithm name, it maps function IDs to their approval status. The last ++entry is indicated by a zero I. I is ++I if the operation is an approved security ++service, or part of an approved security service, or ++I otherwise. Any other value is invalid. ++Function IDs are I constants from I, ++e.g., I or I. ++ ++Assuming I is the function in question, the following code can be ++used to query the approval status: ++ ++ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) { ++ if (indicator_dispatch->function_id == function_id) { ++ switch (indicator_dispatch->approved) { ++ case OSSL_RH_FIPSINDICATOR_APPROVED: ++ // approved security service ++ break; ++ case OSSL_RH_FIPSINDICATOR_UNAPPROVED: ++ // unapproved security service ++ break; ++ default: ++ // invalid result ++ break; ++ } ++ break; ++ } ++ } ++ ++=head1 SEE ALSO ++ ++L, L ++ ++=head1 COPYRIGHT ++ ++Copyright 2022 Red Hat, Inc. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index de391ce067..1cfd71c5cf 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -23,6 +23,7 @@ + #include "self_test.h" + #include "crypto/context.h" + #include "internal/core.h" ++#include "indicator.h" + + static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; + static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; +@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = { + { NULL, NULL, NULL } + }; + ++static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = { ++ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } ++}; ++ ++static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = { ++ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } ++}; ++ ++static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = { ++ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ++ redhat_rsa_signature_indicators }, ++#ifndef OPENSSL_NO_EC ++ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ++ redhat_ecdsa_signature_indicators }, ++#endif ++ { NULL, NULL, NULL } ++}; ++ + static const OSSL_ALGORITHM fips_asym_cipher[] = { + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, + { NULL, NULL, NULL } +@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) { + return NULL; + } + ++const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { ++ switch (operation_id) { ++ case OSSL_OP_SIGNATURE: ++ return redhat_indicator_fips_signature; ++ } ++ return NULL; ++} ++ + static void fips_teardown(void *provctx) + { + OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); +diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h +new file mode 100644 +index 0000000000..b323efe44c +--- /dev/null ++++ b/providers/fips/indicator.h +@@ -0,0 +1,66 @@ ++/* ++ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OPENSSL_FIPS_INDICATOR_H ++# define OPENSSL_FIPS_INDICATOR_H ++# pragma once ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0) ++# define OSSL_RH_FIPSINDICATOR_APPROVED (1) ++ ++/* ++ * FIPS indicator dispatch table element. function_id numbers and the ++ * functions are defined in core_dispatch.h, see macros with ++ * 'OSSL_CORE_MAKE_FUNC' in their names. ++ * ++ * An array of these is always terminated by function_id == 0 ++ */ ++typedef struct ossl_rh_fipsindicator_dispatch_st { ++ int function_id; ++ int approved; ++} OSSL_RH_FIPSINDICATOR_DISPATCH; ++ ++/* ++ * Type to tie together algorithm names, property definition string and the ++ * algorithm implementation's FIPS indicator status in the form of a FIPS ++ * indicator dispatch table. ++ * ++ * An array of these is always terminated by algorithm_names == NULL ++ */ ++typedef struct ossl_rh_fipsindicator_algorithm_st { ++ const char *algorithm_names; /* key */ ++ const char *property_definition; /* key */ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; ++} OSSL_RH_FIPSINDICATOR_ALGORITHM; ++ ++/** ++ * Query FIPS indicator status for the given operation. Possible values for ++ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms ++ * use implicit indicators. The return value is an array of ++ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with ++ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of ++ * algorithm names, 'property_definition' a comma-separated list of properties, ++ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This ++ * list is terminated by function_id == 0. 'function_id' is one of the ++ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL. ++ * ++ * If there is no entry in the returned struct for the given operation_id, ++ * algorithm name, or function_id, the algorithm is unapproved. ++ */ ++const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id); ++ ++# ifdef __cplusplus ++} ++# endif ++ ++#endif +diff --git a/util/mkdef.pl b/util/mkdef.pl +index a1c76f7c97..eda39b71ee 100755 +--- a/util/mkdef.pl ++++ b/util/mkdef.pl +@@ -149,7 +149,8 @@ $ordinal_opts{filter} = + return + $item->exists() + && platform_filter($item) +- && feature_filter($item); ++ && feature_filter($item) ++ && fips_filter($item, $name); + }; + my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file); + +@@ -205,6 +206,28 @@ sub feature_filter { + return $verdict; + } + ++sub fips_filter { ++ my $item = shift; ++ my $name = uc(shift); ++ my @features = ( $item->features() ); ++ ++ # True if no features are defined ++ return 1 if scalar @features == 0; ++ ++ my @matches = grep(/^ONLY_.*$/, @features); ++ if (@matches) { ++ # There is at least one only_* flag on this symbol, check if any of ++ # them match the name ++ for (@matches) { ++ if ($_ eq "ONLY_${name}") { ++ return 1; ++ } ++ } ++ return 0; ++ } ++ return 1; ++} ++ + sub sorter_unix { + my $by_name = OpenSSL::Ordinals::by_name(); + my %weight = ( +diff --git a/util/providers.num b/util/providers.num +index 4e2fa81b98..77879d0e5f 100644 +--- a/util/providers.num ++++ b/util/providers.num +@@ -1 +1,2 @@ + OSSL_provider_init 1 * EXIST::FUNCTION: ++redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS +-- +2.35.3 + diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch new file mode 100644 index 0000000..cc0060e --- /dev/null +++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -0,0 +1,350 @@ +From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:28 +0200 +Subject: [PATCH 29/35] + 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch + +Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +Patch-id: 73 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/rsa/rsa_local.h | 8 ++ + crypto/rsa/rsa_oaep.c | 34 ++++++-- + include/openssl/core_names.h | 3 + + providers/fips/self_test_data.inc | 79 ++++++++++--------- + providers/fips/self_test_kats.c | 7 ++ + .../implementations/asymciphers/rsa_enc.c | 41 +++++++++- + 6 files changed, 128 insertions(+), 44 deletions(-) + +diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h +index ea70da05ad..dde57a1a0e 100644 +--- a/crypto/rsa/rsa_local.h ++++ b/crypto/rsa/rsa_local.h +@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to + int tlen, const unsigned char *from, + int flen); + ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md, ++ const char *redhat_st_seed); ++ + #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ +diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c +index d9be1a4f98..b2f7f7dc4b 100644 +--- a/crypto/rsa/rsa_oaep.c ++++ b/crypto/rsa/rsa_oaep.c +@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + param, plen, NULL, NULL); + } + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_asym_cipher_st; ++#endif /* FIPS_MODULE */ ++ + /* + * Perform the padding as per NIST 800-56B 7.2.2.3 + * from (K) is the key material. +@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + * Step numbers are included here but not in the constant time inverse below + * to avoid complicating an already difficult enough function. + */ +-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, +- unsigned char *to, int tlen, +- const unsigned char *from, int flen, +- const unsigned char *param, +- int plen, const EVP_MD *md, +- const EVP_MD *mgf1md) ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md, ++ const char *redhat_st_seed) + { + int rv = 0; + int i, emlen = tlen - 1; +@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + db[emlen - flen - mdlen - 1] = 0x01; + memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); + /* step 3d: generate random byte string */ ++#ifdef FIPS_MODULE ++ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { ++ memcpy(seed, redhat_st_seed, mdlen); ++ } else ++#endif + if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) + goto err; + +@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + return rv; + } + ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md) ++{ ++ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, ++ flen, param, plen, md, ++ mgf1md, NULL); ++} ++ + int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 5e3c132f5b..c0cce14297 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -471,6 +471,9 @@ extern "C" { + #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" + #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" + #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" ++#ifdef FIPS_MODULE ++#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" ++#endif + + /* + * Encoder / decoder parameters +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index e0fdc0daa4..aa2012c04a 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = { + }; + + /*- +- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the ++ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; ++static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; ++static const char oaep_fixed_seed[] = { ++ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, ++ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, ++ 0x2e, 0x4b, 0x2c, 0xe6 ++}; + + static const ST_KAT_PARAM rsa_enc_params[] = { +- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), ++ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), ++ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, ++ oaep_fixed_seed), + ST_KAT_PARAM_END() + }; + +@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = { + 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 + }; + +-static const unsigned char rsa_asym_plaintext_encrypt[256] = { ++static const unsigned char rsa_asym_plaintext_encrypt[208] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + }; + static const unsigned char rsa_asym_expected_encrypt[256] = { +- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, +- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, +- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, +- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, +- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, +- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, +- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, +- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, +- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, +- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, +- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, +- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, +- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, +- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, +- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, +- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, +- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, +- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, +- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, +- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, +- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, +- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, +- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, +- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, +- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, +- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, +- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, +- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, +- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, +- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, +- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, +- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, ++ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, ++ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, ++ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, ++ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, ++ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, ++ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, ++ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, ++ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, ++ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, ++ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, ++ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, ++ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, ++ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, ++ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, ++ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, ++ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, ++ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, ++ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, ++ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, ++ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, ++ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, ++ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, ++ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, ++ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, ++ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, ++ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, ++ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, ++ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, ++ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, ++ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, ++ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, ++ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 + }; + + #ifndef OPENSSL_NO_EC +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index 74ee25dcb6..a9bc8be7fa 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + return ret; + } + ++int REDHAT_FIPS_asym_cipher_st = 0; ++ + static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + { + int i, ret = 1; + ++ REDHAT_FIPS_asym_cipher_st = 1; ++ + for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { + if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) + ret = 0; + } ++ ++ REDHAT_FIPS_asym_cipher_st = 0; ++ + return ret; + } + +diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c +index 9cd8904131..40de5ce8fa 100644 +--- a/providers/implementations/asymciphers/rsa_enc.c ++++ b/providers/implementations/asymciphers/rsa_enc.c +@@ -30,6 +30,9 @@ + #include "prov/implementations.h" + #include "prov/providercommon.h" + #include "prov/securitycheck.h" ++#ifdef FIPS_MODULE ++# include "crypto/rsa/rsa_local.h" ++#endif + + #include + +@@ -75,6 +78,9 @@ typedef struct { + /* TLS padding */ + unsigned int client_version; + unsigned int alt_version; ++#ifdef FIPS_MODULE ++ char *redhat_st_oaep_seed; ++#endif /* FIPS_MODULE */ + } PROV_RSA_CTX; + + static void *rsa_newctx(void *provctx) +@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + } + } + ret = +- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, ++#ifdef FIPS_MODULE ++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( ++#else ++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( ++#endif ++ prsactx->libctx, tbuf, + rsasize, in, inlen, + prsactx->oaep_label, + prsactx->oaep_labellen, + prsactx->oaep_md, +- prsactx->mgf1_md); ++ prsactx->mgf1_md ++#ifdef FIPS_MODULE ++ , prsactx->redhat_st_oaep_seed ++#endif ++ ); + + if (!ret) { + OPENSSL_free(tbuf); +@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) + EVP_MD_free(prsactx->oaep_md); + EVP_MD_free(prsactx->mgf1_md); + OPENSSL_free(prsactx->oaep_label); ++#ifdef FIPS_MODULE ++ OPENSSL_free(prsactx->redhat_st_oaep_seed); ++#endif /* FIPS_MODULE */ + + OPENSSL_free(prsactx); + } +@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), ++#endif /* FIPS_MODULE */ + OSSL_PARAM_END + }; + +@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, + return known_gettable_ctx_params; + } + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_asym_cipher_st; ++#endif /* FIPS_MODULE */ ++ + static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; +@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + prsactx->oaep_labellen = tmp_labellen; + } + ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); ++ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { ++ void *tmp_oaep_seed = NULL; ++ ++ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) ++ return 0; ++ OPENSSL_free(prsactx->redhat_st_oaep_seed); ++ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; ++ } ++#endif /* FIPS_MODULE */ ++ + p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); + if (p != NULL) { + unsigned int client_version; +-- +2.41.0 + diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch new file mode 100644 index 0000000..30d5465 --- /dev/null +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -0,0 +1,312 @@ +From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 15 Jul 2022 17:45:40 +0200 +Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test + +In review for FIPS 140-3, the lack of a self-test for the digest_sign +and digest_verify provider functions was highlighted as a problem. NIST +no longer provides ACVP tests for the RSA SigVer primitive (see +https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 +recommends the use of functions that compute the digest and signature +within the module, we have been advised in our module review that the +self tests should also use the combined digest and signature APIs, i.e. +the digest_sign and digest_verify provider functions. + +Modify the signature self-test to use these instead by switching to +EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to +crypto/evp/m_sigver.c to make these functions usable in the FIPS module. + +Signed-off-by: Clemens Lang +--- + crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ + providers/fips/self_test_kats.c | 37 +++++++++++++++------------- + 2 files changed, 56 insertions(+), 24 deletions(-) + +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index db1a1d7bc3..c94c3c53bd 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) + ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); + return 0; + } ++#endif /* !defined(FIPS_MODULE) */ + + /* + * If we get the "NULL" md then the name comes back as "UNDEF". We want to use +@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + reinit = 0; + if (e == NULL) + ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); ++#ifndef FIPS_MODULE + else + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); ++#endif /* !defined(FIPS_MODULE) */ + } + if (ctx->pctx == NULL) + return 0; +@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + locpctx = ctx->pctx; + ERR_set_mark(); + ++#ifndef FIPS_MODULE + if (evp_pkey_ctx_is_legacy(locpctx)) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + /* do not reinitialize if pkey is set or operation is different */ + if (reinit +@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + signature = + evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_sig, locpctx->propquery); ++#ifndef FIPS_MODULE + if (signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + break; + } + if (signature == NULL) +@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->fetched_digest != NULL) { + ctx->digest = ctx->reqdigest = ctx->fetched_digest; ++#ifndef FIPS_MODULE + } else { + /* legacy engine support : remove the mark when this is deleted */ + ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); +@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } ++#endif /* !defined(FIPS_MODULE) */ + } + (void)ERR_pop_to_mark(); + } + } + ++#ifndef FIPS_MODULE + if (ctx->reqdigest != NULL + && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) + && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) +@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + goto err; + } + } ++#endif /* !defined(FIPS_MODULE) */ + + if (ver) { + if (signature->digest_verify_init == NULL) { +@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + EVP_KEYMGMT_free(tmp_keymgmt); + return 0; + ++#ifndef FIPS_MODULE + legacy: + /* + * If we don't have the full support we need with provided methods, +@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ctx->pctx->flag_call_digest_custom = 1; + + ret = 1; ++#endif /* !defined(FIPS_MODULE) */ + + end: + #ifndef FIPS_MODULE +@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, + NULL); + } +-#endif /* FIPS_MDOE */ + + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + { +@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + return EVP_DigestUpdate(ctx, data, dsize); + } + +-#ifndef FIPS_MODULE + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ int r = 0; ++#ifndef FIPS_MODULE ++ int sctx = 0; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, + sigret, siglen, + sigret == NULL ? 0 : *siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + sigret, siglen, + *siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + } + } + return 1; ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, +@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { +- unsigned char md[EVP_MAX_MD_SIZE]; + int r = 0; ++#ifndef FIPS_MODULE ++ unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + int vctx = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, + sig, siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, + sig, siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* !defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + if (vctx || !r) + return r; + return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + return -1; + return EVP_DigestVerifyFinal(ctx, sigret, siglen); + } +-#endif /* FIPS_MODULE */ +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index b6d5e8e134..77eec075e6 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, + int ret = 0; + OSSL_PARAM *params = NULL, *params_sig = NULL; + OSSL_PARAM_BLD *bld = NULL; ++ EVP_MD *md = NULL; ++ EVP_MD_CTX *ctx = NULL; + EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; + EVP_PKEY *pkey = NULL; +- unsigned char sig[256]; + BN_CTX *bnctx = NULL; ++ const char *msg = "Hello World!"; ++ unsigned char sig[256]; + size_t siglen = sizeof(sig); + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, +@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, + || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) + goto err; + +- /* Create a EVP_PKEY_CTX to use for the signing operation */ +- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); +- if (sctx == NULL +- || EVP_PKEY_sign_init(sctx) <= 0) +- goto err; +- +- /* set signature parameters */ +- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, +- t->mdalgorithm, +- strlen(t->mdalgorithm) + 1)) +- goto err; ++ /* Create a EVP_MD_CTX to use for the signature operation, assign signature ++ * parameters and sign */ + params_sig = OSSL_PARAM_BLD_to_param(bld); +- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) ++ md = EVP_MD_fetch(libctx, "SHA256", NULL); ++ ctx = EVP_MD_CTX_new(); ++ if (md == NULL || ctx == NULL) ++ goto err; ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 ++ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 ++ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 ++ || EVP_MD_CTX_reset(ctx) <= 0) + goto err; + +- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 +- || EVP_PKEY_verify_init(sctx) <= 0 ++ /* sctx is not freed automatically inside the FIPS module */ ++ EVP_PKEY_CTX_free(sctx); ++ sctx = NULL; ++ ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 + || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) + goto err; + +@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, + goto err; + + OSSL_SELF_TEST_oncorrupt_byte(st, sig); +- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) ++ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) + goto err; + ret = 1; + err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); +- EVP_PKEY_CTX_free(kctx); ++ EVP_MD_free(md); ++ EVP_MD_CTX_free(ctx); ++ /* sctx is not freed automatically inside the FIPS module */ + EVP_PKEY_CTX_free(sctx); ++ EVP_PKEY_CTX_free(kctx); + OSSL_PARAM_free(params); + OSSL_PARAM_free(params_sig); + OSSL_PARAM_BLD_free(bld); +-- +2.37.1 + diff --git a/0075-FIPS-Use-FFDHE2048-in-self-test.patch b/0075-FIPS-Use-FFDHE2048-in-self-test.patch new file mode 100644 index 0000000..096e62d --- /dev/null +++ b/0075-FIPS-Use-FFDHE2048-in-self-test.patch @@ -0,0 +1,378 @@ +From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 22 Jul 2022 17:51:16 +0200 +Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test + +Signed-off-by: Clemens Lang +--- + providers/fips/self_test_data.inc | 342 +++++++++++++++--------------- + 1 file changed, 172 insertions(+), 170 deletions(-) + +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index a29cc650b5..1b5623833f 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = + + #ifndef OPENSSL_NO_DH + /* DH KAT */ ++/* RFC7919 FFDHE2048 p */ + static const unsigned char dh_p[] = { +- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, +- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, +- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, +- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, +- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, +- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, +- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, +- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, +- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, +- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, +- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, +- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, +- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, +- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, +- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, +- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, +- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, +- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, +- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, +- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, +- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, +- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, +- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, +- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, +- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, +- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, +- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, +- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, +- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, +- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, +- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, +- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 +-}; ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, ++ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, ++ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, ++ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, ++ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, ++ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, ++ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, ++ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, ++ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, ++ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, ++ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, ++ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, ++ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, ++ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, ++ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, ++ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, ++ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, ++ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, ++ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, ++ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, ++ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, ++ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, ++ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, ++ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, ++ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, ++ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, ++ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, ++ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, ++ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, ++ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ++}; ++/* RFC7919 FFDHE2048 q */ + static const unsigned char dh_q[] = { +- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, +- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, +- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, +- 0x11, 0xac, 0xb5, 0x7d +-}; ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d, ++ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, ++ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd, ++ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, ++ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd, ++ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, ++ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79, ++ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, ++ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39, ++ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, ++ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0, ++ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, ++ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa, ++ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, ++ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76, ++ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, ++ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1, ++ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, ++ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9, ++ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ++}; ++/* RFC7919 FFDHE2048 g */ + static const unsigned char dh_g[] = { +- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, +- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, +- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, +- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, +- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, +- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, +- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, +- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, +- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, +- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, +- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, +- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, +- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, +- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, +- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, +- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, +- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, +- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, +- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, +- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, +- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, +- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, +- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, +- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, +- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, +- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, +- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, +- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, +- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, +- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, +- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, +- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 ++ 0x02 + }; + static const unsigned char dh_priv[] = { +- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, +- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, +- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, +- 0x40, 0xb8, 0xfc, 0xe6 ++ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f, ++ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d, ++ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d, ++ 0x6c, 0xdc, 0x5d, 0x6e, 0x94 + }; + static const unsigned char dh_pub[] = { +- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, +- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, +- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, +- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, +- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, +- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, +- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, +- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, +- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, +- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, +- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, +- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, +- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, +- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, +- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, +- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, +- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, +- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, +- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, +- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, +- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, +- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, +- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, +- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, +- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, +- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, +- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, +- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, +- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, +- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, +- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, +- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 ++ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05, ++ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f, ++ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43, ++ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23, ++ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a, ++ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b, ++ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c, ++ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63, ++ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38, ++ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6, ++ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a, ++ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94, ++ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92, ++ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44, ++ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53, ++ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13, ++ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30, ++ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b, ++ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01, ++ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d, ++ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18, ++ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81, ++ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f, ++ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7, ++ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39, ++ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed, ++ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71, ++ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce, ++ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04, ++ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69, ++ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed, ++ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2, ++ 0x32 + }; + static const unsigned char dh_peer_pub[] = { +- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, +- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, +- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, +- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, +- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, +- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, +- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, +- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, +- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, +- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, +- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, +- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, +- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, +- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, +- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, +- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, +- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, +- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, +- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, +- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, +- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, +- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, +- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, +- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, +- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, +- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, +- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, +- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, +- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, +- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, +- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, +- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b ++ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79, ++ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda, ++ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29, ++ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84, ++ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57, ++ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5, ++ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68, ++ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c, ++ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6, ++ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20, ++ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d, ++ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3, ++ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a, ++ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77, ++ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73, ++ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53, ++ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1, ++ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05, ++ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a, ++ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5, ++ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9, ++ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91, ++ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31, ++ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f, ++ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4, ++ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e, ++ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59, ++ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84, ++ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a, ++ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd, ++ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2, ++ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87, ++ 0x64 + }; + + static const unsigned char dh_secret_expected[] = { +- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, +- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, +- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, +- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, +- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, +- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, +- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, +- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, +- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, +- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, +- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, +- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, +- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, +- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, +- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, +- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, +- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, +- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, +- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, +- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, +- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, +- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, +- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, +- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, +- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, +- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, +- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, +- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, +- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, +- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, +- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, +- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 ++ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5, ++ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5, ++ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93, ++ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5, ++ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e, ++ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39, ++ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04, ++ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d, ++ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c, ++ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47, ++ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae, ++ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08, ++ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19, ++ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8, ++ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f, ++ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e, ++ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2, ++ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d, ++ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4, ++ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4, ++ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66, ++ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46, ++ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0, ++ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70, ++ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c, ++ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f, ++ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25, ++ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc, ++ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02, ++ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04, ++ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1, ++ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89 + }; + + static const ST_KAT_PARAM dh_group[] = { +-- +2.35.3 + diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch new file mode 100644 index 0000000..15cdac6 --- /dev/null +++ b/0076-FIPS-140-3-DRBG.patch @@ -0,0 +1,184 @@ +From 89c00cc67b9b34bc94f9dc3a9fce9374bbaade03 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:29 +0200 +Subject: [PATCH 32/48] 0076-FIPS-140-3-DRBG.patch + +Patch-name: 0076-FIPS-140-3-DRBG.patch +Patch-id: 76 +Patch-status: | + # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) + # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/rand/prov_seed.c | 9 ++- + providers/implementations/rands/crngt.c | 6 +- + providers/implementations/rands/drbg.c | 11 +++- + providers/implementations/rands/drbg_local.h | 2 +- + .../implementations/rands/seeding/rand_unix.c | 64 ++----------------- + 5 files changed, 28 insertions(+), 64 deletions(-) + +diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c +index 96c499c957..61c4cd8779 100644 +--- a/crypto/rand/prov_seed.c ++++ b/crypto/rand/prov_seed.c +@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, + size_t entropy_available; + RAND_POOL *pool; + +- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); + if (pool == NULL) { + ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); + return 0; +diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c +index fa4a2db14a..1f13fc759e 100644 +--- a/providers/implementations/rands/crngt.c ++++ b/providers/implementations/rands/crngt.c +@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg, + * to the nearest byte. If the entropy is of less than full quality, + * the amount required should be scaled up appropriately here. + */ +- bytes_needed = (entropy + 7) / 8; ++ /* ++ * FIPS 140-3: the yet draft SP800-90C requires requested entropy ++ * + 128 bits during initial seeding ++ */ ++ bytes_needed = (entropy + 128 + 7) / 8; + if (bytes_needed < min_len) + bytes_needed = min_len; + if (bytes_needed > max_len) +diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c +index ea55363bf8..1b2410b3db 100644 +--- a/providers/implementations/rands/drbg.c ++++ b/providers/implementations/rands/drbg.c +@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, + #endif + } + ++#ifdef FIPS_MODULE ++ prediction_resistance = 1; ++#endif + /* Reseed using our sources in addition */ + entropylen = get_entropy(drbg, &entropy, drbg->strength, + drbg->min_entropylen, drbg->max_entropylen, +@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, + reseed_required = 1; + } + if (drbg->parent != NULL +- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) ++ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) { ++#ifdef FIPS_MODULE ++ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/ ++ drbg->parent_reseed_counter = get_parent_reseed_count(drbg); ++#else + reseed_required = 1; ++#endif ++ } + + if (reseed_required || prediction_resistance) { + if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0, +diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h +index 3b5417b43b..d27c50950b 100644 +--- a/providers/implementations/rands/drbg_local.h ++++ b/providers/implementations/rands/drbg_local.h +@@ -38,7 +38,7 @@ + * + * The value is in bytes. + */ +-#define CRNGT_BUFSIZ 16 ++#define CRNGT_BUFSIZ 32 + + /* + * Maximum input size for the DRBG (entropy, nonce, personalization string) +diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c +index cd02a0236d..98c917b6d8 100644 +--- a/providers/implementations/rands/seeding/rand_unix.c ++++ b/providers/implementations/rands/seeding/rand_unix.c +@@ -48,6 +48,8 @@ + # include + # include + # include ++# include ++# include + + static uint64_t get_time_stamp(void); + +@@ -341,66 +343,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) + * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion + * between size_t and ssize_t is safe even without a range check. + */ +- +- /* +- * Do runtime detection to find getentropy(). +- * +- * Known OSs that should support this: +- * - Darwin since 16 (OSX 10.12, IOS 10.0). +- * - Solaris since 11.3 +- * - OpenBSD since 5.6 +- * - Linux since 3.17 with glibc 2.25 +- * - FreeBSD since 12.0 (1200061) +- * +- * Note: Sometimes getentropy() can be provided but not implemented +- * internally. So we need to check errno for ENOSYS +- */ +-# if !defined(__DragonFly__) && !defined(__NetBSD__) +-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) +- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); +- +- if (getentropy != NULL) { +- if (getentropy(buf, buflen) == 0) +- return (ssize_t)buflen; +- if (errno != ENOSYS) +- return -1; +- } +-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) +- +- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) +- return (ssize_t)buflen; +- +- return -1; +-# else +- union { +- void *p; +- int (*f)(void *buffer, size_t length); +- } p_getentropy; +- +- /* +- * We could cache the result of the lookup, but we normally don't +- * call this function often. +- */ +- ERR_set_mark(); +- p_getentropy.p = DSO_global_lookup("getentropy"); +- ERR_pop_to_mark(); +- if (p_getentropy.p != NULL) +- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; +-# endif +-# endif /* !__DragonFly__ */ +- +- /* Linux supports this since version 3.17 */ +-# if defined(__linux) && defined(__NR_getrandom) +- return syscall(__NR_getrandom, buf, buflen, 0); +-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +- return sysctl_random(buf, buflen); +-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ +- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) +- return getrandom(buf, buflen, 0); +-# else +- errno = ENOSYS; +- return -1; +-# endif ++ /* Red Hat uses downstream patch to always seed from getrandom() */ ++ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); + } + # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ + +-- +2.41.0 + diff --git a/0077-FIPS-140-3-zeroization.patch b/0077-FIPS-140-3-zeroization.patch new file mode 100644 index 0000000..c7ee975 --- /dev/null +++ b/0077-FIPS-140-3-zeroization.patch @@ -0,0 +1,102 @@ +From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:29 +0200 +Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch + +Patch-name: 0077-FIPS-140-3-zeroization.patch +Patch-id: 77 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + crypto/ec/ec_lib.c | 4 ++++ + crypto/ffc/ffc_params.c | 8 ++++---- + crypto/rsa/rsa_lib.c | 4 ++-- + providers/implementations/kdfs/hkdf.c | 2 +- + providers/implementations/kdfs/pbkdf2.c | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 6c37bf78ae..cfbc3c3c1d 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) + + void EC_POINT_free(EC_POINT *point) + { ++#ifdef FIPS_MODULE ++ EC_POINT_clear_free(point); ++#else + if (point == NULL) + return; + + if (point->meth->point_finish != 0) + point->meth->point_finish(point); + OPENSSL_free(point); ++#endif + } + + void EC_POINT_clear_free(EC_POINT *point) +diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c +index 3536efd1ad..f3c164b8fc 100644 +--- a/crypto/ffc/ffc_params.c ++++ b/crypto/ffc/ffc_params.c +@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params) + + void ossl_ffc_params_cleanup(FFC_PARAMS *params) + { +- BN_free(params->p); +- BN_free(params->q); +- BN_free(params->g); +- BN_free(params->j); ++ BN_clear_free(params->p); ++ BN_clear_free(params->q); ++ BN_clear_free(params->g); ++ BN_clear_free(params->j); + OPENSSL_free(params->seed); + ossl_ffc_params_init(params); + } +diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c +index 9588a75964..76b4aac6fc 100644 +--- a/crypto/rsa/rsa_lib.c ++++ b/crypto/rsa/rsa_lib.c +@@ -155,8 +155,8 @@ void RSA_free(RSA *r) + + CRYPTO_THREAD_lock_free(r->lock); + +- BN_free(r->n); +- BN_free(r->e); ++ BN_clear_free(r->n); ++ BN_clear_free(r->e); + BN_clear_free(r->d); + BN_clear_free(r->p); + BN_clear_free(r->q); +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c +index daa619b8af..5304baa6c9 100644 +--- a/providers/implementations/kdfs/hkdf.c ++++ b/providers/implementations/kdfs/hkdf.c +@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx) + void *provctx = ctx->provctx; + + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_free(ctx->prefix); + OPENSSL_free(ctx->label); + OPENSSL_clear_free(ctx->data, ctx->data_len); +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index 5c3e7b95ce..349c3dd657 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx) + static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) + { + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_clear_free(ctx->pass, ctx->pass_len); + memset(ctx, 0, sizeof(*ctx)); + } +-- +2.41.0 + diff --git a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch new file mode 100644 index 0000000..539e08d --- /dev/null +++ b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch @@ -0,0 +1,874 @@ +From 2000eaead63732669283e6b54c8ef02e268eaeb8 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 31 Jul 2023 09:41:29 +0200 +Subject: [PATCH 34/48] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch + +Patch-name: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +Patch-id: 78 +Patch-status: | + # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd +--- + include/crypto/evp.h | 7 ++ + include/openssl/core_names.h | 1 + + include/openssl/kdf.h | 4 + + providers/implementations/kdfs/hkdf.c | 100 +++++++++++++++++++++- + providers/implementations/kdfs/kbkdf.c | 82 ++++++++++++++++-- + providers/implementations/kdfs/sshkdf.c | 75 +++++++++++++++- + providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++- + providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++- + providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++- + 9 files changed, 487 insertions(+), 22 deletions(-) + +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index dbbdcccbda..aa07153441 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -219,6 +219,13 @@ struct evp_mac_st { + OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; + }; + ++#ifdef FIPS_MODULE ++/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving ++ * Additional Keys from a Cryptographic Key, "[t]he length of the ++ * key-derivation key [i.e., the input key] shall be at least 112 bits". */ ++# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8) ++#endif ++ + struct evp_kdf_st { + OSSL_PROVIDER *prov; + int name_id; +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index c0cce14297..b431b9f871 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -226,6 +226,7 @@ extern "C" { + #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" + #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" + #define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" ++#define OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" + + /* Known KDF names */ + #define OSSL_KDF_NAME_HKDF "HKDF" +diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h +index 0983230a48..86171635ea 100644 +--- a/include/openssl/kdf.h ++++ b/include/openssl/kdf.h +@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf, + # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 + # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + ++# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 ++ + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 + #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c +index 5304baa6c9..f9c77f4236 100644 +--- a/providers/implementations/kdfs/hkdf.c ++++ b/providers/implementations/kdfs/hkdf.c +@@ -43,6 +43,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; + static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; + static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; + static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; ++static OSSL_FUNC_kdf_newctx_fn kdf_tls1_3_new; + static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive; + static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params; + static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params; +@@ -86,6 +87,10 @@ typedef struct { + size_t data_len; + unsigned char *info; + size_t info_len; ++ int is_tls13; ++#ifdef FIPS_MODULE ++ int fips_indicator; ++#endif /* defined(FIPS_MODULE) */ + } KDF_HKDF; + + static void *kdf_hkdf_new(void *provctx) +@@ -201,6 +206,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, + return 0; + } + ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ + switch (ctx->mode) { + case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: + default: +@@ -363,15 +373,78 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { + KDF_HKDF *ctx = (KDF_HKDF *)vctx; + OSSL_PARAM *p; ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { + size_t sz = kdf_hkdf_size(ctx); + +- if (sz == 0) ++ any_valid = 1; ++ ++ if (sz == 0 || !OSSL_PARAM_set_size_t(p, sz)) + return 0; +- return OSSL_PARAM_set_size_t(p, sz); + } +- return -2; ++ ++#ifdef FIPS_MODULE ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR)) ++ != NULL) { ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); ++ ++ any_valid = 1; ++ ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section D.B and NIST Special Publication ++ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security ++ * strength < 112 bits is legacy use only, so all derived keys should ++ * be longer than that. If a derived key has ever been shorter than ++ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we ++ * should also set the returned FIPS indicator to unapproved. */ ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ if (ctx->is_tls13) { ++ if (md != NULL ++ && !EVP_MD_is_a(md, "SHA2-256") ++ && !EVP_MD_is_a(md, "SHA2-384")) { ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic ++ * Module Validation Program, Section 2.4.B, (5): "The TLS 1.3 ++ * key derivation function documented in Section 7.1 of RFC ++ * 8446. This is considered an approved CVL because the ++ * underlying functions performed within the TLS 1.3 KDF map to ++ * NIST approved standards, namely: SP 800-133rev2 (Section 6.3 ++ * Option #3), SP 800-56Crev2, and SP 800-108." ++ * ++ * RFC 8446 appendix B.4 only lists SHA-256 and SHA-384. */ ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ } else { ++ if (md != NULL ++ && (EVP_MD_is_a(md, "SHAKE-128") || ++ EVP_MD_is_a(md, "SHAKE-256"))) { ++ /* HKDF is a SP 800-56Cr2 TwoStep KDF, for which all SHA-1, ++ * SHA-2 and SHA-3 are approved. SHAKE is not approved, because ++ * of FIPS 140-3 IG, section C.C: "The SHAKE128 and SHAKE256 ++ * extendable-output functions may only be used as the ++ * standalone algorithms." */ ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ } ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ ++ if (!any_valid) ++ return -2; ++ ++ return 1; + } + + static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -379,6 +452,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +@@ -709,6 +785,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, + return ret; + } + ++static void *kdf_tls1_3_new(void *provctx) ++{ ++ KDF_HKDF *hkdf = kdf_hkdf_new(provctx); ++ ++ if (hkdf != NULL) ++ hkdf->is_tls13 = 1; ++ ++ return hkdf; ++} ++ ++ + static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]) + { +@@ -724,6 +811,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, + return 0; + } + ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ + switch (ctx->mode) { + default: + return 0; +@@ -801,7 +893,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, + } + + const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = { +- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, ++ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_3_new }, + { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_hkdf_dup }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, +diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c +index aa3df15bc7..3f82710061 100644 +--- a/providers/implementations/kdfs/kbkdf.c ++++ b/providers/implementations/kdfs/kbkdf.c +@@ -59,6 +59,9 @@ typedef struct { + kbkdf_mode mode; + EVP_MAC_CTX *ctx_init; + ++ /* HMAC digest algorithm, if any; used to compute FIPS indicator */ ++ PROV_DIGEST digest; ++ + /* Names are lowercased versions of those found in SP800-108. */ + int r; + unsigned char *ki; +@@ -72,6 +75,9 @@ typedef struct { + int use_l; + int is_kmac; + int use_separator; ++#ifdef FIPS_MODULE ++ int fips_indicator; ++#endif /* defined(FIPS_MODULE) */ + } KBKDF; + + /* Definitions needed for typechecking. */ +@@ -143,6 +149,7 @@ static void kbkdf_reset(void *vctx) + void *provctx = ctx->provctx; + + EVP_MAC_CTX_free(ctx->ctx_init); ++ ossl_prov_digest_reset(&ctx->digest); + OPENSSL_clear_free(ctx->context, ctx->context_len); + OPENSSL_clear_free(ctx->label, ctx->label_len); + OPENSSL_clear_free(ctx->ki, ctx->ki_len); +@@ -308,6 +315,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, + goto done; + } + ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ + h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init); + if (h == 0) + goto done; +@@ -381,6 +393,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + } + } + ++ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) ++ return 0; ++ + p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); + if (p != NULL + && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { +@@ -461,20 +476,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, + static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { + OSSL_PARAM *p; ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ + + p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE); +- if (p == NULL) ++ if (p != NULL) { ++ any_valid = 1; ++ ++ /* KBKDF can produce results as large as you like. */ ++ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) ++ return 0; ++ } ++ ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ KBKDF *ctx = (KBKDF *)vctx; ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ any_valid = 1; ++ ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section D.B and NIST Special Publication ++ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security ++ * strength < 112 bits is legacy use only, so all derived keys should ++ * be longer than that. If a derived key has ever been shorter than ++ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we ++ * should also set the returned FIPS indicator to unapproved. */ ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 ++ * extendable-output functions may only be used as the standalone ++ * algorithms." Note that the digest is only used when the MAC ++ * algorithm is HMAC. */ ++ if (ctx->ctx_init != NULL ++ && EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC)) { ++ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); ++ if (md != NULL ++ && (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256"))) { ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ } ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif ++ ++ if (!any_valid) + return -2; + +- /* KBKDF can produce results as large as you like. */ +- return OSSL_PARAM_set_size_t(p, SIZE_MAX); ++ return 1; + } + + static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx, + ossl_unused void *provctx) + { +- static const OSSL_PARAM known_gettable_ctx_params[] = +- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END }; ++ static const OSSL_PARAM known_gettable_ctx_params[] = { ++ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ ++ OSSL_PARAM_END ++ }; + return known_gettable_ctx_params; + } + +diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c +index 1afac4e477..389b82b714 100644 +--- a/providers/implementations/kdfs/sshkdf.c ++++ b/providers/implementations/kdfs/sshkdf.c +@@ -49,6 +49,9 @@ typedef struct { + char type; /* X */ + unsigned char *session_id; + size_t session_id_len; ++#ifdef FIPS_MODULE ++ int fips_indicator; ++#endif /* defined(FIPS_MODULE) */ + } KDF_SSHKDF; + + static void *kdf_sshkdf_new(void *provctx) +@@ -151,6 +154,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); + return 0; + } ++ ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ + return SSHKDF(md, ctx->key, ctx->key_len, + ctx->xcghash, ctx->xcghash_len, + ctx->session_id, ctx->session_id_len, +@@ -219,10 +228,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, + static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { + OSSL_PARAM *p; ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ + +- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) +- return