From addc25389ba74e3575427887943628732847534f Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: May 31 2023 14:52:08 +0000 Subject: Rework 3.0.9 update --- diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch index b1e209d..b5b6bb4 100644 --- a/0001-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3.0.9-new/Configurations/10-main.conf --- openssl-3.0.9/Configurations/10-main.conf 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 14:33:08.690116459 +0200 ++++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 16:36:50.335282918 +0200 @@ -730,6 +730,7 @@ my %targets = ( lib_cppflags => add("-DL_ENDIAN"), asm_arch => 'ppc64', diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch index 64e91dd..c241062 100644 --- a/0002-Use-more-general-default-values-in-openssl.cnf.patch +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf --- openssl-3.0.9/apps/openssl.cnf 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 14:33:08.976116339 +0200 ++++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 16:36:50.587282180 +0200 @@ -111,7 +111,7 @@ cert_opt = ca_default # Certificate fi default_days = 365 # how long to certify for diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch index ac4182c..d044dac 100644 --- a/0003-Do-not-install-html-docs.patch +++ b/0003-Do-not-install-html-docs.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl openssl-3.0.9-new/Configurations/unix-Makefile.tmpl --- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 14:33:09.244116226 +0200 ++++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 16:36:50.836281451 +0200 @@ -611,7 +611,7 @@ install_sw: install_dev install_engines uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index 1a87980..b5a58e8 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/CA.pl.in openssl-3.0.9-new/apps/CA.pl.in --- openssl-3.0.9/apps/CA.pl.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/CA.pl.in 2023-05-31 14:33:09.507116115 +0200 ++++ openssl-3.0.9-new/apps/CA.pl.in 2023-05-31 16:36:51.078280742 +0200 @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; my $PKCS12 = "$openssl pkcs12"; @@ -11,8 +11,8 @@ diff -rupN --no-dereference openssl-3.0.9/apps/CA.pl.in openssl-3.0.9-new/apps/C my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf ---- openssl-3.0.9/apps/openssl.cnf 2023-05-31 14:33:09.240116228 +0200 -+++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 14:33:09.507116115 +0200 +--- openssl-3.0.9/apps/openssl.cnf 2023-05-31 16:36:50.830281468 +0200 ++++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 16:36:51.078280742 +0200 @@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch index a8621da..6ecd734 100644 --- a/0005-apps-ca-fix-md-option-help-text.patch +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/ca.c openssl-3.0.9-new/apps/ca.c --- openssl-3.0.9/apps/ca.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/ca.c 2023-05-31 14:33:09.769116005 +0200 ++++ openssl-3.0.9-new/apps/ca.c 2023-05-31 16:36:51.336279987 +0200 @@ -210,7 +210,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch index 985e0aa..d525118 100644 --- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/asn1/a_verify.c openssl-3.0.9-new/crypto/asn1/a_verify.c --- openssl-3.0.9/crypto/asn1/a_verify.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/asn1/a_verify.c 2023-05-31 14:33:10.043115889 +0200 ++++ openssl-3.0.9-new/crypto/asn1/a_verify.c 2023-05-31 16:36:51.578279278 +0200 @@ -153,6 +153,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index fc26827..12152b5 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl openssl-3.0.9-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-31 14:33:09.503116117 +0200 -+++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 14:33:10.302115779 +0200 +--- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-31 16:36:51.074280754 +0200 ++++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 16:36:51.814278587 +0200 @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -22,7 +22,7 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl open CFLAGS={- join(' ', @{$config{CFLAGS}}) -} diff -rupN --no-dereference openssl-3.0.9/Configure openssl-3.0.9-new/Configure --- openssl-3.0.9/Configure 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/Configure 2023-05-31 14:33:10.306115778 +0200 ++++ openssl-3.0.9-new/Configure 2023-05-31 16:36:51.815278584 +0200 @@ -27,7 +27,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -64,7 +64,7 @@ diff -rupN --no-dereference openssl-3.0.9/Configure openssl-3.0.9-new/Configure $banner = $1 . "\n"; diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-ciphers.pod.in openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in --- openssl-3.0.9/doc/man1/openssl-ciphers.pod.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in 2023-05-31 14:33:10.302115779 +0200 ++++ openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in 2023-05-31 16:36:51.815278584 +0200 @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -83,7 +83,7 @@ diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-ciphers.pod.in openss "High" encryption cipher suites. This currently means those with key lengths diff -rupN --no-dereference openssl-3.0.9/include/openssl/ssl.h.in openssl-3.0.9-new/include/openssl/ssl.h.in --- openssl-3.0.9/include/openssl/ssl.h.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/ssl.h.in 2023-05-31 14:33:10.303115779 +0200 ++++ openssl-3.0.9-new/include/openssl/ssl.h.in 2023-05-31 16:36:51.816278581 +0200 @@ -205,6 +205,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -98,7 +98,7 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/ssl.h.in openssl-3.0.9 # define SSL_SENT_SHUTDOWN 1 diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/ssl_ciph.c --- openssl-3.0.9/ssl/ssl_ciph.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/ssl/ssl_ciph.c 2023-05-31 14:33:10.303115779 +0200 ++++ openssl-3.0.9-new/ssl/ssl_ciph.c 2023-05-31 16:36:51.816278581 +0200 @@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c return ret; } @@ -254,7 +254,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/s char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_lib.c openssl-3.0.9-new/ssl/ssl_lib.c --- openssl-3.0.9/ssl/ssl_lib.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/ssl/ssl_lib.c 2023-05-31 14:33:10.304115779 +0200 ++++ openssl-3.0.9-new/ssl/ssl_lib.c 2023-05-31 16:36:51.817278578 +0200 @@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx ctx->tls13_ciphersuites, &(ctx->cipher_list), @@ -275,7 +275,7 @@ diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_lib.c openssl-3.0.9-new/ssl/ss goto err2; diff -rupN --no-dereference openssl-3.0.9/test/cipherlist_test.c openssl-3.0.9-new/test/cipherlist_test.c --- openssl-3.0.9/test/cipherlist_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/cipherlist_test.c 2023-05-31 14:33:10.304115779 +0200 ++++ openssl-3.0.9-new/test/cipherlist_test.c 2023-05-31 16:36:51.817278578 +0200 @@ -246,7 +246,9 @@ end: int setup_tests(void) @@ -288,7 +288,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/cipherlist_test.c openssl-3.0.9-n return 1; diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num --- openssl-3.0.9/util/libcrypto.num 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 14:33:10.305115778 +0200 ++++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 16:36:51.818278575 +0200 @@ -5429,3 +5429,4 @@ OPENSSL_strcasecmp OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch index 1b0f19b..7ccbc70 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,7 +1,18 @@ +diff -rupN --no-dereference openssl-3.0.9/include/openssl/crypto.h.in openssl-3.0.9-new/include/openssl/crypto.h.in +--- openssl-3.0.9/include/openssl/crypto.h.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/openssl/crypto.h.in 2023-05-31 16:36:52.081277805 +0200 +@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack + # include + # include + # include ++# include + + # ifdef CHARSET_EBCDIC + # include diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-new/include/openssl/fips.h --- openssl-3.0.9/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/include/openssl/fips.h 2023-05-31 14:33:10.581115661 +0200 -@@ -0,0 +1,26 @@ ++++ openssl-3.0.9-new/include/openssl/fips.h 2023-05-31 16:36:52.081277805 +0200 +@@ -0,0 +1,25 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * @@ -15,7 +26,6 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-n +# define OPENSSL_FIPS_H +# pragma once + -+# include +# include + +# ifdef __cplusplus @@ -30,12 +40,11 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-n +#endif diff -rupN --no-dereference openssl-3.0.9/test/property_test.c openssl-3.0.9-new/test/property_test.c --- openssl-3.0.9/test/property_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/property_test.c 2023-05-31 14:33:10.581115661 +0200 -@@ -648,6 +648,19 @@ static int test_property_list_to_string( ++++ openssl-3.0.9-new/test/property_test.c 2023-05-31 16:36:52.082277802 +0200 +@@ -648,6 +648,18 @@ static int test_property_list_to_string( return ret; } -+#include +static int test_downstream_FIPS_mode(void) +{ + int ret = 0; @@ -51,7 +60,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/property_test.c openssl-3.0.9-new int setup_tests(void) { ADD_TEST(test_property_string); -@@ -661,6 +674,7 @@ int setup_tests(void) +@@ -661,6 +673,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch index 74abebe..ed997db 100644 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -1,21 +1,24 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/context.c openssl-3.0.9-new/crypto/context.c ---- openssl-3.0.9/crypto/context.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/context.c 2023-05-31 14:33:10.856115545 +0200 -@@ -17,11 +17,46 @@ - #include "crypto/ctype.h" - #include "crypto/rand.h" +diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c +--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 ++++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 +@@ -12,11 +12,54 @@ + #include "internal/bio.h" + #include "internal/provider.h" ++#ifndef FIPS_MODULE +# include +# include +# include +# include +# include ++#endif + struct ossl_lib_ctx_onfree_list_st { ossl_lib_ctx_onfree_fn *fn; struct ossl_lib_ctx_onfree_list_st *next; }; ++# ifndef FIPS_MODULE +# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + +static int kernel_fips_flag; @@ -39,16 +42,34 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/context.c openssl-3.0.9-new/cry + return; +} + -+int ossl_get_kernel_fips_flag() ++static int apply_kernel_fips_flag(OSSL_LIB_CTX *ctx) +{ -+ return kernel_fips_flag; ++ if (kernel_fips_flag) { ++ return EVP_default_properties_enable_fips(ctx, 1); ++ } ++ ++ return 1; +} ++# endif + + struct ossl_lib_ctx_st { CRYPTO_RWLOCK *lock; CRYPTO_EX_DATA data; -@@ -151,6 +186,7 @@ static CRYPTO_THREAD_LOCAL default_conte +@@ -74,6 +117,12 @@ static int context_init(OSSL_LIB_CTX *ct + if (!ossl_property_parse_init(ctx)) + goto err; + ++# ifndef FIPS_MODULE ++ /* Preset the fips=yes default property with kernel FIPS mode */ ++ if (!apply_kernel_fips_flag(ctx)) ++ goto err; ++# endif ++ + return 1; + err: + if (exdata_done) +@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte DEFINE_RUN_ONCE_STATIC(default_context_do_init) { @@ -56,16 +77,3 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/context.c openssl-3.0.9-new/cry return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) && context_init(&default_context_int); } -diff -rupN --no-dereference openssl-3.0.9/include/internal/provider.h openssl-3.0.9-new/include/internal/provider.h ---- openssl-3.0.9/include/internal/provider.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/internal/provider.h 2023-05-31 14:33:10.856115545 +0200 -@@ -113,6 +113,9 @@ int ossl_provider_init_as_child(OSSL_LIB - const OSSL_DISPATCH *in); - void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); - -+/* FIPS flag access */ -+int ossl_get_kernel_fips_flag(void); -+ - # ifdef __cplusplus - } - # endif diff --git a/0010-Add-changes-to-ectest-and-eccurve.patch b/0010-Add-changes-to-ectest-and-eccurve.patch deleted file mode 100644 index f97e3b8..0000000 --- a/0010-Add-changes-to-ectest-and-eccurve.patch +++ /dev/null @@ -1,1127 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_curve.c openssl-3.0.9-new/crypto/ec/ec_curve.c ---- openssl-3.0.9/crypto/ec/ec_curve.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_curve.c 2023-05-31 14:33:11.124115431 +0200 -@@ -32,38 +32,6 @@ typedef struct { - /* the nist prime curves */ - static const struct { - EC_CURVE_DATA h; -- unsigned char data[20 + 24 * 6]; --} _EC_NIST_PRIME_192 = { -- { -- NID_X9_62_prime_field, 20, 24, 1 -- }, -- { -- /* seed */ -- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28, -- 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, -- 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1, -- /* x */ -- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, -- 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12, -- /* y */ -- 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, -- 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, -- /* order */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; - unsigned char data[20 + 28 * 6]; - } _EC_NIST_PRIME_224 = { - { -@@ -200,187 +168,6 @@ static const struct { - } - }; - --# ifndef FIPS_MODULE --/* the x9.62 prime curves (minus the nist prime curves) */ --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 24 * 6]; --} _EC_X9_62_PRIME_192V2 = { -- { -- NID_X9_62_prime_field, 20, 24, 1 -- }, -- { -- /* seed */ -- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E, -- 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63, -- 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53, -- /* x */ -- 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69, -- 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A, -- /* y */ -- 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a, -- 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15, -- /* order */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, -- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 24 * 6]; --} _EC_X9_62_PRIME_192V3 = { -- { -- NID_X9_62_prime_field, 20, 24, 1 -- }, -- { -- /* seed */ -- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9, -- 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE, -- 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16, -- /* x */ -- 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16, -- 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96, -- /* y */ -- 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6, -- 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0, -- /* order */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 30 * 6]; --} _EC_X9_62_PRIME_239V1 = { -- { -- NID_X9_62_prime_field, 20, 30, 1 -- }, -- { -- /* seed */ -- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79, -- 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, -- /* p */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92, -- 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, -- 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A, -- /* x */ -- 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64, -- 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, -- 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF, -- /* y */ -- 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca, -- 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39, -- 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, -- /* order */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, -- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 30 * 6]; --} _EC_X9_62_PRIME_239V2 = { -- { -- NID_X9_62_prime_field, 20, 30, 1 -- }, -- { -- /* seed */ -- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99, -- 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, -- /* p */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99, -- 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, -- 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C, -- /* x */ -- 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB, -- 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, -- 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7, -- /* y */ -- 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc, -- 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60, -- 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, -- /* order */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, -- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 30 * 6]; --} _EC_X9_62_PRIME_239V3 = { -- { -- NID_X9_62_prime_field, 20, 30, 1 -- }, -- { -- /* seed */ -- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76, -- 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, -- /* p */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03, -- 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, -- 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E, -- /* x */ -- 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94, -- 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, -- 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A, -- /* y */ -- 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b, -- 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99, -- 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, -- /* order */ -- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, -- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 -- } --}; --#endif /* FIPS_MODULE */ -- - static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 32 * 6]; -@@ -423,294 +210,6 @@ static const struct { - /* the secg prime curves (minus the nist and x9.62 prime curves) */ - static const struct { - EC_CURVE_DATA h; -- unsigned char data[20 + 14 * 6]; --} _EC_SECG_PRIME_112R1 = { -- { -- NID_X9_62_prime_field, 20, 14, 1 -- }, -- { -- /* seed */ -- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, -- 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, -- /* p */ -- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, -- 0x20, 0x8B, -- /* a */ -- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, -- 0x20, 0x88, -- /* b */ -- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70, -- 0x2B, 0x22, -- /* x */ -- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2, -- 0xF0, 0x98, -- /* y */ -- 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7, -- 0x75, 0x00, -- /* order */ -- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, -- 0x61, 0xC5 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 14 * 6]; --} _EC_SECG_PRIME_112R2 = { -- { -- NID_X9_62_prime_field, 20, 14, 4 -- }, -- { -- /* seed */ -- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, -- 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, -- /* p */ -- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, -- 0x20, 0x8B, -- /* a */ -- 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E, -- 0xF0, 0x2C, -- /* b */ -- 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85, -- 0xD7, 0x09, -- /* x */ -- 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92, -- 0x86, 0x43, -- /* y */ -- 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95, -- 0x6e, 0x97, -- /* order */ -- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, -- 0xD0, 0x4B -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 16 * 6]; --} _EC_SECG_PRIME_128R1 = { -- { -- NID_X9_62_prime_field, 20, 16, 1 -- }, -- { -- /* seed */ -- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, -- 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C, -- 0x2C, 0xEE, 0x5E, 0xD3, -- /* x */ -- 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C, -- 0xA5, 0x2C, 0x5B, 0x86, -- /* y */ -- 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92, -- 0xdd, 0xed, 0x7a, 0x83, -- /* order */ -- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, -- 0x90, 0x38, 0xA1, 0x15 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 16 * 6]; --} _EC_SECG_PRIME_128R2 = { -- { -- NID_X9_62_prime_field, 20, 16, 4 -- }, -- { -- /* seed */ -- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8, -- 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B, -- 0xBF, 0xF9, 0xAE, 0xE1, -- /* b */ -- 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58, -- 0xBB, 0x6D, 0x8A, 0x5D, -- /* x */ -- 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7, -- 0xCD, 0xEB, 0xC1, 0x40, -- /* y */ -- 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80, -- 0x5f, 0xc3, 0x4b, 0x44, -- /* order */ -- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, -- 0x06, 0x13, 0xB5, 0xA3 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 21 * 6]; --} _EC_SECG_PRIME_160K1 = { -- { -- NID_X9_62_prime_field, 0, 21, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, -- /* a */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- /* b */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, -- /* x */ -- 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E, -- 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB, -- /* y */ -- 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82, -- 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee, -- /* order */ -- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, -- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 21 * 6]; --} _EC_SECG_PRIME_160R1 = { -- { -- NID_X9_62_prime_field, 20, 21, 1 -- }, -- { -- /* seed */ -- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, -- 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, -- /* p */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, -- /* a */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC, -- /* b */ -- 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8, -- 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45, -- /* x */ -- 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69, -- 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82, -- /* y */ -- 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9, -- 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32, -- /* order */ -- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, -- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[20 + 21 * 6]; --} _EC_SECG_PRIME_160R2 = { -- { -- NID_X9_62_prime_field, 20, 21, 1 -- }, -- { -- /* seed */ -- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6, -- 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, -- /* p */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, -- /* a */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70, -- /* b */ -- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27, -- 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA, -- /* x */ -- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1, -- 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D, -- /* y */ -- 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa, -- 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e, -- /* order */ -- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, -- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 24 * 6]; --} _EC_SECG_PRIME_192K1 = { -- { -- NID_X9_62_prime_field, 0, 24, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37, -- /* a */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- /* b */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, -- /* x */ -- 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02, -- 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D, -- /* y */ -- 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0, -- 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d, -- /* order */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, -- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 29 * 6]; --} _EC_SECG_PRIME_224K1 = { -- { -- NID_X9_62_prime_field, 0, 29, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFE, 0xFF, 0xFF, 0xE5, 0x6D, -- /* a */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, -- /* b */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x05, -- /* x */ -- 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28, -- 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, -- 0x0E, 0xB6, 0xB7, 0xA4, 0x5C, -- /* y */ -- 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb, -- 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b, -- 0xdb, 0x55, 0x6d, 0x61, 0xa5, -- /* order */ -- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, -- 0x71, 0x76, 0x9F, 0xB1, 0xF7 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; - } _EC_SECG_PRIME_256K1 = { - { -@@ -745,102 +244,6 @@ static const struct { - } - }; - --/* some wap/wtls curves */ --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 15 * 6]; --} _EC_WTLS_8 = { -- { -- NID_X9_62_prime_field, 0, 15, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFD, 0xE7, -- /* a */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, -- /* b */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x03, -- /* x */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x01, -- /* y */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x02, -- /* order */ -- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A, -- 0xD8, 0x37, 0xE9 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 21 * 6]; --} _EC_WTLS_9 = { -- { -- NID_X9_62_prime_field, 0, 21, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F, -- /* a */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- /* b */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, -- /* x */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, -- /* y */ -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, -- /* order */ -- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD, -- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 28 * 6]; --} _EC_WTLS_12 = { -- { -- NID_X9_62_prime_field, 0, 28, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x01, -- /* a */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0xFF, 0xFE, -- /* b */ -- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, -- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, -- 0x23, 0x55, 0xFF, 0xB4, -- /* x */ -- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, -- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, -- 0x11, 0x5C, 0x1D, 0x21, -- /* y */ -- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, -- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, -- 0x85, 0x00, 0x7e, 0x34, -- /* order */ -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, -- 0x5C, 0x5C, 0x2A, 0x3D -- } --}; - #endif /* FIPS_MODULE */ - - #ifndef OPENSSL_NO_EC2M -@@ -2238,198 +1641,6 @@ static const struct { - #ifndef FIPS_MODULE - static const struct { - EC_CURVE_DATA h; -- unsigned char data[0 + 20 * 6]; --} _EC_brainpoolP160r1 = { -- { -- NID_X9_62_prime_field, 0, 20, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, -- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, -- /* a */ -- 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA, -- 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00, -- /* b */ -- 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D, -- 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58, -- /* x */ -- 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46, -- 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3, -- /* y */ -- 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41, -- 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, -- /* order */ -- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, -- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 20 * 6]; --} _EC_brainpoolP160t1 = { -- { -- NID_X9_62_prime_field, 0, 20, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, -- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, -- /* a */ -- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, -- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C, -- /* b */ -- 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D, -- 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80, -- /* x */ -- 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA, -- 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78, -- /* y */ -- 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84, -- 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, -- /* order */ -- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, -- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 24 * 6]; --} _EC_brainpoolP192r1 = { -- { -- NID_X9_62_prime_field, 0, 24, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, -- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, -- /* a */ -- 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31, -- 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF, -- /* b */ -- 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04, -- 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9, -- /* x */ -- 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5, -- 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6, -- /* y */ -- 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28, -- 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F, -- /* order */ -- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, -- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 24 * 6]; --} _EC_brainpoolP192t1 = { -- { -- NID_X9_62_prime_field, 0, 24, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, -- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, -- /* a */ -- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, -- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94, -- /* b */ -- 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4, -- 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79, -- /* x */ -- 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7, -- 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29, -- /* y */ -- 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA, -- 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9, -- /* order */ -- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, -- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 28 * 6]; --} _EC_brainpoolP224r1 = { -- { -- NID_X9_62_prime_field, 0, 28, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, -- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, -- 0x7E, 0xC8, 0xC0, 0xFF, -- /* a */ -- 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6, -- 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, -- 0xCA, 0xD2, 0x9F, 0x43, -- /* b */ -- 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1, -- 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, -- 0x38, 0x6C, 0x40, 0x0B, -- /* x */ -- 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2, -- 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, -- 0xEE, 0x12, 0xC0, 0x7D, -- /* y */ -- 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E, -- 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, -- 0x76, 0x14, 0x02, 0xCD, -- /* order */ -- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, -- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, -- 0xA5, 0xA7, 0x93, 0x9F -- } --}; -- --static const struct { -- EC_CURVE_DATA h; -- unsigned char data[0 + 28 * 6]; --} _EC_brainpoolP224t1 = { -- { -- NID_X9_62_prime_field, 0, 28, 1 -- }, -- { -- /* no seed */ -- /* p */ -- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, -- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, -- 0x7E, 0xC8, 0xC0, 0xFF, -- /* a */ -- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, -- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, -- 0x7E, 0xC8, 0xC0, 0xFC, -- /* b */ -- 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6, -- 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, -- 0x8A, 0x60, 0x88, 0x8D, -- /* x */ -- 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F, -- 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, -- 0x29, 0xB4, 0xD5, 0x80, -- /* y */ -- 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D, -- 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, -- 0x1A, 0x46, 0xDB, 0x4C, -- /* order */ -- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, -- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, -- 0xA5, 0xA7, 0x93, 0x9F -- } --}; -- --static const struct { -- EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; - } _EC_brainpoolP256r1 = { - { -@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[ - "NIST/SECG curve over a 521 bit prime field"}, - - /* X9.62 curves */ -- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, -- "NIST/X9.62/SECG curve over a 192 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, - # if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[ - static const ec_list_element curve_list[] = { - /* prime field curves */ - /* secg curves */ -- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, -- "SECG/WTLS curve over a 112 bit prime field"}, -- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, -- "SECG curve over a 112 bit prime field"}, -- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, -- "SECG curve over a 128 bit prime field"}, -- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, -- "SECG curve over a 128 bit prime field"}, -- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, -- "SECG curve over a 160 bit prime field"}, -- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, -- "SECG curve over a 160 bit prime field"}, -- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, -- "SECG/WTLS curve over a 160 bit prime field"}, -- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ -- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, -- "SECG curve over a 192 bit prime field"}, -- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, -- "SECG curve over a 224 bit prime field"}, - # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, - "NIST/SECG curve over a 224 bit prime field"}, -@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[ - # endif - "NIST/SECG curve over a 521 bit prime field"}, - /* X9.62 curves */ -- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, -- "NIST/X9.62/SECG curve over a 192 bit prime field"}, -- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, -- "X9.62 curve over a 192 bit prime field"}, -- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, -- "X9.62 curve over a 192 bit prime field"}, -- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, -- "X9.62 curve over a 239 bit prime field"}, -- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, -- "X9.62 curve over a 239 bit prime field"}, -- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, -- "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, - # if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[ - {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, - "X9.62 curve over a 163 bit binary field"}, - # endif -- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, -- "SECG/WTLS curve over a 112 bit prime field"}, -- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, -- "SECG/WTLS curve over a 160 bit prime field"}, -- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, -- "WTLS curve over a 112 bit prime field"}, -- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, -- "WTLS curve over a 160 bit prime field"}, - # ifndef OPENSSL_NO_EC2M - {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - # endif -- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, -- "WTLS curve over a 224 bit prime field"}, - # ifndef OPENSSL_NO_EC2M - /* IPSec curves */ - {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, -@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[ - "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, - # endif - /* brainpool curves */ -- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, -- "RFC 5639 curve over a 160 bit prime field"}, -- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, -- "RFC 5639 curve over a 160 bit prime field"}, -- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, -- "RFC 5639 curve over a 192 bit prime field"}, -- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, -- "RFC 5639 curve over a 192 bit prime field"}, -- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, -- "RFC 5639 curve over a 224 bit prime field"}, -- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, -- "RFC 5639 curve over a 224 bit prime field"}, - {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, - "RFC 5639 curve over a 256 bit prime field"}, - {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, -diff -rupN --no-dereference openssl-3.0.9/test/ectest.c openssl-3.0.9-new/test/ectest.c ---- openssl-3.0.9/test/ectest.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/ectest.c 2023-05-31 14:33:11.125115431 +0200 -@@ -175,184 +175,26 @@ static int prime_field_tests(void) - || !TEST_ptr(p = BN_new()) - || !TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) -- || !TEST_true(BN_hex2bn(&p, "17")) -- || !TEST_true(BN_hex2bn(&a, "1")) -- || !TEST_true(BN_hex2bn(&b, "1")) -- || !TEST_ptr(group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) -- || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) -+ /* -+ * applications should use EC_GROUP_new_curve_GFp so -+ * that the library gets to choose the EC_METHOD -+ */ -+ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) - goto err; - -- TEST_info("Curve defined by Weierstrass equation"); -- TEST_note(" y^2 = x^3 + a*x + b (mod p)"); -- test_output_bignum("a", a); -- test_output_bignum("b", b); -- test_output_bignum("p", p); -- - buf[0] = 0; - if (!TEST_ptr(P = EC_POINT_new(group)) - || !TEST_ptr(Q = EC_POINT_new(group)) - || !TEST_ptr(R = EC_POINT_new(group)) -- || !TEST_true(EC_POINT_set_to_infinity(group, P)) -- || !TEST_true(EC_POINT_is_at_infinity(group, P)) -- || !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx)) -- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)) -- || !TEST_true(EC_POINT_is_at_infinity(group, P)) - || !TEST_ptr(x = BN_new()) - || !TEST_ptr(y = BN_new()) - || !TEST_ptr(z = BN_new()) -- || !TEST_ptr(yplusone = BN_new()) -- || !TEST_true(BN_hex2bn(&x, "D")) -- || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))) -- goto err; -- -- if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { -- if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) -- goto err; -- TEST_info("Point is not on curve"); -- test_output_bignum("x", x); -- test_output_bignum("y", y); -- goto err; -- } -- -- TEST_note("A cyclic subgroup:"); -- k = 100; -- do { -- if (!TEST_int_ne(k--, 0)) -- goto err; -- -- if (EC_POINT_is_at_infinity(group, P)) { -- TEST_note(" point at infinity"); -- } else { -- if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, -- ctx))) -- goto err; -- -- test_output_bignum("x", x); -- test_output_bignum("y", y); -- } -- -- if (!TEST_true(EC_POINT_copy(R, P)) -- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))) -- goto err; -- -- } while (!EC_POINT_is_at_infinity(group, P)); -- -- if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx)) -- || !TEST_true(EC_POINT_is_at_infinity(group, P))) -- goto err; -- -- len = -- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, -- sizeof(buf), ctx); -- if (!TEST_size_t_ne(len, 0) -- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) -- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) -- goto err; -- test_output_memory("Generator as octet string, compressed form:", -- buf, len); -- -- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, -- buf, sizeof(buf), ctx); -- if (!TEST_size_t_ne(len, 0) -- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) -- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) -- goto err; -- test_output_memory("Generator as octet string, uncompressed form:", -- buf, len); -- -- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, -- buf, sizeof(buf), ctx); -- if (!TEST_size_t_ne(len, 0) -- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) -- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) -- goto err; -- test_output_memory("Generator as octet string, hybrid form:", -- buf, len); -- -- if (!TEST_true(EC_POINT_invert(group, P, ctx)) -- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) -- -- /* -- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, -- * 2000) -- not a NIST curve, but commonly used -- */ -- -- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" -- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) -- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) -- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" -- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) -- || !TEST_true(BN_hex2bn(&b, "1C97BEFC" -- "54BD7A8B65ACF89F81D4D4ADC565FA45")) -- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) -- || !TEST_true(BN_hex2bn(&x, "4A96B568" -- "8EF573284664698968C38BB913CBFC82")) -- || !TEST_true(BN_hex2bn(&y, "23a62855" -- "3168947d59dcc912042351377ac5fb32")) -- || !TEST_true(BN_add(yplusone, y, BN_value_one())) -- /* -- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, -- * and therefore setting the coordinates should fail. -- */ -- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, -- ctx)) -- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) -- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) -- || !TEST_true(BN_hex2bn(&z, "0100000000" -- "000000000001F4C8F927AED3CA752257")) -- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) -- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) -- goto err; -- TEST_info("SEC2 curve secp160r1 -- Generator"); -- test_output_bignum("x", x); -- test_output_bignum("y", y); -- /* G_y value taken from the standard: */ -- if (!TEST_true(BN_hex2bn(&z, "23a62855" -- "3168947d59dcc912042351377ac5fb32")) -- || !TEST_BN_eq(y, z) -- || !TEST_int_eq(EC_GROUP_get_degree(group), 160) -- || !group_order_tests(group) -- -- /* Curve P-192 (FIPS PUB 186-2, App. 6) */ -- -- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" -- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) -- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) -- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" -- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) -- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" -- "0FA7E9AB72243049FEB8DEECC146B9B1")) -- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) -- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" -- "7CBF20EB43A18800F4FF0AFD82FF1012")) -- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) -- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) -- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" -- "FFFFFFFF99DEF836146BC9B1B4D22831")) -- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) -- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) -+ || !TEST_ptr(yplusone = BN_new())) - goto err; - -- TEST_info("NIST curve P-192 -- Generator"); -- test_output_bignum("x", x); -- test_output_bignum("y", y); -- /* G_y value taken from the standard: */ -- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" -- "631011ED6B24CDD573F977A11E794811")) -- || !TEST_BN_eq(y, z) -- || !TEST_true(BN_add(yplusone, y, BN_value_one())) -- /* -- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, -- * and therefore setting the coordinates should fail. -- */ -- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, -- ctx)) -- || !TEST_int_eq(EC_GROUP_get_degree(group), 192) -- || !group_order_tests(group) -- - /* Curve P-224 (FIPS PUB 186-2, App. 6) */ - -- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" -+ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFF000000000000000000000001")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" -@@ -3015,7 +2857,7 @@ int setup_tests(void) - return 0; - - ADD_TEST(parameter_test); -- ADD_TEST(cofactor_range_test); -+ /* ADD_TEST(cofactor_range_test); */ - ADD_ALL_TESTS(cardinality_test, crv_len); - ADD_TEST(prime_field_tests); - #ifndef OPENSSL_NO_EC2M diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index 49e6182..d7c9dba 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -1,16 +1,19 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/speed.c --- openssl-3.0.9/apps/speed.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/speed.c 2023-05-31 14:33:11.415115308 +0200 -@@ -366,7 +366,7 @@ static double ffdh_results[FFDH_NUM][1]; ++++ openssl-3.0.9-new/apps/speed.c 2023-05-31 16:36:52.317277114 +0200 +@@ -366,68 +366,23 @@ static double ffdh_results[FFDH_NUM][1]; #endif /* OPENSSL_NO_DH */ enum ec_curves_t { - R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, +-#ifndef OPENSSL_NO_EC2M +- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, +- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +-#endif +- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, +- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM + R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, - #ifndef OPENSSL_NO_EC2M - R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, - R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -@@ -376,8 +376,6 @@ enum ec_curves_t { ++ ECDSA_NUM }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { @@ -19,7 +22,26 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/sp {"ecdsap224", R_EC_P224}, {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, -@@ -404,8 +402,6 @@ static const OPT_PAIR ecdsa_choices[ECDS + {"ecdsap521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, +-#endif +- {"ecdsabrp256r1", R_EC_BRP256R1}, +- {"ecdsabrp256t1", R_EC_BRP256T1}, +- {"ecdsabrp384r1", R_EC_BRP384R1}, +- {"ecdsabrp384t1", R_EC_BRP384T1}, +- {"ecdsabrp512r1", R_EC_BRP512R1}, +- {"ecdsabrp512t1", R_EC_BRP512T1} + }; enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { @@ -28,7 +50,29 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/sp {"ecdhp224", R_EC_P224}, {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, -@@ -1422,8 +1418,6 @@ int speed_main(int argc, char **argv) + {"ecdhp521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, +-#endif +- {"ecdhbrp256r1", R_EC_BRP256R1}, +- {"ecdhbrp256t1", R_EC_BRP256T1}, +- {"ecdhbrp384r1", R_EC_BRP384R1}, +- {"ecdhbrp384t1", R_EC_BRP384T1}, +- {"ecdhbrp512r1", R_EC_BRP512R1}, +- {"ecdhbrp512t1", R_EC_BRP512T1}, + {"ecdhx25519", R_EC_X25519}, + {"ecdhx448", R_EC_X448} + }; +@@ -1422,31 +1377,10 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ @@ -37,10 +81,44 @@ diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/sp {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, +-#ifndef OPENSSL_NO_EC2M +- /* Binary Curves */ +- {"nistk163", NID_sect163k1, 163}, +- {"nistk233", NID_sect233k1, 233}, +- {"nistk283", NID_sect283k1, 283}, +- {"nistk409", NID_sect409k1, 409}, +- {"nistk571", NID_sect571k1, 571}, +- {"nistb163", NID_sect163r2, 163}, +- {"nistb233", NID_sect233r1, 233}, +- {"nistb283", NID_sect283r1, 283}, +- {"nistb409", NID_sect409r1, 409}, +- {"nistb571", NID_sect571r1, 571}, +-#endif +- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, +- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, +- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, +- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, +- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, +- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} +@@ -1474,8 +1408,8 @@ int speed_main(int argc, char **argv) + OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); + OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); + +- OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); +- OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); ++ OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1); ++ OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0); + + #ifndef OPENSSL_NO_SM2 + OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9-new/crypto/evp/ec_support.c --- openssl-3.0.9/crypto/evp/ec_support.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/evp/ec_support.c 2023-05-31 14:33:11.415115308 +0200 -@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { ++++ openssl-3.0.9-new/crypto/evp/ec_support.c 2023-05-31 16:36:52.317277114 +0200 +@@ -20,99 +20,12 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ /* secg curves */ @@ -65,8 +143,8 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9- - {"prime239v2", NID_X9_62_prime239v2 }, - {"prime239v3", NID_X9_62_prime239v3 }, {"prime256v1", NID_X9_62_prime256v1 }, - /* characteristic two field curves */ - /* NIST/SECG curves */ +- /* characteristic two field curves */ +- /* NIST/SECG curves */ - {"sect113r1", NID_sect113r1 }, - {"sect113r2", NID_sect113r2 }, - {"sect131r1", NID_sect131r1 }, @@ -120,20 +198,21 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9- - /* IPSec curves */ - {"Oakley-EC2N-3", NID_ipsec3 }, - {"Oakley-EC2N-4", NID_ipsec4 }, - /* brainpool curves */ +- /* brainpool curves */ - {"brainpoolP160r1", NID_brainpoolP160r1 }, - {"brainpoolP160t1", NID_brainpoolP160t1 }, - {"brainpoolP192r1", NID_brainpoolP192r1 }, - {"brainpoolP192t1", NID_brainpoolP192t1 }, - {"brainpoolP224r1", NID_brainpoolP224r1 }, - {"brainpoolP224t1", NID_brainpoolP224t1 }, - {"brainpoolP256r1", NID_brainpoolP256r1 }, - {"brainpoolP256t1", NID_brainpoolP256t1 }, - {"brainpoolP320r1", NID_brainpoolP320r1 }, -@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = - {"brainpoolP384t1", NID_brainpoolP384t1 }, - {"brainpoolP512r1", NID_brainpoolP512r1 }, - {"brainpoolP512t1", NID_brainpoolP512t1 }, +- {"brainpoolP256r1", NID_brainpoolP256r1 }, +- {"brainpoolP256t1", NID_brainpoolP256t1 }, +- {"brainpoolP320r1", NID_brainpoolP320r1 }, +- {"brainpoolP320t1", NID_brainpoolP320t1 }, +- {"brainpoolP384r1", NID_brainpoolP384r1 }, +- {"brainpoolP384t1", NID_brainpoolP384t1 }, +- {"brainpoolP512r1", NID_brainpoolP512r1 }, +- {"brainpoolP512t1", NID_brainpoolP512t1 }, - /* SM2 curve */ - {"SM2", NID_sm2 }, }; @@ -141,7 +220,7 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9- const char *OSSL_EC_curve_nid2name(int nid) diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/test/acvp_test.inc --- openssl-3.0.9/test/acvp_test.inc 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/acvp_test.inc 2023-05-31 14:33:11.416115307 +0200 ++++ openssl-3.0.9-new/test/acvp_test.inc 2023-05-31 16:36:52.318277111 +0200 @@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { @@ -160,7 +239,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/t ITM(ecdsa_sigver_msg1), diff -rupN --no-dereference openssl-3.0.9/test/ecdsatest.h openssl-3.0.9-new/test/ecdsatest.h --- openssl-3.0.9/test/ecdsatest.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/ecdsatest.h 2023-05-31 14:33:11.418115306 +0200 ++++ openssl-3.0.9-new/test/ecdsatest.h 2023-05-31 16:36:52.319277108 +0200 @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; @@ -185,10 +264,40 @@ diff -rupN --no-dereference openssl-3.0.9/test/ecdsatest.h openssl-3.0.9-new/tes /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" +diff -rupN --no-dereference openssl-3.0.9/test/evp_extra_test.c openssl-3.0.9-new/test/evp_extra_test.c +--- openssl-3.0.9/test/evp_extra_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/evp_extra_test.c 2023-05-31 16:36:52.320277105 +0200 +@@ -3396,13 +3396,12 @@ err: + + #ifndef OPENSSL_NO_EC + static int ecpub_nids[] = { +- NID_brainpoolP256r1, NID_X9_62_prime256v1, ++ NID_X9_62_prime256v1, + NID_secp384r1, NID_secp521r1, + # ifndef OPENSSL_NO_EC2M + NID_sect233k1, NID_sect233r1, NID_sect283r1, + NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, + # endif +- NID_brainpoolP384r1, NID_brainpoolP512r1 + }; + + static int test_ecpub(int idx) +diff -rupN --no-dereference openssl-3.0.9/test/recipes/06-test_algorithmid.t openssl-3.0.9-new/test/recipes/06-test_algorithmid.t +--- openssl-3.0.9/test/recipes/06-test_algorithmid.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/06-test_algorithmid.t 2023-05-31 16:36:52.321277102 +0200 +@@ -33,7 +33,7 @@ my %certs_info = + 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', + 'ee-cert-ec-named-named' => 'ca-cert-ec-named', + # 'server-ed448-cert' => 'root-ed448-cert' +- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', ++ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', + ) + ) + ); diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3.0.9-new/test/recipes/15-test_genec.t --- openssl-3.0.9/test/recipes/15-test_genec.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/15-test_genec.t 2023-05-31 14:33:11.420115305 +0200 -@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport ++++ openssl-3.0.9-new/test/recipes/15-test_genec.t 2023-05-31 16:36:52.321277102 +0200 +@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport if disabled("ec"); my @prime_curves = qw( @@ -223,10 +332,18 @@ diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3 - brainpoolP192t1 - brainpoolP224r1 - brainpoolP224t1 - brainpoolP256r1 - brainpoolP256t1 - brainpoolP320r1 -@@ -136,7 +110,6 @@ push(@other_curves, 'SM2') +- brainpoolP256r1 +- brainpoolP256t1 +- brainpoolP320r1 +- brainpoolP320t1 +- brainpoolP384r1 +- brainpoolP384t1 +- brainpoolP512r1 +- brainpoolP512t1 + ); + + my @binary_curves = qw( +@@ -136,7 +102,6 @@ push(@other_curves, 'SM2') if !disabled("sm2"); my @curve_aliases = qw( @@ -234,3 +351,4611 @@ diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3 P-224 P-256 P-384 +diff -rupN --no-dereference openssl-3.0.9/test/recipes/20-test_cli_fips.t openssl-3.0.9-new/test/recipes/20-test_cli_fips.t +--- openssl-3.0.9/test/recipes/20-test_cli_fips.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/20-test_cli_fips.t 2023-05-31 16:36:52.321277102 +0200 +@@ -26,7 +26,7 @@ use platform; + my $no_check = disabled("fips") || disabled('fips-securitychecks'); + plan skip_all => "Test only supported in a fips build with security checks" + if $no_check; +-plan tests => 11; ++plan tests => 10; + + my $fipsmodule = bldtop_file('providers', platform->dso('fips')); + my $fipsconf = srctop_file("test", "fips-and-base.cnf"); +@@ -170,60 +170,6 @@ sub tsignverify { + $testtext); + } + +-SKIP : { +- skip "FIPS EC tests because of no ec in this build", 1 +- if disabled("ec"); +- +- subtest EC => sub { +- my $testtext_prefix = 'EC'; +- my $a_fips_curve = 'prime256v1'; +- my $fips_key = $testtext_prefix.'.fips.priv.pem'; +- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; +- my $a_nonfips_curve = 'brainpoolP256r1'; +- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; +- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; +- my $testtext = ''; +- my $curvename = ''; +- +- plan tests => 5 + $tsignverify_count; +- +- $ENV{OPENSSL_CONF} = $defaultconf; +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm with the default provider'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $nonfips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); +- +- $ENV{OPENSSL_CONF} = $fipsconf; +- +- $curvename = $a_fips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a FIPS algorithm'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $fips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); +- +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm'. +- ' (should fail)'; +- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), +- $testtext); +- +- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, +- $nonfips_pub_key); +- }; +-} +- + SKIP: { + skip "FIPS RSA tests because of no rsa in this build", 1 + if disabled("rsa"); +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecc.txt 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2023-05-31 16:36:52.322277099 +0200 +@@ -1,3 +1,4 @@ ++ + # + # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + # +@@ -11,1949 +12,6 @@ + # PrivPubKeyPair Sign Verify VerifyRecover + # and continue until a blank line. Lines starting with a pound sign are ignored. + +-Title=c2pnb163v1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B +-4G8rKQXbrc0mvWsF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB +- +-PrivateKey=BOB_cf_c2pnb163v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ +-KuBh8tP8VSTHPCHF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=BOB_cf_c2pnb163v1_PUB +-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=ALICE_cf_c2pnb163v1_PUB +-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=BOB_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=ALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 +- +-PublicKey=MALICE_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN +-/piKdhDD3dDKXUih +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=MALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=MALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb163v2 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v2 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q +-4PzawHXQoYm/qgDd +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB +- +-PrivateKey=BOB_cf_c2pnb163v2 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy +-kBF3juAQuARgxuT6 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=BOB_cf_c2pnb163v2_PUB +-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=ALICE_cf_c2pnb163v2_PUB +-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=BOB_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=ALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 +- +-PublicKey=MALICE_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY +-n6HANPEoMoK+7Sv0 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=MALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=MALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb163v3 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v3 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK +-YnObLnq34LRuWznb +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB +- +-PrivateKey=BOB_cf_c2pnb163v3 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J +-DZnBLhxBwtqnfUpA +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=BOB_cf_c2pnb163v3_PUB +-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=ALICE_cf_c2pnb163v3_PUB +-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=BOB_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=ALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 +- +-PublicKey=MALICE_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK +-LwAuHF8g5Y0JjJnI +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=MALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=MALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb176v1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb176v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI +-iw3girDLhNzOu3IQ8Ac= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB +- +-PrivateKey=BOB_cf_c2pnb176v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX +-uMtp6pzy63rCEK53bgs= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=BOB_cf_c2pnb176v1_PUB +-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=ALICE_cf_c2pnb176v1_PUB +-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=BOB_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=ALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac +- +-PublicKey=MALICE_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL +-zXV3l5j8K3pow+GJBE4= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=MALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=MALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb208w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb208w1 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd +-XF2k +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y +-Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB +- +-PrivateKey=BOB_cf_c2pnb208w1 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP +-cJot +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 +-cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=BOB_cf_c2pnb208w1_PUB +-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=ALICE_cf_c2pnb208w1_PUB +-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=BOB_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=ALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b +- +-PublicKey=MALICE_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ +-oPkHxRWnu5e7qI2idMcqaKDeeniUaA== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=MALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=MALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb272w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb272w1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f +-StHU67fpP7YoF8U= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ +-DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB +- +-PrivateKey=BOB_cf_c2pnb272w1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn +-MOsOJ6xObBph3zQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 +-cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=BOB_cf_c2pnb272w1_PUB +-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=ALICE_cf_c2pnb272w1_PUB +-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=BOB_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=ALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 +- +-PublicKey=MALICE_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN +-oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=MALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=MALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb304w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb304w1 +------BEGIN PRIVATE KEY----- +-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ +-8jy/v5cFcO0X6dykHgnZ +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q +-iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB +- +-PrivateKey=BOB_cf_c2pnb304w1 +------BEGIN PRIVATE KEY----- +-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt +-X9BbqYM9GQfVNSLHntTg +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb +-kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=BOB_cf_c2pnb304w1_PUB +-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=ALICE_cf_c2pnb304w1_PUB +-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=BOB_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=ALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 +- +-PublicKey=MALICE_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP +-fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=MALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=MALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb368w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb368w1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi +-KfLLIa1c29BTmM//oWdKpqeuvwMIBto= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI +-euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd +-3makbwQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB +- +-PrivateKey=BOB_cf_c2pnb368w1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz +-Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v +-At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra +-gqfRaOs= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=BOB_cf_c2pnb368w1_PUB +-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=ALICE_cf_c2pnb368w1_PUB +-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=BOB_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=ALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 +- +-PublicKey=MALICE_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd +-ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj +-726e1BE= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=MALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=MALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x +-Jk4= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 +-7lRimqLWHPyvKgcP+PRCIUom +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB +- +-PrivateKey=BOB_cf_c2tnb191v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0 +-MTU= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ +-adqalcB6SIWOfoJReDLcpxAD +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=BOB_cf_c2tnb191v1_PUB +-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=ALICE_cf_c2tnb191v1_PUB +-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=BOB_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=ALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 +- +-PublicKey=MALICE_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj +-iNoFyzyANZl8IDB0fF1RmZD6 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=MALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=MALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v2 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP +-jbo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI +-UVvJT/Jv9m462J6Iz1XOohhP +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB +- +-PrivateKey=BOB_cf_c2tnb191v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7 +-wcs= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY +-JBIoz1RNNXTcgdpguLcrvcPJ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=BOB_cf_c2tnb191v2_PUB +-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=ALICE_cf_c2tnb191v2_PUB +-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=BOB_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=ALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce +- +-PublicKey=MALICE_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U +-2vqunpWef+/CaO2pFBcwwW+x +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=MALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=MALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v3 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b +-erU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX +-HWsGvDE2HC+6pL2BMl3MRCty +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB +- +-PrivateKey=BOB_cf_c2tnb191v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH +-iSQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe +-QFIb5QwXAdbg2tEOl7yj9qkk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=BOB_cf_c2tnb191v3_PUB +-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=ALICE_cf_c2tnb191v3_PUB +-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=BOB_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=ALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 +- +-PublicKey=MALICE_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk +-n5vQBTxUzkIkMjL33v6Lr3z7 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=MALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=MALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG +-rJMnJLIXiCI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 +-dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB +- +-PrivateKey=BOB_cf_c2tnb239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH +-sfpZeV3i5FM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc +-G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=BOB_cf_c2tnb239v1_PUB +-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=ALICE_cf_c2tnb239v1_PUB +-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=BOB_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=ALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 +- +-PublicKey=MALICE_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT +-Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=MALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=MALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v2 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6 +-GbEcp4PbJKU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 +-VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB +- +-PrivateKey=BOB_cf_c2tnb239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+ +-JLwCwn7lYx0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku +-N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=BOB_cf_c2tnb239v2_PUB +-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=ALICE_cf_c2tnb239v2_PUB +-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=BOB_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=ALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 +- +-PublicKey=MALICE_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3 +-JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=MALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=MALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v3 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv +-rDl2fV9ObC8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD +-H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB +- +-PrivateKey=BOB_cf_c2tnb239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef +-XG3HcQX+4i0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K +-BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=BOB_cf_c2tnb239v3_PUB +-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=ALICE_cf_c2tnb239v3_PUB +-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=BOB_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=ALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce +- +-PublicKey=MALICE_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d +-LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=MALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=MALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb359v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb359v1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP +-Bd5HaS33laTZkCdNLITw1UUrESUIOiU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY +-RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x +-fN3Y +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB +- +-PrivateKey=BOB_cf_c2tnb359v1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr +-esHVfU53i6ucCsnPTWSDWSb5CePtI9g= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5 +-ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b +-R8fe +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=BOB_cf_c2tnb359v1_PUB +-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=ALICE_cf_c2tnb359v1_PUB +-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=BOB_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=ALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 +- +-PublicKey=MALICE_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl +-++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53 +-OEQw +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=MALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=MALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb431r1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb431r1 +------BEGIN PRIVATE KEY----- +-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz +-Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ +-pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM +-7VQJLEsBpJ/WUonwMJXknjgfONP7GA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB +- +-PrivateKey=BOB_cf_c2tnb431r1 +------BEGIN PRIVATE KEY----- +-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/ +-VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc +-fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ +-8Cg6YpgbK314SK5STziqoZwzEISJ9w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=BOB_cf_c2tnb431r1_PUB +-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=ALICE_cf_c2tnb431r1_PUB +-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=BOB_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=ALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 +- +-PublicKey=MALICE_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a +-5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr +-F3Cls9x60wuFYNc9d6eIe4B+puz9IQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=MALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=MALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=prime192v2 curve tests +- +-PrivateKey=ALICE_cf_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX +-sMM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d +-g5IzsS/XMJzifjCJZgNsb7mi +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB +- +-PrivateKey=BOB_cf_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M +-xqI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u +-Y6OU1aHkkspZTC1uUVWjchy5 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v2 +-PeerKey=BOB_cf_prime192v2_PUB +-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v2 +-PeerKey=ALICE_cf_prime192v2_PUB +-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 +- +-Title=prime192v3 curve tests +- +-PrivateKey=ALICE_cf_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx +-Igw= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi +-MsDRFCB6/h8TcCUFuospu5l0 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB +- +-PrivateKey=BOB_cf_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu +-92g= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 +-vMWAgEeLhzar86BUlS7dZwS7 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v3 +-PeerKey=BOB_cf_prime192v3_PUB +-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v3 +-PeerKey=ALICE_cf_prime192v3_PUB +-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 +- +-Title=prime239v1 curve tests +- +-PrivateKey=ALICE_cf_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY +-SF/w+SUTNqY= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW +-RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB +- +-PrivateKey=BOB_cf_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB +-jZ9gplgXxzk= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT +-L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v1 +-PeerKey=BOB_cf_prime239v1_PUB +-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v1 +-PeerKey=ALICE_cf_prime239v1_PUB +-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 +- +-Title=prime239v2 curve tests +- +-PrivateKey=ALICE_cf_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h +-+tFevsg1pPE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd +-CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB +- +-PrivateKey=BOB_cf_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT +-KY0wlvJdo/w= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 +-dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v2 +-PeerKey=BOB_cf_prime239v2_PUB +-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v2 +-PeerKey=ALICE_cf_prime239v2_PUB +-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf +- +-Title=prime239v3 curve tests +- +-PrivateKey=ALICE_cf_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu +-Y9AfhA2G+mI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb +-GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB +- +-PrivateKey=BOB_cf_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I +-d9bmIVvG3dM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 +-LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v3 +-PeerKey=BOB_cf_prime239v3_PUB +-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v3 +-PeerKey=ALICE_cf_prime239v3_PUB +-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +- +-Title=secp112r1 curve tests +- +-PrivateKey=ALICE_cf_secp112r1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp112r1_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB +- +-PrivateKey=BOB_cf_secp112r1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp112r1_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r1 +-PeerKey=BOB_cf_secp112r1_PUB +-SharedSecret=4ddd1d504b444d4be67ba2e4610a +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r1 +-PeerKey=ALICE_cf_secp112r1_PUB +-SharedSecret=4ddd1d504b444d4be67ba2e4610a +- +-Title=secp112r2 curve tests +- +-PrivateKey=ALICE_cf_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB +- +-PrivateKey=BOB_cf_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=BOB_cf_secp112r2_PUB +-SharedSecret=a6d05c7ba5128a9685c705b5030b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=ALICE_cf_secp112r2_PUB +-SharedSecret=a6d05c7ba5128a9685c705b5030b +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=BOB_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04f3280e92c269d794aa779efcef +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=ALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04f3280e92c269d794aa779efcef +- +-PublicKey=MALICE_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=MALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=MALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=secp128r1 curve tests +- +-PrivateKey=ALICE_cf_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB +- +-PrivateKey=BOB_cf_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r1 +-PeerKey=BOB_cf_secp128r1_PUB +-SharedSecret=5020f1b759da1f737a61a29a268d7669 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r1 +-PeerKey=ALICE_cf_secp128r1_PUB +-SharedSecret=5020f1b759da1f737a61a29a268d7669 +- +-Title=secp128r2 curve tests +- +-PrivateKey=ALICE_cf_secp128r2 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB +- +-PrivateKey=BOB_cf_secp128r2 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=BOB_cf_secp128r2_PUB +-SharedSecret=8f4d8c75141e9b084328222440eb5dfa +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=ALICE_cf_secp128r2_PUB +-SharedSecret=8f4d8c75141e9b084328222440eb5dfa +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=BOB_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=baaa0c16e16eef291001475d638e4830 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=ALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=baaa0c16e16eef291001475d638e4830 +- +-PublicKey=MALICE_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=MALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=MALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=secp160k1 curve tests +- +-PrivateKey=ALICE_cf_secp160k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160k1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT +-EvqPyLS64w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB +- +-PrivateKey=BOB_cf_secp160k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160k1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ +-bxT/CqEkyw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160k1 +-PeerKey=BOB_cf_secp160k1_PUB +-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160k1 +-PeerKey=ALICE_cf_secp160k1_PUB +-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 +- +-Title=secp160r1 curve tests +- +-PrivateKey=ALICE_cf_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb +-OoNj/A+W9w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB +- +-PrivateKey=BOB_cf_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J +-Jwy17FaNNg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160r1 +-PeerKey=BOB_cf_secp160r1_PUB +-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160r1 +-PeerKey=ALICE_cf_secp160r1_PUB +-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 +- +-Title=secp160r2 curve tests +- +-PrivateKey=ALICE_cf_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj +-mSqCCA6gUw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB +- +-PrivateKey=BOB_cf_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH +-nN+SfWr6aQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160r2 +-PeerKey=BOB_cf_secp160r2_PUB +-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160r2 +-PeerKey=ALICE_cf_secp160r2_PUB +-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 +- +-Title=secp192k1 curve tests +- +-PrivateKey=ALICE_cf_secp192k1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp192k1_PUB +------BEGIN PUBLIC KEY----- +-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 +-6EAu7gVvYDTpnRkymKyH +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB +- +-PrivateKey=BOB_cf_secp192k1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp192k1_PUB +------BEGIN PUBLIC KEY----- +-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF +-OZ2oFMP0Kfcr7HbI7a5j +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp192k1 +-PeerKey=BOB_cf_secp192k1_PUB +-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp192k1 +-PeerKey=ALICE_cf_secp192k1_PUB +-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d +- +-Title=secp224k1 curve tests +- +-PrivateKey=ALICE_cf_secp224k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W +-w40Qyg== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp224k1_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 +-e3m7uC92ZQhduF9lJli4dXD5en/1wkE= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB +- +-PrivateKey=BOB_cf_secp224k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe +-q2xUfA== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp224k1_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K +-KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp224k1 +-PeerKey=BOB_cf_secp224k1_PUB +-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp224k1 +-PeerKey=ALICE_cf_secp224k1_PUB +-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +- + Title=secp256k1 curve tests + + PrivateKey=ALICE_cf_secp256k1 +@@ -1998,1604 +56,6 @@ Derive=BOB_cf_secp256k1 + PeerKey=ALICE_cf_secp256k1_PUB + SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +-Title=sect113r1 curve tests +- +-PrivateKey=ALICE_cf_sect113r1 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB +- +-PrivateKey=BOB_cf_sect113r1 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=BOB_cf_sect113r1_PUB +-SharedSecret=01ed16f1948dcb368a54004237842d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=ALICE_cf_sect113r1_PUB +-SharedSecret=01ed16f1948dcb368a54004237842d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=BOB_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e5f3e348c2a8a88d9590a639219 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=ALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e5f3e348c2a8a88d9590a639219 +- +-PublicKey=MALICE_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=MALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=MALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect113r2 curve tests +- +-PrivateKey=ALICE_cf_sect113r2 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB +- +-PrivateKey=BOB_cf_sect113r2 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=BOB_cf_sect113r2_PUB +-SharedSecret=0057a287ba1ea05cb4735e673647e1 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=ALICE_cf_sect113r2_PUB +-SharedSecret=0057a287ba1ea05cb4735e673647e1 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=BOB_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00fec2454e46732aca42b22b6d4f13 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=ALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00fec2454e46732aca42b22b6d4f13 +- +-PublicKey=MALICE_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=MALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=MALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect131r1 curve tests +- +-PrivateKey=ALICE_cf_sect131r1 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ +-Ag== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB +- +-PrivateKey=BOB_cf_sect131r1 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 +-5A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=BOB_cf_sect131r1_PUB +-SharedSecret=05346248f77f81fff50cc656e119976871 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=ALICE_cf_sect131r1_PUB +-SharedSecret=05346248f77f81fff50cc656e119976871 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=BOB_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01f151ae26efa507acc2597356baf7e8ab +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=ALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01f151ae26efa507acc2597356baf7e8ab +- +-PublicKey=MALICE_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK +-zw== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=MALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=MALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect131r2 curve tests +- +-PrivateKey=ALICE_cf_sect131r2 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d +-dw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB +- +-PrivateKey=BOB_cf_sect131r2 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z +-pA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=BOB_cf_sect131r2_PUB +-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=ALICE_cf_sect131r2_PUB +-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=BOB_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=ALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 +- +-PublicKey=MALICE_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY +-1w== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=MALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=MALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect163r1 curve tests +- +-PrivateKey=ALICE_cf_sect163r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ +-sbtEXluCzANF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB +- +-PrivateKey=BOB_cf_sect163r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r +-9FHWU5LC5pDM +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=BOB_cf_sect163r1_PUB +-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=ALICE_cf_sect163r1_PUB +-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=BOB_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=ALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 +- +-PublicKey=MALICE_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk +-cs0Bv7iJuVg1 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=MALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=MALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect193r1 curve tests +- +-PrivateKey=ALICE_cf_sect193r1 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY +-1TYShZZgBr0R6a5dUGCbiF0= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB +- +-PrivateKey=BOB_cf_sect193r1 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK +-f40zok8PJS6ratIcZwk/n20= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=BOB_cf_sect193r1_PUB +-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=ALICE_cf_sect193r1_PUB +-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=BOB_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=ALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 +- +-PublicKey=MALICE_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n +-zROUg6/STkLp1D+L51L9+wY= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=MALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=MALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect193r2 curve tests +- +-PrivateKey=ALICE_cf_sect193r2 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT +-kJ+Tit6e4RpgkB/dph4V+uI= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB +- +-PrivateKey=BOB_cf_sect193r2 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp +-xiDevOQ/xE9SpMX25W7YqkU= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=BOB_cf_sect193r2_PUB +-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=ALICE_cf_sect193r2_PUB +-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=BOB_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=ALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 +- +-PublicKey=MALICE_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO +-Y7+6QpEvOay9A4MJCUZfZmI= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=MALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=MALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect239k1 curve tests +- +-PrivateKey=ALICE_cf_sect239k1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5 +-5z6lf7o= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF +-lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB +- +-PrivateKey=BOB_cf_sect239k1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx +-Ly4Klfg= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc +-TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=BOB_cf_sect239k1_PUB +-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=ALICE_cf_sect239k1_PUB +-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=BOB_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=ALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 +- +-PublicKey=MALICE_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=MALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=MALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls10 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp +-SJiGyw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 +-/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0 +-dKPkQg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT +-IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls11 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k +-5jp+FiY= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H +-zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5 +-h/kzfNM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE +-ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls12 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP +-LI9a +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li +-bqn5udrckL6s3stwCTVFaZUfY2qS9QE= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q +-K3Ax +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx +-+xsOK9/QB7hzipq9cXx1K/dXu58EoSY= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls12 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b +- +-Title=wap-wsg-idm-ecid-wtls1 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-SharedSecret=0040ba2fadc1da97c973e5e59ade31 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-SharedSecret=0040ba2fadc1da97c973e5e59ade31 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008919696215a89e03d6c4c9265d6b +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008919696215a89e03d6c4c9265d6b +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls3 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI +-01f8oGBuXMQH +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 +-hlBUf5kmG4Yn +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls4 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-SharedSecret=0077378ddfdadff704a0b6646949e7 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-SharedSecret=0077378ddfdadff704a0b6646949e7 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008f3713fe1ff1fa5d5041899817d1 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008f3713fe1ff1fa5d5041899817d1 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls5 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk +-uFzn9fPvIDe6 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR +-jdoMGRgUuJmO +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK +-dhDD3dDKXUih +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls6 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +-SharedSecret=b4cae255268f11a1e46fecad04c2 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls6 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +-SharedSecret=b4cae255268f11a1e46fecad04c2 +- +-Title=wap-wsg-idm-ecid-wtls7 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT +-feGY4CNH0w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 +-QneRu3xwPA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls7 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a +- +-Title=wap-wsg-idm-ecid-wtls8 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls8 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 +- +-Title=wap-wsg-idm-ecid-wtls9 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw +-DB/RYdZuUg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov +-a3EVJ9yK1A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls9 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 +- +-# tests: 484 +- +-Title=zero x-coord regression tests +- +-PrivateKey=ALICE_zero_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhaPNk8jG5hSG6y8tUqUoOaNNsZ3APU +-pps= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2hWBe5g +-DLNj216pEvK7XjoKLg5gNg8S +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v1 +-PeerKey=BOB_zero_prime192v1_PUB +-SharedSecret=baaffd49a8399d2ad52cbbe24d47b67afb4b3cf436f1cd65 +- +-PrivateKey=ALICE_zero_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to +-41k= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Gj7Qqt +-2wx/jwFlKgvE4rnd50LspdMk +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v2 +-PeerKey=BOB_zero_prime192v2_PUB +-SharedSecret=b8f200a4b87064f2e8600685ca3e69b8e661a117aabc770b +- +-PrivateKey=ALICE_zero_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBh/maLQMSlea9BfLqGy5NPuK0YAH/cz +-GqI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZEzb63e2 +-3MKatRLR9Y1M5JEdI9jwMocI +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v3 +-PeerKey=BOB_zero_prime192v3_PUB +-SharedSecret=b5de857d355bc5b9e270a4c290ea9728d764d8b243ff5d8d +- +-PrivateKey=ALICE_zero_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5pYWzRYI+c6O7NXCt0H2kw8XRL3rhe +-4MrJT8j++CI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-Ox02uwNNLFuvDRn5ip8TxvW0W22R7UzJa9Av6/nh +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v1 +-PeerKey=BOB_zero_prime239v1_PUB +-SharedSecret=6b6206408bd05d42daa2cd224c401a1230b44e184f17b82f385f22dac215 +- +-PrivateKey=ALICE_zero_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5l8bB7Cpmr7vyx9FiOT2wEF3YOFbDG +-bmRr3Vi/xr4= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-IOg3VJGQ89d1GWg4Igxcj5xpDmJiP8tv+e4mxt5U +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v2 +-PeerKey=BOB_zero_prime239v2_PUB +-SharedSecret=772c2819c960c78f28f21f6542b7409294fad1f84567c44c4b7678dc0e42 +- +-PrivateKey=ALICE_zero_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5HF5FABzUOTYMZg9UdZTx/oRERm/fU +-M/+otKzpLjA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AsZ4u6r3qQI78EYBpiSgWjqNpoeShjr5piecMBWj +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v3 +-PeerKey=BOB_zero_prime239v3_PUB +-SharedSecret=56a71f5dd1611e8032c3e2d8224d86e5e8c2fc6480d74c0e282282decd43 +- +-PrivateKey=ALICE_zero_prime256v1 +------BEGIN PRIVATE KEY----- +-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDXhMb6aR4JR2+l2tmgYqP0r8S4jtym +-yH++awvF2nGhhg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime256v1_PUB +------BEGIN PUBLIC KEY----- +-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AABmSFx4Di+D1yQzvV2EoGu2VBwq8x2uhxcov4VqF0+T9A== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime256v1 +-PeerKey=BOB_zero_prime256v1_PUB +-SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c +- +-PrivateKey=ALICE_zero_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4hh3tRkG3tnA0496ffMw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEAAAAAAAAAAAAAAAAAAAS5eEOWDV/Wk7w4djyDQ== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp112r2 +-PeerKey=BOB_zero_secp112r2_PUB +-SharedSecret=958cc1cb425713678830a4d7d95e +- +-PrivateKey=ALICE_zero_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBCykSzic/h3T2K6SkSP1SGt +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEAAAAAAAAAAAAAAAAAAAAAABya8M5aeOpNG3z799IdHc= +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp128r1 +-PeerKey=BOB_zero_secp128r1_PUB +-SharedSecret=5235d452066f126cd7e99eea00fd3068 +- +-PrivateKey=ALICE_zero_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUACoRnbig69XLlh5VcRexpbbn5zwA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAG/w1po29wYlxlygXs +-MGfbiGg5ng== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp160r1 +-PeerKey=BOB_zero_secp160r1_PUB +-SharedSecret=9ccd0ab8d093b6acdb3fe14c3736a0dfe61a4666 +- +-PrivateKey=ALICE_zero_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAQFGxInSw1eAvd45E9TUdbXtJGnA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 +-ZZZl2JFxDg== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp160r2 +-PeerKey=BOB_zero_secp160r2_PUB +-SharedSecret=303e0a282ac86f463fe834cb51b0057be42ed5ab +- +-PrivateKey=ALICE_zero_secp384r1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi +-VVHJeYRSnNpFOiFLaOsGOmwoeZzj6jc= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp384r1_PUB +------BEGIN PUBLIC KEY----- +-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAPPme8E9RpepjC6P5+WDdWToUyb45/SvSFdO0sIqq+Gu/kn8sRuUqsG+3 +-QriFDlIe +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp384r1 +-PeerKey=BOB_zero_secp384r1_PUB +-SharedSecret=b1cfeaeef51dfd487d3a8b2849f1592e04d63f2d2c88b310a6290ebfe5399f5ffe954eabd0619231393e56c35b242986 +- +-PrivateKey=ALICE_zero_secp521r1 +------BEGIN PRIVATE KEY----- +-MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAbddDLMUWbAsY7l3vbNDmntXuAUcDYPg5 +-w/cgUwSCIvrV9MBeSG8AWqT16riHmHlsn+XI5PAJM6eij3JDahnu9Mo= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp521r1_PUB +------BEGIN PUBLIC KEY----- +-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0g7J/qa1d8ENJsobtEb0CymeZIsa +-1Qiq0GiJb+4/jmFLxjBU1Xcr8Bpl1BLgvKqOll0vXTMtfzn4RtRArgAfT4c= +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp521r1 +-PeerKey=BOB_zero_secp521r1_PUB +-SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 +- +-PrivateKey=ALICE_zero_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAoGng7WzYr4P9vtdc3BS/UiNWmc0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 +-ZZZl2JFxDg== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_wap-wsg-idm-ecid-wtls7 +-PeerKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=6582fc03bbb340fcf24a5fe8fcdf722655efa8b9 +- +-# tests: 14 +- +-Title=prime192v1 curve tests +- +-PrivateKey=ALICE_cf_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 +-TeI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK +-PZ78UrllIr69kgrYUKsRg4sd +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB +- +-PrivateKey=BOB_cf_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI +-CWM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp +-bAekMot69VorE8ibSzgJixXJ +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v1 +-PeerKey=BOB_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v1 +-PeerKey=ALICE_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +- +-# ECDH Bob with Alice peer : curves with less than 112 bits of strength cannot +-# be used for Key agreement in fips mode +-Availablein = fips +-Derive=BOB_cf_prime192v1 +-Securitycheck = 1 +-PeerKey=ALICE_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +-Result = DERIVE_SET_PEER_ERROR +- + Title=prime256v1 curve tests + + PrivateKey=ALICE_cf_prime256v1 +@@ -3759,743 +219,3 @@ SharedSecret=01dd4aa9037bb4ad298b420998d + Derive=BOB_cf_secp521r1 + PeerKey=ALICE_cf_secp521r1_PUB + SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 +- +-Title=sect163k1 curve tests +- +-PrivateKey=ALICE_cf_sect163k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV +-1UVeTRnyAlWU +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB +- +-PrivateKey=BOB_cf_sect163k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk +-nsdg7isQ8XBD +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=BOB_cf_sect163k1_PUB +-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=ALICE_cf_sect163k1_PUB +-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=BOB_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=ALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 +- +-PublicKey=MALICE_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=MALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=MALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect163r2 curve tests +- +-PrivateKey=ALICE_cf_sect163r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu +-YwVrmqhgqH/C +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB +- +-PrivateKey=BOB_cf_sect163r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 +-8vT5zU3aq6HV +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=BOB_cf_sect163r2_PUB +-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=ALICE_cf_sect163r2_PUB +-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=BOB_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=ALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f +- +-PublicKey=MALICE_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD +-ZtqJwDlp802l +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=MALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=MALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect233k1 curve tests +- +-PrivateKey=ALICE_cf_sect233k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y +-Gua8Kw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf +-MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB +- +-PrivateKey=BOB_cf_sect233k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA +-DFMTUA== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 +-ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=BOB_cf_sect233k1_PUB +-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=ALICE_cf_sect233k1_PUB +-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=BOB_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=ALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d +- +-PublicKey=MALICE_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=MALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=MALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect233r1 curve tests +- +-PrivateKey=ALICE_cf_sect233r1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm +-HP3Pt8Y= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD +-NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB +- +-PrivateKey=BOB_cf_sect233r1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 +-mQVC2pw= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl +-TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=BOB_cf_sect233r1_PUB +-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=ALICE_cf_sect233r1_PUB +-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=BOB_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=ALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 +- +-PublicKey=MALICE_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=MALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=MALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect283k1 curve tests +- +-PrivateKey=ALICE_cf_sect283k1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 +-5EFCgxyvkaLManw= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd +-5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB +- +-PrivateKey=BOB_cf_sect283k1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD +-1J6957vBTPSQdH0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM +-QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=BOB_cf_sect283k1_PUB +-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=ALICE_cf_sect283k1_PUB +-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=BOB_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=ALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 +- +-PublicKey=MALICE_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=MALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=MALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect283r1 curve tests +- +-PrivateKey=ALICE_cf_sect283r1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf +-4Pi0hpGr4ubZcHE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ +-kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB +- +-PrivateKey=BOB_cf_sect283r1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q +-UdFnP6YIykt7+Pg= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO +-PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=BOB_cf_sect283r1_PUB +-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=ALICE_cf_sect283r1_PUB +-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=BOB_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=ALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 +- +-PublicKey=MALICE_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=MALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=MALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect409k1 curve tests +- +-PrivateKey=ALICE_cf_sect409k1 +------BEGIN PRIVATE KEY----- +-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb +-bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW +-5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e +-aAzayZ1+UCEj8skbC9U= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB +- +-PrivateKey=BOB_cf_sect409k1 +------BEGIN PRIVATE KEY----- +-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 +-6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY +-Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 +-vuu4aApQiWE3yQd9v/I= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=BOB_cf_sect409k1_PUB +-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=ALICE_cf_sect409k1_PUB +-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=BOB_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=ALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee +- +-PublicKey=MALICE_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAA= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=MALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=MALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect409r1 curve tests +- +-PrivateKey=ALICE_cf_sect409r1 +------BEGIN PRIVATE KEY----- +-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON +-+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui +-iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q +-fGZqa3D+bDVMwrhmZto= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB +- +-PrivateKey=BOB_cf_sect409r1 +------BEGIN PRIVATE KEY----- +-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU +-7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf +-sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ +-+sUmumbIuGzbrjtMRmw= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=BOB_cf_sect409r1_PUB +-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=ALICE_cf_sect409r1_PUB +-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=BOB_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=ALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad +- +-PublicKey=MALICE_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My +-bFKKSOJ7hyrM8Lwl1e8= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=MALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=MALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect571k1 curve tests +- +-PrivateKey=ALICE_cf_sect571k1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB +-zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX +-dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa +-sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB +- +-PrivateKey=BOB_cf_sect571k1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ +-p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r +-rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 +-3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=BOB_cf_sect571k1_PUB +-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=ALICE_cf_sect571k1_PUB +-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=BOB_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=ALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 +- +-PublicKey=MALICE_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=MALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=MALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect571r1 curve tests +- +-PrivateKey=ALICE_cf_sect571r1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk +-+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS +-fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R +-Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB +- +-PrivateKey=BOB_cf_sect571r1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA +-G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh +-kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT +-c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=BOB_cf_sect571r1_PUB +-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=ALICE_cf_sect571r1_PUB +-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=BOB_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=ALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 +- +-PublicKey=MALICE_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC +-aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=MALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=MALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2023-05-31 16:36:52.323277096 +0200 +@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP + x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== + -----END PUBLIC KEY----- + +-PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe +-53YiHHK4SzR844PzgGe4nD6a +------END PUBLIC KEY----- +- + PrivateKey = RSA-2048 + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV +@@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH + + PrivPubKeyPair = RSA-2048:P-256-PUBLIC + Result = KEYPAIR_TYPE_MISMATCH +- +-PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC +-Result = KEYPAIR_TYPE_MISMATCH +- +-PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC +-Result = KEYPAIR_TYPE_MISMATCH +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t +--- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 16:36:52.323277096 +0200 +@@ -116,7 +116,6 @@ my @defltfiles = qw( + evppkey_kdf_tls1_prf.txt + evppkey_rsa.txt + ); +-push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + + plan tests => +diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_protect.t openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.9/test/recipes/65-test_cmp_protect.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t 2023-05-31 16:36:52.323277096 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("server.pem"), +diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_vfy.t openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.9/test/recipes/65-test_cmp_vfy.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t 2023-05-31 16:36:52.323277096 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), +diff -rupN --no-dereference openssl-3.0.9/test/ssl-tests/20-cert-select.cnf openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.9/test/ssl-tests/20-cert-select.cnf 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf 2023-05-31 16:36:52.324277093 +0200 +@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server + client = 22-ECDSA with brainpool-client + + [22-ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [22-ECDSA with brainpool-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + MaxProtocol = TLSv1.2 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -791,9 +789,6 @@ VerifyMode = Peer + + [test-22] + ExpectedResult = Success +-ExpectedServerCANames = empty +-ExpectedServerCertType = brainpoolP256r1 +-ExpectedServerSignType = EC + + + # =========================================================== +@@ -1715,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool + client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + + [test-52] +-ExpectedResult = ClientFail ++ExpectedResult = Success + + + # =========================================================== +@@ -1741,9 +1734,9 @@ server = 53-TLS 1.3 ECDSA with brainpool + client = 53-TLS 1.3 ECDSA with brainpool-client + + [53-TLS 1.3 ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [53-TLS 1.3 ECDSA with brainpool-client] + CipherString = DEFAULT +@@ -1754,7 +1747,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro + VerifyMode = Peer + + [test-53] +-ExpectedResult = ServerFail ++ExpectedResult = Success + + + # =========================================================== +diff -rupN --no-dereference openssl-3.0.9/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.9/test/ssl-tests/20-cert-select.cnf.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/ssl-tests/20-cert-select.cnf.in 2023-05-31 16:36:52.324277093 +0200 +@@ -428,21 +428,21 @@ my @tests_non_fips = ( + { + name => "ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { +- "ExpectedServerCertType" =>, "brainpoolP256r1", +- "ExpectedServerSignType" =>, "EC", ++ #"ExpectedServerCertType" =>, "brainpoolP256r1", ++ #"ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 +- "ExpectedServerCANames" =>, "empty", ++ #"ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +@@ -896,27 +896,27 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool but no suitable groups", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { + #We only configured brainpoolP256r1 on the client side, but TLSv1.3 + #is enabled and this group is not allowed in TLSv1.3. Therefore this + #should fail +- "ExpectedResult" => "ClientFail" ++ "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), +@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( + "MaxProtocol" => "TLSv1.3" + }, + test => { +- "ExpectedResult" => "ServerFail" ++ "ExpectedResult" => "Success" + }, + }, + ); diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index 4dfab1d..e0e81c9 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_asn1.c openssl-3.0.9-new/crypto/ec/ec_asn1.c --- openssl-3.0.9/crypto/ec/ec_asn1.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_asn1.c 2023-05-31 14:33:11.688115192 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_asn1.c 2023-05-31 16:36:52.583276335 +0200 @@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) group->decoded_from_explicit_params = 1; @@ -28,7 +28,7 @@ diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_asn1.c openssl-3.0.9-new/ if (priv_key->privateKey) { diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new/test/endecode_test.c --- openssl-3.0.9/test/endecode_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/endecode_test.c 2023-05-31 14:33:11.689115191 +0200 ++++ openssl-3.0.9-new/test/endecode_test.c 2023-05-31 16:36:52.583276335 +0200 @@ -58,7 +58,7 @@ static BN_CTX *bnctx = NULL; static OSSL_PARAM_BLD *bld_prime_nc = NULL; static OSSL_PARAM_BLD *bld_prime = NULL; @@ -100,7 +100,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new FREE_DOMAIN_KEYS(ECExplicitTri2G); diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt --- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 14:33:11.689115191 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 16:36:52.583276335 +0200 @@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl -----END PRIVATE KEY----- diff --git a/0013-skipped-tests-EC-curves.patch b/0013-skipped-tests-EC-curves.patch deleted file mode 100644 index fc89d79..0000000 --- a/0013-skipped-tests-EC-curves.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_ec.t openssl-3.0.9-new/test/recipes/15-test_ec.t ---- openssl-3.0.9/test/recipes/15-test_ec.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/15-test_ec.t 2023-05-31 14:33:11.961115076 +0200 -@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key - - subtest 'Check loading of fips and non-fips keys' => sub { - plan skip_all => "FIPS is disabled" -- if $no_fips; -+ if 1; #Red Hat specific, original value is $no_fips; - - plan tests => 2; - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_protect.t openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t ---- openssl-3.0.9/test/recipes/65-test_cmp_protect.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t 2023-05-31 14:33:11.962115075 +0200 -@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo - plan skip_all => "This test is not supported in a shared library build on Windows" - if $^O eq 'MSWin32' && !disabled("shared"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_protect_test", - data_file("server.pem"), -diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_vfy.t openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t ---- openssl-3.0.9/test/recipes/65-test_cmp_vfy.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t 2023-05-31 14:33:11.962115075 +0200 -@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo - plan skip_all => "This test is not supported in a no-ec build" - if disabled("ec"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_vfy_test", - data_file("server.crt"), data_file("client.crt"), diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index ce74a19..7258682 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf ---- openssl-3.0.9/apps/openssl.cnf 2023-05-31 14:33:09.764116007 +0200 -+++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 14:33:12.226114963 +0200 +--- openssl-3.0.9/apps/openssl.cnf 2023-05-31 16:36:51.330280004 +0200 ++++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 16:36:52.828275617 +0200 @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -19,6 +19,11 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app ssl_conf = ssl_module -# List of providers to load +-[provider_sect] +-default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 @@ -27,13 +32,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. -+ - [provider_sect] - default = default_sect --# The fips section name should match the section name inside the --# included fipsmodule.cnf. --# fips = fips_sect -- + -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# @@ -42,12 +41,15 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. +-[default_sect] +-# activate = 1 ++[provider_sect] ++##default = default_sect +##legacy = legacy_sect +## - [default_sect] --# activate = 1 -+activate = 1 -+ ++##[default_sect] ++##activate = 1 ++## +##[legacy_sect] +##activate = 1 @@ -55,7 +57,7 @@ diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/app diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod --- openssl-3.0.9/doc/man5/config.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:12.227114962 +0200 ++++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 16:36:52.828275617 +0200 @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch deleted file mode 100644 index e09dbd5..0000000 --- a/0031-tmp-Fix-test-names.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/test/recipes/90-test_sslapi.t openssl-3.0.9-new/test/recipes/90-test_sslapi.t ---- openssl-3.0.9/test/recipes/90-test_sslapi.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/90-test_sslapi.t 2023-05-31 14:33:12.480114854 +0200 -@@ -48,7 +48,7 @@ unless ($no_fips) { - "recipes", - "90-test_sslapi_data", - "dhparams.pem")])), -- "running sslapitest"); -+ "running sslapitest - FIPS"); - } - - unlink $tmpfilename; -diff -rupN --no-dereference openssl-3.0.9/test/sslapitest.c openssl-3.0.9-new/test/sslapitest.c ---- openssl-3.0.9/test/sslapitest.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/sslapitest.c 2023-05-31 14:33:12.482114853 +0200 -@@ -1172,6 +1172,11 @@ static int execute_test_ktls(int cis_ktl - goto end; - } - -+ if (is_fips && strstr(cipher, "CHACHA") != NULL) { -+ testresult = TEST_skip("CHACHA is not supported in FIPS"); -+ goto end; -+ } -+ - /* Create a session based on SHA-256 */ - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), -@@ -1306,6 +1311,11 @@ static int execute_test_ktls_sendfile(in - goto end; - } - -+ if (is_fips && strstr(cipher, "CHACHA") != NULL) { -+ testresult = TEST_skip("CHACHA is not supported in FIPS"); -+ goto end; -+ } -+ - if (is_fips && strstr(cipher, "CHACHA") != NULL) { - testresult = TEST_skip("CHACHA is not supported in FIPS"); - goto end; diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch deleted file mode 100644 index 266235e..0000000 --- a/0032-Force-fips.patch +++ /dev/null @@ -1,167 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/provider_conf.c openssl-3.0.9-new/crypto/provider_conf.c ---- openssl-3.0.9/crypto/provider_conf.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/provider_conf.c 2023-05-31 14:33:12.736114745 +0200 -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -136,58 +137,18 @@ static int prov_already_activated(const - return 0; - } - --static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, -- const char *value, const CONF *cnf) -+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, -+ const char *value, const char *path, -+ int soft, const CONF *cnf) - { -- int i; -- STACK_OF(CONF_VALUE) *ecmds; -- int soft = 0; -- OSSL_PROVIDER *prov = NULL, *actual = NULL; -- const char *path = NULL; -- long activate = 0; - int ok = 0; -- -- name = skip_dot(name); -- OSSL_TRACE1(CONF, "Configuring provider %s\n", name); -- /* Value is a section containing PROVIDER commands */ -- ecmds = NCONF_get_section(cnf, value); -- -- if (!ecmds) { -- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, -- "section=%s not found", value); -- return 0; -- } -- -- /* Find the needed data first */ -- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { -- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); -- const char *confname = skip_dot(ecmd->name); -- const char *confvalue = ecmd->value; -- -- OSSL_TRACE2(CONF, "Provider command: %s = %s\n", -- confname, confvalue); -- -- /* First handle some special pseudo confs */ -- -- /* Override provider name to use */ -- if (strcmp(confname, "identity") == 0) -- name = confvalue; -- else if (strcmp(confname, "soft_load") == 0) -- soft = 1; -- /* Load a dynamic PROVIDER */ -- else if (strcmp(confname, "module") == 0) -- path = confvalue; -- else if (strcmp(confname, "activate") == 0) -- activate = 1; -- } -- -- if (activate) { -- PROVIDER_CONF_GLOBAL *pcgbl -- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -- &provider_conf_ossl_ctx_method); -+ OSSL_PROVIDER *prov = NULL, *actual = NULL; -+ PROVIDER_CONF_GLOBAL *pcgbl -+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -+ &provider_conf_ossl_ctx_method); - - if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { -- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); -+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; - } - if (!prov_already_activated(name, pcgbl->activated_providers)) { -@@ -216,7 +177,7 @@ static int provider_conf_load(OSSL_LIB_C - if (path != NULL) - ossl_provider_set_module_path(prov, path); - -- ok = provider_conf_params(prov, NULL, NULL, value, cnf); -+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; - - if (ok) { - if (!ossl_provider_activate(prov, 1, 0)) { -@@ -244,8 +205,59 @@ static int provider_conf_load(OSSL_LIB_C - } - if (!ok) - ossl_provider_free(prov); -+ } else { /* No reason to activate the provider twice, returning OK */ -+ ok = 1; - } - CRYPTO_THREAD_unlock(pcgbl->lock); -+ return ok; -+} -+ -+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, -+ const char *value, const CONF *cnf) -+{ -+ int i; -+ STACK_OF(CONF_VALUE) *ecmds; -+ int soft = 0; -+ const char *path = NULL; -+ long activate = 0; -+ int ok = 0; -+ -+ name = skip_dot(name); -+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name); -+ /* Value is a section containing PROVIDER commands */ -+ ecmds = NCONF_get_section(cnf, value); -+ -+ if (!ecmds) { -+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, -+ "section=%s not found", value); -+ return 0; -+ } -+ -+ /* Find the needed data first */ -+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { -+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); -+ const char *confname = skip_dot(ecmd->name); -+ const char *confvalue = ecmd->value; -+ -+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n", -+ confname, confvalue); -+ -+ /* First handle some special pseudo confs */ -+ -+ /* Override provider name to use */ -+ if (strcmp(confname, "identity") == 0) -+ name = confvalue; -+ else if (strcmp(confname, "soft_load") == 0) -+ soft = 1; -+ /* Load a dynamic PROVIDER */ -+ else if (strcmp(confname, "module") == 0) -+ path = confvalue; -+ else if (strcmp(confname, "activate") == 0) -+ activate = 1; -+ } -+ -+ if (activate) { -+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf); - } else { - OSSL_PROVIDER_INFO entry; - -@@ -306,6 +318,19 @@ static int provider_conf_init(CONF_IMODU - return 0; - } - -+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ -+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); -+ PROVIDER_CONF_GLOBAL *pcgbl -+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -+ &provider_conf_ossl_ctx_method); -+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) -+ return 0; -+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) -+ return 0; -+ if (EVP_default_properties_enable_fips(libctx, 1) != 1) -+ return 0; -+ } -+ - return 1; - } - diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch deleted file mode 100644 index d5debe2..0000000 --- a/0033-FIPS-embed-hmac.patch +++ /dev/null @@ -1,205 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test.c openssl-3.0.9-new/providers/fips/self_test.c ---- openssl-3.0.9/providers/fips/self_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test.c 2023-05-31 14:33:13.003114631 +0200 -@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) - } - #endif - -+#define HMAC_LEN 32 -+/* -+ * The __attribute__ ensures we've created the .rodata1 section -+ * static ensures it's zero filled -+*/ -+static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; -+ - /* - * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify - * the result matches the expected value. - * Return 1 if verified, or 0 if it fails. - */ -+#ifndef __USE_GNU -+#define __USE_GNU -+#include -+#undef __USE_GNU -+#else -+#include -+#endif -+#include -+ - static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, - unsigned char *expected, size_t expected_len, - OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI - EVP_MAC *mac = NULL; - EVP_MAC_CTX *ctx = NULL; - OSSL_PARAM params[2], *p = params; -+ Dl_info info; -+ void *extra_info = NULL; -+ struct link_map *lm = NULL; -+ unsigned long paddr; -+ unsigned long off = 0; - - OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); - -+ if (!dladdr1 ((const void *)fips_hmac_container, -+ &info, &extra_info, RTLD_DL_LINKMAP)) -+ goto err; -+ lm = extra_info; -+ paddr = (unsigned long)fips_hmac_container - lm->l_addr; -+ - mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); - if (mac == NULL) - goto err; -@@ -205,13 +232,42 @@ static int verify_integrity(OSSL_CORE_BI - if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) - goto err; - -- while (1) { -- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); -+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); - if (status != 1) - break; - if (!EVP_MAC_update(ctx, buf, bytes_read)) - goto err; -+ off += bytes_read; - } -+ -+ if (off + INTEGRITY_BUF_SIZE > paddr) { -+ int delta = paddr - off; -+ status = read_ex_cb(bio, buf, delta, &bytes_read); -+ if (status != 1) -+ goto err; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ -+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); -+ memset(buf, 0, HMAC_LEN); -+ if (status != 1) -+ goto err; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ -+ while (bytes_read > 0) { -+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ off += bytes_read; -+ } -+ - if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) - goto err; - -@@ -285,8 +341,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - CRYPTO_THREAD_unlock(fips_state_lock); - } - -- if (st == NULL -- || st->module_checksum_data == NULL) { -+ if (st == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); - goto end; - } -@@ -295,8 +350,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - if (ev == NULL) - goto end; - -- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, -- &checksum_len); -+ module_checksum = fips_hmac_container; -+ checksum_len = sizeof(fips_hmac_container); -+ - if (module_checksum == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); - goto end; -@@ -358,7 +414,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - ok = 1; - end: - OSSL_SELF_TEST_free(ev); -- OPENSSL_free(module_checksum); - OPENSSL_free(indicator_checksum); - - if (st != NULL) { -diff -rupN --no-dereference openssl-3.0.9/test/fipsmodule.cnf openssl-3.0.9-new/test/fipsmodule.cnf ---- openssl-3.0.9/test/fipsmodule.cnf 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/test/fipsmodule.cnf 2023-05-31 14:33:13.005114630 +0200 -@@ -0,0 +1,2 @@ -+[fips_sect] -+activate = 1 -diff -rupN --no-dereference openssl-3.0.9/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.9-new/test/recipes/00-prep_fipsmodule_cnf.t ---- openssl-3.0.9/test/recipes/00-prep_fipsmodule_cnf.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/00-prep_fipsmodule_cnf.t 2023-05-31 14:33:13.003114631 +0200 -@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - use platform; - --my $no_check = disabled("fips"); -+my $no_check = 1; - plan skip_all => "FIPS module config file only supported in a fips build" - if $no_check; - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.9-new/test/recipes/01-test_fipsmodule_cnf.t ---- openssl-3.0.9/test/recipes/01-test_fipsmodule_cnf.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/01-test_fipsmodule_cnf.t 2023-05-31 14:33:13.003114631 +0200 -@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - use platform; - --my $no_check = disabled("fips"); -+my $no_check = 1; - plan skip_all => "Test only supported in a fips build" - if $no_check; - plan tests => 1; -diff -rupN --no-dereference openssl-3.0.9/test/recipes/03-test_fipsinstall.t openssl-3.0.9-new/test/recipes/03-test_fipsinstall.t ---- openssl-3.0.9/test/recipes/03-test_fipsinstall.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/03-test_fipsinstall.t 2023-05-31 14:33:13.004114631 +0200 -@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - use platform; - --plan skip_all => "Test only supported in a fips build" if disabled("fips"); -+plan skip_all => "Test only supported in a fips build" if 1; - - plan tests => 29; - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_defltfips.t openssl-3.0.9-new/test/recipes/30-test_defltfips.t ---- openssl-3.0.9/test/recipes/30-test_defltfips.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_defltfips.t 2023-05-31 14:33:13.004114631 +0200 -@@ -21,7 +21,7 @@ BEGIN { - use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); - - plan tests => - ($no_fips ? 1 : 5); -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_new.t openssl-3.0.9-new/test/recipes/80-test_ssl_new.t ---- openssl-3.0.9/test/recipes/80-test_ssl_new.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_ssl_new.t 2023-05-31 14:33:13.004114631 +0200 -@@ -27,7 +27,7 @@ setup("test_ssl_new"); - use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); - - $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/90-test_sslapi.t openssl-3.0.9-new/test/recipes/90-test_sslapi.t ---- openssl-3.0.9/test/recipes/90-test_sslapi.t 2023-05-31 14:33:12.729114748 +0200 -+++ openssl-3.0.9-new/test/recipes/90-test_sslapi.t 2023-05-31 14:33:13.004114631 +0200 -@@ -18,7 +18,7 @@ setup("test_sslapi"); - use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); - - plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch deleted file mode 100644 index cb6a36c..0000000 --- a/0034.fipsinstall_disable.patch +++ /dev/null @@ -1,406 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/fipsinstall.c openssl-3.0.9-new/apps/fipsinstall.c ---- openssl-3.0.9/apps/fipsinstall.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/fipsinstall.c 2023-05-31 14:33:13.267114518 +0200 -@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar - EVP_MAC *mac = NULL; - CONF *conf = NULL; - -+ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); -+ return 1; -+ - if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - -diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-fipsinstall.pod.in openssl-3.0.9-new/doc/man1/openssl-fipsinstall.pod.in ---- openssl-3.0.9/doc/man1/openssl-fipsinstall.pod.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man1/openssl-fipsinstall.pod.in 2023-05-31 14:33:13.269114517 +0200 -@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi - =head1 SYNOPSIS - - B --[B<-help>] --[B<-in> I] --[B<-out> I] --[B<-module> I] --[B<-provider_name> I] --[B<-section_name> I] --[B<-verify>] --[B<-mac_name> I] --[B<-macopt> I:I] --[B<-noout>] --[B<-quiet>] --[B<-no_conditional_errors>] --[B<-no_security_checks>] --[B<-self_test_onload>] --[B<-corrupt_desc> I] --[B<-corrupt_type> I] --[B<-config> I] - - =head1 DESCRIPTION -- --This command is used to generate a FIPS module configuration file. --This configuration file can be used each time a FIPS module is loaded --in order to pass data to the FIPS module self tests. The FIPS module always --verifies its MAC, but optionally only needs to run the KAT's once, --at installation. -- --The generated configuration file consists of: -- --=over 4 -- --=item - A MAC of the FIPS module file. -- --=item - A test status indicator. -- --This indicates if the Known Answer Self Tests (KAT's) have successfully run. -- --=item - A MAC of the status indicator. -- --=item - A control for conditional self tests errors. -- --By default if a continuous test (e.g a key pair test) fails then the FIPS module --will enter an error state, and no services or cryptographic algorithms will be --able to be accessed after this point. --The default value of '1' will cause the fips module error state to be entered. --If the value is '0' then the module error state will not be entered. --Regardless of whether the error state is entered or not, the current operation --(e.g. key generation) will return an error. The user is responsible for retrying --the operation if the module error state is not entered. -- --=item - A control to indicate whether run-time security checks are done. -- --This indicates if run-time checks related to enforcement of security parameters --such as minimum security strength of keys and approved curve names are used. --The default value of '1' will perform the checks. --If the value is '0' the checks are not performed and FIPS compliance must --be done by procedures documented in the relevant Security Policy. -- --=back -- --This file is described in L. -- --=head1 OPTIONS -- --=over 4 -- --=item B<-help> -- --Print a usage message. -- --=item B<-module> I -- --Filename of the FIPS module to perform an integrity check on. --The path provided in the filename is used to load the module when it is --activated, and this overrides the environment variable B. -- --=item B<-out> I -- --Filename to output the configuration data to; the default is standard output. -- --=item B<-in> I -- --Input filename to load configuration data from. --Must be used if the B<-verify> option is specified. -- --=item B<-verify> -- --Verify that the input configuration file contains the correct information. -- --=item B<-provider_name> I -- --Name of the provider inside the configuration file. --The default value is C. -- --=item B<-section_name> I -- --Name of the section inside the configuration file. --The default value is C. -- --=item B<-mac_name> I -- --Specifies the name of a supported MAC algorithm which will be used. --The MAC mechanisms that are available will depend on the options --used when building OpenSSL. --To see the list of supported MAC's use the command --C. The default is B. -- --=item B<-macopt> I:I -- --Passes options to the MAC algorithm. --A comprehensive list of controls can be found in the EVP_MAC implementation --documentation. --Common control strings used for this command are: -- --=over 4 -- --=item B:I -- --Specifies the MAC key as an alphanumeric string (use if the key contains --printable characters only). --The string length must conform to any restrictions of the MAC algorithm. --A key must be specified for every MAC algorithm. --If no key is provided, the default that was specified when OpenSSL was --configured is used. -- --=item B:I -- --Specifies the MAC key in hexadecimal form (two hex digits per byte). --The key length must conform to any restrictions of the MAC algorithm. --A key must be specified for every MAC algorithm. --If no key is provided, the default that was specified when OpenSSL was --configured is used. -- --=item B:I -- --Used by HMAC as an alphanumeric string (use if the key contains printable --characters only). --The string length must conform to any restrictions of the MAC algorithm. --To see the list of supported digests, use the command --C. --The default digest is SHA-256. -- --=back -- --=item B<-noout> -- --Disable logging of the self tests. -- --=item B<-no_conditional_errors> -- --Configure the module to not enter an error state if a conditional self test --fails as described above. -- --=item B<-no_security_checks> -- --Configure the module to not perform run-time security checks as described above. -- --=item B<-self_test_onload> -- --Do not write the two fields related to the "test status indicator" and --"MAC status indicator" to the output configuration file. Without these fields --the self tests KATS will run each time the module is loaded. This option could be --used for cross compiling, since the self tests need to run at least once on each --target machine. Once the self tests have run on the target machine the user --could possibly then add the 2 fields into the configuration using some other --mechanism. -- --=item B<-quiet> -- --Do not output pass/fail messages. Implies B<-noout>. -- --=item B<-corrupt_desc> I, --B<-corrupt_type> I -- --The corrupt options can be used to test failure of one or more self tests by --name. --Either option or both may be used to select the tests to corrupt. --Refer to the entries for B and B in L for --values that can be used. -- --=item B<-config> I -- --Test that a FIPS provider can be loaded from the specified configuration file. --A previous call to this application needs to generate the extra configuration --data that is included by the base C configuration file. --See L for further information on how to set up a provider section. --All other options are ignored if '-config' is used. -- --=back -- --=head1 NOTES -- --Self tests results are logged by default if the options B<-quiet> and B<-noout> --are not specified, or if either of the options B<-corrupt_desc> or --B<-corrupt_type> are used. --If the base configuration file is set up to autoload the fips module, then the --fips module will be loaded and self tested BEFORE the fipsinstall application --has a chance to set up its own self test callback. As a result of this the self --test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored. --For normal usage the base configuration file should use the default provider --when generating the fips configuration file. -- --=head1 EXAMPLES -- --Calculate the mac of a FIPS module F and run a FIPS self test --for the module, and save the F configuration file: -- -- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips -- --Verify that the configuration file F contains the correct info: -- -- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify -- --Corrupt any self tests which have the description C: -- -- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ -- -corrupt_desc 'SHA1' -- --Validate that the fips module can be loaded from a base configuration file: -- -- export OPENSSL_CONF_INCLUDE= -- export OPENSSL_MODULES= -- openssl fipsinstall -config' 'default.cnf' -- -- --=head1 SEE ALSO -- --L, --L, --L, --L -+This command is disabled. -+Please consult Red Hat Enterprise Linux documentation to learn how to correctly -+enable FIPS mode on Red Hat Enterprise - - =head1 COPYRIGHT - -diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl.pod openssl-3.0.9-new/doc/man1/openssl.pod ---- openssl-3.0.9/doc/man1/openssl.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man1/openssl.pod 2023-05-31 14:33:13.267114518 +0200 -@@ -135,10 +135,6 @@ Engine (loadable module) information and - - Error Number to Error String Conversion. - --=item B -- --FIPS configuration installation. -- - =item B - - Generation of DSA Private Key from Parameters. Superseded by -diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod ---- openssl-3.0.9/doc/man5/config.pod 2023-05-31 14:33:12.476114856 +0200 -+++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:13.268114517 +0200 -@@ -573,7 +573,6 @@ configuration files using that syntax wi - =head1 SEE ALSO - - L, L, L, --L, - L, - L, - L, -diff -rupN --no-dereference openssl-3.0.9/doc/man5/fips_config.pod openssl-3.0.9-new/doc/man5/fips_config.pod ---- openssl-3.0.9/doc/man5/fips_config.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man5/fips_config.pod 2023-05-31 14:33:13.268114517 +0200 -@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration - - =head1 DESCRIPTION - --A separate configuration file, using the OpenSSL L syntax, --is used to hold information about the FIPS module. This includes a digest --of the shared library file, and status about the self-testing. --This data is used automatically by the module itself for two --purposes: -- --=over 4 -- --=item - Run the startup FIPS self-test known answer tests (KATS). -- --This is normally done once, at installation time, but may also be set up to --run each time the module is used. -- --=item - Verify the module's checksum. -- --This is done each time the module is used. -- --=back -- --This file is generated by the L program, and --used internally by the FIPS module during its initialization. -- --The following options are supported. They should all appear in a section --whose name is identified by the B option in the B --section, as described in L. -- --=over 4 -- --=item B -- --If present, the module is activated. The value assigned to this name is not --significant. -- --=item B -- --A version number for the fips install process. Should be 1. -- --=item B -- --The FIPS module normally enters an internal error mode if any self test fails. --Once this error mode is active, no services or cryptographic algorithms are --accessible from this point on. --Continuous tests are a subset of the self tests (e.g., a key pair test during key --generation, or the CRNG output test). --Setting this value to C<0> allows the error mode to not be triggered if any --continuous test fails. The default value of C<1> will trigger the error mode. --Regardless of the value, the operation (e.g., key generation) that called the --continuous test will return an error code if its continuous test fails. The --operation may then be retried if the error mode has not been triggered. -- --=item B -- --This indicates if run-time checks related to enforcement of security parameters --such as minimum security strength of keys and approved curve names are used. --A value of '1' will perform the checks, otherwise if the value is '0' the checks --are not performed and FIPS compliance must be done by procedures documented in --the relevant Security Policy. -- --=item B -- --The calculated MAC of the FIPS provider file. -- --=item B -- --An indicator that the self-tests were successfully run. --This should only be written after the module has --successfully passed its self tests during installation. --If this field is not present, then the self tests will run when the module --loads. -- --=item B -- --A MAC of the value of the B option, to prevent accidental --changes to that value. --It is written-to at the same time as B is updated. -- --=back -- --For example: -- -- [fips_sect] -- activate = 1 -- install-version = 1 -- conditional-errors = 1 -- security-checks = 1 -- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC -- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C -- install-status = INSTALL_SELF_TEST_KATS_RUN -- --=head1 NOTES -- --When using the FIPS provider, it is recommended that the --B option is enabled to prevent accidental use of --non-FIPS validated algorithms via broken or mistaken configuration. --See L. -- --=head1 SEE ALSO -- --L --L -+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is -+automatically loaded when the system is booted in FIPS mode, or when the -+environment variable B is set. See the documentation -+for more information. - - =head1 HISTORY - -diff -rupN --no-dereference openssl-3.0.9/doc/man7/OSSL_PROVIDER-FIPS.pod openssl-3.0.9-new/doc/man7/OSSL_PROVIDER-FIPS.pod ---- openssl-3.0.9/doc/man7/OSSL_PROVIDER-FIPS.