diff --git a/.gitignore b/.gitignore index ff70f74..c9ffa4b 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.0.3-hobbled.tar.gz /openssl-3.0.5-hobbled.tar.xz /openssl-3.0.7-hobbled.tar.xz +/openssl-3.0.9.tar.gz diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch index 706604f..b1e209d 100644 --- a/0001-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf openssl-3.0.7-hobbled-new/Configurations/10-main.conf ---- openssl-3.0.7-hobbled/Configurations/10-main.conf 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/Configurations/10-main.conf 2022-11-28 16:00:16.782820256 +0100 +diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3.0.9-new/Configurations/10-main.conf +--- openssl-3.0.9/Configurations/10-main.conf 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 14:33:08.690116459 +0200 @@ -730,6 +730,7 @@ my %targets = ( lib_cppflags => add("-DL_ENDIAN"), asm_arch => 'ppc64', diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch index f164627..64e91dd 100644 --- a/0002-Use-more-general-default-values-in-openssl.cnf.patch +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf ---- openssl-3.0.7-hobbled/apps/openssl.cnf 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/apps/openssl.cnf 2022-11-28 16:00:17.034822079 +0100 +diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf +--- openssl-3.0.9/apps/openssl.cnf 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 14:33:08.976116339 +0200 @@ -111,7 +111,7 @@ cert_opt = ca_default # Certificate fi default_days = 365 # how long to certify for diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch index e3bb029..ac4182c 100644 --- a/0003-Do-not-install-html-docs.patch +++ b/0003-Do-not-install-html-docs.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl 2022-11-28 16:00:17.274823815 +0100 +diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl openssl-3.0.9-new/Configurations/unix-Makefile.tmpl +--- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 14:33:09.244116226 +0200 @@ -611,7 +611,7 @@ install_sw: install_dev install_engines uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index 6df2d06..1a87980 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/CA.pl.in openssl-3.0.7-hobbled-new/apps/CA.pl.in ---- openssl-3.0.7-hobbled/apps/CA.pl.in 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/apps/CA.pl.in 2022-11-28 16:00:17.505825485 +0100 +diff -rupN --no-dereference openssl-3.0.9/apps/CA.pl.in openssl-3.0.9-new/apps/CA.pl.in +--- openssl-3.0.9/apps/CA.pl.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/CA.pl.in 2023-05-31 14:33:09.507116115 +0200 @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; my $PKCS12 = "$openssl pkcs12"; @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/CA.pl.in openssl-3.0.7-ho my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf ---- openssl-3.0.7-hobbled/apps/openssl.cnf 2022-11-28 16:00:17.270823786 +0100 -+++ openssl-3.0.7-hobbled-new/apps/openssl.cnf 2022-11-28 16:00:17.505825485 +0100 +diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf +--- openssl-3.0.9/apps/openssl.cnf 2023-05-31 14:33:09.240116228 +0200 ++++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 14:33:09.507116115 +0200 @@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch index a37c117..a8621da 100644 --- a/0005-apps-ca-fix-md-option-help-text.patch +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/ca.c openssl-3.0.7-hobbled-new/apps/ca.c ---- openssl-3.0.7-hobbled/apps/ca.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/apps/ca.c 2022-11-28 16:00:17.738827171 +0100 +diff -rupN --no-dereference openssl-3.0.9/apps/ca.c openssl-3.0.9-new/apps/ca.c +--- openssl-3.0.9/apps/ca.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/ca.c 2023-05-31 14:33:09.769116005 +0200 @@ -210,7 +210,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch index 05b0703..985e0aa 100644 --- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/asn1/a_verify.c openssl-3.0.7-hobbled-new/crypto/asn1/a_verify.c ---- openssl-3.0.7-hobbled/crypto/asn1/a_verify.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/crypto/asn1/a_verify.c 2022-11-28 16:00:17.971828856 +0100 +diff -rupN --no-dereference openssl-3.0.9/crypto/asn1/a_verify.c openssl-3.0.9-new/crypto/asn1/a_verify.c +--- openssl-3.0.9/crypto/asn1/a_verify.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/asn1/a_verify.c 2023-05-31 14:33:10.043115889 +0200 @@ -153,6 +153,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index c872a27..fc26827 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl 2022-11-28 16:00:17.501825456 +0100 -+++ openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl 2022-11-28 16:00:18.203830534 +0100 +diff -rupN --no-dereference openssl-3.0.9/Configurations/unix-Makefile.tmpl openssl-3.0.9-new/Configurations/unix-Makefile.tmpl +--- openssl-3.0.9/Configurations/unix-Makefile.tmpl 2023-05-31 14:33:09.503116117 +0200 ++++ openssl-3.0.9-new/Configurations/unix-Makefile.tmpl 2023-05-31 14:33:10.302115779 +0200 @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -20,9 +20,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.t (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -diff -rupN --no-dereference openssl-3.0.7-hobbled/Configure openssl-3.0.7-hobbled-new/Configure ---- openssl-3.0.7-hobbled/Configure 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/Configure 2022-11-28 16:00:18.204830541 +0100 +diff -rupN --no-dereference openssl-3.0.9/Configure openssl-3.0.9-new/Configure +--- openssl-3.0.9/Configure 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/Configure 2023-05-31 14:33:10.306115778 +0200 @@ -27,7 +27,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -62,9 +62,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/Configure openssl-3.0.7-hobble elsif (/^--banner=(.*)$/) { $banner = $1 . "\n"; -diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.in openssl-3.0.7-hobbled-new/doc/man1/openssl-ciphers.pod.in ---- openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.in 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/doc/man1/openssl-ciphers.pod.in 2022-11-28 16:00:18.204830541 +0100 +diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-ciphers.pod.in openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in +--- openssl-3.0.9/doc/man1/openssl-ciphers.pod.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man1/openssl-ciphers.pod.in 2023-05-31 14:33:10.302115779 +0200 @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -81,9 +81,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.i =item B "High" encryption cipher suites. This currently means those with key lengths -diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/ssl.h.in openssl-3.0.7-hobbled-new/include/openssl/ssl.h.in ---- openssl-3.0.7-hobbled/include/openssl/ssl.h.in 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/include/openssl/ssl.h.in 2022-11-28 16:00:18.205830548 +0100 +diff -rupN --no-dereference openssl-3.0.9/include/openssl/ssl.h.in openssl-3.0.9-new/include/openssl/ssl.h.in +--- openssl-3.0.9/include/openssl/ssl.h.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/openssl/ssl.h.in 2023-05-31 14:33:10.303115779 +0200 @@ -205,6 +205,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -96,9 +96,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/ssl.h.in opens /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_ciph.c openssl-3.0.7-hobbled-new/ssl/ssl_ciph.c ---- openssl-3.0.7-hobbled/ssl/ssl_ciph.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/ssl/ssl_ciph.c 2022-11-28 16:00:18.206830555 +0100 +diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/ssl_ciph.c +--- openssl-3.0.9/ssl/ssl_ciph.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/ssl/ssl_ciph.c 2023-05-31 14:33:10.303115779 +0200 @@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c return ret; } @@ -252,9 +252,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_ciph.c openssl-3.0.7-h } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_lib.c openssl-3.0.7-hobbled-new/ssl/ssl_lib.c ---- openssl-3.0.7-hobbled/ssl/ssl_lib.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/ssl/ssl_lib.c 2022-11-28 16:00:18.206830555 +0100 +diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_lib.c openssl-3.0.9-new/ssl/ssl_lib.c +--- openssl-3.0.9/ssl/ssl_lib.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/ssl/ssl_lib.c 2023-05-31 14:33:10.304115779 +0200 @@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx ctx->tls13_ciphersuites, &(ctx->cipher_list), @@ -273,9 +273,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_lib.c openssl-3.0.7-ho || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/cipherlist_test.c openssl-3.0.7-hobbled-new/test/cipherlist_test.c ---- openssl-3.0.7-hobbled/test/cipherlist_test.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/cipherlist_test.c 2022-11-28 16:00:18.207830563 +0100 +diff -rupN --no-dereference openssl-3.0.9/test/cipherlist_test.c openssl-3.0.9-new/test/cipherlist_test.c +--- openssl-3.0.9/test/cipherlist_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/cipherlist_test.c 2023-05-31 14:33:10.304115779 +0200 @@ -246,7 +246,9 @@ end: int setup_tests(void) @@ -286,11 +286,11 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/cipherlist_test.c openssl ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); return 1; -diff -rupN --no-dereference openssl-3.0.7-hobbled/util/libcrypto.num openssl-3.0.7-hobbled-new/util/libcrypto.num ---- openssl-3.0.7-hobbled/util/libcrypto.num 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/util/libcrypto.num 2022-11-28 16:00:18.208830570 +0100 -@@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider - EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: - OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: +diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num +--- openssl-3.0.9/util/libcrypto.num 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 14:33:10.305115778 +0200 +@@ -5429,3 +5429,4 @@ OPENSSL_strcasecmp OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: + OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP + OSSL_CMP_MSG_update_recipNonce 5559 3_0_9 EXIST::FUNCTION:CMP +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch index 43fdf6e..1b0f19b 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,18 +1,7 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/crypto.h.in openssl-3.0.7-hobbled-new/include/openssl/crypto.h.in ---- openssl-3.0.7-hobbled/include/openssl/crypto.h.in 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/include/openssl/crypto.h.in 2022-11-28 16:00:18.471832472 +0100 -@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack - # include - # include - # include -+# include - - # ifdef CHARSET_EBCDIC - # include -diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/fips.h openssl-3.0.7-hobbled-new/include/openssl/fips.h ---- openssl-3.0.7-hobbled/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/include/openssl/fips.h 2022-11-28 16:00:18.472832479 +0100 -@@ -0,0 +1,25 @@ +diff -rupN --no-dereference openssl-3.0.9/include/openssl/fips.h openssl-3.0.9-new/include/openssl/fips.h +--- openssl-3.0.9/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/include/openssl/fips.h 2023-05-31 14:33:10.581115661 +0200 +@@ -0,0 +1,26 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * @@ -26,6 +15,7 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/fips.h openssl +# define OPENSSL_FIPS_H +# pragma once + ++# include +# include + +# ifdef __cplusplus @@ -38,13 +28,14 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/fips.h openssl +} +# endif +#endif -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/property_test.c openssl-3.0.7-hobbled-new/test/property_test.c ---- openssl-3.0.7-hobbled/test/property_test.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/property_test.c 2022-11-28 16:00:18.472832479 +0100 -@@ -624,6 +624,18 @@ static int test_property_list_to_string( +diff -rupN --no-dereference openssl-3.0.9/test/property_test.c openssl-3.0.9-new/test/property_test.c +--- openssl-3.0.9/test/property_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/property_test.c 2023-05-31 14:33:10.581115661 +0200 +@@ -648,6 +648,19 @@ static int test_property_list_to_string( return ret; } ++#include +static int test_downstream_FIPS_mode(void) +{ + int ret = 0; @@ -60,7 +51,7 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/property_test.c openssl-3 int setup_tests(void) { ADD_TEST(test_property_string); -@@ -637,6 +649,7 @@ int setup_tests(void) +@@ -661,6 +674,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch index ed997db..74abebe 100644 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -1,24 +1,21 @@ -diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c ---- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 -+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 -@@ -12,11 +12,54 @@ - #include "internal/bio.h" - #include "internal/provider.h" +diff -rupN --no-dereference openssl-3.0.9/crypto/context.c openssl-3.0.9-new/crypto/context.c +--- openssl-3.0.9/crypto/context.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/context.c 2023-05-31 14:33:10.856115545 +0200 +@@ -17,11 +17,46 @@ + #include "crypto/ctype.h" + #include "crypto/rand.h" -+#ifndef FIPS_MODULE +# include +# include +# include +# include +# include -+#endif + struct ossl_lib_ctx_onfree_list_st { ossl_lib_ctx_onfree_fn *fn; struct ossl_lib_ctx_onfree_list_st *next; }; -+# ifndef FIPS_MODULE +# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + +static int kernel_fips_flag; @@ -42,34 +39,16 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 + return; +} + -+static int apply_kernel_fips_flag(OSSL_LIB_CTX *ctx) ++int ossl_get_kernel_fips_flag() +{ -+ if (kernel_fips_flag) { -+ return EVP_default_properties_enable_fips(ctx, 1); -+ } -+ -+ return 1; ++ return kernel_fips_flag; +} -+# endif + + struct ossl_lib_ctx_st { CRYPTO_RWLOCK *lock; CRYPTO_EX_DATA data; -@@ -74,6 +117,12 @@ static int context_init(OSSL_LIB_CTX *ct - if (!ossl_property_parse_init(ctx)) - goto err; - -+# ifndef FIPS_MODULE -+ /* Preset the fips=yes default property with kernel FIPS mode */ -+ if (!apply_kernel_fips_flag(ctx)) -+ goto err; -+# endif -+ - return 1; - err: - if (exdata_done) -@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte +@@ -151,6 +186,7 @@ static CRYPTO_THREAD_LOCAL default_conte DEFINE_RUN_ONCE_STATIC(default_context_do_init) { @@ -77,3 +56,16 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) && context_init(&default_context_int); } +diff -rupN --no-dereference openssl-3.0.9/include/internal/provider.h openssl-3.0.9-new/include/internal/provider.h +--- openssl-3.0.9/include/internal/provider.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/internal/provider.h 2023-05-31 14:33:10.856115545 +0200 +@@ -113,6 +113,9 @@ int ossl_provider_init_as_child(OSSL_LIB + const OSSL_DISPATCH *in); + void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + ++/* FIPS flag access */ ++int ossl_get_kernel_fips_flag(void); ++ + # ifdef __cplusplus + } + # endif diff --git a/0010-Add-changes-to-ectest-and-eccurve.patch b/0010-Add-changes-to-ectest-and-eccurve.patch new file mode 100644 index 0000000..f97e3b8 --- /dev/null +++ b/0010-Add-changes-to-ectest-and-eccurve.patch @@ -0,0 +1,1127 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_curve.c openssl-3.0.9-new/crypto/ec/ec_curve.c +--- openssl-3.0.9/crypto/ec/ec_curve.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_curve.c 2023-05-31 14:33:11.124115431 +0200 +@@ -32,38 +32,6 @@ typedef struct { + /* the nist prime curves */ + static const struct { + EC_CURVE_DATA h; +- unsigned char data[20 + 24 * 6]; +-} _EC_NIST_PRIME_192 = { +- { +- NID_X9_62_prime_field, 20, 24, 1 +- }, +- { +- /* seed */ +- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28, +- 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, +- 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1, +- /* x */ +- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, +- 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12, +- /* y */ +- 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, +- 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; + } _EC_NIST_PRIME_224 = { + { +@@ -200,187 +168,6 @@ static const struct { + } + }; + +-# ifndef FIPS_MODULE +-/* the x9.62 prime curves (minus the nist prime curves) */ +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 24 * 6]; +-} _EC_X9_62_PRIME_192V2 = { +- { +- NID_X9_62_prime_field, 20, 24, 1 +- }, +- { +- /* seed */ +- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E, +- 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63, +- 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53, +- /* x */ +- 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69, +- 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A, +- /* y */ +- 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a, +- 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, +- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 24 * 6]; +-} _EC_X9_62_PRIME_192V3 = { +- { +- NID_X9_62_prime_field, 20, 24, 1 +- }, +- { +- /* seed */ +- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9, +- 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE, +- 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16, +- /* x */ +- 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16, +- 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96, +- /* y */ +- 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6, +- 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 30 * 6]; +-} _EC_X9_62_PRIME_239V1 = { +- { +- NID_X9_62_prime_field, 20, 30, 1 +- }, +- { +- /* seed */ +- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79, +- 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, +- /* p */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92, +- 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, +- 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A, +- /* x */ +- 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64, +- 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, +- 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF, +- /* y */ +- 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca, +- 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39, +- 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, +- /* order */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, +- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 30 * 6]; +-} _EC_X9_62_PRIME_239V2 = { +- { +- NID_X9_62_prime_field, 20, 30, 1 +- }, +- { +- /* seed */ +- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99, +- 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, +- /* p */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99, +- 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, +- 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C, +- /* x */ +- 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB, +- 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, +- 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7, +- /* y */ +- 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc, +- 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60, +- 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, +- /* order */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, +- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 30 * 6]; +-} _EC_X9_62_PRIME_239V3 = { +- { +- NID_X9_62_prime_field, 20, 30, 1 +- }, +- { +- /* seed */ +- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76, +- 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, +- /* p */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03, +- 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, +- 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E, +- /* x */ +- 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94, +- 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, +- 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A, +- /* y */ +- 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b, +- 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99, +- 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, +- /* order */ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, +- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 +- } +-}; +-#endif /* FIPS_MODULE */ +- + static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 32 * 6]; +@@ -423,294 +210,6 @@ static const struct { + /* the secg prime curves (minus the nist and x9.62 prime curves) */ + static const struct { + EC_CURVE_DATA h; +- unsigned char data[20 + 14 * 6]; +-} _EC_SECG_PRIME_112R1 = { +- { +- NID_X9_62_prime_field, 20, 14, 1 +- }, +- { +- /* seed */ +- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, +- /* p */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, +- 0x20, 0x8B, +- /* a */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, +- 0x20, 0x88, +- /* b */ +- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70, +- 0x2B, 0x22, +- /* x */ +- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2, +- 0xF0, 0x98, +- /* y */ +- 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7, +- 0x75, 0x00, +- /* order */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, +- 0x61, 0xC5 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 14 * 6]; +-} _EC_SECG_PRIME_112R2 = { +- { +- NID_X9_62_prime_field, 20, 14, 4 +- }, +- { +- /* seed */ +- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, +- 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, +- /* p */ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, +- 0x20, 0x8B, +- /* a */ +- 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E, +- 0xF0, 0x2C, +- /* b */ +- 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85, +- 0xD7, 0x09, +- /* x */ +- 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92, +- 0x86, 0x43, +- /* y */ +- 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95, +- 0x6e, 0x97, +- /* order */ +- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, +- 0xD0, 0x4B +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 16 * 6]; +-} _EC_SECG_PRIME_128R1 = { +- { +- NID_X9_62_prime_field, 20, 16, 1 +- }, +- { +- /* seed */ +- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, +- 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C, +- 0x2C, 0xEE, 0x5E, 0xD3, +- /* x */ +- 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C, +- 0xA5, 0x2C, 0x5B, 0x86, +- /* y */ +- 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92, +- 0xdd, 0xed, 0x7a, 0x83, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, +- 0x90, 0x38, 0xA1, 0x15 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 16 * 6]; +-} _EC_SECG_PRIME_128R2 = { +- { +- NID_X9_62_prime_field, 20, 16, 4 +- }, +- { +- /* seed */ +- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8, +- 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B, +- 0xBF, 0xF9, 0xAE, 0xE1, +- /* b */ +- 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58, +- 0xBB, 0x6D, 0x8A, 0x5D, +- /* x */ +- 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7, +- 0xCD, 0xEB, 0xC1, 0x40, +- /* y */ +- 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80, +- 0x5f, 0xc3, 0x4b, 0x44, +- /* order */ +- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, +- 0x06, 0x13, 0xB5, 0xA3 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 21 * 6]; +-} _EC_SECG_PRIME_160K1 = { +- { +- NID_X9_62_prime_field, 0, 21, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, +- /* x */ +- 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E, +- 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB, +- /* y */ +- 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82, +- 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, +- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 21 * 6]; +-} _EC_SECG_PRIME_160R1 = { +- { +- NID_X9_62_prime_field, 20, 21, 1 +- }, +- { +- /* seed */ +- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, +- 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, +- /* a */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC, +- /* b */ +- 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8, +- 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45, +- /* x */ +- 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69, +- 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82, +- /* y */ +- 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9, +- 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, +- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[20 + 21 * 6]; +-} _EC_SECG_PRIME_160R2 = { +- { +- NID_X9_62_prime_field, 20, 21, 1 +- }, +- { +- /* seed */ +- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6, +- 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, +- /* a */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70, +- /* b */ +- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27, +- 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA, +- /* x */ +- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1, +- 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D, +- /* y */ +- 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa, +- 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, +- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 24 * 6]; +-} _EC_SECG_PRIME_192K1 = { +- { +- NID_X9_62_prime_field, 0, 24, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, +- /* x */ +- 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02, +- 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D, +- /* y */ +- 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0, +- 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, +- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 29 * 6]; +-} _EC_SECG_PRIME_224K1 = { +- { +- NID_X9_62_prime_field, 0, 29, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFE, 0xFF, 0xFF, 0xE5, 0x6D, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x05, +- /* x */ +- 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28, +- 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, +- 0x0E, 0xB6, 0xB7, 0xA4, 0x5C, +- /* y */ +- 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb, +- 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b, +- 0xdb, 0x55, 0x6d, 0x61, 0xa5, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, +- 0x71, 0x76, 0x9F, 0xB1, 0xF7 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; + } _EC_SECG_PRIME_256K1 = { + { +@@ -745,102 +244,6 @@ static const struct { + } + }; + +-/* some wap/wtls curves */ +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 15 * 6]; +-} _EC_WTLS_8 = { +- { +- NID_X9_62_prime_field, 0, 15, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFD, 0xE7, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x03, +- /* x */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x01, +- /* y */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x02, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A, +- 0xD8, 0x37, 0xE9 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 21 * 6]; +-} _EC_WTLS_9 = { +- { +- NID_X9_62_prime_field, 0, 21, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F, +- /* a */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- /* b */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, +- /* x */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, +- /* y */ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, +- /* order */ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD, +- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 28 * 6]; +-} _EC_WTLS_12 = { +- { +- NID_X9_62_prime_field, 0, 28, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x01, +- /* a */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0xFF, 0xFE, +- /* b */ +- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, +- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, +- 0x23, 0x55, 0xFF, 0xB4, +- /* x */ +- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, +- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, +- 0x11, 0x5C, 0x1D, 0x21, +- /* y */ +- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, +- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, +- 0x85, 0x00, 0x7e, 0x34, +- /* order */ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, +- 0x5C, 0x5C, 0x2A, 0x3D +- } +-}; + #endif /* FIPS_MODULE */ + + #ifndef OPENSSL_NO_EC2M +@@ -2238,198 +1641,6 @@ static const struct { + #ifndef FIPS_MODULE + static const struct { + EC_CURVE_DATA h; +- unsigned char data[0 + 20 * 6]; +-} _EC_brainpoolP160r1 = { +- { +- NID_X9_62_prime_field, 0, 20, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, +- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, +- /* a */ +- 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA, +- 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00, +- /* b */ +- 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D, +- 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58, +- /* x */ +- 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46, +- 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3, +- /* y */ +- 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41, +- 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, +- /* order */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, +- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 20 * 6]; +-} _EC_brainpoolP160t1 = { +- { +- NID_X9_62_prime_field, 0, 20, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, +- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, +- /* a */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, +- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C, +- /* b */ +- 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D, +- 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80, +- /* x */ +- 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA, +- 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78, +- /* y */ +- 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84, +- 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, +- /* order */ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, +- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 24 * 6]; +-} _EC_brainpoolP192r1 = { +- { +- NID_X9_62_prime_field, 0, 24, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, +- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, +- /* a */ +- 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31, +- 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF, +- /* b */ +- 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04, +- 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9, +- /* x */ +- 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5, +- 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6, +- /* y */ +- 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28, +- 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F, +- /* order */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, +- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 24 * 6]; +-} _EC_brainpoolP192t1 = { +- { +- NID_X9_62_prime_field, 0, 24, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, +- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, +- /* a */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, +- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94, +- /* b */ +- 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4, +- 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79, +- /* x */ +- 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7, +- 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29, +- /* y */ +- 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA, +- 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9, +- /* order */ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, +- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 28 * 6]; +-} _EC_brainpoolP224r1 = { +- { +- NID_X9_62_prime_field, 0, 28, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, +- 0x7E, 0xC8, 0xC0, 0xFF, +- /* a */ +- 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6, +- 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, +- 0xCA, 0xD2, 0x9F, 0x43, +- /* b */ +- 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1, +- 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, +- 0x38, 0x6C, 0x40, 0x0B, +- /* x */ +- 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2, +- 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, +- 0xEE, 0x12, 0xC0, 0x7D, +- /* y */ +- 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E, +- 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, +- 0x76, 0x14, 0x02, 0xCD, +- /* order */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, +- 0xA5, 0xA7, 0x93, 0x9F +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; +- unsigned char data[0 + 28 * 6]; +-} _EC_brainpoolP224t1 = { +- { +- NID_X9_62_prime_field, 0, 28, 1 +- }, +- { +- /* no seed */ +- /* p */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, +- 0x7E, 0xC8, 0xC0, 0xFF, +- /* a */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, +- 0x7E, 0xC8, 0xC0, 0xFC, +- /* b */ +- 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6, +- 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, +- 0x8A, 0x60, 0x88, 0x8D, +- /* x */ +- 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F, +- 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, +- 0x29, 0xB4, 0xD5, 0x80, +- /* y */ +- 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D, +- 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, +- 0x1A, 0x46, 0xDB, 0x4C, +- /* order */ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, +- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, +- 0xA5, 0xA7, 0x93, 0x9F +- } +-}; +- +-static const struct { +- EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; + } _EC_brainpoolP256r1 = { + { +@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[ + "NIST/SECG curve over a 521 bit prime field"}, + + /* X9.62 curves */ +- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, +- "NIST/X9.62/SECG curve over a 192 bit prime field"}, + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + # if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[ + static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, +- "SECG/WTLS curve over a 112 bit prime field"}, +- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, +- "SECG curve over a 112 bit prime field"}, +- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, +- "SECG curve over a 128 bit prime field"}, +- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, +- "SECG curve over a 128 bit prime field"}, +- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, +- "SECG curve over a 160 bit prime field"}, +- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, +- "SECG curve over a 160 bit prime field"}, +- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, +- "SECG/WTLS curve over a 160 bit prime field"}, +- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ +- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, +- "SECG curve over a 192 bit prime field"}, +- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, +- "SECG curve over a 224 bit prime field"}, + # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[ + # endif + "NIST/SECG curve over a 521 bit prime field"}, + /* X9.62 curves */ +- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, +- "NIST/X9.62/SECG curve over a 192 bit prime field"}, +- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, +- "X9.62 curve over a 192 bit prime field"}, +- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, +- "X9.62 curve over a 192 bit prime field"}, +- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, +- "X9.62 curve over a 239 bit prime field"}, +- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, +- "X9.62 curve over a 239 bit prime field"}, +- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, +- "X9.62 curve over a 239 bit prime field"}, + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + # if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[ + {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, + "X9.62 curve over a 163 bit binary field"}, + # endif +- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, +- "SECG/WTLS curve over a 112 bit prime field"}, +- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, +- "SECG/WTLS curve over a 160 bit prime field"}, +- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, +- "WTLS curve over a 112 bit prime field"}, +- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, +- "WTLS curve over a 160 bit prime field"}, + # ifndef OPENSSL_NO_EC2M + {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field"}, + {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field"}, + # endif +- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, +- "WTLS curve over a 224 bit prime field"}, + # ifndef OPENSSL_NO_EC2M + /* IPSec curves */ + {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, +@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[ + "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, + # endif + /* brainpool curves */ +- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, +- "RFC 5639 curve over a 160 bit prime field"}, +- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, +- "RFC 5639 curve over a 160 bit prime field"}, +- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, +- "RFC 5639 curve over a 192 bit prime field"}, +- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, +- "RFC 5639 curve over a 192 bit prime field"}, +- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, +- "RFC 5639 curve over a 224 bit prime field"}, +- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, +- "RFC 5639 curve over a 224 bit prime field"}, + {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, + "RFC 5639 curve over a 256 bit prime field"}, + {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, +diff -rupN --no-dereference openssl-3.0.9/test/ectest.c openssl-3.0.9-new/test/ectest.c +--- openssl-3.0.9/test/ectest.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/ectest.c 2023-05-31 14:33:11.125115431 +0200 +@@ -175,184 +175,26 @@ static int prime_field_tests(void) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) +- || !TEST_true(BN_hex2bn(&p, "17")) +- || !TEST_true(BN_hex2bn(&a, "1")) +- || !TEST_true(BN_hex2bn(&b, "1")) +- || !TEST_ptr(group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) +- || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) ++ /* ++ * applications should use EC_GROUP_new_curve_GFp so ++ * that the library gets to choose the EC_METHOD ++ */ ++ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) + goto err; + +- TEST_info("Curve defined by Weierstrass equation"); +- TEST_note(" y^2 = x^3 + a*x + b (mod p)"); +- test_output_bignum("a", a); +- test_output_bignum("b", b); +- test_output_bignum("p", p); +- + buf[0] = 0; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) +- || !TEST_true(EC_POINT_set_to_infinity(group, P)) +- || !TEST_true(EC_POINT_is_at_infinity(group, P)) +- || !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx)) +- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)) +- || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) +- || !TEST_ptr(yplusone = BN_new()) +- || !TEST_true(BN_hex2bn(&x, "D")) +- || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))) +- goto err; +- +- if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { +- if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) +- goto err; +- TEST_info("Point is not on curve"); +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- goto err; +- } +- +- TEST_note("A cyclic subgroup:"); +- k = 100; +- do { +- if (!TEST_int_ne(k--, 0)) +- goto err; +- +- if (EC_POINT_is_at_infinity(group, P)) { +- TEST_note(" point at infinity"); +- } else { +- if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, +- ctx))) +- goto err; +- +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- } +- +- if (!TEST_true(EC_POINT_copy(R, P)) +- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))) +- goto err; +- +- } while (!EC_POINT_is_at_infinity(group, P)); +- +- if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx)) +- || !TEST_true(EC_POINT_is_at_infinity(group, P))) +- goto err; +- +- len = +- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, +- sizeof(buf), ctx); +- if (!TEST_size_t_ne(len, 0) +- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) +- goto err; +- test_output_memory("Generator as octet string, compressed form:", +- buf, len); +- +- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, +- buf, sizeof(buf), ctx); +- if (!TEST_size_t_ne(len, 0) +- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) +- goto err; +- test_output_memory("Generator as octet string, uncompressed form:", +- buf, len); +- +- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, +- buf, sizeof(buf), ctx); +- if (!TEST_size_t_ne(len, 0) +- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) +- goto err; +- test_output_memory("Generator as octet string, hybrid form:", +- buf, len); +- +- if (!TEST_true(EC_POINT_invert(group, P, ctx)) +- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) +- +- /* +- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, +- * 2000) -- not a NIST curve, but commonly used +- */ +- +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) +- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) +- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) +- || !TEST_true(BN_hex2bn(&b, "1C97BEFC" +- "54BD7A8B65ACF89F81D4D4ADC565FA45")) +- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) +- || !TEST_true(BN_hex2bn(&x, "4A96B568" +- "8EF573284664698968C38BB913CBFC82")) +- || !TEST_true(BN_hex2bn(&y, "23a62855" +- "3168947d59dcc912042351377ac5fb32")) +- || !TEST_true(BN_add(yplusone, y, BN_value_one())) +- /* +- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, +- * and therefore setting the coordinates should fail. +- */ +- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, +- ctx)) +- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) +- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) +- || !TEST_true(BN_hex2bn(&z, "0100000000" +- "000000000001F4C8F927AED3CA752257")) +- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) +- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) +- goto err; +- TEST_info("SEC2 curve secp160r1 -- Generator"); +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- /* G_y value taken from the standard: */ +- if (!TEST_true(BN_hex2bn(&z, "23a62855" +- "3168947d59dcc912042351377ac5fb32")) +- || !TEST_BN_eq(y, z) +- || !TEST_int_eq(EC_GROUP_get_degree(group), 160) +- || !group_order_tests(group) +- +- /* Curve P-192 (FIPS PUB 186-2, App. 6) */ +- +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) +- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) +- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) +- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" +- "0FA7E9AB72243049FEB8DEECC146B9B1")) +- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) +- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" +- "7CBF20EB43A18800F4FF0AFD82FF1012")) +- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) +- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) +- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" +- "FFFFFFFF99DEF836146BC9B1B4D22831")) +- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) +- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) ++ || !TEST_ptr(yplusone = BN_new())) + goto err; + +- TEST_info("NIST curve P-192 -- Generator"); +- test_output_bignum("x", x); +- test_output_bignum("y", y); +- /* G_y value taken from the standard: */ +- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" +- "631011ED6B24CDD573F977A11E794811")) +- || !TEST_BN_eq(y, z) +- || !TEST_true(BN_add(yplusone, y, BN_value_one())) +- /* +- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, +- * and therefore setting the coordinates should fail. +- */ +- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, +- ctx)) +- || !TEST_int_eq(EC_GROUP_get_degree(group), 192) +- || !group_order_tests(group) +- + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" ++ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" +@@ -3015,7 +2857,7 @@ int setup_tests(void) + return 0; + + ADD_TEST(parameter_test); +- ADD_TEST(cofactor_range_test); ++ /* ADD_TEST(cofactor_range_test); */ + ADD_ALL_TESTS(cardinality_test, crv_len); + ADD_TEST(prime_field_tests); + #ifndef OPENSSL_NO_EC2M diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index fa3ad50..49e6182 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -1,19 +1,16 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/speed.c openssl-3.0.7-hobbled-new/apps/speed.c ---- openssl-3.0.7-hobbled/apps/speed.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/apps/speed.c 2022-11-28 16:00:18.706834172 +0100 -@@ -366,68 +366,23 @@ static double ffdh_results[FFDH_NUM][1]; +diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/speed.c +--- openssl-3.0.9/apps/speed.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/speed.c 2023-05-31 14:33:11.415115308 +0200 +@@ -366,7 +366,7 @@ static double ffdh_results[FFDH_NUM][1]; #endif /* OPENSSL_NO_DH */ enum ec_curves_t { - R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, --#ifndef OPENSSL_NO_EC2M -- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, -- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, --#endif -- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, -- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM + R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -+ ECDSA_NUM + #ifndef OPENSSL_NO_EC2M + R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, + R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +@@ -376,8 +376,6 @@ enum ec_curves_t { }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { @@ -22,26 +19,7 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/speed.c openssl-3.0.7-hob {"ecdsap224", R_EC_P224}, {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, - {"ecdsap521", R_EC_P521}, --#ifndef OPENSSL_NO_EC2M -- {"ecdsak163", R_EC_K163}, -- {"ecdsak233", R_EC_K233}, -- {"ecdsak283", R_EC_K283}, -- {"ecdsak409", R_EC_K409}, -- {"ecdsak571", R_EC_K571}, -- {"ecdsab163", R_EC_B163}, -- {"ecdsab233", R_EC_B233}, -- {"ecdsab283", R_EC_B283}, -- {"ecdsab409", R_EC_B409}, -- {"ecdsab571", R_EC_B571}, --#endif -- {"ecdsabrp256r1", R_EC_BRP256R1}, -- {"ecdsabrp256t1", R_EC_BRP256T1}, -- {"ecdsabrp384r1", R_EC_BRP384R1}, -- {"ecdsabrp384t1", R_EC_BRP384T1}, -- {"ecdsabrp512r1", R_EC_BRP512R1}, -- {"ecdsabrp512t1", R_EC_BRP512T1} - }; +@@ -404,8 +402,6 @@ static const OPT_PAIR ecdsa_choices[ECDS enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { @@ -50,29 +28,7 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/speed.c openssl-3.0.7-hob {"ecdhp224", R_EC_P224}, {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, - {"ecdhp521", R_EC_P521}, --#ifndef OPENSSL_NO_EC2M -- {"ecdhk163", R_EC_K163}, -- {"ecdhk233", R_EC_K233}, -- {"ecdhk283", R_EC_K283}, -- {"ecdhk409", R_EC_K409}, -- {"ecdhk571", R_EC_K571}, -- {"ecdhb163", R_EC_B163}, -- {"ecdhb233", R_EC_B233}, -- {"ecdhb283", R_EC_B283}, -- {"ecdhb409", R_EC_B409}, -- {"ecdhb571", R_EC_B571}, --#endif -- {"ecdhbrp256r1", R_EC_BRP256R1}, -- {"ecdhbrp256t1", R_EC_BRP256T1}, -- {"ecdhbrp384r1", R_EC_BRP384R1}, -- {"ecdhbrp384t1", R_EC_BRP384T1}, -- {"ecdhbrp512r1", R_EC_BRP512R1}, -- {"ecdhbrp512t1", R_EC_BRP512T1}, - {"ecdhx25519", R_EC_X25519}, - {"ecdhx448", R_EC_X448} - }; -@@ -1422,31 +1377,10 @@ int speed_main(int argc, char **argv) +@@ -1422,8 +1418,6 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ @@ -81,44 +37,10 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/speed.c openssl-3.0.7-hob {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, - {"nistp521", NID_secp521r1, 521}, --#ifndef OPENSSL_NO_EC2M -- /* Binary Curves */ -- {"nistk163", NID_sect163k1, 163}, -- {"nistk233", NID_sect233k1, 233}, -- {"nistk283", NID_sect283k1, 283}, -- {"nistk409", NID_sect409k1, 409}, -- {"nistk571", NID_sect571k1, 571}, -- {"nistb163", NID_sect163r2, 163}, -- {"nistb233", NID_sect233r1, 233}, -- {"nistb283", NID_sect283r1, 283}, -- {"nistb409", NID_sect409r1, 409}, -- {"nistb571", NID_sect571r1, 571}, --#endif -- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, -- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, -- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, -- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, -- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, -- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, - /* Other and ECDH only ones */ - {"X25519", NID_X25519, 253}, - {"X448", NID_X448, 448} -@@ -1474,8 +1408,8 @@ int speed_main(int argc, char **argv) - OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); - OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); - -- OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); -- OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); -+ OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1); -+ OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0); - - #ifndef OPENSSL_NO_SM2 - OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); -diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/evp/ec_support.c openssl-3.0.7-hobbled-new/crypto/evp/ec_support.c ---- openssl-3.0.7-hobbled/crypto/evp/ec_support.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/crypto/evp/ec_support.c 2022-11-28 16:00:18.707834179 +0100 -@@ -20,99 +20,12 @@ typedef struct ec_name2nid_st { +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ec_support.c openssl-3.0.9-new/crypto/evp/ec_support.c +--- openssl-3.0.9/crypto/evp/ec_support.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/evp/ec_support.c 2023-05-31 14:33:11.415115308 +0200 +@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ /* secg curves */ @@ -143,8 +65,8 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/evp/ec_support.c openss - {"prime239v2", NID_X9_62_prime239v2 }, - {"prime239v3", NID_X9_62_prime239v3 }, {"prime256v1", NID_X9_62_prime256v1 }, -- /* characteristic two field curves */ -- /* NIST/SECG curves */ + /* characteristic two field curves */ + /* NIST/SECG curves */ - {"sect113r1", NID_sect113r1 }, - {"sect113r2", NID_sect113r2 }, - {"sect131r1", NID_sect131r1 }, @@ -198,29 +120,28 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/evp/ec_support.c openss - /* IPSec curves */ - {"Oakley-EC2N-3", NID_ipsec3 }, - {"Oakley-EC2N-4", NID_ipsec4 }, -- /* brainpool curves */ + /* brainpool curves */ - {"brainpoolP160r1", NID_brainpoolP160r1 }, - {"brainpoolP160t1", NID_brainpoolP160t1 }, - {"brainpoolP192r1", NID_brainpoolP192r1 }, - {"brainpoolP192t1", NID_brainpoolP192t1 }, - {"brainpoolP224r1", NID_brainpoolP224r1 }, - {"brainpoolP224t1", NID_brainpoolP224t1 }, -- {"brainpoolP256r1", NID_brainpoolP256r1 }, -- {"brainpoolP256t1", NID_brainpoolP256t1 }, -- {"brainpoolP320r1", NID_brainpoolP320r1 }, -- {"brainpoolP320t1", NID_brainpoolP320t1 }, -- {"brainpoolP384r1", NID_brainpoolP384r1 }, -- {"brainpoolP384t1", NID_brainpoolP384t1 }, -- {"brainpoolP512r1", NID_brainpoolP512r1 }, -- {"brainpoolP512t1", NID_brainpoolP512t1 }, + {"brainpoolP256r1", NID_brainpoolP256r1 }, + {"brainpoolP256t1", NID_brainpoolP256t1 }, + {"brainpoolP320r1", NID_brainpoolP320r1 }, +@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = + {"brainpoolP384t1", NID_brainpoolP384t1 }, + {"brainpoolP512r1", NID_brainpoolP512r1 }, + {"brainpoolP512t1", NID_brainpoolP512t1 }, - /* SM2 curve */ - {"SM2", NID_sm2 }, }; const char *OSSL_EC_curve_nid2name(int nid) -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/acvp_test.inc openssl-3.0.7-hobbled-new/test/acvp_test.inc ---- openssl-3.0.7-hobbled/test/acvp_test.inc 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/acvp_test.inc 2022-11-28 16:00:18.707834179 +0100 +diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/test/acvp_test.inc +--- openssl-3.0.9/test/acvp_test.inc 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/acvp_test.inc 2023-05-31 14:33:11.416115307 +0200 @@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { @@ -237,9 +158,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/acvp_test.inc openssl-3.0 "SHA2-512", "P-521", ITM(ecdsa_sigver_msg1), -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ecdsatest.h openssl-3.0.7-hobbled-new/test/ecdsatest.h ---- openssl-3.0.7-hobbled/test/ecdsatest.h 2022-11-28 15:56:54.042363693 +0100 -+++ openssl-3.0.7-hobbled-new/test/ecdsatest.h 2022-11-28 16:00:18.708834186 +0100 +diff -rupN --no-dereference openssl-3.0.9/test/ecdsatest.h openssl-3.0.9-new/test/ecdsatest.h +--- openssl-3.0.9/test/ecdsatest.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/ecdsatest.h 2023-05-31 14:33:11.418115306 +0200 @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; @@ -264,40 +185,10 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ecdsatest.h openssl-3.0.7 /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_extra_test.c openssl-3.0.7-hobbled-new/test/evp_extra_test.c ---- openssl-3.0.7-hobbled/test/evp_extra_test.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/evp_extra_test.c 2022-11-28 16:00:18.709834194 +0100 -@@ -3373,13 +3373,12 @@ err: - - #ifndef OPENSSL_NO_EC - static int ecpub_nids[] = { -- NID_brainpoolP256r1, NID_X9_62_prime256v1, -+ NID_X9_62_prime256v1, - NID_secp384r1, NID_secp521r1, - # ifndef OPENSSL_NO_EC2M - NID_sect233k1, NID_sect233r1, NID_sect283r1, - NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, - # endif -- NID_brainpoolP384r1, NID_brainpoolP512r1 - }; - - static int test_ecpub(int idx) -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/06-test_algorithmid.t openssl-3.0.7-hobbled-new/test/recipes/06-test_algorithmid.t ---- openssl-3.0.7-hobbled/test/recipes/06-test_algorithmid.t 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/06-test_algorithmid.t 2022-11-28 16:00:18.709834194 +0100 -@@ -33,7 +33,7 @@ my %certs_info = - 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', - 'ee-cert-ec-named-named' => 'ca-cert-ec-named', - # 'server-ed448-cert' => 'root-ed448-cert' -- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', -+ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', - ) - ) - ); -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/15-test_genec.t openssl-3.0.7-hobbled-new/test/recipes/15-test_genec.t ---- openssl-3.0.7-hobbled/test/recipes/15-test_genec.t 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/15-test_genec.t 2022-11-28 16:00:18.709834194 +0100 -@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport +diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_genec.t openssl-3.0.9-new/test/recipes/15-test_genec.t +--- openssl-3.0.9/test/recipes/15-test_genec.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/15-test_genec.t 2023-05-31 14:33:11.420115305 +0200 +@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport if disabled("ec"); my @prime_curves = qw( @@ -332,18 +223,10 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/15-test_genec.t o - brainpoolP192t1 - brainpoolP224r1 - brainpoolP224t1 -- brainpoolP256r1 -- brainpoolP256t1 -- brainpoolP320r1 -- brainpoolP320t1 -- brainpoolP384r1 -- brainpoolP384t1 -- brainpoolP512r1 -- brainpoolP512t1 - ); - - my @binary_curves = qw( -@@ -136,7 +102,6 @@ push(@other_curves, 'SM2') + brainpoolP256r1 + brainpoolP256t1 + brainpoolP320r1 +@@ -136,7 +110,6 @@ push(@other_curves, 'SM2') if !disabled("sm2"); my @curve_aliases = qw( @@ -351,4611 +234,3 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/15-test_genec.t o P-224 P-256 P-384 -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/20-test_cli_fips.t openssl-3.0.7-hobbled-new/test/recipes/20-test_cli_fips.t ---- openssl-3.0.7-hobbled/test/recipes/20-test_cli_fips.t 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/20-test_cli_fips.t 2022-11-28 16:00:18.709834194 +0100 -@@ -26,7 +26,7 @@ use platform; - my $no_check = disabled("fips") || disabled('fips-securitychecks'); - plan skip_all => "Test only supported in a fips build with security checks" - if $no_check; --plan tests => 11; -+plan tests => 10; - - my $fipsmodule = bldtop_file('providers', platform->dso('fips')); - my $fipsconf = srctop_file("test", "fips-and-base.cnf"); -@@ -170,60 +170,6 @@ sub tsignverify { - $testtext); - } - --SKIP : { -- skip "FIPS EC tests because of no ec in this build", 1 -- if disabled("ec"); -- -- subtest EC => sub { -- my $testtext_prefix = 'EC'; -- my $a_fips_curve = 'prime256v1'; -- my $fips_key = $testtext_prefix.'.fips.priv.pem'; -- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; -- my $a_nonfips_curve = 'brainpoolP256r1'; -- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; -- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; -- my $testtext = ''; -- my $curvename = ''; -- -- plan tests => 5 + $tsignverify_count; -- -- $ENV{OPENSSL_CONF} = $defaultconf; -- $curvename = $a_nonfips_curve; -- $testtext = $testtext_prefix.': '. -- 'Generate a key with a non-FIPS algorithm with the default provider'; -- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', -- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, -- '-out', $nonfips_key])), -- $testtext); -- -- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); -- -- $ENV{OPENSSL_CONF} = $fipsconf; -- -- $curvename = $a_fips_curve; -- $testtext = $testtext_prefix.': '. -- 'Generate a key with a FIPS algorithm'; -- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', -- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, -- '-out', $fips_key])), -- $testtext); -- -- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); -- -- $curvename = $a_nonfips_curve; -- $testtext = $testtext_prefix.': '. -- 'Generate a key with a non-FIPS algorithm'. -- ' (should fail)'; -- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', -- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, -- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), -- $testtext); -- -- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, -- $nonfips_pub_key); -- }; --} -- - SKIP: { - skip "FIPS RSA tests because of no rsa in this build", 1 - if disabled("rsa"); -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_ecc.txt ---- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-11-28 16:00:18.711834208 +0100 -@@ -1,3 +1,4 @@ -+ - # - # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - # -@@ -11,1949 +12,6 @@ - # PrivPubKeyPair Sign Verify VerifyRecover - # and continue until a blank line. Lines starting with a pound sign are ignored. - --Title=c2pnb163v1 curve tests -- --PrivateKey=ALICE_cf_c2pnb163v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb163v1_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B --4G8rKQXbrc0mvWsF -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB -- --PrivateKey=BOB_cf_c2pnb163v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb163v1_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ --KuBh8tP8VSTHPCHF -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v1 --PeerKey=BOB_cf_c2pnb163v1_PUB --SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v1 --PeerKey=ALICE_cf_c2pnb163v1_PUB --SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v1 --PeerKey=BOB_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v1 --PeerKey=ALICE_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 -- --PublicKey=MALICE_cf_c2pnb163v1_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN --/piKdhDD3dDKXUih -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb163v1 --PeerKey=MALICE_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb163v1 --PeerKey=MALICE_cf_c2pnb163v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb163v2 curve tests -- --PrivateKey=ALICE_cf_c2pnb163v2 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb163v2_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q --4PzawHXQoYm/qgDd -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB -- --PrivateKey=BOB_cf_c2pnb163v2 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb163v2_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy --kBF3juAQuARgxuT6 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v2 --PeerKey=BOB_cf_c2pnb163v2_PUB --SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v2 --PeerKey=ALICE_cf_c2pnb163v2_PUB --SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v2 --PeerKey=BOB_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v2 --PeerKey=ALICE_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 -- --PublicKey=MALICE_cf_c2pnb163v2_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY --n6HANPEoMoK+7Sv0 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb163v2 --PeerKey=MALICE_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb163v2 --PeerKey=MALICE_cf_c2pnb163v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb163v3 curve tests -- --PrivateKey=ALICE_cf_c2pnb163v3 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb163v3_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK --YnObLnq34LRuWznb -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB -- --PrivateKey=BOB_cf_c2pnb163v3 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb163v3_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J --DZnBLhxBwtqnfUpA -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v3 --PeerKey=BOB_cf_c2pnb163v3_PUB --SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v3 --PeerKey=ALICE_cf_c2pnb163v3_PUB --SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb163v3 --PeerKey=BOB_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb163v3 --PeerKey=ALICE_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 -- --PublicKey=MALICE_cf_c2pnb163v3_PUB -------BEGIN PUBLIC KEY----- --MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK --LwAuHF8g5Y0JjJnI -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb163v3 --PeerKey=MALICE_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb163v3 --PeerKey=MALICE_cf_c2pnb163v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb176v1 curve tests -- --PrivateKey=ALICE_cf_c2pnb176v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb176v1_PUB -------BEGIN PUBLIC KEY----- --MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI --iw3girDLhNzOu3IQ8Ac= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB -- --PrivateKey=BOB_cf_c2pnb176v1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb176v1_PUB -------BEGIN PUBLIC KEY----- --MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX --uMtp6pzy63rCEK53bgs= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb176v1 --PeerKey=BOB_cf_c2pnb176v1_PUB --SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb176v1 --PeerKey=ALICE_cf_c2pnb176v1_PUB --SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb176v1 --PeerKey=BOB_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb176v1 --PeerKey=ALICE_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac -- --PublicKey=MALICE_cf_c2pnb176v1_PUB -------BEGIN PUBLIC KEY----- --MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL --zXV3l5j8K3pow+GJBE4= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb176v1 --PeerKey=MALICE_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb176v1 --PeerKey=MALICE_cf_c2pnb176v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb208w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb208w1 -------BEGIN PRIVATE KEY----- --MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd --XF2k -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb208w1_PUB -------BEGIN PUBLIC KEY----- --ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y --Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB -- --PrivateKey=BOB_cf_c2pnb208w1 -------BEGIN PRIVATE KEY----- --MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP --cJot -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb208w1_PUB -------BEGIN PUBLIC KEY----- --ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 --cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb208w1 --PeerKey=BOB_cf_c2pnb208w1_PUB --SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb208w1 --PeerKey=ALICE_cf_c2pnb208w1_PUB --SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb208w1 --PeerKey=BOB_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb208w1 --PeerKey=ALICE_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b -- --PublicKey=MALICE_cf_c2pnb208w1_PUB -------BEGIN PUBLIC KEY----- --ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ --oPkHxRWnu5e7qI2idMcqaKDeeniUaA== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb208w1 --PeerKey=MALICE_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb208w1 --PeerKey=MALICE_cf_c2pnb208w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb272w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb272w1 -------BEGIN PRIVATE KEY----- --MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f --StHU67fpP7YoF8U= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb272w1_PUB -------BEGIN PUBLIC KEY----- --MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ --DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB -- --PrivateKey=BOB_cf_c2pnb272w1 -------BEGIN PRIVATE KEY----- --MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn --MOsOJ6xObBph3zQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb272w1_PUB -------BEGIN PUBLIC KEY----- --MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 --cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb272w1 --PeerKey=BOB_cf_c2pnb272w1_PUB --SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb272w1 --PeerKey=ALICE_cf_c2pnb272w1_PUB --SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb272w1 --PeerKey=BOB_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb272w1 --PeerKey=ALICE_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 -- --PublicKey=MALICE_cf_c2pnb272w1_PUB -------BEGIN PUBLIC KEY----- --MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN --oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb272w1 --PeerKey=MALICE_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb272w1 --PeerKey=MALICE_cf_c2pnb272w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb304w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb304w1 -------BEGIN PRIVATE KEY----- --MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ --8jy/v5cFcO0X6dykHgnZ -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb304w1_PUB -------BEGIN PUBLIC KEY----- --MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q --iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB -- --PrivateKey=BOB_cf_c2pnb304w1 -------BEGIN PRIVATE KEY----- --MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt --X9BbqYM9GQfVNSLHntTg -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb304w1_PUB -------BEGIN PUBLIC KEY----- --MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb --kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb304w1 --PeerKey=BOB_cf_c2pnb304w1_PUB --SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb304w1 --PeerKey=ALICE_cf_c2pnb304w1_PUB --SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb304w1 --PeerKey=BOB_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb304w1 --PeerKey=ALICE_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 -- --PublicKey=MALICE_cf_c2pnb304w1_PUB -------BEGIN PUBLIC KEY----- --MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP --fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb304w1 --PeerKey=MALICE_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb304w1 --PeerKey=MALICE_cf_c2pnb304w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2pnb368w1 curve tests -- --PrivateKey=ALICE_cf_c2pnb368w1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi --KfLLIa1c29BTmM//oWdKpqeuvwMIBto= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2pnb368w1_PUB -------BEGIN PUBLIC KEY----- --MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI --euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd --3makbwQ= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB -- --PrivateKey=BOB_cf_c2pnb368w1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz --Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2pnb368w1_PUB -------BEGIN PUBLIC KEY----- --MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v --At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra --gqfRaOs= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb368w1 --PeerKey=BOB_cf_c2pnb368w1_PUB --SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb368w1 --PeerKey=ALICE_cf_c2pnb368w1_PUB --SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2pnb368w1 --PeerKey=BOB_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2pnb368w1 --PeerKey=ALICE_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 -- --PublicKey=MALICE_cf_c2pnb368w1_PUB -------BEGIN PUBLIC KEY----- --MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd --ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj --726e1BE= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2pnb368w1 --PeerKey=MALICE_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2pnb368w1 --PeerKey=MALICE_cf_c2pnb368w1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb191v1 curve tests -- --PrivateKey=ALICE_cf_c2tnb191v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x --Jk4= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb191v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 --7lRimqLWHPyvKgcP+PRCIUom -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB -- --PrivateKey=BOB_cf_c2tnb191v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0 --MTU= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb191v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ --adqalcB6SIWOfoJReDLcpxAD -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v1 --PeerKey=BOB_cf_c2tnb191v1_PUB --SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v1 --PeerKey=ALICE_cf_c2tnb191v1_PUB --SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v1 --PeerKey=BOB_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v1 --PeerKey=ALICE_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 -- --PublicKey=MALICE_cf_c2tnb191v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj --iNoFyzyANZl8IDB0fF1RmZD6 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb191v1 --PeerKey=MALICE_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb191v1 --PeerKey=MALICE_cf_c2tnb191v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb191v2 curve tests -- --PrivateKey=ALICE_cf_c2tnb191v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP --jbo= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb191v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI --UVvJT/Jv9m462J6Iz1XOohhP -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB -- --PrivateKey=BOB_cf_c2tnb191v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7 --wcs= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb191v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY --JBIoz1RNNXTcgdpguLcrvcPJ -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v2 --PeerKey=BOB_cf_c2tnb191v2_PUB --SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v2 --PeerKey=ALICE_cf_c2tnb191v2_PUB --SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v2 --PeerKey=BOB_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v2 --PeerKey=ALICE_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce -- --PublicKey=MALICE_cf_c2tnb191v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U --2vqunpWef+/CaO2pFBcwwW+x -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb191v2 --PeerKey=MALICE_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb191v2 --PeerKey=MALICE_cf_c2tnb191v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb191v3 curve tests -- --PrivateKey=ALICE_cf_c2tnb191v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b --erU= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb191v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX --HWsGvDE2HC+6pL2BMl3MRCty -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB -- --PrivateKey=BOB_cf_c2tnb191v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH --iSQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb191v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe --QFIb5QwXAdbg2tEOl7yj9qkk -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v3 --PeerKey=BOB_cf_c2tnb191v3_PUB --SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v3 --PeerKey=ALICE_cf_c2tnb191v3_PUB --SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb191v3 --PeerKey=BOB_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb191v3 --PeerKey=ALICE_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 -- --PublicKey=MALICE_cf_c2tnb191v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk --n5vQBTxUzkIkMjL33v6Lr3z7 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb191v3 --PeerKey=MALICE_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb191v3 --PeerKey=MALICE_cf_c2tnb191v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb239v1 curve tests -- --PrivateKey=ALICE_cf_c2tnb239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG --rJMnJLIXiCI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 --dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB -- --PrivateKey=BOB_cf_c2tnb239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH --sfpZeV3i5FM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc --G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v1 --PeerKey=BOB_cf_c2tnb239v1_PUB --SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v1 --PeerKey=ALICE_cf_c2tnb239v1_PUB --SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v1 --PeerKey=BOB_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v1 --PeerKey=ALICE_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 -- --PublicKey=MALICE_cf_c2tnb239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT --Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb239v1 --PeerKey=MALICE_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb239v1 --PeerKey=MALICE_cf_c2tnb239v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb239v2 curve tests -- --PrivateKey=ALICE_cf_c2tnb239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6 --GbEcp4PbJKU= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 --VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB -- --PrivateKey=BOB_cf_c2tnb239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+ --JLwCwn7lYx0= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku --N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v2 --PeerKey=BOB_cf_c2tnb239v2_PUB --SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v2 --PeerKey=ALICE_cf_c2tnb239v2_PUB --SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v2 --PeerKey=BOB_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v2 --PeerKey=ALICE_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 -- --PublicKey=MALICE_cf_c2tnb239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3 --JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb239v2 --PeerKey=MALICE_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb239v2 --PeerKey=MALICE_cf_c2tnb239v2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb239v3 curve tests -- --PrivateKey=ALICE_cf_c2tnb239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv --rDl2fV9ObC8= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD --H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB -- --PrivateKey=BOB_cf_c2tnb239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef --XG3HcQX+4i0= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K --BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v3 --PeerKey=BOB_cf_c2tnb239v3_PUB --SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v3 --PeerKey=ALICE_cf_c2tnb239v3_PUB --SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb239v3 --PeerKey=BOB_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb239v3 --PeerKey=ALICE_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce -- --PublicKey=MALICE_cf_c2tnb239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d --LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb239v3 --PeerKey=MALICE_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb239v3 --PeerKey=MALICE_cf_c2tnb239v3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb359v1 curve tests -- --PrivateKey=ALICE_cf_c2tnb359v1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP --Bd5HaS33laTZkCdNLITw1UUrESUIOiU= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb359v1_PUB -------BEGIN PUBLIC KEY----- --MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY --RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x --fN3Y -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB -- --PrivateKey=BOB_cf_c2tnb359v1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr --esHVfU53i6ucCsnPTWSDWSb5CePtI9g= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb359v1_PUB -------BEGIN PUBLIC KEY----- --MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5 --ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b --R8fe -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb359v1 --PeerKey=BOB_cf_c2tnb359v1_PUB --SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb359v1 --PeerKey=ALICE_cf_c2tnb359v1_PUB --SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb359v1 --PeerKey=BOB_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb359v1 --PeerKey=ALICE_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 -- --PublicKey=MALICE_cf_c2tnb359v1_PUB -------BEGIN PUBLIC KEY----- --MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl --++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53 --OEQw -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb359v1 --PeerKey=MALICE_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb359v1 --PeerKey=MALICE_cf_c2tnb359v1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=c2tnb431r1 curve tests -- --PrivateKey=ALICE_cf_c2tnb431r1 -------BEGIN PRIVATE KEY----- --MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz --Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_c2tnb431r1_PUB -------BEGIN PUBLIC KEY----- --MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ --pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM --7VQJLEsBpJ/WUonwMJXknjgfONP7GA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB -- --PrivateKey=BOB_cf_c2tnb431r1 -------BEGIN PRIVATE KEY----- --MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/ --VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_c2tnb431r1_PUB -------BEGIN PUBLIC KEY----- --MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc --fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ --8Cg6YpgbK314SK5STziqoZwzEISJ9w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb431r1 --PeerKey=BOB_cf_c2tnb431r1_PUB --SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb431r1 --PeerKey=ALICE_cf_c2tnb431r1_PUB --SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_c2tnb431r1 --PeerKey=BOB_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_c2tnb431r1 --PeerKey=ALICE_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 -- --PublicKey=MALICE_cf_c2tnb431r1_PUB -------BEGIN PUBLIC KEY----- --MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a --5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr --F3Cls9x60wuFYNc9d6eIe4B+puz9IQ== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_c2tnb431r1 --PeerKey=MALICE_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_c2tnb431r1 --PeerKey=MALICE_cf_c2tnb431r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=prime192v2 curve tests -- --PrivateKey=ALICE_cf_prime192v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX --sMM= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime192v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d --g5IzsS/XMJzifjCJZgNsb7mi -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB -- --PrivateKey=BOB_cf_prime192v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M --xqI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime192v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u --Y6OU1aHkkspZTC1uUVWjchy5 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime192v2 --PeerKey=BOB_cf_prime192v2_PUB --SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime192v2 --PeerKey=ALICE_cf_prime192v2_PUB --SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 -- --Title=prime192v3 curve tests -- --PrivateKey=ALICE_cf_prime192v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx --Igw= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime192v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi --MsDRFCB6/h8TcCUFuospu5l0 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB -- --PrivateKey=BOB_cf_prime192v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu --92g= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime192v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 --vMWAgEeLhzar86BUlS7dZwS7 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime192v3 --PeerKey=BOB_cf_prime192v3_PUB --SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime192v3 --PeerKey=ALICE_cf_prime192v3_PUB --SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 -- --Title=prime239v1 curve tests -- --PrivateKey=ALICE_cf_prime239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY --SF/w+SUTNqY= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW --RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB -- --PrivateKey=BOB_cf_prime239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB --jZ9gplgXxzk= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT --L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime239v1 --PeerKey=BOB_cf_prime239v1_PUB --SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime239v1 --PeerKey=ALICE_cf_prime239v1_PUB --SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 -- --Title=prime239v2 curve tests -- --PrivateKey=ALICE_cf_prime239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h --+tFevsg1pPE= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd --CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB -- --PrivateKey=BOB_cf_prime239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT --KY0wlvJdo/w= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 --dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime239v2 --PeerKey=BOB_cf_prime239v2_PUB --SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime239v2 --PeerKey=ALICE_cf_prime239v2_PUB --SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf -- --Title=prime239v3 curve tests -- --PrivateKey=ALICE_cf_prime239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu --Y9AfhA2G+mI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb --GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB -- --PrivateKey=BOB_cf_prime239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I --d9bmIVvG3dM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 --LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime239v3 --PeerKey=BOB_cf_prime239v3_PUB --SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime239v3 --PeerKey=ALICE_cf_prime239v3_PUB --SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 -- --Title=secp112r1 curve tests -- --PrivateKey=ALICE_cf_secp112r1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp112r1_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB -- --PrivateKey=BOB_cf_secp112r1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp112r1_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp112r1 --PeerKey=BOB_cf_secp112r1_PUB --SharedSecret=4ddd1d504b444d4be67ba2e4610a -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp112r1 --PeerKey=ALICE_cf_secp112r1_PUB --SharedSecret=4ddd1d504b444d4be67ba2e4610a -- --Title=secp112r2 curve tests -- --PrivateKey=ALICE_cf_secp112r2 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB -- --PrivateKey=BOB_cf_secp112r2 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp112r2 --PeerKey=BOB_cf_secp112r2_PUB --SharedSecret=a6d05c7ba5128a9685c705b5030b -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp112r2 --PeerKey=ALICE_cf_secp112r2_PUB --SharedSecret=a6d05c7ba5128a9685c705b5030b -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp112r2 --PeerKey=BOB_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04f3280e92c269d794aa779efcef -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp112r2 --PeerKey=ALICE_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04f3280e92c269d794aa779efcef -- --PublicKey=MALICE_cf_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_secp112r2 --PeerKey=MALICE_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_secp112r2 --PeerKey=MALICE_cf_secp112r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=secp128r1 curve tests -- --PrivateKey=ALICE_cf_secp128r1 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp128r1_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB -- --PrivateKey=BOB_cf_secp128r1 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp128r1_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp128r1 --PeerKey=BOB_cf_secp128r1_PUB --SharedSecret=5020f1b759da1f737a61a29a268d7669 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp128r1 --PeerKey=ALICE_cf_secp128r1_PUB --SharedSecret=5020f1b759da1f737a61a29a268d7669 -- --Title=secp128r2 curve tests -- --PrivateKey=ALICE_cf_secp128r2 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp128r2_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB -- --PrivateKey=BOB_cf_secp128r2 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp128r2_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp128r2 --PeerKey=BOB_cf_secp128r2_PUB --SharedSecret=8f4d8c75141e9b084328222440eb5dfa -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp128r2 --PeerKey=ALICE_cf_secp128r2_PUB --SharedSecret=8f4d8c75141e9b084328222440eb5dfa -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp128r2 --PeerKey=BOB_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=baaa0c16e16eef291001475d638e4830 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp128r2 --PeerKey=ALICE_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=baaa0c16e16eef291001475d638e4830 -- --PublicKey=MALICE_cf_secp128r2_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_secp128r2 --PeerKey=MALICE_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_secp128r2 --PeerKey=MALICE_cf_secp128r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=secp160k1 curve tests -- --PrivateKey=ALICE_cf_secp160k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp160k1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT --EvqPyLS64w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB -- --PrivateKey=BOB_cf_secp160k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp160k1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ --bxT/CqEkyw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp160k1 --PeerKey=BOB_cf_secp160k1_PUB --SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp160k1 --PeerKey=ALICE_cf_secp160k1_PUB --SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 -- --Title=secp160r1 curve tests -- --PrivateKey=ALICE_cf_secp160r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp160r1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb --OoNj/A+W9w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB -- --PrivateKey=BOB_cf_secp160r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp160r1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J --Jwy17FaNNg== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp160r1 --PeerKey=BOB_cf_secp160r1_PUB --SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp160r1 --PeerKey=ALICE_cf_secp160r1_PUB --SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 -- --Title=secp160r2 curve tests -- --PrivateKey=ALICE_cf_secp160r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp160r2_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj --mSqCCA6gUw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB -- --PrivateKey=BOB_cf_secp160r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp160r2_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH --nN+SfWr6aQ== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp160r2 --PeerKey=BOB_cf_secp160r2_PUB --SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp160r2 --PeerKey=ALICE_cf_secp160r2_PUB --SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 -- --Title=secp192k1 curve tests -- --PrivateKey=ALICE_cf_secp192k1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp192k1_PUB -------BEGIN PUBLIC KEY----- --MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 --6EAu7gVvYDTpnRkymKyH -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB -- --PrivateKey=BOB_cf_secp192k1 -------BEGIN PRIVATE KEY----- --MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp192k1_PUB -------BEGIN PUBLIC KEY----- --MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF --OZ2oFMP0Kfcr7HbI7a5j -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp192k1 --PeerKey=BOB_cf_secp192k1_PUB --SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp192k1 --PeerKey=ALICE_cf_secp192k1_PUB --SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d -- --Title=secp224k1 curve tests -- --PrivateKey=ALICE_cf_secp224k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W --w40Qyg== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_secp224k1_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 --e3m7uC92ZQhduF9lJli4dXD5en/1wkE= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB -- --PrivateKey=BOB_cf_secp224k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe --q2xUfA== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_secp224k1_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K --KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_secp224k1 --PeerKey=BOB_cf_secp224k1_PUB --SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_secp224k1 --PeerKey=ALICE_cf_secp224k1_PUB --SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 -- - Title=secp256k1 curve tests - - PrivateKey=ALICE_cf_secp256k1 -@@ -1998,1604 +56,6 @@ Derive=BOB_cf_secp256k1 - PeerKey=ALICE_cf_secp256k1_PUB - SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 - --Title=sect113r1 curve tests -- --PrivateKey=ALICE_cf_sect113r1 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect113r1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB -- --PrivateKey=BOB_cf_sect113r1 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect113r1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r1 --PeerKey=BOB_cf_sect113r1_PUB --SharedSecret=01ed16f1948dcb368a54004237842d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r1 --PeerKey=ALICE_cf_sect113r1_PUB --SharedSecret=01ed16f1948dcb368a54004237842d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r1 --PeerKey=BOB_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e5f3e348c2a8a88d9590a639219 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r1 --PeerKey=ALICE_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e5f3e348c2a8a88d9590a639219 -- --PublicKey=MALICE_cf_sect113r1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect113r1 --PeerKey=MALICE_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect113r1 --PeerKey=MALICE_cf_sect113r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect113r2 curve tests -- --PrivateKey=ALICE_cf_sect113r2 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect113r2_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB -- --PrivateKey=BOB_cf_sect113r2 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect113r2_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r2 --PeerKey=BOB_cf_sect113r2_PUB --SharedSecret=0057a287ba1ea05cb4735e673647e1 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r2 --PeerKey=ALICE_cf_sect113r2_PUB --SharedSecret=0057a287ba1ea05cb4735e673647e1 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect113r2 --PeerKey=BOB_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00fec2454e46732aca42b22b6d4f13 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect113r2 --PeerKey=ALICE_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00fec2454e46732aca42b22b6d4f13 -- --PublicKey=MALICE_cf_sect113r2_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect113r2 --PeerKey=MALICE_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect113r2 --PeerKey=MALICE_cf_sect113r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect131r1 curve tests -- --PrivateKey=ALICE_cf_sect131r1 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect131r1_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ --Ag== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB -- --PrivateKey=BOB_cf_sect131r1 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect131r1_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 --5A== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r1 --PeerKey=BOB_cf_sect131r1_PUB --SharedSecret=05346248f77f81fff50cc656e119976871 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r1 --PeerKey=ALICE_cf_sect131r1_PUB --SharedSecret=05346248f77f81fff50cc656e119976871 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r1 --PeerKey=BOB_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01f151ae26efa507acc2597356baf7e8ab -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r1 --PeerKey=ALICE_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01f151ae26efa507acc2597356baf7e8ab -- --PublicKey=MALICE_cf_sect131r1_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK --zw== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect131r1 --PeerKey=MALICE_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect131r1 --PeerKey=MALICE_cf_sect131r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect131r2 curve tests -- --PrivateKey=ALICE_cf_sect131r2 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect131r2_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d --dw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB -- --PrivateKey=BOB_cf_sect131r2 -------BEGIN PRIVATE KEY----- --MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect131r2_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z --pA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r2 --PeerKey=BOB_cf_sect131r2_PUB --SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r2 --PeerKey=ALICE_cf_sect131r2_PUB --SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect131r2 --PeerKey=BOB_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect131r2 --PeerKey=ALICE_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 -- --PublicKey=MALICE_cf_sect131r2_PUB -------BEGIN PUBLIC KEY----- --MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY --1w== -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect131r2 --PeerKey=MALICE_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect131r2 --PeerKey=MALICE_cf_sect131r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect163r1 curve tests -- --PrivateKey=ALICE_cf_sect163r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect163r1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ --sbtEXluCzANF -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB -- --PrivateKey=BOB_cf_sect163r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect163r1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r --9FHWU5LC5pDM -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r1 --PeerKey=BOB_cf_sect163r1_PUB --SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r1 --PeerKey=ALICE_cf_sect163r1_PUB --SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r1 --PeerKey=BOB_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r1 --PeerKey=ALICE_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 -- --PublicKey=MALICE_cf_sect163r1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk --cs0Bv7iJuVg1 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect163r1 --PeerKey=MALICE_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect163r1 --PeerKey=MALICE_cf_sect163r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect193r1 curve tests -- --PrivateKey=ALICE_cf_sect193r1 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect193r1_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY --1TYShZZgBr0R6a5dUGCbiF0= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB -- --PrivateKey=BOB_cf_sect193r1 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect193r1_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK --f40zok8PJS6ratIcZwk/n20= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r1 --PeerKey=BOB_cf_sect193r1_PUB --SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r1 --PeerKey=ALICE_cf_sect193r1_PUB --SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r1 --PeerKey=BOB_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r1 --PeerKey=ALICE_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 -- --PublicKey=MALICE_cf_sect193r1_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n --zROUg6/STkLp1D+L51L9+wY= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect193r1 --PeerKey=MALICE_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect193r1 --PeerKey=MALICE_cf_sect193r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect193r2 curve tests -- --PrivateKey=ALICE_cf_sect193r2 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect193r2_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT --kJ+Tit6e4RpgkB/dph4V+uI= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB -- --PrivateKey=BOB_cf_sect193r2 -------BEGIN PRIVATE KEY----- --MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect193r2_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp --xiDevOQ/xE9SpMX25W7YqkU= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r2 --PeerKey=BOB_cf_sect193r2_PUB --SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r2 --PeerKey=ALICE_cf_sect193r2_PUB --SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect193r2 --PeerKey=BOB_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect193r2 --PeerKey=ALICE_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 -- --PublicKey=MALICE_cf_sect193r2_PUB -------BEGIN PUBLIC KEY----- --MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO --Y7+6QpEvOay9A4MJCUZfZmI= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect193r2 --PeerKey=MALICE_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect193r2 --PeerKey=MALICE_cf_sect193r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect239k1 curve tests -- --PrivateKey=ALICE_cf_sect239k1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5 --5z6lf7o= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect239k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF --lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB -- --PrivateKey=BOB_cf_sect239k1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx --Ly4Klfg= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect239k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc --TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect239k1 --PeerKey=BOB_cf_sect239k1_PUB --SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect239k1 --PeerKey=ALICE_cf_sect239k1_PUB --SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect239k1 --PeerKey=BOB_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect239k1 --PeerKey=ALICE_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 -- --PublicKey=MALICE_cf_sect239k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect239k1 --PeerKey=MALICE_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect239k1 --PeerKey=MALICE_cf_sect239k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls10 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp --SJiGyw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 --/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0 --dKPkQg== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT --IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB --SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls11 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k --5jp+FiY= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H --zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5 --h/kzfNM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE --ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB --SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 --Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls12 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12 -------BEGIN PRIVATE KEY----- --MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP --LI9a -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li --bqn5udrckL6s3stwCTVFaZUfY2qS9QE= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 -------BEGIN PRIVATE KEY----- --MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q --K3Ax -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB -------BEGIN PUBLIC KEY----- --ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx --+xsOK9/QB7hzipq9cXx1K/dXu58EoSY= -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB --SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls12 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB --SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b -- --Title=wap-wsg-idm-ecid-wtls1 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB --SharedSecret=0040ba2fadc1da97c973e5e59ade31 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --SharedSecret=0040ba2fadc1da97c973e5e59ade31 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008919696215a89e03d6c4c9265d6b -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008919696215a89e03d6c4c9265d6b -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls3 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI --01f8oGBuXMQH -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 --hlBUf5kmG4Yn -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB --SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls4 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB --SharedSecret=0077378ddfdadff704a0b6646949e7 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --SharedSecret=0077378ddfdadff704a0b6646949e7 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008f3713fe1ff1fa5d5041899817d1 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=008f3713fe1ff1fa5d5041899817d1 -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB -------BEGIN PUBLIC KEY----- --MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls5 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk --uFzn9fPvIDe6 -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR --jdoMGRgUuJmO -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB --SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea -- --PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK --dhDD3dDKXUih -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 --PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=wap-wsg-idm-ecid-wtls6 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB --SharedSecret=b4cae255268f11a1e46fecad04c2 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls6 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB --SharedSecret=b4cae255268f11a1e46fecad04c2 -- --Title=wap-wsg-idm-ecid-wtls7 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT --feGY4CNH0w== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 --QneRu3xwPA== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB --SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls7 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB --SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a -- --Title=wap-wsg-idm-ecid-wtls8 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 -------BEGIN PRIVATE KEY----- --MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB --SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls8 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB --SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 -- --Title=wap-wsg-idm-ecid-wtls9 curve tests -- --PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw --DB/RYdZuUg== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB -- --PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov --a3EVJ9yK1A== -------END PUBLIC KEY----- -- --Availablein = default --PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9 --PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB --SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_wap-wsg-idm-ecid-wtls9 --PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB --SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 -- --# tests: 484 -- --Title=zero x-coord regression tests -- --PrivateKey=ALICE_zero_prime192v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhaPNk8jG5hSG6y8tUqUoOaNNsZ3APU --pps= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime192v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2hWBe5g --DLNj216pEvK7XjoKLg5gNg8S -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime192v1 --PeerKey=BOB_zero_prime192v1_PUB --SharedSecret=baaffd49a8399d2ad52cbbe24d47b67afb4b3cf436f1cd65 -- --PrivateKey=ALICE_zero_prime192v2 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to --41k= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime192v2_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Gj7Qqt --2wx/jwFlKgvE4rnd50LspdMk -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime192v2 --PeerKey=BOB_zero_prime192v2_PUB --SharedSecret=b8f200a4b87064f2e8600685ca3e69b8e661a117aabc770b -- --PrivateKey=ALICE_zero_prime192v3 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBh/maLQMSlea9BfLqGy5NPuK0YAH/cz --GqI= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime192v3_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZEzb63e2 --3MKatRLR9Y1M5JEdI9jwMocI -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime192v3 --PeerKey=BOB_zero_prime192v3_PUB --SharedSecret=b5de857d355bc5b9e270a4c290ea9728d764d8b243ff5d8d -- --PrivateKey=ALICE_zero_prime239v1 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5pYWzRYI+c6O7NXCt0H2kw8XRL3rhe --4MrJT8j++CI= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime239v1_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --Ox02uwNNLFuvDRn5ip8TxvW0W22R7UzJa9Av6/nh -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime239v1 --PeerKey=BOB_zero_prime239v1_PUB --SharedSecret=6b6206408bd05d42daa2cd224c401a1230b44e184f17b82f385f22dac215 -- --PrivateKey=ALICE_zero_prime239v2 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5l8bB7Cpmr7vyx9FiOT2wEF3YOFbDG --bmRr3Vi/xr4= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime239v2_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --IOg3VJGQ89d1GWg4Igxcj5xpDmJiP8tv+e4mxt5U -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime239v2 --PeerKey=BOB_zero_prime239v2_PUB --SharedSecret=772c2819c960c78f28f21f6542b7409294fad1f84567c44c4b7678dc0e42 -- --PrivateKey=ALICE_zero_prime239v3 -------BEGIN PRIVATE KEY----- --MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5HF5FABzUOTYMZg9UdZTx/oRERm/fU --M/+otKzpLjA= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime239v3_PUB -------BEGIN PUBLIC KEY----- --MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AsZ4u6r3qQI78EYBpiSgWjqNpoeShjr5piecMBWj -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime239v3 --PeerKey=BOB_zero_prime239v3_PUB --SharedSecret=56a71f5dd1611e8032c3e2d8224d86e5e8c2fc6480d74c0e282282decd43 -- --PrivateKey=ALICE_zero_prime256v1 -------BEGIN PRIVATE KEY----- --MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDXhMb6aR4JR2+l2tmgYqP0r8S4jtym --yH++awvF2nGhhg== -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_prime256v1_PUB -------BEGIN PUBLIC KEY----- --MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AABmSFx4Di+D1yQzvV2EoGu2VBwq8x2uhxcov4VqF0+T9A== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_prime256v1 --PeerKey=BOB_zero_prime256v1_PUB --SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c -- --PrivateKey=ALICE_zero_secp112r2 -------BEGIN PRIVATE KEY----- --MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4hh3tRkG3tnA0496ffMw== -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp112r2_PUB -------BEGIN PUBLIC KEY----- --MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEAAAAAAAAAAAAAAAAAAAS5eEOWDV/Wk7w4djyDQ== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp112r2 --PeerKey=BOB_zero_secp112r2_PUB --SharedSecret=958cc1cb425713678830a4d7d95e -- --PrivateKey=ALICE_zero_secp128r1 -------BEGIN PRIVATE KEY----- --MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBCykSzic/h3T2K6SkSP1SGt -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp128r1_PUB -------BEGIN PUBLIC KEY----- --MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEAAAAAAAAAAAAAAAAAAAAAABya8M5aeOpNG3z799IdHc= -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp128r1 --PeerKey=BOB_zero_secp128r1_PUB --SharedSecret=5235d452066f126cd7e99eea00fd3068 -- --PrivateKey=ALICE_zero_secp160r1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUACoRnbig69XLlh5VcRexpbbn5zwA= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp160r1_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAG/w1po29wYlxlygXs --MGfbiGg5ng== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp160r1 --PeerKey=BOB_zero_secp160r1_PUB --SharedSecret=9ccd0ab8d093b6acdb3fe14c3736a0dfe61a4666 -- --PrivateKey=ALICE_zero_secp160r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAQFGxInSw1eAvd45E9TUdbXtJGnA= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp160r2_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 --ZZZl2JFxDg== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp160r2 --PeerKey=BOB_zero_secp160r2_PUB --SharedSecret=303e0a282ac86f463fe834cb51b0057be42ed5ab -- --PrivateKey=ALICE_zero_secp384r1 -------BEGIN PRIVATE KEY----- --ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi --VVHJeYRSnNpFOiFLaOsGOmwoeZzj6jc= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp384r1_PUB -------BEGIN PUBLIC KEY----- --MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAPPme8E9RpepjC6P5+WDdWToUyb45/SvSFdO0sIqq+Gu/kn8sRuUqsG+3 --QriFDlIe -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp384r1 --PeerKey=BOB_zero_secp384r1_PUB --SharedSecret=b1cfeaeef51dfd487d3a8b2849f1592e04d63f2d2c88b310a6290ebfe5399f5ffe954eabd0619231393e56c35b242986 -- --PrivateKey=ALICE_zero_secp521r1 -------BEGIN PRIVATE KEY----- --MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAbddDLMUWbAsY7l3vbNDmntXuAUcDYPg5 --w/cgUwSCIvrV9MBeSG8AWqT16riHmHlsn+XI5PAJM6eij3JDahnu9Mo= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_secp521r1_PUB -------BEGIN PUBLIC KEY----- --MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0g7J/qa1d8ENJsobtEb0CymeZIsa --1Qiq0GiJb+4/jmFLxjBU1Xcr8Bpl1BLgvKqOll0vXTMtfzn4RtRArgAfT4c= -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_secp521r1 --PeerKey=BOB_zero_secp521r1_PUB --SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 -- --PrivateKey=ALICE_zero_wap-wsg-idm-ecid-wtls7 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAoGng7WzYr4P9vtdc3BS/UiNWmc0= -------END PRIVATE KEY----- -- --PublicKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB -------BEGIN PUBLIC KEY----- --MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 --ZZZl2JFxDg== -------END PUBLIC KEY----- -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_zero_wap-wsg-idm-ecid-wtls7 --PeerKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB --SharedSecret=6582fc03bbb340fcf24a5fe8fcdf722655efa8b9 -- --# tests: 14 -- --Title=prime192v1 curve tests -- --PrivateKey=ALICE_cf_prime192v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 --TeI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_prime192v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK --PZ78UrllIr69kgrYUKsRg4sd -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB -- --PrivateKey=BOB_cf_prime192v1 -------BEGIN PRIVATE KEY----- --MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI --CWM= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_prime192v1_PUB -------BEGIN PUBLIC KEY----- --MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp --bAekMot69VorE8ibSzgJixXJ -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_prime192v1 --PeerKey=BOB_cf_prime192v1_PUB --SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_prime192v1 --PeerKey=ALICE_cf_prime192v1_PUB --SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 -- --# ECDH Bob with Alice peer : curves with less than 112 bits of strength cannot --# be used for Key agreement in fips mode --Availablein = fips --Derive=BOB_cf_prime192v1 --Securitycheck = 1 --PeerKey=ALICE_cf_prime192v1_PUB --SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 --Result = DERIVE_SET_PEER_ERROR -- - Title=prime256v1 curve tests - - PrivateKey=ALICE_cf_prime256v1 -@@ -3759,743 +219,3 @@ SharedSecret=01dd4aa9037bb4ad298b420998d - Derive=BOB_cf_secp521r1 - PeerKey=ALICE_cf_secp521r1_PUB - SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 -- --Title=sect163k1 curve tests -- --PrivateKey=ALICE_cf_sect163k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect163k1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV --1UVeTRnyAlWU -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB -- --PrivateKey=BOB_cf_sect163k1 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect163k1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk --nsdg7isQ8XBD -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163k1 --PeerKey=BOB_cf_sect163k1_PUB --SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163k1 --PeerKey=ALICE_cf_sect163k1_PUB --SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163k1 --PeerKey=BOB_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163k1 --PeerKey=ALICE_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 -- --PublicKey=MALICE_cf_sect163k1_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect163k1 --PeerKey=MALICE_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect163k1 --PeerKey=MALICE_cf_sect163k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect163r2 curve tests -- --PrivateKey=ALICE_cf_sect163r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect163r2_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu --YwVrmqhgqH/C -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB -- --PrivateKey=BOB_cf_sect163r2 -------BEGIN PRIVATE KEY----- --MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect163r2_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 --8vT5zU3aq6HV -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB -- --# ECDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r2 --PeerKey=BOB_cf_sect163r2_PUB --SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d -- --# ECDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r2 --PeerKey=ALICE_cf_sect163r2_PUB --SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d -- --# ECC CDH Alice with Bob peer --Availablein = default --Derive=ALICE_cf_sect163r2 --PeerKey=BOB_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f -- --# ECC CDH Bob with Alice peer --Availablein = default --Derive=BOB_cf_sect163r2 --PeerKey=ALICE_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f -- --PublicKey=MALICE_cf_sect163r2_PUB -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD --ZtqJwDlp802l -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Availablein = default --Derive=BOB_cf_sect163r2 --PeerKey=MALICE_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Availablein = default --Derive=ALICE_cf_sect163r2 --PeerKey=MALICE_cf_sect163r2_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect233k1 curve tests -- --PrivateKey=ALICE_cf_sect233k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y --Gua8Kw== -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect233k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf --MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB -- --PrivateKey=BOB_cf_sect233k1 -------BEGIN PRIVATE KEY----- --MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA --DFMTUA== -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect233k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 --ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect233k1 --PeerKey=BOB_cf_sect233k1_PUB --SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect233k1 --PeerKey=ALICE_cf_sect233k1_PUB --SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect233k1 --PeerKey=BOB_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect233k1 --PeerKey=ALICE_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d -- --PublicKey=MALICE_cf_sect233k1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect233k1 --PeerKey=MALICE_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect233k1 --PeerKey=MALICE_cf_sect233k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect233r1 curve tests -- --PrivateKey=ALICE_cf_sect233r1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm --HP3Pt8Y= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect233r1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD --NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB -- --PrivateKey=BOB_cf_sect233r1 -------BEGIN PRIVATE KEY----- --MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 --mQVC2pw= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect233r1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl --TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect233r1 --PeerKey=BOB_cf_sect233r1_PUB --SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect233r1 --PeerKey=ALICE_cf_sect233r1_PUB --SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect233r1 --PeerKey=BOB_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect233r1 --PeerKey=ALICE_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 -- --PublicKey=MALICE_cf_sect233r1_PUB -------BEGIN PUBLIC KEY----- --MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 --Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect233r1 --PeerKey=MALICE_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect233r1 --PeerKey=MALICE_cf_sect233r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect283k1 curve tests -- --PrivateKey=ALICE_cf_sect283k1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 --5EFCgxyvkaLManw= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect283k1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd --5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB -- --PrivateKey=BOB_cf_sect283k1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD --1J6957vBTPSQdH0= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect283k1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM --QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect283k1 --PeerKey=BOB_cf_sect283k1_PUB --SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect283k1 --PeerKey=ALICE_cf_sect283k1_PUB --SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect283k1 --PeerKey=BOB_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect283k1 --PeerKey=ALICE_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 -- --PublicKey=MALICE_cf_sect283k1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect283k1 --PeerKey=MALICE_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect283k1 --PeerKey=MALICE_cf_sect283k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect283r1 curve tests -- --PrivateKey=ALICE_cf_sect283r1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf --4Pi0hpGr4ubZcHE= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect283r1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ --kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB -- --PrivateKey=BOB_cf_sect283r1 -------BEGIN PRIVATE KEY----- --MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q --UdFnP6YIykt7+Pg= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect283r1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO --PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect283r1 --PeerKey=BOB_cf_sect283r1_PUB --SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect283r1 --PeerKey=ALICE_cf_sect283r1_PUB --SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect283r1 --PeerKey=BOB_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect283r1 --PeerKey=ALICE_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 -- --PublicKey=MALICE_cf_sect283r1_PUB -------BEGIN PUBLIC KEY----- --MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect283r1 --PeerKey=MALICE_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect283r1 --PeerKey=MALICE_cf_sect283r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect409k1 curve tests -- --PrivateKey=ALICE_cf_sect409k1 -------BEGIN PRIVATE KEY----- --MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb --bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect409k1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW --5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e --aAzayZ1+UCEj8skbC9U= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB -- --PrivateKey=BOB_cf_sect409k1 -------BEGIN PRIVATE KEY----- --MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 --6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect409k1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY --Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 --vuu4aApQiWE3yQd9v/I= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect409k1 --PeerKey=BOB_cf_sect409k1_PUB --SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect409k1 --PeerKey=ALICE_cf_sect409k1_PUB --SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect409k1 --PeerKey=BOB_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect409k1 --PeerKey=ALICE_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee -- --PublicKey=MALICE_cf_sect409k1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAA= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect409k1 --PeerKey=MALICE_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect409k1 --PeerKey=MALICE_cf_sect409k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect409r1 curve tests -- --PrivateKey=ALICE_cf_sect409r1 -------BEGIN PRIVATE KEY----- --MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON --+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect409r1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui --iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q --fGZqa3D+bDVMwrhmZto= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB -- --PrivateKey=BOB_cf_sect409r1 -------BEGIN PRIVATE KEY----- --MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU --7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect409r1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf --sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ --+sUmumbIuGzbrjtMRmw= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect409r1 --PeerKey=BOB_cf_sect409r1_PUB --SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect409r1 --PeerKey=ALICE_cf_sect409r1_PUB --SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect409r1 --PeerKey=BOB_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect409r1 --PeerKey=ALICE_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad -- --PublicKey=MALICE_cf_sect409r1_PUB -------BEGIN PUBLIC KEY----- --MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My --bFKKSOJ7hyrM8Lwl1e8= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect409r1 --PeerKey=MALICE_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect409r1 --PeerKey=MALICE_cf_sect409r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect571k1 curve tests -- --PrivateKey=ALICE_cf_sect571k1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB --zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect571k1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX --dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa --sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB -- --PrivateKey=BOB_cf_sect571k1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ --p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect571k1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r --rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 --3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect571k1 --PeerKey=BOB_cf_sect571k1_PUB --SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect571k1 --PeerKey=ALICE_cf_sect571k1_PUB --SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect571k1 --PeerKey=BOB_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect571k1 --PeerKey=ALICE_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 -- --PublicKey=MALICE_cf_sect571k1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect571k1 --PeerKey=MALICE_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect571k1 --PeerKey=MALICE_cf_sect571k1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --Title=sect571r1 curve tests -- --PrivateKey=ALICE_cf_sect571r1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk --+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= -------END PRIVATE KEY----- -- --PublicKey=ALICE_cf_sect571r1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS --fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R --Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= -------END PUBLIC KEY----- -- --PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB -- --PrivateKey=BOB_cf_sect571r1 -------BEGIN PRIVATE KEY----- --MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA --G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= -------END PRIVATE KEY----- -- --PublicKey=BOB_cf_sect571r1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh --kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT --c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= -------END PUBLIC KEY----- -- --PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB -- --# ECDH Alice with Bob peer --Derive=ALICE_cf_sect571r1 --PeerKey=BOB_cf_sect571r1_PUB --SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 -- --# ECDH Bob with Alice peer --Derive=BOB_cf_sect571r1 --PeerKey=ALICE_cf_sect571r1_PUB --SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 -- --# ECC CDH Alice with Bob peer --Derive=ALICE_cf_sect571r1 --PeerKey=BOB_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 -- --# ECC CDH Bob with Alice peer --Derive=BOB_cf_sect571r1 --PeerKey=ALICE_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 -- --PublicKey=MALICE_cf_sect571r1_PUB -------BEGIN PUBLIC KEY----- --MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC --aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= -------END PUBLIC KEY----- -- --# ECC CDH Bob with Malice peer --Derive=BOB_cf_sect571r1 --PeerKey=MALICE_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -- --# ECC CDH Alice with Malice peer --Derive=ALICE_cf_sect571r1 --PeerKey=MALICE_cf_sect571r1_PUB --Ctrl=ecdh_cofactor_mode:1 --Result=DERIVE_ERROR --Reason=point at infinity -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt ---- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-11-28 16:00:18.711834208 +0100 -@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP - x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== - -----END PUBLIC KEY----- - --PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC -------BEGIN PUBLIC KEY----- --MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe --53YiHHK4SzR844PzgGe4nD6a -------END PUBLIC KEY----- -- - PrivateKey = RSA-2048 - -----BEGIN PRIVATE KEY----- - MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV -@@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH - - PrivPubKeyPair = RSA-2048:P-256-PUBLIC - Result = KEYPAIR_TYPE_MISMATCH -- --PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC --Result = KEYPAIR_TYPE_MISMATCH -- --PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC --Result = KEYPAIR_TYPE_MISMATCH -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp.t openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t ---- openssl-3.0.7-hobbled/test/recipes/30-test_evp.t 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t 2022-11-28 16:00:18.711834208 +0100 -@@ -117,7 +117,6 @@ my @defltfiles = qw( - evppkey_kdf_tls1_prf.txt - evppkey_rsa.txt - ); --push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; - push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; - - plan tests => -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/65-test_cmp_protect.t openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_protect.t ---- openssl-3.0.7-hobbled/test/recipes/65-test_cmp_protect.t 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_protect.t 2022-11-28 16:00:18.711834208 +0100 -@@ -7,7 +7,6 @@ - # this file except in compliance with the License. You can obtain a copy - # in the file LICENSE in the source distribution or at - # https://www.openssl.org/source/license.html -- - use strict; - use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; - use OpenSSL::Test::Utils; -@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo - plan skip_all => "This test is not supported in a shared library build on Windows" - if $^O eq 'MSWin32' && !disabled("shared"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_protect_test", - data_file("server.pem"), -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/65-test_cmp_vfy.t openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_vfy.t ---- openssl-3.0.7-hobbled/test/recipes/65-test_cmp_vfy.t 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_vfy.t 2022-11-28 16:00:18.712834215 +0100 -@@ -7,7 +7,6 @@ - # this file except in compliance with the License. You can obtain a copy - # in the file LICENSE in the source distribution or at - # https://www.openssl.org/source/license.html -- - use strict; - use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; - use OpenSSL::Test::Utils; -@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo - plan skip_all => "This test is not supported in a no-ec build" - if disabled("ec"); - --plan tests => 2 + ($no_fips ? 0 : 1); #fips test -+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test - - my @basic_cmd = ("cmp_vfy_test", - data_file("server.crt"), data_file("client.crt"), -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf ---- openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf 2022-11-28 16:00:18.712834215 +0100 -@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server - client = 22-ECDSA with brainpool-client - - [22-ECDSA with brainpool-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --Groups = brainpoolP256r1 --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [22-ECDSA with brainpool-client] - CipherString = aECDSA --Groups = brainpoolP256r1 - MaxProtocol = TLSv1.2 - RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -@@ -791,9 +789,6 @@ VerifyMode = Peer - - [test-22] - ExpectedResult = Success --ExpectedServerCANames = empty --ExpectedServerCertType = brainpoolP256r1 --ExpectedServerSignType = EC - - - # =========================================================== -@@ -1715,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool - client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client - - [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --Groups = brainpoolP256r1 --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] - CipherString = aECDSA --Groups = brainpoolP256r1 - RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - - [test-52] --ExpectedResult = ClientFail -+ExpectedResult = Success - - - # =========================================================== -@@ -1741,9 +1734,9 @@ server = 53-TLS 1.3 ECDSA with brainpool - client = 53-TLS 1.3 ECDSA with brainpool-client - - [53-TLS 1.3 ECDSA with brainpool-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [53-TLS 1.3 ECDSA with brainpool-client] - CipherString = DEFAULT -@@ -1754,7 +1747,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro - VerifyMode = Peer - - [test-53] --ExpectedResult = ServerFail -+ExpectedResult = Success - - - # =========================================================== -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf.in ---- openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf.in 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf.in 2022-11-28 16:00:18.712834215 +0100 -@@ -428,21 +428,21 @@ my @tests_non_fips = ( - { - name => "ECDSA with brainpool", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -- "Groups" => "brainpoolP256r1", -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), -+ #"Groups" => "brainpoolP256r1", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), -- "Groups" => "brainpoolP256r1", -+ #"Groups" => "brainpoolP256r1", - }, - test => { -- "ExpectedServerCertType" =>, "brainpoolP256r1", -- "ExpectedServerSignType" =>, "EC", -+ #"ExpectedServerCertType" =>, "brainpoolP256r1", -+ #"ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 -- "ExpectedServerCANames" =>, "empty", -+ #"ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, -@@ -896,27 +896,27 @@ my @tests_tls_1_3_non_fips = ( - { - name => "TLS 1.3 ECDSA with brainpool but no suitable groups", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -- "Groups" => "brainpoolP256r1", -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), -+ #"Groups" => "brainpoolP256r1", - }, - client => { - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), -- "Groups" => "brainpoolP256r1", -+ #"Groups" => "brainpoolP256r1", - }, - test => { - #We only configured brainpoolP256r1 on the client side, but TLSv1.3 - #is enabled and this group is not allowed in TLSv1.3. Therefore this - #should fail -- "ExpectedResult" => "ClientFail" -+ "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA with brainpool", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), - }, - client => { - "RequestCAFile" => test_pem("root-cert.pem"), -@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( - "MaxProtocol" => "TLSv1.3" - }, - test => { -- "ExpectedResult" => "ServerFail" -+ "ExpectedResult" => "Success" - }, - }, - ); diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index 636e9ff..4dfab1d 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -1,80 +1,122 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/ec/ec_lib.c openssl-3.0.7-hobbled-new/crypto/ec/ec_lib.c ---- openssl-3.0.7-hobbled/crypto/ec/ec_lib.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/crypto/ec/ec_lib.c 2022-11-28 16:00:18.970836081 +0100 -@@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na - goto err; - } - } else { -- ret_group = (EC_GROUP *)group; -+ goto err; - } - EC_GROUP_free(dup); - return ret_group; -diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/common/securitycheck.c openssl-3.0.7-hobbled-new/providers/common/securitycheck.c ---- openssl-3.0.7-hobbled/providers/common/securitycheck.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/providers/common/securitycheck.c 2022-11-28 16:00:18.970836081 +0100 -@@ -92,22 +92,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx - int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) - { - # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) -- if (ossl_securitycheck_enabled(ctx)) { -- int nid, strength; -- const char *curve_name; -- const EC_GROUP *group = EC_KEY_get0_group(ec); -+ int nid, strength; -+ const char *curve_name; -+ const EC_GROUP *group = EC_KEY_get0_group(ec); +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_asn1.c openssl-3.0.9-new/crypto/ec/ec_asn1.c +--- openssl-3.0.9/crypto/ec/ec_asn1.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_asn1.c 2023-05-31 14:33:11.688115192 +0200 +@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** + if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) + group->decoded_from_explicit_params = 1; -- if (group == NULL) { -- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group"); -- return 0; -- } -- nid = EC_GROUP_get_curve_name(group); -- if (nid == NID_undef) { -- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, -- "Explicit curves are not allowed in fips mode"); -- return 0; -- } -+ if (group == NULL) { -+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group"); -+ return 0; ++ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) { ++ EC_GROUP_free(group); ++ ECPKPARAMETERS_free(params); ++ return NULL; + } -+ nid = EC_GROUP_get_curve_name(group); -+ if (nid == NID_undef) { -+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, -+ "Explicit curves are not allowed in this build"); -+ return 0; -+ } - -+ if (ossl_securitycheck_enabled(ctx)) { - curve_name = EC_curve_nid2nist(nid); - if (curve_name == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, -diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.7-hobbled-new/providers/implementations/keymgmt/ec_kmgmt.c ---- openssl-3.0.7-hobbled/providers/implementations/keymgmt/ec_kmgmt.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/providers/implementations/keymgmt/ec_kmgmt.c 2022-11-28 16:00:18.970836081 +0100 -@@ -944,11 +944,8 @@ int ec_validate(const void *keydata, int - if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { - int flags = EC_KEY_get_flags(eck); - -- if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0) -- ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), -- (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); -- else -- ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); -+ ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), -+ (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); ++ + if (a) { + EC_GROUP_free(*a); + *a = group; +@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con + goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { -@@ -1225,6 +1222,10 @@ static int ec_gen_assign_group(EC_KEY *e - ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); - return 0; - } -+ if (EC_GROUP_get_curve_name(group) == NID_undef) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE); -+ return 0; ++ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) { ++ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); ++ goto err; + } - return EC_KEY_set_group(ec, group) > 0; - } ++ + ret->version = priv_key->version; + + if (priv_key->privateKey) { +diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new/test/endecode_test.c +--- openssl-3.0.9/test/endecode_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/endecode_test.c 2023-05-31 14:33:11.689115191 +0200 +@@ -58,7 +58,7 @@ static BN_CTX *bnctx = NULL; + static OSSL_PARAM_BLD *bld_prime_nc = NULL; + static OSSL_PARAM_BLD *bld_prime = NULL; + static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; +-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; ++/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/ + + # ifndef OPENSSL_NO_EC2M + static OSSL_PARAM_BLD *bld_tri_nc = NULL; +@@ -1005,9 +1005,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") + DOMAIN_KEYS(ECExplicitPrimeNamedCurve); + IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) + IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") +-DOMAIN_KEYS(ECExplicitPrime2G); +-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) +-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") ++/*DOMAIN_KEYS(ECExplicitPrime2G);*/ ++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ ++/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ + # ifndef OPENSSL_NO_EC2M + DOMAIN_KEYS(ECExplicitTriNamedCurve); + IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) +@@ -1338,7 +1338,7 @@ int setup_tests(void) + || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) + || !create_ec_explicit_prime_params(bld_prime) + || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) +- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) ++/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/ + # ifndef OPENSSL_NO_EC2M + || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) + || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) +@@ -1366,7 +1366,7 @@ int setup_tests(void) + TEST_info("Generating EC keys..."); + MAKE_DOMAIN_KEYS(EC, "EC", EC_params); + MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); +- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); ++/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/ + # ifndef OPENSSL_NO_EC2M + MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); + MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); +@@ -1409,8 +1409,8 @@ int setup_tests(void) + ADD_TEST_SUITE_LEGACY(EC); + ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); + ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); +- ADD_TEST_SUITE(ECExplicitPrime2G); +- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); ++/* ADD_TEST_SUITE(ECExplicitPrime2G);*/ ++/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/ + # ifndef OPENSSL_NO_EC2M + ADD_TEST_SUITE(ECExplicitTriNamedCurve); + ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); +@@ -1447,7 +1447,7 @@ void cleanup_tests(void) + { + #ifndef OPENSSL_NO_EC + OSSL_PARAM_free(ec_explicit_prime_params_nc); +- OSSL_PARAM_free(ec_explicit_prime_params_explicit); ++/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/ + OSSL_PARAM_BLD_free(bld_prime_nc); + OSSL_PARAM_BLD_free(bld_prime); + # ifndef OPENSSL_NO_EC2M +@@ -1469,7 +1469,7 @@ void cleanup_tests(void) + #ifndef OPENSSL_NO_EC + FREE_DOMAIN_KEYS(EC); + FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); +- FREE_DOMAIN_KEYS(ECExplicitPrime2G); ++/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/ + # ifndef OPENSSL_NO_EC2M + FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); + FREE_DOMAIN_KEYS(ECExplicitTri2G); +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 14:33:11.689115191 +0200 +@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB + 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl + -----END PRIVATE KEY----- +-PrivateKey = EC_EXPLICIT +------BEGIN PRIVATE KEY----- +-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG +-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A +-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk +-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL +-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg +------END PRIVATE KEY----- +- + PrivateKey = B-163 + -----BEGIN PRIVATE KEY----- + MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K diff --git a/0013-skipped-tests-EC-curves.patch b/0013-skipped-tests-EC-curves.patch new file mode 100644 index 0000000..fc89d79 --- /dev/null +++ b/0013-skipped-tests-EC-curves.patch @@ -0,0 +1,36 @@ +diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_ec.t openssl-3.0.9-new/test/recipes/15-test_ec.t +--- openssl-3.0.9/test/recipes/15-test_ec.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/15-test_ec.t 2023-05-31 14:33:11.961115076 +0200 +@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key + + subtest 'Check loading of fips and non-fips keys' => sub { + plan skip_all => "FIPS is disabled" +- if $no_fips; ++ if 1; #Red Hat specific, original value is $no_fips; + + plan tests => 2; + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_protect.t openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.9/test/recipes/65-test_cmp_protect.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/65-test_cmp_protect.t 2023-05-31 14:33:11.962115075 +0200 +@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("server.pem"), +diff -rupN --no-dereference openssl-3.0.9/test/recipes/65-test_cmp_vfy.t openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.9/test/recipes/65-test_cmp_vfy.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/65-test_cmp_vfy.t 2023-05-31 14:33:11.962115075 +0200 +@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index 07ae719..ce74a19 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf ---- openssl-3.0.7-hobbled/apps/openssl.cnf 2022-11-28 16:00:17.734827142 +0100 -+++ openssl-3.0.7-hobbled-new/apps/openssl.cnf 2022-11-28 16:00:19.202837759 +0100 +diff -rupN --no-dereference openssl-3.0.9/apps/openssl.cnf openssl-3.0.9-new/apps/openssl.cnf +--- openssl-3.0.9/apps/openssl.cnf 2023-05-31 14:33:09.764116007 +0200 ++++ openssl-3.0.9-new/apps/openssl.cnf 2023-05-31 14:33:12.226114963 +0200 @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -19,11 +19,6 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7 ssl_conf = ssl_module -# List of providers to load --[provider_sect] --default = default_sect --# The fips section name should match the section name inside the --# included fipsmodule.cnf. --# fips = fips_sect +# Uncomment the sections that start with ## below to enable the legacy provider. +# Loading the legacy provider enables support for the following algorithms: +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 @@ -32,7 +27,13 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7 +# In general it is not recommended to use the above mentioned algorithms for +# security critical operations, as they are cryptographically weak or vulnerable +# to side-channel attacks and as such have been deprecated. - ++ + [provider_sect] + default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect +- -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# @@ -41,23 +42,20 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7 -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. --[default_sect] --# activate = 1 -+[provider_sect] -+##default = default_sect +##legacy = legacy_sect +## -+##[default_sect] -+##activate = 1 -+## + [default_sect] +-# activate = 1 ++activate = 1 ++ +##[legacy_sect] +##activate = 1 [ ssl_module ] -diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man5/config.pod openssl-3.0.7-hobbled-new/doc/man5/config.pod ---- openssl-3.0.7-hobbled/doc/man5/config.pod 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/doc/man5/config.pod 2022-11-28 16:00:19.203837767 +0100 +diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod +--- openssl-3.0.9/doc/man5/config.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:12.227114962 +0200 @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch new file mode 100644 index 0000000..e09dbd5 --- /dev/null +++ b/0031-tmp-Fix-test-names.patch @@ -0,0 +1,39 @@ +diff -rupN --no-dereference openssl-3.0.9/test/recipes/90-test_sslapi.t openssl-3.0.9-new/test/recipes/90-test_sslapi.t +--- openssl-3.0.9/test/recipes/90-test_sslapi.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/90-test_sslapi.t 2023-05-31 14:33:12.480114854 +0200 +@@ -48,7 +48,7 @@ unless ($no_fips) { + "recipes", + "90-test_sslapi_data", + "dhparams.pem")])), +- "running sslapitest"); ++ "running sslapitest - FIPS"); + } + + unlink $tmpfilename; +diff -rupN --no-dereference openssl-3.0.9/test/sslapitest.c openssl-3.0.9-new/test/sslapitest.c +--- openssl-3.0.9/test/sslapitest.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/sslapitest.c 2023-05-31 14:33:12.482114853 +0200 +@@ -1172,6 +1172,11 @@ static int execute_test_ktls(int cis_ktl + goto end; + } + ++ if (is_fips && strstr(cipher, "CHACHA") != NULL) { ++ testresult = TEST_skip("CHACHA is not supported in FIPS"); ++ goto end; ++ } ++ + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), +@@ -1306,6 +1311,11 @@ static int execute_test_ktls_sendfile(in + goto end; + } + ++ if (is_fips && strstr(cipher, "CHACHA") != NULL) { ++ testresult = TEST_skip("CHACHA is not supported in FIPS"); ++ goto end; ++ } ++ + if (is_fips && strstr(cipher, "CHACHA") != NULL) { + testresult = TEST_skip("CHACHA is not supported in FIPS"); + goto end; diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch new file mode 100644 index 0000000..266235e --- /dev/null +++ b/0032-Force-fips.patch @@ -0,0 +1,167 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/provider_conf.c openssl-3.0.9-new/crypto/provider_conf.c +--- openssl-3.0.9/crypto/provider_conf.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/provider_conf.c 2023-05-31 14:33:12.736114745 +0200 +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -136,58 +137,18 @@ static int prov_already_activated(const + return 0; + } + +-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, +- const char *value, const CONF *cnf) ++static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, ++ const char *value, const char *path, ++ int soft, const CONF *cnf) + { +- int i; +- STACK_OF(CONF_VALUE) *ecmds; +- int soft = 0; +- OSSL_PROVIDER *prov = NULL, *actual = NULL; +- const char *path = NULL; +- long activate = 0; + int ok = 0; +- +- name = skip_dot(name); +- OSSL_TRACE1(CONF, "Configuring provider %s\n", name); +- /* Value is a section containing PROVIDER commands */ +- ecmds = NCONF_get_section(cnf, value); +- +- if (!ecmds) { +- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, +- "section=%s not found", value); +- return 0; +- } +- +- /* Find the needed data first */ +- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { +- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); +- const char *confname = skip_dot(ecmd->name); +- const char *confvalue = ecmd->value; +- +- OSSL_TRACE2(CONF, "Provider command: %s = %s\n", +- confname, confvalue); +- +- /* First handle some special pseudo confs */ +- +- /* Override provider name to use */ +- if (strcmp(confname, "identity") == 0) +- name = confvalue; +- else if (strcmp(confname, "soft_load") == 0) +- soft = 1; +- /* Load a dynamic PROVIDER */ +- else if (strcmp(confname, "module") == 0) +- path = confvalue; +- else if (strcmp(confname, "activate") == 0) +- activate = 1; +- } +- +- if (activate) { +- PROVIDER_CONF_GLOBAL *pcgbl +- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, +- &provider_conf_ossl_ctx_method); ++ OSSL_PROVIDER *prov = NULL, *actual = NULL; ++ PROVIDER_CONF_GLOBAL *pcgbl ++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, ++ &provider_conf_ossl_ctx_method); + + if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { +- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); ++ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); + return 0; + } + if (!prov_already_activated(name, pcgbl->activated_providers)) { +@@ -216,7 +177,7 @@ static int provider_conf_load(OSSL_LIB_C + if (path != NULL) + ossl_provider_set_module_path(prov, path); + +- ok = provider_conf_params(prov, NULL, NULL, value, cnf); ++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; + + if (ok) { + if (!ossl_provider_activate(prov, 1, 0)) { +@@ -244,8 +205,59 @@ static int provider_conf_load(OSSL_LIB_C + } + if (!ok) + ossl_provider_free(prov); ++ } else { /* No reason to activate the provider twice, returning OK */ ++ ok = 1; + } + CRYPTO_THREAD_unlock(pcgbl->lock); ++ return ok; ++} ++ ++static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, ++ const char *value, const CONF *cnf) ++{ ++ int i; ++ STACK_OF(CONF_VALUE) *ecmds; ++ int soft = 0; ++ const char *path = NULL; ++ long activate = 0; ++ int ok = 0; ++ ++ name = skip_dot(name); ++ OSSL_TRACE1(CONF, "Configuring provider %s\n", name); ++ /* Value is a section containing PROVIDER commands */ ++ ecmds = NCONF_get_section(cnf, value); ++ ++ if (!ecmds) { ++ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, ++ "section=%s not found", value); ++ return 0; ++ } ++ ++ /* Find the needed data first */ ++ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { ++ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); ++ const char *confname = skip_dot(ecmd->name); ++ const char *confvalue = ecmd->value; ++ ++ OSSL_TRACE2(CONF, "Provider command: %s = %s\n", ++ confname, confvalue); ++ ++ /* First handle some special pseudo confs */ ++ ++ /* Override provider name to use */ ++ if (strcmp(confname, "identity") == 0) ++ name = confvalue; ++ else if (strcmp(confname, "soft_load") == 0) ++ soft = 1; ++ /* Load a dynamic PROVIDER */ ++ else if (strcmp(confname, "module") == 0) ++ path = confvalue; ++ else if (strcmp(confname, "activate") == 0) ++ activate = 1; ++ } ++ ++ if (activate) { ++ ok = provider_conf_activate(libctx, name, value, path, soft, cnf); + } else { + OSSL_PROVIDER_INFO entry; + +@@ -306,6 +318,19 @@ static int provider_conf_init(CONF_IMODU + return 0; + } + ++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ ++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); ++ PROVIDER_CONF_GLOBAL *pcgbl ++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, ++ &provider_conf_ossl_ctx_method); ++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (EVP_default_properties_enable_fips(libctx, 1) != 1) ++ return 0; ++ } ++ + return 1; + } + diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch new file mode 100644 index 0000000..d5debe2 --- /dev/null +++ b/0033-FIPS-embed-hmac.patch @@ -0,0 +1,205 @@ +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test.c openssl-3.0.9-new/providers/fips/self_test.c +--- openssl-3.0.9/providers/fips/self_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test.c 2023-05-31 14:33:13.003114631 +0200 +@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) + } + #endif + ++#define HMAC_LEN 32 ++/* ++ * The __attribute__ ensures we've created the .rodata1 section ++ * static ensures it's zero filled ++*/ ++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; ++ + /* + * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify + * the result matches the expected value. + * Return 1 if verified, or 0 if it fails. + */ ++#ifndef __USE_GNU ++#define __USE_GNU ++#include ++#undef __USE_GNU ++#else ++#include ++#endif ++#include ++ + static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, + unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, +@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI + EVP_MAC *mac = NULL; + EVP_MAC_CTX *ctx = NULL; + OSSL_PARAM params[2], *p = params; ++ Dl_info info; ++ void *extra_info = NULL; ++ struct link_map *lm = NULL; ++ unsigned long paddr; ++ unsigned long off = 0; + + OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); + ++ if (!dladdr1 ((const void *)fips_hmac_container, ++ &info, &extra_info, RTLD_DL_LINKMAP)) ++ goto err; ++ lm = extra_info; ++ paddr = (unsigned long)fips_hmac_container - lm->l_addr; ++ + mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); + if (mac == NULL) + goto err; +@@ -205,13 +232,42 @@ static int verify_integrity(OSSL_CORE_BI + if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) + goto err; + +- while (1) { +- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); ++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); + if (status != 1) + break; + if (!EVP_MAC_update(ctx, buf, bytes_read)) + goto err; ++ off += bytes_read; + } ++ ++ if (off + INTEGRITY_BUF_SIZE > paddr) { ++ int delta = paddr - off; ++ status = read_ex_cb(bio, buf, delta, &bytes_read); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ memset(buf, 0, HMAC_LEN); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ while (bytes_read > 0) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) + goto err; + +@@ -285,8 +341,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + CRYPTO_THREAD_unlock(fips_state_lock); + } + +- if (st == NULL +- || st->module_checksum_data == NULL) { ++ if (st == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); + goto end; + } +@@ -295,8 +350,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + if (ev == NULL) + goto end; + +- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, +- &checksum_len); ++ module_checksum = fips_hmac_container; ++ checksum_len = sizeof(fips_hmac_container); ++ + if (module_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); + goto end; +@@ -358,7 +414,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + ok = 1; + end: + OSSL_SELF_TEST_free(ev); +- OPENSSL_free(module_checksum); + OPENSSL_free(indicator_checksum); + + if (st != NULL) { +diff -rupN --no-dereference openssl-3.0.9/test/fipsmodule.cnf openssl-3.0.9-new/test/fipsmodule.cnf +--- openssl-3.0.9/test/fipsmodule.cnf 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/test/fipsmodule.cnf 2023-05-31 14:33:13.005114630 +0200 +@@ -0,0 +1,2 @@ ++[fips_sect] ++activate = 1 +diff -rupN --no-dereference openssl-3.0.9/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.9-new/test/recipes/00-prep_fipsmodule_cnf.t +--- openssl-3.0.9/test/recipes/00-prep_fipsmodule_cnf.