commit 32b9a88ded29ce549968978b1bcca72e93ae6db5 Author: Toshaan Bharvani Date: Tue Jan 17 08:58:49 2023 +0100 initial package creation Signed-off-by: Toshaan Bharvani diff --git a/SOURCES/0001-Aarch64-and-ppc64le-use-lib64.patch b/SOURCES/0001-Aarch64-and-ppc64le-use-lib64.patch new file mode 100644 index 0000000..e5d23ba --- /dev/null +++ b/SOURCES/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -0,0 +1,33 @@ +From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:01:41 +0200 +Subject: Aarch64 and ppc64le use lib64 + +(Was openssl-1.1.1-build.patch) +--- + Configurations/10-main.conf | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf +index d7580bf3e1..a7dbfd7f40 100644 +--- a/Configurations/10-main.conf ++++ b/Configurations/10-main.conf +@@ -723,6 +723,7 @@ my %targets = ( + lib_cppflags => add("-DL_ENDIAN"), + asm_arch => 'ppc64', + perlasm_scheme => "linux64le", ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -765,6 +766,7 @@ my %targets = ( + inherit_from => [ "linux-generic64" ], + asm_arch => 'aarch64', + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32" ], +-- +2.26.2 + diff --git a/SOURCES/0002-Use-more-general-default-values-in-openssl.cnf.patch b/SOURCES/0002-Use-more-general-default-values-in-openssl.cnf.patch new file mode 100644 index 0000000..83ed599 --- /dev/null +++ b/SOURCES/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -0,0 +1,68 @@ +From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:03:40 +0200 +Subject: Use more general default values in openssl.cnf + +Also set sha256 as default hash, although that should not be +necessary anymore. + +(was openssl-1.1.1-defaults.patch) +--- + apps/openssl.cnf | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 97567a67be..eb25a0ac48 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options + + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL +-default_md = default # use public key default MD ++default_md = sha256 # use SHA-256 by default + preserve = no # keep passed DN ordering + + # A few difference way of specifying how similar the request should look +@@ -136,6 +136,7 @@ emailAddress = optional + #################################################################### + [ req ] + default_bits = 2048 ++default_md = sha256 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes +@@ -158,17 +159,18 @@ string_mask = utf8only + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) +-countryName_default = AU ++countryName_default = XX + countryName_min = 2 + countryName_max = 2 + + stateOrProvinceName = State or Province Name (full name) +-stateOrProvinceName_default = Some-State ++#stateOrProvinceName_default = Default Province + + localityName = Locality Name (eg, city) ++localityName_default = Default City + + 0.organizationName = Organization Name (eg, company) +-0.organizationName_default = Internet Widgits Pty Ltd ++0.organizationName_default = Default Company Ltd + + # we can do this but it is not needed normally :-) + #1.organizationName = Second Organization Name (eg, company) +@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city) + organizationalUnitName = Organizational Unit Name (eg, section) + #organizationalUnitName_default = + +-commonName = Common Name (e.g. server FQDN or YOUR name) ++commonName = Common Name (eg, your name or your server\'s hostname) + commonName_max = 64 + + emailAddress = Email Address +-- +2.26.2 + diff --git a/SOURCES/0003-Do-not-install-html-docs.patch b/SOURCES/0003-Do-not-install-html-docs.patch new file mode 100644 index 0000000..66d62e0 --- /dev/null +++ b/SOURCES/0003-Do-not-install-html-docs.patch @@ -0,0 +1,26 @@ +From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:05:55 +0200 +Subject: Do not install html docs + +(was openssl-1.1.1-no-html.patch) +--- + Configurations/unix-Makefile.tmpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 342e46d24d..9f369edf0e 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime + + uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev + +-install_docs: install_man_docs install_html_docs ++install_docs: install_man_docs + + uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r $(DESTDIR)$(DOCDIR) +-- +2.26.2 + diff --git a/SOURCES/0004-Override-default-paths-for-the-CA-directory-tree.patch b/SOURCES/0004-Override-default-paths-for-the-CA-directory-tree.patch new file mode 100644 index 0000000..7c70c60 --- /dev/null +++ b/SOURCES/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -0,0 +1,73 @@ +From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:17:26 +0200 +Subject: Override default paths for the CA directory tree + +Also add default section to load crypto-policies configuration +for TLS. + +It needs to be reverted before running tests. + +(was openssl-1.1.1-conf-paths.patch) +--- + apps/CA.pl.in | 2 +- + apps/openssl.cnf | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/apps/CA.pl.in b/apps/CA.pl.in +index c0afb96716..d6a5fabd16 100644 +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in +@@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; + my $PKCS12 = "$openssl pkcs12"; + + # Default values for various configuration settings. +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/pki/CA"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf +--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 ++++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 +@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7 + + [openssl_init] + providers = provider_sect ++# Load default TLS policy configuration ++ssl_conf = ssl_module + + # List of providers to load + [provider_sect] +@@ -64,6 +66,13 @@ default = default_sect + [default_sect] + # activate = 1 + ++[ ssl_module ] ++ ++system_default = crypto_policy ++ ++[ crypto_policy ] ++ ++.include = /etc/crypto-policies/back-ends/opensslcnf.config + + #################################################################### + [ ca ] +@@ -72,7 +81,7 @@ default_ca = CA_default # The default c + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/pki/CA # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/pki/CA # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate diff --git a/SOURCES/0005-apps-ca-fix-md-option-help-text.patch b/SOURCES/0005-apps-ca-fix-md-option-help-text.patch new file mode 100644 index 0000000..1fed4c4 --- /dev/null +++ b/SOURCES/0005-apps-ca-fix-md-option-help-text.patch @@ -0,0 +1,28 @@ +From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:27:18 +0200 +Subject: apps/ca: fix md option help text + +upstreamable + +(was openssl-1.1.1-apps-dgst.patch) +--- + apps/ca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/apps/ca.c b/apps/ca.c +index 0f21b4fa1c..3d4b2c1673 100755 +--- a/apps/ca.c ++++ b/apps/ca.c +@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { + {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, + + OPT_SECTION("Signing"), +- {"md", OPT_MD, 's', "Digest to use, such as sha256"}, ++ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"}, + {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, + {"keyform", OPT_KEYFORM, 'f', + "Private key file format (ENGINE, other values ignored)"}, +-- +2.26.2 + diff --git a/SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch new file mode 100644 index 0000000..f9dd2dd --- /dev/null +++ b/SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -0,0 +1,29 @@ +From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:51:34 +0200 +Subject: Disable signature verification with totally unsafe hash algorithms + +(was openssl-1.1.1-no-weak-verify.patch) +--- + crypto/asn1/a_verify.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c +index b7eed914b0..af62f0ef08 100644 +--- a/crypto/asn1/a_verify.c ++++ b/crypto/asn1/a_verify.c +@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + if (ret <= 1) + goto err; ++ } else if ((mdnid == NID_md5 ++ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type = NULL; + +-- +2.26.2 + diff --git a/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch new file mode 100644 index 0000000..9917fcf --- /dev/null +++ b/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -0,0 +1,323 @@ +From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 10:16:46 +0200 +Subject: Add support for PROFILE=SYSTEM system default cipherlist + +(was openssl-1.1.1-system-cipherlist.patch) +--- + Configurations/unix-Makefile.tmpl | 5 ++ + Configure | 10 +++- + doc/man1/openssl-ciphers.pod.in | 9 ++++ + include/openssl/ssl.h.in | 5 ++ + ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++---- + ssl/ssl_lib.c | 4 +- + test/cipherlist_test.c | 2 + + util/libcrypto.num | 1 + + 8 files changed, 110 insertions(+), 14 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 9f369edf0e..c52389f831 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man + DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) + HTMLDIR=$(DOCDIR)/html + ++{- output_off() if $config{system_ciphers_file} eq ""; "" -} ++SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\"" ++{- output_on() if $config{system_ciphers_file} eq ""; "" -} ++ + # MANSUFFIX is for the benefit of anyone who may want to have a suffix + # appended after the manpage file section number. "ssl" is popular, + # resulting in files such as config.5ssl rather than config.5. +@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} + CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} + CPPFLAGS={- our $cppflags1 = join(" ", + (map { "-D".$_} @{$config{CPPDEFINES}}), ++ "\$(SYSTEM_CIPHERS_FILE_DEFINE)", + (map { "-I".$_} @{$config{CPPINCLUDES}}), + @{$config{CPPFLAGS}}) -} + CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in +index b4ed3e51d5..2122e6bdfd 100644 +--- a/doc/man1/openssl-ciphers.pod.in ++++ b/doc/man1/openssl-ciphers.pod.in +@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. + + The cipher suites not enabled by B, currently B. + ++=item B ++ ++The list of enabled cipher suites will be loaded from the system crypto policy ++configuration file B. ++See also L. ++This is the default behavior unless an application explicitly sets a cipher ++list. If used in a cipher list configuration value this string must be at the ++beginning of the cipher list, otherwise it will not be recognized. ++ + =item B + + "High" encryption cipher suites. This currently means those with key lengths +diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in +index f9a61609e4..c6f95fed3f 100644 +--- a/include/openssl/ssl.h.in ++++ b/include/openssl/ssl.h.in +@@ -209,6 +209,11 @@ extern "C" { + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ ++# ifdef SYSTEM_CIPHERS_FILE ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" ++# else ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list() ++# endif + + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ + # define SSL_SENT_SHUTDOWN 1 +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index b1d3f7919e..f7cc7fed48 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) + return ret; + } + ++#ifdef SYSTEM_CIPHERS_FILE ++static char *load_system_str(const char *suffix) ++{ ++ FILE *fp; ++ char buf[1024]; ++ char *new_rules; ++ const char *ciphers_path; ++ unsigned len, slen; ++ ++ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) ++ ciphers_path = SYSTEM_CIPHERS_FILE; ++ fp = fopen(ciphers_path, "r"); ++ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { ++ /* cannot open or file is empty */ ++ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); ++ } ++ ++ if (fp) ++ fclose(fp); ++ ++ slen = strlen(suffix); ++ len = strlen(buf); ++ ++ if (buf[len - 1] == '\n') { ++ len--; ++ buf[len] = 0; ++ } ++ if (buf[len - 1] == '\r') { ++ len--; ++ buf[len] = 0; ++ } ++ ++ new_rules = OPENSSL_malloc(len + slen + 1); ++ if (new_rules == 0) ++ return NULL; ++ ++ memcpy(new_rules, buf, len); ++ if (slen > 0) { ++ memcpy(&new_rules[len], suffix, slen); ++ len += slen; ++ } ++ new_rules[len] = 0; ++ ++ return new_rules; ++} ++#endif ++ + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, +@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; + const SSL_CIPHER **ca_list = NULL; + const SSL_METHOD *ssl_method = ctx->method; ++#ifdef SYSTEM_CIPHERS_FILE ++ char *new_rules = NULL; ++ ++ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { ++ char *p = rule_str + 14; ++ ++ new_rules = load_system_str(p); ++ rule_str = new_rules; ++ } ++#endif + + /* + * Return with error if nothing to do. + */ + if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) +- return NULL; ++ goto err; + + if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) +- return NULL; ++ goto err; + + /* + * To reduce the work to do we only want to process the compiled +@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); + if (co_list == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); +- return NULL; /* Failure */ ++ goto err; + } + + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, +@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + * in force within each class + */ + if (!ssl_cipher_strength_sort(&head, &tail)) { +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + + /* +@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); + if (ca_list == NULL) { +- OPENSSL_free(co_list); + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); +- return NULL; /* Failure */ ++ goto err; + } + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, + disabled_mkey, disabled_auth, disabled_enc, +@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + OPENSSL_free(ca_list); /* Not needed anymore */ + + if (!ok) { /* Rule processing failure */ +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + + /* +@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + * if we cannot get one. + */ + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); /* Not needed anymore */ ++#endif ++ + /* Add TLSv1.3 ciphers first - we always prefer those if possible */ + for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { + const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); +@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + *cipher_list = cipherstack; + + return cipherstack; ++ ++err: ++ OPENSSL_free(co_list); ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); ++#endif ++ return NULL; ++ + } + + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index d14d5819ba..48d491219a 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) + ctx->tls13_ciphersuites, + &(ctx->cipher_list), + &(ctx->cipher_list_by_id), +- OSSL_default_cipher_list(), ctx->cert); ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); + if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { + ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return 0; +@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, + if (!ssl_create_cipher_list(ret, + ret->tls13_ciphersuites, + &ret->cipher_list, &ret->cipher_list_by_id, +- OSSL_default_cipher_list(), ret->cert) ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); + goto err2; +diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c +index 380f0727fc..6922a87c30 100644 +--- a/test/cipherlist_test.c ++++ b/test/cipherlist_test.c +@@ -244,7 +244,9 @@ end: + + int setup_tests(void) + { ++#ifndef SYSTEM_CIPHERS_FILE + ADD_TEST(test_default_cipherlist_implicit); ++#endif + ADD_TEST(test_default_cipherlist_explicit); + ADD_TEST(test_default_cipherlist_clear); + return 1; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 404a706fab..e81fa9ec3e 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: + ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: ++ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +-- +2.26.2 + +diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure +--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200 ++++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200 +@@ -27,7 +27,7 @@ use OpenSSL::config; + my $orig_death_handler = $SIG{__DIE__}; + $SIG{__DIE__} = \&death_handler; + +-my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; ++my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; + + my $banner = <<"EOF"; + +@@ -61,6 +61,10 @@ EOF + # given with --prefix. + # This becomes the value of OPENSSLDIR in Makefile and in C. + # (Default: PREFIX/ssl) ++# ++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM ++# cipher is specified (default). ++# + # --banner=".." Output specified text instead of default completion banner + # + # -w Don't wait after showing a Configure warning +@@ -385,6 +389,7 @@ $config{prefix}=""; + $config{openssldir}=""; + $config{processor}=""; + $config{libdir}=""; ++$config{system_ciphers_file}=""; + my $auto_threads=1; # enable threads automatically? true by default + my $default_ranlib; + +@@ -987,6 +992,10 @@ while (@argvcopy) + die "FIPS key too long (64 bytes max)\n" + if length $1 > 64; + } ++ elsif (/^--system-ciphers-file=(.*)$/) ++ { ++ $config{system_ciphers_file}=$1; ++ } + elsif (/^--banner=(.*)$/) + { + $banner = $1 . "\n"; diff --git a/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch b/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch new file mode 100644 index 0000000..0fac4eb --- /dev/null +++ b/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch @@ -0,0 +1,87 @@ +From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 26 Nov 2020 14:00:16 +0100 +Subject: Add FIPS_mode() compatibility macro + +The macro calls EVP_default_properties_is_fips_enabled() on the +default context. +--- + include/openssl/crypto.h.in | 1 + + include/openssl/fips.h | 25 +++++++++++++++++++++++++ + test/property_test.c | 13 +++++++++++++ + 3 files changed, 39 insertions(+) + create mode 100644 include/openssl/fips.h + +diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in +index 1036da9a2b..9d4896fcaf 100644 +--- a/include/openssl/crypto.h.in ++++ b/include/openssl/crypto.h.in +@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros); + # include + # include + # include ++# include + + # ifdef CHARSET_EBCDIC + # include +diff --git a/include/openssl/fips.h b/include/openssl/fips.h +new file mode 100644 +index 0000000000..c64f0f8e8f +--- /dev/null ++++ b/include/openssl/fips.h +@@ -0,0 +1,25 @@ ++/* ++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OPENSSL_FIPS_H ++# define OPENSSL_FIPS_H ++# pragma once ++ ++# include ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL) ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c +--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 ++++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 +@@ -488,6 +488,18 @@ static int test_property_list_to_string( + return ret; + } + ++static int test_downstream_FIPS_mode(void) ++{ ++ int ret = 0; ++ ++ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes")) ++ && TEST_true(FIPS_mode()) ++ && TEST_true(EVP_set_default_properties(NULL, "fips=no")) ++ && TEST_false(FIPS_mode()); ++ ++ return ret; ++} ++ + int setup_tests(void) + { + ADD_TEST(test_property_string); +@@ -500,6 +512,7 @@ int setup_tests(void) + ADD_TEST(test_property); + ADD_TEST(test_query_cache_stochastic); + ADD_TEST(test_fips_mode); ++ ADD_TEST(test_downstream_FIPS_mode); + ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + return 1; + } diff --git a/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch b/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch new file mode 100644 index 0000000..01bd840 --- /dev/null +++ b/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -0,0 +1,71 @@ +diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c +--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 ++++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 +@@ -12,11 +12,46 @@ + #include "internal/bio.h" + #include "internal/provider.h" + ++# include ++# include ++# include ++# include ++# include ++ + struct ossl_lib_ctx_onfree_list_st { + ossl_lib_ctx_onfree_fn *fn; + struct ossl_lib_ctx_onfree_list_st *next; + }; + ++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" ++ ++static int kernel_fips_flag; ++ ++static void read_kernel_fips_flag(void) ++{ ++ char buf[2] = "0"; ++ int fd; ++ ++ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ buf[0] = '1'; ++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { ++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; ++ close(fd); ++ } ++ ++ if (buf[0] == '1') { ++ kernel_fips_flag = 1; ++ } ++ ++ return; ++} ++ ++int ossl_get_kernel_fips_flag() ++{ ++ return kernel_fips_flag; ++} ++ ++ + struct ossl_lib_ctx_st { + CRYPTO_RWLOCK *lock; + CRYPTO_EX_DATA data; +@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte + + DEFINE_RUN_ONCE_STATIC(default_context_do_init) + { ++ read_kernel_fips_flag(); + return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) + && context_init(&default_context_int); + } +diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h +--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 ++++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 +@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB + const OSSL_DISPATCH *in); + void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + ++/* FIPS flag access */ ++int ossl_get_kernel_fips_flag(void); ++ + # ifdef __cplusplus + } + # endif diff --git a/SOURCES/0011-Remove-EC-curves.patch b/SOURCES/0011-Remove-EC-curves.patch new file mode 100644 index 0000000..51c9d23 --- /dev/null +++ b/SOURCES/0011-Remove-EC-curves.patch @@ -0,0 +1,5013 @@ +diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c +--- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200 ++++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200 +@@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1]; + #endif /* OPENSSL_NO_DH */ + + enum ec_curves_t { +- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, +-#ifndef OPENSSL_NO_EC2M +- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, +- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +-#endif +- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, +- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM ++ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, ++ ECDSA_NUM + }; + /* list of ecdsa curves */ + static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, + {"ecdsap521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, +-#endif +- {"ecdsabrp256r1", R_EC_BRP256R1}, +- {"ecdsabrp256t1", R_EC_BRP256T1}, +- {"ecdsabrp384r1", R_EC_BRP384R1}, +- {"ecdsabrp384t1", R_EC_BRP384T1}, +- {"ecdsabrp512r1", R_EC_BRP512R1}, +- {"ecdsabrp512t1", R_EC_BRP512T1} + }; + enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; + /* list of ecdh curves, extension of |ecdsa_choices| list above */ + static const OPT_PAIR ecdh_choices[EC_NUM] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, + {"ecdhp521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, +-#endif +- {"ecdhbrp256r1", R_EC_BRP256R1}, +- {"ecdhbrp256t1", R_EC_BRP256T1}, +- {"ecdhbrp384r1", R_EC_BRP384R1}, +- {"ecdhbrp384t1", R_EC_BRP384T1}, +- {"ecdhbrp512r1", R_EC_BRP512R1}, +- {"ecdhbrp512t1", R_EC_BRP512T1}, + {"ecdhx25519", R_EC_X25519}, + {"ecdhx448", R_EC_X448} + }; +@@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv) + */ + static const EC_CURVE ec_curves[EC_NUM] = { + /* Prime Curves */ +- {"secp160r1", NID_secp160r1, 160}, +- {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, +-#ifndef OPENSSL_NO_EC2M +- /* Binary Curves */ +- {"nistk163", NID_sect163k1, 163}, +- {"nistk233", NID_sect233k1, 233}, +- {"nistk283", NID_sect283k1, 283}, +- {"nistk409", NID_sect409k1, 409}, +- {"nistk571", NID_sect571k1, 571}, +- {"nistb163", NID_sect163r2, 163}, +- {"nistb233", NID_sect233r1, 233}, +- {"nistb283", NID_sect283r1, 283}, +- {"nistb409", NID_sect409r1, 409}, +- {"nistb571", NID_sect571r1, 571}, +-#endif +- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, +- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, +- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, +- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, +- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, +- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} +diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h +--- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200 ++++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200 +@@ -32,23 +32,6 @@ typedef struct { + } ecdsa_cavs_kat_t; + + static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { +- /* prime KATs from X9.62 */ +- {NID_X9_62_prime192v1, NID_sha1, +- "616263", /* "abc" */ +- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", +- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" +- "5ca5c0d69716dfcb3474373902", +- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", +- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", +- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, +- {NID_X9_62_prime239v1, NID_sha1, +- "616263", /* "abc" */ +- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", +- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" +- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", +- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", +- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", +- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, + /* prime KATs from NIST CAVP */ + {NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" +diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t +--- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200 +@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport + if disabled("ec"); + + my @prime_curves = qw( +- secp112r1 +- secp112r2 +- secp128r1 +- secp128r2 +- secp160k1 +- secp160r1 +- secp160r2 +- secp192k1 +- secp224k1 + secp224r1 + secp256k1 + secp384r1 + secp521r1 +- prime192v1 +- prime192v2 +- prime192v3 +- prime239v1 +- prime239v2 +- prime239v3 + prime256v1 +- wap-wsg-idm-ecid-wtls6 +- wap-wsg-idm-ecid-wtls7 +- wap-wsg-idm-ecid-wtls8 +- wap-wsg-idm-ecid-wtls9 +- wap-wsg-idm-ecid-wtls12 +- brainpoolP160r1 +- brainpoolP160t1 +- brainpoolP192r1 +- brainpoolP192t1 +- brainpoolP224r1 +- brainpoolP224t1 +- brainpoolP256r1 +- brainpoolP256t1 +- brainpoolP320r1 +- brainpoolP320t1 +- brainpoolP384r1 +- brainpoolP384t1 +- brainpoolP512r1 +- brainpoolP512t1 + ); + + my @binary_curves = qw( +@@ -136,7 +102,6 @@ push(@other_curves, 'SM2') + if !disabled("sm2"); + + my @curve_aliases = qw( +- P-192 + P-224 + P-256 + P-384 +diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t +--- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200 +@@ -33,7 +33,7 @@ my %certs_info = + 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', + 'ee-cert-ec-named-named' => 'ca-cert-ec-named', + # 'server-ed448-cert' => 'root-ed448-cert' +- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', ++ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', + ) + ) + ); +diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200 +@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server + client = 22-ECDSA with brainpool-client + + [22-ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [22-ECDSA with brainpool-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + MaxProtocol = TLSv1.2 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -791,9 +789,6 @@ VerifyMode = Peer + + [test-22] + ExpectedResult = Success +-ExpectedServerCANames = empty +-ExpectedServerCertType = brainpoolP256r1 +-ExpectedServerSignType = EC + + + # =========================================================== +@@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool + client = 53-TLS 1.3 ECDSA with brainpool-client + + [53-TLS 1.3 ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [53-TLS 1.3 ECDSA with brainpool-client] + CipherString = DEFAULT +@@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro + VerifyMode = Peer + + [test-53] +-ExpectedResult = ServerFail ++ExpectedResult = Success + + + # =========================================================== +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200 +@@ -428,21 +428,21 @@ my @tests_non_fips = ( + { + name => "ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { +- "ExpectedServerCertType" =>, "brainpoolP256r1", +- "ExpectedServerSignType" =>, "EC", ++ #"ExpectedServerCertType" =>, "brainpoolP256r1", ++ #"ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 +- "ExpectedServerCANames" =>, "empty", ++ #"ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +@@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), +@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( + "MaxProtocol" => "TLSv1.3" + }, + test => { +- "ExpectedResult" => "ServerFail" ++ "ExpectedResult" => "Success" + }, + }, + ); +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200 +@@ -158,60 +158,6 @@ sub tsignverify { + $testtext); + } + +-SKIP : { +- skip "FIPS EC tests because of no ec in this build", 1 +- if disabled("ec"); +- +- subtest EC => sub { +- my $testtext_prefix = 'EC'; +- my $a_fips_curve = 'prime256v1'; +- my $fips_key = $testtext_prefix.'.fips.priv.pem'; +- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; +- my $a_nonfips_curve = 'brainpoolP256r1'; +- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; +- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; +- my $testtext = ''; +- my $curvename = ''; +- +- plan tests => 5 + $tsignverify_count; +- +- $ENV{OPENSSL_CONF} = $defaultconf; +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm with the default provider'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $nonfips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); +- +- $ENV{OPENSSL_CONF} = $fipsconf; +- +- $curvename = $a_fips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a FIPS algorithm'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $fips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); +- +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm'. +- ' (should fail)'; +- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), +- $testtext); +- +- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, +- $nonfips_pub_key); +- }; +-} +- + SKIP: { + skip "FIPS RSA tests because of no rsa in this build", 1 + if disabled("rsa"); +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200 +@@ -26,7 +26,7 @@ use platform; + my $no_check = disabled("fips") || disabled('fips-securitychecks'); + plan skip_all => "Test only supported in a fips build with security checks" + if $no_check; +-plan tests => 11; ++plan tests => 10; + + my $fipsmodule = bldtop_file('providers', platform->dso('fips')); + my $fipsconf = srctop_file("test", "fips-and-base.cnf"); +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200 +@@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool + client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + + [test-52] +-ExpectedResult = ClientFail ++ExpectedResult = Success + + + # =========================================================== +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200 +@@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool but no suitable groups", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { + #We only configured brainpoolP256r1 on the client side, but TLSv1.3 + #is enabled and this group is not allowed in TLSv1.3. Therefore this + #should fail +- "ExpectedResult" => "ClientFail" ++ "ExpectedResult" => "Success" + }, + }, + { +diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c +--- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200 ++++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200 +@@ -20,99 +20,13 @@ typedef struct ec_name2nid_st { + static const EC_NAME2NID curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {"secp112r1", NID_secp112r1 }, +- {"secp112r2", NID_secp112r2 }, +- {"secp128r1", NID_secp128r1 }, +- {"secp128r2", NID_secp128r2 }, +- {"secp160k1", NID_secp160k1 }, +- {"secp160r1", NID_secp160r1 }, +- {"secp160r2", NID_secp160r2 }, +- {"secp192k1", NID_secp192k1 }, + {"secp224k1", NID_secp224k1 }, + {"secp224r1", NID_secp224r1 }, + {"secp256k1", NID_secp256k1 }, + {"secp384r1", NID_secp384r1 }, + {"secp521r1", NID_secp521r1 }, + /* X9.62 curves */ +- {"prime192v1", NID_X9_62_prime192v1 }, +- {"prime192v2", NID_X9_62_prime192v2 }, +- {"prime192v3", NID_X9_62_prime192v3 }, +- {"prime239v1", NID_X9_62_prime239v1 }, +- {"prime239v2", NID_X9_62_prime239v2 }, +- {"prime239v3", NID_X9_62_prime239v3 }, + {"prime256v1", NID_X9_62_prime256v1 }, +- /* characteristic two field curves */ +- /* NIST/SECG curves */ +- {"sect113r1", NID_sect113r1 }, +- {"sect113r2", NID_sect113r2 }, +- {"sect131r1", NID_sect131r1 }, +- {"sect131r2", NID_sect131r2 }, +- {"sect163k1", NID_sect163k1 }, +- {"sect163r1", NID_sect163r1 }, +- {"sect163r2", NID_sect163r2 }, +- {"sect193r1", NID_sect193r1 }, +- {"sect193r2", NID_sect193r2 }, +- {"sect233k1", NID_sect233k1 }, +- {"sect233r1", NID_sect233r1 }, +- {"sect239k1", NID_sect239k1 }, +- {"sect283k1", NID_sect283k1 }, +- {"sect283r1", NID_sect283r1 }, +- {"sect409k1", NID_sect409k1 }, +- {"sect409r1", NID_sect409r1 }, +- {"sect571k1", NID_sect571k1 }, +- {"sect571r1", NID_sect571r1 }, +- /* X9.62 curves */ +- {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, +- {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, +- {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, +- {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, +- {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, +- {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, +- {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, +- {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, +- {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, +- {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, +- {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, +- {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, +- {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, +- {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, +- {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, +- {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, +- /* +- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves +- * from X9.62] +- */ +- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, +- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, +- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, +- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, +- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, +- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, +- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, +- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, +- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, +- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, +- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, +- /* IPSec curves */ +- {"Oakley-EC2N-3", NID_ipsec3 }, +- {"Oakley-EC2N-4", NID_ipsec4 }, +- /* brainpool curves */ +- {"brainpoolP160r1", NID_brainpoolP160r1 }, +- {"brainpoolP160t1", NID_brainpoolP160t1 }, +- {"brainpoolP192r1", NID_brainpoolP192r1 }, +- {"brainpoolP192t1", NID_brainpoolP192t1 }, +- {"brainpoolP224r1", NID_brainpoolP224r1 }, +- {"brainpoolP224t1", NID_brainpoolP224t1 }, +- {"brainpoolP256r1", NID_brainpoolP256r1 }, +- {"brainpoolP256t1", NID_brainpoolP256t1 }, +- {"brainpoolP320r1", NID_brainpoolP320r1 }, +- {"brainpoolP320t1", NID_brainpoolP320t1 }, +- {"brainpoolP384r1", NID_brainpoolP384r1 }, +- {"brainpoolP384t1", NID_brainpoolP384t1 }, +- {"brainpoolP512r1", NID_brainpoolP512r1 }, +- {"brainpoolP512t1", NID_brainpoolP512t1 }, +- /* SM2 curve */ +- {"SM2", NID_sm2 }, + }; + + const char *OSSL_EC_curve_nid2name(int nid) +diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc +--- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200 ++++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200 +@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ + }; + static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { + { +- "SHA-1", +- "P-192", +- ITM(ecdsa_sigver_msg0), +- ITM(ecdsa_sigver_pub0), +- ITM(ecdsa_sigver_r0), +- ITM(ecdsa_sigver_s0), +- PASS, +- }, +- { + "SHA2-512", + "P-521", + ITM(ecdsa_sigver_msg1), +diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("server.pem"), +diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), +diff -up openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha15/crypto/evp/ec_support.c +--- openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves 2021-04-23 18:15:12.571691284 +0200 ++++ openssl-3.0.0-alpha15/crypto/evp/ec_support.c 2021-04-23 18:16:00.803087403 +0200 +@@ -28,7 +28,6 @@ static const EC_NAME2NID curve_list[] = + static const EC_NAME2NID curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {"secp224k1", NID_secp224k1 }, + {"secp224r1", NID_secp224r1 }, + {"secp256k1", NID_secp256k1 }, + {"secp384r1", NID_secp384r1 }, +diff -up openssl-3.0.0-alpha15/apps/speed.c.ec-curves openssl-3.0.0-alpha15/apps/speed.c +--- openssl-3.0.0-alpha15/apps/speed.c.ec-curves 2021-04-26 14:25:44.049991942 +0200 ++++ openssl-3.0.0-alpha15/apps/speed.c 2021-04-26 14:36:10.643570273 +0200 +@@ -1439,8 +1439,8 @@ int speed_main(int argc, char **argv) + OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); + OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); + +- OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); +- OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); ++ OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1); ++ OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0); + + #ifndef OPENSSL_NO_SM2 + OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); +diff -up openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha16/test/evp_extra_test.c +--- openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves 2021-05-10 14:44:28.932751551 +0200 ++++ openssl-3.0.0-alpha16/test/evp_extra_test.c 2021-05-10 14:45:21.537238883 +0200 +@@ -2701,13 +2701,12 @@ err: + + #ifndef OPENSSL_NO_EC + static int ecpub_nids[] = { +- NID_brainpoolP256r1, NID_X9_62_prime256v1, ++ NID_X9_62_prime256v1, + NID_secp384r1, NID_secp521r1, + # ifndef OPENSSL_NO_EC2M + NID_sect233k1, NID_sect233r1, NID_sect283r1, + NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, + # endif +- NID_brainpoolP384r1, NID_brainpoolP512r1 + }; + + static int test_ecpub(int idx) +diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt +--- openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves 2021-05-17 10:45:03.968368782 +0200 ++++ openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2021-05-17 10:45:54.211747865 +0200 +@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP + x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== + -----END PUBLIC KEY----- + +-PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe +-53YiHHK4SzR844PzgGe4nD6a +------END PUBLIC KEY----- +- + PrivateKey = RSA-2048 + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV +@@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH + + PrivPubKeyPair = RSA-2048:P-256-PUBLIC + Result = KEYPAIR_TYPE_MISMATCH +- +-PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC +-Result = KEYPAIR_TYPE_MISMATCH +- +-PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC +-Result = KEYPAIR_TYPE_MISMATCH +diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp.t +--- openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves 2021-05-17 10:49:28.050844977 +0200 ++++ openssl-3.0.0-alpha16/test/recipes/30-test_evp.t 2021-05-17 10:53:53.480444576 +0200 +@@ -111,7 +111,6 @@ my @defltfiles = qw( + evppkey_kdf_tls1_prf.txt + evppkey_rsa.txt + ); +-push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + + plan tests => +diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec 2021-06-29 16:24:56.863303499 +0200 ++++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt 2021-06-29 16:38:04.189996425 +0200 +@@ -11,1949 +11,6 @@ + # PrivPubKeyPair Sign Verify VerifyRecover + # and continue until a blank line. Lines starting with a pound sign are ignored. + +-Title=c2pnb163v1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B +-4G8rKQXbrc0mvWsF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB +- +-PrivateKey=BOB_cf_c2pnb163v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ +-KuBh8tP8VSTHPCHF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=BOB_cf_c2pnb163v1_PUB +-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=ALICE_cf_c2pnb163v1_PUB +-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=BOB_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=ALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 +- +-PublicKey=MALICE_cf_c2pnb163v1_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN +-/piKdhDD3dDKXUih +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v1 +-PeerKey=MALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v1 +-PeerKey=MALICE_cf_c2pnb163v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb163v2 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v2 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q +-4PzawHXQoYm/qgDd +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB +- +-PrivateKey=BOB_cf_c2pnb163v2 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy +-kBF3juAQuARgxuT6 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=BOB_cf_c2pnb163v2_PUB +-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=ALICE_cf_c2pnb163v2_PUB +-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=BOB_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=ALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 +- +-PublicKey=MALICE_cf_c2pnb163v2_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY +-n6HANPEoMoK+7Sv0 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v2 +-PeerKey=MALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v2 +-PeerKey=MALICE_cf_c2pnb163v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb163v3 curve tests +- +-PrivateKey=ALICE_cf_c2pnb163v3 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK +-YnObLnq34LRuWznb +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB +- +-PrivateKey=BOB_cf_c2pnb163v3 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J +-DZnBLhxBwtqnfUpA +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=BOB_cf_c2pnb163v3_PUB +-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=ALICE_cf_c2pnb163v3_PUB +-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=BOB_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=ALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 +- +-PublicKey=MALICE_cf_c2pnb163v3_PUB +------BEGIN PUBLIC KEY----- +-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK +-LwAuHF8g5Y0JjJnI +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb163v3 +-PeerKey=MALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb163v3 +-PeerKey=MALICE_cf_c2pnb163v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb176v1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb176v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI +-iw3girDLhNzOu3IQ8Ac= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB +- +-PrivateKey=BOB_cf_c2pnb176v1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX +-uMtp6pzy63rCEK53bgs= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=BOB_cf_c2pnb176v1_PUB +-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=ALICE_cf_c2pnb176v1_PUB +-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=BOB_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=ALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac +- +-PublicKey=MALICE_cf_c2pnb176v1_PUB +------BEGIN PUBLIC KEY----- +-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL +-zXV3l5j8K3pow+GJBE4= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb176v1 +-PeerKey=MALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb176v1 +-PeerKey=MALICE_cf_c2pnb176v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb208w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb208w1 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd +-XF2k +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y +-Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB +- +-PrivateKey=BOB_cf_c2pnb208w1 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP +-cJot +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 +-cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=BOB_cf_c2pnb208w1_PUB +-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=ALICE_cf_c2pnb208w1_PUB +-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=BOB_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=ALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b +- +-PublicKey=MALICE_cf_c2pnb208w1_PUB +------BEGIN PUBLIC KEY----- +-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ +-oPkHxRWnu5e7qI2idMcqaKDeeniUaA== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb208w1 +-PeerKey=MALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb208w1 +-PeerKey=MALICE_cf_c2pnb208w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb272w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb272w1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f +-StHU67fpP7YoF8U= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ +-DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB +- +-PrivateKey=BOB_cf_c2pnb272w1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn +-MOsOJ6xObBph3zQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 +-cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=BOB_cf_c2pnb272w1_PUB +-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=ALICE_cf_c2pnb272w1_PUB +-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=BOB_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=ALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 +- +-PublicKey=MALICE_cf_c2pnb272w1_PUB +------BEGIN PUBLIC KEY----- +-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN +-oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb272w1 +-PeerKey=MALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb272w1 +-PeerKey=MALICE_cf_c2pnb272w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb304w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb304w1 +------BEGIN PRIVATE KEY----- +-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ +-8jy/v5cFcO0X6dykHgnZ +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q +-iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB +- +-PrivateKey=BOB_cf_c2pnb304w1 +------BEGIN PRIVATE KEY----- +-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt +-X9BbqYM9GQfVNSLHntTg +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb +-kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=BOB_cf_c2pnb304w1_PUB +-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=ALICE_cf_c2pnb304w1_PUB +-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=BOB_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=ALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 +- +-PublicKey=MALICE_cf_c2pnb304w1_PUB +------BEGIN PUBLIC KEY----- +-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP +-fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb304w1 +-PeerKey=MALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb304w1 +-PeerKey=MALICE_cf_c2pnb304w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2pnb368w1 curve tests +- +-PrivateKey=ALICE_cf_c2pnb368w1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi +-KfLLIa1c29BTmM//oWdKpqeuvwMIBto= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI +-euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd +-3makbwQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB +- +-PrivateKey=BOB_cf_c2pnb368w1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz +-Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v +-At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra +-gqfRaOs= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=BOB_cf_c2pnb368w1_PUB +-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=ALICE_cf_c2pnb368w1_PUB +-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=BOB_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=ALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 +- +-PublicKey=MALICE_cf_c2pnb368w1_PUB +------BEGIN PUBLIC KEY----- +-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd +-ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj +-726e1BE= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2pnb368w1 +-PeerKey=MALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2pnb368w1 +-PeerKey=MALICE_cf_c2pnb368w1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x +-Jk4= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 +-7lRimqLWHPyvKgcP+PRCIUom +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB +- +-PrivateKey=BOB_cf_c2tnb191v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0 +-MTU= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ +-adqalcB6SIWOfoJReDLcpxAD +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=BOB_cf_c2tnb191v1_PUB +-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=ALICE_cf_c2tnb191v1_PUB +-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=BOB_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=ALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 +- +-PublicKey=MALICE_cf_c2tnb191v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj +-iNoFyzyANZl8IDB0fF1RmZD6 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v1 +-PeerKey=MALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v1 +-PeerKey=MALICE_cf_c2tnb191v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v2 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP +-jbo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI +-UVvJT/Jv9m462J6Iz1XOohhP +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB +- +-PrivateKey=BOB_cf_c2tnb191v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7 +-wcs= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY +-JBIoz1RNNXTcgdpguLcrvcPJ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=BOB_cf_c2tnb191v2_PUB +-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=ALICE_cf_c2tnb191v2_PUB +-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=BOB_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=ALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce +- +-PublicKey=MALICE_cf_c2tnb191v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U +-2vqunpWef+/CaO2pFBcwwW+x +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v2 +-PeerKey=MALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v2 +-PeerKey=MALICE_cf_c2tnb191v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb191v3 curve tests +- +-PrivateKey=ALICE_cf_c2tnb191v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b +-erU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX +-HWsGvDE2HC+6pL2BMl3MRCty +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB +- +-PrivateKey=BOB_cf_c2tnb191v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH +-iSQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe +-QFIb5QwXAdbg2tEOl7yj9qkk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=BOB_cf_c2tnb191v3_PUB +-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=ALICE_cf_c2tnb191v3_PUB +-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=BOB_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=ALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 +- +-PublicKey=MALICE_cf_c2tnb191v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk +-n5vQBTxUzkIkMjL33v6Lr3z7 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb191v3 +-PeerKey=MALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb191v3 +-PeerKey=MALICE_cf_c2tnb191v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG +-rJMnJLIXiCI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 +-dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB +- +-PrivateKey=BOB_cf_c2tnb239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH +-sfpZeV3i5FM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc +-G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=BOB_cf_c2tnb239v1_PUB +-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=ALICE_cf_c2tnb239v1_PUB +-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=BOB_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=ALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 +- +-PublicKey=MALICE_cf_c2tnb239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT +-Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v1 +-PeerKey=MALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v1 +-PeerKey=MALICE_cf_c2tnb239v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v2 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6 +-GbEcp4PbJKU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 +-VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB +- +-PrivateKey=BOB_cf_c2tnb239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+ +-JLwCwn7lYx0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku +-N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=BOB_cf_c2tnb239v2_PUB +-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=ALICE_cf_c2tnb239v2_PUB +-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=BOB_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=ALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 +- +-PublicKey=MALICE_cf_c2tnb239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3 +-JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v2 +-PeerKey=MALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v2 +-PeerKey=MALICE_cf_c2tnb239v2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb239v3 curve tests +- +-PrivateKey=ALICE_cf_c2tnb239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv +-rDl2fV9ObC8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD +-H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB +- +-PrivateKey=BOB_cf_c2tnb239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef +-XG3HcQX+4i0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K +-BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=BOB_cf_c2tnb239v3_PUB +-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=ALICE_cf_c2tnb239v3_PUB +-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=BOB_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=ALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce +- +-PublicKey=MALICE_cf_c2tnb239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d +-LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb239v3 +-PeerKey=MALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb239v3 +-PeerKey=MALICE_cf_c2tnb239v3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb359v1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb359v1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP +-Bd5HaS33laTZkCdNLITw1UUrESUIOiU= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY +-RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x +-fN3Y +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB +- +-PrivateKey=BOB_cf_c2tnb359v1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr +-esHVfU53i6ucCsnPTWSDWSb5CePtI9g= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5 +-ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b +-R8fe +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=BOB_cf_c2tnb359v1_PUB +-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=ALICE_cf_c2tnb359v1_PUB +-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=BOB_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=ALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 +- +-PublicKey=MALICE_cf_c2tnb359v1_PUB +------BEGIN PUBLIC KEY----- +-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl +-++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53 +-OEQw +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb359v1 +-PeerKey=MALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb359v1 +-PeerKey=MALICE_cf_c2tnb359v1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=c2tnb431r1 curve tests +- +-PrivateKey=ALICE_cf_c2tnb431r1 +------BEGIN PRIVATE KEY----- +-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz +-Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ +-pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM +-7VQJLEsBpJ/WUonwMJXknjgfONP7GA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB +- +-PrivateKey=BOB_cf_c2tnb431r1 +------BEGIN PRIVATE KEY----- +-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/ +-VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc +-fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ +-8Cg6YpgbK314SK5STziqoZwzEISJ9w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=BOB_cf_c2tnb431r1_PUB +-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=ALICE_cf_c2tnb431r1_PUB +-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=BOB_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=ALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 +- +-PublicKey=MALICE_cf_c2tnb431r1_PUB +------BEGIN PUBLIC KEY----- +-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a +-5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr +-F3Cls9x60wuFYNc9d6eIe4B+puz9IQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_c2tnb431r1 +-PeerKey=MALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_c2tnb431r1 +-PeerKey=MALICE_cf_c2tnb431r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=prime192v2 curve tests +- +-PrivateKey=ALICE_cf_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX +-sMM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d +-g5IzsS/XMJzifjCJZgNsb7mi +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB +- +-PrivateKey=BOB_cf_prime192v2 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M +-xqI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u +-Y6OU1aHkkspZTC1uUVWjchy5 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v2 +-PeerKey=BOB_cf_prime192v2_PUB +-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v2 +-PeerKey=ALICE_cf_prime192v2_PUB +-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 +- +-Title=prime192v3 curve tests +- +-PrivateKey=ALICE_cf_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx +-Igw= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi +-MsDRFCB6/h8TcCUFuospu5l0 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB +- +-PrivateKey=BOB_cf_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu +-92g= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 +-vMWAgEeLhzar86BUlS7dZwS7 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v3 +-PeerKey=BOB_cf_prime192v3_PUB +-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v3 +-PeerKey=ALICE_cf_prime192v3_PUB +-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 +- +-Title=prime239v1 curve tests +- +-PrivateKey=ALICE_cf_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY +-SF/w+SUTNqY= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW +-RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB +- +-PrivateKey=BOB_cf_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB +-jZ9gplgXxzk= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT +-L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v1 +-PeerKey=BOB_cf_prime239v1_PUB +-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v1 +-PeerKey=ALICE_cf_prime239v1_PUB +-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 +- +-Title=prime239v2 curve tests +- +-PrivateKey=ALICE_cf_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h +-+tFevsg1pPE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd +-CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB +- +-PrivateKey=BOB_cf_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT +-KY0wlvJdo/w= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 +-dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v2 +-PeerKey=BOB_cf_prime239v2_PUB +-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v2 +-PeerKey=ALICE_cf_prime239v2_PUB +-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf +- +-Title=prime239v3 curve tests +- +-PrivateKey=ALICE_cf_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu +-Y9AfhA2G+mI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb +-GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB +- +-PrivateKey=BOB_cf_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I +-d9bmIVvG3dM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 +-LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime239v3 +-PeerKey=BOB_cf_prime239v3_PUB +-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime239v3 +-PeerKey=ALICE_cf_prime239v3_PUB +-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 +- +-Title=secp112r1 curve tests +- +-PrivateKey=ALICE_cf_secp112r1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp112r1_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB +- +-PrivateKey=BOB_cf_secp112r1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp112r1_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r1 +-PeerKey=BOB_cf_secp112r1_PUB +-SharedSecret=4ddd1d504b444d4be67ba2e4610a +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r1 +-PeerKey=ALICE_cf_secp112r1_PUB +-SharedSecret=4ddd1d504b444d4be67ba2e4610a +- +-Title=secp112r2 curve tests +- +-PrivateKey=ALICE_cf_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB +- +-PrivateKey=BOB_cf_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=BOB_cf_secp112r2_PUB +-SharedSecret=a6d05c7ba5128a9685c705b5030b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=ALICE_cf_secp112r2_PUB +-SharedSecret=a6d05c7ba5128a9685c705b5030b +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=BOB_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04f3280e92c269d794aa779efcef +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=ALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04f3280e92c269d794aa779efcef +- +-PublicKey=MALICE_cf_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_secp112r2 +-PeerKey=MALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_secp112r2 +-PeerKey=MALICE_cf_secp112r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=secp128r1 curve tests +- +-PrivateKey=ALICE_cf_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB +- +-PrivateKey=BOB_cf_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r1 +-PeerKey=BOB_cf_secp128r1_PUB +-SharedSecret=5020f1b759da1f737a61a29a268d7669 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r1 +-PeerKey=ALICE_cf_secp128r1_PUB +-SharedSecret=5020f1b759da1f737a61a29a268d7669 +- +-Title=secp128r2 curve tests +- +-PrivateKey=ALICE_cf_secp128r2 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB +- +-PrivateKey=BOB_cf_secp128r2 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=BOB_cf_secp128r2_PUB +-SharedSecret=8f4d8c75141e9b084328222440eb5dfa +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=ALICE_cf_secp128r2_PUB +-SharedSecret=8f4d8c75141e9b084328222440eb5dfa +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=BOB_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=baaa0c16e16eef291001475d638e4830 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=ALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=baaa0c16e16eef291001475d638e4830 +- +-PublicKey=MALICE_cf_secp128r2_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_secp128r2 +-PeerKey=MALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_secp128r2 +-PeerKey=MALICE_cf_secp128r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=secp160k1 curve tests +- +-PrivateKey=ALICE_cf_secp160k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160k1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT +-EvqPyLS64w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB +- +-PrivateKey=BOB_cf_secp160k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160k1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ +-bxT/CqEkyw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160k1 +-PeerKey=BOB_cf_secp160k1_PUB +-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160k1 +-PeerKey=ALICE_cf_secp160k1_PUB +-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 +- +-Title=secp160r1 curve tests +- +-PrivateKey=ALICE_cf_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb +-OoNj/A+W9w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB +- +-PrivateKey=BOB_cf_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J +-Jwy17FaNNg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160r1 +-PeerKey=BOB_cf_secp160r1_PUB +-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160r1 +-PeerKey=ALICE_cf_secp160r1_PUB +-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 +- +-Title=secp160r2 curve tests +- +-PrivateKey=ALICE_cf_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj +-mSqCCA6gUw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB +- +-PrivateKey=BOB_cf_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH +-nN+SfWr6aQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp160r2 +-PeerKey=BOB_cf_secp160r2_PUB +-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp160r2 +-PeerKey=ALICE_cf_secp160r2_PUB +-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 +- +-Title=secp192k1 curve tests +- +-PrivateKey=ALICE_cf_secp192k1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp192k1_PUB +------BEGIN PUBLIC KEY----- +-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 +-6EAu7gVvYDTpnRkymKyH +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB +- +-PrivateKey=BOB_cf_secp192k1 +------BEGIN PRIVATE KEY----- +-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp192k1_PUB +------BEGIN PUBLIC KEY----- +-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF +-OZ2oFMP0Kfcr7HbI7a5j +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp192k1 +-PeerKey=BOB_cf_secp192k1_PUB +-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp192k1 +-PeerKey=ALICE_cf_secp192k1_PUB +-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d +- +-Title=secp224k1 curve tests +- +-PrivateKey=ALICE_cf_secp224k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W +-w40Qyg== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_secp224k1_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 +-e3m7uC92ZQhduF9lJli4dXD5en/1wkE= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB +- +-PrivateKey=BOB_cf_secp224k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe +-q2xUfA== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_secp224k1_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K +-KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_secp224k1 +-PeerKey=BOB_cf_secp224k1_PUB +-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_secp224k1 +-PeerKey=ALICE_cf_secp224k1_PUB +-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 +- + Title=secp256k1 curve tests + + PrivateKey=ALICE_cf_secp256k1 +@@ -1998,1323 +55,6 @@ Derive=BOB_cf_secp256k1 + PeerKey=ALICE_cf_secp256k1_PUB + SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +-Title=sect113r1 curve tests +- +-PrivateKey=ALICE_cf_sect113r1 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB +- +-PrivateKey=BOB_cf_sect113r1 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=BOB_cf_sect113r1_PUB +-SharedSecret=01ed16f1948dcb368a54004237842d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=ALICE_cf_sect113r1_PUB +-SharedSecret=01ed16f1948dcb368a54004237842d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=BOB_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e5f3e348c2a8a88d9590a639219 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=ALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e5f3e348c2a8a88d9590a639219 +- +-PublicKey=MALICE_cf_sect113r1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect113r1 +-PeerKey=MALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect113r1 +-PeerKey=MALICE_cf_sect113r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect113r2 curve tests +- +-PrivateKey=ALICE_cf_sect113r2 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB +- +-PrivateKey=BOB_cf_sect113r2 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=BOB_cf_sect113r2_PUB +-SharedSecret=0057a287ba1ea05cb4735e673647e1 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=ALICE_cf_sect113r2_PUB +-SharedSecret=0057a287ba1ea05cb4735e673647e1 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=BOB_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00fec2454e46732aca42b22b6d4f13 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=ALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00fec2454e46732aca42b22b6d4f13 +- +-PublicKey=MALICE_cf_sect113r2_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect113r2 +-PeerKey=MALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect113r2 +-PeerKey=MALICE_cf_sect113r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect131r1 curve tests +- +-PrivateKey=ALICE_cf_sect131r1 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ +-Ag== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB +- +-PrivateKey=BOB_cf_sect131r1 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 +-5A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=BOB_cf_sect131r1_PUB +-SharedSecret=05346248f77f81fff50cc656e119976871 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=ALICE_cf_sect131r1_PUB +-SharedSecret=05346248f77f81fff50cc656e119976871 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=BOB_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01f151ae26efa507acc2597356baf7e8ab +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=ALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01f151ae26efa507acc2597356baf7e8ab +- +-PublicKey=MALICE_cf_sect131r1_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK +-zw== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect131r1 +-PeerKey=MALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect131r1 +-PeerKey=MALICE_cf_sect131r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect131r2 curve tests +- +-PrivateKey=ALICE_cf_sect131r2 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d +-dw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB +- +-PrivateKey=BOB_cf_sect131r2 +------BEGIN PRIVATE KEY----- +-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z +-pA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=BOB_cf_sect131r2_PUB +-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=ALICE_cf_sect131r2_PUB +-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=BOB_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=ALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 +- +-PublicKey=MALICE_cf_sect131r2_PUB +------BEGIN PUBLIC KEY----- +-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY +-1w== +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect131r2 +-PeerKey=MALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect131r2 +-PeerKey=MALICE_cf_sect131r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect163r1 curve tests +- +-PrivateKey=ALICE_cf_sect163r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ +-sbtEXluCzANF +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB +- +-PrivateKey=BOB_cf_sect163r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r +-9FHWU5LC5pDM +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=BOB_cf_sect163r1_PUB +-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=ALICE_cf_sect163r1_PUB +-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=BOB_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=ALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 +- +-PublicKey=MALICE_cf_sect163r1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk +-cs0Bv7iJuVg1 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163r1 +-PeerKey=MALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163r1 +-PeerKey=MALICE_cf_sect163r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect193r1 curve tests +- +-PrivateKey=ALICE_cf_sect193r1 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY +-1TYShZZgBr0R6a5dUGCbiF0= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB +- +-PrivateKey=BOB_cf_sect193r1 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK +-f40zok8PJS6ratIcZwk/n20= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=BOB_cf_sect193r1_PUB +-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=ALICE_cf_sect193r1_PUB +-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=BOB_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=ALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 +- +-PublicKey=MALICE_cf_sect193r1_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n +-zROUg6/STkLp1D+L51L9+wY= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect193r1 +-PeerKey=MALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect193r1 +-PeerKey=MALICE_cf_sect193r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect193r2 curve tests +- +-PrivateKey=ALICE_cf_sect193r2 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT +-kJ+Tit6e4RpgkB/dph4V+uI= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB +- +-PrivateKey=BOB_cf_sect193r2 +------BEGIN PRIVATE KEY----- +-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp +-xiDevOQ/xE9SpMX25W7YqkU= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=BOB_cf_sect193r2_PUB +-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=ALICE_cf_sect193r2_PUB +-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=BOB_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=ALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 +- +-PublicKey=MALICE_cf_sect193r2_PUB +------BEGIN PUBLIC KEY----- +-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO +-Y7+6QpEvOay9A4MJCUZfZmI= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect193r2 +-PeerKey=MALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect193r2 +-PeerKey=MALICE_cf_sect193r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect239k1 curve tests +- +-PrivateKey=ALICE_cf_sect239k1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5 +-5z6lf7o= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF +-lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB +- +-PrivateKey=BOB_cf_sect239k1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx +-Ly4Klfg= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc +-TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=BOB_cf_sect239k1_PUB +-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=ALICE_cf_sect239k1_PUB +-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=BOB_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=ALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 +- +-PublicKey=MALICE_cf_sect239k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect239k1 +-PeerKey=MALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect239k1 +-PeerKey=MALICE_cf_sect239k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls10 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp +-SJiGyw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 +-/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0 +-dKPkQg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT +-IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls11 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k +-5jp+FiY= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H +-zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5 +-h/kzfNM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE +-ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls12 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP +-LI9a +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li +-bqn5udrckL6s3stwCTVFaZUfY2qS9QE= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 +------BEGIN PRIVATE KEY----- +-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q +-K3Ax +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +------BEGIN PUBLIC KEY----- +-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx +-+xsOK9/QB7hzipq9cXx1K/dXu58EoSY= +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls12 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b +- +-Title=wap-wsg-idm-ecid-wtls1 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-SharedSecret=0040ba2fadc1da97c973e5e59ade31 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-SharedSecret=0040ba2fadc1da97c973e5e59ade31 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008919696215a89e03d6c4c9265d6b +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008919696215a89e03d6c4c9265d6b +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls3 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI +-01f8oGBuXMQH +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 +-hlBUf5kmG4Yn +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls4 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-SharedSecret=0077378ddfdadff704a0b6646949e7 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-SharedSecret=0077378ddfdadff704a0b6646949e7 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008f3713fe1ff1fa5d5041899817d1 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=008f3713fe1ff1fa5d5041899817d1 +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +------BEGIN PUBLIC KEY----- +-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls5 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk +-uFzn9fPvIDe6 +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR +-jdoMGRgUuJmO +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea +- +-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK +-dhDD3dDKXUih +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=wap-wsg-idm-ecid-wtls6 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +-SharedSecret=b4cae255268f11a1e46fecad04c2 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls6 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +-SharedSecret=b4cae255268f11a1e46fecad04c2 +- +-Title=wap-wsg-idm-ecid-wtls7 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT +-feGY4CNH0w== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 +-QneRu3xwPA== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls7 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a +- +-Title=wap-wsg-idm-ecid-wtls8 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 +------BEGIN PRIVATE KEY----- +-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls8 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 +- +-Title=wap-wsg-idm-ecid-wtls9 curve tests +- +-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw +-DB/RYdZuUg== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +- +-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov +-a3EVJ9yK1A== +------END PUBLIC KEY----- +- +-Availablein = default +-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9 +-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_wap-wsg-idm-ecid-wtls9 +-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 +- +-# tests: 484 +- +-Title=zero x-coord regression tests +- +-PrivateKey=ALICE_zero_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhaPNk8jG5hSG6y8tUqUoOaNNsZ3APU +-pps= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2hWBe5g +-DLNj216pEvK7XjoKLg5gNg8S +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v1 +-PeerKey=BOB_zero_prime192v1_PUB +-SharedSecret=baaffd49a8399d2ad52cbbe24d47b67afb4b3cf436f1cd65 +- +-PrivateKey=ALICE_zero_prime192v2 + -----BEGIN PRIVATE KEY----- + MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to + 41k= +@@ -3422,72 +162,6 @@ Derive=ALICE_zero_prime256v1 + PeerKey=BOB_zero_prime256v1_PUB + SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c + +-PrivateKey=ALICE_zero_secp112r2 +------BEGIN PRIVATE KEY----- +-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4hh3tRkG3tnA0496ffMw== +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp112r2_PUB +------BEGIN PUBLIC KEY----- +-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEAAAAAAAAAAAAAAAAAAAS5eEOWDV/Wk7w4djyDQ== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp112r2 +-PeerKey=BOB_zero_secp112r2_PUB +-SharedSecret=958cc1cb425713678830a4d7d95e +- +-PrivateKey=ALICE_zero_secp128r1 +------BEGIN PRIVATE KEY----- +-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBCykSzic/h3T2K6SkSP1SGt +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp128r1_PUB +------BEGIN PUBLIC KEY----- +-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEAAAAAAAAAAAAAAAAAAAAAABya8M5aeOpNG3z799IdHc= +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp128r1 +-PeerKey=BOB_zero_secp128r1_PUB +-SharedSecret=5235d452066f126cd7e99eea00fd3068 +- +-PrivateKey=ALICE_zero_secp160r1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUACoRnbig69XLlh5VcRexpbbn5zwA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp160r1_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAG/w1po29wYlxlygXs +-MGfbiGg5ng== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp160r1 +-PeerKey=BOB_zero_secp160r1_PUB +-SharedSecret=9ccd0ab8d093b6acdb3fe14c3736a0dfe61a4666 +- +-PrivateKey=ALICE_zero_secp160r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAQFGxInSw1eAvd45E9TUdbXtJGnA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp160r2_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 +-ZZZl2JFxDg== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp160r2 +-PeerKey=BOB_zero_secp160r2_PUB +-SharedSecret=303e0a282ac86f463fe834cb51b0057be42ed5ab +- + PrivateKey=ALICE_zero_secp384r1 + -----BEGIN PRIVATE KEY----- + ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi +@@ -3526,76 +200,6 @@ Derive=ALICE_zero_secp521r1 + PeerKey=BOB_zero_secp521r1_PUB + SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 + +-PrivateKey=ALICE_zero_wap-wsg-idm-ecid-wtls7 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAoGng7WzYr4P9vtdc3BS/UiNWmc0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB +------BEGIN PUBLIC KEY----- +-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2 +-ZZZl2JFxDg== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_wap-wsg-idm-ecid-wtls7 +-PeerKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB +-SharedSecret=6582fc03bbb340fcf24a5fe8fcdf722655efa8b9 +- +-# tests: 14 +- +-Title=prime192v1 curve tests +- +-PrivateKey=ALICE_cf_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 +-TeI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK +-PZ78UrllIr69kgrYUKsRg4sd +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB +- +-PrivateKey=BOB_cf_prime192v1 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI +-CWM= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_prime192v1_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp +-bAekMot69VorE8ibSzgJixXJ +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_prime192v1 +-PeerKey=BOB_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_prime192v1 +-PeerKey=ALICE_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +- +-# ECDH Bob with Alice peer : curves with less than 112 bits of strength cannot +-# be used for Key agreement in fips mode +-Availablein = fips +-Derive=BOB_cf_prime192v1 +-Securitycheck = 1 +-PeerKey=ALICE_cf_prime192v1_PUB +-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 +-Result = DERIVE_SET_PEER_ERROR +- + Title=prime256v1 curve tests + + PrivateKey=ALICE_cf_prime256v1 +@@ -3759,743 +363,3 @@ SharedSecret=01dd4aa9037bb4ad298b420998d + Derive=BOB_cf_secp521r1 + PeerKey=ALICE_cf_secp521r1_PUB + SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 +- +-Title=sect163k1 curve tests +- +-PrivateKey=ALICE_cf_sect163k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV +-1UVeTRnyAlWU +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB +- +-PrivateKey=BOB_cf_sect163k1 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk +-nsdg7isQ8XBD +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=BOB_cf_sect163k1_PUB +-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=ALICE_cf_sect163k1_PUB +-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=BOB_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=ALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 +- +-PublicKey=MALICE_cf_sect163k1_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163k1 +-PeerKey=MALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163k1 +-PeerKey=MALICE_cf_sect163k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect163r2 curve tests +- +-PrivateKey=ALICE_cf_sect163r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu +-YwVrmqhgqH/C +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB +- +-PrivateKey=BOB_cf_sect163r2 +------BEGIN PRIVATE KEY----- +-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 +-8vT5zU3aq6HV +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=BOB_cf_sect163r2_PUB +-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d +- +-# ECDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=ALICE_cf_sect163r2_PUB +-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d +- +-# ECC CDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=BOB_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f +- +-# ECC CDH Bob with Alice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=ALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f +- +-PublicKey=MALICE_cf_sect163r2_PUB +------BEGIN PUBLIC KEY----- +-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD +-ZtqJwDlp802l +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Availablein = default +-Derive=BOB_cf_sect163r2 +-PeerKey=MALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Availablein = default +-Derive=ALICE_cf_sect163r2 +-PeerKey=MALICE_cf_sect163r2_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect233k1 curve tests +- +-PrivateKey=ALICE_cf_sect233k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y +-Gua8Kw== +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf +-MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB +- +-PrivateKey=BOB_cf_sect233k1 +------BEGIN PRIVATE KEY----- +-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA +-DFMTUA== +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 +-ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=BOB_cf_sect233k1_PUB +-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=ALICE_cf_sect233k1_PUB +-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=BOB_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=ALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d +- +-PublicKey=MALICE_cf_sect233k1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect233k1 +-PeerKey=MALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect233k1 +-PeerKey=MALICE_cf_sect233k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect233r1 curve tests +- +-PrivateKey=ALICE_cf_sect233r1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm +-HP3Pt8Y= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD +-NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB +- +-PrivateKey=BOB_cf_sect233r1 +------BEGIN PRIVATE KEY----- +-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 +-mQVC2pw= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl +-TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=BOB_cf_sect233r1_PUB +-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=ALICE_cf_sect233r1_PUB +-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=BOB_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=ALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 +- +-PublicKey=MALICE_cf_sect233r1_PUB +------BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect233r1 +-PeerKey=MALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect233r1 +-PeerKey=MALICE_cf_sect233r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect283k1 curve tests +- +-PrivateKey=ALICE_cf_sect283k1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 +-5EFCgxyvkaLManw= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd +-5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB +- +-PrivateKey=BOB_cf_sect283k1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD +-1J6957vBTPSQdH0= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM +-QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=BOB_cf_sect283k1_PUB +-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=ALICE_cf_sect283k1_PUB +-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=BOB_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=ALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 +- +-PublicKey=MALICE_cf_sect283k1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect283k1 +-PeerKey=MALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect283k1 +-PeerKey=MALICE_cf_sect283k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect283r1 curve tests +- +-PrivateKey=ALICE_cf_sect283r1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf +-4Pi0hpGr4ubZcHE= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ +-kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB +- +-PrivateKey=BOB_cf_sect283r1 +------BEGIN PRIVATE KEY----- +-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q +-UdFnP6YIykt7+Pg= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO +-PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=BOB_cf_sect283r1_PUB +-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=ALICE_cf_sect283r1_PUB +-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=BOB_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=ALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 +- +-PublicKey=MALICE_cf_sect283r1_PUB +------BEGIN PUBLIC KEY----- +-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect283r1 +-PeerKey=MALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect283r1 +-PeerKey=MALICE_cf_sect283r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect409k1 curve tests +- +-PrivateKey=ALICE_cf_sect409k1 +------BEGIN PRIVATE KEY----- +-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb +-bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW +-5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e +-aAzayZ1+UCEj8skbC9U= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB +- +-PrivateKey=BOB_cf_sect409k1 +------BEGIN PRIVATE KEY----- +-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 +-6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY +-Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 +-vuu4aApQiWE3yQd9v/I= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=BOB_cf_sect409k1_PUB +-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=ALICE_cf_sect409k1_PUB +-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=BOB_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=ALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee +- +-PublicKey=MALICE_cf_sect409k1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAA= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect409k1 +-PeerKey=MALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect409k1 +-PeerKey=MALICE_cf_sect409k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect409r1 curve tests +- +-PrivateKey=ALICE_cf_sect409r1 +------BEGIN PRIVATE KEY----- +-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON +-+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui +-iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q +-fGZqa3D+bDVMwrhmZto= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB +- +-PrivateKey=BOB_cf_sect409r1 +------BEGIN PRIVATE KEY----- +-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU +-7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf +-sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ +-+sUmumbIuGzbrjtMRmw= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=BOB_cf_sect409r1_PUB +-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=ALICE_cf_sect409r1_PUB +-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=BOB_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=ALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad +- +-PublicKey=MALICE_cf_sect409r1_PUB +------BEGIN PUBLIC KEY----- +-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My +-bFKKSOJ7hyrM8Lwl1e8= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect409r1 +-PeerKey=MALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect409r1 +-PeerKey=MALICE_cf_sect409r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect571k1 curve tests +- +-PrivateKey=ALICE_cf_sect571k1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB +-zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX +-dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa +-sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB +- +-PrivateKey=BOB_cf_sect571k1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ +-p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r +-rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 +-3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=BOB_cf_sect571k1_PUB +-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=ALICE_cf_sect571k1_PUB +-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=BOB_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=ALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 +- +-PublicKey=MALICE_cf_sect571k1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect571k1 +-PeerKey=MALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect571k1 +-PeerKey=MALICE_cf_sect571k1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-Title=sect571r1 curve tests +- +-PrivateKey=ALICE_cf_sect571r1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk +-+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= +------END PRIVATE KEY----- +- +-PublicKey=ALICE_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS +-fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R +-Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB +- +-PrivateKey=BOB_cf_sect571r1 +------BEGIN PRIVATE KEY----- +-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA +-G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= +------END PRIVATE KEY----- +- +-PublicKey=BOB_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh +-kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT +-c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= +------END PUBLIC KEY----- +- +-PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB +- +-# ECDH Alice with Bob peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=BOB_cf_sect571r1_PUB +-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 +- +-# ECDH Bob with Alice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=ALICE_cf_sect571r1_PUB +-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 +- +-# ECC CDH Alice with Bob peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=BOB_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 +- +-# ECC CDH Bob with Alice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=ALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 +- +-PublicKey=MALICE_cf_sect571r1_PUB +------BEGIN PUBLIC KEY----- +-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC +-aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= +------END PUBLIC KEY----- +- +-# ECC CDH Bob with Malice peer +-Derive=BOB_cf_sect571r1 +-PeerKey=MALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +- +-# ECC CDH Alice with Malice peer +-Derive=ALICE_cf_sect571r1 +-PeerKey=MALICE_cf_sect571r1_PUB +-Ctrl=ecdh_cofactor_mode:1 +-Result=DERIVE_ERROR +-Reason=point at infinity +diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec 2021-06-30 10:51:23.258816802 +0200 ++++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt 2021-06-30 11:25:33.504721672 +0200 +@@ -1,3 +1,4 @@ ++ + # + # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + # +@@ -55,151 +56,6 @@ Derive=BOB_cf_secp256k1 + PeerKey=ALICE_cf_secp256k1_PUB + SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to +-41k= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v2_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Gj7Qqt +-2wx/jwFlKgvE4rnd50LspdMk +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v2 +-PeerKey=BOB_zero_prime192v2_PUB +-SharedSecret=b8f200a4b87064f2e8600685ca3e69b8e661a117aabc770b +- +-PrivateKey=ALICE_zero_prime192v3 +------BEGIN PRIVATE KEY----- +-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBh/maLQMSlea9BfLqGy5NPuK0YAH/cz +-GqI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime192v3_PUB +------BEGIN PUBLIC KEY----- +-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZEzb63e2 +-3MKatRLR9Y1M5JEdI9jwMocI +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime192v3 +-PeerKey=BOB_zero_prime192v3_PUB +-SharedSecret=b5de857d355bc5b9e270a4c290ea9728d764d8b243ff5d8d +- +-PrivateKey=ALICE_zero_prime239v1 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5pYWzRYI+c6O7NXCt0H2kw8XRL3rhe +-4MrJT8j++CI= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v1_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-Ox02uwNNLFuvDRn5ip8TxvW0W22R7UzJa9Av6/nh +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v1 +-PeerKey=BOB_zero_prime239v1_PUB +-SharedSecret=6b6206408bd05d42daa2cd224c401a1230b44e184f17b82f385f22dac215 +- +-PrivateKey=ALICE_zero_prime239v2 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5l8bB7Cpmr7vyx9FiOT2wEF3YOFbDG +-bmRr3Vi/xr4= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v2_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-IOg3VJGQ89d1GWg4Igxcj5xpDmJiP8tv+e4mxt5U +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v2 +-PeerKey=BOB_zero_prime239v2_PUB +-SharedSecret=772c2819c960c78f28f21f6542b7409294fad1f84567c44c4b7678dc0e42 +- +-PrivateKey=ALICE_zero_prime239v3 +------BEGIN PRIVATE KEY----- +-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5HF5FABzUOTYMZg9UdZTx/oRERm/fU +-M/+otKzpLjA= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime239v3_PUB +------BEGIN PUBLIC KEY----- +-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AsZ4u6r3qQI78EYBpiSgWjqNpoeShjr5piecMBWj +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime239v3 +-PeerKey=BOB_zero_prime239v3_PUB +-SharedSecret=56a71f5dd1611e8032c3e2d8224d86e5e8c2fc6480d74c0e282282decd43 +- +-PrivateKey=ALICE_zero_prime256v1 +------BEGIN PRIVATE KEY----- +-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDXhMb6aR4JR2+l2tmgYqP0r8S4jtym +-yH++awvF2nGhhg== +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_prime256v1_PUB +------BEGIN PUBLIC KEY----- +-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AABmSFx4Di+D1yQzvV2EoGu2VBwq8x2uhxcov4VqF0+T9A== +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_prime256v1 +-PeerKey=BOB_zero_prime256v1_PUB +-SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c +- +-PrivateKey=ALICE_zero_secp384r1 +------BEGIN PRIVATE KEY----- +-ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi +-VVHJeYRSnNpFOiFLaOsGOmwoeZzj6jc= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp384r1_PUB +------BEGIN PUBLIC KEY----- +-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAPPme8E9RpepjC6P5+WDdWToUyb45/SvSFdO0sIqq+Gu/kn8sRuUqsG+3 +-QriFDlIe +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp384r1 +-PeerKey=BOB_zero_secp384r1_PUB +-SharedSecret=b1cfeaeef51dfd487d3a8b2849f1592e04d63f2d2c88b310a6290ebfe5399f5ffe954eabd0619231393e56c35b242986 +- +-PrivateKey=ALICE_zero_secp521r1 +------BEGIN PRIVATE KEY----- +-MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAbddDLMUWbAsY7l3vbNDmntXuAUcDYPg5 +-w/cgUwSCIvrV9MBeSG8AWqT16riHmHlsn+XI5PAJM6eij3JDahnu9Mo= +------END PRIVATE KEY----- +- +-PublicKey=BOB_zero_secp521r1_PUB +------BEGIN PUBLIC KEY----- +-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0g7J/qa1d8ENJsobtEb0CymeZIsa +-1Qiq0GiJb+4/jmFLxjBU1Xcr8Bpl1BLgvKqOll0vXTMtfzn4RtRArgAfT4c= +------END PUBLIC KEY----- +- +-# ECDH Alice with Bob peer +-Availablein = default +-Derive=ALICE_zero_secp521r1 +-PeerKey=BOB_zero_secp521r1_PUB +-SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423 +- + Title=prime256v1 curve tests + + PrivateKey=ALICE_cf_prime256v1 diff --git a/SOURCES/0012-Disable-explicit-ec.patch b/SOURCES/0012-Disable-explicit-ec.patch new file mode 100644 index 0000000..9c3ef57 --- /dev/null +++ b/SOURCES/0012-Disable-explicit-ec.patch @@ -0,0 +1,122 @@ +diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c +--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100 ++++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100 +@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** + if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) + group->decoded_from_explicit_params = 1; + ++ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) { ++ EC_GROUP_free(group); ++ ECPKPARAMETERS_free(params); ++ return NULL; ++ } ++ + if (a) { + EC_GROUP_free(*a); + *a = group; +@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con + goto err; + } + ++ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) { ++ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); ++ goto err; ++ } ++ + ret->version = priv_key->version; + + if (priv_key->privateKey) { +diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c +--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100 ++++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100 +@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL; + static OSSL_PARAM_BLD *bld_prime_nc = NULL; + static OSSL_PARAM_BLD *bld_prime = NULL; + static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; +-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; ++/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/ + + # ifndef OPENSSL_NO_EC2M + static OSSL_PARAM_BLD *bld_tri_nc = NULL; +@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") + DOMAIN_KEYS(ECExplicitPrimeNamedCurve); + IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") + IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") +-DOMAIN_KEYS(ECExplicitPrime2G); +-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") +-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") ++/*DOMAIN_KEYS(ECExplicitPrime2G);*/ ++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ ++/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ + # ifndef OPENSSL_NO_EC2M + DOMAIN_KEYS(ECExplicitTriNamedCurve); + IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") +@@ -1318,7 +1318,7 @@ int setup_tests(void) + || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) + || !create_ec_explicit_prime_params(bld_prime) + || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) +- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) ++/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/ + # ifndef OPENSSL_NO_EC2M + || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) + || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) +@@ -1346,7 +1346,7 @@ int setup_tests(void) + TEST_info("Generating EC keys..."); + MAKE_DOMAIN_KEYS(EC, "EC", EC_params); + MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); +- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); ++/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/ + # ifndef OPENSSL_NO_EC2M + MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); + MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); +@@ -1389,8 +1389,8 @@ int setup_tests(void) + ADD_TEST_SUITE_LEGACY(EC); + ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); + ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); +- ADD_TEST_SUITE(ECExplicitPrime2G); +- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); ++/* ADD_TEST_SUITE(ECExplicitPrime2G);*/ ++/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/ + # ifndef OPENSSL_NO_EC2M + ADD_TEST_SUITE(ECExplicitTriNamedCurve); + ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); +@@ -1427,7 +1427,7 @@ void cleanup_tests(void) + { + #ifndef OPENSSL_NO_EC + OSSL_PARAM_free(ec_explicit_prime_params_nc); +- OSSL_PARAM_free(ec_explicit_prime_params_explicit); ++/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/ + OSSL_PARAM_BLD_free(bld_prime_nc); + OSSL_PARAM_BLD_free(bld_prime); + # ifndef OPENSSL_NO_EC2M +@@ -1449,7 +1449,7 @@ void cleanup_tests(void) + #ifndef OPENSSL_NO_EC + FREE_DOMAIN_KEYS(EC); + FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); +- FREE_DOMAIN_KEYS(ECExplicitPrime2G); ++/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/ + # ifndef OPENSSL_NO_EC2M + FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); + FREE_DOMAIN_KEYS(ECExplicitTri2G); +diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100 ++++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100 +@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB + 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl + -----END PRIVATE KEY----- + +-PrivateKey = EC_EXPLICIT +------BEGIN PRIVATE KEY----- +-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG +-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A +-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk +-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL +-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg +------END PRIVATE KEY----- +- + PrivateKey = B-163 + -----BEGIN PRIVATE KEY----- + MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K diff --git a/SOURCES/0013-FIPS-provider-explicit-ec.patch b/SOURCES/0013-FIPS-provider-explicit-ec.patch new file mode 100644 index 0000000..8cceeed --- /dev/null +++ b/SOURCES/0013-FIPS-provider-explicit-ec.patch @@ -0,0 +1,77 @@ +diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c +index 78dc69082fab..8a86c9108d0d 100644 +--- a/providers/implementations/keymgmt/ec_kmgmt.c ++++ b/providers/implementations/keymgmt/ec_kmgmt.c +@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) + return 0; +- if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 +- && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) +- return 0; + + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) +diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t +index 766524e8cfa9..80bac6741290 100644 +--- a/test/recipes/15-test_ecparam.t ++++ b/test/recipes/15-test_ecparam.t +@@ -13,7 +13,7 @@ use warnings; + use File::Spec; + use File::Compare qw/compare_text/; + use OpenSSL::Glob; +-use OpenSSL::Test qw/:DEFAULT data_file/; ++use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; + use OpenSSL::Test::Utils; + + setup("test_ecparam"); +@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem")); + my @noncanon = glob(data_file("noncanon", "*.pem")); + my @invalid = glob(data_file("invalid", "*.pem")); + +-plan tests => 11; ++plan tests => 12; + + sub checkload { + my $files = shift; # List of files +@@ -59,6 +59,8 @@ sub checkcompare { + } + } + ++my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++ + subtest "Check loading valid parameters by ecparam with -check" => sub { + plan tests => scalar(@valid); + checkload(\@valid, 1, "ecparam", "-check"); +@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub { + plan tests => 2 * scalar(@valid); + checkcompare(\@valid, "pkeyparam"); + }; ++ ++subtest "Check loading of fips and non-fips params" => sub { ++ plan skip_all => "FIPS is disabled" ++ if $no_fips; ++ plan tests => 3; ++ ++ my $fipsconf = srctop_file("test", "fips-and-base.cnf"); ++ my $defaultconf = srctop_file("test", "default.cnf"); ++ ++ $ENV{OPENSSL_CONF} = $fipsconf; ++ ++ ok(run(app(['openssl', 'ecparam', ++ '-in', data_file('valid', 'secp384r1-explicit.pem'), ++ '-check'])), ++ "Loading explicitly encoded valid curve"); ++ ++ ok(run(app(['openssl', 'ecparam', ++ '-in', data_file('valid', 'secp384r1-named.pem'), ++ '-check'])), ++ "Loading named valid curve"); ++ ++ ok(!run(app(['openssl', 'ecparam', ++ '-in', data_file('valid', 'secp112r1-named.pem'), ++ '-check'])), ++ "Fail loading named non-fips curve"); ++ ++ $ENV{OPENSSL_CONF} = $defaultconf; ++}; diff --git a/SOURCES/0014-FIPS-disable-explicit-ec.patch b/SOURCES/0014-FIPS-disable-explicit-ec.patch new file mode 100644 index 0000000..7de159e --- /dev/null +++ b/SOURCES/0014-FIPS-disable-explicit-ec.patch @@ -0,0 +1,421 @@ +diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c +index 9dc143c2ac69..4d6f2a76ad20 100644 +--- a/crypto/ec/ec_err.c ++++ b/crypto/ec/ec_err.c +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = { + "discriminant is zero"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), + "ec group new by name failure"}, ++ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), ++ "explicit params not supported"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), + "failed making public key"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 2aeab7e3b6b5..f686e45f899d 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, + } + #endif + ++#ifndef FIPS_MODULE + /* + * Check if the explicit parameters group matches any built-in curves. + * +@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, + * parameters with one created from a named group. + */ + +-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ++# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + /* + * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for + * the same curve, we prefer the SECP nid when matching explicit +@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, + */ + if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) + curve_name_nid = NID_secp224r1; +-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ ++# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); + if (ret_group == NULL) +@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, + EC_GROUP_free(ret_group); + return NULL; + } ++#endif /* FIPS_MODULE */ + + static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, + OSSL_LIB_CTX *libctx, const char *propq) +@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) + EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + OSSL_LIB_CTX *libctx, const char *propq) + { +- const OSSL_PARAM *ptmp, *pa, *pb; ++ const OSSL_PARAM *ptmp; ++ EC_GROUP *group = NULL; ++ ++#ifndef FIPS_MODULE ++ const OSSL_PARAM *pa, *pb; + int ok = 0; +- EC_GROUP *group = NULL, *named_group = NULL; ++ EC_GROUP *named_group = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; + EC_POINT *point = NULL; + int field_bits = 0; +@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + BN_CTX *bnctx = NULL; + const unsigned char *buf = NULL; + int encoding_flag = -1; ++#endif + + /* This is the simple named group case */ + ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); +@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + } + return group; + } ++#ifdef FIPS_MODULE ++ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED); ++ return NULL; ++#else + /* If it gets here then we are trying explicit parameters */ + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) { +@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + /* create the EC_GROUP structure */ + group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); + } else { +-#ifdef OPENSSL_NO_EC2M ++# ifdef OPENSSL_NO_EC2M + ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); + goto err; +-#else ++# else + /* create the EC_GROUP structure */ + group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); + if (group != NULL) { +@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + goto err; + } + } +-#endif /* OPENSSL_NO_EC2M */ ++# endif /* OPENSSL_NO_EC2M */ + } + + if (group == NULL) { +@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + BN_CTX_free(bnctx); + + return group; ++#endif /* FIPS_MODULE */ + } +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index c4a94f955905..41df7127403c 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing + EC_R_DECODE_ERROR:142:decode error + EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero + EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure ++EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported + EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key + EC_R_FIELD_TOO_LARGE:143:field too large + EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported +diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h +index 07b6c7aa62dd..4658ae8fb2cd 100644 +--- a/include/crypto/ecerr.h ++++ b/include/crypto/ecerr.h +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h +index 49088d208b2c..46405ac62d91 100644 +--- a/include/openssl/ecerr.h ++++ b/include/openssl/ecerr.h +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -35,6 +35,7 @@ + # define EC_R_DECODE_ERROR 142 + # define EC_R_DISCRIMINANT_IS_ZERO 118 + # define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 ++# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 + # define EC_R_FAILED_MAKING_PUBLIC_KEY 166 + # define EC_R_FIELD_TOO_LARGE 143 + # define EC_R_GF2M_NOT_SUPPORTED 147 +diff --git a/test/endecode_test.c b/test/endecode_test.c +index 0c33dff0ee2b..3d78bea50ea3 100644 +--- a/test/endecode_test.c ++++ b/test/endecode_test.c +@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line, + typedef void (dumper)(const char *label, const void *data, size_t data_len); + + #define FLAG_DECODE_WITH_TYPE 0x0001 ++#define FLAG_FAIL_IF_FIPS 0x0002 + + static int test_encode_decode(const char *file, const int line, + const char *type, EVP_PKEY *pkey, +@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line, + * dumping purposes. + */ + if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, +- output_type, output_structure, pass, pcipher)) +- || !TEST_true(check_cb(file, line, type, encoded, encoded_len)) ++ output_type, output_structure, pass, pcipher))) ++ goto end; ++ ++ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { ++ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, ++ encoded_len, output_type, output_structure, ++ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), ++ selection, pass))) ++ ok = 1; ++ goto end; ++ } ++ ++ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) + || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, + output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), +@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line, + return ok; + } + +-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) ++static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) + { + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_KEYPAIR +@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) + "DER", "PrivateKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_unprotected_PKCS8_DER, +- dump_der, 0); ++ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); + } + + static int check_unprotected_PKCS8_PEM(const char *file, const int line, +@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line, + sizeof(expected_pem_header) - 1); + } + +-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) ++static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) + { + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_KEYPAIR +@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) + "PEM", "PrivateKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_unprotected_PKCS8_PEM, +- dump_pem, 0); ++ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); + } + + #ifndef OPENSSL_NO_KEYPARAMS +@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line, + return ok; + } + +-static int test_protected_via_DER(const char *type, EVP_PKEY *key) ++static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) + { + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_KEYPAIR +@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) + pass, pass_cipher, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_protected_PKCS8_DER, +- dump_der, 0); ++ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); + } + + static int check_protected_PKCS8_PEM(const char *file, const int line, +@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line, + sizeof(expected_pem_header) - 1); + } + +-static int test_protected_via_PEM(const char *type, EVP_PKEY *key) ++static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) + { + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_KEYPAIR +@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) + pass, pass_cipher, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_protected_PKCS8_PEM, +- dump_pem, 0); ++ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); + } + + static int check_protected_legacy_PEM(const char *file, const int line, +@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line, + return ok; + } + +-static int test_public_via_DER(const char *type, EVP_PKEY *key) ++static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) + { + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + "DER", "SubjectPublicKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, +- test_mem, check_public_DER, dump_der, 0); ++ test_mem, check_public_DER, dump_der, ++ fips ? 