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man7/OSSL_PROVIDER-FIPS.pod 2023-05-31 14:33:13.268114517 +0200 -@@ -410,7 +410,6 @@ A simple self test callback is shown bel - - =head1 SEE ALSO - --L, - L, - L, - L, diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch deleted file mode 100644 index 4c49fbc..0000000 --- a/0035-speed-skip-unavailable-dgst.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/speed.c ---- openssl-3.0.9/apps/speed.c 2023-05-31 14:33:11.679115195 +0200 -+++ openssl-3.0.9-new/apps/speed.c 2023-05-31 14:33:13.533114404 +0200 -@@ -591,6 +591,9 @@ static int EVP_MAC_loop(int algindex, vo - for (count = 0; COND(c[algindex][testnum]); count++) { - size_t outl; - -+ if (mctx == NULL) -+ return -1; -+ - if (!EVP_MAC_init(mctx, NULL, 0, NULL) - || !EVP_MAC_update(mctx, buf, lengths[testnum]) - || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch deleted file mode 100644 index 0f0a7b2..0000000 --- a/0044-FIPS-140-3-keychecks.patch +++ /dev/null @@ -1,186 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/dh/dh_key.c openssl-3.0.9-new/crypto/dh/dh_key.c ---- openssl-3.0.9/crypto/dh/dh_key.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/dh/dh_key.c 2023-05-31 14:33:13.795114292 +0200 -@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k - BN_MONT_CTX *mont = NULL; - BIGNUM *z = NULL, *pminus1; - int ret = -1; -+#ifdef FIPS_MODULE -+ int validate = 0; -+#endif - - if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k - return 0; - } - -+#ifdef FIPS_MODULE -+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { -+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); -+ return 0; -+ } -+#endif -+ - ctx = BN_CTX_new_ex(dh->libctx); - if (ctx == NULL) - goto err; -@@ -262,6 +272,9 @@ static int generate_key(DH *dh) - #endif - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; -+#ifdef FIPS_MODULE -+ int validate = 0; -+#endif - - if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -@@ -354,8 +367,23 @@ static int generate_key(DH *dh) - if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) - goto err; - -+#ifdef FIPS_MODULE -+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { -+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); -+ goto err; -+ } -+#endif -+ - dh->pub_key = pub_key; - dh->priv_key = priv_key; -+#ifdef FIPS_MODULE -+ if (ossl_dh_check_pairwise(dh) <= 0) { -+ dh->pub_key = dh->priv_key = NULL; -+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); -+ goto err; -+ } -+#endif -+ - dh->dirty_cnt++; - ok = 1; - err: -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_key.c openssl-3.0.9-new/crypto/ec/ec_key.c ---- openssl-3.0.9/crypto/ec/ec_key.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_key.c 2023-05-31 14:33:13.796114291 +0200 -@@ -333,6 +333,11 @@ static int ec_generate_key(EC_KEY *eckey - - OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); - ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); -+ -+#ifdef FIPS_MODULE -+ ok &= ossl_ec_key_public_check(eckey, ctx); -+ ok &= ossl_ec_key_pairwise_check(eckey, ctx); -+#endif /* FIPS_MODULE */ - } - err: - /* Step (9): If there is an error return an invalid keypair. */ -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_gen.c openssl-3.0.9-new/crypto/rsa/rsa_gen.c ---- openssl-3.0.9/crypto/rsa/rsa_gen.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_gen.c 2023-05-31 14:33:13.797114291 +0200 -@@ -23,6 +23,7 @@ - #include - #include "internal/cryptlib.h" - #include -+#include - #include - #include "prov/providercommon.h" - #include "rsa_local.h" -@@ -478,52 +479,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc - static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) - { - int ret = 0; -- unsigned int ciphertxt_len; -- unsigned char *ciphertxt = NULL; -- const unsigned char plaintxt[16] = {0}; -- unsigned char *decoded = NULL; -- unsigned int decoded_len; -- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len); -- int padding = RSA_PKCS1_PADDING; -+ unsigned int signature_len; -+ unsigned char *signature = NULL; - OSSL_SELF_TEST *st = NULL; -+ static const unsigned char dgst[] = { -+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, -+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 -+ }; - - st = OSSL_SELF_TEST_new(cb, cbarg); - if (st == NULL) - goto err; - OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, -+ /* No special name for RSA signature PCT*/ - OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); - -- ciphertxt_len = RSA_size(rsa); -- /* -- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' -- * parameter to be a maximum of RSA_size() - allocate space for both. -- */ -- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); -- if (ciphertxt == NULL) -+ signature_len = RSA_size(rsa); -+ signature = OPENSSL_zalloc(signature_len); -+ if (signature == NULL) - goto err; -- decoded = ciphertxt + ciphertxt_len; - -- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa, -- padding); -- if (ciphertxt_len <= 0) -+ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0) - goto err; -- if (ciphertxt_len == plaintxt_len -- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0) -+ -+ if (signature_len <= 0) - goto err; - -- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt); -+ OSSL_SELF_TEST_oncorrupt_byte(st, signature); - -- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa, -- padding); -- if (decoded_len != plaintxt_len -- || memcmp(decoded, plaintxt, decoded_len) != 0) -+ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0) - goto err; - - ret = 1; - err: - OSSL_SELF_TEST_onend(st, ret); - OSSL_SELF_TEST_free(st); -- OPENSSL_free(ciphertxt); -+ OPENSSL_free(signature); - - return ret; - } -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/exchange/ecdh_exch.c openssl-3.0.9-new/providers/implementations/exchange/ecdh_exch.c ---- openssl-3.0.9/providers/implementations/exchange/ecdh_exch.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/exchange/ecdh_exch.c 2023-05-31 14:33:13.796114291 +0200 -@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u - } - - ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); -+#ifdef FIPS_MODULE -+ { -+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); -+ int check = 0; -+ -+ if (bn_ctx == NULL) { -+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ -+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); -+ BN_CTX_free(bn_ctx); -+ -+ if (check <= 0) { -+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); -+ goto end; -+ } -+ } -+#endif - - retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); - diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch deleted file mode 100644 index c87ea95..0000000 --- a/0045-FIPS-services-minimize.patch +++ /dev/null @@ -1,718 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/apps/ecparam.c openssl-3.0.9-new/apps/ecparam.c ---- openssl-3.0.9/apps/ecparam.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/ecparam.c 2023-05-31 14:33:14.081114169 +0200 -@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out) - const char *comment = curves[n].comment; - const char *sname = OBJ_nid2sn(curves[n].nid); - -+ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL)) -+ continue; -+ - if (comment == NULL) - comment = "CURVE DESCRIPTION NOT AVAILABLE"; - if (sname == NULL) -diff -rupN --no-dereference openssl-3.0.9/apps/req.c openssl-3.0.9-new/apps/req.c ---- openssl-3.0.9/apps/req.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/apps/req.c 2023-05-31 14:33:14.081114169 +0200 -@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) - unsigned long chtype = MBSTRING_ASC, reqflag = 0; - - #ifndef OPENSSL_NO_DES -- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); - #endif - - prog = opt_init(argc, argv, req_options); -diff -rupN --no-dereference openssl-3.0.9/providers/common/capabilities.c openssl-3.0.9-new/providers/common/capabilities.c ---- openssl-3.0.9/providers/common/capabilities.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/common/capabilities.c 2023-05-31 14:33:14.074114172 +0200 -@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list - TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), - TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), - TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), --# endif - TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), - TLS_GROUP_ENTRY("x448", "X448", "X448", 29), -+# endif - # endif /* OPENSSL_NO_EC */ - # ifndef OPENSSL_NO_DH - /* Security bit values for FFDHE groups are as per RFC 7919 */ -diff -rupN --no-dereference openssl-3.0.9/providers/fips/fipsprov.c openssl-3.0.9-new/providers/fips/fipsprov.c ---- openssl-3.0.9/providers/fips/fipsprov.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/fips/fipsprov.c 2023-05-31 14:33:14.075114172 +0200 -@@ -38,7 +38,6 @@ static OSSL_FUNC_provider_query_operatio - - #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } - #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) -- - extern OSSL_FUNC_core_thread_start_fn *c_thread_start; - int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); - -@@ -175,13 +174,13 @@ static int fips_get_params(void *provctx - &fips_prov_ossl_ctx_method); - - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); -- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) -+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider")) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); -- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) -+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); -- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) -+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); - if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) -@@ -265,10 +264,11 @@ static const OSSL_ALGORITHM fips_digests - * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for - * KMAC128 and KMAC256. - */ -- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, -+ /* We don't certify KECCAK in our FIPS provider */ -+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, - ossl_keccak_kmac_128_functions }, - { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, -- ossl_keccak_kmac_256_functions }, -+ ossl_keccak_kmac_256_functions }, */ - { NULL, NULL, NULL } - }; - -@@ -327,8 +327,9 @@ static const OSSL_ALGORITHM_CAPABLE fips - ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, - ossl_cipher_capable_aes_cbc_hmac_sha256), - #ifndef OPENSSL_NO_DES -- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), -- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), -+ /* We don't certify 3DES in our FIPS provider */ -+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), -+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ - #endif /* OPENSSL_NO_DES */ - { { NULL, NULL, NULL }, NULL } - }; -@@ -340,8 +341,9 @@ static const OSSL_ALGORITHM fips_macs[] - #endif - { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, - { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, -- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, -- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, -+ /* We don't certify KMAC in our FIPS provider */ -+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, -+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ - { NULL, NULL, NULL } - }; - -@@ -376,8 +378,9 @@ static const OSSL_ALGORITHM fips_keyexch - #endif - #ifndef OPENSSL_NO_EC - { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, -- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, -- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, -+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/ - #endif - { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, - ossl_kdf_tls1_prf_keyexch_functions }, -@@ -387,12 +390,14 @@ static const OSSL_ALGORITHM fips_keyexch - - static const OSSL_ALGORITHM fips_signature[] = { - #ifndef OPENSSL_NO_DSA -- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, -+ /* We don't certify DSA in our FIPS provider */ -+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */ - #endif - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, - #ifndef OPENSSL_NO_EC -- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, -- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, -+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */ - { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, - #endif - { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, -@@ -422,8 +427,9 @@ static const OSSL_ALGORITHM fips_keymgmt - PROV_DESCS_DHX }, - #endif - #ifndef OPENSSL_NO_DSA -- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, -- PROV_DESCS_DSA }, -+ /* We don't certify DSA in our FIPS provider */ -+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, -+ PROV_DESCS_DSA }, */ - #endif - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, - PROV_DESCS_RSA }, -@@ -432,14 +438,15 @@ static const OSSL_ALGORITHM fips_keymgmt - #ifndef OPENSSL_NO_EC - { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, - PROV_DESCS_EC }, -- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, -+ /* We don't certify Edwards curves in our FIPS provider */ -+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, - PROV_DESCS_X25519 }, - { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, - PROV_DESCS_X448 }, - { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, - PROV_DESCS_ED25519 }, - { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, -- PROV_DESCS_ED448 }, -+ PROV_DESCS_ED448 }, */ - #endif - { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, - PROV_DESCS_TLS1_PRF_SIGN }, -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc ---- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:14.075114172 +0200 -@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest - /*- CIPHER TEST DATA */ - - /* DES3 test data */ -+#if 0 - static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, -@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_ - 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, - 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 - }; -- -+#endif - /* AES-256 GCM test data */ - static const unsigned char aes_256_gcm_key[] = { - 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, -@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c - }; - - static const ST_KAT_CIPHER st_kat_cipher_tests[] = { -+#if 0 - #ifndef OPENSSL_NO_DES - { - { -@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher - ITM(des_ede3_cbc_iv), - }, - #endif -+#endif - { - { - OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, -@@ -1430,8 +1433,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ - # endif /* OPENSSL_NO_EC2M */ - #endif /* OPENSSL_NO_EC */ - --#ifndef OPENSSL_NO_DSA - /* dsa 2048 */ -+#if 0 -+#ifndef OPENSSL_NO_DSA - static const unsigned char dsa_p[] = { - 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, - 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, -@@ -1555,8 +1559,8 @@ static const ST_KAT_PARAM dsa_key[] = { - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), - ST_KAT_PARAM_END() - }; --#endif /* OPENSSL_NO_DSA */ -- -+#endif -+#endif - static const ST_KAT_SIGN st_kat_sign_tests[] = { - { - OSSL_SELF_TEST_DESC_SIGN_RSA, -@@ -1589,6 +1593,7 @@ static const ST_KAT_SIGN st_kat_sign_tes - }, - # endif - #endif /* OPENSSL_NO_EC */ -+#if 0 - #ifndef OPENSSL_NO_DSA - { - OSSL_SELF_TEST_DESC_SIGN_DSA, -@@ -1601,6 +1606,7 @@ static const ST_KAT_SIGN st_kat_sign_tes - */ - }, - #endif /* OPENSSL_NO_DSA */ -+#endif - }; - - static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/rsa_sig.c openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/rsa_sig.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.082114169 +0200 -@@ -763,6 +763,19 @@ static int rsa_verify(void *vprsactx, co - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - size_t rslen; -+# ifdef FIPS_MODULE -+ size_t rsabits = RSA_bits(prsactx->rsa); -+ -+ if (rsabits < 2048) { -+ if (rsabits != 1024 -+ && rsabits != 1280 -+ && rsabits != 1536 -+ && rsabits != 1792) { -+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ } -+# endif - - if (!ossl_prov_is_running()) - return 0; -diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/ssl_ciph.c ---- openssl-3.0.9/ssl/ssl_ciph.c 2023-05-31 14:33:10.575115664 +0200 -+++ openssl-3.0.9-new/ssl/ssl_ciph.c 2023-05-31 14:33:14.081114169 +0200 -@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) - ctx->disabled_mkey_mask = 0; - ctx->disabled_auth_mask = 0; - -+ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) -+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; -+ - /* - * We ignore any errors from the fetches below. They are expected to fail - * if theose algorithms are not available. -diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.c openssl-3.0.9-new/test/acvp_test.c ---- openssl-3.0.9/test/acvp_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/acvp_test.c 2023-05-31 14:33:14.076114171 +0200 -@@ -1476,6 +1476,7 @@ int setup_tests(void) - OSSL_NELEM(dh_safe_prime_keyver_data)); - #endif /* OPENSSL_NO_DH */ - -+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ - #ifndef OPENSSL_NO_DSA - ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); - ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); -@@ -1483,6 +1484,7 @@ int setup_tests(void) - ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); - ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); - #endif /* OPENSSL_NO_DSA */ -+#endif - - #ifndef OPENSSL_NO_EC - ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); -diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new/test/endecode_test.c ---- openssl-3.0.9/test/endecode_test.c 2023-05-31 14:33:11.957115077 +0200 -+++ openssl-3.0.9-new/test/endecode_test.c 2023-05-31 14:33:14.080114169 +0200 -@@ -1393,6 +1393,7 @@ int setup_tests(void) - * so no legacy tests. - */ - #endif -+ if (is_fips == 0) { - #ifndef OPENSSL_NO_DSA - ADD_TEST_SUITE(DSA); - ADD_TEST_SUITE_PARAMS(DSA); -@@ -1403,6 +1404,7 @@ int setup_tests(void) - ADD_TEST_SUITE_PROTECTED_PVK(DSA); - # endif - #endif -+ } - #ifndef OPENSSL_NO_EC - ADD_TEST_SUITE(EC); - ADD_TEST_SUITE_PARAMS(EC); -@@ -1417,10 +1419,12 @@ int setup_tests(void) - ADD_TEST_SUITE(ECExplicitTri2G); - ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); - # endif -+ if (is_fips == 0) { - ADD_TEST_SUITE(ED25519); - ADD_TEST_SUITE(ED448); - ADD_TEST_SUITE(X25519); - ADD_TEST_SUITE(X448); -+ } - /* - * ED25519, ED448, X25519 and X448 have no support for - * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. -diff -rupN --no-dereference openssl-3.0.9/test/evp_libctx_test.c openssl-3.0.9-new/test/evp_libctx_test.c ---- openssl-3.0.9/test/evp_libctx_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/evp_libctx_test.c 2023-05-31 14:33:14.077114171 +0200 -@@ -21,6 +21,7 @@ - */ - #include "internal/deprecated.h" - #include -+#include - #include - #include - #include -@@ -726,7 +727,9 @@ int setup_tests(void) - return 0; - - #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) -- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); -+ if (strcmp(prov_name, "fips") != 0) { -+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); -+ } - #endif - #ifndef OPENSSL_NO_DH - ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); -@@ -746,7 +749,9 @@ int setup_tests(void) - ADD_TEST(kem_invalid_keytype); - #endif - #ifndef OPENSSL_NO_DES -- ADD_TEST(test_cipher_tdes_randkey); -+ if (strcmp(prov_name, "fips") != 0) { -+ ADD_TEST(test_cipher_tdes_randkey); -+ } - #endif - return 1; - } -diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_gendsa.t openssl-3.0.9-new/test/recipes/15-test_gendsa.t ---- openssl-3.0.9/test/recipes/15-test_gendsa.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/15-test_gendsa.t 2023-05-31 14:33:14.077114171 +0200 -@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); - plan skip_all => "This test is unsupported in a no-dsa build" - if disabled("dsa"); - --my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+my $no_fips = 1; - - plan tests => - ($no_fips ? 0 : 2) # FIPS related tests -diff -rupN --no-dereference openssl-3.0.9/test/recipes/20-test_cli_fips.t openssl-3.0.9-new/test/recipes/20-test_cli_fips.t ---- openssl-3.0.9/test/recipes/20-test_cli_fips.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/20-test_cli_fips.t 2023-05-31 14:33:14.077114171 +0200 -@@ -273,8 +273,7 @@ SKIP: { - } - - SKIP : { -- skip "FIPS DSA tests because of no dsa in this build", 1 -- if disabled("dsa"); -+ skip "FIPS DSA tests because of no dsa in this build", 1; - - subtest DSA => sub { - my $testtext_prefix = 'DSA'; -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evpmac_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evpmac_common.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evpmac_common.txt 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evpmac_common.txt 2023-05-31 14:33:14.079114170 +0200 -@@ -327,6 +327,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100 - Output = 00BDA1B7E87608BCBF470F12157F4C07 - - -+Availablein = default - Title = KMAC Tests (From NIST) - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -@@ -337,12 +338,14 @@ Ctrl = xof:0 - OutputSize = 32 - BlockSize = 168 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 - Custom = "My Tagged Application" - Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -350,6 +353,7 @@ Custom = "My Tagged Application" - Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 - Ctrl = size:32 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -358,12 +362,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6 - OutputSize = 64 - BlockSize = 136 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 - Custom = "" - Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -373,12 +379,14 @@ Ctrl = size:64 - - Title = KMAC XOF Tests (From NIST) - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 - Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 - XOF = 1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -386,6 +394,7 @@ Custom = "My Tagged Application" - Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C - XOF = 1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -394,6 +403,7 @@ Output = 47026C7CD793084AA0283C253EF6584 - XOF = 1 - Ctrl = size:32 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -401,6 +411,7 @@ Custom = "My Tagged Application" - Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B - XOF = 1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -408,6 +419,7 @@ Custom = "" - Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B - XOF = 1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -418,6 +430,7 @@ XOF = 1 - - Title = KMAC long customisation string (from NIST ACVP) - -+Availablein = default - MAC = KMAC256 - Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 - Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -428,12 +441,14 @@ XOF = 1 - - Title = KMAC XOF Tests via ctrl (From NIST) - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 - Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -441,6 +456,7 @@ Custom = "My Tagged Application" - Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -449,6 +465,7 @@ Output = 47026C7CD793084AA0283C253EF6584 - Ctrl = xof:1 - Ctrl = size:32 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 00010203 -@@ -456,6 +473,7 @@ Custom = "My Tagged Application" - Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -463,6 +481,7 @@ Custom = "" - Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B - Ctrl = xof:1 - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -473,6 +492,7 @@ Ctrl = xof:1 - - Title = KMAC long customisation string via ctrl (from NIST ACVP) - -+Availablein = default - MAC = KMAC256 - Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 - Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D -@@ -483,6 +503,7 @@ Ctrl = xof:1 - - Title = KMAC long customisation string negative test - -+Availablein = default - MAC = KMAC128 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -491,6 +512,7 @@ Result = MAC_INIT_ERROR - - Title = KMAC output is too large - -+Availablein = default - MAC = KMAC256 - Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F - Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t ---- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 14:33:14.078114170 +0200 -@@ -42,7 +42,6 @@ my @files = qw( - evpciph_aes_cts.txt - evpciph_aes_wrap.txt - evpciph_aes_stitched.txt -- evpciph_des3_common.txt - evpkdf_hkdf.txt - evpkdf_pbkdf1.txt - evpkdf_pbkdf2.txt -@@ -64,12 +63,6 @@ push @files, qw( - evppkey_dh.txt - ) unless $no_dh; - push @files, qw( -- evpkdf_x942_des.txt -- evpmac_cmac_des.txt -- ) unless $no_des; --push @files, qw(evppkey_dsa.txt) unless $no_dsa; --push @files, qw(evppkey_ecx.txt) unless $no_ec; --push @files, qw( - evppkey_ecc.txt - evppkey_ecdh.txt - evppkey_ecdsa.txt -@@ -89,6 +82,7 @@ my @defltfiles = qw( - evpciph_cast5.txt - evpciph_chacha.txt - evpciph_des.txt -+ evpciph_des3_common.txt - evpciph_idea.txt - evpciph_rc2.txt - evpciph_rc4.txt -@@ -116,6 +110,12 @@ my @defltfiles = qw( - evppkey_kdf_tls1_prf.txt - evppkey_rsa.txt - ); -+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa; -+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec; -+push @defltfiles, qw( -+ evpkdf_x942_des.txt -+ evpmac_cmac_des.txt -+ ) unless $no_des; - push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; - push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_cms.t openssl-3.0.9-new/test/recipes/80-test_cms.t ---- openssl-3.0.9/test/recipes/80-test_cms.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_cms.t 2023-05-31 14:33:14.078114170 +0200 -@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content DER format, DSA key", -+ [ "signed content DER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed detached content DER format, DSA key", -+ [ "signed detached content DER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed detached content DER format, add RSA signer (with DSA existing)", -+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], - [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", -@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, DSA key", -+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-stream", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], -@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-stream", - "-signer", $smrsa1, -@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-noattr", "-nodetach", "-stream", - "-signer", $smrsa1, -@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = ( - \&zero_compare - ], - -- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( - - my @smime_cms_tests = ( - -- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", -+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-nodetach", "-keyid", - "-signer", $smrsa1, -@@ -261,7 +261,7 @@ my @smime_cms_tests = ( - \&final_compare - ], - -- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", -+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", $smrsa1, - "-signer", catfile($smdir, "smrsa2.pem"), -@@ -371,7 +371,7 @@ my @smime_cms_tests = ( - \&final_compare - ], - -- [ "encrypted content test streaming PEM format, triple DES key", -+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", - [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-stream", "-out", "{output}.cms" ], -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_old.t openssl-3.0.9-new/test/recipes/80-test_ssl_old.t ---- openssl-3.0.9/test/recipes/80-test_ssl_old.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:14.080114169 +0200 -@@ -436,7 +436,7 @@ sub testssl { - my @exkeys = (); - my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; - -- if (!$no_dsa) { -+ if (!$no_dsa && $provider ne "fips") { - push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; - } - diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch deleted file mode 100644 index 546b030..0000000 --- a/0047-FIPS-early-KATS.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test.c openssl-3.0.9-new/providers/fips/self_test.c ---- openssl-3.0.9/providers/fips/self_test.c 2023-05-31 14:33:13.261114521 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test.c 2023-05-31 14:33:14.360114049 +0200 -@@ -350,6 +350,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - if (ev == NULL) - goto end; - -+ /* -+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements -+ */ -+ if (kats_already_passed == 0) { -+ if (!SELF_TEST_kats(ev, st->libctx)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); -+ goto end; -+ } -+ } -+ - module_checksum = fips_hmac_container; - checksum_len = sizeof(fips_hmac_container); - -@@ -399,18 +409,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - kats_already_passed = 1; - } - } -- -- /* -- * Only runs the KAT's during installation OR on_demand(). -- * NOTE: If the installation option 'self_test_onload' is chosen then this -- * path will always be run, since kats_already_passed will always be 0. -- */ -- if (on_demand_test || kats_already_passed == 0) { -- if (!SELF_TEST_kats(ev, st->libctx)) { -- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); -- goto end; -- } -- } - ok = 1; - end: - OSSL_SELF_TEST_free(ev); diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch deleted file mode 100644 index 063b93b..0000000 --- a/0049-Allow-disabling-of-SHA1-signatures.patch +++ /dev/null @@ -1,430 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/evp_cnf.c openssl-3.0.9-new/crypto/evp/evp_cnf.c ---- openssl-3.0.9/crypto/evp/evp_cnf.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/evp/evp_cnf.c 2023-05-31 14:33:14.632113932 +0200 -@@ -10,6 +10,7 @@ - #include - #include - #include "internal/cryptlib.h" -+#include "internal/sslconf.h" - #include - #include - #include -@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE - ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); - return 0; - } -+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { -+ int m; -+ -+ /* Detailed error already reported. */ -+ if (!X509V3_get_value_bool(oval, &m)) -+ return 0; -+ -+ if (!ossl_ctx_legacy_digest_signatures_allowed_set( -+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); -+ return 0; -+ } - } else { - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/m_sigver.c openssl-3.0.9-new/crypto/evp/m_sigver.c ---- openssl-3.0.9/crypto/evp/m_sigver.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/evp/m_sigver.c 2023-05-31 14:33:14.632113932 +0200 -@@ -16,6 +16,79 @@ - #include "internal/numbers.h" /* includes SIZE_MAX */ - #include "evp_local.h" - -+typedef struct ossl_legacy_digest_signatures_st { -+ int allowed; -+} OSSL_LEGACY_DIGEST_SIGNATURES; -+ -+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; -+ -+ if (ldsigs != NULL) { -+ OPENSSL_free(ldsigs); -+ } -+} -+ -+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); -+ /* Warning: This patch differs from the same patch in CentOS and RHEL here, -+ * because the default on Fedora is to allow SHA-1 and support disabling -+ * it, while CentOS/RHEL disable it by default and allow enabling it. */ -+ ldsigs->allowed = 1; -+ return ldsigs; -+} -+ -+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { -+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, -+ ossl_ctx_legacy_digest_signatures_new, -+ ossl_ctx_legacy_digest_signatures_free, -+}; -+ -+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( -+ OSSL_LIB_CTX *libctx, int loadconfig) -+{ -+#ifndef FIPS_MODULE -+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) -+ return NULL; -+#endif -+ -+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, -+ &ossl_ctx_legacy_digest_signatures_method); -+} -+ -+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs -+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); -+ -+#ifndef FIPS_MODULE -+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) -+ /* used in tests */ -+ return 1; -+#endif -+ -+ /* Warning: This patch differs from the same patch in CentOS and RHEL here, -+ * because the default on Fedora is to allow SHA-1 and support disabling -+ * it, while CentOS/RHEL disable it by default and allow enabling it. */ -+ return ldsigs != NULL ? ldsigs->allowed : 1; -+} -+ -+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, -+ int loadconfig) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs -+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); -+ -+ if (ldsigs == NULL) { -+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ ldsigs->allowed = allow; -+ return 1; -+} -+ - #ifndef FIPS_MODULE - - static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) -@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ct - } - } - -+ if (ctx->reqdigest != NULL -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { -+ int mdnid = EVP_MD_nid(ctx->reqdigest); -+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) -+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ goto err; -+ } -+ } -+ - if (ver) { - if (signature->digest_verify_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/pmeth_lib.c openssl-3.0.9-new/crypto/evp/pmeth_lib.c ---- openssl-3.0.9/crypto/evp/pmeth_lib.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/evp/pmeth_lib.c 2023-05-31 14:33:14.632113932 +0200 -@@ -33,6 +33,7 @@ - #include "internal/ffc.h" - #include "internal/numbers.h" - #include "internal/provider.h" -+#include "internal/sslconf.h" - #include "evp_local.h" - - #ifndef FIPS_MODULE -@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_ - return -2; - } - -+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) -+ && md != NULL -+ && ctx->pkey != NULL -+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) -+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) -+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ return -1; -+ } -+ } -+ - if (fallback) - return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); - -diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod ---- openssl-3.0.9/doc/man5/config.pod 2023-05-31 14:33:13.528114406 +0200 -+++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:14.632113932 +0200 -@@ -304,6 +304,19 @@ Within the algorithm properties section, - The value may be anything that is acceptable as a property query - string for EVP_set_default_properties(). - -+=item B -+ -+The value is a boolean that can be B or B. If the value is not set, -+it behaves as if it was set to B. -+ -+When set to B, any attempt to create or verify a signature with a SHA1 -+digest will fail. To test whether your software will work with future versions -+of OpenSSL, set this option to B. This setting also affects TLS, where -+signature algorithms that use SHA1 as digest will no longer be supported if -+this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as -+pseudorandom function (PRF) to derive key material, disabling -+B requires the use of TLS 1.2 or newer. -+ - =item B (deprecated) - - The value is a boolean that can be B or B. If the value is -diff -rupN --no-dereference openssl-3.0.9/include/internal/cryptlib.h openssl-3.0.9-new/include/internal/cryptlib.h ---- openssl-3.0.9/include/internal/cryptlib.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/internal/cryptlib.h 2023-05-31 14:33:14.633113932 +0200 -@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { - # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 - # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 - # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 --# define OSSL_LIB_CTX_MAX_INDEXES 19 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 -+# define OSSL_LIB_CTX_MAX_INDEXES 20 - - # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 - # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 -diff -rupN --no-dereference openssl-3.0.9/include/internal/sslconf.h openssl-3.0.9-new/include/internal/sslconf.h ---- openssl-3.0.9/include/internal/sslconf.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/internal/sslconf.h 2023-05-31 14:33:14.633113932 +0200 -@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, - void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg); - -+/* Methods to support disabling all signatures with legacy digests */ -+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); -+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, -+ int loadconfig); - #endif -diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck.c openssl-3.0.9-new/providers/common/securitycheck.c ---- openssl-3.0.9/providers/common/securitycheck.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/common/securitycheck.c 2023-05-31 14:33:14.633113932 +0200 -@@ -19,6 +19,7 @@ - #include - #include - #include "prov/securitycheck.h" -+#include "internal/sslconf.h" - - /* - * FIPS requires a minimum security strength of 112 bits (for encryption or -@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sh - mdnid = -1; /* disallowed by security checks */ - } - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ /* SHA1 is globally disabled, check whether we want to locally allow -+ * it. */ -+ if (mdnid == NID_sha1 && !sha1_allowed) -+ mdnid = -1; -+#endif -+ - return mdnid; - } - -@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX - if (ossl_securitycheck_enabled(ctx)) - return ossl_digest_get_approved_nid(md) != NID_undef; - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ return 0; -+ } -+#endif -+ - return 1; - } -diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck_default.c openssl-3.0.9-new/providers/common/securitycheck_default.c ---- openssl-3.0.9/providers/common/securitycheck_default.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/common/securitycheck_default.c 2023-05-31 14:33:14.633113932 +0200 -@@ -15,6 +15,7 @@ - #include - #include "prov/securitycheck.h" - #include "internal/nelem.h" -+#include "internal/sslconf.h" - - /* Disable the security checks in the default provider */ - int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_ - } - - int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, -- ossl_unused int sha1_allowed) -+ int sha1_allowed) - { - int mdnid; -+ int ldsigs_allowed; - - static const OSSL_ITEM name_to_nid[] = { - { NID_md5, OSSL_DIGEST_NAME_MD5 }, -@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL - { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, - }; - -- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); -+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); - if (mdnid == NID_undef) - mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); -+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) -+ mdnid = -1; - return mdnid; - } -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/dsa_sig.c openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/dsa_sig.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c 2023-05-31 14:33:14.633113932 +0200 -@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ct - mdprops = ctx->propq; - - if (mdname != NULL) { -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - WPACKET pkt; - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -- sha1_allowed); -+ int md_nid; - size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE -+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -+ sha1_allowed); - - if (md == NULL || md_nid < 0) { - if (md == NULL) -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c 2023-05-31 14:33:14.634113931 +0200 -@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX - "%s could not be fetched", mdname); - return 0; - } -+#ifdef FIPS_MODULE - sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ sha1_allowed = 0; -+#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - if (md_nid < 0) { -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/rsa_sig.c openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.352114052 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.634113931 +0200 -@@ -25,6 +25,7 @@ - #include "internal/cryptlib.h" - #include "internal/nelem.h" - #include "internal/sizes.h" -+#include "internal/sslconf.h" - #include "crypto/rsa.h" - #include "prov/providercommon.h" - #include "prov/implementations.h" -@@ -33,6 +34,7 @@ - #include "prov/securitycheck.h" - - #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 -+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 - - static OSSL_FUNC_signature_newctx_fn rsa_newctx; - static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ct - - if (mdname != NULL) { - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -+ int md_nid; -+ size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); -- size_t mdname_len = strlen(mdname); - - if (md == NULL - || md_nid <= 0 -@@ -1363,8 +1370,15 @@ static int rsa_set_ctx_params(void *vprs - prsactx->pad_mode = pad_mode; - - if (prsactx->md == NULL && pmdname == NULL -- && pad_mode == RSA_PKCS1_PSS_PADDING) -+ && pad_mode == RSA_PKCS1_PSS_PADDING) { - pmdname = RSA_DEFAULT_DIGEST_NAME; -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { -+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; -+ } -+#endif -+ } -+ - - if (pmgf1mdname != NULL - && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) -diff -rupN --no-dereference openssl-3.0.9/ssl/t1_lib.c openssl-3.0.9-new/ssl/t1_lib.c ---- openssl-3.0.9/ssl/t1_lib.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/ssl/t1_lib.c 2023-05-31 14:33:14.635113931 +0200 -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include "internal/sslconf.h" - #include "internal/nelem.h" - #include "internal/sizes.h" - #include "internal/tlsgroups.h" -@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) - = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); - EVP_PKEY *tmpkey = EVP_PKEY_new(); - int ret = 0; -+ int ldsigs_allowed; - - if (cache == NULL || tmpkey == NULL) - goto err; - - ERR_set_mark(); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); - for (i = 0, lu = sigalg_lookup_tbl; - i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { - EVP_PKEY_CTX *pctx; -@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) - cache[i].enabled = 0; - continue; - } -+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) -+ && !ldsigs_allowed) { -+ cache[i].enabled = 0; -+ continue; -+ } - - if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { - cache[i].enabled = 0; -diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num ---- openssl-3.0.9/util/libcrypto.num 2023-05-31 14:33:10.577115663 +0200 -+++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 14:33:14.662113919 +0200 -@@ -5430,3 +5430,5 @@ OPENSSL_strncasecmp - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP - OSSL_CMP_MSG_update_recipNonce 5559 3_0_9 EXIST::FUNCTION:CMP - ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch deleted file mode 100644 index df0404c..0000000 --- a/0049-Selectively-disallow-SHA1-signatures.patch +++ /dev/null @@ -1,491 +0,0 @@ -From f6a2f59574788aadd0ce323ad8ebe4d0c470672e Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 17 Aug 2022 12:56:29 -0400 -Subject: [PATCH] Selectively disallow SHA1 signatures - -For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is -disabling SHA1 signatures. Introduce a new configuration option in the -alg_section named 'rh-allow-sha1-signatures'. This option defaults to -false. If set to false (or unset), any signature creation or -verification operations that involve SHA1 as digest will fail. - -This also affects TLS, where the signature_algorithms extension of any -ClientHello message sent by OpenSSL will no longer include signatures -with the SHA1 digest if rh-allow-sha1-signatures is false. For servers -that request a client certificate, the same also applies for -CertificateRequest messages sent by them. - -For signatures created using the EVP_PKEY API, this is a best-effort -check that will deny signatures in cases where the digest algorithm is -known. This means, for example, that that following steps will still -work: - - $> openssl dgst -sha1 -binary -out sha1 infile - $> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig - $> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1 - -whereas these will not: - - $> openssl dgst -sha1 -binary -out sha1 infile - $> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1 - $> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1 - -This happens because in the first case, OpenSSL's signature -implementation does not know that it is signing a SHA1 hash (it could be -signing arbitrary data). - -Resolves: rhbz#2031742 - -Signed-off-by: Stephen Gallagher ---- - crypto/evp/evp_cnf.c | 13 ++++ - crypto/evp/m_sigver.c | 77 +++++++++++++++++++ - crypto/evp/pmeth_lib.c | 15 ++++ - doc/man5/config.pod | 11 +++ - include/internal/cryptlib.h | 3 +- - include/internal/sslconf.h | 4 + - providers/common/securitycheck.c | 20 +++++ - providers/common/securitycheck_default.c | 9 ++- - providers/implementations/signature/dsa_sig.c | 11 ++- - .../implementations/signature/ecdsa_sig.c | 4 + - providers/implementations/signature/rsa_sig.c | 20 ++++- - ssl/t1_lib.c | 8 ++ - util/libcrypto.num | 2 + - 13 files changed, 188 insertions(+), 9 deletions(-) - -diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c -index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976a0d02572 100644 ---- a/crypto/evp/evp_cnf.c -+++ b/crypto/evp/evp_cnf.c -@@ -10,6 +10,7 @@ - #include - #include - #include "internal/cryptlib.h" -+#include "internal/sslconf.h" - #include - #include - #include -@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) - ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); - return 0; - } -+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { -+ int m; -+ -+ /* Detailed error already reported. */ -+ if (!X509V3_get_value_bool(oval, &m)) -+ return 0; -+ -+ if (!ossl_ctx_legacy_digest_signatures_allowed_set( -+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); -+ return 0; -+ } - } else { - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2ccd5df13 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -16,6 +16,71 @@ - #include "internal/numbers.h" /* includes SIZE_MAX */ - #include "evp_local.h" - -+typedef struct ossl_legacy_digest_signatures_st { -+ int allowed; -+} OSSL_LEGACY_DIGEST_SIGNATURES; -+ -+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; -+ -+ if (ldsigs != NULL) { -+ OPENSSL_free(ldsigs); -+ } -+} -+ -+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) -+{ -+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); -+} -+ -+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { -+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, -+ ossl_ctx_legacy_digest_signatures_new, -+ ossl_ctx_legacy_digest_signatures_free, -+}; -+ -+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( -+ OSSL_LIB_CTX *libctx, int loadconfig) -+{ -+#ifndef FIPS_MODULE -+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) -+ return 0; -+#endif -+ -+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, -+ &ossl_ctx_legacy_digest_signatures_method); -+} -+ -+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs -+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); -+ -+#ifndef FIPS_MODULE -+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) -+ /* used in tests */ -+ return 1; -+#endif -+ -+ return ldsigs != NULL ? ldsigs->allowed : 0; -+} -+ -+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, -+ int loadconfig) -+{ -+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs -+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); -+ -+ if (ldsigs == NULL) { -+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ ldsigs->allowed = allow; -+ return 1; -+} -+ - #ifndef FIPS_MODULE - - static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) -@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - } - } - -+ if (ctx->reqdigest != NULL -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { -+ int mdnid = EVP_MD_nid(ctx->reqdigest); -+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) -+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ goto err; -+ } -+ } -+ - if (ver) { - if (signature->digest_verify_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425dce100e43 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -33,6 +33,7 @@ - #include "internal/ffc.h" - #include "internal/numbers.h" - #include "internal/provider.h" -+#include "internal/sslconf.h" - #include "evp_local.h" - - #ifndef FIPS_MODULE -@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, - return -2; - } - -+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) -+ && md != NULL -+ && ctx->pkey != NULL -+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) -+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) -+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ return -1; -+ } -+ } -+ - if (fallback) - return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); - -diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73ed316341 100644 ---- a/doc/man5/config.pod -+++ b/doc/man5/config.pod -@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning: - The value may be anything that is acceptable as a property query - string for EVP_set_default_properties(). - -+=item B -+ -+The value is a boolean that can be B or B. If the value is not set, -+it behaves as if it was set to B. -+ -+When set to B, any attempt to create or verify a signature with a SHA1 -+digest will fail. For compatibility with older versions of OpenSSL, set this -+option to B. This setting also affects TLS, where signature algorithms -+that use SHA1 as digest will no longer be supported if this option is set to -+B. -+ - =item B (deprecated) - - The value is a boolean that can be B or B. If the value is -diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index 1291299b6e50ea129ba77c85bb0b21b0997e4494..e234341e6afd15f7108c7af453d6f2190c086b04 100644 ---- a/include/internal/cryptlib.h -+++ b/include/internal/cryptlib.h -@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { - # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 - # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 - # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 --# define OSSL_LIB_CTX_MAX_INDEXES 19 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 -+# define OSSL_LIB_CTX_MAX_INDEXES 20 - - # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 - # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 -diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h -index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577e895fc8a 100644 ---- a/include/internal/sslconf.h -+++ b/include/internal/sslconf.h -@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); - void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg); - -+/* Methods to support disabling all signatures with legacy digests */ -+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); -+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, -+ int loadconfig); - #endif -diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6c7d2fe5b 100644 ---- a/providers/common/securitycheck.c -+++ b/providers/common/securitycheck.c -@@ -19,6 +19,7 @@ - #include - #include - #include "prov/securitycheck.h" -+#include "internal/sslconf.h" - - /* - * FIPS requires a minimum security strength of 112 bits (for encryption or -@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - mdnid = -1; /* disallowed by security checks */ - } - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ /* SHA1 is globally disabled, check whether we want to locally allow -+ * it. */ -+ if (mdnid == NID_sha1 && !sha1_allowed) -+ mdnid = -1; -+#endif -+ - return mdnid; - } - -@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) - if (ossl_securitycheck_enabled(ctx)) - return ossl_digest_get_approved_nid(md) != NID_undef; - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ -+ -+#ifndef FIPS_MODULE -+ { -+ int mdnid = EVP_MD_nid(md); -+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ return 0; -+ } -+#endif -+ - return 1; - } -diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa349c4e91 100644 ---- a/providers/common/securitycheck_default.c -+++ b/providers/common/securitycheck_default.c -@@ -15,6 +15,7 @@ - #include - #include "prov/securitycheck.h" - #include "internal/nelem.h" -+#include "internal/sslconf.h" - - /* Disable the security checks in the default provider */ - int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) - } - - int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, -- ossl_unused int sha1_allowed) -+ int sha1_allowed) - { - int mdnid; -+ int ldsigs_allowed; - - static const OSSL_ITEM name_to_nid[] = { - { NID_md5, OSSL_DIGEST_NAME_MD5 }, -@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, - }; - -- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); -+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); - if (mdnid == NID_undef) - mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); -+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) -+ mdnid = -1; - return mdnid; - } -diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c68868f35c7d 100644 ---- a/providers/implementations/signature/dsa_sig.c -+++ b/providers/implementations/signature/dsa_sig.c -@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, - mdprops = ctx->propq; - - if (mdname != NULL) { -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - WPACKET pkt; - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -- sha1_allowed); -+ int md_nid; - size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE -+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, -+ sha1_allowed); - - if (md == NULL || md_nid < 0) { - if (md == NULL) -diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763e32a19fb 100644 ---- a/providers/implementations/signature/ecdsa_sig.c -+++ b/providers/implementations/signature/ecdsa_sig.c -@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, - "%s could not be fetched", mdname); - return 0; - } -+#ifdef FIPS_MODULE - sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -+#else -+ sha1_allowed = 0; -+#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - if (md_nid < 0) { -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d5696f678ee7 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -25,6 +25,7 @@ - #include "internal/cryptlib.h" - #include "internal/nelem.h" - #include "internal/sizes.h" -+#include "internal/sslconf.h" - #include "crypto/rsa.h" - #include "prov/providercommon.h" - #include "prov/implementations.h" -@@ -33,6 +34,7 @@ - #include "prov/securitycheck.h" - - #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 -+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 - - static OSSL_FUNC_signature_newctx_fn rsa_newctx; - static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, - - if (mdname != NULL) { - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); -+ int md_nid; -+ size_t mdname_len = strlen(mdname); -+#ifdef FIPS_MODULE - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); -- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, -+#else -+ int sha1_allowed = 0; -+#endif -+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); -- size_t mdname_len = strlen(mdname); - - if (md == NULL - || md_nid <= 0 -@@ -1347,8 +1354,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) - prsactx->pad_mode = pad_mode; - - if (prsactx->md == NULL && pmdname == NULL -- && pad_mode == RSA_PKCS1_PSS_PADDING) -+ && pad_mode == RSA_PKCS1_PSS_PADDING) { - pmdname = RSA_DEFAULT_DIGEST_NAME; -+#ifndef FIPS_MODULE -+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { -+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; -+ } -+#endif -+ } -+ - - if (pmgf1mdname != NULL - && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 48a0b7f6e5908e62b433a306c49a3f2ff7e8df76..909e38c2fe88324884a939b583fd7f43d01f3920 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include "internal/sslconf.h" - #include "internal/nelem.h" - #include "internal/sizes.h" - #include "internal/tlsgroups.h" -@@ -1150,11 +1151,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) - = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); - EVP_PKEY *tmpkey = EVP_PKEY_new(); - int ret = 0; -+ int ldsigs_allowed; - - if (cache == NULL || tmpkey == NULL) - goto err; - - ERR_set_mark(); -+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); - for (i = 0, lu = sigalg_lookup_tbl; - i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { - EVP_PKEY_CTX *pctx; -@@ -1174,6 +1177,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) - cache[i].enabled = 0; - continue; - } -+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) -+ && !ldsigs_allowed) { -+ cache[i].enabled = 0; -+ continue; -+ } - - if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { - cache[i].enabled = 0; -diff --git a/util/libcrypto.num b/util/libcrypto.num -index d94f406606132690d4744e470d98eff377d87699..07ae9a21ec979028eb78feaee4cadb801b790caf 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5428,3 +5428,5 @@ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: - OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: -+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: --- -2.37.2 - diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch index 9875f3c..253d31d 100644 --- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch +++ b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/doc/man7/EVP_KDF-KB.pod openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod --- openssl-3.0.9/doc/man7/EVP_KDF-KB.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod 2023-05-31 14:33:14.956113793 +0200 ++++ openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod 2023-05-31 16:36:53.079274882 +0200 @@ -58,6 +58,13 @@ Set to B<0> to disable use of the option (see SP800-108) that is placed between the Label and Context. The default value of B<1> will be used if unspecified. @@ -17,7 +17,7 @@ diff -rupN --no-dereference openssl-3.0.9/doc/man7/EVP_KDF-KB.pod openssl-3.0.9- Depending on whether mac is CMAC or HMAC, either digest or cipher is required diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h --- openssl-3.0.9/include/openssl/core_names.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:14.957113792 +0200 ++++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 16:36:53.080274879 +0200 @@ -217,6 +217,7 @@ extern "C" { #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ @@ -28,7 +28,7 @@ diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3 #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/kbkdf.c openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c --- openssl-3.0.9/providers/implementations/kdfs/kbkdf.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c 2023-05-31 14:33:14.957113792 +0200 ++++ openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c 2023-05-31 16:36:53.081274876 +0200 @@ -60,6 +60,7 @@ typedef struct { EVP_MAC_CTX *ctx_init; @@ -124,7 +124,7 @@ diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/kbkdf.c return known_settable_ctx_params; diff -rupN --no-dereference openssl-3.0.9/test/evp_kdf_test.c openssl-3.0.9-new/test/evp_kdf_test.c --- openssl-3.0.9/test/evp_kdf_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/evp_kdf_test.c 2023-05-31 14:33:14.957113792 +0200 ++++ openssl-3.0.9-new/test/evp_kdf_test.c 2023-05-31 16:36:53.081274876 +0200 @@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) #endif @@ -250,7 +250,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/evp_kdf_test.c openssl-3.0.9-new/ ADD_TEST(test_kdf_kbkdf_1byte_key); diff -rupN --no-dereference openssl-3.0.9/test/evp_test.c openssl-3.0.9-new/test/evp_test.c --- openssl-3.0.9/test/evp_test.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/evp_test.c 2023-05-31 14:33:14.958113792 +0200 ++++ openssl-3.0.9-new/test/evp_test.c 2023-05-31 16:36:53.082274873 +0200 @@ -2761,6 +2761,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV TEST_info("skipping, '%s' is disabled", p); t->skip = 1; @@ -266,7 +266,7 @@ diff -rupN --no-dereference openssl-3.0.9/test/evp_test.c openssl-3.0.9-new/test } diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt --- openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2023-05-31 14:33:14.959113791 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2023-05-31 16:36:53.083274870 +0200 @@ -0,0 +1,1843 @@ +# +# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. @@ -2112,11 +2112,11 @@ diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_k +Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 + diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t ---- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-31 14:33:14.355114051 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 14:33:14.958113792 +0200 -@@ -43,6 +43,7 @@ my @files = qw( - evpciph_aes_wrap.txt +--- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-31 16:36:52.577276352 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 16:36:53.083274870 +0200 +@@ -44,6 +44,7 @@ my @files = qw( evpciph_aes_stitched.txt + evpciph_des3_common.txt evpkdf_hkdf.txt + evpkdf_kbkdf_counter.txt evpkdf_pbkdf1.txt diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch deleted file mode 100644 index a11c1db..0000000 --- a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +++ /dev/null @@ -1,180 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/x509/x509_vfy.c openssl-3.0.9-new/crypto/x509/x509_vfy.c ---- openssl-3.0.9/crypto/x509/x509_vfy.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/x509/x509_vfy.c 2023-05-31 14:33:15.228113675 +0200 -@@ -25,6 +25,7 @@ - #include - #include - #include "internal/dane.h" -+#include "internal/sslconf.h" - #include "crypto/x509.h" - #include "x509_local.h" - -@@ -3438,14 +3439,31 @@ static int check_sig_level(X509_STORE_CT - { - int secbits = -1; - int level = ctx->param->auth_level; -+ int nid; -+ OSSL_LIB_CTX *libctx = NULL; - - if (level <= 0) - return 1; - if (level > NUM_AUTH_LEVELS) - level = NUM_AUTH_LEVELS; - -- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) -+ if (ctx->libctx) -+ libctx = ctx->libctx; -+ else if (cert->libctx) -+ libctx = cert->libctx; -+ else -+ libctx = OSSL_LIB_CTX_get0_global_default(); -+ -+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) - return 0; - -+ if ((nid == NID_sha1 || nid == NID_md5_sha1) -+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -+ && ctx->param->auth_level < 2) -+ /* When rh-allow-sha1-signatures = yes and security level <= 1, -+ * explicitly allow SHA1 for backwards compatibility. Also allow -+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ return 1; -+ - return secbits >= minbits_table[level - 1]; - } -diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod ---- openssl-3.0.9/doc/man5/config.pod 2023-05-31 14:33:14.947113797 +0200 -+++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:15.229113675 +0200 -@@ -317,6 +317,13 @@ this option is set to B. Because TL - pseudorandom function (PRF) to derive key material, disabling - B requires the use of TLS 1.2 or newer. - -+Note that enabling B will allow TLS signature -+algorithms that use SHA1 in security level 1, despite the definition of -+security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet. -+This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on -+Fedora without requiring to set the security level to 0, which would include -+further insecure algorithms, and thus restores support for TLS 1.0 and 1.1. -+ - =item B (deprecated) - - The value is a boolean that can be B or B. If the value is -diff -rupN --no-dereference openssl-3.0.9/ssl/t1_lib.c openssl-3.0.9-new/ssl/t1_lib.c ---- openssl-3.0.9/ssl/t1_lib.c 2023-05-31 14:33:14.950113795 +0200 -+++ openssl-3.0.9-new/ssl/t1_lib.c 2023-05-31 14:33:15.229113675 +0200 -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include "crypto/x509.h" - #include "internal/sslconf.h" - #include "internal/nelem.h" - #include "internal/sizes.h" -@@ -1567,19 +1568,28 @@ int tls12_check_peer_sigalg(SSL *s, uint - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); - return 0; - } -- /* -- * Make sure security callback allows algorithm. For historical -- * reasons we have to pass the sigalg as a two byte char array. -- */ -- sigalgstr[0] = (sig >> 8) & 0xff; -- sigalgstr[1] = sig & 0xff; -- secbits = sigalg_security_bits(s->ctx, lu); -- if (secbits == 0 || -- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -- md != NULL ? EVP_MD_get_type(md) : NID_undef, -- (void *)sigalgstr)) { -- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); -- return 0; -+ -+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) -+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) -+ && SSL_get_security_level(s) < 2) { -+ /* When rh-allow-sha1-signatures = yes and security level <= 1, -+ * explicitly allow SHA1 for backwards compatibility. Also allow -+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ } else { -+ /* -+ * Make sure security callback allows algorithm. For historical -+ * reasons we have to pass the sigalg as a two byte char array. -+ */ -+ sigalgstr[0] = (sig >> 8) & 0xff; -+ sigalgstr[1] = sig & 0xff; -+ secbits = sigalg_security_bits(s->ctx, lu); -+ if (secbits == 0 || -+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -+ md != NULL ? EVP_MD_get_type(md) : NID_undef, -+ (void *)sigalgstr)) { -+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); -+ return 0; -+ } - } - /* Store the sigalg the peer uses */ - s->s3.tmp.peer_sigalg = lu; -@@ -2117,6 +2127,15 @@ static int tls12_sigalg_allowed(const SS - } - } - -+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) -+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) -+ && SSL_get_security_level(s) < 2) { -+ /* When rh-allow-sha1-signatures = yes and security level <= 1, -+ * explicitly allow SHA1 for backwards compatibility. Also allow -+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ return 1; -+ } -+ - /* Finally see if security callback allows it */ - secbits = sigalg_security_bits(s->ctx, lu); - sigalgstr[0] = (lu->sigalg >> 8) & 0xff; -@@ -2986,6 +3005,8 @@ static int ssl_security_cert_sig(SSL *s, - { - /* Lookup signature algorithm digest */ - int secbits, nid, pknid; -+ OSSL_LIB_CTX *libctx = NULL; -+ - /* Don't check signature if self signed */ - if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) - return 1; -@@ -2994,6 +3015,26 @@ static int ssl_security_cert_sig(SSL *s, - /* If digest NID not defined use signature NID */ - if (nid == NID_undef) - nid = pknid; -+ -+ if (x && x->libctx) -+ libctx = x->libctx; -+ else if (ctx && ctx->libctx) -+ libctx = ctx->libctx; -+ else if (s && s->ctx && s->ctx->libctx) -+ libctx = s->ctx->libctx; -+ else -+ libctx = OSSL_LIB_CTX_get0_global_default(); -+ -+ if ((nid == NID_sha1 || nid == NID_md5_sha1) -+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -+ && ((s != NULL && SSL_get_security_level(s) < 2) -+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) -+ )) -+ /* When rh-allow-sha1-signatures = yes and security level <= 1, -+ * explicitly allow SHA1 for backwards compatibility. Also allow -+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ return 1; -+ - if (s) - return ssl_security(s, op, secbits, nid, x); - else -diff -rupN --no-dereference openssl-3.0.9/test/recipes/25-test_verify.t openssl-3.0.9-new/test/recipes/25-test_verify.t ---- openssl-3.0.9/test/recipes/25-test_verify.