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/00-prep_fipsmodule_cnf.t 2023-05-31 14:33:13.003114631 +0200 +@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "FIPS module config file only supported in a fips build" + if $no_check; + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.9-new/test/recipes/01-test_fipsmodule_cnf.t +--- openssl-3.0.9/test/recipes/01-test_fipsmodule_cnf.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/01-test_fipsmodule_cnf.t 2023-05-31 14:33:13.003114631 +0200 +@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "Test only supported in a fips build" + if $no_check; + plan tests => 1; +diff -rupN --no-dereference openssl-3.0.9/test/recipes/03-test_fipsinstall.t openssl-3.0.9-new/test/recipes/03-test_fipsinstall.t +--- openssl-3.0.9/test/recipes/03-test_fipsinstall.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/03-test_fipsinstall.t 2023-05-31 14:33:13.004114631 +0200 +@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + use platform; + +-plan skip_all => "Test only supported in a fips build" if disabled("fips"); ++plan skip_all => "Test only supported in a fips build" if 1; + + plan tests => 29; + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_defltfips.t openssl-3.0.9-new/test/recipes/30-test_defltfips.t +--- openssl-3.0.9/test/recipes/30-test_defltfips.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_defltfips.t 2023-05-31 14:33:13.004114631 +0200 +@@ -21,7 +21,7 @@ BEGIN { + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan tests => + ($no_fips ? 1 : 5); +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_new.t openssl-3.0.9-new/test/recipes/80-test_ssl_new.t +--- openssl-3.0.9/test/recipes/80-test_ssl_new.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_ssl_new.t 2023-05-31 14:33:13.004114631 +0200 +@@ -27,7 +27,7 @@ setup("test_ssl_new"); + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/90-test_sslapi.t openssl-3.0.9-new/test/recipes/90-test_sslapi.t +--- openssl-3.0.9/test/recipes/90-test_sslapi.t 2023-05-31 14:33:12.729114748 +0200 ++++ openssl-3.0.9-new/test/recipes/90-test_sslapi.t 2023-05-31 14:33:13.004114631 +0200 +@@ -18,7 +18,7 @@ setup("test_sslapi"); + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch new file mode 100644 index 0000000..cb6a36c --- /dev/null +++ b/0034.fipsinstall_disable.patch @@ -0,0 +1,406 @@ +diff -rupN --no-dereference openssl-3.0.9/apps/fipsinstall.c openssl-3.0.9-new/apps/fipsinstall.c +--- openssl-3.0.9/apps/fipsinstall.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/fipsinstall.c 2023-05-31 14:33:13.267114518 +0200 +@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar + EVP_MAC *mac = NULL; + CONF *conf = NULL; + ++ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); ++ return 1; ++ + if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; + +diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-fipsinstall.pod.in openssl-3.0.9-new/doc/man1/openssl-fipsinstall.pod.in +--- openssl-3.0.9/doc/man1/openssl-fipsinstall.pod.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man1/openssl-fipsinstall.pod.in 2023-05-31 14:33:13.269114517 +0200 +@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi + =head1 SYNOPSIS + + B +-[B<-help>] +-[B<-in> I] +-[B<-out> I] +-[B<-module> I] +-[B<-provider_name> I] +-[B<-section_name> I] +-[B<-verify>] +-[B<-mac_name> I] +-[B<-macopt> I:I] +-[B<-noout>] +-[B<-quiet>] +-[B<-no_conditional_errors>] +-[B<-no_security_checks>] +-[B<-self_test_onload>] +-[B<-corrupt_desc> I] +-[B<-corrupt_type> I] +-[B<-config> I] + + =head1 DESCRIPTION +- +-This command is used to generate a FIPS module configuration file. +-This configuration file can be used each time a FIPS module is loaded +-in order to pass data to the FIPS module self tests. The FIPS module always +-verifies its MAC, but optionally only needs to run the KAT's once, +-at installation. +- +-The generated configuration file consists of: +- +-=over 4 +- +-=item - A MAC of the FIPS module file. +- +-=item - A test status indicator. +- +-This indicates if the Known Answer Self Tests (KAT's) have successfully run. +- +-=item - A MAC of the status indicator. +- +-=item - A control for conditional self tests errors. +- +-By default if a continuous test (e.g a key pair test) fails then the FIPS module +-will enter an error state, and no services or cryptographic algorithms will be +-able to be accessed after this point. +-The default value of '1' will cause the fips module error state to be entered. +-If the value is '0' then the module error state will not be entered. +-Regardless of whether the error state is entered or not, the current operation +-(e.g. key generation) will return an error. The user is responsible for retrying +-the operation if the module error state is not entered. +- +-=item - A control to indicate whether run-time security checks are done. +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-The default value of '1' will perform the checks. +-If the value is '0' the checks are not performed and FIPS compliance must +-be done by procedures documented in the relevant Security Policy. +- +-=back +- +-This file is described in L. +- +-=head1 OPTIONS +- +-=over 4 +- +-=item B<-help> +- +-Print a usage message. +- +-=item B<-module> I +- +-Filename of the FIPS module to perform an integrity check on. +-The path provided in the filename is used to load the module when it is +-activated, and this overrides the environment variable B. +- +-=item B<-out> I +- +-Filename to output the configuration data to; the default is standard output. +- +-=item B<-in> I +- +-Input filename to load configuration data from. +-Must be used if the B<-verify> option is specified. +- +-=item B<-verify> +- +-Verify that the input configuration file contains the correct information. +- +-=item B<-provider_name> I +- +-Name of the provider inside the configuration file. +-The default value is C. +- +-=item B<-section_name> I +- +-Name of the section inside the configuration file. +-The default value is C. +- +-=item B<-mac_name> I +- +-Specifies the name of a supported MAC algorithm which will be used. +-The MAC mechanisms that are available will depend on the options +-used when building OpenSSL. +-To see the list of supported MAC's use the command +-C. The default is B. +- +-=item B<-macopt> I:I +- +-Passes options to the MAC algorithm. +-A comprehensive list of controls can be found in the EVP_MAC implementation +-documentation. +-Common control strings used for this command are: +- +-=over 4 +- +-=item B:I +- +-Specifies the MAC key as an alphanumeric string (use if the key contains +-printable characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Specifies the MAC key in hexadecimal form (two hex digits per byte). +-The key length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Used by HMAC as an alphanumeric string (use if the key contains printable +-characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-To see the list of supported digests, use the command +-C. +-The default digest is SHA-256. +- +-=back +- +-=item B<-noout> +- +-Disable logging of the self tests. +- +-=item B<-no_conditional_errors> +- +-Configure the module to not enter an error state if a conditional self test +-fails as described above. +- +-=item B<-no_security_checks> +- +-Configure the module to not perform run-time security checks as described above. +- +-=item B<-self_test_onload> +- +-Do not write the two fields related to the "test status indicator" and +-"MAC status indicator" to the output configuration file. Without these fields +-the self tests KATS will run each time the module is loaded. This option could be +-used for cross compiling, since the self tests need to run at least once on each +-target machine. Once the self tests have run on the target machine the user +-could possibly then add the 2 fields into the configuration using some other +-mechanism. +- +-=item B<-quiet> +- +-Do not output pass/fail messages. Implies B<-noout>. +- +-=item B<-corrupt_desc> I, +-B<-corrupt_type> I +- +-The corrupt options can be used to test failure of one or more self tests by +-name. +-Either option or both may be used to select the tests to corrupt. +-Refer to the entries for B and B in L for +-values that can be used. +- +-=item B<-config> I +- +-Test that a FIPS provider can be loaded from the specified configuration file. +-A previous call to this application needs to generate the extra configuration +-data that is included by the base C configuration file. +-See L for further information on how to set up a provider section. +-All other options are ignored if '-config' is used. +- +-=back +- +-=head1 NOTES +- +-Self tests results are logged by default if the options B<-quiet> and B<-noout> +-are not specified, or if either of the options B<-corrupt_desc> or +-B<-corrupt_type> are used. +-If the base configuration file is set up to autoload the fips module, then the +-fips module will be loaded and self tested BEFORE the fipsinstall application +-has a chance to set up its own self test callback. As a result of this the self +-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored. +-For normal usage the base configuration file should use the default provider +-when generating the fips configuration file. +- +-=head1 EXAMPLES +- +-Calculate the mac of a FIPS module F and run a FIPS self test +-for the module, and save the F configuration file: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips +- +-Verify that the configuration file F contains the correct info: +- +- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify +- +-Corrupt any self tests which have the description C: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ +- -corrupt_desc 'SHA1' +- +-Validate that the fips module can be loaded from a base configuration file: +- +- export OPENSSL_CONF_INCLUDE= +- export OPENSSL_MODULES= +- openssl fipsinstall -config' 'default.cnf' +- +- +-=head1 SEE ALSO +- +-L, +-L, +-L, +-L ++This command is disabled. ++Please consult Red Hat Enterprise Linux documentation to learn how to correctly ++enable FIPS mode on Red Hat Enterprise + + =head1 COPYRIGHT + +diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl.pod openssl-3.0.9-new/doc/man1/openssl.pod +--- openssl-3.0.9/doc/man1/openssl.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man1/openssl.pod 2023-05-31 14:33:13.267114518 +0200 +@@ -135,10 +135,6 @@ Engine (loadable module) information and + + Error Number to Error String Conversion. + +-=item B +- +-FIPS configuration installation. +- + =item B + + Generation of DSA Private Key from Parameters. Superseded by +diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod +--- openssl-3.0.9/doc/man5/config.pod 2023-05-31 14:33:12.476114856 +0200 ++++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:13.268114517 +0200 +@@ -573,7 +573,6 @@ configuration files using that syntax wi + =head1 SEE ALSO + + L, L, L, +-L, + L, + L, + L, +diff -rupN --no-dereference openssl-3.0.9/doc/man5/fips_config.pod openssl-3.0.9-new/doc/man5/fips_config.pod +--- openssl-3.0.9/doc/man5/fips_config.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man5/fips_config.pod 2023-05-31 14:33:13.268114517 +0200 +@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration + + =head1 DESCRIPTION + +-A separate configuration file, using the OpenSSL L syntax, +-is used to hold information about the FIPS module. This includes a digest +-of the shared library file, and status about the self-testing. +-This data is used automatically by the module itself for two +-purposes: +- +-=over 4 +- +-=item - Run the startup FIPS self-test known answer tests (KATS). +- +-This is normally done once, at installation time, but may also be set up to +-run each time the module is used. +- +-=item - Verify the module's checksum. +- +-This is done each time the module is used. +- +-=back +- +-This file is generated by the L program, and +-used internally by the FIPS module during its initialization. +- +-The following options are supported. They should all appear in a section +-whose name is identified by the B option in the B +-section, as described in L. +- +-=over 4 +- +-=item B +- +-If present, the module is activated. The value assigned to this name is not +-significant. +- +-=item B +- +-A version number for the fips install process. Should be 1. +- +-=item B +- +-The FIPS module normally enters an internal error mode if any self test fails. +-Once this error mode is active, no services or cryptographic algorithms are +-accessible from this point on. +-Continuous tests are a subset of the self tests (e.g., a key pair test during key +-generation, or the CRNG output test). +-Setting this value to C<0> allows the error mode to not be triggered if any +-continuous test fails. The default value of C<1> will trigger the error mode. +-Regardless of the value, the operation (e.g., key generation) that called the +-continuous test will return an error code if its continuous test fails. The +-operation may then be retried if the error mode has not been triggered. +- +-=item B +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-A value of '1' will perform the checks, otherwise if the value is '0' the checks +-are not performed and FIPS compliance must be done by procedures documented in +-the relevant Security Policy. +- +-=item B +- +-The calculated MAC of the FIPS provider file. +- +-=item B +- +-An indicator that the self-tests were successfully run. +-This should only be written after the module has +-successfully passed its self tests during installation. +-If this field is not present, then the self tests will run when the module +-loads. +- +-=item B +- +-A MAC of the value of the B option, to prevent accidental +-changes to that value. +-It is written-to at the same time as B is updated. +- +-=back +- +-For example: +- +- [fips_sect] +- activate = 1 +- install-version = 1 +- conditional-errors = 1 +- security-checks = 1 +- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +- install-status = INSTALL_SELF_TEST_KATS_RUN +- +-=head1 NOTES +- +-When using the FIPS provider, it is recommended that the +-B option is enabled to prevent accidental use of +-non-FIPS validated algorithms via broken or mistaken configuration. +-See L. +- +-=head1 SEE ALSO +- +-L +-L ++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is ++automatically loaded when the system is booted in FIPS mode, or when the ++environment variable B is set. See the documentation ++for more information. + + =head1 HISTORY + +diff -rupN --no-dereference openssl-3.0.9/doc/man7/OSSL_PROVIDER-FIPS.pod openssl-3.0.9-new/doc/man7/OSSL_PROVIDER-FIPS.pod +--- openssl-3.0.9/doc/man7/OSSL_PROVIDER-FIPS.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man7/OSSL_PROVIDER-FIPS.pod 2023-05-31 14:33:13.268114517 +0200 +@@ -410,7 +410,6 @@ A simple self test callback is shown bel + + =head1 SEE ALSO + +-L, + L, + L, + L, diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch new file mode 100644 index 0000000..4c49fbc --- /dev/null +++ b/0035-speed-skip-unavailable-dgst.patch @@ -0,0 +1,13 @@ +diff -rupN --no-dereference openssl-3.0.9/apps/speed.c openssl-3.0.9-new/apps/speed.c +--- openssl-3.0.9/apps/speed.c 2023-05-31 14:33:11.679115195 +0200 ++++ openssl-3.0.9-new/apps/speed.c 2023-05-31 14:33:13.533114404 +0200 +@@ -591,6 +591,9 @@ static int EVP_MAC_loop(int algindex, vo + for (count = 0; COND(c[algindex][testnum]); count++) { + size_t outl; + ++ if (mctx == NULL) ++ return -1; ++ + if (!EVP_MAC_init(mctx, NULL, 0, NULL) + || !EVP_MAC_update(mctx, buf, lengths[testnum]) + || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch new file mode 100644 index 0000000..0f0a7b2 --- /dev/null +++ b/0044-FIPS-140-3-keychecks.patch @@ -0,0 +1,186 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/dh/dh_key.c openssl-3.0.9-new/crypto/dh/dh_key.c +--- openssl-3.0.9/crypto/dh/dh_key.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/dh/dh_key.c 2023-05-31 14:33:13.795114292 +0200 +@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k + BN_MONT_CTX *mont = NULL; + BIGNUM *z = NULL, *pminus1; + int ret = -1; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k + return 0; + } + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ return 0; ++ } ++#endif ++ + ctx = BN_CTX_new_ex(dh->libctx); + if (ctx == NULL) + goto err; +@@ -262,6 +272,9 @@ static int generate_key(DH *dh) + #endif + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -354,8 +367,23 @@ static int generate_key(DH *dh) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) + goto err; + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->pub_key = pub_key; + dh->priv_key = priv_key; ++#ifdef FIPS_MODULE ++ if (ossl_dh_check_pairwise(dh) <= 0) { ++ dh->pub_key = dh->priv_key = NULL; ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->dirty_cnt++; + ok = 1; + err: +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_key.c openssl-3.0.9-new/crypto/ec/ec_key.c +--- openssl-3.0.9/crypto/ec/ec_key.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_key.c 2023-05-31 14:33:13.796114291 +0200 +@@ -333,6 +333,11 @@ static int ec_generate_key(EC_KEY *eckey + + OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); + ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); ++ ++#ifdef FIPS_MODULE ++ ok &= ossl_ec_key_public_check(eckey, ctx); ++ ok &= ossl_ec_key_pairwise_check(eckey, ctx); ++#endif /* FIPS_MODULE */ + } + err: + /* Step (9): If there is an error return an invalid keypair. */ +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_gen.c openssl-3.0.9-new/crypto/rsa/rsa_gen.c +--- openssl-3.0.9/crypto/rsa/rsa_gen.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_gen.c 2023-05-31 14:33:13.797114291 +0200 +@@ -23,6 +23,7 @@ + #include + #include "internal/cryptlib.h" + #include ++#include + #include + #include "prov/providercommon.h" + #include "rsa_local.h" +@@ -478,52 +479,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc + static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) + { + int ret = 0; +- unsigned int ciphertxt_len; +- unsigned char *ciphertxt = NULL; +- const unsigned char plaintxt[16] = {0}; +- unsigned char *decoded = NULL; +- unsigned int decoded_len; +- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len); +- int padding = RSA_PKCS1_PADDING; ++ unsigned int signature_len; ++ unsigned char *signature = NULL; + OSSL_SELF_TEST *st = NULL; ++ static const unsigned char dgst[] = { ++ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, ++ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, ++ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 ++ }; + + st = OSSL_SELF_TEST_new(cb, cbarg); + if (st == NULL) + goto err; + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, ++ /* No special name for RSA signature PCT*/ + OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); + +- ciphertxt_len = RSA_size(rsa); +- /* +- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' +- * parameter to be a maximum of RSA_size() - allocate space for both. +- */ +- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); +- if (ciphertxt == NULL) ++ signature_len = RSA_size(rsa); ++ signature = OPENSSL_zalloc(signature_len); ++ if (signature == NULL) + goto err; +- decoded = ciphertxt + ciphertxt_len; + +- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa, +- padding); +- if (ciphertxt_len <= 0) ++ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0) + goto err; +- if (ciphertxt_len == plaintxt_len +- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0) ++ ++ if (signature_len <= 0) + goto err; + +- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt); ++ OSSL_SELF_TEST_oncorrupt_byte(st, signature); + +- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa, +- padding); +- if (decoded_len != plaintxt_len +- || memcmp(decoded, plaintxt, decoded_len) != 0) ++ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0) + goto err; + + ret = 1; + err: + OSSL_SELF_TEST_onend(st, ret); + OSSL_SELF_TEST_free(st); +- OPENSSL_free(ciphertxt); ++ OPENSSL_free(signature); + + return ret; + } +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/exchange/ecdh_exch.c openssl-3.0.9-new/providers/implementations/exchange/ecdh_exch.c +--- openssl-3.0.9/providers/implementations/exchange/ecdh_exch.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/exchange/ecdh_exch.c 2023-05-31 14:33:13.796114291 +0200 +@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u + } + + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); ++#ifdef FIPS_MODULE ++ { ++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); ++ int check = 0; ++ ++ if (bn_ctx == NULL) { ++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); ++ BN_CTX_free(bn_ctx); ++ ++ if (check <= 0) { ++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); ++ goto end; ++ } ++ } ++#endif + + retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); + diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch new file mode 100644 index 0000000..c87ea95 --- /dev/null +++ b/0045-FIPS-services-minimize.patch @@ -0,0 +1,718 @@ +diff -rupN --no-dereference openssl-3.0.9/apps/ecparam.c openssl-3.0.9-new/apps/ecparam.c +--- openssl-3.0.9/apps/ecparam.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/ecparam.c 2023-05-31 14:33:14.081114169 +0200 +@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out) + const char *comment = curves[n].comment; + const char *sname = OBJ_nid2sn(curves[n].nid); + ++ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL)) ++ continue; ++ + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) +diff -rupN --no-dereference openssl-3.0.9/apps/req.c openssl-3.0.9-new/apps/req.c +--- openssl-3.0.9/apps/req.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/apps/req.c 2023-05-31 14:33:14.081114169 +0200 +@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) + unsigned long chtype = MBSTRING_ASC, reqflag = 0; + + #ifndef OPENSSL_NO_DES +- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); ++ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); + #endif + + prog = opt_init(argc, argv, req_options); +diff -rupN --no-dereference openssl-3.0.9/providers/common/capabilities.c openssl-3.0.9-new/providers/common/capabilities.c +--- openssl-3.0.9/providers/common/capabilities.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/common/capabilities.c 2023-05-31 14:33:14.074114172 +0200 +@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list + TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), + TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), + TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), +-# endif + TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), + TLS_GROUP_ENTRY("x448", "X448", "X448", 29), ++# endif + # endif /* OPENSSL_NO_EC */ + # ifndef OPENSSL_NO_DH + /* Security bit values for FFDHE groups are as per RFC 7919 */ +diff -rupN --no-dereference openssl-3.0.9/providers/fips/fipsprov.c openssl-3.0.9-new/providers/fips/fipsprov.c +--- openssl-3.0.9/providers/fips/fipsprov.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/fips/fipsprov.c 2023-05-31 14:33:14.075114172 +0200 +@@ -38,7 +38,6 @@ static OSSL_FUNC_provider_query_operatio + + #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } + #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) +- + extern OSSL_FUNC_core_thread_start_fn *c_thread_start; + int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); + +@@ -175,13 +174,13 @@ static int fips_get_params(void *provctx + &fips_prov_ossl_ctx_method); + + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider")) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); + if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) +@@ -265,10 +264,11 @@ static const OSSL_ALGORITHM fips_digests + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KMAC128 and KMAC256. + */ +- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, ++ /* We don't certify KECCAK in our FIPS provider */ ++ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, + ossl_keccak_kmac_128_functions }, + { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, +- ossl_keccak_kmac_256_functions }, ++ ossl_keccak_kmac_256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -327,8 +327,9 @@ static const OSSL_ALGORITHM_CAPABLE fips + ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, + ossl_cipher_capable_aes_cbc_hmac_sha256), + #ifndef OPENSSL_NO_DES +- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), +- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), ++ /* We don't certify 3DES in our FIPS provider */ ++ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), ++ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ + #endif /* OPENSSL_NO_DES */ + { { NULL, NULL, NULL }, NULL } + }; +@@ -340,8 +341,9 @@ static const OSSL_ALGORITHM fips_macs[] + #endif + { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, +- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, +- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, ++ /* We don't certify KMAC in our FIPS provider */ ++ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, ++ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -376,8 +378,9 @@ static const OSSL_ALGORITHM fips_keyexch + #endif + #ifndef OPENSSL_NO_EC + { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, +- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, +- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, ++ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/ + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, + ossl_kdf_tls1_prf_keyexch_functions }, +@@ -387,12 +390,14 @@ static const OSSL_ALGORITHM fips_keyexch + + static const OSSL_ALGORITHM fips_signature[] = { + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + #ifndef OPENSSL_NO_EC +- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, ++ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */ + { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + #endif + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, +@@ -422,8 +427,9 @@ static const OSSL_ALGORITHM fips_keymgmt + PROV_DESCS_DHX }, + #endif + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, +- PROV_DESCS_DSA }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, ++ PROV_DESCS_DSA }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, + PROV_DESCS_RSA }, +@@ -432,14 +438,15 @@ static const OSSL_ALGORITHM fips_keymgmt + #ifndef OPENSSL_NO_EC + { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, + PROV_DESCS_EC }, +- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, + PROV_DESCS_X25519 }, + { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, + PROV_DESCS_X448 }, + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, + PROV_DESCS_ED25519 }, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, +- PROV_DESCS_ED448 }, ++ PROV_DESCS_ED448 }, */ + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, + PROV_DESCS_TLS1_PRF_SIGN }, +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc +--- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:14.075114172 +0200 +@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest + /*- CIPHER TEST DATA */ + + /* DES3 test data */ ++#if 0 + static const unsigned char des_ede3_cbc_pt[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, +@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_ + 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, + 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 + }; +- ++#endif + /* AES-256 GCM test data */ + static const unsigned char aes_256_gcm_key[] = { + 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, +@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c + }; + + static const ST_KAT_CIPHER st_kat_cipher_tests[] = { ++#if 0 + #ifndef OPENSSL_NO_DES + { + { +@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher + ITM(des_ede3_cbc_iv), + }, + #endif ++#endif + { + { + OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, +@@ -1430,8 +1433,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ + # endif /* OPENSSL_NO_EC2M */ + #endif /* OPENSSL_NO_EC */ + +-#ifndef OPENSSL_NO_DSA + /* dsa 2048 */ ++#if 0 ++#ifndef OPENSSL_NO_DSA + static const unsigned char dsa_p[] = { + 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, + 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, +@@ -1555,8 +1559,8 @@ static const ST_KAT_PARAM dsa_key[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), + ST_KAT_PARAM_END() + }; +-#endif /* OPENSSL_NO_DSA */ +- ++#endif ++#endif + static const ST_KAT_SIGN st_kat_sign_tests[] = { + { + OSSL_SELF_TEST_DESC_SIGN_RSA, +@@ -1589,6 +1593,7 @@ static const ST_KAT_SIGN st_kat_sign_tes + }, + # endif + #endif /* OPENSSL_NO_EC */ ++#if 0 + #ifndef OPENSSL_NO_DSA + { + OSSL_SELF_TEST_DESC_SIGN_DSA, +@@ -1601,6 +1606,7 @@ static const ST_KAT_SIGN st_kat_sign_tes + */ + }, + #endif /* OPENSSL_NO_DSA */ ++#endif + }; + + static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/rsa_sig.c openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/rsa_sig.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.082114169 +0200 +@@ -763,6 +763,19 @@ static int rsa_verify(void *vprsactx, co + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t rslen; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +diff -rupN --no-dereference openssl-3.0.9/ssl/ssl_ciph.c openssl-3.0.9-new/ssl/ssl_ciph.c +--- openssl-3.0.9/ssl/ssl_ciph.c 2023-05-31 14:33:10.575115664 +0200 ++++ openssl-3.0.9-new/ssl/ssl_ciph.c 2023-05-31 14:33:14.081114169 +0200 +@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) + ctx->disabled_mkey_mask = 0; + ctx->disabled_auth_mask = 0; + ++ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) ++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; ++ + /* + * We ignore any errors from the fetches below. They are expected to fail + * if theose algorithms are not available. +diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.c openssl-3.0.9-new/test/acvp_test.c +--- openssl-3.0.9/test/acvp_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/acvp_test.c 2023-05-31 14:33:14.076114171 +0200 +@@ -1476,6 +1476,7 @@ int setup_tests(void) + OSSL_NELEM(dh_safe_prime_keyver_data)); + #endif /* OPENSSL_NO_DH */ + ++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ + #ifndef OPENSSL_NO_DSA + ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); + ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); +@@ -1483,6 +1484,7 @@ int setup_tests(void) + ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); + ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); + #endif /* OPENSSL_NO_DSA */ ++#endif + + #ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); +diff -rupN --no-dereference openssl-3.0.9/test/endecode_test.c openssl-3.0.9-new/test/endecode_test.c +--- openssl-3.0.9/test/endecode_test.c 2023-05-31 14:33:11.957115077 +0200 ++++ openssl-3.0.9-new/test/endecode_test.c 2023-05-31 14:33:14.080114169 +0200 +@@ -1393,6 +1393,7 @@ int setup_tests(void) + * so no legacy tests. + */ + #endif ++ if (is_fips == 0) { + #ifndef OPENSSL_NO_DSA + ADD_TEST_SUITE(DSA); + ADD_TEST_SUITE_PARAMS(DSA); +@@ -1403,6 +1404,7 @@ int setup_tests(void) + ADD_TEST_SUITE_PROTECTED_PVK(DSA); + # endif + #endif ++ } + #ifndef OPENSSL_NO_EC + ADD_TEST_SUITE(EC); + ADD_TEST_SUITE_PARAMS(EC); +@@ -1417,10 +1419,12 @@ int setup_tests(void) + ADD_TEST_SUITE(ECExplicitTri2G); + ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); + # endif ++ if (is_fips == 0) { + ADD_TEST_SUITE(ED25519); + ADD_TEST_SUITE(ED448); + ADD_TEST_SUITE(X25519); + ADD_TEST_SUITE(X448); ++ } + /* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. +diff -rupN --no-dereference openssl-3.0.9/test/evp_libctx_test.c openssl-3.0.9-new/test/evp_libctx_test.c +--- openssl-3.0.9/test/evp_libctx_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/evp_libctx_test.c 2023-05-31 14:33:14.077114171 +0200 +@@ -21,6 +21,7 @@ + */ + #include "internal/deprecated.h" + #include ++#include + #include + #include + #include +@@ -726,7 +727,9 @@ int setup_tests(void) + return 0; + + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) +- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); ++ } + #endif + #ifndef OPENSSL_NO_DH + ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); +@@ -746,7 +749,9 @@ int setup_tests(void) + ADD_TEST(kem_invalid_keytype); + #endif + #ifndef OPENSSL_NO_DES +- ADD_TEST(test_cipher_tdes_randkey); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_TEST(test_cipher_tdes_randkey); ++ } + #endif + return 1; + } +diff -rupN --no-dereference openssl-3.0.9/test/recipes/15-test_gendsa.t openssl-3.0.9-new/test/recipes/15-test_gendsa.t +--- openssl-3.0.9/test/recipes/15-test_gendsa.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/15-test_gendsa.t 2023-05-31 14:33:14.077114171 +0200 +@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); + plan skip_all => "This test is unsupported in a no-dsa build" + if disabled("dsa"); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; + + plan tests => + ($no_fips ? 0 : 2) # FIPS related tests +diff -rupN --no-dereference openssl-3.0.9/test/recipes/20-test_cli_fips.t openssl-3.0.9-new/test/recipes/20-test_cli_fips.t +--- openssl-3.0.9/test/recipes/20-test_cli_fips.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/20-test_cli_fips.t 2023-05-31 14:33:14.077114171 +0200 +@@ -273,8 +273,7 @@ SKIP: { + } + + SKIP : { +- skip "FIPS DSA tests because of no dsa in this build", 1 +- if disabled("dsa"); ++ skip "FIPS DSA tests because of no dsa in this build", 1; + + subtest DSA => sub { + my $testtext_prefix = 'DSA'; +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evpmac_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evpmac_common.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evpmac_common.txt 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evpmac_common.txt 2023-05-31 14:33:14.079114170 +0200 +@@ -327,6 +327,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100 + Output = 00BDA1B7E87608BCBF470F12157F4C07 + + ++Availablein = default + Title = KMAC Tests (From NIST) + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +@@ -337,12 +338,14 @@ Ctrl = xof:0 + OutputSize = 32 + BlockSize = 168 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Custom = "My Tagged Application" + Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -350,6 +353,7 @@ Custom = "My Tagged Application" + Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -358,12 +362,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6 + OutputSize = 64 + BlockSize = 136 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 + Custom = "" + Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -373,12 +379,14 @@ Ctrl = size:64 + + Title = KMAC XOF Tests (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -386,6 +394,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -394,6 +403,7 @@ Output = 47026C7CD793084AA0283C253EF6584 + XOF = 1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -401,6 +411,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -408,6 +419,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -418,6 +430,7 @@ XOF = 1 + + Title = KMAC long customisation string (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -428,12 +441,14 @@ XOF = 1 + + Title = KMAC XOF Tests via ctrl (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -441,6 +456,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -449,6 +465,7 @@ Output = 47026C7CD793084AA0283C253EF6584 + Ctrl = xof:1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -456,6 +473,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -463,6 +481,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -473,6 +492,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string via ctrl (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -483,6 +503,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string negative test + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -491,6 +512,7 @@ Result = MAC_INIT_ERROR + + Title = KMAC output is too large + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t +--- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 14:33:14.078114170 +0200 +@@ -42,7 +42,6 @@ my @files = qw( + evpciph_aes_cts.txt + evpciph_aes_wrap.txt + evpciph_aes_stitched.txt +- evpciph_des3_common.txt + evpkdf_hkdf.txt + evpkdf_pbkdf1.txt + evpkdf_pbkdf2.txt +@@ -64,12 +63,6 @@ push @files, qw( + evppkey_dh.txt + ) unless $no_dh; + push @files, qw( +- evpkdf_x942_des.txt +- evpmac_cmac_des.txt +- ) unless $no_des; +-push @files, qw(evppkey_dsa.txt) unless $no_dsa; +-push @files, qw(evppkey_ecx.txt) unless $no_ec; +-push @files, qw( + evppkey_ecc.txt + evppkey_ecdh.txt + evppkey_ecdsa.txt +@@ -89,6 +82,7 @@ my @defltfiles = qw( + evpciph_cast5.txt + evpciph_chacha.txt + evpciph_des.txt ++ evpciph_des3_common.txt + evpciph_idea.txt + evpciph_rc2.txt + evpciph_rc4.txt +@@ -116,6 +110,12 @@ my @defltfiles = qw( + evppkey_kdf_tls1_prf.txt + evppkey_rsa.txt + ); ++push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa; ++push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec; ++push @defltfiles, qw( ++ evpkdf_x942_des.txt ++ evpmac_cmac_des.txt ++ ) unless $no_des; + push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_cms.t openssl-3.0.9-new/test/recipes/80-test_cms.t +--- openssl-3.0.9/test/recipes/80-test_cms.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_cms.t 2023-05-31 14:33:14.078114170 +0200 +@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content DER format, DSA key", ++ [ "signed content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, DSA key", ++ [ "signed detached content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, add RSA signer (with DSA existing)", ++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", +@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, DSA key", ++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], +@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = ( + \&zero_compare + ], + +- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( + + my @smime_cms_tests = ( + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", $smrsa1, +@@ -261,7 +261,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -371,7 +371,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "encrypted content test streaming PEM format, triple DES key", ++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_old.t openssl-3.0.9-new/test/recipes/80-test_ssl_old.t +--- openssl-3.0.9/test/recipes/80-test_ssl_old.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:14.080114169 +0200 +@@ -436,7 +436,7 @@ sub testssl { + my @exkeys = (); + my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; + +- if (!$no_dsa) { ++ if (!$no_dsa && $provider ne "fips") { + push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; + } + diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch new file mode 100644 index 0000000..546b030 --- /dev/null +++ b/0047-FIPS-early-KATS.patch @@ -0,0 +1,39 @@ +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test.c openssl-3.0.9-new/providers/fips/self_test.c +--- openssl-3.0.9/providers/fips/self_test.c 2023-05-31 14:33:13.261114521 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test.c 2023-05-31 14:33:14.360114049 +0200 +@@ -350,6 +350,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + if (ev == NULL) + goto end; + ++ /* ++ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements ++ */ ++ if (kats_already_passed == 0) { ++ if (!SELF_TEST_kats(ev, st->libctx)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); ++ goto end; ++ } ++ } ++ + module_checksum = fips_hmac_container; + checksum_len = sizeof(fips_hmac_container); + +@@ -399,18 +409,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + kats_already_passed = 1; + } + } +- +- /* +- * Only runs the KAT's during installation OR on_demand(). +- * NOTE: If the installation option 'self_test_onload' is chosen then this +- * path will always be run, since kats_already_passed will always be 0. +- */ +- if (on_demand_test || kats_already_passed == 0) { +- if (!SELF_TEST_kats(ev, st->libctx)) { +- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); +- goto end; +- } +- } + ok = 1; + end: + OSSL_SELF_TEST_free(ev); diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch new file mode 100644 index 0000000..063b93b --- /dev/null +++ b/0049-Allow-disabling-of-SHA1-signatures.patch @@ -0,0 +1,430 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/evp_cnf.c openssl-3.0.9-new/crypto/evp/evp_cnf.c +--- openssl-3.0.9/crypto/evp/evp_cnf.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/evp/evp_cnf.c 2023-05-31 14:33:14.632113932 +0200 +@@ -10,6 +10,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/sslconf.h" + #include + #include + #include +@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE + ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } ++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { ++ int m; ++ ++ /* Detailed error already reported. */ ++ if (!X509V3_get_value_bool(oval, &m)) ++ return 0; ++ ++ if (!ossl_ctx_legacy_digest_signatures_allowed_set( ++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); ++ return 0; ++ } + } else { + ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, + "name=%s, value=%s", oval->name, oval->value); +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/m_sigver.c openssl-3.0.9-new/crypto/evp/m_sigver.c +--- openssl-3.0.9/crypto/evp/m_sigver.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/evp/m_sigver.c 2023-05-31 14:33:14.632113932 +0200 +@@ -16,6 +16,79 @@ + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" + ++typedef struct ossl_legacy_digest_signatures_st { ++ int allowed; ++} OSSL_LEGACY_DIGEST_SIGNATURES; ++ ++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; ++ ++ if (ldsigs != NULL) { ++ OPENSSL_free(ldsigs); ++ } ++} ++ ++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ ldsigs->allowed = 1; ++ return ldsigs; ++} ++ ++static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { ++ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, ++ ossl_ctx_legacy_digest_signatures_new, ++ ossl_ctx_legacy_digest_signatures_free, ++}; ++ ++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( ++ OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++#ifndef FIPS_MODULE ++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) ++ return NULL; ++#endif ++ ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, ++ &ossl_ctx_legacy_digest_signatures_method); ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++#ifndef FIPS_MODULE ++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) ++ /* used in tests */ ++ return 1; ++#endif ++ ++ /* Warning: This patch differs from the same patch in CentOS and RHEL here, ++ * because the default on Fedora is to allow SHA-1 and support disabling ++ * it, while CentOS/RHEL disable it by default and allow enabling it. */ ++ return ldsigs != NULL ? ldsigs->allowed : 1; ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++ if (ldsigs == NULL) { ++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ ldsigs->allowed = allow; ++ return 1; ++} ++ + #ifndef FIPS_MODULE + + static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) +@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ct + } + } + ++ if (ctx->reqdigest != NULL ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(ctx->reqdigest); ++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) ++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ goto err; ++ } ++ } ++ + if (ver) { + if (signature->digest_verify_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/pmeth_lib.c openssl-3.0.9-new/crypto/evp/pmeth_lib.c +--- openssl-3.0.9/crypto/evp/pmeth_lib.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/evp/pmeth_lib.c 2023-05-31 14:33:14.632113932 +0200 +@@ -33,6 +33,7 @@ + #include "internal/ffc.h" + #include "internal/numbers.h" + #include "internal/provider.h" ++#include "internal/sslconf.h" + #include "evp_local.h" + + #ifndef FIPS_MODULE +@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_ + return -2; + } + ++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) ++ && md != NULL ++ && ctx->pkey != NULL ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ return -1; ++ } ++ } ++ + if (fallback) + return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); + +diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod +--- openssl-3.0.9/doc/man5/config.pod 2023-05-31 14:33:13.528114406 +0200 ++++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:14.632113932 +0200 +@@ -304,6 +304,19 @@ Within the algorithm properties section, + The value may be anything that is acceptable as a property query + string for EVP_set_default_properties(). + ++=item B ++ ++The value is a boolean that can be B or B. If the value is not set, ++it behaves as if it was set to B. ++ ++When set to B, any attempt to create or verify a signature with a SHA1 ++digest will fail. To test whether your software will work with future versions ++of OpenSSL, set this option to B. This setting also affects TLS, where ++signature algorithms that use SHA1 as digest will no longer be supported if ++this option is set to B. Because TLS 1.1 or lower use MD5-SHA1 as ++pseudorandom function (PRF) to derive key material, disabling ++B requires the use of TLS 1.2 or newer. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff -rupN --no-dereference openssl-3.0.9/include/internal/cryptlib.h openssl-3.0.9-new/include/internal/cryptlib.h +--- openssl-3.0.9/include/internal/cryptlib.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/internal/cryptlib.h 2023-05-31 14:33:14.633113932 +0200 +@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { + # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 + # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 + # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +-# define OSSL_LIB_CTX_MAX_INDEXES 19 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 ++# define OSSL_LIB_CTX_MAX_INDEXES 20 + + # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 + # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 +diff -rupN --no-dereference openssl-3.0.9/include/internal/sslconf.h openssl-3.0.9-new/include/internal/sslconf.h +--- openssl-3.0.9/include/internal/sslconf.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/internal/sslconf.h 2023-05-31 14:33:14.633113932 +0200 +@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, + void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + ++/* Methods to support disabling all signatures with legacy digests */ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig); + #endif +diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck.c openssl-3.0.9-new/providers/common/securitycheck.c +--- openssl-3.0.9/providers/common/securitycheck.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/common/securitycheck.c 2023-05-31 14:33:14.633113932 +0200 +@@ -19,6 +19,7 @@ + #include + #include + #include "prov/securitycheck.h" ++#include "internal/sslconf.h" + + /* + * FIPS requires a minimum security strength of 112 bits (for encryption or +@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sh + mdnid = -1; /* disallowed by security checks */ + } + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ ++ if (mdnid == NID_sha1 && !sha1_allowed) ++ mdnid = -1; ++#endif ++ + return mdnid; + } + +@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX + if (ossl_securitycheck_enabled(ctx)) + return ossl_digest_get_approved_nid(md) != NID_undef; + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ return 0; ++ } ++#endif ++ + return 1; + } +diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck_default.c openssl-3.0.9-new/providers/common/securitycheck_default.c +--- openssl-3.0.9/providers/common/securitycheck_default.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/common/securitycheck_default.c 2023-05-31 14:33:14.633113932 +0200 +@@ -15,6 +15,7 @@ + #include + #include "prov/securitycheck.h" + #include "internal/nelem.h" ++#include "internal/sslconf.h" + + /* Disable the security checks in the default provider */ + int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_ + } + + int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- ossl_unused int sha1_allowed) ++ int sha1_allowed) + { + int mdnid; ++ int ldsigs_allowed; + + static const OSSL_ITEM name_to_nid[] = { + { NID_md5, OSSL_DIGEST_NAME_MD5 }, +@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL + { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, + }; + +- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); ++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); + if (mdnid == NID_undef) + mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); ++ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) ++ mdnid = -1; + return mdnid; + } +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/dsa_sig.c openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/dsa_sig.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c 2023-05-31 14:33:14.633113932 +0200 +@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ct + mdprops = ctx->propq; + + if (mdname != NULL) { +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + WPACKET pkt; + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, +- sha1_allowed); ++ int md_nid; + size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE ++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, ++ sha1_allowed); + + if (md == NULL || md_nid < 0) { + if (md == NULL) +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c 2023-05-31 14:33:14.634113931 +0200 +@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX + "%s could not be fetched", mdname); + return 0; + } ++#ifdef FIPS_MODULE + sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ sha1_allowed = 0; ++#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/rsa_sig.c openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.352114052 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.634113931 +0200 +@@ -25,6 +25,7 @@ + #include "internal/cryptlib.h" + #include "internal/nelem.h" + #include "internal/sizes.h" ++#include "internal/sslconf.h" + #include "crypto/rsa.h" + #include "prov/providercommon.h" + #include "prov/implementations.h" +@@ -33,6 +34,7 @@ + #include "prov/securitycheck.h" + + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 ++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 + + static OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; +@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ct + + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); ++ int md_nid; ++ size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); +- size_t mdname_len = strlen(mdname); + + if (md == NULL + || md_nid <= 0 +@@ -1363,8 +1370,15 @@ static int rsa_set_ctx_params(void *vprs + prsactx->pad_mode = pad_mode; + + if (prsactx->md == NULL && pmdname == NULL +- && pad_mode == RSA_PKCS1_PSS_PADDING) ++ && pad_mode == RSA_PKCS1_PSS_PADDING) { + pmdname = RSA_DEFAULT_DIGEST_NAME; ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++ } ++#endif ++ } ++ + + if (pmgf1mdname != NULL + && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) +diff -rupN --no-dereference openssl-3.0.9/ssl/t1_lib.c openssl-3.0.9-new/ssl/t1_lib.c +--- openssl-3.0.9/ssl/t1_lib.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/ssl/t1_lib.c 2023-05-31 14:33:14.635113931 +0200 +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" + #include "internal/tlsgroups.h" +@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); + EVP_PKEY *tmpkey = EVP_PKEY_new(); + int ret = 0; ++ int ldsigs_allowed; + + if (cache == NULL || tmpkey == NULL) + goto err; + + ERR_set_mark(); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); + for (i = 0, lu = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + EVP_PKEY_CTX *pctx; +@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + cache[i].enabled = 0; + continue; + } ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && !ldsigs_allowed) { ++ cache[i].enabled = 0; ++ continue; ++ } + + if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { + cache[i].enabled = 0; +diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num +--- openssl-3.0.9/util/libcrypto.num 2023-05-31 14:33:10.577115663 +0200 ++++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 14:33:14.662113919 +0200 +@@ -5430,3 +5430,5 @@ OPENSSL_strncasecmp + OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP + OSSL_CMP_MSG_update_recipNonce 5559 3_0_9 EXIST::FUNCTION:CMP + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch new file mode 100644 index 0000000..df0404c --- /dev/null +++ b/0049-Selectively-disallow-SHA1-signatures.patch @@ -0,0 +1,491 @@ +From f6a2f59574788aadd0ce323ad8ebe4d0c470672e Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Wed, 17 Aug 2022 12:56:29 -0400 +Subject: [PATCH] Selectively disallow SHA1 signatures + +For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is +disabling SHA1 signatures. Introduce a new configuration option in the +alg_section named 'rh-allow-sha1-signatures'. This option defaults to +false. If set to false (or unset), any signature creation or +verification operations that involve SHA1 as digest will fail. + +This also affects TLS, where the signature_algorithms extension of any +ClientHello message sent by OpenSSL will no longer include signatures +with the SHA1 digest if rh-allow-sha1-signatures is false. For servers +that request a client certificate, the same also applies for +CertificateRequest messages sent by them. + +For signatures created using the EVP_PKEY API, this is a best-effort +check that will deny signatures in cases where the digest algorithm is +known. This means, for example, that that following steps will still +work: + + $> openssl dgst -sha1 -binary -out sha1 infile + $> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig + $> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1 + +whereas these will not: + + $> openssl dgst -sha1 -binary -out sha1 infile + $> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1 + $> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1 + +This happens because in the first case, OpenSSL's signature +implementation does not know that it is signing a SHA1 hash (it could be +signing arbitrary data). + +Resolves: rhbz#2031742 + +Signed-off-by: Stephen Gallagher +--- + crypto/evp/evp_cnf.c | 13 ++++ + crypto/evp/m_sigver.c | 77 +++++++++++++++++++ + crypto/evp/pmeth_lib.c | 15 ++++ + doc/man5/config.pod | 11 +++ + include/internal/cryptlib.h | 3 +- + include/internal/sslconf.h | 4 + + providers/common/securitycheck.c | 20 +++++ + providers/common/securitycheck_default.c | 9 ++- + providers/implementations/signature/dsa_sig.c | 11 ++- + .../implementations/signature/ecdsa_sig.c | 4 + + providers/implementations/signature/rsa_sig.c | 20 ++++- + ssl/t1_lib.c | 8 ++ + util/libcrypto.num | 2 + + 13 files changed, 188 insertions(+), 9 deletions(-) + +diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c +index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976a0d02572 100644 +--- a/crypto/evp/evp_cnf.c ++++ b/crypto/evp/evp_cnf.c +@@ -10,6 +10,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/sslconf.h" + #include + #include + #include +@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) + ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } ++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { ++ int m; ++ ++ /* Detailed error already reported. */ ++ if (!X509V3_get_value_bool(oval, &m)) ++ return 0; ++ ++ if (!ossl_ctx_legacy_digest_signatures_allowed_set( ++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); ++ return 0; ++ } + } else { + ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, + "name=%s, value=%s", oval->name, oval->value); +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2ccd5df13 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -16,6 +16,71 @@ + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" + ++typedef struct ossl_legacy_digest_signatures_st { ++ int allowed; ++} OSSL_LEGACY_DIGEST_SIGNATURES; ++ ++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; ++ ++ if (ldsigs != NULL) { ++ OPENSSL_free(ldsigs); ++ } ++} ++ ++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++{ ++ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); ++} ++ ++static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { ++ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, ++ ossl_ctx_legacy_digest_signatures_new, ++ ossl_ctx_legacy_digest_signatures_free, ++}; ++ ++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( ++ OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++#ifndef FIPS_MODULE ++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) ++ return 0; ++#endif ++ ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, ++ &ossl_ctx_legacy_digest_signatures_method); ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++#ifndef FIPS_MODULE ++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) ++ /* used in tests */ ++ return 1; ++#endif ++ ++ return ldsigs != NULL ? ldsigs->allowed : 0; ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++ if (ldsigs == NULL) { ++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ ldsigs->allowed = allow; ++ return 1; ++} ++ + #ifndef FIPS_MODULE + + static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) +@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + } + } + ++ if (ctx->reqdigest != NULL ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(ctx->reqdigest); ++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) ++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ goto err; ++ } ++ } ++ + if (ver) { + if (signature->digest_verify_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425dce100e43 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -33,6 +33,7 @@ + #include "internal/ffc.h" + #include "internal/numbers.h" + #include "internal/provider.h" ++#include "internal/sslconf.h" + #include "evp_local.h" + + #ifndef FIPS_MODULE +@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, + return -2; + } + ++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) ++ && md != NULL ++ && ctx->pkey != NULL ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ return -1; ++ } ++ } ++ + if (fallback) + return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); + +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73ed316341 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning: + The value may be anything that is acceptable as a property query + string for EVP_set_default_properties(). + ++=item B ++ ++The value is a boolean that can be B or B. If the value is not set, ++it behaves as if it was set to B. ++ ++When set to B, any attempt to create or verify a signature with a SHA1 ++digest will fail. For compatibility with older versions of OpenSSL, set this ++option to B. This setting also affects TLS, where signature algorithms ++that use SHA1 as digest will no longer be supported if this option is set to ++B. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 1291299b6e50ea129ba77c85bb0b21b0997e4494..e234341e6afd15f7108c7af453d6f2190c086b04 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { + # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 + # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 + # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +-# define OSSL_LIB_CTX_MAX_INDEXES 19 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 ++# define OSSL_LIB_CTX_MAX_INDEXES 20 + + # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 + # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 +diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h +index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577e895fc8a 100644 +--- a/include/internal/sslconf.h ++++ b/include/internal/sslconf.h +@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); + void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + ++/* Methods to support disabling all signatures with legacy digests */ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig); + #endif +diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c +index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6c7d2fe5b 100644 +--- a/providers/common/securitycheck.c ++++ b/providers/common/securitycheck.c +@@ -19,6 +19,7 @@ + #include + #include + #include "prov/securitycheck.h" ++#include "internal/sslconf.h" + + /* + * FIPS requires a minimum security strength of 112 bits (for encryption or +@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, + mdnid = -1; /* disallowed by security checks */ + } + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ ++ if (mdnid == NID_sha1 && !sha1_allowed) ++ mdnid = -1; ++#endif ++ + return mdnid; + } + +@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) + if (ossl_securitycheck_enabled(ctx)) + return ossl_digest_get_approved_nid(md) != NID_undef; + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ return 0; ++ } ++#endif ++ + return 1; + } +diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c +index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa349c4e91 100644 +--- a/providers/common/securitycheck_default.c ++++ b/providers/common/securitycheck_default.c +@@ -15,6 +15,7 @@ + #include + #include "prov/securitycheck.h" + #include "internal/nelem.h" ++#include "internal/sslconf.h" + + /* Disable the security checks in the default provider */ + int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) + } + + int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- ossl_unused int sha1_allowed) ++ int sha1_allowed) + { + int mdnid; ++ int ldsigs_allowed; + + static const OSSL_ITEM name_to_nid[] = { + { NID_md5, OSSL_DIGEST_NAME_MD5 }, +@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, + { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, + }; + +- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); ++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); + if (mdnid == NID_undef) + mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); ++ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) ++ mdnid = -1; + return mdnid; + } +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c68868f35c7d 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + mdprops = ctx->propq; + + if (mdname != NULL) { +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + WPACKET pkt; + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, +- sha1_allowed); ++ int md_nid; + size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE ++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, ++ sha1_allowed); + + if (md == NULL || md_nid < 0) { + if (md == NULL) +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763e32a19fb 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } ++#ifdef FIPS_MODULE + sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ sha1_allowed = 0; ++#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d5696f678ee7 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -25,6 +25,7 @@ + #include "internal/cryptlib.h" + #include "internal/nelem.h" + #include "internal/sizes.h" ++#include "internal/sslconf.h" + #include "crypto/rsa.h" + #include "prov/providercommon.h" + #include "prov/implementations.h" +@@ -33,6 +34,7 @@ + #include "prov/securitycheck.h" + + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 ++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 + + static OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; +@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); ++ int md_nid; ++ size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); +- size_t mdname_len = strlen(mdname); + + if (md == NULL + || md_nid <= 0 +@@ -1347,8 +1354,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + prsactx->pad_mode = pad_mode; + + if (prsactx->md == NULL && pmdname == NULL +- && pad_mode == RSA_PKCS1_PSS_PADDING) ++ && pad_mode == RSA_PKCS1_PSS_PADDING) { + pmdname = RSA_DEFAULT_DIGEST_NAME; ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++ } ++#endif ++ } ++ + + if (pmgf1mdname != NULL + && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 48a0b7f6e5908e62b433a306c49a3f2ff7e8df76..909e38c2fe88324884a939b583fd7f43d01f3920 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" + #include "internal/tlsgroups.h" +@@ -1150,11 +1151,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); + EVP_PKEY *tmpkey = EVP_PKEY_new(); + int ret = 0; ++ int ldsigs_allowed; + + if (cache == NULL || tmpkey == NULL) + goto err; + + ERR_set_mark(); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); + for (i = 0, lu = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + EVP_PKEY_CTX *pctx; +@@ -1174,6 +1177,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + cache[i].enabled = 0; + continue; + } ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && !ldsigs_allowed) { ++ cache[i].enabled = 0; ++ continue; ++ } + + if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { + cache[i].enabled = 0; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index d94f406606132690d4744e470d98eff377d87699..07ae9a21ec979028eb78feaee4cadb801b790caf 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5428,3 +5428,5 @@ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.37.2 + diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch index c3dc57b..9875f3c 100644 --- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch +++ b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod openssl-3.0.7-hobbled-new/doc/man7/EVP_KDF-KB.pod ---- openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/doc/man7/EVP_KDF-KB.pod 2022-11-28 16:00:19.435839445 +0100 +diff -rupN --no-dereference openssl-3.0.9/doc/man7/EVP_KDF-KB.pod openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod +--- openssl-3.0.9/doc/man7/EVP_KDF-KB.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man7/EVP_KDF-KB.pod 2023-05-31 14:33:14.956113793 +0200 @@ -58,6 +58,13 @@ Set to B<0> to disable use of the option (see SP800-108) that is placed between the Label and Context. The default value of B<1> will be used if unspecified. @@ -15,9 +15,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod openss =back Depending on whether mac is CMAC or HMAC, either digest or cipher is required -diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/core_names.h openssl-3.0.7-hobbled-new/include/openssl/core_names.h ---- openssl-3.0.7-hobbled/include/openssl/core_names.h 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/include/openssl/core_names.h 2022-11-28 16:00:19.435839445 +0100 +diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h +--- openssl-3.0.9/include/openssl/core_names.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:14.957113792 +0200 @@ -217,6 +217,7 @@ extern "C" { #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ @@ -26,9 +26,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/core_names.h o #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/kdfs/kbkdf.c openssl-3.0.7-hobbled-new/providers/implementations/kdfs/kbkdf.c ---- openssl-3.0.7-hobbled/providers/implementations/kdfs/kbkdf.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/providers/implementations/kdfs/kbkdf.c 2022-11-28 16:00:19.436839452 +0100 +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/kbkdf.c openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c +--- openssl-3.0.9/providers/implementations/kdfs/kbkdf.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/kdfs/kbkdf.c 2023-05-31 14:33:14.957113792 +0200 @@ -60,6 +60,7 @@ typedef struct { EVP_MAC_CTX *ctx_init; @@ -122,9 +122,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/kdfs OSSL_PARAM_END, }; return known_settable_ctx_params; -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_kdf_test.c openssl-3.0.7-hobbled-new/test/evp_kdf_test.c ---- openssl-3.0.7-hobbled/test/evp_kdf_test.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/evp_kdf_test.c 2022-11-28 16:00:19.436839452 +0100 +diff -rupN --no-dereference openssl-3.0.9/test/evp_kdf_test.c openssl-3.0.9-new/test/evp_kdf_test.c +--- openssl-3.0.9/test/evp_kdf_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/evp_kdf_test.c 2023-05-31 14:33:14.957113792 +0200 @@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) #endif @@ -240,7 +240,7 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_kdf_test.c openssl-3. */ static int test_kdf_kbkdf_fixedinfo(void) { -@@ -1628,6 +1658,7 @@ int setup_tests(void) +@@ -1636,6 +1666,7 @@ int setup_tests(void) #endif ADD_TEST(test_kdf_kbkdf_invalid_digest); ADD_TEST(test_kdf_kbkdf_invalid_mac); @@ -248,9 +248,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_kdf_test.c openssl-3. ADD_TEST(test_kdf_kbkdf_zero_output_size); ADD_TEST(test_kdf_kbkdf_empty_key); ADD_TEST(test_kdf_kbkdf_1byte_key); -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_test.c openssl-3.0.7-hobbled-new/test/evp_test.c ---- openssl-3.0.7-hobbled/test/evp_test.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/evp_test.c 2022-11-28 16:00:19.437839459 +0100 +diff -rupN --no-dereference openssl-3.0.9/test/evp_test.c openssl-3.0.9-new/test/evp_test.c +--- openssl-3.0.9/test/evp_test.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/evp_test.c 2023-05-31 14:33:14.958113792 +0200 @@ -2761,6 +2761,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV TEST_info("skipping, '%s' is disabled", p); t->skip = 1; @@ -264,9 +264,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_test.c openssl-3.0.7- OPENSSL_free(name); return 1; } -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt ---- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2022-11-28 16:00:19.437839459 +0100 +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2023-05-31 14:33:14.959113791 +0200 @@ -0,0 +1,1843 @@ +# +# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. @@ -2111,12 +2111,12 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/ +Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f +Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 + -diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp.t openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t ---- openssl-3.0.7-hobbled/test/recipes/30-test_evp.t 2022-11-28 16:00:18.964836038 +0100 -+++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t 2022-11-28 16:00:19.438839466 +0100 -@@ -45,6 +45,7 @@ my @files = qw( +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp.t openssl-3.0.9-new/test/recipes/30-test_evp.t +--- openssl-3.0.9/test/recipes/30-test_evp.t 2023-05-31 14:33:14.355114051 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp.t 2023-05-31 14:33:14.958113792 +0200 +@@ -43,6 +43,7 @@ my @files = qw( + evpciph_aes_wrap.txt evpciph_aes_stitched.txt - evpciph_des3_common.txt evpkdf_hkdf.txt + evpkdf_kbkdf_counter.txt evpkdf_pbkdf1.txt diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch new file mode 100644 index 0000000..a11c1db --- /dev/null +++ b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch @@ -0,0 +1,180 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/x509/x509_vfy.c openssl-3.0.9-new/crypto/x509/x509_vfy.c +--- openssl-3.0.9/crypto/x509/x509_vfy.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/x509/x509_vfy.c 2023-05-31 14:33:15.228113675 +0200 +@@ -25,6 +25,7 @@ + #include + #include + #include "internal/dane.h" ++#include "internal/sslconf.h" + #include "crypto/x509.h" + #include "x509_local.h" + +@@ -3438,14 +3439,31 @@ static int check_sig_level(X509_STORE_CT + { + int secbits = -1; + int level = ctx->param->auth_level; ++ int nid; ++ OSSL_LIB_CTX *libctx = NULL; + + if (level <= 0) + return 1; + if (level > NUM_AUTH_LEVELS) + level = NUM_AUTH_LEVELS; + +- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) ++ if (ctx->libctx) ++ libctx = ctx->libctx; ++ else if (cert->libctx) ++ libctx = cert->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) + return 0; + ++ if ((nid == NID_sha1 || nid == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ctx->param->auth_level < 2) ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ return 1; ++ + return secbits >= minbits_table[level - 1]; + } +diff -rupN --no-dereference openssl-3.0.9/doc/man5/config.pod openssl-3.0.9-new/doc/man5/config.pod +--- openssl-3.0.9/doc/man5/config.pod 2023-05-31 14:33:14.947113797 +0200 ++++ openssl-3.0.9-new/doc/man5/config.pod 2023-05-31 14:33:15.229113675 +0200 +@@ -317,6 +317,13 @@ this option is set to B. Because TL + pseudorandom function (PRF) to derive key material, disabling + B requires the use of TLS 1.2 or newer. + ++Note that enabling B will allow TLS signature ++algorithms that use SHA1 in security level 1, despite the definition of ++security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet. ++This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on ++Fedora without requiring to set the security level to 0, which would include ++further insecure algorithms, and thus restores support for TLS 1.0 and 1.1. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff -rupN --no-dereference openssl-3.0.9/ssl/t1_lib.c openssl-3.0.9-new/ssl/t1_lib.c +--- openssl-3.0.9/ssl/t1_lib.c 2023-05-31 14:33:14.950113795 +0200 ++++ openssl-3.0.9-new/ssl/t1_lib.c 2023-05-31 14:33:15.229113675 +0200 +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "crypto/x509.h" + #include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" +@@ -1567,19 +1568,28 @@ int tls12_check_peer_sigalg(SSL *s, uint + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); + return 0; + } +- /* +- * Make sure security callback allows algorithm. For historical +- * reasons we have to pass the sigalg as a two byte char array. +- */ +- sigalgstr[0] = (sig >> 8) & 0xff; +- sigalgstr[1] = sig & 0xff; +- secbits = sigalg_security_bits(s->ctx, lu); +- if (secbits == 0 || +- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, +- md != NULL ? EVP_MD_get_type(md) : NID_undef, +- (void *)sigalgstr)) { +- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); +- return 0; ++ ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 2) { ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ } else { ++ /* ++ * Make sure security callback allows algorithm. For historical ++ * reasons we have to pass the sigalg as a two byte char array. ++ */ ++ sigalgstr[0] = (sig >> 8) & 0xff; ++ sigalgstr[1] = sig & 0xff; ++ secbits = sigalg_security_bits(s->ctx, lu); ++ if (secbits == 0 || ++ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, ++ md != NULL ? EVP_MD_get_type(md) : NID_undef, ++ (void *)sigalgstr)) { ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); ++ return 0; ++ } + } + /* Store the sigalg the peer uses */ + s->s3.tmp.peer_sigalg = lu; +@@ -2117,6 +2127,15 @@ static int tls12_sigalg_allowed(const SS + } + } + ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 2) { ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ return 1; ++ } ++ + /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(s->ctx, lu); + sigalgstr[0] = (lu->sigalg >> 8) & 0xff; +@@ -2986,6 +3005,8 @@ static int ssl_security_cert_sig(SSL *s, + { + /* Lookup signature algorithm digest */ + int secbits, nid, pknid; ++ OSSL_LIB_CTX *libctx = NULL; ++ + /* Don't check signature if self signed */ + if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) + return 1; +@@ -2994,6 +3015,26 @@ static int ssl_security_cert_sig(SSL *s, + /* If digest NID not defined use signature NID */ + if (nid == NID_undef) + nid = pknid; ++ ++ if (x && x->libctx) ++ libctx = x->libctx; ++ else if (ctx && ctx->libctx) ++ libctx = ctx->libctx; ++ else if (s && s->ctx && s->ctx->libctx) ++ libctx = s->ctx->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if ((nid == NID_sha1 || nid == NID_md5_sha1) ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ((s != NULL && SSL_get_security_level(s) < 2) ++ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) ++ )) ++ /* When rh-allow-sha1-signatures = yes and security level <= 1, ++ * explicitly allow SHA1 for backwards compatibility. Also allow ++ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ return 1; ++ + if (s) + return ssl_security(s, op, secbits, nid, x); + else +diff -rupN --no-dereference openssl-3.0.9/test/recipes/25-test_verify.t openssl-3.0.9-new/test/recipes/25-test_verify.t +--- openssl-3.0.9/test/recipes/25-test_verify.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/25-test_verify.t 2023-05-31 14:33:15.230113674 +0200 +@@ -419,8 +419,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), + "CA with PSS signature using SHA256"); + +-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), +- "Reject PSS signature using SHA1 and auth level 1"); ++ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), ++ "Reject PSS signature using SHA1 and auth level 2"); + + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "PSS signature using SHA256 and auth level 2"); diff --git a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch new file mode 100644 index 0000000..89a4be8 --- /dev/null +++ b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -0,0 +1,206 @@ +From dbd1021466572be733dfc6f7ae484f1adf467f40 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Tue, 1 Mar 2022 15:44:18 +0100 +Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes + +References: rhbz#2055796 +--- + crypto/x509/x509_vfy.c | 19 ++++++++++- + doc/man5/config.pod | 7 +++- + ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++------- + test/recipes/25-test_verify.t | 7 ++-- + 4 files changed, 79 insertions(+), 18 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 2f175ca517f5dd8f8e7d79e5d562981b74c8f987..d1c7d0ce204ca31021a4497ddaa8e7dee45ff6f6 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -25,6 +25,7 @@ + #include + #include + #include "internal/dane.h" ++#include "internal/sslconf.h" + #include "crypto/x509.h" + #include "x509_local.h" + +@@ -3441,14 +3442,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) + { + int secbits = -1; + int level = ctx->param->auth_level; ++ int nid; ++ OSSL_LIB_CTX *libctx = NULL; + + if (level <= 0) + return 1; + if (level > NUM_AUTH_LEVELS) + level = NUM_AUTH_LEVELS; + +- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) ++ if (ctx->libctx) ++ libctx = ctx->libctx; ++ else if (cert->libctx) ++ libctx = cert->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) + return 0; + ++ if (nid == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ctx->param->auth_level < 3) ++ /* When rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility. */ ++ return 1; ++ + return secbits >= minbits_table[level - 1]; + } +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index f1536258470563b4fe74f8d1e3db6d73ed316341..29ca805ea7152aa9d39bb14e74cc7fd704ec7acf 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -313,7 +313,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 + digest will fail. For compatibility with older versions of OpenSSL, set this + option to B. This setting also affects TLS, where signature algorithms + that use SHA1 as digest will no longer be supported if this option is set to +-B. ++B. Note that enabling B will allow TLS signature ++algorithms that use SHA1 in security level 2, despite the definition of ++security level 2 of 112 bits of security, which SHA1 does not meet. Because ++TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key ++material, disabling B requires the use of TLS 1.2 or ++newer. + + =item B (deprecated) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 909e38c2fe88324884a939b583fd7f43d01f3920..860c7a81d1eaa834e72f81e433e7a0a6a8b1b641 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "crypto/x509.h" + #include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" +@@ -1566,19 +1567,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); + return 0; + } +- /* +- * Make sure security callback allows algorithm. For historical +- * reasons we have to pass the sigalg as a two byte char array. +- */ +- sigalgstr[0] = (sig >> 8) & 0xff; +- sigalgstr[1] = sig & 0xff; +- secbits = sigalg_security_bits(s->ctx, lu); +- if (secbits == 0 || +- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, +- md != NULL ? EVP_MD_get_type(md) : NID_undef, +- (void *)sigalgstr)) { +- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); +- return 0; ++ ++ if (lu->hash == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 3) { ++ /* when rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility */ ++ } else { ++ /* ++ * Make sure security callback allows algorithm. For historical ++ * reasons we have to pass the sigalg as a two byte char array. ++ */ ++ sigalgstr[0] = (sig >> 8) & 0xff; ++ sigalgstr[1] = sig & 0xff; ++ secbits = sigalg_security_bits(s->ctx, lu); ++ if (secbits == 0 || ++ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, ++ md != NULL ? EVP_MD_get_type(md) : NID_undef, ++ (void *)sigalgstr)) { ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); ++ return 0; ++ } + } + /* Store the sigalg the peer uses */ + s->s3.tmp.peer_sigalg = lu; +@@ -2111,6 +2120,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) + } + } + ++ if (lu->hash == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 3) { ++ /* when rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility */ ++ return 1; ++ } ++ + /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(s->ctx, lu); + sigalgstr[0] = (lu->sigalg >> 8) & 0xff; +@@ -2980,6 +2997,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) + { + /* Lookup signature algorithm digest */ + int secbits, nid, pknid; ++ OSSL_LIB_CTX *libctx = NULL; ++ + /* Don't check signature if self signed */ + if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) + return 1; +@@ -2988,6 +3007,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) + /* If digest NID not defined use signature NID */ + if (nid == NID_undef) + nid = pknid; ++ ++ if (x && x->libctx) ++ libctx = x->libctx; ++ else if (ctx && ctx->libctx) ++ libctx = ctx->libctx; ++ else if (s && s->ctx && s->ctx->libctx) ++ libctx = s->ctx->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if (nid == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ((s != NULL && SSL_get_security_level(s) < 3) ++ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3) ++ )) ++ /* When rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility. */ ++ return 1; ++ + if (s) + return ssl_security(s, op, secbits, nid, x); + else +diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t +index bf85ba57c1cf51fe4e8e54654890121bac6738fe..d5665434aaef1ca2b5f2f37b2499f40b1405fd9d 100644 +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -29,7 +29,7 @@ sub verify { + run(app([@args])); + } + +-plan tests => 163; ++plan tests => 162; + + # Canonical success + ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), +@@ -410,8 +410,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), + "CA with PSS signature using SHA256"); + +-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), +- "Reject PSS signature using SHA1 and auth level 1"); ++## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1 ++#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), ++# "Reject PSS signature using SHA1 and auth level 1"); + + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "PSS signature using SHA256 and auth level 2"); +-- +2.37.2 + diff --git a/0053-Add-SHA1-probes.patch b/0053-Add-SHA1-probes.patch new file mode 100644 index 0000000..6c55ef6 --- /dev/null +++ b/0053-Add-SHA1-probes.patch @@ -0,0 +1,208 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/m_sigver.c openssl-3.0.9-new/crypto/evp/m_sigver.c +--- openssl-3.0.9/crypto/evp/m_sigver.c 2023-05-31 14:33:14.946113797 +0200 ++++ openssl-3.0.9-new/crypto/evp/m_sigver.c 2023-05-31 14:33:15.503113557 +0200 +@@ -16,6 +16,8 @@ + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" + ++#include ++ + typedef struct ossl_legacy_digest_signatures_st { + int allowed; + } OSSL_LEGACY_DIGEST_SIGNATURES; +@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ct + && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) + && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { + int mdnid = EVP_MD_nid(ctx->reqdigest); +- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) +- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { +- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); +- goto err; ++ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { ++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ goto err; ++ } else { ++ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid); ++ } + } + } + +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/pmeth_lib.c openssl-3.0.9-new/crypto/evp/pmeth_lib.c +--- openssl-3.0.9/crypto/evp/pmeth_lib.c 2023-05-31 14:33:14.946113797 +0200 ++++ openssl-3.0.9-new/crypto/evp/pmeth_lib.c 2023-05-31 14:33:15.504113556 +0200 +@@ -36,6 +36,8 @@ + #include "internal/sslconf.h" + #include "evp_local.h" + ++#include ++ + #ifndef FIPS_MODULE + + static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, +@@ -966,10 +968,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_ + && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) + && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { + int mdnid = EVP_MD_nid(md); +- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) +- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { +- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); +- return -1; ++ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ return -1; ++ } else { ++ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid); ++ } + } + } + +diff -rupN --no-dereference openssl-3.0.9/crypto/x509/x509_vfy.c openssl-3.0.9-new/crypto/x509/x509_vfy.c +--- openssl-3.0.9/crypto/x509/x509_vfy.c 2023-05-31 14:33:15.498113559 +0200 ++++ openssl-3.0.9-new/crypto/x509/x509_vfy.c 2023-05-31 14:33:15.504113556 +0200 +@@ -29,6 +29,8 @@ + #include "crypto/x509.h" + #include "x509_local.h" + ++#include ++ + /* CRL score values */ + + #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */ +@@ -3459,11 +3461,13 @@ static int check_sig_level(X509_STORE_CT + + if ((nid == NID_sha1 || nid == NID_md5_sha1) + && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) +- && ctx->param->auth_level < 2) ++ && ctx->param->auth_level < 2) { ++ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid); + /* When rh-allow-sha1-signatures = yes and security level <= 1, + * explicitly allow SHA1 for backwards compatibility. Also allow + * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ + return 1; ++ } + + return secbits >= minbits_table[level - 1]; + } +diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck.c openssl-3.0.9-new/providers/common/securitycheck.c +--- openssl-3.0.9/providers/common/securitycheck.c 2023-05-31 14:33:14.948113796 +0200 ++++ openssl-3.0.9-new/providers/common/securitycheck.c 2023-05-31 14:33:15.504113556 +0200 +@@ -21,6 +21,8 @@ + #include "prov/securitycheck.h" + #include "internal/sslconf.h" + ++#include ++ + /* + * FIPS requires a minimum security strength of 112 bits (for encryption or + * signing), and for legacy purposes 80 bits (for decryption or verifying). +@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sh + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ + + #ifndef FIPS_MODULE +- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) +- /* SHA1 is globally disabled, check whether we want to locally allow +- * it. */ +- if (mdnid == NID_sha1 && !sha1_allowed) ++ if (mdnid == NID_sha1 && !sha1_allowed) { ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ + mdnid = -1; ++ else ++ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid); ++ } + #endif + + return mdnid; +@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX + #ifndef FIPS_MODULE + { + int mdnid = EVP_MD_nid(md); +- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) +- && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) +- return 0; ++ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ return 0; ++ else ++ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid); ++ } + } + #endif + +diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck_default.c openssl-3.0.9-new/providers/common/securitycheck_default.c +--- openssl-3.0.9/providers/common/securitycheck_default.c 2023-05-31 14:33:14.948113796 +0200 ++++ openssl-3.0.9-new/providers/common/securitycheck_default.c 2023-05-31 14:33:15.505113556 +0200 +@@ -17,6 +17,8 @@ + #include "internal/nelem.h" + #include "internal/sslconf.h" + ++#include ++ + /* Disable the security checks in the default provider */ + int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) + { +@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL + + ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); + mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); ++ if (mdnid == NID_sha1) ++ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */ ++ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid); + if (mdnid == NID_undef) + mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); +- if (mdnid == NID_md5_sha1 && !ldsigs_allowed) +- mdnid = -1; ++ if (mdnid == NID_md5_sha1) { ++ if (ldsigs_allowed) ++ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid); ++ else ++ mdnid = -1; ++ } + return mdnid; + } +diff -rupN --no-dereference openssl-3.0.9/ssl/t1_lib.c openssl-3.0.9-new/ssl/t1_lib.c +--- openssl-3.0.9/ssl/t1_lib.c 2023-05-31 14:33:15.499113558 +0200 ++++ openssl-3.0.9-new/ssl/t1_lib.c 2023-05-31 14:33:15.505113556 +0200 +@@ -28,6 +28,8 @@ + #include "ssl_local.h" + #include + ++#include ++ + static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); + static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); + +@@ -1575,6 +1577,7 @@ int tls12_check_peer_sigalg(SSL *s, uint + /* When rh-allow-sha1-signatures = yes and security level <= 1, + * explicitly allow SHA1 for backwards compatibility. Also allow + * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash); + } else { + /* + * Make sure security callback allows algorithm. For historical +@@ -2133,6 +2136,7 @@ static int tls12_sigalg_allowed(const SS + /* When rh-allow-sha1-signatures = yes and security level <= 1, + * explicitly allow SHA1 for backwards compatibility. Also allow + * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash); + return 1; + } + +@@ -3029,11 +3033,13 @@ static int ssl_security_cert_sig(SSL *s, + && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) + && ((s != NULL && SSL_get_security_level(s) < 2) + || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) +- )) ++ )) { + /* When rh-allow-sha1-signatures = yes and security level <= 1, + * explicitly allow SHA1 for backwards compatibility. Also allow + * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ ++ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid); + return 1; ++ } + + if (s) + return ssl_security(s, op, secbits, nid, x); diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch new file mode 100644 index 0000000..76da556 --- /dev/null +++ b/0056-strcasecmp.patch @@ -0,0 +1,54 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/o_str.c openssl-3.0.9-new/crypto/o_str.c +--- openssl-3.0.9/crypto/o_str.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/o_str.c 2023-05-31 14:33:15.788113433 +0200 +@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char + #endif + } + +-int OPENSSL_strcasecmp(const char *s1, const char *s2) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strcasecmp(const char *s1, const char *s2) + { + int t; + +@@ -352,7 +357,12 @@ int OPENSSL_strcasecmp(const char *s1, c + return t; + } + +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) ++#endif ++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) + { + int t; + size_t i; +diff -rupN --no-dereference openssl-3.0.9/test/recipes/01-test_symbol_presence.t openssl-3.0.9-new/test/recipes/01-test_symbol_presence.t +--- openssl-3.0.9/test/recipes/01-test_symbol_presence.t 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/01-test_symbol_presence.t 2023-05-31 14:33:15.788113433 +0200 +@@ -77,6 +77,7 @@ foreach my $libname (@libnames) { + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; ++ s|\@.+$||; + # Return the result + $_ + } +diff -rupN --no-dereference openssl-3.0.9/util/libcrypto.num openssl-3.0.9-new/util/libcrypto.num +--- openssl-3.0.9/util/libcrypto.num 2023-05-31 14:33:14.951113795 +0200 ++++ openssl-3.0.9-new/util/libcrypto.num 2023-05-31 14:33:15.787113434 +0200 +@@ -5429,6 +5429,8 @@ OPENSSL_strcasecmp + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: + OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP + OSSL_CMP_MSG_update_recipNonce 5559 3_0_9 EXIST::FUNCTION:CMP ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch new file mode 100644 index 0000000..1a3e634 --- /dev/null +++ b/0058-FIPS-limit-rsa-encrypt.patch @@ -0,0 +1,542 @@ +diff -rupN --no-dereference openssl-3.0.9/providers/common/securitycheck.c openssl-3.0.9-new/providers/common/securitycheck.c +--- openssl-3.0.9/providers/common/securitycheck.c 2023-05-31 14:33:15.780113437 +0200 ++++ openssl-3.0.9-new/providers/common/securitycheck.c 2023-05-31 14:33:16.063113315 +0200 +@@ -29,6 +29,7 @@ + * Set protect = 1 for encryption or signing operations, or 0 otherwise. See + * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. + */ ++/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */ + int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) + { + int protect = 0; +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c +--- openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:16.064113314 +0200 +@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac + return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); + } + ++# ifdef FIPS_MODULE ++static int fips_padding_allowed(const PROV_RSA_CTX *prsactx) ++{ ++ if (prsactx->pad_mode == RSA_PKCS1_PADDING ++ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) ++ return 0; ++ ++ return 1; ++} ++# endif ++ + static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + size_t outsize, const unsigned char *in, size_t inlen) + { +@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u + if (!ossl_prov_is_running()) + return 0; + ++# ifdef FIPS_MODULE ++ if (fips_padding_allowed(prsactx) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return 0; ++ } ++ ++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++# endif ++ + if (out == NULL) { + size_t len = RSA_size(prsactx->rsa); + +@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, u + if (!ossl_prov_is_running()) + return 0; + ++# ifdef FIPS_MODULE ++ if (fips_padding_allowed(prsactx) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return 0; ++ } ++ ++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++# endif ++ + if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { + if (out == NULL) { + *outlen = SSL_MAX_MASTER_KEY_LENGTH; +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.066113313 +0200 +@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974 + Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef + + # RSA decrypt +- ++Availablein = default + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Output = "Hello World" + + # Corrupted ciphertext +-FIPSversion = <3.2.0 ++Availablein = default + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 + Output = "Hello World" +@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN + h90qjKHS9PvY4Q== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a + Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 + Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb + Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 + Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 + Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64 + eG2e4XlBcKjI6A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e + Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 + Output=2d + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 + Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 + Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec + Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W + Ya4qnqZe1onjY5o= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 + Output=087820b569e8fa8d + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 + Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a + Output=d94cd0e08fa404ed89 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 + Output=6cc641b6b61e6f963974dad23a9013284ef1 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 + Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/ + aD0x7TDrmEvkEro= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 + Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e + Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 + Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 + Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 + Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/ + MSwGUGLx60i3nRyDyw== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 + Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad + Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 + Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf + Output=15c5b9ee1185 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 + Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq + Yejn5Ly8mU2q+jBcRQ== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 + Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f + Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 + Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 + Output=684e3038c5c041f7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab + Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4 + FMlxv0gq65dqc3DC + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 + Output=47aae909 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 + Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b + Output=d976fc + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac + Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 + Output=bb47231ca5ea1d3ad46c99345d9a8a61 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E + 2MiPa249Z+lh3Luj0A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 + Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d + Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f + Output=8604ac56328c1ab5ad917861 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 + Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 + Output=4a5f4914bee25de3c69341de07 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc + tKo5Eb69iFQvBb4= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 + Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 + Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 + Output=fd326429df9b890e09b54b18b8f34f1e24 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 + Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e + Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_cms.t openssl-3.0.9-new/test/recipes/80-test_cms.t +--- openssl-3.0.9/test/recipes/80-test_cms.t 2023-05-31 14:33:14.356114051 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_cms.t 2023-05-31 14:33:16.064113314 +0200 +@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -970,6 +970,9 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_old.t openssl-3.0.9-new/test/recipes/80-test_ssl_old.t +--- openssl-3.0.9/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:14.356114051 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:16.065113314 +0200 +@@ -493,6 +493,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; +@@ -504,11 +516,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; diff --git a/0060-FIPS-KAT-signature-tests.patch b/0060-FIPS-KAT-signature-tests.patch new file mode 100644 index 0000000..b62249a --- /dev/null +++ b/0060-FIPS-KAT-signature-tests.patch @@ -0,0 +1,420 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_backend.c openssl-3.0.9-new/crypto/ec/ec_backend.c +--- openssl-3.0.9/crypto/ec/ec_backend.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_backend.c 2023-05-31 14:33:16.334113197 +0200 +@@ -398,6 +398,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con + const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL; + BN_CTX *ctx = NULL; + BIGNUM *priv_key = NULL; ++#ifdef FIPS_MODULE ++ const OSSL_PARAM *param_sign_kat_k = NULL; ++ BIGNUM *sign_kat_k = NULL; ++#endif + unsigned char *pub_key = NULL; + size_t pub_key_len; + const EC_GROUP *ecg = NULL; +@@ -413,7 +417,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con + if (include_private) + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); +- ++#ifdef FIPS_MODULE ++ param_sign_kat_k = ++ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K); ++#endif + ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); + if (ctx == NULL) + goto err; +@@ -486,6 +493,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con + && !EC_KEY_set_public_key(ec, pub_point)) + goto err; + ++#ifdef FIPS_MODULE ++ if (param_sign_kat_k) { ++ if ((sign_kat_k = BN_secure_new()) == NULL) ++ goto err; ++ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME); ++ ++ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k)) ++ goto err; ++ ec->sign_kat_k = sign_kat_k; ++ } ++#endif + ok = 1; + + err: +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ecdsa_ossl.c openssl-3.0.9-new/crypto/ec/ecdsa_ossl.c +--- openssl-3.0.9/crypto/ec/ecdsa_ossl.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ecdsa_ossl.c 2023-05-31 14:33:16.334113197 +0200 +@@ -20,6 +20,10 @@ + #include "crypto/bn.h" + #include "ec_local.h" + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_signature_st; ++#endif ++ + #define MIN_ECDSA_SIGN_ORDERBITS 64 + /* + * It is highly unlikely that a retry will happen, +@@ -137,6 +141,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke + goto err; + + do { ++#ifdef FIPS_MODULE ++ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { ++ BN_copy(k, eckey->sign_kat_k); ++ } else { ++#endif + /* get random k */ + do { + if (dgst != NULL) { +@@ -152,7 +161,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke + } + } + } while (BN_is_zero(k)); +- ++#ifdef FIPS_MODULE ++ } ++#endif + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_key.c openssl-3.0.9-new/crypto/ec/ec_key.c +--- openssl-3.0.9/crypto/ec/ec_key.c 2023-05-31 14:33:14.069114174 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_key.c 2023-05-31 14:33:16.335113197 +0200 +@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r) + EC_GROUP_free(r->group); + EC_POINT_free(r->pub_key); + BN_clear_free(r->priv_key); ++#ifdef FIPS_MODULE ++ BN_clear_free(r->sign_kat_k); ++#endif + OPENSSL_free(r->propq); + + OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_local.h openssl-3.0.9-new/crypto/ec/ec_local.h +--- openssl-3.0.9/crypto/ec/ec_local.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_local.h 2023-05-31 14:33:16.336113196 +0200 +@@ -298,6 +298,9 @@ struct ec_key_st { + #ifndef FIPS_MODULE + CRYPTO_EX_DATA ex_data; + #endif ++#ifdef FIPS_MODULE ++ BIGNUM *sign_kat_k; ++#endif + CRYPTO_RWLOCK *lock; + OSSL_LIB_CTX *libctx; + char *propq; +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ecp_s390x_nistp.c openssl-3.0.9-new/crypto/ec/ecp_s390x_nistp.c +--- openssl-3.0.9/crypto/ec/ecp_s390x_nistp.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ecp_s390x_nistp.c 2023-05-31 14:33:16.338113195 +0200 +@@ -44,6 +44,10 @@ + #define S390X_OFF_RN(n) (4 * n) + #define S390X_OFF_Y(n) (4 * n) + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_signature_st; ++#endif ++ + static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, + size_t num, const EC_POINT *points[], +@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign + * because kdsa instruction constructs an in-range, invertible nonce + * internally implementing counter-measures for RNG weakness. + */ ++#ifdef FIPS_MODULE ++ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { ++ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len); ++ /* Turns KDSA internal nonce-generation off. */ ++ fc |= S390X_KDSA_D; ++ } else { ++#endif + if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), + (size_t)len, 0) != 1) { + ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); + goto ret; + } ++#ifdef FIPS_MODULE ++ } ++#endif + } else { + /* Reconstruct k = (k^-1)^-1. */ + if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 +diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h +--- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:15.221113678 +0200 ++++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:16.336113196 +0200 +@@ -293,6 +293,7 @@ extern "C" { + #define OSSL_PKEY_PARAM_DIST_ID "distid" + #define OSSL_PKEY_PARAM_PUB_KEY "pub" + #define OSSL_PKEY_PARAM_PRIV_KEY "priv" ++#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" + + /* Diffie-Hellman/DSA Parameters */ + #define OSSL_PKEY_PARAM_FFC_P "p" +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc +--- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-31 14:33:14.352114052 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:16.338113195 +0200 +@@ -1405,7 +1405,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), + ST_KAT_PARAM_END() + }; ++static const unsigned char ec224r1_kat_sig[] = { ++0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0, ++0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce, ++0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22, ++0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c ++}; + ++static const char ecd_prime_curve_name384[] = "secp384r1"; ++/* ++priv: ++ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34: ++ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a: ++ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87: ++ 4c:91:87 ++pub: ++ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92: ++ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23: ++ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43: ++ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7: ++ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3: ++ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f: ++ 11:f2:a3:bf:e8:0e:88 ++*/ ++static const unsigned char ecd_prime_priv384[] = { ++ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34, ++ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a, ++ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87, ++ 0x4c, 0x91, 0x87 ++}; ++static const unsigned char ecd_prime_pub384[] = { ++ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92, ++ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23, ++ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43, ++ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7, ++ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3, ++ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f, ++ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88 ++}; ++static const ST_KAT_PARAM ecdsa_prime_key384[] = { ++ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384), ++ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384), ++ ST_KAT_PARAM_END() ++}; ++static const unsigned char ec384r1_kat_sig[] = { ++0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98, ++0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b, ++0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79, ++0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7, ++0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33, ++0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30, ++0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f ++}; ++static const char ecd_prime_curve_name521[] = "secp521r1"; ++/* ++priv: ++ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae: ++ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20: ++ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69: ++ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2: ++ af:fe:6d:cb:c2:3b ++pub: ++ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3: ++ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5: ++ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5: ++ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c: ++ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2: ++ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7: ++ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de: ++ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f: ++ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d ++*/ ++static const unsigned char ecd_prime_priv521[] = { ++ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae, ++ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20, ++ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69, ++ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2, ++ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b ++}; ++static const unsigned char ecd_prime_pub521[] = { ++ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3, ++ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5, ++ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5, ++ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c, ++ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2, ++ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7, ++ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde, ++ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f, ++ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d ++}; ++static const ST_KAT_PARAM ecdsa_prime_key521[] = { ++ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521), ++ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521), ++ ST_KAT_PARAM_END() ++}; ++static const unsigned char ec521r1_kat_sig[] = { ++0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e, ++0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65, ++0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8, ++0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89, ++0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2, ++0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f, ++0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a, ++0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9, ++0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e ++}; ++static const char ecd_prime_curve_name256[] = "prime256v1"; ++/* ++priv: ++ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88: ++ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7: ++ 30:fa ++pub: ++ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73: ++ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34: ++ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6: ++ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74: ++ 98:66:c4:63:a6 ++*/ ++static const unsigned char ecd_prime_priv256[] = { ++ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88, ++ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7, ++ 0x30, 0xfa ++}; ++static const unsigned char ecd_prime_pub256[] = { ++ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73, ++ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34, ++ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6, ++ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74, ++ 0x98, 0x66, 0xc4, 0x63, 0xa6 ++}; ++static const ST_KAT_PARAM ecdsa_prime_key256[] = { ++ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256), ++ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256), ++ ST_KAT_PARAM_END() ++}; ++static const unsigned char ec256v1_kat_sig[] = { ++0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6, ++0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f, ++0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21, ++0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b, ++0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66 ++}; + # ifndef OPENSSL_NO_EC2M + static const char ecd_bin_curve_name[] = "sect233r1"; + static const unsigned char ecd_bin_priv[] = { +@@ -1577,8 +1721,42 @@ static const ST_KAT_SIGN st_kat_sign_tes + ecdsa_prime_key, + /* + * The ECDSA signature changes each time due to it using a random k. +- * So there is no expected KAT for this case. ++ * We provide this value in our build ++ */ ++ ITM(ec224r1_kat_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ECDSA, ++ "EC", ++ "SHA-256", ++ ecdsa_prime_key384, ++ /* ++ * The ECDSA signature changes each time due to it using a random k. ++ * We provide this value in our build ++ */ ++ ITM(ec384r1_kat_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ECDSA, ++ "EC", ++ "SHA-256", ++ ecdsa_prime_key521, ++ /* ++ * The ECDSA signature changes each time due to it using a random k. ++ * We provide this value in our build ++ */ ++ ITM(ec521r1_kat_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ECDSA, ++ "EC", ++ "SHA-256", ++ ecdsa_prime_key256, ++ /* ++ * The ECDSA signature changes each time due to it using a random k. ++ * We provide this value in our build + */ ++ ITM(ec256v1_kat_sig) + }, + # ifndef OPENSSL_NO_EC2M + { +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_kats.c openssl-3.0.9-new/providers/fips/self_test_kats.c +--- openssl-3.0.9/providers/fips/self_test_kats.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_kats.c 2023-05-31 14:33:16.337113196 +0200 +@@ -17,6 +17,8 @@ + #include "self_test.h" + #include "self_test_data.inc" + ++int REDHAT_FIPS_signature_st = 0; ++ + static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, + OSSL_LIB_CTX *libctx) + { +@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S + EVP_PKEY *pkey = NULL; + unsigned char sig[256]; + BN_CTX *bnctx = NULL; ++ BIGNUM *K = NULL; + size_t siglen = sizeof(sig); + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, +@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; ++ K = BN_CTX_get(bnctx); ++ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL) ++ goto err; + + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) +@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S + + if (!add_params(bld, t->key, bnctx)) + goto err; ++ /* set K for ECDSA KAT tests */ ++ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K)) ++ goto err; + params = OSSL_PARAM_BLD_to_param(bld); + + /* Create a EVP_PKEY_CTX to load the DSA key into */ +@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST + static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + { + int i, ret = 1; ++ REDHAT_FIPS_signature_st = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { + if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) + ret = 0; + } ++ REDHAT_FIPS_signature_st = 0; + return ret; + } + +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.9-new/providers/implementations/keymgmt/ec_kmgmt.c +--- openssl-3.0.9/providers/implementations/keymgmt/ec_kmgmt.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/keymgmt/ec_kmgmt.c 2023-05-31 14:33:16.337113196 +0200 +@@ -539,7 +539,8 @@ end: + # define EC_IMEXPORTABLE_PUBLIC_KEY \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) + # define EC_IMEXPORTABLE_PRIVATE_KEY \ +- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \ ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0) + # define EC_IMEXPORTABLE_OTHER_PARAMETERS \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch new file mode 100644 index 0000000..4270c8c --- /dev/null +++ b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch @@ -0,0 +1,1359 @@ +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/dsa_sig.c openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/dsa_sig.c 2023-05-31 14:33:14.948113796 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/dsa_sig.c 2023-05-31 14:33:16.628113070 +0200 +@@ -128,11 +128,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + int md_nid; + size_t mdname_len = strlen(mdname); +-#ifdef FIPS_MODULE +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + int sha1_allowed = 0; +-#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/ecdsa_sig.c 2023-05-31 14:33:14.948113796 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/ecdsa_sig.c 2023-05-31 14:33:16.628113070 +0200 +@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX + "%s could not be fetched", mdname); + return 0; + } +-#ifdef FIPS_MODULE +- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + sha1_allowed = 0; +-#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/signature/rsa_sig.c openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c +--- openssl-3.0.9/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:14.949113796 +0200 ++++ openssl-3.0.9-new/providers/implementations/signature/rsa_sig.c 2023-05-31 14:33:16.628113070 +0200 +@@ -292,11 +292,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + int md_nid; + size_t mdname_len = strlen(mdname); +-#ifdef FIPS_MODULE +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + int sha1_allowed = 0; +-#endif + md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); + +@@ -1371,8 +1367,10 @@ static int rsa_set_ctx_params(void *vprs + + if (prsactx->md == NULL && pmdname == NULL + && pad_mode == RSA_PKCS1_PSS_PADDING) { ++#ifdef FIPS_MODULE ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++#else + pmdname = RSA_DEFAULT_DIGEST_NAME; +-#ifndef FIPS_MODULE + if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { + pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; + } +diff -rupN --no-dereference openssl-3.0.9/test/acvp_test.inc openssl-3.0.9-new/test/acvp_test.inc +--- openssl-3.0.9/test/acvp_test.inc 2023-05-31 14:33:11.680115195 +0200 ++++ openssl-3.0.9-new/test/acvp_test.inc 2023-05-31 14:33:16.629113069 +0200 +@@ -1844,17 +1844,6 @@ static const struct rsa_sigver_st rsa_si + { + "x931", + 3072, +- "SHA1", +- ITM(rsa_sigverx931_0_msg), +- ITM(rsa_sigverx931_0_n), +- ITM(rsa_sigverx931_0_e), +- ITM(rsa_sigverx931_0_sig), +- NO_PSS_SALT_LEN, +- PASS +- }, +- { +- "x931", +- 3072, + "SHA256", + ITM(rsa_sigverx931_1_msg), + ITM(rsa_sigverx931_1_n), +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 14:33:11.957115077 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2023-05-31 14:33:16.629113069 +0200 +@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC + + Title = ECDSA tests + ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + + # Digest too long ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF12345" +@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a + Result = VERIFY_ERROR + + # Digest too short ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF123" +@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a + Result = VERIFY_ERROR + + # Digest invalid ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1235" +@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a + Result = VERIFY_ERROR + + # Invalid signature ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a + Result = VERIFY_ERROR + + # BER signature ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 + Result = VERIFY_ERROR + ++Availablein = default + Verify = P-256-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.329113199 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.630113069 +0200 +@@ -96,6 +96,7 @@ NDL6WCBbets= + + Title = RSA tests + ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224 + Input = "0123456789ABCDEF123456789ABC" + Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:SHA1 + Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Output = "0123456789ABCDEF1234" + + # Leading zero in the signature ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:SHA1 + Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Result = KEYOP_ERROR + + # Mismatched digest ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1233" +@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547 + Result = VERIFY_ERROR + + # Corrupted signature ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1233" +@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547 + Result = VERIFY_ERROR + + # parameter is not NULLt ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" +@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1b + Result = VERIFY_ERROR + + # embedded digest too long ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = KEYOP_ERROR + + # embedded digest too short ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = KEYOP_ERROR + + # Garbage after DigestInfo ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 + Result = KEYOP_ERROR + + # invalid tag for parameter ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" +@@ -195,6 +209,7 @@ Result = VERIFY_ERROR + + # Verify using public key + ++Availablein = default + Verify = RSA-2048-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -371,6 +386,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + + # Verify using salt length auto detect ++# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256 ++Availablein = default + Verify = RSA-2048-PUBLIC + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:auto +@@ -405,6 +422,10 @@ Output=4DE433D5844043EF08D354DA03CB29068 + Result = VERIFY_ERROR + + # Verify using default parameters, explicitly setting parameters ++# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which ++# RHEL-9 does not support in FIPS mode; all these tests are thus marked ++# Availablein = default. ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:20 +@@ -413,6 +434,7 @@ Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + + # Verify explicitly setting parameters "digest" salt length ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:digest +@@ -421,18 +443,21 @@ Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + + # Verify using salt length larger than minimum ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:30 + Input="0123456789ABCDEF0123" + Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B + + # Verify using maximum salt length ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:max + Input="0123456789ABCDEF0123" + Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6 + + # Attempt to change salt length below minimum ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:0 + Result = PKEY_CTRL_ERROR +@@ -440,21 +465,25 @@ Result = PKEY_CTRL_ERROR + # Attempt to change padding mode + # Note this used to return PKEY_CTRL_INVALID + # but it is limited because setparams only returns 0 or 1. ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pkcs1 + Result = PKEY_CTRL_ERROR + + # Attempt to change digest ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = digest:sha256 + Result = PKEY_CTRL_ERROR + + # Invalid key: rejected when we try to init ++Availablein = default + Verify = RSA-PSS-BAD + Result = KEYOP_INIT_ERROR + Reason = invalid salt length + + # Invalid key: rejected when we try to init ++Availablein = default + Verify = RSA-PSS-BAD2 + Result = KEYOP_INIT_ERROR + Reason = invalid salt length +@@ -473,36 +502,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEF + 4fINDOjP+yJJvZohNwIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e + Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd + Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0652ec67bcee30f9d2699122b91c19abdba89f91 + Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=39c21c4cceda9c1adf839c744e1212a6437575ec + Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=36dae913b77bd17cae6e7b09453d24544cebb33c + Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -518,36 +553,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+E + 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ== + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0 + Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=2dac956d53964748ac364d06595827c6b4f143cd + Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298 + Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e + Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a + Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -565,36 +606,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5 + BQIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4 + Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=b503319399277fd6c1c8f1033cbf04199ea21716 + Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=50aaede8536b2c307208b275a67ae2df196c7628 + Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294 + Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=fad3902c9750622a2bc672622c48270cc57d3ea8 + Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -1384,11 +1431,13 @@ Title = RSA FIPS tests + + # FIPS tests + +-# Verifying with SHA1 is permitted in fips mode for older applications ++# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode ++Availablein = fips + DigestVerify = SHA1 + Key = RSA-2048 + Input = "Hello " + Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859 ++Result = DIGESTVERIFYINIT_ERROR + + # Verifying with a 1024 bit key is permitted in fips mode for older applications + DigestVerify = SHA256 +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_cms.t openssl-3.0.9-new/test/recipes/80-test_cms.t +--- openssl-3.0.9/test/recipes/80-test_cms.t 2023-05-31 14:33:16.329113199 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_cms.t 2023-05-31 14:33:16.630113069 +0200 +@@ -163,7 +163,7 @@ my @smime_pkcs7_tests = ( + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", + "-certfile", $smroot, + "-signer", $smrsa1, "-out", "{output}.cms" ], +- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", ++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], +@@ -171,7 +171,7 @@ my @smime_pkcs7_tests = ( + [ "signed zero-length content S/MIME format, RSA key SHA1", + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], +- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", ++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&zero_compare + ], +diff -rupN --no-dereference openssl-3.0.9/test/recipes/80-test_ssl_old.t openssl-3.0.9-new/test/recipes/80-test_ssl_old.t +--- openssl-3.0.9/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:16.329113199 +0200 ++++ openssl-3.0.9-new/test/recipes/80-test_ssl_old.t 2023-05-31 14:33:16.630113069 +0200 +@@ -394,6 +394,9 @@ sub testssl { + 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); + } + ++ SKIP: { ++ skip "SSLv3 is not supported by the FIPS provider", 4 ++ if $provider eq "fips"; + ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), + 'test sslv2/sslv3 with server authentication'); + ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), +@@ -402,6 +405,7 @@ sub testssl { + 'test sslv2/sslv3 with both client and server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); ++ } + + SKIP: { + skip "No IPv4 available on this machine", 4 +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdh.pem openssl-3.0.9-new/test/smime-certs/smdh.pem +--- openssl-3.0.9/test/smime-certs/smdh.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smdh.pem 2023-05-31 14:33:16.631113068 +0200 +@@ -1,47 +1,47 @@ + -----BEGIN PRIVATE KEY----- +-MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+ +-+460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ +-6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE +-bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP +-PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma +-Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB +-AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7 +-93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP +-EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D +-l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr +-ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe +-assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5 +-BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw= ++MIICXQIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdT ++e9OxD/p9DQNKqoLyJ10TAUXuycozVqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJt ++F1ZLW+1pklZs2m0cLl4raOe8CZGHkSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81l ++pvL0946LiHfHklMtSOkK3H9PkGB/KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4 ++ieeWprywTaZ8gp3NBMjyuRJniGCQ52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTk ++VS3wLo5ypgrveRdALKvqkHe0qfNr5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIB ++AE50cpgSJBYr9+5dj+fJJcXf/KX9rttlBXyveUP+vbSm/oW443/IksO3oLMy1Raq ++tHTDBhtNrH7rSK6CDStKrMkgHsjTYkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB ++7QB0kkkUgZ7etsnNxEkz9WQwohTvGBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgt ++eEiCO8D9xu0sEXT8ZdRqWcmkTfeMRojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxB ++DrYYkV3LSAweuUQKBocNI7bbbOvPByUvHVMfJBrBmwIJI3vc3091njOH53zATNNv ++ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv ++BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL ++MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +-NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C +-ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt +-ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW +-sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy +-w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX +-JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv +-yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn +-FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI +-kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo +-ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f +-/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV +-7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId +-AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK +-yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj +-+j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4 +-zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR +-Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06 +-M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub +-i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E +-FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X +-INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO +-ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w +-Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6 +-3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU +-EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa +-oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM= ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz ++MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw ++ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz ++VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH ++kSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81lpvL0946LiHfHklMtSOkK3H9PkGB/ ++KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4ieeWprywTaZ8gp3NBMjyuRJniGCQ ++52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTkVS3wLo5ypgrveRdALKvqkHe0qfNr ++5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIBAE50cpgSJBYr9+5dj+fJJcXf/KX9 ++rttlBXyveUP+vbSm/oW443/IksO3oLMy1RaqtHTDBhtNrH7rSK6CDStKrMkgHsjT ++YkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB7QB0kkkUgZ7etsnNxEkz9WQwohTv ++GBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgteEiCO8D9xu0sEXT8ZdRqWcmkTfeM ++Rojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxBDrYYkV3LSAweuUQKBocNI7bbbOvP ++ByUvHVMfJBrBmwIJI3vc3091njOH53zATNNvta+9S7L4zNsvbg8RtJyH8i4CHQCY ++12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXvA4IBBQACggEAJP4Vy6vcIa7jLa93 ++DWeT0pxe4zeYXxRWbvS7reLoZcBIhH253/QfXj+0UhcjtAa5A2X519anBuetUern ++ecBmHO9vAj9F7J6feK+pUxE8cl793gmWzcGijMXCuRorW7GZ3XBTuQbWaJLtxB4a ++rS54+CFMUfqR5coxGrraGPGjR9P6YCpJgWL74yxiQVzjEdwPLEz/0ehKeDkSvuj8 ++Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+ ++xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h ++wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE ++FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI ++qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y ++TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb ++L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC ++KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ ++EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2 ++/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5 + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdsa1.pem openssl-3.0.9-new/test/smime-certs/smdsa1.pem +--- openssl-3.0.9/test/smime-certs/smdsa1.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smdsa1.pem 2023-05-31 14:33:16.632113068 +0200 +@@ -1,47 +1,47 @@ + -----BEGIN PRIVATE KEY----- +-MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 +-i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t +-4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa +-kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg +-c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S +-8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A +-mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw +-V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 +-ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR +-CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL +-5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL +-QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX +-ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY ++MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 ++k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou ++zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO ++wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK ++v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC ++0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA ++rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM ++zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx ++DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy ++xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 ++ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h ++Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ ++TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL ++MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +-NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44 +-BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL +-J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 +-LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd +-62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt +-MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l +-aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK +-3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b +-bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ +-9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 +-DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B +-E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV +-hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g +-lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D +-KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv +-OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo +-+sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l +-cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs +-Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud +-DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +-HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw +-cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0 +-UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7 +-YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo +-JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w +-FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w== ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz ++MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB ++MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw ++N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs ++HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 ++Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt ++kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J ++MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 ++ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 ++6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ ++IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV ++ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv ++stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA ++EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E ++hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P ++faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH +++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy ++HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx ++ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd ++GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV ++HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL ++vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL ++sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq ++TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1 ++3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ ++2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW ++fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw= + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdsa2.pem openssl-3.0.9-new/test/smime-certs/smdsa2.pem +--- openssl-3.0.9/test/smime-certs/smdsa2.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smdsa2.pem 2023-05-31 14:33:16.632113068 +0200 +@@ -1,47 +1,47 @@ + -----BEGIN PRIVATE KEY----- +-MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 +-i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t +-4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa +-kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg +-c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S +-8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A +-mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw +-V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 +-ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR +-CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL +-5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL +-QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX +-ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018 ++MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 ++k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou ++zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO ++wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK ++v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC ++0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA ++rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM ++zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx ++DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy ++xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 ++ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h ++Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ ++TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL ++MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +-NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44 +-BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL +-J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 +-LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd +-62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt +-MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l +-aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK +-3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b +-bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ +-9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 +-DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B +-E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV +-hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o +-HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx +-4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx +-pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji +-mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA +-shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K +-3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud +-DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +-HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky +-4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1 +-oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO +-vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf +-RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3 +-tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg== ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz ++MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB ++MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw ++N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs ++HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 ++Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt ++kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J ++MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 ++ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 ++6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ ++IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV ++ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv ++stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA ++EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s ++zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO ++b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR ++7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA ++DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r ++z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm ++MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV ++HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL ++vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat ++MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx ++53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW ++Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU ++q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r ++us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA= + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smdsa3.pem openssl-3.0.9-new/test/smime-certs/smdsa3.pem +--- openssl-3.0.9/test/smime-certs/smdsa3.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smdsa3.pem 2023-05-31 14:33:16.632113068 +0200 +@@ -1,47 +1,47 @@ + -----BEGIN PRIVATE KEY----- +-MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 +-i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t +-4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa +-kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg +-c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S +-8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A +-mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw +-V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 +-ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR +-CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL +-5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL +-QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX +-ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A== ++MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 ++k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou ++zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO ++wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK ++v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC ++0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA ++rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM ++zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx ++DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy ++xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 ++ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h ++Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ ++TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL ++MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +-NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44 +-BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL +-J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 +-LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd +-62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt +-MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l +-aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK +-3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b +-bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ +-9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 +-DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B +-E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV +-hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G +-TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg +-sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0 +-5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt +-rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe +-jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1 +-jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud +-DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +-HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh +-M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P +-wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe +-azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl +-SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5 +-ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A== ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz ++MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB ++MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw ++N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs ++HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 ++Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt ++kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J ++MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 ++ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 ++6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ ++IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV ++ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv ++stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA ++EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h ++nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY ++rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA ++LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl ++pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof ++nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc ++W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV ++HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL ++vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR ++egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5 ++OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw ++f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J ++deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87 ++2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs= + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smec1.pem openssl-3.0.9-new/test/smime-certs/smec1.pem +--- openssl-3.0.9/test/smime-certs/smec1.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smec1.pem 2023-05-31 14:33:16.632113068 +0200 +@@ -1,22 +1,22 @@ + -----BEGIN PRIVATE KEY----- +-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB +-Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ +-7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky ++MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS ++DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV ++3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL ++MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +-NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq +-hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91 +-/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G +-A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD +-VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB +-AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo +-qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK +-2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F +-PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9 +-pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl +-LJRua7p4Wt/8GQENDrVkHqU= ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz ++MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI ++zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2 ++gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV ++HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud ++IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp ++sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9 ++1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj ++weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R ++mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy ++hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ ++V5ASvNRiGWIJK5XF+zRY + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smec2.pem openssl-3.0.9-new/test/smime-certs/smec2.pem +--- openssl-3.0.9/test/smime-certs/smec2.