0 : FLAG_FAIL_IF_FIPS); + } + + static int check_public_PEM(const char *file, const int line, +@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line, + sizeof(expected_pem_header) - 1); + } + +-static int test_public_via_PEM(const char *type, EVP_PKEY *key) ++static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) + { + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + "PEM", "SubjectPublicKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, +- test_text, check_public_PEM, dump_pem, 0); ++ test_text, check_public_PEM, dump_pem, ++ fips ? 0 : FLAG_FAIL_IF_FIPS); + } + + static int check_public_MSBLOB(const char *file, const int line, +@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) + EVP_PKEY_free(template_##KEYTYPE); \ + EVP_PKEY_free(key_##KEYTYPE) + +-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ ++#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ + static int test_unprotected_##KEYTYPE##_via_DER(void) \ + { \ +- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ ++ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_unprotected_##KEYTYPE##_via_PEM(void) \ + { \ +- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ ++ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_protected_##KEYTYPE##_via_DER(void) \ + { \ +- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ ++ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_protected_##KEYTYPE##_via_PEM(void) \ + { \ +- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ ++ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_public_##KEYTYPE##_via_DER(void) \ + { \ +- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \ ++ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_public_##KEYTYPE##_via_PEM(void) \ + { \ +- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ ++ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ + } + + #define ADD_TEST_SUITE(KEYTYPE) \ +@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) + + #ifndef OPENSSL_NO_DH + DOMAIN_KEYS(DH); +-IMPLEMENT_TEST_SUITE(DH, "DH") ++IMPLEMENT_TEST_SUITE(DH, "DH", 1) + IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") + DOMAIN_KEYS(DHX); +-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH") ++IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) + IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") + /* + * DH has no support for PEM_write_bio_PrivateKey_traditional(), +@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") + #endif + #ifndef OPENSSL_NO_DSA + DOMAIN_KEYS(DSA); +-IMPLEMENT_TEST_SUITE(DSA, "DSA") ++IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) + IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") + IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") + IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") +@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") + #endif + #ifndef OPENSSL_NO_EC + DOMAIN_KEYS(EC); +-IMPLEMENT_TEST_SUITE(EC, "EC") ++IMPLEMENT_TEST_SUITE(EC, "EC", 1) + IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") + IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") + DOMAIN_KEYS(ECExplicitPrimeNamedCurve); +-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") ++IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) + IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") + /*DOMAIN_KEYS(ECExplicitPrime2G);*/ +-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ ++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ + /*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ + # ifndef OPENSSL_NO_EC2M + DOMAIN_KEYS(ECExplicitTriNamedCurve); +-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") ++IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) + IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") + DOMAIN_KEYS(ECExplicitTri2G); +-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC") ++IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) + IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") + # endif + KEYS(ED25519); +-IMPLEMENT_TEST_SUITE(ED25519, "ED25519") ++IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) + KEYS(ED448); +-IMPLEMENT_TEST_SUITE(ED448, "ED448") ++IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) + KEYS(X25519); +-IMPLEMENT_TEST_SUITE(X25519, "X25519") ++IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) + KEYS(X448); +-IMPLEMENT_TEST_SUITE(X448, "X448") ++IMPLEMENT_TEST_SUITE(X448, "X448", 1) + /* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. + */ + #endif + KEYS(RSA); +-IMPLEMENT_TEST_SUITE(RSA, "RSA") ++IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) + IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") + KEYS(RSA_PSS); +-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS") ++IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) + /* + * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), + * so no legacy tests. diff --git a/SOURCES/0015-FIPS-decoded-from-explicit.patch b/SOURCES/0015-FIPS-decoded-from-explicit.patch new file mode 100644 index 0000000..19d19a3 --- /dev/null +++ b/SOURCES/0015-FIPS-decoded-from-explicit.patch @@ -0,0 +1,140 @@ +diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c +index bea01fb38f66..48721369ae8f 100644 +--- a/crypto/ec/ec_backend.c ++++ b/crypto/ec/ec_backend.c +@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, + return 0; + } + ++ if (!ossl_param_build_set_int(tmpl, params, ++ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, ++ group->decoded_from_explicit_params)) ++ return 0; ++ + curve_nid = EC_GROUP_get_curve_name(group); + + /* +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 6b0591c6c8c7..b1696d93bd6d 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + /* This is the simple named group case */ + ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); + if (ptmp != NULL) { +- group = group_new_from_name(ptmp, libctx, propq); +- if (group != NULL) { +- if (!ossl_ec_group_set_params(group, params)) { +- EC_GROUP_free(group); +- group = NULL; +- } ++ int decoded = 0; ++ ++ if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL) ++ return NULL; ++ if (!ossl_ec_group_set_params(group, params)) { ++ EC_GROUP_free(group); ++ return NULL; ++ } ++ ++ ptmp = OSSL_PARAM_locate_const(params, ++ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); ++ if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) { ++ ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); ++ EC_GROUP_free(group); ++ return NULL; + } ++ group->decoded_from_explicit_params = decoded > 0; + return group; + } + #ifdef FIPS_MODULE +@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + EC_GROUP_free(group); + group = named_group; + } ++ /* We've imported the group from explicit parameters, set it so. */ ++ group->decoded_from_explicit_params = 1; + ok = 1; + err: + if (!ok) { +diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod +index eed83237c3b2..ee66a074f889 100644 +--- a/doc/man7/EVP_PKEY-EC.pod ++++ b/doc/man7/EVP_PKEY-EC.pod +@@ -70,8 +70,8 @@ I multiplied by the I gives the number of points on the curve. + + =item "decoded-from-explicit" (B) + +-Gets a flag indicating wether the key or parameters were decoded from explicit +-curve parameters. Set to 1 if so or 0 if a named curve was used. ++Sets or gets a flag indicating whether the key or parameters were decoded from ++explicit curve parameters. Set to 1 if so or 0 if a named curve was used. + + =item "use-cofactor-flag" (B) + +diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c +index 9260d4bf3635..7aed057cac89 100644 +--- a/providers/implementations/keymgmt/ec_kmgmt.c ++++ b/providers/implementations/keymgmt/ec_kmgmt.c +@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \ +- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0) ++ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \ ++ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL) + + # define EC_IMEXPORTABLE_PUBLIC_KEY \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) +diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t +index 700bbd849c95..ede14864d5ac 100644 +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -12,7 +12,7 @@ use warnings; + + use File::Spec::Functions qw/canonpath/; + use File::Copy; +-use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/; ++use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/; + use OpenSSL::Test::Utils; + + setup("test_verify"); +@@ -29,7 +29,7 @@ sub verify { + run(app([@args])); + } + +-plan tests => 160; ++plan tests => 163; + + # Canonical success + ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), +@@ -309,6 +309,29 @@ SKIP: { + ["ca-cert-ec-named"]), + "accept named curve leaf with named curve intermediate"); + } ++# Same as above but with base provider used for decoding ++SKIP: { ++ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++ skip "EC is not supported or FIPS is disabled", 3 ++ if disabled("ec") || $no_fips; ++ ++ my $provconf = srctop_file("test", "fips-and-base.cnf"); ++ my $provpath = bldtop_dir("providers"); ++ my @prov = ("-provider-path", $provpath); ++ $ENV{OPENSSL_CONF} = $provconf; ++ ++ ok(!verify("ee-cert-ec-explicit", "", ["root-cert"], ++ ["ca-cert-ec-named"], @prov), ++ "reject explicit curve leaf with named curve intermediate w/fips"); ++ ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"], ++ ["ca-cert-ec-explicit"], @prov), ++ "reject named curve leaf with explicit curve intermediate w/fips"); ++ ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ++ ["ca-cert-ec-named"], @prov), ++ "accept named curve leaf with named curve intermediate w/fips"); ++ ++ delete $ENV{OPENSSL_CONF}; ++} + + # Depth tests, note the depth limit bounds the number of CA certificates + # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf diff --git a/SOURCES/0024-load-legacy-prov.patch b/SOURCES/0024-load-legacy-prov.patch new file mode 100644 index 0000000..c7d2958 --- /dev/null +++ b/SOURCES/0024-load-legacy-prov.patch @@ -0,0 +1,75 @@ +diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf +--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 ++++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 +@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 + tsa_policy2 = 1.2.3.4.5.6 + tsa_policy3 = 1.2.3.4.5.7 + +-# For FIPS +-# Optionally include a file that is generated by the OpenSSL fipsinstall +-# application. This file contains configuration data required by the OpenSSL +-# fips provider. It contains a named section e.g. [fips_sect] which is +-# referenced from the [provider_sect] below. +-# Refer to the OpenSSL security policy for more information. +-# .include fipsmodule.cnf +- + [openssl_init] + providers = provider_sect + # Load default TLS policy configuration + ssl_conf = ssl_module + +-# List of providers to load +-[provider_sect] +-default = default_sect +-# The fips section name should match the section name inside the +-# included fipsmodule.cnf. +-# fips = fips_sect ++# Uncomment the sections that start with ## below to enable the legacy provider. ++# Loading the legacy provider enables support for the following algorithms: ++# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 ++# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED ++# Key Derivation Function (KDF): PBKDF1 ++# In general it is not recommended to use the above mentioned algorithms for ++# security critical operations, as they are cryptographically weak or vulnerable ++# to side-channel attacks and as such have been deprecated. + +-# If no providers are activated explicitly, the default one is activated implicitly. +-# See man 7 OSSL_PROVIDER-default for more details. +-# +-# If you add a section explicitly activating any other provider(s), you most +-# probably need to explicitly activate the default provider, otherwise it +-# becomes unavailable in openssl. As a consequence applications depending on +-# OpenSSL may not work correctly which could lead to significant system +-# problems including inability to remotely access the system. +-[default_sect] +-# activate = 1 ++[provider_sect] ++default = default_sect ++##legacy = legacy_sect ++## ++[default_sect] ++activate = 1 ++ ++##[legacy_sect] ++##activate = 1 + + [ ssl_module ] + +diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod +--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 ++++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 +@@ -273,6 +273,14 @@ significant. + All parameters in the section as well as sub-sections are made + available to the provider. + ++=head3 Loading the legacy provider ++ ++Uncomment the sections that start with ## in openssl.cnf ++to enable the legacy provider. ++Note: In general it is not recommended to use the above mentioned algorithms for ++security critical operations, as they are cryptographically weak or vulnerable ++to side-channel attacks and as such have been deprecated. ++ + =head3 Default provider and its activation + + If no providers are activated explicitly, the default one is activated implicitly. diff --git a/SOURCES/0025-for-tests.patch b/SOURCES/0025-for-tests.patch new file mode 100644 index 0000000..aef200b --- /dev/null +++ b/SOURCES/0025-for-tests.patch @@ -0,0 +1,18 @@ +diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf +--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100 ++++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100 +@@ -55,11 +55,11 @@ providers = provider_sect + # to side-channel attacks and as such have been deprecated. + + [provider_sect] +-default = default_sect ++##default = default_sect + ##legacy = legacy_sect + ## +-[default_sect] +-activate = 1 ++##[default_sect] ++##activate = 1 + + ##[legacy_sect] + ##activate = 1 diff --git a/SOURCES/0031-tmp-Fix-test-names.patch b/SOURCES/0031-tmp-Fix-test-names.patch new file mode 100644 index 0000000..5c22f24 --- /dev/null +++ b/SOURCES/0031-tmp-Fix-test-names.patch @@ -0,0 +1,40 @@ +diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t +--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200 ++++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200 +@@ -40,7 +40,7 @@ unless ($no_fips) { + srctop_file("test", "recipes", "90-test_sslapi_data", + "passwd.txt"), $tmpfilename, "fips", + srctop_file("test", "fips-and-base.cnf")])), +- "running sslapitest"); ++ "running sslapitest - FIPS"); + } + + unlink $tmpfilename; +diff --git a/test/sslapitest.c b/test/sslapitest.c +index e95d2657f46c..7af0eab3fce0 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, + goto end; + } + ++ if (is_fips && strstr(cipher, "CHACHA") != NULL) { ++ testresult = TEST_skip("CHACHA is not supported in FIPS"); ++ goto end; ++ } ++ + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), +@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) + goto end; + } + ++ if (is_fips && strstr(cipher, "CHACHA") != NULL) { ++ testresult = TEST_skip("CHACHA is not supported in FIPS"); ++ goto end; ++ } ++ + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), diff --git a/SOURCES/0032-Force-fips.patch b/SOURCES/0032-Force-fips.patch new file mode 100644 index 0000000..1a4ea0d --- /dev/null +++ b/SOURCES/0032-Force-fips.patch @@ -0,0 +1,165 @@ +#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite +#(partial) of the function provider_conf_load() under the 'if (activate) section. +#If there is any change to this section, after deleting it in provider_conf_load() +#ensure that you also add those changes to the provider_conf_activate() function. +#additionally please add this check for cnf explicitly as shown below. +#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;' +diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c +--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200 ++++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200 +@@ -136,58 +136,18 @@ static int prov_already_activated(const + return 0; + } + +-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, +- const char *value, const CONF *cnf) ++static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, ++ const char *value, const char *path, ++ int soft, const CONF *cnf) + { +- int i; +- STACK_OF(CONF_VALUE) *ecmds; +- int soft = 0; +- OSSL_PROVIDER *prov = NULL, *actual = NULL; +- const char *path = NULL; +- long activate = 0; + int ok = 0; +- +- name = skip_dot(name); +- OSSL_TRACE1(CONF, "Configuring provider %s\n", name); +- /* Value is a section containing PROVIDER commands */ +- ecmds = NCONF_get_section(cnf, value); +- +- if (!ecmds) { +- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, +- "section=%s not found", value); +- return 0; +- } +- +- /* Find the needed data first */ +- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { +- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); +- const char *confname = skip_dot(ecmd->name); +- const char *confvalue = ecmd->value; +- +- OSSL_TRACE2(CONF, "Provider command: %s = %s\n", +- confname, confvalue); +- +- /* First handle some special pseudo confs */ +- +- /* Override provider name to use */ +- if (strcmp(confname, "identity") == 0) +- name = confvalue; +- else if (strcmp(confname, "soft_load") == 0) +- soft = 1; +- /* Load a dynamic PROVIDER */ +- else if (strcmp(confname, "module") == 0) +- path = confvalue; +- else if (strcmp(confname, "activate") == 0) +- activate = 1; +- } +- +- if (activate) { +- PROVIDER_CONF_GLOBAL *pcgbl +- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, +- &provider_conf_ossl_ctx_method); ++ OSSL_PROVIDER *prov = NULL, *actual = NULL; ++ PROVIDER_CONF_GLOBAL *pcgbl ++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, ++ &provider_conf_ossl_ctx_method); + + if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { +- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); ++ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); + return 0; + } + if (!prov_already_activated(name, pcgbl->activated_providers)) { +@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C + if (path != NULL) + ossl_provider_set_module_path(prov, path); + +- ok = provider_conf_params(prov, NULL, NULL, value, cnf); ++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; + + if (ok) { + if (!ossl_provider_activate(prov, 1, 0)) { +@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C + } + if (!ok) + ossl_provider_free(prov); ++ } else { /* No reason to activate the provider twice, returning OK */ ++ ok = 1; + } + CRYPTO_THREAD_unlock(pcgbl->lock); ++ return ok; ++} ++ ++static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, ++ const char *value, const CONF *cnf) ++{ ++ int i; ++ STACK_OF(CONF_VALUE) *ecmds; ++ int soft = 0; ++ const char *path = NULL; ++ long activate = 0; ++ int ok = 0; ++ ++ name = skip_dot(name); ++ OSSL_TRACE1(CONF, "Configuring provider %s\n", name); ++ /* Value is a section containing PROVIDER commands */ ++ ecmds = NCONF_get_section(cnf, value); ++ ++ if (!ecmds) { ++ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, ++ "section=%s not found", value); ++ return 0; ++ } ++ ++ /* Find the needed data first */ ++ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { ++ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); ++ const char *confname = skip_dot(ecmd->name); ++ const char *confvalue = ecmd->value; ++ ++ OSSL_TRACE2(CONF, "Provider command: %s = %s\n", ++ confname, confvalue); ++ ++ /* First handle some special pseudo confs */ ++ ++ /* Override provider name to use */ ++ if (strcmp(confname, "identity") == 0) ++ name = confvalue; ++ else if (strcmp(confname, "soft_load") == 0) ++ soft = 1; ++ /* Load a dynamic PROVIDER */ ++ else if (strcmp(confname, "module") == 0) ++ path = confvalue; ++ else if (strcmp(confname, "activate") == 0) ++ activate = 1; ++ } ++ ++ if (activate) { ++ ok = provider_conf_activate(libctx, name, value, path, soft, cnf); + } else { + OSSL_PROVIDER_INFO entry; + +@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU + return 0; + } + ++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ ++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); ++ PROVIDER_CONF_GLOBAL *pcgbl ++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, ++ &provider_conf_ossl_ctx_method); ++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) ++ return 0; ++ if (EVP_default_properties_enable_fips(libctx, 1) != 1) ++ return 0; ++ } ++ + return 1; + } + diff --git a/SOURCES/0033-FIPS-embed-hmac.patch b/SOURCES/0033-FIPS-embed-hmac.patch new file mode 100644 index 0000000..c788072 --- /dev/null +++ b/SOURCES/0033-FIPS-embed-hmac.patch @@ -0,0 +1,223 @@ +diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c +--- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100 ++++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100 +@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) + } + #endif + ++#define HMAC_LEN 32 ++/* ++ * The __attribute__ ensures we've created the .rodata1 section ++ * static ensures it's zero filled ++*/ ++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; ++ + /* + * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify + * the result matches the expected value. + * Return 1 if verified, or 0 if it fails. + */ ++#ifndef __USE_GNU ++#define __USE_GNU ++#include ++#undef __USE_GNU ++#else ++#include ++#endif ++#include ++ + static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, + unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, +@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI + { + int ret = 0, status; + unsigned char out[MAX_MD_SIZE]; +- unsigned char buf[INTEGRITY_BUF_SIZE]; ++ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN]; + size_t bytes_read = 0, out_len = 0; + EVP_MAC *mac = NULL; + EVP_MAC_CTX *ctx = NULL; + OSSL_PARAM params[2], *p = params; ++ Dl_info info; ++ void *extra_info = NULL; ++ struct link_map *lm = NULL; ++ unsigned long paddr; ++ unsigned long off = 0; ++ int have_rest = 0; + + OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); + ++ if (!dladdr1 ((const void *)fips_hmac_container, ++ &info, &extra_info, RTLD_DL_LINKMAP)) ++ goto err; ++ lm = extra_info; ++ paddr = (unsigned long)fips_hmac_container - lm->l_addr; ++ + mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); + if (mac == NULL) + goto err; +@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI + if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) + goto err; + ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ if (status != 1 || bytes_read != HMAC_LEN) ++ goto err; ++ off += HMAC_LEN; ++ + while (1) { +- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); +- if (status != 1) ++ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) { ++ have_rest = 1; ++ break; ++ } ++ ++ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */ ++ /* Logic: ++ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer ++ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes ++ * and move last HMAC_LEN bytes to the beginning of the buffer ++ * ++ * If we have read (a part of) buffer fips_hmac_container ++ * we should replace it with zeros. ++ * If it is inside our current buffer, we will update now. ++ * If it intersects the upper bound, we will clean up on the next step. ++ */ ++ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) ++ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); ++ off += bytes_read; ++ ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN); ++ } else { /* Final block */ ++ /* Logic is basically the same as in previous branch ++ * but we calculate HMAC from HMAC_LEN (rest of previous step) ++ * and bytes_read read on this step ++ * */ ++ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) ++ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); ++ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN)) ++ goto err; ++ off += bytes_read; + break; +- if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ } ++ } ++ if (have_rest) { ++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) + goto err; ++ off += HMAC_LEN; + } + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) + goto err; +@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + CRYPTO_THREAD_unlock(fips_state_lock); + } + +- if (st == NULL +- || st->module_checksum_data == NULL) { ++ if (st == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); + goto end; + } +@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + if (ev == NULL) + goto end; + +- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, +- &checksum_len); ++ module_checksum = fips_hmac_container; ++ checksum_len = sizeof(fips_hmac_container); ++ + if (module_checksum == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); + goto end; +@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + ok = 1; + end: + OSSL_SELF_TEST_free(ev); +- OPENSSL_free(module_checksum); + OPENSSL_free(indicator_checksum); + + if (st != NULL) { +diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t +--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100 +@@ -20,7 +20,7 @@ + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "FIPS module config file only supported in a fips build" + if $no_check; + +diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t +--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100 +@@ -23,7 +23,7 @@ + use lib bldtop_dir('.'); + use platform; + +-my $no_check = disabled("fips"); ++my $no_check = 1; + plan skip_all => "Test only supported in a fips build" + if $no_check; + plan tests => 1; +diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t +--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100 +@@ -22,7 +22,7 @@ + use lib bldtop_dir('.'); + use platform; + +-plan skip_all => "Test only supported in a fips build" if disabled("fips"); ++plan skip_all => "Test only supported in a fips build" if 1; + + plan tests => 29; + +diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t +--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 +@@ -21,7 +21,7 @@ + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan tests => + ($no_fips ? 1 : 5); +diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t +--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200 ++++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100 +@@ -23,7 +23,7 @@ + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); + +diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t +--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100 ++++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100 +@@ -18,7 +18,7 @@ + use lib srctop_dir('Configurations'); + use lib bldtop_dir('.'); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + + plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); +--- /dev/null 2021-11-16 15:27:32.915000000 +0100 ++++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100 +@@ -0,0 +1,2 @@ ++[fips_sect] ++activate = 1 diff --git a/SOURCES/0034.fipsinstall_disable.patch b/SOURCES/0034.fipsinstall_disable.patch new file mode 100644 index 0000000..c4f9efd --- /dev/null +++ b/SOURCES/0034.fipsinstall_disable.patch @@ -0,0 +1,406 @@ +diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c +--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100 ++++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100 +@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar + EVP_MAC *mac = NULL; + CONF *conf = NULL; + ++ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); ++ return 1; ++ + if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; + +diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod +--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100 ++++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100 +@@ -158,10 +158,6 @@ Engine (loadable module) information and + + Error Number to Error String Conversion. + +-=item B +- +-FIPS configuration installation. +- + =item B + + Generation of DSA Private Key from Parameters. Superseded by +diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod +--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100 ++++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100 +@@ -573,7 +573,6 @@ configuration files using that syntax wi + =head1 SEE ALSO + + L, L, L, +-L, + L, + L, + L, +diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod +--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100 ++++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100 +@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration + + =head1 DESCRIPTION + +-A separate configuration file, using the OpenSSL L syntax, +-is used to hold information about the FIPS module. This includes a digest +-of the shared library file, and status about the self-testing. +-This data is used automatically by the module itself for two +-purposes: +- +-=over 4 +- +-=item - Run the startup FIPS self-test known answer tests (KATS). +- +-This is normally done once, at installation time, but may also be set up to +-run each time the module is used. +- +-=item - Verify the module's checksum. +- +-This is done each time the module is used. +- +-=back +- +-This file is generated by the L program, and +-used internally by the FIPS module during its initialization. +- +-The following options are supported. They should all appear in a section +-whose name is identified by the B option in the B +-section, as described in L. +- +-=over 4 +- +-=item B +- +-If present, the module is activated. The value assigned to this name is not +-significant. +- +-=item B +- +-A version number for the fips install process. Should be 1. +- +-=item B +- +-The FIPS module normally enters an internal error mode if any self test fails. +-Once this error mode is active, no services or cryptographic algorithms are +-accessible from this point on. +-Continuous tests are a subset of the self tests (e.g., a key pair test during key +-generation, or the CRNG output test). +-Setting this value to C<0> allows the error mode to not be triggered if any +-continuous test fails. The default value of C<1> will trigger the error mode. +-Regardless of the value, the operation (e.g., key generation) that called the +-continuous test will return an error code if its continuous test fails. The +-operation may then be retried if the error mode has not been triggered. +- +-=item B +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-A value of '1' will perform the checks, otherwise if the value is '0' the checks +-are not performed and FIPS compliance must be done by procedures documented in +-the relevant Security Policy. +- +-=item B +- +-The calculated MAC of the FIPS provider file. +- +-=item B +- +-An indicator that the self-tests were successfully run. +-This should only be written after the module has +-successfully passed its self tests during installation. +-If this field is not present, then the self tests will run when the module +-loads. +- +-=item B +- +-A MAC of the value of the B option, to prevent accidental +-changes to that value. +-It is written-to at the same time as B is updated. +- +-=back +- +-For example: +- +- [fips_sect] +- activate = 1 +- install-version = 1 +- conditional-errors = 1 +- security-checks = 1 +- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +- install-status = INSTALL_SELF_TEST_KATS_RUN +- +-=head1 NOTES +- +-When using the FIPS provider, it is recommended that the +-B option is enabled to prevent accidental use of +-non-FIPS validated algorithms via broken or mistaken configuration. +-See L. +- +-=head1 SEE ALSO +- +-L +-L ++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is ++automatically loaded when the system is booted in FIPS mode, or when the ++environment variable B is set. See the documentation ++for more information. + + =head1 COPYRIGHT + +diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod +--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100 ++++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100 +@@ -388,7 +388,6 @@ A simple self test callback is shown bel + + =head1 SEE ALSO + +-L, + L, + L, + L, +diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in +--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100 ++++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100 +@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi + =head1 SYNOPSIS + + B +-[B<-help>] +-[B<-in> I] +-[B<-out> I] +-[B<-module> I] +-[B<-provider_name> I] +-[B<-section_name> I] +-[B<-verify>] +-[B<-mac_name> I] +-[B<-macopt> I:I] +-[B<-noout>] +-[B<-quiet>] +-[B<-no_conditional_errors>] +-[B<-no_security_checks>] +-[B<-self_test_onload>] +-[B<-corrupt_desc> I] +-[B<-corrupt_type> I] +-[B<-config> I] + + =head1 DESCRIPTION +- +-This command is used to generate a FIPS module configuration file. +-This configuration file can be used each time a FIPS module is loaded +-in order to pass data to the FIPS module self tests. The FIPS module always +-verifies its MAC, but optionally only needs to run the KAT's once, +-at installation. +- +-The generated configuration file consists of: +- +-=over 4 +- +-=item - A MAC of the FIPS module file. +- +-=item - A test status indicator. +- +-This indicates if the Known Answer Self Tests (KAT's) have successfully run. +- +-=item - A MAC of the status indicator. +- +-=item - A control for conditional self tests errors. +- +-By default if a continuous test (e.g a key pair test) fails then the FIPS module +-will enter an error state, and no services or cryptographic algorithms will be +-able to be accessed after this point. +-The default value of '1' will cause the fips module error state to be entered. +-If the value is '0' then the module error state will not be entered. +-Regardless of whether the error state is entered or not, the current operation +-(e.g. key generation) will return an error. The user is responsible for retrying +-the operation if the module error state is not entered. +- +-=item - A control to indicate whether run-time security checks are done. +- +-This indicates if run-time checks related to enforcement of security parameters +-such as minimum security strength of keys and approved curve names are used. +-The default value of '1' will perform the checks. +-If the value is '0' the checks are not performed and FIPS compliance must +-be done by procedures documented in the relevant Security Policy. +- +-=back +- +-This file is described in L. +- +-=head1 OPTIONS +- +-=over 4 +- +-=item B<-help> +- +-Print a usage message. +- +-=item B<-module> I +- +-Filename of the FIPS module to perform an integrity check on. +-The path provided in the filename is used to load the module when it is +-activated, and this overrides the environment variable B. +- +-=item B<-out> I +- +-Filename to output the configuration data to; the default is standard output. +- +-=item B<-in> I +- +-Input filename to load configuration data from. +-Must be used if the B<-verify> option is specified. +- +-=item B<-verify> +- +-Verify that the input configuration file contains the correct information. +- +-=item B<-provider_name> I +- +-Name of the provider inside the configuration file. +-The default value is C. +- +-=item B<-section_name> I +- +-Name of the section inside the configuration file. +-The default value is C. +- +-=item B<-mac_name> I +- +-Specifies the name of a supported MAC algorithm which will be used. +-The MAC mechanisms that are available will depend on the options +-used when building OpenSSL. +-To see the list of supported MAC's use the command +-C. The default is B. +- +-=item B<-macopt> I:I +- +-Passes options to the MAC algorithm. +-A comprehensive list of controls can be found in the EVP_MAC implementation +-documentation. +-Common control strings used for this command are: +- +-=over 4 +- +-=item B:I +- +-Specifies the MAC key as an alphanumeric string (use if the key contains +-printable characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Specifies the MAC key in hexadecimal form (two hex digits per byte). +-The key length must conform to any restrictions of the MAC algorithm. +-A key must be specified for every MAC algorithm. +-If no key is provided, the default that was specified when OpenSSL was +-configured is used. +- +-=item B:I +- +-Used by HMAC as an alphanumeric string (use if the key contains printable +-characters only). +-The string length must conform to any restrictions of the MAC algorithm. +-To see the list of supported digests, use the command +-C. +-The default digest is SHA-256. +- +-=back +- +-=item B<-noout> +- +-Disable logging of the self tests. +- +-=item B<-no_conditional_errors> +- +-Configure the