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/25-test_verify.t 2023-05-31 14:33:15.230113674 +0200 -@@ -419,8 +419,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root - ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), - "CA with PSS signature using SHA256"); - --ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), -- "Reject PSS signature using SHA1 and auth level 1"); -+ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), -+ "Reject PSS signature using SHA1 and auth level 2"); - - ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), - "PSS signature using SHA256 and auth level 2"); diff --git a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch deleted file mode 100644 index 89a4be8..0000000 --- a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +++ /dev/null @@ -1,206 +0,0 @@ -From dbd1021466572be733dfc6f7ae484f1adf467f40 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Tue, 1 Mar 2022 15:44:18 +0100 -Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes - -References: rhbz#2055796 ---- - crypto/x509/x509_vfy.c | 19 ++++++++++- - doc/man5/config.pod | 7 +++- - ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++------- - test/recipes/25-test_verify.t | 7 ++-- - 4 files changed, 79 insertions(+), 18 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 2f175ca517f5dd8f8e7d79e5d562981b74c8f987..d1c7d0ce204ca31021a4497ddaa8e7dee45ff6f6 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -25,6 +25,7 @@ - #include - #include - #include "internal/dane.h" -+#include "internal/sslconf.h" - #include "crypto/x509.h" - #include "x509_local.h" - -@@ -3441,14 +3442,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) - { - int secbits = -1; - int level = ctx->param->auth_level; -+ int nid; -+ OSSL_LIB_CTX *libctx = NULL; - - if (level <= 0) - return 1; - if (level > NUM_AUTH_LEVELS) - level = NUM_AUTH_LEVELS; - -- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) -+ if (ctx->libctx) -+ libctx = ctx->libctx; -+ else if (cert->libctx) -+ libctx = cert->libctx; -+ else -+ libctx = OSSL_LIB_CTX_get0_global_default(); -+ -+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) - return 0; - -+ if (nid == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -+ && ctx->param->auth_level < 3) -+ /* When rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility. */ -+ return 1; -+ - return secbits >= minbits_table[level - 1]; - } -diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index f1536258470563b4fe74f8d1e3db6d73ed316341..29ca805ea7152aa9d39bb14e74cc7fd704ec7acf 100644 ---- a/doc/man5/config.pod -+++ b/doc/man5/config.pod -@@ -313,7 +313,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 - digest will fail. For compatibility with older versions of OpenSSL, set this - option to B. This setting also affects TLS, where signature algorithms - that use SHA1 as digest will no longer be supported if this option is set to --B. -+B. Note that enabling B will allow TLS signature -+algorithms that use SHA1 in security level 2, despite the definition of -+security level 2 of 112 bits of security, which SHA1 does not meet. Because -+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key -+material, disabling B requires the use of TLS 1.2 or -+newer. - - =item B (deprecated) - -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 909e38c2fe88324884a939b583fd7f43d01f3920..860c7a81d1eaa834e72f81e433e7a0a6a8b1b641 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include "crypto/x509.h" - #include "internal/sslconf.h" - #include "internal/nelem.h" - #include "internal/sizes.h" -@@ -1566,19 +1567,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); - return 0; - } -- /* -- * Make sure security callback allows algorithm. For historical -- * reasons we have to pass the sigalg as a two byte char array. -- */ -- sigalgstr[0] = (sig >> 8) & 0xff; -- sigalgstr[1] = sig & 0xff; -- secbits = sigalg_security_bits(s->ctx, lu); -- if (secbits == 0 || -- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -- md != NULL ? EVP_MD_get_type(md) : NID_undef, -- (void *)sigalgstr)) { -- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); -- return 0; -+ -+ if (lu->hash == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) -+ && SSL_get_security_level(s) < 3) { -+ /* when rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility */ -+ } else { -+ /* -+ * Make sure security callback allows algorithm. For historical -+ * reasons we have to pass the sigalg as a two byte char array. -+ */ -+ sigalgstr[0] = (sig >> 8) & 0xff; -+ sigalgstr[1] = sig & 0xff; -+ secbits = sigalg_security_bits(s->ctx, lu); -+ if (secbits == 0 || -+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -+ md != NULL ? EVP_MD_get_type(md) : NID_undef, -+ (void *)sigalgstr)) { -+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); -+ return 0; -+ } - } - /* Store the sigalg the peer uses */ - s->s3.tmp.peer_sigalg = lu; -@@ -2111,6 +2120,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) - } - } - -+ if (lu->hash == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) -+ && SSL_get_security_level(s) < 3) { -+ /* when rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility */ -+ return 1; -+ } -+ - /* Finally see if security callback allows it */ - secbits = sigalg_security_bits(s->ctx, lu); - sigalgstr[0] = (lu->sigalg >> 8) & 0xff; -@@ -2980,6 +2997,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) - { - /* Lookup signature algorithm digest */ - int secbits, nid, pknid; -+ OSSL_LIB_CTX *libctx = NULL; -+ - /* Don't check signature if self signed */ - if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) - return 1; -@@ -2988,6 +3007,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) - /* If digest NID not defined use signature NID */ - if (nid == NID_undef) - nid = pknid; -+ -+ if (x && x->libctx) -+ libctx = x->libctx; -+ else if (ctx && ctx->libctx) -+ libctx = ctx->libctx; -+ else if (s && s->ctx && s->ctx->libctx) -+ libctx = s->ctx->libctx; -+ else -+ libctx = OSSL_LIB_CTX_get0_global_default(); -+ -+ if (nid == NID_sha1 -+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -+ && ((s != NULL && SSL_get_security_level(s) < 3) -+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3) -+ )) -+ /* When rh-allow-sha1-signatures = yes and security level <= 2, -+ * explicitly allow SHA1 for backwards compatibility. */ -+ return 1; -+ - if (s) - return ssl_security(s, op, secbits, nid, x); - else -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index bf85ba57c1cf51fe4e8e54654890121bac6738fe..d5665434aaef1ca2b5f2f37b2499f40b1405fd9d 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -29,7 +29,7 @@ sub verify { - run(app([@args])); - } - --plan tests => 163; -+plan tests => 162; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -410,8 +410,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" - ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), - "CA with PSS signature using SHA256"); - --ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), -- "Reject PSS signature using SHA1 and auth level 1"); -+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1 -+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), -+# "Reject PSS signature using SHA1 and auth level 1"); - - ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), - "PSS signature using SHA256 and auth level 2"); --- -2.37.2 - diff --git a/0053-Add-SHA1-probes.patch b/0053-Add-SHA1-probes.patch deleted file mode 100644 index 6c55ef6..0000000 --- a/0053-Add-SHA1-probes.patch +++ /dev/null @@ -1,208 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/m_sigver.c openssl-3.0.9-new/crypto/evp/m_sigver.c ---- openssl-3.0.9/crypto/evp/m_sigver.c 2023-05-31 14:33:14.946113797 +0200 -+++ openssl-3.0.9-new/crypto/evp/m_sigver.c 2023-05-31 14:33:15.503113557 +0200 -@@ -16,6 +16,8 @@ - #include "internal/numbers.h" /* includes SIZE_MAX */ - #include "evp_local.h" - -+#include -+ - typedef struct ossl_legacy_digest_signatures_st { - int allowed; - } OSSL_LEGACY_DIGEST_SIGNATURES; -@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ct - && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) - && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { - int mdnid = EVP_MD_nid(ctx->reqdigest); -- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) -- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { -- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -- goto err; -+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ goto err; -+ } else { -+ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid); -+ } - } - } - -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/pmeth_lib.c openssl-3.0.9-new/crypto/evp/pmeth_lib.c ---- openssl-3.0.9/crypto/evp/pmeth_lib.c 2023-05-31 14:33:14.946113797 +0200 -+++ openssl-3.0.9-new/crypto/evp/pmeth_lib.c 2023-05-31 14:33:15.504113556 +0200 -@@ -36,6 +36,8 @@ - #include "internal/sslconf.h" - #include "evp_local.h" - -+#include -+ - #ifndef FIPS_MODULE - - static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, -@@ -966,10 +968,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_ - && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) - && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { - int mdnid = EVP_MD_nid(md); -- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -- return -1; -+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ return -1; -+ } else { -+ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid); -+ } - } - } - -diff -rupN --no-dereference openssl-3.0.9/crypto/x509/x509_vfy.c openssl-3.0.9-new/crypto/x509/x509_vfy.c ---- openssl-3.0.9/crypto/x509/x509_vfy.c 2023-05-31 14:33:15.498113559 +0200 -+++ openssl-3.0.9-new/crypto/x509/x509_vfy.c 2023-05-31 14:33:15.504113556 +0200 -@@ -29,6 +29,8 @@ - #include "crypto/x509.h" - #include "x509_local.h" - -+#include -+ - /* CRL score values */ - - #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */ -@@ -3459,11 +3461,13 @@ static int check_sig_level(X509_STORE_CT - - if ((nid == NID_sha1 || nid == NID_md5_sha1) - && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -- && ctx->param->auth_level < 2) -+ && ctx->param->auth_level < 2) { -+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid); - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ - return 1; -+ } - - return secbits >= minbits_table[level - 1]; - } -diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck.c openssl-3.0.9-new/providers/common/securitycheck.c ---- openssl-3.0.9/providers/common/securitycheck.c 2023-05-31 14:33:14.948113796 +0200 -+++ openssl-3.0.9-new/providers/common/securitycheck.c 2023-05-31 14:33:15.504113556 +0200 -@@ -21,6 +21,8 @@ - #include "prov/securitycheck.h" - #include "internal/sslconf.h" - -+#include -+ - /* - * FIPS requires a minimum security strength of 112 bits (for encryption or - * signing), and for legacy purposes 80 bits (for decryption or verifying). -@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sh - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ - - #ifndef FIPS_MODULE -- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -- /* SHA1 is globally disabled, check whether we want to locally allow -- * it. */ -- if (mdnid == NID_sha1 && !sha1_allowed) -+ if (mdnid == NID_sha1 && !sha1_allowed) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ /* SHA1 is globally disabled, check whether we want to locally allow -+ * it. */ - mdnid = -1; -+ else -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid); -+ } - #endif - - return mdnid; -@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX - #ifndef FIPS_MODULE - { - int mdnid = EVP_MD_nid(md); -- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -- && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -- return 0; -+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ return 0; -+ else -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid); -+ } - } - #endif - -diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck_default.c openssl-3.0.9-new/providers/common/securitycheck_default.c ---- openssl-3.0.9/providers/common/securitycheck_default.c 2023-05-31 14:33:14.948113796 +0200 -+++ openssl-3.0.9-new/providers/common/securitycheck_default.c 2023-05-31 14:33:15.505113556 +0200 -@@ -17,6 +17,8 @@ - #include "internal/nelem.h" - #include "internal/sslconf.h" - -+#include -+ - /* Disable the security checks in the default provider */ - int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) - { -@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL - - ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); - mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); -+ if (mdnid == NID_sha1) -+ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */ -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid); - if (mdnid == NID_undef) - mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); -- if (mdnid == NID_md5_sha1 && !ldsigs_allowed) -- mdnid = -1; -+ if (mdnid == NID_md5_sha1) { -+ if (ldsigs_allowed) -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid); -+ else -+ mdnid = -1; -+ } - return mdnid; - } -diff -rupN --no-dereference openssl-3.0.9/ssl/t1_lib.c openssl-3.0.9-new/ssl/t1_lib.c ---- openssl-3.0.9/ssl/t1_lib.c 2023-05-31 14:33:15.499113558 +0200 -+++ openssl-3.0.9-new/ssl/t1_lib.c 2023-05-31 14:33:15.505113556 +0200 -@@ -28,6 +28,8 @@ - #include "ssl_local.h" - #include - -+#include -+ - static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); - static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); - -@@ -1575,6 +1577,7 @@ int tls12_check_peer_sigalg(SSL *s, uint - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash); - } else { - /* - * Make sure security callback allows algorithm. For historical -@@ -2133,6 +2136,7 @@ static int tls12_sigalg_allowed(const SS - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash); - return 1; - } - -@@ -3029,11 +3033,13 @@ static int ssl_security_cert_sig(SSL *s, - && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) - && ((s != NULL && SSL_get_security_level(s) < 2) - || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) -- )) -+ )) { - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid); - return 1; -+ } - - if (s) - return ssl_security(s, op, secbits, nid, x); diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch deleted file mode 100644 index 76da556..0000000 --- a/0056-strcasecmp.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/o_str.c openssl-3.0.9-new/crypto/o_str.c ---- openssl-3.0.9/crypto/o_str.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/o_str.c 2023-05-31 14:33:15.788113433 +0200 -@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char - #endif - } - --int OPENSSL_strcasecmp(const char *s1, const char *s2) -+int -+#ifndef FIPS_MODULE -+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), -+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) -+#endif -+OPENSSL_strcasecmp(const char *s1, const char *s2) - { - int t; - -@@ -352,7 +357,12 @@ int OPENSSL_strcasecmp(const char *s1, c - return t; - } - --int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -+int -+#ifndef FIPS_MODULE -+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), -+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) -+#endif -+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) - { - int t; - size_t i; -diff -rupN --no-dereference openssl-3.0.9/test/recipes/01-test_symbol_presence.t openssl-3.0.9-new/test/recipes/01-test_symbol_presence.t ---- openssl-3.0.9/test/recipes/01-test_symbol_presence.t 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/01-test_symbol_presence.t 2023-05-31 14:33:15.788113433 +0200 -@@ -77,6 +77,7 @@ foreach my $libname (@libnames) { - s| .*||; - # Drop OpenSSL dynamic version information if there is any - s|\@\@.+$||; -+ s|\@.+$||; - # Return the result - $_ - } -diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num ---- openssl-3.0.9/util/libcrypto.num 2023-05-31 14:33:14.951113795 +0200 -+++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 14:33:15.787113434 +0200 -@@ -5429,6 +5429,8 @@ OPENSSL_strcasecmp - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP - OSSL_CMP_MSG_update_recipNonce 5559 3_0_9 EXIST::FUNCTION:CMP -+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: - ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch deleted file mode 100644 index 1a3e634..0000000 --- a/0058-FIPS-limit-rsa-encrypt.patch +++ /dev/null @@ -1,542 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck.c openssl-3.0.9-new/providers/common/securitycheck.c ---- openssl-3.0.9/providers/common/securitycheck.c 2023-05-31 14:33:15.780113437 +0200 -+++ openssl-3.0.9-new/providers/common/securitycheck.c 2023-05-31 14:33:16.063113315 +0200 -@@ -29,6 +29,7 @@ - * Set protect = 1 for encryption or signing operations, or 0 otherwise. See - * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. - */ -+/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */ - int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) - { - int protect = 0; -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c ---- openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:16.064113314 +0200 -@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac - return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); - } - -+# ifdef FIPS_MODULE -+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx) -+{ -+ if (prsactx->pad_mode == RSA_PKCS1_PADDING -+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) -+ return 0; -+ -+ return 1; -+} -+# endif -+ - static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, - size_t outsize, const unsigned char *in, size_t inlen) - { -@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u - if (!ossl_prov_is_running()) - return 0; - -+# ifdef FIPS_MODULE -+ if (fips_padding_allowed(prsactx) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); -+ return 0; -+ } -+ -+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+# endif -+ - if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); - -@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, u - if (!ossl_prov_is_running()) - return 0; - -+# ifdef FIPS_MODULE -+ if (fips_padding_allowed(prsactx) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); -+ return 0; -+ } -+ -+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+# endif -+ - if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { - if (out == NULL) { - *outlen = SSL_MAX_MASTER_KEY_LENGTH; -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.066113313 +0200 -@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974 - Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef - - # RSA decrypt -- -+Availablein = default - Decrypt = RSA-2048 - Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 - Output = "Hello World" - - # Corrupted ciphertext --FIPSversion = <3.2.0 -+Availablein = default - Decrypt = RSA-2048 - Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 - Output = "Hello World" -@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN - h90qjKHS9PvY4Q== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a - Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 - Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb - Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 - Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 - Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 - -+Availablein = default - Decrypt=RSA-OAEP-1 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64 - eG2e4XlBcKjI6A== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e - Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 - Output=2d - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 - Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 - Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec - Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c - -+Availablein = default - Decrypt=RSA-OAEP-2 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W - Ya4qnqZe1onjY5o= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 - Output=087820b569e8fa8d - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 - Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a - Output=d94cd0e08fa404ed89 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 - Output=6cc641b6b61e6f963974dad23a9013284ef1 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 - Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 - -+Availablein = default - Decrypt=RSA-OAEP-3 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/ - aD0x7TDrmEvkEro= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 - Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e - Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 - Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 - Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 - Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 - -+Availablein = default - Decrypt=RSA-OAEP-4 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/ - MSwGUGLx60i3nRyDyw== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 - Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad - Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 - Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf - Output=15c5b9ee1185 - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 - Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a - -+Availablein = default - Decrypt=RSA-OAEP-5 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq - Yejn5Ly8mU2q+jBcRQ== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 - Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f - Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 - Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 - Output=684e3038c5c041f7 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab - Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 - -+Availablein = default - Decrypt=RSA-OAEP-6 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4 - FMlxv0gq65dqc3DC - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 - Output=47aae909 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 - Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b - Output=d976fc - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac - Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 - Output=bb47231ca5ea1d3ad46c99345d9a8a61 - -+Availablein = default - Decrypt=RSA-OAEP-7 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E - 2MiPa249Z+lh3Luj0A== - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 - Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d - Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f - Output=8604ac56328c1ab5ad917861 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 - Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 - Output=4a5f4914bee25de3c69341de07 - -+Availablein = default - Decrypt=RSA-OAEP-8 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc - tKo5Eb69iFQvBb4= - -----END PRIVATE KEY----- - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 - Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 - Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 - Output=fd326429df9b890e09b54b18b8f34f1e24 - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 - Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 - Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e - Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d - -+Availablein = default - Decrypt=RSA-OAEP-9 - Ctrl = rsa_padding_mode:oaep - Ctrl = rsa_mgf1_md:sha1 -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_cms.t openssl-3.0.9-new/test/recipes/80-test_cms.t ---- openssl-3.0.9/test/recipes/80-test_cms.t 2023-05-31 14:33:14.356114051 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_cms.t 2023-05-31 14:33:16.064113314 +0200 -@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( - \&final_compare - ], - -- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", -+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "{output}.cms", - $smrsa1, -@@ -970,6 +970,9 @@ sub check_availability { - return "$tnam: skipped, DSA disabled\n" - if ($no_dsa && $tnam =~ / DSA/); - -+ return "$tnam: skipped, Red Hat FIPS\n" -+ if ($tnam =~ /no Red Hat FIPS/); -+ - return ""; - } - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_old.t openssl-3.0.9-new/test/recipes/80-test_ssl_old.t ---- openssl-3.0.9/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:14.356114051 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:16.065113314 +0200 -@@ -493,6 +493,18 @@ sub testssl { - # the default choice if TLSv1.3 enabled - my $flag = $protocol eq "-tls1_3" ? "" : $protocol; - my $ciphersuites = ""; -+ my %redhat_skip_cipher = map {$_ => 1} qw( -+AES256-GCM-SHA384:@SECLEVEL=0 -+AES256-CCM8:@SECLEVEL=0 -+AES256-CCM:@SECLEVEL=0 -+AES128-GCM-SHA256:@SECLEVEL=0 -+AES128-CCM8:@SECLEVEL=0 -+AES128-CCM:@SECLEVEL=0 -+AES256-SHA256:@SECLEVEL=0 -+AES128-SHA256:@SECLEVEL=0 -+AES256-SHA:@SECLEVEL=0 -+AES128-SHA:@SECLEVEL=0 -+ ); - foreach my $cipher (@{$ciphersuites{$protocol}}) { - if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { - note "*****SKIPPING $protocol $cipher"; -@@ -504,11 +516,16 @@ sub testssl { - } else { - $cipher = $cipher.':@SECLEVEL=0'; - } -- ok(run(test([@ssltest, @exkeys, "-cipher", -- $cipher, -- "-ciphersuites", $ciphersuites, -- $flag || ()])), -- "Testing $cipher"); -+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { -+ note "*****SKIPPING $cipher in Red Hat FIPS mode"; -+ ok(1); -+ } else { -+ ok(run(test([@ssltest, @exkeys, "-cipher", -+ $cipher, -+ "-ciphersuites", $ciphersuites, -+ $flag || ()])), -+ "Testing $cipher"); -+ } - } - } - next if $protocol eq "-tls1_3"; diff --git a/0060-FIPS-KAT-signature-tests.patch b/0060-FIPS-KAT-signature-tests.patch deleted file mode 100644 index b62249a..0000000 --- a/0060-FIPS-KAT-signature-tests.patch +++ /dev/null @@ -1,420 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_backend.c openssl-3.0.9-new/crypto/ec/ec_backend.c ---- openssl-3.0.9/crypto/ec/ec_backend.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_backend.c 2023-05-31 14:33:16.334113197 +0200 -@@ -398,6 +398,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con - const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL; - BN_CTX *ctx = NULL; - BIGNUM *priv_key = NULL; -+#ifdef FIPS_MODULE -+ const OSSL_PARAM *param_sign_kat_k = NULL; -+ BIGNUM *sign_kat_k = NULL; -+#endif - unsigned char *pub_key = NULL; - size_t pub_key_len; - const EC_GROUP *ecg = NULL; -@@ -413,7 +417,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con - if (include_private) - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); -- -+#ifdef FIPS_MODULE -+ param_sign_kat_k = -+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K); -+#endif - ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); - if (ctx == NULL) - goto err; -@@ -486,6 +493,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con - && !EC_KEY_set_public_key(ec, pub_point)) - goto err; - -+#ifdef FIPS_MODULE -+ if (param_sign_kat_k) { -+ if ((sign_kat_k = BN_secure_new()) == NULL) -+ goto err; -+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME); -+ -+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k)) -+ goto err; -+ ec->sign_kat_k = sign_kat_k; -+ } -+#endif - ok = 1; - - err: -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ecdsa_ossl.c openssl-3.0.9-new/crypto/ec/ecdsa_ossl.c ---- openssl-3.0.9/crypto/ec/ecdsa_ossl.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ecdsa_ossl.c 2023-05-31 14:33:16.334113197 +0200 -@@ -20,6 +20,10 @@ - #include "crypto/bn.h" - #include "ec_local.h" - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_signature_st; -+#endif -+ - #define MIN_ECDSA_SIGN_ORDERBITS 64 - /* - * It is highly unlikely that a retry will happen, -@@ -137,6 +141,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke - goto err; - - do { -+#ifdef FIPS_MODULE -+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { -+ BN_copy(k, eckey->sign_kat_k); -+ } else { -+#endif - /* get random k */ - do { - if (dgst != NULL) { -@@ -152,7 +161,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke - } - } - } while (BN_is_zero(k)); -- -+#ifdef FIPS_MODULE -+ } -+#endif - /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_key.c openssl-3.0.9-new/crypto/ec/ec_key.c ---- openssl-3.0.9/crypto/ec/ec_key.c 2023-05-31 14:33:14.069114174 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_key.c 2023-05-31 14:33:16.335113197 +0200 -@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r) - EC_GROUP_free(r->group); - EC_POINT_free(r->pub_key); - BN_clear_free(r->priv_key); -+#ifdef FIPS_MODULE -+ BN_clear_free(r->sign_kat_k); -+#endif - OPENSSL_free(r->propq); - - OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_local.h openssl-3.0.9-new/crypto/ec/ec_local.h ---- openssl-3.0.9/crypto/ec/ec_local.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_local.h 2023-05-31 14:33:16.336113196 +0200 -@@ -298,6 +298,9 @@ struct ec_key_st { - #ifndef FIPS_MODULE - CRYPTO_EX_DATA ex_data; - #endif -+#ifdef FIPS_MODULE -+ BIGNUM *sign_kat_k; -+#endif - CRYPTO_RWLOCK *lock; - OSSL_LIB_CTX *libctx; - char *propq; -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ecp_s390x_nistp.c openssl-3.0.9-new/crypto/ec/ecp_s390x_nistp.c ---- openssl-3.0.9/crypto/ec/ecp_s390x_nistp.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ecp_s390x_nistp.c 2023-05-31 14:33:16.338113195 +0200 -@@ -44,6 +44,10 @@ - #define S390X_OFF_RN(n) (4 * n) - #define S390X_OFF_Y(n) (4 * n) - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_signature_st; -+#endif -+ - static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, - size_t num, const EC_POINT *points[], -@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign - * because kdsa instruction constructs an in-range, invertible nonce - * internally implementing counter-measures for RNG weakness. - */ -+#ifdef FIPS_MODULE -+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { -+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len); -+ /* Turns KDSA internal nonce-generation off. */ -+ fc |= S390X_KDSA_D; -+ } else { -+#endif - if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), - (size_t)len, 0) != 1) { - ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); - goto ret; - } -+#ifdef FIPS_MODULE -+ } -+#endif - } else { - /* Reconstruct k = (k^-1)^-1. */ - if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 -diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h ---- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:15.221113678 +0200 -+++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:16.336113196 +0200 -@@ -293,6 +293,7 @@ extern "C" { - #define OSSL_PKEY_PARAM_DIST_ID "distid" - #define OSSL_PKEY_PARAM_PUB_KEY "pub" - #define OSSL_PKEY_PARAM_PRIV_KEY "priv" -+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" - - /* Diffie-Hellman/DSA Parameters */ - #define OSSL_PKEY_PARAM_FFC_P "p" -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc ---- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-31 14:33:14.352114052 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:16.338113195 +0200 -@@ -1405,7 +1405,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), - ST_KAT_PARAM_END() - }; -+static const unsigned char ec224r1_kat_sig[] = { -+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0, -+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce, -+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22, -+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c -+}; - -+static const char ecd_prime_curve_name384[] = "secp384r1"; -+/* -+priv: -+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34: -+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a: -+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87: -+ 4c:91:87 -+pub: -+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92: -+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23: -+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43: -+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7: -+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3: -+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f: -+ 11:f2:a3:bf:e8:0e:88 -+*/ -+static const unsigned char ecd_prime_priv384[] = { -+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34, -+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a, -+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87, -+ 0x4c, 0x91, 0x87 -+}; -+static const unsigned char ecd_prime_pub384[] = { -+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92, -+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23, -+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43, -+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7, -+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3, -+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f, -+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88 -+}; -+static const ST_KAT_PARAM ecdsa_prime_key384[] = { -+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384), -+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384), -+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384), -+ ST_KAT_PARAM_END() -+}; -+static const unsigned char ec384r1_kat_sig[] = { -+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98, -+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b, -+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79, -+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7, -+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33, -+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30, -+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f -+}; -+static const char ecd_prime_curve_name521[] = "secp521r1"; -+/* -+priv: -+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae: -+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20: -+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69: -+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2: -+ af:fe:6d:cb:c2:3b -+pub: -+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3: -+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5: -+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5: -+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c: -+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2: -+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7: -+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de: -+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f: -+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d -+*/ -+static const unsigned char ecd_prime_priv521[] = { -+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae, -+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20, -+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69, -+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2, -+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b -+}; -+static const unsigned char ecd_prime_pub521[] = { -+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3, -+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5, -+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5, -+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c, -+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2, -+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7, -+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde, -+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f, -+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d -+}; -+static const ST_KAT_PARAM ecdsa_prime_key521[] = { -+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521), -+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521), -+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521), -+ ST_KAT_PARAM_END() -+}; -+static const unsigned char ec521r1_kat_sig[] = { -+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e, -+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65, -+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8, -+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89, -+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2, -+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f, -+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a, -+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9, -+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e -+}; -+static const char ecd_prime_curve_name256[] = "prime256v1"; -+/* -+priv: -+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88: -+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7: -+ 30:fa -+pub: -+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73: -+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34: -+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6: -+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74: -+ 98:66:c4:63:a6 -+*/ -+static const unsigned char ecd_prime_priv256[] = { -+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88, -+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7, -+ 0x30, 0xfa -+}; -+static const unsigned char ecd_prime_pub256[] = { -+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73, -+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34, -+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6, -+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74, -+ 0x98, 0x66, 0xc4, 0x63, 0xa6 -+}; -+static const ST_KAT_PARAM ecdsa_prime_key256[] = { -+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256), -+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256), -+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256), -+ ST_KAT_PARAM_END() -+}; -+static const unsigned char ec256v1_kat_sig[] = { -+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6, -+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f, -+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21, -+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b, -+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66 -+}; - # ifndef OPENSSL_NO_EC2M - static const char ecd_bin_curve_name[] = "sect233r1"; - static const unsigned char ecd_bin_priv[] = { -@@ -1577,8 +1721,42 @@ static const ST_KAT_SIGN st_kat_sign_tes - ecdsa_prime_key, - /* - * The ECDSA signature changes each time due to it using a random k. -- * So there is no expected KAT for this case. -+ * We provide this value in our build -+ */ -+ ITM(ec224r1_kat_sig) -+ }, -+ { -+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, -+ "EC", -+ "SHA-256", -+ ecdsa_prime_key384, -+ /* -+ * The ECDSA signature changes each time due to it using a random k. -+ * We provide this value in our build -+ */ -+ ITM(ec384r1_kat_sig) -+ }, -+ { -+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, -+ "EC", -+ "SHA-256", -+ ecdsa_prime_key521, -+ /* -+ * The ECDSA signature changes each time due to it using a random k. -+ * We provide this value in our build -+ */ -+ ITM(ec521r1_kat_sig) -+ }, -+ { -+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, -+ "EC", -+ "SHA-256", -+ ecdsa_prime_key256, -+ /* -+ * The ECDSA signature changes each time due to it using a random k. -+ * We provide this value in our build - */ -+ ITM(ec256v1_kat_sig) - }, - # ifndef OPENSSL_NO_EC2M - { -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_kats.c openssl-3.0.9-new/providers/fips/self_test_kats.c ---- openssl-3.0.9/providers/fips/self_test_kats.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_kats.c 2023-05-31 14:33:16.337113196 +0200 -@@ -17,6 +17,8 @@ - #include "self_test.h" - #include "self_test_data.inc" - -+int REDHAT_FIPS_signature_st = 0; -+ - static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) - { -@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S - EVP_PKEY *pkey = NULL; - unsigned char sig[256]; - BN_CTX *bnctx = NULL; -+ BIGNUM *K = NULL; - size_t siglen = sizeof(sig); - static const unsigned char dgst[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S - bnctx = BN_CTX_new_ex(libctx); - if (bnctx == NULL) - goto err; -+ K = BN_CTX_get(bnctx); -+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL) -+ goto err; - - bld = OSSL_PARAM_BLD_new(); - if (bld == NULL) -@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S - - if (!add_params(bld, t->key, bnctx)) - goto err; -+ /* set K for ECDSA KAT tests */ -+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K)) -+ goto err; - params = OSSL_PARAM_BLD_to_param(bld); - - /* Create a EVP_PKEY_CTX to load the DSA key into */ -@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST - static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) - { - int i, ret = 1; -+ REDHAT_FIPS_signature_st = 1; - - for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { - if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) - ret = 0; - } -+ REDHAT_FIPS_signature_st = 0; - return ret; - } - -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.9-new/providers/implementations/keymgmt/ec_kmgmt.c ---- openssl-3.0.9/providers/implementations/keymgmt/ec_kmgmt.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/keymgmt/ec_kmgmt.c 2023-05-31 14:33:16.337113196 +0200 -@@ -539,7 +539,8 @@ end: - # define EC_IMEXPORTABLE_PUBLIC_KEY \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) - # define EC_IMEXPORTABLE_PRIVATE_KEY \ -- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) -+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \ -+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0) - # define EC_IMEXPORTABLE_OTHER_PARAMETERS \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch deleted file mode 100644 index 4270c8c..0000000 --- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +++ /dev/null @@ -1,1359 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/dsa_sig.c openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/dsa_sig.c 2023-05-31 14:33:14.948113796 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c 2023-05-31 14:33:16.628113070 +0200 -@@ -128,11 +128,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); - int md_nid; - size_t mdname_len = strlen(mdname); --#ifdef FIPS_MODULE -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); --#else - int sha1_allowed = 0; --#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c 2023-05-31 14:33:14.948113796 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c 2023-05-31 14:33:16.628113070 +0200 -@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX - "%s could not be fetched", mdname); - return 0; - } --#ifdef FIPS_MODULE -- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); --#else - sha1_allowed = 0; --#endif - md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); - if (md_nid < 0) { -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/rsa_sig.c openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c ---- openssl-3.0.9/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.949113796 +0200 -+++ openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:16.628113070 +0200 -@@ -292,11 +292,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); - int md_nid; - size_t mdname_len = strlen(mdname); --#ifdef FIPS_MODULE -- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); --#else - int sha1_allowed = 0; --#endif - md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); - -@@ -1371,8 +1367,10 @@ static int rsa_set_ctx_params(void *vprs - - if (prsactx->md == NULL && pmdname == NULL - && pad_mode == RSA_PKCS1_PSS_PADDING) { -+#ifdef FIPS_MODULE -+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; -+#else - pmdname = RSA_DEFAULT_DIGEST_NAME; --#ifndef FIPS_MODULE - if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { - pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; - } -diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/test/acvp_test.inc ---- openssl-3.0.9/test/acvp_test.inc 2023-05-31 14:33:11.680115195 +0200 -+++ openssl-3.0.9-new/test/acvp_test.inc 2023-05-31 14:33:16.629113069 +0200 -@@ -1844,17 +1844,6 @@ static const struct rsa_sigver_st rsa_si - { - "x931", - 3072, -- "SHA1", -- ITM(rsa_sigverx931_0_msg), -- ITM(rsa_sigverx931_0_n), -- ITM(rsa_sigverx931_0_e), -- ITM(rsa_sigverx931_0_sig), -- NO_PSS_SALT_LEN, -- PASS -- }, -- { -- "x931", -- 3072, - "SHA256", - ITM(rsa_sigverx931_1_msg), - ITM(rsa_sigverx931_1_n), -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 14:33:11.957115077 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 14:33:16.629113069 +0200 -@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC - - Title = ECDSA tests - -+Availablein = default - Verify = P-256 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" - Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 - - # Digest too long -+Availablein = default - Verify = P-256 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF12345" -@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a - Result = VERIFY_ERROR - - # Digest too short -+Availablein = default - Verify = P-256 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF123" -@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a - Result = VERIFY_ERROR - - # Digest invalid -+Availablein = default - Verify = P-256 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1235" -@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a - Result = VERIFY_ERROR - - # Invalid signature -+Availablein = default - Verify = P-256 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" -@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a - Result = VERIFY_ERROR - - # BER signature -+Availablein = default - Verify = P-256 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" - Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 - Result = VERIFY_ERROR - -+Availablein = default - Verify = P-256-PUBLIC - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.329113199 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.630113069 +0200 -@@ -96,6 +96,7 @@ NDL6WCBbets= - - Title = RSA tests - -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" -@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224 - Input = "0123456789ABCDEF123456789ABC" - Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 - -+Availablein = default - VerifyRecover = RSA-2048 - Ctrl = digest:SHA1 - Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad - Output = "0123456789ABCDEF1234" - - # Leading zero in the signature -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" - Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad - Result = VERIFY_ERROR - -+Availablein = default - VerifyRecover = RSA-2048 - Ctrl = digest:SHA1 - Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad - Result = KEYOP_ERROR - - # Mismatched digest -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1233" -@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547 - Result = VERIFY_ERROR - - # Corrupted signature -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1233" -@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547 - Result = VERIFY_ERROR - - # parameter is not NULLt -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:sha1 - Input = "0123456789ABCDEF1234" -@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1b - Result = VERIFY_ERROR - - # embedded digest too long -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:sha1 - Input = "0123456789ABCDEF1234" - Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d - Result = VERIFY_ERROR - -+Availablein = default - VerifyRecover = RSA-2048 - Ctrl = digest:sha1 - Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d - Result = KEYOP_ERROR - - # embedded digest too short -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:sha1 - Input = "0123456789ABCDEF1234" - Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d - Result = VERIFY_ERROR - -+Availablein = default - VerifyRecover = RSA-2048 - Ctrl = digest:sha1 - Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d - Result = KEYOP_ERROR - - # Garbage after DigestInfo -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:sha1 - Input = "0123456789ABCDEF1234" - Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 - Result = VERIFY_ERROR - -+Availablein = default - VerifyRecover = RSA-2048 - Ctrl = digest:sha1 - Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 - Result = KEYOP_ERROR - - # invalid tag for parameter -+Availablein = default - Verify = RSA-2048 - Ctrl = digest:sha1 - Input = "0123456789ABCDEF1234" -@@ -195,6 +209,7 @@ Result = VERIFY_ERROR - - # Verify using public key - -+Availablein = default - Verify = RSA-2048-PUBLIC - Ctrl = digest:SHA1 - Input = "0123456789ABCDEF1234" -@@ -371,6 +386,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" - Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A - - # Verify using salt length auto detect -+# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256 -+Availablein = default - Verify = RSA-2048-PUBLIC - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_pss_saltlen:auto -@@ -405,6 +422,10 @@ Output=4DE433D5844043EF08D354DA03CB29068 - Result = VERIFY_ERROR - - # Verify using default parameters, explicitly setting parameters -+# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which -+# RHEL-9 does not support in FIPS mode; all these tests are thus marked -+# Availablein = default. -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_pss_saltlen:20 -@@ -413,6 +434,7 @@ Input="0123456789ABCDEF0123" - Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF - - # Verify explicitly setting parameters "digest" salt length -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_pss_saltlen:digest -@@ -421,18 +443,21 @@ Input="0123456789ABCDEF0123" - Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF - - # Verify using salt length larger than minimum -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = rsa_pss_saltlen:30 - Input="0123456789ABCDEF0123" - Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B - - # Verify using maximum salt length -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = rsa_pss_saltlen:max - Input="0123456789ABCDEF0123" - Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6 - - # Attempt to change salt length below minimum -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = rsa_pss_saltlen:0 - Result = PKEY_CTRL_ERROR -@@ -440,21 +465,25 @@ Result = PKEY_CTRL_ERROR - # Attempt to change padding mode - # Note this used to return PKEY_CTRL_INVALID - # but it is limited because setparams only returns 0 or 1. -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = rsa_padding_mode:pkcs1 - Result = PKEY_CTRL_ERROR - - # Attempt to change digest -+Availablein = default - Verify = RSA-PSS-DEFAULT - Ctrl = digest:sha256 - Result = PKEY_CTRL_ERROR - - # Invalid key: rejected when we try to init -+Availablein = default - Verify = RSA-PSS-BAD - Result = KEYOP_INIT_ERROR - Reason = invalid salt length - - # Invalid key: rejected when we try to init -+Availablein = default - Verify = RSA-PSS-BAD2 - Result = KEYOP_INIT_ERROR - Reason = invalid salt length -@@ -473,36 +502,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEF - 4fINDOjP+yJJvZohNwIDAQAB - -----END PUBLIC KEY----- - -+Availablein = default - Verify=RSA-PSS-1 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e - Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c - -+Availablein = default - Verify=RSA-PSS-1 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd - Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 - -+Availablein = default - Verify=RSA-PSS-1 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=0652ec67bcee30f9d2699122b91c19abdba89f91 - Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 - -+Availablein = default - Verify=RSA-PSS-1 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=39c21c4cceda9c1adf839c744e1212a6437575ec - Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 - -+Availablein = default - Verify=RSA-PSS-1 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=36dae913b77bd17cae6e7b09453d24544cebb33c - Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad - -+Availablein = default - Verify=RSA-PSS-1 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 -@@ -518,36 +553,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+E - 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ== - -----END PUBLIC KEY----- - -+Availablein = default - Verify=RSA-PSS-9 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0 - Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e - -+Availablein = default - Verify=RSA-PSS-9 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=2dac956d53964748ac364d06595827c6b4f143cd - Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 - -+Availablein = default - Verify=RSA-PSS-9 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298 - Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca - -+Availablein = default - Verify=RSA-PSS-9 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e - Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e - -+Availablein = default - Verify=RSA-PSS-9 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a - Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c - -+Availablein = default - Verify=RSA-PSS-9 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 -@@ -565,36 +606,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5 - BQIDAQAB - -----END PUBLIC KEY----- - -+Availablein = default - Verify=RSA-PSS-10 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4 - Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 - -+Availablein = default - Verify=RSA-PSS-10 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=b503319399277fd6c1c8f1033cbf04199ea21716 - Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 - -+Availablein = default - Verify=RSA-PSS-10 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=50aaede8536b2c307208b275a67ae2df196c7628 - Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb - -+Availablein = default - Verify=RSA-PSS-10 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294 - Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb - -+Availablein = default - Verify=RSA-PSS-10 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 - Input=fad3902c9750622a2bc672622c48270cc57d3ea8 - Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc - -+Availablein = default - Verify=RSA-PSS-10 - Ctrl = rsa_padding_mode:pss - Ctrl = rsa_mgf1_md:sha1 -@@ -1384,11 +1431,13 @@ Title = RSA FIPS tests - - # FIPS tests - --# Verifying with SHA1 is permitted in fips mode for older applications -+# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode -+Availablein = fips - DigestVerify = SHA1 - Key = RSA-2048 - Input = "Hello " - Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859 -+Result = DIGESTVERIFYINIT_ERROR - - # Verifying with a 1024 bit key is permitted in fips mode for older applications - DigestVerify = SHA256 -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_cms.t openssl-3.0.9-new/test/recipes/80-test_cms.t ---- openssl-3.0.9/test/recipes/80-test_cms.t 2023-05-31 14:33:16.329113199 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_cms.t 2023-05-31 14:33:16.630113069 +0200 -@@ -163,7 +163,7 @@ my @smime_pkcs7_tests = ( - [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", - "-certfile", $smroot, - "-signer", $smrsa1, "-out", "{output}.cms" ], -- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", -+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", - "-CAfile", $smroot, "-out", "{output}.txt" ], - \&final_compare - ], -@@ -171,7 +171,7 @@ my @smime_pkcs7_tests = ( - [ "signed zero-length content S/MIME format, RSA key SHA1", - [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", - "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], -- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", -+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", - "-CAfile", $smroot, "-out", "{output}.txt" ], - \&zero_compare - ], -diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_old.t openssl-3.0.9-new/test/recipes/80-test_ssl_old.t ---- openssl-3.0.9/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:16.329113199 +0200 -+++ openssl-3.0.9-new/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:16.630113069 +0200 -@@ -394,6 +394,9 @@ sub testssl { - 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); - } - -+ SKIP: { -+ skip "SSLv3 is not supported by the FIPS provider", 4 -+ if $provider eq "fips"; - ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), - 'test sslv2/sslv3 with server authentication'); - ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), -@@ -402,6 +405,7 @@ sub testssl { - 'test sslv2/sslv3 with both client and server authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), - 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); -+ } - - SKIP: { - skip "No IPv4 available on this machine", 4 -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdh.pem openssl-3.0.9-new/test/smime-certs/smdh.pem ---- openssl-3.0.9/test/smime-certs/smdh.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smdh.pem 2023-05-31 14:33:16.631113068 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+ --+460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ --6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE --bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP --PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma --Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB --AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7 --93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP --EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D --l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr --ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe --assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5 --BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw= -+MIICXQIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdT -+e9OxD/p9DQNKqoLyJ10TAUXuycozVqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJt -+F1ZLW+1pklZs2m0cLl4raOe8CZGHkSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81l -+pvL0946LiHfHklMtSOkK3H9PkGB/KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4 -+ieeWprywTaZ8gp3NBMjyuRJniGCQ52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTk -+VS3wLo5ypgrveRdALKvqkHe0qfNr5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIB -+AE50cpgSJBYr9+5dj+fJJcXf/KX9rttlBXyveUP+vbSm/oW443/IksO3oLMy1Raq -+tHTDBhtNrH7rSK6CDStKrMkgHsjTYkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB -+7QB0kkkUgZ7etsnNxEkz9WQwohTvGBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgt -+eEiCO8D9xu0sEXT8ZdRqWcmkTfeMRojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxB -+DrYYkV3LSAweuUQKBocNI7bbbOvPByUvHVMfJBrBmwIJI3vc3091njOH53zATNNv -+ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv -+BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL -+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C --ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt --ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW --sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy --w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX --JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv --yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn --FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI --kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo --ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f --/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV --7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId --AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK --yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj --+j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4 --zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR --Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06 --M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub --i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E --FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X --INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO --ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w --Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6 --3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU --EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa --oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz -+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw -+ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz -+VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH -+kSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81lpvL0946LiHfHklMtSOkK3H9PkGB/ -+KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4ieeWprywTaZ8gp3NBMjyuRJniGCQ -+52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTkVS3wLo5ypgrveRdALKvqkHe0qfNr -+5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIBAE50cpgSJBYr9+5dj+fJJcXf/KX9 -+rttlBXyveUP+vbSm/oW443/IksO3oLMy1RaqtHTDBhtNrH7rSK6CDStKrMkgHsjT -+YkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB7QB0kkkUgZ7etsnNxEkz9WQwohTv -+GBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgteEiCO8D9xu0sEXT8ZdRqWcmkTfeM -+Rojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxBDrYYkV3LSAweuUQKBocNI7bbbOvP -+ByUvHVMfJBrBmwIJI3vc3091njOH53zATNNvta+9S7L4zNsvbg8RtJyH8i4CHQCY -+12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXvA4IBBQACggEAJP4Vy6vcIa7jLa93 -+DWeT0pxe4zeYXxRWbvS7reLoZcBIhH253/QfXj+0UhcjtAa5A2X519anBuetUern -+ecBmHO9vAj9F7J6feK+pUxE8cl793gmWzcGijMXCuRorW7GZ3XBTuQbWaJLtxB4a -+rS54+CFMUfqR5coxGrraGPGjR9P6YCpJgWL74yxiQVzjEdwPLEz/0ehKeDkSvuj8 -+Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+ -+xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h -+wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE -+FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI -+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y -+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb -+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC -+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ -+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2 -+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5 - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdsa1.pem openssl-3.0.9-new/test/smime-certs/smdsa1.pem ---- openssl-3.0.9/test/smime-certs/smdsa1.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smdsa1.pem 2023-05-31 14:33:16.632113068 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 --i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t --4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa --kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg --c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S --8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A --mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw --V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 --ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR --CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL --5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL --QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX --ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY -+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -+TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL -+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44 --BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL --J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 --LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd --62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt --MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l --aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK --3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b --bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ --9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 --DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B --E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV --hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g --lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D --KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv --OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo --+sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l --cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs --Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud --DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw --cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0 --UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7 --YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo --JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w --FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz -+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E -+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P -+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH -++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy -+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx -+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd -+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL -+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq -+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1 -+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ -+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW -+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw= - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdsa2.pem openssl-3.0.9-new/test/smime-certs/smdsa2.pem ---- openssl-3.0.9/test/smime-certs/smdsa2.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smdsa2.pem 2023-05-31 14:33:16.632113068 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 --i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t --4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa --kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg --c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S --8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A --mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw --V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 --ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR --CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL --5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL --QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX --ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018 -+MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -+TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL -+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44 --BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL --J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 --LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd --62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt --MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l --aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK --3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b --bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ --9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 --DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B --E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV --hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o --HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx --4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx --pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji --mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA --shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K --3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud --DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky --4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1 --oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO --vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf --RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3 --tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz -+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s -+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO -+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR -+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA -+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r -+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm -+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat -+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx -+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW -+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU -+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r -+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA= - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdsa3.pem openssl-3.0.9-new/test/smime-certs/smdsa3.pem ---- openssl-3.0.9/test/smime-certs/smdsa3.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smdsa3.pem 2023-05-31 14:33:16.632113068 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 --i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t --4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa --kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg --c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S --8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A --mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw --V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 --ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR --CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL --5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL --QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX --ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A== -+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -+TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL -+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44 --BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL --J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 --LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd --62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt --MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l --aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK --3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b --bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ --9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 --DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B --E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV --hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G --TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg --sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0 --5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt --rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe --jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1 --jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud --DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh --M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P --wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe --azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl --SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5 --ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz -+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h -+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY -+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA -+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl -+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof -+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc -+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR -+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5 -+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw -+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J -+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87 -+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs= - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smec1.pem openssl-3.0.9-new/test/smime-certs/smec1.pem ---- openssl-3.0.9/test/smime-certs/smec1.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smec1.pem 2023-05-31 14:33:16.632113068 +0200 -@@ -1,22 +1,22 @@ - -----BEGIN PRIVATE KEY----- --MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB --Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ --7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS -+DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV -+3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL -+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq --hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91 --/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G --A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD --VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB --AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo --qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK --2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F --PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9 --pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl --LJRua7p4Wt/8GQENDrVkHqU= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz -+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI -+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2 -+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV -+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud -+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp -+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9 -+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj -+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R -+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy -+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ -+V5ASvNRiGWIJK5XF+zRY - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smec2.pem openssl-3.0.9-new/test/smime-certs/smec2.pem ---- openssl-3.0.9/test/smime-certs/smec2.