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smec2.pem 2023-05-31 14:33:16.632113068 +0200 +@@ -1,23 +1,23 @@ + -----BEGIN PRIVATE KEY----- +-MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ +-HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X +-IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp +-HqER ++MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl ++brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7 ++uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 ++6bQ= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL ++MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw +-NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr +-gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2 +-1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC +-MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK +-9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF +-AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz +-5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m +-IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao +-enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ +-rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R +-lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA== ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz ++MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE ++ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT ++cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA ++MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw ++HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD ++ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ ++Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5 ++7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd ++oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60 ++cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ ++/UfNk+5Y3g5Mm642MLvjBEUqurw= + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smroot.pem openssl-3.0.9-new/test/smime-certs/smroot.pem +--- openssl-3.0.9/test/smime-certs/smroot.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smroot.pem 2023-05-31 14:33:16.633113067 +0200 +@@ -1,49 +1,49 @@ + -----BEGIN PRIVATE KEY----- +-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA +-T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke +-iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K +-H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg +-cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR +-0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt +-+UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS +-F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U +-MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv +-kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham +-AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r +-IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib +-YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF +-TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f +-bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn +-0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub +-KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG +-gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI +-H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z +-DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR +-8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR +-pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx +-5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2 +-Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil +-GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI +-DL5zP8gmBL9ZAOO/J9YacxWYMQ== ++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq ++nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL ++DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc ++BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI ++MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV ++kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q ++LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c ++b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R ++Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu ++ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 ++Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF ++ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp ++PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx ++mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw ++nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z ++8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw ++fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu ++PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T ++5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP ++aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq ++qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr ++yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK ++NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 ++bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI ++vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ ++KfvPCYimQwBjVrEnSntLPR0= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL ++MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +-NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB +-AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag +-ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m +-BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e +-fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk +-lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA +-vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud +-DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq +-HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq +-hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko +-/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE +-dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+ +-LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB +-Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S +-7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ== ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy ++MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF ++AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR ++4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb ++qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj ++pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN ++lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2 ++QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E ++FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw ++doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI ++hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN ++r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z ++tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx ++kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo ++bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2 ++b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8= + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smrsa1.pem openssl-3.0.9-new/test/smime-certs/smrsa1.pem +--- openssl-3.0.9/test/smime-certs/smrsa1.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smrsa1.pem 2023-05-31 14:33:16.633113067 +0200 +@@ -1,49 +1,49 @@ + -----BEGIN PRIVATE KEY----- +-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm +-CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6 +-YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR +-+B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1 +-KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI +-qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj +-n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3 +-gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv +-2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0 +-9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3 +-4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu +-e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5 +-oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td +-2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS +-1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+ +-Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX +-5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT +-SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo +-zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE +-ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F +-wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J +-jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ +-tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o +-co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4 +-psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc +-NOlOojKDO+dELErpShJgFIaU ++MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC ++xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID ++3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU ++/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D ++orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs ++CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH ++XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp ++KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i ++cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL ++s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 ++27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak ++cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT ++8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze ++j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG ++ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da ++ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk ++LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ ++msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q ++55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or ++sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 ++d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR ++355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG ++hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu ++iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST ++1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn ++zQpuMJliRlrq/5JkIbH6SA== + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL ++MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +-NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B +-AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6 +-OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J +-eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2 +-l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg +-9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM +-32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV +-HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB +-MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +-hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+ +-BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF +-QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1 +-vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL +-0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI +-XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w= ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz ++MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw ++D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy ++5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS ++9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH ++yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT ++0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T ++AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM ++y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm ++CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq ++oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ ++kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0 ++EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY ++7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smrsa2.pem openssl-3.0.9-new/test/smime-certs/smrsa2.pem +--- openssl-3.0.9/test/smime-certs/smrsa2.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smrsa2.pem 2023-05-31 14:33:16.633113067 +0200 +@@ -1,49 +1,49 @@ + -----BEGIN PRIVATE KEY----- +-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j +-SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b +-FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk +-GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn +-4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT +-3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T +-hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi +-BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB +-v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg +-Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ +-DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D +-xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT +-RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq +-AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB +-8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH +-YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW +-kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR +-B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0 +-x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb +-b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs +-cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o +-qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc +-1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK +-u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q +-13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9 +-k6W9F60mEFz1Owh+lQv7WfSIVA== ++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 ++iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq ++V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD ++lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 ++U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 ++NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB ++Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 ++J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI ++dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW ++3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz ++XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK ++3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK ++Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa ++P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI ++LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN ++bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX ++q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 ++38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm ++hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t ++QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb ++0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS ++8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 ++KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e ++y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR ++hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n ++yrLyf+8hjm6H6zkjqiOkHAl+ + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL ++MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +-NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B +-AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or +-fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU +-7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv +-hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT +-INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM +-Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV +-HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR +-rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +-hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v +-gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK +-7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp +-LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5 +-zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA +-EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E= ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz ++MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6 ++RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7 ++snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk ++HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM ++ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2 ++Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T ++AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT ++6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD ++QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa ++9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv ++i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR ++pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM ++1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE + -----END CERTIFICATE----- +diff -rupN --no-dereference openssl-3.0.9/test/smime-certs/smrsa3.pem openssl-3.0.9-new/test/smime-certs/smrsa3.pem +--- openssl-3.0.9/test/smime-certs/smrsa3.pem 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/test/smime-certs/smrsa3.pem 2023-05-31 14:33:16.634113067 +0200 +@@ -1,49 +1,49 @@ + -----BEGIN PRIVATE KEY----- +-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 +-toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB +-GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi +-ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK +-2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M +-jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq +-DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb +-Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ +-0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh +-/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG +-A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI +-vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I +-pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi +-YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS +-wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ +-BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto +-NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o +-c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K +-7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt +-oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L +-3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk +-YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr +-Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs +-Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz +-TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X +-fNcb5iDYqZRzD8ixBbLxUw== ++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji ++OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 ++Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX ++63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H ++XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l ++vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 ++L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP ++lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf ++BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR ++OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ ++i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se ++snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 ++wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn ++8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ ++ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm ++oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX ++LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E ++yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 ++2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc ++RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK ++KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk ++isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL ++rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw ++IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh ++yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF ++RvOAi5wVkYylDxV4238MAZIq + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL ++MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +-NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B +-AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC +-XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ +-qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK +-wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI +-U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N +-f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV +-HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi +-V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +-hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq +-112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd +-CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 +-iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW +-ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE +-BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz ++MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x ++b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM ++sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5 ++FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO ++Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj ++If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T ++AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868 ++yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c ++P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs ++s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn ++Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7 ++xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu ++r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf + -----END CERTIFICATE----- diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch new file mode 100644 index 0000000..6edea38 --- /dev/null +++ b/0062-fips-Expose-a-FIPS-indicator.patch @@ -0,0 +1,401 @@ +diff -rupN --no-dereference openssl-3.0.9/doc/build.info openssl-3.0.9-new/doc/build.info +--- openssl-3.0.9/doc/build.info 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/build.info 2023-05-31 14:33:16.925112941 +0200 +@@ -4461,6 +4461,10 @@ DEPEND[html/man7/fips_module.html]=man7/ + GENERATE[html/man7/fips_module.html]=man7/fips_module.pod + DEPEND[man/man7/fips_module.7]=man7/fips_module.pod + GENERATE[man/man7/fips_module.7]=man7/fips_module.pod ++DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod ++GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod ++DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod ++GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod + DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod + GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod + DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod +@@ -4706,6 +4710,7 @@ html/man7/ct.html \ + html/man7/des_modes.html \ + html/man7/evp.html \ + html/man7/fips_module.html \ ++html/man7/fips_module_indicators.html \ + html/man7/life_cycle-cipher.html \ + html/man7/life_cycle-digest.html \ + html/man7/life_cycle-kdf.html \ +@@ -4832,6 +4837,7 @@ man/man7/ct.7 \ + man/man7/des_modes.7 \ + man/man7/evp.7 \ + man/man7/fips_module.7 \ ++man/man7/fips_module_indicators.7 \ + man/man7/life_cycle-cipher.7 \ + man/man7/life_cycle-digest.7 \ + man/man7/life_cycle-kdf.7 \ +diff -rupN --no-dereference openssl-3.0.9/doc/man7/fips_module_indicators.pod openssl-3.0.9-new/doc/man7/fips_module_indicators.pod +--- openssl-3.0.9/doc/man7/fips_module_indicators.pod 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/doc/man7/fips_module_indicators.pod 2023-05-31 14:33:16.925112941 +0200 +@@ -0,0 +1,154 @@ ++=pod ++ ++=head1 NAME ++ ++fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide ++ ++=head1 DESCRIPTION ++ ++This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider ++implements Approved Security Service Indicators according to the FIPS 140-3 ++Implementation Guidelines, section 2.4.C. See ++L ++for the FIPS 140-3 Implementation Guidelines. ++ ++For all approved services except signatures, the Red Hat OpenSSL FIPS provider ++uses the return code as the indicator as understood by FIPS 140-3. That means ++that every operation that succeeds denotes use of an approved security service. ++Operations that do not succeed may not have been approved security services, or ++may have been used incorrectly. ++ ++For signatures, an explicit indicator API is available to determine whether ++a selected operation is an approved security service, in combination with the ++return code of the operation. For a signature operation to be approved, the ++explicit indicator must claim it as approved, and it must succeed. ++ ++=head2 Querying the explicit indicator ++ ++The Red Hat OpenSSL FIPS provider exports a symbol named ++I that provides information on which signature ++operations are approved security functions. To use this function, either link ++against I directly, or load it at runtime using dlopen(3) and ++dlsym(3). ++ ++ #include ++ #include "providers/fips/indicator.h" ++ ++ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY); ++ if (provider == NULL) { ++ fprintf(stderr, "%s\n", dlerror()); ++ // handle error ++ } ++ ++ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \ ++ = dlsym(provider, "redhat_ossl_query_fipsindicator"); ++ if (redhat_ossl_query_fipsindicator == NULL) { ++ fprintf(stderr, "%s\n", dlerror()); ++ fprintf(stderr, "Does your copy of fips.so have the required Red Hat" ++ " patches?\n"); ++ // handle error ++ } ++ ++Note that this uses the I header, which is not ++public. Install the I package from the I ++repository using I and include ++I in the compiler's include path. ++ ++I expects an operation ID as its only ++argument. Currently, the only supported operation ID is I to ++obtain the indicators for signature operations. On success, the return value is ++a pointer to an array of Is. On failure, NULL is ++returned. The last entry in the array is indicated by I being ++NULL. ++ ++ typedef struct ossl_rh_fipsindicator_algorithm_st { ++ const char *algorithm_names; /* key */ ++ const char *property_definition; /* key */ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; ++ } OSSL_RH_FIPSINDICATOR_ALGORITHM; ++ ++ typedef struct ossl_rh_fipsindicator_dispatch_st { ++ int function_id; ++ int approved; ++ } OSSL_RH_FIPSINDICATOR_DISPATCH; ++ ++The I field is a colon-separated list of algorithm names from ++one of the I constants, e.g., I. strtok(3) can ++be used to locate the appropriate entry. See the example below, where ++I contains the algorithm name to search for: ++ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL; ++ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator = ++ redhat_ossl_query_fipsindicator(operation_id); ++ if (indicator == NULL) { ++ fprintf(stderr, "No indicator for operation, probably using implicit" ++ " indicators.\n"); ++ // handle error ++ } ++ ++ for (; indicator->algorithm_names != NULL; ++indicator) { ++ char *algorithm_names = strdup(indicator->algorithm_names); ++ if (algorithm_names == NULL) { ++ perror("strdup(3)"); ++ // handle error ++ } ++ ++ const char *algorithm_name = strtok(algorithm_names, ":"); ++ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) { ++ if (strcasecmp(algorithm_name, algorithm) == 0) { ++ indicator_dispatch = indicator->indicators; ++ free(algorithm_names); ++ algorithm_names = NULL; ++ break; ++ } ++ } ++ free(algorithm_names); ++ } ++ if (indicator_dispatch == NULL) { ++ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm); ++ // handle error ++ } ++ ++If an appropriate I array is available for the ++given algorithm name, it maps function IDs to their approval status. The last ++entry is indicated by a zero I. I is ++I if the operation is an approved security ++service, or part of an approved security service, or ++I otherwise. Any other value is invalid. ++Function IDs are I constants from I, ++e.g., I or I. ++ ++Assuming I is the function in question, the following code can be ++used to query the approval status: ++ ++ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) { ++ if (indicator_dispatch->function_id == function_id) { ++ switch (indicator_dispatch->approved) { ++ case OSSL_RH_FIPSINDICATOR_APPROVED: ++ // approved security service ++ break; ++ case OSSL_RH_FIPSINDICATOR_UNAPPROVED: ++ // unapproved security service ++ break; ++ default: ++ // invalid result ++ break; ++ } ++ break; ++ } ++ } ++ ++=head1 SEE ALSO ++ ++L, L ++ ++=head1 COPYRIGHT ++ ++Copyright 2022 Red Hat, Inc. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff -rupN --no-dereference openssl-3.0.9/providers/fips/fipsprov.c openssl-3.0.9-new/providers/fips/fipsprov.c +--- openssl-3.0.9/providers/fips/fipsprov.c 2023-05-31 14:33:14.351114053 +0200 ++++ openssl-3.0.9-new/providers/fips/fipsprov.c 2023-05-31 14:33:16.925112941 +0200 +@@ -23,6 +23,7 @@ + #include "prov/seeding.h" + #include "self_test.h" + #include "internal/core.h" ++#include "indicator.h" + + static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; + static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; +@@ -409,6 +410,68 @@ static const OSSL_ALGORITHM fips_signatu + { NULL, NULL, NULL } + }; + ++static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = { ++ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } ++}; ++ ++static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = { ++ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } ++}; ++ ++static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = { ++ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ++ redhat_rsa_signature_indicators }, ++#ifndef OPENSSL_NO_EC ++ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ++ redhat_ecdsa_signature_indicators }, ++#endif ++ { NULL, NULL, NULL } ++}; ++ + static const OSSL_ALGORITHM fips_asym_cipher[] = { + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, + { NULL, NULL, NULL } +@@ -493,6 +556,14 @@ static const OSSL_ALGORITHM *fips_query( + } + return NULL; + } ++ ++const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { ++ switch (operation_id) { ++ case OSSL_OP_SIGNATURE: ++ return redhat_indicator_fips_signature; ++ } ++ return NULL; ++} + + static void fips_teardown(void *provctx) + { +diff -rupN --no-dereference openssl-3.0.9/providers/fips/indicator.h openssl-3.0.9-new/providers/fips/indicator.h +--- openssl-3.0.9/providers/fips/indicator.h 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/providers/fips/indicator.h 2023-05-31 14:33:16.926112941 +0200 +@@ -0,0 +1,66 @@ ++/* ++ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OPENSSL_FIPS_INDICATOR_H ++# define OPENSSL_FIPS_INDICATOR_H ++# pragma once ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0) ++# define OSSL_RH_FIPSINDICATOR_APPROVED (1) ++ ++/* ++ * FIPS indicator dispatch table element. function_id numbers and the ++ * functions are defined in core_dispatch.h, see macros with ++ * 'OSSL_CORE_MAKE_FUNC' in their names. ++ * ++ * An array of these is always terminated by function_id == 0 ++ */ ++typedef struct ossl_rh_fipsindicator_dispatch_st { ++ int function_id; ++ int approved; ++} OSSL_RH_FIPSINDICATOR_DISPATCH; ++ ++/* ++ * Type to tie together algorithm names, property definition string and the ++ * algorithm implementation's FIPS indicator status in the form of a FIPS ++ * indicator dispatch table. ++ * ++ * An array of these is always terminated by algorithm_names == NULL ++ */ ++typedef struct ossl_rh_fipsindicator_algorithm_st { ++ const char *algorithm_names; /* key */ ++ const char *property_definition; /* key */ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; ++} OSSL_RH_FIPSINDICATOR_ALGORITHM; ++ ++/** ++ * Query FIPS indicator status for the given operation. Possible values for ++ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms ++ * use implicit indicators. The return value is an array of ++ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with ++ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of ++ * algorithm names, 'property_definition' a comma-separated list of properties, ++ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This ++ * list is terminated by function_id == 0. 'function_id' is one of the ++ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL. ++ * ++ * If there is no entry in the returned struct for the given operation_id, ++ * algorithm name, or function_id, the algorithm is unapproved. ++ */ ++const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id); ++ ++# ifdef __cplusplus ++} ++# endif ++ ++#endif +diff -rupN --no-dereference openssl-3.0.9/util/mkdef.pl openssl-3.0.9-new/util/mkdef.pl +--- openssl-3.0.9/util/mkdef.pl 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/util/mkdef.pl 2023-05-31 14:33:16.926112941 +0200 +@@ -153,7 +153,8 @@ $ordinal_opts{filter} = + return + $item->exists() + && platform_filter($item) +- && feature_filter($item); ++ && feature_filter($item) ++ && fips_filter($item, $name); + }; + my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file); + +@@ -209,6 +210,28 @@ sub feature_filter { + return $verdict; + } + ++sub fips_filter { ++ my $item = shift; ++ my $name = uc(shift); ++ my @features = ( $item->features() ); ++ ++ # True if no features are defined ++ return 1 if scalar @features == 0; ++ ++ my @matches = grep(/^ONLY_.*$/, @features); ++ if (@matches) { ++ # There is at least one only_* flag on this symbol, check if any of ++ # them match the name ++ for (@matches) { ++ if ($_ eq "ONLY_${name}") { ++ return 1; ++ } ++ } ++ return 0; ++ } ++ return 1; ++} ++ + sub sorter_unix { + my $by_name = OpenSSL::Ordinals::by_name(); + my %weight = ( +diff -rupN --no-dereference openssl-3.0.9/util/providers.num openssl-3.0.9-new/util/providers.num +--- openssl-3.0.9/util/providers.num 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/util/providers.num 2023-05-31 14:33:16.926112941 +0200 +@@ -1 +1,2 @@ + OSSL_provider_init 1 * EXIST::FUNCTION: ++redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS diff --git a/0071-AES-GCM-performance-optimization.patch b/0071-AES-GCM-performance-optimization.patch new file mode 100644 index 0000000..8065c68 --- /dev/null +++ b/0071-AES-GCM-performance-optimization.patch @@ -0,0 +1,1627 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/modes/asm/aes-gcm-ppc.pl openssl-3.0.9-new/crypto/modes/asm/aes-gcm-ppc.pl +--- openssl-3.0.9/crypto/modes/asm/aes-gcm-ppc.pl 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/crypto/modes/asm/aes-gcm-ppc.pl 2023-05-31 14:33:17.191112825 +0200 +@@ -0,0 +1,1438 @@ ++#! /usr/bin/env perl ++# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright 2021- IBM Inc. All rights reserved ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++# ++#=================================================================================== ++# Written by Danny Tsen for OpenSSL Project, ++# ++# GHASH is based on the Karatsuba multiplication method. ++# ++# Xi xor X1 ++# ++# X1 * H^4 + X2 * H^3 + x3 * H^2 + X4 * H = ++# (X1.h * H4.h + xX.l * H4.l + X1 * H4) + ++# (X2.h * H3.h + X2.l * H3.l + X2 * H3) + ++# (X3.h * H2.h + X3.l * H2.l + X3 * H2) + ++# (X4.h * H.h + X4.l * H.l + X4 * H) ++# ++# Xi = v0 ++# H Poly = v2 ++# Hash keys = v3 - v14 ++# ( H.l, H, H.h) ++# ( H^2.l, H^2, H^2.h) ++# ( H^3.l, H^3, H^3.h) ++# ( H^4.l, H^4, H^4.h) ++# ++# v30 is IV ++# v31 - counter 1 ++# ++# AES used, ++# vs0 - vs14 for round keys ++# v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted) ++# ++# This implementation uses stitched AES-GCM approach to improve overall performance. ++# AES is implemented with 8x blocks and GHASH is using 2 4x blocks. ++# ++# Current large block (16384 bytes) performance per second with 128 bit key -- ++# ++# Encrypt Decrypt ++# Power10[le] (3.5GHz) 5.32G 5.26G ++# ++# =================================================================================== ++# ++# $output is the last argument if it looks like a file (it has an extension) ++# $flavour is the first argument if it doesn't look like a file ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++if ($flavour =~ /64/) { ++ $SIZE_T=8; ++ $LRSAVE=2*$SIZE_T; ++ $STU="stdu"; ++ $POP="ld"; ++ $PUSH="std"; ++ $UCMP="cmpld"; ++ $SHRI="srdi"; ++} elsif ($flavour =~ /32/) { ++ $SIZE_T=4; ++ $LRSAVE=$SIZE_T; ++ $STU="stwu"; ++ $POP="lwz"; ++ $PUSH="stw"; ++ $UCMP="cmplw"; ++ $SHRI="srwi"; ++} else { die "nonsense $flavour"; } ++ ++$sp="r1"; ++$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or ++die "can't locate ppc-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour \"$output\"" ++ or die "can't call $xlate: $!"; ++ ++$code=<<___; ++.machine "any" ++.text ++ ++# 4x loops ++# v15 - v18 - input states ++# vs1 - vs9 - round keys ++# ++.macro Loop_aes_middle4x ++ xxlor 19+32, 1, 1 ++ xxlor 20+32, 2, 2 ++ xxlor 21+32, 3, 3 ++ xxlor 22+32, 4, 4 ++ ++ vcipher 15, 15, 19 ++ vcipher 16, 16, 19 ++ vcipher 17, 17, 19 ++ vcipher 18, 18, 19 ++ ++ vcipher 15, 15, 20 ++ vcipher 16, 16, 20 ++ vcipher 17, 17, 20 ++ vcipher 18, 18, 20 ++ ++ vcipher 15, 15, 21 ++ vcipher 16, 16, 21 ++ vcipher 17, 17, 21 ++ vcipher 18, 18, 21 ++ ++ vcipher 15, 15, 22 ++ vcipher 16, 16, 22 ++ vcipher 17, 17, 22 ++ vcipher 18, 18, 22 ++ ++ xxlor 19+32, 5, 5 ++ xxlor 20+32, 6, 6 ++ xxlor 21+32, 7, 7 ++ xxlor 22+32, 8, 8 ++ ++ vcipher 15, 15, 19 ++ vcipher 16, 16, 19 ++ vcipher 17, 17, 19 ++ vcipher 18, 18, 19 ++ ++ vcipher 15, 15, 20 ++ vcipher 16, 16, 20 ++ vcipher 17, 17, 20 ++ vcipher 18, 18, 20 ++ ++ vcipher 15, 15, 21 ++ vcipher 16, 16, 21 ++ vcipher 17, 17, 21 ++ vcipher 18, 18, 21 ++ ++ vcipher 15, 15, 22 ++ vcipher 16, 16, 22 ++ vcipher 17, 17, 22 ++ vcipher 18, 18, 22 ++ ++ xxlor 23+32, 9, 9 ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++.endm ++ ++# 8x loops ++# v15 - v22 - input states ++# vs1 - vs9 - round keys ++# ++.macro Loop_aes_middle8x ++ xxlor 23+32, 1, 1 ++ xxlor 24+32, 2, 2 ++ xxlor 25+32, 3, 3 ++ xxlor 26+32, 4, 4 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ vcipher 15, 15, 25 ++ vcipher 16, 16, 25 ++ vcipher 17, 17, 25 ++ vcipher 18, 18, 25 ++ vcipher 19, 19, 25 ++ vcipher 20, 20, 25 ++ vcipher 21, 21, 25 ++ vcipher 22, 22, 25 ++ ++ vcipher 15, 15, 26 ++ vcipher 16, 16, 26 ++ vcipher 17, 17, 26 ++ vcipher 18, 18, 26 ++ vcipher 19, 19, 26 ++ vcipher 20, 20, 26 ++ vcipher 21, 21, 26 ++ vcipher 22, 22, 26 ++ ++ xxlor 23+32, 5, 5 ++ xxlor 24+32, 6, 6 ++ xxlor 25+32, 7, 7 ++ xxlor 26+32, 8, 8 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ vcipher 15, 15, 25 ++ vcipher 16, 16, 25 ++ vcipher 17, 17, 25 ++ vcipher 18, 18, 25 ++ vcipher 19, 19, 25 ++ vcipher 20, 20, 25 ++ vcipher 21, 21, 25 ++ vcipher 22, 22, 25 ++ ++ vcipher 15, 15, 26 ++ vcipher 16, 16, 26 ++ vcipher 17, 17, 26 ++ vcipher 18, 18, 26 ++ vcipher 19, 19, 26 ++ vcipher 20, 20, 26 ++ vcipher 21, 21, 26 ++ vcipher 22, 22, 26 ++ ++ xxlor 23+32, 9, 9 ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++.endm ++ ++# ++# Compute 4x hash values based on Karatsuba method. ++# ++ppc_aes_gcm_ghash: ++ vxor 15, 15, 0 ++ ++ xxlxor 29, 29, 29 ++ ++ vpmsumd 23, 12, 15 # H4.L * X.L ++ vpmsumd 24, 9, 16 ++ vpmsumd 25, 6, 17 ++ vpmsumd 26, 3, 18 ++ ++ vxor 23, 23, 24 ++ vxor 23, 23, 25 ++ vxor 23, 23, 26 # L ++ ++ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L ++ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L ++ vpmsumd 26, 7, 17 ++ vpmsumd 27, 4, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 # M ++ ++ # sum hash and reduction with H Poly ++ vpmsumd 28, 23, 2 # reduction ++ ++ xxlor 29+32, 29, 29 ++ vsldoi 26, 24, 29, 8 # mL ++ vsldoi 29, 29, 24, 8 # mH ++ vxor 23, 23, 26 # mL + L ++ ++ vsldoi 23, 23, 23, 8 # swap ++ vxor 23, 23, 28 ++ ++ vpmsumd 24, 14, 15 # H4.H * X.H ++ vpmsumd 25, 11, 16 ++ vpmsumd 26, 8, 17 ++ vpmsumd 27, 5, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 ++ ++ vxor 24, 24, 29 ++ ++ # sum hash and reduction with H Poly ++ vsldoi 27, 23, 23, 8 # swap ++ vpmsumd 23, 23, 2 ++ vxor 27, 27, 24 ++ vxor 23, 23, 27 ++ ++ xxlor 32, 23+32, 23+32 # update hash ++ ++ blr ++ ++# ++# Combine two 4x ghash ++# v15 - v22 - input blocks ++# ++.macro ppc_aes_gcm_ghash2_4x ++ # first 4x hash ++ vxor 15, 15, 0 # Xi + X ++ ++ xxlxor 29, 29, 29 ++ ++ vpmsumd 23, 12, 15 # H4.L * X.L ++ vpmsumd 24, 9, 16 ++ vpmsumd 25, 6, 17 ++ vpmsumd 26, 3, 18 ++ ++ vxor 23, 23, 24 ++ vxor 23, 23, 25 ++ vxor 23, 23, 26 # L ++ ++ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L ++ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L ++ vpmsumd 26, 7, 17 ++ vpmsumd 27, 4, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ ++ # sum hash and reduction with H Poly ++ vpmsumd 28, 23, 2 # reduction ++ ++ xxlor 29+32, 29, 29 ++ ++ vxor 24, 24, 27 # M ++ vsldoi 26, 24, 29, 8 # mL ++ vsldoi 29, 29, 24, 8 # mH ++ vxor 23, 23, 26 # mL + L ++ ++ vsldoi 23, 23, 23, 8 # swap ++ vxor 23, 23, 28 ++ ++ vpmsumd 24, 14, 15 # H4.H * X.H ++ vpmsumd 25, 11, 16 ++ vpmsumd 26, 8, 17 ++ vpmsumd 27, 5, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 # H ++ ++ vxor 24, 24, 29 # H + mH ++ ++ # sum hash and reduction with H Poly ++ vsldoi 27, 23, 23, 8 # swap ++ vpmsumd 23, 23, 2 ++ vxor 27, 27, 24 ++ vxor 27, 23, 27 # 1st Xi ++ ++ # 2nd 4x hash ++ vpmsumd 24, 9, 20 ++ vpmsumd 25, 6, 21 ++ vpmsumd 26, 3, 22 ++ vxor 19, 19, 27 # Xi + X ++ vpmsumd 23, 12, 19 # H4.L * X.L ++ ++ vxor 23, 23, 24 ++ vxor 23, 23, 25 ++ vxor 23, 23, 26 # L ++ ++ vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L ++ vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L ++ vpmsumd 26, 7, 21 ++ vpmsumd 27, 4, 22 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ ++ # sum hash and reduction with H Poly ++ vpmsumd 28, 23, 2 # reduction ++ ++ xxlor 29+32, 29, 29 ++ ++ vxor 24, 24, 27 # M ++ vsldoi 26, 24, 29, 8 # mL ++ vsldoi 29, 29, 24, 8 # mH ++ vxor 23, 23, 26 # mL + L ++ ++ vsldoi 23, 23, 23, 8 # swap ++ vxor 23, 23, 28 ++ ++ vpmsumd 24, 14, 19 # H4.H * X.H ++ vpmsumd 25, 11, 20 ++ vpmsumd 26, 8, 21 ++ vpmsumd 27, 5, 22 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 # H ++ ++ vxor 24, 24, 29 # H + mH ++ ++ # sum hash and reduction with H Poly ++ vsldoi 27, 23, 23, 8 # swap ++ vpmsumd 23, 23, 2 ++ vxor 27, 27, 24 ++ vxor 23, 23, 27 ++ ++ xxlor 32, 23+32, 23+32 # update hash ++ ++.endm ++ ++# ++# Compute update single hash ++# ++.macro ppc_update_hash_1x ++ vxor 28, 28, 0 ++ ++ vxor 19, 19, 19 ++ ++ vpmsumd 22, 3, 28 # L ++ vpmsumd 23, 4, 28 # M ++ vpmsumd 24, 5, 28 # H ++ ++ vpmsumd 27, 22, 2 # reduction ++ ++ vsldoi 25, 23, 19, 8 # mL ++ vsldoi 26, 19, 23, 8 # mH ++ vxor 22, 22, 25 # LL + LL ++ vxor 24, 24, 26 # HH + HH ++ ++ vsldoi 22, 22, 22, 8 # swap ++ vxor 22, 22, 27 ++ ++ vsldoi 20, 22, 22, 8 # swap ++ vpmsumd 22, 22, 2 # reduction ++ vxor 20, 20, 24 ++ vxor 22, 22, 20 ++ ++ vmr 0, 22 # update hash ++ ++.endm ++ ++# ++# ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len, ++# const AES_KEY *key, unsigned char iv[16], ++# void *Xip); ++# ++# r3 - inp ++# r4 - out ++# r5 - len ++# r6 - AES round keys ++# r7 - iv ++# r8 - Xi, HPoli, hash keys ++# ++.global ppc_aes_gcm_encrypt ++.align 5 ++ppc_aes_gcm_encrypt: ++_ppc_aes_gcm_encrypt: ++ ++ stdu 1,-512(1) ++ mflr 0 ++ ++ std 14,112(1) ++ std 15,120(1) ++ std 16,128(1) ++ std 17,136(1) ++ std 18,144(1) ++ std 19,152(1) ++ std 20,160(1) ++ std 21,168(1) ++ li 9, 256 ++ stvx 20, 9, 1 ++ addi 9, 9, 16 ++ stvx 21, 9, 1 ++ addi 9, 9, 16 ++ stvx 22, 9, 1 ++ addi 9, 9, 16 ++ stvx 23, 9, 1 ++ addi 9, 9, 16 ++ stvx 24, 9, 1 ++ addi 9, 9, 16 ++ stvx 25, 9, 1 ++ addi 9, 9, 16 ++ stvx 26, 9, 1 ++ addi 9, 9, 16 ++ stvx 27, 9, 1 ++ addi 9, 9, 16 ++ stvx 28, 9, 1 ++ addi 9, 9, 16 ++ stvx 29, 9, 1 ++ addi 9, 9, 16 ++ stvx 30, 9, 1 ++ addi 9, 9, 16 ++ stvx 31, 9, 1 ++ std 0, 528(1) ++ ++ # Load Xi ++ lxvb16x 32, 0, 8 # load Xi ++ ++ # load Hash - h^4, h^3, h^2, h ++ li 10, 32 ++ lxvd2x 2+32, 10, 8 # H Poli ++ li 10, 48 ++ lxvd2x 3+32, 10, 8 # Hl ++ li 10, 64 ++ lxvd2x 4+32, 10, 8 # H ++ li 10, 80 ++ lxvd2x 5+32, 10, 8 # Hh ++ ++ li 10, 96 ++ lxvd2x 6+32, 10, 8 # H^2l ++ li 10, 112 ++ lxvd2x 7+32, 10, 8 # H^2 ++ li 10, 128 ++ lxvd2x 8+32, 10, 8 # H^2h ++ ++ li 10, 144 ++ lxvd2x 9+32, 10, 8 # H^3l ++ li 10, 160 ++ lxvd2x 10+32, 10, 8 # H^3 ++ li 10, 176 ++ lxvd2x 11+32, 10, 8 # H^3h ++ ++ li 10, 192 ++ lxvd2x 12+32, 10, 8 # H^4l ++ li 10, 208 ++ lxvd2x 13+32, 10, 8 # H^4 ++ li 10, 224 ++ lxvd2x 14+32, 10, 8 # H^4h ++ ++ # initialize ICB: GHASH( IV ), IV - r7 ++ lxvb16x 30+32, 0, 7 # load IV - v30 ++ ++ mr 12, 5 # length ++ li 11, 0 # block index ++ ++ # counter 1 ++ vxor 31, 31, 31 ++ vspltisb 22, 1 ++ vsldoi 31, 31, 22,1 # counter 1 ++ ++ # load round key to VSR ++ lxv 0, 0(6) ++ lxv 1, 0x10(6) ++ lxv 2, 0x20(6) ++ lxv 3, 0x30(6) ++ lxv 4, 0x40(6) ++ lxv 5, 0x50(6) ++ lxv 6, 0x60(6) ++ lxv 7, 0x70(6) ++ lxv 8, 0x80(6) ++ lxv 9, 0x90(6) ++ lxv 10, 0xa0(6) ++ ++ # load rounds - 10 (128), 12 (192), 14 (256) ++ lwz 9,240(6) ++ ++ # ++ # vxor state, state, w # addroundkey ++ xxlor 32+29, 0, 0 ++ vxor 15, 30, 29 # IV + round key - add round key 0 ++ ++ cmpdi 9, 10 ++ beq Loop_aes_gcm_8x ++ ++ # load 2 more round keys (v11, v12) ++ lxv 11, 0xb0(6) ++ lxv 12, 0xc0(6) ++ ++ cmpdi 9, 12 ++ beq Loop_aes_gcm_8x ++ ++ # load 2 more round keys (v11, v12, v13, v14) ++ lxv 13, 0xd0(6) ++ lxv 14, 0xe0(6) ++ cmpdi 9, 14 ++ beq Loop_aes_gcm_8x ++ ++ b aes_gcm_out ++ ++.align 5 ++Loop_aes_gcm_8x: ++ mr 14, 3 ++ mr 9, 4 ++ ++ # n blocks ++ li 10, 128 ++ divdu 10, 5, 10 # n 128 bytes-blocks ++ cmpdi 10, 0 ++ beq Loop_last_block ++ ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 16, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 29 ++ ++ mtctr 10 ++ ++ li 15, 16 ++ li 16, 32 ++ li 17, 48 ++ li 18, 64 ++ li 19, 80 ++ li 20, 96 ++ li 21, 112 ++ ++ lwz 10, 240(6) ++ ++Loop_8x_block: ++ ++ lxvb16x 15, 0, 14 # load block ++ lxvb16x 16, 15, 14 # load block ++ lxvb16x 17, 16, 14 # load block ++ lxvb16x 18, 17, 14 # load block ++ lxvb16x 19, 18, 14 # load block ++ lxvb16x 20, 19, 14 # load block ++ lxvb16x 21, 20, 14 # load block ++ lxvb16x 22, 21, 14 # load block ++ addi 14, 14, 128 ++ ++ Loop_aes_middle8x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_next_ghash ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_next_ghash ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_next_ghash ++ b aes_gcm_out ++ ++Do_next_ghash: ++ ++ # ++ # last round ++ vcipherlast 15, 15, 23 ++ vcipherlast 16, 16, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ xxlxor 48, 48, 16 ++ stxvb16x 48, 15, 9 # store output ++ ++ vcipherlast 17, 17, 23 ++ vcipherlast 18, 18, 23 ++ ++ xxlxor 49, 49, 17 ++ stxvb16x 49, 16, 9 # store output ++ xxlxor 50, 50, 18 ++ stxvb16x 50, 17, 9 # store output ++ ++ vcipherlast 19, 19, 23 ++ vcipherlast 20, 20, 23 ++ ++ xxlxor 51, 51, 19 ++ stxvb16x 51, 18, 9 # store output ++ xxlxor 52, 52, 20 ++ stxvb16x 52, 19, 9 # store output ++ ++ vcipherlast 21, 21, 23 ++ vcipherlast 22, 22, 23 ++ ++ xxlxor 53, 53, 21 ++ stxvb16x 53, 20, 9 # store output ++ xxlxor 54, 54, 22 ++ stxvb16x 54, 21, 9 # store output ++ ++ addi 9, 9, 128 ++ ++ # ghash here ++ ppc_aes_gcm_ghash2_4x ++ ++ xxlor 27+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vmr 29, 30 ++ vxor 15, 30, 27 # add round key ++ vaddudm 30, 30, 31 ++ vxor 16, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 27 ++ ++ addi 12, 12, -128 ++ addi 11, 11, 128 ++ ++ bdnz Loop_8x_block ++ ++ vmr 30, 29 ++ ++Loop_last_block: ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++ # loop last few blocks ++ li 10, 16 ++ divdu 10, 12, 10 ++ ++ mtctr 10 ++ ++ lwz 10, 240(6) ++ ++ cmpdi 12, 16 ++ blt Final_block ++ ++.macro Loop_aes_middle_1x ++ xxlor 19+32, 1, 1 ++ xxlor 20+32, 2, 2 ++ xxlor 21+32, 3, 3 ++ xxlor 22+32, 4, 4 ++ ++ vcipher 15, 15, 19 ++ vcipher 15, 15, 20 ++ vcipher 15, 15, 21 ++ vcipher 15, 15, 22 ++ ++ xxlor 19+32, 5, 5 ++ xxlor 20+32, 6, 6 ++ xxlor 21+32, 7, 7 ++ xxlor 22+32, 8, 8 ++ ++ vcipher 15, 15, 19 ++ vcipher 15, 15, 20 ++ vcipher 15, 15, 21 ++ vcipher 15, 15, 22 ++ ++ xxlor 19+32, 9, 9 ++ vcipher 15, 15, 19 ++.endm ++ ++Next_rem_block: ++ lxvb16x 15, 0, 14 # load block ++ ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_next_1x ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_next_1x ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_next_1x ++ ++Do_next_1x: ++ vcipherlast 15, 15, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ addi 14, 14, 16 ++ addi 9, 9, 16 ++ ++ vmr 28, 15 ++ ppc_update_hash_1x ++ ++ addi 12, 12, -16 ++ addi 11, 11, 16 ++ xxlor 19+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 15, 30, 19 # add round key ++ ++ bdnz Next_rem_block ++ ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++Final_block: ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_final_1x ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_final_1x ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_final_1x ++ ++Do_final_1x: ++ vcipherlast 15, 15, 23 ++ ++ lxvb16x 15, 0, 14 # load last block ++ xxlxor 47, 47, 15 ++ ++ # create partial block mask ++ li 15, 16 ++ sub 15, 15, 12 # index to the mask ++ ++ vspltisb 16, -1 # first 16 bytes - 0xffff...ff ++ vspltisb 17, 0 # second 16 bytes - 0x0000...00 ++ li 10, 192 ++ stvx 16, 10, 1 ++ addi 10, 10, 16 ++ stvx 17, 10, 1 ++ ++ addi 10, 1, 192 ++ lxvb16x 16, 15, 10 # load partial block mask ++ xxland 47, 47, 16 ++ ++ vmr 28, 15 ++ ppc_update_hash_1x ++ ++ # * should store only the remaining bytes. ++ bl Write_partial_block ++ ++ b aes_gcm_out ++ ++# ++# Write partial block ++# r9 - output ++# r12 - remaining bytes ++# v15 - partial input data ++# ++Write_partial_block: ++ li 10, 192 ++ stxvb16x 15+32, 10, 1 # last block ++ ++ #add 10, 9, 11 # Output ++ addi 10, 9, -1 ++ addi 16, 1, 191 ++ ++ mtctr 12 # remaining bytes ++ li 15, 0 ++ ++Write_last_byte: ++ lbzu 14, 1(16) ++ stbu 14, 1(10) ++ bdnz Write_last_byte ++ blr ++ ++aes_gcm_out: ++ # out = state ++ stxvb16x 32, 0, 8 # write out Xi ++ add 3, 11, 12 # return count ++ ++ li 9, 256 ++ lvx 20, 9, 1 ++ addi 9, 9, 16 ++ lvx 21, 9, 1 ++ addi 9, 9, 16 ++ lvx 22, 9, 1 ++ addi 9, 9, 16 ++ lvx 23, 9, 1 ++ addi 9, 9, 16 ++ lvx 24, 9, 1 ++ addi 9, 9, 16 ++ lvx 25, 9, 1 ++ addi 9, 9, 16 ++ lvx 26, 9, 1 ++ addi 9, 9, 16 ++ lvx 27, 9, 1 ++ addi 9, 9, 16 ++ lvx 28, 9, 1 ++ addi 9, 9, 16 ++ lvx 29, 9, 1 ++ addi 9, 9, 16 ++ lvx 30, 9, 1 ++ addi 9, 9, 16 ++ lvx 31, 9, 1 ++ ++ ld 0, 528(1) ++ ld 14,112(1) ++ ld 15,120(1) ++ ld 16,128(1) ++ ld 17,136(1) ++ ld 18,144(1) ++ ld 19,152(1) ++ ld 20,160(1) ++ ld 21,168(1) ++ ++ mtlr 0 ++ addi 1, 1, 512 ++ blr ++ ++# ++# 8x Decrypt ++# ++.global ppc_aes_gcm_decrypt ++.align 5 ++ppc_aes_gcm_decrypt: ++_ppc_aes_gcm_decrypt: ++ ++ stdu 1,-512(1) ++ mflr 0 ++ ++ std 14,112(1) ++ std 15,120(1) ++ std 16,128(1) ++ std 17,136(1) ++ std 18,144(1) ++ std 19,152(1) ++ std 20,160(1) ++ std 21,168(1) ++ li 9, 256 ++ stvx 20, 9, 1 ++ addi 9, 9, 16 ++ stvx 21, 9, 1 ++ addi 9, 9, 16 ++ stvx 22, 9, 1 ++ addi 9, 9, 16 ++ stvx 23, 9, 1 ++ addi 9, 9, 16 ++ stvx 24, 9, 1 ++ addi 9, 9, 16 ++ stvx 25, 9, 1 ++ addi 9, 9, 16 ++ stvx 26, 9, 1 ++ addi 9, 9, 16 ++ stvx 27, 9, 1 ++ addi 9, 9, 16 ++ stvx 28, 9, 1 ++ addi 9, 9, 16 ++ stvx 29, 9, 1 ++ addi 9, 9, 16 ++ stvx 30, 9, 1 ++ addi 9, 9, 16 ++ stvx 31, 9, 1 ++ std 0, 528(1) ++ ++ # Load Xi ++ lxvb16x 32, 0, 8 # load Xi ++ ++ # load Hash - h^4, h^3, h^2, h ++ li 10, 32 ++ lxvd2x 2+32, 10, 8 # H Poli ++ li 10, 48 ++ lxvd2x 3+32, 10, 8 # Hl ++ li 10, 64 ++ lxvd2x 4+32, 10, 8 # H ++ li 10, 80 ++ lxvd2x 5+32, 10, 8 # Hh ++ ++ li 10, 96 ++ lxvd2x 6+32, 10, 8 # H^2l ++ li 10, 112 ++ lxvd2x 7+32, 10, 8 # H^2 ++ li 10, 128 ++ lxvd2x 8+32, 10, 8 # H^2h ++ ++ li 10, 144 ++ lxvd2x 9+32, 10, 8 # H^3l ++ li 10, 160 ++ lxvd2x 10+32, 10, 8 # H^3 ++ li 10, 176 ++ lxvd2x 11+32, 10, 8 # H^3h ++ ++ li 10, 192 ++ lxvd2x 12+32, 10, 8 # H^4l ++ li 10, 208 ++ lxvd2x 13+32, 10, 8 # H^4 ++ li 10, 224 ++ lxvd2x 14+32, 10, 8 # H^4h ++ ++ # initialize ICB: GHASH( IV ), IV - r7 ++ lxvb16x 30+32, 0, 7 # load IV - v30 ++ ++ mr 12, 5 # length ++ li 11, 0 # block index ++ ++ # counter 1 ++ vxor 31, 31, 31 ++ vspltisb 22, 1 ++ vsldoi 31, 31, 22,1 # counter 1 ++ ++ # load round key to VSR ++ lxv 0, 0(6) ++ lxv 1, 0x10(6) ++ lxv 2, 0x20(6) ++ lxv 3, 0x30(6) ++ lxv 4, 0x40(6) ++ lxv 5, 0x50(6) ++ lxv 6, 0x60(6) ++ lxv 7, 0x70(6) ++ lxv 8, 0x80(6) ++ lxv 9, 0x90(6) ++ lxv 10, 0xa0(6) ++ ++ # load rounds - 10 (128), 12 (192), 14 (256) ++ lwz 9,240(6) ++ ++ # ++ # vxor state, state, w # addroundkey ++ xxlor 32+29, 0, 0 ++ vxor 15, 30, 29 # IV + round key - add round key 0 ++ ++ cmpdi 9, 10 ++ beq Loop_aes_gcm_8x_dec ++ ++ # load 2 more round keys (v11, v12) ++ lxv 11, 0xb0(6) ++ lxv 12, 0xc0(6) ++ ++ cmpdi 9, 12 ++ beq Loop_aes_gcm_8x_dec ++ ++ # load 2 more round keys (v11, v12, v13, v14) ++ lxv 13, 0xd0(6) ++ lxv 14, 0xe0(6) ++ cmpdi 9, 14 ++ beq Loop_aes_gcm_8x_dec ++ ++ b aes_gcm_out ++ ++.align 5 ++Loop_aes_gcm_8x_dec: ++ mr 14, 3 ++ mr 9, 4 ++ ++ # n blocks ++ li 10, 128 ++ divdu 10, 5, 10 # n 128 bytes-blocks ++ cmpdi 10, 0 ++ beq Loop_last_block_dec ++ ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 16, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 29 ++ ++ mtctr 10 ++ ++ li 15, 16 ++ li 16, 32 ++ li 17, 48 ++ li 18, 64 ++ li 19, 80 ++ li 20, 96 ++ li 21, 112 ++ ++ lwz 10, 240(6) ++ ++Loop_8x_block_dec: ++ ++ lxvb16x 15, 0, 14 # load block ++ lxvb16x 16, 15, 14 # load block ++ lxvb16x 17, 16, 14 # load block ++ lxvb16x 18, 17, 14 # load block ++ lxvb16x 19, 18, 14 # load block ++ lxvb16x 20, 19, 14 # load block ++ lxvb16x 21, 20, 14 # load block ++ lxvb16x 22, 21, 14 # load block ++ addi 14, 14, 128 ++ ++ Loop_aes_middle8x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_last_aes_dec ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_last_aes_dec ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_last_aes_dec ++ b aes_gcm_out ++ ++Do_last_aes_dec: ++ ++ # ++ # last round ++ vcipherlast 15, 15, 23 ++ vcipherlast 16, 16, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ xxlxor 48, 48, 16 ++ stxvb16x 48, 15, 9 # store output ++ ++ vcipherlast 17, 17, 23 ++ vcipherlast 18, 18, 23 ++ ++ xxlxor 49, 49, 17 ++ stxvb16x 49, 16, 9 # store output ++ xxlxor 50, 50, 18 ++ stxvb16x 50, 17, 9 # store output ++ ++ vcipherlast 19, 19, 23 ++ vcipherlast 20, 20, 23 ++ ++ xxlxor 51, 51, 19 ++ stxvb16x 51, 18, 9 # store output ++ xxlxor 52, 52, 20 ++ stxvb16x 52, 19, 9 # store output ++ ++ vcipherlast 21, 21, 23 ++ vcipherlast 22, 22, 23 ++ ++ xxlxor 53, 53, 21 ++ stxvb16x 53, 20, 9 # store output ++ xxlxor 54, 54, 22 ++ stxvb16x 54, 21, 9 # store output ++ ++ addi 9, 9, 128 ++ ++ xxlor 15+32, 15, 15 ++ xxlor 16+32, 16, 16 ++ xxlor 17+32, 17, 17 ++ xxlor 18+32, 18, 18 ++ xxlor 19+32, 19, 19 ++ xxlor 20+32, 20, 20 ++ xxlor 21+32, 21, 21 ++ xxlor 22+32, 22, 22 ++ ++ # ghash here ++ ppc_aes_gcm_ghash2_4x ++ ++ xxlor 27+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vmr 29, 30 ++ vxor 15, 30, 27 # add round key ++ vaddudm 30, 30, 31 ++ vxor 16, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 27 ++ addi 12, 12, -128 ++ addi 11, 11, 128 ++ ++ bdnz Loop_8x_block_dec ++ ++ vmr 30, 29 ++ ++Loop_last_block_dec: ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++ # loop last few blocks ++ li 10, 16 ++ divdu 10, 12, 10 ++ ++ mtctr 10 ++ ++ lwz 10,240(6) ++ ++ cmpdi 12, 16 ++ blt Final_block_dec ++ ++Next_rem_block_dec: ++ lxvb16x 15, 0, 14 # load block ++ ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_next_1x_dec ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_next_1x_dec ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_next_1x_dec ++ ++Do_next_1x_dec: ++ vcipherlast 15, 15, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ addi 14, 14, 16 ++ addi 9, 9, 16 ++ ++ xxlor 28+32, 15, 15 ++ ppc_update_hash_1x ++ ++ addi 12, 12, -16 ++ addi 11, 11, 16 ++ xxlor 19+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 15, 30, 19 # add round key ++ ++ bdnz Next_rem_block_dec ++ ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++Final_block_dec: ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_final_1x_dec ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_final_1x_dec ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_final_1x_dec ++ ++Do_final_1x_dec: ++ vcipherlast 15, 15, 23 ++ ++ lxvb16x 15, 0, 14 # load block ++ xxlxor 47, 47, 15 ++ ++ # create partial block mask ++ li 15, 16 ++ sub 15, 15, 12 # index to the mask ++ ++ vspltisb 16, -1 # first 16 bytes - 0xffff...ff ++ vspltisb 17, 0 # second 16 bytes - 0x0000...00 ++ li 10, 192 ++ stvx 16, 10, 1 ++ addi 10, 10, 16 ++ stvx 17, 10, 1 ++ ++ addi 10, 1, 192 ++ lxvb16x 16, 15, 10 # load block mask ++ xxland 47, 47, 16 ++ ++ xxlor 28+32, 15, 15 ++ ppc_update_hash_1x ++ ++ # * should store only the remaining bytes. ++ bl Write_partial_block ++ ++ b aes_gcm_out ++ ++ ++___ ++ ++foreach (split("\n",$code)) { ++ s/\`([^\`]*)\`/eval $1/geo; ++ ++ if ($flavour =~ /le$/o) { # little-endian ++ s/le\?//o or ++ s/be\?/#be#/o; ++ } else { ++ s/le\?/#le#/o or ++ s/be\?//o; ++ } ++ print $_,"\n"; ++} ++ ++close STDOUT or die "error closing STDOUT: $!"; # enforce flush +diff -rupN --no-dereference openssl-3.0.9/crypto/modes/build.info openssl-3.0.9-new/crypto/modes/build.info +--- openssl-3.0.9/crypto/modes/build.info 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/modes/build.info 2023-05-31 14:33:17.191112825 +0200 +@@ -32,7 +32,7 @@ IF[{- !$disabled{asm} -}] + $MODESASM_parisc20_64=$MODESASM_parisc11 + $MODESDEF_parisc20_64=$MODESDEF_parisc11 + +- $MODESASM_ppc32=ghashp8-ppc.s ++ $MODESASM_ppc32=ghashp8-ppc.s aes-gcm-ppc.s + $MODESDEF_ppc32= + $MODESASM_ppc64=$MODESASM_ppc32 + $MODESDEF_ppc64=$MODESDEF_ppc32 +@@ -71,6 +71,7 @@ INCLUDE[ghash-sparcv9.o]=.. + GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl + GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl + GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl ++GENERATE[aes-gcm-ppc.s]=asm/aes-gcm-ppc.pl + GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl + INCLUDE[ghash-armv4.o]=.. + GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl +diff -rupN --no-dereference openssl-3.0.9/include/crypto/aes_platform.h openssl-3.0.9-new/include/crypto/aes_platform.h +--- openssl-3.0.9/include/crypto/aes_platform.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/crypto/aes_platform.h 2023-05-31 14:33:17.192112825 +0200 +@@ -74,6 +74,26 @@ void AES_xts_decrypt(const unsigned char + # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks + # define HWAES_xts_encrypt aes_p8_xts_encrypt + # define HWAES_xts_decrypt aes_p8_xts_decrypt ++# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) ++# define AES_GCM_ENC_BYTES 128 ++# define AES_GCM_DEC_BYTES 128 ++size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, unsigned char ivec[16], ++ u64 *Xi); ++size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, unsigned char ivec[16], ++ u64 *Xi); ++size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], u64 *Xi); ++size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], u64 *Xi); ++# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap ++# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap ++# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ ++ (gctx)->gcm.ghash==gcm_ghash_p8) ++void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); + # endif /* PPC */ + + # if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw.c openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw.c +--- openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw.c 2023-05-31 14:33:17.192112825 +0200 +@@ -141,6 +141,8 @@ static const PROV_GCM_HW aes_gcm = { + # include "cipher_aes_gcm_hw_t4.inc" + #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM) + # include "cipher_aes_gcm_hw_armv8.inc" ++#elif defined(PPC_AES_GCM_CAPABLE) ++# include "cipher_aes_gcm_hw_ppc.inc" + #else + const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) + { +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc +--- openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2023-05-31 14:33:17.192112825 +0200 +@@ -0,0 +1,119 @@ ++/* ++ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++/*- ++ * PPC support for AES GCM. ++ * This file is included by cipher_aes_gcm_hw.c ++ */ ++ ++static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, ++ size_t keylen) ++{ ++ PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; ++ AES_KEY *ks = &actx->ks.ks; ++ ++ GCM_HW_SET_KEY_CTR_FN(ks, aes_p8_set_encrypt_key, aes_p8_encrypt, ++ aes_p8_ctr32_encrypt_blocks); ++ return 1; ++} ++ ++ ++extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi); ++extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi); ++ ++static inline u32 UTO32(unsigned char *buf) ++{ ++ return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); ++} ++ ++static inline u32 add32TOU(unsigned char buf[4], u32 n) ++{ ++ u32 r; ++ ++ r = UTO32(buf); ++ r += n; ++ buf[0] = (unsigned char) (r >> 24) & 0xFF; ++ buf[1] = (unsigned char) (r >> 16) & 0xFF; ++ buf[2] = (unsigned char) (r >> 8) & 0xFF; ++ buf[3] = (unsigned char) r & 0xFF; ++ return r; ++} ++ ++static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) ++{ ++ int s = 0; ++ int ndone = 0; ++ int ctr_reset = 0; ++ u64 blocks_unused; ++ u64 nb = len / 16; ++ u64 next_ctr = 0; ++ unsigned char ctr_saved[12]; ++ ++ memcpy(ctr_saved, ivec, 12); ++ ++ while (nb) { ++ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12); ++ if (nb > blocks_unused) { ++ len = blocks_unused * 16; ++ nb -= blocks_unused; ++ next_ctr = blocks_unused; ++ ctr_reset = 1; ++ } else { ++ len = nb * 16; ++ next_ctr = nb; ++ nb = 0; ++ } ++ ++ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi) ++ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi); ++ ++ /* add counter to ivec */ ++ add32TOU(ivec + 12, (u32) next_ctr); ++ if (ctr_reset) { ++ ctr_reset = 0; ++ in += len; ++ out += len; ++ } ++ memcpy(ivec, ctr_saved, 12); ++ ndone += s; ++ } ++ ++ return ndone; ++} ++ ++size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi) ++{ ++ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); ++} ++ ++size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi) ++{ ++ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); ++} ++ ++ ++static const PROV_GCM_HW aes_ppc_gcm = { ++ aes_ppc_gcm_initkey, ++ ossl_gcm_setiv, ++ ossl_gcm_aad_update, ++ generic_aes_gcm_cipher_update, ++ ossl_gcm_cipher_final, ++ ossl_gcm_one_shot ++}; ++ ++const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) ++{ ++ return PPC_AES_GCM_CAPABLE ? &aes_ppc_gcm : &aes_gcm; ++} ++ diff --git a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch new file mode 100644 index 0000000..36af7e4 --- /dev/null +++ b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch @@ -0,0 +1,1480 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/chacha/asm/chachap10-ppc.pl openssl-3.0.9-new/crypto/chacha/asm/chachap10-ppc.pl +--- openssl-3.0.9/crypto/chacha/asm/chachap10-ppc.pl 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.9-new/crypto/chacha/asm/chachap10-ppc.pl 2023-05-31 14:33:17.458112709 +0200 +@@ -0,0 +1,1288 @@ ++#! /usr/bin/env perl ++# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# ++# ==================================================================== ++# Written by Andy Polyakov for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++# ++# October 2015 ++# ++# ChaCha20 for PowerPC/AltiVec. ++# ++# June 2018 ++# ++# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for ++# processors that can't issue more than one vector instruction per ++# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x ++# interleave would perform better. Incidentally PowerISA 2.07 (first ++# implemented by POWER8) defined new usable instructions, hence 4xVSX ++# code path... ++# ++# Performance in cycles per byte out of large buffer. ++# ++# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX ++# ++# Freescale e300 13.6/+115% - - ++# PPC74x0/G4e 6.81/+310% 3.81 - ++# PPC970/G5 9.29/+160% ? - ++# POWER7 8.62/+61% 3.35 - ++# POWER8 8.70/+51% 2.91 2.09 ++# POWER9 8.80/+29% 4.44(*) 2.45(**) ++# ++# (*) this is trade-off result, it's possible to improve it, but ++# then it would negatively affect all others; ++# (**) POWER9 seems to be "allergic" to mixing vector and integer ++# instructions, which is why switch to vector-only code pays ++# off that much; ++ ++# $output is the last argument if it looks like a file (it has an extension) ++# $flavour is the first argument if it doesn't look like a file ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++if ($flavour =~ /64/) { ++ $SIZE_T =8; ++ $LRSAVE =2*$SIZE_T; ++ $STU ="stdu"; ++ $POP ="ld"; ++ $PUSH ="std"; ++ $UCMP ="cmpld"; ++} elsif ($flavour =~ /32/) { ++ $SIZE_T =4; ++ $LRSAVE =$SIZE_T; ++ $STU ="stwu"; ++ $POP ="lwz"; ++ $PUSH ="stw"; ++ $UCMP ="cmplw"; ++} else { die "nonsense $flavour"; } ++ ++$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0; ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or ++die "can't locate ppc-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour \"$output\"" ++ or die "can't call $xlate: $!"; ++ ++$LOCALS=6*$SIZE_T; ++$FRAME=$LOCALS+64+18*$SIZE_T; # 64 is for local variables ++ ++sub AUTOLOAD() # thunk [simplified] x86-style perlasm ++{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; ++ $code .= "\t$opcode\t".join(',',@_)."\n"; ++} ++ ++my $sp = "r1"; ++ ++my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); ++ ++ ++{{{ ++my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, ++ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); ++my @K = map("v$_",(16..19)); ++my $CTR = "v26"; ++my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); ++my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); ++my $beperm = "v31"; ++ ++my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); ++ ++my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload ++ ++ ++sub VSX_lane_ROUND_4x { ++my ($a0,$b0,$c0,$d0)=@_; ++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); ++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); ++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++my @x=map("\"v$_\"",(0..15)); ++ ++ ( ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vrlw (@x[$d0],@x[$d0],'$sixteen')", ++ "&vrlw (@x[$d1],@x[$d1],'$sixteen')", ++ "&vrlw (@x[$d2],@x[$d2],'$sixteen')", ++ "&vrlw (@x[$d3],@x[$d3],'$sixteen')", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vrlw (@x[$b0],@x[$b0],'$twelve')", ++ "&vrlw (@x[$b1],@x[$b1],'$twelve')", ++ "&vrlw (@x[$b2],@x[$b2],'$twelve')", ++ "&vrlw (@x[$b3],@x[$b3],'$twelve')", ++ ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vrlw (@x[$d0],@x[$d0],'$eight')", ++ "&vrlw (@x[$d1],@x[$d1],'$eight')", ++ "&vrlw (@x[$d2],@x[$d2],'$eight')", ++ "&vrlw (@x[$d3],@x[$d3],'$eight')", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vrlw (@x[$b0],@x[$b0],'$seven')", ++ "&vrlw (@x[$b1],@x[$b1],'$seven')", ++ "&vrlw (@x[$b2],@x[$b2],'$seven')", ++ "&vrlw (@x[$b3],@x[$b3],'$seven')" ++ ); ++} ++ ++$code.=<<___; ++ ++.globl .ChaCha20_ctr32_vsx_p10 ++.align 5 ++.ChaCha20_ctr32_vsx_p10: ++ ${UCMP}i $len,255 ++ bgt ChaCha20_ctr32_vsx_8x ++ $STU $sp,-$FRAME($sp) ++ mflr r0 ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ mfspr r12,256 ++ stvx v26,r10,$sp ++ addi r10,r10,32 ++ stvx v27,r11,$sp ++ addi r11,r11,32 ++ stvx v28,r10,$sp ++ addi r10,r10,32 ++ stvx v29,r11,$sp ++ addi r11,r11,32 ++ stvx v30,r10,$sp ++ stvx v31,r11,$sp ++ stw r12,`$FRAME-4`($sp) # save vrsave ++ li r12,-4096+63 ++ $PUSH r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # preserve 29 AltiVec registers ++ ++ bl Lconsts # returns pointer Lsigma in r12 ++ lvx_4w @K[0],0,r12 # load sigma ++ addi r12,r12,0x70 ++ li $x10,16 ++ li $x20,32 ++ li $x30,48 ++ li r11,64 ++ ++ lvx_4w @K[1],0,$key # load key ++ lvx_4w @K[2],$x10,$key ++ lvx_4w @K[3],0,$ctr # load counter ++ ++ vxor $xt0,$xt0,$xt0 ++ lvx_4w $xt1,r11,r12 ++ vspltw $CTR,@K[3],0 ++ vsldoi @K[3],@K[3],$xt0,4 ++ vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0] ++ vadduwm $CTR,$CTR,$xt1 ++ ++ be?lvsl $beperm,0,$x10 # 0x00..0f ++ be?vspltisb $xt0,3 # 0x03..03 ++ be?vxor $beperm,$beperm,$xt0 # swap bytes within words ++ ++ li r0,10 # inner loop counter ++ mtctr r0 ++ b Loop_outer_vsx ++ ++.align 5 ++Loop_outer_vsx: ++ lvx $xa0,$x00,r12 # load [smashed] sigma ++ lvx $xa1,$x10,r12 ++ lvx $xa2,$x20,r12 ++ lvx $xa3,$x30,r12 ++ ++ vspltw $xb0,@K[1],0 # smash the key ++ vspltw $xb1,@K[1],1 ++ vspltw $xb2,@K[1],2 ++ vspltw $xb3,@K[1],3 ++ ++ vspltw $xc0,@K[2],0 ++ vspltw $xc1,@K[2],1 ++ vspltw $xc2,@K[2],2 ++ vspltw $xc3,@K[2],3 ++ ++ vmr $xd0,$CTR # smash the counter ++ vspltw $xd1,@K[3],1 ++ vspltw $xd2,@K[3],2 ++ vspltw $xd3,@K[3],3 ++ ++ vspltisw $sixteen,-16 # synthesize constants ++ vspltisw $twelve,12 ++ vspltisw $eight,8 ++ vspltisw $seven,7 ++ ++Loop_vsx_4x: ++___ ++ foreach (&VSX_lane_ROUND_4x(0, 4, 8,12)) { eval; } ++ foreach (&VSX_lane_ROUND_4x(0, 5,10,15)) { eval; } ++$code.=<<___; ++ ++ bdnz Loop_vsx_4x ++ ++ vadduwm $xd0,$xd0,$CTR ++ ++ vmrgew $xt0,$xa0,$xa1 # transpose data ++ vmrgew $xt1,$xa2,$xa3 ++ vmrgow $xa0,$xa0,$xa1 ++ vmrgow $xa2,$xa2,$xa3 ++ vmrgew $xt2,$xb0,$xb1 ++ vmrgew $xt3,$xb2,$xb3 ++ vpermdi $xa1,$xa0,$xa2,0b00 ++ vpermdi $xa3,$xa0,$xa2,0b11 ++ vpermdi $xa0,$xt0,$xt1,0b00 ++ vpermdi $xa2,$xt0,$xt1,0b11 ++ ++ vmrgow $xb0,$xb0,$xb1 ++ vmrgow $xb2,$xb2,$xb3 ++ vmrgew $xt0,$xc0,$xc1 ++ vmrgew $xt1,$xc2,$xc3 ++ vpermdi $xb1,$xb0,$xb2,0b00 ++ vpermdi $xb3,$xb0,$xb2,0b11 ++ vpermdi $xb0,$xt2,$xt3,0b00 ++ vpermdi $xb2,$xt2,$xt3,0b11 ++ ++ vmrgow $xc0,$xc0,$xc1 ++ vmrgow $xc2,$xc2,$xc3 ++ vmrgew $xt2,$xd0,$xd1 ++ vmrgew $xt3,$xd2,$xd3 ++ vpermdi $xc1,$xc0,$xc2,0b00 ++ vpermdi $xc3,$xc0,$xc2,0b11 ++ vpermdi $xc0,$xt0,$xt1,0b00 ++ vpermdi $xc2,$xt0,$xt1,0b11 ++ ++ vmrgow $xd0,$xd0,$xd1 ++ vmrgow $xd2,$xd2,$xd3 ++ vspltisw $xt0,4 ++ vadduwm $CTR,$CTR,$xt0 # next counter value ++ vpermdi $xd1,$xd0,$xd2,0b00 ++ vpermdi $xd3,$xd0,$xd2,0b11 ++ vpermdi $xd0,$xt2,$xt3,0b00 ++ vpermdi $xd2,$xt2,$xt3,0b11 ++ ++ vadduwm $xa0,$xa0,@K[0] ++ vadduwm $xb0,$xb0,@K[1] ++ vadduwm $xc0,$xc0,@K[2] ++ vadduwm $xd0,$xd0,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx ++ ++ vadduwm $xa0,$xa1,@K[0] ++ vadduwm $xb0,$xb1,@K[1] ++ vadduwm $xc0,$xc1,@K[2] ++ vadduwm $xd0,$xd1,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx ++ ++ vadduwm $xa0,$xa2,@K[0] ++ vadduwm $xb0,$xb2,@K[1] ++ vadduwm $xc0,$xc2,@K[2] ++ vadduwm $xd0,$xd2,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx ++ ++ vadduwm $xa0,$xa3,@K[0] ++ vadduwm $xb0,$xb3,@K[1] ++ vadduwm $xc0,$xc3,@K[2] ++ vadduwm $xd0,$xd3,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ mtctr r0 ++ bne Loop_outer_vsx ++ ++Ldone_vsx: ++ lwz r12,`$FRAME-4`($sp) # pull vrsave ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ $POP r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # restore vrsave ++ lvx v26,r10,$sp ++ addi r10,r10,32 ++ lvx v27,r11,$sp ++ addi r11,r11,32 ++ lvx v28,r10,$sp ++ addi r10,r10,32 ++ lvx v29,r11,$sp ++ addi r11,r11,32 ++ lvx v30,r10,$sp ++ lvx v31,r11,$sp ++ mtlr r0 ++ addi $sp,$sp,$FRAME ++ blr ++ ++.align 4 ++Ltail_vsx: ++ addi r11,$sp,$LOCALS ++ mtctr $len ++ stvx_4w $xa0,$x00,r11 # offload block to stack ++ stvx_4w $xb0,$x10,r11 ++ stvx_4w $xc0,$x20,r11 ++ stvx_4w $xd0,$x30,r11 ++ subi r12,r11,1 # prepare for *++ptr ++ subi $inp,$inp,1 ++ subi $out,$out,1 ++ ++Loop_tail_vsx: ++ lbzu r6,1(r12) ++ lbzu r7,1($inp) ++ xor r6,r6,r7 ++ stbu r6,1($out) ++ bdnz Loop_tail_vsx ++ ++ stvx_4w $K[0],$x00,r11 # wipe copy of the block ++ stvx_4w $K[0],$x10,r11 ++ stvx_4w $K[0],$x20,r11 ++ stvx_4w $K[0],$x30,r11 ++ ++ b Ldone_vsx ++ .long 0 ++ .byte 0,12,0x04,1,0x80,0,5,0 ++ .long 0 ++.size .ChaCha20_ctr32_vsx_p10,.-.ChaCha20_ctr32_vsx_p10 ++___ ++}}} ++ ++##This is 8 block in parallel implementation. The heart of chacha round uses vector instruction that has access to ++# vsr[32+X]. To perform the 8 parallel block we tend to use all 32 register to hold the 8 block info. ++# WE need to store few register value on side, so we can use VSR{32+X} for few vector instructions used in round op and hold intermediate value. ++# WE use the VSR[0]-VSR[31] for holding intermediate value and perform 8 block in parallel. ++# ++{{{ ++#### ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); ++my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, ++ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3, ++ $xa4,$xa5,$xa6,$xa7, $xb4,$xb5,$xb6,$xb7, ++ $xc4,$xc5,$xc6,$xc7, $xd4,$xd5,$xd6,$xd7) = map("v$_",(0..31)); ++my ($xcn4,$xcn5,$xcn6,$xcn7, $xdn4,$xdn5,$xdn6,$xdn7) = map("v$_",(8..15)); ++my ($xan0,$xbn0,$xcn0,$xdn0) = map("v$_",(0..3)); ++my @K = map("v$_",27,(24..26)); ++my ($xt0,$xt1,$xt2,$xt3,$xt4) = map("v$_",23,(28..31)); ++my $xr0 = "v4"; ++my $CTR0 = "v22"; ++my $CTR1 = "v5"; ++my $beperm = "v31"; ++my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); ++my ($xv0,$xv1,$xv2,$xv3,$xv4,$xv5,$xv6,$xv7) = map("v$_",(0..7)); ++my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("v$_",(8..17)); ++my ($xv18,$xv19,$xv20,$xv21) = map("v$_",(18..21)); ++my ($xv22,$xv23,$xv24,$xv25,$xv26) = map("v$_",(22..26)); ++ ++my $FRAME=$LOCALS+64+9*16; # 8*16 is for v24-v31 offload ++ ++sub VSX_lane_ROUND_8x { ++my ($a0,$b0,$c0,$d0,$a4,$b4,$c4,$d4)=@_; ++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); ++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); ++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++my ($a5,$b5,$c5,$d5)=map(($_&~3)+(($_+1)&3),($a4,$b4,$c4,$d4)); ++my ($a6,$b6,$c6,$d6)=map(($_&~3)+(($_+1)&3),($a5,$b5,$c5,$d5)); ++my ($a7,$b7,$c7,$d7)=map(($_&~3)+(($_+1)&3),($a6,$b6,$c6,$d6)); ++my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("\"v$_\"",(8..17)); ++my @x=map("\"v$_\"",(0..31)); ++ ++ ( ++ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", #copy v30 to v13 ++ "&vxxlorc (@x[$c7], $xv9,$xv9)", ++ ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 ++ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", # Q1 ++ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", # Q2 ++ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", # Q3 ++ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", # Q4 ++ ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vxor (@x[$d4],@x[$d4],@x[$a4])", ++ "&vxor (@x[$d5],@x[$d5],@x[$a5])", ++ "&vxor (@x[$d6],@x[$d6],@x[$a6])", ++ "&vxor (@x[$d7],@x[$d7],@x[$a7])", ++ ++ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", ++ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", ++ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", ++ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", ++ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", ++ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", ++ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", ++ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", ++ ++ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", ++ "&vxxlorc (@x[$c7], $xv15,$xv15)", ++ "&vxxlorc (@x[$a7], $xv10,$xv10)", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", ++ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", ++ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", ++ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", ++ ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vxor (@x[$b4],@x[$b4],@x[$c4])", ++ "&vxor (@x[$b5],@x[$b5],@x[$c5])", ++ "&vxor (@x[$b6],@x[$b6],@x[$c6])", ++ "&vxor (@x[$b7],@x[$b7],@x[$c7])", ++ ++ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", ++ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", ++ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", ++ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", ++ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", ++ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", ++ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", ++ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", ++ ++ "&vxxlorc (@x[$a7], $xv13,$xv13)", ++ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", ++ "&vxxlorc (@x[$c7], $xv11,$xv11)", ++ ++ ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", ++ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", ++ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", ++ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", ++ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", ++ ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vxor (@x[$d4],@x[$d4],@x[$a4])", ++ "&vxor (@x[$d5],@x[$d5],@x[$a5])", ++ "&vxor (@x[$d6],@x[$d6],@x[$a6])", ++ "&vxor (@x[$d7],@x[$d7],@x[$a7])", ++ ++ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", ++ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", ++ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", ++ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", ++ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", ++ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", ++ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", ++ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", ++ ++ "&vxxlorc (@x[$c7], $xv15,$xv15)", ++ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", ++ "&vxxlorc (@x[$a7], $xv12,$xv12)", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", ++ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", ++ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", ++ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vxor (@x[$b4],@x[$b4],@x[$c4])", ++ "&vxor (@x[$b5],@x[$b5],@x[$c5])", ++ "&vxor (@x[$b6],@x[$b6],@x[$c6])", ++ "&vxor (@x[$b7],@x[$b7],@x[$c7])", ++ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", ++ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", ++ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", ++ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", ++ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", ++ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", ++ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", ++ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", ++ ++ "&vxxlorc (@x[$a7], $xv13,$xv13)", ++ ); ++} ++ ++$code.