module to not enter an error state if a conditional self test +-fails as described above. +- +-=item B<-no_security_checks> +- +-Configure the module to not perform run-time security checks as described above. +- +-=item B<-self_test_onload> +- +-Do not write the two fields related to the "test status indicator" and +-"MAC status indicator" to the output configuration file. Without these fields +-the self tests KATS will run each time the module is loaded. This option could be +-used for cross compiling, since the self tests need to run at least once on each +-target machine. Once the self tests have run on the target machine the user +-could possibly then add the 2 fields into the configuration using some other +-mechanism. +- +-=item B<-quiet> +- +-Do not output pass/fail messages. Implies B<-noout>. +- +-=item B<-corrupt_desc> I, +-B<-corrupt_type> I +- +-The corrupt options can be used to test failure of one or more self tests by +-name. +-Either option or both may be used to select the tests to corrupt. +-Refer to the entries for B and B in L for +-values that can be used. +- +-=item B<-config> I +- +-Test that a FIPS provider can be loaded from the specified configuration file. +-A previous call to this application needs to generate the extra configuration +-data that is included by the base C configuration file. +-See L for further information on how to set up a provider section. +-All other options are ignored if '-config' is used. +- +-=back +- +-=head1 NOTES +- +-Self tests results are logged by default if the options B<-quiet> and B<-noout> +-are not specified, or if either of the options B<-corrupt_desc> or +-B<-corrupt_type> are used. +-If the base configuration file is set up to autoload the fips module, then the +-fips module will be loaded and self tested BEFORE the fipsinstall application +-has a chance to set up its own self test callback. As a result of this the self +-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored. +-For normal usage the base configuration file should use the default provider +-when generating the fips configuration file. +- +-=head1 EXAMPLES +- +-Calculate the mac of a FIPS module F and run a FIPS self test +-for the module, and save the F configuration file: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips +- +-Verify that the configuration file F contains the correct info: +- +- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify +- +-Corrupt any self tests which have the description C: +- +- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ +- -corrupt_desc 'SHA1' +- +-Validate that the fips module can be loaded from a base configuration file: +- +- export OPENSSL_CONF_INCLUDE= +- export OPENSSL_MODULES= +- openssl fipsinstall -config' 'default.cnf' +- +- +-=head1 SEE ALSO +- +-L, +-L, +-L, +-L ++This command is disabled. ++Please consult Red Hat Enterprise Linux documentation to learn how to correctly ++enable FIPS mode on Red Hat Enterprise + + =head1 COPYRIGHT + diff --git a/SOURCES/0035-speed-skip-unavailable-dgst.patch b/SOURCES/0035-speed-skip-unavailable-dgst.patch new file mode 100644 index 0000000..6d948dd --- /dev/null +++ b/SOURCES/0035-speed-skip-unavailable-dgst.patch @@ -0,0 +1,26 @@ +diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c +--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100 ++++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100 +@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo + for (count = 0; COND(c[algindex][testnum]); count++) { + size_t outl; + ++ if (mctx == NULL) ++ return -1; ++ + if (!EVP_MAC_init(mctx, NULL, 0, NULL) + || !EVP_MAC_update(mctx, buf, lengths[testnum]) + || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) +@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv) + if (loopargs[i].mctx == NULL) + goto end; + +- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) +- goto end; ++ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) { ++ EVP_MAC_CTX_free(loopargs[i].mctx); ++ loopargs[i].mctx = NULL; ++ } + } + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], diff --git a/SOURCES/0044-FIPS-140-3-keychecks.patch b/SOURCES/0044-FIPS-140-3-keychecks.patch new file mode 100644 index 0000000..a0ec627 --- /dev/null +++ b/SOURCES/0044-FIPS-140-3-keychecks.patch @@ -0,0 +1,187 @@ +diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c +--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200 ++++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200 +@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k + BN_MONT_CTX *mont = NULL; + BIGNUM *z = NULL, *pminus1; + int ret = -1; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k + return 0; + } + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ return 0; ++ } ++#endif ++ + ctx = BN_CTX_new_ex(dh->libctx); + if (ctx == NULL) + goto err; +@@ -262,6 +272,9 @@ static int generate_key(DH *dh) + #endif + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; ++#ifdef FIPS_MODULE ++ int validate = 0; ++#endif + + if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); +@@ -354,8 +367,23 @@ static int generate_key(DH *dh) + if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) + goto err; + ++#ifdef FIPS_MODULE ++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->pub_key = pub_key; + dh->priv_key = priv_key; ++#ifdef FIPS_MODULE ++ if (ossl_dh_check_pairwise(dh) <= 0) { ++ dh->pub_key = dh->priv_key = NULL; ++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); ++ goto err; ++ } ++#endif ++ + dh->dirty_cnt++; + ok = 1; + err: +diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c +diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c +--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200 ++++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200 +@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u + } + + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); ++#ifdef FIPS_MODULE ++ { ++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); ++ int check = 0; ++ ++ if (bn_ctx == NULL) { ++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); ++ BN_CTX_free(bn_ctx); ++ ++ if (check <= 0) { ++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); ++ goto end; ++ } ++ } ++#endif + + retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); + +diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c +--- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200 ++++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200 +@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey + + OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); + ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); ++ ++#ifdef FIPS_MODULE ++ ok &= ossl_ec_key_public_check(eckey, ctx); ++ ok &= ossl_ec_key_pairwise_check(eckey, ctx); ++#endif /* FIPS_MODULE */ + } + err: + /* Step (9): If there is an error return an invalid keypair. */ +diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c +--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200 ++++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200 +@@ -23,6 +23,7 @@ + #include + #include "internal/cryptlib.h" + #include ++#include + #include + #include "prov/providercommon.h" + #include "rsa_local.h" +@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc + static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) + { + int ret = 0; +- unsigned int ciphertxt_len; +- unsigned char *ciphertxt = NULL; +- const unsigned char plaintxt[16] = {0}; +- unsigned char *decoded = NULL; +- unsigned int decoded_len; +- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len); +- int padding = RSA_PKCS1_PADDING; ++ unsigned int signature_len; ++ unsigned char *signature = NULL; + OSSL_SELF_TEST *st = NULL; ++ static const unsigned char dgst[] = { ++ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, ++ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, ++ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 ++ }; + + st = OSSL_SELF_TEST_new(cb, cbarg); + if (st == NULL) + goto err; + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, ++ /* No special name for RSA signature PCT*/ + OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); + +- ciphertxt_len = RSA_size(rsa); ++ signature_len = RSA_size(rsa); +- /* +- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' +- * parameter to be a maximum of RSA_size() - allocate space for both. +- */ +- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); +- if (ciphertxt == NULL) ++ signature = OPENSSL_zalloc(signature_len); ++ if (signature == NULL) + goto err; +- decoded = ciphertxt + ciphertxt_len; + +- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa, +- padding); +- if (ciphertxt_len <= 0) ++ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0) + goto err; +- if (ciphertxt_len == plaintxt_len +- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0) ++ ++ if (signature_len <= 0) + goto err; + +- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt); ++ OSSL_SELF_TEST_oncorrupt_byte(st, signature); + +- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa, +- padding); +- if (decoded_len != plaintxt_len +- || memcmp(decoded, plaintxt, decoded_len) != 0) ++ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0) + goto err; + + ret = 1; + err: + OSSL_SELF_TEST_onend(st, ret); + OSSL_SELF_TEST_free(st); +- OPENSSL_free(ciphertxt); ++ OPENSSL_free(signature); + + return ret; + } diff --git a/SOURCES/0045-FIPS-services-minimize.patch b/SOURCES/0045-FIPS-services-minimize.patch new file mode 100644 index 0000000..8308990 --- /dev/null +++ b/SOURCES/0045-FIPS-services-minimize.patch @@ -0,0 +1,751 @@ +diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/providers/common/capabilities.c +--- openssl-3.0.1/providers/common/capabilities.c.fipsmin3 2022-05-05 17:11:36.146638536 +0200 ++++ openssl-3.0.1/providers/common/capabilities.c 2022-05-05 17:12:00.138848787 +0200 +@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list + TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), + TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), + TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), +-# endif + TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), + TLS_GROUP_ENTRY("x448", "X448", "X448", 29), ++# endif + # endif /* OPENSSL_NO_EC */ + # ifndef OPENSSL_NO_DH + /* Security bit values for FFDHE groups are as per RFC 7919 */ +diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c +--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200 ++++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200 +@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void); + + #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } + #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) +- + extern OSSL_FUNC_core_thread_start_fn *c_thread_start; + int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); + +@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx + &fips_prov_ossl_ctx_method); + + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider")) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); +- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) ++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); + if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) +@@ -281,10 +280,11 @@ static const OSSL_ALGORITHM fips_digests + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KMAC128 and KMAC256. + */ +- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, ++ /* We don't certify KECCAK in our FIPS provider */ ++ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, + ossl_keccak_kmac_128_functions }, + { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, +- ossl_keccak_kmac_256_functions }, ++ ossl_keccak_kmac_256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -343,8 +343,9 @@ static const OSSL_ALGORITHM_CAPABLE fips + ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, + ossl_cipher_capable_aes_cbc_hmac_sha256), + #ifndef OPENSSL_NO_DES +- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), +- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), ++ /* We don't certify 3DES in our FIPS provider */ ++ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), ++ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ + #endif /* OPENSSL_NO_DES */ + { { NULL, NULL, NULL }, NULL } + }; +@@ -356,8 +357,9 @@ static const OSSL_ALGORITHM fips_macs[] + #endif + { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, +- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, +- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, ++ /* We don't certify KMAC in our FIPS provider */ ++ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, ++ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ + { NULL, NULL, NULL } + }; + +@@ -392,8 +394,9 @@ static const OSSL_ALGORITHM fips_keyexch + #endif + #ifndef OPENSSL_NO_EC + { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, +- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, +- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, ++ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/ + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, + ossl_kdf_tls1_prf_keyexch_functions }, +@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch + + static const OSSL_ALGORITHM fips_signature[] = { + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + #ifndef OPENSSL_NO_EC +- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, ++ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */ + { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + #endif + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, +@@ -438,8 +443,9 @@ static const OSSL_ALGORITHM fips_keymgmt + PROV_DESCS_DHX }, + #endif + #ifndef OPENSSL_NO_DSA +- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, +- PROV_DESCS_DSA }, ++ /* We don't certify DSA in our FIPS provider */ ++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, ++ PROV_DESCS_DSA }, */ + #endif + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, + PROV_DESCS_RSA }, +@@ -448,14 +454,15 @@ static const OSSL_ALGORITHM fips_keymgmt + #ifndef OPENSSL_NO_EC + { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, + PROV_DESCS_EC }, +- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, ++ /* We don't certify Edwards curves in our FIPS provider */ ++ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, + PROV_DESCS_X25519 }, + { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, + PROV_DESCS_X448 }, + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, + PROV_DESCS_ED25519 }, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, +- PROV_DESCS_ED448 }, ++ PROV_DESCS_ED448 }, */ + #endif + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, + PROV_DESCS_TLS1_PRF_SIGN }, +diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/providers/fips/self_test_data.inc +--- openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 2022-05-05 12:36:32.335069046 +0200 ++++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-05 12:40:02.427966128 +0200 +@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest + /*- CIPHER TEST DATA */ + + /* DES3 test data */ ++#if 0 + static const unsigned char des_ede3_cbc_pt[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, +@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_ + 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, + 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 + }; +- ++#endif + /* AES-256 GCM test data */ + static const unsigned char aes_256_gcm_key[] = { + 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, +@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c + }; + + static const ST_KAT_CIPHER st_kat_cipher_tests[] = { ++#if 0 + #ifndef OPENSSL_NO_DES + { + { +@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher + ITM(des_ede3_cbc_iv), + }, + #endif ++#endif + { + { + OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, +@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ + # endif /* OPENSSL_NO_EC2M */ + #endif /* OPENSSL_NO_EC */ + +-#ifndef OPENSSL_NO_DSA + /* dsa 2048 */ ++#if 0 ++#ifndef OPENSSL_NO_DSA + static const unsigned char dsa_p[] = { + 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, + 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, +@@ -1549,8 +1553,8 @@ static const ST_KAT_PARAM dsa_key[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), + ST_KAT_PARAM_END() + }; +-#endif /* OPENSSL_NO_DSA */ +- ++#endif ++#endif + static const ST_KAT_SIGN st_kat_sign_tests[] = { + { + OSSL_SELF_TEST_DESC_SIGN_RSA, +@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes + }, + # endif + #endif /* OPENSSL_NO_EC */ ++#if 0 + #ifndef OPENSSL_NO_DSA + { + OSSL_SELF_TEST_DESC_SIGN_DSA, +@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes + */ + }, + #endif /* OPENSSL_NO_DSA */ ++#endif + }; + + static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { +diff -up openssl-3.0.1/test/acvp_test.c.fipsmin2 openssl-3.0.1/test/acvp_test.c +--- openssl-3.0.1/test/acvp_test.c.fipsmin2 2022-05-05 11:42:58.597848865 +0200 ++++ openssl-3.0.1/test/acvp_test.c 2022-05-05 11:43:30.141126336 +0200 +@@ -1476,6 +1476,7 @@ int setup_tests(void) + OSSL_NELEM(dh_safe_prime_keyver_data)); + #endif /* OPENSSL_NO_DH */ + ++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ + #ifndef OPENSSL_NO_DSA + ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); + ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); +@@ -1483,6 +1484,7 @@ int setup_tests(void) + ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); + ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); + #endif /* OPENSSL_NO_DSA */ ++#endif + + #ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); +diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_libctx_test.c +--- openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 2022-05-05 14:18:46.370911817 +0200 ++++ openssl-3.0.1/test/evp_libctx_test.c 2022-05-05 14:30:02.117911993 +0200 +@@ -21,6 +21,7 @@ + */ + #include "internal/deprecated.h" + #include ++#include + #include + #include + #include +@@ -725,8 +726,10 @@ int setup_tests(void) + if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) + return 0; + + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) +- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); ++ } + #endif + #ifndef OPENSSL_NO_DH + ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); +@@ -746,7 +750,9 @@ int setup_tests(void) + ADD_TEST(kem_invalid_keytype); + #endif + #ifndef OPENSSL_NO_DES +- ADD_TEST(test_cipher_tdes_randkey); ++ if (strcmp(prov_name, "fips") != 0) { ++ ADD_TEST(test_cipher_tdes_randkey); ++ } + #endif + return 1; + } +diff -up openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 openssl-3.0.1/test/recipes/15-test_gendsa.t +--- openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 2022-05-05 13:46:00.631590335 +0200 ++++ openssl-3.0.1/test/recipes/15-test_gendsa.t 2022-05-05 13:46:06.999644496 +0200 +@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); + plan skip_all => "This test is unsupported in a no-dsa build" + if disabled("dsa"); + +-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); ++my $no_fips = 1; + + plan tests => + ($no_fips ? 0 : 2) # FIPS related tests +diff -up openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 openssl-3.0.1/test/recipes/20-test_cli_fips.t +--- openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 2022-05-05 13:47:55.217564900 +0200 ++++ openssl-3.0.1/test/recipes/20-test_cli_fips.t 2022-05-05 13:48:02.824629600 +0200 +@@ -207,8 +207,7 @@ SKIP: { + } + + SKIP : { +- skip "FIPS DSA tests because of no dsa in this build", 1 +- if disabled("dsa"); ++ skip "FIPS DSA tests because of no dsa in this build", 1; + + subtest DSA => sub { + my $testtext_prefix = 'DSA'; +diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_cms.t +--- openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 2022-05-05 13:55:05.257292637 +0200 ++++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-05 13:58:35.307150750 +0200 +@@ -95,7 +95,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content DER format, DSA key", ++ [ "signed content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -103,7 +103,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, DSA key", ++ [ "signed detached content DER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", +@@ -112,7 +112,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed detached content DER format, add RSA signer (with DSA existing)", ++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", +@@ -123,7 +123,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, DSA key", ++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], +@@ -132,7 +132,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -145,7 +145,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", $smrsa1, +@@ -175,7 +175,7 @@ my @smime_pkcs7_tests = ( + \&zero_compare + ], + +- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -247,7 +247,7 @@ my @smime_pkcs7_tests = ( + + my @smime_cms_tests = ( + +- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", ++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", $smrsa1, +@@ -260,7 +260,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", ++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, + "-signer", catfile($smdir, "smrsa2.pem"), +@@ -370,7 +370,7 @@ my @smime_cms_tests = ( + \&final_compare + ], + +- [ "encrypted content test streaming PEM format, triple DES key", ++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", + [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], +diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t +--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200 ++++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200 +@@ -43,7 +43,6 @@ my @files = qw( + evpciph_aes_cts.txt + evpciph_aes_wrap.txt + evpciph_aes_stitched.txt +- evpciph_des3_common.txt + evpkdf_hkdf.txt + evpkdf_pbkdf1.txt + evpkdf_pbkdf2.txt +@@ -66,12 +65,6 @@ push @files, qw( + evppkey_dh.txt + ) unless $no_dh; + push @files, qw( +- evpkdf_x942_des.txt +- evpmac_cmac_des.txt +- ) unless $no_des; +-push @files, qw(evppkey_dsa.txt) unless $no_dsa; +-push @files, qw(evppkey_ecx.txt) unless $no_ec; +-push @files, qw( + evppkey_ecc.txt + evppkey_ecdh.txt + evppkey_ecdsa.txt +@@ -91,6 +84,7 @@ my @defltfiles = qw( + evpciph_cast5.txt + evpciph_chacha.txt + evpciph_des.txt ++ evpciph_des3_common.txt + evpciph_idea.txt + evpciph_rc2.txt + evpciph_rc4.txt +@@ -117,6 +111,12 @@ my @defltfiles = qw( + evppkey_kdf_tls1_prf.txt + evppkey_rsa.txt + ); ++push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa; ++push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec; ++push @defltfiles, qw( ++ evpkdf_x942_des.txt ++ evpmac_cmac_des.txt ++ ) unless $no_des; + push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; + + plan tests => +diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt +--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200 ++++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200 +@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100 + Output = 00BDA1B7E87608BCBF470F12157F4C07 + + ++Availablein = default + Title = KMAC Tests (From NIST) + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +@@ -338,12 +339,14 @@ Ctrl = xof:0 + OutputSize = 32 + BlockSize = 168 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Custom = "My Tagged Application" + Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -351,6 +354,7 @@ Custom = "My Tagged Application" + Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -359,12 +363,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6 + OutputSize = 64 + BlockSize = 136 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 + Custom = "" + Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -374,12 +380,14 @@ Ctrl = size:64 + + Title = KMAC XOF Tests (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -387,6 +395,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + XOF = 1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -395,6 +404,7 @@ Output = 47026C7CD793084AA0283C253EF6584 + XOF = 1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -402,6 +412,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -409,6 +420,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + XOF = 1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -419,6 +431,7 @@ XOF = 1 + + Title = KMAC long customisation string (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -429,12 +442,14 @@ XOF = 1 + + Title = KMAC XOF Tests via ctrl (From NIST) + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 + Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -442,6 +457,7 @@ Custom = "My Tagged Application" + Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -450,6 +466,7 @@ Output = 47026C7CD793084AA0283C253EF6584 + Ctrl = xof:1 + Ctrl = size:32 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 00010203 +@@ -457,6 +474,7 @@ Custom = "My Tagged Application" + Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -464,6 +482,7 @@ Custom = "" + Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B + Ctrl = xof:1 + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -474,6 +493,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string via ctrl (from NIST ACVP) + ++Availablein = default + MAC = KMAC256 + Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 + Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D +@@ -484,6 +504,7 @@ Ctrl = xof:1 + + Title = KMAC long customisation string negative test + ++Availablein = default + MAC = KMAC128 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +@@ -492,6 +513,7 @@ Result = MAC_INIT_ERROR + + Title = KMAC output is too large + ++Availablein = default + MAC = KMAC256 + Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F + Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_ssl_old.t +--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 2022-05-05 16:02:59.745500635 +0200 ++++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-05 16:10:24.071348890 +0200 +@@ -426,7 +426,7 @@ sub testssl { + my @exkeys = (); + my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; + +- if (!$no_dsa) { ++ if (!$no_dsa && $provider ne "fips") { + push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; + } + +diff -up openssl-3.0.1/test/endecode_test.c.fipsmin3 openssl-3.0.1/test/endecode_test.c +--- openssl-3.0.1/test/endecode_test.c.fipsmin3 2022-05-06 16:25:57.296926271 +0200 ++++ openssl-3.0.1/test/endecode_test.c 2022-05-06 16:27:42.712850840 +0200 +@@ -1387,6 +1387,7 @@ int setup_tests(void) + * so no legacy tests. + */ + #endif ++ if (is_fips == 0) { + #ifndef OPENSSL_NO_DSA + ADD_TEST_SUITE(DSA); + ADD_TEST_SUITE_PARAMS(DSA); +@@ -1397,6 +1398,7 @@ int setup_tests(void) + ADD_TEST_SUITE_PROTECTED_PVK(DSA); + # endif + #endif ++ } + #ifndef OPENSSL_NO_EC + ADD_TEST_SUITE(EC); + ADD_TEST_SUITE_PARAMS(EC); +@@ -1411,10 +1413,12 @@ int setup_tests(void) + ADD_TEST_SUITE(ECExplicitTri2G); + ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); + # endif ++ if (is_fips == 0) { + ADD_TEST_SUITE(ED25519); + ADD_TEST_SUITE(ED448); + ADD_TEST_SUITE(X25519); + ADD_TEST_SUITE(X448); ++ } + /* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. +diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c +--- openssl-3.0.1/apps/req.c.dfc 2022-05-12 13:31:21.957638329 +0200 ++++ openssl-3.0.1/apps/req.c 2022-05-12 13:31:49.587984867 +0200 +@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) + unsigned long chtype = MBSTRING_ASC, reqflag = 0; + + #ifndef OPENSSL_NO_DES +- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); ++ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); + #endif + + prog = opt_init(argc, argv, req_options); +diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecparam.c +--- openssl-3.0.1/apps/ecparam.c.fips_list_curves 2022-05-19 11:46:22.682519422 +0200 ++++ openssl-3.0.1/apps/ecparam.c 2022-05-19 11:50:44.559828701 +0200 +@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out) + const char *comment = curves[n].comment; + const char *sname = OBJ_nid2sn(curves[n].nid); + ++ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL)) ++ continue; ++ + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) +diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c +--- openssl-3.0.1/ssl/ssl_ciph.c.nokrsa 2022-05-19 13:32:32.536708638 +0200 ++++ openssl-3.0.1/ssl/ssl_ciph.c 2022-05-19 13:42:29.734002959 +0200 +@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) + ctx->disabled_mkey_mask = 0; + ctx->disabled_auth_mask = 0; + ++ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) ++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; ++ + /* + * We ignore any errors from the fetches below. They are expected to fail + * if theose algorithms are not available. +diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen openssl-3.0.1/providers/implementations/signature/rsa_sig.c +--- openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen 2022-05-23 14:58:07.764281242 +0200 ++++ openssl-3.0.1/providers/implementations/signature/rsa_sig.c 2022-05-23 15:10:29.327993616 +0200 +@@ -770,6 +770,19 @@ static int rsa_verify(void *vprsactx, co + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t rslen; ++# ifdef FIPS_MODULE ++ size_t rsabits = RSA_bits(prsactx->rsa); ++ ++ if (rsabits < 2048) { ++ if (rsabits != 1024 ++ && rsabits != 1280 ++ && rsabits != 1536 ++ && rsabits != 1792) { ++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ } ++# endif + + if (!ossl_prov_is_running()) + return 0; +diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c +--- openssl-3.0.1/ssl/t1_lib.c.groupnames 2022-06-17 09:42:50.866748854 +0200 ++++ openssl-3.0.1/ssl/t1_lib.c 2022-06-17 09:49:07.715973172 +0200 +@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS + * it. + */ + ret = 1; ++ (void)ERR_set_mark(); + keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); + if (keymgmt != NULL) { + /* +@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS + } + EVP_KEYMGMT_free(keymgmt); + } ++ (void)ERR_pop_to_mark(); + err: + if (ginf != NULL) { + OPENSSL_free(ginf->tlsname); +@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int + etmp[len] = 0; + + gid = tls1_group_name2id(garg->ctx, etmp); +- if (gid == 0) ++ if (gid == 0) { ++ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, ++ "group '%s' cannot be set", etmp); + return 0; ++ } + for (i = 0; i < garg->gidcnt; i++) + if (garg->gid_arr[i] == gid) + return 0; diff --git a/SOURCES/0046-FIPS-s390x-hardening.patch b/SOURCES/0046-FIPS-s390x-hardening.patch new file mode 100644 index 0000000..f79abf9 --- /dev/null +++ b/SOURCES/0046-FIPS-s390x-hardening.patch @@ -0,0 +1,22 @@ +diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c +index 5c70b2d67840..c5726c638bdd 100644 +--- a/crypto/ec/ecp_s390x_nistp.c ++++ b/crypto/ec/ecp_s390x_nistp.c +@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, + /* Otherwise use default. */ + if (rc == -1) + rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); +- OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); ++ OPENSSL_cleanse(param, sizeof(param)); + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return rc; +@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, + + ok = 1; + ret: +- OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); ++ OPENSSL_cleanse(param, sizeof(param)); + if (ok != 1) { + ECDSA_SIG_free(sig); + sig = NULL; diff --git a/SOURCES/0047-FIPS-early-KATS.patch b/SOURCES/0047-FIPS-early-KATS.patch new file mode 100644 index 0000000..ef2d081 --- /dev/null +++ b/SOURCES/0047-FIPS-early-KATS.patch @@ -0,0 +1,39 @@ +diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c +--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100 ++++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100 +@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + if (ev == NULL) + goto end; + ++ /* ++ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements ++ */ ++ if (kats_already_passed == 0) { ++ if (!SELF_TEST_kats(ev, st->libctx)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); ++ goto end; ++ } ++ } ++ + module_checksum = fips_hmac_container; + checksum_len = sizeof(fips_hmac_container); + +@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + kats_already_passed = 1; + } + } +- +- /* +- * Only runs the KAT's during installation OR on_demand(). +- * NOTE: If the installation option 'self_test_onload' is chosen then this +- * path will always be run, since kats_already_passed will always be 0. +- */ +- if (on_demand_test || kats_already_passed == 0) { +- if (!SELF_TEST_kats(ev, st->libctx)) { +- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); +- goto end; +- } +- } + ok = 1; + end: + OSSL_SELF_TEST_free(ev); diff --git a/SOURCES/0048-correctly-handle-records.patch b/SOURCES/0048-correctly-handle-records.patch new file mode 100644 index 0000000..ecbc09c --- /dev/null +++ b/SOURCES/0048-correctly-handle-records.patch @@ -0,0 +1,52 @@ +diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c +--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100 ++++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100 +@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in + /* Set width for a select call if needed */ + width = s + 1; + +- buf = app_malloc(bufsize, "server www buffer"); ++ /* as we use BIO_gets(), and it always null terminates data, we need ++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ ++ buf = app_malloc(bufsize + 1, "server www buffer"); + io = BIO_new(BIO_f_buffer()); + ssl_bio = BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) +@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in + } + + for (;;) { +- i = BIO_gets(io, buf, bufsize - 1); ++ i = BIO_gets(io, buf, bufsize + 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { + if (!s_quiet) +@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in + * we're expecting to come from the client. If they haven't + * sent one there's not much we can do. + */ +- BIO_gets(io, buf, bufsize - 1); ++ BIO_gets(io, buf, bufsize + 1); + } + + BIO_puts(io, +@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in + SSL *con; + BIO *io, *ssl_bio, *sbio; + +- buf = app_malloc(bufsize, "server rev buffer"); ++ /* as we use BIO_gets(), and it always null terminates data, we need ++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ ++ buf = app_malloc(bufsize + 1, "server rev buffer"); + io = BIO_new(BIO_f_buffer()); + ssl_bio = BIO_new(BIO_f_ssl()); + if ((io == NULL) || (ssl_bio == NULL)) +@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in + print_ssl_summary(con); + + for (;;) { +- i = BIO_gets(io, buf, bufsize - 1); ++ i = BIO_gets(io, buf, bufsize + 1); + if (i < 0) { /* error */ + if (!BIO_should_retry(io)) { + if (!s_quiet) diff --git a/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch b/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch new file mode 100644 index 0000000..18b0183 --- /dev/null +++ b/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch @@ -0,0 +1,489 @@ +From 243201772cc6d583fae9eba81cb2c2c7425bc564 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Mon, 21 Feb 2022 17:24:44 +0100 +Subject: Selectively disallow SHA1 signatures + +For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is +disabling SHA1 signatures. Introduce a new configuration option in the +alg_section named 'rh-allow-sha1-signatures'. This option defaults to +false. If set to false (or unset), any signature creation or +verification operations that involve SHA1 as digest will fail. + +This also affects TLS, where the signature_algorithms extension of any +ClientHello message sent by OpenSSL will no longer include signatures +with the SHA1 digest if rh-allow-sha1-signatures is false. For servers +that request a client certificate, the same also applies for +CertificateRequest messages sent by them. + +For signatures created using the EVP_PKEY API, this is a best-effort +check that will deny signatures in cases where the digest algorithm is +known. This means, for example, that that following steps will still +work: + + $> openssl dgst -sha1 -binary -out sha1 infile + $> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig + $> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1 + +whereas these will not: + + $> openssl dgst -sha1 -binary -out sha1 infile + $> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1 + $> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1 + +This happens because in the first case, OpenSSL's signature +implementation does not know that it is signing a SHA1 hash (it could be +signing arbitrary data). + +Resolves: rhbz#2031742 +--- + crypto/evp/evp_cnf.c | 13 ++++ + crypto/evp/m_sigver.c | 77 +++++++++++++++++++ + crypto/evp/pmeth_lib.c | 15 ++++ + doc/man5/config.pod | 11 +++ + include/internal/cryptlib.h | 3 +- + include/internal/sslconf.h | 4 + + providers/common/securitycheck.c | 20 +++++ + providers/common/securitycheck_default.c | 9 ++- + providers/implementations/signature/dsa_sig.c | 11 ++- + .../implementations/signature/ecdsa_sig.c | 4 + + providers/implementations/signature/rsa_sig.c | 20 ++++- + ssl/t1_lib.c | 8 ++ + util/libcrypto.num | 2 + + 13 files changed, 188 insertions(+), 9 deletions(-) + +diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c +index 0e7fe64cf9..b9d3b6d226 100644 +--- a/crypto/evp/evp_cnf.c ++++ b/crypto/evp/evp_cnf.c +@@ -10,6 +10,7 @@ + #include + #include + #include "internal/cryptlib.h" ++#include "internal/sslconf.h" + #include + #include + #include +@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) + ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); + return 0; + } ++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { ++ int m; ++ ++ /* Detailed error already reported. */ ++ if (!X509V3_get_value_bool(oval, &m)) ++ return 0; ++ ++ if (!ossl_ctx_legacy_digest_signatures_allowed_set( ++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); ++ return 0; ++ } + } else { + ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, + "name=%s, value=%s", oval->name, oval->value); +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index 9188edbc21..db1a1d7bc3 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -16,6 +16,71 @@ + #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "evp_local.h" + ++typedef struct ossl_legacy_digest_signatures_st { ++ int allowed; ++} OSSL_LEGACY_DIGEST_SIGNATURES; ++ ++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; ++ ++ if (ldsigs != NULL) { ++ OPENSSL_free(ldsigs); ++ } ++} ++ ++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++{ ++ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); ++} ++ ++static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { ++ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, ++ ossl_ctx_legacy_digest_signatures_new, ++ ossl_ctx_legacy_digest_signatures_free, ++}; ++ ++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( ++ OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++#ifndef FIPS_MODULE ++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) ++ return 0; ++#endif ++ ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, ++ &ossl_ctx_legacy_digest_signatures_method); ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++#ifndef FIPS_MODULE ++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) ++ /* used in tests */ ++ return 1; ++#endif ++ ++ return ldsigs != NULL ? ldsigs->allowed : 0; ++} ++ ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig) ++{ ++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs ++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); ++ ++ if (ldsigs == NULL) { ++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ ldsigs->allowed = allow; ++ return 1; ++} ++ + #ifndef FIPS_MODULE + + static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) +@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + } + } + ++ if (ctx->reqdigest != NULL ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(ctx->reqdigest); ++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) ++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ goto err; ++ } ++ } ++ + if (ver) { + if (signature->digest_verify_init == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index 2b9c6c2351..3c5a1e6f5d 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -33,6 +33,7 @@ + #include "internal/ffc.h" + #include "internal/numbers.h" + #include "internal/provider.h" ++#include "internal/sslconf.h" + #include "evp_local.h" + + #ifndef FIPS_MODULE +@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, + return -2; + } + ++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) ++ && md != NULL ++ && ctx->pkey != NULL ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) ++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); ++ return -1; ++ } ++ } ++ + if (fallback) + return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); + +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index 77a8055e81..aa1be5ca7f 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning: + The value may be anything that is acceptable as a property query + string for EVP_set_default_properties(). + ++=item B ++ ++The value is a boolean that can be B or B. If the value is not set, ++it behaves as if it was set to B. ++ ++When set to B, any attempt to create or verify a signature with a SHA1 ++digest will fail. For compatibility with older versions of OpenSSL, set this ++option to B. This setting also affects TLS, where signature algorithms ++that use SHA1 as digest will no longer be supported if this option is set to ++B. ++ + =item B (deprecated) + + The value is a boolean that can be B or B. If the value is +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 1291299b6e..e234341e6a 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { + # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 + # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 + # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +-# define OSSL_LIB_CTX_MAX_INDEXES 19 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 ++# define OSSL_LIB_CTX_MAX_INDEXES 20 + + # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 + # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 +diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h +index fd7f7e3331..05464b0655 100644 +--- a/include/internal/sslconf.h ++++ b/include/internal/sslconf.h +@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); + void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + ++/* Methods to support disabling all signatures with legacy digests */ ++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); ++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, ++ int loadconfig); + #endif +diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c +index 699ada7c52..e534ad0a5f 100644 +--- a/providers/common/securitycheck.c ++++ b/providers/common/securitycheck.c +@@ -19,6 +19,7 @@ + #include + #include + #include "prov/securitycheck.h" ++#include "internal/sslconf.h" + + /* + * FIPS requires a minimum security strength of 112 bits (for encryption or +@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, + mdnid = -1; /* disallowed by security checks */ + } + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ ++ if (mdnid == NID_sha1 && !sha1_allowed) ++ mdnid = -1; ++#endif ++ + return mdnid; + } + +@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) + if (ossl_securitycheck_enabled(ctx)) + return ossl_digest_get_approved_nid(md) != NID_undef; + # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ ++ ++#ifndef FIPS_MODULE ++ { ++ int mdnid = EVP_MD_nid(md); ++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) ++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ return 0; ++ } ++#endif ++ + return 1; + } +diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c +index de7f0d3a0a..ce54a94fbc 100644 +--- a/providers/common/securitycheck_default.c ++++ b/providers/common/securitycheck_default.c +@@ -15,6 +15,7 @@ + #include + #include "prov/securitycheck.h" + #include "internal/nelem.h" ++#include "internal/sslconf.h" + + /* Disable the security checks in the default provider */ + int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) + } + + int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- ossl_unused int sha1_allowed) ++ int sha1_allowed) + { + int mdnid; ++ int ldsigs_allowed; + + static const OSSL_ITEM name_to_nid[] = { + { NID_md5, OSSL_DIGEST_NAME_MD5 }, +@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, + { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, + }; + +- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); ++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); + if (mdnid == NID_undef) + mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); ++ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) ++ mdnid = -1; + return mdnid; + } +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index 28fd7c498e..fa3822f39f 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + mdprops = ctx->propq; + + if (mdname != NULL) { +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + WPACKET pkt; + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, +- sha1_allowed); ++ int md_nid; + size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE ++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, ++ sha1_allowed); + + if (md == NULL || md_nid < 0) { + if (md == NULL) +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 865d49d100..99b228e82c 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } ++#ifdef FIPS_MODULE + sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ sha1_allowed = 0; ++#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 325e855333..bea397f0c1 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -26,6 +26,7 @@ + #include "internal/cryptlib.h" + #include "internal/nelem.h" + #include "internal/sizes.h" ++#include "internal/sslconf.h" + #include "crypto/rsa.h" + #include "prov/providercommon.h" + #include "prov/implementations.h" +@@ -34,6 +35,7 @@ + #include "prov/securitycheck.h" + + #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 ++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 + + static OSSL_FUNC_signature_newctx_fn rsa_newctx; + static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; +@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); ++ int md_nid; ++ size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); +- size_t mdname_len = strlen(mdname); + + if (md == NULL + || md_nid <= 0 +@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + prsactx->pad_mode = pad_mode; + + if (prsactx->md == NULL && pmdname == NULL +- && pad_mode == RSA_PKCS1_PSS_PADDING) ++ && pad_mode == RSA_PKCS1_PSS_PADDING) { + pmdname = RSA_DEFAULT_DIGEST_NAME; ++#ifndef FIPS_MODULE ++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++ } ++#endif ++ } ++ + + if (pmgf1mdname != NULL + && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index fc32bb3556..4b74ee1a34 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" + #include "internal/tlsgroups.h" +@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); + EVP_PKEY *tmpkey = EVP_PKEY_new(); + int ret = 0; ++ int ldsigs_allowed; + + if (cache == NULL || tmpkey == NULL) + goto err; + + ERR_set_mark(); ++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); + for (i = 0, lu = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + EVP_PKEY_CTX *pctx; +@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) + cache[i].enabled = 0; + continue; + } ++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) ++ && !ldsigs_allowed) { ++ cache[i].enabled = 0; ++ continue; ++ } + + if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { + cache[i].enabled = 0; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 10b4e57d79..2d3c363bb0 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: ++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +-- +2.35.1 + diff --git a/SOURCES/0050-FIPS-enable-pkcs12-mac.patch b/SOURCES/0050-FIPS-enable-pkcs12-mac.patch new file mode 100644 index 0000000..1496bb2 --- /dev/null +++ b/SOURCES/0050-FIPS-enable-pkcs12-mac.patch @@ -0,0 +1,95 @@ +diff -up openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips openssl-3.0.1/crypto/pkcs12/p12_key.c +--- openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips 2022-02-21 12:35:24.829893907 +0100 ++++ openssl-3.0.1/crypto/pkcs12/p12_key.c 2022-02-21 13:01:22.711622967 +0100 +@@ -85,17 +85,41 @@ int PKCS12_key_gen_uni_ex(unsigned char + EVP_KDF *kdf; + EVP_KDF_CTX *ctx; + OSSL_PARAM params[6], *p = params; ++ char *adjusted_propq = NULL; + + if (n <= 0) + return 0; + +- kdf = EVP_KDF_fetch(libctx, "PKCS12KDF", propq); +- if (kdf == NULL) ++ if (ossl_get_kernel_fips_flag()) { ++ const char *nofips = "-fips"; ++ size_t len = propq ? strlen(propq) + 1 + strlen(nofips) + 1 : ++ strlen(nofips) + 1; ++ char *ptr = NULL; ++ ++ adjusted_propq = OPENSSL_zalloc(len); ++ if (adjusted_propq != NULL) { ++ ptr = adjusted_propq; ++ if (propq) { ++ memcpy(ptr, propq, strlen(propq)); ++ ptr += strlen(propq); ++ *ptr = ','; ++ ptr++; ++ } ++ memcpy(ptr, nofips, strlen(nofips)); ++ } ++ } ++ ++ kdf = adjusted_propq ? EVP_KDF_fetch(libctx, "PKCS12KDF", adjusted_propq) : EVP_KDF_fetch(libctx, "PKCS12KDF", propq); ++ if (kdf == NULL) { ++ OPENSSL_free(adjusted_propq); + return 0; ++ } + ctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); +- if (ctx == NULL) ++ if (ctx == NULL) { ++ OPENSSL_free(adjusted_propq); + return 0; ++ } + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)EVP_MD_get0_name(md_type), +@@ -127,6 +149,7 @@ int PKCS12_key_gen_uni_ex(unsigned char + } OSSL_TRACE_END(PKCS12_KEYGEN); + } + EVP_KDF_CTX_free(ctx); ++ OPENSSL_free(adjusted_propq); + return res; + } + +diff -up openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps openssl-3.0.1/apps/pkcs12.c +--- openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps 2022-02-21 16:37:07.908923682 +0100 ++++ openssl-3.0.1/apps/pkcs12.c 2022-02-21 17:38:44.555345633 +0100 +@@ -765,15 +765,34 @@ int pkcs12_main(int argc, char **argv) + } + if (macver) { + EVP_KDF *pkcs12kdf; ++ char *adjusted_propq = NULL; ++ const char *nofips = "-fips"; ++ size_t len = app_get0_propq() ? strlen(app_get0_propq()) + 1 + strlen(nofips) + 1 : ++ strlen(nofips) + 1; ++ char *ptr = NULL; ++ ++ adjusted_propq = OPENSSL_zalloc(len); ++ if (adjusted_propq != NULL) { ++ ptr = adjusted_propq; ++ if (app_get0_propq()) { ++ memcpy(ptr, app_get0_propq(), strlen(app_get0_propq())); ++ ptr += strlen(app_get0_propq()); ++ *ptr = ','; ++ ptr++; ++ } ++ memcpy(ptr, nofips, strlen(nofips)); ++ } + + pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", +- app_get0_propq()); ++ adjusted_propq ? adjusted_propq : app_get0_propq()); + if (pkcs12kdf == NULL) { + BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); + BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); ++ OPENSSL_free(adjusted_propq); + goto end; + } + EVP_KDF_free(pkcs12kdf); ++ OPENSSL_free(adjusted_propq); + /* If we enter empty password try no password first */ + if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { + /* If mac and crypto pass the same set it to NULL too */ diff --git a/SOURCES/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/SOURCES/0051-Support-different-R_BITS-lengths-for-KBKDF.patch new file mode 100644 index 0000000..c240628 --- /dev/null +++ b/SOURCES/0051-Support-different-R_BITS-lengths-for-KBKDF.patch @@ -0,0 +1,2151 @@ +From 0e9a265e42890699dfce82f1ff6905de6aafbd41 Mon Sep 17 00:00:00 2001 +From: Patrick Uiterwijk +Date: Thu, 18 Nov 2021 10:47:14 +0100 +Subject: [PATCH] Support different R_BITS lengths for KBKDF + +Reviewed-by: Tomas Mraz +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/17063) +--- + doc/man7/EVP_KDF-KB.pod | 7 + + include/openssl/core_names.h | 1 + + providers/implementations/kdfs/kbkdf.c | 30 +- + test/evp_kdf_test.c | 47 +- + test/evp_test.c | 6 + + test/recipes/30-test_evp.t | 1 + + .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 1843 +++++++++++++++++ + 7 files changed, 1924 insertions(+), 11 deletions(-) + create mode 100644 test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt + +diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod +index d4fad66f7654..a67268afa7d5 100644 +--- a/doc/man7/EVP_KDF-KB.pod ++++ b/doc/man7/EVP_KDF-KB.pod +@@ -58,6 +58,13 @@ Set to B<0> to disable use of the optional Fixed Input data 'zero separator' + (see SP800-108) that is placed between the Label and Context. + The default value of B<1> will be used if unspecified. + ++=item "r" (B) ++ ++Set the fixed value 'r', indicating the length of the counter in bits. ++ ++Supported values are B<8>, B<16>, B<24>, and B<32>. ++The default value of B<32> will be used if unspecified. ++ + =back + + Depending on whether mac is CMAC or HMAC, either digest or cipher is required +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index b549dae9167c..78418dc6e0a2 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -217,6 +217,7 @@ extern "C" { + #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ + #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ + #define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ ++#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */ + #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" + #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" + #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" +diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c +index 01f7f0d4fd2e..a81cc6e0c0d6 100644 +--- a/providers/implementations/kdfs/kbkdf.c ++++ b/providers/implementations/kdfs/kbkdf.c +@@ -60,6 +60,7 @@ typedef struct { + EVP_MAC_CTX *ctx_init; + + /* Names are lowercased versions of those found in SP800-108. */ ++ int r; + unsigned char *ki; + size_t ki_len; + unsigned char *label; +@@ -100,6 +101,7 @@ static uint32_t be32(uint32_t host) + + static void init(KBKDF *ctx) + { ++ ctx->r = 32; + ctx->use_l = 1; + ctx->use_separator = 1; + } +@@ -152,7 +154,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, + size_t iv_len, unsigned char *label, size_t label_len, + unsigned char *context, size_t context_len, + unsigned char *k_i, size_t h, uint32_t l, int has_separator, +- unsigned char *ko, size_t ko_len) ++ unsigned char *ko, size_t ko_len, int r) + { + int ret = 0; + EVP_MAC_CTX *ctx = NULL; +@@ -186,7 +188,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, + if (mode == FEEDBACK && !EVP_MAC_update(ctx, k_i, k_i_len)) + goto done; + +- if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4) ++ if (!EVP_MAC_update(ctx, 4 - (r / 8) + (unsigned char *)&i, r / 8) + || !EVP_MAC_update(ctx, label, label_len) + || (has_separator && !EVP_MAC_update(ctx, &zero, 1)) + || !EVP_MAC_update(ctx, context, context_len) +@@ -217,6 +219,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, + unsigned char *k_i = NULL; + uint32_t l = 0; + size_t h = 0; ++ uint64_t counter_max; + + if (!ossl_prov_is_running() || !kbkdf_set_ctx_params(ctx, params)) + return 0; +@@ -248,6 +251,15 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, + goto done; + } + ++ if (ctx->mode == COUNTER) { ++ /* Fail if keylen is too large for r */ ++ counter_max = (uint64_t)1 << (uint64_t)ctx->r; ++ if ((uint64_t)(keylen / h) >= counter_max) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ goto done; ++ } ++ } ++ + if (ctx->use_l != 0) + l = be32(keylen * 8); + +@@ -257,7 +269,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, + + ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label, + ctx->label_len, ctx->context, ctx->context_len, k_i, h, l, +- ctx->use_separator, key, keylen); ++ ctx->use_separator, key, keylen, ctx->r); + done: + if (ret != 1) + OPENSSL_cleanse(key, keylen); +@@ -328,6 +340,17 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l)) + return 0; + ++ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_R); ++ if (p != NULL) { ++ int new_r = 0; ++ ++ if (!OSSL_PARAM_get_int(p, &new_r)) ++ return 0; ++ if (new_r != 8 && new_r != 16 && new_r != 24 && new_r != 32) ++ return 0; ++ ctx->r = new_r; ++ } ++ + p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR); + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator)) + return 0; +@@ -354,6 +377,7 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL), + OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL), ++ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_R, NULL), + OSSL_PARAM_END, + }; + return known_settable_ctx_params; +diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c +index 7fde5ea4111c..173d8cb8b87b 100644 +--- a/test/evp_kdf_test.c ++++ b/test/evp_kdf_test.c +@@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) + #endif + + static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key, +- size_t keylen, char *salt, char *info) ++ size_t keylen, char *salt, char *info, int *r) + { +- OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7); ++ OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8); + OSSL_PARAM *p = params; + + if (params == NULL) +@@ -1088,6 +1088,8 @@ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char + OSSL_KDF_PARAM_SALT, salt, strlen(salt)); + *p++ = OSSL_PARAM_construct_octet_string( + OSSL_KDF_PARAM_INFO, info, strlen(info)); ++ *p++ = OSSL_PARAM_construct_int( ++ OSSL_KDF_PARAM_KBKDF_R, r); + *p = OSSL_PARAM_construct_end(); + + return params; +@@ -1100,8 +1102,9 @@ static int test_kdf_kbkdf_invalid_digest(void) + OSSL_PARAM *params; + + static unsigned char key[] = {0x01}; ++ int r = 32; + +- params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); ++ params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r); + if (!TEST_ptr(params)) + return 0; + +@@ -1122,8 +1125,9 @@ static int test_kdf_kbkdf_invalid_mac(void) + OSSL_PARAM *params; + + static unsigned char key[] = {0x01}; ++ int r = 32; + +- params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); ++ params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r); + if (!TEST_ptr(params)) + return 0; + +@@ -1137,6 +1141,30 @@ static int test_kdf_kbkdf_invalid_mac(void) + return ret; + } + ++static int test_kdf_kbkdf_invalid_r(void) ++{ ++ int ret; ++ EVP_KDF_CTX *kctx; ++ OSSL_PARAM *params; ++ ++ static unsigned char key[] = {0x01}; ++ int r = 31; ++ ++ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); ++ if (!TEST_ptr(params)) ++ return 0; ++ ++ /* Negative test case - derive should fail */ ++ kctx = get_kdfbyname("KBKDF"); ++ ret = TEST_ptr(kctx) ++ && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); ++ ++ EVP_KDF_CTX_free(kctx); ++ OPENSSL_free(params); ++ return ret; ++} ++ ++ + static int test_kdf_kbkdf_empty_key(void) + { + int ret; +@@ -1145,8 +1173,9 @@ static int test_kdf_kbkdf_empty_key(void) + + static unsigned char key[] = {0x01}; + unsigned char result[32] = { 0 }; ++ int r = 32; + +- params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); ++ params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r); + if (!TEST_ptr(params)) + return 0; + +@@ -1169,8 +1198,9 @@ static int test_kdf_kbkdf_1byte_key(void) + + static unsigned char key[] = {0x01}; + unsigned char result[32] = { 0 }; ++ int r = 32; + +- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); ++ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); + if (!TEST_ptr(params)) + return 0; + +@@ -1191,8 +1221,9 @@ static int test_kdf_kbkdf_zero_output_size(void) + + static unsigned char key[] = {0x01}; + unsigned char result[32] = { 0 }; ++ int r = 32; + +- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); ++ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); + if (!TEST_ptr(params)) + return 0; + +@@ -1298,7 +1329,6 @@ static int test_kdf_kbkdf_8009_prf2(void) + * Test vector taken from + * https://csrc.nist.gov/CSRC/media/Projects/ + * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip +- * Note: Only 32 bit counter is supported ([RLEN=32_BITS]) + */ + static int test_kdf_kbkdf_fixedinfo(void) + { +@@ -1628,6 +1658,7 @@ int setup_tests(void) + #endif + ADD_TEST(test_kdf_kbkdf_invalid_digest); + ADD_TEST(test_kdf_kbkdf_invalid_mac); ++ ADD_TEST(test_kdf_kbkdf_invalid_r); + ADD_TEST(test_kdf_kbkdf_zero_output_size); + ADD_TEST(test_kdf_kbkdf_empty_key); + ADD_TEST(test_kdf_kbkdf_1byte_key); +diff --git a/test/evp_test.c b/test/evp_test.c +index 70996195f0cb..6ae862b04403 100644 +--- a/test/evp_test.c ++++ b/test/evp_test.c +@@ -2639,6 +2639,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, + TEST_info("skipping, '%s' is disabled", p); + t->skip = 1; + } ++ if (p != NULL ++ && (strcmp(name, "mac") == 0) ++ && is_mac_disabled(p)) { ++ TEST_info("skipping, '%s' is disabled", p); ++ t->skip = 1; ++ } + OPENSSL_free(name); + return 1; + } +diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t +index 7ae546e1d70c..7b976c0a1b5e 100644 +--- a/test/recipes/30-test_evp.t ++++ b/test/recipes/30-test_evp.t +@@ -45,6 +45,7 @@ my @files = qw( + evpciph_aes_wrap.txt + evpciph_aes_stitched.txt + evpkdf_hkdf.txt ++ evpkdf_kbkdf_counter.txt + evpkdf_pbkdf1.txt + evpkdf_pbkdf2.txt + evpkdf_ss.txt +diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +new file mode 100644 +index 000000000000..04ab8ff0fad7 +--- /dev/null ++++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +@@ -0,0 +1,1843 @@ ++# ++# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# Tests start with one of these keywords ++# Cipher Decrypt Derive Digest Encoding KDF MAC PBE ++# PrivPubKeyPair Sign Verify VerifyRecover ++# and continue until a blank line. Lines starting with a pound sign are ignored. ++ ++Title = KBKDF tests ++ ++# Test vectors taken from ++# https://csrc.nist.gov/CSRC/media/Projects/ ++# Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip ++ ++ ++# [PRF=CMAC_AES128] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:dff1e50ac0b69dc40f1051d46c2b069c ++Ctrl.hexinfo = hexinfo:c16e6e02c5a3dcc8d78b9ac1306877761310455b4e41469951d9e6c2245a064b33fd8c3b01203a7824485bf0a64060c4648b707d2607935699316ea5 ++Output = 8be8f0869b3c0ba97b71863d1b9f7813 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:682e814d872397eba71170a693514904 ++Ctrl.hexinfo = hexinfo:e323cdfa7873a0d72cd86ffb4468744f097db60498f7d0e3a43bafd2d1af675e4a88338723b1236199705357c47bf1d89b2f4617a340980e6331625c ++Output = dac9b6ca405749cfb065a0f1e42c7c4224d3d5db32fdafe9dee6ca193316f2c7 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:7aa9973481d560f3be217ac3341144d8 ++Ctrl.hexinfo = hexinfo:46f88b5af7fb9e29262dd4e010143a0a9c465c627450ec74ab7251889529193e995c4b56ff55bc2fc8992a0df1ee8056f6816b7614fba4c12d3be1a5 ++Output = 1746ae4f09903f74bfbe1b8ae2b79d74576a3b09 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:e91e0d06ab23a4e495bbcc430efddcaf ++Ctrl.hexinfo = hexinfo:24acb8e9227b180f2ccebea48051cbdbcd1be2bf94400d1e92945fe9b887585a295f46c469036107697813a3e12c45ae2ffde9a940f8f8c181018a93 ++Output = e81ef2483729d4165aaa4866c17f26496e6c6924e2fe34f608efef0c35835f86df29a1e19ce166a8 ++ ++ ++# [PRF=CMAC_AES128] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:30ec5f6fa1def33cff008178c4454211 ++Ctrl.hexinfo = hexinfo:c95e7b1d4f2570259abfc05bb00730f0284c3bb9a61d07259848a1cb57c81d8a6c3382c500bf801dfc8f70726b082cf4c3fa34386c1e7bf0e5471438 ++Output = 00018fff9574994f5c4457f461c7a67e ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:145c9e9365041f075ebde8ce26aa2149 ++Ctrl.hexinfo = hexinfo:0d39b1c9c34d95b5b521971828c81d9f2dbdbc4af2ddd14f628721117e5c39faa030522b93cc07beb8f142fe36f674942453ec5518ca46c3e6842a73 ++Output = 8a204ce7eab882fae3e2b8317fe431dba16dabb8fe5235525e7b61135e1b3c16 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:6f3f8cbf40d2a694274cfa2eb2f265a3 ++Ctrl.hexinfo = hexinfo:e7b88baa4a2c22b3d78f41d509996c95468c8cb834b035dd5e09e0a455da254b8b5687a1433861751d2dd603f69b2d4ba4ae47776335d37c98b44b4b ++Output = d147f1c78121c583cbcb9d4b0d3767a357bd7232 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:5e534bea459e54c58a6942abfd4df8ab ++Ctrl.hexinfo = hexinfo:e9a5cc15d223aaa74abd122983b2a10512199b9cc87663fd8a62d417cef53770264fc51f683890fe42da2df7be0f60898c5b09d5c4932137b6b1e06e ++Output = 92480eb4860123ceda76f1e6bf2668520bea49ed72bb900ae50725bb8cfcdb733af1a9de71fe1af5 ++ ++ ++# [PRF=CMAC_AES128] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:ca1cf43e5ccd512cc719a2f9de41734c ++Ctrl.hexinfo = hexinfo:e3884ac963196f02ddd09fc04c20c88b60faa775b5ef6feb1faf8c5e098b5210e2b4e45d62cc0bf907fd68022ee7b15631b5c8daf903d99642c5b831 ++Output = 1cb2b12326cc5ec1eba248167f0efd58 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:1bfaf4cd6efd25a132e2a1d41b124465 ++Ctrl.hexinfo = hexinfo:b933cfbb223ea65ed0e8db822f83be64ee21d3b9ca1eb0bc32f9d77f145a3e4ed4e2cc72cb3d93ea44824ab81eefdf71bbdb62067e0eb34a79914e4f ++Output = 75f4d20c558d71646ec062d2ca75369a218cedb7104be3abf27026af003e98f3 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:80168f187848a68b0b82a7ef43b4eedc ++Ctrl.hexinfo = hexinfo:9357281df7665ae5ae961fe5f93a3124416cab3deb11583429c5e529af3fc71094aad560cbc279168fe1c3327787f91a414acfff063832bcd78ed1b5 ++Output = be4517c9e6de96929e655a08f5b6d5bb77364f85 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:26fa0e32e7e08f9b157ebae9f579710f ++Ctrl.hexinfo = hexinfo:ceab805efbe0c50a8aef62e59d95e7a54daa74ed86aa9b1ae8abf68b985b5af4b0ee150e83e6c063b59c7bf813ede9826af149237aed85b415898fa8 ++Output = f1d9138afcc3db6001eb54c4da567a5db3659fc0ed48e664a0408946bcee0742127c17cabf348c7a ++ ++ ++# [PRF=CMAC_AES128] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:c10b152e8c97b77e18704e0f0bd38305 ++Ctrl.hexinfo = hexinfo:98cd4cbbbebe15d17dc86e6dbad800a2dcbd64f7c7ad0e78e9cf94ffdba89d03e97eadf6c4f7b806caf52aa38f09d0eb71d71f497bcc6906b48d36c4 ++Output = 26faf61908ad9ee881b8305c221db53f ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:695f1b1a16c949cea51cdf2554ec9d42 ++Ctrl.hexinfo = hexinfo:4fce5942832a390aa1cbe8a0bf9d202cb799e986c9d6b51f45e4d597a6b57f06a4ebfec6467335d116b7f5f9c5b954062f661820f5db2a5bbb3e0625 ++Output = d34b601ec18c34dfa0f9e0b7523e218bdddb9befe8d08b6c0202d75ace0dba89 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:b523ae21fc36bc58cc46e5a3cda97493 ++Ctrl.hexinfo = hexinfo:8dbe6d4d9b09b2eabd165b6e6e97e3bc782f8335cb1ea04ad0403affd88a5071db5f36ce2e84ab296261730b2226a9189d867991fbd4ff86f43a3cfb ++Output = 530211df01975dd6c08064c34105f88a6007f2b2 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES128 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:b2fcf854b1029888aeb0274ca09bb21a ++Ctrl.hexinfo = hexinfo:a6b84baae7a6ceb1d63ed704757500c510c0a8bdc22d2f42af09f79c815f37f33b67dad0b30f428fc1e2d355f7f91f65acbedd2fdd5b8c38dd890407 ++Output = fe4c2c0242c5a295c008aeb87ae0815171de6173773292347f4f5ec07185c3f860b5667c199aad55 ++ ++ ++# [PRF=CMAC_AES192] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:53d1705caab7b06886e2dbb53eea349aa7419a034e2d92b9 ++Ctrl.hexinfo = hexinfo:b120f7ce30235784664deae3c40723ca0539b4521b9aece43501366cc5df1d9ea163c602702d0974665277c8a7f6a057733d66f928eb7548cf43e374 ++Output = eae32661a323f6d06d0116bb739bd76a ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:d10046bb18c3f363e87f4e57b961b294d4edf2ca91dc3e38 ++Ctrl.hexinfo = hexinfo:2d043069de979bffb1be38a3cef2869dc07d5d3e99bde2e2204f10138081743f423f0c0b1aec0735a25bc61a8e2936dec6a25bb0ae105ab46caf8a2a ++Output = 8991a58882a0488bb5478996f2893989adb66d08d5030ad90f6ce5fdfca7754b ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:bf0abb70098d6c203074f1bce3d7468116cd1e5e8e618f20 ++Ctrl.hexinfo = hexinfo:d9ce030a48668ada6c67a2ac163515ec22383c4b5332e18d06901bacbb63dd649c683cfd4fee2f33346817b23cb4c734060a1c727b0c72c12448f4f9 ++Output = ecd1eef152b5835376f1a4324cd968bcb0cf850a ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:8725918ca07ad8e108473e5ffdf43eb1cf5c44baf0bd1cec ++Ctrl.hexinfo = hexinfo:f4a57b84a881cf282aac5402cfa8fc4ede0db6f8e902d5c0c41c4712077306484e626e3ffc4129d9b43b46cbb6c53d2838a811dc8aedad7253cf94d4 ++Output = 5a795fd0d7661968c478860b526cca40eb8702083fdbff3ff8adfa697e795398ca7106bc950fbb45 ++ ++ ++# [PRF=CMAC_AES192] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:d7e8eefc503a39e70d931f16645958ad06fb789f0cbc518b ++Ctrl.hexinfo = hexinfo:b10ea2d67904a8b3b7ce5eef7d9ee49768e8deb3506ee74a2ad8dd8661146fde74137a8f6dfc69a370945d15335e0d6403fa029da19d34140c7e3da0 ++Output = 95278b8883852f6676c587507b0aa162 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:5e6695d7c3f5b156c7b457c8c2b801ba2ae30c9c8a36ee61 ++Ctrl.hexinfo = hexinfo:1406756f40efb8e29d5455d2da4bf1993b3c3901d67ec90934895f5de7845f573ae8a0dc8a6ad77d80da29e81329440d61d63dda8eaa7851bc7a172d ++Output = 72046d5eed909f6ab25810ead446ace7422fd87e6bd496ff2e84b115b8e0d27e ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:e3b88f40c9974410955820a8f8392701e9c67cc6efd3b0ff ++Ctrl.hexinfo = hexinfo:a520f36b6b60dfce34dc1d1f6b16132efa82566efa49f3140113fbc59e309c40db42962c06123721f122f433fa417ce3319bca9c58b4184fd8c7be8f ++Output = 134b6236a80c257591cc1437ab007b3fa4bd7191 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:51574d47f2f1d202a30252823b52ba7858b729d5ed4c92f7 ++Ctrl.hexinfo = hexinfo:0819c17dd3f9a68493a958c46152d04ba450043908a0016b99cc124d5e75b0d11e7c26f27365609c110eee7f8baa88a7d99fecc690e617150f93bd6c ++Output = c46db4cd822e9841408fba79932d6c748bc7ab17421ed1ad188aed327c2a0d694e380c0cade8b37f ++ ++ ++# [PRF=CMAC_AES192] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:f7c1e0682a12f1f17d23dc8af5c463b8aa28f87ed82fad22 ++Ctrl.hexinfo = hexinfo:890ec4966a8ac3fd635bd264a4c726c87341611c6e282766b7ffe621080d0c00ac9cf8e2784a80166303505f820b2a309e9c3a463d2e3fd4814e3af5 ++Output = a71b0cbe30331fdbb63f8d51249ae50b ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:3eeed1560e17aaffe9f6ca9d81815b89a6879a56ebe4182a ++Ctrl.hexinfo = hexinfo:a643378a557af69ce2c606bc623a04b568a848207534d25bfa22664f9148997a6b4c00f4624b5100b4eb01857240b119876c3a86c1e8b02335475939 ++Output = 8a1dc0f616353bf3ecf5553d7a7651e9ea6d884a32172d3391ad342bfaf60785 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:c984c3f65cdc32e7503678764a9e84292a1f50e335167a36 ++Ctrl.hexinfo = hexinfo:0061cd40f9eef84d6c8b04e0142d70aa50d4690e0a1de8e3ff5f5cea10cd2d28281eb1df90c519b8b51f7aa0d63a313ebbf80538b54dd11a66115be6 ++Output = afe93ae91930261344e30ef9e1718e76f74225d9 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:993305e59f34a94f62931fd7662bb5b73c77d8d4bc6a33ba ++Ctrl.hexinfo = hexinfo:fcceb2d7ac6a68717c2490ec95bebea484c4930d156683c43164dc53bff0bafcbfb31e920109927ef08e12f66f258b6f8ba284908faee7d3376e1bac ++Output = 40e358cfdeee0286d152fcb4626ff22e67eea3b65d8750a273001b67645804cbf613832201b0a9ba ++ ++ ++# [PRF=CMAC_AES192] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:f4267280cb8667c2cf82bb37f389da6391f58cc74deba0cc ++Ctrl.hexinfo = hexinfo:34abbc9f7b12622309a827de5abfdd51fb5bb824838fcde88ca7bc5f3953abdcb445147f13e809e294f75e6d4e3f13b66e47f2dfc881ed392e3a1bf6 ++Output = 2d1b4b5694b6741b2ed9c02c05474225 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:dc866a038c4f78f22d46caca65892bcdb15c1eb49b275827 ++Ctrl.hexinfo = hexinfo:b4a123bad4890c7a791f5e192bd8b6e9c8c3620329f99249f11e1eb517a5b27b9e5b047a6591b45f6fff53e6d04b32d82e052af2eb8519bd21c10f93 ++Output = 731a2e23ab2e58551490254041ee8fabd9c5a1918d76307f1048535be0763b20 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:dd5e0f1a30b0b722b00626ee663df29601af58082708e18c ++Ctrl.hexinfo = hexinfo:b7c6eb48c80b071080fd07a827d0bfdc781599862084f7ffd968a4cbff0be9a6adef5ea206aa8af4d8a85705953e33cd7c4cbb69969c73698f54c6b8 ++Output = 84e1ca286776cda0784c4fc48b054384ca565d17 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES192 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:d64c598436507f4d05d7ebe780092996f281901dc9c8612f ++Ctrl.hexinfo = hexinfo:0ea737cfca2560856917f3a2ff5e2175930d0719bba85a9c8d8cb311a0a1b8caf8ffe03e9a86ab17046670011c9fec5c5cd697d9cd931f615cdfe649 ++Output = 3c26968bd3997c653f79bb725c36d784b590d18a64678cf312abe8a57b2891c27282e37b6a49cd73 ++ ++ ++# [PRF=CMAC_AES256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:aeb7201d055f754212b3e497bd0b25789a49e51da9f363df414a0f80e6f4e42c ++Ctrl.hexinfo = hexinfo:11ec30761780d4c44acb1f26ca1eb770f87c0e74505e15b7e456b019ce0c38103c4d14afa1de71d340db51410596627512cf199fffa20ef8c5f4841e ++Output = 2a9e2fe078bd4f5d3076d14d46f39fb2 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:5402c978955128558789bee7b571465174a60582a7640037387f99ac16683173 ++Ctrl.hexinfo = hexinfo:5c7eb447481c2884a5398449eaecbb8b55f1f1981ba0fd187818d8b3581b430c3da52ab83d444e003625ff36fcbd160c67b18d85b6c9d00da1a15d15 ++Output = f22a4686abe599c2194d21fc9071ffceb023dd9b24c13f05a3d44cfc77fec44a ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:cac968a8ffd81c73948bdfb48bf8a29c1378517d3be294df9a8a80724075bdbd ++Ctrl.hexinfo = hexinfo:08817bcd560edf810aa004194c817e455fb66bbc3b84fef1d66df2d1cebb3403c24231fa822f130c5d8fe886217122dcab15cb725197bbcbeb8010f5 ++Output = 651c43e113b32026b204119af394301f0cb9831c ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:9debd1762a9643e967dbc174f2040e177b8053afb0829189a81fed94f8c365ee ++Ctrl.hexinfo = hexinfo:6c4e1e3fdd7f5c97d58bcdda792642cbd271d6968f6a8e368013d88763d0b306c832b7ab46b84d099596972d12220a4e9c81f82d6f5003d18b93c595 ++Output = 2518a44ea347e924b03a7b4c966ec4e4bd76c1456d09096be9387638c2737faeebba4e2b921b19db ++ ++ ++# [PRF=CMAC_AES256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:4df60800bf8e2f6055c5ad6be43ee3deb54e2a445bc88a576e111b9f7f66756f ++Ctrl.hexinfo = hexinfo:962adcaf12764c87dad298dbd9ae234b1ff37fed24baee0649562d466a80c0dcf0a65f04fe5b477fd00db6767199fa4d1b26c68158c8e656e740ab4d ++Output = eca99d4894cdda31fe355b82059a845c ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:4c30b96d9beff5cc3c37527694eeec8207fae2c13ef295556919a7a46e5b90c1 ++Ctrl.hexinfo = hexinfo:86e1ad34bd7a998281a822129a23102f799812864cf5349f3f21cec7729f83ad8c8aa6517fafcc9521cde887686629048159ed3f15c01408984f547e ++Output = 815fe232e0e89f7eeaa87c3ba5007694a43c1577657ccb3018076c5a5c035d95 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:e508ce78aca2cc50c80a6cbdb2b178f8ee5e315dad71ddfa700eb6cf503239b3 ++Ctrl.hexinfo = hexinfo:28c47ddd23d349e3b30bf97975c5fa591f2158e001dae3faa154d93c615c89fc7449c901a2585e618f68a0b2cbd3f35f53424d5ea015cbf7e8e09f68 ++Output = 6bc69b4c11aa7c04ac3c03baa44daeac4a047992 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:ee0a0f88b3b441826264de7a31b890a66edf7c2a28d0286eab285846b586fb8e ++Ctrl.hexinfo = hexinfo:1ea9771ab763056260d885073e80e835e20e5d7ca9659fdf5dd3b7f2ae6286608f8bc7a6728e41346c55544942b1bf06642fb6a6738fb5b7f0128f9c ++Output = 5484f170b6602b505e9e6ccffccf2262b55c3554728244bba94daff0adbc619400b33f38013a2293 ++ ++ ++# [PRF=CMAC_AES256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:1612a40daa7fce6c6788b3b71311188ffb850613fd81d0e87a891831348e2f28 ++Ctrl.hexinfo = hexinfo:1696438fcdf9a85284759b2604b64d7ea76199514709e711ecde5a505b5f27ae38d154aba14322481ddc9fd9169364b991460a0c9a05c7fcb2d099c9 ++Output = d101f4f2b5e239bae881cb488995bd52 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:77b50e24b859725d1cab531c885a6e60e7d5b0432f37408185ae688dffa5f6a5 ++Ctrl.hexinfo = hexinfo:0b2c907499cddaa1fcfb02002ab8b9756c5f1f9fea482d79b8a6aa9fa2fb48e69df94dca4cb6f2e90a462678279ddaacc482fdd76581996b43974a22 ++Output = c2a02b3743d506cdc1a41d4c2ae4c67610c5d607df0c26cbf7f4fe2198cb35f1 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:18a5c3e669967b42e9a29bad8fe86699f2b5d496ff767cd3171d1c7195ecef59 ++Ctrl.hexinfo = hexinfo:33231c50326592c25ec3eee2c61a3ad4c8a23c098dd83eafe5db411d0948eb122bb6eb7a1d04d2dbcd0b98d0b70b7ff305bb3ef6ac9d4e8e3f7ecd4f ++Output = e80afb5cd274cb5fa4952aa95177ae83337f4c8f ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:0b589e556b7583f0fa9144868603b59262f457dee1e887ffc0e39968218959b9 ++Ctrl.hexinfo = hexinfo:1b95b940e0b950a58f09ea09941b80852cb29838940bb146dc3db0ddcd87f72ee28813c09fcef773e95438c0ed3dbcf29e78de0c78377561c5869d5f ++Output = 260aef65eefd58816fe1a77120d047548b00c475c25178a2a33d4c801d49e8a0fb830513d0b3ff17 ++ ++ ++# [PRF=CMAC_AES256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:d0b1b3b70b2393c48ca05159e7e28cbeadea93f28a7cdae964e5136070c45d5c ++Ctrl.hexinfo = hexinfo:dd2f151a3f173492a6fbbb602189d51ddf8ef79fc8e96b8fcbe6dabe73a35b48104f9dff2d63d48786d2b3af177091d646a9efae005bdfacb61a1214 ++Output = 8c449fb474d1c1d4d2a33827103b656a ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:d54b6fd94f7cf98fd955517f937e9927f9536caebe148fba1818c1ba46bba3a4 ++Ctrl.hexinfo = hexinfo:94c4a0c69526196c1377cebf0a2ae0fb4b57797c61bea8eeb0518ca08652d14a5e1bd1b116b1794ac8a476acbdbbcd4f6142d7b8515bad09ec72f7af ++Output = 2e1efed4aef3fdd324e098c0a07c0d97f8fd2c748a996ce29861ca042474daea ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:99f212241a343c1c8c2104ca6d28062413d985c21e6bba27fde0c622e2e4e6b7 ++Ctrl.hexinfo = hexinfo:af8dc1cb7d1f82ca834628c20f0fc81920eb3ff3f75d3f4e3000593e9c15872479711d99d1b7be794f58d80a31bb112219dc16e6354111ab1161e21d ++Output = 7f778c625bf0d083169a51584f6683f24af7c35e ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.cipher = cipher:AES256 ++Ctrl.mac = mac:CMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:dabde95d751ff1c132bd49f80f4ee347bf39218cf8bfec61bc3ad865d9aa1182 ++Ctrl.hexinfo = hexinfo:55da554307ed756764d4e97febb77ce85391b53225ee09417ad57def48ead090e3d1e7c2ed04f02462a6324ea0163b18f86201c69db27fd50b4c42c5 ++Output = 5cc29221cfa6f3a4ded7afeef5a59c05bac787fc5e98a35ee0c96ba582b05c42f758966566084f69 ++ ++ ++# [PRF=HMAC_SHA1] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:00a39bd547fb88b2d98727cf64c195c61e1cad6c ++Ctrl.hexinfo = hexinfo:98132c1ffaf59ae5cbc0a3133d84c551bb97e0c75ecaddfc30056f6876f59803009bffc7d75c4ed46f40b8f80426750d15bc1ddb14ac5dcb69a68242 ++Output = 0611e1903609b47ad7a5fc2c82e47702 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:1ee222f5cdd60b0ae956eeeaa838c51bd767672c ++Ctrl.hexinfo = hexinfo:4b10500ba5c9391da83d2ef78d01bcdccda32ff6f242960323324474b9d0685d99dc9143ac6d667a5b46dcc89784b3a4af7a7684b01efee41b144f48 ++Output = 806e342013853083a3f7294c63a9ec9a6dba75b256c62fac1e480ef26276cd4b ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:0e71d9e9c9e951978ada75c831d627dd5d3b4c59 ++Ctrl.hexinfo = hexinfo:08b6f69698e8eb6c8c63953abd3538531d722cc4e9ca7ffcb68abba4dd4b027b3787efa107902ace8abb54549bede4ffdadabec3f282865b2166d46e ++Output = 86137b96ec15b7954fdc5df8d371ee2d8016e97a ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:f0e5ad280b3465e719afdf86377bbcda59f5c59b ++Ctrl.hexinfo = hexinfo:231b6d83f0194499f27848108fd1fcdcf9520e67522cf54486fb919a839532d165019388242ce373a89ce644d7818e7415f5730a0b743595ab19add4 ++Output = 9a9ddd19818bb085d24e48ee99d6e628235a422fb2ae383282b7bbbf0e5f5edf42d7237b8ed6aa1d ++ ++ ++# [PRF=HMAC_SHA1] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:a510fe5ad1640d345a6dbba65d629c2a2fedd1ae ++Ctrl.hexinfo = hexinfo:9953de43418a85aa8db2278a1e380e83fb1e47744d902e8f0d1b3053f185bbcc734d12f219576e75477d7f7b799b7afed1a4847730be8fd2ef3f342e ++Output = c00707a18c57acdb84f17ef05a322da2 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:abec6c894ae9df32e5afdf5d06a0434e8940ca71 ++Ctrl.hexinfo = hexinfo:9a6574a0ea1123ab9580906f8a2c4a0ecba9a8a84079c37a6e283ad4d4e957c3d16db66ae4be99e688b221c359a8dd2505868beb6a49fd7ce6c35df4 ++Output = 5b37675aec199c7d08435ef6321cf6235c12453a4530072d4a73ba0ad34634a5 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:df4e835a2f201a3d0f840eab38a18adf72adf9eb ++Ctrl.hexinfo = hexinfo:84c6ca541d24a8b419037b9657ee4e0d5ef96d8b198355940a30b09bf8784e81d3b93558de21c46f04aec4afd610c3b230d17473c80b47b5004955e7 ++Output = 1202915544844b1f913caab512c582735bf76fed ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:cbe1d2895640dcd1545e60e04ce9d995707ec539 ++Ctrl.hexinfo = hexinfo:c80d735ec5fd0bf811a4a71c55e99373f83f4111194ec24a8e9fe24ef03f56ed15b4e135e02488d96dba8c0d60c26592df55a492691cf3b7eced40d1 ++Output = 1fd5a183be95c2d909deed31d686417d5c08bb88e6f75b150df330c8e7703bb8ccdffacb3e9ee3ff ++ ++ ++# [PRF=HMAC_SHA1] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:928c170199473291bf719a1985a13673afb8f298 ++Ctrl.hexinfo = hexinfo:f54388503cde2bf544db4c9510ff7a2759ba9b4e66da3baf41c90ce796d5ea7045bc27424afb03e137abfafe95158954c832090abdba02d86bab569d ++Output = 8c01160c72c925178d616a5c953df0a7 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:df7ecebec20e14be6db5d46af2769fe4e4ed689c ++Ctrl.hexinfo = hexinfo:308ec6953d4945f075d37932d5dd335c7de0d2e7899a8321724a50b52240191fcdf991520c47a25b04ce6eecc835e4265b623c68d687afc615f74ae5 ++Output = c2129eeb33ee6783b6b187e5ae884f8f5bd78ca224e5e01c04a68ecef376ea38 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:2539c58bba8ae61be8b867b767ad698eb1f52a0b ++Ctrl.hexinfo = hexinfo:9f6de21c93176f8814e9290a40149f749f946d376eb65f888eddcc4a24a58dbdbb3222fb53487e0abb08efff6d6a43511b18c40f489abe4013647273 ++Output = 20bc5ab8c27dd3f6f6fa5485f2eed8bd8b8b3d35 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:66002f224106971edc62a7c6957931b2097aabc3 ++Ctrl.hexinfo = hexinfo:f5fe599fac3bac5b10a4296b0783e2fc78cb498347ff3f74e2d9d230dfb6653e1a274e7bc37f0319eac2b0b48533b7be9d3633eed32101837ee460ff ++Output = c195b9139fee020eda70b8a161aef28474977412c0612afafe23b16b1594871548b5889b38e0cf2a ++ ++ ++# [PRF=HMAC_SHA1] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:f7591733c856593565130975351954d0155abf3c ++Ctrl.hexinfo = hexinfo:8e347ef55d5f5e99eab6de706b51de7ce004f3882889e259ff4e5cff102167a5a4bd711578d4ce17dd9abe56e51c1f2df950e2fc812ec1b217ca08d6 ++Output = 34fe44b0d8c41b93f5fa64fb96f00e5b ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:c1efb8d25affc61ed060d994fcd5017c2adfc388 ++Ctrl.hexinfo = hexinfo:b92fc055057fec71b9c53e7c44872423a57ed186d6ba66d980fecd1253bf71479320b7bf38d505ef79ca4d62d78ca662642cdcedb99503ea04c1dbe8 ++Output = 8db784cf90b573b06f9b7c7dca63a1ea16d93ee7d70ff9d87fa2558e83dc4eaa ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:e02ba5d5c410e855bbd13f840124273e6b864237 ++Ctrl.hexinfo = hexinfo:b14e227b4438f973d671141c6246acdc794eee91bc7efd1d5ff02a7b8fb044009fb6f1f0f64f35365fb1098e1995a34f8b70a71ed0265ed17ae7ae40 ++Output = f077c2d5d36a658031c74ef5a66aa48b4456530a ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA1 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:693adb9037184627ad300f176985bd379f388a95 ++Ctrl.hexinfo = hexinfo:7f09570c2d9304ec743ab845a8761c126c18f5cf72358eada2b5d1deb43dc6a0f4ff8f933bef7af0bcfacb33fa07f8ca04a06afe231835d5075996be ++Output = 52f55f51010e9bd78e4f58cab274ecafa561bd4e0f20da84f0303a1e5ff9bebc514361ec6df5c77e ++ ++ ++# [PRF=HMAC_SHA224] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:7e2f7a5ab3e82ef927a005308456823da473787bf33d18a864aca63f ++Ctrl.hexinfo = hexinfo:b35695a6e23a765105b87756468d442a53a60cd4225186dc94221c06c5d6f1e98462135656ebca90468a939f29112b811413567d498df9867914d94c ++Output = 10ba5c6ea609da8fa8abe8be552c97a1 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:667f72fc660e32943de386af9670c78e975c838cae91dca97f4f8508 ++Ctrl.hexinfo = hexinfo:e713e8c38e92c8ba0f0791cc4a0d00c98d8dda8f3137a775104e7aa65b5f04fed12ee78a88262b2931717b7ac5624162fd5f0307f4faef038dcc210c ++Output = 835b343242a489249eec3cd56384ea2a5b295e29a4430fec2aae0c8b9fa36d20 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:3344fb80fd655b16f08c78150516cbbc009fbdf1b510905f9113d275 ++Ctrl.hexinfo = hexinfo:dc2aa42084d645baeb822c0c1d9b8e200737e9a2c7dcd922d8f056d6c02552295d95a488758919724207eebb4c21887f71b51a2a7ce98827cf7af4bb ++Output = e281d09a31c57d053f0c2f902792c8bbb9a0f443 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:eb9386450d7b2da5492da5b139cf4b0b951a5b0c7d40c22ae2c20677 ++Ctrl.hexinfo = hexinfo:bd8b73969e3e2d7a943b937c3bffe3a9199d1cf27e289bb10c3b88696a5ae36b3b868b4fc6a20ca93dd0b328f3351f71ce656bb558fa33c74741398d ++Output = bc902dfba79fb4084339b6666c7f72b9f47675229dc24ec61068bb05082717eead35647ff147d7de ++ ++ ++# [PRF=HMAC_SHA224] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:093b2ce84c6175d1723fbe94b9ee963b6251d018fcf8c05c2e3e9b0b ++Ctrl.hexinfo = hexinfo:083e114aca1f97166551b03f27b135c0c802294aa4845a46170b26ec0549cb59c70a85557a3fc3a37d23eed6947d50f10c15baf5c52a7b918ca80bf5 ++Output = 94ced61c3665616d4a368f83a7283648 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:ffb5c9d920522477cb2ecf16ae1e075587b7598348e019df85ca3d43 ++Ctrl.hexinfo = hexinfo:252743519ab4e03f8bb0ed137e2d315aac5010b951645c7626c6f5a77c4a6c4e0b0b4030abf937141f7142bcd702678b15d2d4e8850e0570ec782c79 ++Output = 3d1813da0322201ed45ac2aaf3542843913bb32fd832a33a5dc94bad964bfe56 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:7f0ea811340cddbbf261d0260b0c98dec790133cffd2b04b8f8be2b1 ++Ctrl.hexinfo = hexinfo:0a744543acddf7d8c0a205372a0450e32631a33bb89ad2e3bb2d9766c248ab755fec152a6da866ef50baeab607d88e5177042056970013aa18f9fb1e ++Output = e55120e7848cf61254159e79c2ac47a9a906a73c ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:6e237178c4884e13470b6b4848b40389d9856311735da4eefa2f6f38 ++Ctrl.hexinfo = hexinfo:9cd9f9ad88471668f3b25515851fff63d3a886b8c6cf371eae159bab58f997b83eda5815567a142c4264978d8f24d24fe2d513c0eeaff983b86fdbd8 ++Output = 1e6638ea717338cfeb7dea373785c3c763bd5e509358e4940e9a4e4fd0a3e0347973858bc20243b8 ++ ++ ++# [PRF=HMAC_SHA224] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:f09e65e8de7500847b43bd95e6c3506e01aadd484e9699b027897542 ++Ctrl.hexinfo = hexinfo:c20f6188517b2ca10086b9f7f8d6f2d38d66f24193c037008d035f361c6bd74db26aef588a87aa8a1c3cdad2ba0207f7e7b39def0df797c4cb3bf614 ++Output = 73d30c2af54744eb1efb70429f8e303a ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:6079eafeba179a915e194b14e12ffee1e2bad56a62077897a4654e4b ++Ctrl.hexinfo = hexinfo:87686603814d619107aabfab85b4c4fe38ae1a5c2a4d78df12119871b8a4f85d583e7d842ee15e7fe03f61dd02b10784838ed163dc67cca43586d628 ++Output = d888a21e1a698654fa46288509ae7a28dc7b05e6fc696a909451c2437097056b ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:2efe2905a1b7e1993da0316f2a747be1e91415ca1e6ad14d04341fee ++Ctrl.hexinfo = hexinfo:4d283c0f6d209379facd8a26aa889780863cf6a81893dc3bd2c928a7f8d922ced9c829bf627d2c556441d0d41a1eb00c0deea78349429de56a275f04 ++Output = ec162b6ff6413f5eae9336fd489fab538d042db8 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:0b15638489d3ac7729a7db82797754e7a7c8d52da0cf3638a27a1a9c ++Ctrl.hexinfo = hexinfo:90988848764dacc6eeba817e0b74086b1233bca9d573717b8e3dd3bd23a532aac7db8b196e4c4702f54cc71bb8882dc776b0317457803a632b429776 ++Output = 481293e1e621ad8bab5c9f5090594bb2507a1456ee8ffc30db159cb5b02d69110c3e5270880bf4a7 ++ ++ ++# [PRF=HMAC_SHA224] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:f5cb7cc6207f5920dd60155ddb68c3fbbdf5104365305d2c1abcd311 ++Ctrl.hexinfo = hexinfo:4e5ac7539803da89581ee088c7d10235a10536360054b72b8e9f18f77c25af01019b290656b60428024ce01fccf49022d831941407e6bd27ff9e2d28 ++Output = 0adbaab43edd532b560a322c84ac540e ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:992815121d88ffb26c337606723c02ef317713086e2cfbbd37e1a167 ++Ctrl.hexinfo = hexinfo:152d974eb2719b9027d32054a327312361125959df9d96a1832e2056c2571d4f1cf45f6e8f6544c87f15861cef627d2f16e9b0b4ab799bb3362f4aae ++Output = 475eda3a32d569932e043db64dbf0e9bb0945b54dcdfa203be1a28524c147075 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:2eabb6b922c24326ef9ae3c192dfd341caf57efe15dd649772a2ac3b ++Ctrl.hexinfo = hexinfo:c75f6f5a1561aab39ea0e22702a6cf7dba3ca4dd9f046bb0abea2d3284168fd9fb39ff725523a660d21f8c2ade03d18d4273c52fb6f22c9e39d6bc2e ++Output = ae50acebe308a1cf1747b9b178a0720748fa5fe5 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA224 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:9b75e7fa216c884037c7d6953092ed335c4efd88ca57a742d6ac3221 ++Ctrl.hexinfo = hexinfo:12bea97865df99315259ff620302432ecafc9dce2619e87dfb4979410456a524434315dd3920e2b1aa1c79d5e07132a758a7b7b71ef10bcf1bb877f3 ++Output = 60071bd0ceea0fe0f879223b940d3de7dde02ca6858f8450fb9c0032e49f968ef9cd9b5703163dbc ++ ++ ++# [PRF=HMAC_SHA256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:3edc6b5b8f7aadbd713732b482b8f979286e1ea3b8f8f99c30c884cfe3349b83 ++Ctrl.hexinfo = hexinfo:98e9988bb4cc8b34d7922e1c68ad692ba2a1d9ae15149571675f17a77ad49e80c8d2a85e831a26445b1f0ff44d7084a17206b4896c8112daad18605a ++Output = 6c037652990674a07844732d0ad985f9 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:f109513435d72f14863660dfc027118e47e13995ad44a02415c9c8f63d38675c ++Ctrl.hexinfo = hexinfo:53696208d6f42909136a575010e135e142e31f631d72386a631cc704e5ad4049a889422cd6da7f1805e59a273c6f4fa986bc3082952fca658979f1b0 ++Output = 1aaf080fd51b37585ea464a9c617bc3ab859cc78cbe1f2d5d557148ee36821a0 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:6ed1b41a1fc2ca8c7e09d5bccc410661683ec29d41a0fd01dd820a2e824ff672 ++Ctrl.hexinfo = hexinfo:f6dc72adbd8ad4ea91259b61237a042a02546f37d58d933d3efadc54a5e1936a8faf70c33e707c473125bd5006b7dfa6883c04bf27cf53010e1d10bc ++Output = 4090ee711fa361f03267a6ff2a5ace977c8c1db5 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:63a657fb6c5bacb9a124d3e7db8bbb7d42bfdfaf8f04cb6359cd888c70669652 ++Ctrl.hexinfo = hexinfo:2697b6ec112cab4d6f1714c991c17d44fb36a0b6ef0b0f5451619ab248950f56f403215c78711aa563683ced05be7246f32574fa294f162dbbeb3dee ++Output = 1992e75756fa64734d5caecc5f6420fcb28b8b90421eee97dc8b6140ce18518405688bea489d2aaa ++ ++ ++# [PRF=HMAC_SHA256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:743434c930fe923c350ec202bef28b768cd6062cf233324e21a86c31f9406583 ++Ctrl.hexinfo = hexinfo:9bdb8a454bd55ab30ced3fd420fde6d946252c875bfe986ed34927c7f7f0b106dab9cc85b4c702804965eb24c37ad883a8f695587a7b6094d3335bbc ++Output = 19c8a56db1d2a9afb793dc96fbde4c31 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:365592398d23d31f2cac8bf6211f1ad5f52608efcdc5997b144ea6ded3866cf6 ++Ctrl.hexinfo = hexinfo:07dce524556d3f68d2d91d4c15c9c6212635e0df1aef54938490db46f98737064d6a5624d7f938c263af01e632c45d9fe7a871b67f7d4bf110796eb4 ++Output = 5624c6911dc1b08e090c8c95347adf17895b696aae211932cde3ec8227fcbea8 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:c104e187e344668997b7bd9c8cdf097320518dd7dbcb541c414418b55b58cbb2 ++Ctrl.hexinfo = hexinfo:32f6bd59840c61909f2f92f98f54bd238083577e33c3d071c1abe4c694bd87c1ad235eb9a2d272b3dc67c955574d5e6cad84615120476d6e7e04f51f ++Output = 1b5d9e60aa909aeb973e76d9bf6be208327bb096 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:d4349c26108719debacc04e166a09063ffb5e17bcbaf8738dc2618aa7d1e97ae ++Ctrl.hexinfo = hexinfo:da1f5ed45ead428689b0ecca9dbc2569e76953cda0df085499cca6d5949d8995e1e42bbdc94b0dd78c164867c364a64c894de85294ad89d267ff443d ++Output = 00550ae0f29a2373269af175e7f829ec32c3d05099a39f8c0e02caa00b68afb7457669334383ffb2 ++ ++ ++# [PRF=HMAC_SHA256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:388e93e0273e62f086f52f6f5369d9e4626d143dce3b6afc7caf2c6e7344276b ++Ctrl.hexinfo = hexinfo:697bb34b3fbe6853864cac3e1bc6c8c44a4335565479403d949fcbb5e2c1795f9a3849df743389d1a99fe75ef566e6227c591104122a6477dd8e8c8e ++Output = d697442b3dd51f96cae949586357b9a6 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:f5207566ad012002ae6f2b501f0c24180228345889c20616d043b868a76d015a ++Ctrl.hexinfo = hexinfo:f36dbc8d1dfda60d4ba05214f8773aaa9f01944150bca68812d0d8deb5492f3f68f09809ba5e8b89e9dca86c70f6f353b3d5f49ef27e2fd01cfa911d ++Output = 0faed440796a0685a24a1c5e1cacde566c7a1a4189885229251c6308a53c3f6e ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:e2758918edcf15d957a556055602d283dbdf9c95b6025a3cddf1eeac1e0ac889 ++Ctrl.hexinfo = hexinfo:eda2f792580d6129b43e7b89c661786a29ab502ec6198f4a2bec6d0ffca1a75b8807d4313e7bf769a94fbf4b41c4cc309358a211105312c05818d8f3 ++Output = 67e3273b2cfa4c663377f5841606679aee420dce ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:c9063598d6cf8660300073b5c25603baf3ade910c182deea15d8107d6f6be295 ++Ctrl.hexinfo = hexinfo:22d27eec90c2dd4ae5cf4a705abecfd781b9051ba512b048ea9499364b791e9cdf63215db43680dacffe6f19d77fc93f8a46d84dd52146389d9ec308 ++Output = f3a5b521b435a8c83eaf2d264b5b1a6dcc32c21b4897511203f97f01f2a691eef080b4cd7ca4fc38 ++ ++ ++# [PRF=HMAC_SHA256] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:dd1d91b7d90b2bd3138533ce92b272fbf8a369316aefe242e659cc0ae238afe0 ++Ctrl.hexinfo = hexinfo:01322b96b30acd197979444e468e1c5c6859bf1b1cf951b7e725303e237e46b864a145fab25e517b08f8683d0315bb2911d80a0e8aba17f3b413faac ++Output = 10621342bfb0fd40046c0e29f2cfdbf0 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:e204d6d466aad507ffaf6d6dab0a5b26152c9e21e764370464e360c8fbc765c6 ++Ctrl.hexinfo = hexinfo:7b03b98d9f94b899e591f3ef264b71b193fba7043c7e953cde23bc5384bc1a6293580115fae3495fd845dadbd02bd6455cf48d0f62b33e62364a3a80 ++Output = 770dfab6a6a4a4bee0257ff335213f78d8287b4fd537d5c1fffa956910e7c779 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:dc60338d884eecb72975c603c27b360605011756c697c4fc388f5176ef81efb1 ++Ctrl.hexinfo = hexinfo:44d7aa08feba26093c14979c122c2437c3117b63b78841cd10a4bc5ed55c56586ad8986d55307dca1d198edcffbc516a8fbe6152aa428cdd800c062d ++Output = 29ac07dccf1f28d506cd623e6e3fc2fa255bd60b ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA256 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:c4bedbddb66493e7c7259a3bbbc25f8c7e0ca7fe284d92d431d9cd99a0d214ac ++Ctrl.hexinfo = hexinfo:1c69c54766791e315c2cc5c47ecd3ffab87d0d273dd920e70955814c220eacace6a5946542da3dfe24ff626b4897898cafb7db83bdff3c14fa46fd4b ++Output = 1da47638d6c9c4d04d74d4640bbd42ab814d9e8cc22f4326695239f96b0693f12d0dd1152cf44430 ++ ++ ++# [PRF=HMAC_SHA384] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:0be1999848a7a14a555649048fcadf2f644304d163190dc9b23a21b80e3c8c373515d6267d9c5cfd31b560ffd6a2cd5c ++Ctrl.hexinfo = hexinfo:11340cfbdb40f20f84cac4b8455bdd76c730adcecd0484af9011bacd46e22ff2d87755dfb4d5ba7217c37cb83259bdbe0983cc716adc2e6c826ed53c ++Output = c2ea7454de25afb27065f4676a392385 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:218f47301a3adf39a4e1ddc25a1df2b7db53d7780c207f47ab4cefcaa960ed82cb6cbc34b97b4c332d52ca81cc40cb9a ++Ctrl.hexinfo = hexinfo:60dcb116d7cfd3cca7315c9dc7e9650f886b67d9fbcd98c226239a0f66eff075da23c6cb750a2129ae71b9582934f57423a815249cac2c61f958b35d ++Output = 26b01d94c4dd51a9c8b54f78647257f9e937a8d67dffa78f85749cdfb22db620 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:426c4facbacecb654555bc9843f9864a53e14c9a5e19600abf57b03cf8b6f825f71191eaaf3cfd70961314acbf1e6e29 ++Ctrl.hexinfo = hexinfo:d224dc52dd16bde3391fab24fa875b695d63215e182efa970537904f4cd1d7f929f87c17fa97bd490f10cfc3bb80353ea4a4bb403f79e18677c39d29 ++Output = 431c73810e9fe4f4982202f55eb5f0212f302142 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:522a72c006a6b77911915c78952dd61848725a4b0789b2cfce3b29d947d9faa145417740c0365bd81a860a600012543b ++Ctrl.hexinfo = hexinfo:4a3cd102c4b95fe193660c4c174f02c725207449b785edb8fa8c4404f01a25bef3238637d3bae370758332c678deb578322e031ec3970876600196d2 ++Output = 2f5d52226949aecfe6359561a5fdd87a843457019e24faacacedd34177cda6cba18cc78cc8c78cef ++ ++ ++# [PRF=HMAC_SHA384] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:26ef897e4b617b597f766ec8d8ccf44c543e790a7d218f029dcb4a3695ae2caccce9d3e935f6741581f2f53e49cd46f8 ++Ctrl.hexinfo = hexinfo:bc2c728f9dc6db426dd4e85fdb493826a31fec0607644209f9bf2264b6401b5db3004c1a76aa08d93f08d3d9e2ba434b682e480004fb0d9271a8e8cd ++Output = a43d31f07f0ee484455ae11805803f60 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:269cce234dd4783067ceaa04a70deb1c9700acf705548495767c22f78493851ca9c699077a002874caacb760106016c6 ++Ctrl.hexinfo = hexinfo:f64bfb4bdaac81b5801d2f9f08bc2e4d009990b67290fd49b3730c3a145696447aceae6a82f7508a19c396a548c9c33d943dab82b2538c18b8eee871 ++Output = ab4182261c5d9c0d23a26477f14a507dd7f5e9550d04f48de29e644ed55f3406 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:ec71de96c9520386f9d11bebe474bae0c0549e2b2e8fda6b2336050ee3acbec38bc57d56e6422d3cd493ead69772a059 ++Ctrl.hexinfo = hexinfo:4313d1efba21dded84ce12bf80b1be54400619d3bb1987f18bf85400e335103969e77c819a5360cf1dd3f4addb6b8eec0199508c75adfe2cfc067dc8 ++Output = 8e37ecc86dcb5ee7cf48d8a07f06c47cdce624cc ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:afe2d3a4746792908aca8ece67ba8562382000b4e26122414b3ef2e120511bae68448955cf186be87caf69eaced47e87 ++Ctrl.hexinfo = hexinfo:1f6dd0b17fed7f479c4f62927291a95292a4e232441c30ffcaa1d347543e50db939360bb37976eacb911f76c38ad8cce12a0c263875bbcd7f6011ffd ++Output = 17b671ca433cea81384b03b69c26a55257085cdfa48e6d8529431464bd439a881de560294afb0073 ++ ++ ++# [PRF=HMAC_SHA384] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:4fab4f1e3512b5f443ec31d2f6425d5f0fc13a5f82c83f72788a48a1bd499495ff18fb7acc0d4c1666c99db12e28f725 ++Ctrl.hexinfo = hexinfo:f0f010f99fbd8ec1bd0f23cd12bb41b2b8acb8713bb031f927e439f616e6ae27aed3f5582f8206893deea1204df125cedce35ce2b01b32bcefb388fd ++Output = c3c263b5aa6d0cfe5304a7c9d21a44ba ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:af3cd100d14dcb5e63f8915eced4b59477936c48e0e2b9232449a97d53d3eddf9e00bf44a8f2370c38a13434c13e0977 ++Ctrl.hexinfo = hexinfo:81f178f11615309844af84e163ff694f1936f7528aba6f0e60d41b4afac87e9dd48fbb5aebe534733f576950484aab15b386b468a055a1e0be8982c0 ++Output = 0b52be4ebd8b2116df895a42317ac78808993673c99da6391f0eee13cc8470fa ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:fc3ba84439d8b7ead37ac6c825e088fc80152788bbc9c68569213dd6189d5fd552c37ab73b3d53ee9809a485194fb3cd ++Ctrl.hexinfo = hexinfo:df5728d5d146898b68d8713aa8053d03db52b7227d502d3effcd51a22d52ecd9175a4b01d2f27ecfc8abf02c1dd80f5c90a5e01396c1107dddb02226 ++Output = 87ff36ca26778fcaf4f9209d38095c55c40f5e22 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:08d867a61b13cd8c79d3a1cbec3493925ece900e06993063bc0dfe0247cd059ba50a5fb6afc65ac469793817a1f2dfee ++Ctrl.hexinfo = hexinfo:af0c83a659267869bd7cde387bf1c29c9c0ff3c6cabf512c73fd671748e4e9e49218de9350fc0dde27839eb1e2878f900689abeb7b540c70203e5a95 ++Output = 3fef69d875b9b6047c33f295619f6e7c7125c875d55409500100f71bee6551d511327fbde607ac41 ++ ++ ++# [PRF=HMAC_SHA384] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:216ed044769c4c3908188ece61601af8819c30f501d12995df608e06f5e0e607ab54f542ee2da41906dfdb4971f20f9d ++Ctrl.hexinfo = hexinfo:638e9506a2c7be69ea346b84629a010c0e225b7548f508162c89f29c1ddbfd70472c2b58e7dc8aa6a5b06602f1c8ed4948cda79c62708218e26ac0e2 ++Output = d4b144bb40c7cabed13963d7d4318e72 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:8fca201473433f2dc8f6ae51e48de1a5654ce687e711d2d65f0dc5da6fee9a6a3db9d8535d3e4455ab53d35850c88272 ++Ctrl.hexinfo = hexinfo:195bd88aa2d4211912334fe2fd9bd24522f7d9fb08e04747609bc34f2538089a9d28bbc70b2e1336c3643753cec6e5cd3f246caa915e3c3a6b94d3b6 ++Output = f51ac86b0f462388d189ed0197ef99c2ff3a65816d8442e5ea304397b98dd11f ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:bc3157b8932e88d1b1cf8e4622137010a242d3527b1d23d6d9c0db9cc9edfc20e5135de823977bf4defafae44d6cdab6 ++Ctrl.hexinfo = hexinfo:b42a8e43cc2d4e5c69ee5e4f6b19ff6b8071d26bab4dfe45650b92b1f47652d25162d4b61441d8448c54918ae568ae2fb53091c624dbfffacee51d88 ++Output = 91314bdf542162031643247d6507838eaba50f1a ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA384 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:582f968a54b8797b9ea8c655b42e397adb73d773b1984b1e1c429cd597b8015d2f91d59e4136a9d523bf6491a4733c7a ++Ctrl.hexinfo = hexinfo:e6d3c193eff34e34f8b7b00e66565aeb01f63206bb27e27aa281592afc06ae1ec5b7eb97a39684ce773d7c3528f2667c1f5d428406e78ce4cf39f652 ++Output = 691726c111e5030b5f9657069107861ecc18bc5835a814c3d2e5092c901cb1fb6c1a7cd3eb0be2a7 ++ ++ ++# [PRF=HMAC_SHA512] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=8_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:6ea2c385bb3e7bbafc2225cee1d3ee103ce300c1fdf033d0c1e99c57e6a596e037020838e857c0434040b58a5ca5410be672b888ef9955bdd54eb6a67416ff6a ++Ctrl.hexinfo = hexinfo:be119901ed8679b243508b97663f35da322774d7d2012d6557da6657c1176a115ebc73b0f1bfa1dba6b8c3b124f0a47cff2998b230c955b0ea809784 ++Output = e0755fa6f116ef7a8e8361f47fd57511 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:0ef984d7b4ee76f5c9e080b27f45ccab4ac2362c4cafa68198786b18e239d0f69ee62148373643ad9aa42474700348ef651fee9973130a42e76b7e7633eba1e9 ++Ctrl.hexinfo = hexinfo:56ece7c14c1fc5467f8316f3a931a7ddfa490969f442d7a132f3755809f6ca11dbc9c6493a541c244c32be6656e13ef2868cb79415b807b3882f00d2 ++Output = 19aa765affdd3cc7294b2c97e1bd5adc368523a3283c387d0719761e938f83db ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:a35728d4ec0d7e94019a45d52264e5cd63c7540c21e30a9882d8d531cbb510edaa78e42c03994c18d8efcf7f826a1a9fdbbbacc55c640e7b532cc08e0615a093 ++Ctrl.hexinfo = hexinfo:f501cc527bad6fe5d8e4f1f0f53d416ab17235f380f7e0d1c90dca18206af1fb1d977551e2e0e25c1fe41a8f825fbae2c07c94b768e98ad5ab8ddb2e ++Output = 54cf238101418ce050eee03aae0c39c4602ab838 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:8 ++Ctrl.hexkey = hexkey:baed493b0294c9a5dbbe4547a30f0602c6124cedb549b45cff0ee4f3689a7ae5b695e5ecdfebf611bba1174e5e3a8824383e555daef396dc58c2842f77d5a674 ++Ctrl.hexinfo = hexinfo:1371182cb0725416b1eccf4ac9fb20cf4e0f77e7d006a531e0ab2b2b46e0859473dad9dcae65ba5eb902228787dae19e735d002c919a4b74012f8904 ++Output = 09bb55c9f3cee604f4bc5544a802be8b02b34b99f7928ceee696221975f947905f1b5979d9d4c2a1 ++ ++ ++# [PRF=HMAC_SHA512] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=16_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:bb0c55c7201ceb2e1369a6c49e2cdc1ae5e4cd1d64638105072c3a9172b2fa6a127c4d6d55132585fb2644b5ae3cf9d347875e0d0bf80945eaabef3b4319605e ++Ctrl.hexinfo = hexinfo:89bf925033f00635c100e2c88a98ad9f08cd6a002b934617d4ebfffc0fe9bca1d19bd942da3704da127c7493cc62c67f507c415e4cb67d7d0be70005 ++Output = 05efd62522beb9bfff6492ecd24501a7 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:393eb889e9c2f251b95aa147d53e4cd029fd0391110be9c6b2f8ba32857864847c448a9a591686de88da7486d0a0f0f8c927560fa8f79c30e66a7efaacaa638f ++Ctrl.hexinfo = hexinfo:116bf7f9e5eb884c86cd0d3a2b33d41de7735677e6bd727e83fbde5c8113de56bf84c9f80610db760ae2df73f4f0db9df0cc1655ea9bc98bb06beeda ++Output = 212e4e4057a6871e166e7563205833bc7f01e86c724b6a61166d9311c55b5044 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:eeec4383a808fae57f24a7a5eb6157cca66483a613590c89ed39f59617ea97fcfa7cdfc83ba8140fa0d8542263d6423a9bcca70e11addb7a646f194ff0878cac ++Ctrl.hexinfo = hexinfo:b2565a20171eef1eaa04728e6c369405b251062bbd0a2b9171c8c6fedf0ff783691db787f153bbf5167301808f768a03df0deec99f2b9efb90cab571 ++Output = 4f31b7bcd54c74d8a7d31aca187b8736f0a59db7 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:16 ++Ctrl.hexkey = hexkey:62690d8ef259d175911d8eb52a331af29a8e3b797c4b315a67fa5cd1b00e585b2f7d97341284d0fcaa15a080732f7958e3b33e938e730623d1e651dbea9b2233 ++Ctrl.hexinfo = hexinfo:266535b58de26ed62f936bc7147c8c3b31ee0c1bb92c5ef63699ac7225e01cec5afd2e6e39cf095882324c7dc94b0daa2befc50f790da0547d7c6184 ++Output = 9336a88737d9ae01b5c43be5789c8545689557aad295ea3c03d2a2e0143603365fea1656175c20bf ++ ++ ++# [PRF=HMAC_SHA512] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=24_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:d10933b0683f6787c33eccea1c311b8444270504fb3980bfd56443ba4068722184c31541d9174f71068b7789440bc34cec456e115067f9c65a5f2883c6868204 ++Ctrl.hexinfo = hexinfo:dcb2ea8d715821d6393bd49a3e35f69a6c2519edb614f80fbc3f7ae1d65ff4a04c499e75d08819a09092ddaadba510e03cb2ac898804590dbd61fb7e ++Output = 876d73040d03d569e2fcae33b241d98e ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:44e6e9abd8572a19ba127dfa2ca6a1b53beaef8c19a1ec5b67f1f6f7919671cd80ade7ded7c0f096525936ef427b152339de915f024964ca9ea908a120e2553a ++Ctrl.hexinfo = hexinfo:c2884a0c3ea2ff5b0bc848698f49f2c59eff511d77caddba897dec7714a0984e54f330dd9e9fdca9c033dfbc36d3293eca0ce7601e316463966ad4fd ++Output = b294537440bec490953bf6e9a77c4510536916b84a5a2f45b5bf9f76666d8f12 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:a39131ca2f8df817ea2f155aac72d58a696d915b66b7cbe172a0f48a407aa8af0edbaea051eb027fe8fcc435cc7f160feeb57bd39a39d94104fe35167dac1aae ++Ctrl.hexinfo = hexinfo:52b6d1f6381fc3dd44baf1c9d36f0c313e58bf4fdb936b78103afdb90373079de90e4bb7d7089e65e0aef23f2a34df5198b8392aac705eb998c1f8cd ++Output = e707c910b4db3a648815fcad5ca7af18e5354c2e ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:24 ++Ctrl.hexkey = hexkey:af5a39f0303b11bca55584ce24162dabd1625aed14ce54f9e407866e03efb24b12a36e164f96faf36bc92a08acd194285107173fb84caef787672d6471028459 ++Ctrl.hexinfo = hexinfo:1cd84829b89d3149948967494aece985f1df3d7ec7735e8cc468bb3e6fdb50964d32dcde5521a82402577371047bf77e34714437e9d213561055b9db ++Output = a0e81b336a6f4ab395aada28314d8ba96b9216ae389b01aaec158e166239e554a217e69f603988fb ++ ++ ++# [PRF=HMAC_SHA512] ++# [CTRLOCATION=BEFORE_FIXED] ++# [RLEN=32_BITS] ++ ++# COUNT=0 ++# L = 128 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:dd5dbd45593ee2ac139748e7645b450f223d2ff297b73fd71cbcebe71d41653c950b88500de5322d99ef18dfdd30428294c4b3094f4c954334e593bd982ec614 ++Ctrl.hexinfo = hexinfo:b50b0c963c6b3034b8cf19cd3f5c4ebe4f4985af0c03e575db62e6fdf1ecfe4f28b95d7ce16df85843246e1557ce95bb26cc9a21974bbd2eb69e8355 ++Output = e5993bf9bd2aa1c45746042e12598155 ++ ++# COUNT=10 ++# L = 256 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:5be2bf7f5e2527e15fe65cde4507d98ba55457006867de9e4f36645bcff4ca38754f92898b1c5544718102593b8c26d45d1fceaea27d97ede9de8b9ebfe88093 ++Ctrl.hexinfo = hexinfo:004b13c1f628cb7a00d9498937bf437b71fe196cc916c47d298fa296c6b86188073543bbc66b7535eb17b5cf43c37944b6ca1225298a9e563413e5bb ++Output = cee0c11be2d8110b808f738523e718447d785878bbb783fb081a055160590072 ++ ++# COUNT=20 ++# L = 160 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:9dd03864a31aa4156ca7a12000f541680ce0a5f4775eef1088ac13368200b447a78d0bf14416a1d583c54b0f11200ff4a8983dd775ce9c0302d262483e300ae6 ++Ctrl.hexinfo = hexinfo:037369f142d669fca9e87e9f37ae8f2c8d506b753fdfe8a3b72f75cac1c50fa1f8620883b8dcb8dcc67adcc95e70aa624adb9fe1b2cb396692b0d2e8 ++Output = 96e8d1bc01dc95c0bf42c3c38fc54c090373ced4 ++ ++# COUNT=30 ++# L = 320 ++KDF = KBKDF ++Ctrl.mode = mode:COUNTER ++Ctrl.digest = digest:SHA512 ++Ctrl.mac = mac:HMAC ++Ctrl.use-l = use-l:0 ++Ctrl.use-separator = use-separator:0 ++Ctrl.r = r:32 ++Ctrl.hexkey = hexkey:a9f4a2c5af839867f5db5a1e520ab3cca72a166ca60de512fd7fe7e64cf94f92cf1d8b636175f293e003275e021018c3f0ede495997a505ec9a2afeb0495be57 ++Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f ++Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 ++ diff --git a/SOURCES/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/SOURCES/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch new file mode 100644 index 0000000..5208f40 --- /dev/null +++ b/SOURCES/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -0,0 +1,206 @@ +From c63599ee9708d543205a9173207ee7167315c624 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Tue, 1 Mar 2022 15:44:18 +0100 +Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes + +References: rhbz#2055796 +--- + crypto/x509/x509_vfy.c | 19 ++++++++++- + doc/man5/config.pod | 7 +++- + ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++------- + test/recipes/25-test_verify.t | 7 ++-- + 4 files changed, 79 insertions(+), 18 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index ff3ca83de6..a549c1c111 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -25,6 +25,7 @@ + #include + #include + #include "internal/dane.h" ++#include "internal/sslconf.h" + #include "crypto/x509.h" + #include "x509_local.h" + +@@ -3440,14 +3441,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) + { + int secbits = -1; + int level = ctx->param->auth_level; ++ int nid; ++ OSSL_LIB_CTX *libctx = NULL; + + if (level <= 0) + return 1; + if (level > NUM_AUTH_LEVELS) + level = NUM_AUTH_LEVELS; + +- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) ++ if (ctx->libctx) ++ libctx = ctx->libctx; ++ else if (cert->libctx) ++ libctx = cert->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) + return 0; + ++ if (nid == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ctx->param->auth_level < 3) ++ /* When rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility. */ ++ return 1; ++ + return secbits >= minbits_table[level - 1]; + } +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index aa1be5ca7f..aa69e2b844 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -305,7 +305,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 + digest will fail. For compatibility with older versions of OpenSSL, set this + option to B. This setting also affects TLS, where signature algorithms + that use SHA1 as digest will no longer be supported if this option is set to +-B. ++B. Note that enabling B will allow TLS signature ++algorithms that use SHA1 in security level 2, despite the definition of ++security level 2 of 112 bits of security, which SHA1 does not meet. Because ++TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key ++material, disabling B requires the use of TLS 1.2 or ++newer. + + =item B (deprecated) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 4b74ee1a34..5f089de107 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include "crypto/x509.h" + #include "internal/sslconf.h" + #include "internal/nelem.h" + #include "internal/sizes.h" +@@ -1561,19 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); + return 0; + } +- /* +- * Make sure security callback allows algorithm. For historical +- * reasons we have to pass the sigalg as a two byte char array. +- */ +- sigalgstr[0] = (sig >> 8) & 0xff; +- sigalgstr[1] = sig & 0xff; +- secbits = sigalg_security_bits(s->ctx, lu); +- if (secbits == 0 || +- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, +- md != NULL ? EVP_MD_get_type(md) : NID_undef, +- (void *)sigalgstr)) { +- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); +- return 0; ++ ++ if (lu->hash == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 3) { ++ /* when rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility */ ++ } else { ++ /* ++ * Make sure security callback allows algorithm. For historical ++ * reasons we have to pass the sigalg as a two byte char array. ++ */ ++ sigalgstr[0] = (sig >> 8) & 0xff; ++ sigalgstr[1] = sig & 0xff; ++ secbits = sigalg_security_bits(s->ctx, lu); ++ if (secbits == 0 || ++ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, ++ md != NULL ? EVP_MD_get_type(md) : NID_undef, ++ (void *)sigalgstr)) { ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); ++ return 0; ++ } + } + /* Store the sigalg the peer uses */ + s->s3.tmp.peer_sigalg = lu; +@@ -2106,6 +2115,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) + } + } + ++ if (lu->hash == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 3) { ++ /* when rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility */ ++ return 1; ++ } ++ + /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(s->ctx, lu); + sigalgstr[0] = (lu->sigalg >> 8) & 0xff; +@@ -2977,6 +2994,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) + { + /* Lookup signature algorithm digest */ + int secbits, nid, pknid; ++ OSSL_LIB_CTX *libctx = NULL; ++ + /* Don't check signature if self signed */ + if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) + return 1; +@@ -2985,6 +3004,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) + /* If digest NID not defined use signature NID */ + if (nid == NID_undef) + nid = pknid; ++ ++ if (x && x->libctx) ++ libctx = x->libctx; ++ else if (ctx && ctx->libctx) ++ libctx = ctx->libctx; ++ else if (s && s->ctx && s->ctx->libctx) ++ libctx = s->ctx->libctx; ++ else ++ libctx = OSSL_LIB_CTX_get0_global_default(); ++ ++ if (nid == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) ++ && ((s != NULL && SSL_get_security_level(s) < 3) ++ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3) ++ )) ++ /* When rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility. */ ++ return 1; ++ + if (s) + return ssl_security(s, op, secbits, nid, x); + else +diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t +index 700bbd849c..2de1d76b5e 100644 +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -29,7 +29,7 @@ sub verify { + run(app([@args])); + } + +-plan tests => 163; ++plan tests => 162; + + # Canonical success + ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), +@@ -387,8 +387,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), + "CA with PSS signature using SHA256"); + +-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), +- "Reject PSS signature using SHA1 and auth level 1"); ++## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1 ++#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), ++# "Reject PSS signature using SHA1 and auth level 1"); + + ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "PSS signature using SHA256 and auth level 2"); +-- +2.35.1 + diff --git a/SOURCES/0053-CVE-2022-0778.patch b/SOURCES/0053-CVE-2022-0778.patch new file mode 100644 index 0000000..4f4bcb5 --- /dev/null +++ b/SOURCES/0053-CVE-2022-0778.patch @@ -0,0 +1,188 @@ +From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:30 +0100 +Subject: [PATCH] Add documentation of BN_mod_sqrt() + +--- + doc/man3/BN_add.pod | 15 +++++++++++++-- + util/missingcrypto.txt | 1 - + 2 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod +index 62d3ee7205..cf6c49c0e3 100644 +--- a/doc/man3/BN_add.pod ++++ b/doc/man3/BN_add.pod +@@ -3,7 +3,7 @@ + =head1 NAME + + BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - ++BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - + arithmetic operations on BIGNUMs + + =head1 SYNOPSIS +@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs + + int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + ++ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++ + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); + + int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +@@ -87,6 +89,12 @@ L. + BN_mod_sqr() takes the square of I modulo B and places the + result in I. + ++BN_mod_sqrt() returns the modular square root of I such that ++C. The modulus I

must be a ++prime, otherwise an error or an incorrect "result" will be returned. ++The result is stored into I which can be NULL. The result will be ++newly allocated in that case. ++ + BN_exp() raises I to the I