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smec2.pem 2023-05-31 14:33:16.632113068 +0200 -@@ -1,23 +1,23 @@ - -----BEGIN PRIVATE KEY----- --MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ --HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X --IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp --HqER -+MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl -+brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7 -+uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 -+6bQ= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL -+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr --gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2 --1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC --MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK --9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF --AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz --5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m --IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao --enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ --rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R --lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz -+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE -+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT -+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA -+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw -+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD -+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ -+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5 -+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd -+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60 -+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ -+/UfNk+5Y3g5Mm642MLvjBEUqurw= - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smroot.pem openssl-3.0.9-new/test/smime-certs/smroot.pem ---- openssl-3.0.9/test/smime-certs/smroot.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smroot.pem 2023-05-31 14:33:16.633113067 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA --T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke --iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K --H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg --cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR --0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt --+UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS --F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U --MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv --kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham --AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r --IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib --YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF --TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f --bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn --0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub --KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG --gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI --H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z --DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR --8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR --pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx --5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2 --Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil --GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI --DL5zP8gmBL9ZAOO/J9YacxWYMQ== -+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq -+nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL -+DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc -+BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI -+MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV -+kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q -+LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c -+b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R -+Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu -+ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 -+Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF -+ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp -+PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx -+mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw -+nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z -+8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw -+fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu -+PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T -+5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP -+aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq -+qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr -+yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK -+NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 -+bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI -+vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ -+KfvPCYimQwBjVrEnSntLPR0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL -+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB --AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag --ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m --BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e --fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk --lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA --vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud --DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq --hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko --/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE --dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+ --LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB --Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S --7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy -+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR -+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb -+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj -+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN -+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2 -+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E -+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw -+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI -+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN -+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z -+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx -+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo -+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2 -+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8= - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smrsa1.pem openssl-3.0.9-new/test/smime-certs/smrsa1.pem ---- openssl-3.0.9/test/smime-certs/smrsa1.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smrsa1.pem 2023-05-31 14:33:16.633113067 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm --CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6 --YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR --+B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1 --KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI --qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj --n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3 --gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv --2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0 --9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3 --4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu --e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5 --oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td --2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS --1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+ --Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX --5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT --SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo --zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE --ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F --wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J --jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ --tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o --co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4 --psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc --NOlOojKDO+dELErpShJgFIaU -+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC -+xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID -+3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU -+/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D -+orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs -+CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH -+XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp -+KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i -+cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL -+s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 -+27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak -+cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT -+8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze -+j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG -+ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da -+ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk -+LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ -+msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q -+55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or -+sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 -+d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR -+355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG -+hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu -+iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST -+1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn -+zQpuMJliRlrq/5JkIbH6SA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL -+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B --AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6 --OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J --eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2 --l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg --9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM --32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV --HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB --MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI --hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+ --BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF --QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1 --vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL --0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI --XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz -+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw -+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy -+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS -+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH -+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT -+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM -+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm -+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq -+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ -+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0 -+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY -+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smrsa2.pem openssl-3.0.9-new/test/smime-certs/smrsa2.pem ---- openssl-3.0.9/test/smime-certs/smrsa2.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smrsa2.pem 2023-05-31 14:33:16.633113067 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j --SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b --FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk --GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn --4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT --3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T --hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi --BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB --v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg --Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ --DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D --xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT --RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq --AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB --8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH --YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW --kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR --B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0 --x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb --b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs --cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o --qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc --1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK --u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q --13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9 --k6W9F60mEFz1Owh+lQv7WfSIVA== -+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 -+iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq -+V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD -+lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 -+U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 -+NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB -+Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 -+J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI -+dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW -+3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz -+XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK -+3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK -+Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa -+P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI -+LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN -+bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX -+q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 -+38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm -+hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t -+QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb -+0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS -+8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 -+KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e -+y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR -+hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n -+yrLyf+8hjm6H6zkjqiOkHAl+ - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL -+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B --AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or --fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU --7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv --hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT --INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM --Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV --HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR --rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI --hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v --gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK --7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp --LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5 --zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA --EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz -+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6 -+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7 -+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk -+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM -+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2 -+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT -+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD -+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa -+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv -+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR -+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM -+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE - -----END CERTIFICATE----- -diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smrsa3.pem openssl-3.0.9-new/test/smime-certs/smrsa3.pem ---- openssl-3.0.9/test/smime-certs/smrsa3.pem 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/test/smime-certs/smrsa3.pem 2023-05-31 14:33:16.634113067 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 --toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB --GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi --ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK --2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M --jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq --DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb --Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ --0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh --/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG --A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI --vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I --pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi --YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS --wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ --BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto --NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o --c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K --7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt --oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L --3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk --YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr --Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs --Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz --TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X --fNcb5iDYqZRzD8ixBbLxUw== -+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji -+OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 -+Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX -+63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H -+XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l -+vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 -+L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP -+lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf -+BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR -+OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ -+i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se -+snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 -+wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn -+8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ -+ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm -+oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX -+LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E -+yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 -+2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc -+RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK -+KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk -+isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL -+rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw -+IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh -+yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF -+RvOAi5wVkYylDxV4238MAZIq - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL -+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B --AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC --XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ --qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK --wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI --U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N --f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV --HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi --V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI --hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq --112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd --CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 --iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW --ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE --BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz -+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x -+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM -+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5 -+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO -+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj -+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868 -+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c -+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs -+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn -+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7 -+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu -+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf - -----END CERTIFICATE----- diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch deleted file mode 100644 index 6edea38..0000000 --- a/0062-fips-Expose-a-FIPS-indicator.patch +++ /dev/null @@ -1,401 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/doc/build.info openssl-3.0.9-new/doc/build.info ---- openssl-3.0.9/doc/build.info 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/build.info 2023-05-31 14:33:16.925112941 +0200 -@@ -4461,6 +4461,10 @@ DEPEND[html/man7/fips_module.html]=man7/ - GENERATE[html/man7/fips_module.html]=man7/fips_module.pod - DEPEND[man/man7/fips_module.7]=man7/fips_module.pod - GENERATE[man/man7/fips_module.7]=man7/fips_module.pod -+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod -+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod -+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod -+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod - DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod - GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod - DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod -@@ -4706,6 +4710,7 @@ html/man7/ct.html \ - html/man7/des_modes.html \ - html/man7/evp.html \ - html/man7/fips_module.html \ -+html/man7/fips_module_indicators.html \ - html/man7/life_cycle-cipher.html \ - html/man7/life_cycle-digest.html \ - html/man7/life_cycle-kdf.html \ -@@ -4832,6 +4837,7 @@ man/man7/ct.7 \ - man/man7/des_modes.7 \ - man/man7/evp.7 \ - man/man7/fips_module.7 \ -+man/man7/fips_module_indicators.7 \ - man/man7/life_cycle-cipher.7 \ - man/man7/life_cycle-digest.7 \ - man/man7/life_cycle-kdf.7 \ -diff -rupN --no-dereference openssl-3.0.9/doc/man7/fips_module_indicators.pod openssl-3.0.9-new/doc/man7/fips_module_indicators.pod ---- openssl-3.0.9/doc/man7/fips_module_indicators.pod 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/doc/man7/fips_module_indicators.pod 2023-05-31 14:33:16.925112941 +0200 -@@ -0,0 +1,154 @@ -+=pod -+ -+=head1 NAME -+ -+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide -+ -+=head1 DESCRIPTION -+ -+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider -+implements Approved Security Service Indicators according to the FIPS 140-3 -+Implementation Guidelines, section 2.4.C. See -+L -+for the FIPS 140-3 Implementation Guidelines. -+ -+For all approved services except signatures, the Red Hat OpenSSL FIPS provider -+uses the return code as the indicator as understood by FIPS 140-3. That means -+that every operation that succeeds denotes use of an approved security service. -+Operations that do not succeed may not have been approved security services, or -+may have been used incorrectly. -+ -+For signatures, an explicit indicator API is available to determine whether -+a selected operation is an approved security service, in combination with the -+return code of the operation. For a signature operation to be approved, the -+explicit indicator must claim it as approved, and it must succeed. -+ -+=head2 Querying the explicit indicator -+ -+The Red Hat OpenSSL FIPS provider exports a symbol named -+I that provides information on which signature -+operations are approved security functions. To use this function, either link -+against I directly, or load it at runtime using dlopen(3) and -+dlsym(3). -+ -+ #include -+ #include "providers/fips/indicator.h" -+ -+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY); -+ if (provider == NULL) { -+ fprintf(stderr, "%s\n", dlerror()); -+ // handle error -+ } -+ -+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \ -+ = dlsym(provider, "redhat_ossl_query_fipsindicator"); -+ if (redhat_ossl_query_fipsindicator == NULL) { -+ fprintf(stderr, "%s\n", dlerror()); -+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat" -+ " patches?\n"); -+ // handle error -+ } -+ -+Note that this uses the I header, which is not -+public. Install the I package from the I -+repository using I and include -+I in the compiler's include path. -+ -+I expects an operation ID as its only -+argument. Currently, the only supported operation ID is I to -+obtain the indicators for signature operations. On success, the return value is -+a pointer to an array of Is. On failure, NULL is -+returned. The last entry in the array is indicated by I being -+NULL. -+ -+ typedef struct ossl_rh_fipsindicator_algorithm_st { -+ const char *algorithm_names; /* key */ -+ const char *property_definition; /* key */ -+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; -+ } OSSL_RH_FIPSINDICATOR_ALGORITHM; -+ -+ typedef struct ossl_rh_fipsindicator_dispatch_st { -+ int function_id; -+ int approved; -+ } OSSL_RH_FIPSINDICATOR_DISPATCH; -+ -+The I field is a colon-separated list of algorithm names from -+one of the I constants, e.g., I. strtok(3) can -+be used to locate the appropriate entry. See the example below, where -+I contains the algorithm name to search for: -+ -+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL; -+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator = -+ redhat_ossl_query_fipsindicator(operation_id); -+ if (indicator == NULL) { -+ fprintf(stderr, "No indicator for operation, probably using implicit" -+ " indicators.\n"); -+ // handle error -+ } -+ -+ for (; indicator->algorithm_names != NULL; ++indicator) { -+ char *algorithm_names = strdup(indicator->algorithm_names); -+ if (algorithm_names == NULL) { -+ perror("strdup(3)"); -+ // handle error -+ } -+ -+ const char *algorithm_name = strtok(algorithm_names, ":"); -+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) { -+ if (strcasecmp(algorithm_name, algorithm) == 0) { -+ indicator_dispatch = indicator->indicators; -+ free(algorithm_names); -+ algorithm_names = NULL; -+ break; -+ } -+ } -+ free(algorithm_names); -+ } -+ if (indicator_dispatch == NULL) { -+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm); -+ // handle error -+ } -+ -+If an appropriate I array is available for the -+given algorithm name, it maps function IDs to their approval status. The last -+entry is indicated by a zero I. I is -+I if the operation is an approved security -+service, or part of an approved security service, or -+I otherwise. Any other value is invalid. -+Function IDs are I constants from I, -+e.g., I or I. -+ -+Assuming I is the function in question, the following code can be -+used to query the approval status: -+ -+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) { -+ if (indicator_dispatch->function_id == function_id) { -+ switch (indicator_dispatch->approved) { -+ case OSSL_RH_FIPSINDICATOR_APPROVED: -+ // approved security service -+ break; -+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED: -+ // unapproved security service -+ break; -+ default: -+ // invalid result -+ break; -+ } -+ break; -+ } -+ } -+ -+=head1 SEE ALSO -+ -+L, L -+ -+=head1 COPYRIGHT -+ -+Copyright 2022 Red Hat, Inc. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -rupN --no-dereference openssl-3.0.9/providers/fips/fipsprov.c openssl-3.0.9-new/providers/fips/fipsprov.c ---- openssl-3.0.9/providers/fips/fipsprov.c 2023-05-31 14:33:14.351114053 +0200 -+++ openssl-3.0.9-new/providers/fips/fipsprov.c 2023-05-31 14:33:16.925112941 +0200 -@@ -23,6 +23,7 @@ - #include "prov/seeding.h" - #include "self_test.h" - #include "internal/core.h" -+#include "indicator.h" - - static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; - static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; -@@ -409,6 +410,68 @@ static const OSSL_ALGORITHM fips_signatu - { NULL, NULL, NULL } - }; - -+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = { -+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } -+}; -+ -+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = { -+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, -+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } -+}; -+ -+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = { -+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, -+ redhat_rsa_signature_indicators }, -+#ifndef OPENSSL_NO_EC -+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, -+ redhat_ecdsa_signature_indicators }, -+#endif -+ { NULL, NULL, NULL } -+}; -+ - static const OSSL_ALGORITHM fips_asym_cipher[] = { - { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, - { NULL, NULL, NULL } -@@ -493,6 +556,14 @@ static const OSSL_ALGORITHM *fips_query( - } - return NULL; - } -+ -+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { -+ switch (operation_id) { -+ case OSSL_OP_SIGNATURE: -+ return redhat_indicator_fips_signature; -+ } -+ return NULL; -+} - - static void fips_teardown(void *provctx) - { -diff -rupN --no-dereference openssl-3.0.9/providers/fips/indicator.h openssl-3.0.9-new/providers/fips/indicator.h ---- openssl-3.0.9/providers/fips/indicator.h 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/providers/fips/indicator.h 2023-05-31 14:33:16.926112941 +0200 -@@ -0,0 +1,66 @@ -+/* -+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#ifndef OPENSSL_FIPS_INDICATOR_H -+# define OPENSSL_FIPS_INDICATOR_H -+# pragma once -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0) -+# define OSSL_RH_FIPSINDICATOR_APPROVED (1) -+ -+/* -+ * FIPS indicator dispatch table element. function_id numbers and the -+ * functions are defined in core_dispatch.h, see macros with -+ * 'OSSL_CORE_MAKE_FUNC' in their names. -+ * -+ * An array of these is always terminated by function_id == 0 -+ */ -+typedef struct ossl_rh_fipsindicator_dispatch_st { -+ int function_id; -+ int approved; -+} OSSL_RH_FIPSINDICATOR_DISPATCH; -+ -+/* -+ * Type to tie together algorithm names, property definition string and the -+ * algorithm implementation's FIPS indicator status in the form of a FIPS -+ * indicator dispatch table. -+ * -+ * An array of these is always terminated by algorithm_names == NULL -+ */ -+typedef struct ossl_rh_fipsindicator_algorithm_st { -+ const char *algorithm_names; /* key */ -+ const char *property_definition; /* key */ -+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; -+} OSSL_RH_FIPSINDICATOR_ALGORITHM; -+ -+/** -+ * Query FIPS indicator status for the given operation. Possible values for -+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms -+ * use implicit indicators. The return value is an array of -+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with -+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of -+ * algorithm names, 'property_definition' a comma-separated list of properties, -+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This -+ * list is terminated by function_id == 0. 'function_id' is one of the -+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL. -+ * -+ * If there is no entry in the returned struct for the given operation_id, -+ * algorithm name, or function_id, the algorithm is unapproved. -+ */ -+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id); -+ -+# ifdef __cplusplus -+} -+# endif -+ -+#endif -diff -rupN --no-dereference openssl-3.0.9/util/mkdef.pl openssl-3.0.9-new/util/mkdef.pl ---- openssl-3.0.9/util/mkdef.pl 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/util/mkdef.pl 2023-05-31 14:33:16.926112941 +0200 -@@ -153,7 +153,8 @@ $ordinal_opts{filter} = - return - $item->exists() - && platform_filter($item) -- && feature_filter($item); -+ && feature_filter($item) -+ && fips_filter($item, $name); - }; - my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file); - -@@ -209,6 +210,28 @@ sub feature_filter { - return $verdict; - } - -+sub fips_filter { -+ my $item = shift; -+ my $name = uc(shift); -+ my @features = ( $item->features() ); -+ -+ # True if no features are defined -+ return 1 if scalar @features == 0; -+ -+ my @matches = grep(/^ONLY_.*$/, @features); -+ if (@matches) { -+ # There is at least one only_* flag on this symbol, check if any of -+ # them match the name -+ for (@matches) { -+ if ($_ eq "ONLY_${name}") { -+ return 1; -+ } -+ } -+ return 0; -+ } -+ return 1; -+} -+ - sub sorter_unix { - my $by_name = OpenSSL::Ordinals::by_name(); - my %weight = ( -diff -rupN --no-dereference openssl-3.0.9/util/providers.num openssl-3.0.9-new/util/providers.num ---- openssl-3.0.9/util/providers.num 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/util/providers.num 2023-05-31 14:33:16.926112941 +0200 -@@ -1 +1,2 @@ - OSSL_provider_init 1 * EXIST::FUNCTION: -+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS diff --git a/0071-AES-GCM-performance-optimization.patch b/0071-AES-GCM-performance-optimization.patch deleted file mode 100644 index 8065c68..0000000 --- a/0071-AES-GCM-performance-optimization.patch +++ /dev/null @@ -1,1627 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/modes/asm/aes-gcm-ppc.pl openssl-3.0.9-new/crypto/modes/asm/aes-gcm-ppc.pl ---- openssl-3.0.9/crypto/modes/asm/aes-gcm-ppc.pl 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/crypto/modes/asm/aes-gcm-ppc.pl 2023-05-31 14:33:17.191112825 +0200 -@@ -0,0 +1,1438 @@ -+#! /usr/bin/env perl -+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright 2021- IBM Inc. All rights reserved -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+# -+#=================================================================================== -+# Written by Danny Tsen for OpenSSL Project, -+# -+# GHASH is based on the Karatsuba multiplication method. -+# -+# Xi xor X1 -+# -+# X1 * H^4 + X2 * H^3 + x3 * H^2 + X4 * H = -+# (X1.h * H4.h + xX.l * H4.l + X1 * H4) + -+# (X2.h * H3.h + X2.l * H3.l + X2 * H3) + -+# (X3.h * H2.h + X3.l * H2.l + X3 * H2) + -+# (X4.h * H.h + X4.l * H.l + X4 * H) -+# -+# Xi = v0 -+# H Poly = v2 -+# Hash keys = v3 - v14 -+# ( H.l, H, H.h) -+# ( H^2.l, H^2, H^2.h) -+# ( H^3.l, H^3, H^3.h) -+# ( H^4.l, H^4, H^4.h) -+# -+# v30 is IV -+# v31 - counter 1 -+# -+# AES used, -+# vs0 - vs14 for round keys -+# v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted) -+# -+# This implementation uses stitched AES-GCM approach to improve overall performance. -+# AES is implemented with 8x blocks and GHASH is using 2 4x blocks. -+# -+# Current large block (16384 bytes) performance per second with 128 bit key -- -+# -+# Encrypt Decrypt -+# Power10[le] (3.5GHz) 5.32G 5.26G -+# -+# =================================================================================== -+# -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+if ($flavour =~ /64/) { -+ $SIZE_T=8; -+ $LRSAVE=2*$SIZE_T; -+ $STU="stdu"; -+ $POP="ld"; -+ $PUSH="std"; -+ $UCMP="cmpld"; -+ $SHRI="srdi"; -+} elsif ($flavour =~ /32/) { -+ $SIZE_T=4; -+ $LRSAVE=$SIZE_T; -+ $STU="stwu"; -+ $POP="lwz"; -+ $PUSH="stw"; -+ $UCMP="cmplw"; -+ $SHRI="srwi"; -+} else { die "nonsense $flavour"; } -+ -+$sp="r1"; -+$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -+die "can't locate ppc-xlate.pl"; -+ -+open STDOUT,"| $^X $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+ -+$code=<<___; -+.machine "any" -+.text -+ -+# 4x loops -+# v15 - v18 - input states -+# vs1 - vs9 - round keys -+# -+.macro Loop_aes_middle4x -+ xxlor 19+32, 1, 1 -+ xxlor 20+32, 2, 2 -+ xxlor 21+32, 3, 3 -+ xxlor 22+32, 4, 4 -+ -+ vcipher 15, 15, 19 -+ vcipher 16, 16, 19 -+ vcipher 17, 17, 19 -+ vcipher 18, 18, 19 -+ -+ vcipher 15, 15, 20 -+ vcipher 16, 16, 20 -+ vcipher 17, 17, 20 -+ vcipher 18, 18, 20 -+ -+ vcipher 15, 15, 21 -+ vcipher 16, 16, 21 -+ vcipher 17, 17, 21 -+ vcipher 18, 18, 21 -+ -+ vcipher 15, 15, 22 -+ vcipher 16, 16, 22 -+ vcipher 17, 17, 22 -+ vcipher 18, 18, 22 -+ -+ xxlor 19+32, 5, 5 -+ xxlor 20+32, 6, 6 -+ xxlor 21+32, 7, 7 -+ xxlor 22+32, 8, 8 -+ -+ vcipher 15, 15, 19 -+ vcipher 16, 16, 19 -+ vcipher 17, 17, 19 -+ vcipher 18, 18, 19 -+ -+ vcipher 15, 15, 20 -+ vcipher 16, 16, 20 -+ vcipher 17, 17, 20 -+ vcipher 18, 18, 20 -+ -+ vcipher 15, 15, 21 -+ vcipher 16, 16, 21 -+ vcipher 17, 17, 21 -+ vcipher 18, 18, 21 -+ -+ vcipher 15, 15, 22 -+ vcipher 16, 16, 22 -+ vcipher 17, 17, 22 -+ vcipher 18, 18, 22 -+ -+ xxlor 23+32, 9, 9 -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+.endm -+ -+# 8x loops -+# v15 - v22 - input states -+# vs1 - vs9 - round keys -+# -+.macro Loop_aes_middle8x -+ xxlor 23+32, 1, 1 -+ xxlor 24+32, 2, 2 -+ xxlor 25+32, 3, 3 -+ xxlor 26+32, 4, 4 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ vcipher 15, 15, 25 -+ vcipher 16, 16, 25 -+ vcipher 17, 17, 25 -+ vcipher 18, 18, 25 -+ vcipher 19, 19, 25 -+ vcipher 20, 20, 25 -+ vcipher 21, 21, 25 -+ vcipher 22, 22, 25 -+ -+ vcipher 15, 15, 26 -+ vcipher 16, 16, 26 -+ vcipher 17, 17, 26 -+ vcipher 18, 18, 26 -+ vcipher 19, 19, 26 -+ vcipher 20, 20, 26 -+ vcipher 21, 21, 26 -+ vcipher 22, 22, 26 -+ -+ xxlor 23+32, 5, 5 -+ xxlor 24+32, 6, 6 -+ xxlor 25+32, 7, 7 -+ xxlor 26+32, 8, 8 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ vcipher 15, 15, 25 -+ vcipher 16, 16, 25 -+ vcipher 17, 17, 25 -+ vcipher 18, 18, 25 -+ vcipher 19, 19, 25 -+ vcipher 20, 20, 25 -+ vcipher 21, 21, 25 -+ vcipher 22, 22, 25 -+ -+ vcipher 15, 15, 26 -+ vcipher 16, 16, 26 -+ vcipher 17, 17, 26 -+ vcipher 18, 18, 26 -+ vcipher 19, 19, 26 -+ vcipher 20, 20, 26 -+ vcipher 21, 21, 26 -+ vcipher 22, 22, 26 -+ -+ xxlor 23+32, 9, 9 -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+.endm -+ -+# -+# Compute 4x hash values based on Karatsuba method. -+# -+ppc_aes_gcm_ghash: -+ vxor 15, 15, 0 -+ -+ xxlxor 29, 29, 29 -+ -+ vpmsumd 23, 12, 15 # H4.L * X.L -+ vpmsumd 24, 9, 16 -+ vpmsumd 25, 6, 17 -+ vpmsumd 26, 3, 18 -+ -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L -+ -+ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L -+ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 26, 7, 17 -+ vpmsumd 27, 4, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 # M -+ -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction -+ -+ xxlor 29+32, 29, 29 -+ vsldoi 26, 24, 29, 8 # mL -+ vsldoi 29, 29, 24, 8 # mH -+ vxor 23, 23, 26 # mL + L -+ -+ vsldoi 23, 23, 23, 8 # swap -+ vxor 23, 23, 28 -+ -+ vpmsumd 24, 14, 15 # H4.H * X.H -+ vpmsumd 25, 11, 16 -+ vpmsumd 26, 8, 17 -+ vpmsumd 27, 5, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 -+ -+ vxor 24, 24, 29 -+ -+ # sum hash and reduction with H Poly -+ vsldoi 27, 23, 23, 8 # swap -+ vpmsumd 23, 23, 2 -+ vxor 27, 27, 24 -+ vxor 23, 23, 27 -+ -+ xxlor 32, 23+32, 23+32 # update hash -+ -+ blr -+ -+# -+# Combine two 4x ghash -+# v15 - v22 - input blocks -+# -+.macro ppc_aes_gcm_ghash2_4x -+ # first 4x hash -+ vxor 15, 15, 0 # Xi + X -+ -+ xxlxor 29, 29, 29 -+ -+ vpmsumd 23, 12, 15 # H4.L * X.L -+ vpmsumd 24, 9, 16 -+ vpmsumd 25, 6, 17 -+ vpmsumd 26, 3, 18 -+ -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L -+ -+ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L -+ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 26, 7, 17 -+ vpmsumd 27, 4, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction -+ -+ xxlor 29+32, 29, 29 -+ -+ vxor 24, 24, 27 # M -+ vsldoi 26, 24, 29, 8 # mL -+ vsldoi 29, 29, 24, 8 # mH -+ vxor 23, 23, 26 # mL + L -+ -+ vsldoi 23, 23, 23, 8 # swap -+ vxor 23, 23, 28 -+ -+ vpmsumd 24, 14, 15 # H4.H * X.H -+ vpmsumd 25, 11, 16 -+ vpmsumd 26, 8, 17 -+ vpmsumd 27, 5, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 # H -+ -+ vxor 24, 24, 29 # H + mH -+ -+ # sum hash and reduction with H Poly -+ vsldoi 27, 23, 23, 8 # swap -+ vpmsumd 23, 23, 2 -+ vxor 27, 27, 24 -+ vxor 27, 23, 27 # 1st Xi -+ -+ # 2nd 4x hash -+ vpmsumd 24, 9, 20 -+ vpmsumd 25, 6, 21 -+ vpmsumd 26, 3, 22 -+ vxor 19, 19, 27 # Xi + X -+ vpmsumd 23, 12, 19 # H4.L * X.L -+ -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L -+ -+ vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L -+ vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 26, 7, 21 -+ vpmsumd 27, 4, 22 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction -+ -+ xxlor 29+32, 29, 29 -+ -+ vxor 24, 24, 27 # M -+ vsldoi 26, 24, 29, 8 # mL -+ vsldoi 29, 29, 24, 8 # mH -+ vxor 23, 23, 26 # mL + L -+ -+ vsldoi 23, 23, 23, 8 # swap -+ vxor 23, 23, 28 -+ -+ vpmsumd 24, 14, 19 # H4.H * X.H -+ vpmsumd 25, 11, 20 -+ vpmsumd 26, 8, 21 -+ vpmsumd 27, 5, 22 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 # H -+ -+ vxor 24, 24, 29 # H + mH -+ -+ # sum hash and reduction with H Poly -+ vsldoi 27, 23, 23, 8 # swap -+ vpmsumd 23, 23, 2 -+ vxor 27, 27, 24 -+ vxor 23, 23, 27 -+ -+ xxlor 32, 23+32, 23+32 # update hash -+ -+.endm -+ -+# -+# Compute update single hash -+# -+.macro ppc_update_hash_1x -+ vxor 28, 28, 0 -+ -+ vxor 19, 19, 19 -+ -+ vpmsumd 22, 3, 28 # L -+ vpmsumd 23, 4, 28 # M -+ vpmsumd 24, 5, 28 # H -+ -+ vpmsumd 27, 22, 2 # reduction -+ -+ vsldoi 25, 23, 19, 8 # mL -+ vsldoi 26, 19, 23, 8 # mH -+ vxor 22, 22, 25 # LL + LL -+ vxor 24, 24, 26 # HH + HH -+ -+ vsldoi 22, 22, 22, 8 # swap -+ vxor 22, 22, 27 -+ -+ vsldoi 20, 22, 22, 8 # swap -+ vpmsumd 22, 22, 2 # reduction -+ vxor 20, 20, 24 -+ vxor 22, 22, 20 -+ -+ vmr 0, 22 # update hash -+ -+.endm -+ -+# -+# ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len, -+# const AES_KEY *key, unsigned char iv[16], -+# void *Xip); -+# -+# r3 - inp -+# r4 - out -+# r5 - len -+# r6 - AES round keys -+# r7 - iv -+# r8 - Xi, HPoli, hash keys -+# -+.global ppc_aes_gcm_encrypt -+.align 5 -+ppc_aes_gcm_encrypt: -+_ppc_aes_gcm_encrypt: -+ -+ stdu 1,-512(1) -+ mflr 0 -+ -+ std 14,112(1) -+ std 15,120(1) -+ std 16,128(1) -+ std 17,136(1) -+ std 18,144(1) -+ std 19,152(1) -+ std 20,160(1) -+ std 21,168(1) -+ li 9, 256 -+ stvx 20, 9, 1 -+ addi 9, 9, 16 -+ stvx 21, 9, 1 -+ addi 9, 9, 16 -+ stvx 22, 9, 1 -+ addi 9, 9, 16 -+ stvx 23, 9, 1 -+ addi 9, 9, 16 -+ stvx 24, 9, 1 -+ addi 9, 9, 16 -+ stvx 25, 9, 1 -+ addi 9, 9, 16 -+ stvx 26, 9, 1 -+ addi 9, 9, 16 -+ stvx 27, 9, 1 -+ addi 9, 9, 16 -+ stvx 28, 9, 1 -+ addi 9, 9, 16 -+ stvx 29, 9, 1 -+ addi 9, 9, 16 -+ stvx 30, 9, 1 -+ addi 9, 9, 16 -+ stvx 31, 9, 1 -+ std 0, 528(1) -+ -+ # Load Xi -+ lxvb16x 32, 0, 8 # load Xi -+ -+ # load Hash - h^4, h^3, h^2, h -+ li 10, 32 -+ lxvd2x 2+32, 10, 8 # H Poli -+ li 10, 48 -+ lxvd2x 3+32, 10, 8 # Hl -+ li 10, 64 -+ lxvd2x 4+32, 10, 8 # H -+ li 10, 80 -+ lxvd2x 5+32, 10, 8 # Hh -+ -+ li 10, 96 -+ lxvd2x 6+32, 10, 8 # H^2l -+ li 10, 112 -+ lxvd2x 7+32, 10, 8 # H^2 -+ li 10, 128 -+ lxvd2x 8+32, 10, 8 # H^2h -+ -+ li 10, 144 -+ lxvd2x 9+32, 10, 8 # H^3l -+ li 10, 160 -+ lxvd2x 10+32, 10, 8 # H^3 -+ li 10, 176 -+ lxvd2x 11+32, 10, 8 # H^3h -+ -+ li 10, 192 -+ lxvd2x 12+32, 10, 8 # H^4l -+ li 10, 208 -+ lxvd2x 13+32, 10, 8 # H^4 -+ li 10, 224 -+ lxvd2x 14+32, 10, 8 # H^4h -+ -+ # initialize ICB: GHASH( IV ), IV - r7 -+ lxvb16x 30+32, 0, 7 # load IV - v30 -+ -+ mr 12, 5 # length -+ li 11, 0 # block index -+ -+ # counter 1 -+ vxor 31, 31, 31 -+ vspltisb 22, 1 -+ vsldoi 31, 31, 22,1 # counter 1 -+ -+ # load round key to VSR -+ lxv 0, 0(6) -+ lxv 1, 0x10(6) -+ lxv 2, 0x20(6) -+ lxv 3, 0x30(6) -+ lxv 4, 0x40(6) -+ lxv 5, 0x50(6) -+ lxv 6, 0x60(6) -+ lxv 7, 0x70(6) -+ lxv 8, 0x80(6) -+ lxv 9, 0x90(6) -+ lxv 10, 0xa0(6) -+ -+ # load rounds - 10 (128), 12 (192), 14 (256) -+ lwz 9,240(6) -+ -+ # -+ # vxor state, state, w # addroundkey -+ xxlor 32+29, 0, 0 -+ vxor 15, 30, 29 # IV + round key - add round key 0 -+ -+ cmpdi 9, 10 -+ beq Loop_aes_gcm_8x -+ -+ # load 2 more round keys (v11, v12) -+ lxv 11, 0xb0(6) -+ lxv 12, 0xc0(6) -+ -+ cmpdi 9, 12 -+ beq Loop_aes_gcm_8x -+ -+ # load 2 more round keys (v11, v12, v13, v14) -+ lxv 13, 0xd0(6) -+ lxv 14, 0xe0(6) -+ cmpdi 9, 14 -+ beq Loop_aes_gcm_8x -+ -+ b aes_gcm_out -+ -+.align 5 -+Loop_aes_gcm_8x: -+ mr 14, 3 -+ mr 9, 4 -+ -+ # n blocks -+ li 10, 128 -+ divdu 10, 5, 10 # n 128 bytes-blocks -+ cmpdi 10, 0 -+ beq Loop_last_block -+ -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 16, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 29 -+ -+ mtctr 10 -+ -+ li 15, 16 -+ li 16, 32 -+ li 17, 48 -+ li 18, 64 -+ li 19, 80 -+ li 20, 96 -+ li 21, 112 -+ -+ lwz 10, 240(6) -+ -+Loop_8x_block: -+ -+ lxvb16x 15, 0, 14 # load block -+ lxvb16x 16, 15, 14 # load block -+ lxvb16x 17, 16, 14 # load block -+ lxvb16x 18, 17, 14 # load block -+ lxvb16x 19, 18, 14 # load block -+ lxvb16x 20, 19, 14 # load block -+ lxvb16x 21, 20, 14 # load block -+ lxvb16x 22, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ Loop_aes_middle8x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_next_ghash -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_next_ghash -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_next_ghash -+ b aes_gcm_out -+ -+Do_next_ghash: -+ -+ # -+ # last round -+ vcipherlast 15, 15, 23 -+ vcipherlast 16, 16, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ xxlxor 48, 48, 16 -+ stxvb16x 48, 15, 9 # store output -+ -+ vcipherlast 17, 17, 23 -+ vcipherlast 18, 18, 23 -+ -+ xxlxor 49, 49, 17 -+ stxvb16x 49, 16, 9 # store output -+ xxlxor 50, 50, 18 -+ stxvb16x 50, 17, 9 # store output -+ -+ vcipherlast 19, 19, 23 -+ vcipherlast 20, 20, 23 -+ -+ xxlxor 51, 51, 19 -+ stxvb16x 51, 18, 9 # store output -+ xxlxor 52, 52, 20 -+ stxvb16x 52, 19, 9 # store output -+ -+ vcipherlast 21, 21, 23 -+ vcipherlast 22, 22, 23 -+ -+ xxlxor 53, 53, 21 -+ stxvb16x 53, 20, 9 # store output -+ xxlxor 54, 54, 22 -+ stxvb16x 54, 21, 9 # store output -+ -+ addi 9, 9, 128 -+ -+ # ghash here -+ ppc_aes_gcm_ghash2_4x -+ -+ xxlor 27+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vmr 29, 30 -+ vxor 15, 30, 27 # add round key -+ vaddudm 30, 30, 31 -+ vxor 16, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 27 -+ -+ addi 12, 12, -128 -+ addi 11, 11, 128 -+ -+ bdnz Loop_8x_block -+ -+ vmr 30, 29 -+ -+Loop_last_block: -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+ # loop last few blocks -+ li 10, 16 -+ divdu 10, 12, 10 -+ -+ mtctr 10 -+ -+ lwz 10, 240(6) -+ -+ cmpdi 12, 16 -+ blt Final_block -+ -+.macro Loop_aes_middle_1x -+ xxlor 19+32, 1, 1 -+ xxlor 20+32, 2, 2 -+ xxlor 21+32, 3, 3 -+ xxlor 22+32, 4, 4 -+ -+ vcipher 15, 15, 19 -+ vcipher 15, 15, 20 -+ vcipher 15, 15, 21 -+ vcipher 15, 15, 22 -+ -+ xxlor 19+32, 5, 5 -+ xxlor 20+32, 6, 6 -+ xxlor 21+32, 7, 7 -+ xxlor 22+32, 8, 8 -+ -+ vcipher 15, 15, 19 -+ vcipher 15, 15, 20 -+ vcipher 15, 15, 21 -+ vcipher 15, 15, 22 -+ -+ xxlor 19+32, 9, 9 -+ vcipher 15, 15, 19 -+.endm -+ -+Next_rem_block: -+ lxvb16x 15, 0, 14 # load block -+ -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_next_1x -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_next_1x -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_next_1x -+ -+Do_next_1x: -+ vcipherlast 15, 15, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ addi 14, 14, 16 -+ addi 9, 9, 16 -+ -+ vmr 28, 15 -+ ppc_update_hash_1x -+ -+ addi 12, 12, -16 -+ addi 11, 11, 16 -+ xxlor 19+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 15, 30, 19 # add round key -+ -+ bdnz Next_rem_block -+ -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+Final_block: -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_final_1x -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_final_1x -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_final_1x -+ -+Do_final_1x: -+ vcipherlast 15, 15, 23 -+ -+ lxvb16x 15, 0, 14 # load last block -+ xxlxor 47, 47, 15 -+ -+ # create partial block mask -+ li 15, 16 -+ sub 15, 15, 12 # index to the mask -+ -+ vspltisb 16, -1 # first 16 bytes - 0xffff...ff -+ vspltisb 17, 0 # second 16 bytes - 0x0000...00 -+ li 10, 192 -+ stvx 16, 10, 1 -+ addi 10, 10, 16 -+ stvx 17, 10, 1 -+ -+ addi 10, 1, 192 -+ lxvb16x 16, 15, 10 # load partial block mask -+ xxland 47, 47, 16 -+ -+ vmr 28, 15 -+ ppc_update_hash_1x -+ -+ # * should store only the remaining bytes. -+ bl Write_partial_block -+ -+ b aes_gcm_out -+ -+# -+# Write partial block -+# r9 - output -+# r12 - remaining bytes -+# v15 - partial input data -+# -+Write_partial_block: -+ li 10, 192 -+ stxvb16x 15+32, 10, 1 # last block -+ -+ #add 10, 9, 11 # Output -+ addi 10, 9, -1 -+ addi 16, 1, 191 -+ -+ mtctr 12 # remaining bytes -+ li 15, 0 -+ -+Write_last_byte: -+ lbzu 14, 1(16) -+ stbu 14, 1(10) -+ bdnz Write_last_byte -+ blr -+ -+aes_gcm_out: -+ # out = state -+ stxvb16x 32, 0, 8 # write out Xi -+ add 3, 11, 12 # return count -+ -+ li 9, 256 -+ lvx 20, 9, 1 -+ addi 9, 9, 16 -+ lvx 21, 9, 1 -+ addi 9, 9, 16 -+ lvx 22, 9, 1 -+ addi 9, 9, 16 -+ lvx 23, 9, 1 -+ addi 9, 9, 16 -+ lvx 24, 9, 1 -+ addi 9, 9, 16 -+ lvx 25, 9, 1 -+ addi 9, 9, 16 -+ lvx 26, 9, 1 -+ addi 9, 9, 16 -+ lvx 27, 9, 1 -+ addi 9, 9, 16 -+ lvx 28, 9, 1 -+ addi 9, 9, 16 -+ lvx 29, 9, 1 -+ addi 9, 9, 16 -+ lvx 30, 9, 1 -+ addi 9, 9, 16 -+ lvx 31, 9, 1 -+ -+ ld 0, 528(1) -+ ld 14,112(1) -+ ld 15,120(1) -+ ld 16,128(1) -+ ld 17,136(1) -+ ld 18,144(1) -+ ld 19,152(1) -+ ld 20,160(1) -+ ld 21,168(1) -+ -+ mtlr 0 -+ addi 1, 1, 512 -+ blr -+ -+# -+# 8x Decrypt -+# -+.global ppc_aes_gcm_decrypt -+.align 5 -+ppc_aes_gcm_decrypt: -+_ppc_aes_gcm_decrypt: -+ -+ stdu 1,-512(1) -+ mflr 0 -+ -+ std 14,112(1) -+ std 15,120(1) -+ std 16,128(1) -+ std 17,136(1) -+ std 18,144(1) -+ std 19,152(1) -+ std 20,160(1) -+ std 21,168(1) -+ li 9, 256 -+ stvx 20, 9, 1 -+ addi 9, 9, 16 -+ stvx 21, 9, 1 -+ addi 9, 9, 16 -+ stvx 22, 9, 1 -+ addi 9, 9, 16 -+ stvx 23, 9, 1 -+ addi 9, 9, 16 -+ stvx 24, 9, 1 -+ addi 9, 9, 16 -+ stvx 25, 9, 1 -+ addi 9, 9, 16 -+ stvx 26, 9, 1 -+ addi 9, 9, 16 -+ stvx 27, 9, 1 -+ addi 9, 9, 16 -+ stvx 28, 9, 1 -+ addi 9, 9, 16 -+ stvx 29, 9, 1 -+ addi 9, 9, 16 -+ stvx 30, 9, 1 -+ addi 9, 9, 16 -+ stvx 31, 9, 1 -+ std 0, 528(1) -+ -+ # Load Xi -+ lxvb16x 32, 0, 8 # load Xi -+ -+ # load Hash - h^4, h^3, h^2, h -+ li 10, 32 -+ lxvd2x 2+32, 10, 8 # H Poli -+ li 10, 48 -+ lxvd2x 3+32, 10, 8 # Hl -+ li 10, 64 -+ lxvd2x 4+32, 10, 8 # H -+ li 10, 80 -+ lxvd2x 5+32, 10, 8 # Hh -+ -+ li 10, 96 -+ lxvd2x 6+32, 10, 8 # H^2l -+ li 10, 112 -+ lxvd2x 7+32, 10, 8 # H^2 -+ li 10, 128 -+ lxvd2x 8+32, 10, 8 # H^2h -+ -+ li 10, 144 -+ lxvd2x 9+32, 10, 8 # H^3l -+ li 10, 160 -+ lxvd2x 10+32, 10, 8 # H^3 -+ li 10, 176 -+ lxvd2x 11+32, 10, 8 # H^3h -+ -+ li 10, 192 -+ lxvd2x 12+32, 10, 8 # H^4l -+ li 10, 208 -+ lxvd2x 13+32, 10, 8 # H^4 -+ li 10, 224 -+ lxvd2x 14+32, 10, 8 # H^4h -+ -+ # initialize ICB: GHASH( IV ), IV - r7 -+ lxvb16x 30+32, 0, 7 # load IV - v30 -+ -+ mr 12, 5 # length -+ li 11, 0 # block index -+ -+ # counter 1 -+ vxor 31, 31, 31 -+ vspltisb 22, 1 -+ vsldoi 31, 31, 22,1 # counter 1 -+ -+ # load round key to VSR -+ lxv 0, 0(6) -+ lxv 1, 0x10(6) -+ lxv 2, 0x20(6) -+ lxv 3, 0x30(6) -+ lxv 4, 0x40(6) -+ lxv 5, 0x50(6) -+ lxv 6, 0x60(6) -+ lxv 7, 0x70(6) -+ lxv 8, 0x80(6) -+ lxv 9, 0x90(6) -+ lxv 10, 0xa0(6) -+ -+ # load rounds - 10 (128), 12 (192), 14 (256) -+ lwz 9,240(6) -+ -+ # -+ # vxor state, state, w # addroundkey -+ xxlor 32+29, 0, 0 -+ vxor 15, 30, 29 # IV + round key - add round key 0 -+ -+ cmpdi 9, 10 -+ beq Loop_aes_gcm_8x_dec -+ -+ # load 2 more round keys (v11, v12) -+ lxv 11, 0xb0(6) -+ lxv 12, 0xc0(6) -+ -+ cmpdi 9, 12 -+ beq Loop_aes_gcm_8x_dec -+ -+ # load 2 more round keys (v11, v12, v13, v14) -+ lxv 13, 0xd0(6) -+ lxv 14, 0xe0(6) -+ cmpdi 9, 14 -+ beq Loop_aes_gcm_8x_dec -+ -+ b aes_gcm_out -+ -+.align 5 -+Loop_aes_gcm_8x_dec: -+ mr 14, 3 -+ mr 9, 4 -+ -+ # n blocks -+ li 10, 128 -+ divdu 10, 5, 10 # n 128 bytes-blocks -+ cmpdi 10, 0 -+ beq Loop_last_block_dec -+ -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 16, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 29 -+ -+ mtctr 10 -+ -+ li 15, 16 -+ li 16, 32 -+ li 17, 48 -+ li 18, 64 -+ li 19, 80 -+ li 20, 96 -+ li 21, 112 -+ -+ lwz 10, 240(6) -+ -+Loop_8x_block_dec: -+ -+ lxvb16x 15, 0, 14 # load block -+ lxvb16x 16, 15, 14 # load block -+ lxvb16x 17, 16, 14 # load block -+ lxvb16x 18, 17, 14 # load block -+ lxvb16x 19, 18, 14 # load block -+ lxvb16x 20, 19, 14 # load block -+ lxvb16x 21, 20, 14 # load block -+ lxvb16x 22, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ Loop_aes_middle8x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_last_aes_dec -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_last_aes_dec -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_last_aes_dec -+ b aes_gcm_out -+ -+Do_last_aes_dec: -+ -+ # -+ # last round -+ vcipherlast 15, 15, 23 -+ vcipherlast 16, 16, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ xxlxor 48, 48, 16 -+ stxvb16x 48, 15, 9 # store output -+ -+ vcipherlast 17, 17, 23 -+ vcipherlast 18, 18, 23 -+ -+ xxlxor 49, 49, 17 -+ stxvb16x 49, 16, 9 # store output -+ xxlxor 50, 50, 18 -+ stxvb16x 50, 17, 9 # store output -+ -+ vcipherlast 19, 19, 23 -+ vcipherlast 20, 20, 23 -+ -+ xxlxor 51, 51, 19 -+ stxvb16x 51, 18, 9 # store output -+ xxlxor 52, 52, 20 -+ stxvb16x 52, 19, 9 # store output -+ -+ vcipherlast 21, 21, 23 -+ vcipherlast 22, 22, 23 -+ -+ xxlxor 53, 53, 21 -+ stxvb16x 53, 20, 9 # store output -+ xxlxor 54, 54, 22 -+ stxvb16x 54, 21, 9 # store output -+ -+ addi 9, 9, 128 -+ -+ xxlor 15+32, 15, 15 -+ xxlor 16+32, 16, 16 -+ xxlor 17+32, 17, 17 -+ xxlor 18+32, 18, 18 -+ xxlor 19+32, 19, 19 -+ xxlor 20+32, 20, 20 -+ xxlor 21+32, 21, 21 -+ xxlor 22+32, 22, 22 -+ -+ # ghash here -+ ppc_aes_gcm_ghash2_4x -+ -+ xxlor 27+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vmr 29, 30 -+ vxor 15, 30, 27 # add round key -+ vaddudm 30, 30, 31 -+ vxor 16, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 27 -+ addi 12, 12, -128 -+ addi 11, 11, 128 -+ -+ bdnz Loop_8x_block_dec -+ -+ vmr 30, 29 -+ -+Loop_last_block_dec: -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+ # loop last few blocks -+ li 10, 16 -+ divdu 10, 12, 10 -+ -+ mtctr 10 -+ -+ lwz 10,240(6) -+ -+ cmpdi 12, 16 -+ blt Final_block_dec -+ -+Next_rem_block_dec: -+ lxvb16x 15, 0, 14 # load block -+ -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_next_1x_dec -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_next_1x_dec -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_next_1x_dec -+ -+Do_next_1x_dec: -+ vcipherlast 15, 15, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ addi 14, 14, 16 -+ addi 9, 9, 16 -+ -+ xxlor 28+32, 15, 15 -+ ppc_update_hash_1x -+ -+ addi 12, 12, -16 -+ addi 11, 11, 16 -+ xxlor 19+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 15, 30, 19 # add round key -+ -+ bdnz Next_rem_block_dec -+ -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+Final_block_dec: -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_final_1x_dec -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_final_1x_dec -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_final_1x_dec -+ -+Do_final_1x_dec: -+ vcipherlast 15, 15, 23 -+ -+ lxvb16x 15, 0, 14 # load block -+ xxlxor 47, 47, 15 -+ -+ # create partial block mask -+ li 15, 16 -+ sub 15, 15, 12 # index to the mask -+ -+ vspltisb 16, -1 # first 16 bytes - 0xffff...ff -+ vspltisb 17, 0 # second 16 bytes - 0x0000...00 -+ li 10, 192 -+ stvx 16, 10, 1 -+ addi 10, 10, 16 -+ stvx 17, 10, 1 -+ -+ addi 10, 1, 192 -+ lxvb16x 16, 15, 10 # load block mask -+ xxland 47, 47, 16 -+ -+ xxlor 28+32, 15, 15 -+ ppc_update_hash_1x -+ -+ # * should store only the remaining bytes. -+ bl Write_partial_block -+ -+ b aes_gcm_out -+ -+ -+___ -+ -+foreach (split("\n",$code)) { -+ s/\`([^\`]*)\`/eval $1/geo; -+ -+ if ($flavour =~ /le$/o) { # little-endian -+ s/le\?//o or -+ s/be\?/#be#/o; -+ } else { -+ s/le\?/#le#/o or -+ s/be\?//o; -+ } -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; # enforce flush -diff -rupN --no-dereference openssl-3.0.9/crypto/modes/build.info openssl-3.0.9-new/crypto/modes/build.info ---- openssl-3.0.9/crypto/modes/build.info 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/modes/build.info 2023-05-31 14:33:17.191112825 +0200 -@@ -32,7 +32,7 @@ IF[{- !$disabled{asm} -}] - $MODESASM_parisc20_64=$MODESASM_parisc11 - $MODESDEF_parisc20_64=$MODESDEF_parisc11 - -- $MODESASM_ppc32=ghashp8-ppc.s -+ $MODESASM_ppc32=ghashp8-ppc.s aes-gcm-ppc.s - $MODESDEF_ppc32= - $MODESASM_ppc64=$MODESASM_ppc32 - $MODESDEF_ppc64=$MODESDEF_ppc32 -@@ -71,6 +71,7 @@ INCLUDE[ghash-sparcv9.o]=.. - GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl - GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl - GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl -+GENERATE[aes-gcm-ppc.s]=asm/aes-gcm-ppc.pl - GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl - INCLUDE[ghash-armv4.o]=.. - GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl -diff -rupN --no-dereference openssl-3.0.9/include/crypto/aes_platform.h openssl-3.0.9-new/include/crypto/aes_platform.h ---- openssl-3.0.9/include/crypto/aes_platform.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/crypto/aes_platform.h 2023-05-31 14:33:17.192112825 +0200 -@@ -74,6 +74,26 @@ void AES_xts_decrypt(const unsigned char - # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks - # define HWAES_xts_encrypt aes_p8_xts_encrypt - # define HWAES_xts_decrypt aes_p8_xts_decrypt -+# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) -+# define AES_GCM_ENC_BYTES 128 -+# define AES_GCM_DEC_BYTES 128 -+size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, unsigned char ivec[16], -+ u64 *Xi); -+size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, unsigned char ivec[16], -+ u64 *Xi); -+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, -+ unsigned char ivec[16], u64 *Xi); -+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, -+ unsigned char ivec[16], u64 *Xi); -+# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap -+# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap -+# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ -+ (gctx)->gcm.ghash==gcm_ghash_p8) -+void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); - # endif /* PPC */ - - # if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw.c openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw.c ---- openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw.c 2023-05-31 14:33:17.192112825 +0200 -@@ -141,6 +141,8 @@ static const PROV_GCM_HW aes_gcm = { - # include "cipher_aes_gcm_hw_t4.inc" - #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM) - # include "cipher_aes_gcm_hw_armv8.inc" -+#elif defined(PPC_AES_GCM_CAPABLE) -+# include "cipher_aes_gcm_hw_ppc.inc" - #else - const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) - { -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc ---- openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2023-05-31 14:33:17.192112825 +0200 -@@ -0,0 +1,119 @@ -+/* -+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/*- -+ * PPC support for AES GCM. -+ * This file is included by cipher_aes_gcm_hw.c -+ */ -+ -+static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, -+ size_t keylen) -+{ -+ PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; -+ AES_KEY *ks = &actx->ks.ks; -+ -+ GCM_HW_SET_KEY_CTR_FN(ks, aes_p8_set_encrypt_key, aes_p8_encrypt, -+ aes_p8_ctr32_encrypt_blocks); -+ return 1; -+} -+ -+ -+extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi); -+extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi); -+ -+static inline u32 UTO32(unsigned char *buf) -+{ -+ return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); -+} -+ -+static inline u32 add32TOU(unsigned char buf[4], u32 n) -+{ -+ u32 r; -+ -+ r = UTO32(buf); -+ r += n; -+ buf[0] = (unsigned char) (r >> 24) & 0xFF; -+ buf[1] = (unsigned char) (r >> 16) & 0xFF; -+ buf[2] = (unsigned char) (r >> 8) & 0xFF; -+ buf[3] = (unsigned char) r & 0xFF; -+ return r; -+} -+ -+static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) -+{ -+ int s = 0; -+ int ndone = 0; -+ int ctr_reset = 0; -+ u64 blocks_unused; -+ u64 nb = len / 16; -+ u64 next_ctr = 0; -+ unsigned char ctr_saved[12]; -+ -+ memcpy(ctr_saved, ivec, 12); -+ -+ while (nb) { -+ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12); -+ if (nb > blocks_unused) { -+ len = blocks_unused * 16; -+ nb -= blocks_unused; -+ next_ctr = blocks_unused; -+ ctr_reset = 1; -+ } else { -+ len = nb * 16; -+ next_ctr = nb; -+ nb = 0; -+ } -+ -+ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi) -+ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi); -+ -+ /* add counter to ivec */ -+ add32TOU(ivec + 12, (u32) next_ctr); -+ if (ctr_reset) { -+ ctr_reset = 0; -+ in += len; -+ out += len; -+ } -+ memcpy(ivec, ctr_saved, 12); -+ ndone += s; -+ } -+ -+ return ndone; -+} -+ -+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi) -+{ -+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); -+} -+ -+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi) -+{ -+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); -+} -+ -+ -+static const PROV_GCM_HW aes_ppc_gcm = { -+ aes_ppc_gcm_initkey, -+ ossl_gcm_setiv, -+ ossl_gcm_aad_update, -+ generic_aes_gcm_cipher_update, -+ ossl_gcm_cipher_final, -+ ossl_gcm_one_shot -+}; -+ -+const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) -+{ -+ return PPC_AES_GCM_CAPABLE ? &aes_ppc_gcm : &aes_gcm; -+} -+ diff --git a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch deleted file mode 100644 index 36af7e4..0000000 --- a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch +++ /dev/null @@ -1,1480 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/chacha/asm/chachap10-ppc.pl openssl-3.0.9-new/crypto/chacha/asm/chachap10-ppc.pl ---- openssl-3.0.9/crypto/chacha/asm/chachap10-ppc.pl 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.9-new/crypto/chacha/asm/chachap10-ppc.pl 2023-05-31 14:33:17.458112709 +0200 -@@ -0,0 +1,1288 @@ -+#! /usr/bin/env perl -+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# -+# ==================================================================== -+# Written by Andy Polyakov for the OpenSSL -+# project. The module is, however, dual licensed under OpenSSL and -+# CRYPTOGAMS licenses depending on where you obtain it. For further -+# details see http://www.openssl.org/~appro/cryptogams/. -+# ==================================================================== -+# -+# October 2015 -+# -+# ChaCha20 for PowerPC/AltiVec. -+# -+# June 2018 -+# -+# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for -+# processors that can't issue more than one vector instruction per -+# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x -+# interleave would perform better. Incidentally PowerISA 2.07 (first -+# implemented by POWER8) defined new usable instructions, hence 4xVSX -+# code path... -+# -+# Performance in cycles per byte out of large buffer. -+# -+# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX -+# -+# Freescale e300 13.6/+115% - - -+# PPC74x0/G4e 6.81/+310% 3.81 - -+# PPC970/G5 9.29/+160% ? - -+# POWER7 8.62/+61% 3.35 - -+# POWER8 8.70/+51% 2.91 2.09 -+# POWER9 8.80/+29% 4.44(*) 2.45(**) -+# -+# (*) this is trade-off result, it's possible to improve it, but -+# then it would negatively affect all others; -+# (**) POWER9 seems to be "allergic" to mixing vector and integer -+# instructions, which is why switch to vector-only code pays -+# off that much; -+ -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+if ($flavour =~ /64/) { -+ $SIZE_T =8; -+ $LRSAVE =2*$SIZE_T; -+ $STU ="stdu"; -+ $POP ="ld"; -+ $PUSH ="std"; -+ $UCMP ="cmpld"; -+} elsif ($flavour =~ /32/) { -+ $SIZE_T =4; -+ $LRSAVE =$SIZE_T; -+ $STU ="stwu"; -+ $POP ="lwz"; -+ $PUSH ="stw"; -+ $UCMP ="cmplw"; -+} else { die "nonsense $flavour"; } -+ -+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0; -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -+die "can't locate ppc-xlate.pl"; -+ -+open STDOUT,"| $^X $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+ -+$LOCALS=6*$SIZE_T; -+$FRAME=$LOCALS+64+18*$SIZE_T; # 64 is for local variables -+ -+sub AUTOLOAD() # thunk [simplified] x86-style perlasm -+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; -+ $code .= "\t$opcode\t".join(',',@_)."\n"; -+} -+ -+my $sp = "r1"; -+ -+my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); -+ -+ -+{{{ -+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, -+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); -+my @K = map("v$_",(16..19)); -+my $CTR = "v26"; -+my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); -+my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); -+my $beperm = "v31"; -+ -+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); -+ -+my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload -+ -+ -+sub VSX_lane_ROUND_4x { -+my ($a0,$b0,$c0,$d0)=@_; -+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -+my @x=map("\"v$_\"",(0..15)); -+ -+ ( -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vrlw (@x[$d0],@x[$d0],'$sixteen')", -+ "&vrlw (@x[$d1],@x[$d1],'$sixteen')", -+ "&vrlw (@x[$d2],@x[$d2],'$sixteen')", -+ "&vrlw (@x[$d3],@x[$d3],'$sixteen')", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vrlw (@x[$b0],@x[$b0],'$twelve')", -+ "&vrlw (@x[$b1],@x[$b1],'$twelve')", -+ "&vrlw (@x[$b2],@x[$b2],'$twelve')", -+ "&vrlw (@x[$b3],@x[$b3],'$twelve')", -+ -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vrlw (@x[$d0],@x[$d0],'$eight')", -+ "&vrlw (@x[$d1],@x[$d1],'$eight')", -+ "&vrlw (@x[$d2],@x[$d2],'$eight')", -+ "&vrlw (@x[$d3],@x[$d3],'$eight')", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vrlw (@x[$b0],@x[$b0],'$seven')", -+ "&vrlw (@x[$b1],@x[$b1],'$seven')", -+ "&vrlw (@x[$b2],@x[$b2],'$seven')", -+ "&vrlw (@x[$b3],@x[$b3],'$seven')" -+ ); -+} -+ -+$code.=<<___; -+ -+.globl .ChaCha20_ctr32_vsx_p10 -+.align 5 -+.ChaCha20_ctr32_vsx_p10: -+ ${UCMP}i $len,255 -+ bgt ChaCha20_ctr32_vsx_8x -+ $STU $sp,-$FRAME($sp) -+ mflr r0 -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ mfspr r12,256 -+ stvx v26,r10,$sp -+ addi r10,r10,32 -+ stvx v27,r11,$sp -+ addi r11,r11,32 -+ stvx v28,r10,$sp -+ addi r10,r10,32 -+ stvx v29,r11,$sp -+ addi r11,r11,32 -+ stvx v30,r10,$sp -+ stvx v31,r11,$sp -+ stw r12,`$FRAME-4`($sp) # save vrsave -+ li r12,-4096+63 -+ $PUSH r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # preserve 29 AltiVec registers -+ -+ bl Lconsts # returns pointer Lsigma in r12 -+ lvx_4w @K[0],0,r12 # load sigma -+ addi r12,r12,0x70 -+ li $x10,16 -+ li $x20,32 -+ li $x30,48 -+ li r11,64 -+ -+ lvx_4w @K[1],0,$key # load key -+ lvx_4w @K[2],$x10,$key -+ lvx_4w @K[3],0,$ctr # load counter -+ -+ vxor $xt0,$xt0,$xt0 -+ lvx_4w $xt1,r11,r12 -+ vspltw $CTR,@K[3],0 -+ vsldoi @K[3],@K[3],$xt0,4 -+ vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0] -+ vadduwm $CTR,$CTR,$xt1 -+ -+ be?lvsl $beperm,0,$x10 # 0x00..0f -+ be?vspltisb $xt0,3 # 0x03..03 -+ be?vxor $beperm,$beperm,$xt0 # swap bytes within words -+ -+ li r0,10 # inner loop counter -+ mtctr r0 -+ b Loop_outer_vsx -+ -+.align 5 -+Loop_outer_vsx: -+ lvx $xa0,$x00,r12 # load [smashed] sigma -+ lvx $xa1,$x10,r12 -+ lvx $xa2,$x20,r12 -+ lvx $xa3,$x30,r12 -+ -+ vspltw $xb0,@K[1],0 # smash the key -+ vspltw $xb1,@K[1],1 -+ vspltw $xb2,@K[1],2 -+ vspltw $xb3,@K[1],3 -+ -+ vspltw $xc0,@K[2],0 -+ vspltw $xc1,@K[2],1 -+ vspltw $xc2,@K[2],2 -+ vspltw $xc3,@K[2],3 -+ -+ vmr $xd0,$CTR # smash the counter -+ vspltw $xd1,@K[3],1 -+ vspltw $xd2,@K[3],2 -+ vspltw $xd3,@K[3],3 -+ -+ vspltisw $sixteen,-16 # synthesize constants -+ vspltisw $twelve,12 -+ vspltisw $eight,8 -+ vspltisw $seven,7 -+ -+Loop_vsx_4x: -+___ -+ foreach (&VSX_lane_ROUND_4x(0, 4, 8,12)) { eval; } -+ foreach (&VSX_lane_ROUND_4x(0, 5,10,15)) { eval; } -+$code.=<<___; -+ -+ bdnz Loop_vsx_4x -+ -+ vadduwm $xd0,$xd0,$CTR -+ -+ vmrgew $xt0,$xa0,$xa1 # transpose data -+ vmrgew $xt1,$xa2,$xa3 -+ vmrgow $xa0,$xa0,$xa1 -+ vmrgow $xa2,$xa2,$xa3 -+ vmrgew $xt2,$xb0,$xb1 -+ vmrgew $xt3,$xb2,$xb3 -+ vpermdi $xa1,$xa0,$xa2,0b00 -+ vpermdi $xa3,$xa0,$xa2,0b11 -+ vpermdi $xa0,$xt0,$xt1,0b00 -+ vpermdi $xa2,$xt0,$xt1,0b11 -+ -+ vmrgow $xb0,$xb0,$xb1 -+ vmrgow $xb2,$xb2,$xb3 -+ vmrgew $xt0,$xc0,$xc1 -+ vmrgew $xt1,$xc2,$xc3 -+ vpermdi $xb1,$xb0,$xb2,0b00 -+ vpermdi $xb3,$xb0,$xb2,0b11 -+ vpermdi $xb0,$xt2,$xt3,0b00 -+ vpermdi $xb2,$xt2,$xt3,0b11 -+ -+ vmrgow $xc0,$xc0,$xc1 -+ vmrgow $xc2,$xc2,$xc3 -+ vmrgew $xt2,$xd0,$xd1 -+ vmrgew $xt3,$xd2,$xd3 -+ vpermdi $xc1,$xc0,$xc2,0b00 -+ vpermdi $xc3,$xc0,$xc2,0b11 -+ vpermdi $xc0,$xt0,$xt1,0b00 -+ vpermdi $xc2,$xt0,$xt1,0b11 -+ -+ vmrgow $xd0,$xd0,$xd1 -+ vmrgow $xd2,$xd2,$xd3 -+ vspltisw $xt0,4 -+ vadduwm $CTR,$CTR,$xt0 # next counter value -+ vpermdi $xd1,$xd0,$xd2,0b00 -+ vpermdi $xd3,$xd0,$xd2,0b11 -+ vpermdi $xd0,$xt2,$xt3,0b00 -+ vpermdi $xd2,$xt2,$xt3,0b11 -+ -+ vadduwm $xa0,$xa0,@K[0] -+ vadduwm $xb0,$xb0,@K[1] -+ vadduwm $xc0,$xc0,@K[2] -+ vadduwm $xd0,$xd0,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx -+ -+ vadduwm $xa0,$xa1,@K[0] -+ vadduwm $xb0,$xb1,@K[1] -+ vadduwm $xc0,$xc1,@K[2] -+ vadduwm $xd0,$xd1,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx -+ -+ vadduwm $xa0,$xa2,@K[0] -+ vadduwm $xb0,$xb2,@K[1] -+ vadduwm $xc0,$xc2,@K[2] -+ vadduwm $xd0,$xd2,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx -+ -+ vadduwm $xa0,$xa3,@K[0] -+ vadduwm $xb0,$xb3,@K[1] -+ vadduwm $xc0,$xc3,@K[2] -+ vadduwm $xd0,$xd3,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ mtctr r0 -+ bne Loop_outer_vsx -+ -+Ldone_vsx: -+ lwz r12,`$FRAME-4`($sp) # pull vrsave -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ $POP r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # restore vrsave -+ lvx v26,r10,$sp -+ addi r10,r10,32 -+ lvx v27,r11,$sp -+ addi r11,r11,32 -+ lvx v28,r10,$sp -+ addi r10,r10,32 -+ lvx v29,r11,$sp -+ addi r11,r11,32 -+ lvx v30,r10,$sp -+ lvx v31,r11,$sp -+ mtlr r0 -+ addi $sp,$sp,$FRAME -+ blr -+ -+.align 4 -+Ltail_vsx: -+ addi r11,$sp,$LOCALS -+ mtctr $len -+ stvx_4w $xa0,$x00,r11 # offload block to stack -+ stvx_4w $xb0,$x10,r11 -+ stvx_4w $xc0,$x20,r11 -+ stvx_4w $xd0,$x30,r11 -+ subi r12,r11,1 # prepare for *++ptr -+ subi $inp,$inp,1 -+ subi $out,$out,1 -+ -+Loop_tail_vsx: -+ lbzu r6,1(r12) -+ lbzu r7,1($inp) -+ xor r6,r6,r7 -+ stbu r6,1($out) -+ bdnz Loop_tail_vsx -+ -+ stvx_4w $K[0],$x00,r11 # wipe copy of the block -+ stvx_4w $K[0],$x10,r11 -+ stvx_4w $K[0],$x20,r11 -+ stvx_4w $K[0],$x30,r11 -+ -+ b Ldone_vsx -+ .long 0 -+ .byte 0,12,0x04,1,0x80,0,5,0 -+ .long 0 -+.size .ChaCha20_ctr32_vsx_p10,.