=<<___; ++ ++.globl .ChaCha20_ctr32_vsx_8x ++.align 5 ++.ChaCha20_ctr32_vsx_8x: ++ $STU $sp,-$FRAME($sp) ++ mflr r0 ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ mfspr r12,256 ++ stvx v24,r10,$sp ++ addi r10,r10,32 ++ stvx v25,r11,$sp ++ addi r11,r11,32 ++ stvx v26,r10,$sp ++ addi r10,r10,32 ++ stvx v27,r11,$sp ++ addi r11,r11,32 ++ stvx v28,r10,$sp ++ addi r10,r10,32 ++ stvx v29,r11,$sp ++ addi r11,r11,32 ++ stvx v30,r10,$sp ++ stvx v31,r11,$sp ++ stw r12,`$FRAME-4`($sp) # save vrsave ++ li r12,-4096+63 ++ $PUSH r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # preserve 29 AltiVec registers ++ ++ bl Lconsts # returns pointer Lsigma in r12 ++ ++ lvx_4w @K[0],0,r12 # load sigma ++ addi r12,r12,0x70 ++ li $x10,16 ++ li $x20,32 ++ li $x30,48 ++ li r11,64 ++ ++ vspltisw $xa4,-16 # synthesize constants ++ vspltisw $xb4,12 # synthesize constants ++ vspltisw $xc4,8 # synthesize constants ++ vspltisw $xd4,7 # synthesize constants ++ ++ lvx $xa0,$x00,r12 # load [smashed] sigma ++ lvx $xa1,$x10,r12 ++ lvx $xa2,$x20,r12 ++ lvx $xa3,$x30,r12 ++ ++ vxxlor $xv9 ,$xa4,$xa4 #save shift val in vr9-12 ++ vxxlor $xv10 ,$xb4,$xb4 ++ vxxlor $xv11 ,$xc4,$xc4 ++ vxxlor $xv12 ,$xd4,$xd4 ++ vxxlor $xv22 ,$xa0,$xa0 #save sigma in vr22-25 ++ vxxlor $xv23 ,$xa1,$xa1 ++ vxxlor $xv24 ,$xa2,$xa2 ++ vxxlor $xv25 ,$xa3,$xa3 ++ ++ lvx_4w @K[1],0,$key # load key ++ lvx_4w @K[2],$x10,$key ++ lvx_4w @K[3],0,$ctr # load counter ++ vspltisw $xt3,4 ++ ++ ++ vxor $xt2,$xt2,$xt2 ++ lvx_4w $xt1,r11,r12 ++ vspltw $xa2,@K[3],0 #save the original count after spltw ++ vsldoi @K[3],@K[3],$xt2,4 ++ vsldoi @K[3],$xt2,@K[3],12 # clear @K[3].word[0] ++ vadduwm $xt1,$xa2,$xt1 ++ vadduwm $xt3,$xt1,$xt3 # next counter value ++ vspltw $xa0,@K[2],2 # save the K[2] spltw 2 and save v8. ++ ++ be?lvsl $beperm,0,$x10 # 0x00..0f ++ be?vspltisb $xt0,3 # 0x03..03 ++ be?vxor $beperm,$beperm,$xt0 # swap bytes within words ++ be?vxxlor $xv26 ,$beperm,$beperm ++ ++ vxxlor $xv0 ,@K[0],@K[0] # K0,k1,k2 to vr0,1,2 ++ vxxlor $xv1 ,@K[1],@K[1] ++ vxxlor $xv2 ,@K[2],@K[2] ++ vxxlor $xv3 ,@K[3],@K[3] ++ vxxlor $xv4 ,$xt1,$xt1 #CTR ->4, CTR+4-> 5 ++ vxxlor $xv5 ,$xt3,$xt3 ++ vxxlor $xv8 ,$xa0,$xa0 ++ ++ li r0,10 # inner loop counter ++ mtctr r0 ++ b Loop_outer_vsx_8x ++ ++.align 5 ++Loop_outer_vsx_8x: ++ vxxlorc $xa0,$xv22,$xv22 # load [smashed] sigma ++ vxxlorc $xa1,$xv23,$xv23 ++ vxxlorc $xa2,$xv24,$xv24 ++ vxxlorc $xa3,$xv25,$xv25 ++ vxxlorc $xa4,$xv22,$xv22 ++ vxxlorc $xa5,$xv23,$xv23 ++ vxxlorc $xa6,$xv24,$xv24 ++ vxxlorc $xa7,$xv25,$xv25 ++ ++ vspltw $xb0,@K[1],0 # smash the key ++ vspltw $xb1,@K[1],1 ++ vspltw $xb2,@K[1],2 ++ vspltw $xb3,@K[1],3 ++ vspltw $xb4,@K[1],0 # smash the key ++ vspltw $xb5,@K[1],1 ++ vspltw $xb6,@K[1],2 ++ vspltw $xb7,@K[1],3 ++ ++ vspltw $xc0,@K[2],0 ++ vspltw $xc1,@K[2],1 ++ vspltw $xc2,@K[2],2 ++ vspltw $xc3,@K[2],3 ++ vspltw $xc4,@K[2],0 ++ vspltw $xc7,@K[2],3 ++ vspltw $xc5,@K[2],1 ++ ++ vxxlorc $xd0,$xv4,$xv4 # smash the counter ++ vspltw $xd1,@K[3],1 ++ vspltw $xd2,@K[3],2 ++ vspltw $xd3,@K[3],3 ++ vxxlorc $xd4,$xv5,$xv5 # smash the counter ++ vspltw $xd5,@K[3],1 ++ vspltw $xd6,@K[3],2 ++ vspltw $xd7,@K[3],3 ++ vxxlorc $xc6,$xv8,$xv8 #copy of vlspt k[2],2 is in v8.v26 ->k[3] so need to wait until k3 is done ++ ++Loop_vsx_8x: ++___ ++ foreach (&VSX_lane_ROUND_8x(0,4, 8,12,16,20,24,28)) { eval; } ++ foreach (&VSX_lane_ROUND_8x(0,5,10,15,16,21,26,31)) { eval; } ++$code.=<<___; ++ ++ bdnz Loop_vsx_8x ++ vxxlor $xv13 ,$xd4,$xd4 # save the register vr24-31 ++ vxxlor $xv14 ,$xd5,$xd5 # ++ vxxlor $xv15 ,$xd6,$xd6 # ++ vxxlor $xv16 ,$xd7,$xd7 # ++ ++ vxxlor $xv18 ,$xc4,$xc4 # ++ vxxlor $xv19 ,$xc5,$xc5 # ++ vxxlor $xv20 ,$xc6,$xc6 # ++ vxxlor $xv21 ,$xc7,$xc7 # ++ ++ vxxlor $xv6 ,$xb6,$xb6 # save vr23, so we get 8 regs ++ vxxlor $xv7 ,$xb7,$xb7 # save vr23, so we get 8 regs ++ be?vxxlorc $beperm,$xv26,$xv26 # copy back the the beperm. ++ ++ vxxlorc @K[0],$xv0,$xv0 #27 ++ vxxlorc @K[1],$xv1,$xv1 #24 ++ vxxlorc @K[2],$xv2,$xv2 #25 ++ vxxlorc @K[3],$xv3,$xv3 #26 ++ vxxlorc $CTR0,$xv4,$xv4 ++###changing to vertical ++ ++ vmrgew $xt0,$xa0,$xa1 # transpose data ++ vmrgew $xt1,$xa2,$xa3 ++ vmrgow $xa0,$xa0,$xa1 ++ vmrgow $xa2,$xa2,$xa3 ++ ++ vmrgew $xt2,$xb0,$xb1 ++ vmrgew $xt3,$xb2,$xb3 ++ vmrgow $xb0,$xb0,$xb1 ++ vmrgow $xb2,$xb2,$xb3 ++ ++ vadduwm $xd0,$xd0,$CTR0 ++ ++ vpermdi $xa1,$xa0,$xa2,0b00 ++ vpermdi $xa3,$xa0,$xa2,0b11 ++ vpermdi $xa0,$xt0,$xt1,0b00 ++ vpermdi $xa2,$xt0,$xt1,0b11 ++ vpermdi $xb1,$xb0,$xb2,0b00 ++ vpermdi $xb3,$xb0,$xb2,0b11 ++ vpermdi $xb0,$xt2,$xt3,0b00 ++ vpermdi $xb2,$xt2,$xt3,0b11 ++ ++ vmrgew $xt0,$xc0,$xc1 ++ vmrgew $xt1,$xc2,$xc3 ++ vmrgow $xc0,$xc0,$xc1 ++ vmrgow $xc2,$xc2,$xc3 ++ vmrgew $xt2,$xd0,$xd1 ++ vmrgew $xt3,$xd2,$xd3 ++ vmrgow $xd0,$xd0,$xd1 ++ vmrgow $xd2,$xd2,$xd3 ++ ++ vpermdi $xc1,$xc0,$xc2,0b00 ++ vpermdi $xc3,$xc0,$xc2,0b11 ++ vpermdi $xc0,$xt0,$xt1,0b00 ++ vpermdi $xc2,$xt0,$xt1,0b11 ++ vpermdi $xd1,$xd0,$xd2,0b00 ++ vpermdi $xd3,$xd0,$xd2,0b11 ++ vpermdi $xd0,$xt2,$xt3,0b00 ++ vpermdi $xd2,$xt2,$xt3,0b11 ++ ++ vspltisw $xt0,8 ++ vadduwm $CTR0,$CTR0,$xt0 # next counter value ++ vxxlor $xv4 ,$CTR0,$CTR0 #CTR+4-> 5 ++ ++ vadduwm $xa0,$xa0,@K[0] ++ vadduwm $xb0,$xb0,@K[1] ++ vadduwm $xc0,$xc0,@K[2] ++ vadduwm $xd0,$xd0,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xa0,$xa1,@K[0] ++ vadduwm $xb0,$xb1,@K[1] ++ vadduwm $xc0,$xc1,@K[2] ++ vadduwm $xd0,$xd1,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xa0,$xa2,@K[0] ++ vadduwm $xb0,$xb2,@K[1] ++ vadduwm $xc0,$xc2,@K[2] ++ vadduwm $xd0,$xd2,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xa0,$xa3,@K[0] ++ vadduwm $xb0,$xb3,@K[1] ++ vadduwm $xc0,$xc3,@K[2] ++ vadduwm $xd0,$xd3,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++#blk4-7: 24:31 remain the same as we can use the same logic above . Reg a4-b7 remain same.Load c4,d7--> position 8-15.we can reuse vr24-31. ++#VR0-3 : are used to load temp value, vr4 --> as xr0 instead of xt0. ++ ++ vxxlorc $CTR1 ,$xv5,$xv5 ++ ++ vxxlorc $xcn4 ,$xv18,$xv18 ++ vxxlorc $xcn5 ,$xv19,$xv19 ++ vxxlorc $xcn6 ,$xv20,$xv20 ++ vxxlorc $xcn7 ,$xv21,$xv21 ++ ++ vxxlorc $xdn4 ,$xv13,$xv13 ++ vxxlorc $xdn5 ,$xv14,$xv14 ++ vxxlorc $xdn6 ,$xv15,$xv15 ++ vxxlorc $xdn7 ,$xv16,$xv16 ++ vadduwm $xdn4,$xdn4,$CTR1 ++ ++ vxxlorc $xb6 ,$xv6,$xv6 ++ vxxlorc $xb7 ,$xv7,$xv7 ++#use xa1->xr0, as xt0...in the block 4-7 ++ ++ vmrgew $xr0,$xa4,$xa5 # transpose data ++ vmrgew $xt1,$xa6,$xa7 ++ vmrgow $xa4,$xa4,$xa5 ++ vmrgow $xa6,$xa6,$xa7 ++ vmrgew $xt2,$xb4,$xb5 ++ vmrgew $xt3,$xb6,$xb7 ++ vmrgow $xb4,$xb4,$xb5 ++ vmrgow $xb6,$xb6,$xb7 ++ ++ vpermdi $xa5,$xa4,$xa6,0b00 ++ vpermdi $xa7,$xa4,$xa6,0b11 ++ vpermdi $xa4,$xr0,$xt1,0b00 ++ vpermdi $xa6,$xr0,$xt1,0b11 ++ vpermdi $xb5,$xb4,$xb6,0b00 ++ vpermdi $xb7,$xb4,$xb6,0b11 ++ vpermdi $xb4,$xt2,$xt3,0b00 ++ vpermdi $xb6,$xt2,$xt3,0b11 ++ ++ vmrgew $xr0,$xcn4,$xcn5 ++ vmrgew $xt1,$xcn6,$xcn7 ++ vmrgow $xcn4,$xcn4,$xcn5 ++ vmrgow $xcn6,$xcn6,$xcn7 ++ vmrgew $xt2,$xdn4,$xdn5 ++ vmrgew $xt3,$xdn6,$xdn7 ++ vmrgow $xdn4,$xdn4,$xdn5 ++ vmrgow $xdn6,$xdn6,$xdn7 ++ ++ vpermdi $xcn5,$xcn4,$xcn6,0b00 ++ vpermdi $xcn7,$xcn4,$xcn6,0b11 ++ vpermdi $xcn4,$xr0,$xt1,0b00 ++ vpermdi $xcn6,$xr0,$xt1,0b11 ++ vpermdi $xdn5,$xdn4,$xdn6,0b00 ++ vpermdi $xdn7,$xdn4,$xdn6,0b11 ++ vpermdi $xdn4,$xt2,$xt3,0b00 ++ vpermdi $xdn6,$xt2,$xt3,0b11 ++ ++ vspltisw $xr0,8 ++ vadduwm $CTR1,$CTR1,$xr0 # next counter value ++ vxxlor $xv5 ,$CTR1,$CTR1 #CTR+4-> 5 ++ ++ vadduwm $xan0,$xa4,@K[0] ++ vadduwm $xbn0,$xb4,@K[1] ++ vadduwm $xcn0,$xcn4,@K[2] ++ vadduwm $xdn0,$xdn4,@K[3] ++ ++ be?vperm $xan0,$xa4,$xa4,$beperm ++ be?vperm $xbn0,$xb4,$xb4,$beperm ++ be?vperm $xcn0,$xcn4,$xcn4,$beperm ++ be?vperm $xdn0,$xdn4,$xdn4,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xan0,$xa5,@K[0] ++ vadduwm $xbn0,$xb5,@K[1] ++ vadduwm $xcn0,$xcn5,@K[2] ++ vadduwm $xdn0,$xdn5,@K[3] ++ ++ be?vperm $xan0,$xan0,$xan0,$beperm ++ be?vperm $xbn0,$xbn0,$xbn0,$beperm ++ be?vperm $xcn0,$xcn0,$xcn0,$beperm ++ be?vperm $xdn0,$xdn0,$xdn0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xan0,$xa6,@K[0] ++ vadduwm $xbn0,$xb6,@K[1] ++ vadduwm $xcn0,$xcn6,@K[2] ++ vadduwm $xdn0,$xdn6,@K[3] ++ ++ be?vperm $xan0,$xan0,$xan0,$beperm ++ be?vperm $xbn0,$xbn0,$xbn0,$beperm ++ be?vperm $xcn0,$xcn0,$xcn0,$beperm ++ be?vperm $xdn0,$xdn0,$xdn0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xan0,$xa7,@K[0] ++ vadduwm $xbn0,$xb7,@K[1] ++ vadduwm $xcn0,$xcn7,@K[2] ++ vadduwm $xdn0,$xdn7,@K[3] ++ ++ be?vperm $xan0,$xan0,$xan0,$beperm ++ be?vperm $xbn0,$xbn0,$xbn0,$beperm ++ be?vperm $xcn0,$xcn0,$xcn0,$beperm ++ be?vperm $xdn0,$xdn0,$xdn0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ mtctr r0 ++ bne Loop_outer_vsx_8x ++ ++Ldone_vsx_8x: ++ lwz r12,`$FRAME-4`($sp) # pull vrsave ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ $POP r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # restore vrsave ++ lvx v24,r10,$sp ++ addi r10,r10,32 ++ lvx v25,r11,$sp ++ addi r11,r11,32 ++ lvx v26,r10,$sp ++ addi r10,r10,32 ++ lvx v27,r11,$sp ++ addi r11,r11,32 ++ lvx v28,r10,$sp ++ addi r10,r10,32 ++ lvx v29,r11,$sp ++ addi r11,r11,32 ++ lvx v30,r10,$sp ++ lvx v31,r11,$sp ++ mtlr r0 ++ addi $sp,$sp,$FRAME ++ blr ++ ++.align 4 ++Ltail_vsx_8x: ++ addi r11,$sp,$LOCALS ++ mtctr $len ++ stvx_4w $xa0,$x00,r11 # offload block to stack ++ stvx_4w $xb0,$x10,r11 ++ stvx_4w $xc0,$x20,r11 ++ stvx_4w $xd0,$x30,r11 ++ subi r12,r11,1 # prepare for *++ptr ++ subi $inp,$inp,1 ++ subi $out,$out,1 ++ bl Loop_tail_vsx_8x ++Ltail_vsx_8x_1: ++ addi r11,$sp,$LOCALS ++ mtctr $len ++ stvx_4w $xan0,$x00,r11 # offload block to stack ++ stvx_4w $xbn0,$x10,r11 ++ stvx_4w $xcn0,$x20,r11 ++ stvx_4w $xdn0,$x30,r11 ++ subi r12,r11,1 # prepare for *++ptr ++ subi $inp,$inp,1 ++ subi $out,$out,1 ++ bl Loop_tail_vsx_8x ++ ++Loop_tail_vsx_8x: ++ lbzu r6,1(r12) ++ lbzu r7,1($inp) ++ xor r6,r6,r7 ++ stbu r6,1($out) ++ bdnz Loop_tail_vsx_8x ++ ++ stvx_4w $K[0],$x00,r11 # wipe copy of the block ++ stvx_4w $K[0],$x10,r11 ++ stvx_4w $K[0],$x20,r11 ++ stvx_4w $K[0],$x30,r11 ++ ++ b Ldone_vsx_8x ++ .long 0 ++ .byte 0,12,0x04,1,0x80,0,5,0 ++ .long 0 ++.size .ChaCha20_ctr32_vsx_8x,.-.ChaCha20_ctr32_vsx_8x ++___ ++}}} ++ ++ ++$code.=<<___; ++.align 5 ++Lconsts: ++ mflr r0 ++ bcl 20,31,\$+4 ++ mflr r12 #vvvvv "distance between . and Lsigma ++ addi r12,r12,`64-8` ++ mtlr r0 ++ blr ++ .long 0 ++ .byte 0,12,0x14,0,0,0,0,0 ++ .space `64-9*4` ++Lsigma: ++ .long 0x61707865,0x3320646e,0x79622d32,0x6b206574 ++ .long 1,0,0,0 ++ .long 2,0,0,0 ++ .long 3,0,0,0 ++ .long 4,0,0,0 ++___ ++$code.=<<___ if ($LITTLE_ENDIAN); ++ .long 0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001 ++ .long 0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300 ++___ ++$code.=<<___ if (!$LITTLE_ENDIAN); # flipped words ++ .long 0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d ++ .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c ++___ ++$code.=<<___; ++ .long 0x61707865,0x61707865,0x61707865,0x61707865 ++ .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e ++ .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 ++ .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 ++ .long 0,1,2,3 ++ .long 0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c ++.asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " ++.align 2 ++___ ++ ++foreach (split("\n",$code)) { ++ s/\`([^\`]*)\`/eval $1/ge; ++ ++ # instructions prefixed with '?' are endian-specific and need ++ # to be adjusted accordingly... ++ if ($flavour !~ /le$/) { # big-endian ++ s/be\?// or ++ s/le\?/#le#/ or ++ s/\?lvsr/lvsl/ or ++ s/\?lvsl/lvsr/ or ++ s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or ++ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; ++ } else { # little-endian ++ s/le\?// or ++ s/be\?/#be#/ or ++ s/\?([a-z]+)/$1/ or ++ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; ++ } ++ ++ print $_,"\n"; ++} ++ ++close STDOUT or die "error closing STDOUT: $!"; +diff -rupN --no-dereference openssl-3.0.9/crypto/chacha/build.info openssl-3.0.9-new/crypto/chacha/build.info +--- openssl-3.0.9/crypto/chacha/build.info 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/chacha/build.info 2023-05-31 14:33:17.459112709 +0200 +@@ -12,7 +12,7 @@ IF[{- !$disabled{asm} -}] + $CHACHAASM_armv4=chacha-armv4.S + $CHACHAASM_aarch64=chacha-armv8.S + +- $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s ++ $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s chachap10-ppc.s + $CHACHAASM_ppc64=$CHACHAASM_ppc32 + + $CHACHAASM_c64xplus=chacha-c64xplus.s +@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM + GENERATE[chacha-x86.S]=asm/chacha-x86.pl + GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl + GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl ++GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl + GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl + INCLUDE[chacha-armv4.o]=.. + GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl +diff -rupN --no-dereference openssl-3.0.9/crypto/chacha/chacha_ppc.c openssl-3.0.9-new/crypto/chacha/chacha_ppc.c +--- openssl-3.0.9/crypto/chacha/chacha_ppc.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/chacha/chacha_ppc.c 2023-05-31 14:33:17.459112709 +0200 +@@ -23,13 +23,18 @@ void ChaCha20_ctr32_vmx(unsigned char *o + void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); ++void ChaCha20_ctr32_vsx_p10(unsigned char *out, const unsigned char *inp, ++ size_t len, const unsigned int key[8], ++ const unsigned int counter[4]); + void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]) + { +- OPENSSL_ppccap_P & PPC_CRYPTO207 +- ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) +- : OPENSSL_ppccap_P & PPC_ALTIVEC +- ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) +- : ChaCha20_ctr32_int(out, inp, len, key, counter); ++ OPENSSL_ppccap_P & PPC_BRD31 ++ ? ChaCha20_ctr32_vsx_p10(out, inp, len, key, counter) ++ :OPENSSL_ppccap_P & PPC_CRYPTO207 ++ ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) ++ : OPENSSL_ppccap_P & PPC_ALTIVEC ++ ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) ++ : ChaCha20_ctr32_int(out, inp, len, key, counter); + } +diff -rupN --no-dereference openssl-3.0.9/crypto/perlasm/ppc-xlate.pl openssl-3.0.9-new/crypto/perlasm/ppc-xlate.pl +--- openssl-3.0.9/crypto/perlasm/ppc-xlate.pl 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/perlasm/ppc-xlate.pl 2023-05-31 14:33:17.459112709 +0200 +@@ -293,6 +293,14 @@ my $vpermdi = sub { # xxpermdi + $dm = oct($dm) if ($dm =~ /^0/); + " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; + }; ++my $vxxlor = sub { # xxlor ++ my ($f, $vrt, $vra, $vrb) = @_; ++ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|6; ++}; ++my $vxxlorc = sub { # xxlor ++ my ($f, $vrt, $vra, $vrb) = @_; ++ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|1; ++}; + + # PowerISA 2.07 stuff + sub vcrypto_op { +@@ -377,6 +385,15 @@ my $addex = sub { + }; + my $vmsumudm = sub { vfour_vsr(@_, 35); }; + ++# PowerISA 3.1 stuff ++my $brd = sub { ++ my ($f, $ra, $rs) = @_; ++ " .long ".sprintf "0x%X",(31<<26)|($rs<<21)|($ra<<16)|(187<<1); ++}; ++my $vsrq = sub { vcrypto_op(@_, 517); }; ++ ++ ++ + while($line=<>) { + + $line =~ s|[#!;].*$||; # get rid of asm-style comments... +diff -rupN --no-dereference openssl-3.0.9/crypto/ppccap.c openssl-3.0.9-new/crypto/ppccap.c +--- openssl-3.0.9/crypto/ppccap.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ppccap.c 2023-05-31 14:33:17.459112709 +0200 +@@ -45,6 +45,7 @@ void OPENSSL_ppc64_probe(void); + void OPENSSL_altivec_probe(void); + void OPENSSL_crypto207_probe(void); + void OPENSSL_madd300_probe(void); ++void OPENSSL_brd31_probe(void); + + long OPENSSL_rdtsc_mftb(void); + long OPENSSL_rdtsc_mfspr268(void); +@@ -117,16 +118,21 @@ static unsigned long getauxval(unsigned + #endif + + /* I wish was universally available */ +-#define HWCAP 16 /* AT_HWCAP */ ++#ifndef AT_HWCAP ++# define AT_HWCAP 16 /* AT_HWCAP */ ++#endif + #define HWCAP_PPC64 (1U << 30) + #define HWCAP_ALTIVEC (1U << 28) + #define HWCAP_FPU (1U << 27) + #define HWCAP_POWER6_EXT (1U << 9) + #define HWCAP_VSX (1U << 7) + +-#define HWCAP2 26 /* AT_HWCAP2 */ ++#ifndef AT_HWCAP2 ++# define AT_HWCAP2 26 /* AT_HWCAP2 */ ++#endif + #define HWCAP_VEC_CRYPTO (1U << 25) + #define HWCAP_ARCH_3_00 (1U << 23) ++#define HWCAP_ARCH_3_1 (1U << 18) + + # if defined(__GNUC__) && __GNUC__>=2 + __attribute__ ((constructor)) +@@ -187,6 +193,9 @@ void OPENSSL_cpuid_setup(void) + if (__power_set(0xffffffffU<<17)) /* POWER9 and later */ + OPENSSL_ppccap_P |= PPC_MADD300; + ++ if (__power_set(0xffffffffU<<18)) /* POWER10 and later */ ++ OPENSSL_ppccap_P |= PPC_BRD31; ++ + return; + # endif + #endif +@@ -215,8 +224,8 @@ void OPENSSL_cpuid_setup(void) + + #ifdef OSSL_IMPLEMENT_GETAUXVAL + { +- unsigned long hwcap = getauxval(HWCAP); +- unsigned long hwcap2 = getauxval(HWCAP2); ++ unsigned long hwcap = getauxval(AT_HWCAP); ++ unsigned long hwcap2 = getauxval(AT_HWCAP2); + + if (hwcap & HWCAP_FPU) { + OPENSSL_ppccap_P |= PPC_FPU; +@@ -242,6 +251,10 @@ void OPENSSL_cpuid_setup(void) + if (hwcap2 & HWCAP_ARCH_3_00) { + OPENSSL_ppccap_P |= PPC_MADD300; + } ++ ++ if (hwcap2 & HWCAP_ARCH_3_1) { ++ OPENSSL_ppccap_P |= PPC_BRD31; ++ } + } + #endif + +@@ -263,7 +276,7 @@ void OPENSSL_cpuid_setup(void) + sigaction(SIGILL, &ill_act, &ill_oact); + + #ifndef OSSL_IMPLEMENT_GETAUXVAL +- if (sigsetjmp(ill_jmp,1) == 0) { ++ if (sigsetjmp(ill_jmp, 1) == 0) { + OPENSSL_fpu_probe(); + OPENSSL_ppccap_P |= PPC_FPU; + +diff -rupN --no-dereference openssl-3.0.9/crypto/ppccpuid.pl openssl-3.0.9-new/crypto/ppccpuid.pl +--- openssl-3.0.9/crypto/ppccpuid.pl 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ppccpuid.pl 2023-05-31 14:33:17.459112709 +0200 +@@ -81,6 +81,17 @@ $code=<<___; + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + ++.globl .OPENSSL_brd31_probe ++.align 4 ++.OPENSSL_brd31_probe: ++ xor r0,r0,r0 ++ brd r3,r0 ++ blr ++ .long 0 ++ .byte 0,12,0x14,0,0,0,0,0 ++.size .OPENSSL_brd31_probe,.-.OPENSSL_brd31_probe ++ ++ + .globl .OPENSSL_wipe_cpu + .align 4 + .OPENSSL_wipe_cpu: +diff -rupN --no-dereference openssl-3.0.9/include/crypto/ppc_arch.h openssl-3.0.9-new/include/crypto/ppc_arch.h +--- openssl-3.0.9/include/crypto/ppc_arch.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/crypto/ppc_arch.h 2023-05-31 14:33:17.459112709 +0200 +@@ -24,5 +24,6 @@ extern unsigned int OPENSSL_ppccap_P; + # define PPC_MADD300 (1<<4) + # define PPC_MFTB (1<<5) + # define PPC_MFSPR268 (1<<6) ++# define PPC_BRD31 (1<<7) + + #endif diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch new file mode 100644 index 0000000..e7422da --- /dev/null +++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -0,0 +1,321 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_local.h openssl-3.0.9-new/crypto/rsa/rsa_local.h +--- openssl-3.0.9/crypto/rsa/rsa_local.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_local.h 2023-05-31 14:33:17.722112594 +0200 +@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex + int tlen, const unsigned char *from, + int flen); + ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md, ++ const char *redhat_st_seed); ++ + #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_oaep.c openssl-3.0.9-new/crypto/rsa/rsa_oaep.c +--- openssl-3.0.9/crypto/rsa/rsa_oaep.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_oaep.c 2023-05-31 14:33:17.722112594 +0200 +@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned + param, plen, NULL, NULL); + } + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_asym_cipher_st; ++#endif /* FIPS_MODULE */ ++ + /* + * Perform the padding as per NIST 800-56B 7.2.2.3 + * from (K) is the key material. +@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned + * Step numbers are included here but not in the constant time inverse below + * to avoid complicating an already difficult enough function. + */ +-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, +- unsigned char *to, int tlen, +- const unsigned char *from, int flen, +- const unsigned char *param, +- int plen, const EVP_MD *md, +- const EVP_MD *mgf1md) ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md, ++ const char *redhat_st_seed) + { + int rv = 0; + int i, emlen = tlen - 1; +@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1 + db[emlen - flen - mdlen - 1] = 0x01; + memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); + /* step 3d: generate random byte string */ ++#ifdef FIPS_MODULE ++ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { ++ memcpy(seed, redhat_st_seed, mdlen); ++ } else ++#endif + if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) + goto err; + +@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1 + return rv; + } + ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md) ++{ ++ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, ++ flen, param, plen, md, ++ mgf1md, NULL); ++} ++ + int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, +diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h +--- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:16.621113073 +0200 ++++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:17.723112594 +0200 +@@ -469,6 +469,9 @@ extern "C" { + #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" + #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" + #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" ++#ifdef FIPS_MODULE ++#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" ++#endif + + /* + * Encoder / decoder parameters +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc +--- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-31 14:33:16.622113072 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:17.723112594 +0200 +@@ -1295,14 +1295,21 @@ static const ST_KAT_PARAM rsa_priv_key[] + }; + + /*- +- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the ++ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; ++static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; ++static const char oaep_fixed_seed[] = { ++ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, ++ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, ++ 0x2e, 0x4b, 0x2c, 0xe6 ++}; + + static const ST_KAT_PARAM rsa_enc_params[] = { +- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), ++ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), ++ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, ++ oaep_fixed_seed), + ST_KAT_PARAM_END() + }; + +@@ -1341,43 +1348,43 @@ static const unsigned char rsa_expected_ + 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 + }; + +-static const unsigned char rsa_asym_plaintext_encrypt[256] = { ++static const unsigned char rsa_asym_plaintext_encrypt[208] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + }; + static const unsigned char rsa_asym_expected_encrypt[256] = { +- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, +- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, +- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, +- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, +- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, +- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, +- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, +- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, +- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, +- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, +- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, +- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, +- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, +- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, +- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, +- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, +- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, +- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, +- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, +- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, +- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, +- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, +- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, +- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, +- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, +- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, +- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, +- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, +- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, +- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, +- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, +- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, ++ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, ++ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, ++ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, ++ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, ++ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, ++ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, ++ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, ++ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, ++ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, ++ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, ++ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, ++ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, ++ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, ++ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, ++ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, ++ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, ++ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, ++ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, ++ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, ++ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, ++ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, ++ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, ++ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, ++ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, ++ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, ++ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, ++ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, ++ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, ++ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, ++ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, ++ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, ++ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 + }; + + #ifndef OPENSSL_NO_EC +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_kats.c openssl-3.0.9-new/providers/fips/self_test_kats.c +--- openssl-3.0.9/providers/fips/self_test_kats.c 2023-05-31 14:33:16.622113072 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_kats.c 2023-05-31 14:33:17.723112594 +0200 +@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_T + return ret; + } + ++int REDHAT_FIPS_asym_cipher_st = 0; ++ + static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + { + int i, ret = 1; + ++ REDHAT_FIPS_asym_cipher_st = 1; ++ + for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { + if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) + ret = 0; + } ++ ++ REDHAT_FIPS_asym_cipher_st = 0; ++ + return ret; + } + +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c +--- openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:16.328113200 +0200 ++++ openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:17.723112594 +0200 +@@ -30,6 +30,9 @@ + #include "prov/implementations.h" + #include "prov/providercommon.h" + #include "prov/securitycheck.h" ++#ifdef FIPS_MODULE ++# include "crypto/rsa/rsa_local.h" ++#endif + + #include + +@@ -75,6 +78,9 @@ typedef struct { + /* TLS padding */ + unsigned int client_version; + unsigned int alt_version; ++#ifdef FIPS_MODULE ++ char *redhat_st_oaep_seed; ++#endif /* FIPS_MODULE */ + } PROV_RSA_CTX; + + static void *rsa_newctx(void *provctx) +@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, u + } + } + ret = +- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, ++#ifdef FIPS_MODULE ++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( ++#else ++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( ++#endif ++ prsactx->libctx, tbuf, + rsasize, in, inlen, + prsactx->oaep_label, + prsactx->oaep_labellen, + prsactx->oaep_md, +- prsactx->mgf1_md); ++ prsactx->mgf1_md ++#ifdef FIPS_MODULE ++ , prsactx->redhat_st_oaep_seed ++#endif ++ ); + + if (!ret) { + OPENSSL_free(tbuf); +@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx) + EVP_MD_free(prsactx->oaep_md); + EVP_MD_free(prsactx->mgf1_md); + OPENSSL_free(prsactx->oaep_label); ++#ifdef FIPS_MODULE ++ OPENSSL_free(prsactx->redhat_st_oaep_seed); ++#endif /* FIPS_MODULE */ + + OPENSSL_free(prsactx); + } +@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_c + NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), ++#endif /* FIPS_MODULE */ + OSSL_PARAM_END + }; + +@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ct + return known_gettable_ctx_params; + } + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_asym_cipher_st; ++#endif /* FIPS_MODULE */ ++ + static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; +@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprs + prsactx->oaep_labellen = tmp_labellen; + } + ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); ++ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { ++ void *tmp_oaep_seed = NULL; ++ ++ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) ++ return 0; ++ OPENSSL_free(prsactx->redhat_st_oaep_seed); ++ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; ++ } ++#endif /* FIPS_MODULE */ ++ + p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); + if (p != NULL) { + unsigned int client_version; diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch new file mode 100644 index 0000000..0b6a9fb --- /dev/null +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch @@ -0,0 +1,313 @@ +From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 15 Jul 2022 17:45:40 +0200 +Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test + +In review for FIPS 140-3, the lack of a self-test for the digest_sign +and digest_verify provider functions was highlighted as a problem. NIST +no longer provides ACVP tests for the RSA SigVer primitive (see +https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 +recommends the use of functions that compute the digest and signature +within the module, we have been advised in our module review that the +self tests should also use the combined digest and signature APIs, i.e. +the digest_sign and digest_verify provider functions. + +Modify the signature self-test to use these instead by switching to +EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to +crypto/evp/m_sigver.c to make these functions usable in the FIPS module. + +Signed-off-by: Clemens Lang +--- + crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ + providers/fips/self_test_kats.c | 37 +++++++++++++++------------- + 2 files changed, 56 insertions(+), 24 deletions(-) + +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index db1a1d7bc3..c94c3c53bd 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) + ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); + return 0; + } ++#endif /* !defined(FIPS_MODULE) */ + + /* + * If we get the "NULL" md then the name comes back as "UNDEF". We want to use +@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + reinit = 0; + if (e == NULL) + ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); ++#ifndef FIPS_MODULE + else + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); ++#endif /* !defined(FIPS_MODULE) */ + } + if (ctx->pctx == NULL) + return 0; +@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + locpctx = ctx->pctx; + ERR_set_mark(); + ++#ifndef FIPS_MODULE + if (evp_pkey_ctx_is_legacy(locpctx)) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + /* do not reinitialize if pkey is set or operation is different */ + if (reinit +@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + signature = + evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_sig, locpctx->propquery); ++#ifndef FIPS_MODULE + if (signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + break; + } + if (signature == NULL) +@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->fetched_digest != NULL) { + ctx->digest = ctx->reqdigest = ctx->fetched_digest; ++#ifndef FIPS_MODULE + } else { + /* legacy engine support : remove the mark when this is deleted */ + ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); +@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } ++#endif /* !defined(FIPS_MODULE) */ + } + (void)ERR_pop_to_mark(); + } + } + ++#ifndef FIPS_MODULE + if (ctx->reqdigest != NULL + && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) + && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) +@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + goto err; + } + } ++#endif /* !defined(FIPS_MODULE) */ + + if (ver) { + if (signature->digest_verify_init == NULL) { +@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + EVP_KEYMGMT_free(tmp_keymgmt); + return 0; + ++#ifndef FIPS_MODULE + legacy: + /* + * If we don't have the full support we need with provided methods, +@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ctx->pctx->flag_call_digest_custom = 1; + + ret = 1; ++#endif /* !defined(FIPS_MODULE) */ + + end: + #ifndef FIPS_MODULE +@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, + NULL); + } +-#endif /* FIPS_MDOE */ + + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + { +@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + return EVP_DigestUpdate(ctx, data, dsize); + } + +-#ifndef FIPS_MODULE + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ int r = 0; ++#ifndef FIPS_MODULE ++ int sctx = 0; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, + sigret, siglen, + sigret == NULL ? 0 : *siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + sigret, siglen, + *siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + } + } + return 1; ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, +@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { +- unsigned char md[EVP_MAX_MD_SIZE]; + int r = 0; ++#ifndef FIPS_MODULE ++ unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + int vctx = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, + sig, siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, + sig, siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* !defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + if (vctx || !r) + return r; + return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + return -1; + return EVP_DigestVerifyFinal(ctx, sigret, siglen); + } +-#endif /* FIPS_MODULE */ +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index b6d5e8e134..77eec075e6 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t, + int ret = 0; + OSSL_PARAM *params = NULL, *params_sig = NULL; + OSSL_PARAM_BLD *bld = NULL; ++ EVP_MD *md = NULL; ++ EVP_MD_CTX *ctx = NULL; + EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; + EVP_PKEY *pkey = NULL; +- unsigned char sig[256]; + BN_CTX *bnctx = NULL; + BIGNUM *K = NULL; ++ const char *msg = "Hello World!"; ++ unsigned char sig[256]; + size_t siglen = sizeof(sig); + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, +@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, + || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) + goto err; + +- /* Create a EVP_PKEY_CTX to use for the signing operation */ +- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); +- if (sctx == NULL +- || EVP_PKEY_sign_init(sctx) <= 0) +- goto err; +- +- /* set signature parameters */ +- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, +- t->mdalgorithm, +- strlen(t->mdalgorithm) + 1)) +- goto err; ++ /* Create a EVP_MD_CTX to use for the signature operation, assign signature ++ * parameters and sign */ + params_sig = OSSL_PARAM_BLD_to_param(bld); +- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) ++ md = EVP_MD_fetch(libctx, "SHA256", NULL); ++ ctx = EVP_MD_CTX_new(); ++ if (md == NULL || ctx == NULL) ++ goto err; ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 ++ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 ++ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 ++ || EVP_MD_CTX_reset(ctx) <= 0) + goto err; + +- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 +- || EVP_PKEY_verify_init(sctx) <= 0 ++ /* sctx is not freed automatically inside the FIPS module */ ++ EVP_PKEY_CTX_free(sctx); ++ sctx = NULL; ++ ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 + || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) + goto err; + +@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, + goto err; + + OSSL_SELF_TEST_oncorrupt_byte(st, sig); +- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) ++ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) + goto err; + ret = 1; + err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); +- EVP_PKEY_CTX_free(kctx); ++ EVP_MD_free(md); ++ EVP_MD_CTX_free(ctx); ++ /* sctx is not freed automatically inside the FIPS module */ + EVP_PKEY_CTX_free(sctx); ++ EVP_PKEY_CTX_free(kctx); + OSSL_PARAM_free(params); + OSSL_PARAM_free(params_sig); + OSSL_PARAM_BLD_free(bld); +-- +2.37.1 + diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch new file mode 100644 index 0000000..17bc510 --- /dev/null +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -0,0 +1,284 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/m_sigver.c openssl-3.0.9-new/crypto/evp/m_sigver.c +--- openssl-3.0.9/crypto/evp/m_sigver.c 2023-05-31 14:33:15.778113438 +0200 ++++ openssl-3.0.9-new/crypto/evp/m_sigver.c 2023-05-31 14:33:17.990112478 +0200 +@@ -98,6 +98,7 @@ static int update(EVP_MD_CTX *ctx, const + ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); + return 0; + } ++#endif /* !defined(FIPS_MODULE) */ + + /* + * If we get the "NULL" md then the name comes back as "UNDEF". We want to use +@@ -140,8 +141,10 @@ static int do_sigver_init(EVP_MD_CTX *ct + reinit = 0; + if (e == NULL) + ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); ++#ifndef FIPS_MODULE + else + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); ++#endif /* !defined(FIPS_MODULE) */ + } + if (ctx->pctx == NULL) + return 0; +@@ -149,8 +152,10 @@ static int do_sigver_init(EVP_MD_CTX *ct + locpctx = ctx->pctx; + ERR_set_mark(); + ++#ifndef FIPS_MODULE + if (evp_pkey_ctx_is_legacy(locpctx)) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + /* do not reinitialize if pkey is set or operation is different */ + if (reinit +@@ -235,8 +240,10 @@ static int do_sigver_init(EVP_MD_CTX *ct + signature = + evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_sig, locpctx->propquery); ++#ifndef FIPS_MODULE + if (signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + break; + } + if (signature == NULL) +@@ -320,6 +327,7 @@ static int do_sigver_init(EVP_MD_CTX *ct + ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->fetched_digest != NULL) { + ctx->digest = ctx->reqdigest = ctx->fetched_digest; ++#ifndef FIPS_MODULE + } else { + /* legacy engine support : remove the mark when this is deleted */ + ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); +@@ -328,11 +336,13 @@ static int do_sigver_init(EVP_MD_CTX *ct + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } ++#endif /* !defined(FIPS_MODULE) */ + } + (void)ERR_pop_to_mark(); + } + } + ++#ifndef FIPS_MODULE + if (ctx->reqdigest != NULL + && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) + && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) +@@ -347,6 +357,7 @@ static int do_sigver_init(EVP_MD_CTX *ct + } + } + } ++#endif /* !defined(FIPS_MODULE) */ + + if (ver) { + if (signature->digest_verify_init == NULL) { +@@ -379,6 +390,7 @@ static int do_sigver_init(EVP_MD_CTX *ct + EVP_KEYMGMT_free(tmp_keymgmt); + return 0; + ++#ifndef FIPS_MODULE + legacy: + /* + * If we don't have the full support we need with provided methods, +@@ -450,6 +462,7 @@ static int do_sigver_init(EVP_MD_CTX *ct + ctx->pctx->flag_call_digest_custom = 1; + + ret = 1; ++#endif /* !defined(FIPS_MODULE) */ + + end: + #ifndef FIPS_MODULE +@@ -492,7 +505,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, + NULL); + } +-#endif /* FIPS_MDOE */ + + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + { +@@ -554,23 +566,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c + return EVP_DigestUpdate(ctx, data, dsize); + } + +-#ifndef FIPS_MODULE + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ int r = 0; ++#ifndef FIPS_MODULE ++ int sctx = 0; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, + sigret, siglen, + sigret == NULL ? 0 : *siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -579,8 +597,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + sigret, siglen, + *siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -652,6 +672,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + } + } + return 1; ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, +@@ -682,21 +703,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { +- unsigned char md[EVP_MAX_MD_SIZE]; + int r = 0; ++#ifndef FIPS_MODULE ++ unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + int vctx = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, + sig, siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -704,8 +731,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct + r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, + sig, siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* !defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -745,6 +774,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct + if (vctx || !r) + return r; + return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +@@ -770,4 +800,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, co + return -1; + return EVP_DigestVerifyFinal(ctx, sigret, siglen); + } +-#endif /* FIPS_MODULE */ +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_kats.c openssl-3.0.9-new/providers/fips/self_test_kats.c +--- openssl-3.0.9/providers/fips/self_test_kats.c 2023-05-31 14:33:17.985112480 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_kats.c 2023-05-31 14:33:17.991112477 +0200 +@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_S + int ret = 0; + OSSL_PARAM *params = NULL, *params_sig = NULL; + OSSL_PARAM_BLD *bld = NULL; ++ EVP_MD *md = NULL; ++ EVP_MD_CTX *ctx = NULL; + EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; + EVP_PKEY *pkey = NULL; +- unsigned char sig[256]; + BN_CTX *bnctx = NULL; + BIGNUM *K = NULL; ++ const char *msg = "Hello World!"; ++ unsigned char sig[256]; + size_t siglen = sizeof(sig); + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, +@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_S + || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) + goto err; + +- /* Create a EVP_PKEY_CTX to use for the signing operation */ +- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); +- if (sctx == NULL +- || EVP_PKEY_sign_init(sctx) <= 0) +- goto err; +- +- /* set signature parameters */ +- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, +- t->mdalgorithm, +- strlen(t->mdalgorithm) + 1)) +- goto err; ++ /* Create a EVP_MD_CTX to use for the signature operation, assign signature ++ * parameters and sign */ + params_sig = OSSL_PARAM_BLD_to_param(bld); +- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) ++ md = EVP_MD_fetch(libctx, "SHA256", NULL); ++ ctx = EVP_MD_CTX_new(); ++ if (md == NULL || ctx == NULL) ++ goto err; ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 ++ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 ++ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 ++ || EVP_MD_CTX_reset(ctx) <= 0) + goto err; + +- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 +- || EVP_PKEY_verify_init(sctx) <= 0 ++ /* sctx is not freed automatically inside the FIPS module */ ++ EVP_PKEY_CTX_free(sctx); ++ sctx = NULL; ++ ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 + || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) + goto err; + +@@ -518,14 +524,17 @@ static int self_test_sign(const ST_KAT_S + goto err; + + OSSL_SELF_TEST_oncorrupt_byte(st, sig); +- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) ++ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) + goto err; + ret = 1; + err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); +- EVP_PKEY_CTX_free(kctx); ++ EVP_MD_free(md); ++ EVP_MD_CTX_free(ctx); ++ /* sctx is not freed automatically inside the FIPS module */ + EVP_PKEY_CTX_free(sctx); ++ EVP_PKEY_CTX_free(kctx); + OSSL_PARAM_free(params); + OSSL_PARAM_free(params_sig); + OSSL_PARAM_BLD_free(bld); diff --git a/0075-FIPS-Use-FFDHE2048-in-self-test.patch b/0075-FIPS-Use-FFDHE2048-in-self-test.patch new file mode 100644 index 0000000..813d0ef --- /dev/null +++ b/0075-FIPS-Use-FFDHE2048-in-self-test.patch @@ -0,0 +1,362 @@ +diff -rupN --no-dereference openssl-3.0.9/providers/fips/self_test_data.inc openssl-3.0.9-new/providers/fips/self_test_data.inc +--- openssl-3.0.9/providers/fips/self_test_data.inc 2023-05-31 14:33:17.985112480 +0200 ++++ openssl-3.0.9-new/providers/fips/self_test_data.inc 2023-05-31 14:33:18.254112362 +0200 +@@ -824,188 +824,190 @@ static const ST_KAT_DRBG st_kat_drbg_tes + + #ifndef OPENSSL_NO_DH + /* DH KAT */ ++/* RFC7919 FFDHE2048 p */ + static const unsigned char dh_p[] = { +- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, +- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, +- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, +- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, +- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, +- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, +- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, +- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, +- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, +- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, +- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, +- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, +- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, +- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, +- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, +- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, +- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, +- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, +- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, +- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, +- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, +- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, +- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, +- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, +- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, +- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, +- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, +- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, +- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, +- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, +- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, +- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, ++ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, ++ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, ++ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, ++ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, ++ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, ++ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, ++ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, ++ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, ++ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, ++ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, ++ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, ++ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, ++ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, ++ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, ++ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, ++ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, ++ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, ++ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, ++ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, ++ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, ++ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, ++ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, ++ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, ++ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, ++ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, ++ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, ++ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, ++ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, ++ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + }; ++/* RFC7919 FFDHE2048 q */ + static const unsigned char dh_q[] = { +- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, +- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, +- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, +- 0x11, 0xac, 0xb5, 0x7d ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d, ++ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, ++ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd, ++ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, ++ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd, ++ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, ++ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79, ++ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, ++ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39, ++ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, ++ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0, ++ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, ++ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa, ++ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, ++ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76, ++ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, ++ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1, ++ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, ++ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9, ++ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + }; ++/* RFC7919 FFDHE2048 g */ + static const unsigned char dh_g[] = { +- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, +- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, +- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, +- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, +- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, +- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, +- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, +- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, +- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, +- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, +- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, +- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, +- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, +- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, +- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, +- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, +- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, +- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, +- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, +- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, +- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, +- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, +- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, +- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, +- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, +- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, +- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, +- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, +- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, +- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, +- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, +- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 ++ 0x02 + }; + static const unsigned char dh_priv[] = { +- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, +- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, +- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, +- 0x40, 0xb8, 0xfc, 0xe6 ++ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f, ++ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d, ++ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d, ++ 0x6c, 0xdc, 0x5d, 0x6e, 0x94 + }; + static const unsigned char dh_pub[] = { +- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, +- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, +- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, +- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, +- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, +- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, +- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, +- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, +- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, +- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, +- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, +- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, +- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, +- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, +- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, +- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, +- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, +- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, +- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, +- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, +- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, +- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, +- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, +- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, +- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, +- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, +- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, +- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, +- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, +- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, +- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, +- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 ++ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05, ++ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f, ++ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43, ++ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23, ++ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a, ++ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b, ++ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c, ++ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63, ++ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38, ++ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6, ++ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a, ++ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94, ++ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92, ++ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44, ++ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53, ++ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13, ++ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30, ++ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b, ++ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01, ++ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d, ++ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18, ++ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81, ++ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f, ++ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7, ++ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39, ++ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed, ++ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71, ++ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce, ++ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04, ++ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69, ++ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed, ++ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2, ++ 0x32 + }; + static const unsigned char dh_peer_pub[] = { +- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, +- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, +- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, +- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, +- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, +- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, +- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, +- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, +- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, +- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, +- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, +- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, +- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, +- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, +- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, +- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, +- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, +- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, +- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, +- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, +- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, +- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, +- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, +- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, +- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, +- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, +- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, +- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, +- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, +- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, +- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, +- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b ++ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79, ++ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda, ++ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29, ++ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84, ++ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57, ++ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5, ++ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68, ++ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c, ++ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6, ++ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20, ++ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d, ++ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3, ++ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a, ++ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77, ++ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73, ++ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53, ++ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1, ++ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05, ++ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a, ++ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5, ++ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9, ++ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91, ++ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31, ++ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f, ++ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4, ++ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e, ++ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59, ++ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84, ++ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a, ++ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd, ++ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2, ++ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87, ++ 0x64 + }; + + static const unsigned char dh_secret_expected[] = { +- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, +- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, +- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, +- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, +- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, +- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, +- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, +- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, +- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, +- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, +- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, +- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, +- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, +- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, +- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, +- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, +- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, +- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, +- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, +- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, +- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, +- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, +- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, +- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, +- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, +- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, +- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, +- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, +- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, +- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, +- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, +- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 ++ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5, ++ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5, ++ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93, ++ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5, ++ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e, ++ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39, ++ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04, ++ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d, ++ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c, ++ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47, ++ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae, ++ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08, ++ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19, ++ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8, ++ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f, ++ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e, ++ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2, ++ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d, ++ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4, ++ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4, ++ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66, ++ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46, ++ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0, ++ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70, ++ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c, ++ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f, ++ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25, ++ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc, ++ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02, ++ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04, ++ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1, ++ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89 + }; + + static const ST_KAT_PARAM dh_group[] = { diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch new file mode 100644 index 0000000..c1f5646 --- /dev/null +++ b/0076-FIPS-140-3-DRBG.patch @@ -0,0 +1,129 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/rand/prov_seed.c openssl-3.0.9-new/crypto/rand/prov_seed.c +--- openssl-3.0.9/crypto/rand/prov_seed.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rand/prov_seed.c 2023-05-31 14:33:18.508112251 +0200 +@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused + size_t entropy_available; + RAND_POOL *pool; + +- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); + if (pool == NULL) { + ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); + return 0; +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/rands/crngt.c openssl-3.0.9-new/providers/implementations/rands/crngt.c +--- openssl-3.0.9/providers/implementations/rands/crngt.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/rands/crngt.c 2023-05-31 14:33:18.508112251 +0200 +@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG + * to the nearest byte. If the entropy is of less than full quality, + * the amount required should be scaled up appropriately here. + */ +- bytes_needed = (entropy + 7) / 8; ++ /* ++ * FIPS 140-3: the yet draft SP800-90C requires requested entropy ++ * + 128 bits during initial seeding ++ */ ++ bytes_needed = (entropy + 128 + 7) / 8; + if (bytes_needed < min_len) + bytes_needed = min_len; + if (bytes_needed > max_len) +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/rands/drbg.c openssl-3.0.9-new/providers/implementations/rands/drbg.c +--- openssl-3.0.9/providers/implementations/rands/drbg.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/rands/drbg.c 2023-05-31 14:33:18.507112252 +0200 +@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb + #endif + } + ++#ifdef FIPS_MODULE ++ prediction_resistance = 1; ++#endif + /* Reseed using our sources in addition */ + entropylen = get_entropy(drbg, &entropy, drbg->strength, + drbg->min_entropylen, drbg->max_entropylen, +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/rands/seeding/rand_unix.c openssl-3.0.9-new/providers/implementations/rands/seeding/rand_unix.c +--- openssl-3.0.9/providers/implementations/rands/seeding/rand_unix.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/rands/seeding/rand_unix.c 2023-05-31 14:33:18.507112252 +0200 +@@ -48,6 +48,8 @@ + # include + # include + # include ++# include ++# include + + static uint64_t get_time_stamp(void); + static uint64_t get_timer_bits(void); +@@ -342,66 +344,8 @@ static ssize_t syscall_random(void *buf, + * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion + * between size_t and ssize_t is safe even without a range check. + */ +- +- /* +- * Do runtime detection to find getentropy(). +- * +- * Known OSs that should support this: +- * - Darwin since 16 (OSX 10.12, IOS 10.0). +- * - Solaris since 11.3 +- * - OpenBSD since 5.6 +- * - Linux since 3.17 with glibc 2.25 +- * - FreeBSD since 12.0 (1200061) +- * +- * Note: Sometimes getentropy() can be provided but not implemented +- * internally. So we need to check errno for ENOSYS +- */ +-# if !defined(__DragonFly__) && !defined(__NetBSD__) +-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) +- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); +- +- if (getentropy != NULL) { +- if (getentropy(buf, buflen) == 0) +- return (ssize_t)buflen; +- if (errno != ENOSYS) +- return -1; +- } +-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) +- +- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) +- return (ssize_t)buflen; +- +- return -1; +-# else +- union { +- void *p; +- int (*f)(void *buffer, size_t length); +- } p_getentropy; +- +- /* +- * We could cache the result of the lookup, but we normally don't +- * call this function often. +- */ +- ERR_set_mark(); +- p_getentropy.p = DSO_global_lookup("getentropy"); +- ERR_pop_to_mark(); +- if (p_getentropy.p != NULL) +- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; +-# endif +-# endif /* !__DragonFly__ */ +- +- /* Linux supports this since version 3.17 */ +-# if defined(__linux) && defined(__NR_getrandom) +- return syscall(__NR_getrandom, buf, buflen, 0); +-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +- return sysctl_random(buf, buflen); +-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ +- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) +- return getrandom(buf, buflen, 0); +-# else +- errno = ENOSYS; +- return -1; +-# endif ++ /* Red Hat uses downstream patch to always seed from getrandom() */ ++ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); + } + # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ + diff --git a/0077-FIPS-140-3-zeroization.patch b/0077-FIPS-140-3-zeroization.patch new file mode 100644 index 0000000..1a29142 --- /dev/null +++ b/0077-FIPS-140-3-zeroization.patch @@ -0,0 +1,76 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/ec/ec_lib.c openssl-3.0.9-new/crypto/ec/ec_lib.c +--- openssl-3.0.9/crypto/ec/ec_lib.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ec/ec_lib.c 2023-05-31 14:33:18.763112140 +0200 +@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g + + void EC_POINT_free(EC_POINT *point) + { ++#ifdef FIPS_MODULE ++ EC_POINT_clear_free(point); ++#else + if (point == NULL) + return; + + if (point->meth->point_finish != 0) + point->meth->point_finish(point); + OPENSSL_free(point); ++#endif + } + + void EC_POINT_clear_free(EC_POINT *point) +diff -rupN --no-dereference openssl-3.0.9/crypto/ffc/ffc_params.c openssl-3.0.9-new/crypto/ffc/ffc_params.c +--- openssl-3.0.9/crypto/ffc/ffc_params.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/ffc/ffc_params.c 2023-05-31 14:33:18.762112140 +0200 +@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa + + void ossl_ffc_params_cleanup(FFC_PARAMS *params) + { +- BN_free(params->p); +- BN_free(params->q); +- BN_free(params->g); +- BN_free(params->j); ++ BN_clear_free(params->p); ++ BN_clear_free(params->q); ++ BN_clear_free(params->g); ++ BN_clear_free(params->j); + OPENSSL_free(params->seed); + ossl_ffc_params_init(params); + } +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_lib.c openssl-3.0.9-new/crypto/rsa/rsa_lib.c +--- openssl-3.0.9/crypto/rsa/rsa_lib.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_lib.c 2023-05-31 14:33:18.762112140 +0200 +@@ -155,8 +155,8 @@ void RSA_free(RSA *r) + + CRYPTO_THREAD_lock_free(r->lock); + +- BN_free(r->n); +- BN_free(r->e); ++ BN_clear_free(r->n); ++ BN_clear_free(r->e); + BN_clear_free(r->d); + BN_clear_free(r->p); + BN_clear_free(r->q); +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/hkdf.c openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c +--- openssl-3.0.9/providers/implementations/kdfs/hkdf.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c 2023-05-31 14:33:18.762112140 +0200 +@@ -117,7 +117,7 @@ static void kdf_hkdf_reset(void *vctx) + void *provctx = ctx->provctx; + + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_free(ctx->prefix); + OPENSSL_free(ctx->label); + OPENSSL_clear_free(ctx->data, ctx->data_len); +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/pbkdf2.c openssl-3.0.9-new/providers/implementations/kdfs/pbkdf2.c +--- openssl-3.0.9/providers/implementations/kdfs/pbkdf2.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/providers/implementations/kdfs/pbkdf2.c 2023-05-31 14:33:18.763112140 +0200 +@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct + static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) + { + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_clear_free(ctx->pass, ctx->pass_len); + memset(ctx, 0, sizeof(*ctx)); + } diff --git a/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch new file mode 100644 index 0000000..ad2ec20 --- /dev/null +++ b/0078-Add-FIPS-indicator-parameter-to-HKDF.patch @@ -0,0 +1,95 @@ +diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h +--- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:17.985112480 +0200 ++++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:19.031112023 +0200 +@@ -224,6 +224,7 @@ extern "C" { + #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" + #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" + #define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" ++#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator" + + /* Known KDF names */ + #define OSSL_KDF_NAME_HKDF "HKDF" +diff -rupN --no-dereference openssl-3.0.9/include/openssl/kdf.h openssl-3.0.9-new/include/openssl/kdf.h +--- openssl-3.0.9/include/openssl/kdf.