OSSL_PARAM_set_size_t(p, SIZE_MAX); +- return -2; ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { ++ any_valid = 1; ++ ++ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) ++ return 0; ++ } ++ ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ KDF_SSHKDF *ctx = vctx; ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ any_valid = 1; ++ ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section D.B and NIST Special Publication ++ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security ++ * strength < 112 bits is legacy use only, so all derived keys should ++ * be longer than that. If a derived key has ever been shorter than ++ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we ++ * should also set the returned FIPS indicator to unapproved. */ ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 ++ * extendable-output functions may only be used as the standalone ++ * algorithms." ++ * ++ * Additionally, SP 800-135r1 section 5.2 specifies that the hash ++ * function used in SSHKDF "is one of the hash functions specified in ++ * FIPS 180-3.", which rules out SHA-3 and truncated variants of SHA-2. ++ * */ ++ if (ctx->digest.md != NULL ++ && !EVP_MD_is_a(ctx->digest.md, "SHA-1") ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-224") ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256") ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384") ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) { ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif ++ ++ if (!any_valid) ++ return -2; ++ ++ return 1; + } + + static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -230,6 +296,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c +index ecb98de6fd..98fcc583d8 100644 +--- a/providers/implementations/kdfs/sskdf.c ++++ b/providers/implementations/kdfs/sskdf.c +@@ -63,6 +63,10 @@ typedef struct { + size_t salt_len; + size_t out_len; /* optional KMAC parameter */ + int is_kmac; ++ int is_x963kdf; ++#ifdef FIPS_MODULE ++ int fips_indicator; ++#endif /* defined(FIPS_MODULE) */ + } KDF_SSKDF; + + #define SSKDF_MAX_INLEN (1<<30) +@@ -73,6 +77,7 @@ typedef struct { + static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; + + static OSSL_FUNC_kdf_newctx_fn sskdf_new; ++static OSSL_FUNC_kdf_newctx_fn x963kdf_new; + static OSSL_FUNC_kdf_dupctx_fn sskdf_dup; + static OSSL_FUNC_kdf_freectx_fn sskdf_free; + static OSSL_FUNC_kdf_reset_fn sskdf_reset; +@@ -297,6 +302,16 @@ static void *sskdf_new(void *provctx) + return ctx; + } + ++static void *x963kdf_new(void *provctx) ++{ ++ KDF_SSKDF *ctx = sskdf_new(provctx); ++ ++ if (ctx) ++ ctx->is_x963kdf = 1; ++ ++ return ctx; ++} ++ + static void sskdf_reset(void *vctx) + { + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; +@@ -392,6 +407,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, + } + md = ossl_prov_digest_md(&ctx->digest); + ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ + if (ctx->macctx != NULL) { + /* H(x) = KMAC or H(x) = HMAC */ + int ret; +@@ -473,6 +493,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, + return 0; + } + ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ + return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, + ctx->info, ctx->info_len, 1, key, keylen); + } +@@ -545,10 +570,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + OSSL_PARAM *p; ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ ++ ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { ++ any_valid = 1; ++ ++ if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx))) ++ return 0; ++ } + +- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) +- return OSSL_PARAM_set_size_t(p, sskdf_size(ctx)); +- return -2; ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ any_valid = 1; ++ ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section D.B and NIST Special Publication ++ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security ++ * strength < 112 bits is legacy use only, so all derived keys should ++ * be longer than that. If a derived key has ever been shorter than ++ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we ++ * should also set the returned FIPS indicator to unapproved. */ ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 ++ * extendable-output functions may only be used as the standalone ++ * algorithms." */ ++ if (ctx->macctx == NULL ++ || (ctx->macctx != NULL && ++ EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), OSSL_MAC_NAME_HMAC))) { ++ if (ctx->digest.md != NULL ++ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") || ++ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) { ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ ++ /* Table H-3 in ANS X9.63-2001 says that 160-bit hash functions ++ * should only be used for 80-bit key agreement, but FIPS 140-3 ++ * requires a security strength of 112 bits, so SHA-1 cannot be ++ * used with X9.63. See the discussion in ++ * https://github.com/usnistgov/ACVP/issues/1403#issuecomment-1435300395. ++ */ ++ if (ctx->is_x963kdf ++ && ctx->digest.md != NULL ++ && EVP_MD_is_a(ctx->digest.md, "SHA-1")) { ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ } ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif ++ ++ if (!any_valid) ++ return -2; ++ ++ return 1; + } + + static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -556,6 +645,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +@@ -577,7 +669,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { + }; + + const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = { +- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, ++ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x963kdf_new }, + { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))sskdf_dup }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, +diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c +index 54124ad4cb..25a6c79a2e 100644 +--- a/providers/implementations/kdfs/tls1_prf.c ++++ b/providers/implementations/kdfs/tls1_prf.c +@@ -104,6 +104,13 @@ typedef struct { + /* Buffer of concatenated seed data */ + unsigned char seed[TLS1_PRF_MAXBUF]; + size_t seedlen; ++ ++ /* MAC digest algorithm; used to compute FIPS indicator */ ++ PROV_DIGEST digest; ++ ++#ifdef FIPS_MODULE ++ int fips_indicator; ++#endif /* defined(FIPS_MODULE) */ + } TLS1_PRF; + + static void *kdf_tls1_prf_new(void *provctx) +@@ -140,6 +147,7 @@ static void kdf_tls1_prf_reset(void *vctx) + EVP_MAC_CTX_free(ctx->P_sha1); + OPENSSL_clear_free(ctx->sec, ctx->seclen); + OPENSSL_cleanse(ctx->seed, ctx->seedlen); ++ ossl_prov_digest_reset(&ctx->digest); + memset(ctx, 0, sizeof(*ctx)); + ctx->provctx = provctx; + } +@@ -194,6 +202,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ + + /* + * The seed buffer is prepended with a label. +@@ -243,6 +255,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + } + } + ++ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) ++ return 0; ++ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) { + OPENSSL_clear_free(ctx->sec, ctx->seclen); + ctx->sec = NULL; +@@ -284,10 +299,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( + static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { + OSSL_PARAM *p; ++#ifdef FIPS_MODULE ++ TLS1_PRF *ctx = vctx; ++#endif /* defined(FIPS_MODULE) */ ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ ++ ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { ++ any_valid = 1; ++ ++ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) ++ return 0; ++ } ++ ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ any_valid = 1; ++ ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->seclen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section D.B and NIST Special Publication ++ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security ++ * strength < 112 bits is legacy use only, so all derived keys should ++ * be longer than that. If a derived key has ever been shorter than ++ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we ++ * should also set the returned FIPS indicator to unapproved. */ ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3) ++ * P_HASH uses either SHA-256, SHA-384 or SHA-512." */ ++ if (ctx->digest.md != NULL ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256") ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384") ++ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) { ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif + +- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) +- return OSSL_PARAM_set_size_t(p, SIZE_MAX); +- return -2; ++ if (!any_valid) ++ return -2; ++ ++ return 1; + } + + static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( +@@ -295,6 +360,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c +index 4c274fe27a..5ce23c8eb9 100644 +--- a/providers/implementations/kdfs/x942kdf.c ++++ b/providers/implementations/kdfs/x942kdf.c +@@ -13,11 +13,13 @@ + #include + #include + #include ++#include + #include + #include + #include "internal/packet.h" + #include "internal/der.h" + #include "internal/nelem.h" ++#include "crypto/evp.h" + #include "prov/provider_ctx.h" + #include "prov/providercommon.h" + #include "prov/implementations.h" +@@ -49,6 +51,9 @@ typedef struct { + const unsigned char *cek_oid; + size_t cek_oid_len; + int use_keybits; ++#ifdef FIPS_MODULE ++ int fips_indicator; ++#endif /* defined(FIPS_MODULE) */ + } KDF_X942; + + /* +@@ -497,6 +502,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, + ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); + return 0; + } ++#ifdef FIPS_MODULE ++ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ + ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, + der, der_len, ctr, key, keylen); + OPENSSL_free(der); +@@ -600,10 +609,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { + KDF_X942 *ctx = (KDF_X942 *)vctx; + OSSL_PARAM *p; ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ + +- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) +- return OSSL_PARAM_set_size_t(p, x942kdf_size(ctx)); +- return -2; ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { ++ any_valid = 1; ++ ++ if (!OSSL_PARAM_set_size_t(p, x942kdf_size(ctx))) ++ return 0; ++ } ++ ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ any_valid = 1; ++ ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section D.B and NIST Special Publication ++ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security ++ * strength < 112 bits is legacy use only, so all derived keys should ++ * be longer than that. If a derived key has ever been shorter than ++ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we ++ * should also set the returned FIPS indicator to unapproved. */ ++ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256 ++ * extendable-output functions may only be used as the standalone ++ * algorithms." */ ++ if (ctx->digest.md != NULL ++ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") || ++ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) { ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif ++ ++ if (!any_valid) ++ return -2; ++ ++ return 1; + } + + static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, +@@ -611,6 +668,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +-- +2.41.0 + diff --git a/0079-RSA-PKCS15-implicit-rejection.patch b/0079-RSA-PKCS15-implicit-rejection.patch new file mode 100644 index 0000000..c72f6e9 --- /dev/null +++ b/0079-RSA-PKCS15-implicit-rejection.patch @@ -0,0 +1,1388 @@ +From a4ca1cac6b38efe0de1d8afb506cea29f8c60aec Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 19 Oct 2023 13:12:41 +0200 +Subject: [PATCH 34/46] 0079-RSA-PKCS15-implicit-rejection.patch + +Patch-name: 0079-RSA-PKCS15-implicit-rejection.patch +Patch-id: 79 +Patch-status: | + # # https://github.com/openssl/openssl/pull/13817 +From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911 +--- + crypto/cms/cms_env.c | 7 + + crypto/evp/ctrl_params_translate.c | 6 + + crypto/pkcs7/pk7_doit.c | 7 + + crypto/rsa/rsa_ossl.c | 101 +++- + crypto/rsa/rsa_pk1.c | 252 ++++++++++ + crypto/rsa/rsa_pmeth.c | 20 +- + doc/man1/openssl-pkeyutl.pod.in | 15 + + doc/man1/openssl-rsautl.pod.in | 5 + + doc/man3/EVP_PKEY_CTX_ctrl.pod | 9 + + doc/man3/EVP_PKEY_decrypt.pod | 12 + + doc/man3/RSA_padding_add_PKCS1_type_1.pod | 7 +- + doc/man3/RSA_public_encrypt.pod | 11 +- + doc/man7/provider-asym_cipher.pod | 9 + + include/crypto/rsa.h | 4 + + include/openssl/core_names.h | 2 + + include/openssl/rsa.h | 5 + + .../implementations/asymciphers/rsa_enc.c | 26 +- + .../30-test_evp_data/evppkey_rsa_common.txt | 472 ++++++++++++++++++ + 18 files changed, 962 insertions(+), 8 deletions(-) + +diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c +index 99cf1dcb39..730f638969 100644 +--- a/crypto/cms/cms_env.c ++++ b/crypto/cms/cms_env.c +@@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, + if (!ossl_cms_env_asn1_ctrl(ri, 1)) + goto err; + ++ if (EVP_PKEY_is_a(pkey, "RSA")) ++ /* upper layer CMS code incorrectly assumes that a successful RSA ++ * decryption means that the key matches ciphertext (which never ++ * was the case, implicit rejection or not), so to make it work ++ * disable implicit rejection for RSA keys */ ++ EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0"); ++ + if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, + ktri->encryptedKey->data, + ktri->encryptedKey->length) <= 0) +diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c +index 80947b0932..b10ba41e85 100644 +--- a/crypto/evp/ctrl_params_translate.c ++++ b/crypto/evp/ctrl_params_translate.c +@@ -2265,6 +2265,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = { + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, + OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, + ++ { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, ++ EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL, ++ "rsa_pkcs1_implicit_rejection", ++ OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, OSSL_PARAM_UNSIGNED_INTEGER, ++ NULL }, ++ + { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, + EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, + OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, +diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c +index 1cef67b211..e0094486dd 100644 +--- a/crypto/pkcs7/pk7_doit.c ++++ b/crypto/pkcs7/pk7_doit.c +@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + ++ if (EVP_PKEY_is_a(pkey, "RSA")) ++ /* upper layer pkcs7 code incorrectly assumes that a successful RSA ++ * decryption means that the key matches ciphertext (which never ++ * was the case, implicit rejection or not), so to make it work ++ * disable implicit rejection for RSA keys */ ++ EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0"); ++ + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + goto err; +diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c +index 0fc642e777..e5591cb14a 100644 +--- a/crypto/rsa/rsa_ossl.c ++++ b/crypto/rsa/rsa_ossl.c +@@ -17,6 +17,9 @@ + #include "crypto/bn.h" + #include "rsa_local.h" + #include "internal/constant_time.h" ++#include ++#include ++#include + + static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +@@ -377,8 +380,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + BIGNUM *f, *ret; + int j, num = 0, r = -1; + unsigned char *buf = NULL; ++ unsigned char d_hash[SHA256_DIGEST_LENGTH] = {0}; ++ HMAC_CTX *hmac = NULL; ++ unsigned int md_len = SHA256_DIGEST_LENGTH; ++ unsigned char kdk[SHA256_DIGEST_LENGTH] = {0}; + BN_CTX *ctx = NULL; + int local_blinding = 0; ++ EVP_MD *md = NULL; + /* + * Used only if the blinding structure is shared. A non-NULL unblind + * instructs rsa_blinding_convert() and rsa_blinding_invert() to store +@@ -387,6 +395,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + ++ /* ++ * we need the value of the private exponent to perform implicit rejection ++ */ ++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) && (padding == RSA_PKCS1_PADDING)) ++ padding = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; ++ + if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) + goto err; + BN_CTX_start(ctx); +@@ -408,6 +422,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + goto err; + } + ++ if (flen < 1) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL); ++ goto err; ++ } ++ + /* make data into a big number */ + if (BN_bin2bn(from, (int)flen, f) == NULL) + goto err; +@@ -468,6 +487,81 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + BN_free(d); + } + ++ /* ++ * derive the Key Derivation Key from private exponent and public ++ * ciphertext ++ */ ++ if (padding == RSA_PKCS1_PADDING) { ++ /* ++ * because we use d as a handle to rsa->d we need to keep it local and ++ * free before any further use of rsa->d ++ */ ++ BIGNUM *d = BN_new(); ++ if (d == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (rsa->d == NULL) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_MISSING_PRIVATE_KEY); ++ BN_free(d); ++ goto err; ++ } ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ if (BN_bn2binpad(d, buf, num) < 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ BN_free(d); ++ goto err; ++ } ++ BN_free(d); ++ ++ /* ++ * we use hardcoded hash so that migrating between versions that use ++ * different hash doesn't provide a Bleichenbacher oracle: ++ * if the attacker can see that different versions return different ++ * messages for the same ciphertext, they'll know that the message is ++ * syntethically generated, which means that the padding check failed ++ */ ++ md = EVP_MD_fetch(rsa->libctx, "sha256", NULL); ++ if (md == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (EVP_Digest(buf, num, d_hash, NULL, md, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ hmac = HMAC_CTX_new(); ++ if (hmac == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (HMAC_Init_ex(hmac, d_hash, sizeof(d_hash), md, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (flen < num) { ++ memset(buf, 0, num - flen); ++ if (HMAC_Update(hmac, buf, num - flen) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ if (HMAC_Update(hmac, from, flen) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ md_len = SHA256_DIGEST_LENGTH; ++ if (HMAC_Final(hmac, kdk, &md_len) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ + if (blinding) + if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) + goto err; +@@ -477,9 +571,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + goto err; + + switch (padding) { +- case RSA_PKCS1_PADDING: ++ case RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING: + r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); + break; ++ case RSA_PKCS1_PADDING: ++ r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk); ++ break; + case RSA_PKCS1_OAEP_PADDING: + r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); + break; +@@ -501,6 +598,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + #endif + + err: ++ HMAC_CTX_free(hmac); ++ EVP_MD_free(md); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OPENSSL_clear_free(buf, num); +diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c +index 51507fc030..5cd2b26879 100644 +--- a/crypto/rsa/rsa_pk1.c ++++ b/crypto/rsa/rsa_pk1.c +@@ -21,10 +21,14 @@ + #include + /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ + #include ++#include ++#include ++#include + #include "internal/cryptlib.h" + #include "crypto/rsa.h" + #include "rsa_local.h" + ++ + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *from, int flen) + { +@@ -273,6 +277,254 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + return constant_time_select_int(good, mlen, -1); + } + ++ ++static int ossl_rsa_prf(OSSL_LIB_CTX *ctx, ++ unsigned char *to, int tlen, ++ const char *label, int llen, ++ const unsigned char *kdk, ++ uint16_t bitlen) ++{ ++ int pos; ++ int ret = -1; ++ uint16_t iter = 0; ++ unsigned char be_iter[sizeof(iter)]; ++ unsigned char be_bitlen[sizeof(bitlen)]; ++ HMAC_CTX *hmac = NULL; ++ EVP_MD *md = NULL; ++ unsigned char hmac_out[SHA256_DIGEST_LENGTH]; ++ unsigned int md_len; ++ ++ if (tlen * 8 != bitlen) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ return ret; ++ } ++ ++ be_bitlen[0] = (bitlen >> 8) & 0xff; ++ be_bitlen[1] = bitlen & 0xff; ++ ++ hmac = HMAC_CTX_new(); ++ if (hmac == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ /* ++ * we use hardcoded hash so that migrating between versions that use ++ * different hash doesn't provide a Bleichenbacher oracle: ++ * if the attacker can see that different versions return different ++ * messages for the same ciphertext, they'll know that the message is ++ * syntethically generated, which means that the padding check failed ++ */ ++ md = EVP_MD_fetch(ctx, "sha256", NULL); ++ if (md == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (HMAC_Init_ex(hmac, kdk, SHA256_DIGEST_LENGTH, md, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ for (pos = 0; pos < tlen; pos += SHA256_DIGEST_LENGTH, iter++) { ++ if (HMAC_Init_ex(hmac, NULL, 0, NULL, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ be_iter[0] = (iter >> 8) & 0xff; ++ be_iter[1] = iter & 0xff; ++ ++ if (HMAC_Update(hmac, be_iter, sizeof(be_iter)) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if (HMAC_Update(hmac, (unsigned char *)label, llen) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if (HMAC_Update(hmac, be_bitlen, sizeof(be_bitlen)) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ /* ++ * HMAC_Final requires the output buffer to fit the whole MAC ++ * value, so we need to use the intermediate buffer for the last ++ * unaligned block ++ */ ++ md_len = SHA256_DIGEST_LENGTH; ++ if (pos + SHA256_DIGEST_LENGTH > tlen) { ++ if (HMAC_Final(hmac, hmac_out, &md_len) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ memcpy(to + pos, hmac_out, tlen - pos); ++ } else { ++ if (HMAC_Final(hmac, to + pos, &md_len) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ } ++ ++ ret = 0; ++ ++err: ++ HMAC_CTX_free(hmac); ++ EVP_MD_free(md); ++ return ret; ++} ++ ++/* ++ * ossl_rsa_padding_check_PKCS1_type_2() checks and removes the PKCS#1 type 2 ++ * padding from a decrypted RSA message. Unlike the ++ * RSA_padding_check_PKCS1_type_2() it will not return an error in case it ++ * detects a padding error, rather it will return a deterministically generated ++ * random message. In other words it will perform an implicit rejection ++ * of an invalid padding. This means that the returned value does not indicate ++ * if the padding of the encrypted message was correct or not, making ++ * side channel attacks like the ones described by Bleichenbacher impossible ++ * without access to the full decrypted value and a brute-force search of ++ * remaining padding bytes ++ */ ++int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ int num, unsigned char *kdk) ++{ ++/* ++ * We need to generate a random length for the synthethic message, to avoid ++ * bias towards zero and avoid non-constant timeness of DIV, we prepare ++ * 128 values to check if they are not too large for the used key size, ++ * and use 0 in case none of them are small enough, as 2^-128 is a good enough ++ * safety margin ++ */ ++#define MAX_LEN_GEN_TRIES 128 ++ unsigned char *synthetic = NULL; ++ int synthethic_length; ++ uint16_t len_candidate; ++ unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)]; ++ uint16_t len_mask; ++ uint16_t max_sep_offset; ++ int synth_msg_index = 0; ++ int ret = -1; ++ int i, j; ++ unsigned int good, found_zero_byte; ++ int zero_index = 0, msg_index; ++ ++ /* ++ * If these checks fail then either the message in publicly invalid, or ++ * we've been called incorrectly. We can fail immediately. ++ * Since this code is called only internally by openssl, those are just ++ * sanity checks ++ */ ++ if (num != flen || tlen <= 0 || flen <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ return -1; ++ } ++ ++ /* Generate a random message to return in case the padding checks fail */ ++ synthetic = OPENSSL_malloc(flen); ++ if (synthetic == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ ++ if (ossl_rsa_prf(ctx, synthetic, flen, "message", 7, kdk, flen * 8) < 0) ++ goto err; ++ ++ /* decide how long the random message should be */ ++ if (ossl_rsa_prf(ctx, candidate_lengths, sizeof(candidate_lengths), ++ "length", 6, kdk, ++ MAX_LEN_GEN_TRIES * sizeof(len_candidate) * 8) < 0) ++ goto err; ++ ++ /* ++ * max message size is the size of the modulus size less 2 bytes for ++ * version and padding type and a minimum of 8 bytes padding ++ */ ++ len_mask = max_sep_offset = flen - 2 - 8; ++ /* ++ * we want a mask so lets propagate the high bit to all positions less ++ * significant than it ++ */ ++ len_mask |= len_mask >> 1; ++ len_mask |= len_mask >> 2; ++ len_mask |= len_mask >> 4; ++ len_mask |= len_mask >> 8; ++ ++ synthethic_length = 0; ++ for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate); ++ i += sizeof(len_candidate)) { ++ len_candidate = (candidate_lengths[i] << 8) | candidate_lengths[i + 1]; ++ len_candidate &= len_mask; ++ ++ synthethic_length = constant_time_select_int( ++ constant_time_lt(len_candidate, max_sep_offset), ++ len_candidate, synthethic_length); ++ } ++ ++ synth_msg_index = flen - synthethic_length; ++ ++ /* we have alternative message ready, check the real one */ ++ good = constant_time_is_zero(from[0]); ++ good &= constant_time_eq(from[1], 2); ++ ++ /* then look for the padding|message separator (the first zero byte) */ ++ found_zero_byte = 0; ++ for (i = 2; i < flen; i++) { ++ unsigned int equals0 = constant_time_is_zero(from[i]); ++ zero_index = constant_time_select_int(~found_zero_byte & equals0, ++ i, zero_index); ++ found_zero_byte |= equals0; ++ } ++ ++ /* ++ * padding must be at least 8 bytes long, and it starts two bytes into ++ * |from|. If we never found a 0-byte, then |zero_index| is 0 and the check ++ * also fails. ++ */ ++ good &= constant_time_ge(zero_index, 2 + 8); ++ ++ /* ++ * Skip the zero byte. This is incorrect if we never found a zero-byte ++ * but in this case we also do not copy the message out. ++ */ ++ msg_index = zero_index + 1; ++ ++ /* ++ * old code returned an error in case the decrypted message wouldn't fit ++ * into the |to|, since that would leak information, return the synthethic ++ * message instead ++ */ ++ good &= constant_time_ge(tlen, num - msg_index); ++ ++ msg_index = constant_time_select_int(good, msg_index, synth_msg_index); ++ ++ /* ++ * since at this point the |msg_index| does not provide the signal ++ * indicating if the padding check failed or not, we don't have to worry ++ * about leaking the length of returned message, we still need to ensure ++ * that we read contents of both buffers so that cache accesses don't leak ++ * the value of |good| ++ */ ++ for (i = msg_index, j = 0; i < flen && j < tlen; i++, j++) ++ to[j] = constant_time_select_8(good, from[i], synthetic[i]); ++ ret = j; ++ ++err: ++ /* ++ * the only time ret < 0 is when the ciphertext is publicly invalid ++ * or we were called with invalid parameters, so we don't have to perform ++ * a side-channel secure raising of the error ++ */ ++ if (ret < 0) ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ OPENSSL_free(synthetic); ++ return ret; ++} ++ + /* + * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 + * padding from a decrypted RSA message in a TLS signature. The result is stored +diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c +index 0bf5ac098a..81b031f81b 100644 +--- a/crypto/rsa/rsa_pmeth.c ++++ b/crypto/rsa/rsa_pmeth.c +@@ -52,6 +52,8 @@ typedef struct { + /* OAEP label */ + unsigned char *oaep_label; + size_t oaep_labellen; ++ /* if to use implicit rejection in PKCS#1 v1.5 decryption */ ++ int implicit_rejection; + } RSA_PKEY_CTX; + + /* True if PSS parameters are restricted */ +@@ -72,6 +74,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) + /* Maximum for sign, auto for verify */ + rctx->saltlen = RSA_PSS_SALTLEN_AUTO; + rctx->min_saltlen = -1; ++ rctx->implicit_rejection = 1; + ctx->data = rctx; + ctx->keygen_info = rctx->gentmp; + ctx->keygen_info_count = 2; +@@ -97,6 +100,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) + dctx->md = sctx->md; + dctx->mgf1md = sctx->mgf1md; + dctx->saltlen = sctx->saltlen; ++ dctx->implicit_rejection = sctx->implicit_rejection; + if (sctx->oaep_label) { + OPENSSL_free(dctx->oaep_label); + dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); +@@ -347,6 +351,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + const unsigned char *in, size_t inlen) + { + int ret; ++ int pad_mode; + RSA_PKEY_CTX *rctx = ctx->data; + /* + * Discard const. Its marked as const because this may be a cached copy of +@@ -367,7 +372,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + rctx->oaep_labellen, + rctx->md, rctx->mgf1md); + } else { +- ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode); ++ if (rctx->pad_mode == RSA_PKCS1_PADDING && ++ rctx->implicit_rejection == 0) ++ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; ++ else ++ pad_mode = rctx->pad_mode; ++ ret = RSA_private_decrypt(inlen, in, out, rsa, pad_mode); + } + *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); + ret = constant_time_select_int(constant_time_msb(ret), ret, 1); +@@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + *(unsigned char **)p2 = rctx->oaep_label; + return rctx->oaep_labellen; + ++ case EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION: ++ if (rctx->pad_mode != RSA_PKCS1_PADDING) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); ++ return -2; ++ } ++ rctx->implicit_rejection = p1; ++ return 1; ++ + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + #ifndef OPENSSL_NO_CMS +diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in +index b0054ead66..dd87829798 100644 +--- a/doc/man1/openssl-pkeyutl.pod.in ++++ b/doc/man1/openssl-pkeyutl.pod.in +@@ -240,6 +240,11 @@ signed or verified directly instead of using a B structure. If a + digest is set then the a B structure is used and its the length + must correspond to the digest type. + ++Note, for B padding, as a protection against Bleichenbacher attack, ++the decryption will not fail in case of padding check failures. Use B ++and manual inspection of the decrypted message to verify if the decrypted ++value has correct PKCS#1 v1.5 padding. ++ + For B mode only encryption and decryption is supported. + + For B if the digest type is set it is used to format the block data +@@ -267,6 +272,16 @@ explicitly set in PSS mode then the signing digest is used. + Sets the digest used for the OAEP hash function. If not explicitly set then + SHA1 is used. + ++=item BI ++ ++Disables (when set to 0) or enables (when set to 1) the use of implicit ++rejection with PKCS#1 v1.5 decryption. When enabled (the default), as a ++protection against Bleichenbacher attack, the library will generate a ++deterministic random plaintext that it will return to the caller in case ++of padding check failure. ++When disabled, it's the callers' responsibility to handle the returned ++errors in a side-channel free manner. ++ + =back + + =head1 RSA-PSS ALGORITHM +diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in +index 0a32fd965b..4c462abc8c 100644 +--- a/doc/man1/openssl-rsautl.pod.in ++++ b/doc/man1/openssl-rsautl.pod.in +@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, + ANSI X9.31, or no padding, respectively. + For signatures, only B<-pkcs> and B<-raw> can be used. + ++Note: because of protection against Bleichenbacher attacks, decryption ++using PKCS#1 v1.5 mode will not return errors in case padding check failed. ++Use B<-raw> and inspect the returned value manually to check if the ++padding is correct. ++ + =item B<-hexdump> + + Hex dump the output data. +diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod +index 5596b8ccdd..a8cc4ecd9f 100644 +--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod ++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod +@@ -393,6 +393,15 @@ this behaviour should be tolerated then + OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual + negotiated protocol version. Otherwise it should be left unset. + ++Similarly to the B above, since OpenSSL version ++3.1.0, the