-.ChaCha20_ctr32_vsx_p10 -+___ -+}}} -+ -+##This is 8 block in parallel implementation. The heart of chacha round uses vector instruction that has access to -+# vsr[32+X]. To perform the 8 parallel block we tend to use all 32 register to hold the 8 block info. -+# WE need to store few register value on side, so we can use VSR{32+X} for few vector instructions used in round op and hold intermediate value. -+# WE use the VSR[0]-VSR[31] for holding intermediate value and perform 8 block in parallel. -+# -+{{{ -+#### ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); -+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, -+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3, -+ $xa4,$xa5,$xa6,$xa7, $xb4,$xb5,$xb6,$xb7, -+ $xc4,$xc5,$xc6,$xc7, $xd4,$xd5,$xd6,$xd7) = map("v$_",(0..31)); -+my ($xcn4,$xcn5,$xcn6,$xcn7, $xdn4,$xdn5,$xdn6,$xdn7) = map("v$_",(8..15)); -+my ($xan0,$xbn0,$xcn0,$xdn0) = map("v$_",(0..3)); -+my @K = map("v$_",27,(24..26)); -+my ($xt0,$xt1,$xt2,$xt3,$xt4) = map("v$_",23,(28..31)); -+my $xr0 = "v4"; -+my $CTR0 = "v22"; -+my $CTR1 = "v5"; -+my $beperm = "v31"; -+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); -+my ($xv0,$xv1,$xv2,$xv3,$xv4,$xv5,$xv6,$xv7) = map("v$_",(0..7)); -+my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("v$_",(8..17)); -+my ($xv18,$xv19,$xv20,$xv21) = map("v$_",(18..21)); -+my ($xv22,$xv23,$xv24,$xv25,$xv26) = map("v$_",(22..26)); -+ -+my $FRAME=$LOCALS+64+9*16; # 8*16 is for v24-v31 offload -+ -+sub VSX_lane_ROUND_8x { -+my ($a0,$b0,$c0,$d0,$a4,$b4,$c4,$d4)=@_; -+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -+my ($a5,$b5,$c5,$d5)=map(($_&~3)+(($_+1)&3),($a4,$b4,$c4,$d4)); -+my ($a6,$b6,$c6,$d6)=map(($_&~3)+(($_+1)&3),($a5,$b5,$c5,$d5)); -+my ($a7,$b7,$c7,$d7)=map(($_&~3)+(($_+1)&3),($a6,$b6,$c6,$d6)); -+my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("\"v$_\"",(8..17)); -+my @x=map("\"v$_\"",(0..31)); -+ -+ ( -+ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", #copy v30 to v13 -+ "&vxxlorc (@x[$c7], $xv9,$xv9)", -+ -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 -+ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", # Q1 -+ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", # Q2 -+ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", # Q3 -+ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", # Q4 -+ -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vxor (@x[$d4],@x[$d4],@x[$a4])", -+ "&vxor (@x[$d5],@x[$d5],@x[$a5])", -+ "&vxor (@x[$d6],@x[$d6],@x[$a6])", -+ "&vxor (@x[$d7],@x[$d7],@x[$a7])", -+ -+ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", -+ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", -+ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", -+ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", -+ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", -+ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", -+ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", -+ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", -+ -+ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", -+ "&vxxlorc (@x[$c7], $xv15,$xv15)", -+ "&vxxlorc (@x[$a7], $xv10,$xv10)", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", -+ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", -+ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", -+ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", -+ -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vxor (@x[$b4],@x[$b4],@x[$c4])", -+ "&vxor (@x[$b5],@x[$b5],@x[$c5])", -+ "&vxor (@x[$b6],@x[$b6],@x[$c6])", -+ "&vxor (@x[$b7],@x[$b7],@x[$c7])", -+ -+ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", -+ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", -+ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", -+ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", -+ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", -+ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", -+ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", -+ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", -+ -+ "&vxxlorc (@x[$a7], $xv13,$xv13)", -+ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", -+ "&vxxlorc (@x[$c7], $xv11,$xv11)", -+ -+ -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", -+ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", -+ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", -+ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", -+ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", -+ -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vxor (@x[$d4],@x[$d4],@x[$a4])", -+ "&vxor (@x[$d5],@x[$d5],@x[$a5])", -+ "&vxor (@x[$d6],@x[$d6],@x[$a6])", -+ "&vxor (@x[$d7],@x[$d7],@x[$a7])", -+ -+ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", -+ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", -+ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", -+ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", -+ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", -+ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", -+ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", -+ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", -+ -+ "&vxxlorc (@x[$c7], $xv15,$xv15)", -+ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", -+ "&vxxlorc (@x[$a7], $xv12,$xv12)", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", -+ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", -+ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", -+ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vxor (@x[$b4],@x[$b4],@x[$c4])", -+ "&vxor (@x[$b5],@x[$b5],@x[$c5])", -+ "&vxor (@x[$b6],@x[$b6],@x[$c6])", -+ "&vxor (@x[$b7],@x[$b7],@x[$c7])", -+ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", -+ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", -+ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", -+ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", -+ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", -+ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", -+ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", -+ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", -+ -+ "&vxxlorc (@x[$a7], $xv13,$xv13)", -+ ); -+} -+ -+$code.=<<___; -+ -+.globl .ChaCha20_ctr32_vsx_8x -+.align 5 -+.ChaCha20_ctr32_vsx_8x: -+ $STU $sp,-$FRAME($sp) -+ mflr r0 -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ mfspr r12,256 -+ stvx v24,r10,$sp -+ addi r10,r10,32 -+ stvx v25,r11,$sp -+ addi r11,r11,32 -+ stvx v26,r10,$sp -+ addi r10,r10,32 -+ stvx v27,r11,$sp -+ addi r11,r11,32 -+ stvx v28,r10,$sp -+ addi r10,r10,32 -+ stvx v29,r11,$sp -+ addi r11,r11,32 -+ stvx v30,r10,$sp -+ stvx v31,r11,$sp -+ stw r12,`$FRAME-4`($sp) # save vrsave -+ li r12,-4096+63 -+ $PUSH r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # preserve 29 AltiVec registers -+ -+ bl Lconsts # returns pointer Lsigma in r12 -+ -+ lvx_4w @K[0],0,r12 # load sigma -+ addi r12,r12,0x70 -+ li $x10,16 -+ li $x20,32 -+ li $x30,48 -+ li r11,64 -+ -+ vspltisw $xa4,-16 # synthesize constants -+ vspltisw $xb4,12 # synthesize constants -+ vspltisw $xc4,8 # synthesize constants -+ vspltisw $xd4,7 # synthesize constants -+ -+ lvx $xa0,$x00,r12 # load [smashed] sigma -+ lvx $xa1,$x10,r12 -+ lvx $xa2,$x20,r12 -+ lvx $xa3,$x30,r12 -+ -+ vxxlor $xv9 ,$xa4,$xa4 #save shift val in vr9-12 -+ vxxlor $xv10 ,$xb4,$xb4 -+ vxxlor $xv11 ,$xc4,$xc4 -+ vxxlor $xv12 ,$xd4,$xd4 -+ vxxlor $xv22 ,$xa0,$xa0 #save sigma in vr22-25 -+ vxxlor $xv23 ,$xa1,$xa1 -+ vxxlor $xv24 ,$xa2,$xa2 -+ vxxlor $xv25 ,$xa3,$xa3 -+ -+ lvx_4w @K[1],0,$key # load key -+ lvx_4w @K[2],$x10,$key -+ lvx_4w @K[3],0,$ctr # load counter -+ vspltisw $xt3,4 -+ -+ -+ vxor $xt2,$xt2,$xt2 -+ lvx_4w $xt1,r11,r12 -+ vspltw $xa2,@K[3],0 #save the original count after spltw -+ vsldoi @K[3],@K[3],$xt2,4 -+ vsldoi @K[3],$xt2,@K[3],12 # clear @K[3].word[0] -+ vadduwm $xt1,$xa2,$xt1 -+ vadduwm $xt3,$xt1,$xt3 # next counter value -+ vspltw $xa0,@K[2],2 # save the K[2] spltw 2 and save v8. -+ -+ be?lvsl $beperm,0,$x10 # 0x00..0f -+ be?vspltisb $xt0,3 # 0x03..03 -+ be?vxor $beperm,$beperm,$xt0 # swap bytes within words -+ be?vxxlor $xv26 ,$beperm,$beperm -+ -+ vxxlor $xv0 ,@K[0],@K[0] # K0,k1,k2 to vr0,1,2 -+ vxxlor $xv1 ,@K[1],@K[1] -+ vxxlor $xv2 ,@K[2],@K[2] -+ vxxlor $xv3 ,@K[3],@K[3] -+ vxxlor $xv4 ,$xt1,$xt1 #CTR ->4, CTR+4-> 5 -+ vxxlor $xv5 ,$xt3,$xt3 -+ vxxlor $xv8 ,$xa0,$xa0 -+ -+ li r0,10 # inner loop counter -+ mtctr r0 -+ b Loop_outer_vsx_8x -+ -+.align 5 -+Loop_outer_vsx_8x: -+ vxxlorc $xa0,$xv22,$xv22 # load [smashed] sigma -+ vxxlorc $xa1,$xv23,$xv23 -+ vxxlorc $xa2,$xv24,$xv24 -+ vxxlorc $xa3,$xv25,$xv25 -+ vxxlorc $xa4,$xv22,$xv22 -+ vxxlorc $xa5,$xv23,$xv23 -+ vxxlorc $xa6,$xv24,$xv24 -+ vxxlorc $xa7,$xv25,$xv25 -+ -+ vspltw $xb0,@K[1],0 # smash the key -+ vspltw $xb1,@K[1],1 -+ vspltw $xb2,@K[1],2 -+ vspltw $xb3,@K[1],3 -+ vspltw $xb4,@K[1],0 # smash the key -+ vspltw $xb5,@K[1],1 -+ vspltw $xb6,@K[1],2 -+ vspltw $xb7,@K[1],3 -+ -+ vspltw $xc0,@K[2],0 -+ vspltw $xc1,@K[2],1 -+ vspltw $xc2,@K[2],2 -+ vspltw $xc3,@K[2],3 -+ vspltw $xc4,@K[2],0 -+ vspltw $xc7,@K[2],3 -+ vspltw $xc5,@K[2],1 -+ -+ vxxlorc $xd0,$xv4,$xv4 # smash the counter -+ vspltw $xd1,@K[3],1 -+ vspltw $xd2,@K[3],2 -+ vspltw $xd3,@K[3],3 -+ vxxlorc $xd4,$xv5,$xv5 # smash the counter -+ vspltw $xd5,@K[3],1 -+ vspltw $xd6,@K[3],2 -+ vspltw $xd7,@K[3],3 -+ vxxlorc $xc6,$xv8,$xv8 #copy of vlspt k[2],2 is in v8.v26 ->k[3] so need to wait until k3 is done -+ -+Loop_vsx_8x: -+___ -+ foreach (&VSX_lane_ROUND_8x(0,4, 8,12,16,20,24,28)) { eval; } -+ foreach (&VSX_lane_ROUND_8x(0,5,10,15,16,21,26,31)) { eval; } -+$code.=<<___; -+ -+ bdnz Loop_vsx_8x -+ vxxlor $xv13 ,$xd4,$xd4 # save the register vr24-31 -+ vxxlor $xv14 ,$xd5,$xd5 # -+ vxxlor $xv15 ,$xd6,$xd6 # -+ vxxlor $xv16 ,$xd7,$xd7 # -+ -+ vxxlor $xv18 ,$xc4,$xc4 # -+ vxxlor $xv19 ,$xc5,$xc5 # -+ vxxlor $xv20 ,$xc6,$xc6 # -+ vxxlor $xv21 ,$xc7,$xc7 # -+ -+ vxxlor $xv6 ,$xb6,$xb6 # save vr23, so we get 8 regs -+ vxxlor $xv7 ,$xb7,$xb7 # save vr23, so we get 8 regs -+ be?vxxlorc $beperm,$xv26,$xv26 # copy back the the beperm. -+ -+ vxxlorc @K[0],$xv0,$xv0 #27 -+ vxxlorc @K[1],$xv1,$xv1 #24 -+ vxxlorc @K[2],$xv2,$xv2 #25 -+ vxxlorc @K[3],$xv3,$xv3 #26 -+ vxxlorc $CTR0,$xv4,$xv4 -+###changing to vertical -+ -+ vmrgew $xt0,$xa0,$xa1 # transpose data -+ vmrgew $xt1,$xa2,$xa3 -+ vmrgow $xa0,$xa0,$xa1 -+ vmrgow $xa2,$xa2,$xa3 -+ -+ vmrgew $xt2,$xb0,$xb1 -+ vmrgew $xt3,$xb2,$xb3 -+ vmrgow $xb0,$xb0,$xb1 -+ vmrgow $xb2,$xb2,$xb3 -+ -+ vadduwm $xd0,$xd0,$CTR0 -+ -+ vpermdi $xa1,$xa0,$xa2,0b00 -+ vpermdi $xa3,$xa0,$xa2,0b11 -+ vpermdi $xa0,$xt0,$xt1,0b00 -+ vpermdi $xa2,$xt0,$xt1,0b11 -+ vpermdi $xb1,$xb0,$xb2,0b00 -+ vpermdi $xb3,$xb0,$xb2,0b11 -+ vpermdi $xb0,$xt2,$xt3,0b00 -+ vpermdi $xb2,$xt2,$xt3,0b11 -+ -+ vmrgew $xt0,$xc0,$xc1 -+ vmrgew $xt1,$xc2,$xc3 -+ vmrgow $xc0,$xc0,$xc1 -+ vmrgow $xc2,$xc2,$xc3 -+ vmrgew $xt2,$xd0,$xd1 -+ vmrgew $xt3,$xd2,$xd3 -+ vmrgow $xd0,$xd0,$xd1 -+ vmrgow $xd2,$xd2,$xd3 -+ -+ vpermdi $xc1,$xc0,$xc2,0b00 -+ vpermdi $xc3,$xc0,$xc2,0b11 -+ vpermdi $xc0,$xt0,$xt1,0b00 -+ vpermdi $xc2,$xt0,$xt1,0b11 -+ vpermdi $xd1,$xd0,$xd2,0b00 -+ vpermdi $xd3,$xd0,$xd2,0b11 -+ vpermdi $xd0,$xt2,$xt3,0b00 -+ vpermdi $xd2,$xt2,$xt3,0b11 -+ -+ vspltisw $xt0,8 -+ vadduwm $CTR0,$CTR0,$xt0 # next counter value -+ vxxlor $xv4 ,$CTR0,$CTR0 #CTR+4-> 5 -+ -+ vadduwm $xa0,$xa0,@K[0] -+ vadduwm $xb0,$xb0,@K[1] -+ vadduwm $xc0,$xc0,@K[2] -+ vadduwm $xd0,$xd0,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xa0,$xa1,@K[0] -+ vadduwm $xb0,$xb1,@K[1] -+ vadduwm $xc0,$xc1,@K[2] -+ vadduwm $xd0,$xd1,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xa0,$xa2,@K[0] -+ vadduwm $xb0,$xb2,@K[1] -+ vadduwm $xc0,$xc2,@K[2] -+ vadduwm $xd0,$xd2,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xa0,$xa3,@K[0] -+ vadduwm $xb0,$xb3,@K[1] -+ vadduwm $xc0,$xc3,@K[2] -+ vadduwm $xd0,$xd3,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+#blk4-7: 24:31 remain the same as we can use the same logic above . Reg a4-b7 remain same.Load c4,d7--> position 8-15.we can reuse vr24-31. -+#VR0-3 : are used to load temp value, vr4 --> as xr0 instead of xt0. -+ -+ vxxlorc $CTR1 ,$xv5,$xv5 -+ -+ vxxlorc $xcn4 ,$xv18,$xv18 -+ vxxlorc $xcn5 ,$xv19,$xv19 -+ vxxlorc $xcn6 ,$xv20,$xv20 -+ vxxlorc $xcn7 ,$xv21,$xv21 -+ -+ vxxlorc $xdn4 ,$xv13,$xv13 -+ vxxlorc $xdn5 ,$xv14,$xv14 -+ vxxlorc $xdn6 ,$xv15,$xv15 -+ vxxlorc $xdn7 ,$xv16,$xv16 -+ vadduwm $xdn4,$xdn4,$CTR1 -+ -+ vxxlorc $xb6 ,$xv6,$xv6 -+ vxxlorc $xb7 ,$xv7,$xv7 -+#use xa1->xr0, as xt0...in the block 4-7 -+ -+ vmrgew $xr0,$xa4,$xa5 # transpose data -+ vmrgew $xt1,$xa6,$xa7 -+ vmrgow $xa4,$xa4,$xa5 -+ vmrgow $xa6,$xa6,$xa7 -+ vmrgew $xt2,$xb4,$xb5 -+ vmrgew $xt3,$xb6,$xb7 -+ vmrgow $xb4,$xb4,$xb5 -+ vmrgow $xb6,$xb6,$xb7 -+ -+ vpermdi $xa5,$xa4,$xa6,0b00 -+ vpermdi $xa7,$xa4,$xa6,0b11 -+ vpermdi $xa4,$xr0,$xt1,0b00 -+ vpermdi $xa6,$xr0,$xt1,0b11 -+ vpermdi $xb5,$xb4,$xb6,0b00 -+ vpermdi $xb7,$xb4,$xb6,0b11 -+ vpermdi $xb4,$xt2,$xt3,0b00 -+ vpermdi $xb6,$xt2,$xt3,0b11 -+ -+ vmrgew $xr0,$xcn4,$xcn5 -+ vmrgew $xt1,$xcn6,$xcn7 -+ vmrgow $xcn4,$xcn4,$xcn5 -+ vmrgow $xcn6,$xcn6,$xcn7 -+ vmrgew $xt2,$xdn4,$xdn5 -+ vmrgew $xt3,$xdn6,$xdn7 -+ vmrgow $xdn4,$xdn4,$xdn5 -+ vmrgow $xdn6,$xdn6,$xdn7 -+ -+ vpermdi $xcn5,$xcn4,$xcn6,0b00 -+ vpermdi $xcn7,$xcn4,$xcn6,0b11 -+ vpermdi $xcn4,$xr0,$xt1,0b00 -+ vpermdi $xcn6,$xr0,$xt1,0b11 -+ vpermdi $xdn5,$xdn4,$xdn6,0b00 -+ vpermdi $xdn7,$xdn4,$xdn6,0b11 -+ vpermdi $xdn4,$xt2,$xt3,0b00 -+ vpermdi $xdn6,$xt2,$xt3,0b11 -+ -+ vspltisw $xr0,8 -+ vadduwm $CTR1,$CTR1,$xr0 # next counter value -+ vxxlor $xv5 ,$CTR1,$CTR1 #CTR+4-> 5 -+ -+ vadduwm $xan0,$xa4,@K[0] -+ vadduwm $xbn0,$xb4,@K[1] -+ vadduwm $xcn0,$xcn4,@K[2] -+ vadduwm $xdn0,$xdn4,@K[3] -+ -+ be?vperm $xan0,$xa4,$xa4,$beperm -+ be?vperm $xbn0,$xb4,$xb4,$beperm -+ be?vperm $xcn0,$xcn4,$xcn4,$beperm -+ be?vperm $xdn0,$xdn4,$xdn4,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xan0,$xa5,@K[0] -+ vadduwm $xbn0,$xb5,@K[1] -+ vadduwm $xcn0,$xcn5,@K[2] -+ vadduwm $xdn0,$xdn5,@K[3] -+ -+ be?vperm $xan0,$xan0,$xan0,$beperm -+ be?vperm $xbn0,$xbn0,$xbn0,$beperm -+ be?vperm $xcn0,$xcn0,$xcn0,$beperm -+ be?vperm $xdn0,$xdn0,$xdn0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xan0,$xa6,@K[0] -+ vadduwm $xbn0,$xb6,@K[1] -+ vadduwm $xcn0,$xcn6,@K[2] -+ vadduwm $xdn0,$xdn6,@K[3] -+ -+ be?vperm $xan0,$xan0,$xan0,$beperm -+ be?vperm $xbn0,$xbn0,$xbn0,$beperm -+ be?vperm $xcn0,$xcn0,$xcn0,$beperm -+ be?vperm $xdn0,$xdn0,$xdn0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xan0,$xa7,@K[0] -+ vadduwm $xbn0,$xb7,@K[1] -+ vadduwm $xcn0,$xcn7,@K[2] -+ vadduwm $xdn0,$xdn7,@K[3] -+ -+ be?vperm $xan0,$xan0,$xan0,$beperm -+ be?vperm $xbn0,$xbn0,$xbn0,$beperm -+ be?vperm $xcn0,$xcn0,$xcn0,$beperm -+ be?vperm $xdn0,$xdn0,$xdn0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ mtctr r0 -+ bne Loop_outer_vsx_8x -+ -+Ldone_vsx_8x: -+ lwz r12,`$FRAME-4`($sp) # pull vrsave -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ $POP r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # restore vrsave -+ lvx v24,r10,$sp -+ addi r10,r10,32 -+ lvx v25,r11,$sp -+ addi r11,r11,32 -+ lvx v26,r10,$sp -+ addi r10,r10,32 -+ lvx v27,r11,$sp -+ addi r11,r11,32 -+ lvx v28,r10,$sp -+ addi r10,r10,32 -+ lvx v29,r11,$sp -+ addi r11,r11,32 -+ lvx v30,r10,$sp -+ lvx v31,r11,$sp -+ mtlr r0 -+ addi $sp,$sp,$FRAME -+ blr -+ -+.align 4 -+Ltail_vsx_8x: -+ addi r11,$sp,$LOCALS -+ mtctr $len -+ stvx_4w $xa0,$x00,r11 # offload block to stack -+ stvx_4w $xb0,$x10,r11 -+ stvx_4w $xc0,$x20,r11 -+ stvx_4w $xd0,$x30,r11 -+ subi r12,r11,1 # prepare for *++ptr -+ subi $inp,$inp,1 -+ subi $out,$out,1 -+ bl Loop_tail_vsx_8x -+Ltail_vsx_8x_1: -+ addi r11,$sp,$LOCALS -+ mtctr $len -+ stvx_4w $xan0,$x00,r11 # offload block to stack -+ stvx_4w $xbn0,$x10,r11 -+ stvx_4w $xcn0,$x20,r11 -+ stvx_4w $xdn0,$x30,r11 -+ subi r12,r11,1 # prepare for *++ptr -+ subi $inp,$inp,1 -+ subi $out,$out,1 -+ bl Loop_tail_vsx_8x -+ -+Loop_tail_vsx_8x: -+ lbzu r6,1(r12) -+ lbzu r7,1($inp) -+ xor r6,r6,r7 -+ stbu r6,1($out) -+ bdnz Loop_tail_vsx_8x -+ -+ stvx_4w $K[0],$x00,r11 # wipe copy of the block -+ stvx_4w $K[0],$x10,r11 -+ stvx_4w $K[0],$x20,r11 -+ stvx_4w $K[0],$x30,r11 -+ -+ b Ldone_vsx_8x -+ .long 0 -+ .byte 0,12,0x04,1,0x80,0,5,0 -+ .long 0 -+.size .ChaCha20_ctr32_vsx_8x,.-.ChaCha20_ctr32_vsx_8x -+___ -+}}} -+ -+ -+$code.=<<___; -+.align 5 -+Lconsts: -+ mflr r0 -+ bcl 20,31,\$+4 -+ mflr r12 #vvvvv "distance between . and Lsigma -+ addi r12,r12,`64-8` -+ mtlr r0 -+ blr -+ .long 0 -+ .byte 0,12,0x14,0,0,0,0,0 -+ .space `64-9*4` -+Lsigma: -+ .long 0x61707865,0x3320646e,0x79622d32,0x6b206574 -+ .long 1,0,0,0 -+ .long 2,0,0,0 -+ .long 3,0,0,0 -+ .long 4,0,0,0 -+___ -+$code.=<<___ if ($LITTLE_ENDIAN); -+ .long 0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001 -+ .long 0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300 -+___ -+$code.=<<___ if (!$LITTLE_ENDIAN); # flipped words -+ .long 0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d -+ .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c -+___ -+$code.=<<___; -+ .long 0x61707865,0x61707865,0x61707865,0x61707865 -+ .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e -+ .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 -+ .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 -+ .long 0,1,2,3 -+ .long 0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c -+.asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " -+.align 2 -+___ -+ -+foreach (split("\n",$code)) { -+ s/\`([^\`]*)\`/eval $1/ge; -+ -+ # instructions prefixed with '?' are endian-specific and need -+ # to be adjusted accordingly... -+ if ($flavour !~ /le$/) { # big-endian -+ s/be\?// or -+ s/le\?/#le#/ or -+ s/\?lvsr/lvsl/ or -+ s/\?lvsl/lvsr/ or -+ s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or -+ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; -+ } else { # little-endian -+ s/le\?// or -+ s/be\?/#be#/ or -+ s/\?([a-z]+)/$1/ or -+ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; -+ } -+ -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; -diff -rupN --no-dereference openssl-3.0.9/crypto/chacha/build.info openssl-3.0.9-new/crypto/chacha/build.info ---- openssl-3.0.9/crypto/chacha/build.info 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/chacha/build.info 2023-05-31 14:33:17.459112709 +0200 -@@ -12,7 +12,7 @@ IF[{- !$disabled{asm} -}] - $CHACHAASM_armv4=chacha-armv4.S - $CHACHAASM_aarch64=chacha-armv8.S - -- $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s -+ $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s chachap10-ppc.s - $CHACHAASM_ppc64=$CHACHAASM_ppc32 - - $CHACHAASM_c64xplus=chacha-c64xplus.s -@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM - GENERATE[chacha-x86.S]=asm/chacha-x86.pl - GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl - GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl -+GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl - GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl - INCLUDE[chacha-armv4.o]=.. - GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl -diff -rupN --no-dereference openssl-3.0.9/crypto/chacha/chacha_ppc.c openssl-3.0.9-new/crypto/chacha/chacha_ppc.c ---- openssl-3.0.9/crypto/chacha/chacha_ppc.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/chacha/chacha_ppc.c 2023-05-31 14:33:17.459112709 +0200 -@@ -23,13 +23,18 @@ void ChaCha20_ctr32_vmx(unsigned char *o - void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); -+void ChaCha20_ctr32_vsx_p10(unsigned char *out, const unsigned char *inp, -+ size_t len, const unsigned int key[8], -+ const unsigned int counter[4]); - void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]) - { -- OPENSSL_ppccap_P & PPC_CRYPTO207 -- ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) -- : OPENSSL_ppccap_P & PPC_ALTIVEC -- ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) -- : ChaCha20_ctr32_int(out, inp, len, key, counter); -+ OPENSSL_ppccap_P & PPC_BRD31 -+ ? ChaCha20_ctr32_vsx_p10(out, inp, len, key, counter) -+ :OPENSSL_ppccap_P & PPC_CRYPTO207 -+ ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) -+ : OPENSSL_ppccap_P & PPC_ALTIVEC -+ ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) -+ : ChaCha20_ctr32_int(out, inp, len, key, counter); - } -diff -rupN --no-dereference openssl-3.0.9/crypto/perlasm/ppc-xlate.pl openssl-3.0.9-new/crypto/perlasm/ppc-xlate.pl ---- openssl-3.0.9/crypto/perlasm/ppc-xlate.pl 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/perlasm/ppc-xlate.pl 2023-05-31 14:33:17.459112709 +0200 -@@ -293,6 +293,14 @@ my $vpermdi = sub { # xxpermdi - $dm = oct($dm) if ($dm =~ /^0/); - " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; - }; -+my $vxxlor = sub { # xxlor -+ my ($f, $vrt, $vra, $vrb) = @_; -+ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|6; -+}; -+my $vxxlorc = sub { # xxlor -+ my ($f, $vrt, $vra, $vrb) = @_; -+ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|1; -+}; - - # PowerISA 2.07 stuff - sub vcrypto_op { -@@ -377,6 +385,15 @@ my $addex = sub { - }; - my $vmsumudm = sub { vfour_vsr(@_, 35); }; - -+# PowerISA 3.1 stuff -+my $brd = sub { -+ my ($f, $ra, $rs) = @_; -+ " .long ".sprintf "0x%X",(31<<26)|($rs<<21)|($ra<<16)|(187<<1); -+}; -+my $vsrq = sub { vcrypto_op(@_, 517); }; -+ -+ -+ - while($line=<>) { - - $line =~ s|[#!;].*$||; # get rid of asm-style comments... -diff -rupN --no-dereference openssl-3.0.9/crypto/ppccap.c openssl-3.0.9-new/crypto/ppccap.c ---- openssl-3.0.9/crypto/ppccap.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ppccap.c 2023-05-31 14:33:17.459112709 +0200 -@@ -45,6 +45,7 @@ void OPENSSL_ppc64_probe(void); - void OPENSSL_altivec_probe(void); - void OPENSSL_crypto207_probe(void); - void OPENSSL_madd300_probe(void); -+void OPENSSL_brd31_probe(void); - - long OPENSSL_rdtsc_mftb(void); - long OPENSSL_rdtsc_mfspr268(void); -@@ -117,16 +118,21 @@ static unsigned long getauxval(unsigned - #endif - - /* I wish was universally available */ --#define HWCAP 16 /* AT_HWCAP */ -+#ifndef AT_HWCAP -+# define AT_HWCAP 16 /* AT_HWCAP */ -+#endif - #define HWCAP_PPC64 (1U << 30) - #define HWCAP_ALTIVEC (1U << 28) - #define HWCAP_FPU (1U << 27) - #define HWCAP_POWER6_EXT (1U << 9) - #define HWCAP_VSX (1U << 7) - --#define HWCAP2 26 /* AT_HWCAP2 */ -+#ifndef AT_HWCAP2 -+# define AT_HWCAP2 26 /* AT_HWCAP2 */ -+#endif - #define HWCAP_VEC_CRYPTO (1U << 25) - #define HWCAP_ARCH_3_00 (1U << 23) -+#define HWCAP_ARCH_3_1 (1U << 18) - - # if defined(__GNUC__) && __GNUC__>=2 - __attribute__ ((constructor)) -@@ -187,6 +193,9 @@ void OPENSSL_cpuid_setup(void) - if (__power_set(0xffffffffU<<17)) /* POWER9 and later */ - OPENSSL_ppccap_P |= PPC_MADD300; - -+ if (__power_set(0xffffffffU<<18)) /* POWER10 and later */ -+ OPENSSL_ppccap_P |= PPC_BRD31; -+ - return; - # endif - #endif -@@ -215,8 +224,8 @@ void OPENSSL_cpuid_setup(void) - - #ifdef OSSL_IMPLEMENT_GETAUXVAL - { -- unsigned long hwcap = getauxval(HWCAP); -- unsigned long hwcap2 = getauxval(HWCAP2); -+ unsigned long hwcap = getauxval(AT_HWCAP); -+ unsigned long hwcap2 = getauxval(AT_HWCAP2); - - if (hwcap & HWCAP_FPU) { - OPENSSL_ppccap_P |= PPC_FPU; -@@ -242,6 +251,10 @@ void OPENSSL_cpuid_setup(void) - if (hwcap2 & HWCAP_ARCH_3_00) { - OPENSSL_ppccap_P |= PPC_MADD300; - } -+ -+ if (hwcap2 & HWCAP_ARCH_3_1) { -+ OPENSSL_ppccap_P |= PPC_BRD31; -+ } - } - #endif - -@@ -263,7 +276,7 @@ void OPENSSL_cpuid_setup(void) - sigaction(SIGILL, &ill_act, &ill_oact); - - #ifndef OSSL_IMPLEMENT_GETAUXVAL -- if (sigsetjmp(ill_jmp,1) == 0) { -+ if (sigsetjmp(ill_jmp, 1) == 0) { - OPENSSL_fpu_probe(); - OPENSSL_ppccap_P |= PPC_FPU; - -diff -rupN --no-dereference openssl-3.0.9/crypto/ppccpuid.pl openssl-3.0.9-new/crypto/ppccpuid.pl ---- openssl-3.0.9/crypto/ppccpuid.pl 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ppccpuid.pl 2023-05-31 14:33:17.459112709 +0200 -@@ -81,6 +81,17 @@ $code=<<___; - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -+.globl .OPENSSL_brd31_probe -+.align 4 -+.OPENSSL_brd31_probe: -+ xor r0,r0,r0 -+ brd r3,r0 -+ blr -+ .long 0 -+ .byte 0,12,0x14,0,0,0,0,0 -+.size .OPENSSL_brd31_probe,.-.OPENSSL_brd31_probe -+ -+ - .globl .OPENSSL_wipe_cpu - .align 4 - .OPENSSL_wipe_cpu: -diff -rupN --no-dereference openssl-3.0.9/include/crypto/ppc_arch.h openssl-3.0.9-new/include/crypto/ppc_arch.h ---- openssl-3.0.9/include/crypto/ppc_arch.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/crypto/ppc_arch.h 2023-05-31 14:33:17.459112709 +0200 -@@ -24,5 +24,6 @@ extern unsigned int OPENSSL_ppccap_P; - # define PPC_MADD300 (1<<4) - # define PPC_MFTB (1<<5) - # define PPC_MFSPR268 (1<<6) -+# define PPC_BRD31 (1<<7) - - #endif diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch deleted file mode 100644 index e7422da..0000000 --- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ /dev/null @@ -1,321 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_local.h openssl-3.0.9-new/crypto/rsa/rsa_local.h ---- openssl-3.0.9/crypto/rsa/rsa_local.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_local.h 2023-05-31 14:33:17.722112594 +0200 -@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex - int tlen, const unsigned char *from, - int flen); - -+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ const unsigned char *param, -+ int plen, const EVP_MD *md, -+ const EVP_MD *mgf1md, -+ const char *redhat_st_seed); -+ - #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_oaep.c openssl-3.0.9-new/crypto/rsa/rsa_oaep.c ---- openssl-3.0.9/crypto/rsa/rsa_oaep.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_oaep.c 2023-05-31 14:33:17.722112594 +0200 -@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned - param, plen, NULL, NULL); - } - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_asym_cipher_st; -+#endif /* FIPS_MODULE */ -+ - /* - * Perform the padding as per NIST 800-56B 7.2.2.3 - * from (K) is the key material. -@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned - * Step numbers are included here but not in the constant time inverse below - * to avoid complicating an already difficult enough function. - */ --int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, -- unsigned char *to, int tlen, -- const unsigned char *from, int flen, -- const unsigned char *param, -- int plen, const EVP_MD *md, -- const EVP_MD *mgf1md) -+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ const unsigned char *param, -+ int plen, const EVP_MD *md, -+ const EVP_MD *mgf1md, -+ const char *redhat_st_seed) - { - int rv = 0; - int i, emlen = tlen - 1; -@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1 - db[emlen - flen - mdlen - 1] = 0x01; - memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); - /* step 3d: generate random byte string */ -+#ifdef FIPS_MODULE -+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { -+ memcpy(seed, redhat_st_seed, mdlen); -+ } else -+#endif - if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) - goto err; - -@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1 - return rv; - } - -+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ const unsigned char *param, -+ int plen, const EVP_MD *md, -+ const EVP_MD *mgf1md) -+{ -+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, -+ flen, param, plen, md, -+ mgf1md, NULL); -+} -+ - int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen, -diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h ---- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:16.621113073 +0200 -+++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:17.723112594 +0200 -@@ -469,6 +469,9 @@ extern "C" { - #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" - #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" - #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" -+#ifdef FIPS_MODULE -+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" -+#endif - - /* - * Encoder / decoder parameters -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc ---- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-31 14:33:16.622113072 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:17.723112594 +0200 -@@ -1295,14 +1295,21 @@ static const ST_KAT_PARAM rsa_priv_key[] - }; - - /*- -- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the -+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the - * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient - * HP/UX PA-RISC compilers. - */ --static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; -+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; -+static const char oaep_fixed_seed[] = { -+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, -+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, -+ 0x2e, 0x4b, 0x2c, 0xe6 -+}; - - static const ST_KAT_PARAM rsa_enc_params[] = { -- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), -+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), -+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, -+ oaep_fixed_seed), - ST_KAT_PARAM_END() - }; - -@@ -1341,43 +1348,43 @@ static const unsigned char rsa_expected_ - 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 - }; - --static const unsigned char rsa_asym_plaintext_encrypt[256] = { -+static const unsigned char rsa_asym_plaintext_encrypt[208] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - }; - static const unsigned char rsa_asym_expected_encrypt[256] = { -- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, -- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, -- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, -- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, -- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, -- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, -- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, -- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, -- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, -- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, -- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, -- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, -- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, -- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, -- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, -- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, -- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, -- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, -- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, -- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, -- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, -- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, -- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, -- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, -- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, -- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, -- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, -- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, -- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, -- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, -- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, -- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, -+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, -+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, -+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, -+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, -+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, -+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, -+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, -+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, -+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, -+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, -+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, -+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, -+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, -+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, -+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, -+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, -+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, -+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, -+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, -+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, -+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, -+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, -+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, -+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, -+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, -+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, -+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, -+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, -+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, -+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, -+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, -+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 - }; - - #ifndef OPENSSL_NO_EC -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_kats.c openssl-3.0.9-new/providers/fips/self_test_kats.c ---- openssl-3.0.9/providers/fips/self_test_kats.c 2023-05-31 14:33:16.622113072 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_kats.c 2023-05-31 14:33:17.723112594 +0200 -@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_T - return ret; - } - -+int REDHAT_FIPS_asym_cipher_st = 0; -+ - static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) - { - int i, ret = 1; - -+ REDHAT_FIPS_asym_cipher_st = 1; -+ - for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { - if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) - ret = 0; - } -+ -+ REDHAT_FIPS_asym_cipher_st = 0; -+ - return ret; - } - -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c ---- openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:16.328113200 +0200 -+++ openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:17.723112594 +0200 -@@ -30,6 +30,9 @@ - #include "prov/implementations.h" - #include "prov/providercommon.h" - #include "prov/securitycheck.h" -+#ifdef FIPS_MODULE -+# include "crypto/rsa/rsa_local.h" -+#endif - - #include - -@@ -75,6 +78,9 @@ typedef struct { - /* TLS padding */ - unsigned int client_version; - unsigned int alt_version; -+#ifdef FIPS_MODULE -+ char *redhat_st_oaep_seed; -+#endif /* FIPS_MODULE */ - } PROV_RSA_CTX; - - static void *rsa_newctx(void *provctx) -@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, u - } - } - ret = -- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, -+#ifdef FIPS_MODULE -+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( -+#else -+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( -+#endif -+ prsactx->libctx, tbuf, - rsasize, in, inlen, - prsactx->oaep_label, - prsactx->oaep_labellen, - prsactx->oaep_md, -- prsactx->mgf1_md); -+ prsactx->mgf1_md -+#ifdef FIPS_MODULE -+ , prsactx->redhat_st_oaep_seed -+#endif -+ ); - - if (!ret) { - OPENSSL_free(tbuf); -@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) - EVP_MD_free(prsactx->oaep_md); - EVP_MD_free(prsactx->mgf1_md); - OPENSSL_free(prsactx->oaep_label); -+#ifdef FIPS_MODULE -+ OPENSSL_free(prsactx->redhat_st_oaep_seed); -+#endif /* FIPS_MODULE */ - - OPENSSL_free(prsactx); - } -@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_c - NULL, 0), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), -+#endif /* FIPS_MODULE */ - OSSL_PARAM_END - }; - -@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ct - return known_gettable_ctx_params; - } - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_asym_cipher_st; -+#endif /* FIPS_MODULE */ -+ - static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprs - prsactx->oaep_labellen = tmp_labellen; - } - -+#ifdef FIPS_MODULE -+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); -+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { -+ void *tmp_oaep_seed = NULL; -+ -+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) -+ return 0; -+ OPENSSL_free(prsactx->redhat_st_oaep_seed); -+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; -+ } -+#endif /* FIPS_MODULE */ -+ - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); - if (p != NULL) { - unsigned int client_version; diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch deleted file mode 100644 index 0b6a9fb..0000000 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch +++ /dev/null @@ -1,313 +0,0 @@ -From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 15 Jul 2022 17:45:40 +0200 -Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test - -In review for FIPS 140-3, the lack of a self-test for the digest_sign -and digest_verify provider functions was highlighted as a problem. NIST -no longer provides ACVP tests for the RSA SigVer primitive (see -https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 -recommends the use of functions that compute the digest and signature -within the module, we have been advised in our module review that the -self tests should also use the combined digest and signature APIs, i.e. -the digest_sign and digest_verify provider functions. - -Modify the signature self-test to use these instead by switching to -EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to -crypto/evp/m_sigver.c to make these functions usable in the FIPS module. - -Signed-off-by: Clemens Lang ---- - crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ - providers/fips/self_test_kats.c | 37 +++++++++++++++------------- - 2 files changed, 56 insertions(+), 24 deletions(-) - -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index db1a1d7bc3..c94c3c53bd 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) - ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); - return 0; - } -+#endif /* !defined(FIPS_MODULE) */ - - /* - * If we get the "NULL" md then the name comes back as "UNDEF". We want to use -@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - reinit = 0; - if (e == NULL) - ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); -+#ifndef FIPS_MODULE - else - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); -+#endif /* !defined(FIPS_MODULE) */ - } - if (ctx->pctx == NULL) - return 0; -@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - locpctx = ctx->pctx; - ERR_set_mark(); - -+#ifndef FIPS_MODULE - if (evp_pkey_ctx_is_legacy(locpctx)) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - /* do not reinitialize if pkey is set or operation is different */ - if (reinit -@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, locpctx->propquery); -+#ifndef FIPS_MODULE - if (signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - break; - } - if (signature == NULL) -@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); - if (ctx->fetched_digest != NULL) { - ctx->digest = ctx->reqdigest = ctx->fetched_digest; -+#ifndef FIPS_MODULE - } else { - /* legacy engine support : remove the mark when this is deleted */ - ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); -@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } -+#endif /* !defined(FIPS_MODULE) */ - } - (void)ERR_pop_to_mark(); - } - } - -+#ifndef FIPS_MODULE - if (ctx->reqdigest != NULL - && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) - && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - goto err; - } - } -+#endif /* !defined(FIPS_MODULE) */ - - if (ver) { - if (signature->digest_verify_init == NULL) { -@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - EVP_KEYMGMT_free(tmp_keymgmt); - return 0; - -+#ifndef FIPS_MODULE - legacy: - /* - * If we don't have the full support we need with provided methods, -@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - ctx->pctx->flag_call_digest_custom = 1; - - ret = 1; -+#endif /* !defined(FIPS_MODULE) */ - - end: - #ifndef FIPS_MODULE -@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, - NULL); - } --#endif /* FIPS_MDOE */ - - int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - { -@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - return EVP_DigestUpdate(ctx, data, dsize); - } - --#ifndef FIPS_MODULE - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; -+ int r = 0; -+#ifndef FIPS_MODULE -+ int sctx = 0; -+ EVP_PKEY_CTX *dctx; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; -@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - sigret, siglen, - *siglen); - EVP_PKEY_CTX_free(dctx); -+#endif /* defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - } - } - return 1; -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, -@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -- unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; -+#ifndef FIPS_MODULE -+ unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - int vctx = 0; -- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; -+ EVP_PKEY_CTX *dctx; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; -@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, - sig, siglen); - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - if (vctx || !r) - return r; - return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, - return -1; - return EVP_DigestVerifyFinal(ctx, sigret, siglen); - } --#endif /* FIPS_MODULE */ -diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c -index b6d5e8e134..77eec075e6 100644 ---- a/providers/fips/self_test_kats.c -+++ b/providers/fips/self_test_kats.c -@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t, - int ret = 0; - OSSL_PARAM *params = NULL, *params_sig = NULL; - OSSL_PARAM_BLD *bld = NULL; -+ EVP_MD *md = NULL; -+ EVP_MD_CTX *ctx = NULL; - EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; - EVP_PKEY *pkey = NULL; -- unsigned char sig[256]; - BN_CTX *bnctx = NULL; - BIGNUM *K = NULL; -+ const char *msg = "Hello World!"; -+ unsigned char sig[256]; - size_t siglen = sizeof(sig); - static const unsigned char dgst[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, - || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) - goto err; - -- /* Create a EVP_PKEY_CTX to use for the signing operation */ -- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); -- if (sctx == NULL -- || EVP_PKEY_sign_init(sctx) <= 0) -- goto err; -- -- /* set signature parameters */ -- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, -- t->mdalgorithm, -- strlen(t->mdalgorithm) + 1)) -- goto err; -+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature -+ * parameters and sign */ - params_sig = OSSL_PARAM_BLD_to_param(bld); -- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) -+ md = EVP_MD_fetch(libctx, "SHA256", NULL); -+ ctx = EVP_MD_CTX_new(); -+ if (md == NULL || ctx == NULL) -+ goto err; -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 -+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 -+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 -+ || EVP_MD_CTX_reset(ctx) <= 0) - goto err; - -- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 -- || EVP_PKEY_verify_init(sctx) <= 0 -+ /* sctx is not freed automatically inside the FIPS module */ -+ EVP_PKEY_CTX_free(sctx); -+ sctx = NULL; -+ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 - || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) - goto err; - -@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, sig); -- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) -+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) - goto err; - ret = 1; - err: - BN_CTX_free(bnctx); - EVP_PKEY_free(pkey); -- EVP_PKEY_CTX_free(kctx); -+ EVP_MD_free(md); -+ EVP_MD_CTX_free(ctx); -+ /* sctx is not freed automatically inside the FIPS module */ - EVP_PKEY_CTX_free(sctx); -+ EVP_PKEY_CTX_free(kctx); - OSSL_PARAM_free(params); - OSSL_PARAM_free(params_sig); - OSSL_PARAM_BLD_free(bld); --- -2.37.1 - diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch deleted file mode 100644 index 17bc510..0000000 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ /dev/null @@ -1,284 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/m_sigver.c openssl-3.0.9-new/crypto/evp/m_sigver.c ---- openssl-3.0.9/crypto/evp/m_sigver.c 2023-05-31 14:33:15.778113438 +0200 -+++ openssl-3.0.9-new/crypto/evp/m_sigver.c 2023-05-31 14:33:17.990112478 +0200 -@@ -98,6 +98,7 @@ static int update(EVP_MD_CTX *ctx, const - ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); - return 0; - } -+#endif /* !defined(FIPS_MODULE) */ - - /* - * If we get the "NULL" md then the name comes back as "UNDEF". We want to use -@@ -140,8 +141,10 @@ static int do_sigver_init(EVP_MD_CTX *ct - reinit = 0; - if (e == NULL) - ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); -+#ifndef FIPS_MODULE - else - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); -+#endif /* !defined(FIPS_MODULE) */ - } - if (ctx->pctx == NULL) - return 0; -@@ -149,8 +152,10 @@ static int do_sigver_init(EVP_MD_CTX *ct - locpctx = ctx->pctx; - ERR_set_mark(); - -+#ifndef FIPS_MODULE - if (evp_pkey_ctx_is_legacy(locpctx)) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - /* do not reinitialize if pkey is set or operation is different */ - if (reinit -@@ -235,8 +240,10 @@ static int do_sigver_init(EVP_MD_CTX *ct - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, locpctx->propquery); -+#ifndef FIPS_MODULE - if (signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - break; - } - if (signature == NULL) -@@ -320,6 +327,7 @@ static int do_sigver_init(EVP_MD_CTX *ct - ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); - if (ctx->fetched_digest != NULL) { - ctx->digest = ctx->reqdigest = ctx->fetched_digest; -+#ifndef FIPS_MODULE - } else { - /* legacy engine support : remove the mark when this is deleted */ - ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); -@@ -328,11 +336,13 @@ static int do_sigver_init(EVP_MD_CTX *ct - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } -+#endif /* !defined(FIPS_MODULE) */ - } - (void)ERR_pop_to_mark(); - } - } - -+#ifndef FIPS_MODULE - if (ctx->reqdigest != NULL - && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) - && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) -@@ -347,6 +357,7 @@ static int do_sigver_init(EVP_MD_CTX *ct - } - } - } -+#endif /* !defined(FIPS_MODULE) */ - - if (ver) { - if (signature->digest_verify_init == NULL) { -@@ -379,6 +390,7 @@ static int do_sigver_init(EVP_MD_CTX *ct - EVP_KEYMGMT_free(tmp_keymgmt); - return 0; - -+#ifndef FIPS_MODULE - legacy: - /* - * If we don't have the full support we need with provided methods, -@@ -450,6 +462,7 @@ static int do_sigver_init(EVP_MD_CTX *ct - ctx->pctx->flag_call_digest_custom = 1; - - ret = 1; -+#endif /* !defined(FIPS_MODULE) */ - - end: - #ifndef FIPS_MODULE -@@ -492,7 +505,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, - NULL); - } --#endif /* FIPS_MDOE */ - - int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) - { -@@ -554,23 +566,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c - return EVP_DigestUpdate(ctx, data, dsize); - } - --#ifndef FIPS_MODULE - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) - { -- int sctx = 0, r = 0; -- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; -+ int r = 0; -+#ifndef FIPS_MODULE -+ int sctx = 0; -+ EVP_PKEY_CTX *dctx; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; -@@ -579,8 +597,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - sigret, siglen, - *siglen); - EVP_PKEY_CTX_free(dctx); -+#endif /* defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -652,6 +672,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - } - } - return 1; -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, -@@ -682,21 +703,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) - { -- unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; -+#ifndef FIPS_MODULE -+ unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - int vctx = 0; -- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; -+ EVP_PKEY_CTX *dctx; -+#endif /* !defined(FIPS_MODULE) */ -+ EVP_PKEY_CTX *pctx = ctx->pctx; - -+#ifndef FIPS_MODULE - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; -+#endif /* !defined(FIPS_MODULE) */ - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); -+#ifndef FIPS_MODULE - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; -@@ -704,8 +731,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, - sig, siglen); - EVP_PKEY_CTX_free(dctx); -+#endif /* !defined(FIPS_MODULE) */ - return r; - -+#ifndef FIPS_MODULE - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -@@ -745,6 +774,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct - if (vctx || !r) - return r; - return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); -+#endif /* !defined(FIPS_MODULE) */ - } - - int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -@@ -770,4 +800,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, co - return -1; - return EVP_DigestVerifyFinal(ctx, sigret, siglen); - } --#endif /* FIPS_MODULE */ -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_kats.c openssl-3.0.9-new/providers/fips/self_test_kats.c ---- openssl-3.0.9/providers/fips/self_test_kats.c 2023-05-31 14:33:17.985112480 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_kats.c 2023-05-31 14:33:17.991112477 +0200 -@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_S - int ret = 0; - OSSL_PARAM *params = NULL, *params_sig = NULL; - OSSL_PARAM_BLD *bld = NULL; -+ EVP_MD *md = NULL; -+ EVP_MD_CTX *ctx = NULL; - EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; - EVP_PKEY *pkey = NULL; -- unsigned char sig[256]; - BN_CTX *bnctx = NULL; - BIGNUM *K = NULL; -+ const char *msg = "Hello World!"; -+ unsigned char sig[256]; - size_t siglen = sizeof(sig); - static const unsigned char dgst[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_S - || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) - goto err; - -- /* Create a EVP_PKEY_CTX to use for the signing operation */ -- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); -- if (sctx == NULL -- || EVP_PKEY_sign_init(sctx) <= 0) -- goto err; -- -- /* set signature parameters */ -- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, -- t->mdalgorithm, -- strlen(t->mdalgorithm) + 1)) -- goto err; -+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature -+ * parameters and sign */ - params_sig = OSSL_PARAM_BLD_to_param(bld); -- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) -+ md = EVP_MD_fetch(libctx, "SHA256", NULL); -+ ctx = EVP_MD_CTX_new(); -+ if (md == NULL || ctx == NULL) -+ goto err; -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 -+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 -+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 -+ || EVP_MD_CTX_reset(ctx) <= 0) - goto err; - -- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 -- || EVP_PKEY_verify_init(sctx) <= 0 -+ /* sctx is not freed automatically inside the FIPS module */ -+ EVP_PKEY_CTX_free(sctx); -+ sctx = NULL; -+ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); -+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 - || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) - goto err; - -@@ -518,14 +524,17 @@ static int self_test_sign(const ST_KAT_S - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, sig); -- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) -+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) - goto err; - ret = 1; - err: - BN_CTX_free(bnctx); - EVP_PKEY_free(pkey); -- EVP_PKEY_CTX_free(kctx); -+ EVP_MD_free(md); -+ EVP_MD_CTX_free(ctx); -+ /* sctx is not freed automatically inside the FIPS module */ - EVP_PKEY_CTX_free(sctx); -+ EVP_PKEY_CTX_free(kctx); - OSSL_PARAM_free(params); - OSSL_PARAM_free(params_sig); - OSSL_PARAM_BLD_free(bld); diff --git a/0075-FIPS-Use-FFDHE2048-in-self-test.patch b/0075-FIPS-Use-FFDHE2048-in-self-test.patch deleted file mode 100644 index 813d0ef..0000000 --- a/0075-FIPS-Use-FFDHE2048-in-self-test.patch +++ /dev/null @@ -1,362 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc ---- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-31 14:33:17.985112480 +0200 -+++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:18.254112362 +0200 -@@ -824,188 +824,190 @@ static const ST_KAT_DRBG st_kat_drbg_tes - - #ifndef OPENSSL_NO_DH - /* DH KAT */ -+/* RFC7919 FFDHE2048 p */ - static const unsigned char dh_p[] = { -- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, -- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, -- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, -- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, -- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, -- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, -- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, -- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, -- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, -- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, -- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, -- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, -- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, -- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, -- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, -- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, -- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, -- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, -- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, -- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, -- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, -- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, -- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, -- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, -- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, -- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, -- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, -- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, -- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, -- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, -- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, -- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, -+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, -+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, -+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, -+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, -+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, -+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, -+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, -+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, -+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, -+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, -+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, -+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, -+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, -+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, -+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, -+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, -+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, -+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, -+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, -+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, -+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, -+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, -+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, -+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, -+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, -+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, -+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, -+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, -+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - }; -+/* RFC7919 FFDHE2048 q */ - static const unsigned char dh_q[] = { -- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, -- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, -- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, -- 0x11, 0xac, 0xb5, 0x7d -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d, -+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, -+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd, -+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, -+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd, -+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, -+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79, -+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, -+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39, -+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, -+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0, -+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, -+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa, -+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, -+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76, -+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, -+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1, -+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, -+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9, -+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - }; -+/* RFC7919 FFDHE2048 g */ - static const unsigned char dh_g[] = { -- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, -- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, -- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, -- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, -- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, -- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, -- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, -- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, -- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, -- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, -- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, -- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, -- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, -- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, -- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, -- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, -- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, -- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, -- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, -- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, -- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, -- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, -- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, -- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, -- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, -- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, -- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, -- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, -- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, -- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, -- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, -- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 -+ 0x02 - }; - static const unsigned char dh_priv[] = { -- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, -- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, -- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, -- 0x40, 0xb8, 0xfc, 0xe6 -+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f, -+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d, -+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d, -+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94 - }; - static const unsigned char dh_pub[] = { -- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, -- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, -- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, -- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, -- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, -- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, -- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, -- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, -- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, -- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, -- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, -- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, -- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, -- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, -- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, -- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, -- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, -- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, -- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, -- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, -- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, -- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, -- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, -- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, -- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, -- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, -- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, -- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, -- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, -- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, -- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, -- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 -+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05, -+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f, -+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43, -+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23, -+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a, -+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b, -+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c, -+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63, -+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38, -+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6, -+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a, -+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94, -+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92, -+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44, -+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53, -+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13, -+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30, -+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b, -+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01, -+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d, -+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18, -+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81, -+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f, -+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7, -+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39, -+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed, -+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71, -+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce, -+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04, -+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69, -+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed, -+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2, -+ 0x32 - }; - static const unsigned char dh_peer_pub[] = { -- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, -- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, -- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, -- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, -- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, -- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, -- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, -- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, -- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, -- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, -- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, -- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, -- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, -- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, -- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, -- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, -- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, -- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, -- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, -- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, -- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, -- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, -- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, -- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, -- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, -- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, -- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, -- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, -- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, -- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, -- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, -- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b -+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79, -+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda, -+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29, -+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84, -+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57, -+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5, -+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68, -+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c, -+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6, -+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20, -+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d, -+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3, -+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a, -+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77, -+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73, -+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53, -+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1, -+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05, -+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a, -+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5, -+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9, -+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91, -+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31, -+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f, -+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4, -+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e, -+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59, -+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84, -+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a, -+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd, -+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2, -+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87, -+ 0x64 - }; - - static const unsigned char dh_secret_expected[] = { -- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, -- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, -- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, -- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, -- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, -- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, -- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, -- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, -- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, -- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, -- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, -- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, -- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, -- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, -- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, -- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, -- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, -- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, -- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, -- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, -- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, -- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, -- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, -- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, -- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, -- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, -- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, -- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, -- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, -- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, -- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, -- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 -+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5, -+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5, -+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93, -+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5, -+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e, -+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39, -+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04, -+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d, -+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c, -+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47, -+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae, -+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08, -+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19, -+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8, -+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f, -+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e, -+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2, -+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d, -+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4, -+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4, -+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66, -+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46, -+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0, -+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70, -+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c, -+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f, -+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25, -+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc, -+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02, -+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04, -+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1, -+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89 - }; - - static const ST_KAT_PARAM dh_group[] = { diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch deleted file mode 100644 index c1f5646..0000000 --- a/0076-FIPS-140-3-DRBG.patch +++ /dev/null @@ -1,129 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/rand/prov_seed.c openssl-3.0.9-new/crypto/rand/prov_seed.c ---- openssl-3.0.9/crypto/rand/prov_seed.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rand/prov_seed.c 2023-05-31 14:33:18.508112251 +0200 -@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused - size_t entropy_available; - RAND_POOL *pool; - -- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); -+ /* -+ * OpenSSL still implements an internal entropy pool of -+ * some size that is hashed to get seed data. -+ * Note that this is a conditioning step for which SP800-90C requires -+ * 64 additional bits from the entropy source to claim the requested -+ * amount of entropy. -+ */ -+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return 0; -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/rands/crngt.c openssl-3.0.9-new/providers/implementations/rands/crngt.c ---- openssl-3.0.9/providers/implementations/rands/crngt.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/rands/crngt.c 2023-05-31 14:33:18.508112251 +0200 -@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG - * to the nearest byte. If the entropy is of less than full quality, - * the amount required should be scaled up appropriately here. - */ -- bytes_needed = (entropy + 7) / 8; -+ /* -+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy -+ * + 128 bits during initial seeding -+ */ -+ bytes_needed = (entropy + 128 + 7) / 8; - if (bytes_needed < min_len) - bytes_needed = min_len; - if (bytes_needed > max_len) -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/rands/drbg.c openssl-3.0.9-new/providers/implementations/rands/drbg.c ---- openssl-3.0.9/providers/implementations/rands/drbg.