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/openssl/kdf.h 2023-05-31 14:33:19.031112023 +0200 +@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF * + # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 + # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + ++# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1 ++# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2 ++ + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 + #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/kdfs/hkdf.c openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c +--- openssl-3.0.9/providers/implementations/kdfs/hkdf.c 2023-05-31 14:33:19.027112025 +0200 ++++ openssl-3.0.9-new/providers/implementations/kdfs/hkdf.c 2023-05-31 14:33:19.032112022 +0200 +@@ -340,6 +340,56 @@ static int kdf_hkdf_get_ctx_params(void + return 0; + return OSSL_PARAM_set_size_t(p, sz); + } ++ ++#ifdef FIPS_MODULE ++ if ((p = OSSL_PARAM_locate(params, ++ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) { ++ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED; ++ switch (ctx->mode) { ++ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: ++ /* TLS 1.3 never uses extract-and-expand */ ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ break; ++ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: ++ { ++ /* When TLS 1.3 uses extract, the following holds: ++ * 1. The salt length matches the hash length, and either ++ * 2.1. the key is all zeroes and matches the hash length, or ++ * 2.2. the key originates from a PSK (resumption_master_secret ++ * or some externally esablished key), or an ECDH or DH key ++ * derivation. See ++ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1. ++ * Unfortunately at this point, we cannot verify where the key ++ * comes from, so all we can do is check the salt length. ++ */ ++ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); ++ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md)) ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; ++ else ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ break; ++ case EVP_KDF_HKDF_MODE_EXPAND_ONLY: ++ /* When TLS 1.3 uses expand, it always provides a label that ++ * contains an uint16 for the length, followed by between 7 and 255 ++ * bytes for a label string that starts with "tls13 " or "dtls13". ++ * For compatibility with future versions, we only check for "tls" ++ * or "dtls". See ++ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and ++ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */ ++ if (ctx->label != NULL ++ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */ ++ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 || ++ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0)) ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; ++ else ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ break; ++ } ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + return -2; + } + +@@ -348,6 +398,9 @@ static const OSSL_PARAM *kdf_hkdf_gettab + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; diff --git a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch b/0079-Fix-AES-GCM-on-Power-8-CPUs.patch new file mode 100644 index 0000000..f2d5517 --- /dev/null +++ b/0079-Fix-AES-GCM-on-Power-8-CPUs.patch @@ -0,0 +1,125 @@ +diff -rupN --no-dereference openssl-3.0.9/include/crypto/aes_platform.h openssl-3.0.9-new/include/crypto/aes_platform.h +--- openssl-3.0.9/include/crypto/aes_platform.h 2023-05-31 14:33:17.454112711 +0200 ++++ openssl-3.0.9-new/include/crypto/aes_platform.h 2023-05-31 14:33:19.301111904 +0200 +@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigne + size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, unsigned char ivec[16], + u64 *Xi); +-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, +- size_t len, const void *key, +- unsigned char ivec[16], u64 *Xi); +-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, +- size_t len, const void *key, +- unsigned char ivec[16], u64 *Xi); +-# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap +-# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap +-# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ +- (gctx)->gcm.ghash==gcm_ghash_p8) ++# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ ++ (gctx)->gcm.ghash==gcm_ghash_p8) + void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); + # endif /* PPC */ + +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc +--- openssl-3.0.9/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2023-05-31 14:33:17.454112711 +0200 ++++ openssl-3.0.9-new/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2023-05-31 14:33:19.301111904 +0200 +@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_ + return 1; + } + +- +-extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, +- const void *key, unsigned char ivec[16], u64 *Xi); +-extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, +- const void *key, unsigned char ivec[16], u64 *Xi); +- + static inline u32 UTO32(unsigned char *buf) + { + return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); +@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char + return r; + } + +-static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, ++static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) + { + int s = 0; +@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const un + return ndone; + } + +-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, +- const void *key, unsigned char ivec[16], u64 *Xi) +-{ +- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); +-} +- +-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, +- const void *key, unsigned char ivec[16], u64 *Xi) ++static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, ++ size_t len, unsigned char *out) + { +- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); ++ if (ctx->enc) { ++ if (ctx->ctr != NULL) { ++ size_t bulk = 0; ++ ++ if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) { ++ size_t res = (16 - ctx->gcm.mres) % 16; ++ ++ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res)) ++ return 0; ++ ++ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, ++ ctx->gcm.key, ++ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1); ++ ++ ctx->gcm.len.u[1] += bulk; ++ bulk += res; ++ } ++ if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, ++ len - bulk, ctx->ctr)) ++ return 0; ++ } else { ++ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) ++ return 0; ++ } ++ } else { ++ if (ctx->ctr != NULL) { ++ size_t bulk = 0; ++ ++ if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) { ++ size_t res = (16 - ctx->gcm.mres) % 16; ++ ++ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res)) ++ return -1; ++ ++ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, ++ ctx->gcm.key, ++ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0); ++ ++ ctx->gcm.len.u[1] += bulk; ++ bulk += res; ++ } ++ if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, ++ len - bulk, ctx->ctr)) ++ return 0; ++ } else { ++ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) ++ return 0; ++ } ++ } ++ return 1; + } + +- + static const PROV_GCM_HW aes_ppc_gcm = { + aes_ppc_gcm_initkey, + ossl_gcm_setiv, + ossl_gcm_aad_update, +- generic_aes_gcm_cipher_update, ++ ppc_aes_gcm_cipher_update, + ossl_gcm_cipher_final, + ossl_gcm_one_shot + }; diff --git a/0100-RSA-PKCS15-implicit-rejection.patch b/0100-RSA-PKCS15-implicit-rejection.patch new file mode 100644 index 0000000..e414d49 --- /dev/null +++ b/0100-RSA-PKCS15-implicit-rejection.patch @@ -0,0 +1,1336 @@ +diff -rupN --no-dereference openssl-3.0.9/crypto/cms/cms_env.c openssl-3.0.9-new/crypto/cms/cms_env.c +--- openssl-3.0.9/crypto/cms/cms_env.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/cms/cms_env.c 2023-05-31 14:33:19.564111789 +0200 +@@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decryp + if (!ossl_cms_env_asn1_ctrl(ri, 1)) + goto err; + ++ if (EVP_PKEY_is_a(pkey, "RSA")) ++ /* upper layer CMS code incorrectly assumes that a successful RSA ++ * decryption means that the key matches ciphertext (which never ++ * was the case, implicit rejection or not), so to make it work ++ * disable implicit rejection for RSA keys */ ++ EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0"); ++ + if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, + ktri->encryptedKey->data, + ktri->encryptedKey->length) <= 0) +diff -rupN --no-dereference openssl-3.0.9/crypto/evp/ctrl_params_translate.c openssl-3.0.9-new/crypto/evp/ctrl_params_translate.c +--- openssl-3.0.9/crypto/evp/ctrl_params_translate.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/evp/ctrl_params_translate.c 2023-05-31 14:33:19.564111789 +0200 +@@ -2256,6 +2256,12 @@ static const struct translation_st evp_p + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, + OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, + ++ { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, ++ EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL, ++ "rsa_pkcs1_implicit_rejection", ++ OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, OSSL_PARAM_UNSIGNED_INTEGER, ++ NULL }, ++ + { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, + EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, + OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, +diff -rupN --no-dereference openssl-3.0.9/crypto/pkcs7/pk7_doit.c openssl-3.0.9-new/crypto/pkcs7/pk7_doit.c +--- openssl-3.0.9/crypto/pkcs7/pk7_doit.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/pkcs7/pk7_doit.c 2023-05-31 14:33:19.565111788 +0200 +@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + ++ if (EVP_PKEY_is_a(pkey, "RSA")) ++ /* upper layer pkcs7 code incorrectly assumes that a successful RSA ++ * decryption means that the key matches ciphertext (which never ++ * was the case, implicit rejection or not), so to make it work ++ * disable implicit rejection for RSA keys */ ++ EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0"); ++ + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + goto err; +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_ossl.c openssl-3.0.9-new/crypto/rsa/rsa_ossl.c +--- openssl-3.0.9/crypto/rsa/rsa_ossl.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_ossl.c 2023-05-31 14:33:19.565111788 +0200 +@@ -17,6 +17,9 @@ + #include "crypto/bn.h" + #include "rsa_local.h" + #include "internal/constant_time.h" ++#include ++#include ++#include + + static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +@@ -377,8 +380,13 @@ static int rsa_ossl_private_decrypt(int + BIGNUM *f, *ret; + int j, num = 0, r = -1; + unsigned char *buf = NULL; ++ unsigned char d_hash[SHA256_DIGEST_LENGTH] = {0}; ++ HMAC_CTX *hmac = NULL; ++ unsigned int md_len = SHA256_DIGEST_LENGTH; ++ unsigned char kdk[SHA256_DIGEST_LENGTH] = {0}; + BN_CTX *ctx = NULL; + int local_blinding = 0; ++ EVP_MD *md = NULL; + /* + * Used only if the blinding structure is shared. A non-NULL unblind + * instructs rsa_blinding_convert() and rsa_blinding_invert() to store +@@ -387,6 +395,12 @@ static int rsa_ossl_private_decrypt(int + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + ++ /* ++ * we need the value of the private exponent to perform implicit rejection ++ */ ++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) && (padding == RSA_PKCS1_PADDING)) ++ padding = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; ++ + if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) + goto err; + BN_CTX_start(ctx); +@@ -408,6 +422,11 @@ static int rsa_ossl_private_decrypt(int + goto err; + } + ++ if (flen < 1) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL); ++ goto err; ++ } ++ + /* make data into a big number */ + if (BN_bin2bn(from, (int)flen, f) == NULL) + goto err; +@@ -468,6 +487,81 @@ static int rsa_ossl_private_decrypt(int + BN_free(d); + } + ++ /* ++ * derive the Key Derivation Key from private exponent and public ++ * ciphertext ++ */ ++ if (padding == RSA_PKCS1_PADDING) { ++ /* ++ * because we use d as a handle to rsa->d we need to keep it local and ++ * free before any further use of rsa->d ++ */ ++ BIGNUM *d = BN_new(); ++ if (d == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (rsa->d == NULL) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_MISSING_PRIVATE_KEY); ++ BN_free(d); ++ goto err; ++ } ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ if (BN_bn2binpad(d, buf, num) < 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ BN_free(d); ++ goto err; ++ } ++ BN_free(d); ++ ++ /* ++ * we use hardcoded hash so that migrating between versions that use ++ * different hash doesn't provide a Bleichenbacher oracle: ++ * if the attacker can see that different versions return different ++ * messages for the same ciphertext, they'll know that the message is ++ * syntethically generated, which means that the padding check failed ++ */ ++ md = EVP_MD_fetch(rsa->libctx, "sha256", NULL); ++ if (md == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (EVP_Digest(buf, num, d_hash, NULL, md, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ hmac = HMAC_CTX_new(); ++ if (hmac == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (HMAC_Init_ex(hmac, d_hash, sizeof(d_hash), md, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (flen < num) { ++ memset(buf, 0, num - flen); ++ if (HMAC_Update(hmac, buf, num - flen) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ if (HMAC_Update(hmac, from, flen) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ md_len = SHA256_DIGEST_LENGTH; ++ if (HMAC_Final(hmac, kdk, &md_len) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ + if (blinding) + if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) + goto err; +@@ -477,9 +571,12 @@ static int rsa_ossl_private_decrypt(int + goto err; + + switch (padding) { +- case RSA_PKCS1_PADDING: ++ case RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING: + r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); + break; ++ case RSA_PKCS1_PADDING: ++ r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk); ++ break; + case RSA_PKCS1_OAEP_PADDING: + r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); + break; +@@ -501,6 +598,8 @@ static int rsa_ossl_private_decrypt(int + #endif + + err: ++ HMAC_CTX_free(hmac); ++ EVP_MD_free(md); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OPENSSL_clear_free(buf, num); +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_pk1.c openssl-3.0.9-new/crypto/rsa/rsa_pk1.c +--- openssl-3.0.9/crypto/rsa/rsa_pk1.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_pk1.c 2023-05-31 14:33:19.565111788 +0200 +@@ -21,10 +21,14 @@ + #include + /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ + #include ++#include ++#include ++#include + #include "internal/cryptlib.h" + #include "crypto/rsa.h" + #include "rsa_local.h" + ++ + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *from, int flen) + { +@@ -273,6 +277,254 @@ int RSA_padding_check_PKCS1_type_2(unsig + return constant_time_select_int(good, mlen, -1); + } + ++ ++static int ossl_rsa_prf(OSSL_LIB_CTX *ctx, ++ unsigned char *to, int tlen, ++ const char *label, int llen, ++ const unsigned char *kdk, ++ uint16_t bitlen) ++{ ++ int pos; ++ int ret = -1; ++ uint16_t iter = 0; ++ unsigned char be_iter[sizeof(iter)]; ++ unsigned char be_bitlen[sizeof(bitlen)]; ++ HMAC_CTX *hmac = NULL; ++ EVP_MD *md = NULL; ++ unsigned char hmac_out[SHA256_DIGEST_LENGTH]; ++ unsigned int md_len; ++ ++ if (tlen * 8 != bitlen) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ return ret; ++ } ++ ++ be_bitlen[0] = (bitlen >> 8) & 0xff; ++ be_bitlen[1] = bitlen & 0xff; ++ ++ hmac = HMAC_CTX_new(); ++ if (hmac == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ /* ++ * we use hardcoded hash so that migrating between versions that use ++ * different hash doesn't provide a Bleichenbacher oracle: ++ * if the attacker can see that different versions return different ++ * messages for the same ciphertext, they'll know that the message is ++ * syntethically generated, which means that the padding check failed ++ */ ++ md = EVP_MD_fetch(ctx, "sha256", NULL); ++ if (md == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (HMAC_Init_ex(hmac, kdk, SHA256_DIGEST_LENGTH, md, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ for (pos = 0; pos < tlen; pos += SHA256_DIGEST_LENGTH, iter++) { ++ if (HMAC_Init_ex(hmac, NULL, 0, NULL, NULL) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ be_iter[0] = (iter >> 8) & 0xff; ++ be_iter[1] = iter & 0xff; ++ ++ if (HMAC_Update(hmac, be_iter, sizeof(be_iter)) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if (HMAC_Update(hmac, (unsigned char *)label, llen) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if (HMAC_Update(hmac, be_bitlen, sizeof(be_bitlen)) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ /* ++ * HMAC_Final requires the output buffer to fit the whole MAC ++ * value, so we need to use the intermediate buffer for the last ++ * unaligned block ++ */ ++ md_len = SHA256_DIGEST_LENGTH; ++ if (pos + SHA256_DIGEST_LENGTH > tlen) { ++ if (HMAC_Final(hmac, hmac_out, &md_len) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ memcpy(to + pos, hmac_out, tlen - pos); ++ } else { ++ if (HMAC_Final(hmac, to + pos, &md_len) <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ } ++ ++ ret = 0; ++ ++err: ++ HMAC_CTX_free(hmac); ++ EVP_MD_free(md); ++ return ret; ++} ++ ++/* ++ * ossl_rsa_padding_check_PKCS1_type_2() checks and removes the PKCS#1 type 2 ++ * padding from a decrypted RSA message. Unlike the ++ * RSA_padding_check_PKCS1_type_2() it will not return an error in case it ++ * detects a padding error, rather it will return a deterministically generated ++ * random message. In other words it will perform an implicit rejection ++ * of an invalid padding. This means that the returned value does not indicate ++ * if the padding of the encrypted message was correct or not, making ++ * side channel attacks like the ones described by Bleichenbacher impossible ++ * without access to the full decrypted value and a brute-force search of ++ * remaining padding bytes ++ */ ++int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ int num, unsigned char *kdk) ++{ ++/* ++ * We need to generate a random length for the synthethic message, to avoid ++ * bias towards zero and avoid non-constant timeness of DIV, we prepare ++ * 128 values to check if they are not too large for the used key size, ++ * and use 0 in case none of them are small enough, as 2^-128 is a good enough ++ * safety margin ++ */ ++#define MAX_LEN_GEN_TRIES 128 ++ unsigned char *synthetic = NULL; ++ int synthethic_length; ++ uint16_t len_candidate; ++ unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)]; ++ uint16_t len_mask; ++ uint16_t max_sep_offset; ++ int synth_msg_index = 0; ++ int ret = -1; ++ int i, j; ++ unsigned int good, found_zero_byte; ++ int zero_index = 0, msg_index; ++ ++ /* ++ * If these checks fail then either the message in publicly invalid, or ++ * we've been called incorrectly. We can fail immediately. ++ * Since this code is called only internally by openssl, those are just ++ * sanity checks ++ */ ++ if (num != flen || tlen <= 0 || flen <= 0) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ return -1; ++ } ++ ++ /* Generate a random message to return in case the padding checks fail */ ++ synthetic = OPENSSL_malloc(flen); ++ if (synthetic == NULL) { ++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ ++ if (ossl_rsa_prf(ctx, synthetic, flen, "message", 7, kdk, flen * 8) < 0) ++ goto err; ++ ++ /* decide how long the random message should be */ ++ if (ossl_rsa_prf(ctx, candidate_lengths, sizeof(candidate_lengths), ++ "length", 6, kdk, ++ MAX_LEN_GEN_TRIES * sizeof(len_candidate) * 8) < 0) ++ goto err; ++ ++ /* ++ * max message size is the size of the modulus size less 2 bytes for ++ * version and padding type and a minimum of 8 bytes padding ++ */ ++ len_mask = max_sep_offset = flen - 2 - 8; ++ /* ++ * we want a mask so lets propagate the high bit to all positions less ++ * significant than it ++ */ ++ len_mask |= len_mask >> 1; ++ len_mask |= len_mask >> 2; ++ len_mask |= len_mask >> 4; ++ len_mask |= len_mask >> 8; ++ ++ synthethic_length = 0; ++ for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate); ++ i += sizeof(len_candidate)) { ++ len_candidate = (candidate_lengths[i] << 8) | candidate_lengths[i + 1]; ++ len_candidate &= len_mask; ++ ++ synthethic_length = constant_time_select_int( ++ constant_time_lt(len_candidate, max_sep_offset), ++ len_candidate, synthethic_length); ++ } ++ ++ synth_msg_index = flen - synthethic_length; ++ ++ /* we have alternative message ready, check the real one */ ++ good = constant_time_is_zero(from[0]); ++ good &= constant_time_eq(from[1], 2); ++ ++ /* then look for the padding|message separator (the first zero byte) */ ++ found_zero_byte = 0; ++ for (i = 2; i < flen; i++) { ++ unsigned int equals0 = constant_time_is_zero(from[i]); ++ zero_index = constant_time_select_int(~found_zero_byte & equals0, ++ i, zero_index); ++ found_zero_byte |= equals0; ++ } ++ ++ /* ++ * padding must be at least 8 bytes long, and it starts two bytes into ++ * |from|. If we never found a 0-byte, then |zero_index| is 0 and the check ++ * also fails. ++ */ ++ good &= constant_time_ge(zero_index, 2 + 8); ++ ++ /* ++ * Skip the zero byte. This is incorrect if we never found a zero-byte ++ * but in this case we also do not copy the message out. ++ */ ++ msg_index = zero_index + 1; ++ ++ /* ++ * old code returned an error in case the decrypted message wouldn't fit ++ * into the |to|, since that would leak information, return the synthethic ++ * message instead ++ */ ++ good &= constant_time_ge(tlen, num - msg_index); ++ ++ msg_index = constant_time_select_int(good, msg_index, synth_msg_index); ++ ++ /* ++ * since at this point the |msg_index| does not provide the signal ++ * indicating if the padding check failed or not, we don't have to worry ++ * about leaking the length of returned message, we still need to ensure ++ * that we read contents of both buffers so that cache accesses don't leak ++ * the value of |good| ++ */ ++ for (i = msg_index, j = 0; i < flen && j < tlen; i++, j++) ++ to[j] = constant_time_select_8(good, from[i], synthetic[i]); ++ ret = j; ++ ++err: ++ /* ++ * the only time ret < 0 is when the ciphertext is publicly invalid ++ * or we were called with invalid parameters, so we don't have to perform ++ * a side-channel secure raising of the error ++ */ ++ if (ret < 0) ++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); ++ OPENSSL_free(synthetic); ++ return ret; ++} ++ + /* + * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 + * padding from a decrypted RSA message in a TLS signature. The result is stored +diff -rupN --no-dereference openssl-3.0.9/crypto/rsa/rsa_pmeth.c openssl-3.0.9-new/crypto/rsa/rsa_pmeth.c +--- openssl-3.0.9/crypto/rsa/rsa_pmeth.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/rsa/rsa_pmeth.c 2023-05-31 14:33:19.566111788 +0200 +@@ -52,6 +52,8 @@ typedef struct { + /* OAEP label */ + unsigned char *oaep_label; + size_t oaep_labellen; ++ /* if to use implicit rejection in PKCS#1 v1.5 decryption */ ++ int implicit_rejection; + } RSA_PKEY_CTX; + + /* True if PSS parameters are restricted */ +@@ -72,6 +74,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *c + /* Maximum for sign, auto for verify */ + rctx->saltlen = RSA_PSS_SALTLEN_AUTO; + rctx->min_saltlen = -1; ++ rctx->implicit_rejection = 1; + ctx->data = rctx; + ctx->keygen_info = rctx->gentmp; + ctx->keygen_info_count = 2; +@@ -97,6 +100,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *d + dctx->md = sctx->md; + dctx->mgf1md = sctx->mgf1md; + dctx->saltlen = sctx->saltlen; ++ dctx->implicit_rejection = sctx->implicit_rejection; + if (sctx->oaep_label) { + OPENSSL_free(dctx->oaep_label); + dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); +@@ -347,6 +351,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX + const unsigned char *in, size_t inlen) + { + int ret; ++ int pad_mode; + RSA_PKEY_CTX *rctx = ctx->data; + /* + * Discard const. Its marked as const because this may be a cached copy of +@@ -367,7 +372,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX + rctx->oaep_labellen, + rctx->md, rctx->mgf1md); + } else { +- ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode); ++ if (rctx->pad_mode == RSA_PKCS1_PADDING && ++ rctx->implicit_rejection == 0) ++ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; ++ else ++ pad_mode = rctx->pad_mode; ++ ret = RSA_private_decrypt(inlen, in, out, rsa, pad_mode); + } + *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); + ret = constant_time_select_int(constant_time_msb(ret), ret, 1); +@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *c + *(unsigned char **)p2 = rctx->oaep_label; + return rctx->oaep_labellen; + ++ case EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION: ++ if (rctx->pad_mode != RSA_PKCS1_PADDING) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); ++ return -2; ++ } ++ rctx->implicit_rejection = p1; ++ return 1; ++ + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + #ifndef OPENSSL_NO_CMS +diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-pkeyutl.pod.in openssl-3.0.9-new/doc/man1/openssl-pkeyutl.pod.in +--- openssl-3.0.9/doc/man1/openssl-pkeyutl.pod.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man1/openssl-pkeyutl.pod.in 2023-05-31 14:33:19.566111788 +0200 +@@ -240,6 +240,11 @@ signed or verified directly instead of u + digest is set then the a B structure is used and its the length + must correspond to the digest type. + ++Note, for B padding, as a protection against Bleichenbacher attack, ++the decryption will not fail in case of padding check failures. Use B ++and manual inspection of the decrypted message to verify if the decrypted ++value has correct PKCS#1 v1.5 padding. ++ + For B mode only encryption and decryption is supported. + + For B if the digest type is set it is used to format the block data +@@ -267,6 +272,16 @@ explicitly set in PSS mode then the sign + Sets the digest used for the OAEP hash function. If not explicitly set then + SHA1 is used. + ++=item BI ++ ++Disables (when set to 0) or enables (when set to 1) the use of implicit ++rejection with PKCS#1 v1.5 decryption. When enabled (the default), as a ++protection against Bleichenbacher attack, the library will generate a ++deterministic random plaintext that it will return to the caller in case ++of padding check failure. ++When disabled, it's the callers' responsibility to handle the returned ++errors in a side-channel free manner. ++ + =back + + =head1 RSA-PSS ALGORITHM +diff -rupN --no-dereference openssl-3.0.9/doc/man1/openssl-rsautl.pod.in openssl-3.0.9-new/doc/man1/openssl-rsautl.pod.in +--- openssl-3.0.9/doc/man1/openssl-rsautl.pod.in 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man1/openssl-rsautl.pod.in 2023-05-31 14:33:19.566111788 +0200 +@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the def + ANSI X9.31, or no padding, respectively. + For signatures, only B<-pkcs> and B<-raw> can be used. + ++Note: because of protection against Bleichenbacher attacks, decryption ++using PKCS#1 v1.5 mode will not return errors in case padding check failed. ++Use B<-raw> and inspect the returned value manually to check if the ++padding is correct. ++ + =item B<-hexdump> + + Hex dump the output data. +diff -rupN --no-dereference openssl-3.0.9/doc/man3/EVP_PKEY_CTX_ctrl.pod openssl-3.0.9-new/doc/man3/EVP_PKEY_CTX_ctrl.pod +--- openssl-3.0.9/doc/man3/EVP_PKEY_CTX_ctrl.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man3/EVP_PKEY_CTX_ctrl.pod 2023-05-31 14:33:19.566111788 +0200 +@@ -386,6 +386,15 @@ this behaviour should be tolerated then + OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual + negotiated protocol version. Otherwise it should be left unset. + ++Similarly to the B above, since OpenSSL version ++3.1.0, the use of B will return a randomly generated message ++instead of padding errors in case padding checks fail. Applications that ++want to remain secure while using earlier versions of OpenSSL, still need to ++handle both the error code from the RSA decryption operation and the ++returned message in a side channel secure manner. ++This protection against Bleichenbacher attacks can be disabled by setting ++the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0. ++ + =head2 DSA parameters + + EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA +diff -rupN --no-dereference openssl-3.0.9/doc/man3/EVP_PKEY_decrypt.pod openssl-3.0.9-new/doc/man3/EVP_PKEY_decrypt.pod +--- openssl-3.0.9/doc/man3/EVP_PKEY_decrypt.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man3/EVP_PKEY_decrypt.pod 2023-05-31 14:33:19.566111788 +0200 +@@ -51,6 +51,18 @@ return 1 for success and 0 or a negative + return value of -2 indicates the operation is not supported by the public key + algorithm. + ++=head1 WARNINGS ++ ++In OpenSSL versions before 3.1.0, when used in PKCS#1 v1.5 padding, ++both the return value from the EVP_PKEY_decrypt() and the B provided ++information useful in mounting a Bleichenbacher attack against the ++used private key. They had to processed in a side-channel free way. ++ ++Since version 3.1.0, the EVP_PKEY_decrypt() method when used with PKCS#1 ++v1.5 padding doesn't return an error in case it detects an error in padding, ++instead it returns a pseudo-randomly generated message, removing the need ++of side-channel secure code from applications using OpenSSL. ++ + =head1 EXAMPLES + + Decrypt data using OAEP (for RSA keys): +diff -rupN --no-dereference openssl-3.0.9/doc/man3/RSA_padding_add_PKCS1_type_1.pod openssl-3.0.9-new/doc/man3/RSA_padding_add_PKCS1_type_1.pod +--- openssl-3.0.9/doc/man3/RSA_padding_add_PKCS1_type_1.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man3/RSA_padding_add_PKCS1_type_1.pod 2023-05-31 14:33:19.566111788 +0200 +@@ -121,8 +121,8 @@ L. + + =head1 WARNINGS + +-The result of RSA_padding_check_PKCS1_type_2() is a very sensitive +-information which can potentially be used to mount a Bleichenbacher ++The result of RSA_padding_check_PKCS1_type_2() is exactly the ++information which is used to mount a classical Bleichenbacher + padding oracle attack. This is an inherent weakness in the PKCS #1 + v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not + possible, the result of RSA_padding_check_PKCS1_type_2() should be +@@ -137,6 +137,9 @@ as this would create a small timing side + used to mount a Bleichenbacher attack against any padding mode + including PKCS1_OAEP. + ++You should prefer the use of EVP PKEY APIs for PKCS#1 v1.5 decryption ++as they implement the necessary workarounds internally. ++ + =head1 SEE ALSO + + L, +diff -rupN --no-dereference openssl-3.0.9/doc/man3/RSA_public_encrypt.pod openssl-3.0.9-new/doc/man3/RSA_public_encrypt.pod +--- openssl-3.0.9/doc/man3/RSA_public_encrypt.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man3/RSA_public_encrypt.pod 2023-05-31 14:33:19.567111788 +0200 +@@ -52,8 +52,8 @@ Encrypting user data directly with RSA i + + =back + +-B must not be more than RSA_size(B) - 11 for the PKCS #1 v1.5 +-based padding modes, not more than RSA_size(B) - 42 for ++When encrypting B must not be more than RSA_size(B) - 11 for the ++PKCS #1 v1.5 based padding modes, not more than RSA_size(B) - 42 for + RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B) for RSA_NO_PADDING. + When a padding mode other than RSA_NO_PADDING is in use, then + RSA_public_encrypt() will include some random bytes into the ciphertext +@@ -92,6 +92,13 @@ which can potentially be used to mount a + attack. This is an inherent weakness in the PKCS #1 v1.5 padding + design. Prefer RSA_PKCS1_OAEP_PADDING. + ++In OpenSSL before version 3.1.0, both the return value and the length of ++returned value could be used to mount the Bleichenbacher attack. ++Since version 3.1.0, OpenSSL does not return an error in case of padding ++checks failed. Instead it generates a random message based on used private ++key and provided ciphertext so that application code doesn't have to implement ++a side-channel secure error handling. ++ + =head1 CONFORMING TO + + SSL, PKCS #1 v2.0 +diff -rupN --no-dereference openssl-3.0.9/doc/man7/provider-asym_cipher.pod openssl-3.0.9-new/doc/man7/provider-asym_cipher.pod +--- openssl-3.0.9/doc/man7/provider-asym_cipher.pod 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/doc/man7/provider-asym_cipher.pod 2023-05-31 14:33:19.567111788 +0200 +@@ -234,6 +234,15 @@ The TLS protocol version first requested + + The negotiated TLS protocol version. + ++=item "implicit-rejection" (B) ++ ++Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 ++decryption. When set (non zero value), the decryption API will return ++a deterministically random value if the PKCS#1 v1.5 padding check fails. ++This makes explotation of the Bleichenbacher significantly harder, even ++if the code using the RSA decryption API is not implemented in side-channel ++free manner. Set by default. ++ + =back + + OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() +diff -rupN --no-dereference openssl-3.0.9/include/crypto/rsa.h openssl-3.0.9-new/include/crypto/rsa.h +--- openssl-3.0.9/include/crypto/rsa.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/crypto/rsa.h 2023-05-31 14:33:19.567111788 +0200 +@@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, cons + RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); + ++int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ int num, unsigned char *kdk); + int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, + size_t tlen, + const unsigned char *from, +diff -rupN --no-dereference openssl-3.0.9/include/openssl/core_names.h openssl-3.0.9-new/include/openssl/core_names.h +--- openssl-3.0.9/include/openssl/core_names.h 2023-05-31 14:33:19.296111907 +0200 ++++ openssl-3.0.9-new/include/openssl/core_names.h 2023-05-31 14:33:19.567111788 +0200 +@@ -294,6 +294,7 @@ extern "C" { + #define OSSL_PKEY_PARAM_DIST_ID "distid" + #define OSSL_PKEY_PARAM_PUB_KEY "pub" + #define OSSL_PKEY_PARAM_PRIV_KEY "priv" ++#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" + #define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" + + /* Diffie-Hellman/DSA Parameters */ +@@ -470,6 +471,7 @@ extern "C" { + #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" + #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" + #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" ++#define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" + #ifdef FIPS_MODULE + #define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" + #endif +diff -rupN --no-dereference openssl-3.0.9/include/openssl/rsa.h openssl-3.0.9-new/include/openssl/rsa.h +--- openssl-3.0.9/include/openssl/rsa.h 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/include/openssl/rsa.h 2023-05-31 14:33:19.567111788 +0200 +@@ -183,6 +183,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP + + # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + ++# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) ++ + # define RSA_PKCS1_PADDING 1 + # define RSA_NO_PADDING 3 + # define RSA_PKCS1_OAEP_PADDING 4 +@@ -192,6 +194,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP + # define RSA_PKCS1_PSS_PADDING 6 + # define RSA_PKCS1_WITH_TLS_PADDING 7 + ++/* internal RSA_ only */ ++# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 ++ + # define RSA_PKCS1_PADDING_SIZE 11 + + # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +diff -rupN --no-dereference openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c +--- openssl-3.0.9/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:17.986112479 +0200 ++++ openssl-3.0.9-new/providers/implementations/asymciphers/rsa_enc.c 2023-05-31 14:33:19.568111787 +0200 +@@ -78,6 +78,8 @@ typedef struct { + /* TLS padding */ + unsigned int client_version; + unsigned int alt_version; ++ /* PKCS#1 v1.5 decryption mode */ ++ unsigned int implicit_rejection; + #ifdef FIPS_MODULE + char *redhat_st_oaep_seed; + #endif /* FIPS_MODULE */ +@@ -113,6 +115,7 @@ static int rsa_init(void *vprsactx, void + RSA_free(prsactx->rsa); + prsactx->rsa = vrsa; + prsactx->operation = operation; ++ prsactx->implicit_rejection = 1; + + switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: +@@ -237,6 +240,7 @@ static int rsa_decrypt(void *vprsactx, u + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + int ret; ++ int pad_mode; + size_t len = RSA_size(prsactx->rsa); + + if (!ossl_prov_is_running()) +@@ -326,8 +330,12 @@ static int rsa_decrypt(void *vprsactx, u + } + OPENSSL_free(tbuf); + } else { +- ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, +- prsactx->pad_mode); ++ if ((prsactx->implicit_rejection == 0) && ++ (prsactx->pad_mode == RSA_PKCS1_PADDING)) ++ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; ++ else ++ pad_mode = prsactx->pad_mode; ++ ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode); + } + *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); + ret = constant_time_select_int(constant_time_msb(ret), 0, 1); +@@ -454,6 +462,10 @@ static int rsa_get_ctx_params(void *vprs + if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) + return 0; + ++ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); ++ if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) ++ return 0; ++ + return 1; + } + +@@ -465,6 +477,7 @@ static const OSSL_PARAM known_gettable_c + NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), + #ifdef FIPS_MODULE + OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), + #endif /* FIPS_MODULE */ +@@ -621,6 +634,14 @@ static int rsa_set_ctx_params(void *vprs + return 0; + prsactx->alt_version = alt_version; + } ++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); ++ if (p != NULL) { ++ unsigned int implicit_rejection; ++ ++ if (!OSSL_PARAM_get_uint(p, &implicit_rejection)) ++ return 0; ++ prsactx->implicit_rejection = implicit_rejection; ++ } + + return 1; + } +@@ -633,6 +654,7 @@ static const OSSL_PARAM known_settable_c + OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), + OSSL_PARAM_END + }; + +diff -rupN --no-dereference openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.0.9/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:16.916112945 +0200 ++++ openssl-3.0.9-new/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-05-31 14:33:19.569111787 +0200 +@@ -268,9 +268,25 @@ Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Output = "Hello World" + ++Availablein = default ++# Note: disable the Bleichenbacher workaround to see if it passes ++Decrypt = RSA-2048 ++Ctrl = rsa_pkcs1_implicit_rejection:0 ++Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 ++Output = "Hello World" ++ ++Availablein = default ++# Corrupted ciphertext ++# Note: output is generated synthethically by the Bleichenbacher workaround ++Decrypt = RSA-2048 ++Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 ++Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff ++ + # Corrupted ciphertext + Availablein = default ++# Note: disable the Bleichenbacher workaround to see if it fails + Decrypt = RSA-2048 ++Ctrl = rsa_pkcs1_implicit_rejection:0 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 + Output = "Hello World" + Result = KEYOP_ERROR +@@ -293,6 +309,462 @@ Derive = RSA-2048 + Result = KEYOP_INIT_ERROR + Reason = operation not supported for this keytype + ++# Test vectors for the Bleichenbacher workaround ++ ++PrivateKey = RSA-2048-2 ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEAyMyDlxQJjaVsqiNkD5PciZfBY3KWj8Gwxt9RE8HJTosh5IrS ++KX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjOjRQclJBetK0wZjmkkgZTS25/JgdC ++Ppff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7SSmBfVEWZkQKH6y3ogj16hZZEK3Y ++o/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVOyHUipMApePlomYC/+/ZJwwfoGBm/ +++IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1a9PC6lRl3/oUWJKSqdiiStJr5+4F ++EHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGnaQIDAQABAoIBABRVAQ4PLVh2Y6Zm ++pv8czbvw7dgQBkbQKgI5IpCJksStOeVWWSlybvZQjDpxFY7wtv91HTnQdYC7LS8G ++MhBELQYD/1DbvXs1/iybsZpHoa+FpMJJAeAsqLWLeRmyDt8yqs+/Ua20vEthubfp ++aMqk1XD3DvGNgGMiiJPkfUOe/KeTJZvPLNEIo9hojN8HjnrHmZafIznSwfUiuWlo ++RimpM7quwmgWJeq4T05W9ER+nYj7mhmc9xAj4OJXsURBszyE07xnyoAx0mEmGBA6 ++egpAhEJi912IkM1hblH5A1SI/W4Jnej/bWWk/xGCVIB8n1jS+7qLoVHcjGi+NJyX ++eiBOBMECgYEA+PWta6gokxvqRZuKP23AQdI0gkCcJXHpY/MfdIYColY3GziD7UWe ++z5cFJkWe3RbgVSL1pF2UdRsuwtrycsf4gWpSwA0YCAFxY02omdeXMiL1G5N2MFSG ++lqn32MJKWUl8HvzUVc+5fuhtK200lyszL9owPwSZm062tcwLsz53Yd0CgYEAznou ++O0mpC5YzChLcaCvfvfuujdbcA7YUeu+9V1dD8PbaTYYjUGG3Gv2crS00Al5WrIaw ++93Q+s14ay8ojeJVCRGW3Bu0iF15XGMjHC2cD6o9rUQ+UW+SOWja7PDyRcytYnfwF ++1y2AkDGURSvaITSGR+xylD8RqEbmL66+jrU2sP0CgYB2/hXxiuI5zfHfa0RcpLxr ++uWjXiMIZM6T13NKAAz1nEgYswIpt8gTB+9C+RjB0Q+bdSmRWN1Qp1OA4yiVvrxyb ++3pHGsXt2+BmV+RxIy768e/DjSUwINZ5OjNalh9e5bWIh/X4PtcVXXwgu5XdpeYBx ++sru0oyI4FRtHMUu2VHkDEQKBgQCZiEiwVUmaEAnLx9KUs2sf/fICDm5zZAU+lN4a ++AA3JNAWH9+JydvaM32CNdTtjN3sDtvQITSwCfEs4lgpiM7qe2XOLdvEOp1vkVgeL ++9wH2fMaz8/3BhuZDNsdrNy6AkQ7ICwrcwj0C+5rhBIaigkgHW06n5W3fzziC5FFW ++FHGikQKBgGQ790ZCn32DZnoGUwITR++/wF5jUfghqd67YODszeUAWtnp7DHlWPfp ++LCkyjnRWnXzvfHTKvCs1XtQBoaCRS048uwZITlgZYFEWntFMqi76bqBE4FTSYUTM ++FinFUBBVigThM/RLfCRNrCW/kTxXuJDuSfVIJZzWNAT+9oWdz5da ++-----END RSA PRIVATE KEY----- ++ ++# corresponding public key ++PublicKey = RSA-2048-2-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMyDlxQJjaVsqiNkD5Pc ++iZfBY3KWj8Gwxt9RE8HJTosh5IrSKX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjO ++jRQclJBetK0wZjmkkgZTS25/JgdCPpff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7 ++SSmBfVEWZkQKH6y3ogj16hZZEK3Yo/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVO ++yHUipMApePlomYC/+/ZJwwfoGBm/+IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1 ++a9PC6lRl3/oUWJKSqdiiStJr5+4FEHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGn ++aQIDAQAB ++-----END PUBLIC KEY----- ++ ++PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC ++ ++# RSA decrypt ++ ++# a random positive test case ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 ++Output = "lorem ipsum dolor sit amet" ++ ++Availablein = default ++# a random negative test case decrypting to empty ++Decrypt = RSA-2048-2 ++Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7 ++Output = ++ ++Availablein = default ++# invalid decrypting to max length message ++Decrypt = RSA-2048-2 ++Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303 ++Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3 ++ ++Availablein = default ++# invalid decrypting to message with length specified by second to last value from PRF ++Decrypt = RSA-2048-2 ++Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354 ++Output = 0f9b ++ ++Availablein = default ++# invalid decrypting to message with length specified by third to last value from PRF ++Decrypt = RSA-2048-2 ++Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 ++Output = 4f02 ++ ++# positive test with 11 byte long value ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and zero padded ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and zero truncated ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and double zero padded ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc ++Output = "lorem ipsum" ++ ++# positive test with 11 byte long value and double zero truncated ciphertext ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc ++Output = "lorem ipsum" ++ ++# positive that generates a 0 byte long synthethic message internally ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 ++Output = "lorem ipsum" ++ ++# positive that generates a 245 byte long synthethic message internally ++Availablein = default ++Decrypt = RSA-2048-2 ++Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 ++Output = "lorem ipsum" ++ ++Availablein = default ++# a random negative test that generates an 11 byte long message ++Decrypt = RSA-2048-2 ++Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2 ++Output = af9ac70191c92413cb9f2d ++ ++Availablein = default ++# an otherwise correct plaintext, but with wrong first byte ++# (0x01 instead of 0x00), generates a random 11 byte long plaintext ++Decrypt = RSA-2048-2 ++Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc3039906ff3aac904af32ec798fd65f3ad1afa2e69400e7c1de81f5728f3b3291f38263bc7a90a0563e43ce7a0d4ee9c0d8a716621ca5d3d081188769ce1b131af7d35b13dea99153579c86db31fe07d5a2c14d621b77854e48a8df41b5798563af489a291e417b6a334c63222627376118c02c53b6e86310f728734ffc86ef9d7c8bf56c0c841b24b82b59f51aee4526ba1c4268506d301e4ebc498c6aebb6fd5258c876bf900bac8ca4d309dd522f6a6343599a8bc3760f422c10c72d0ad527ce4af1874124ace3d99bb74db8d69d2528db22c3a37644640f95c05f ++Output = a1f8c9255c35cfba403ccc ++ ++Availablein = default ++# an otherwise correct plaintext, but with wrong second byte ++# (0x01 instead of 0x02), generates a random 11 byte long plaintext ++Decrypt = RSA-2048-2 ++Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d2bac96bf00d6592ea7cdc3341610c8fb07e527e5e2d20cfaf2c7f23e375431f45e998929a02f25fd95354c33838090bca838502259e92d86d568bc2cdb132fab2a399593ca60a015dc2bb1afcd64fef8a3834e17e5358d822980dc446e845b3ab4702b1ee41fe5db716d92348d5091c15d35a110555a35deb4650a5a1d2c98025d42d4544f8b32aa6a5e02dc02deaed9a7313b73b49b0d4772a3768b0ea0db5846ace6569cae677bf67fb0acf3c255dc01ec8400c963b6e49b1067728b4e563d7e1e1515664347b92ee64db7efb5452357a02fff7fcb7437abc2e579 ++Output = e6d700309ca0ed62452254 ++ ++Availablein = default ++# an invalid ciphertext, with a zero byte in first byte of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 ++Output = ba27b1842e7c21c0e7ef6a ++ ++Availablein = default ++# an invalid ciphertext, with a zero byte removed from first byte of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 ++Output = ba27b1842e7c21c0e7ef6a ++ ++Availablein = default ++# an invalid ciphertext, with two zero bytes in first bytes of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 ++Output = d5cf555b1d6151029a429a ++ ++Availablein = default ++# an invalid ciphertext, with two zero bytes removed from first bytes of ++# ciphertext, decrypts to a random 11 byte long synthethic ++# plaintext ++Decrypt = RSA-2048-2 ++Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 ++Output = d5cf555b1d6151029a429a ++ ++Availablein = default ++# and invalid ciphertext, otherwise valid but starting with 000002, decrypts ++# to random 11 byte long synthethic plaintext ++Decrypt = RSA-2048-2 ++Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955 ++Output = 3d4a054d9358209e9cbbb9 ++ ++Availablein = default ++# negative test with otherwise valid padding but a zero byte in first byte ++# of padding ++Decrypt = RSA-2048-2 ++Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a940037ac516b0d6412ba44ec6b4f268a55ef1c5ffbf18a2f4e3522bb7b6ed89774b79bffa22f7d3102165565642de0d43a955e96a1f2e80e5430671d7266eb4f905dc8ff5e106dc5588e5b0289e49a4913940e392a97062616d2bda38155471b7d360cfb94681c702f60ed2d4de614ea72bf1c53160e63179f6c5b897b59492bee219108309f0b7b8cb2b136c346a5e98b8b4b8415fb1d713bae067911e3057f1c335b4b7e39101eafd5d28f0189037e4334f4fdb9038427b1d119a6702aa8233319cc97d496cc289ae8c956ddc84042659a2d43d6aa22f12b81ab884e ++Output = 1f037dd717b07d3e7f7359 ++ ++Availablein = default ++# negative test with otherwise valid padding but a zero byte at the eigth ++# byte of padding ++Decrypt = RSA-2048-2 ++Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a96460e745024436470ed85e94297b283537d52189c406a3f533cb405cc6a9dba46b482ce98b6e3dd52d8fce2237425617e38c11fbc46b61897ef200d01e4f25f5f6c4c5b38cd0de38ba11908b86595a8036a08a42a3d05b79600a97ac18ba368a08d6cf6ccb624f6e8002afc75599fba4de3d4f3ba7d208391ebe8d21f8282b18e2c10869eb2702e68f9176b42b0ddc9d763f0c86ba0ff92c957aaeab76d9ab8da52ea297ec11d92d770146faa1b300e0f91ef969b53e7d2907ffc984e9a9c9d11fb7d6cba91972059b46506b035efec6575c46d7114a6b935864858445f ++Output = 63cb0bf65fc8255dd29e17 ++ ++Availablein = default ++# negative test with an otherwise valid plaintext but with missing separator ++# byte ++Decrypt = RSA-2048-2 ++Input = 3d1b97e7aa34eaf1f4fc171ceb11dcfffd9a46a5b6961205b10b302818c1fcc9f4ec78bf18ea0cee7e9fa5b16fb4c611463b368b3312ac11cf9c06b7cf72b54e284848a508d3f02328c62c2999d0fb60929f81783c7a256891bc2ff4d91df2af96a24fc5701a1823af939ce6dbdc510608e3d41eec172ad2d51b9fc61b4217c923cadcf5bac321355ef8be5e5f090cdc2bd0c697d9058247db3ad613fdce87d2955a6d1c948a5160f93da21f731d74137f5d1f53a1923adb513d2e6e1589d44cc079f4c6ddd471d38ac82d20d8b1d21f8d65f3b6907086809f4123e08d86fb38729585de026a485d8f0e703fd4772f6668febf67df947b82195fa3867e3a3065 ++Output = 6f09a0b62699337c497b0b ++ ++# Test vectors for the Bleichenbacher workaround (2049 bit key size) ++ ++PrivateKey = RSA-2049 ++-----BEGIN RSA PRIVATE KEY----- ++MIIEpQIBAAKCAQEBVfiJVWoXdfHHp3hqULGLwoyemG7eVmfKs5uEEk6Q66dcHbCD ++rD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjIXeD+dX9uSbue1EfmAkMIANuwTOsi ++5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePfYkZQCUYx8h6v0vtbyRX/BDeazRES ++9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+UFVTQRwRnUFw89UHqCJffyfQAzssp ++j/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/krw6A+qFdsQX8kAHteT3UBEFtUTen6 ++3N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQlwIDAQABAoIBAQEZwrP1CnrWFSZ5 ++1/9RCVisLYym8AKFkvMy1VoWc2F4qOZ/F+cFzjAOPodUclEAYBP5dNCj20nvNEyl ++omo0wEUHBNDkIuDOI6aUJcFf77bybhBu7/ZMyLnXRC5NpOjIUAjq6zZYWaIpT6OT ++e8Jr5WMy59geLBYO9jXMUoqnvlXmM6cj28Hha6KeUrKa7y+eVlT9wGZrsPwlSsvo ++DmOHTw9fAgeC48nc/CUg0MnEp7Y05FA/u0k+Gq/us/iL16EzmHJdrm/jmed1zV1M ++8J/IODR8TJjasaSIPM5iBRNhWvqhCmM2jm17ed9BZqsWJznvUVpEAu4eBgHFpVvH ++HfDjDt+BAoGBAYj2k2DwHhjZot4pUlPSUsMeRHbOpf97+EE99/3jVlI83JdoBfhP ++wN3sdw3wbO0GXIETSHVLNGrxaXVod/07PVaGgsh4fQsxTvasZ9ZegTM5i2Kgg8D4 ++dlxa1A1agfm73OJSftfpUAjLECnLTKvR+em+38KGyWVSJV2n6rGSF473AoGBAN7H ++zxHa3oOkxD0vgBl/If1dRv1XtDH0T+gaHeN/agkf/ARk7ZcdyFCINa3mzF9Wbzll ++YTqLNnmMkubiP1LvkH6VZ+NBvrxTNxiWJfu+qx87ez+S/7JoHm71p4SowtePfC2J ++qqok0s7b0GaBz+ZcNse/o8W6E1FiIi71wukUyYNhAoGAEgk/OnPK7dkPYKME5FQC +++HGrMsjJVbCa9GOjvkNw8tVYSpq7q2n9sDHqRPmEBl0EYehAqyGIhmAONxVUbIsL ++ha0m04y0MI9S0H+ZRH2R8IfzndNAONsuk46XrQU6cfvtZ3Xh3IcY5U5sr35lRn2c ++ut3H52XIWJ4smN/cJcpOyoECgYEAjM5hNHnPlgj392wkXPkbtJXWHp3mSISQVLTd ++G0MW8/mBQg3AlXi/eRb+RpHPrppk5jQLhgMjRSPyXXe2amb8PuWTqfGN6l32PtX3 ++3+udILpppb71Wf+w7JTbcl9v9uq7o9SVR8DKdPA+AeweSQ0TmqCnlHuNZizOSjwP ++G16GF0ECgYEA+ZWbNMS8qM5IiHgbMbHptdit9dDT4+1UXoNn0/hUW6ZEMriHMDXv ++iBwrzeANGAn5LEDYeDe1xPms9Is2uNxTpZVhpFZSNALR6Po68wDlTJG2PmzuBv5t ++5mbzkpWCoD4fRU53ifsHgaTW+7Um74gWIf0erNIUZuTN2YrtEPTnb3k= ++-----END RSA PRIVATE KEY----- ++ ++# corresponding public key ++PublicKey = RSA-2049-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEBVfiJVWoXdfHHp3hqULGL ++woyemG7eVmfKs5uEEk6Q66dcHbCDrD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjI ++XeD+dX9uSbue1EfmAkMIANuwTOsi5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePf ++YkZQCUYx8h6v0vtbyRX/BDeazRES9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+U ++FVTQRwRnUFw89UHqCJffyfQAzsspj/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/kr ++w6A+qFdsQX8kAHteT3UBEFtUTen63N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQ ++lwIDAQAB ++-----END PUBLIC KEY----- ++ ++PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC ++ ++# RSA decrypt ++ ++Availablein = default ++# malformed that generates length specified by 3rd last value from PRF ++Decrypt = RSA-2049 ++Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894 ++Output = 42 ++ ++# simple positive test case ++Availablein = default ++Decrypt = RSA-2049 ++Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967 ++Output = "lorem ipsum" ++ ++# positive test case with null padded ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 ++Output = "lorem ipsum" ++ ++# positive test case with null truncated ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 ++Output = "lorem ipsum" ++ ++# positive test case with double null padded ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 ++Output = "lorem ipsum" ++ ++# positive test case with double null truncated ciphertext ++Availablein = default ++Decrypt = RSA-2049 ++Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 ++Output = "lorem ipsum" ++ ++Availablein = default ++# a random negative test case that generates an 11 byte long message ++Decrypt = RSA-2049 ++Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca ++Output = 1189b6f5498fd6df532b00 ++ ++Availablein = default ++# otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00) ++Decrypt = RSA-2049 ++Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff ++Output = f6d0f5b78082fe61c04674 ++ ++Availablein = default ++# otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) ++Decrypt = RSA-2049 ++Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 ++Output = 1ab287fcef3ff17067914d ++ ++# RSA decrypt with 3072 bit keys ++PrivateKey = RSA-3072 ++-----BEGIN RSA PRIVATE KEY----- ++MIIG5AIBAAKCAYEAr9ccqtXp9bjGw2cHCkfxnX5mrt4YpbJ0H7PE0zQ0VgaSotkJ ++72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjdvwDdu+OG0zuNDiKxtEk23EiYcbhS ++N7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni5QyIPH16wQ7Wp02ayQ35EpkFoX1K ++CHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3VxUosvFxargW1uygcnveqYBZMpcw64 ++wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx7S/IPlcZnP5ZCLEAh+J/vZfSwkIU ++YZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+vEN0V6VI3gMfVrlgJStUlqQY7TDP5 ++XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/gaEJANFIIOuAGvTxpZbEuc6aUx/P ++ilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDkooCElYcob01/JWzoXl61Z5sdrMH5 ++CVZJty5foHKusAN5AgMBAAECggGAJRfqyzr+9L/65gOY35lXpdKhVKgzaNjhWEKy ++9Z7gn3kZe9LvHprdr4eG9rQSdEdAXjBCsh8vULeqc3cWgMO7y2wiWl1f9rVsRxwY ++gqCjOwrxZaPtbCSdx3g+a8dYrDfmVy0z/jJQeO2VJlDy65YEkC75mlEaERnRPE/J ++pDoXXc37+xoUAP4XCTtpzTzbiV9lQy6iGV+QURxzNrWKaF2s/y2vTF6S5WWxZlrm ++DlErqplluAjV/xGc63zWksv5IAZ6+s2An2a+cG2iaBCseQ2xVslI5v5YG8mEkVf0 ++2kk/OmSwxuEZ4DGxB/hDbOKRYLRYuPnxCV/esZJjOE/1OHVXvE8QtANN6EFwO60s ++HnacI4U+tjCjbRBh3UbipruvdDqX8LMsNvUMGjci3vOjlNkcLgeL8J15Xs3l5WuC ++Avl0Am91/FbpoN1qiPLny3jvEpjMbGUgfKRb03GIgHtPzbHmDdjluFZI+376i2/d ++RI85dBqNmAn+Fjrz3kW6wkpahByBAoHBAOSj2DDXPosxxoLidP/J/RKsMT0t0FE9 ++UFcNt+tHYv6hk+e7VAuUqUpd3XQqz3P13rnK4xvSOsVguyeU/WgmH4ID9XGSgpBP ++Rh6s7izn4KAJeqfI26vTPxvyaZEqB4JxT6k7SerENus95zSn1v/f2MLBQ16EP8cJ +++QSOVCoZfEhUK+srherQ9eZKpj0OwBUrP4VhLdymv96r8xddWX1AVj4OBi2RywKI ++gAgv6fjwkb292jFu6x6FjKRNKwKK6c3jqQKBwQDE4c0Oz0KYYV4feJun3iL9UJSv ++StGsKVDuljA4WiBAmigMZTii/u0DFEjibiLWcJOnH53HTr0avA6c6D1nCwJ2qxyF ++rHNN2L+cdMx/7L1zLR11+InvRgpIGbpeGwHeIzJVUYG3b6llRJMZimBvAMr9ipM1 ++bkVvIjt1G9W1ypeuKzm6d/t8F0yC7AIYZWDV4nvxiiY8whLZzGawHR2iZz8pfUwb ++7URbTvxdsGE27Kq9gstU0PzEJpnU1goCJ7/gA1ECgcBA8w5B6ZM5xV0H5z6nPwDm ++IgYmw/HucgV1hU8exfuoK8wxQvTACW4B0yJKkrK11T1899aGG7VYRn9D4j4OLO48 ++Z9V8esseJXbc1fEezovvymGOci984xiFXtqAQzk44+lmQJJh33VeZApe2eLocvVH ++ddEmc1kOuJWFpszf3LeCcG69cnKrXsrLrZ8Frz//g3aa9B0sFi5hGeWHWJxISVN2 ++c1Nr9IN/57i/GqVTcztjdCAcdM7Tr8phDg7OvRlnxGkCgcEAuYhMFBuulyiSaTff ++/3ZvJKYOJ45rPkEFGoD/2ercn+RlvyCYGcoAEjnIYVEGlWwrSH+b0NlbjVkQsD6O ++to8CeE/RpgqX8hFCqC7NE/RFp8cpDyXy3j/zqnRMUyhCP1KNuScBBZs9V8gikxv6 ++ukBWCk3PYbeTySHKRBbB8vmCrMfhM96jaBIQsQO1CcZnVceDo1/bnsAIwaREVMxr ++Q8LmG7QOx/Z0x1MMsUFoqzilwccC09/JgxMZPh+h+Nv6jiCxAoHBAOEqQgFAfSdR ++ya60LLH55q803NRFMamuKiPbVJLzwiKfbjOiiopmQOS/LxxqIzeMXlYV4OsSvxTo ++G7mcTOFRtU5hKCK+t8qeQQpa/dsMpiHllwArnRyBjIVgL5lFKRpHUGLsavU/T1IH ++mtgaxZo32dXvcAh1+ndCHVBwbHTOF4conA+g+Usp4bZSSWn5nU4oIizvSVpG7SGe ++0GngdxH9Usdqbvzcip1EKeHRTZrHIEYmB+x0LaRIB3dwZNidK3TkKw== ++-----END RSA PRIVATE KEY----- ++ ++PublicKey = RSA-3072-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr9ccqtXp9bjGw2cHCkfx ++nX5mrt4YpbJ0H7PE0zQ0VgaSotkJ72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjd ++vwDdu+OG0zuNDiKxtEk23EiYcbhSN7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni ++5QyIPH16wQ7Wp02ayQ35EpkFoX1KCHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3Vx ++UosvFxargW1uygcnveqYBZMpcw64wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx ++7S/IPlcZnP5ZCLEAh+J/vZfSwkIUYZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+v ++EN0V6VI3gMfVrlgJStUlqQY7TDP5XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/ ++gaEJANFIIOuAGvTxpZbEuc6aUx/PilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDk ++ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= ++-----END PUBLIC KEY----- ++ ++PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC ++ ++Availablein = default ++# a random invalid ciphertext that generates an empty synthethic one ++Decrypt = RSA-3072 ++Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59 ++Output = ++ ++Availablein = default ++# a random invalid that has PRF output with a length one byte too long ++# in the last value ++Decrypt = RSA-3072 ++Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa28b791188374b61916dbc11339bf14b06f5f3f68c206c5607380e13da3129bfb744157e1527dd6fdf6651248b028a496ae1b97702d44706043cdaa7a59c0f41367303f21f268968bf3bd2904db3ae5239b55f8b438d93d7db9d1666c071c0857e2ec37757463769c54e51f052b2a71b04c2869e9e7049a1037b8429206c99726f07289bac18363e7eb2a5b417f47c37a55090cda676517b3549c873f2fe95da9681752ec9864b069089a2ed2f340c8b04ee00079055a817a3355b46ac7dc00d17f4504ccfbcfcadb0c04cb6b22069e179385ae1eafabad5521bac2b8a8ee1dfff59a22eb3fdacfc87175d10d7894cfd869d056057dd9944b869c1784fcc27f731bc46171d39570fbffbadf082d33f6352ecf44aca8d9478e53f5a5b7c852b401e8f5f74da49da91e65bdc97765a9523b7a0885a6f8afe5759d58009fbfa837472a968e6ae92026a5e0202a395483095302d6c3985b5f5831c521a271 ++Output = 56a3bea054e01338be9b7d7957539c ++ ++Availablein = default ++# a random invalid that generates a synthethic of maximum size ++Decrypt = RSA-3072 ++Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6 ++Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04 ++ ++# a positive test case that decrypts to 9 byte long value ++Availablein = default ++Decrypt = RSA-3072 ++Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde ++Output = "forty two" ++ ++# a positive test case with null padded ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 ++Output = "forty two" ++ ++# a positive test case with null truncated ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 ++Output = "forty two" ++ ++# a positive test case with double null padded ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 ++Output = "forty two" ++ ++# a positive test case with double null truncated ciphertext ++Availablein = default ++Decrypt = RSA-3072 ++Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 ++Output = "forty two" ++ ++Availablein = default ++# a random negative test case that generates a 9 byte long message ++Decrypt = RSA-3072 ++Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56 ++Output = 257906ca6de8307728 ++ ++Availablein = default ++# a random negative test case that generates a 9 byte long message based on ++# second to last value from PRF ++Decrypt = RSA-3072 ++Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a03a2c10eb624a63322d854da195c017b76fea83e274fa371834dcd2f3b7accf433fc212ad76c0bac366e1ed32e25b279f94129be7c64d6e162adc08ccebc0cfe8e926f01c33ab9c065f0e0ac83ae5137a4cb66702615ad68a35707d8676d2740d7c1a954680c83980e19778ed11eed3a7c2dbdfc461a9bbef671c1bc00c882d361d29d5f80c42bdf5efec886c34138f83369c6933b2ac4e93e764265351b4a0083f040e14f511f09b22f96566138864e4e6ff24da4810095da98e0585410951538ced2f757a277ff8e17172f06572c9024eeae503f176fd46eb6c5cd9ba07af11cde31dccac12eb3a4249a7bfd3b19797ad1656984bfcbf6f74e8f99d8f1ac420811f3d166d87f935ef15ae858cf9e72c8e2b547bf16c3fb09a8c9bf88fd2e5d38bf24ed610896131a84df76b9f920fe76d71fff938e9199f3b8cd0c11fd0201f9139d7673a871a9e7d4adc3bbe360c8813617cd60a90128fbe34c9d5 ++Output = 043383c929060374ed ++ ++Availablein = default ++# a random negative test that generates message based on 3rd last value from ++# PRF ++Decrypt = RSA-3072 ++Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf4868174a91d7601a82975d2255190d28b869141d7c395f0b8c4e2be2b2c1b4ffc12ce749a6f6803d4cfe7fba0a8d6949c04151f981c0d84592aa2ff25d1bd3ce5d10cb03daca6b496c6ad40d30bfa8acdfd02cdb9326c4bdd93b949c9dc46caa8f0e5f429785bce64136a429a3695ee674b647452bea1b0c6de9c5f1e8760d5ef6d5a9cfff40457b023d3c233c1dcb323e7808103e73963b2eafc928c9eeb0ee3294955415c1ddd9a1bb7e138fecd79a3cb89c57bd2305524624814aaf0fd1acbf379f7f5b39421f12f115ba488d380586095bb53f174fae424fa4c8e3b299709cd344b9f949b1ab57f1c645d7ed3c8f81d5594197355029fee8960970ff59710dc0e5eb50ea6f4c3938e3f89ed7933023a2c2ddffaba07be147f686828bd7d520f300507ed6e71bdaee05570b27bc92741108ac2eb433f028e138dd6d63067bc206ea2d826a7f41c0d613daed020f0f30f4e272e9618e0a8c39018a83 ++Output = 70263fa6050534b9e0 ++ ++Availablein = default ++# an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00) ++Decrypt = RSA-3072 ++Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62 ++Output = 6d8d3a094ff3afff4c ++ ++Availablein = default ++# an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02) ++Decrypt = RSA-3072 ++Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936 ++Output = c6ae80ffa80bc184b0 ++ ++Availablein = default ++# an otherwise valid plaintext, but with zero byte in first byte of padding ++Decrypt = RSA-3072 ++Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0 ++Output = a8a9301daa01bb25c7 ++ ++Availablein = default ++# an otherwise valid plaintext, but with zero byte in eight byte of padding ++Decrypt = RSA-3072 ++Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571 ++Output = 6c716fe01d44398018 ++ ++Availablein = default ++# an otherwise valid plaintext, but with null separator missing ++Decrypt = RSA-3072 ++Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 ++Output = aa2de6cde4e2442884 ++ + # RSA PSS key tests + + # PSS only key, no parameter restrictions diff --git a/ec_curve.c b/ec_curve.c deleted file mode 100644 index 64ac40b..0000000 --- a/ec_curve.c +++ /dev/null @@ -1,628 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "ec_local.h" -#include -#include -#include -#include -#include "internal/nelem.h" - -typedef struct { - int field_type, /* either NID_X9_62_prime_field or - * NID_X9_62_characteristic_two_field */ - seed_len, param_len; - unsigned int cofactor; /* promoted to BN_ULONG */ -} EC_CURVE_DATA; - -/* the nist prime curves */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 28 * 6]; -} _EC_NIST_PRIME_224 = { - { - NID_X9_62_prime_field, 20, 28, 1 - }, - { - /* seed */ - 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, - 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, - /* b */ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, - 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, - 0x23, 0x55, 0xFF, 0xB4, - /* x */ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, - 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, - 0x11, 0x5C, 0x1D, 0x21, - /* y */ - 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, - 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, - 0x85, 0x00, 0x7e, 0x34, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, - 0x5C, 0x5C, 0x2A, 0x3D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 48 * 6]; -} _EC_NIST_PRIME_384 = { - { - NID_X9_62_prime_field, 20, 48, 1 - }, - { - /* seed */ - 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, - 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, - 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, - 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, - 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, - /* x */ - 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, - 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, - 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, - 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, - /* y */ - 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, - 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, - 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, - 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, - 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 66 * 6]; -} _EC_NIST_PRIME_521 = { - { - NID_X9_62_prime_field, 20, 66, 1 - }, - { - /* seed */ - 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, - 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, - /* p */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, - 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, - 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, - 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, - 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, - 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, - /* x */ - 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, - 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, - 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, - 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, - 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, - 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, - /* y */ - 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, - 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, - 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, - 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, - 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, - 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, - /* order */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, - 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, - 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, - 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 32 * 6]; -} _EC_X9_62_PRIME_256V1 = { - { - NID_X9_62_prime_field, 20, 32, 1 - }, - { - /* seed */ - 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, - 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, - 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, - 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, - /* x */ - 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, - 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, - 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, - /* y */ - 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, - 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, - 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, - 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; -} _EC_SECG_PRIME_256K1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, - /* x */ - 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, - 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, - 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, - /* y */ - 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, - 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, - 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, - 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 - } -}; - -typedef struct _ec_list_element_st { - int nid; - const EC_CURVE_DATA *data; - const EC_METHOD *(*meth) (void); - const char *comment; -} ec_list_element; - -#ifdef FIPS_MODULE -static const ec_list_element curve_list[] = { - /* prime field curves */ - /* secg curves */ - {NID_secp224r1, &_EC_NIST_PRIME_224.h, -# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp224_method, -# else - 0, -# endif - "NIST/SECG curve over a 224 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, -# else - 0, -# endif - "NIST/SECG curve over a 384 bit prime field"}, - - {NID_secp521r1, &_EC_NIST_PRIME_521.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp521_method, -# else - 0, -# endif - "NIST/SECG curve over a 521 bit prime field"}, - - /* X9.62 curves */ - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -# if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -# elif defined(S390X_EC_ASM) - EC_GFp_s390x_nistp256_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, -# else - 0, -# endif - "X9.62/SECG curve over a 256 bit prime field"}, -}; - -#else - -static const ec_list_element curve_list[] = { - /* prime field curves */ - /* secg curves */ -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, - "NIST/SECG curve over a 224 bit prime field"}, -# else - {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, - "NIST/SECG curve over a 224 bit prime field"}, -# endif - {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, - "SECG curve over a 256 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, -# else - 0, -# endif - "NIST/SECG curve over a 384 bit prime field"}, - {NID_secp521r1, &_EC_NIST_PRIME_521.