use of B will return a randomly generated message ++instead of padding errors in case padding checks fail. Applications that ++want to remain secure while using earlier versions of OpenSSL, still need to ++handle both the error code from the RSA decryption operation and the ++returned message in a side channel secure manner. ++This protection against Bleichenbacher attacks can be disabled by setting ++the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0. ++ + =head2 DSA parameters + + EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA +diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod +index b6f9bad5f1..898535a7a2 100644 +--- a/doc/man3/EVP_PKEY_decrypt.pod ++++ b/doc/man3/EVP_PKEY_decrypt.pod +@@ -51,6 +51,18 @@ return 1 for success and 0 or a negative value for failure. In particular a + return value of -2 indicates the operation is not supported by the public key + algorithm. + ++=head1 WARNINGS ++ ++In OpenSSL versions before 3.1.0, when used in PKCS#1 v1.5 padding, ++both the return value from the EVP_PKEY_decrypt() and the B provided ++information useful in mounting a Bleichenbacher attack against the ++used private key. They had to processed in a side-channel free way. ++ ++Since version 3.1.0, the EVP_PKEY_decrypt() method when used with PKCS#1 ++v1.5 padding doesn't return an error in case it detects an error in padding, ++instead it returns a pseudo-randomly generated message, removing the need ++of side-channel secure code from applications using OpenSSL. ++ + =head1 EXAMPLES + + Decrypt data using OAEP (for RSA keys): +diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod +index 9f7025c497..36ae18563f 100644 +--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod ++++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod +@@ -121,8 +121,8 @@ L. + + =head1 WARNINGS + +-The result of RSA_padding_check_PKCS1_type_2() is a very sensitive +-information which can potentially be used to mount a Bleichenbacher ++The result of RSA_padding_check_PKCS1_type_2() is exactly the ++information which is used to mount a classical Bleichenbacher + padding oracle attack. This is an inherent weakness in the PKCS #1 + v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not + possible, the result of RSA_padding_check_PKCS1_type_2() should be +@@ -137,6 +137,9 @@ as this would create a small timing side channel which could be + used to mount a Bleichenbacher attack against any padding mode + including PKCS1_OAEP. + ++You should prefer the use of EVP PKEY APIs for PKCS#1 v1.5 decryption ++as they implement the necessary workarounds internally. ++ + =head1 SEE ALSO + + L, +diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod +index 1d38073aea..bd3f835ac6 100644 +--- a/doc/man3/RSA_public_encrypt.pod ++++ b/doc/man3/RSA_public_encrypt.pod +@@ -52,8 +52,8 @@ Encrypting user data directly with RSA is insecure. + + =back + +-B must not be more than RSA_size(B) - 11 for the PKCS #1 v1.5 +-based padding modes, not more than RSA_size(B) - 42 for ++When encrypting B must not be more than RSA_size(B) - 11 for the ++PKCS #1 v1.5 based padding modes, not more than RSA_size(B) - 42 for + RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B) for RSA_NO_PADDING. + When a padding mode other than RSA_NO_PADDING is in use, then + RSA_public_encrypt() will include some random bytes into the ciphertext +@@ -92,6 +92,13 @@ which can potentially be used to mount a Bleichenbacher padding oracle + attack. This is an inherent weakness in the PKCS #1 v1.5 padding + design. Prefer RSA_PKCS1_OAEP_PADDING. + ++In OpenSSL before version 3.1.0, both the return value and the length of ++returned value could be used to mount the Bleichenbacher attack. ++Since version 3.1.0, OpenSSL does not return an error in case of padding ++checks failed. Instead it generates a random message based on used private ++key and provided ciphertext so that application code doesn't have to implement ++a side-channel secure error handling. ++ + =head1 CONFORMING TO + + SSL, PKCS #1 v2.0 +diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod +index 0976a263a8..2a8426a6ed 100644 +--- a/doc/man7/provider-asym_cipher.pod ++++ b/doc/man7/provider-asym_cipher.pod +@@ -234,6 +234,15 @@ The TLS protocol version first requested by the client. + + The negotiated TLS protocol version. + ++=item "implicit-rejection" (B) ++ ++Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 ++decryption. When set (non zero value), the decryption API will return ++a deterministically random value if the PKCS#1 v1.5 padding check fails. ++This makes explotation of the Bleichenbacher significantly harder, even ++if the code using the RSA decryption API is not implemented in side-channel ++free manner. Set by default. ++ + =back + + OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() +diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h +index 949873d0ee..f267e5d9d1 100644 +--- a/include/crypto/rsa.h ++++ b/include/crypto/rsa.h +@@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg); + RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); + ++int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ int num, unsigned char *kdk); + int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, + size_t tlen, + const unsigned char *from, +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 6248dda659..300d1129a4 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -297,6 +297,7 @@ extern "C" { + #define OSSL_PKEY_PARAM_DIST_ID "distid" + #define OSSL_PKEY_PARAM_PUB_KEY "pub" + #define OSSL_PKEY_PARAM_PRIV_KEY "priv" ++#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" + + /* Diffie-Hellman/DSA Parameters */ + #define OSSL_PKEY_PARAM_FFC_P "p" +@@ -473,6 +474,7 @@ extern "C" { + #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" + #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" + #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" ++#define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" + #ifdef FIPS_MODULE + #define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" + #endif +diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h +index d0c9599274..e3e1476cda 100644 +--- a/include/openssl/rsa.h ++++ b/include/openssl/rsa.h +@@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); + + # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + ++# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) ++ + # define RSA_PKCS1_PADDING 1 + # define RSA_NO_PADDING 3 + # define RSA_PKCS1_OAEP_PADDING 4 +@@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); + # define RSA_PKCS1_PSS_PADDING 6 + # define RSA_PKCS1_WITH_TLS_PADDING 7 + ++/* internal RSA_ only */ ++# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 ++ + # define RSA_PKCS1_PADDING_SIZE 11 + + # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c +index 666a699d84..d169bfd396 100644 +--- a/providers/implementations/asymciphers/rsa_enc.c ++++ b/providers/implementations/asymciphers/rsa_enc.c +@@ -78,6 +78,8 @@ typedef struct { + /* TLS padding */ + unsigned int client_version; + unsigned int alt_version; ++ /* PKCS#1 v1.5 decryption mode */ ++ unsigned int implicit_rejection; + #ifdef FIPS_MODULE + char *redhat_st_oaep_seed; + #endif /* FIPS_MODULE */ +@@ -113,6 +115,7 @@ static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[], + RSA_free(prsactx->rsa); + prsactx->rsa = vrsa; + prsactx->operation = operation; ++ prsactx->implicit_rejection = 1; + + switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: +@@ -237,6 +240,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + int ret; ++ int pad_mode; + size_t len = RSA_size(prsactx->rsa); + + if (!ossl_prov_is_running()) +@@ -326,8 +330,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, + } + OPENSSL_free(tbuf); + } else { +- ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, +- prsactx->pad_mode); ++ if ((prsactx->implicit_rejection == 0) && ++ (prsactx->pad_mode == RSA_PKCS1_PADDING)) ++ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; ++ else ++ pad_mode = prsactx->pad_mode; ++ ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode); + } + *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); + ret = constant_time_select_int(constant_time_msb(ret), 0, 1); +@@ -454,6 +462,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) + if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) + return 0; + ++ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); ++ if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) ++ return 0; ++ + return 1; + } + +@@ -465,6 +477,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), + #ifdef FIPS_MODULE + OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), + #endif /* FIPS_MODULE */ +@@ -621,6 +634,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + return 0; + prsactx->alt_version = alt_version; + } ++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); ++ if (p != NULL) { ++ unsigned int implicit_rejection; ++ ++ if (!OSSL_PARAM_get_uint(p, &implicit_rejection)) ++ return 0; ++ prsactx->implicit_rejection = implicit_rejection; ++ } + + return 1; + } +@@ -633,6 +654,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), + OSSL_PARAM_END + }; + +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +index 7487684e19..e807c0a2e1 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +@@ -268,9 +268,25 @@ Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Output = "Hello World" + ++Availablein = default ++# Note: disable the Bleichenbacher workaround to see if it passes ++Decrypt = RSA-2048 ++Ctrl = rsa_pkcs1_implicit_rejection:0 ++Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 ++Output = "Hello World" ++ ++Availablein = default ++# Corrupted ciphertext ++# Note: output is generated synthethically by the Bleichenbacher workaround ++Decrypt = RSA-2048 ++Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 ++Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff ++ + # Corrupted ciphertext + Availablein = default ++# Note: disable the Bleichenbacher workaround to see if it fails + Decrypt = RSA-2048 ++Ctrl = rsa_pkcs1_implicit_rejection:0 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 + Output = "Hello World" + Result = KEYOP_ERROR +@@ -293,6 +309,462 @@ Derive = RSA-2048 + Result = KEYOP_INIT_ERROR + Reason = operation not supported for this keytype + ++# Test vectors for the Bleichenbacher workaround ++ ++PrivateKey = RSA-2048-2 ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEAyMyDlxQJjaVsqiNkD5PciZfBY3KWj8Gwxt9RE8HJTosh5IrS ++KX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjOjRQclJBetK0wZjmkkgZTS25/JgdC ++Ppff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7SSmBfVEWZkQKH6y3ogj16hZZEK3Y ++o/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVOyHUipMApePlomYC/+/ZJwwfoGBm/ +++IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1a9PC6lRl3/oUWJKSqdiiStJr5+4F ++EHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGnaQIDAQABAoIBABRVAQ4PLVh2Y6Zm ++pv8czbvw7dgQBkbQKgI5IpCJksStOeVWWSlybvZQjDpxFY7wtv91HTnQdYC7LS8G ++MhBELQYD/1DbvXs1/iybsZpHoa+FpMJJAeAsqLWLeRmyDt8yqs+/Ua20vEthubfp ++aMqk1XD3DvGNgGMiiJPkfUOe/KeTJZvPLNEIo9hojN8HjnrHmZafIznSwfUiuWlo ++RimpM7quwmgWJeq4T05W9ER+nYj7mhmc9xAj4OJXsURBszyE07xnyoAx0mEmGBA6 ++egpAhEJi912IkM1hblH5A1SI/W4Jnej/bWWk/xGCVIB8n1jS+7qLoVHcjGi+NJyX ++eiBOBMECgYEA+PWta6gokxvqRZuKP23AQdI0gkCcJXHpY/MfdIYColY3GziD7UWe ++z5cFJkWe3RbgVSL1pF2UdRsuwtrycsf4gWpSwA0YCAFxY02omdeXMiL1G5N2MFSG ++lqn32MJKWUl8HvzUVc+5fuhtK200lyszL9owPwSZm062tcwLsz53Yd0CgYEAznou ++O0mpC5YzChLcaCvfvfuujdbcA7YUeu+9V1dD8PbaTYYjUGG3Gv2crS00Al5WrIaw ++93Q+s14ay8ojeJVCRGW3Bu0iF15XGMjHC2cD6o9rUQ+UW+SOWja7PDyRcytYnfwF ++1y2AkDGURSvaITSGR+xylD8RqEbmL66+jrU2sP0CgYB2/hXxiuI5zfHfa0RcpLxr ++uWjXiMIZM6T13NKAAz1nEgYswIpt8gTB+9C+RjB0Q+bdSmRWN1Qp1OA4yiVvrxyb ++3pHGsXt2+BmV+RxIy768e/DjSUwINZ5OjNalh9e5bWIh/X4PtcVXXwgu5XdpeYBx ++sru0oyI4FRtHMUu2VHkDEQKBgQCZiEiwVUmaEAnLx9KUs2sf/fICDm5zZAU+lN4a ++AA3JNAWH9+JydvaM32CNdTtjN3sDtvQITSwCfEs4lgpiM7qe2XOLdvEOp1vkVgeL ++9wH2fMaz8/3BhuZDNsdrNy6AkQ7ICwrcwj0C+5rhBIaigkgHW06n5W3fzziC5FFW ++FHGikQKBgGQ790ZCn32DZnoGUwITR++/wF5jUfghqd67YODszeUAWtnp7DHlWPfp ++LCkyjnRWnXzvfHTKvCs1XtQBoaCRS048uwZITlgZYFEWntFMqi76bqBE4FTSYUTM ++FinFUBBVigThM/RLfCRNrCW/kTxXuJDuSfVIJZzWNAT+9oWdz5da ++-----END RSA PRIVATE KEY----- ++ ++# corresponding public key ++PublicKey = RSA-2048-2-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMyDlxQJjaVsqiNkD5Pc ++iZfBY3KWj8Gwxt9RE8HJTosh5IrSKX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjO ++jRQclJBetK0wZjmkkgZTS25/JgdCPpff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7 ++SSmBfVEWZkQKH6y3ogj16hZZEK3Yo/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVO ++yHUipMApePlomYC/+/ZJwwfoGBm/+IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1 ++a9PC6lRl3/oUWJKSqdiiStJr5+4FEHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGn ++aQIDAQAB ++-----END PUBLIC KEY----- ++ ++PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC ++ ++# RSA decrypt ++ ++# a random positive test case ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 ++Output = "lorem ipsum dolor sit amet" ++ ++Availablein = default ++# a random negative test case decrypting to empty ++Decrypt = RSA-2048-2 ++Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7 ++Output = ++ ++Availablein = default ++# invalid decrypting to max length message ++Decrypt = RSA-2048-2 ++Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303 ++Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3 ++ ++Availablein = default ++# invalid decrypting to message with length specified by second to last value from PRF ++Decrypt = RSA-2048-2 ++Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354 ++Output = 0f9b ++ ++Availablein = default ++# invalid decrypting to message with length specified by third to last value from PRF ++Decrypt = RSA-2048-2 ++Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 ++Output = 4f02 ++ ++# positive test with 11 byte long value ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and zero padded ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and zero truncated ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and double zero padded ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and double zero truncated ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc ++Output = "lorem ipsum" ++ ++# positive that generates a 0 byte long synthethic message internally ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 ++Output = "lorem ipsum" ++ ++# positive that generates a 245 byte long synthethic message internally ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 ++Output = "lorem ipsum" ++ ++Availablein = default ++# a random negative test that generates an 11 byte long message ++Decrypt = RSA-2048-2 ++Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2 ++Output = af9ac70191c92413cb9f2d ++ ++Availablein = default ++# an otherwise correct plaintext, but with wrong first byte ++# (0x01 instead of 0x00), generates a random 11 byte long plaintext ++Decrypt = RSA-2048-2 ++Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc3039906ff3aac904af32ec798fd65f3ad1afa2e69400e7c1de81f5728f3b3291f38263bc7a90a0563e43ce7a0d4ee9c0d8a716621ca5d3d081188769ce1b131af7d35b13dea99153579c86db31fe07d5a2c14d621b77854e48a8df41b5798563af489a291e417b6a334c63222627376118c02c53b6e86310f728734ffc86ef9d7c8bf56c0c841b24b82b59f51aee4526ba1c4268506d301e4ebc498c6aebb6fd5258c876bf900bac8ca4d309dd522f6a6343599a8bc3760f422c10c72d0ad527ce4af1874124ace3d99bb74db8d69d2528db22c3a37644640f95c05f ++Output = a1f8c9255c35cfba403ccc ++ ++Availablein = default ++# an otherwise correct plaintext, but with wrong second byte ++# (0x01 instead of 0x02), generates a random 11 byte long plaintext ++Decrypt = RSA-2048-2 ++Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d2bac96bf00d6592ea7cdc3341610c8fb07e527e5e2d20cfaf2c7f23e375431f45e998929a02f25fd95354c33838090bca838502259e92d86d568bc2cdb132fab2a399593ca60a015dc2bb1afcd64fef8a3834e17e5358d822980dc446e845b3ab4702b1ee41fe5db716d92348d5091c15d35a110555a35deb4650a5a1d2c98025d42d4544f8b32aa6a5e02dc02deaed9a7313b73b49b0d4772a3768b0ea0db5846ace6569cae677bf67fb0acf3c255dc01ec8400c963b6e49b1067728b4e563d7e1e1515664347b92ee64db7efb5452357a02fff7fcb7437abc2e579 ++Output = e6d700309ca0ed62452254 ++ ++Availablein = default ++# an invalid ciphertext, with a zero byte in first byte of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 ++Output = ba27b1842e7c21c0e7ef6a ++ ++Availablein = default ++# an invalid ciphertext, with a zero byte removed from first byte of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 ++Output = ba27b1842e7c21c0e7ef6a ++ ++Availablein = default ++# an invalid ciphertext, with two zero bytes in first bytes of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 ++Output = d5cf555b1d6151029a429a ++ ++Availablein = default ++# an invalid ciphertext, with two zero bytes removed from first bytes of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 ++Output = d5cf555b1d6151029a429a ++ ++Availablein = default ++# and invalid ciphertext, otherwise valid but starting with 000002, decrypts ++# to random 11 byte long synthethic plaintext ++Decrypt = RSA-2048-2 ++Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955 ++Output = 3d4a054d9358209e9cbbb9 ++ ++Availablein = default ++# negative test with otherwise valid padding but a zero byte in first byte ++# of padding ++Decrypt = RSA-2048-2 ++Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a940037ac516b0d6412ba44ec6b4f268a55ef1c5ffbf18a2f4e3522bb7b6ed89774b79bffa22f7d3102165565642de0d43a955e96a1f2e80e5430671d7266eb4f905dc8ff5e106dc5588e5b0289e49a4913940e392a97062616d2bda38155471b7d360cfb94681c702f60ed2d4de614ea72bf1c53160e63179f6c5b897b59492bee219108309f0b7b8cb2b136c346a5e98b8b4b8415fb1d713bae067911e3057f1c335b4b7e39101eafd5d28f0189037e4334f4fdb9038427b1d119a6702aa8233319cc97d496cc289ae8c956ddc84042659a2d43d6aa22f12b81ab884e ++Output = 1f037dd717b07d3e7f7359 ++ ++Availablein = default ++# negative test with otherwise valid padding but a zero byte at the eigth ++# byte of padding ++Decrypt = RSA-2048-2 ++Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a96460e745024436470ed85e94297b283537d52189c406a3f533cb405cc6a9dba46b482ce98b6e3dd52d8fce2237425617e38c11fbc46b61897ef200d01e4f25f5f6c4c5b38cd0de38ba11908b86595a8036a08a42a3d05b79600a97ac18ba368a08d6cf6ccb624f6e8002afc75599fba4de3d4f3ba7d208391ebe8d21f8282b18e2c10869eb2702e68f9176b42b0ddc9d763f0c86ba0ff92c957aaeab76d9ab8da52ea297ec11d92d770146faa1b300e0f91ef969b53e7d2907ffc984e9a9c9d11fb7d6cba91972059b46506b035efec6575c46d7114a6b935864858445f ++Output = 63cb0bf65fc8255dd29e17 ++ ++Availablein = default ++# negative test with an otherwise valid plaintext but with missing separator ++# byte ++Decrypt = RSA-2048-2 ++Input = 3d1b97e7aa34eaf1f4fc171ceb11dcfffd9a46a5b6961205b10b302818c1fcc9f4ec78bf18ea0cee7e9fa5b16fb4c611463b368b3312ac11cf9c06b7cf72b54e284848a508d3f02328c62c2999d0fb60929f81783c7a256891bc2ff4d91df2af96a24fc5701a1823af939ce6dbdc510608e3d41eec172ad2d51b9fc61b4217c923cadcf5bac321355ef8be5e5f090cdc2bd0c697d9058247db3ad613fdce87d2955a6d1c948a5160f93da21f731d74137f5d1f53a1923adb513d2e6e1589d44cc079f4c6ddd471d38ac82d20d8b1d21f8d65f3b6907086809f4123e08d86fb38729585de026a485d8f0e703fd4772f6668febf67df947b82195fa3867e3a3065 ++Output = 6f09a0b62699337c497b0b ++ ++# Test vectors for the Bleichenbacher workaround (2049 bit key size) ++ ++PrivateKey = RSA-2049 ++-----BEGIN RSA PRIVATE KEY----- ++MIIEpQIBAAKCAQEBVfiJVWoXdfHHp3hqULGLwoyemG7eVmfKs5uEEk6Q66dcHbCD ++rD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjIXeD+dX9uSbue1EfmAkMIANuwTOsi ++5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePfYkZQCUYx8h6v0vtbyRX/BDeazRES ++9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+UFVTQRwRnUFw89UHqCJffyfQAzssp ++j/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/krw6A+qFdsQX8kAHteT3UBEFtUTen6 ++3N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQlwIDAQABAoIBAQEZwrP1CnrWFSZ5 ++1/9RCVisLYym8AKFkvMy1VoWc2F4qOZ/F+cFzjAOPodUclEAYBP5dNCj20nvNEyl ++omo0wEUHBNDkIuDOI6aUJcFf77bybhBu7/ZMyLnXRC5NpOjIUAjq6zZYWaIpT6OT ++e8Jr5WMy59geLBYO9jXMUoqnvlXmM6cj28Hha6KeUrKa7y+eVlT9wGZrsPwlSsvo ++DmOHTw9fAgeC48nc/CUg0MnEp7Y05FA/u0k+Gq/us/iL16EzmHJdrm/jmed1zV1M ++8J/IODR8TJjasaSIPM5iBRNhWvqhCmM2jm17ed9BZqsWJznvUVpEAu4eBgHFpVvH ++HfDjDt+BAoGBAYj2k2DwHhjZot4pUlPSUsMeRHbOpf97+EE99/3jVlI83JdoBfhP ++wN3sdw3wbO0GXIETSHVLNGrxaXVod/07PVaGgsh4fQsxTvasZ9ZegTM5i2Kgg8D4 ++dlxa1A1agfm73OJSftfpUAjLECnLTKvR+em+38KGyWVSJV2n6rGSF473AoGBAN7H ++zxHa3oOkxD0vgBl/If1dRv1XtDH0T+gaHeN/agkf/ARk7ZcdyFCINa3mzF9Wbzll ++YTqLNnmMkubiP1LvkH6VZ+NBvrxTNxiWJfu+qx87ez+S/7JoHm71p4SowtePfC2J ++qqok0s7b0GaBz+ZcNse/o8W6E1FiIi71wukUyYNhAoGAEgk/OnPK7dkPYKME5FQC +++HGrMsjJVbCa9GOjvkNw8tVYSpq7q2n9sDHqRPmEBl0EYehAqyGIhmAONxVUbIsL ++ha0m04y0MI9S0H+ZRH2R8IfzndNAONsuk46XrQU6cfvtZ3Xh3IcY5U5sr35lRn2c ++ut3H52XIWJ4smN/cJcpOyoECgYEAjM5hNHnPlgj392wkXPkbtJXWHp3mSISQVLTd ++G0MW8/mBQg3AlXi/eRb+RpHPrppk5jQLhgMjRSPyXXe2amb8PuWTqfGN6l32PtX3 ++3+udILpppb71Wf+w7JTbcl9v9uq7o9SVR8DKdPA+AeweSQ0TmqCnlHuNZizOSjwP ++G16GF0ECgYEA+ZWbNMS8qM5IiHgbMbHptdit9dDT4+1UXoNn0/hUW6ZEMriHMDXv ++iBwrzeANGAn5LEDYeDe1xPms9Is2uNxTpZVhpFZSNALR6Po68wDlTJG2PmzuBv5t ++5mbzkpWCoD4fRU53ifsHgaTW+7Um74gWIf0erNIUZuTN2YrtEPTnb3k= ++-----END RSA PRIVATE KEY----- ++ ++# corresponding public key ++PublicKey = RSA-2049-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEBVfiJVWoXdfHHp3hqULGL ++woyemG7eVmfKs5uEEk6Q66dcHbCDrD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjI ++XeD+dX9uSbue1EfmAkMIANuwTOsi5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePf ++YkZQCUYx8h6v0vtbyRX/BDeazRES9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+U ++FVTQRwRnUFw89UHqCJffyfQAzsspj/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/kr ++w6A+qFdsQX8kAHteT3UBEFtUTen63N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQ ++lwIDAQAB ++-----END PUBLIC KEY----- ++ ++PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC ++ ++# RSA decrypt ++ ++Availablein = default ++# malformed that generates length specified by 3rd last value from PRF ++Decrypt = RSA-2049 ++Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894 ++Output = 42 ++ ++# simple positive test case ++Availablein = default ++Decrypt = RSA-2049 ++Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967 ++Output = "lorem ipsum" ++ ++# positive test case with null padded ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 ++Output = "lorem ipsum" ++ ++# positive test case with null truncated ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 ++Output = "lorem ipsum" ++ ++# positive test case with double null padded ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 ++Output = "lorem ipsum" ++ ++# positive test case with double null truncated ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 ++Output = "lorem ipsum" ++ ++Availablein = default ++# a random negative test case that generates an 11 byte long message ++Decrypt = RSA-2049 ++Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca ++Output = 1189b6f5498fd6df532b00 ++ ++Availablein = default ++# otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00) ++Decrypt = RSA-2049 ++Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff ++Output = f6d0f5b78082fe61c04674 ++ ++Availablein = default ++# otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) ++Decrypt = RSA-2049 ++Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 ++Output = 1ab287fcef3ff17067914d ++ ++# RSA decrypt with 3072 bit keys ++PrivateKey = RSA-3072 ++-----BEGIN RSA PRIVATE KEY----- ++MIIG5AIBAAKCAYEAr9ccqtXp9bjGw2cHCkfxnX5mrt4YpbJ0H7PE0zQ0VgaSotkJ ++72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjdvwDdu+OG0zuNDiKxtEk23EiYcbhS ++N7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni5QyIPH16wQ7Wp02ayQ35EpkFoX1K ++CHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3VxUosvFxargW1uygcnveqYBZMpcw64 ++wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx7S/IPlcZnP5ZCLEAh+J/vZfSwkIU ++YZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+vEN0V6VI3gMfVrlgJStUlqQY7TDP5 ++XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/gaEJANFIIOuAGvTxpZbEuc6aUx/P ++ilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDkooCElYcob01/JWzoXl61Z5sdrMH5 ++CVZJty5foHKusAN5AgMBAAECggGAJRfqyzr+9L/65gOY35lXpdKhVKgzaNjhWEKy ++9Z7gn3kZe9LvHprdr4eG9rQSdEdAXjBCsh8vULeqc3cWgMO7y2wiWl1f9rVsRxwY ++gqCjOwrxZaPtbCSdx3g+a8dYrDfmVy0z/jJQeO2VJlDy65YEkC75mlEaERnRPE/J ++pDoXXc37+xoUAP4XCTtpzTzbiV9lQy6iGV+QURxzNrWKaF2s/y2vTF6S5WWxZlrm ++DlErqplluAjV/xGc63zWksv5IAZ6+s2An2a+cG2iaBCseQ2xVslI5v5YG8mEkVf0 ++2kk/OmSwxuEZ4DGxB/hDbOKRYLRYuPnxCV/esZJjOE/1OHVXvE8QtANN6EFwO60s ++HnacI4U+tjCjbRBh3UbipruvdDqX8LMsNvUMGjci3vOjlNkcLgeL8J15Xs3l5WuC ++Avl0Am91/FbpoN1qiPLny3jvEpjMbGUgfKRb03GIgHtPzbHmDdjluFZI+376i2/d ++RI85dBqNmAn+Fjrz3kW6wkpahByBAoHBAOSj2DDXPosxxoLidP/J/RKsMT0t0FE9 ++UFcNt+tHYv6hk+e7VAuUqUpd3XQqz3P13rnK4xvSOsVguyeU/WgmH4ID9XGSgpBP ++Rh6s7izn4KAJeqfI26vTPxvyaZEqB4JxT6k7SerENus95zSn1v/f2MLBQ16EP8cJ +++QSOVCoZfEhUK+srherQ9eZKpj0OwBUrP4VhLdymv96r8xddWX1AVj4OBi2RywKI ++gAgv6fjwkb292jFu6x6FjKRNKwKK6c3jqQKBwQDE4c0Oz0KYYV4feJun3iL9UJSv ++StGsKVDuljA4WiBAmigMZTii/u0DFEjibiLWcJOnH53HTr0avA6c6D1nCwJ2qxyF ++rHNN2L+cdMx/7L1zLR11+InvRgpIGbpeGwHeIzJVUYG3b6llRJMZimBvAMr9ipM1 ++bkVvIjt1G9W1ypeuKzm6d/t8F0yC7AIYZWDV4nvxiiY8whLZzGawHR2iZz8pfUwb ++7URbTvxdsGE27Kq9gstU0PzEJpnU1goCJ7/gA1ECgcBA8w5B6ZM5xV0H5z6nPwDm ++IgYmw/HucgV1hU8exfuoK8wxQvTACW4B0yJKkrK11T1899aGG7VYRn9D4j4OLO48 ++Z9V8esseJXbc1fEezovvymGOci984xiFXtqAQzk44+lmQJJh33VeZApe2eLocvVH ++ddEmc1kOuJWFpszf3LeCcG69cnKrXsrLrZ8Frz//g3aa9B0sFi5hGeWHWJxISVN2 ++c1Nr9IN/57i/GqVTcztjdCAcdM7Tr8phDg7OvRlnxGkCgcEAuYhMFBuulyiSaTff ++/3ZvJKYOJ45rPkEFGoD/2ercn+RlvyCYGcoAEjnIYVEGlWwrSH+b0NlbjVkQsD6O ++to8CeE/RpgqX8hFCqC7NE/RFp8cpDyXy3j/zqnRMUyhCP1KNuScBBZs9V8gikxv6 ++ukBWCk3PYbeTySHKRBbB8vmCrMfhM96jaBIQsQO1CcZnVceDo1/bnsAIwaREVMxr ++Q8LmG7QOx/Z0x1MMsUFoqzilwccC09/JgxMZPh+h+Nv6jiCxAoHBAOEqQgFAfSdR ++ya60LLH55q803NRFMamuKiPbVJLzwiKfbjOiiopmQOS/LxxqIzeMXlYV4OsSvxTo ++G7mcTOFRtU5hKCK+t8qeQQpa/dsMpiHllwArnRyBjIVgL5lFKRpHUGLsavU/T1IH ++mtgaxZo32dXvcAh1+ndCHVBwbHTOF4conA+g+Usp4bZSSWn5nU4oIizvSVpG7SGe ++0GngdxH9Usdqbvzcip1EKeHRTZrHIEYmB+x0LaRIB3dwZNidK3TkKw== ++-----END RSA PRIVATE KEY----- ++ ++PublicKey = RSA-3072-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr9ccqtXp9bjGw2cHCkfx ++nX5mrt4YpbJ0H7PE0zQ0VgaSotkJ72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjd ++vwDdu+OG0zuNDiKxtEk23EiYcbhSN7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni ++5QyIPH16wQ7Wp02ayQ35EpkFoX1KCHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3Vx ++UosvFxargW1uygcnveqYBZMpcw64wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx ++7S/IPlcZnP5ZCLEAh+J/vZfSwkIUYZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+v ++EN0V6VI3gMfVrlgJStUlqQY7TDP5XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/ ++gaEJANFIIOuAGvTxpZbEuc6aUx/PilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDk ++ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= ++-----END PUBLIC KEY----- ++ ++PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC ++ ++Availablein = default ++# a random invalid ciphertext that generates an empty synthethic one ++Decrypt = RSA-3072 ++Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59 ++Output = ++ ++Availablein = default ++# a random invalid that has PRF output with a length one byte too long ++# in the last value ++Decrypt = RSA-3072 ++Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa28b791188374b61916dbc11339bf14b06f5f3f68c206c5607380e13da3129bfb744157e1527dd6fdf6651248b028a496ae1b97702d44706043cdaa7a59c0f41367303f21f268968bf3bd2904db3ae5239b55f8b438d93d7db9d1666c071c0857e2ec37757463769c54e51f052b2a71b04c2869e9e7049a1037b8429206c99726f07289bac18363e7eb2a5b417f47c37a55090cda676517b3549c873f2fe95da9681752ec9864b069089a2ed2f340c8b04ee00079055a817a3355b46ac7dc00d17f4504ccfbcfcadb0c04cb6b22069e179385ae1eafabad5521bac2b8a8ee1dfff59a22eb3fdacfc87175d10d7894cfd869d056057dd9944b869c1784fcc27f731bc46171d39570fbffbadf082d33f6352ecf44aca8d9478e53f5a5b7c852b401e8f5f74da49da91e65bdc97765a9523b7a0885a6f8afe5759d58009fbfa837472a968e6ae92026a5e0202a395483095302d6c3985b5f5831c521a271 ++Output = 56a3bea054e01338be9b7d7957539c ++ ++Availablein = default ++# a random invalid that generates a synthethic of maximum size ++Decrypt = RSA-3072 ++Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6 ++Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04 ++ ++# a positive test case that decrypts to 9 byte long value ++Availablein = default ++Decrypt = RSA-3072 ++Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde ++Output = "forty two" ++ ++# a positive test case with null padded ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 ++Output = "forty two" ++ ++# a positive test case with null truncated ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 ++Output = "forty two" ++ ++# a positive test case with double null padded ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 ++Output = "forty two" ++ ++# a positive test case with double null truncated ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 ++Output = "forty two" ++ ++Availablein = default ++# a random negative test case that generates a 9 byte long message ++Decrypt = RSA-3072 ++Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56 ++Output = 257906ca6de8307728 ++ ++Availablein = default ++# a random negative test case that generates a 9 byte long message based on ++# second to last value from PRF ++Decrypt = RSA-3072 ++Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a03a2c10eb624a63322d854da195c017b76fea83e274fa371834dcd2f3b7accf433fc212ad76c0bac366e1ed32e25b279f94129be7c64d6e162adc08ccebc0cfe8e926f01c33ab9c065f0e0ac83ae5137a4cb66702615ad68a35707d8676d2740d7c1a954680c83980e19778ed11eed3a7c2dbdfc461a9bbef671c1bc00c882d361d29d5f80c42bdf5efec886c34138f83369c6933b2ac4e93e764265351b4a0083f040e14f511f09b22f96566138864e4e6ff24da4810095da98e0585410951538ced2f757a277ff8e17172f06572c9024eeae503f176fd46eb6c5cd9ba07af11cde31dccac12eb3a4249a7bfd3b19797ad1656984bfcbf6f74e8f99d8f1ac420811f3d166d87f935ef15ae858cf9e72c8e2b547bf16c3fb09a8c9bf88fd2e5d38bf24ed610896131a84df76b9f920fe76d71fff938e9199f3b8cd0c11fd0201f9139d7673a871a9e7d4adc3bbe360c8813617cd60a90128fbe34c9d5 ++Output = 043383c929060374ed ++ ++Availablein = default ++# a random negative test that generates message based on 3rd last value from ++# PRF ++Decrypt = RSA-3072 ++Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf4868174a91d7601a82975d2255190d28b869141d7c395f0b8c4e2be2b2c1b4ffc12ce749a6f6803d4cfe7fba0a8d6949c04151f981c0d84592aa2ff25d1bd3ce5d10cb03daca6b496c6ad40d30bfa8acdfd02cdb9326c4bdd93b949c9dc46caa8f0e5f429785bce64136a429a3695ee674b647452bea1b0c6de9c5f1e8760d5ef6d5a9cfff40457b023d3c233c1dcb323e7808103e73963b2eafc928c9eeb0ee3294955415c1ddd9a1bb7e138fecd79a3cb89c57bd2305524624814aaf0fd1acbf379f7f5b39421f12f115ba488d380586095bb53f174fae424fa4c8e3b299709cd344b9f949b1ab57f1c645d7ed3c8f81d5594197355029fee8960970ff59710dc0e5eb50ea6f4c3938e3f89ed7933023a2c2ddffaba07be147f686828bd7d520f300507ed6e71bdaee05570b27bc92741108ac2eb433f028e138dd6d63067bc206ea2d826a7f41c0d613daed020f0f30f4e272e9618e0a8c39018a83 ++Output = 70263fa6050534b9e0 ++ ++Availablein = default ++# an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00) ++Decrypt = RSA-3072 ++Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62 ++Output = 6d8d3a094ff3afff4c ++ ++Availablein = default ++# an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02) ++Decrypt = RSA-3072 ++Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936 ++Output = c6ae80ffa80bc184b0 ++ ++Availablein = default ++# an otherwise valid plaintext, but with zero byte in first byte of padding ++Decrypt = RSA-3072 ++Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0 ++Output = a8a9301daa01bb25c7 ++ ++Availablein = default ++# an otherwise valid plaintext, but with zero byte in eight byte of padding ++Decrypt = RSA-3072 ++Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571 ++Output = 6c716fe01d44398018 ++ ++Availablein = default ++# an otherwise valid plaintext, but with null separator missing ++Decrypt = RSA-3072 ++Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 ++Output = aa2de6cde4e2442884 ++ + # RSA PSS key tests + + # PSS only key, no parameter restrictions +-- +2.41.0 + diff --git a/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch b/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch new file mode 100644 index 0000000..4308f5e --- /dev/null +++ b/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch @@ -0,0 +1,1102 @@ +From 936e081bd752ca0a883568aaf3b5752c9eaccb12 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:38:21 +0200 +Subject: [PATCH 36/48] + 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch + +Patch-name: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +Patch-id: 80 +Patch-status: | + # We believe that some changes present in CentOS are not necessary + # because ustream has a check for FIPS version +--- + providers/implementations/rands/drbg_hash.c | 12 ++ + providers/implementations/rands/drbg_hmac.c | 12 ++ + test/recipes/30-test_evp_data/evprand.txt | 129 ++++++++++++++++++++ + 3 files changed, 153 insertions(+) + +diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c +index fb824abfa6..b90fee6dec 100644 +--- a/providers/implementations/rands/drbg_hash.c ++++ b/providers/implementations/rands/drbg_hash.c +@@ -471,6 +471,18 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + if (!ossl_drbg_verify_digest(libctx, md)) + return 0; /* Error already raised for us */ + ++#ifdef FIPS_MODULE ++ if (!EVP_MD_is_a(md, SN_sha1) ++ && !EVP_MD_is_a(md, SN_sha256) ++ && !EVP_MD_is_a(md, SN_sha512)) { ++ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, ++ "%s is not an acceptable hash function for an SP 800-90A" ++ " DRBG according to FIPS 140-3 IG, section D.R", ++ EVP_MD_get0_name(md)); ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + /* These are taken from SP 800-90 10.1 Table 2 */ + hash->blocklen = EVP_MD_get_size(md); + /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ +diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c +index 664a074639..cbd4d0f519 100644 +--- a/providers/implementations/rands/drbg_hmac.c ++++ b/providers/implementations/rands/drbg_hmac.c +@@ -367,6 +367,18 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + if (md != NULL && !ossl_drbg_verify_digest(libctx, md)) + return 0; /* Error already raised for us */ + ++#ifdef FIPS_MODULE ++ if (!EVP_MD_is_a(md, SN_sha1) ++ && !EVP_MD_is_a(md, SN_sha256) ++ && !EVP_MD_is_a(md, SN_sha512)) { ++ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, ++ "%s is not an acceptable hash function for an SP 800-90A" ++ " DRBG according to FIPS 140-3 IG, section D.R", ++ EVP_MD_get0_name(md)); ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params, + NULL, NULL, NULL, libctx)) + return 0; +diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt +index 0e2ee82c58..7a17e7b3e1 100644 +--- a/test/recipes/30-test_evp_data/evprand.txt ++++ b/test/recipes/30-test_evp_data/evprand.txt +@@ -7388,6 +7388,7 @@ Nonce.14 = 7239f92b63fb3dbe + PersonalisationString.14 = 8d2e2ca3985bd2538a71f02cc3eb5568 + Output.14 = 0e4cb328c03faaedbec7215725851069bceae4332de6a70e3521dd065f2f7923485969571ebd7f24be460fd901c6b3e356da6ee5262ef2d76ad14eb0f697f8fb92af2f46630198c5f7018860886147b3 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -8659,6 +8660,7 @@ AdditionalInputA.14 = e5c633ca50dcd83e0a34d397df53f6d7a6f7170a3f81f0e6 + AdditionalInputB.14 = 5f0beb5a2d2968e83ba87c92bfa420fd6e8526fbbfdea128 + Output.14 = 8bec11df1022aa50d95daeaf23d78d6ee45c43c5768b90181e106c7df8ff333d7cb87ca1ab83f8742370db1c8c0c0c22f141ff4de33ae8bdb14fee7e6c069819320629c66d94c7c97ff52930a3c1dcd501b60f0f84bda4720ee187ae858a6e068326eda5809716e366d1b608c61b0100 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -8709,6 +8711,7 @@ Entropy.14 = 1194beb668839c47c73e7516f9ba09d23dec3553b3b5532f75b260106dcc2abf + Nonce.14 = 3c8a77351e93065d584feeb08c8424a9 + Output.14 = fabd48bfcdd07968239fe538c2d8c9bde2e257b9b244078f39287c7ee90de167fff56a693c4e64f45081635511b5fd031c0270a31b4a014e44c0516a55ae72345aa11dffcda4ccf8cda50f6948d5ae425d8d53ad5c74cef1364277990156796e1c5dfa1ef095c0d8983477eb24241135760b02c86c86d4ec3627edac8c1a7e32 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -8789,6 +8792,7 @@ AdditionalInputA.14 = 626385595bef7103af0af700e1df048d7572286af709289b7894d2ab09 + AdditionalInputB.14 = bfe8946dbf27d3a2127ec600351c3920d2531eb9419408233e0a888059b5eb68 + Output.14 = ee6d07661828213e6453d94faaf76345c70949eca4965714c350313b0bcd8e079e6a07f8b2f7a91bcb7ef39a61568fd1c40ab78f154b3582f830095d571de29f81f9565e46b560d34c32bff55341a991f8e863bd9242c7cdd366be12538bb6922f1abfa19e7998aac61d465fc46538ee9142acc66786f4516ef4105fe1d80372 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -8854,6 +8858,7 @@ Nonce.14 = de2186bafa82b0d08a0b8215e3424512 + PersonalisationString.14 = d96db27febe22db935b117dc3068374e39c5b2119b497e3c1d858ef649e01de5 + Output.14 = d04435a8aab397cfcee5151f7aa24298ffc6eee4f577cda42d5e154b8d28cb2f0f945f11a15ed5b76486c88f03081cfd262d94a8e0b332e3c9c608461dcc8eba20d7db209810d25c226fda9fe218022a9b2c96876cb16c06c0553dd84ce57e20338c3d3e03c59ce22e668e25c2c50d5cc9afab91f50a28680964c2dacb9d2fb3 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -8949,6 +8954,7 @@ AdditionalInputA.14 = 5d9446eff72d59529a90b498d8f40983b3b2904f63664fc0aa1de8700d + AdditionalInputB.14 = e19707aafa391e8622539d52a05d930292bd0f7c17825dbed5fb7a2f8734081b + Output.14 = 6ce2ae37349cbef9ebd1f9b85485810a22d430d94abf66912dd7b6cc751400e777be2f1cebc19d65694a456b2c6429cefd95eb934030846708d50be3b274c2f7de299f3c311038491f271448c7d02ff51de048fa1184e8ee06b7b46a9f123daecbebae4a2183dc8eb6976abf0dae7cdbea6017cd1500f37dfadcce0c1956ea87 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -8999,6 +9005,7 @@ Entropy.14 = a7a1dbf7f828555610197e71e0ad563b8691589c5289ced03e9ef83b6f9ff938 + Nonce.14 = 4274788c5d80e26ec1ac3a57b9c7c0df + Output.14 = 5a907a26c1ef588219d4c69fcf4c5c283ab148a77588a40b323bd24e6dfb29551c4b6116c4d61349f5f8bd9ed497f38b239c37283902beb3c9700c768fa289ee4573f92316efb860a5ca4267b328f03c13138b774b4b9f7516003a699f7a0854a0efb045a5932753a771c2cc6119202b33336f10edb715bcce1d20ff503dda01 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9079,6 +9086,7 @@ AdditionalInputA.14 = de1bbca12357943b4489cc7209b3f063b51b91acc168ec5e0ad88048b6 + AdditionalInputB.14 = 6ddd9aba4f100ef902ba50adee53ef44a4f45564c13e774e69557e36a357e7cf + Output.14 = 544ec80a966644454886fb97a0f05eb6a4a25fcbce795b5e5b27ee06ba14b7de18dbf54f80a670b87c76c336ac9af16c8958ad6c1bde9a97aa4c1ab5823d24a53c64f6766ce6eb9b7085cf7282499c37fc1e2e825f53bc357bf36d5901e0ae93cd3bd821fa18b5aa17548560f7ad6ef38124814fccf9b2b89de61cfc27c7269b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9144,6 +9152,7 @@ Nonce.14 = ab7843b73ecb4858f2cc5e9dfca803ef + PersonalisationString.14 = dee559515084d8ac49c3803f09f3d5fed3b307946a2752c267677f22786a0125 + Output.14 = a12f5e8ea3bb174934c15e5d114ba615da33210c98c38d7fde4b5aef9aecdeaef311d929d7fece7fee11db67134c3326b413b8dc17766ba4fb881105db68688b148fd95d812f6538b14f25afaae84d39025336136d270bd643f2a6c7164930372fb1c8f4f0dab60283e9d8d3440ce8dc66761c5d5c4c13cc3a367feb4869b559 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9239,6 +9248,7 @@ AdditionalInputA.14 = ead8c0dcf4ddc909aab96eadab509a46908ee5f090983af609f08d8a8b + AdditionalInputB.14 = f357bda8f2048929a4e31969ec978cc333d58b4fc09a8aa1b73ec9bdfaa1a8f6 + Output.14 = 901aabb3f065be08e2f8072d5d3ffcb28ab291420644e407e7a6a3346b75a5be535bdbdd5a8245998689450292df877233ef0783e0bd1765413193790995d884ffcb2c8dc35fe4cfc12def2f091866d735b1dcfc9d8d8c26903d50e9397b1bbd674bb81fc908361b2bddb68f02031d87588cc3e94210422674e93fea6a5329af + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9289,6 +9299,7 @@ Entropy.14 = dfa94c198483c5daa046f1dd1e4e83f854fd6c5cbc3465f671bdfd36837779ab + Nonce.14 = 298de64bbd817d009a71c1424ae839f9 + Output.14 = bfb9a54ce31406a82608aebc826441f8f633813a0c3bad723b802f3e905a6ee3512ff3513062aea51f93be17aebf1cfcd81868e85db3db9aa98680f974001fda8fe6a644f5efbb9d6e52e99ff606ef1ed7cd3b17fa6c6844790ed58da6df61aba0c200d7dff943588f4520891798098bddc65797b2f99c05efa090c60dc48a4e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9369,6 +9380,7 @@ AdditionalInputA.14 = 066b072d48f6cc6bb00273e0bc0ebc086235fe79af1fbdb46318f56c62 + AdditionalInputB.14 = cfb58f59c6d56993b9f0b5ba1643554072cf4ae8013c236120044ae909083f5f + Output.14 = d5dd7f55ffa7d53fc0f679cddadeb869f39b29a6d394c9f1185b11ebefbcb43419c6a26ae3c9ab9d456e2cdba1aead05e67eabd3596526ee431ba7cab7f94838062fcec2363cf0e19849ffef30064263b3a059ce38aa02c2729bff5af9450e035161816724163906112205196c642bfd70f36abb4639fd6e4f7f6a879ebbcc62 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9434,6 +9446,7 @@ Nonce.14 = ea7d3c3b8f6da0667d7f0d543c68d7d1 + PersonalisationString.14 = 86c20a7e794c887898d5bc00e98398276a4e3ad8d674fb808a63a44330490d2b + Output.14 = ee8e21ff48af611a17d33e130f4e4224330efcc1402b6d55aaf1f514553b880f18df68c0e4279854eb2e9b904c552f69f0e1badc347ebe336b70456f221e07a2fc78df72551d99df3755997029ee1461e2b6e396370096d7e8c2dfceb73214a72ae2b25ccc60b92dd71988eda811ceac4b7c335528249aaf82826a14c142007c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9529,6 +9542,7 @@ AdditionalInputA.14 = ea12ddcafa4f578b8b43337508dd8627844d185b10af7de7e907d113c6 + AdditionalInputB.14 = 0cc670275cd2b0eac5df123eb1fd73c2f2b093b76806943918cf49930fa97515 + Output.14 = 88dc727007c0e03c8d27d00c87876f8990b271964a5275f636ecd7f18cac9c869e5f9df5fb2d34e7f89c2e9819af562a706a03d9be9318896f5ab16573aebbfd94a681cbf27e7202b8674437667893246c267785d0deca5033de88a61bf5158177391c2e3232ea6f812c468d5629ed9f89ad0bec0f6c7a469f56331f9eba1cd2 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9579,6 +9593,7 @@ Entropy.14 = 6b9f904ac4b16d36e06a1bddc501d7ef98d5685c1ceadd0a6e1622e0c1e73716 + Nonce.14 = 4a42f39e5a241a2b96db29055159c91f + Output.14 = 785014b0460831b7b67346c6997217b0f6c8e7313687ea6ff4d0b09a0786bd6ac362a0b1ddc6ab8c9c624625a379cbec7f11cf30ddab23cdec054b986175cdae0ca4ba4610e0711bc94e9ab706539d5fa2c1a4fd3cd49042696b58dce465f8e09a200e7d214cda357021c62248a01aeb95f8ffa8bd49d354fdccf4c71eec3491 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -9659,6 +9674,7 @@ AdditionalInputA.14 = 147d51711ae8a420f165db0000d9d0cb9e9cd5447311eed43d7cc9217d + AdditionalInputB.14 = 2910968bb1976a1b8ced116e673f408da6fc563695c918ac0a230b0bb800c707 + Output.14 = 357a7269b30ca744e213d894f5c45d0db9fba897e0c863a56062f5018ad9be9f37b8d550014ed68f2c34bf5195c0b7460df171ff3bd4a590578670c92470d876c8de19d48a6d7fa15fc7996be78d3cc8a5c657439f4bb9865bd56e187d5df2531a405e3e0f4b87c611aa8e226b8b0266290f06f8062456a7a4bf0896e4ddd948 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -10995,6 +11011,7 @@ AdditionalInputA.14 = 23e4e6b0e0c1b28a6f9731f8b09960ce7adac17527b3bbaca7c811daea + AdditionalInputB.14 = dc7fac6aeded9e17b5bb5e2bcad9424d42dc07e809da59d52caecba6e75ca457 + Output.14 = 5a42b35cf1b72d2520d92719a94ef1a7ca5b6d6c7eef2de25c8ea44c1fc3a9a5ff2128f47bbe58084a0c7a3fc790626eff5666b4c1e68fb2f53de3370b29c398d5067b255f5f7f29fdb0f8bc256ee3afbe78a33981626837c55f981e56eb2e1bdd89ca081e48f6da7ce6576fbd37dbd57a3f41cf410cb375614af239f2e10218e777fb97a55d9cc73243882b8d8d2a2c812fbdeaaed90b5bd71a274b4b171cd7e661912c9b3de1714a3fe4931d8fc7cb1c9f64f4e37d4e5dbc31602d2f8699e0 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11045,6 +11062,7 @@ Entropy.14 = 471746177fa3ebbc1f1e06fa42d61d5d491abc82eb7d66e749b87d562a7eff34 + Nonce.14 = 42f8a1ee9b09940e9e1dc64f51a78b4b + Output.14 = 238c9889284139945e657d2c4312ee3ca2013de69be10bdc8b90d54867889f2c15c6cc933913457d4f5a00bd52b0216d90c56bcb341dde7496218861b083f80d8c933627e19b7bd8b73d6dda1bb0b2b0f1f90e2b453cd063938cec3a08f34e5581c1322329d87709e552a97e8a8c8e8e598a5c5cd6623ad1eb9f7ddd12739b1d157b1020cb8cef19402938d31b74e490c0ce75a9f57a17476df1cffa55de73bb8151071edf396c3b9e4607b07c7e2b45c249f5a8194cca1e97af78be47cec0ab0096cf588f3d4432393a8f5423a165d585e2e5f98fe47510d9415418aba28aab1193261036214c35d8ba04650b4539be6b9f7377e3c75ed236d0e69cce004906 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11125,6 +11143,7 @@ AdditionalInputA.14 = 4b69404b80b6f2fec36a7dff1b194a228761694129efa6c6b9a044f553 + AdditionalInputB.14 = 519c4cf1b30500f729e5426d76373c291e26cafceb594c10c96bdb9aef4b42fa + Output.14 = 53568141a5c09b6b02ac4ab674d341aa6300f8be93c0f36a7376a6850abfce068927510a1b98301aaa29252cfadfe5a2f241abc677e9e70fbca287c579acd276c2eec5c8b508f2b119a40164c6a12c0e0ca1d3d53595bbebe32fda2eef2b613329a614a28d3b374a7b031b49dba74b465a7db60a8dbdcc9e952ea143e9d5a3a651c1b0d6dad79341a7c3fd5816933f2579cc005f3c5655eb8d3f9d1e4562a756ecca3fc1d688c9824391ec8444c6024774a295c44c17fe592694dcf41f305f50a16e07fc28e247bb3d9dd0c52c6fde79df84c8d521606cec9a55f909691f5cfd797b69304dff5b60ac816b0d5046a47c2434127da1fbaa86d2844f5164a9dbdd + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11190,6 +11209,7 @@ Nonce.14 = 8680d7b3f0a8ae576bb0f75364b463ea + PersonalisationString.14 = c0bf8f2ca4efb48b8dca73ca7148da3cd5981c5a459be32db5a14fc7762c68d6 + Output.14 = 269b3b656e58f9aeed32c80700d9d1b863b0253b3b33155cc0849efbedfa51cff82262c9342cff7f1a7a58a5954fe66547baa1831fee55ae0d322674c6c784095f43b30c1887fb9fa5e7e7f1905da2808ab810ecd224ab403b6f562bac54e65cf7f0473991ce7d7cbc1a669a022fde3141a9880d974b7ede2fad24a3263570443cab0e8017d242fb4c2032dc8be56d8fc1e0e8f92254c7480e4941259ecc29ea47a1d11e074148b259ff95a94711d767f0655f1e0574dfdc4ae4f27b12015af86aefd36f6c10056c3d83e639e3641cdd8ba178f7779dcf502bab3d7588cffb72f6489981aaa7139c255df0e76bf6bba32e4f547327da4597745b15042869b2c2 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11285,6 +11305,7 @@ AdditionalInputA.14 = 64278bb6b8224b93c0b5339726fb752f6d81e85b204d76376d99779ff1 + AdditionalInputB.14 = 4995815c060c80e9bead55dfe823b869862bd0e5b4357afe810a53c68d4b0e7b + Output.14 = 9b4249e1e692153ecd20e968f86eb31bf9a22d3671d0ce9d3eea243bfc70890644a95d551cb9956cc3770e95c2f14ff154760cba1b24c51c41f7a961a4502aa053068751618eaaf743e0d37fd41ab4969444519c22c8fd96f9eb1be6ff3ae01a25abba84a259dad8bbc78f47dcab3ac2242e6974a56454999b4c59243102b731fc4bb4e01c92d36f232ca8cfe00fcbc0ac200c2e403d17d5d1dd3d6c2095ddd15ad58a070f18b69a5f5d3f240435d298bd48bd9be028ccaeb10997f88857a848882f51a193522bb0b979b37b5508775fe150cab8ce97c0760b7418b5bbe496562fe639540e77c1025c0e191fe000aa5d1e49bf02a5a3c6f46b40dd2c47786d45 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11335,6 +11356,7 @@ Entropy.14 = 337373a24fe76f025575b3dbd7eeedd03d3459d6ef44cd53335a9c4963cc45de + Nonce.14 = ebbea7e8e1a3a45c58044b65ab7688b9 + Output.14 = 21ae4510a133fa0906c873eb73e00d777b68a45a1de8759b1497f5146f0c45cf612b02e972ec93ebccbb85c9adaf0f5942fcfbb3b808482f05497f2f4734dd6d42c8413e1bd1bad10463dd4b4cf29f1662c15efc6d24955b1e54a60508d9ed008c9d29f8a6bddfe564c21473271350137452f4601179af37e19d553ec738539cfd7a8df17f07e1f9db5df776256e3c00199997307de394a8ba41be2829defbd8105fcb3cda215219fecb607eb1e7137a29eef188ca7eb349d2d1fe27edc2526ccc6d8f1af7eec9c06910f3909907f966d5904b32577f2715cc32ac08f1b5e25a734716ffddf60c57d422b515ce817b605ead2f875db7a789e351b660704f0cbc + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11415,6 +11437,7 @@ AdditionalInputA.14 = 771e91743429c40a2e3ececc9a3d73a92336c9c988c5d9dde47563b631 + AdditionalInputB.14 = ae1a58611aa54df3c655a1f20985552ed9e3610e92170a0de1a4573a5a1f93d7 + Output.14 = b2534bf690444513bdfecb35bd616b0de47b7cca7f8ab9c5e823b468da62855601b59c6bb75cf34fe3dbc7f795536b9619d243c0f6960895d6710130fbfda2a0bff803e856f1cf21a63e86e59be0d6da7516b697e9ff95c341913ff27c8abe10e6af1b7ad8dec9f7aab46b8d35c103f9bff3016b39ec24026a7b582f6e95261031f734e29a1b64c65639cf238381e5f7e31da624ad24290930501132c860118b6c59052aaa7cf982486219431311453a431a1cf50deaf068e2f9993c0ab851c9aec72be8f7c5c57ed03c488befe6ffc256efe6db52b7734c042b69a5ed74e2593c4788c5fa8a03a5017b927bb8f1c8262925d734c5604639a9b441187b0d95e3 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11480,6 +11503,7 @@ Nonce.14 = 78e7f6e9e8e1511bc0ba7f230b65fe47 + PersonalisationString.14 = 37544eb1992fc569ff259946d639a00230ec1196c5565b8f9da62d9ce552e09a + Output.14 = 0ddbb84e21d4d7110b933bbeaddb35ad81dc1f331ac8293695b30924f2713eca6f93a13d520da4486f32a12412a927d00e3f27009a944056a5805b0e050f5bf6c6bd32c523c1d607d6e3e97b59fd059a610d664396f69961599ce7f0a0cbd1dcff15474ac267e36c0b871c559fd13b7ff0c3fcc11ff8dac26761a42697c3744981cc5c5ac10cd0f3b285c4ceb4a550ecead095f90fb6f53aa302218ede7ed5ae5deac91a83f957d15ee901746d11777b23c327ee811966690f5f253c7c314a2bf2bea73ca46c6c8cc332c3493f9d023029d762fc90e5dddbb838f2225c521f196332812570a17455b3db45306aa9100ca83185395435137a0b961531cbcafc03 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11575,6 +11599,7 @@ AdditionalInputA.14 = 8dab17e96142c890eb16981b97364223e815130bdb0c0c284e50dd3349 + AdditionalInputB.14 = 1439e2d19a99703fc35607b5bde55331eca67b2b9a9f7587ddba0dd1fe690ab2 + Output.14 = aa088ba4682bd2285e90c7967a7b8a518e0ec45afd490d367022893e3822c09d967d06ff28748b5de3fb33b071b73c581bd893b6641a72cd5db35540b904eae19765cc121ca4dc9404530114c3369fa80d20dd63c8c09559c4be48aa26ca77b47579dc52fdf0eb2f2db84ab688b87f63097140aef65410fcd7a81c2bddb2c92f9d67b2e46647aadd9b85c9e17ff8b579cd672708282981ba54d854e7c9a1de66621845ae2d337a90025ccbdd1b0d695790b1f977b1e944bbc04d16a9a399628bfb33f98b40e13567514d8ce0b23340803718ea3da44fa84c923f2a85ba21495c2f9541cbe8cadc0b230b1b942e934eb4fe95c3754a77a09641ad730a550fc24e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11625,6 +11650,7 @@ Entropy.14 = 5f72e390aa960846a0004d266e3741b6fe0aaac98d9d87b4cbaaa7a2af0d0bdf + Nonce.14 = 2074991cf0c22cd34b2de48ea1f9ec66 + Output.14 = 7bf54b69e455c7941e8e24ef59b5525dc1ed3b7f934333713b9dc305dcae2cd1b74648149e04bb4f4e00b110926a6bfead7adef954b6d7e180ff820192677efa3c0c8af6a3e201d8d555cc599cdd2626d8778ea2c7a2a8e0c99e719929ae9ac4fb9a7e5176da8987508d1152909f456a4ce9461188e264cda1c879af1a8cca6c182e73c164986cbf07f441756791fa1fae40b784800335d94b0b54135831044bf0cb5dbb5c0c71de6b6ae33d6b87782d34be3cbc2991ad109d6c0440916d91baf96c4375ecdc9f09dca79671a45309c408062cd08ee623c8de007cda3b3d110425d7e8fee13b2a14215033d9ea2397cc6b5c995f37273a00dbcdf9437bc77857 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11705,6 +11731,7 @@ AdditionalInputA.14 = 97f8c1e98fd25289be846d80f667341a095dfbabd610c691ad6b2b901c + AdditionalInputB.14 = 136912d2805ab8ffcb4e7d6a81e37e14b7f7bb65dd0241d56f11d7c72dd5de1d + Output.14 = 2e1f4954107f3654f51024f032518ba91512c9d8005265ff35248487b8c87d8862b8caaae27898a22f9ba7a0297fc071ceb6a1612bb99c0f15210a11f5a0725158832996f15106a7c43a216f90501c0dfb36933be940a875d4f6b0e5c29edb01614a26cb3ff7b906762fd6435eb7cec8c88f5fd7c4d76fcb018c08987108117c95d4d35c1c59efc06358c7abe7a73012ae4440b2ec86c3664e5549b8b0a30d6c8538d6e5151f9c17f9ce026556508b8b3d926e4364839bb526a94c7d8abf4c1241cd844bc6227a01d024affaedd4701129fb0f9b5ae853c7085ca13ec78ffa3476ddb1c1e71942c351c3ce9a855ccfa4c3c7f92b59d5b67e8eab16b699b7ed5b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11770,6 +11797,7 @@ Nonce.14 = fe9dfa1b683fa9cc70b7c7f8c81185b2 + PersonalisationString.14 = 7e86cf4111fbea8fa9b180a1bd9ff3e9d233304b1d293adffa49ce8e77f400ab + Output.14 = ca0a6268d034f6817edcb6875b4754b5e9b2061ce0bc2bcd27c28065d8258b40ae63bf6d1e15521196da0afea8139c10d7bf3b54694a82d24476c578991fce1371e40b78087d95b1117650af7134567513a017353bb4af85cdc98db757cec9f92df42b7323b1e5d05387debb02750683a5553bdfb5f9fa34e14d29e09ad18bc6ef2380c173a19631abde085369ff47fa8b4fdfebe13b95b90c6f5841fe5aa6334edcfae26c13cc5d14d17a02d684b64bd55841831bde4c75de7d49bdc1a405d4e3e0d327bec44644e972349a49cbd48a4d3b8e984f5847ffeba950fff55bba9b287d51d8475f7799752208da31d91853fe6d04d97ea2a33d53b07a4fc787be2a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11865,6 +11893,7 @@ AdditionalInputA.14 = 91e14e178a033e26e6f6a0b0f3890fa46f83731a14cf31445c51a92166 + AdditionalInputB.14 = 20299371a1de6f994260d1c59c1d3f731d8f70fea6e9389b3ede54d47594414d + Output.14 = 1b4efcce136b40bdc792d1607d4ab4fadc10d5e2b22eacca6f412d3aa1c60320bf825778e7ff8296db9ea360e068350f90d7d4947dc9a2e2a4074653458784059ceebf2a97db0e4a29f7c6107783fa3683b6846b8c8ce7161082405643bb84d602c6c36ca79b2b6562417f0d15f46a4fbdc445d50935f49eedf01bb131d104385369fdf88d91518618134a37c5bf73140400cced73795910ad0d2a89db2d79355ecedbcdabf135219d2afd7ac28cd7e45c6fd4e913ce5d464fd6de6e4c62b76ff86c28b0ab27a3c2622cacec075c790a7ff2f57f99ccb89c590a1dfb5a1862200c9cdf97f94eef18ddc85cf9830be662cec1885a629a6603add9396fb26341d9 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11915,6 +11944,7 @@ Entropy.14 = c5ebb2ae08a03815e496c2db1e2a650b40893ea78fbd7ca8434edcde4432a43e + Nonce.14 = 0cede46aca7d2a60f2e98eb3c7d1dba7 + Output.14 = 6d8eeb5ba130de7dca993b44b46e08894fd84ab8c347992aeeac56ce5fb5f435bba92f1129aaf9b3035aa117301a1289acc222cdac043dac58b62567102dd5a57483d79fd703e188a0fe47254bb20b361281b5b8cedded86ba9b6d86deb30e539eb7ee007131ab2af99408f38ec7fd66bec4f1ed71251c149dbf8393b6dbe96cdeb9a3b5ee065ec8636444e72339ed2cb27fbbe5421f7f141940d6fa1cf570b8dd0393625ae16b10df2f1f6fe35dba15a732357dcdf4f56abcbb47a4640dcef618e27d049e27f2af7b8634faad00280e004cfe3f52d63185eccd6c4937a026830c38e1ed6aa9bfeaf739416706f63bb8b1475ac25d734db28e39163aa0c69c52 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -11995,6 +12025,7 @@ AdditionalInputA.14 = def9d8f7b18023b69c6cd4121c0adbc2a89b3ca37333d4523261d5eb20 + AdditionalInputB.14 = 06051dec796525094018b436605bd2ddd66359a2836a5996e8262bb7763fadc0 + Output.14 = 29e8184e37a5c26670bdc95c842c602ed8b0cf102ca144133e8cc841e1dc32fd038a72c26b8be8a568db60a4cfbd52b0d8b74cdf180a4931d6dd19a255104db105b3366d75e8f6afd0e5fab4dc14f6deac82e7703eb6a61f22b79bdad8ac7fab95a58a71f80fa510542615c305f7cbf84790060f17e7d78ab5d4b0ca34fad47133a0627b803c1caee3b97fe47626a8590672e2211f39cbe1b79d1999fb772b884122c8e50c59fdd3de13a53e805f40f8aa35501571a4c4cce79a8f738e60a43a11afdbed94e26f474ba5cd6ff5cdaf00d0fb84109aeb3510f1ea576c70ae78cdd0415a0521f3ff4083f9160011dcd6e2802cfbbbdfe9c4a3b114dd47b3a6cddb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -12060,6 +12091,7 @@ Nonce.14 = 7b9a876017e5e14bd6a19719c73035da + PersonalisationString.14 = eb97028b093f820b182384baafa56ecf196dc11ebc515a405ac24f73e465ae9a + Output.14 = 3791ee66e505257b0bebc4319897e80ea8a70577b8a85d809cc7e4c77a458e8517368e2eaa7c0623b91ab3ebc4de3240e00e5f0cd20524d73b8000f00a3cecf869bee26763db9689dfaad9b5f21e3975f750e0c6b694d7df35fea26b2ff3c2bc679b5ecaf129320dde8245677aab9fb54b8faa97d394adae687a35b00f026430ef29bc7226957dac5edbc4a70dc82fcac00bf89d97e11d2a3e6ecfc4af4536c329ed3f4dda201db47236b03f30daf71e6368a18ab6224a023fca2ead589d9ea165d66fbce2b37a630d18ef1c97a619cd8949f16f44a9bc0f5837737d7fa4355587af5ab452f53fb82dd8b8b4706cf04e77938d7e0c3a9744c353edd0c6931591 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -31145,6 +31177,7 @@ Output.14 = 01f11971835819c1148aa079eea09fd5b1aa3ac6ba557ae3317b1a33f4505174cf9d + + Title = Hash DRBG No Reseed Tests (from NIST test vectors) + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31195,6 +31228,7 @@ Entropy.14 = 6fe9597b59903b1af4012a15368af7b1 + Nonce.14 = fd3e84b3a96caaff + Output.14 = 1eee4c786476d488e58d0e065bb025db548787fafbe757f29ee2bd4781cf69216091ba2b68919b54ad3070ac72a2342320eb1e697b9115acbe07e194d060562e4d0fd966ab29e2c5e560574b2dac04ce + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31275,6 +31309,7 @@ AdditionalInputA.14 = 93dc424bd0d266879601745a23317141 + AdditionalInputB.14 = a17321015d327c5dc0bc1e130aad81ee + Output.14 = f682834b5b492e09ff8e0f2c80683b032a3b262d16bc609c550dc0e74a4b7d8ebc0e3b8f2c9970d90aec9a82497dded20422b17b9e3cc3bca771cbe717ddaed5a7a6ae2601c7f765eaa719b71624e83b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31340,6 +31375,7 @@ Nonce.14 = fa9adae924417150 + PersonalisationString.14 = dbad22c389c527715d21a5bdf38c1fad + Output.14 = a18d57e672218956e6c8cb9901d02888f3587177c3e11e1a99ea72370347b953a9f122c9446dfa109723b27f36fbf15edf103a56741c24968592479cfe30bc0053fa7b9818e9debcc494db64d15d038b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31435,6 +31471,7 @@ AdditionalInputA.14 = e488e16f48c61dd2152afe925eceee92 + AdditionalInputB.14 = 12c692abd90ab485f4d9499680a6893f + Output.14 = 8ba04617a135d8abe0c3c0a170e7472e7ed750eac706e5c3ed8305d6f6f8a1a53e0c52d4853b21ab8951e80970b426008ae11952ff364817b6856ef0810860dc65faea487b5d7c3f3d63fd443756d2a8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31485,6 +31522,7 @@ Entropy.14 = ceb354444d1a29c0c3e8a1cc24d02846 + Nonce.14 = 86d3fd9fc51f8b19 + Output.14 = 6f90ad611987a37bac54bea0782ac78215b7d17ecdd3991a81a36d0e263c6f0dda2c102cfba56b26c7b74b5dd2548be9bc81c7958e9d19821583c6f388132b9e19ae7609add9a296c1e92d66a2ef5464 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31565,6 +31603,7 @@ AdditionalInputA.14 = 32d09b604a65dc8daa35cdc34141b751 + AdditionalInputB.14 = b8186a294c7824b7c550c1054badec00 + Output.14 = ae9a091cfafbf0e74c2be8ad4b984e824a24e65ba7610b0f3ab1750e2f12de1620db6bb8c493b3d8b06ab78e69cf2dffd73d4322a67ee7725aad84fb458b8f26cf04846850202e53c874213221e761e5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31630,6 +31669,7 @@ Nonce.14 = 8368ee0e29d35c67 + PersonalisationString.14 = f189a80d5619f53cce878ed57522a468 + Output.14 = aeac5933065c33ce2ace2531a193e367f73c83fc328f61ee2627f6f3841914c6b8a3ff767f96b3c3b685bac931af9ec10c6f3efe25b5109bb647b120e3a3f6971a4ec41f4ef0c7a900fdb09d7ff3b247 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31725,6 +31765,7 @@ AdditionalInputA.14 = af578fbbb8a830947e9b4e2c9e729336 + AdditionalInputB.14 = 5a69864ca39da1ba4719dfe1dc850a4a + Output.14 = 8b846f03cb66f7e49fdddf7cc449a5f3f6ccdc17ae7e2265a5d0e39ea10fc3e6cffefc04147b773a1584e429fe99e885f278aff74a49d8c842e7ccd870f1330692fc9c4836dac5046c544be74652da26 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31775,6 +31816,7 @@ Entropy.14 = b7ddb82f5664834b4fb17778d22e62f2 + Nonce.14 = 52461924becab175 + Output.14 = 8735d06e26814ee54b5daca4e1da3e321a5a19b062ec0c3afbe3b16f23332a687fadb29e65208130c3d667c075660ff70aea96430fee254c472686b8e82ca359a57bbdc3004bb3eb641c1f97e4b19e02 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31855,6 +31897,7 @@ AdditionalInputA.14 = 7725ef70592c362d70b088ed639f9d9b + AdditionalInputB.14 = 5ab2e0067c3b384e55a78492f0f6ed44 + Output.14 = ca095da39d9c21d7da073d9c95d2e415503b33c327d739f1838bbea4fc6f0254fdaf8ef6152e9263f46b864f39c7104d1d337d99fee588061152e623d7e00a27e03b5d16fe6e543453a31d4dafeda3b5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -31920,6 +31963,7 @@ Nonce.14 = 4e838a124e4b53df + PersonalisationString.14 = 163e393b290a4d390ab0beb392f52d26 + Output.14 = 76234afc296ea36a44254f999ac31fca258a24427cf4bfe2c54495fc41478ec4a00b540659b3b9461cc6188bc1f57c19ae414bd18aa81eca7b9d765a784f0ef24335e46c2c77b8dc915f5d12c26bc653 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -32015,6 +32059,7 @@ AdditionalInputA.14 = 27486f8dae1b36462639ff7eee869a29 + AdditionalInputB.14 = d1bfc7eabd8eddf622297012169f351b + Output.14 = 4c893c3d1ed3a190fa88e159d6c99f26a02fb5fccb98bdef9fe43f1f492f490109224ba6c317db9569f618984409f2fb3db0b1e2cd4b95746f159cca76f1204f6d2a4c455c547a39a5f79fec95c8f4cd + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -32065,6 +32110,7 @@ Entropy.14 = f484b922f492d19b58407c242ab90e76 + Nonce.14 = 8952a0a4b666b0c8 + Output.14 = 2d77235fa273cab3c1bb176d44817cc25300b3f0172a0b5aaa66b282c015d426edec5f1ebbfc0269956b85994167992a71002586923ea234be6c5df09f47d89132e440827b89f7ff97e032b3f74fe32f + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -32145,6 +32191,7 @@ AdditionalInputA.14 = 9e3ea6eac120d663e330d282ca9b9d7c + AdditionalInputB.14 = b8d71fce7779a9906b9790cd1d4e48d5 + Output.14 = 63d28a300a329ca202b98498c9f46912620bc85c246f034dca4186cd9b0e0810a363785878effde90aec8cb584862524eebf940c44fed21cb580d4115f3e0dda07e0e4a66689c2ff3e9b87edfaa4d051 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -32210,6 +32257,7 @@ Nonce.14 = 7239f92b63fb3dbe + PersonalisationString.14 = 8d2e2ca3985bd2538a71f02cc3eb5568 + Output.14 = 0e4cb328c03faaedbec7215725851069bceae4332de6a70e3521dd065f2f7923485969571ebd7f24be460fd901c6b3e356da6ee5262ef2d76ad14eb0f697f8fb92af2f46630198c5f7018860886147b3 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -33481,6 +33529,7 @@ AdditionalInputA.14 = e5c633ca50dcd83e0a34d397df53f6d7a6f7170a3f81f0e6 + AdditionalInputB.14 = 5f0beb5a2d2968e83ba87c92bfa420fd6e8526fbbfdea128 + Output.14 = 8bec11df1022aa50d95daeaf23d78d6ee45c43c5768b90181e106c7df8ff333d7cb87ca1ab83f8742370db1c8c0c0c22f141ff4de33ae8bdb14fee7e6c069819320629c66d94c7c97ff52930a3c1dcd501b60f0f84bda4720ee187ae858a6e068326eda5809716e366d1b608c61b0100 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33531,6 +33580,7 @@ Entropy.14 = 1194beb668839c47c73e7516f9ba09d23dec3553b3b5532f75b260106dcc2abf + Nonce.14 = 3c8a77351e93065d584feeb08c8424a9 + Output.14 = fabd48bfcdd07968239fe538c2d8c9bde2e257b9b244078f39287c7ee90de167fff56a693c4e64f45081635511b5fd031c0270a31b4a014e44c0516a55ae72345aa11dffcda4ccf8cda50f6948d5ae425d8d53ad5c74cef1364277990156796e1c5dfa1ef095c0d8983477eb24241135760b02c86c86d4ec3627edac8c1a7e32 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33611,6 +33661,7 @@ AdditionalInputA.14 = 626385595bef7103af0af700e1df048d7572286af709289b7894d2ab09 + AdditionalInputB.14 = bfe8946dbf27d3a2127ec600351c3920d2531eb9419408233e0a888059b5eb68 + Output.14 = ee6d07661828213e6453d94faaf76345c70949eca4965714c350313b0bcd8e079e6a07f8b2f7a91bcb7ef39a61568fd1c40ab78f154b3582f830095d571de29f81f9565e46b560d34c32bff55341a991f8e863bd9242c7cdd366be12538bb6922f1abfa19e7998aac61d465fc46538ee9142acc66786f4516ef4105fe1d80372 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33676,6 +33727,7 @@ Nonce.14 = de2186bafa82b0d08a0b8215e3424512 + PersonalisationString.14 = d96db27febe22db935b117dc3068374e39c5b2119b497e3c1d858ef649e01de5 + Output.14 = d04435a8aab397cfcee5151f7aa24298ffc6eee4f577cda42d5e154b8d28cb2f0f945f11a15ed5b76486c88f03081cfd262d94a8e0b332e3c9c608461dcc8eba20d7db209810d25c226fda9fe218022a9b2c96876cb16c06c0553dd84ce57e20338c3d3e03c59ce22e668e25c2c50d5cc9afab91f50a28680964c2dacb9d2fb3 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33771,6 +33823,7 @@ AdditionalInputA.14 = 5d9446eff72d59529a90b498d8f40983b3b2904f63664fc0aa1de8700d + AdditionalInputB.14 = e19707aafa391e8622539d52a05d930292bd0f7c17825dbed5fb7a2f8734081b + Output.14 = 6ce2ae37349cbef9ebd1f9b85485810a22d430d94abf66912dd7b6cc751400e777be2f1cebc19d65694a456b2c6429cefd95eb934030846708d50be3b274c2f7de299f3c311038491f271448c7d02ff51de048fa1184e8ee06b7b46a9f123daecbebae4a2183dc8eb6976abf0dae7cdbea6017cd1500f37dfadcce0c1956ea87 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33821,6 +33874,7 @@ Entropy.14 = a7a1dbf7f828555610197e71e0ad563b8691589c5289ced03e9ef83b6f9ff938 + Nonce.14 = 4274788c5d80e26ec1ac3a57b9c7c0df + Output.14 = 5a907a26c1ef588219d4c69fcf4c5c283ab148a77588a40b323bd24e6dfb29551c4b6116c4d61349f5f8bd9ed497f38b239c37283902beb3c9700c768fa289ee4573f92316efb860a5ca4267b328f03c13138b774b4b9f7516003a699f7a0854a0efb045a5932753a771c2cc6119202b33336f10edb715bcce1d20ff503dda01 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33901,6 +33955,7 @@ AdditionalInputA.14 = de1bbca12357943b4489cc7209b3f063b51b91acc168ec5e0ad88048b6 + AdditionalInputB.14 = 6ddd9aba4f100ef902ba50adee53ef44a4f45564c13e774e69557e36a357e7cf + Output.14 = 544ec80a966644454886fb97a0f05eb6a4a25fcbce795b5e5b27ee06ba14b7de18dbf54f80a670b87c76c336ac9af16c8958ad6c1bde9a97aa4c1ab5823d24a53c64f6766ce6eb9b7085cf7282499c37fc1e2e825f53bc357bf36d5901e0ae93cd3bd821fa18b5aa17548560f7ad6ef38124814fccf9b2b89de61cfc27c7269b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -33966,6 +34021,7 @@ Nonce.14 = ab7843b73ecb4858f2cc5e9dfca803ef + PersonalisationString.14 = dee559515084d8ac49c3803f09f3d5fed3b307946a2752c267677f22786a0125 + Output.14 = a12f5e8ea3bb174934c15e5d114ba615da33210c98c38d7fde4b5aef9aecdeaef311d929d7fece7fee11db67134c3326b413b8dc17766ba4fb881105db68688b148fd95d812f6538b14f25afaae84d39025336136d270bd643f2a6c7164930372fb1c8f4f0dab60283e9d8d3440ce8dc66761c5d5c4c13cc3a367feb4869b559 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34061,6 +34117,7 @@ AdditionalInputA.14 = ead8c0dcf4ddc909aab96eadab509a46908ee5f090983af609f08d8a8b + AdditionalInputB.14 = f357bda8f2048929a4e31969ec978cc333d58b4fc09a8aa1b73ec9bdfaa1a8f6 + Output.14 = 901aabb3f065be08e2f8072d5d3ffcb28ab291420644e407e7a6a3346b75a5be535bdbdd5a8245998689450292df877233ef0783e0bd1765413193790995d884ffcb2c8dc35fe4cfc12def2f091866d735b1dcfc9d8d8c26903d50e9397b1bbd674bb81fc908361b2bddb68f02031d87588cc3e94210422674e93fea6a5329af + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34111,6 +34168,7 @@ Entropy.14 = dfa94c198483c5daa046f1dd1e4e83f854fd6c5cbc3465f671bdfd36837779ab + Nonce.14 = 298de64bbd817d009a71c1424ae839f9 + Output.14 = bfb9a54ce31406a82608aebc826441f8f633813a0c3bad723b802f3e905a6ee3512ff3513062aea51f93be17aebf1cfcd81868e85db3db9aa98680f974001fda8fe6a644f5efbb9d6e52e99ff606ef1ed7cd3b17fa6c6844790ed58da6df61aba0c200d7dff943588f4520891798098bddc65797b2f99c05efa090c60dc48a4e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34191,6 +34249,7 @@ AdditionalInputA.14 = 066b072d48f6cc6bb00273e0bc0ebc086235fe79af1fbdb46318f56c62 + AdditionalInputB.14 = cfb58f59c6d56993b9f0b5ba1643554072cf4ae8013c236120044ae909083f5f + Output.14 = d5dd7f55ffa7d53fc0f679cddadeb869f39b29a6d394c9f1185b11ebefbcb43419c6a26ae3c9ab9d456e2cdba1aead05e67eabd3596526ee431ba7cab7f94838062fcec2363cf0e19849ffef30064263b3a059ce38aa02c2729bff5af9450e035161816724163906112205196c642bfd70f36abb4639fd6e4f7f6a879ebbcc62 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34256,6 +34315,7 @@ Nonce.14 = ea7d3c3b8f6da0667d7f0d543c68d7d1 + PersonalisationString.14 = 86c20a7e794c887898d5bc00e98398276a4e3ad8d674fb808a63a44330490d2b + Output.14 = ee8e21ff48af611a17d33e130f4e4224330efcc1402b6d55aaf1f514553b880f18df68c0e4279854eb2e9b904c552f69f0e1badc347ebe336b70456f221e07a2fc78df72551d99df3755997029ee1461e2b6e396370096d7e8c2dfceb73214a72ae2b25ccc60b92dd71988eda811ceac4b7c335528249aaf82826a14c142007c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34351,6 +34411,7 @@ AdditionalInputA.14 = ea12ddcafa4f578b8b43337508dd8627844d185b10af7de7e907d113c6 + AdditionalInputB.14 = 0cc670275cd2b0eac5df123eb1fd73c2f2b093b76806943918cf49930fa97515 + Output.14 = 88dc727007c0e03c8d27d00c87876f8990b271964a5275f636ecd7f18cac9c869e5f9df5fb2d34e7f89c2e9819af562a706a03d9be9318896f5ab16573aebbfd94a681cbf27e7202b8674437667893246c267785d0deca5033de88a61bf5158177391c2e3232ea6f812c468d5629ed9f89ad0bec0f6c7a469f56331f9eba1cd2 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34401,6 +34462,7 @@ Entropy.14 = 6b9f904ac4b16d36e06a1bddc501d7ef98d5685c1ceadd0a6e1622e0c1e73716 + Nonce.14 = 4a42f39e5a241a2b96db29055159c91f + Output.14 = 785014b0460831b7b67346c6997217b0f6c8e7313687ea6ff4d0b09a0786bd6ac362a0b1ddc6ab8c9c624625a379cbec7f11cf30ddab23cdec054b986175cdae0ca4ba4610e0711bc94e9ab706539d5fa2c1a4fd3cd49042696b58dce465f8e09a200e7d214cda357021c62248a01aeb95f8ffa8bd49d354fdccf4c71eec3491 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34481,6 +34543,7 @@ AdditionalInputA.14 = 147d51711ae8a420f165db0000d9d0cb9e9cd5447311eed43d7cc9217d + AdditionalInputB.14 = 2910968bb1976a1b8ced116e673f408da6fc563695c918ac0a230b0bb800c707 + Output.14 = 357a7269b30ca744e213d894f5c45d0db9fba897e0c863a56062f5018ad9be9f37b8d550014ed68f2c34bf5195c0b7460df171ff3bd4a590578670c92470d876c8de19d48a6d7fa15fc7996be78d3cc8a5c657439f4bb9865bd56e187d5df2531a405e3e0f4b87c611aa8e226b8b0266290f06f8062456a7a4bf0896e4ddd948 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -34546,6 +34609,7 @@ Nonce.14 = 66ad2a0d5de624f3d709cc95e5c99220 + PersonalisationString.14 = 6f7f8f1ffdcf859adcf6020d5cffdd8e3e1bdcaef0b22e9e61384b888f1b3537 + Output.14 = 1bc4cd76787f031df8e4f592f56a845f7d8aa200aca0b910e68f149cde112d0f1e127faa7fae25ca4299eacf9e49e132f3e4083f1c5fb0304b714f06cea122bc1392cbe18289d2411ae08642a9196b654a8b177c127b9215f9df815eceb254b8d9b4f632d25d123ceec686124e58b3606ff1ce51fce0752f42232c03694a1d8a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -39331,6 +39395,7 @@ Output.14 = c731cc7b21c42730bd3cca61fc5250b507ad08b24ac471d526f2217f15dc4d1fea85 + + Title = HMAC DRBG No Reseed Tests (from NIST test vectors) + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39381,6 +39446,7 @@ Entropy.14 = 5d80883ce24feb3911fdeb8e730f9588 + Nonce.14 = 6a63c01478ecd62b + Output.14 = 9e351b853091add2047e9ea2da07d41fa4ace03db3d4a43217e802352f1c97382ed7afee5cb2cf5848a93ce0a25a28cdc8e96ccdf14875cb9f845790800d542bac81d0be53376385baa5e7cbe2c3b469 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39461,6 +39527,7 @@ AdditionalInputA.14 = 7206a271499fb2ef9087fb8843b1ed64 + AdditionalInputB.14 = f14b17febd813294b3c4b22b7bae71b0 + Output.14 = 49c35814f44b54bf13f0db52bd8a7651d060ddae0b6dde8edbeb003dbc30a7ffea1ea5b08ebe1d50b52410b972bec51fd174190671eecae201568b73deb0454194ef5c7b57b13320a0ac4dd60c04ae3b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39526,6 +39593,7 @@ Nonce.14 = 296bfe331b6578e6 + PersonalisationString.14 = 4fccbf2d3c73a8e1e92273a33e648eaa + Output.14 = 90dc6e1532022a9fe2161604fc79536b4afd9af06ab8adbb77f7490b355d0db3368d102d723a0d0f70d10475f9e99771fb774f7ad0ba7b5fe22a50bfda89e0215a014dc1f1605939590aa783360eb52e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39621,6 +39689,7 @@ AdditionalInputA.14 = 4de6c923346d7adc16bbe89b9a184a79 + AdditionalInputB.14 = 9e9e3412635aec6fcfb9d00da0c49fb3 + Output.14 = 48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39671,6 +39740,7 @@ Entropy.14 = f41d60edb7749acb68111045000ccef2 + Nonce.14 = bb5fb8962ca3002f + Output.14 = 262821119be1ee0bceedc1bcfd04f7fa2e199b2a7522c4a3a98c4174e0ac4ddcf7323dee2fcf9fbd2fe26c4fad347f7199be105730441f042865aeef50b89c00aa661361b6a1f20849bc7c70aa294543 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39751,6 +39821,7 @@ AdditionalInputA.14 = b4894bbb6435ffeb710bf5ae440bd744 + AdditionalInputB.14 = 689fb48c27983ededdd56d5a6b2c0345 + Output.14 = dfe8a9e17b938a1782fc3dba4f234dd9c9e36b67b28e1d901ca6b3628689aa4d2ae6b005ae3ce97e0d1e645da2710162294606ce51638b91e9c46d8f7f4f1a217e44c36b560f78b0541fececcf49b9b9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39816,6 +39887,7 @@ Nonce.14 = 3c9434b7d7e18472 + PersonalisationString.14 = 55bfc33da17f712877829b7f8a134e55 + Output.14 = 705950e4790ada95b99ace57e31115610ebc65d755fe587eae8fb1aeae463bea8b50a278f45e61d3433272ec31b0d48afcf219f5f4a0adb20537be9c7cb65911df28976aed4b4278cc524639a1ca5f40 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39911,6 +39983,7 @@ AdditionalInputA.14 = 7ee4f3670c4671f128cbd743c408bdd1 + AdditionalInputB.14 = 38f8003e8fb8c119534a2c3400a87f8d + Output.14 = fedbb1636b83c5cc5379c9aa4d1319df6d30770e469c2f7bd65b4b74d9bc880d520e11b2c3642a7c4cb6d6138d1d92f716317dd762c0a841e56e7e0226971a7f470e918d44b4f374f9e7e3b5209516d3 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -39961,6 +40034,7 @@ Entropy.14 = 5b6aaaf5c4e5acdacd2c0c14648eeb3f + Nonce.14 = 353cc1174da7f766 + Output.14 = f7664dd99fb870dad1a45a4ddb870c9936fb42b3a063336e447f15703c5a95dd79eacd9f41cd0c1b4f2e1a45229aca140f463c1beab47aa0525e5bd6e1accf360bc8525430ba05fd14d1f008009fd586 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -40041,6 +40115,7 @@ AdditionalInputA.14 = 4eb5c1192fa86b355237b5a8bd43ebf9 + AdditionalInputB.14 = 7323d1a6f983b7d16df6b0aa9d14adb4 + Output.14 = cd41a0d7371b2eeb790fa8335660385c418ba84507ba94d1d1015b3353cdcad556993c19388461fd2cce38cc9fbc00e707b18dea9d712ac0616b443b23aee8131c295a1a741ffde36b2032bdb8ae2f6f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -40106,6 +40181,7 @@ Nonce.14 = 9bee7502db25ae7f + PersonalisationString.14 = d0e8fa47aed6b67ca4e8e521f733921c + Output.14 = 3c649d295fd9b98082706f3f841f5275834143698c202da4c881c7d0a3c9995329a54d440fc4d21ab596e95e5b6651c6e7138b332c97ef771bc6e3b0b3fa09090ffb402ed1116d8395e5f1cfea3eae6b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -40201,6 +40277,7 @@ AdditionalInputA.14 = d56ade0d74ea34577eb12a899d18d382 + AdditionalInputB.14 = ea83bdba8490ffd136def5f7d9240c59 + Output.14 = cd3d8174d8af97387ff02707d2757ce685ffb5d8dd91d95b8af4a3a757f9321b0e908096cd1321de0599640b7d81f43606b12e029ae158ed568ce1db429be75285c655e15f88da859f09b4cd843a0b61 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -40251,6 +40328,7 @@ Entropy.14 = 1c3fc8de26ddc78651c9c2e4ba874ee0 + Nonce.14 = ca6a2d3cc5495dd0 + Output.14 = d00ff8d3b8ca273cf7c3650e36c892018c0f765da45ab5b902c5accb30ffe01a99d3b86752195dc9aa1232fc852790ef51860fd114bdc78ae02acb5ab2021ec726829591d623b0b66329e641c1f915ce + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -40331,6 +40409,7 @@ AdditionalInputA.14 = b180d77e0ef217268d2d4dc9d4a9532f + AdditionalInputB.14 = b192957f3e98f7595768d00834eee1d9 + Output.14 = 7d4791ccae7980ad19e5d8eb8932ea8ea1756710349ab8b771558cfe471a278dcc263b737486179a4ffad12d5311d23912c3a46f07152808d288be2dfd2b315fc4f6df6418029be52daed643dd3c6110 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -40396,6 +40475,7 @@ Nonce.14 = 84f7310a7ab653e6 + PersonalisationString.14 = 0fb2233c2cea27d17b6dd93bc4621285 + Output.14 = a2f373a523ac9f2524b059d0c23bcaa905e15948c7ebf71b6e82150aef562dae4003c1a8a3748cfd553d9a51a8f9450b9d569d96d897fed50eee23978e49b364c64db63fac9dc0fe9e8b58836aa04a74 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 0 +@@ -41667,6 +41747,7 @@ AdditionalInputA.14 = a58757b98280d90e84d6cf4e2fa89c01a9e6aad22d6cff0d + AdditionalInputB.14 = a3f5de1ec6d0ccd39fa153899f0c1a414106a2aa182acf31 + Output.14 = b1797707f1217d81c8463b44957df350dd139073b056c50d1c912fa111f9cb488bfb7d2ec6faebd078171cd6b71171ae33698ff96c7225d7fd36ddcfeb2630464974d12b3e03877bc73ce1a2f89aea7ff7ddc8ac85708b35dd94d3972875e2d3e7237ec33871e99301202b52e2ff89db + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -41717,6 +41798,7 @@ Entropy.14 = 451ed024bc4b95f1025b14ec3616f5e42e80824541dc795a2f07500f92adc665 + Nonce.14 = 2f28e6ee8de5879db1eccd58c994e5f0 + Output.14 = 3fb637085ab75f4e95655faae95885166a5fbb423bb03dbf0543be063bcd48799c4f05d4e522634d9275fe02e1edd920e26d9accd43709cb0d8f6e50aa54a5f3bdd618be23cf73ef736ed0ef7524b0d14d5bef8c8aec1cf1ed3e1c38a808b35e61a44078127c7cb3a8fd7addfa50fcf3ff3bc6d6bc355d5436fe9b71eb44f7fd + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -41797,6 +41879,7 @@ AdditionalInputA.14 = 4f53db89b9ba7fc00767bc751fb8f3c103fe0f76acd6d5c7891ab15b2b + AdditionalInputB.14 = 582c2a7d34679088cca6bd28723c99aac07db46c332dc0153d1673256903b446 + Output.14 = 6311f4c0c4cd1f86bd48349abb9eb930d4f63df5e5f7217d1d1b91a71d8a6938b0ad2b3e897bd7e3d8703db125fab30e03464fad41e5ddf5bf9aeeb5161b244468cfb26a9d956931a5412c97d64188b0da1bd907819c686f39af82e91cfeef0cbffb5d1e229e383bed26d06412988640706815a6e820796876f416653e464961 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -41862,6 +41945,7 @@ Nonce.14 = a59394e0af764e2f21cf751f623ffa6c + PersonalisationString.14 = eb8164b3bf6c1750a8de8528af16cffdf400856d82260acd5958894a98afeed5 + Output.14 = fc5701b508f0264f4fdb88414768e1afb0a5b445400dcfdeddd0eba67b4fea8c056d79a69fd050759fb3d626b29adb8438326fd583f1ba0475ce7707bd294ab01743d077605866425b1cbd0f6c7bba972b30fbe9fce0a719b044fcc1394354895a9f8304a2b5101909808ddfdf66df6237142b6566588e4e1e8949b90c27fc1f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -41957,6 +42041,7 @@ AdditionalInputA.14 = 288e948a551284eb3cb23e26299955c2fb8f063c132a92683c1615ecae + AdditionalInputB.14 = d975b22f79e34acf5db25a2a167ef60a10682dd9964e15533d75f7fa9efc5dcb + Output.14 = ee8d707eea9bc7080d58768c8c64a991606bb808600cafab834db8bc884f866941b4a7eb8d0334d876c0f1151bccc7ce8970593dad0c1809075ce6dbca54c4d4667227331eeac97f83ccb76901762f153c5e8562a8ccf12c8a1f2f480ec6f1975ac097a49770219107d4edea54fb5ee23a8403874929d073d7ef0526a647011a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42007,6 +42092,7 @@ Entropy.14 = 17da1efd3e5250dfde3ef1683bd9cf4d4432a2f223399664f7645763bebd5ebd + Nonce.14 = 0b160c67b97d5302972b5c517bed5a7c + Output.14 = 859bab959dd16f2cddb05376b3d3e46cd13c191c18203bf3c0bbd5803cc559aacce48d88564166fd5f43c22d08cda1acd8004f36915739796a39ca96f8e7def14b58a8ee55ff72de7e2e2727389e027657447e32e47d4ea2f0fda48e86046d111cc334bebf4ee1019199c94fdb26169661cec0b0c47176cb5fb7aed8ad35afb1 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42087,6 +42173,7 @@ AdditionalInputA.14 = 50687524beffed38fe27963340483886645153311dbd4d10d86e7d6b26 + AdditionalInputB.14 = 1e3ebe4a54c3092d540ad2898ec3be1af84a1d515c013632402ffdeede7caa8b + Output.14 = 007139a46072d9dbb6589b8ecf5f287d3aebb13b480ffcd6e95f0b2f916cd99e75f30a21971298257a80c17e9e41f8e0874dc9da8f6c18007a6e4cd5971df083ae62bb7b9f1bd4926f17e5574535f6009c0068b4ea3a50e2ba6c6aa6c7729fbe8ba58b4b795740ff6ae2f3d6fbe3e06828080cd1dcfb11771ec98ad9e0bac0b7 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42152,6 +42239,7 @@ Nonce.14 = 2b653a89e549e3b1ee7817f5864fa684 + PersonalisationString.14 = 814146b3b340e042557b0e8482fcc496a14c02d89195782679172e99654991ed + Output.14 = 3ea100cf50c25d7b2ef286b5fa0720f344de2d568979e7349befa23589083e835205cdf6a4670722fff04260e54618c9c00af75cc26eee665b64e7e628ec4c56a8086dcd583681170f60d565bd97d0f416e4c231e281081b0fcd16c8db63ea9029abbfcb068bf57a36364aa9e27603f447adf337baa35f049a129abdc899f808 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42247,6 +42335,7 @@ AdditionalInputA.14 = 95f6df9905b652de6d08399f61956acf943fe412bc71de60d6b69881f8 + AdditionalInputB.14 = 87b818568ed80f7c2e8f5b5d7be403f8badf9fa0e716aaf1d6409957b242aa07 + Output.14 = 45b5182f313a26008bb4ab82f68a12e7c783c243ba1ac6d8bfaed44ddddb607f964ace9c3505d59ef5a3691143a4845491661a1dff8ac4de2e56b54e263ac3aef86966fd656b5a65d4f3b89731d50fa919663bd5691678ee5f8f499e84b1822bd0b91409b62cf98c176df7e812513f3252d25d15fe13ef9f253af477d16bcfcd + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42297,6 +42386,7 @@ Entropy.14 = 32695b2c55839eb3a048fabedcae1f23bf0c7206280ba4ba0d08b9bd9f119908 + Nonce.14 = 01f2a4cf8a9311abe5ecf58d6661dc5a + Output.14 = 4a4f44f418d585e03f508f2ff05345abffeafd75f610a957be7f3ccaae31ba28e69bf8ae441a405fdbc0ee761e39c76b69062f5a3866fc296be1ad306e6584ab2d250d717605c70a17c46a298f714e4e820c85a1fb84f4d61b9857a40c2902193ad703c78635a2791abe6abca6124229ed75827135c27f1a04d244e1d73ff059 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42377,6 +42467,7 @@ AdditionalInputA.14 = 2e51dbbfda8c92f2c838bd85ca5dfd7f35504fae1ad438431b61c2f062 + AdditionalInputB.14 = 00f507a359585778988b6bb6b91f23d4ab29d2adbe632e4cd4646c8cd5f1b76a + Output.14 = b7adbbf07414551464711ad9a718315b0587db2782d34179b70b4c0e323a91ad9de40933023e3a6be71cd50dc58953ad1bf66354bc45dcd9ea23682d487b43903a8f426182536e170af8b04460c586d8ca56e4c307ab7116d8130634dc9a58e1c3077bbddd6bd58c8a0fb9b18c4b839aacf5fcd711c611db120e6a605745e86a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42442,6 +42533,7 @@ Nonce.14 = 3f9e88b93a6e69d070328c2c570c3be9 + PersonalisationString.14 = bbe702bbd2265e73aa073f47ce55fb65902abbe51635b414df688c60868546e1 + Output.14 = 0280555ba6b2379dce7cd56615d7d86feadb8ad995e2852a0607e663a34b1e0342c7bc649adcb204e271eeb87521591fad74b3bd841971cb100ae5f21599b732d8c5f9d578c1113da7034b580013720e62b1d013e28205d5024f8b1eb3219e6cf821792713354cf1349d32a64f32ecdbd7578c55e401fbea57f21ea3ebef0f9f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42537,6 +42629,7 @@ AdditionalInputA.14 = 38684dfa6edbd61e464e49f7d01932802a5a5d824db6b1df6087e84a8e + AdditionalInputB.14 = 4949b08a12656c497cc6760791982c0d4e674b0f8a14be730a91689ee77e981a + Output.14 = fda39bf8dc1aa785422281dec946bad99d5ead17cac55d47bdb9bd0a80a72f3c611f92bcf29e3e45475426a7a9f139b755f332cf75035b047697f4131c9bbc9ee825ede9a743b14f02dea122194405864aa2b538ed5cdf40ecf81e02bed1556ce0e7974548f050b084b8f3626c0fb2c7272d42cdcb039af4c7d957e285b53b5b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42587,6 +42680,7 @@ Entropy.14 = 1006646f977b83f4d90870f24b3b72d0b4947037f7671a64ce3b52829506a519 + Nonce.14 = 5698d50f59c42b26339d218fc985a41d + Output.14 = 44ab1d22fd3a84f8847c33d0fb0aea66408d5181b8ea95416beddd9784d86d72d2851857b503253016036246cea11f2ad2bd18fe56508697a50b14e7c85bd9b002deadbce5ff9f72508b6ebce741dd7803a2d8633dbec235cccd37c089c9d747a52000ed4cc1dc8545ddb65e784a698bdc74a6ff4fd7b3dbed31a22f83b4fd8f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42667,6 +42761,7 @@ AdditionalInputA.14 = 8d72118578abbd90ddbe6115ab10b499afa26c2360eaf6fa118ba590ac + AdditionalInputB.14 = 6ca4d45fcbd0c7e964557b2bd7622a528b4722335b47383f7bca004b7cd5cf04 + Output.14 = 360d9ff3111c6b713fc641b571b582770991885f2fea806a485006a1b4f41ece4ce83dcabfd403edde77780c044c96e85ce5d1f1a368ad881a64be8c41e87f0a682ab67170ae05a24b08b4a9178d13ac9928ecb3b5e23e745d93aaa5f111c335c77cb9a5c3da8163cb428fef60da737b884105ae57616637b0e40bad9594bd51 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -42732,6 +42827,7 @@ Nonce.14 = 50f723edc4f658862758e149e7ae4f20 + PersonalisationString.14 = 39d43e627ab7c7a6d12fce4cd8c001678bfadd9d07d4086674e5d8bdef4ac62e + Output.14 = 02e68bf3f78812aa270619b307dc0e57b05b8310084ecd1914a67d93b77127e0b3ec40e359adc451eac8788ac708fde70575fc1b9bbfd291bf5b8d7bda7bcc23a0271ba0bb0e6d617132399bd6cedf5a9a683ea98b3b0dd3bc6d811e4f66c9ec751012992cf54e3ce474e09b31ba9c01ea231d4fa8f09441e204c4d3285c78d0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-256 + PredictionResistance = 0 +@@ -44003,6 +44099,7 @@ AdditionalInputA.14 = 73cd5580972f69bb4b0d0cd8915a5b594c3a9fa40b82d6b37446dff4c0 + AdditionalInputB.14 = 304c2001d8bfb9f1b23f3b336db9f5da17752cbaba782d8932d2641aab4c34b8 + Output.14 = 5771705c788e15fd5f656d4b5555d532ee4c48453be651a69c30fa706abe7719d9842028c667fab59aab97fe64a6140baa5d42dbfb7ecd58f2ce557a7b8b2c01669232e0b8bb0ddc6ef8dbe627ec5b370ec74553640982a14bd38ad9824b9651b717f8e90f539c42d04f7cff648c38b26abf38dd2a777348a4c2872f6551ef0f9e148bec810025779e7cbe1055cb0250a764fca5a1feba53bba64b7ea0c4dd3d56a7e6b4f8a157264e6666d356fe5a7a29fde7f4391662c4e69f471c21c6beeb + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44053,6 +44150,7 @@ Entropy.14 = 2c13e44674e89aa105fc11b05e8526769a53ab0b4688f3d0d9cf23af4c8469bb + Nonce.14 = 700ac6a616c1d1bb7bd8ff7e96a4d250 + Output.14 = f778161306fc5f1d9e649b2a26983f31266a84bc79dd1b0016c8de53706f9812c4cebdbde78a3592bc7752303154acd7f4d27c2d5751fc7b1fee62677a71fc90e259dfb4b6a9c372515fac6efe01958d199888c360504ffa4c7cf4517918c430f5640fedc738e0cc1fcec33945a34a62ca61a71a9067298d34ac4a93751ddcd9a0f142748a1f0a81a948c6c6a16179e70b6f13633fd03b838da20f81450b4fdc1752e98e71296f1941ca58e71b73ea93e99a98f58d0892fa16de6a16c602036ac857dd75f9ac2c9185932103db5430e80cde9131e814a0bf3f3e7a2200a7152424472fd27f791a854f29aecc448f8d3fca3f93290266df3193d9e13e08907ab2 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44133,6 +44231,7 @@ AdditionalInputA.14 = 6cfccdd8253cc5b284701ef8d16f8888f79100373a7df50f43a122591b + AdditionalInputB.14 = 5795ae5be47a7f793423820352505e3890bac3805c102020e48226deab70140a + Output.14 = 4a398c114f2e0ac330893d103b585cadcf9cd3b2ac7e46cde15b2f32cc4b9a7c7172b1a73f86d6d12d02973e561fa7f615e30195f7715022df75157f41dc7f9a50029350e308e3345c9ab2029bdc0f1b72c195db098c26c1ab1864224504c72f48a64d722e41b00707c7f2f6cdfe8634d06abe838c85b419c02bf419b88cde35324b1bfdaddff8b7e95f6af0e55b5ff3f5475feb354f2a7a490597b36080322265b213541682572616f3d3276c713a978259d607c6d69eec26d524ba38163a329103e39e3b0a8ec989eca74f287d6d39c7ceda4df8558faeb9d25149963430f33b108dc136a4f9bfa416b3ceaa6632cd5505fe14fb0d78cf15f2acfa03b9c307 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44198,6 +44297,7 @@ Nonce.14 = fff1f2e2ac117af8b2cb023f0dd6c6ea + PersonalisationString.14 = 0a4c2df69d6c69df0a9c58ab7c886ed9db294f5fe98eb066fde543b409ee91e0 + Output.14 = ae35e947a538e7da73f944b4dea689c064b144b753fe597369e58ec4868099c0f000995949e82dc3e5c00555a2cfe48c8a87e87ae5e7402e2b1679e413cc556f08796269ef3ea83d6a49116349a31710964fb2f936cccf249472eab3267cc1ca0073ff4d964eefc82dd1559c3737661f8b206757a64c756680fb7ab6be8cb433b93f21a04c1e99c777ac26c1f34918794085ee593ca27ae991c53d141e52f90e7872bbb036dce78e6a33e2d638360f9c15d5746d6ff13c1bcdff1cd01749fa51c3c72e68c0ce57423d4915abe84c15cfb3301d0c3b8ffc6a1962c1fd981790fa2a3da60d70e8e8557e4b2e7458ad85f5141ad46e1db751893e8327c8197571e8 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44293,6 +44393,7 @@ AdditionalInputA.14 = 2b2dbe3834d8be93f1396b19be83bd96823dd82740da71c5eeb7b21865 + AdditionalInputB.14 = 49c322fc1bec86d3e20628d9bdc1644e6f5e0237c7c694746bfee32a00145696 + Output.14 = 9110cec7d07e6e32724bf043e73021b3ca0e4516b619d036ac9a00914e12f01ece71989f55c1caccd542c60a9cccffb91e203fd39dca2d92c8eb03ee7ee88abf21dc6891de326c3190f25ee9ab44ca72d178db0f846969465b25a07dcc83777e6b63a7f9f1a8246dd31ce50cd9eb70e6e383c9ad4dae19f7cec8bfe079b36d309c28b10161c28b8d66c357c7ee01f07403a596366725fd5bd3a5de3cb40dcf60aac10635615b866ae633fbdb7ece41695d533757d9d16c6d44fd170fae77c15b7426ed6ec8c9d6e9245cd5e19e8dc3c8c7e671007ce8454413bd07407e8a2248bee95a7669db6ee47377b4490a6251abb60cd4e2e404ab88aa4948e71ecec50c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44343,6 +44444,7 @@ Entropy.14 = 1436be35237c34bac5b5b36b24c998380883fb52621daa420112cb57bc84745c + Nonce.14 = ed884f91a94c1b0a51f316df776283af + Output.14 = c74ce568f0c465e79ef3700857cc8857b74ec8c075cada3f2698ff69569318b130b5b079ac5b69814d057097b0a107a546b011db601b2f7aa1708effd6479f383d7d484a5df76b63f1419eb360991475b2cd97590a1887487a76cd6fde7764cba5f101e4614c635ba7b1e18724a0a8fb39ca0948bffc441b6aa0216cf3c28ae6c06a24ad1bbe68970e06884d3b68325a3d7c1dce9a2fe87d565dccdcee7c62ed32b577763f510f0029a99530209628359bedf4bbfed1a13c222692d8cae60ca736df834a6e316db27642ed5839d2e11716a5c06e8d067e8548d7ac0687da801d292e2a6f414d7470d2e72261188347878d18e00fab3d4c15cb4c4a73cf963437 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44423,6 +44525,7 @@ AdditionalInputA.14 = 48e994654ab1d109511a3b34f5fa9f12b8da17da510d7a71e3839ba86b + AdditionalInputB.14 = 949ee0617b277a3ddf4a51343104704775d91797be1826d78051496a87d9113d + Output.14 = c4bce916b00a8583ebe1e85feaa1f076315ec9433e18afa1252061a62fc7558491678cb31048e4b4551b697e8dcb58dff951337f0fb7a41546d9a7838a1da149cb44558d324eab9e7ae147e8ead666e3d4eabc9978626efc8710ba8b5eb485d5693e5d6cac36ddd3a1a878ffbc77e9ec5d333cdae2b5803dcbba70d4e0dc60366dae5cf25990f3ae6147c99ec6c998397a1ac02b1b6ef6867aa897ca90b7fb938e3ddeef57e40897a644a4f08e37c995210e00f07145d5b3620ce673072525f9f74adf79ad703c4a09adc6eadcf77e76c6b032270d4c68f01672decf9aa0e941086188304fc33a28f53bf121df747b7dfdc00ddfe68f6d06ab7e82295f70652e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44488,6 +44591,7 @@ Nonce.14 = 70916df78dd9ea799230435b3e48686b + PersonalisationString.14 = bf755696adb9c92839798798f836b063cbbe987f0163ef3f4a97222c888f5da0 + Output.14 = 411cd8e76e711447e8a93ca95aa3aac5e51f559d65a8385a15e71877ac8472a347d9d453bd6761655711ce2133900d28e41cfd1292d28848646e5cbdcac1e60e49e62aab169b1735e701e38d65ccc073f277972ca85444dea86c19c0c08317dbbeca4fbd5d4295c9da71b89623d0028cebf1ab68fd0aef5b37e76e2e0b3e7f72eee04c01b6afb180b1fa0c370975526b788ec4db076a16a798671451af3e20d323684e232a25d78aaa8ee43f734f1555bf0a324053c7c895dc3e098621e189962a914f486cd7a5ff330f39316afb762b1a06cf8b593ca00d7edf739e2e6827a7af662f33bb09fad09d6bdb3a565f2bd32512c79927d390c79a1cc6db968b13a0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44583,6 +44687,7 @@ AdditionalInputA.14 = 6f9f47857a60b6f3f9fe9a83ebcec5f16ca73e236d2af5b0daab45c0b9 + AdditionalInputB.14 = e6628fbe4a774bc5383218302b7c565da5a5bd9f19db6182b444af5ae5f62739 + Output.14 = d701c1824a82ff1803c4b59f490c3f37850ce85b5905059ac4484f5049f31772ab8401bc9b8fc1fd6ca06d01f01caecb3cbd914ea9574f497df0316a0d56e2830c8a908ba78d1dbe243d0fbc560c407052ec02e9c77f7b12264a46316a777955ae87a71f2da9cef2811f6328ccb288343abb65a36359c07122cb4e6639397829c48dbf8a821ddf00ddec2f294e48d05adfd0f7a706bfc337387bb7923641d08c288d23ed5a2a20f34684549f9f6b3d74ac0f04e10c7dec04aceac369f505d7ccacdf30ea0662cbab001740922e9ac32b6968e0c5a640345d1132e883e07fc82858980489893d0e38960883e989c41e72ee967c00b9a943f0666d1f5e93e848ef + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44633,6 +44738,7 @@ Entropy.14 = f5ee32b61bd57a4a4d51309e846f636560a8bb2a576c65d37a3f715ff1878014 + Nonce.14 = c638557dae4f9ab6e078c61d54d0f566 + Output.14 = e929e6c5c4a629c49fbb8623aea903ea129bb6484ed542cf940dd97bedc292e8bce924ef0cc57fa9b50b17b82618a840375874735560aea57e4e9701e4ecd0e812d1bf9fdecf67f431e4d7f6f455dfe4bd3b9a1553c574b0bfbc933a31580319c97682dd990c7081b711c2fa67a4eb54472be39f634c5dd901848c012c309c43f34d189a72c219acf8ca393d3f2cb292d62bb4d5e88f2b6e5e0422dafeac17415af623473f26ec24e65082123db9b9c00dbce3ca1942269fdf66f14add6c486a00527a39b050c2f3a6bc461e750f6e33236de198742284998bff98b7b3f6566e66679b3d8a1e63561fb5f8228867b8ff92230a9f2a6b9427821b6d55a359994d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44713,6 +44819,7 @@ AdditionalInputA.14 = db7b290176b65f826aac2190a912672f8a9c97815706af33732f68b1f7 + AdditionalInputB.14 = 13425f17d8fbcca3b4d7793a53507a85813f6f50d3365d680c0620d5fe1bfc33 + Output.14 = 12d4cfe6574dddbf9de82b8a357bbd6e32a3addb7022c313ac401d0aecfbdfbc7229822f7db9012e8bb0e2907fd48d3eb435ef8368802e5eb948f1bd8d47569b694e23979652f6978b568d7e2288b596afbc67b6c1e0d662240356dc6257d9d273a9ca9f7dfc9bd4175a50ad5b328056c37046e734a76384d7418591a7604f332a457f2fbb277dce4fd2729fdd1319dc3a56b9901a50dc90feaf5969cd9e450bd8716e44253ca55c4e1dcf791658cc467cfba613c27a96f67bd68dd8ccf46bbca4294a0f548b919626d1712ed4290ec90c1098a082699450738d32a8c6516d83bd54a42413bc0ea0b37fe5d6b0663806df67f61d2c553aba3aed3f9aff111d2d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44778,6 +44885,7 @@ Nonce.14 = c600da30d68cddd9b823433845111880 + PersonalisationString.14 = 8896ff67866ff1f59c8e5074d91e6b9112410c9b6a1eefbcf05a1b8c7123dc89 + Output.14 = ad8150de910a0bbdad0a674d032919ac3304d5977fc43ad5d5b1fa9be46f22e94f5c2747db228315b0d0505867fd97f9b1582f97b4693ed542c416df1847a85bcd4ad07d6348a4df78412e3df4e675def7f44b1895a8a2156c811040a46198a863c0107aebc3a426b4c2b9ac294b227d323879a70cdf7ceeee7f6f51f102c3ba4ae9a7343aff295b664c869f2c2d6e4396362fdae7d9b5eb0802f37ff7a3a7f1c944044b1bd9b21fbf23f191c6f538398164c2d1b67390e7b059b1c9f5bb031b89a23895ac65770182c8072fb0ad4a7be055d9a4653d08e6b22a61ebdfb66adec2629030f47aca70a06d68c9e1c041ceb2dc9bcd1ceaf61655ef7bbb1653f3d6 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44873,6 +44981,7 @@ AdditionalInputA.14 = 4adc98c66aa72da2c63172aba2a6c59fb20aa7b195a0b79edc709bfa99 + AdditionalInputB.14 = 83485ecbf938b8035d047956a3a1bea5adb66c4a7a24b21dfce4269681c31bae + Output.14 = 6c69a58a3b27c73ac396840a93ff914219fa80241d39d65890ea612017d7b92b12062fbc0e3c39508c86023f7d70e9b156b4a766465c01c554acd6b5d78568d2087834b3b14f3fdc4d4b959e78ae2fa5298c87321b777afaea4a5c271a584a23a262f8b679cc8198ccd116c88dcf529a6677ebf5189d287f56eb445ad7313acce013b3fe49fb5212cdc3cf8c5ed15aa26b1135d7d9e0570719c4230c104a652fb36ffc57e219e735c03346d18eb57bcba813965bcb39b6a81da624838ba7b9a65d3b684a021f4071c66ce705974f2bd0ce1ad6727136d77529e3b400db0d14ffeabbac877cdf6a38ca66d83492a90482343a5a427ae8b8f77a2f724aa30c11b9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -44923,6 +45032,7 @@ Entropy.14 = 60da58990a377a615436ef43b1199f88c7a4629653dde2350a4c5115c42e52f6 + Nonce.14 = 592033d0de138ae7082c03553e3bfdf9 + Output.14 = 7a770dbe8e1d3af1dae5b93acd9e6f1748a4a6a88229a875d23b37665e0cc96d888dfdc428a32cab378a9ebe22409709cd9d11f0c751c08d98eeac13b6f76f0f51ccea254cae23177c3aa207c59b5ce221b93442d037256d553275a6c4b5c83c1fe555a630e37d8277e02c050c19e145a71ec98b96ae3ae44c9ff87c4501c1ff7fd5231510ac9df623b3fb178e147f07d1fe02b48e877cba89a822c91b5af56b71d60116c49f80d87656144854909a7d718b5aa8f071f18357c2c9f9b6c0fac3195040f26b86aa936fd35ff37287aa140cd01ca6c5e577d815790d6fcb1a57569d23e801e2eb2b669ae7cf17d87f9ee66e0b515bcab09087e111da199b6a15b2 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -45003,6 +45113,7 @@ AdditionalInputA.14 = 967911f9412d40f2c62e43f48ff965bb1579a2ace388c781e125fe70f4 + AdditionalInputB.14 = 052c401de1053b8dea309196bb8e326d4b643371976d1ff6be0a6ea4ad27e5e9 + Output.14 = f7e8cdc3f8d2796414b9c83486d746cb8b1675b37d0d7546392c59622c693045dbcb10e9343524a6e7a9cc757717af22ddb8127bcdfb29cb8da409bd69d42aed9708cb2f904dff562a695be004ab25d31b8485bdd677c96d156ce8037726519d1949cc15e91acfd1c7c0bd58058b72c7d340b2f0bb12115ef44af6d20ce5f429d681b614e06bcddbf8ba00b40732b4dd425d1a87b663afce0e9a87b942a543b055f00b2428de12464a1309fccd0a15d512691e3858666ea4dc6084283deb075877c0162dbaf8318c9cda01ca611d72fac0b386a753ef35f438757cdf732a61a1f6123d1de3f61eb072d022f56c679a86f7a05bd6fa420ba39ed2973d4007b9cc + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -45068,6 +45179,7 @@ Nonce.14 = 0a6bef6b736129740978e31c3fa279e8 + PersonalisationString.14 = a5ca2491479bda16341b2c14339a5307fc2e2f5df4fa625e0ea351a95a14f588 + Output.14 = df587647f8d440a6c8034e757cd47f28d0e58f8aad9a047cdc8a70a8b1cd0d8185240d47bc5d2f4657205ed218ec38307e68efad94714630cd490b939719a4a07ab994793112c021969a8c69872903315c74b00b677648673e5883b5f46e075550092914cfeab05454226ee3d2154698f368bfda0b8b99eff5d111c1649a0f7e67ec0f637c6d3466994d655066a95732590e521ca055b048dbafd219be1a04fcd047c3722c4adf29ebd8486e7171359292e11ac6b740b4d51093383d64d2a45e51115c689ae29357366f2013eb9b420c6bd069d22c2110182e842eccadae81797a5f57d9ff47311f094ea0a25d7e329fcccb93c28b92ed85ccc2d690a84f2b2a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 0 +@@ -68233,6 +68345,7 @@ Output.14 = 6af689cec62a633492f6e24b754d38dd6ab0b556e91802d72f14dc8c0e9ff50df728 + + Title = HMAC DRBG Prediction Resistance Tests (from NIST test vectors) + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68313,6 +68426,7 @@ EntropyPredictionResistanceA.14 = ae706e740dda50209b20acf90dfa8cec + EntropyPredictionResistanceB.14 = b4d4b4bc7cba4daa285ff88ce9e8d451 + Output.14 = 74acba48f0216087f18042ff14101707c27d281e5ddbc19c722bec3f77bf17ca31239382f4fc1d4dd0f44c296bc2f10f74864951f7da19a23e3e598ac43fb8bbdd1fca8047b98689ef1c05bc81102bb5 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68423,6 +68537,7 @@ AdditionalInputB.14 = ccdb3f7d7f6a4d169f5f2e24ec481fcb + EntropyPredictionResistanceB.14 = be4a2c87c875be0e1be01aadf2efeef6 + Output.14 = bfcc8f2ece23d22545ec2176aabd083855923ca9a673b54b66a3e2562212aad3cc74c4c8976de259cc95a2f09a85b7acd1f18c343eff0368a80e73a547efdcd954816b38df1c19556d714897e317d69f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68518,6 +68633,7 @@ EntropyPredictionResistanceA.14 = f324c09f96434ceea7e756fc2f55a0b3 + EntropyPredictionResistanceB.14 = f043b6e11fc2f671ec00f4d478b791c6 + Output.14 = 40e87b822b1000441884a38b8776baa69fbea99962571e8a20d8af012d50c8c211860ad579869ec880320ea8057d5cb0de9496ec57d8b594ca8be5b94219eaa800af7205f8a83b66c87e0fee9aa9732f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68643,6 +68759,7 @@ AdditionalInputB.14 = 0d5a2183c9f9ca6941f6a617892f5e47 + EntropyPredictionResistanceB.14 = 998f9cde45b1dc22db6d2d7bfd4f3930 + Output.14 = 934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68723,6 +68840,7 @@ EntropyPredictionResistanceA.14 = 427b47ed008e489cfd06e1a6e0a9f07b + EntropyPredictionResistanceB.14 = e5ee8df96c0e929446502a4bbd23ab22 + Output.14 = a544ea7c3362570f48a42635f4b79f615d11a5d8a480d85ac71e4be90074fbd5e2d368d00755e95a262d79ed262003d3e2a26f82c37d091ae763a01fba08c87b3ec0ce817bbab8d1905f91f021b7d7d0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68833,6 +68951,7 @@ AdditionalInputB.14 = 3e95f86a7168410eac0c84995c187fd9 + EntropyPredictionResistanceB.14 = fd15dfdd8cfeeb7ce0c76f759dfd47df + Output.14 = 480d9cbbfa6c923866179318b293c52c9ad86c2ee27faa745873a77d0242afe669d1773fd9c17284097ee8e644aa054deefbb9c73732ba6b5004623df15edeb49ef2e1bc8dbe023f7104ea1395d9fd38 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -68928,6 +69047,7 @@ EntropyPredictionResistanceA.14 = 845decbe6e03e423b3660bfe7db383bf + EntropyPredictionResistanceB.14 = f4ee7409c076201255bc78ec82ca5530 + Output.14 = ac57a08b77c528b834df2757069b6330f05a9196fbbb17300f9c31ef596f551ecc56fa3256c0ab1534df4955f2da1e8d98026b7c5e07290faa5131a95d0fa35a56b075752656ab61a74f889fbb735c58 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69053,6 +69173,7 @@ AdditionalInputB.14 = 063e444dc2990f59e04839fd5e9eaeb6 + EntropyPredictionResistanceB.14 = e059229538a827fe9b7e5caa44fb1e3d + Output.14 = 62efebd7730c6999fd052b98e2bf26eebc96b617a03fe2f1aa7ea3be1aea833f705a3ef3776adc7578f5bb6955a60853ef267fbc18aa3d57b8e0d9134c81e8ffadd0c66d385e5d535d74a615fa896757 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69133,6 +69254,7 @@ EntropyPredictionResistanceA.14 = 74b72e7e1c5f16bf0389dafed9a86ae4 + EntropyPredictionResistanceB.14 = adef9418a342b4717e93df6450429a38 + Output.14 = eae51f34bfaa2970f41c3211ec228cfccc1d3c0fcc077d1d9ba159b3bac8685bc5783f61c67fdd4beca05dd4f14afcfc4d554ae75f73842637671102c3b81cabc9a0638cecad5a6615171be5265d5454 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69243,6 +69365,7 @@ AdditionalInputB.14 = 