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/rands/drbg.c 2023-05-31 14:33:18.507112252 +0200 -@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb - #endif - } - -+#ifdef FIPS_MODULE -+ prediction_resistance = 1; -+#endif - /* Reseed using our sources in addition */ - entropylen = get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen, -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/rands/seeding/rand_unix.c openssl-3.0.9-new/providers/implementations/rands/seeding/rand_unix.c ---- openssl-3.0.9/providers/implementations/rands/seeding/rand_unix.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/rands/seeding/rand_unix.c 2023-05-31 14:33:18.507112252 +0200 -@@ -48,6 +48,8 @@ - # include - # include - # include -+# include -+# include - - static uint64_t get_time_stamp(void); - static uint64_t get_timer_bits(void); -@@ -342,66 +344,8 @@ static ssize_t syscall_random(void *buf, - * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion - * between size_t and ssize_t is safe even without a range check. - */ -- -- /* -- * Do runtime detection to find getentropy(). -- * -- * Known OSs that should support this: -- * - Darwin since 16 (OSX 10.12, IOS 10.0). -- * - Solaris since 11.3 -- * - OpenBSD since 5.6 -- * - Linux since 3.17 with glibc 2.25 -- * - FreeBSD since 12.0 (1200061) -- * -- * Note: Sometimes getentropy() can be provided but not implemented -- * internally. So we need to check errno for ENOSYS -- */ --# if !defined(__DragonFly__) && !defined(__NetBSD__) --# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) -- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); -- -- if (getentropy != NULL) { -- if (getentropy(buf, buflen) == 0) -- return (ssize_t)buflen; -- if (errno != ENOSYS) -- return -1; -- } --# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) -- -- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) -- return (ssize_t)buflen; -- -- return -1; --# else -- union { -- void *p; -- int (*f)(void *buffer, size_t length); -- } p_getentropy; -- -- /* -- * We could cache the result of the lookup, but we normally don't -- * call this function often. -- */ -- ERR_set_mark(); -- p_getentropy.p = DSO_global_lookup("getentropy"); -- ERR_pop_to_mark(); -- if (p_getentropy.p != NULL) -- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; --# endif --# endif /* !__DragonFly__ */ -- -- /* Linux supports this since version 3.17 */ --# if defined(__linux) && defined(__NR_getrandom) -- return syscall(__NR_getrandom, buf, buflen, 0); --# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) -- return sysctl_random(buf, buflen); --# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ -- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) -- return getrandom(buf, buflen, 0); --# else -- errno = ENOSYS; -- return -1; --# endif -+ /* Red Hat uses downstream patch to always seed from getrandom() */ -+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); - } - # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ - diff --git a/0077-FIPS-140-3-zeroization.patch b/0077-FIPS-140-3-zeroization.patch deleted file mode 100644 index 1a29142..0000000 --- a/0077-FIPS-140-3-zeroization.patch +++ /dev/null @@ -1,76 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_lib.c openssl-3.0.9-new/crypto/ec/ec_lib.c ---- openssl-3.0.9/crypto/ec/ec_lib.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ec/ec_lib.c 2023-05-31 14:33:18.763112140 +0200 -@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g - - void EC_POINT_free(EC_POINT *point) - { -+#ifdef FIPS_MODULE -+ EC_POINT_clear_free(point); -+#else - if (point == NULL) - return; - - if (point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_free(point); -+#endif - } - - void EC_POINT_clear_free(EC_POINT *point) -diff -rupN --no-dereference openssl-3.0.9/crypto/ffc/ffc_params.c openssl-3.0.9-new/crypto/ffc/ffc_params.c ---- openssl-3.0.9/crypto/ffc/ffc_params.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/ffc/ffc_params.c 2023-05-31 14:33:18.762112140 +0200 -@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa - - void ossl_ffc_params_cleanup(FFC_PARAMS *params) - { -- BN_free(params->p); -- BN_free(params->q); -- BN_free(params->g); -- BN_free(params->j); -+ BN_clear_free(params->p); -+ BN_clear_free(params->q); -+ BN_clear_free(params->g); -+ BN_clear_free(params->j); - OPENSSL_free(params->seed); - ossl_ffc_params_init(params); - } -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_lib.c openssl-3.0.9-new/crypto/rsa/rsa_lib.c ---- openssl-3.0.9/crypto/rsa/rsa_lib.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_lib.c 2023-05-31 14:33:18.762112140 +0200 -@@ -155,8 +155,8 @@ void RSA_free(RSA *r) - - CRYPTO_THREAD_lock_free(r->lock); - -- BN_free(r->n); -- BN_free(r->e); -+ BN_clear_free(r->n); -+ BN_clear_free(r->e); - BN_clear_free(r->d); - BN_clear_free(r->p); - BN_clear_free(r->q); -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/hkdf.c openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c ---- openssl-3.0.9/providers/implementations/kdfs/hkdf.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c 2023-05-31 14:33:18.762112140 +0200 -@@ -117,7 +117,7 @@ static void kdf_hkdf_reset(void *vctx) - void *provctx = ctx->provctx; - - ossl_prov_digest_reset(&ctx->digest); -- OPENSSL_free(ctx->salt); -+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); - OPENSSL_free(ctx->prefix); - OPENSSL_free(ctx->label); - OPENSSL_clear_free(ctx->data, ctx->data_len); -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/pbkdf2.c openssl-3.0.9-new/providers/implementations/kdfs/pbkdf2.c ---- openssl-3.0.9/providers/implementations/kdfs/pbkdf2.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/providers/implementations/kdfs/pbkdf2.c 2023-05-31 14:33:18.763112140 +0200 -@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct - static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) - { - ossl_prov_digest_reset(&ctx->digest); -- OPENSSL_free(ctx->salt); -+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); - OPENSSL_clear_free(ctx->pass, ctx->pass_len); - memset(ctx, 0, sizeof(*ctx)); - } diff --git a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch deleted file mode 100644 index ad2ec20..0000000 --- a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h ---- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:17.985112480 +0200 -+++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:19.031112023 +0200 -@@ -224,6 +224,7 @@ extern "C" { - #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" - #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" - #define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" -+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator" - - /* Known KDF names */ - #define OSSL_KDF_NAME_HKDF "HKDF" -diff -rupN --no-dereference openssl-3.0.9/include/openssl/kdf.h openssl-3.0.9-new/include/openssl/kdf.h ---- openssl-3.0.9/include/openssl/kdf.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/kdf.h 2023-05-31 14:33:19.031112023 +0200 -@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF * - # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 - # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 - -+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1 -+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2 -+ - #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 - #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 - #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/hkdf.c openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c ---- openssl-3.0.9/providers/implementations/kdfs/hkdf.c 2023-05-31 14:33:19.027112025 +0200 -+++ openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c 2023-05-31 14:33:19.032112022 +0200 -@@ -340,6 +340,56 @@ static int kdf_hkdf_get_ctx_params(void - return 0; - return OSSL_PARAM_set_size_t(p, sz); - } -+ -+#ifdef FIPS_MODULE -+ if ((p = OSSL_PARAM_locate(params, -+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) { -+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED; -+ switch (ctx->mode) { -+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: -+ /* TLS 1.3 never uses extract-and-expand */ -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; -+ break; -+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: -+ { -+ /* When TLS 1.3 uses extract, the following holds: -+ * 1. The salt length matches the hash length, and either -+ * 2.1. the key is all zeroes and matches the hash length, or -+ * 2.2. the key originates from a PSK (resumption_master_secret -+ * or some externally esablished key), or an ECDH or DH key -+ * derivation. See -+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1. -+ * Unfortunately at this point, we cannot verify where the key -+ * comes from, so all we can do is check the salt length. -+ */ -+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); -+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md)) -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; -+ else -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; -+ } -+ break; -+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY: -+ /* When TLS 1.3 uses expand, it always provides a label that -+ * contains an uint16 for the length, followed by between 7 and 255 -+ * bytes for a label string that starts with "tls13 " or "dtls13". -+ * For compatibility with future versions, we only check for "tls" -+ * or "dtls". See -+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and -+ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */ -+ if (ctx->label != NULL -+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */ -+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 || -+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0)) -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; -+ else -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; -+ break; -+ } -+ return OSSL_PARAM_set_int(p, fips_indicator); -+ } -+#endif /* defined(FIPS_MODULE) */ -+ - return -2; - } - -@@ -348,6 +398,9 @@ static const OSSL_PARAM *kdf_hkdf_gettab - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL), -+#endif /* defined(FIPS_MODULE) */ - OSSL_PARAM_END - }; - return known_gettable_ctx_params; diff --git a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch b/0079-Fix-AES-GCM-on-Power-8-CPUs.patch deleted file mode 100644 index f2d5517..0000000 --- a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch +++ /dev/null @@ -1,125 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/include/crypto/aes_platform.h openssl-3.0.9-new/include/crypto/aes_platform.h ---- openssl-3.0.9/include/crypto/aes_platform.h 2023-05-31 14:33:17.454112711 +0200 -+++ openssl-3.0.9-new/include/crypto/aes_platform.h 2023-05-31 14:33:19.301111904 +0200 -@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigne - size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, unsigned char ivec[16], - u64 *Xi); --size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, -- size_t len, const void *key, -- unsigned char ivec[16], u64 *Xi); --size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, -- size_t len, const void *key, -- unsigned char ivec[16], u64 *Xi); --# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap --# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap --# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ -- (gctx)->gcm.ghash==gcm_ghash_p8) -+# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ -+ (gctx)->gcm.ghash==gcm_ghash_p8) - void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); - # endif /* PPC */ - -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc ---- openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2023-05-31 14:33:17.454112711 +0200 -+++ openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2023-05-31 14:33:19.301111904 +0200 -@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_ - return 1; - } - -- --extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi); --extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi); -- - static inline u32 UTO32(unsigned char *buf) - { - return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); -@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char - return r; - } - --static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, -+static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) - { - int s = 0; -@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const un - return ndone; - } - --size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi) --{ -- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); --} -- --size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi) -+static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, -+ size_t len, unsigned char *out) - { -- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); -+ if (ctx->enc) { -+ if (ctx->ctr != NULL) { -+ size_t bulk = 0; -+ -+ if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) { -+ size_t res = (16 - ctx->gcm.mres) % 16; -+ -+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res)) -+ return 0; -+ -+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, -+ ctx->gcm.key, -+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1); -+ -+ ctx->gcm.len.u[1] += bulk; -+ bulk += res; -+ } -+ if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, -+ len - bulk, ctx->ctr)) -+ return 0; -+ } else { -+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) -+ return 0; -+ } -+ } else { -+ if (ctx->ctr != NULL) { -+ size_t bulk = 0; -+ -+ if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) { -+ size_t res = (16 - ctx->gcm.mres) % 16; -+ -+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res)) -+ return -1; -+ -+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, -+ ctx->gcm.key, -+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0); -+ -+ ctx->gcm.len.u[1] += bulk; -+ bulk += res; -+ } -+ if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, -+ len - bulk, ctx->ctr)) -+ return 0; -+ } else { -+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) -+ return 0; -+ } -+ } -+ return 1; - } - -- - static const PROV_GCM_HW aes_ppc_gcm = { - aes_ppc_gcm_initkey, - ossl_gcm_setiv, - ossl_gcm_aad_update, -- generic_aes_gcm_cipher_update, -+ ppc_aes_gcm_cipher_update, - ossl_gcm_cipher_final, - ossl_gcm_one_shot - }; diff --git a/0100-RSA-PKCS15-implicit-rejection.patch b/0100-RSA-PKCS15-implicit-rejection.patch deleted file mode 100644 index e414d49..0000000 --- a/0100-RSA-PKCS15-implicit-rejection.patch +++ /dev/null @@ -1,1336 +0,0 @@ -diff -rupN --no-dereference openssl-3.0.9/crypto/cms/cms_env.c openssl-3.0.9-new/crypto/cms/cms_env.c ---- openssl-3.0.9/crypto/cms/cms_env.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/cms/cms_env.c 2023-05-31 14:33:19.564111789 +0200 -@@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decryp - if (!ossl_cms_env_asn1_ctrl(ri, 1)) - goto err; - -+ if (EVP_PKEY_is_a(pkey, "RSA")) -+ /* upper layer CMS code incorrectly assumes that a successful RSA -+ * decryption means that the key matches ciphertext (which never -+ * was the case, implicit rejection or not), so to make it work -+ * disable implicit rejection for RSA keys */ -+ EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0"); -+ - if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) -diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ctrl_params_translate.c openssl-3.0.9-new/crypto/evp/ctrl_params_translate.c ---- openssl-3.0.9/crypto/evp/ctrl_params_translate.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/evp/ctrl_params_translate.c 2023-05-31 14:33:19.564111789 +0200 -@@ -2256,6 +2256,12 @@ static const struct translation_st evp_p - EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, - -+ { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, -+ EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL, -+ "rsa_pkcs1_implicit_rejection", -+ OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, OSSL_PARAM_UNSIGNED_INTEGER, -+ NULL }, -+ - { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, - OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, -diff -rupN --no-dereference openssl-3.0.9/crypto/pkcs7/pk7_doit.c openssl-3.0.9-new/crypto/pkcs7/pk7_doit.c ---- openssl-3.0.9/crypto/pkcs7/pk7_doit.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/pkcs7/pk7_doit.c 2023-05-31 14:33:19.565111788 +0200 -@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned - if (EVP_PKEY_decrypt_init(pctx) <= 0) - goto err; - -+ if (EVP_PKEY_is_a(pkey, "RSA")) -+ /* upper layer pkcs7 code incorrectly assumes that a successful RSA -+ * decryption means that the key matches ciphertext (which never -+ * was the case, implicit rejection or not), so to make it work -+ * disable implicit rejection for RSA keys */ -+ EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0"); -+ - if (EVP_PKEY_decrypt(pctx, NULL, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) - goto err; -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_ossl.c openssl-3.0.9-new/crypto/rsa/rsa_ossl.c ---- openssl-3.0.9/crypto/rsa/rsa_ossl.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_ossl.c 2023-05-31 14:33:19.565111788 +0200 -@@ -17,6 +17,9 @@ - #include "crypto/bn.h" - #include "rsa_local.h" - #include "internal/constant_time.h" -+#include -+#include -+#include - - static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -@@ -377,8 +380,13 @@ static int rsa_ossl_private_decrypt(int - BIGNUM *f, *ret; - int j, num = 0, r = -1; - unsigned char *buf = NULL; -+ unsigned char d_hash[SHA256_DIGEST_LENGTH] = {0}; -+ HMAC_CTX *hmac = NULL; -+ unsigned int md_len = SHA256_DIGEST_LENGTH; -+ unsigned char kdk[SHA256_DIGEST_LENGTH] = {0}; - BN_CTX *ctx = NULL; - int local_blinding = 0; -+ EVP_MD *md = NULL; - /* - * Used only if the blinding structure is shared. A non-NULL unblind - * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -@@ -387,6 +395,12 @@ static int rsa_ossl_private_decrypt(int - BIGNUM *unblind = NULL; - BN_BLINDING *blinding = NULL; - -+ /* -+ * we need the value of the private exponent to perform implicit rejection -+ */ -+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) && (padding == RSA_PKCS1_PADDING)) -+ padding = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; -+ - if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) - goto err; - BN_CTX_start(ctx); -@@ -408,6 +422,11 @@ static int rsa_ossl_private_decrypt(int - goto err; - } - -+ if (flen < 1) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL); -+ goto err; -+ } -+ - /* make data into a big number */ - if (BN_bin2bn(from, (int)flen, f) == NULL) - goto err; -@@ -468,6 +487,81 @@ static int rsa_ossl_private_decrypt(int - BN_free(d); - } - -+ /* -+ * derive the Key Derivation Key from private exponent and public -+ * ciphertext -+ */ -+ if (padding == RSA_PKCS1_PADDING) { -+ /* -+ * because we use d as a handle to rsa->d we need to keep it local and -+ * free before any further use of rsa->d -+ */ -+ BIGNUM *d = BN_new(); -+ if (d == NULL) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ if (rsa->d == NULL) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_MISSING_PRIVATE_KEY); -+ BN_free(d); -+ goto err; -+ } -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ if (BN_bn2binpad(d, buf, num) < 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ BN_free(d); -+ goto err; -+ } -+ BN_free(d); -+ -+ /* -+ * we use hardcoded hash so that migrating between versions that use -+ * different hash doesn't provide a Bleichenbacher oracle: -+ * if the attacker can see that different versions return different -+ * messages for the same ciphertext, they'll know that the message is -+ * syntethically generated, which means that the padding check failed -+ */ -+ md = EVP_MD_fetch(rsa->libctx, "sha256", NULL); -+ if (md == NULL) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (EVP_Digest(buf, num, d_hash, NULL, md, NULL) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ hmac = HMAC_CTX_new(); -+ if (hmac == NULL) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (HMAC_Init_ex(hmac, d_hash, sizeof(d_hash), md, NULL) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (flen < num) { -+ memset(buf, 0, num - flen); -+ if (HMAC_Update(hmac, buf, num - flen) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ if (HMAC_Update(hmac, from, flen) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ md_len = SHA256_DIGEST_LENGTH; -+ if (HMAC_Final(hmac, kdk, &md_len) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ - if (blinding) - if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) - goto err; -@@ -477,9 +571,12 @@ static int rsa_ossl_private_decrypt(int - goto err; - - switch (padding) { -- case RSA_PKCS1_PADDING: -+ case RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING: - r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); - break; -+ case RSA_PKCS1_PADDING: -+ r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk); -+ break; - case RSA_PKCS1_OAEP_PADDING: - r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); - break; -@@ -501,6 +598,8 @@ static int rsa_ossl_private_decrypt(int - #endif - - err: -+ HMAC_CTX_free(hmac); -+ EVP_MD_free(md); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - OPENSSL_clear_free(buf, num); -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_pk1.c openssl-3.0.9-new/crypto/rsa/rsa_pk1.c ---- openssl-3.0.9/crypto/rsa/rsa_pk1.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_pk1.c 2023-05-31 14:33:19.565111788 +0200 -@@ -21,10 +21,14 @@ - #include - /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ - #include -+#include -+#include -+#include - #include "internal/cryptlib.h" - #include "crypto/rsa.h" - #include "rsa_local.h" - -+ - int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen) - { -@@ -273,6 +277,254 @@ int RSA_padding_check_PKCS1_type_2(unsig - return constant_time_select_int(good, mlen, -1); - } - -+ -+static int ossl_rsa_prf(OSSL_LIB_CTX *ctx, -+ unsigned char *to, int tlen, -+ const char *label, int llen, -+ const unsigned char *kdk, -+ uint16_t bitlen) -+{ -+ int pos; -+ int ret = -1; -+ uint16_t iter = 0; -+ unsigned char be_iter[sizeof(iter)]; -+ unsigned char be_bitlen[sizeof(bitlen)]; -+ HMAC_CTX *hmac = NULL; -+ EVP_MD *md = NULL; -+ unsigned char hmac_out[SHA256_DIGEST_LENGTH]; -+ unsigned int md_len; -+ -+ if (tlen * 8 != bitlen) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ return ret; -+ } -+ -+ be_bitlen[0] = (bitlen >> 8) & 0xff; -+ be_bitlen[1] = bitlen & 0xff; -+ -+ hmac = HMAC_CTX_new(); -+ if (hmac == NULL) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ /* -+ * we use hardcoded hash so that migrating between versions that use -+ * different hash doesn't provide a Bleichenbacher oracle: -+ * if the attacker can see that different versions return different -+ * messages for the same ciphertext, they'll know that the message is -+ * syntethically generated, which means that the padding check failed -+ */ -+ md = EVP_MD_fetch(ctx, "sha256", NULL); -+ if (md == NULL) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (HMAC_Init_ex(hmac, kdk, SHA256_DIGEST_LENGTH, md, NULL) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ for (pos = 0; pos < tlen; pos += SHA256_DIGEST_LENGTH, iter++) { -+ if (HMAC_Init_ex(hmac, NULL, 0, NULL, NULL) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ be_iter[0] = (iter >> 8) & 0xff; -+ be_iter[1] = iter & 0xff; -+ -+ if (HMAC_Update(hmac, be_iter, sizeof(be_iter)) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ if (HMAC_Update(hmac, (unsigned char *)label, llen) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ if (HMAC_Update(hmac, be_bitlen, sizeof(be_bitlen)) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ /* -+ * HMAC_Final requires the output buffer to fit the whole MAC -+ * value, so we need to use the intermediate buffer for the last -+ * unaligned block -+ */ -+ md_len = SHA256_DIGEST_LENGTH; -+ if (pos + SHA256_DIGEST_LENGTH > tlen) { -+ if (HMAC_Final(hmac, hmac_out, &md_len) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ memcpy(to + pos, hmac_out, tlen - pos); -+ } else { -+ if (HMAC_Final(hmac, to + pos, &md_len) <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+ } -+ -+ ret = 0; -+ -+err: -+ HMAC_CTX_free(hmac); -+ EVP_MD_free(md); -+ return ret; -+} -+ -+/* -+ * ossl_rsa_padding_check_PKCS1_type_2() checks and removes the PKCS#1 type 2 -+ * padding from a decrypted RSA message. Unlike the -+ * RSA_padding_check_PKCS1_type_2() it will not return an error in case it -+ * detects a padding error, rather it will return a deterministically generated -+ * random message. In other words it will perform an implicit rejection -+ * of an invalid padding. This means that the returned value does not indicate -+ * if the padding of the encrypted message was correct or not, making -+ * side channel attacks like the ones described by Bleichenbacher impossible -+ * without access to the full decrypted value and a brute-force search of -+ * remaining padding bytes -+ */ -+int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ int num, unsigned char *kdk) -+{ -+/* -+ * We need to generate a random length for the synthethic message, to avoid -+ * bias towards zero and avoid non-constant timeness of DIV, we prepare -+ * 128 values to check if they are not too large for the used key size, -+ * and use 0 in case none of them are small enough, as 2^-128 is a good enough -+ * safety margin -+ */ -+#define MAX_LEN_GEN_TRIES 128 -+ unsigned char *synthetic = NULL; -+ int synthethic_length; -+ uint16_t len_candidate; -+ unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)]; -+ uint16_t len_mask; -+ uint16_t max_sep_offset; -+ int synth_msg_index = 0; -+ int ret = -1; -+ int i, j; -+ unsigned int good, found_zero_byte; -+ int zero_index = 0, msg_index; -+ -+ /* -+ * If these checks fail then either the message in publicly invalid, or -+ * we've been called incorrectly. We can fail immediately. -+ * Since this code is called only internally by openssl, those are just -+ * sanity checks -+ */ -+ if (num != flen || tlen <= 0 || flen <= 0) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ return -1; -+ } -+ -+ /* Generate a random message to return in case the padding checks fail */ -+ synthetic = OPENSSL_malloc(flen); -+ if (synthetic == NULL) { -+ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ -+ if (ossl_rsa_prf(ctx, synthetic, flen, "message", 7, kdk, flen * 8) < 0) -+ goto err; -+ -+ /* decide how long the random message should be */ -+ if (ossl_rsa_prf(ctx, candidate_lengths, sizeof(candidate_lengths), -+ "length", 6, kdk, -+ MAX_LEN_GEN_TRIES * sizeof(len_candidate) * 8) < 0) -+ goto err; -+ -+ /* -+ * max message size is the size of the modulus size less 2 bytes for -+ * version and padding type and a minimum of 8 bytes padding -+ */ -+ len_mask = max_sep_offset = flen - 2 - 8; -+ /* -+ * we want a mask so lets propagate the high bit to all positions less -+ * significant than it -+ */ -+ len_mask |= len_mask >> 1; -+ len_mask |= len_mask >> 2; -+ len_mask |= len_mask >> 4; -+ len_mask |= len_mask >> 8; -+ -+ synthethic_length = 0; -+ for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate); -+ i += sizeof(len_candidate)) { -+ len_candidate = (candidate_lengths[i] << 8) | candidate_lengths[i + 1]; -+ len_candidate &= len_mask; -+ -+ synthethic_length = constant_time_select_int( -+ constant_time_lt(len_candidate, max_sep_offset), -+ len_candidate, synthethic_length); -+ } -+ -+ synth_msg_index = flen - synthethic_length; -+ -+ /* we have alternative message ready, check the real one */ -+ good = constant_time_is_zero(from[0]); -+ good &= constant_time_eq(from[1], 2); -+ -+ /* then look for the padding|message separator (the first zero byte) */ -+ found_zero_byte = 0; -+ for (i = 2; i < flen; i++) { -+ unsigned int equals0 = constant_time_is_zero(from[i]); -+ zero_index = constant_time_select_int(~found_zero_byte & equals0, -+ i, zero_index); -+ found_zero_byte |= equals0; -+ } -+ -+ /* -+ * padding must be at least 8 bytes long, and it starts two bytes into -+ * |from|. If we never found a 0-byte, then |zero_index| is 0 and the check -+ * also fails. -+ */ -+ good &= constant_time_ge(zero_index, 2 + 8); -+ -+ /* -+ * Skip the zero byte. This is incorrect if we never found a zero-byte -+ * but in this case we also do not copy the message out. -+ */ -+ msg_index = zero_index + 1; -+ -+ /* -+ * old code returned an error in case the decrypted message wouldn't fit -+ * into the |to|, since that would leak information, return the synthethic -+ * message instead -+ */ -+ good &= constant_time_ge(tlen, num - msg_index); -+ -+ msg_index = constant_time_select_int(good, msg_index, synth_msg_index); -+ -+ /* -+ * since at this point the |msg_index| does not provide the signal -+ * indicating if the padding check failed or not, we don't have to worry -+ * about leaking the length of returned message, we still need to ensure -+ * that we read contents of both buffers so that cache accesses don't leak -+ * the value of |good| -+ */ -+ for (i = msg_index, j = 0; i < flen && j < tlen; i++, j++) -+ to[j] = constant_time_select_8(good, from[i], synthetic[i]); -+ ret = j; -+ -+err: -+ /* -+ * the only time ret < 0 is when the ciphertext is publicly invalid -+ * or we were called with invalid parameters, so we don't have to perform -+ * a side-channel secure raising of the error -+ */ -+ if (ret < 0) -+ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); -+ OPENSSL_free(synthetic); -+ return ret; -+} -+ - /* - * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 - * padding from a decrypted RSA message in a TLS signature. The result is stored -diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_pmeth.c openssl-3.0.9-new/crypto/rsa/rsa_pmeth.c ---- openssl-3.0.9/crypto/rsa/rsa_pmeth.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/rsa/rsa_pmeth.c 2023-05-31 14:33:19.566111788 +0200 -@@ -52,6 +52,8 @@ typedef struct { - /* OAEP label */ - unsigned char *oaep_label; - size_t oaep_labellen; -+ /* if to use implicit rejection in PKCS#1 v1.5 decryption */ -+ int implicit_rejection; - } RSA_PKEY_CTX; - - /* True if PSS parameters are restricted */ -@@ -72,6 +74,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *c - /* Maximum for sign, auto for verify */ - rctx->saltlen = RSA_PSS_SALTLEN_AUTO; - rctx->min_saltlen = -1; -+ rctx->implicit_rejection = 1; - ctx->data = rctx; - ctx->keygen_info = rctx->gentmp; - ctx->keygen_info_count = 2; -@@ -97,6 +100,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *d - dctx->md = sctx->md; - dctx->mgf1md = sctx->mgf1md; - dctx->saltlen = sctx->saltlen; -+ dctx->implicit_rejection = sctx->implicit_rejection; - if (sctx->oaep_label) { - OPENSSL_free(dctx->oaep_label); - dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); -@@ -347,6 +351,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX - const unsigned char *in, size_t inlen) - { - int ret; -+ int pad_mode; - RSA_PKEY_CTX *rctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of -@@ -367,7 +372,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX - rctx->oaep_labellen, - rctx->md, rctx->mgf1md); - } else { -- ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode); -+ if (rctx->pad_mode == RSA_PKCS1_PADDING && -+ rctx->implicit_rejection == 0) -+ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; -+ else -+ pad_mode = rctx->pad_mode; -+ ret = RSA_private_decrypt(inlen, in, out, rsa, pad_mode); - } - *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); - ret = constant_time_select_int(constant_time_msb(ret), ret, 1); -@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *c - *(unsigned char **)p2 = rctx->oaep_label; - return rctx->oaep_labellen; - -+ case EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION: -+ if (rctx->pad_mode != RSA_PKCS1_PADDING) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); -+ return -2; -+ } -+ rctx->implicit_rejection = p1; -+ return 1; -+ - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - #ifndef OPENSSL_NO_CMS -diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-pkeyutl.pod.in openssl-3.0.9-new/doc/man1/openssl-pkeyutl.pod.in ---- openssl-3.0.9/doc/man1/openssl-pkeyutl.pod.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man1/openssl-pkeyutl.pod.in 2023-05-31 14:33:19.566111788 +0200 -@@ -240,6 +240,11 @@ signed or verified directly instead of u - digest is set then the a B structure is used and its the length - must correspond to the digest type. - -+Note, for B padding, as a protection against Bleichenbacher attack, -+the decryption will not fail in case of padding check failures. Use B -+and manual inspection of the decrypted message to verify if the decrypted -+value has correct PKCS#1 v1.5 padding. -+ - For B mode only encryption and decryption is supported. - - For B if the digest type is set it is used to format the block data -@@ -267,6 +272,16 @@ explicitly set in PSS mode then the sign - Sets the digest used for the OAEP hash function. If not explicitly set then - SHA1 is used. - -+=item BI -+ -+Disables (when set to 0) or enables (when set to 1) the use of implicit -+rejection with PKCS#1 v1.5 decryption. When enabled (the default), as a -+protection against Bleichenbacher attack, the library will generate a -+deterministic random plaintext that it will return to the caller in case -+of padding check failure. -+When disabled, it's the callers' responsibility to handle the returned -+errors in a side-channel free manner. -+ - =back - - =head1 RSA-PSS ALGORITHM -diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-rsautl.pod.in openssl-3.0.9-new/doc/man1/openssl-rsautl.pod.in ---- openssl-3.0.9/doc/man1/openssl-rsautl.pod.in 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man1/openssl-rsautl.pod.in 2023-05-31 14:33:19.566111788 +0200 -@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the def - ANSI X9.31, or no padding, respectively. - For signatures, only B<-pkcs> and B<-raw> can be used. - -+Note: because of protection against Bleichenbacher attacks, decryption -+using PKCS#1 v1.5 mode will not return errors in case padding check failed. -+Use B<-raw> and inspect the returned value manually to check if the -+padding is correct. -+ - =item B<-hexdump> - - Hex dump the output data. -diff -rupN --no-dereference openssl-3.0.9/doc/man3/EVP_PKEY_CTX_ctrl.pod openssl-3.0.9-new/doc/man3/EVP_PKEY_CTX_ctrl.pod ---- openssl-3.0.9/doc/man3/EVP_PKEY_CTX_ctrl.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man3/EVP_PKEY_CTX_ctrl.pod 2023-05-31 14:33:19.566111788 +0200 -@@ -386,6 +386,15 @@ this behaviour should be tolerated then - OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual - negotiated protocol version. Otherwise it should be left unset. - -+Similarly to the B above, since OpenSSL version -+3.1.0, the use of B will return a randomly generated message -+instead of padding errors in case padding checks fail. Applications that -+want to remain secure while using earlier versions of OpenSSL, still need to -+handle both the error code from the RSA decryption operation and the -+returned message in a side channel secure manner. -+This protection against Bleichenbacher attacks can be disabled by setting -+the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0. -+ - =head2 DSA parameters - - EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA -diff -rupN --no-dereference openssl-3.0.9/doc/man3/EVP_PKEY_decrypt.pod openssl-3.0.9-new/doc/man3/EVP_PKEY_decrypt.pod ---- openssl-3.0.9/doc/man3/EVP_PKEY_decrypt.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man3/EVP_PKEY_decrypt.pod 2023-05-31 14:33:19.566111788 +0200 -@@ -51,6 +51,18 @@ return 1 for success and 0 or a negative - return value of -2 indicates the operation is not supported by the public key - algorithm. - -+=head1 WARNINGS -+ -+In OpenSSL versions before 3.1.0, when used in PKCS#1 v1.5 padding, -+both the return value from the EVP_PKEY_decrypt() and the B provided -+information useful in mounting a Bleichenbacher attack against the -+used private key. They had to processed in a side-channel free way. -+ -+Since version 3.1.0, the EVP_PKEY_decrypt() method when used with PKCS#1 -+v1.5 padding doesn't return an error in case it detects an error in padding, -+instead it returns a pseudo-randomly generated message, removing the need -+of side-channel secure code from applications using OpenSSL. -+ - =head1 EXAMPLES - - Decrypt data using OAEP (for RSA keys): -diff -rupN --no-dereference openssl-3.0.9/doc/man3/RSA_padding_add_PKCS1_type_1.pod openssl-3.0.9-new/doc/man3/RSA_padding_add_PKCS1_type_1.pod ---- openssl-3.0.9/doc/man3/RSA_padding_add_PKCS1_type_1.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man3/RSA_padding_add_PKCS1_type_1.pod 2023-05-31 14:33:19.566111788 +0200 -@@ -121,8 +121,8 @@ L. - - =head1 WARNINGS - --The result of RSA_padding_check_PKCS1_type_2() is a very sensitive --information which can potentially be used to mount a Bleichenbacher -+The result of RSA_padding_check_PKCS1_type_2() is exactly the -+information which is used to mount a classical Bleichenbacher - padding oracle attack. This is an inherent weakness in the PKCS #1 - v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not - possible, the result of RSA_padding_check_PKCS1_type_2() should be -@@ -137,6 +137,9 @@ as this would create a small timing side - used to mount a Bleichenbacher attack against any padding mode - including PKCS1_OAEP. - -+You should prefer the use of EVP PKEY APIs for PKCS#1 v1.5 decryption -+as they implement the necessary workarounds internally. -+ - =head1 SEE ALSO - - L, -diff -rupN --no-dereference openssl-3.0.9/doc/man3/RSA_public_encrypt.pod openssl-3.0.9-new/doc/man3/RSA_public_encrypt.pod ---- openssl-3.0.9/doc/man3/RSA_public_encrypt.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man3/RSA_public_encrypt.pod 2023-05-31 14:33:19.567111788 +0200 -@@ -52,8 +52,8 @@ Encrypting user data directly with RSA i - - =back - --B must not be more than RSA_size(B) - 11 for the PKCS #1 v1.5 --based padding modes, not more than RSA_size(B) - 42 for -+When encrypting B must not be more than RSA_size(B) - 11 for the -+PKCS #1 v1.5 based padding modes, not more than RSA_size(B) - 42 for - RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B) for RSA_NO_PADDING. - When a padding mode other than RSA_NO_PADDING is in use, then - RSA_public_encrypt() will include some random bytes into the ciphertext -@@ -92,6 +92,13 @@ which can potentially be used to mount a - attack. This is an inherent weakness in the PKCS #1 v1.5 padding - design. Prefer RSA_PKCS1_OAEP_PADDING. - -+In OpenSSL before version 3.1.0, both the return value and the length of -+returned value could be used to mount the Bleichenbacher attack. -+Since version 3.1.0, OpenSSL does not return an error in case of padding -+checks failed. Instead it generates a random message based on used private -+key and provided ciphertext so that application code doesn't have to implement -+a side-channel secure error handling. -+ - =head1 CONFORMING TO - - SSL, PKCS #1 v2.0 -diff -rupN --no-dereference openssl-3.0.9/doc/man7/provider-asym_cipher.pod openssl-3.0.9-new/doc/man7/provider-asym_cipher.pod ---- openssl-3.0.9/doc/man7/provider-asym_cipher.pod 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/doc/man7/provider-asym_cipher.pod 2023-05-31 14:33:19.567111788 +0200 -@@ -234,6 +234,15 @@ The TLS protocol version first requested - - The negotiated TLS protocol version. - -+=item "implicit-rejection" (B) -+ -+Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 -+decryption. When set (non zero value), the decryption API will return -+a deterministically random value if the PKCS#1 v1.5 padding check fails. -+This makes explotation of the Bleichenbacher significantly harder, even -+if the code using the RSA decryption API is not implemented in side-channel -+free manner. Set by default. -+ - =back - - OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() -diff -rupN --no-dereference openssl-3.0.9/include/crypto/rsa.h openssl-3.0.9-new/include/crypto/rsa.h ---- openssl-3.0.9/include/crypto/rsa.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/crypto/rsa.h 2023-05-31 14:33:19.567111788 +0200 -@@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, cons - RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); - -+int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, -+ unsigned char *to, int tlen, -+ const unsigned char *from, int flen, -+ int num, unsigned char *kdk); - int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, - size_t tlen, - const unsigned char *from, -diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h ---- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:19.296111907 +0200 -+++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:19.567111788 +0200 -@@ -294,6 +294,7 @@ extern "C" { - #define OSSL_PKEY_PARAM_DIST_ID "distid" - #define OSSL_PKEY_PARAM_PUB_KEY "pub" - #define OSSL_PKEY_PARAM_PRIV_KEY "priv" -+#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" - #define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" - - /* Diffie-Hellman/DSA Parameters */ -@@ -470,6 +471,7 @@ extern "C" { - #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" - #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" - #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" -+#define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" - #ifdef FIPS_MODULE - #define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" - #endif -diff -rupN --no-dereference openssl-3.0.9/include/openssl/rsa.h openssl-3.0.9-new/include/openssl/rsa.h ---- openssl-3.0.9/include/openssl/rsa.h 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/include/openssl/rsa.h 2023-05-31 14:33:19.567111788 +0200 -@@ -183,6 +183,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP - - # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) - -+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) -+ - # define RSA_PKCS1_PADDING 1 - # define RSA_NO_PADDING 3 - # define RSA_PKCS1_OAEP_PADDING 4 -@@ -192,6 +194,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP - # define RSA_PKCS1_PSS_PADDING 6 - # define RSA_PKCS1_WITH_TLS_PADDING 7 - -+/* internal RSA_ only */ -+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 -+ - # define RSA_PKCS1_PADDING_SIZE 11 - - # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) -diff -rupN --no-dereference openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c ---- openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:17.986112479 +0200 -+++ openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:19.568111787 +0200 -@@ -78,6 +78,8 @@ typedef struct { - /* TLS padding */ - unsigned int client_version; - unsigned int alt_version; -+ /* PKCS#1 v1.5 decryption mode */ -+ unsigned int implicit_rejection; - #ifdef FIPS_MODULE - char *redhat_st_oaep_seed; - #endif /* FIPS_MODULE */ -@@ -113,6 +115,7 @@ static int rsa_init(void *vprsactx, void - RSA_free(prsactx->rsa); - prsactx->rsa = vrsa; - prsactx->operation = operation; -+ prsactx->implicit_rejection = 1; - - switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { - case RSA_FLAG_TYPE_RSA: -@@ -237,6 +240,7 @@ static int rsa_decrypt(void *vprsactx, u - { - PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - int ret; -+ int pad_mode; - size_t len = RSA_size(prsactx->rsa); - - if (!ossl_prov_is_running()) -@@ -326,8 +330,12 @@ static int rsa_decrypt(void *vprsactx, u - } - OPENSSL_free(tbuf); - } else { -- ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, -- prsactx->pad_mode); -+ if ((prsactx->implicit_rejection == 0) && -+ (prsactx->pad_mode == RSA_PKCS1_PADDING)) -+ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; -+ else -+ pad_mode = prsactx->pad_mode; -+ ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode); - } - *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); - ret = constant_time_select_int(constant_time_msb(ret), 0, 1); -@@ -454,6 +462,10 @@ static int rsa_get_ctx_params(void *vprs - if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) - return 0; - -+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); -+ if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) -+ return 0; -+ - return 1; - } - -@@ -465,6 +477,7 @@ static const OSSL_PARAM known_gettable_c - NULL, 0), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), -+ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), - #ifdef FIPS_MODULE - OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), - #endif /* FIPS_MODULE */ -@@ -621,6 +634,14 @@ static int rsa_set_ctx_params(void *vprs - return 0; - prsactx->alt_version = alt_version; - } -+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); -+ if (p != NULL) { -+ unsigned int implicit_rejection; -+ -+ if (!OSSL_PARAM_get_uint(p, &implicit_rejection)) -+ return 0; -+ prsactx->implicit_rejection = implicit_rejection; -+ } - - return 1; - } -@@ -633,6 +654,7 @@ static const OSSL_PARAM known_settable_c - OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), -+ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), - OSSL_PARAM_END - }; - -diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ---- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.916112945 +0200 -+++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:19.569111787 +0200 -@@ -268,9 +268,25 @@ Decrypt = RSA-2048 - Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 - Output = "Hello World" - -+Availablein = default -+# Note: disable the Bleichenbacher workaround to see if it passes -+Decrypt = RSA-2048 -+Ctrl = rsa_pkcs1_implicit_rejection:0 -+Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 -+Output = "Hello World" -+ -+Availablein = default -+# Corrupted ciphertext -+# Note: output is generated synthethically by the Bleichenbacher workaround -+Decrypt = RSA-2048 -+Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 -+Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff -+ - # Corrupted ciphertext - Availablein = default -+# Note: disable the Bleichenbacher workaround to see if it fails - Decrypt = RSA-2048 -+Ctrl = rsa_pkcs1_implicit_rejection:0 - Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 - Output = "Hello World" - Result = KEYOP_ERROR -@@ -293,6 +309,462 @@ Derive = RSA-2048 - Result = KEYOP_INIT_ERROR - Reason = operation not supported for this keytype - -+# Test vectors for the Bleichenbacher workaround -+ -+PrivateKey = RSA-2048-2 -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEAyMyDlxQJjaVsqiNkD5PciZfBY3KWj8Gwxt9RE8HJTosh5IrS -+KX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjOjRQclJBetK0wZjmkkgZTS25/JgdC -+Ppff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7SSmBfVEWZkQKH6y3ogj16hZZEK3Y -+o/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVOyHUipMApePlomYC/+/ZJwwfoGBm/ -++IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1a9PC6lRl3/oUWJKSqdiiStJr5+4F -+EHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGnaQIDAQABAoIBABRVAQ4PLVh2Y6Zm -+pv8czbvw7dgQBkbQKgI5IpCJksStOeVWWSlybvZQjDpxFY7wtv91HTnQdYC7LS8G -+MhBELQYD/1DbvXs1/iybsZpHoa+FpMJJAeAsqLWLeRmyDt8yqs+/Ua20vEthubfp -+aMqk1XD3DvGNgGMiiJPkfUOe/KeTJZvPLNEIo9hojN8HjnrHmZafIznSwfUiuWlo -+RimpM7quwmgWJeq4T05W9ER+nYj7mhmc9xAj4OJXsURBszyE07xnyoAx0mEmGBA6 -+egpAhEJi912IkM1hblH5A1SI/W4Jnej/bWWk/xGCVIB8n1jS+7qLoVHcjGi+NJyX -+eiBOBMECgYEA+PWta6gokxvqRZuKP23AQdI0gkCcJXHpY/MfdIYColY3GziD7UWe -+z5cFJkWe3RbgVSL1pF2UdRsuwtrycsf4gWpSwA0YCAFxY02omdeXMiL1G5N2MFSG -+lqn32MJKWUl8HvzUVc+5fuhtK200lyszL9owPwSZm062tcwLsz53Yd0CgYEAznou -+O0mpC5YzChLcaCvfvfuujdbcA7YUeu+9V1dD8PbaTYYjUGG3Gv2crS00Al5WrIaw -+93Q+s14ay8ojeJVCRGW3Bu0iF15XGMjHC2cD6o9rUQ+UW+SOWja7PDyRcytYnfwF -+1y2AkDGURSvaITSGR+xylD8RqEbmL66+jrU2sP0CgYB2/hXxiuI5zfHfa0RcpLxr -+uWjXiMIZM6T13NKAAz1nEgYswIpt8gTB+9C+RjB0Q+bdSmRWN1Qp1OA4yiVvrxyb -+3pHGsXt2+BmV+RxIy768e/DjSUwINZ5OjNalh9e5bWIh/X4PtcVXXwgu5XdpeYBx -+sru0oyI4FRtHMUu2VHkDEQKBgQCZiEiwVUmaEAnLx9KUs2sf/fICDm5zZAU+lN4a -+AA3JNAWH9+JydvaM32CNdTtjN3sDtvQITSwCfEs4lgpiM7qe2XOLdvEOp1vkVgeL -+9wH2fMaz8/3BhuZDNsdrNy6AkQ7ICwrcwj0C+5rhBIaigkgHW06n5W3fzziC5FFW -+FHGikQKBgGQ790ZCn32DZnoGUwITR++/wF5jUfghqd67YODszeUAWtnp7DHlWPfp -+LCkyjnRWnXzvfHTKvCs1XtQBoaCRS048uwZITlgZYFEWntFMqi76bqBE4FTSYUTM -+FinFUBBVigThM/RLfCRNrCW/kTxXuJDuSfVIJZzWNAT+9oWdz5da -+-----END RSA PRIVATE KEY----- -+ -+# corresponding public key -+PublicKey = RSA-2048-2-PUBLIC -+-----BEGIN PUBLIC KEY----- -+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMyDlxQJjaVsqiNkD5Pc -+iZfBY3KWj8Gwxt9RE8HJTosh5IrSKX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjO -+jRQclJBetK0wZjmkkgZTS25/JgdCPpff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7 -+SSmBfVEWZkQKH6y3ogj16hZZEK3Yo/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVO -+yHUipMApePlomYC/+/ZJwwfoGBm/+IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1 -+a9PC6lRl3/oUWJKSqdiiStJr5+4FEHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGn -+aQIDAQAB -+-----END PUBLIC KEY----- -+ -+PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC -+ -+# RSA decrypt -+ -+# a random positive test case -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 -+Output = "lorem ipsum dolor sit amet" -+ -+Availablein = default -+# a random negative test case decrypting to empty -+Decrypt = RSA-2048-2 -+Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7 -+Output = -+ -+Availablein = default -+# invalid decrypting to max length message -+Decrypt = RSA-2048-2 -+Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303 -+Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3 -+ -+Availablein = default -+# invalid decrypting to message with length specified by second to last value from PRF -+Decrypt = RSA-2048-2 -+Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354 -+Output = 0f9b -+ -+Availablein = default -+# invalid decrypting to message with length specified by third to last value from PRF -+Decrypt = RSA-2048-2 -+Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 -+Output = 4f02 -+ -+# positive test with 11 byte long value -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 -+Output = "lorem ipsum" -+ -+# positive test with 11 byte long value and zero padded ciphertext -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b -+Output = "lorem ipsum" -+ -+# positive test with 11 byte long value and zero truncated ciphertext -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b -+Output = "lorem ipsum" -+ -+# positive test with 11 byte long value and double zero padded ciphertext -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc -+Output = "lorem ipsum" -+ -+# positive test with 11 byte long value and double zero truncated ciphertext -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc -+Output = "lorem ipsum" -+ -+# positive that generates a 0 byte long synthethic message internally -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 -+Output = "lorem ipsum" -+ -+# positive that generates a 245 byte long synthethic message internally -+Availablein = default -+Decrypt = RSA-2048-2 -+Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 -+Output = "lorem ipsum" -+ -+Availablein = default -+# a random negative test that generates an 11 byte long message -+Decrypt = RSA-2048-2 -+Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2 -+Output = af9ac70191c92413cb9f2d -+ -+Availablein = default -+# an otherwise correct plaintext, but with wrong first byte -+# (0x01 instead of 0x00), generates a random 11 byte long plaintext -+Decrypt = RSA-2048-2 -+Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc3039906ff3aac904af32ec798fd65f3ad1afa2e69400e7c1de81f5728f3b3291f38263bc7a90a0563e43ce7a0d4ee9c0d8a716621ca5d3d081188769ce1b131af7d35b13dea99153579c86db31fe07d5a2c14d621b77854e48a8df41b5798563af489a291e417b6a334c63222627376118c02c53b6e86310f728734ffc86ef9d7c8bf56c0c841b24b82b59f51aee4526ba1c4268506d301e4ebc498c6aebb6fd5258c876bf900bac8ca4d309dd522f6a6343599a8bc3760f422c10c72d0ad527ce4af1874124ace3d99bb74db8d69d2528db22c3a37644640f95c05f -+Output = a1f8c9255c35cfba403ccc -+ -+Availablein = default -+# an otherwise correct plaintext, but with wrong second byte -+# (0x01 instead of 0x02), generates a random 11 byte long plaintext -+Decrypt = RSA-2048-2 -+Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d2bac96bf00d6592ea7cdc3341610c8fb07e527e5e2d20cfaf2c7f23e375431f45e998929a02f25fd95354c33838090bca838502259e92d86d568bc2cdb132fab2a399593ca60a015dc2bb1afcd64fef8a3834e17e5358d822980dc446e845b3ab4702b1ee41fe5db716d92348d5091c15d35a110555a35deb4650a5a1d2c98025d42d4544f8b32aa6a5e02dc02deaed9a7313b73b49b0d4772a3768b0ea0db5846ace6569cae677bf67fb0acf3c255dc01ec8400c963b6e49b1067728b4e563d7e1e1515664347b92ee64db7efb5452357a02fff7fcb7437abc2e579 -+Output = e6d700309ca0ed62452254 -+ -+Availablein = default -+# an invalid ciphertext, with a zero byte in first byte of -+# ciphertext, decrypts to a random 11 byte long synthethic -+# plaintext -+Decrypt = RSA-2048-2 -+Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 -+Output = ba27b1842e7c21c0e7ef6a -+ -+Availablein = default -+# an invalid ciphertext, with a zero byte removed from first byte of -+# ciphertext, decrypts to a random 11 byte long synthethic -+# plaintext -+Decrypt = RSA-2048-2 -+Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 -+Output = ba27b1842e7c21c0e7ef6a -+ -+Availablein = default -+# an invalid ciphertext, with two zero bytes in first bytes of -+# ciphertext, decrypts to a random 11 byte long synthethic -+# plaintext -+Decrypt = RSA-2048-2 -+Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 -+Output = d5cf555b1d6151029a429a -+ -+Availablein = default -+# an invalid ciphertext, with two zero bytes removed from first bytes of -+# ciphertext, decrypts to a random 11 byte long synthethic -+# plaintext -+Decrypt = RSA-2048-2 -+Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 -+Output = d5cf555b1d6151029a429a -+ -+Availablein = default -+# and invalid ciphertext, otherwise valid but starting with 000002, decrypts -+# to random 11 byte long synthethic plaintext -+Decrypt = RSA-2048-2 -+Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955 -+Output = 3d4a054d9358209e9cbbb9 -+ -+Availablein = default -+# negative test with otherwise valid padding but a zero byte in first byte -+# of padding -+Decrypt = RSA-2048-2 -+Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a940037ac516b0d6412ba44ec6b4f268a55ef1c5ffbf18a2f4e3522bb7b6ed89774b79bffa22f7d3102165565642de0d43a955e96a1f2e80e5430671d7266eb4f905dc8ff5e106dc5588e5b0289e49a4913940e392a97062616d2bda38155471b7d360cfb94681c702f60ed2d4de614ea72bf1c53160e63179f6c5b897b59492bee219108309f0b7b8cb2b136c346a5e98b8b4b8415fb1d713bae067911e3057f1c335b4b7e39101eafd5d28f0189037e4334f4fdb9038427b1d119a6702aa8233319cc97d496cc289ae8c956ddc84042659a2d43d6aa22f12b81ab884e -+Output = 1f037dd717b07d3e7f7359 -+ -+Availablein = default -+# negative test with otherwise valid padding but a zero byte at the eigth -+# byte of padding -+Decrypt = RSA-2048-2 -+Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a96460e745024436470ed85e94297b283537d52189c406a3f533cb405cc6a9dba46b482ce98b6e3dd52d8fce2237425617e38c11fbc46b61897ef200d01e4f25f5f6c4c5b38cd0de38ba11908b86595a8036a08a42a3d05b79600a97ac18ba368a08d6cf6ccb624f6e8002afc75599fba4de3d4f3ba7d208391ebe8d21f8282b18e2c10869eb2702e68f9176b42b0ddc9d763f0c86ba0ff92c957aaeab76d9ab8da52ea297ec11d92d770146faa1b300e0f91ef969b53e7d2907ffc984e9a9c9d11fb7d6cba91972059b46506b035efec6575c46d7114a6b935864858445f -+Output = 63cb0bf65fc8255dd29e17 -+ -+Availablein = default -+# negative test with an otherwise valid plaintext but with missing separator -+# byte -+Decrypt = RSA-2048-2 -+Input = 3d1b97e7aa34eaf1f4fc171ceb11dcfffd9a46a5b6961205b10b302818c1fcc9f4ec78bf18ea0cee7e9fa5b16fb4c611463b368b3312ac11cf9c06b7cf72b54e284848a508d3f02328c62c2999d0fb60929f81783c7a256891bc2ff4d91df2af96a24fc5701a1823af939ce6dbdc510608e3d41eec172ad2d51b9fc61b4217c923cadcf5bac321355ef8be5e5f090cdc2bd0c697d9058247db3ad613fdce87d2955a6d1c948a5160f93da21f731d74137f5d1f53a1923adb513d2e6e1589d44cc079f4c6ddd471d38ac82d20d8b1d21f8d65f3b6907086809f4123e08d86fb38729585de026a485d8f0e703fd4772f6668febf67df947b82195fa3867e3a3065 -+Output = 6f09a0b62699337c497b0b -+ -+# Test vectors for the Bleichenbacher workaround (2049 bit key size) -+ -+PrivateKey = RSA-2049 -+-----BEGIN RSA PRIVATE KEY----- -+MIIEpQIBAAKCAQEBVfiJVWoXdfHHp3hqULGLwoyemG7eVmfKs5uEEk6Q66dcHbCD -+rD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjIXeD+dX9uSbue1EfmAkMIANuwTOsi -+5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePfYkZQCUYx8h6v0vtbyRX/BDeazRES -+9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+UFVTQRwRnUFw89UHqCJffyfQAzssp -+j/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/krw6A+qFdsQX8kAHteT3UBEFtUTen6 -+3N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQlwIDAQABAoIBAQEZwrP1CnrWFSZ5 -+1/9RCVisLYym8AKFkvMy1VoWc2F4qOZ/F+cFzjAOPodUclEAYBP5dNCj20nvNEyl -+omo0wEUHBNDkIuDOI6aUJcFf77bybhBu7/ZMyLnXRC5NpOjIUAjq6zZYWaIpT6OT -+e8Jr5WMy59geLBYO9jXMUoqnvlXmM6cj28Hha6KeUrKa7y+eVlT9wGZrsPwlSsvo -+DmOHTw9fAgeC48nc/CUg0MnEp7Y05FA/u0k+Gq/us/iL16EzmHJdrm/jmed1zV1M -+8J/IODR8TJjasaSIPM5iBRNhWvqhCmM2jm17ed9BZqsWJznvUVpEAu4eBgHFpVvH -+HfDjDt+BAoGBAYj2k2DwHhjZot4pUlPSUsMeRHbOpf97+EE99/3jVlI83JdoBfhP -+wN3sdw3wbO0GXIETSHVLNGrxaXVod/07PVaGgsh4fQsxTvasZ9ZegTM5i2Kgg8D4 -+dlxa1A1agfm73OJSftfpUAjLECnLTKvR+em+38KGyWVSJV2n6rGSF473AoGBAN7H -+zxHa3oOkxD0vgBl/If1dRv1XtDH0T+gaHeN/agkf/ARk7ZcdyFCINa3mzF9Wbzll -+YTqLNnmMkubiP1LvkH6VZ+NBvrxTNxiWJfu+qx87ez+S/7JoHm71p4SowtePfC2J -+qqok0s7b0GaBz+ZcNse/o8W6E1FiIi71wukUyYNhAoGAEgk/OnPK7dkPYKME5FQC -++HGrMsjJVbCa9GOjvkNw8tVYSpq7q2n9sDHqRPmEBl0EYehAqyGIhmAONxVUbIsL -+ha0m04y0MI9S0H+ZRH2R8IfzndNAONsuk46XrQU6cfvtZ3Xh3IcY5U5sr35lRn2c -+ut3H52XIWJ4smN/cJcpOyoECgYEAjM5hNHnPlgj392wkXPkbtJXWHp3mSISQVLTd -+G0MW8/mBQg3AlXi/eRb+RpHPrppk5jQLhgMjRSPyXXe2amb8PuWTqfGN6l32PtX3 -+3+udILpppb71Wf+w7JTbcl9v9uq7o9SVR8DKdPA+AeweSQ0TmqCnlHuNZizOSjwP -+G16GF0ECgYEA+ZWbNMS8qM5IiHgbMbHptdit9dDT4+1UXoNn0/hUW6ZEMriHMDXv -+iBwrzeANGAn5LEDYeDe1xPms9Is2uNxTpZVhpFZSNALR6Po68wDlTJG2PmzuBv5t -+5mbzkpWCoD4fRU53ifsHgaTW+7Um74gWIf0erNIUZuTN2YrtEPTnb3k= -+-----END RSA PRIVATE KEY----- -+ -+# corresponding public key -+PublicKey = RSA-2049-PUBLIC -+-----BEGIN PUBLIC KEY----- -+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEBVfiJVWoXdfHHp3hqULGL -+woyemG7eVmfKs5uEEk6Q66dcHbCDrD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjI -+XeD+dX9uSbue1EfmAkMIANuwTOsi5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePf -+YkZQCUYx8h6v0vtbyRX/BDeazRES9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+U -+FVTQRwRnUFw89UHqCJffyfQAzsspj/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/kr -+w6A+qFdsQX8kAHteT3UBEFtUTen63N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQ -+lwIDAQAB -+-----END PUBLIC KEY----- -+ -+PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC -+ -+# RSA decrypt -+ -+Availablein = default -+# malformed that generates length specified by 3rd last value from PRF -+Decrypt = RSA-2049 -+Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894 -+Output = 42 -+ -+# simple positive test case -+Availablein = default -+Decrypt = RSA-2049 -+Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967 -+Output = "lorem ipsum" -+ -+# positive test case with null padded ciphertext -+Availablein = default -+Decrypt = RSA-2049 -+Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 -+Output = "lorem ipsum" -+ -+# positive test case with null truncated ciphertext -+Availablein = default -+Decrypt = RSA-2049 -+Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 -+Output = "lorem ipsum" -+ -+# positive test case with double null padded ciphertext -+Availablein = default -+Decrypt = RSA-2049 -+Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 -+Output = "lorem ipsum" -+ -+# positive test case with double null truncated ciphertext -+Availablein = default -+Decrypt = RSA-2049 -+Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 -+Output = "lorem ipsum" -+ -+Availablein = default -+# a random negative test case that generates an 11 byte long message -+Decrypt = RSA-2049 -+Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca -+Output = 1189b6f5498fd6df532b00 -+ -+Availablein = default -+# otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00) -+Decrypt = RSA-2049 -+Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff -+Output = f6d0f5b78082fe61c04674 -+ -+Availablein = default -+# otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) -+Decrypt = RSA-2049 -+Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 -+Output = 1ab287fcef3ff17067914d -+ -+# RSA decrypt with 3072 bit keys -+PrivateKey = RSA-3072 -+-----BEGIN RSA PRIVATE KEY----- -+MIIG5AIBAAKCAYEAr9ccqtXp9bjGw2cHCkfxnX5mrt4YpbJ0H7PE0zQ0VgaSotkJ -+72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjdvwDdu+OG0zuNDiKxtEk23EiYcbhS -+N7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni5QyIPH16wQ7Wp02ayQ35EpkFoX1K -+CHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3VxUosvFxargW1uygcnveqYBZMpcw64 -+wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx7S/IPlcZnP5ZCLEAh+J/vZfSwkIU -+YZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+vEN0V6VI3gMfVrlgJStUlqQY7TDP5 -+XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/gaEJANFIIOuAGvTxpZbEuc6aUx/P -+ilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDkooCElYcob01/JWzoXl61Z5sdrMH5 -+CVZJty5foHKusAN5AgMBAAECggGAJRfqyzr+9L/65gOY35lXpdKhVKgzaNjhWEKy -+9Z7gn3kZe9LvHprdr4eG9rQSdEdAXjBCsh8vULeqc3cWgMO7y2wiWl1f9rVsRxwY -+gqCjOwrxZaPtbCSdx3g+a8dYrDfmVy0z/jJQeO2VJlDy65YEkC75mlEaERnRPE/J -+pDoXXc37+xoUAP4XCTtpzTzbiV9lQy6iGV+QURxzNrWKaF2s/y2vTF6S5WWxZlrm -+DlErqplluAjV/xGc63zWksv5IAZ6+s2An2a+cG2iaBCseQ2xVslI5v5YG8mEkVf0 -+2kk/OmSwxuEZ4DGxB/hDbOKRYLRYuPnxCV/esZJjOE/1OHVXvE8QtANN6EFwO60s -+HnacI4U+tjCjbRBh3UbipruvdDqX8LMsNvUMGjci3vOjlNkcLgeL8J15Xs3l5WuC -+Avl0Am91/FbpoN1qiPLny3jvEpjMbGUgfKRb03GIgHtPzbHmDdjluFZI+376i2/d -+RI85dBqNmAn+Fjrz3kW6wkpahByBAoHBAOSj2DDXPosxxoLidP/J/RKsMT0t0FE9 -+UFcNt+tHYv6hk+e7VAuUqUpd3XQqz3P13rnK4xvSOsVguyeU/WgmH4ID9XGSgpBP -+Rh6s7izn4KAJeqfI26vTPxvyaZEqB4JxT6k7SerENus95zSn1v/f2MLBQ16EP8cJ -++QSOVCoZfEhUK+srherQ9eZKpj0OwBUrP4VhLdymv96r8xddWX1AVj4OBi2RywKI -+gAgv6fjwkb292jFu6x6FjKRNKwKK6c3jqQKBwQDE4c0Oz0KYYV4feJun3iL9UJSv -+StGsKVDuljA4WiBAmigMZTii/u0DFEjibiLWcJOnH53HTr0avA6c6D1nCwJ2qxyF -+rHNN2L+cdMx/7L1zLR11+InvRgpIGbpeGwHeIzJVUYG3b6llRJMZimBvAMr9ipM1 -+bkVvIjt1G9W1ypeuKzm6d/t8F0yC7AIYZWDV4nvxiiY8whLZzGawHR2iZz8pfUwb -+7URbTvxdsGE27Kq9gstU0PzEJpnU1goCJ7/gA1ECgcBA8w5B6ZM5xV0H5z6nPwDm -+IgYmw/HucgV1hU8exfuoK8wxQvTACW4B0yJKkrK11T1899aGG7VYRn9D4j4OLO48 -+Z9V8esseJXbc1fEezovvymGOci984xiFXtqAQzk44+lmQJJh33VeZApe2eLocvVH -+ddEmc1kOuJWFpszf3LeCcG69cnKrXsrLrZ8Frz//g3aa9B0sFi5hGeWHWJxISVN2 -+c1Nr9IN/57i/GqVTcztjdCAcdM7Tr8phDg7OvRlnxGkCgcEAuYhMFBuulyiSaTff -+/3ZvJKYOJ45rPkEFGoD/2ercn+RlvyCYGcoAEjnIYVEGlWwrSH+b0NlbjVkQsD6O -+to8CeE/RpgqX8hFCqC7NE/RFp8cpDyXy3j/zqnRMUyhCP1KNuScBBZs9V8gikxv6 -+ukBWCk3PYbeTySHKRBbB8vmCrMfhM96jaBIQsQO1CcZnVceDo1/bnsAIwaREVMxr -+Q8LmG7QOx/Z0x1MMsUFoqzilwccC09/JgxMZPh+h+Nv6jiCxAoHBAOEqQgFAfSdR -+ya60LLH55q803NRFMamuKiPbVJLzwiKfbjOiiopmQOS/LxxqIzeMXlYV4OsSvxTo -+G7mcTOFRtU5hKCK+t8qeQQpa/dsMpiHllwArnRyBjIVgL5lFKRpHUGLsavU/T1IH -+mtgaxZo32dXvcAh1+ndCHVBwbHTOF4conA+g+Usp4bZSSWn5nU4oIizvSVpG7SGe -+0GngdxH9Usdqbvzcip1EKeHRTZrHIEYmB+x0LaRIB3dwZNidK3TkKw== -+-----END RSA PRIVATE KEY----- -+ -+PublicKey = RSA-3072-PUBLIC -+-----BEGIN PUBLIC KEY----- -+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr9ccqtXp9bjGw2cHCkfx -+nX5mrt4YpbJ0H7PE0zQ0VgaSotkJ72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjd -+vwDdu+OG0zuNDiKxtEk23EiYcbhSN7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni -+5QyIPH16wQ7Wp02ayQ35EpkFoX1KCHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3Vx -+UosvFxargW1uygcnveqYBZMpcw64wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx -+7S/IPlcZnP5ZCLEAh+J/vZfSwkIUYZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+v -+EN0V6VI3gMfVrlgJStUlqQY7TDP5XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/ -+gaEJANFIIOuAGvTxpZbEuc6aUx/PilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDk -+ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= -+-----END PUBLIC KEY----- -+ -+PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC -+ -+Availablein = default -+# a random invalid ciphertext that generates an empty synthethic one -+Decrypt = RSA-3072 -+Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59 -+Output = -+ -+Availablein = default -+# a random invalid that has PRF output with a length one byte too long -+# in the last value -+Decrypt = RSA-3072 -+Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa28b791188374b61916dbc11339bf14b06f5f3f68c206c5607380e13da3129bfb744157e1527dd6fdf6651248b028a496ae1b97702d44706043cdaa7a59c0f41367303f21f268968bf3bd2904db3ae5239b55f8b438d93d7db9d1666c071c0857e2ec37757463769c54e51f052b2a71b04c2869e9e7049a1037b8429206c99726f07289bac18363e7eb2a5b417f47c37a55090cda676517b3549c873f2fe95da9681752ec9864b069089a2ed2f340c8b04ee00079055a817a3355b46ac7dc00d17f4504ccfbcfcadb0c04cb6b22069e179385ae1eafabad5521bac2b8a8ee1dfff59a22eb3fdacfc87175d10d7894cfd869d056057dd9944b869c1784fcc27f731bc46171d39570fbffbadf082d33f6352ecf44aca8d9478e53f5a5b7c852b401e8f5f74da49da91e65bdc97765a9523b7a0885a6f8afe5759d58009fbfa837472a968e6ae92026a5e0202a395483095302d6c3985b5f5831c521a271 -+Output = 56a3bea054e01338be9b7d7957539c -+ -+Availablein = default -+# a random invalid that generates a synthethic of maximum size -+Decrypt = RSA-3072 -+Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6 -+Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04 -+ -+# a positive test case that decrypts to 9 byte long value -+Availablein = default -+Decrypt = RSA-3072 -+Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde -+Output = "forty two" -+ -+# a positive test case with null padded ciphertext -+Availablein = default -+Decrypt = RSA-3072 -+Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 -+Output = "forty two" -+ -+# a positive test case with null truncated ciphertext -+Availablein = default -+Decrypt = RSA-3072 -+Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 -+Output = "forty two" -+ -+# a positive test case with double null padded ciphertext -+Availablein = default -+Decrypt = RSA-3072 -+Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 -+Output = "forty two" -+ -+# a positive test case with double null truncated ciphertext -+Availablein = default -+Decrypt = RSA-3072 -+Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 -+Output = "forty two" -+ -+Availablein = default -+# a random negative test case that generates a 9 byte long message -+Decrypt = RSA-3072 -+Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56 -+Output = 257906ca6de8307728 -+ -+Availablein = default -+# a random negative test case that generates a 9 byte long message based on -+# second to last value from PRF -+Decrypt = RSA-3072 -+Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a03a2c10eb624a63322d854da195c017b76fea83e274fa371834dcd2f3b7accf433fc212ad76c0bac366e1ed32e25b279f94129be7c64d6e162adc08ccebc0cfe8e926f01c33ab9c065f0e0ac83ae5137a4cb66702615ad68a35707d8676d2740d7c1a954680c83980e19778ed11eed3a7c2dbdfc461a9bbef671c1bc00c882d361d29d5f80c42bdf5efec886c34138f83369c6933b2ac4e93e764265351b4a0083f040e14f511f09b22f96566138864e4e6ff24da4810095da98e0585410951538ced2f757a277ff8e17172f06572c9024eeae503f176fd46eb6c5cd9ba07af11cde31dccac12eb3a4249a7bfd3b19797ad1656984bfcbf6f74e8f99d8f1ac420811f3d166d87f935ef15ae858cf9e72c8e2b547bf16c3fb09a8c9bf88fd2e5d38bf24ed610896131a84df76b9f920fe76d71fff938e9199f3b8cd0c11fd0201f9139d7673a871a9e7d4adc3bbe360c8813617cd60a90128fbe34c9d5 -+Output = 043383c929060374ed -+ -+Availablein = default -+# a random negative test that generates message based on 3rd last value from -+# PRF -+Decrypt = RSA-3072 -+Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf4868174a91d7601a82975d2255190d28b869141d7c395f0b8c4e2be2b2c1b4ffc12ce749a6f6803d4cfe7fba0a8d6949c04151f981c0d84592aa2ff25d1bd3ce5d10cb03daca6b496c6ad40d30bfa8acdfd02cdb9326c4bdd93b949c9dc46caa8f0e5f429785bce64136a429a3695ee674b647452bea1b0c6de9c5f1e8760d5ef6d5a9cfff40457b023d3c233c1dcb323e7808103e73963b2eafc928c9eeb0ee3294955415c1ddd9a1bb7e138fecd79a3cb89c57bd2305524624814aaf0fd1acbf379f7f5b39421f12f115ba488d380586095bb53f174fae424fa4c8e3b299709cd344b9f949b1ab57f1c645d7ed3c8f81d5594197355029fee8960970ff59710dc0e5eb50ea6f4c3938e3f89ed7933023a2c2ddffaba07be147f686828bd7d520f300507ed6e71bdaee05570b27bc92741108ac2eb433f028e138dd6d63067bc206ea2d826a7f41c0d613daed020f0f30f4e272e9618e0a8c39018a83 -+Output = 70263fa6050534b9e0 -+ -+Availablein = default -+# an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00) -+Decrypt = RSA-3072 -+Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62 -+Output = 6d8d3a094ff3afff4c -+ -+Availablein = default -+# an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02) -+Decrypt = RSA-3072 -+Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936 -+Output = c6ae80ffa80bc184b0 -+ -+Availablein = default -+# an otherwise valid plaintext, but with zero byte in first byte of padding -+Decrypt = RSA-3072 -+Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0 -+Output = a8a9301daa01bb25c7 -+ -+Availablein = default -+# an otherwise valid plaintext, but with zero byte in eight byte of padding -+Decrypt = RSA-3072 -+Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571 -+Output = 6c716fe01d44398018 -+ -+Availablein = default -+# an otherwise valid plaintext, but with null separator missing -+Decrypt = RSA-3072 -+Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 -+Output = aa2de6cde4e2442884 -+ - # RSA PSS key tests - - # PSS only key, no parameter restrictions diff --git a/ec_curve.c b/ec_curve.c new file mode 100644 index 0000000..64ac40b --- /dev/null +++ b/ec_curve.c @@ -0,0 +1,628 @@ +/* + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * ECDSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include "ec_local.h" +#include +#include +#include +#include +#include "internal/nelem.h" + +typedef struct { + int field_type, /* either NID_X9_62_prime_field or + * NID_X9_62_characteristic_two_field */ + seed_len, param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ +} EC_CURVE_DATA; + +/* the nist prime curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; +} _EC_NIST_PRIME_224 = { + { + NID_X9_62_prime_field, 20, 28, 1 + }, + { + /* seed */ + 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, + 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, + /* b */ + 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, + 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, + 0x23, 0x55, 0xFF, 0xB4, + /* x */ + 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, + 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, + 0x11, 0x5C, 0x1D, 0x21, + /* y */ + 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, + 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, + 0x85, 0x00, 0x7e, 0x34, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, + 0x5C, 0x5C, 0x2A, 0x3D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 48 * 6]; +} _EC_NIST_PRIME_384 = { + { + NID_X9_62_prime_field, 20, 48, 1 + }, + { + /* seed */ + 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, + 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, + 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, + 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, + 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, + /* x */ + 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, + 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, + 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, + 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, + /* y */ + 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, + 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, + 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, + 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, + 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 66 * 6]; +} _EC_NIST_PRIME_521 = { + { + NID_X9_62_prime_field, 20, 66, 1 + }, + { + /* seed */ + 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, + /* p */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, + 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, + 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, + 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, + 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, + 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, + /* x */ + 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, + 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, + 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, + 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, + 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, + 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, + /* y */ + 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, + 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, + 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, + 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, + 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, + 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + /* order */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, + 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, + 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, + 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 32 * 6]; +} _EC_X9_62_PRIME_256V1 = { + { + NID_X9_62_prime_field, 20, 32, 1 + }, + { + /* seed */ + 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, + 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, + 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, + 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, + /* x */ + 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, + 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, + 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, + /* y */ + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, + 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_SECG_PRIME_256K1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, + /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + /* x */ + 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, + 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, + 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, + /* y */ + 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, + 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, + 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, + 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 + } +}; + +typedef struct _ec_list_element_st { + int nid; + const EC_CURVE_DATA *data; + const EC_METHOD *(*meth) (void); + const char *comment; +} ec_list_element; + +#ifdef FIPS_MODULE +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ + {NID_secp224r1, &_EC_NIST_PRIME_224.h, +# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp224_method, +# else + 0, +# endif + "NIST/SECG curve over a 224 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +# else + 0, +# endif + "NIST/SECG curve over a 384 bit prime field"}, + + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +# else + 0, +# endif + "NIST/SECG curve over a 521 bit prime field"}, + + /* X9.62 curves */ + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +# if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +# else + 0, +# endif + "X9.62/SECG curve over a 256 bit prime field"}, +}; + +#else + +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +# else + {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, + "NIST/SECG curve over a 224 bit prime field"}, +# endif + {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, + "SECG curve over a 256 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +# else + 0, +# endif + "NIST/SECG curve over a 384 bit prime field"}, + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +# else + 0, +# endif + "NIST/SECG curve over a 521 bit prime field"}, + /* X9.62 curves */ + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +# if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +# else + 0, +# endif + "X9.62/SECG curve over a 256 bit prime field"}, +}; +#endif /* FIPS_MODULE */ + +#define curve_list_length OSSL_NELEM(curve_list) + +static const ec_list_element *ec_curve_nid2curve(int nid) +{ + size_t i; + + if (nid <= 0) + return NULL; + + for (i = 0; i < curve_list_length; i++) { + if (curve_list[i].nid == nid) + return &curve_list[i]; + } + return NULL; +} + +static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, + const char *propq, + const ec_list_element curve) +{ + EC_GROUP *group = NULL; + EC_POINT *P = NULL; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = + NULL; + int ok = 0; + int seed_len, param_len; + const EC_METHOD *meth; + const EC_CURVE_DATA *data; + const unsigned char *params; + + /* If no curve data curve method must handle everything */ + if (curve.data == NULL) + return ossl_ec_group_new_ex(libctx, propq, + curve.meth != NULL ? curve.meth() : NULL); + + if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); + goto err; + } + + data = curve.data; + seed_len = data->seed_len; + param_len = data->param_len; + params = (const unsigned char *)(data + 1); /* skip header */ + params += seed_len; /* skip seed */ + + if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL + || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL + || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); + goto err; + } + + if (curve.meth != 0) { + meth = curve.meth(); + if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || + (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } else if (data->field_type == NID_X9_62_prime_field) { + if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* field_type == + * NID_X9_62_characteristic_two_field */ + + if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } +#endif + + EC_GROUP_set_curve_name(group, curve.nid); + + if ((P = EC_POINT_new(group)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + + if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL + || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL + || !BN_set_word(x, (BN_ULONG)data->cofactor)) { + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); + goto err; + } + if (!EC_GROUP_set_generator(group, P, order, x)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + if (seed_len) { + if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } + ok = 1; + err: + if (!ok) { + EC_GROUP_free(group); + group = NULL; + } + EC_POINT_free(P); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); + return group; +} + +EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, + int nid) +{ + EC_GROUP *ret = NULL; + const ec_list_element *curve; + + if ((curve = ec_curve_nid2curve(nid)) == NULL + || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { +#ifndef FIPS_MODULE + ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, + "name=%s", OBJ_nid2sn(nid)); +#else + ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); +#endif + return NULL; + } + + return ret; +} + +#ifndef FIPS_MODULE +EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +{ + return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); +} +#endif + +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) +{ + size_t i, min; + + if (r == NULL || nitems == 0) + return curve_list_length; + + min = nitems < curve_list_length ? nitems : curve_list_length; + + for (i = 0; i < min; i++) { + r[i].nid = curve_list[i].nid; + r[i].comment = curve_list[i].comment; + } + + return curve_list_length; +} + +const char *EC_curve_nid2nist(int nid) +{ + return ossl_ec_curve_nid2nist_int(nid); +} + +int EC_curve_nist2nid(const char *name) +{ + return ossl_ec_curve_nist2nid_int(name); +} + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_GROUP_get_field_type(group); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/ectest.c b/ectest.c new file mode 100644 index 0000000..2ba662f --- /dev/null +++ b/ectest.c @@ -0,0 +1,2311 @@ +/* + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * EC_KEY low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include "internal/nelem.h" +#include "testutil.h" + +#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static size_t crv_len = 0; +static EC_builtin_curve *curves = NULL; + +/* test multiplication with group order, long and negative scalars */ +static int group_order_tests(EC_GROUP *group) +{ + BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; + const EC_POINT *G = NULL; + BN_CTX *ctx = NULL; + int i = 0, r = 0; + + if (!TEST_ptr(n1 = BN_new()) + || !TEST_ptr(n2 = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(S = EC_POINT_new(group))) + goto err; + + if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) +#ifndef OPENSSL_NO_DEPRECATED_3_0 + || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) +#endif + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(BN_one(n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + || !TEST_true(BN_sub(n1, order, n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + + for (i = 1; i <= 2; i++) { +#ifndef OPENSSL_NO_DEPRECATED_3_0 + const BIGNUM *scalars[6]; + const EC_POINT *points[6]; +#endif + + if (!TEST_true(BN_set_word(n1, i)) + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx))) + || !TEST_true(BN_one(n1)) + /* n1 = 1 - order */ + || !TEST_true(BN_sub(n1, n1, order)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = 1 + order */ + || !TEST_true(BN_add(n2, order, BN_value_one())) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + || !TEST_true(BN_mul(n2, n1, n2, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + + /* n2 = order^2 - 1 */ + BN_set_negative(n2, 0); + if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + /* Add P to verify the result. */ + || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_false(EC_POINT_is_at_infinity(group, P))) + goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Exercise EC_POINTs_mul, including corner cases. */ + scalars[0] = scalars[1] = BN_value_one(); + points[0] = points[1] = P; + + if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx))) + goto err; + + scalars[0] = n1; + points[0] = Q; /* => infinity */ + scalars[1] = n2; + points[1] = P; /* => -P */ + scalars[2] = n1; + points[2] = Q; /* => infinity */ + scalars[3] = n2; + points[3] = Q; /* => infinity */ + scalars[4] = n1; + points[4] = P; /* => P */ + scalars[5] = n2; + points[5] = Q; /* => infinity */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; +#endif + } + + r = 1; +err: + if (r == 0 && i != 0) + TEST_info(i == 1 ? "allowing precomputation" : + "without precomputation"); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + EC_POINT_free(S); + BN_free(n1); + BN_free(n2); + BN_free(order); + BN_CTX_free(ctx); + return r; +} + +static int prime_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; + EC_GROUP *group = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; +#endif + unsigned char buf[100]; + size_t len, r = 0; + int k; + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + /* + * applications should use EC_GROUP_new_curve_GFp so + * that the library gets to choose the EC_METHOD + */ + || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) + goto err; + + buf[0] = 0; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(yplusone = BN_new())) + goto err; + + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + + if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" + "5044B0B7D7BFD8BA270B39432355FFB4")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" + "4A03C1D356C21122343280D6115C1D21")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF16A2E0B8F03E13DD29455C5C2A3D")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-224 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" + "CD4375A05A07476444D5819985007E34")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 224) + || !group_order_tests(group) + + /* Curve P-256 (FIPS PUB 186-2, App. 6) */ + + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" + "651D06B0CC53B0F63BCE3C3E27D2604B")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" + "BCE6FAADA7179E84F3B9CAC2FC632551")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-256 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 256) + || !group_order_tests(group) + + /* Curve P-384 (FIPS PUB 186-2, App. 6) */ + + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFF")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" + "181D9C6EFE8141120314088F5013875A" + "C656398D8A2ED19D2A85C8EDD3EC2AEF")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" + "6E1D3B628BA79B9859F741E082542A38" + "5502F25DBF55296C3A545E3872760AB7")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFC7634D81F4372DDF" + "581A0DB248B0A77AECEC196ACCC52973")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-384 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29" + "F8F41DBD289A147CE9DA3113B5F0B8C0" + "0A60B1CE1D7E819D7A431D7C90EA0E5F")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 384) + || !group_order_tests(group) + + /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + || !TEST_true(BN_hex2bn(&p, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "051" + "953EB9618E1C9A1F929A21A0B68540EE" + "A2DA725B99B315F3B8B489918EF109E1" + "56193951EC7E937B1652C0BD3BB1BF07" + "3573DF883D2C34F1EF451FD46B503F00")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "C6" + "858E06B70404E9CD9E3ECB662395B442" + "9C648139053FB521F828AF606B4D3DBA" + "A14B5E77EFE75928FE1DC127A2FFA8DE" + "3348B3C1856A429BF97E7E31C2E5BD66")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" + "51868783BF2F966B7FCC0148F709A5D0" + "3BB5C9B8899C47AEBB6FB71E91386409")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-521 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "118" + "39296A789A3BC0045C8A5FB42C7D1BD9" + "98F54449579B446817AFBD17273E662C" + "97EE72995EF42640C550B9013FAD0761" + "353C7086A272C24088BE94769FD16650")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 521) + || !group_order_tests(group) + + /* more tests using the last curve */ + + /* Restore the point that got mangled in the (x, y + 1) test. */ + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_copy(Q, P)) + || !TEST_false(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) + || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_false(EC_POINT_is_at_infinity(group, Q))) + goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + TEST_note("combined multiplication ..."); + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; + + if (!TEST_true(EC_GROUP_get_order(group, z, ctx)) + || !TEST_true(BN_add(y, z, BN_value_one())) + || !TEST_BN_even(y) + || !TEST_true(BN_rshift1(y, y))) + goto err; + + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + /* z is still the group order */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) + || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_add(z, z, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_add(z, x, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!TEST_ptr(scalar3 = BN_new())) + goto err; + BN_zero(scalar3); + scalars[3] = scalar3; + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; +#endif + TEST_note(" ok\n"); + r = 1; +err: + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(yplusone); + BN_free(scalar3); + return r; +} + +static int internal_curve_test(int n) +{ + EC_GROUP *group = NULL; + int nid = curves[n].nid; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", + OBJ_nid2sn(nid)); + return 0; + } + if (!TEST_true(EC_GROUP_check(group, NULL))) { + TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid)); + EC_GROUP_free(group); + return 0; + } + EC_GROUP_free(group); + return 1; +} + +static int internal_curve_test_method(int n) +{ + int r, nid = curves[n].nid; + EC_GROUP *group; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("Curve %s failed\n", OBJ_nid2sn(nid)); + return 0; + } + r = group_order_tests(group); + EC_GROUP_free(group); + return r; +} + +static int group_field_test(void) +{ + int r = 1; + BIGNUM *secp521r1_field = NULL; + BIGNUM *sect163r2_field = NULL; + EC_GROUP *secp521r1_group = NULL; + EC_GROUP *sect163r2_group = NULL; + + BN_hex2bn(&secp521r1_field, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF"); + + + BN_hex2bn(§163r2_field, + "08000000000000000000000000000000" + "00000000C9"); + + secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1); + if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group))) + r = 0; + + # ifndef OPENSSL_NO_EC2M + sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2); + if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group))) + r = 0; + # endif + + EC_GROUP_free(secp521r1_group); + EC_GROUP_free(sect163r2_group); + BN_free(secp521r1_field); + BN_free(sect163r2_field); + return r; +} +/* + * nistp_test_params contains magic numbers for testing + * several NIST curves with characteristic > 3. + */ +struct nistp_test_params { + const int nid; + int degree; + /* + * Qx, Qy and D are taken from + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * Otherwise, values are standard curve parameters from FIPS 180-3 + */ + const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; +}; + +static const struct nistp_test_params nistp_tests_params[] = { + { + /* P-224 */ + NID_secp224r1, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, + { + /* P-256 */ + NID_X9_62_prime256v1, + 256, + /* p */ + "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + /* a */ + "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + /* b */ + "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + /* Qx */ + "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", + /* Qy */ + "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", + /* Gx */ + "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + /* Gy */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + /* order */ + "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + /* d */ + "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", + }, + { + /* P-521 */ + NID_secp521r1, + 521, + /* p */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + /* a */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + /* b */ + "051" + "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" + "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + /* Qx */ + "0098" + "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" + "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + /* Qy */ + "0164" + "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" + "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + /* Gx */ + "c6" + "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" + "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + /* Gy */ + "118" + "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" + "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + /* order */ + "1ff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" + "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + /* d */ + "0100" + "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" + "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + }, +}; + +static int nistp_single_test(int idx) +{ + const struct nistp_test_params *test = nistp_tests_params + idx; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; + BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL; + EC_GROUP *NISTP = NULL; + EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL; + int r = 0; + + TEST_note("NIST curve P-%d (optimised implementation):", + test->degree); + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + + || !TEST_ptr(NISTP = EC_GROUP_new_by_curve_name(test->nid)) + || !TEST_true(BN_hex2bn(&p, test->p)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, test->a)) + || !TEST_true(BN_hex2bn(&b, test->b)) + || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) + || !TEST_ptr(G = EC_POINT_new(NISTP)) + || !TEST_ptr(P = EC_POINT_new(NISTP)) + || !TEST_ptr(Q = EC_POINT_new(NISTP)) + || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP)) + || !TEST_true(BN_hex2bn(&x, test->Qx)) + || !TEST_true(BN_hex2bn(&y, test->Qy)) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, + yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, + ctx)) + || !TEST_true(BN_hex2bn(&x, test->Gx)) + || !TEST_true(BN_hex2bn(&y, test->Gy)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) + || !TEST_true(BN_hex2bn(&order, test->order)) + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) + goto err; + + TEST_note("NIST test vectors ... "); + if (!TEST_true(BN_hex2bn(&n, test->d))) + goto err; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* set generator to P = 2*G, where G is the standard generator */ + || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx)) + || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + /* set the scalar to m=n/2, where n is the NIST test scalar */ + || !TEST_true(BN_rshift(m, n, 1))) + goto err; + + /* test the non-standard generator */ + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* We have not performed precomp so this should be false */ + || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) + /* now repeat all tests with precomputation */ + || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) +#endif + ) + goto err; + + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* reset generator */ + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) + goto err; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + + /* regression test for felem_neg bug */ + if (!TEST_true(BN_set_word(m, 32)) + || !TEST_true(BN_set_word(n, 31)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) + || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) + goto err; + + r = 1; +err: + EC_GROUP_free(NISTP); + EC_POINT_free(G); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(Q_CHECK); + BN_free(n); + BN_free(m); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(x); + BN_free(y); + BN_free(order); + BN_free(yplusone); + BN_CTX_free(ctx); + return r; +} + +static const unsigned char p521_named[] = { + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, +}; + +static const unsigned char p521_explicit[] = { + 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, + 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, + 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, + 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, + 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, + 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, + 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, + 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, + 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, + 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, + 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, + 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, + 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, + 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, + 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, + 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, + 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, + 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, +}; + +/* + * This test validates a named curve's group parameters using + * EC_GROUP_check_named_curve(). It also checks that modifying any of the + * group parameters results in the curve not being valid. + */ +static int check_named_curve_test(int id) +{ + int ret = 0, nid, field_nid, has_seed; + EC_GROUP *group = NULL, *gtest = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_p = NULL, *group_a = NULL, *group_b = NULL; + BIGNUM *other_p = NULL, *other_a = NULL, *other_b = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_order = NULL; + const BIGNUM *group_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(bn_ctx = BN_CTX_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(gtest = EC_GROUP_dup(group)) + || !TEST_ptr(group_p = BN_new()) + || !TEST_ptr(group_a = BN_new()) + || !TEST_ptr(group_b = BN_new()) + || !TEST_ptr(group_cofactor = BN_new()) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_ptr(other_order = BN_dup(group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_ptr(other_a = BN_dup(group_a)) + || !TEST_true(BN_add_word(other_a, 1)) + || !TEST_ptr(other_b = BN_dup(group_b)) + || !TEST_true(BN_add_word(other_b, 1)) + || !TEST_ptr(other_cofactor = BN_dup(group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + /* Determine if the built-in curve has a seed field set */ + has_seed = (EC_GROUP_get_seed_len(group) > 0); + field_nid = EC_GROUP_get_field_type(group); + if (field_nid == NID_X9_62_characteristic_two_field) { + if (!TEST_ptr(other_p = BN_dup(group_p)) + || !TEST_true(BN_lshift1(other_p, other_p))) + goto err; + } else { + if (!TEST_ptr(other_p = BN_dup(group_p))) + goto err; + /* + * Just choosing any arbitrary prime does not work.. + * Setting p via ec_GFp_nist_group_set_curve() needs the prime to be a + * nist prime. So only select one of these as an alternate prime. + */ + if (!TEST_ptr(BN_copy(other_p, + BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? + BN_get0_nist_prime_256() : + BN_get0_nist_prime_192()))) + goto err; + } + + /* Passes because this is a valid curve */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid) + /* Only NIST curves pass */ + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL), + EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) + goto err; + + /* Fail if the curve name doesn't match the parameters */ + EC_GROUP_set_curve_name(group, nid + 1); + ERR_set_mark(); + if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0, NULL), 0)) + goto err; + ERR_pop_to_mark(); + + /* Restore curve name and ensure it's passing */ + EC_GROUP_set_curve_name(group, nid); + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + + if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len), + invalid_seed_len)) + goto err; + + if (has_seed) { + /* + * If the built-in curve has a seed and we set the seed to another value + * then it will fail the check. + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), 0)) + goto err; + } else { + /* + * If the built-in curve does not have a seed then setting the seed will + * pass the check (as the seed is optional). + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + } + /* Pass if the seed is unknown (as it is optional) */ + if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1) + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + + /* Check that a duped group passes */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + /* check that changing any generator parameter fails */ + if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL, + group_cofactor)) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + other_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + /* Check that if the cofactor is not set then it still passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + /* + * check that changing any curve parameter fails + * + * Setting arbitrary p, a or b might fail for some EC_GROUPs + * depending on the internal EC_METHOD implementation, hence run + * these tests conditionally to the success of EC_GROUP_set_curve(). + */ + ERR_set_mark(); + if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + ERR_pop_to_mark(); + + /* Check that restoring the curve parameters passes */ + if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + ret = 1; +err: + BN_free(group_p); + BN_free(other_p); + BN_free(group_a); + BN_free(other_a); + BN_free(group_b); + BN_free(other_b); + BN_free(group_cofactor); + BN_free(other_cofactor); + BN_free(other_order); + EC_POINT_free(other_gen); + EC_GROUP_free(gtest); + EC_GROUP_free(group); + BN_CTX_free(bn_ctx); + return ret; +} + +/* + * This checks the lookup capability of EC_GROUP_check_named_curve() + * when the given group was created with explicit parameters. + * + * It is possible to retrieve an alternative alias that does not match + * the original nid in this case. + */ +static int check_named_curve_lookup_test(int id) +{ + int ret = 0, nid, rv = 0; + EC_GROUP *g = NULL , *ga = NULL; + ECPARAMETERS *p = NULL, *pa = NULL; + BN_CTX *ctx = NULL; + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(p = EC_GROUP_get_ecparameters(g, NULL))) + goto err; + + /* replace with group from explicit parameters */ + EC_GROUP_free(g); + if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p))) + goto err; + + if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0, NULL), 0)) + goto err; + if (rv != nid) { + /* + * Found an alias: + * fail if the returned nid is not an alias of the original group. + * + * The comparison here is done by comparing two explicit + * parameter EC_GROUPs with EC_GROUP_cmp(), to ensure the + * comparison happens with unnamed EC_GROUPs using the same + * EC_METHODs. + */ + if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv)) + || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) + goto err; + + /* replace with group from explicit parameters, then compare */ + EC_GROUP_free(ga); + if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa)) + || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) + goto err; + } + + ret = 1; + + err: + EC_GROUP_free(g); + EC_GROUP_free(ga); + ECPARAMETERS_free(p); + ECPARAMETERS_free(pa); + BN_CTX_free(ctx); + + return ret; +} + +/* + * Sometime we cannot compare nids for equality, as the built-in curve table + * includes aliases with different names for the same curve. + * + * This function returns TRUE (1) if the checked nids are identical, or if they + * alias to the same curve. FALSE (0) otherwise. + */ +static ossl_inline +int are_ec_nids_compatible(int n1d, int n2d) +{ + int ret = 0; + switch (n1d) { +#ifndef OPENSSL_NO_EC2M + case NID_sect113r1: + case NID_wap_wsg_idm_ecid_wtls4: + ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); + break; + case NID_sect163k1: + case NID_wap_wsg_idm_ecid_wtls3: + ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); + break; + case NID_sect233k1: + case NID_wap_wsg_idm_ecid_wtls10: + ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); + break; + case NID_sect233r1: + case NID_wap_wsg_idm_ecid_wtls11: + ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); + break; + case NID_X9_62_c2pnb163v1: + case NID_wap_wsg_idm_ecid_wtls5: + ret = (n2d == NID_X9_62_c2pnb163v1 + || n2d == NID_wap_wsg_idm_ecid_wtls5); + break; +#endif /* OPENSSL_NO_EC2M */ + case NID_secp112r1: + case NID_wap_wsg_idm_ecid_wtls6: + ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); + break; + case NID_secp160r2: + case NID_wap_wsg_idm_ecid_wtls7: + ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); + break; +#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 + case NID_secp224r1: + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); + break; +#else + /* + * For SEC P-224 we want to ensure that the SECP nid is returned, as + * that is associated with a specialized method. + */ + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1); + break; +#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + default: + ret = (n1d == n2d); + } + return ret; +} + +/* + * This checks that EC_GROUP_bew_from_ecparameters() returns a "named" + * EC_GROUP for built-in curves. + * + * Note that it is possible to retrieve an alternative alias that does not match + * the original nid. + * + * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. + */ +static int check_named_curve_from_ecparameters(int id) +{ + int ret = 0, nid, tnid; + EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_gen_x = NULL, *other_gen_y = NULL; + const BIGNUM *group_order = NULL; + BIGNUM *other_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + ECPARAMETERS *params = NULL, *other_params = NULL; + EC_GROUP *g_ary[8] = {NULL}; + EC_GROUP **g_next = &g_ary[0]; + ECPARAMETERS *p_ary[8] = {NULL}; + ECPARAMETERS **p_next = &p_ary[0]; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(bn_ctx = BN_CTX_new())) + return ret; + BN_CTX_start(bn_ctx); + + if (/* Allocations */ + !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_order = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx)) + /* Generate reference group and params */ + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + /* compute `other_*` values */ + || !TEST_ptr(tmpg = EC_GROUP_dup(group)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, + other_gen_x, other_gen_y, bn_ctx)) + || !TEST_true(BN_copy(other_order, group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_true(BN_copy(other_cofactor, group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + EC_POINT_free(other_gen); + other_gen = NULL; + + if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) + || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, + other_gen_x, other_gen_y, + bn_ctx))) + goto err; + + /* + * ########################### + * # Actual tests start here # + * ########################### + */ + + /* + * Creating a group from built-in explicit parameters returns a + * "named" EC_GROUP + */ + if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)) + goto err; + /* + * We cannot always guarantee the names match, as the built-in table + * contains aliases for the same curve with different names. + */ + if (!TEST_true(are_ec_nids_compatible(nid, tnid))) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */ + if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + /* + * An invalid seed in the parameters should be ignored: expect a "named" + * group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), + invalid_seed_len) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * A null seed in the parameters should be ignored, as it is optional: + * expect a "named" group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * Check that changing any of the generator parameters does not yield a + * match with the built-in curves + */ + if (/* Other gen, same group order & cofactor */ + !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* Same gen & cofactor, different order */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, + group_cofactor)) + /* Check that a wrong cofactor is ignored, and we still match */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + other_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* Check that if the cofactor is not set then it still matches */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + NULL)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + ret = 1; +err: + for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++) + EC_GROUP_free(*g_next); + for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++) + ECPARAMETERS_free(*p_next); + ECPARAMETERS_free(params); + EC_POINT_free(other_gen); + EC_GROUP_free(tmpg); + EC_GROUP_free(group); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + return ret; +} + + +static int parameter_test(void) +{ + EC_GROUP *group = NULL, *group2 = NULL; + ECPARAMETERS *ecparameters = NULL; + unsigned char *buf = NULL; + int r = 0, len; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) + || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) + || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) + goto err; + + EC_GROUP_free(group); + group = NULL; + + /* Test the named curve encoding, which should be default. */ + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) + || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) + goto err; + + OPENSSL_free(buf); + buf = NULL; + + /* + * Test the explicit encoding. P-521 requires correctly zero-padding the + * curve coefficients. + */ + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) + goto err; + + r = 1; +err: + EC_GROUP_free(group); + EC_GROUP_free(group2); + ECPARAMETERS_free(ecparameters); + OPENSSL_free(buf); + return r; +} + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) + * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit) + */ +static const unsigned char params_cf_pass[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc, + 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27, + 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23, + 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77, + 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b, + 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4, + 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9, + 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a, + 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c, + 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96, + 0x14, 0xa8, 0x2f, 0x4f +}; + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit) + * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit) + */ +static const unsigned char params_cf_fail[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09, + 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d, + 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02, + 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59, + 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11, + 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24, + 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70, + 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73, + 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04, + 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e, + 0x34, 0xa2, 0x21, 0x01 +}; + +/*- + * Test two random 256-bit explicit parameters curves with absent cofactor. + * The two curves are chosen to roughly straddle the bounds at which the lib + * can compute the cofactor automatically, roughly 4*sqrt(p). So test that: + * + * - params_cf_pass: order is sufficiently close to p to compute cofactor + * - params_cf_fail: order is too far away from p to compute cofactor + * + * For standards-compliant curves, cofactor is chosen as small as possible. + * So you can see neither of these curves are fit for cryptographic use. + * + * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2: + * h <= 2**(t/8) where t is the security level of the curve, for which the lib + * will always succeed in computing the cofactor. Neither of these curves + * conform to that -- this is just robustness testing. + */ +static int cofactor_range_test(void) +{ + EC_GROUP *group = NULL; + BIGNUM *cf = NULL; + int ret = 0; + const unsigned char *b1 = (const unsigned char *)params_cf_fail; + const unsigned char *b2 = (const unsigned char *)params_cf_pass; + + if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) + || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) + || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, + sizeof(params_cf_pass))) + || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) + || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) + goto err; + ret = 1; + err: + BN_free(cf); + EC_GROUP_free(group); + return ret; +} + +/*- + * For named curves, test that: + * - the lib correctly computes the cofactor if passed a NULL or zero cofactor + * - a nonsensical cofactor throws an error (negative test) + * - nonsensical orders throw errors (negative tests) + */ +static int cardinality_test(int n) +{ + int ret = 0, is_binary = 0; + int nid = curves[n].nid; + BN_CTX *ctx = NULL; + EC_GROUP *g1 = NULL, *g2 = NULL; + EC_POINT *g2_gen = NULL; + BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, + *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; + + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) { + BN_CTX_free(ctx); + return 0; + } + + is_binary = (EC_GROUP_get_field_type(g1) == NID_X9_62_characteristic_two_field); + + BN_CTX_start(ctx); + g1_p = BN_CTX_get(ctx); + g1_a = BN_CTX_get(ctx); + g1_b = BN_CTX_get(ctx); + g1_x = BN_CTX_get(ctx); + g1_y = BN_CTX_get(ctx); + g1_order = BN_CTX_get(ctx); + g1_cf = BN_CTX_get(ctx); + + if (!TEST_ptr(g2_cf = BN_CTX_get(ctx)) + /* pull out the explicit curve parameters */ + || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(g1, + EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) + || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) + || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) + /* construct g2 manually with g1 parameters */ +#ifndef OPENSSL_NO_EC2M + || !TEST_ptr(g2 = (is_binary) ? + EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : + EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +#else + || !TEST_int_eq(0, is_binary) + || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +#endif + || !TEST_ptr(g2_gen = EC_POINT_new(g2)) + || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) + /* pass NULL cofactor: lib should compute it */ + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* pass zero cofactor: lib should compute it */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* negative test for invalid cofactor */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + /* negative test for NULL order */ + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) + /* negative test for zero order */ + || !TEST_true(BN_set_word(g1_order, 0)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for negative order */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for too large order */ + || !TEST_true(BN_lshift(g1_order, g1_p, 2)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) + goto err; + ret = 1; + err: + EC_POINT_free(g2_gen); + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + +static int check_ec_key_field_public_range_test(int id) +{ + int ret = 0, type = 0; + const EC_POINT *pub = NULL; + const EC_GROUP *group = NULL; + const BIGNUM *field = NULL; + BIGNUM *x = NULL, *y = NULL; + EC_KEY *key = NULL; + + if (!TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) + || !TEST_ptr(group = EC_KEY_get0_group(key)) + || !TEST_ptr(field = EC_GROUP_get0_field(group)) + || !TEST_int_gt(EC_KEY_generate_key(key), 0) + || !TEST_int_gt(EC_KEY_check_key(key), 0) + || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) + || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, + NULL), 0)) + goto err; + + /* + * Make the public point out of range by adding the field (which will still + * be the same point on the curve). The add is different for char2 fields. + */ + type = EC_GROUP_get_field_type(group); +#ifndef OPENSSL_NO_EC2M + if (type == NID_X9_62_characteristic_two_field) { + /* test for binary curves */ + if (!TEST_true(BN_GF2m_add(x, x, field))) + goto err; + } else +#endif + if (type == NID_X9_62_prime_field) { + /* test for prime curves */ + if (!TEST_true(BN_add(x, x, field))) + goto err; + } else { + /* this should never happen */ + TEST_error("Unsupported EC_METHOD field_type"); + goto err; + } + if (!TEST_int_le(EC_KEY_set_public_key_affine_coordinates(key, x, y), 0)) + goto err; + + ret = 1; +err: + BN_free(x); + BN_free(y); + EC_KEY_free(key); + return ret; +} + +/* + * Helper for ec_point_hex2point_test + * + * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given + * (group,P) pair. + * + * If P is NULL use point at infinity. + */ +static ossl_inline +int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P, + point_conversion_form_t form, + BN_CTX *bnctx) +{ + int ret = 0; + EC_POINT *Q = NULL, *Pinf = NULL; + char *hex = NULL; + + if (P == NULL) { + /* If P is NULL use point at infinity. */ + if (!TEST_ptr(Pinf = EC_POINT_new(group)) + || !TEST_true(EC_POINT_set_to_infinity(group, Pinf))) + goto err; + P = Pinf; + } + + if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx)) + || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx))) + goto err; + + /* + * The next check is most likely superfluous, as EC_POINT_cmp should already + * cover this. + * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity, + * so we include it anyway! + */ + if (Pinf != NULL + && !TEST_true(EC_POINT_is_at_infinity(group, Q))) + goto err; + + ret = 1; + + err: + EC_POINT_free(Pinf); + OPENSSL_free(hex); + EC_POINT_free(Q); + + return ret; +} + +/* + * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex() + */ +static int ec_point_hex2point_test(int id) +{ + int ret = 0, nid; + EC_GROUP *group = NULL; + const EC_POINT *G = NULL; + EC_POINT *P = NULL; + BN_CTX * bnctx = NULL; + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(bnctx = BN_CTX_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_dup(G, group))) + goto err; + + if (!TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_COMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_COMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_UNCOMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_UNCOMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_HYBRID, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_HYBRID, + bnctx))) + goto err; + + ret = 1; + + err: + EC_POINT_free(P); + EC_GROUP_free(group); + BN_CTX_free(bnctx); + + return ret; +} + +static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + unsigned char *gen, int gen_size) +{ + int ret = 0, i_out; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkeyparam = NULL; + OSSL_PARAM_BLD *bld = NULL; + const char *field_name; + OSSL_PARAM *params = NULL; + const OSSL_PARAM *gettable; + BIGNUM *p, *a, *b; + BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL; + BIGNUM *order_out = NULL, *cofactor_out = NULL; + char name[80]; + unsigned char buf[1024]; + size_t buf_len, name_len; +#ifndef OPENSSL_NO_EC2M + unsigned int k1 = 0, k2 = 0, k3 = 0; + const char *basis_name = NULL; +#endif + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + + if (!TEST_ptr(b) + || !TEST_ptr(bld = OSSL_PARAM_BLD_new())) + goto err; + + if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { + field_name = SN_X9_62_prime_field; + } else { + field_name = SN_X9_62_characteristic_two_field; +#ifndef OPENSSL_NO_EC2M + if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { + basis_name = SN_X9_62_tpBasis; + if (!TEST_true(EC_GROUP_get_trinomial_basis(group, &k1))) + goto err; + } else { + basis_name = SN_X9_62_ppBasis; + if (!TEST_true(EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))) + goto err; + } +#endif /* OPENSSL_NO_EC2M */ + } + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))) + goto err; + + if (EC_GROUP_get0_seed(group) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group)))) + goto err; + } + if (EC_GROUP_get0_cofactor(group) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, + EC_GROUP_get0_cofactor(group)))) + goto err; + } + + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER, + EC_GROUP_get0_order(group)))) + goto err; + + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, + EVP_PKEY_KEY_PARAMETERS, params), 0)) + goto err; + + /*- Check that all the set values are retrievable -*/ + + /* There should be no match to a group name since the generator changed */ + if (!TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), + &name_len))) + goto err; + + /* The encoding should be explicit as it has no group */ + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_ENCODING, + name, sizeof(name), &name_len)) + || !TEST_str_eq(name, OSSL_PKEY_EC_ENCODING_EXPLICIT)) + goto err; + + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name), + &name_len)) + || !TEST_str_eq(name, field_name)) + goto err; + + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len)) + || !TEST_mem_eq(buf, (int)buf_len, gen, gen_size)) + goto err; + + if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_P, &p_out)) + || !TEST_BN_eq(p_out, p) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_A, + &a_out)) + || !TEST_BN_eq(a_out, a) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_B, + &b_out)) + || !TEST_BN_eq(b_out, b) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_ORDER, + &order_out)) + || !TEST_BN_eq(order_out, EC_GROUP_get0_order(group))) + goto err; + + if (EC_GROUP_get0_cofactor(group) != NULL) { + if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, + OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out)) + || !TEST_BN_eq(cofactor_out, EC_GROUP_get0_cofactor(group))) + goto err; + } + if (EC_GROUP_get0_seed(group) != NULL) { + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len)) + || !TEST_mem_eq(buf, buf_len, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group))) + goto err; + } + + if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { + /* No extra fields should be set for a prime field */ + if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + || !TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len))) + goto err; + } else { +#ifndef OPENSSL_NO_EC2M + if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + || !TEST_int_eq(EC_GROUP_get_degree(group), i_out) + || !TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len)) + || !TEST_str_eq(name, basis_name)) + goto err; + + if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { + if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_int_eq(k1, i_out) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))) + goto err; + } else { + if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_int_eq(k1, i_out) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_int_eq(k2, i_out) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + || !TEST_int_eq(k3, i_out)) + goto err; + } +#endif /* OPENSSL_NO_EC2M */ + } + if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pkeyparam)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_GROUP_NAME)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ENCODING)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_FIELD_TYPE)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_P)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_A)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_B)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_GENERATOR)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ORDER)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_COFACTOR)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_SEED)) +#ifndef OPENSSL_NO_EC2M + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_M)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TYPE)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K1)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K2)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K3)) +#endif + ) + goto err; + ret = 1; +err: + BN_free(order_out); + BN_free(cofactor_out); + BN_free(a_out); + BN_free(b_out); + BN_free(p_out); + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_free(pkeyparam); + EVP_PKEY_CTX_free(pctx); + return ret; +} + +/* + * check the EC_METHOD respects the supplied EC_GROUP_set_generator G + */ +static int custom_generator_test(int id) +{ + int ret = 0, nid, bsize; + EC_GROUP *group = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *b1 = NULL, *b2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + BN_CTX_start(ctx); + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ + + if (!TEST_ptr(k = BN_CTX_get(ctx)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + || !TEST_ptr(Q1 = EC_POINT_new(group)) + /* Q1 := kG */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, b1, + bsize, ctx), bsize) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), + ctx)) + || !TEST_true(EC_GROUP_set_generator(group, G2, + EC_GROUP_get0_order(group), + EC_GROUP_get0_cofactor(group))) + || !TEST_ptr(Q2 = EC_POINT_new(group)) + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 */ + || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, b2, + bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(b1, bsize, b2, bsize)) + goto err; + + if (!do_test_custom_explicit_fromdata(group, ctx, b1, bsize)) + goto err; + + ret = 1; + + err: + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OPENSSL_free(b1); + OPENSSL_free(b2); + + return ret; +} + +/* + * check creation of curves from explicit params through the public API + */ +static int custom_params_test(int id) +{ + int ret = 0, nid, bsize; + const char *curve_name = NULL; + EC_GROUP *group = NULL, *altgroup = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + const EC_POINT *Q = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *buf1 = NULL, *buf2 = NULL; + const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + int is_prime = 0; + EC_KEY *eckey1 = NULL, *eckey2 = NULL; + EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; + EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; + size_t sslen, t; + unsigned char *pub1 = NULL , *pub2 = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params1 = NULL, *params2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + curve_name = OBJ_nid2sn(nid); + TEST_note("Curve %s", curve_name); + + if (nid == NID_sm2) + return TEST_skip("custom params not supported with SM2"); + + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field; +#ifdef OPENSSL_NO_EC2M + if (!is_prime) { + ret = TEST_skip("binary curves not supported in this build"); + goto err; + } +#endif + + BN_CTX_start(ctx); + if (!TEST_ptr(p = BN_CTX_get(ctx)) + || !TEST_ptr(a = BN_CTX_get(ctx)) + || !TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_ptr(k = BN_CTX_get(ctx))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ + + /* extract parameters from built-in curve */ + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, + EC_GROUP_get0_generator(group), ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + || !TEST_ptr(z = EC_GROUP_get0_order(group)) + || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group)) + ) + goto err; + + /* create a new group using same params (but different generator) */ + if (is_prime) { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx))) + goto err; + } +#ifndef OPENSSL_NO_EC2M + else { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + goto err; + } +#endif + + /* set 2*G as the generator of altgroup */ + EC_POINT_free(G2); /* discard G2 as it refers to the original group */ + if (!TEST_ptr(G2 = EC_POINT_new(altgroup)) + || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) + || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) + || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof)) + ) + goto err; + + /* verify math checks out */ + if (/* allocate temporary points on group and altgroup */ + !TEST_ptr(Q1 = EC_POINT_new(group)) + || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + /* Q1 := kG on group */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + /* k := k/2 */ + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 on altgroup */ + || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + buf2, bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(buf1, bsize, buf2, bsize)) + goto err; + + /* create two `EC_KEY`s on altgroup */ + if (!TEST_ptr(eckey1 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey1)) + || !TEST_ptr(eckey2 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey2))) + goto err; + + /* retrieve priv1 for later */ + if (!TEST_ptr(priv1 = EC_KEY_get0_private_key(eckey1))) + goto err; + + /* + * retrieve bytes for pub1 for later + * + * We compute the pub key in the original group as we will later use it to + * define a provider key in the built-in group. + */ + if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + pub1, bsize, ctx), bsize)) + goto err; + + /* retrieve bytes for pub2 for later */ + if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + pub2, bsize, ctx), bsize)) + goto err; + + /* create two `EVP_PKEY`s from the `EC_KEY`s */ + if(!TEST_ptr(pkey1 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) + goto err; + eckey1 = NULL; /* ownership passed to pkey1 */ + if(!TEST_ptr(pkey2 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) + goto err; + eckey2 = NULL; /* ownership passed to pkey2 */ + + /* Compute keyexchange in both directions */ + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) + goto err; + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) + goto err; + + /* Both sides should expect the same shared secret */ + if (!TEST_mem_eq(buf1, sslen, buf2, t)) + goto err; + + /* Build parameters for provider-native keys */ + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub1, bsize)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, + priv1)) + || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + OSSL_PARAM_BLD_free(param_bld); + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub2, bsize)) + || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + /* create two new provider-native `EVP_PKEY`s */ + EVP_PKEY_CTX_free(pctx2); + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_true(EVP_PKEY_fromdata_init(pctx2)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR, + params1)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY, + params2))) + goto err; + + /* compute keyexchange once more using the provider keys */ + EVP_PKEY_CTX_free(pctx1); + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OSSL_PARAM_BLD_free(param_bld); + OSSL_PARAM_free(params1); + OSSL_PARAM_free(params2); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + EC_GROUP_free(altgroup); + OPENSSL_free(buf1); + OPENSSL_free(buf2); + OPENSSL_free(pub1); + OPENSSL_free(pub2); + EC_KEY_free(eckey1); + EC_KEY_free(eckey2); + EVP_PKEY_free(pkey1); + EVP_PKEY_free(pkey2); + EVP_PKEY_CTX_free(pctx1); + EVP_PKEY_CTX_free(pctx2); + + return ret; +} + +int setup_tests(void) +{ + crv_len = EC_get_builtin_curves(NULL, 0); + if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) + || !TEST_true(EC_get_builtin_curves(curves, crv_len))) + return 0; + + ADD_TEST(parameter_test); + ADD_TEST(cofactor_range_test); + ADD_ALL_TESTS(cardinality_test, crv_len); + ADD_TEST(prime_field_tests); +#ifndef OPENSSL_NO_EC2M + ADD_TEST(char2_field_tests); + ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); +#endif + ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); + ADD_ALL_TESTS(internal_curve_test, crv_len); + ADD_ALL_TESTS(internal_curve_test_method, crv_len); + ADD_TEST(group_field_test); + ADD_ALL_TESTS(check_named_curve_test, crv_len); + ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); + ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); + ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); + ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); + /* ADD_ALL_TESTS(custom_generator_test, crv_len); + ADD_ALL_TESTS(custom_params_test, crv_len); */ + return 1; +} + +void cleanup_tests(void) +{ + OPENSSL_free(curves); +} diff --git a/mingw-openssl.spec b/mingw-openssl.spec index 63c63c5..dffa4f5 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -13,20 +13,6 @@ # there is any actual problem with the binaries). %global run_tests 0 -%define srpmhash() %{lua: -local files = rpm.expand("%_specdir/mingw-openssl.spec") -for i, p in ipairs(patches) do - files = files.." "..p -end -for i, p in ipairs(sources) do - files = files.." "..p -end -local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum")) -local hash = sha256sum:read("*a") -sha256sum:close() -print(string.sub(hash, 0, 16)) -} - Name: mingw-openssl Version: 3.0.9 Release: 1%{?dist} @@ -35,11 +21,13 @@ Summary: MinGW port of the OpenSSL toolkit License: OpenSSL URL: http://www.openssl.org/ -Source: openssl-%{version}.tar.gz +Source: openssl-%{version}.tar.gz Source2: Makefile.certificate Source3: genpatches Source6: make-dummy-cert Source7: renew-dummy-cert +Source12: ec_curve.c +Source13: ectest.c # Patches exported from source git # Aarch64 and ppc64le use lib64 @@ -59,107 +47,22 @@ Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch # Add FIPS_mode() compatibility macro Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch # Add check to see if fips flag is enabled in kernel -Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch -# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so -# that new modifications made to these files by upstream are not lost. -Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch +#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch # remove unsupported EC curves Patch11: 0011-Remove-EC-curves.patch # Disable explicit EC curves -# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 Patch12: 0012-Disable-explicit-ec.patch -#Skipped tests from former 0011-Remove-EC-curves.patch -Patch13: 0013-skipped-tests-EC-curves.patch # Instructions to load legacy provider in openssl.cnf Patch24: 0024-load-legacy-prov.patch -# Tmp: test name change -Patch31: 0031-tmp-Fix-test-names.patch -# We load FIPS provider and set FIPS properties implicitly -Patch32: 0032-Force-fips.patch -# Embed HMAC into the fips.so -Patch33: 0033-FIPS-embed-hmac.patch -# Comment out fipsinstall command-line utility -Patch34: 0034.fipsinstall_disable.patch -# Skip unavailable algorithms running `openssl speed` -Patch35: 0035-speed-skip-unavailable-dgst.patch -# Extra public/private key checks required by FIPS-140-3 -Patch44: 0044-FIPS-140-3-keychecks.patch -# Minimize fips services -Patch45: 0045-FIPS-services-minimize.patch -# Execute KATS before HMAC verification -Patch47: 0047-FIPS-early-KATS.patch -%if 0%{?rhel} -# Selectively disallow SHA1 signatures -Patch49: 0049-Selectively-disallow-SHA1-signatures.patch -%else -# Selectively disallow SHA1 signatures rhbz#2070977 -Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch -%endif # Backport of patch for RHEL for Edge rhbz #2027261 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch -%if 0%{?rhel} -# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes -Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch -%else -# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) -Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch -%endif -%if 0%{?rhel} -# no USDT probe instrumentation required -%else -# Instrument with USDT probes related to SHA-1 deprecation -Patch53: 0053-Add-SHA1-probes.patch -%endif -# https://github.com/openssl/openssl/pull/18103 -# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 -# so the patch should persist -Patch56: 0056-strcasecmp.patch -# https://github.com/openssl/openssl/pull/18175 -# Patch57: 0057-strcasecmp-fix.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 -Patch58: 0058-FIPS-limit-rsa-encrypt.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2069235 -Patch60: 0060-FIPS-KAT-signature-tests.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 -Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch -Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c -# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd -# Regression on Power8, see rhbz2124845, https://github.com/openssl/openssl/issues/19163; fix in 0079-Fix-AES-GCM-on-Power-8-CPUs.patch -Patch71: 0071-AES-GCM-performance-optimization.patch -# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149 -# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa -# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 -Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -%if 0%{?rhel} -Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch -%else -Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch -%endif -# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 -Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch -# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) -# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 -Patch76: 0076-FIPS-140-3-DRBG.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 -Patch77: 0077-FIPS-140-3-zeroization.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 -Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2124845, https://github.com/openssl/openssl/pull/19182 -Patch79: 0079-Fix-AES-GCM-on-Power-8-CPUs.patch -# https://github.com/openssl/openssl/pull/13817 -Patch100: 0100-RSA-PKCS15-implicit-rejection.patch # MinGW patches # Attempt to compute openssl modules dir dynamically from executable path if not set by OPENSSL_MODULES -Patch200: openssl_compute_moddir.patch +Patch100: openssl_compute_moddir.patch BuildArch: noarch -BuildRequires: git BuildRequires: make BuildRequires: lksctp-tools-devel BuildRequires: perl-interpreter @@ -256,7 +159,11 @@ Static version of the MinGW port of the OpenSSL toolkit. %prep -%autosetup -S git -n openssl-%{version} +%autosetup -p1 -n openssl-%{version} + +cp %{SOURCE12} crypto/ec/ +cp %{SOURCE13} test/ + # Create two copies of the source folder as OpenSSL doesn't support out of source builds mkdir ../build_win32 @@ -267,8 +174,6 @@ cp -Rp build_win32/* build_win64 %build -%define fips %{version}-%{srpmhash} - ############################################################################### # Win32 ############################################################################### @@ -281,12 +186,11 @@ LDFLAGS="%{mingw32_ldflags}" \ --prefix=%{mingw32_prefix} \ --libdir=%{mingw32_libdir} \ --openssldir=%{mingw32_sysconfdir}/pki/tls \ - --system-ciphers-file=%{mingw32_sysconfdir}/crypto-policies/back-ends/openssl.config \ - zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + zlib enable-camellia enable-seed enable-rfc3779 \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips \ - no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ + no-mdc2 no-ec2m no-sm2 no-sm4 \ --cross-compile-prefix=%{mingw32_target}- \ - shared mingw %{mingw32_cflags} '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ + shared mingw \ -Dsecure_getenv=getenv make -s %{?_smp_mflags} all @@ -310,12 +214,11 @@ LDFLAGS="%{mingw64_ldflags}" \ --prefix=%{mingw64_prefix} \ --libdir=%{mingw64_libdir} \ --openssldir=%{mingw64_sysconfdir}/pki/tls \ - --system-ciphers-file=%{mingw64_sysconfdir}/crypto-policies/back-ends/openssl.config \ - zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + zlib enable-camellia enable-seed enable-rfc3779 \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips \ - no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ + no-mdc2 no-ec2m no-sm2 no-sm4 \ --cross-compile-prefix=%{mingw64_target}- \ - shared mingw %{mingw64_cflags} '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ + shared mingw64 \ -Dsecure_getenv=getenv # Do not run this in a production package the FIPS symbols must be patched-in @@ -468,9 +371,6 @@ mkdir -m700 %{buildroot}%{mingw64_sysconfdir}/pki/CA/private * Wed May 31 2023 Sandro Mani - 3.0.9-1 - Update to 3.0.9 -* Thu Jan 19 2023 Fedora Release Engineering - 3.0.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - * Mon Nov 28 2022 Sandro Mani - 3.0.7-1 - Update to 3.0.7 diff --git a/openssl_compute_moddir.patch b/openssl_compute_moddir.patch index 928d1ab..142ca7e 100644 --- a/openssl_compute_moddir.patch +++ b/openssl_compute_moddir.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3.0.9-new/Configurations/10-main.conf ---- openssl-3.0.9/Configurations/10-main.conf 2023-05-31 14:33:08.972116341 +0200 -+++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 14:33:19.864111657 +0200 +--- openssl-3.0.9/Configurations/10-main.conf 2023-05-31 16:36:50.583282192 +0200 ++++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 16:36:53.329274150 +0200 @@ -1494,7 +1494,7 @@ my %targets = ( cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", threads("-D_MT")), @@ -12,7 +12,7 @@ diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3. shared_target => "mingw-shared", diff -rupN --no-dereference openssl-3.0.9/crypto/provider_core.c openssl-3.0.9-new/crypto/provider_core.c --- openssl-3.0.9/crypto/provider_core.c 2023-05-30 14:31:57.000000000 +0200 -+++ openssl-3.0.9-new/crypto/provider_core.c 2023-05-31 14:33:19.865111657 +0200 ++++ openssl-3.0.9-new/crypto/provider_core.c 2023-05-31 16:36:53.330274147 +0200 @@ -32,6 +32,10 @@ #ifndef FIPS_MODULE # include diff --git a/opensslconf-new.h b/opensslconf-new.h deleted file mode 100644 index 04363c3..0000000 --- a/opensslconf-new.h +++ /dev/null @@ -1,47 +0,0 @@ -/* This file is here to prevent a file conflict on multiarch systems. A - * conflict will frequently occur because arch-specific build-time - * configuration options are stored (and used, so they can't just be stripped - * out) in opensslconf.h. The original opensslconf.h has been renamed. - * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ - -#ifdef openssl_opensslconf_multilib_redirection_h -#error "Do not define openssl_opensslconf_multilib_redirection_h!" -#endif -#define openssl_opensslconf_multilib_redirection_h - -#if defined(__i386__) -#include "opensslconf-i386.h" -#elif defined(__ia64__) -#include "opensslconf-ia64.h" -#elif defined(__mips64) && defined(__MIPSEL__) -#include "opensslconf-mips64el.h" -#elif defined(__mips64) -#include "opensslconf-mips64.h" -#elif defined(__mips) && defined(__MIPSEL__) -#include "opensslconf-mipsel.h" -#elif defined(__mips) -#include "opensslconf-mips.h" -#elif defined(__powerpc64__) -#include -#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -#include "opensslconf-ppc64.h" -#else -#include "opensslconf-ppc64le.h" -#endif -#elif defined(__powerpc__) -#include "opensslconf-ppc.h" -#elif defined(__s390x__) -#include "opensslconf-s390x.h" -#elif defined(__s390__) -#include "opensslconf-s390.h" -#elif defined(__sparc__) && defined(__arch64__) -#include "opensslconf-sparc64.h" -#elif defined(__sparc__) -#include "opensslconf-sparc.h" -#elif defined(__x86_64__) -#include "opensslconf-x86_64.h" -#else -#error "This openssl-devel package does not work your architecture?" -#endif - -#undef openssl_opensslconf_multilib_redirection_h diff --git a/renew-dummy-cert b/renew-dummy-cert deleted file mode 100755 index 92e271c..0000000 --- a/renew-dummy-cert +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -if [ $# -eq 0 ]; then - echo $"Usage: `basename $0` filename" 1>&2 - exit 1 -fi - -PEM=$1 -REQ=`/bin/mktemp /tmp/openssl.XXXXXX` -KEY=`/bin/mktemp /tmp/openssl.XXXXXX` -CRT=`/bin/mktemp /tmp/openssl.XXXXXX` -NEW=${PEM}_ - -trap "rm -f $REQ $KEY $CRT $NEW" SIGINT - -if [ ! -f $PEM ]; then - echo "$PEM: file not found" 1>&2 - exit 1 -fi - -umask 077 - -OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` - -openssl rsa -inform pem -in $PEM -out $KEY -openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ -openssl x509 -req -in $REQ -signkey $KEY -days 365 \ - -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT - -(cat $KEY ; echo "" ; cat $CRT) > $NEW - -chown $OWNER $NEW - -mv -f $NEW $PEM - -rm -f $REQ $KEY $CRT - -exit 0 - diff --git a/sources b/sources deleted file mode 100644 index 22b94a3..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -SHA512 (openssl-3.0.9.tar.gz) = 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a