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp521_method, -# else - 0, -# endif - "NIST/SECG curve over a 521 bit prime field"}, - /* X9.62 curves */ - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -# if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -# elif defined(S390X_EC_ASM) - EC_GFp_s390x_nistp256_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, -# else - 0, -# endif - "X9.62/SECG curve over a 256 bit prime field"}, -}; -#endif /* FIPS_MODULE */ - -#define curve_list_length OSSL_NELEM(curve_list) - -static const ec_list_element *ec_curve_nid2curve(int nid) -{ - size_t i; - - if (nid <= 0) - return NULL; - - for (i = 0; i < curve_list_length; i++) { - if (curve_list[i].nid == nid) - return &curve_list[i]; - } - return NULL; -} - -static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, - const char *propq, - const ec_list_element curve) -{ - EC_GROUP *group = NULL; - EC_POINT *P = NULL; - BN_CTX *ctx = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = - NULL; - int ok = 0; - int seed_len, param_len; - const EC_METHOD *meth; - const EC_CURVE_DATA *data; - const unsigned char *params; - - /* If no curve data curve method must handle everything */ - if (curve.data == NULL) - return ossl_ec_group_new_ex(libctx, propq, - curve.meth != NULL ? curve.meth() : NULL); - - if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - data = curve.data; - seed_len = data->seed_len; - param_len = data->param_len; - params = (const unsigned char *)(data + 1); /* skip header */ - params += seed_len; /* skip seed */ - - if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL - || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL - || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if (curve.meth != 0) { - meth = curve.meth(); - if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || - (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } else if (data->field_type == NID_X9_62_prime_field) { - if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* field_type == - * NID_X9_62_characteristic_two_field */ - - if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } -#endif - - EC_GROUP_set_curve_name(group, curve.nid); - - if ((P = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL - || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL - || !BN_set_word(x, (BN_ULONG)data->cofactor)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!EC_GROUP_set_generator(group, P, order, x)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if (seed_len) { - if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } - ok = 1; - err: - if (!ok) { - EC_GROUP_free(group); - group = NULL; - } - EC_POINT_free(P); - BN_CTX_free(ctx); - BN_free(p); - BN_free(a); - BN_free(b); - BN_free(order); - BN_free(x); - BN_free(y); - return group; -} - -EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, - int nid) -{ - EC_GROUP *ret = NULL; - const ec_list_element *curve; - - if ((curve = ec_curve_nid2curve(nid)) == NULL - || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { -#ifndef FIPS_MODULE - ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, - "name=%s", OBJ_nid2sn(nid)); -#else - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); -#endif - return NULL; - } - - return ret; -} - -#ifndef FIPS_MODULE -EC_GROUP *EC_GROUP_new_by_curve_name(int nid) -{ - return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); -} -#endif - -size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) -{ - size_t i, min; - - if (r == NULL || nitems == 0) - return curve_list_length; - - min = nitems < curve_list_length ? nitems : curve_list_length; - - for (i = 0; i < min; i++) { - r[i].nid = curve_list[i].nid; - r[i].comment = curve_list[i].comment; - } - - return curve_list_length; -} - -const char *EC_curve_nid2nist(int nid) -{ - return ossl_ec_curve_nid2nist_int(nid); -} - -int EC_curve_nist2nid(const char *name) -{ - return ossl_ec_curve_nist2nid_int(name); -} - -#define NUM_BN_FIELDS 6 -/* - * Validates EC domain parameter data for known named curves. - * This can be used when a curve is loaded explicitly (without a curve - * name) or to validate that domain parameters have not been modified. - * - * Returns: The nid associated with the found named curve, or NID_undef - * if not found. If there was an error it returns -1. - */ -int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) -{ - int ret = -1, nid, len, field_type, param_len; - size_t i, seed_len; - const unsigned char *seed, *params_seed, *params; - unsigned char *param_bytes = NULL; - const EC_CURVE_DATA *data; - const EC_POINT *generator = NULL; - const BIGNUM *cofactor = NULL; - /* An array of BIGNUMs for (p, a, b, x, y, order) */ - BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; - - /* Use the optional named curve nid as a search field */ - nid = EC_GROUP_get_curve_name(group); - field_type = EC_GROUP_get_field_type(group); - seed_len = EC_GROUP_get_seed_len(group); - seed = EC_GROUP_get0_seed(group); - cofactor = EC_GROUP_get0_cofactor(group); - - BN_CTX_start(ctx); - - /* - * The built-in curves contains data fields (p, a, b, x, y, order) that are - * all zero-padded to be the same size. The size of the padding is - * determined by either the number of bytes in the field modulus (p) or the - * EC group order, whichever is larger. - */ - param_len = BN_num_bytes(group->order); - len = BN_num_bytes(group->field); - if (len > param_len) - param_len = len; - - /* Allocate space to store the padded data for (p, a, b, x, y, order) */ - param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); - if (param_bytes == NULL) - goto end; - - /* Create the bignums */ - for (i = 0; i < NUM_BN_FIELDS; ++i) { - if ((bn[i] = BN_CTX_get(ctx)) == NULL) - goto end; - } - /* - * Fill in the bn array with the same values as the internal curves - * i.e. the values are p, a, b, x, y, order. - */ - /* Get p, a & b */ - if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) - && ((generator = EC_GROUP_get0_generator(group)) != NULL) - /* Get x & y */ - && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) - /* Get order */ - && EC_GROUP_get_order(group, bn[5], ctx))) - goto end; - - /* - * Convert the bignum array to bytes that are joined together to form - * a single buffer that contains data for all fields. - * (p, a, b, x, y, order) are all zero padded to be the same size. - */ - for (i = 0; i < NUM_BN_FIELDS; ++i) { - if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) - goto end; - } - - for (i = 0; i < curve_list_length; i++) { - const ec_list_element curve = curve_list[i]; - - data = curve.data; - /* Get the raw order byte data */ - params_seed = (const unsigned char *)(data + 1); /* skip header */ - params = params_seed + data->seed_len; - - /* Look for unique fields in the fixed curve data */ - if (data->field_type == field_type - && param_len == data->param_len - && (nid <= 0 || nid == curve.nid) - /* check the optional cofactor (ignore if its zero) */ - && (BN_is_zero(cofactor) - || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) - /* Check the optional seed (ignore if its not set) */ - && (data->seed_len == 0 || seed_len == 0 - || ((size_t)data->seed_len == seed_len - && memcmp(params_seed, seed, seed_len) == 0)) - /* Check that the groups params match the built-in curve params */ - && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) - == 0) { - ret = curve.nid; - goto end; - } - } - /* Gets here if the group was not found */ - ret = NID_undef; -end: - OPENSSL_free(param_bytes); - BN_CTX_end(ctx); - return ret; -} diff --git a/ectest.c b/ectest.c deleted file mode 100644 index 2ba662f..0000000 --- a/ectest.c +++ /dev/null @@ -1,2311 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EC_KEY low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/nelem.h" -#include "testutil.h" - -#include -#ifndef OPENSSL_NO_ENGINE -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static size_t crv_len = 0; -static EC_builtin_curve *curves = NULL; - -/* test multiplication with group order, long and negative scalars */ -static int group_order_tests(EC_GROUP *group) -{ - BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; - EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; - const EC_POINT *G = NULL; - BN_CTX *ctx = NULL; - int i = 0, r = 0; - - if (!TEST_ptr(n1 = BN_new()) - || !TEST_ptr(n2 = BN_new()) - || !TEST_ptr(order = BN_new()) - || !TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(G = EC_GROUP_get0_generator(group)) - || !TEST_ptr(P = EC_POINT_new(group)) - || !TEST_ptr(Q = EC_POINT_new(group)) - || !TEST_ptr(R = EC_POINT_new(group)) - || !TEST_ptr(S = EC_POINT_new(group))) - goto err; - - if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) - || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, Q)) -#ifndef OPENSSL_NO_DEPRECATED_3_0 - || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) -#endif - || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, Q)) - || !TEST_true(EC_POINT_copy(P, G)) - || !TEST_true(BN_one(n1)) - || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) - || !TEST_true(BN_sub(n1, order, n1)) - || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) - || !TEST_true(EC_POINT_invert(group, Q, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) - goto err; - - for (i = 1; i <= 2; i++) { -#ifndef OPENSSL_NO_DEPRECATED_3_0 - const BIGNUM *scalars[6]; - const EC_POINT *points[6]; -#endif - - if (!TEST_true(BN_set_word(n1, i)) - /* - * If i == 1, P will be the predefined generator for which - * EC_GROUP_precompute_mult has set up precomputation. - */ - || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) - || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx))) - || !TEST_true(BN_one(n1)) - /* n1 = 1 - order */ - || !TEST_true(BN_sub(n1, n1, order)) - || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) - - /* n2 = 1 + order */ - || !TEST_true(BN_add(n2, order, BN_value_one())) - || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) - - /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ - || !TEST_true(BN_mul(n2, n1, n2, ctx)) - || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) - goto err; - - /* n2 = order^2 - 1 */ - BN_set_negative(n2, 0); - if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - /* Add P to verify the result. */ - || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, Q)) - || !TEST_false(EC_POINT_is_at_infinity(group, P))) - goto err; - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - /* Exercise EC_POINTs_mul, including corner cases. */ - scalars[0] = scalars[1] = BN_value_one(); - points[0] = points[1] = P; - - if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) - || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx))) - goto err; - - scalars[0] = n1; - points[0] = Q; /* => infinity */ - scalars[1] = n2; - points[1] = P; /* => -P */ - scalars[2] = n1; - points[2] = Q; /* => infinity */ - scalars[3] = n2; - points[3] = Q; /* => infinity */ - scalars[4] = n1; - points[4] = P; /* => P */ - scalars[5] = n2; - points[5] = Q; /* => infinity */ - if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, P))) - goto err; -#endif - } - - r = 1; -err: - if (r == 0 && i != 0) - TEST_info(i == 1 ? "allowing precomputation" : - "without precomputation"); - EC_POINT_free(P); - EC_POINT_free(Q); - EC_POINT_free(R); - EC_POINT_free(S); - BN_free(n1); - BN_free(n2); - BN_free(order); - BN_CTX_free(ctx); - return r; -} - -static int prime_field_tests(void) -{ - BN_CTX *ctx = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; - EC_GROUP *group = NULL; - EC_POINT *P = NULL, *Q = NULL, *R = NULL; - BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - const EC_POINT *points[4]; - const BIGNUM *scalars[4]; -#endif - unsigned char buf[100]; - size_t len, r = 0; - int k; - - if (!TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(p = BN_new()) - || !TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - /* - * applications should use EC_GROUP_new_curve_GFp so - * that the library gets to choose the EC_METHOD - */ - || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) - goto err; - - buf[0] = 0; - if (!TEST_ptr(P = EC_POINT_new(group)) - || !TEST_ptr(Q = EC_POINT_new(group)) - || !TEST_ptr(R = EC_POINT_new(group)) - || !TEST_ptr(x = BN_new()) - || !TEST_ptr(y = BN_new()) - || !TEST_ptr(z = BN_new()) - || !TEST_ptr(yplusone = BN_new())) - goto err; - - /* Curve P-224 (FIPS PUB 186-2, App. 6) */ - - if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFF000000000000000000000001")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) - || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" - "5044B0B7D7BFD8BA270B39432355FFB4")) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" - "4A03C1D356C21122343280D6115C1D21")) - || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" - "FFFF16A2E0B8F03E13DD29455C5C2A3D")) - || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) - goto err; - - TEST_info("NIST curve P-224 -- Generator"); - test_output_bignum("x", x); - test_output_bignum("y", y); - /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" - "CD4375A05A07476444D5819985007E34")) - || !TEST_BN_eq(y, z) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ - || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) - || !TEST_int_eq(EC_GROUP_get_degree(group), 224) - || !group_order_tests(group) - - /* Curve P-256 (FIPS PUB 186-2, App. 6) */ - - || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" - "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" - "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) - || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" - "651D06B0CC53B0F63BCE3C3E27D2604B")) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - - || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" - "77037D812DEB33A0F4A13945D898C296")) - || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" - "BCE6FAADA7179E84F3B9CAC2FC632551")) - || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) - goto err; - - TEST_info("NIST curve P-256 -- Generator"); - test_output_bignum("x", x); - test_output_bignum("y", y); - /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" - "2BCE33576B315ECECBB6406837BF51F5")) - || !TEST_BN_eq(y, z) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ - || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) - || !TEST_int_eq(EC_GROUP_get_degree(group), 256) - || !group_order_tests(group) - - /* Curve P-384 (FIPS PUB 186-2, App. 6) */ - - || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" - "FFFFFFFF0000000000000000FFFFFFFF")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" - "FFFFFFFF0000000000000000FFFFFFFC")) - || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" - "181D9C6EFE8141120314088F5013875A" - "C656398D8A2ED19D2A85C8EDD3EC2AEF")) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - - || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" - "6E1D3B628BA79B9859F741E082542A38" - "5502F25DBF55296C3A545E3872760AB7")) - || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFC7634D81F4372DDF" - "581A0DB248B0A77AECEC196ACCC52973")) - || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) - goto err; - - TEST_info("NIST curve P-384 -- Generator"); - test_output_bignum("x", x); - test_output_bignum("y", y); - /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29" - "F8F41DBD289A147CE9DA3113B5F0B8C0" - "0A60B1CE1D7E819D7A431D7C90EA0E5F")) - || !TEST_BN_eq(y, z) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ - || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) - || !TEST_int_eq(EC_GROUP_get_degree(group), 384) - || !group_order_tests(group) - - /* Curve P-521 (FIPS PUB 186-2, App. 6) */ - || !TEST_true(BN_hex2bn(&p, "1FF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "1FF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) - || !TEST_true(BN_hex2bn(&b, "051" - "953EB9618E1C9A1F929A21A0B68540EE" - "A2DA725B99B315F3B8B489918EF109E1" - "56193951EC7E937B1652C0BD3BB1BF07" - "3573DF883D2C34F1EF451FD46B503F00")) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_true(BN_hex2bn(&x, "C6" - "858E06B70404E9CD9E3ECB662395B442" - "9C648139053FB521F828AF606B4D3DBA" - "A14B5E77EFE75928FE1DC127A2FFA8DE" - "3348B3C1856A429BF97E7E31C2E5BD66")) - || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "1FF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" - "51868783BF2F966B7FCC0148F709A5D0" - "3BB5C9B8899C47AEBB6FB71E91386409")) - || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) - goto err; - - TEST_info("NIST curve P-521 -- Generator"); - test_output_bignum("x", x); - test_output_bignum("y", y); - /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "118" - "39296A789A3BC0045C8A5FB42C7D1BD9" - "98F54449579B446817AFBD17273E662C" - "97EE72995EF42640C550B9013FAD0761" - "353C7086A272C24088BE94769FD16650")) - || !TEST_BN_eq(y, z) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ - || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) - || !TEST_int_eq(EC_GROUP_get_degree(group), 521) - || !group_order_tests(group) - - /* more tests using the last curve */ - - /* Restore the point that got mangled in the (x, y + 1) test. */ - || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) - || !TEST_true(EC_POINT_copy(Q, P)) - || !TEST_false(EC_POINT_is_at_infinity(group, Q)) - || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ - || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) - || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ - || !TEST_false(EC_POINT_is_at_infinity(group, Q))) - goto err; - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - TEST_note("combined multiplication ..."); - points[0] = Q; - points[1] = Q; - points[2] = Q; - points[3] = Q; - - if (!TEST_true(EC_GROUP_get_order(group, z, ctx)) - || !TEST_true(BN_add(y, z, BN_value_one())) - || !TEST_BN_even(y) - || !TEST_true(BN_rshift1(y, y))) - goto err; - - scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ - scalars[1] = y; - - /* z is still the group order */ - if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) - || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) - || !TEST_true(BN_add(z, z, y))) - goto err; - BN_set_negative(z, 1); - scalars[0] = y; - scalars[1] = z; /* z = -(order + y) */ - - if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, P)) - || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) - || !TEST_true(BN_add(z, x, y))) - goto err; - BN_set_negative(z, 1); - scalars[0] = x; - scalars[1] = y; - scalars[2] = z; /* z = -(x+y) */ - - if (!TEST_ptr(scalar3 = BN_new())) - goto err; - BN_zero(scalar3); - scalars[3] = scalar3; - - if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, P))) - goto err; -#endif - TEST_note(" ok\n"); - r = 1; -err: - BN_CTX_free(ctx); - BN_free(p); - BN_free(a); - BN_free(b); - EC_GROUP_free(group); - EC_POINT_free(P); - EC_POINT_free(Q); - EC_POINT_free(R); - BN_free(x); - BN_free(y); - BN_free(z); - BN_free(yplusone); - BN_free(scalar3); - return r; -} - -static int internal_curve_test(int n) -{ - EC_GROUP *group = NULL; - int nid = curves[n].nid; - - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { - TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", - OBJ_nid2sn(nid)); - return 0; - } - if (!TEST_true(EC_GROUP_check(group, NULL))) { - TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid)); - EC_GROUP_free(group); - return 0; - } - EC_GROUP_free(group); - return 1; -} - -static int internal_curve_test_method(int n) -{ - int r, nid = curves[n].nid; - EC_GROUP *group; - - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { - TEST_info("Curve %s failed\n", OBJ_nid2sn(nid)); - return 0; - } - r = group_order_tests(group); - EC_GROUP_free(group); - return r; -} - -static int group_field_test(void) -{ - int r = 1; - BIGNUM *secp521r1_field = NULL; - BIGNUM *sect163r2_field = NULL; - EC_GROUP *secp521r1_group = NULL; - EC_GROUP *sect163r2_group = NULL; - - BN_hex2bn(&secp521r1_field, - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFF"); - - - BN_hex2bn(§163r2_field, - "08000000000000000000000000000000" - "00000000C9"); - - secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1); - if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group))) - r = 0; - - # ifndef OPENSSL_NO_EC2M - sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2); - if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group))) - r = 0; - # endif - - EC_GROUP_free(secp521r1_group); - EC_GROUP_free(sect163r2_group); - BN_free(secp521r1_field); - BN_free(sect163r2_field); - return r; -} -/* - * nistp_test_params contains magic numbers for testing - * several NIST curves with characteristic > 3. - */ -struct nistp_test_params { - const int nid; - int degree; - /* - * Qx, Qy and D are taken from - * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf - * Otherwise, values are standard curve parameters from FIPS 180-3 - */ - const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; -}; - -static const struct nistp_test_params nistp_tests_params[] = { - { - /* P-224 */ - NID_secp224r1, - 224, - /* p */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - /* a */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - /* b */ - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - /* Qx */ - "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", - /* Qy */ - "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", - /* Gx */ - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - /* Gy */ - "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - /* order */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - /* d */ - "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", - }, - { - /* P-256 */ - NID_X9_62_prime256v1, - 256, - /* p */ - "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", - /* a */ - "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", - /* b */ - "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", - /* Qx */ - "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", - /* Qy */ - "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", - /* Gx */ - "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", - /* Gy */ - "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", - /* order */ - "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", - /* d */ - "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", - }, - { - /* P-521 */ - NID_secp521r1, - 521, - /* p */ - "1ff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - /* a */ - "1ff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", - /* b */ - "051" - "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" - "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", - /* Qx */ - "0098" - "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" - "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", - /* Qy */ - "0164" - "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" - "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", - /* Gx */ - "c6" - "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" - "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", - /* Gy */ - "118" - "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" - "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", - /* order */ - "1ff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" - "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", - /* d */ - "0100" - "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" - "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", - }, -}; - -static int nistp_single_test(int idx) -{ - const struct nistp_test_params *test = nistp_tests_params + idx; - BN_CTX *ctx = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; - BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL; - EC_GROUP *NISTP = NULL; - EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL; - int r = 0; - - TEST_note("NIST curve P-%d (optimised implementation):", - test->degree); - if (!TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(p = BN_new()) - || !TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(x = BN_new()) - || !TEST_ptr(y = BN_new()) - || !TEST_ptr(m = BN_new()) - || !TEST_ptr(n = BN_new()) - || !TEST_ptr(order = BN_new()) - || !TEST_ptr(yplusone = BN_new()) - - || !TEST_ptr(NISTP = EC_GROUP_new_by_curve_name(test->nid)) - || !TEST_true(BN_hex2bn(&p, test->p)) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, test->a)) - || !TEST_true(BN_hex2bn(&b, test->b)) - || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) - || !TEST_ptr(G = EC_POINT_new(NISTP)) - || !TEST_ptr(P = EC_POINT_new(NISTP)) - || !TEST_ptr(Q = EC_POINT_new(NISTP)) - || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP)) - || !TEST_true(BN_hex2bn(&x, test->Qx)) - || !TEST_true(BN_hex2bn(&y, test->Qy)) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ - || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, - yplusone, ctx)) - || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, - ctx)) - || !TEST_true(BN_hex2bn(&x, test->Gx)) - || !TEST_true(BN_hex2bn(&y, test->Gy)) - || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) - || !TEST_true(BN_hex2bn(&order, test->order)) - || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) - || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) - goto err; - - TEST_note("NIST test vectors ... "); - if (!TEST_true(BN_hex2bn(&n, test->d))) - goto err; - /* fixed point multiplication */ - EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) - goto err; - /* random point multiplication */ - EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - - /* set generator to P = 2*G, where G is the standard generator */ - || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx)) - || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) - /* set the scalar to m=n/2, where n is the NIST test scalar */ - || !TEST_true(BN_rshift(m, n, 1))) - goto err; - - /* test the non-standard generator */ - /* fixed point multiplication */ - EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) - goto err; - /* random point multiplication */ - EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) -#ifndef OPENSSL_NO_DEPRECATED_3_0 - /* We have not performed precomp so this should be false */ - || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) - /* now repeat all tests with precomputation */ - || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) -#endif - ) - goto err; - - /* fixed point multiplication */ - EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) - goto err; - /* random point multiplication */ - EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - - /* reset generator */ - || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) - goto err; - /* fixed point multiplication */ - EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) - goto err; - /* random point multiplication */ - EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); - if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) - goto err; - - /* regression test for felem_neg bug */ - if (!TEST_true(BN_set_word(m, 32)) - || !TEST_true(BN_set_word(n, 31)) - || !TEST_true(EC_POINT_copy(P, G)) - || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) - || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) - goto err; - - r = 1; -err: - EC_GROUP_free(NISTP); - EC_POINT_free(G); - EC_POINT_free(P); - EC_POINT_free(Q); - EC_POINT_free(Q_CHECK); - BN_free(n); - BN_free(m); - BN_free(p); - BN_free(a); - BN_free(b); - BN_free(x); - BN_free(y); - BN_free(order); - BN_free(yplusone); - BN_CTX_free(ctx); - return r; -} - -static const unsigned char p521_named[] = { - 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, -}; - -static const unsigned char p521_explicit[] = { - 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, - 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, - 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, - 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, - 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, - 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, - 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, - 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, - 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, - 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, - 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, - 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, - 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, - 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, - 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, - 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, - 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, - 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, - 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, - 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, - 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, - 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, - 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, -}; - -/* - * This test validates a named curve's group parameters using - * EC_GROUP_check_named_curve(). It also checks that modifying any of the - * group parameters results in the curve not being valid. - */ -static int check_named_curve_test(int id) -{ - int ret = 0, nid, field_nid, has_seed; - EC_GROUP *group = NULL, *gtest = NULL; - const EC_POINT *group_gen = NULL; - EC_POINT *other_gen = NULL; - BIGNUM *group_p = NULL, *group_a = NULL, *group_b = NULL; - BIGNUM *other_p = NULL, *other_a = NULL, *other_b = NULL; - BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; - BIGNUM *other_order = NULL; - const BIGNUM *group_order = NULL; - BN_CTX *bn_ctx = NULL; - static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; - static size_t invalid_seed_len = sizeof(invalid_seed); - - /* Do some setup */ - nid = curves[id].nid; - if (!TEST_ptr(bn_ctx = BN_CTX_new()) - || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(gtest = EC_GROUP_dup(group)) - || !TEST_ptr(group_p = BN_new()) - || !TEST_ptr(group_a = BN_new()) - || !TEST_ptr(group_b = BN_new()) - || !TEST_ptr(group_cofactor = BN_new()) - || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) - || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) - || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) - || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)) - || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) - || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) - || !TEST_ptr(other_order = BN_dup(group_order)) - || !TEST_true(BN_add_word(other_order, 1)) - || !TEST_ptr(other_a = BN_dup(group_a)) - || !TEST_true(BN_add_word(other_a, 1)) - || !TEST_ptr(other_b = BN_dup(group_b)) - || !TEST_true(BN_add_word(other_b, 1)) - || !TEST_ptr(other_cofactor = BN_dup(group_cofactor)) - || !TEST_true(BN_add_word(other_cofactor, 1))) - goto err; - - /* Determine if the built-in curve has a seed field set */ - has_seed = (EC_GROUP_get_seed_len(group) > 0); - field_nid = EC_GROUP_get_field_type(group); - if (field_nid == NID_X9_62_characteristic_two_field) { - if (!TEST_ptr(other_p = BN_dup(group_p)) - || !TEST_true(BN_lshift1(other_p, other_p))) - goto err; - } else { - if (!TEST_ptr(other_p = BN_dup(group_p))) - goto err; - /* - * Just choosing any arbitrary prime does not work.. - * Setting p via ec_GFp_nist_group_set_curve() needs the prime to be a - * nist prime. So only select one of these as an alternate prime. - */ - if (!TEST_ptr(BN_copy(other_p, - BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? - BN_get0_nist_prime_256() : - BN_get0_nist_prime_192()))) - goto err; - } - - /* Passes because this is a valid curve */ - if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid) - /* Only NIST curves pass */ - || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL), - EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) - goto err; - - /* Fail if the curve name doesn't match the parameters */ - EC_GROUP_set_curve_name(group, nid + 1); - ERR_set_mark(); - if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0, NULL), 0)) - goto err; - ERR_pop_to_mark(); - - /* Restore curve name and ensure it's passing */ - EC_GROUP_set_curve_name(group, nid); - if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) - goto err; - - if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len), - invalid_seed_len)) - goto err; - - if (has_seed) { - /* - * If the built-in curve has a seed and we set the seed to another value - * then it will fail the check. - */ - if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), 0)) - goto err; - } else { - /* - * If the built-in curve does not have a seed then setting the seed will - * pass the check (as the seed is optional). - */ - if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) - goto err; - } - /* Pass if the seed is unknown (as it is optional) */ - if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1) - || !TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) - goto err; - - /* Check that a duped group passes */ - if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) - goto err; - - /* check that changing any generator parameter fails */ - if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order, - group_cofactor)) - || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) - || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order, - group_cofactor)) - || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) - /* The order is not an optional field, so this should fail */ - || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL, - group_cofactor)) - || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, - other_cofactor)) - || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) - /* Check that if the cofactor is not set then it still passes */ - || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, - NULL)) - || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid) - /* check that restoring the generator passes */ - || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, - group_cofactor)) - || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) - goto err; - - /* - * check that changing any curve parameter fails - * - * Setting arbitrary p, a or b might fail for some EC_GROUPs - * depending on the internal EC_METHOD implementation, hence run - * these tests conditionally to the success of EC_GROUP_set_curve(). - */ - ERR_set_mark(); - if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) { - if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) - goto err; - } else { - /* clear the error stack if EC_GROUP_set_curve() failed */ - ERR_pop_to_mark(); - ERR_set_mark(); - } - if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) { - if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) - goto err; - } else { - /* clear the error stack if EC_GROUP_set_curve() failed */ - ERR_pop_to_mark(); - ERR_set_mark(); - } - if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) { - if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) - goto err; - } else { - /* clear the error stack if EC_GROUP_set_curve() failed */ - ERR_pop_to_mark(); - ERR_set_mark(); - } - ERR_pop_to_mark(); - - /* Check that restoring the curve parameters passes */ - if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL)) - || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) - goto err; - - ret = 1; -err: - BN_free(group_p); - BN_free(other_p); - BN_free(group_a); - BN_free(other_a); - BN_free(group_b); - BN_free(other_b); - BN_free(group_cofactor); - BN_free(other_cofactor); - BN_free(other_order); - EC_POINT_free(other_gen); - EC_GROUP_free(gtest); - EC_GROUP_free(group); - BN_CTX_free(bn_ctx); - return ret; -} - -/* - * This checks the lookup capability of EC_GROUP_check_named_curve() - * when the given group was created with explicit parameters. - * - * It is possible to retrieve an alternative alias that does not match - * the original nid in this case. - */ -static int check_named_curve_lookup_test(int id) -{ - int ret = 0, nid, rv = 0; - EC_GROUP *g = NULL , *ga = NULL; - ECPARAMETERS *p = NULL, *pa = NULL; - BN_CTX *ctx = NULL; - - /* Do some setup */ - nid = curves[id].nid; - if (!TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(g = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(p = EC_GROUP_get_ecparameters(g, NULL))) - goto err; - - /* replace with group from explicit parameters */ - EC_GROUP_free(g); - if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p))) - goto err; - - if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0, NULL), 0)) - goto err; - if (rv != nid) { - /* - * Found an alias: - * fail if the returned nid is not an alias of the original group. - * - * The comparison here is done by comparing two explicit - * parameter EC_GROUPs with EC_GROUP_cmp(), to ensure the - * comparison happens with unnamed EC_GROUPs using the same - * EC_METHODs. - */ - if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv)) - || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) - goto err; - - /* replace with group from explicit parameters, then compare */ - EC_GROUP_free(ga); - if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa)) - || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) - goto err; - } - - ret = 1; - - err: - EC_GROUP_free(g); - EC_GROUP_free(ga); - ECPARAMETERS_free(p); - ECPARAMETERS_free(pa); - BN_CTX_free(ctx); - - return ret; -} - -/* - * Sometime we cannot compare nids for equality, as the built-in curve table - * includes aliases with different names for the same curve. - * - * This function returns TRUE (1) if the checked nids are identical, or if they - * alias to the same curve. FALSE (0) otherwise. - */ -static ossl_inline -int are_ec_nids_compatible(int n1d, int n2d) -{ - int ret = 0; - switch (n1d) { -#ifndef OPENSSL_NO_EC2M - case NID_sect113r1: - case NID_wap_wsg_idm_ecid_wtls4: - ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); - break; - case NID_sect163k1: - case NID_wap_wsg_idm_ecid_wtls3: - ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); - break; - case NID_sect233k1: - case NID_wap_wsg_idm_ecid_wtls10: - ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); - break; - case NID_sect233r1: - case NID_wap_wsg_idm_ecid_wtls11: - ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); - break; - case NID_X9_62_c2pnb163v1: - case NID_wap_wsg_idm_ecid_wtls5: - ret = (n2d == NID_X9_62_c2pnb163v1 - || n2d == NID_wap_wsg_idm_ecid_wtls5); - break; -#endif /* OPENSSL_NO_EC2M */ - case NID_secp112r1: - case NID_wap_wsg_idm_ecid_wtls6: - ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); - break; - case NID_secp160r2: - case NID_wap_wsg_idm_ecid_wtls7: - ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); - break; -#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 - case NID_secp224r1: - case NID_wap_wsg_idm_ecid_wtls12: - ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); - break; -#else - /* - * For SEC P-224 we want to ensure that the SECP nid is returned, as - * that is associated with a specialized method. - */ - case NID_wap_wsg_idm_ecid_wtls12: - ret = (n2d == NID_secp224r1); - break; -#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ - - default: - ret = (n1d == n2d); - } - return ret; -} - -/* - * This checks that EC_GROUP_bew_from_ecparameters() returns a "named" - * EC_GROUP for built-in curves. - * - * Note that it is possible to retrieve an alternative alias that does not match - * the original nid. - * - * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. - */ -static int check_named_curve_from_ecparameters(int id) -{ - int ret = 0, nid, tnid; - EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL; - const EC_POINT *group_gen = NULL; - EC_POINT *other_gen = NULL; - BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; - BIGNUM *other_gen_x = NULL, *other_gen_y = NULL; - const BIGNUM *group_order = NULL; - BIGNUM *other_order = NULL; - BN_CTX *bn_ctx = NULL; - static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; - static size_t invalid_seed_len = sizeof(invalid_seed); - ECPARAMETERS *params = NULL, *other_params = NULL; - EC_GROUP *g_ary[8] = {NULL}; - EC_GROUP **g_next = &g_ary[0]; - ECPARAMETERS *p_ary[8] = {NULL}; - ECPARAMETERS **p_next = &p_ary[0]; - - /* Do some setup */ - nid = curves[id].nid; - TEST_note("Curve %s", OBJ_nid2sn(nid)); - if (!TEST_ptr(bn_ctx = BN_CTX_new())) - return ret; - BN_CTX_start(bn_ctx); - - if (/* Allocations */ - !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx)) - || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx)) - || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx)) - || !TEST_ptr(other_order = BN_CTX_get(bn_ctx)) - || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx)) - /* Generate reference group and params */ - || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL)) - || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) - || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) - || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) - /* compute `other_*` values */ - || !TEST_ptr(tmpg = EC_GROUP_dup(group)) - || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) - || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) - || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, - other_gen_x, other_gen_y, bn_ctx)) - || !TEST_true(BN_copy(other_order, group_order)) - || !TEST_true(BN_add_word(other_order, 1)) - || !TEST_true(BN_copy(other_cofactor, group_cofactor)) - || !TEST_true(BN_add_word(other_cofactor, 1))) - goto err; - - EC_POINT_free(other_gen); - other_gen = NULL; - - if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) - || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, - other_gen_x, other_gen_y, - bn_ctx))) - goto err; - - /* - * ########################### - * # Actual tests start here # - * ########################### - */ - - /* - * Creating a group from built-in explicit parameters returns a - * "named" EC_GROUP - */ - if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)) - goto err; - /* - * We cannot always guarantee the names match, as the built-in table - * contains aliases for the same curve with different names. - */ - if (!TEST_true(are_ec_nids_compatible(nid, tnid))) { - TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); - goto err; - } - /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */ - if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE)) - goto err; - - /* - * An invalid seed in the parameters should be ignored: expect a "named" - * group. - */ - if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), - invalid_seed_len) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE)) { - TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); - goto err; - } - - /* - * A null seed in the parameters should be ignored, as it is optional: - * expect a "named" group. - */ - if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE)) { - TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); - goto err; - } - - /* - * Check that changing any of the generator parameters does not yield a - * match with the built-in curves - */ - if (/* Other gen, same group order & cofactor */ - !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, - group_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - /* Same gen & cofactor, different order */ - || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, - group_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - /* The order is not an optional field, so this should fail */ - || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, - group_cofactor)) - /* Check that a wrong cofactor is ignored, and we still match */ - || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, - other_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE) - /* Check that if the cofactor is not set then it still matches */ - || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, - NULL)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE) - /* check that restoring the generator passes */ - || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, - group_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE)) - goto err; - - ret = 1; -err: - for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++) - EC_GROUP_free(*g_next); - for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++) - ECPARAMETERS_free(*p_next); - ECPARAMETERS_free(params); - EC_POINT_free(other_gen); - EC_GROUP_free(tmpg); - EC_GROUP_free(group); - BN_CTX_end(bn_ctx); - BN_CTX_free(bn_ctx); - return ret; -} - - -static int parameter_test(void) -{ - EC_GROUP *group = NULL, *group2 = NULL; - ECPARAMETERS *ecparameters = NULL; - unsigned char *buf = NULL; - int r = 0, len; - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) - || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) - || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) - || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) - goto err; - - EC_GROUP_free(group); - group = NULL; - - /* Test the named curve encoding, which should be default. */ - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) - || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) - || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) - goto err; - - OPENSSL_free(buf); - buf = NULL; - - /* - * Test the explicit encoding. P-521 requires correctly zero-padding the - * curve coefficients. - */ - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); - if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) - || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) - goto err; - - r = 1; -err: - EC_GROUP_free(group); - EC_GROUP_free(group2); - ECPARAMETERS_free(ecparameters); - OPENSSL_free(buf); - return r; -} - -/*- - * random 256-bit explicit parameters curve, cofactor absent - * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) - * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit) - */ -static const unsigned char params_cf_pass[] = { - 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, - 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5, - 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, - 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, - 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5, - 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, - 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, - 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc, - 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27, - 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23, - 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77, - 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b, - 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4, - 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9, - 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a, - 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c, - 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96, - 0x14, 0xa8, 0x2f, 0x4f -}; - -/*- - * random 256-bit explicit parameters curve, cofactor absent - * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit) - * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit) - */ -static const unsigned char params_cf_fail[] = { - 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, - 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37, - 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, - 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, - 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37, - 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, - 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, - 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09, - 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d, - 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02, - 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59, - 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11, - 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24, - 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70, - 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73, - 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04, - 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e, - 0x34, 0xa2, 0x21, 0x01 -}; - -/*- - * Test two random 256-bit explicit parameters curves with absent cofactor. - * The two curves are chosen to roughly straddle the bounds at which the lib - * can compute the cofactor automatically, roughly 4*sqrt(p). So test that: - * - * - params_cf_pass: order is sufficiently close to p to compute cofactor - * - params_cf_fail: order is too far away from p to compute cofactor - * - * For standards-compliant curves, cofactor is chosen as small as possible. - * So you can see neither of these curves are fit for cryptographic use. - * - * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2: - * h <= 2**(t/8) where t is the security level of the curve, for which the lib - * will always succeed in computing the cofactor. Neither of these curves - * conform to that -- this is just robustness testing. - */ -static int cofactor_range_test(void) -{ - EC_GROUP *group = NULL; - BIGNUM *cf = NULL; - int ret = 0; - const unsigned char *b1 = (const unsigned char *)params_cf_fail; - const unsigned char *b2 = (const unsigned char *)params_cf_pass; - - if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) - || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) - || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, - sizeof(params_cf_pass))) - || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) - || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) - goto err; - ret = 1; - err: - BN_free(cf); - EC_GROUP_free(group); - return ret; -} - -/*- - * For named curves, test that: - * - the lib correctly computes the cofactor if passed a NULL or zero cofactor - * - a nonsensical cofactor throws an error (negative test) - * - nonsensical orders throw errors (negative tests) - */ -static int cardinality_test(int n) -{ - int ret = 0, is_binary = 0; - int nid = curves[n].nid; - BN_CTX *ctx = NULL; - EC_GROUP *g1 = NULL, *g2 = NULL; - EC_POINT *g2_gen = NULL; - BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, - *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; - - TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); - - if (!TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) { - BN_CTX_free(ctx); - return 0; - } - - is_binary = (EC_GROUP_get_field_type(g1) == NID_X9_62_characteristic_two_field); - - BN_CTX_start(ctx); - g1_p = BN_CTX_get(ctx); - g1_a = BN_CTX_get(ctx); - g1_b = BN_CTX_get(ctx); - g1_x = BN_CTX_get(ctx); - g1_y = BN_CTX_get(ctx); - g1_order = BN_CTX_get(ctx); - g1_cf = BN_CTX_get(ctx); - - if (!TEST_ptr(g2_cf = BN_CTX_get(ctx)) - /* pull out the explicit curve parameters */ - || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) - || !TEST_true(EC_POINT_get_affine_coordinates(g1, - EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) - || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) - || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) - /* construct g2 manually with g1 parameters */ -#ifndef OPENSSL_NO_EC2M - || !TEST_ptr(g2 = (is_binary) ? - EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : - EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) -#else - || !TEST_int_eq(0, is_binary) - || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) -#endif - || !TEST_ptr(g2_gen = EC_POINT_new(g2)) - || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) - /* pass NULL cofactor: lib should compute it */ - || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) - || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) - || !TEST_BN_eq(g1_cf, g2_cf) - /* pass zero cofactor: lib should compute it */ - || !TEST_true(BN_set_word(g2_cf, 0)) - || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) - || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) - || !TEST_BN_eq(g1_cf, g2_cf) - /* negative test for invalid cofactor */ - || !TEST_true(BN_set_word(g2_cf, 0)) - || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) - || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) - /* negative test for NULL order */ - || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) - /* negative test for zero order */ - || !TEST_true(BN_set_word(g1_order, 0)) - || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) - /* negative test for negative order */ - || !TEST_true(BN_set_word(g2_cf, 0)) - || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) - || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) - /* negative test for too large order */ - || !TEST_true(BN_lshift(g1_order, g1_p, 2)) - || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) - goto err; - ret = 1; - err: - EC_POINT_free(g2_gen); - EC_GROUP_free(g1); - EC_GROUP_free(g2); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - -static int check_ec_key_field_public_range_test(int id) -{ - int ret = 0, type = 0; - const EC_POINT *pub = NULL; - const EC_GROUP *group = NULL; - const BIGNUM *field = NULL; - BIGNUM *x = NULL, *y = NULL; - EC_KEY *key = NULL; - - if (!TEST_ptr(x = BN_new()) - || !TEST_ptr(y = BN_new()) - || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) - || !TEST_ptr(group = EC_KEY_get0_group(key)) - || !TEST_ptr(field = EC_GROUP_get0_field(group)) - || !TEST_int_gt(EC_KEY_generate_key(key), 0) - || !TEST_int_gt(EC_KEY_check_key(key), 0) - || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) - || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, - NULL), 0)) - goto err; - - /* - * Make the public point out of range by adding the field (which will still - * be the same point on the curve). The add is different for char2 fields. - */ - type = EC_GROUP_get_field_type(group); -#ifndef OPENSSL_NO_EC2M - if (type == NID_X9_62_characteristic_two_field) { - /* test for binary curves */ - if (!TEST_true(BN_GF2m_add(x, x, field))) - goto err; - } else -#endif - if (type == NID_X9_62_prime_field) { - /* test for prime curves */ - if (!TEST_true(BN_add(x, x, field))) - goto err; - } else { - /* this should never happen */ - TEST_error("Unsupported EC_METHOD field_type"); - goto err; - } - if (!TEST_int_le(EC_KEY_set_public_key_affine_coordinates(key, x, y), 0)) - goto err; - - ret = 1; -err: - BN_free(x); - BN_free(y); - EC_KEY_free(key); - return ret; -} - -/* - * Helper for ec_point_hex2point_test - * - * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given - * (group,P) pair. - * - * If P is NULL use point at infinity. - */ -static ossl_inline -int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P, - point_conversion_form_t form, - BN_CTX *bnctx) -{ - int ret = 0; - EC_POINT *Q = NULL, *Pinf = NULL; - char *hex = NULL; - - if (P == NULL) { - /* If P is NULL use point at infinity. */ - if (!TEST_ptr(Pinf = EC_POINT_new(group)) - || !TEST_true(EC_POINT_set_to_infinity(group, Pinf))) - goto err; - P = Pinf; - } - - if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx)) - || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx))) - goto err; - - /* - * The next check is most likely superfluous, as EC_POINT_cmp should already - * cover this. - * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity, - * so we include it anyway! - */ - if (Pinf != NULL - && !TEST_true(EC_POINT_is_at_infinity(group, Q))) - goto err; - - ret = 1; - - err: - EC_POINT_free(Pinf); - OPENSSL_free(hex); - EC_POINT_free(Q); - - return ret; -} - -/* - * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex() - */ -static int ec_point_hex2point_test(int id) -{ - int ret = 0, nid; - EC_GROUP *group = NULL; - const EC_POINT *G = NULL; - EC_POINT *P = NULL; - BN_CTX * bnctx = NULL; - - /* Do some setup */ - nid = curves[id].nid; - if (!TEST_ptr(bnctx = BN_CTX_new()) - || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(G = EC_GROUP_get0_generator(group)) - || !TEST_ptr(P = EC_POINT_dup(G, group))) - goto err; - - if (!TEST_true(ec_point_hex2point_test_helper(group, P, - POINT_CONVERSION_COMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, NULL, - POINT_CONVERSION_COMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, P, - POINT_CONVERSION_UNCOMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, NULL, - POINT_CONVERSION_UNCOMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, P, - POINT_CONVERSION_HYBRID, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, NULL, - POINT_CONVERSION_HYBRID, - bnctx))) - goto err; - - ret = 1; - - err: - EC_POINT_free(P); - EC_GROUP_free(group); - BN_CTX_free(bnctx); - - return ret; -} - -static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, - unsigned char *gen, int gen_size) -{ - int ret = 0, i_out; - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *pkeyparam = NULL; - OSSL_PARAM_BLD *bld = NULL; - const char *field_name; - OSSL_PARAM *params = NULL; - const OSSL_PARAM *gettable; - BIGNUM *p, *a, *b; - BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL; - BIGNUM *order_out = NULL, *cofactor_out = NULL; - char name[80]; - unsigned char buf[1024]; - size_t buf_len, name_len; -#ifndef OPENSSL_NO_EC2M - unsigned int k1 = 0, k2 = 0, k3 = 0; - const char *basis_name = NULL; -#endif - - p = BN_CTX_get(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - - if (!TEST_ptr(b) - || !TEST_ptr(bld = OSSL_PARAM_BLD_new())) - goto err; - - if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { - field_name = SN_X9_62_prime_field; - } else { - field_name = SN_X9_62_characteristic_two_field; -#ifndef OPENSSL_NO_EC2M - if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { - basis_name = SN_X9_62_tpBasis; - if (!TEST_true(EC_GROUP_get_trinomial_basis(group, &k1))) - goto err; - } else { - basis_name = SN_X9_62_ppBasis; - if (!TEST_true(EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))) - goto err; - } -#endif /* OPENSSL_NO_EC2M */ - } - if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) - || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))) - goto err; - - if (EC_GROUP_get0_seed(group) != NULL) { - if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group), - EC_GROUP_get_seed_len(group)))) - goto err; - } - if (EC_GROUP_get0_cofactor(group) != NULL) { - if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, - EC_GROUP_get0_cofactor(group)))) - goto err; - } - - if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER, - EC_GROUP_get0_order(group)))) - goto err; - - if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) - || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) - || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) - || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, - EVP_PKEY_KEY_PARAMETERS, params), 0)) - goto err; - - /*- Check that all the set values are retrievable -*/ - - /* There should be no match to a group name since the generator changed */ - if (!TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), - &name_len))) - goto err; - - /* The encoding should be explicit as it has no group */ - if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_ENCODING, - name, sizeof(name), &name_len)) - || !TEST_str_eq(name, OSSL_PKEY_EC_ENCODING_EXPLICIT)) - goto err; - - if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name), - &name_len)) - || !TEST_str_eq(name, field_name)) - goto err; - - if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len)) - || !TEST_mem_eq(buf, (int)buf_len, gen, gen_size)) - goto err; - - if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_P, &p_out)) - || !TEST_BN_eq(p_out, p) - || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_A, - &a_out)) - || !TEST_BN_eq(a_out, a) - || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_B, - &b_out)) - || !TEST_BN_eq(b_out, b) - || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_ORDER, - &order_out)) - || !TEST_BN_eq(order_out, EC_GROUP_get0_order(group))) - goto err; - - if (EC_GROUP_get0_cofactor(group) != NULL) { - if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, - OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out)) - || !TEST_BN_eq(cofactor_out, EC_GROUP_get0_cofactor(group))) - goto err; - } - if (EC_GROUP_get0_seed(group) != NULL) { - if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len)) - || !TEST_mem_eq(buf, buf_len, EC_GROUP_get0_seed(group), - EC_GROUP_get_seed_len(group))) - goto err; - } - - if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { - /* No extra fields should be set for a prime field */ - if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) - || !TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), - &name_len))) - goto err; - } else { -#ifndef OPENSSL_NO_EC2M - if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) - || !TEST_int_eq(EC_GROUP_get_degree(group), i_out) - || !TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), - &name_len)) - || !TEST_str_eq(name, basis_name)) - goto err; - - if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { - if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) - || !TEST_int_eq(k1, i_out) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) - || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))) - goto err; - } else { - if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) - || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) - || !TEST_int_eq(k1, i_out) - || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) - || !TEST_int_eq(k2, i_out) - || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) - || !TEST_int_eq(k3, i_out)) - goto err; - } -#endif /* OPENSSL_NO_EC2M */ - } - if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pkeyparam)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_GROUP_NAME)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ENCODING)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_FIELD_TYPE)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_P)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_A)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_B)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_GENERATOR)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ORDER)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_COFACTOR)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_SEED)) -#ifndef OPENSSL_NO_EC2M - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_M)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TYPE)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K1)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K2)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K3)) -#endif - ) - goto err; - ret = 1; -err: - BN_free(order_out); - BN_free(cofactor_out); - BN_free(a_out); - BN_free(b_out); - BN_free(p_out); - OSSL_PARAM_free(params); - OSSL_PARAM_BLD_free(bld); - EVP_PKEY_free(pkeyparam); - EVP_PKEY_CTX_free(pctx); - return ret; -} - -/* - * check the EC_METHOD respects the supplied EC_GROUP_set_generator G - */ -static int custom_generator_test(int id) -{ - int ret = 0, nid, bsize; - EC_GROUP *group = NULL; - EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; - BN_CTX *ctx = NULL; - BIGNUM *k = NULL; - unsigned char *b1 = NULL, *b2 = NULL; - - /* Do some setup */ - nid = curves[id].nid; - TEST_note("Curve %s", OBJ_nid2sn(nid)); - if (!TEST_ptr(ctx = BN_CTX_new())) - return 0; - - BN_CTX_start(ctx); - - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) - goto err; - - /* expected byte length of encoded points */ - bsize = (EC_GROUP_get_degree(group) + 7) / 8; - bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ - - if (!TEST_ptr(k = BN_CTX_get(ctx)) - /* fetch a testing scalar k != 0,1 */ - || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) - /* make k even */ - || !TEST_true(BN_clear_bit(k, 0)) - || !TEST_ptr(G2 = EC_POINT_new(group)) - || !TEST_ptr(Q1 = EC_POINT_new(group)) - /* Q1 := kG */ - || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, NULL, - 0, ctx), bsize) - || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, b1, - bsize, ctx), bsize) - /* new generator is G2 := 2G */ - || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), - ctx)) - || !TEST_true(EC_GROUP_set_generator(group, G2, - EC_GROUP_get0_order(group), - EC_GROUP_get0_cofactor(group))) - || !TEST_ptr(Q2 = EC_POINT_new(group)) - || !TEST_true(BN_rshift1(k, k)) - /* Q2 := k/2 G2 */ - || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q2, - POINT_CONVERSION_UNCOMPRESSED, NULL, - 0, ctx), bsize) - || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q2, - POINT_CONVERSION_UNCOMPRESSED, b2, - bsize, ctx), bsize) - /* Q1 = kG = k/2 G2 = Q2 should hold */ - || !TEST_mem_eq(b1, bsize, b2, bsize)) - goto err; - - if (!do_test_custom_explicit_fromdata(group, ctx, b1, bsize)) - goto err; - - ret = 1; - - err: - EC_POINT_free(Q1); - EC_POINT_free(Q2); - EC_POINT_free(G2); - EC_GROUP_free(group); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - OPENSSL_free(b1); - OPENSSL_free(b2); - - return ret; -} - -/* - * check creation of curves from explicit params through the public API - */ -static int custom_params_test(int id) -{ - int ret = 0, nid, bsize; - const char *curve_name = NULL; - EC_GROUP *group = NULL, *altgroup = NULL; - EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; - const EC_POINT *Q = NULL; - BN_CTX *ctx = NULL; - BIGNUM *k = NULL; - unsigned char *buf1 = NULL, *buf2 = NULL; - const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL; - int is_prime = 0; - EC_KEY *eckey1 = NULL, *eckey2 = NULL; - EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; - EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; - size_t sslen, t; - unsigned char *pub1 = NULL , *pub2 = NULL; - OSSL_PARAM_BLD *param_bld = NULL; - OSSL_PARAM *params1 = NULL, *params2 = NULL; - - /* Do some setup */ - nid = curves[id].nid; - curve_name = OBJ_nid2sn(nid); - TEST_note("Curve %s", curve_name); - - if (nid == NID_sm2) - return TEST_skip("custom params not supported with SM2"); - - if (!TEST_ptr(ctx = BN_CTX_new())) - return 0; - - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) - goto err; - - is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field; -#ifdef OPENSSL_NO_EC2M - if (!is_prime) { - ret = TEST_skip("binary curves not supported in this build"); - goto err; - } -#endif - - BN_CTX_start(ctx); - if (!TEST_ptr(p = BN_CTX_get(ctx)) - || !TEST_ptr(a = BN_CTX_get(ctx)) - || !TEST_ptr(b = BN_CTX_get(ctx)) - || !TEST_ptr(k = BN_CTX_get(ctx))) - goto err; - - /* expected byte length of encoded points */ - bsize = (EC_GROUP_get_degree(group) + 7) / 8; - bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ - - /* extract parameters from built-in curve */ - if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) - || !TEST_ptr(G2 = EC_POINT_new(group)) - /* new generator is G2 := 2G */ - || !TEST_true(EC_POINT_dbl(group, G2, - EC_GROUP_get0_generator(group), ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(group, G2, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(group, G2, - POINT_CONVERSION_UNCOMPRESSED, - buf1, bsize, ctx), bsize) - || !TEST_ptr(z = EC_GROUP_get0_order(group)) - || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group)) - ) - goto err; - - /* create a new group using same params (but different generator) */ - if (is_prime) { - if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx))) - goto err; - } -#ifndef OPENSSL_NO_EC2M - else { - if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) - goto err; - } -#endif - - /* set 2*G as the generator of altgroup */ - EC_POINT_free(G2); /* discard G2 as it refers to the original group */ - if (!TEST_ptr(G2 = EC_POINT_new(altgroup)) - || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) - || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) - || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof)) - ) - goto err; - - /* verify math checks out */ - if (/* allocate temporary points on group and altgroup */ - !TEST_ptr(Q1 = EC_POINT_new(group)) - || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) - /* fetch a testing scalar k != 0,1 */ - || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) - /* make k even */ - || !TEST_true(BN_clear_bit(k, 0)) - /* Q1 := kG on group */ - || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - buf1, bsize, ctx), bsize) - /* k := k/2 */ - || !TEST_true(BN_rshift1(k, k)) - /* Q2 := k/2 G2 on altgroup */ - || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, - POINT_CONVERSION_UNCOMPRESSED, - buf2, bsize, ctx), bsize) - /* Q1 = kG = k/2 G2 = Q2 should hold */ - || !TEST_mem_eq(buf1, bsize, buf2, bsize)) - goto err; - - /* create two `EC_KEY`s on altgroup */ - if (!TEST_ptr(eckey1 = EC_KEY_new()) - || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) - || !TEST_true(EC_KEY_generate_key(eckey1)) - || !TEST_ptr(eckey2 = EC_KEY_new()) - || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) - || !TEST_true(EC_KEY_generate_key(eckey2))) - goto err; - - /* retrieve priv1 for later */ - if (!TEST_ptr(priv1 = EC_KEY_get0_private_key(eckey1))) - goto err; - - /* - * retrieve bytes for pub1 for later - * - * We compute the pub key in the original group as we will later use it to - * define a provider key in the built-in group. - */ - if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - pub1, bsize, ctx), bsize)) - goto err; - - /* retrieve bytes for pub2 for later */ - if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2)) - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, - POINT_CONVERSION_UNCOMPRESSED, - pub2, bsize, ctx), bsize)) - goto err; - - /* create two `EVP_PKEY`s from the `EC_KEY`s */ - if(!TEST_ptr(pkey1 = EVP_PKEY_new()) - || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) - goto err; - eckey1 = NULL; /* ownership passed to pkey1 */ - if(!TEST_ptr(pkey2 = EVP_PKEY_new()) - || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) - goto err; - eckey2 = NULL; /* ownership passed to pkey2 */ - - /* Compute keyexchange in both directions */ - if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) - || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) - || !TEST_int_gt(bsize, sslen) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) - goto err; - if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) - || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) - || !TEST_int_gt(bsize, t) - || !TEST_int_le(sslen, t) - || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) - goto err; - - /* Both sides should expect the same shared secret */ - if (!TEST_mem_eq(buf1, sslen, buf2, t)) - goto err; - - /* Build parameters for provider-native keys */ - if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) - || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, - OSSL_PKEY_PARAM_GROUP_NAME, - curve_name, 0)) - || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, - OSSL_PKEY_PARAM_PUB_KEY, - pub1, bsize)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, - OSSL_PKEY_PARAM_PRIV_KEY, - priv1)) - || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) - goto err; - - OSSL_PARAM_BLD_free(param_bld); - if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) - || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, - OSSL_PKEY_PARAM_GROUP_NAME, - curve_name, 0)) - || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, - OSSL_PKEY_PARAM_PUB_KEY, - pub2, bsize)) - || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) - goto err; - - /* create two new provider-native `EVP_PKEY`s */ - EVP_PKEY_CTX_free(pctx2); - if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) - || !TEST_true(EVP_PKEY_fromdata_init(pctx2)) - || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR, - params1)) - || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY, - params2))) - goto err; - - /* compute keyexchange once more using the provider keys */ - EVP_PKEY_CTX_free(pctx1); - if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) - || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1) - || !TEST_int_gt(bsize, t) - || !TEST_int_le(sslen, t) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1) - /* compare with previous result */ - || !TEST_mem_eq(buf1, t, buf2, sslen)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - OSSL_PARAM_BLD_free(param_bld); - OSSL_PARAM_free(params1); - OSSL_PARAM_free(params2); - EC_POINT_free(Q1); - EC_POINT_free(Q2); - EC_POINT_free(G2); - EC_GROUP_free(group); - EC_GROUP_free(altgroup); - OPENSSL_free(buf1); - OPENSSL_free(buf2); - OPENSSL_free(pub1); - OPENSSL_free(pub2); - EC_KEY_free(eckey1); - EC_KEY_free(eckey2); - EVP_PKEY_free(pkey1); - EVP_PKEY_free(pkey2); - EVP_PKEY_CTX_free(pctx1); - EVP_PKEY_CTX_free(pctx2); - - return ret; -} - -int setup_tests(void) -{ - crv_len = EC_get_builtin_curves(NULL, 0); - if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) - || !TEST_true(EC_get_builtin_curves(curves, crv_len))) - return 0; - - ADD_TEST(parameter_test); - ADD_TEST(cofactor_range_test); - ADD_ALL_TESTS(cardinality_test, crv_len); - ADD_TEST(prime_field_tests); -#ifndef OPENSSL_NO_EC2M - ADD_TEST(char2_field_tests); - ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); -#endif - ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); - ADD_ALL_TESTS(internal_curve_test, crv_len); - ADD_ALL_TESTS(internal_curve_test_method, crv_len); - ADD_TEST(group_field_test); - ADD_ALL_TESTS(check_named_curve_test, crv_len); - ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); - ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); - ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); - ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); - /* ADD_ALL_TESTS(custom_generator_test, crv_len); - ADD_ALL_TESTS(custom_params_test, crv_len); */ - return 1; -} - -void cleanup_tests(void) -{ - OPENSSL_free(curves); -} diff --git a/hobble-openssl b/hobble-openssl deleted file mode 100755 index 9a23ca6..0000000 --- a/hobble-openssl +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -# Quit out if anything fails. -set -e - -# Clean out patent-or-otherwise-encumbered code. -# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway -# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore -# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore -# EC: ????????? ??/??/2020 -# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore - -# Remove assembler portions of IDEA, MDC2, and RC5. -# (find crypto/rc5/asm -type f | xargs -r rm -fv) - -for c in `find crypto/bn -name "*gf2m.c"`; do - echo Destroying $c - > $c -done - -for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do - echo Destroying $c - > $c -done - -for c in `find test -name "ectest.c"`; do - echo Destroying $c - > $c -done - -for h in `find crypto ssl apps test -name "*.h"` ; do - echo Removing EC2M references from $h - cat $h | \ - awk 'BEGIN {ech=1;} \ - /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ - /^#[ \t]*if/ {if(ech < 1) ech--;} \ - {if(ech>0) {;print $0};} \ - /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ - mv $h.hobbled $h -done diff --git a/mingw-openssl.spec b/mingw-openssl.spec index 7071574..63c63c5 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -13,25 +13,33 @@ # there is any actual problem with the binaries). %global run_tests 0 +%define srpmhash() %{lua: +local files = rpm.expand("%_specdir/mingw-openssl.spec") +for i, p in ipairs(patches) do + files = files.." "..p +end +for i, p in ipairs(sources) do + files = files.." "..p +end +local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum")) +local hash = sha256sum:read("*a") +sha256sum:close() +print(string.sub(hash, 0, 16)) +} + Name: mingw-openssl -Version: 3.0.7 -Release: 2%{?dist} +Version: 3.0.9 +Release: 1%{?dist} Summary: MinGW port of the OpenSSL toolkit License: OpenSSL URL: http://www.openssl.org/ -# We have to remove certain patented algorithms from the openssl source -# tarball with the hobble-openssl script which is included below. -# The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-hobbled.tar.xz -Source1: hobble-openssl +Source: openssl-%{version}.tar.gz Source2: Makefile.certificate Source3: genpatches Source6: make-dummy-cert Source7: renew-dummy-cert -Source12: ec_curve.c -Source13: ectest.c # Patches exported from source git # Aarch64 and ppc64le use lib64 @@ -51,22 +59,107 @@ Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch # Add FIPS_mode() compatibility macro Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch # Add check to see if fips flag is enabled in kernel -#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so +# that new modifications made to these files by upstream are not lost. +Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch # remove unsupported EC curves Patch11: 0011-Remove-EC-curves.patch # Disable explicit EC curves +# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 Patch12: 0012-Disable-explicit-ec.patch +#Skipped tests from former 0011-Remove-EC-curves.patch +Patch13: 0013-skipped-tests-EC-curves.patch # Instructions to load legacy provider in openssl.cnf Patch24: 0024-load-legacy-prov.patch +# Tmp: test name change +Patch31: 0031-tmp-Fix-test-names.patch +# We load FIPS provider and set FIPS properties implicitly +Patch32: 0032-Force-fips.patch +# Embed HMAC into the fips.so +Patch33: 0033-FIPS-embed-hmac.patch +# Comment out fipsinstall command-line utility +Patch34: 0034.fipsinstall_disable.patch +# Skip unavailable algorithms running `openssl speed` +Patch35: 0035-speed-skip-unavailable-dgst.patch +# Extra public/private key checks required by FIPS-140-3 +Patch44: 0044-FIPS-140-3-keychecks.patch +# Minimize fips services +Patch45: 0045-FIPS-services-minimize.patch +# Execute KATS before HMAC verification +Patch47: 0047-FIPS-early-KATS.patch +%if 0%{?rhel} +# Selectively disallow SHA1 signatures +Patch49: 0049-Selectively-disallow-SHA1-signatures.patch +%else +# Selectively disallow SHA1 signatures rhbz#2070977 +Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch +%endif # Backport of patch for RHEL for Edge rhbz #2027261 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch +%if 0%{?rhel} +# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes +Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +%else +# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1) +Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +%endif +%if 0%{?rhel} +# no USDT probe instrumentation required +%else +# Instrument with USDT probes related to SHA-1 deprecation +Patch53: 0053-Add-SHA1-probes.patch +%endif +# https://github.com/openssl/openssl/pull/18103 +# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 +# so the patch should persist +Patch56: 0056-strcasecmp.patch +# https://github.com/openssl/openssl/pull/18175 +# Patch57: 0057-strcasecmp-fix.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +Patch58: 0058-FIPS-limit-rsa-encrypt.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2069235 +Patch60: 0060-FIPS-KAT-signature-tests.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +Patch62: 0062-fips-Expose-a-FIPS-indicator.patch +# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c +# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd +# Regression on Power8, see rhbz2124845, https://github.com/openssl/openssl/issues/19163; fix in 0079-Fix-AES-GCM-on-Power-8-CPUs.patch +Patch71: 0071-AES-GCM-performance-optimization.patch +# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149 +# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa +# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 +Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +%if 0%{?rhel} +Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch +%else +Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +%endif +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch +# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) +# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +Patch76: 0076-FIPS-140-3-DRBG.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +Patch77: 0077-FIPS-140-3-zeroization.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2124845, https://github.com/openssl/openssl/pull/19182 +Patch79: 0079-Fix-AES-GCM-on-Power-8-CPUs.patch +# https://github.com/openssl/openssl/pull/13817 +Patch100: 0100-RSA-PKCS15-implicit-rejection.patch # MinGW patches # Attempt to compute openssl modules dir dynamically from executable path if not set by OPENSSL_MODULES -Patch100: openssl_compute_moddir.patch +Patch200: openssl_compute_moddir.patch BuildArch: noarch +BuildRequires: git BuildRequires: make BuildRequires: lksctp-tools-devel BuildRequires: perl-interpreter @@ -163,15 +256,7 @@ Static version of the MinGW port of the OpenSSL toolkit. %prep -%autosetup -p1 -n openssl-%{version} - -# The hobble_openssl is called here redundantly, just to be sure. -# The tarball has already the sources removed. -%{SOURCE1} > /dev/null - -cp %{SOURCE12} crypto/ec/ -cp %{SOURCE13} test/ - +%autosetup -S git -n openssl-%{version} # Create two copies of the source folder as OpenSSL doesn't support out of source builds mkdir ../build_win32 @@ -182,6 +267,8 @@ cp -Rp build_win32/* build_win64 %build +%define fips %{version}-%{srpmhash} + ############################################################################### # Win32 ############################################################################### @@ -194,11 +281,12 @@ LDFLAGS="%{mingw32_ldflags}" \ --prefix=%{mingw32_prefix} \ --libdir=%{mingw32_libdir} \ --openssldir=%{mingw32_sysconfdir}/pki/tls \ - zlib enable-camellia enable-seed enable-rfc3779 \ + --system-ciphers-file=%{mingw32_sysconfdir}/crypto-policies/back-ends/openssl.config \ + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips \ - no-mdc2 no-ec2m no-sm2 no-sm4 \ + no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ --cross-compile-prefix=%{mingw32_target}- \ - shared mingw \ + shared mingw %{mingw32_cflags} '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ -Dsecure_getenv=getenv make -s %{?_smp_mflags} all @@ -222,11 +310,12 @@ LDFLAGS="%{mingw64_ldflags}" \ --prefix=%{mingw64_prefix} \ --libdir=%{mingw64_libdir} \ --openssldir=%{mingw64_sysconfdir}/pki/tls \ - zlib enable-camellia enable-seed enable-rfc3779 \ + --system-ciphers-file=%{mingw64_sysconfdir}/crypto-policies/back-ends/openssl.config \ + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips \ - no-mdc2 no-ec2m no-sm2 no-sm4 \ + no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ --cross-compile-prefix=%{mingw64_target}- \ - shared mingw64 \ + shared mingw %{mingw64_cflags} '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ -Dsecure_getenv=getenv # Do not run this in a production package the FIPS symbols must be patched-in @@ -376,6 +465,9 @@ mkdir -m700 %{buildroot}%{mingw64_sysconfdir}/pki/CA/private %changelog +* Wed May 31 2023 Sandro Mani - 3.0.9-1 +- Update to 3.0.9 + * Thu Jan 19 2023 Fedora Release Engineering - 3.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/openssl_compute_moddir.patch b/openssl_compute_moddir.patch index e4dac30..928d1ab 100644 --- a/openssl_compute_moddir.patch +++ b/openssl_compute_moddir.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf openssl-3.0.7-hobbled-new/Configurations/10-main.conf ---- openssl-3.0.7-hobbled/Configurations/10-main.conf 2022-11-28 16:00:17.030822050 +0100 -+++ openssl-3.0.7-hobbled-new/Configurations/10-main.conf 2022-11-28 16:00:19.679841210 +0100 +diff -rupN --no-dereference openssl-3.0.9/Configurations/10-main.conf openssl-3.0.9-new/Configurations/10-main.conf +--- openssl-3.0.9/Configurations/10-main.conf 2023-05-31 14:33:08.972116341 +0200 ++++ openssl-3.0.9-new/Configurations/10-main.conf 2023-05-31 14:33:19.864111657 +0200 @@ -1494,7 +1494,7 @@ my %targets = ( cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", threads("-D_MT")), @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf op thread_scheme => "winthreads", dso_scheme => "win32", shared_target => "mingw-shared", -diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/provider_core.c openssl-3.0.7-hobbled-new/crypto/provider_core.c ---- openssl-3.0.7-hobbled/crypto/provider_core.c 2022-11-01 15:14:36.000000000 +0100 -+++ openssl-3.0.7-hobbled-new/crypto/provider_core.c 2022-11-28 16:00:19.679841210 +0100 +diff -rupN --no-dereference openssl-3.0.9/crypto/provider_core.c openssl-3.0.9-new/crypto/provider_core.c +--- openssl-3.0.9/crypto/provider_core.c 2023-05-30 14:31:57.000000000 +0200 ++++ openssl-3.0.9-new/crypto/provider_core.c 2023-05-31 14:33:19.865111657 +0200 @@ -32,6 +32,10 @@ #ifndef FIPS_MODULE # include diff --git a/sources b/sources index d548711..22b94a3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.7-hobbled.tar.xz) = 271081307b4dd496db16e0b622ea888f3deae8a4a668c598dedf16e61c9f5009c88f3cf696926c4adb6957d4686b726dc84f9a428aa096aab533b61eda47de84 +SHA512 (openssl-3.0.9.tar.gz) = 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a