696d9380b814b456ca59ed58ea765400 + EntropyPredictionResistanceB.14 = d57fb196a634da13ba8695098ed79f9c + Output.14 = 069848aef419759b75896cd507a109f685228b5639470afeac0caa853f1c3dbe373f99db76bf06fe8bac356bedf6bf18787043970fb0a185c8a0a4d8482aa3059eeba0d244fc03c9b72857dc5188d44b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69338,6 +69461,7 @@ EntropyPredictionResistanceA.14 = 015ef1f359f60a391b3720d578731070 + EntropyPredictionResistanceB.14 = 963736987090fe71e69b4a2480d9b314 + Output.14 = c75a102bea830a8a58d9a9a43cb03b21aea75d8d2a08c37aaae9180a5e1c78e5700b20a5fe1c7ef0a7e3d2adcf539c4c1357946a328a057e719b97d802b586910f804c166d4884d8bbb3bbc03074c53a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69463,6 +69587,7 @@ AdditionalInputB.14 = e0b7ad60c542e6c2b324652fd2d7cdc6 + EntropyPredictionResistanceB.14 = dc7ea852c3e5467977c7946e77223567 + Output.14 = 0e2e5f47ca8ce1c7fdae1b49d6bc8594da1458eb8dfb35e0602d3812df7532cf6213eba8e75302444529565c40d23d0a336c4cadde37f0def2c3d412984360b65c668ef43263fada16b28860f6ee6ceb + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69543,6 +69668,7 @@ EntropyPredictionResistanceA.14 = 4912a46c447c2de26dbbaec01817d2a6 + EntropyPredictionResistanceB.14 = c182dc35363cd7e04394c28030e6d6b9 + Output.14 = 976daafdf1dd5163e88a928d91933678cda9c8ef9a8251070ee8a6b42efda3c00a73303d0426da4a4af7c587174dce9936bfbb68a73979afee9f3a5b4fb4da2eb2b2f2f1c0948b63b45bf583412b2890 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69653,6 +69779,7 @@ AdditionalInputB.14 = 8022a4985c745515682102a25b379301 + EntropyPredictionResistanceB.14 = 8cc2d8a789d343547ee48869f57ae225 + Output.14 = 5707c544445358767b1c4d6c319b6a8d9be38afbf945dd4e869e9136d63c9d74aa872139e8bdd374510ebcf8c36c39e45ff31596fa58721c2a089dea7b418b3f7a00d78c6ba531adbb59ae2ab44bb683 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -69748,6 +69875,7 @@ EntropyPredictionResistanceA.14 = 701b8e70583effd1c4e901c50966127e + EntropyPredictionResistanceB.14 = 40e9ad701b63ee7bd6132d7f056a1f09 + Output.14 = a76b3e058ed1a8ca5860b15abe08a607894207d3d3be5bf6c3dc99c01523c85bf18927bc6d3f66cfef63a238aaef1ee87998100faabeef0d2518f3ccc0423d776a440ec9a87c5601fdf45c309c264dcd + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-1 + PredictionResistance = 1 +@@ -76340,6 +76468,7 @@ EntropyPredictionResistanceA.14 = a918ec35414b0bf1d9ba3b80ef838e75b9504fb6b77e40 + EntropyPredictionResistanceB.14 = c25de5d8b1f17acb7303c4a652ea1bcf284bfdc08a12c40ece16e3125fc8757e + Output.14 = a3072880e72e76ec1e467d7c4f4ab8013eca926c96f075a0a25f5550931f4d6b3aff2057ae6fc1382d579e8963ee24459d76d7414d250aaf5b302a539775862e26596176de2891589defa7aa66f763126c7fb7ced0fa80f3f5e1f0d15295e6025fad617e554838876c8c8efb4bef1e1227a1c967afe99540c1992328a70798167eaea5a768f1f4395178dc914cde01b8e6b98266a66c5c079e19e5d3b6599c6dec24e8e155b310164299d1b4d31ab2e0c3b917b0cb627a4cc19c86061c74c849aab764feacd33de7472b7c4e1403cb38f8f1c3062e75966b2e2c0b2d7d966271f3d180440aa2ed2194bbf7d8b9415a5c5bb7f3df7cf2d02740cd4366ee3781a9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512 + PredictionResistance = 1 +-- +2.41.0 + diff --git a/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch b/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch new file mode 100644 index 0000000..01fa935 --- /dev/null +++ b/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch @@ -0,0 +1,273 @@ +From 930e7acf7dd225102b6e88d23f5e2a3f4acea9fa Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:43:57 +0200 +Subject: [PATCH 37/48] + 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch + +Patch-name: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +Patch-id: 81 +--- + providers/implementations/signature/rsa_sig.c | 6 + + test/acvp_test.inc | 214 ------------------ + 2 files changed, 6 insertions(+), 214 deletions(-) + +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 63ee11e566..cfaa4841cb 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -1279,7 +1279,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + err_extra_text = "No padding not allowed with RSA-PSS"; + goto cont; + case RSA_X931_PADDING: ++#ifndef FIPS_MODULE + err_extra_text = "X.931 padding not allowed with RSA-PSS"; ++#else /* !defined(FIPS_MODULE) */ ++ err_extra_text = "X.931 padding no longer allowed in FIPS mode," ++ " since it was removed from FIPS 186-5"; ++ goto bad_pad; ++#endif /* !defined(FIPS_MODULE) */ + cont: + if (RSA_test_flags(prsactx->rsa, + RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA) +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index 73b24bdb0c..96a72073f9 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = { + ITM(rsa_siggen0_msg), + NO_PSS_SALT_LEN, + }, +- { +- "x931", +- 2048, +- "SHA384", +- ITM(rsa_siggen0_msg), +- NO_PSS_SALT_LEN, +- }, + { + "pss", + 2048, +@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = { + 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b, + }; + +-static const unsigned char rsa_sigverx931_0_n[] = { +- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad, +- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83, +- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87, +- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6, +- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c, +- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73, +- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10, +- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6, +- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79, +- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7, +- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b, +- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02, +- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41, +- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f, +- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf, +- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d, +- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54, +- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e, +- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04, +- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79, +- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16, +- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e, +- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b, +- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8, +- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89, +- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b, +- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62, +- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73, +- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b, +- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f, +- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77, +- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33, +- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66, +- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4, +- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c, +- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28, +- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8, +- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4, +- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0, +- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07, +- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60, +- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a, +- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e, +- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e, +- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81, +- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a, +- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45, +- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7, +- +-}; +-static const unsigned char rsa_sigverx931_0_e[] = { +- 0x01, 0x00, 0x01, +-}; +-static const unsigned char rsa_sigverx931_0_msg[] = { +- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47, +- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd, +- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9, +- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52, +- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41, +- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54, +- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c, +- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf, +- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47, +- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01, +- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f, +- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67, +- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41, +- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd, +- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca, +- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00, +- +-}; +-static const unsigned char rsa_sigverx931_0_sig[] = { +- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb, +- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3, +- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e, +- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00, +- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18, +- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc, +- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5, +- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f, +- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75, +- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74, +- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4, +- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1, +- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19, +- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82, +- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef, +- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5, +- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2, +- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04, +- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf, +- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a, +- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c, +- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d, +- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74, +- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75, +- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd, +- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57, +- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07, +- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05, +- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c, +- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca, +- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57, +- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e, +- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a, +- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e, +- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b, +- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a, +- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10, +- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d, +- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52, +- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f, +- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda, +- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59, +- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37, +- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15, +- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec, +- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0, +- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13, +- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb, +-}; +- +-#define rsa_sigverx931_1_n rsa_sigverx931_0_n +-#define rsa_sigverx931_1_e rsa_sigverx931_0_e +-static const unsigned char rsa_sigverx931_1_msg[] = { +- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8, +- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d, +- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9, +- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3, +- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26, +- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f, +- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2, +- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5, +- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42, +- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59, +- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd, +- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72, +- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45, +- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44, +- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42, +- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55, +-}; +- +-static const unsigned char rsa_sigverx931_1_sig[] = { +- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5, +- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67, +- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95, +- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a, +- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3, +- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69, +- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23, +- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14, +- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75, +- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f, +- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37, +- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef, +- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60, +- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94, +- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93, +- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde, +- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b, +- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99, +- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb, +- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef, +- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6, +- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe, +- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9, +- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63, +- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9, +- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48, +- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd, +- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16, +- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8, +- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54, +- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66, +- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56, +- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99, +- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90, +- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3, +- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25, +- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34, +- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70, +- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75, +- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3, +- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53, +- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c, +- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07, +- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85, +- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab, +- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b, +- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4, +- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d, +-}; +- + static const struct rsa_sigver_st rsa_sigver_data[] = { + { + "pkcs1", /* pkcs1v1.5 */ +@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { + NO_PSS_SALT_LEN, + FAIL + }, +- { +- "x931", +- 3072, +- "SHA256", +- ITM(rsa_sigverx931_1_msg), +- ITM(rsa_sigverx931_1_n), +- ITM(rsa_sigverx931_1_e), +- ITM(rsa_sigverx931_1_sig), +- NO_PSS_SALT_LEN, +- FAIL +- }, + { + "pss", + 4096, +-- +2.41.0 + diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch new file mode 100644 index 0000000..a857ef9 --- /dev/null +++ b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch @@ -0,0 +1,104 @@ +From 8e388e194e665286a8996d7d5926bab5c1a6b4f9 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:46:40 +0200 +Subject: [PATCH 38/48] + 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch + +Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +Patch-id: 83 +--- + include/crypto/evp.h | 7 +++++++ + include/openssl/core_names.h | 1 + + include/openssl/evp.h | 3 +++ + providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++ + 4 files changed, 28 insertions(+) + +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index aa07153441..a13127bd59 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); + const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); + const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); + ++#ifdef FIPS_MODULE ++/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key ++ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for ++ * HMAC verification. */ ++# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8) ++#endif ++ + struct evp_mac_st { + OSSL_PROVIDER *prov; + int name_id; +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index f185bc9342..1d1da4d3ca 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -175,6 +175,7 @@ extern "C" { + #define OSSL_MAC_PARAM_SIZE "size" /* size_t */ + #define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */ + #define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ ++#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" + + /* Known MAC names */ + #define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index 86f4e22c70..615857caf5 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -1194,6 +1194,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, + void *arg); + + /* MAC stuff */ ++# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + + EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, + const char *properties); +diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c +index 52ebb08b8f..cf5c3ecbe7 100644 +--- a/providers/implementations/macs/hmac_prov.c ++++ b/providers/implementations/macs/hmac_prov.c +@@ -21,6 +21,8 @@ + #include + #include + ++#include "crypto/evp.h" ++ + #include "prov/implementations.h" + #include "prov/provider_ctx.h" + #include "prov/provider_util.h" +@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), + OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, +@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) + && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) + return 0; + ++#ifdef FIPS_MODULE ++ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) { ++ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED; ++ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms ++ * specifies key lengths < 112 bytes are disallowed for HMAC generation ++ * and legacy use for HMAC verification. */ ++ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + return 1; + } + +-- +2.41.0 + diff --git a/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch b/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch new file mode 100644 index 0000000..bf94740 --- /dev/null +++ b/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch @@ -0,0 +1,69 @@ +From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:47:55 +0200 +Subject: [PATCH 39/48] + 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch + +Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +Patch-id: 84 +--- + providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index 349c3dd657..11820d1e69 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -35,6 +35,21 @@ + #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF + #define KDF_PBKDF2_MIN_ITERATIONS 1000 + #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) ++/* The Implementation Guidance for FIPS 140-3 says in section D.N ++ * "Password-Based Key Derivation for Storage Applications" that "the vendor ++ * shall document in the module’s Security Policy the length of ++ * a password/passphrase used in key derivation and establish an upper bound ++ * for the probability of having this parameter guessed at random. This ++ * probability shall take into account not only the length of the ++ * password/passphrase, but also the difficulty of guessing it. The decision on ++ * the minimum length of a password used for key derivation is the vendor’s, ++ * but the vendor shall at a minimum informally justify the decision." ++ * ++ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP ++ * testing uses passwords as short as 8 bytes, and requiring longer passwords ++ * combined with an implicit indicator (i.e., returning an error) would cause ++ * the module to fail ACVP testing. */ ++#define KDF_PBKDF2_MIN_PASSWORD_LEN (8) + + static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new; + static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup; +@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + ctx->lower_bound_checks = pkcs5 == 0; + } + +- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) ++ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) { ++ if (ctx->lower_bound_checks != 0 ++ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } + if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p)) + return 0; ++ } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { + if (ctx->lower_bound_checks != 0 +@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen, + } + + if (lower_bound_checks) { ++ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } + if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { + ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); + return 0; +-- +2.41.0 + diff --git a/0085-FIPS-RSA-disable-shake.patch b/0085-FIPS-RSA-disable-shake.patch new file mode 100644 index 0000000..9ae7a99 --- /dev/null +++ b/0085-FIPS-RSA-disable-shake.patch @@ -0,0 +1,101 @@ +From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:51:55 +0200 +Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch + +Patch-name: 0085-FIPS-RSA-disable-shake.patch +Patch-id: 85 +--- + crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++ + crypto/rsa/rsa_pss.c | 16 ++++++++++++++++ + 2 files changed, 44 insertions(+) + +diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c +index b2f7f7dc4b..af2b0b026c 100644 +--- a/crypto/rsa/rsa_oaep.c ++++ b/crypto/rsa/rsa_oaep.c +@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, + return 0; + #endif + } ++ ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return 0; ++ } ++#endif + if (mgf1md == NULL) + mgf1md = md; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return 0; ++ } ++#endif ++ + mdlen = EVP_MD_get_size(md); + if (mdlen <= 0) { + ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); +@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + #endif + } + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return -1; ++ } ++#endif ++ + if (mgf1md == NULL) + mgf1md = md; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return -1; ++ } ++#endif ++ + mdlen = EVP_MD_get_size(md); + + if (tlen <= 0 || flen <= 0) +diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c +index bb46ec64c7..c0fdf232da 100644 +--- a/crypto/rsa/rsa_pss.c ++++ b/crypto/rsa/rsa_pss.c +@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + if (mgf1Hash == NULL) + mgf1Hash = Hash; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) ++ goto err; ++ ++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) ++ goto err; ++#endif ++ + hLen = EVP_MD_get_size(Hash); + if (hLen < 0) + goto err; +@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + if (mgf1Hash == NULL) + mgf1Hash = Hash; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) ++ goto err; ++ ++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) ++ goto err; ++#endif ++ + hLen = EVP_MD_get_size(Hash); + if (hLen < 0) + goto err; +-- +2.41.0 + diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch new file mode 100644 index 0000000..0577e00 --- /dev/null +++ b/0088-signature-Add-indicator-for-PSS-salt-length.patch @@ -0,0 +1,82 @@ +From 98ee6faef3da1439c04f11cd2796132d27d1e607 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 15:58:07 +0200 +Subject: [PATCH 41/48] 0088-signature-Add-indicator-for-PSS-salt-length.patch + +Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch +Patch-id: 88 +--- + include/openssl/core_names.h | 1 + + include/openssl/evp.h | 4 ++++ + providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++++ + 3 files changed, 26 insertions(+) + +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 1d1da4d3ca..48af87e236 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -458,6 +458,7 @@ extern "C" { + #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ + OSSL_PKEY_PARAM_MGF1_PROPERTIES + #define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE ++#define OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" + + /* Asym cipher parameters */ + #define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index 615857caf5..05f2d0f75a 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -799,6 +799,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + ++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 ++ + __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index cfaa4841cb..851671cfb1 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -1173,6 +1173,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) + } + } + ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED; ++ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) { ++ if (prsactx->md == NULL) { ++ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED; ++ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) { ++ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ } else if (prsactx->pad_mode == RSA_NO_PADDING) { ++ if (prsactx->md == NULL) /* Should always be the case */ ++ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif ++ + return 1; + } + +@@ -1182,6 +1200,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif + OSSL_PARAM_END + }; + +-- +2.41.0 + diff --git a/0091-FIPS-RSA-encapsulate.patch b/0091-FIPS-RSA-encapsulate.patch new file mode 100644 index 0000000..69c8546 --- /dev/null +++ b/0091-FIPS-RSA-encapsulate.patch @@ -0,0 +1,47 @@ +From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:01:48 +0200 +Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch + +Patch-name: 0091-FIPS-RSA-encapsulate.patch +Patch-id: 91 +--- + providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c +index 365ae3d7d6..8a6f585d0b 100644 +--- a/providers/implementations/kem/rsa_kem.c ++++ b/providers/implementations/kem/rsa_kem.c +@@ -265,6 +265,14 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, + *secretlen = nlen; + return 1; + } ++ ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + /* + * Step (2): Generate a random byte string z of nlen bytes where + * 1 < z < n - 1 +@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, + return 1; + } + ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + /* Step (2): check the input ciphertext 'inlen' matches the nlen */ + if (inlen != nlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); +-- +2.41.0 + diff --git a/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch b/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch new file mode 100644 index 0000000..c92d417 --- /dev/null +++ b/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch @@ -0,0 +1,330 @@ +From 590babb35e3aa399c889282747965e301333a656 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:07:18 +0200 +Subject: [PATCH 43/48] + 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch + +Patch-name: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +Patch-id: 93 +--- + crypto/dh/dh_backend.c | 10 ++++ + crypto/dh/dh_check.c | 12 ++-- + crypto/dh/dh_gen.c | 12 +++- + crypto/dh/dh_key.c | 13 ++-- + crypto/dh/dh_pmeth.c | 10 +++- + providers/implementations/keymgmt/dh_kmgmt.c | 5 ++ + test/endecode_test.c | 4 +- + test/evp_libctx_test.c | 2 +- + test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++ + test/helpers/predefined_dhparams.h | 1 + + test/recipes/80-test_cms.t | 4 +- + test/recipes/80-test_ssl_old.t | 3 + + 12 files changed, 118 insertions(+), 20 deletions(-) + +diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c +index 726843fd30..24c65ca84f 100644 +--- a/crypto/dh/dh_backend.c ++++ b/crypto/dh/dh_backend.c +@@ -53,6 +53,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) + if (!dh_ffc_params_fromdata(dh, params)) + return 0; + ++#ifdef FIPS_MODULE ++ if (!ossl_dh_is_named_safe_prime_group(dh)) { ++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, ++ "FIPS 186-4 type domain parameters no longer allowed in" ++ " FIPS mode, since the required validation routines" ++ " were removed from FIPS 186-5"); ++ return 0; ++ } ++#endif ++ + param_priv_len = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); + if (param_priv_len != NULL +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index 0b391910d6..75581ca347 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret) + nid = DH_get_nid((DH *)dh); + if (nid != NID_undef) + return 1; ++ + /* +- * OR +- * (2b) FFC domain params conform to FIPS-186-4 explicit domain param +- * validity tests. ++ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode. + */ +- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params, +- FFC_PARAM_TYPE_DH, ret, NULL); ++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, ++ "FIPS 186-4 type domain parameters no longer allowed in" ++ " FIPS mode, since the required validation routines were" ++ " removed from FIPS 186-5"); ++ return 0; + } + #else + int DH_check_params(const DH *dh, int *ret) +diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c +index 204662a81c..9961f21920 100644 +--- a/crypto/dh/dh_gen.c ++++ b/crypto/dh/dh_gen.c +@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb) + { +- int ret, res; ++ int ret = 0; + + #ifndef FIPS_MODULE ++ int res; ++ + if (type == DH_PARAMGEN_TYPE_FIPS_186_2) + ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params, + FFC_PARAM_TYPE_DH, + pbits, qbits, &res, cb); + else +-#endif + ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params, + FFC_PARAM_TYPE_DH, + pbits, qbits, &res, cb); ++#else ++ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */ ++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, ++ "FIPS 186-4 type domain parameters no longer allowed in" ++ " FIPS mode, since the required generation routines were" ++ " removed from FIPS 186-5"); ++#endif + if (ret > 0) + dh->dirty_cnt++; + return ret; +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 83773cceea..7e988368d3 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -321,8 +321,12 @@ static int generate_key(DH *dh) + goto err; + } else { + #ifdef FIPS_MODULE +- if (dh->params.q == NULL) +- goto err; ++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, ++ "FIPS 186-4 type domain parameters no longer" ++ " allowed in FIPS mode, since the required" ++ " generation routines were removed from FIPS" ++ " 186-5"); ++ goto err; + #else + if (dh->params.q == NULL) { + /* secret exponent length, must satisfy 2^(l-1) <= p */ +@@ -343,9 +347,7 @@ static int generate_key(DH *dh) + if (!BN_clear_bit(priv_key, 0)) + goto err; + } +- } else +-#endif +- { ++ } else { + /* Do a partial check for invalid p, q, g */ + if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, + FFC_PARAM_TYPE_DH, NULL)) +@@ -361,6 +363,7 @@ static int generate_key(DH *dh) + priv_key)) + goto err; + } ++#endif + } + } + +diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c +index f201eede0d..30f90d15be 100644 +--- a/crypto/dh/dh_pmeth.c ++++ b/crypto/dh/dh_pmeth.c +@@ -305,13 +305,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, + prime_len, subprime_len, &res, + pcb); + else +-# endif +- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ +- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) + rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, + FFC_PARAM_TYPE_DH, + prime_len, subprime_len, &res, + pcb); ++# else ++ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */ ++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, ++ "FIPS 186-4 type domain parameters no longer allowed in" ++ " FIPS mode, since the required generation routines were" ++ " removed from FIPS 186-5"); ++# endif + if (rv <= 0) { + DH_free(ret); + return NULL; +diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c +index 9a7dde7c66..b3e7bca5ac 100644 +--- a/providers/implementations/keymgmt/dh_kmgmt.c ++++ b/providers/implementations/keymgmt/dh_kmgmt.c +@@ -414,6 +414,11 @@ static int dh_validate(const void *keydata, int selection, int checktype) + if ((selection & DH_POSSIBLE_SELECTIONS) == 0) + return 1; /* nothing to validate */ + ++#ifdef FIPS_MODULE ++ /* In FIPS provider, always check the domain parameters to disallow ++ * operations on keys with FIPS 186-4 params. */ ++ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; ++#endif + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + /* + * Both of these functions check parameters. DH_check_params_ex() +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 53385028fc..169f3ccd73 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) + * for testing only. Use a minimum key size of 2048 for security purposes. + */ + if (strcmp(type, "DH") == 0) +- return get_dh512(keyctx); ++ return get_dh2048(keyctx); + + if (strcmp(type, "X9.42 DH") == 0) +- return get_dhx512(keyctx); ++ return get_dhx_ffdhe2048(keyctx); + # endif + + /* +diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c +index a7913cda4c..96a35ac1cc 100644 +--- a/test/evp_libctx_test.c ++++ b/test/evp_libctx_test.c +@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn) + + if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) +- || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) ++ || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey) == 1, expected)) + goto err; + + if (expected) { +diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c +index 4bdadc4143..e5186e4b4a 100644 +--- a/test/helpers/predefined_dhparams.c ++++ b/test/helpers/predefined_dhparams.c +@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx) + dhx512_q, sizeof(dhx512_q)); + } + ++EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx) ++{ ++ /* This is RFC 7919 ffdhe2048, since Red Hat removes support for ++ * non-well-known groups in FIPS mode. */ ++ static unsigned char dhx_p[] = { ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58, ++ 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, ++ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41, ++ 0x14, 0x64, 0x33, 0xfb, 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, ++ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02, ++ 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, ++ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55, ++ 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, ++ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda, ++ 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, ++ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82, ++ 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, ++ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3, ++ 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, ++ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1, ++ 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, ++ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32, ++ 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, ++ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83, ++ 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, ++ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff ++ }; ++ static unsigned char dhx_g[] = { ++ 0x02 ++ }; ++ static unsigned char dhx_q[] = { ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, ++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, ++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, ++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, ++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, ++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, ++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, ++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, ++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, ++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, ++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff ++ }; ++ ++ return get_dh_from_pg(libctx, "X9.42 DH", ++ dhx_p, sizeof(dhx_p), ++ dhx_g, sizeof(dhx_g), ++ dhx_q, sizeof(dhx_q)); ++} ++ + EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx) + { + static unsigned char dh1024_p[] = { +diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h +index f0e8709062..2ff6d6e721 100644 +--- a/test/helpers/predefined_dhparams.h ++++ b/test/helpers/predefined_dhparams.h +@@ -12,6 +12,7 @@ + #ifndef OPENSSL_NO_DH + EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx); + EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx); ++EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx); + EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct); + EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx); + EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx); +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 2a459856f0..afac836fa3 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -627,10 +627,10 @@ my @smime_cms_param_tests = ( + ], + + [ "enveloped content test streaming S/MIME format, X9.42 DH", +- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, ++ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], +- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), ++ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ] +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index 527abcea6e..e1d38b1e62 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -390,6 +390,9 @@ sub testssl { + skip "skipping dhe1024dsa test", 1 + if ($no_dh); + ++ skip "FIPS 186-4 type DH groups are no longer supported by the FIPS provider", 1 ++ if $provider eq "fips"; ++ + ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])), + 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); + } +-- +2.41.0 + diff --git a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch new file mode 100644 index 0000000..1ea7122 --- /dev/null +++ b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch @@ -0,0 +1,96 @@ +From 5db03a4d024f1e396ff54d38ac70d9890b034074 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:10:11 +0200 +Subject: [PATCH 45/48] + 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch + +Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +Patch-id: 110 +--- + include/openssl/core_names.h | 1 + + include/openssl/evp.h | 4 +++ + .../implementations/ciphers/ciphercommon.c | 4 +++ + .../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++ + 4 files changed, 34 insertions(+) + +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 48af87e236..29459049ad 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -99,6 +99,7 @@ extern "C" { + #define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ + /* For passing the AlgorithmIdentifier parameter in DER form */ + #define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */ ++#define OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* int */ + + #define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ + "tls1multi_maxsndfrag" /* uint */ +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index 05f2d0f75a..f1a33ff6f2 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -748,6 +748,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); + void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); + int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + ++# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 ++ + __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); + /*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, +diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c +index fa383165d8..716add7339 100644 +--- a/providers/implementations/ciphers/ciphercommon.c ++++ b/providers/implementations/ciphers/ciphercommon.c +@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0), ++ /* normally we would hide this under an #ifdef FIPS_MODULE, but that does ++ * not work in ciphercommon.c because it is compiled only once into ++ * libcommon.a */ ++ OSSL_PARAM_int(OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL), + OSSL_PARAM_END + }; + const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params( +diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c +index ed95c97ff4..db7910eb0e 100644 +--- a/providers/implementations/ciphers/ciphercommon_gcm.c ++++ b/providers/implementations/ciphers/ciphercommon_gcm.c +@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) + || !getivgen(ctx, p->data, p->data_size)) + return 0; + } ++ ++ /* We would usually hide this under #ifdef FIPS_MODULE, but ++ * ciphercommon_gcm.c is only compiled once into libcommon.a, so ifdefs do ++ * not work here. */ ++ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module ++ * Verification Program, Section C.H requires guarantees about the ++ * uniqueness of key/iv pairs, and proposes a few approaches to ensure ++ * this. This provides an indicator for option 2 "The IV may be ++ * generated internally at its entirety randomly." Note that one of the ++ * conditions of this option is that "The IV length shall be at least ++ * 96 bits (per SP 800-38D)." We do not specically check for this ++ * condition here, because gcm_iv_generate will fail in this case. */ ++ if (ctx->enc && !ctx->iv_gen_rand) ++ fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); ++ return 0; ++ } ++ } ++ + return 1; + } + +-- +2.41.0 + diff --git a/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch b/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch new file mode 100644 index 0000000..aec08c9 --- /dev/null +++ b/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch @@ -0,0 +1,75 @@ +From 48c763ed9cc889806bc01222382ce6f918a408a2 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:12:33 +0200 +Subject: [PATCH 46/48] + 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch + +Patch-name: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +Patch-id: 112 +--- + providers/implementations/kdfs/pbkdf2.c | 40 +++++++++++++++++++++++-- + 1 file changed, 37 insertions(+), 3 deletions(-) + +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index 11820d1e69..bae2238ab5 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -284,11 +284,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx, + + static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[]) + { ++#ifdef FIPS_MODULE ++ KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM *p; ++ int any_valid = 0; /* set to 1 when at least one parameter was valid */ ++ ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { ++ any_valid = 1; ++ ++ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX)) ++ return 0; ++ } ++ ++#ifdef FIPS_MODULE ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR)) ++ != NULL) { ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ /* The lower_bound_checks parameter enables checks required by FIPS. If ++ * those checks are disabled, the PBKDF2 implementation will also ++ * support non-approved parameters (e.g., salt lengths < 16 bytes, see ++ * NIST SP 800-132 section 5.1). */ ++ if (!ctx->lower_bound_checks) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + +- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) +- return OSSL_PARAM_set_size_t(p, SIZE_MAX); +- return -2; ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ ++ any_valid = 1; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ ++ if (!any_valid) ++ return -2; ++ ++ return 1; + } + + static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, +@@ -296,6 +327,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +-- +2.41.0 + diff --git a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch new file mode 100644 index 0000000..564f8d1 --- /dev/null +++ b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch @@ -0,0 +1,137 @@ +From 136988155862ce2b45683ef8045e7a8cdd11e215 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:13:46 +0200 +Subject: [PATCH 47/48] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch + +Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +Patch-id: 113 +--- + include/openssl/core_names.h | 2 ++ + include/openssl/evp.h | 4 +++ + .../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++ + providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++- + 4 files changed, 57 insertions(+), 1 deletion(-) + +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 29459049ad..9af0b1847d 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -480,6 +480,7 @@ extern "C" { + #ifdef FIPS_MODULE + #define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" + #endif ++#define OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" + + /* + * Encoder / decoder parameters +@@ -514,6 +515,7 @@ extern "C" { + + /* KEM parameters */ + #define OSSL_KEM_PARAM_OPERATION "operation" ++#define OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* int */ + + /* OSSL_KEM_PARAM_OPERATION values */ + #define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index f1a33ff6f2..dadbf46a5a 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -1767,6 +1767,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); + OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + # endif + ++# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 ++ + EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); + int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c +index d169bfd396..bd4dcb4e27 100644 +--- a/providers/implementations/asymciphers/rsa_enc.c ++++ b/providers/implementations/asymciphers/rsa_enc.c +@@ -466,6 +466,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) + if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) + return 0; + ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED; ++ ++ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key ++ * confirmation (section 6.4.2.3.2), or assurance from a trusted third ++ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but ++ * explicit key confirmation is not implemented here and cannot be ++ * implemented without protocol changes, and the FIPS provider does not ++ * implement trusted third party validation, since it relies on its ++ * callers to do that. We must thus mark RSA-OAEP as unapproved until ++ * we have received clarification from NIST on how library modules such ++ * as OpenSSL should implement TTP validation. */ ++ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + return 1; + } + +@@ -480,6 +501,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), + #ifdef FIPS_MODULE + OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), ++ OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL), + #endif /* FIPS_MODULE */ + OSSL_PARAM_END + }; +diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c +index 8a6f585d0b..f4b7415074 100644 +--- a/providers/implementations/kem/rsa_kem.c ++++ b/providers/implementations/kem/rsa_kem.c +@@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, + static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params) + { + PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx; ++#ifdef FIPS_MODULE ++ OSSL_PARAM *p; ++#endif /* defined(FIPS_MODULE) */ ++ ++ if (ctx == NULL) ++ return 0; ++ ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key ++ * confirmation (section 6.4.2.3.2), or assurance from a trusted third ++ * party (section 6.4.2.3.1) for key agreement or key transport, but ++ * explicit key confirmation is not implemented here and cannot be ++ * implemented without protocol changes, and the FIPS provider does not ++ * implement trusted third party validation, since it relies on its ++ * callers to do that. We must thus mark RSASVE unapproved until we ++ * have received clarification from NIST on how library modules such as ++ * OpenSSL should implement TTP validation. */ ++ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ ++ if (!OSSL_PARAM_set_int(p, fips_indicator)) ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ + +- return ctx != NULL; ++ return 1; + } + + static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = { ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + +-- +2.41.0 + diff --git a/0114-FIPS-enforce-EMS-support.patch b/0114-FIPS-enforce-EMS-support.patch new file mode 100644 index 0000000..2094ce3 --- /dev/null +++ b/0114-FIPS-enforce-EMS-support.patch @@ -0,0 +1,251 @@ +From 9b02ad7225b74a5b9088b361caead0a41e570e93 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 21 Aug 2023 16:40:56 +0200 +Subject: [PATCH 48/48] 0114-FIPS-enforce-EMS-support.patch + +Patch-name: 0114-FIPS-enforce-EMS-support.patch +Patch-id: 114 +Patch-status: | + # We believe that some changes present in CentOS are not necessary + # because ustream has a check for FIPS version +--- + doc/man3/SSL_CONF_cmd.pod | 3 +++ + doc/man5/fips_config.pod | 13 +++++++++++ + include/openssl/fips_names.h | 8 +++++++ + include/openssl/ssl.h.in | 1 + + providers/fips/fipsprov.c | 2 +- + providers/implementations/kdfs/tls1_prf.c | 22 +++++++++++++++++++ + ssl/ssl_conf.c | 1 + + ssl/statem/extensions_srvr.c | 8 ++++++- + ssl/t1_enc.c | 11 ++++++++-- + .../30-test_evp_data/evpkdf_tls12_prf.txt | 10 +++++++++ + test/sslapitest.c | 2 +- + 11 files changed, 76 insertions(+), 5 deletions(-) + +diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod +index ae6ca43282..b83c04a308 100644 +--- a/doc/man3/SSL_CONF_cmd.pod ++++ b/doc/man3/SSL_CONF_cmd.pod +@@ -524,6 +524,9 @@ B: use extended master secret extension, enabled by + default. Inverse of B: that is, + B<-ExtendedMasterSecret> is the same as setting B. + ++B: allow establishing connections without EMS in FIPS mode. ++This is a RedHat-based OS specific option, and normally it should be set up via crypto policies. ++ + B: use CA names extension, enabled by + default. Inverse of B: that is, + B<-CANames> is the same as setting B. +diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod +index 1c15e32a5c..f2cedaf88d 100644 +--- a/doc/man5/fips_config.pod ++++ b/doc/man5/fips_config.pod +@@ -15,6 +15,19 @@ for more information. + + This functionality was added in OpenSSL 3.0. + ++Red Hat Enterprise Linux uses a supplementary config for FIPS module located in ++OpenSSL configuration directory and managed by crypto policies. If present, it ++should have format ++ ++ [fips_sect] ++ tls1-prf-ems-check = 0 ++ activate = 1 ++ ++The B option specifies whether FIPS module will require the ++presence of extended master secret or not. ++ ++The B option enforces FIPS provider activation. ++ + =head1 COPYRIGHT + + Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h +index 5c77f6d691..8cdd5a6bf7 100644 +--- a/include/openssl/fips_names.h ++++ b/include/openssl/fips_names.h +@@ -70,6 +70,14 @@ extern "C" { + */ + # define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" + ++/* ++ * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed. ++ * This is disabled by default. ++ * ++ * Type: OSSL_PARAM_UTF8_STRING ++ */ ++# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" ++ + # ifdef __cplusplus + } + # endif +diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in +index 0b6de603e2..26a69ca282 100644 +--- a/include/openssl/ssl.h.in ++++ b/include/openssl/ssl.h.in +@@ -415,6 +415,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); + * interoperability with CryptoPro CSP 3.x + */ + # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) ++# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48) + + /* + * Option "collections." +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index 5ff9872bd8..eb9653a9df 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) + if (fgbl == NULL) + return NULL; + init_fips_option(&fgbl->fips_security_checks, 1); +- init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */ ++ init_fips_option(&fgbl->fips_tls1_prf_ems_check, 1); /* Enabled by default */ + init_fips_option(&fgbl->fips_restricted_drgb_digests, 0); + return fgbl; + } +diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c +index 25a6c79a2e..79bc7a9719 100644 +--- a/providers/implementations/kdfs/tls1_prf.c ++++ b/providers/implementations/kdfs/tls1_prf.c +@@ -131,6 +131,7 @@ static void *kdf_tls1_prf_new(void *provctx) + static void kdf_tls1_prf_free(void *vctx) + { + TLS1_PRF *ctx = (TLS1_PRF *)vctx; ++ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); + + if (ctx != NULL) { + kdf_tls1_prf_reset(ctx); +@@ -222,6 +223,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, + } + } + ++ /* ++ * The seed buffer is prepended with a label. ++ * If EMS mode is enforced then the label "master secret" is not allowed, ++ * We do the check this way since the PRF is used for other purposes, as well ++ * as "extended master secret". ++ */ ++#ifdef FIPS_MODULE ++ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE ++ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST, ++ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) ++ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++#endif /* defined(FIPS_MODULE) */ ++ if (ossl_tls1_prf_ems_check_enabled(libctx)) { ++ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE ++ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST, ++ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_EMS_NOT_ENABLED); ++ return 0; ++ } ++ } ++ + return tls1_prf_alg(ctx->P_hash, ctx->P_sha1, + ctx->sec, ctx->seclen, + ctx->seed, ctx->seedlen, +diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c +index 5146cedb96..086db98c33 100644 +--- a/ssl/ssl_conf.c ++++ b/ssl/ssl_conf.c +@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) + SSL_FLAG_TBL("ClientRenegotiation", + SSL_OP_ALLOW_CLIENT_RENEGOTIATION), + SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), ++ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS), + SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), + SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), + SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), +diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c +index 00b1ee531e..22cdabb308 100644 +--- a/ssl/statem/extensions_srvr.c ++++ b/ssl/statem/extensions_srvr.c +@@ -11,6 +11,7 @@ + #include "../ssl_local.h" + #include "statem_local.h" + #include "internal/cryptlib.h" ++#include + + #define COOKIE_STATE_FORMAT_VERSION 1 + +@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, + EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) + { +- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) ++ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) { ++ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) { ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED); ++ return EXT_RETURN_FAIL; ++ } + return EXT_RETURN_NOT_SENT; ++ } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) + || !WPACKET_put_bytes_u16(pkt, 0)) { +diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c +index 91238e6457..e8ad8ecd9e 100644 +--- a/ssl/t1_enc.c ++++ b/ssl/t1_enc.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + /* seed1 through seed5 are concatenated */ + static int tls1_PRF(SSL *s, +@@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s, + } + + err: +- if (fatal) +- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ++ if (fatal) { ++ /* The calls to this function are local so it's safe to implement the check */ ++ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE ++ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED); ++ else ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ++ } + else + ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); + EVP_KDF_CTX_free(kctx); +diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +index 44040ff66b..deb6bf3fcb 100644 +--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt ++++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c + Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce + Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf + ++Availablein = fips ++KDF = TLS1-PRF ++Ctrl.digest = digest:SHA256 ++Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc ++Ctrl.label = seed:master secret ++Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c ++Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce ++Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf ++Result = KDF_DERIVE_ERROR ++ + FIPSversion = <=3.1.0 + KDF = TLS1-PRF + Ctrl.digest = digest:SHA256 +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 169e3c7466..e67b5bb44c 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -574,7 +574,7 @@ static int test_client_cert_verify_cb(void) + STACK_OF(X509) *server_chain; + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; +- int testresult = 0; ++ int testresult = 0, status; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_VERSION, 0, +-- +2.41.0 + diff --git a/mingw-openssl.spec b/mingw-openssl.spec index ce5d9f6..a2a6098 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -14,7 +14,7 @@ %global run_tests 0 Name: mingw-openssl -Version: 3.0.9 +Version: 3.1.4 Release: 2%{?dist} Summary: MinGW port of the OpenSSL toolkit @@ -29,37 +29,124 @@ Source7: renew-dummy-cert Source12: ec_curve.c Source13: ectest.c -# Patches exported from source git -# Aarch64 and ppc64le use lib64 -Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch -# Use more general default values in openssl.cnf -Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch -# Do not install html docs -Patch3: 0003-Do-not-install-html-docs.patch -# Override default paths for the CA directory tree -Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch -# apps/ca: fix md option help text -Patch5: 0005-apps-ca-fix-md-option-help-text.patch -# Disable signature verification with totally unsafe hash algorithms -Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch -# Add support for PROFILE=SYSTEM system default cipherlist -Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch -# Add FIPS_mode() compatibility macro -Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch -# Add check to see if fips flag is enabled in kernel -#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch -# remove unsupported EC curves -Patch11: 0011-Remove-EC-curves.patch -# Disable explicit EC curves -Patch12: 0012-Disable-explicit-ec.patch -# Instructions to load legacy provider in openssl.cnf -Patch24: 0024-load-legacy-prov.patch -# Backport of patch for RHEL for Edge rhbz #2027261 -Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch +# # Patches exported from source git +# # Aarch64 and ppc64le use lib64 +Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch +# # Use more general default values in openssl.cnf +Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch +# # Do not install html docs +Patch3: 0003-Do-not-install-html-docs.patch +# # Override default paths for the CA directory tree +Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch +# # apps/ca: fix md option help text +Patch5: 0005-apps-ca-fix-md-option-help-text.patch +# # Disable signature verification with totally unsafe hash algorithms +Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +# # Add support for PROFILE=SYSTEM system default cipherlist +Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +# # Add FIPS_mode() compatibility macro +Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch +# # Add check to see if fips flag is enabled in kernel +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so +# # that new modifications made to these files by upstream are not lost. +Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch +# # remove unsupported EC curves +Patch11: 0011-Remove-EC-curves.patch +# # Disable explicit EC curves +# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +Patch12: 0012-Disable-explicit-ec.patch +# # Skipped tests from former 0011-Remove-EC-curves.patch +Patch13: 0013-skipped-tests-EC-curves.patch +# # Instructions to load legacy provider in openssl.cnf +Patch24: 0024-load-legacy-prov.patch +# # We load FIPS provider and set FIPS properties implicitly +Patch32: 0032-Force-fips.patch +# # Embed HMAC into the fips.so +# RWMJ: Remove this patch for mingw as it causes +# > link.h: No such file or directory +#Patch33: 0033-FIPS-embed-hmac.patch +# # Comment out fipsinstall command-line utility +Patch34: 0034.fipsinstall_disable.patch +# # Skip unavailable algorithms running `openssl speed` +Patch35: 0035-speed-skip-unavailable-dgst.patch +# # Extra public/private key checks required by FIPS-140-3 +Patch44: 0044-FIPS-140-3-keychecks.patch +# # Minimize fips services +# Remove this patch on mingw as it causes: +# > error: 'REDHAT_FIPS_VERSION' undeclared +#Patch45: 0045-FIPS-services-minimize.patch +# # Execute KATS before HMAC verification +# RWMJ: Broken by removal of 0033 +#Patch47: 0047-FIPS-early-KATS.patch +# # Selectively disallow SHA1 signatures rhbz#2070977 +Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch +# # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) +Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +# # https://github.com/openssl/openssl/pull/18103 +# # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 +# # so the patch should persist +# RWMJ: Remove this patch for mingw as it include "attribute((symver))" +# which does not work on non-ELF. +#Patch56: 0056-strcasecmp.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +Patch58: 0058-FIPS-limit-rsa-encrypt.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +# 0062-fips-Expose-a-FIPS-indicator.patch +Patch62: 0062-fips-Expose-a-FIPS-indicator.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +# [PATCH 29/46] +# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch +# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +Patch76: 0076-FIPS-140-3-DRBG.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +Patch77: 0077-FIPS-140-3-zeroization.patch +# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +# # https://github.com/openssl/openssl/pull/13817 +Patch79: 0079-RSA-PKCS15-implicit-rejection.patch +# # We believe that some changes present in CentOS are not necessary +# # because ustream has a check for FIPS version +Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +# [PATCH 36/46] +# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +# [PATCH 37/46] +# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +# [PATCH 38/46] +# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +# 0085-FIPS-RSA-disable-shake.patch +Patch85: 0085-FIPS-RSA-disable-shake.patch +# 0088-signature-Add-indicator-for-PSS-salt-length.patch +Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch +# 0091-FIPS-RSA-encapsulate.patch +Patch91: 0091-FIPS-RSA-encapsulate.patch +# [PATCH 42/46] +# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch +# [PATCH 43/46] +# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch +# [PATCH 44/46] +# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch +# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch +# # We believe that some changes present in CentOS are not necessary +# # because ustream has a check for FIPS version +Patch114: 0114-FIPS-enforce-EMS-support.patch # MinGW patches # Attempt to compute openssl modules dir dynamically from executable path if not set by OPENSSL_MODULES -Patch100: openssl_compute_moddir.patch +Patch1000: openssl_compute_moddir.patch BuildArch: noarch @@ -368,6 +455,9 @@ mkdir -m700 %{buildroot}%{mingw64_sysconfdir}/pki/CA/private %changelog +* Thu Jan 11 2024 Richard W.M. Jones - 3.1.4-2 +- Update to 3.1.4 + * Thu Jul 20 2023 Fedora Release Engineering - 3.0.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index 22b94a3..1afcd8c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.9.tar.gz) = 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a +SHA512 (openssl-3.1.4.tar.gz) = 4cd204b934cf3250dad985438d7ffd98e17f5d79086b379a0022d92c66e340b0b3a0357aaf606004d7f50cfc4c8964ac34c45d7cb0735cfa68f4fec65bd9d18f