-th power and places the result in I + (C). This function is faster than repeated applications of + BN_mul(). +@@ -108,7 +116,10 @@ the arguments. + + =head1 RETURN VALUES + +-For all functions, 1 is returned for success, 0 on error. The return ++The BN_mod_sqrt() returns the result (possibly incorrect if I

is ++not a prime), or NULL. ++ ++For all remaining functions, 1 is returned for success, 0 on error. The return + value should always be checked (e.g., C). + The error codes can be obtained by L. + +diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt +index b61bdeb880..4d2fd7f6b7 100644 +--- a/util/missingcrypto.txt ++++ b/util/missingcrypto.txt +@@ -264,7 +264,6 @@ BN_mod_lshift(3) + BN_mod_lshift1(3) + BN_mod_lshift1_quick(3) + BN_mod_lshift_quick(3) +-BN_mod_sqrt(3) + BN_mod_sub_quick(3) + BN_nist_mod_192(3) + BN_nist_mod_224(3) + +From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:35 +0100 +Subject: [PATCH] Add a negative testcase for BN_mod_sqrt + +--- + test/bntest.c | 11 ++++++++++- + test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/test/bntest.c b/test/bntest.c +index efdb3ef963..d49f87373a 100644 +--- a/test/bntest.c ++++ b/test/bntest.c +@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s) + || !TEST_ptr(ret2 = BN_new())) + goto err; + ++ if (BN_is_negative(mod_sqrt)) { ++ /* A negative testcase */ ++ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) ++ goto err; ++ ++ st = 1; ++ goto err; ++ } ++ + /* There are two possible answers. */ +- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) ++ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) + || !TEST_true(BN_sub(ret2, p, ret))) + goto err; + +diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt +index e22d656091..bc8a434ea5 100644 +--- a/test/recipes/10-test_bn_data/bnmod.txt ++++ b/test/recipes/10-test_bn_data/bnmod.txt +@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 + A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 + P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f ++ ++# Negative testcases for BN_mod_sqrt() ++ ++# This one triggers an infinite loop with unfixed implementation ++# It should just fail. ++ModSqrt = -1 ++A = 20a7ee ++P = 460201 ++ ++ModSqrt = -1 ++A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed ++P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:21 +0100 +Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() + +The calculation in some cases does not finish for non-prime p. + +This fixes CVE-2022-0778. + +Based on patch by David Benjamin . +--- + crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c +index b663ae5ec5..c5ea7ab194 100644 +--- a/crypto/bn/bn_sqrt.c ++++ b/crypto/bn/bn_sqrt.c +@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + /* + * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks + * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number +- * Theory", algorithm 1.5.1). 'p' must be prime! ++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or ++ * an incorrect "result" will be returned. + */ + { + BIGNUM *ret = in; +@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + goto vrfy; + } + +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) +- goto end; +- while (!BN_is_one(t)) { +- i++; +- if (i == e) { +- ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); +- goto end; ++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ ++ for (i = 1; i < e; i++) { ++ if (i == 1) { ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ ++ } else { ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; + } +- if (!BN_mod_mul(t, t, t, p, ctx)) +- goto end; ++ if (BN_is_one(t)) ++ break; ++ } ++ /* If not found, a is not a square or p is not prime. */ ++ if (i >= e) { ++ ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); ++ goto end; + } + + /* t := y^2^(e - i - 1) */ + diff --git a/SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch b/SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch new file mode 100644 index 0000000..a66968d --- /dev/null +++ b/SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch @@ -0,0 +1,53 @@ +From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Wed, 2 Feb 2022 17:47:26 +0100 +Subject: [PATCH] Replace size check with more meaningful pubkey check + +It does not make sense to check the size because this +function can be used in other contexts than in TLS-1.3 and +the value might not be padded to the size of p. + +However it makes sense to do the partial pubkey check because +there is no valid reason having the pubkey value outside the +1 < pubkey < p-1 bounds. + +Fixes #15465 + +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/17630) +--- + crypto/dh/dh_key.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 6b8cd550f2..c78ed618bf 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) + int err_reason = DH_R_BN_ERROR; + BIGNUM *pubkey = NULL; + const BIGNUM *p; +- size_t p_size; ++ int ret; + + if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL) + goto err; + DH_get0_pqg(dh, &p, NULL, NULL); +- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) { ++ if (p == NULL || BN_num_bytes(p) == 0) { + err_reason = DH_R_NO_PARAMETERS_SET; + goto err; + } +- /* +- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's +- * public key is of size not equal to size of p +- */ +- if (BN_is_zero(pubkey) || p_size != len) { ++ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */ ++ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) { + err_reason = DH_R_INVALID_PUBKEY; + goto err; + } +-- +2.35.1 + diff --git a/SOURCES/0055-nonlegacy-fetch-null-deref.patch b/SOURCES/0055-nonlegacy-fetch-null-deref.patch new file mode 100644 index 0000000..c4ca4fe --- /dev/null +++ b/SOURCES/0055-nonlegacy-fetch-null-deref.patch @@ -0,0 +1,23 @@ +diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c +index e1da724bd2f4..2bee5ef19447 100644 +--- a/crypto/core_namemap.c ++++ b/crypto/core_namemap.c +@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) + { + const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); + +- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); ++ if (cipher != NULL) ++ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); + } + + static void get_legacy_md_names(const OBJ_NAME *on, void *arg) + { + const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); + +- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); ++ if (md != NULL) ++ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); + } + + static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, diff --git a/SOURCES/0056-strcasecmp.patch b/SOURCES/0056-strcasecmp.patch new file mode 100644 index 0000000..ed30b2e --- /dev/null +++ b/SOURCES/0056-strcasecmp.patch @@ -0,0 +1,2279 @@ +diff --git a/apps/ca.c b/apps/ca.c +index 24883615ed6b..8a2b31579549 100644 +--- a/apps/ca.c ++++ b/apps/ca.c +@@ -2367,7 +2367,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg) + + case REV_CRL_REASON: + for (i = 0; i < 8; i++) { +- if (strcasecmp(rev_arg, crl_reasons[i]) == 0) { ++ if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) { + reason = crl_reasons[i]; + break; + } +@@ -2584,7 +2584,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, + } + if (reason_str) { + for (i = 0; i < NUM_REASONS; i++) { +- if (strcasecmp(reason_str, crl_reasons[i]) == 0) { ++ if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) { + reason_code = i; + break; + } +diff --git a/apps/cmp.c b/apps/cmp.c +index 9ea5cee4124d..5c6bcdad0a64 100644 +--- a/apps/cmp.c ++++ b/apps/cmp.c +@@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) + valptr[0] = '\0'; + valptr++; + +- if (strncasecmp(valptr, "int:", 4) != 0) { ++ if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) { + CMP_err("missing 'int:' in -geninfo option"); + return 0; + } +diff --git a/apps/ecparam.c b/apps/ecparam.c +index 12eed703de69..ecce36be71a2 100644 +--- a/apps/ecparam.c ++++ b/apps/ecparam.c +@@ -229,7 +229,7 @@ int ecparam_main(int argc, char **argv) + point_format, 0); + *p = OSSL_PARAM_construct_end(); + +- if (strcasecmp(curve_name, "SM2") == 0) ++ if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) + gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL); + else + gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL); +diff --git a/apps/lib/apps.c b/apps/lib/apps.c +index 30da6e8a8cb8..227da4982d14 100644 +--- a/apps/lib/apps.c ++++ b/apps/lib/apps.c +@@ -688,8 +688,8 @@ int load_cert_certs(const char *uri, + int ret = 0; + char *pass_string; + +- if (exclude_http && (strncasecmp(uri, "http://", 7) == 0 +- || strncasecmp(uri, "https://", 8) == 0)) { ++ if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 ++ || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { + BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); + return ret; + } +@@ -1182,20 +1182,20 @@ int set_name_ex(unsigned long *flags, const char *arg) + + int set_dateopt(unsigned long *dateopt, const char *arg) + { +- if (strcasecmp(arg, "rfc_822") == 0) ++ if (OPENSSL_strcasecmp(arg, "rfc_822") == 0) + *dateopt = ASN1_DTFLGS_RFC822; +- else if (strcasecmp(arg, "iso_8601") == 0) ++ else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0) + *dateopt = ASN1_DTFLGS_ISO8601; + return 0; + } + + int set_ext_copy(int *copy_type, const char *arg) + { +- if (strcasecmp(arg, "none") == 0) ++ if (OPENSSL_strcasecmp(arg, "none") == 0) + *copy_type = EXT_COPY_NONE; +- else if (strcasecmp(arg, "copy") == 0) ++ else if (OPENSSL_strcasecmp(arg, "copy") == 0) + *copy_type = EXT_COPY_ADD; +- else if (strcasecmp(arg, "copyall") == 0) ++ else if (OPENSSL_strcasecmp(arg, "copyall") == 0) + *copy_type = EXT_COPY_ALL; + else + return 0; +@@ -1275,7 +1275,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, + } + + for (ptbl = in_tbl; ptbl->name; ptbl++) { +- if (strcasecmp(arg, ptbl->name) == 0) { ++ if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) { + *flags &= ~ptbl->mask; + if (c) + *flags |= ptbl->flag; +diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c +index c093f31e1b39..42775a89f361 100644 +--- a/apps/lib/engine_loader.c ++++ b/apps/lib/engine_loader.c +@@ -71,7 +71,7 @@ static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader, + char *keyid = NULL; + OSSL_STORE_LOADER_CTX *ctx = NULL; + +- if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) ++ if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) + != 0) + return NULL; + p += sizeof(ENGINE_SCHEME_COLON) - 1; +diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c +index 03faac7707b7..df9575e2cd21 100644 +--- a/apps/lib/http_server.c ++++ b/apps/lib/http_server.c +@@ -453,10 +453,11 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, + } + *line_end = '\0'; + /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ +- if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) { +- if (strcasecmp(value, "keep-alive") == 0) ++ if (found_keep_alive != NULL ++ && OPENSSL_strcasecmp(key, "Connection") == 0) { ++ if (OPENSSL_strcasecmp(value, "keep-alive") == 0) + *found_keep_alive = 1; +- else if (strcasecmp(value, "close") == 0) ++ else if (OPENSSL_strcasecmp(value, "close") == 0) + *found_keep_alive = 0; + } + } +diff --git a/apps/lib/names.c b/apps/lib/names.c +index 5e2e7e147c7f..462703c6462b 100644 +--- a/apps/lib/names.c ++++ b/apps/lib/names.c +@@ -11,14 +11,11 @@ + #include + #include + #include "names.h" +- +-#ifdef _WIN32 +-# define strcasecmp _stricmp +-#endif ++#include "openssl/crypto.h" + + int name_cmp(const char * const *a, const char * const *b) + { +- return strcasecmp(*a, *b); ++ return OPENSSL_strcasecmp(*a, *b); + } + + void collect_names(const char *name, void *vdata) +diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c +index 1b27699b9d49..4d9a69b29e03 100644 +--- a/apps/lib/vms_term_sock.c ++++ b/apps/lib/vms_term_sock.c +@@ -132,7 +132,7 @@ int main (int argc, char *argv[], char *envp[]) + len; + + LogMessage ("Enter 'q' or 'Q' to quit ..."); +- while (strcasecmp (TermBuff, "Q")) { ++ while (OPENSSL_strcasecmp (TermBuff, "Q")) { + /* + ** Create the terminal socket + */ +diff --git a/apps/list.c b/apps/list.c +index 9732d6625a05..620ce0083134 100644 +--- a/apps/list.c ++++ b/apps/list.c +@@ -71,7 +71,7 @@ static void legacy_cipher_fn(const EVP_CIPHER *c, + { + if (select_name != NULL + && (c == NULL +- || strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) ++ || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) + return; + if (c != NULL) { + BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); +@@ -370,7 +370,7 @@ DEFINE_STACK_OF(EVP_RAND) + + static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) + { +- int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); ++ int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), +@@ -404,7 +404,7 @@ static void list_random_generators(void) + const EVP_RAND *m = sk_EVP_RAND_value(rands, i); + + if (select_name != NULL +- && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) ++ && OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) + continue; + BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); + BIO_printf(bio_out, " @ %s\n", +@@ -463,7 +463,7 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg) + if (gettables != NULL) + for (; gettables->key != NULL; gettables++) { + /* State has been dealt with already, so ignore */ +- if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) ++ if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) + continue; + /* Outside of verbose mode, we skip non-string values */ + if (gettables->data_type != OSSL_PARAM_UTF8_STRING +diff --git a/apps/rehash.c b/apps/rehash.c +index fb6c08c420ca..e4a4e14fd497 100644 +--- a/apps/rehash.c ++++ b/apps/rehash.c +@@ -214,7 +214,7 @@ static int handle_symlink(const char *filename, const char *fullpath) + return -1; + for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { + const char *suffix = suffixes[type]; +- if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) ++ if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) + break; + } + i += strlen(suffixes[type]); +@@ -249,7 +249,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) + if ((ext = strrchr(filename, '.')) == NULL) + goto end; + for (i = 0; i < OSSL_NELEM(extensions); i++) { +- if (strcasecmp(extensions[i], ext + 1) == 0) ++ if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0) + break; + } + if (i >= OSSL_NELEM(extensions)) +diff --git a/apps/s_server.c b/apps/s_server.c +index ccaec3124bf4..e93cfa1e2c7a 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -432,7 +432,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) + return SSL_TLSEXT_ERR_NOACK; + + if (servername != NULL) { +- if (strcasecmp(servername, p->servername)) ++ if (OPENSSL_strcasecmp(servername, p->servername)) + return p->extension_error; + if (ctx2 != NULL) { + BIO_printf(p->biodebug, "Switching server context.\n"); +diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c +index ddf68b576f88..fe9fc0dd43ba 100644 +--- a/crypto/LPdir_unix.c ++++ b/crypto/LPdir_unix.c +@@ -141,7 +141,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) + p--; + if (p > (*ctx)->entry_name && p[-1] == ';') + p[-1] = '\0'; +- if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0) ++ if (OPENSSL_strcasecmp((*ctx)->entry_name, ++ (*ctx)->previous_entry_name) == 0) + goto again; + } + #endif +diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c +index 031a6c936ad1..0de5785c2745 100644 +--- a/crypto/asn1/ameth_lib.c ++++ b/crypto/asn1/ameth_lib.c +@@ -10,7 +10,6 @@ + /* We need to use some engine deprecated APIs */ + #define OPENSSL_SUPPRESS_DEPRECATED + +-#include "e_os.h" /* for strncasecmp */ + #include "internal/cryptlib.h" + #include + #include +@@ -134,7 +133,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; + if ((int)strlen(ameth->pem_str) == len +- && strncasecmp(ameth->pem_str, str, len) == 0) ++ && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) + return ameth; + } + return NULL; +diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c +index ecff2be02e1f..59d42daf4a1c 100644 +--- a/crypto/asn1/asn1_gen.c ++++ b/crypto/asn1/asn1_gen.c +@@ -10,7 +10,6 @@ + #include "internal/cryptlib.h" + #include + #include +-#include "e_os.h" /* strncasecmp() */ + + #define ASN1_GEN_FLAG 0x10000 + #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) +@@ -565,7 +564,8 @@ static int asn1_str2tag(const char *tagstr, int len) + + tntmp = tnst; + for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { +- if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0)) ++ if ((len == tntmp->len) ++ && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) + return tntmp->tag; + } + +diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c +index c05c3c6b109d..6fe8427dc5e6 100644 +--- a/crypto/conf/conf_def.c ++++ b/crypto/conf/conf_def.c +@@ -11,7 +11,7 @@ + + #include + #include +-#include "e_os.h" /* strcasecmp and struct stat */ ++#include "e_os.h" /* struct stat */ + #ifdef __TANDEM + # include /* needed for stat.h */ + # include /* struct stat */ +@@ -192,11 +192,11 @@ static int def_load(CONF *conf, const char *name, long *line) + /* Parse a boolean value and fill in *flag. Return 0 on error. */ + static int parsebool(const char *pval, int *flag) + { +- if (strcasecmp(pval, "on") == 0 +- || strcasecmp(pval, "true") == 0) { ++ if (OPENSSL_strcasecmp(pval, "on") == 0 ++ || OPENSSL_strcasecmp(pval, "true") == 0) { + *flag = 1; +- } else if (strcasecmp(pval, "off") == 0 +- || strcasecmp(pval, "false") == 0) { ++ } else if (OPENSSL_strcasecmp(pval, "off") == 0 ++ || OPENSSL_strcasecmp(pval, "false") == 0) { + *flag = 0; + } else { + ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); +@@ -839,8 +839,10 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) + namelen = strlen(filename); + + +- if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0) +- || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) { ++ if ((namelen > 5 ++ && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) ++ || (namelen > 4 ++ && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { + size_t newlen; + char *newpath; + BIO *bio; +diff --git a/crypto/context.c b/crypto/context.c +index 3333af4c534e..4fef24cadd5a 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -14,6 +14,7 @@ + #include "internal/core.h" + #include "internal/bio.h" + #include "internal/provider.h" ++#include "crypto/ctype.h" + + # include + # include +@@ -150,7 +151,8 @@ static CRYPTO_THREAD_LOCAL default_context_thread_local; + { + read_kernel_fips_flag(); + return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) +- && context_init(&default_context_int); ++ && context_init(&default_context_int) ++ && ossl_init_casecmp(); + } + + void ossl_lib_ctx_default_deinit(void) +diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c +index 55248affc663..7e11ab1c8845 100644 +--- a/crypto/core_namemap.c ++++ b/crypto/core_namemap.c +@@ -7,7 +7,6 @@ + * https://www.openssl.org/source/license.html + */ + +-#include "e_os.h" /* strcasecmp */ + #include "internal/namemap.h" + #include + #include "crypto/lhash.h" /* ossl_lh_strcasehash */ +@@ -49,7 +48,7 @@ static unsigned long namenum_hash(const NAMENUM_ENTRY *n) + + static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) + { +- return strcasecmp(a->name, b->name); ++ return OPENSSL_strcasecmp(a->name, b->name); + } + + static void namenum_free(NAMENUM_ENTRY *n) +diff --git a/crypto/ctype.c b/crypto/ctype.c +index 83c24a546f53..321306eb5f50 100644 +--- a/crypto/ctype.c ++++ b/crypto/ctype.c +@@ -12,6 +12,19 @@ + #include "crypto/ctype.h" + #include + ++#include ++#include "internal/core.h" ++#include "internal/thread_once.h" ++ ++#ifndef OPENSSL_SYS_WINDOWS ++#include ++#endif ++#include ++ ++#ifdef OPENSSL_SYS_MACOSX ++#include ++#endif ++ + /* + * Define the character classes for each character in the seven bit ASCII + * character set. This is independent of the host's character set, characters +@@ -278,3 +291,90 @@ int ossl_ascii_isdigit(const char inchar) { + return 1; + return 0; + } ++ ++/* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly ++ * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */ ++ ++#if (defined OPENSSL_SYS_WINDOWS) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L) ++ ++# if defined OPENSSL_SYS_WINDOWS ++# define locale_t _locale_t ++# define freelocale _free_locale ++# define strcasecmp_l _stricmp_l ++# define strncasecmp_l _strnicmp_l ++# endif ++ ++# ifndef FIPS_MODULE ++static locale_t loc; ++ ++static int locale_base_inited = 0; ++static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT; ++static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT; ++ ++void *ossl_c_locale() { ++ return (void *)loc; ++} ++ ++DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base) ++{ ++# ifdef OPENSSL_SYS_WINDOWS ++ loc = _create_locale(LC_COLLATE, "C"); ++# else ++ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); ++# endif ++ locale_base_inited = 1; ++ return (loc == (locale_t) 0) ? 0 : 1; ++} ++ ++DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base) ++{ ++ if (locale_base_inited && loc) { ++ freelocale(loc); ++ loc = NULL; ++ } ++ return 1; ++} ++ ++int ossl_init_casecmp() ++{ ++ return RUN_ONCE(&locale_base, ossl_init_locale_base); ++} ++ ++void ossl_deinit_casecmp() { ++ (void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base); ++} ++# endif ++ ++int OPENSSL_strcasecmp(const char *s1, const char *s2) ++{ ++ return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); ++} ++ ++int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++{ ++ return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); ++} ++#else ++# ifndef FIPS_MODULE ++void *ossl_c_locale() { ++ return NULL; ++} ++# endif ++ ++int ossl_init_casecmp() { ++ return 1; ++} ++ ++void ossl_deinit_casecmp() { ++} ++ ++int OPENSSL_strcasecmp(const char *s1, const char *s2) ++{ ++ return strcasecmp(s1, s2); ++} ++ ++int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++{ ++ return strncasecmp(s1, s2, n); ++} ++#endif +diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c +index c71f4053da6c..7608cbae5a28 100644 +--- a/crypto/dh/dh_group_params.c ++++ b/crypto/dh/dh_group_params.c +@@ -23,7 +23,6 @@ + #include + #include "internal/nelem.h" + #include "crypto/dh.h" +-#include "e_os.h" /* strcasecmp */ + + static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) + { +diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c +index 381da71f33a8..0d84a3332296 100644 +--- a/crypto/ec/ec_backend.c ++++ b/crypto/ec/ec_backend.c +@@ -54,7 +54,7 @@ int ossl_ec_encoding_name2id(const char *name) + return OPENSSL_EC_NAMED_CURVE; + + for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) { +- if (strcasecmp(name, encoding_nameid_map[i].ptr) == 0) ++ if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0) + return encoding_nameid_map[i].id; + } + return -1; +@@ -91,7 +91,7 @@ static int ec_check_group_type_name2id(const char *name) + return 0; + + for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { +- if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) ++ if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) + return check_group_type_nameid_map[i].id; + } + return -1; +@@ -136,7 +136,7 @@ int ossl_ec_pt_format_name2id(const char *name) + return (int)POINT_CONVERSION_UNCOMPRESSED; + + for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { +- if (strcasecmp(name, format_nameid_map[i].ptr) == 0) ++ if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0) + return format_nameid_map[i].id; + } + return -1; +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 2ee8284eaff3..ecd53fee008a 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -22,7 +22,6 @@ + #include "crypto/ec.h" + #include "internal/nelem.h" + #include "ec_local.h" +-#include "e_os.h" /* strcasecmp */ + + /* functions for EC_GROUP objects */ + +@@ -1581,9 +1580,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); + goto err; + } +- if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { ++ if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { + is_prime_field = 1; +- } else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) { ++ } else if (OPENSSL_strcasecmp(ptmp->data, ++ SN_X9_62_characteristic_two_field) == 0) { + is_prime_field = 0; + } else { + /* Invalid field */ +diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c +index 10a38b6f82a7..de6d3def3101 100644 +--- a/crypto/encode_decode/decoder_lib.c ++++ b/crypto/encode_decode/decoder_lib.c +@@ -789,7 +789,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) + */ + trace_data_structure = data_structure; + if (data_type != NULL && data_structure != NULL +- && strcasecmp(data_structure, "type-specific") == 0) ++ && OPENSSL_strcasecmp(data_structure, "type-specific") == 0) + data_structure = NULL; + + OSSL_TRACE_BEGIN(DECODER) { +@@ -850,7 +850,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) + * that's the case, we do this extra check. + */ + if (decoder == NULL && ctx->start_input_type != NULL +- && strcasecmp(ctx->start_input_type, new_input_type) != 0) { ++ && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) { + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", +@@ -896,7 +896,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) + */ + if (data_structure != NULL + && (new_input_structure == NULL +- || strcasecmp(data_structure, new_input_structure) != 0)) { ++ || OPENSSL_strcasecmp(data_structure, ++ new_input_structure) != 0)) { + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", +@@ -915,7 +916,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) + && ctx->input_structure != NULL + && new_input_structure != NULL) { + data->flag_input_structure_checked = 1; +- if (strcasecmp(new_input_structure, ctx->input_structure) != 0) { ++ if (OPENSSL_strcasecmp(new_input_structure, ++ ctx->input_structure) != 0) { + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", +diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c +index 475117a463af..833061d873ed 100644 +--- a/crypto/encode_decode/decoder_pkey.c ++++ b/crypto/encode_decode/decoder_pkey.c +@@ -18,7 +18,6 @@ + #include "crypto/evp.h" + #include "crypto/decoder.h" + #include "encoder_local.h" +-#include "e_os.h" /* strcasecmp on Windows */ + + int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, + const unsigned char *kstr, +diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c +index cfd9275172f5..2a83af825c2d 100644 +--- a/crypto/encode_decode/encoder_lib.c ++++ b/crypto/encode_decode/encoder_lib.c +@@ -7,7 +7,6 @@ + * https://www.openssl.org/source/license.html + */ + +-#include "e_os.h" /* strcasecmp on Windows */ + #include + #include + #include +@@ -453,8 +452,8 @@ static int encoder_process(struct encoder_process_data_st *data) + */ + if (top) { + if (data->ctx->output_type != NULL +- && strcasecmp(current_output_type, +- data->ctx->output_type) != 0) { ++ && OPENSSL_strcasecmp(current_output_type, ++ data->ctx->output_type) != 0) { + OSSL_TRACE_BEGIN(ENCODER) { + BIO_printf(trc_out, + "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", +@@ -482,8 +481,8 @@ static int encoder_process(struct encoder_process_data_st *data) + */ + if (data->ctx->output_structure != NULL + && current_output_structure != NULL) { +- if (strcasecmp(data->ctx->output_structure, +- current_output_structure) != 0) { ++ if (OPENSSL_strcasecmp(data->ctx->output_structure, ++ current_output_structure) != 0) { + OSSL_TRACE_BEGIN(ENCODER) { + BIO_printf(trc_out, + "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", +diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c +index c37edf966d7e..3a24317cf4d6 100644 +--- a/crypto/encode_decode/encoder_pkey.c ++++ b/crypto/encode_decode/encoder_pkey.c +@@ -7,7 +7,6 @@ + * https://www.openssl.org/source/license.html + */ + +-#include "e_os.h" /* strcasecmp on Windows */ + #include + #include + #include +diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c +index e3a5c82e9957..09d0ed9d3aae 100644 +--- a/crypto/engine/tb_asnmth.c ++++ b/crypto/engine/tb_asnmth.c +@@ -152,7 +152,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == len) +- && strncasecmp(ameth->pem_str, str, len) == 0) ++ && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) + return ameth; + } + return NULL; +@@ -177,7 +177,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) + e->pkey_asn1_meths(e, &ameth, NULL, nid); + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == lk->len) +- && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { ++ && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { + lk->e = e; + lk->ameth = ameth; + return; +diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c +index 961ca116b32f..0aa1c23beec7 100644 +--- a/crypto/evp/ctrl_params_translate.c ++++ b/crypto/evp/ctrl_params_translate.c +@@ -37,8 +37,6 @@ + #include "crypto/dh.h" + #include "crypto/ec.h" + +-#include "e_os.h" /* strcasecmp() for Windows */ +- + struct translation_ctx_st; /* Forwarding */ + struct translation_st; /* Forwarding */ + +@@ -905,7 +903,7 @@ static int fix_kdf_type(enum state state, + + /* Convert KDF type strings to numbers */ + for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) +- if (strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { ++ if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { + ctx->p1 = kdf_type_map->kdf_type_num; + ret = 1; + break; +@@ -2469,10 +2467,11 @@ lookup_translation(struct translation_st *tmpl, + * cmd name in the template. + */ + if (item->ctrl_str != NULL +- && strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) ++ && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) + ctrl_str = tmpl->ctrl_str; + else if (item->ctrl_hexstr != NULL +- && strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0) ++ && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, ++ item->ctrl_hexstr) == 0) + ctrl_hexstr = tmpl->ctrl_hexstr; + else + continue; +@@ -2500,7 +2499,8 @@ lookup_translation(struct translation_st *tmpl, + if ((item->action_type != NONE + && tmpl->action_type != item->action_type) + || (item->param_key != NULL +- && strcasecmp(tmpl->param_key, item->param_key) != 0)) ++ && OPENSSL_strcasecmp(tmpl->param_key, ++ item->param_key) != 0)) + continue; + } else { + return NULL; +diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c +index 8550be65e785..aa3c7fa4efc7 100644 +--- a/crypto/evp/ec_support.c ++++ b/crypto/evp/ec_support.c +@@ -10,7 +10,7 @@ + #include + #include + #include "crypto/ec.h" +-#include "e_os.h" /* strcasecmp required by windows */ ++#include "internal/nelem.h" + + typedef struct ec_name2nid_st { + const char *name; +@@ -139,7 +139,7 @@ int ossl_ec_curve_name2nid(const char *name) + return nid; + + for (i = 0; i < OSSL_NELEM(curve_list); i++) { +- if (strcasecmp(curve_list[i].name, name) == 0) ++ if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0) + return curve_list[i].nid; + } + } +diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c +index 24092cfd5be0..da3ef28b3d18 100644 +--- a/crypto/evp/evp_lib.c ++++ b/crypto/evp/evp_lib.c +@@ -15,7 +15,6 @@ + + #include + #include +-#include "e_os.h" /* strcasecmp */ + #include "internal/cryptlib.h" + #include + #include +@@ -1170,17 +1169,17 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + + va_start(args, type); + +- if (strcasecmp(type, "RSA") == 0) { ++ if (OPENSSL_strcasecmp(type, "RSA") == 0) { + bits = va_arg(args, size_t); + params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); +- } else if (strcasecmp(type, "EC") == 0) { ++ } else if (OPENSSL_strcasecmp(type, "EC") == 0) { + name = va_arg(args, char *); + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + name, 0); +- } else if (strcasecmp(type, "ED25519") != 0 +- && strcasecmp(type, "X25519") != 0 +- && strcasecmp(type, "ED448") != 0 +- && strcasecmp(type, "X448") != 0) { ++ } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 ++ && OPENSSL_strcasecmp(type, "X25519") != 0 ++ && OPENSSL_strcasecmp(type, "ED448") != 0 ++ && OPENSSL_strcasecmp(type, "X448") != 0) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); + goto end; + } +diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c +index 27138af56421..668607a72360 100644 +--- a/crypto/evp/p_lib.c ++++ b/crypto/evp/p_lib.c +@@ -50,8 +50,6 @@ + #include "internal/provider.h" + #include "evp_local.h" + +-#include "e_os.h" /* strcasecmp on Windows */ +- + static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, + int len, EVP_KEYMGMT *keymgmt); + static void evp_pkey_free_it(EVP_PKEY *key); +@@ -1018,7 +1016,7 @@ int evp_pkey_name2type(const char *name) + size_t i; + + for (i = 0; i < OSSL_NELEM(standard_name2type); i++) { +- if (strcasecmp(name, standard_name2type[i].ptr) == 0) ++ if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0) + return (int)standard_name2type[i].id; + } + +diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c +index e9f597c46c00..266cb30bc245 100644 +--- a/crypto/ffc/ffc_dh.c ++++ b/crypto/ffc/ffc_dh.c +@@ -10,7 +10,6 @@ + #include "internal/ffc.h" + #include "internal/nelem.h" + #include "crypto/bn_dh.h" +-#include "e_os.h" /* strcasecmp */ + + #ifndef OPENSSL_NO_DH + +@@ -84,7 +83,7 @@ const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name) + size_t i; + + for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { +- if (strcasecmp(dh_named_groups[i].name, name) == 0) ++ if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0) + return &dh_named_groups[i]; + } + return NULL; +diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c +index 6e025a06be6e..500189e49fc0 100644 +--- a/crypto/ffc/ffc_params.c ++++ b/crypto/ffc/ffc_params.c +@@ -12,7 +12,6 @@ + #include "internal/ffc.h" + #include "internal/param_build_set.h" + #include "internal/nelem.h" +-#include "e_os.h" /* strcasecmp */ + + #ifndef FIPS_MODULE + # include /* ossl_ffc_params_print */ +diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c +index 33e7b82b9e8c..8133a04936c5 100644 +--- a/crypto/http/http_client.c ++++ b/crypto/http/http_client.c +@@ -322,7 +322,7 @@ static int add1_headers(OSSL_HTTP_REQ_CTX *rctx, + + for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { + hdr = sk_CONF_VALUE_value(headers, i); +- if (add_host && strcasecmp("host", hdr->name) == 0) ++ if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0) + add_host = 0; + if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value)) + return 0; +@@ -666,13 +666,13 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) + } + if (value != NULL && line_end != NULL) { + if (rctx->state == OHS_REDIRECT +- && strcasecmp(key, "Location") == 0) { ++ && OPENSSL_strcasecmp(key, "Location") == 0) { + rctx->redirection_url = value; + return 0; + } + if (rctx->expected_ct != NULL +- && strcasecmp(key, "Content-Type") == 0) { +- if (strcasecmp(rctx->expected_ct, value) != 0) { ++ && OPENSSL_strcasecmp(key, "Content-Type") == 0) { ++ if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) { + ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE, + "expected=%s, actual=%s", + rctx->expected_ct, value); +@@ -682,12 +682,12 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) + } + + /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ +- if (strcasecmp(key, "Connection") == 0) { +- if (strcasecmp(value, "keep-alive") == 0) ++ if (OPENSSL_strcasecmp(key, "Connection") == 0) { ++ if (OPENSSL_strcasecmp(value, "keep-alive") == 0) + found_keep_alive = 1; +- else if (strcasecmp(value, "close") == 0) ++ else if (OPENSSL_strcasecmp(value, "close") == 0) + found_keep_alive = 0; +- } else if (strcasecmp(key, "Content-Length") == 0) { ++ } else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) { + resp_len = (size_t)strtoul(value, &line_end, 10); + if (line_end == value || *line_end != '\0') { + ERR_raise_data(ERR_LIB_HTTP, +diff --git a/crypto/init.c b/crypto/init.c +index 6a27d1a8e440..1569c35a6b96 100644 +--- a/crypto/init.c ++++ b/crypto/init.c +@@ -32,6 +32,7 @@ + #include "crypto/store.h" + #include /* for OSSL_CMP_log_close() */ + #include ++#include "crypto/ctype.h" + + static int stopped = 0; + static uint64_t optsdone = 0; +@@ -447,6 +448,9 @@ void OPENSSL_cleanup(void) + OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n"); + ossl_trace_cleanup(); + ++ OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n"); ++ ossl_deinit_casecmp(); ++ + base_inited = 0; + } + +@@ -460,6 +464,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) + uint64_t tmp; + int aloaddone = 0; + ++ if (!ossl_init_casecmp()) ++ return 0; ++ + /* Applications depend on 0 being returned when cleanup was already done */ + if (stopped) { + if (!(opts & OPENSSL_INIT_BASE_ONLY)) +diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c +index 92152eeb6674..7596d720e964 100644 +--- a/crypto/objects/o_names.c ++++ b/crypto/objects/o_names.c +@@ -21,23 +21,6 @@ + #include "obj_local.h" + #include "e_os.h" + +-/* +- * We define this wrapper for two reasons. Firstly, later versions of +- * DEC C add linkage information to certain functions, which makes it +- * tricky to use them as values to regular function pointers. +- * Secondly, in the EDK2 build environment, the strcasecmp function is +- * actually an external function with the Microsoft ABI, so we can't +- * transparently assign function pointers to it. +- */ +-#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) +-static int obj_strcasecmp(const char *a, const char *b) +-{ +- return strcasecmp(a, b); +-} +-#else +-#define obj_strcasecmp strcasecmp +-#endif +- + /* + * I use the ex_data stuff to manage the identifiers for the obj_name_types + * that applications may define. I only really use the free function field. +@@ -111,7 +94,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + goto out; + } + name_funcs->hash_func = ossl_lh_strcasehash; +- name_funcs->cmp_func = obj_strcasecmp; ++ name_funcs->cmp_func = OPENSSL_strcasecmp; + push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); + + if (!push) { +@@ -145,7 +128,7 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) + ret = sk_NAME_FUNCS_value(name_funcs_stack, + a->type)->cmp_func(a->name, b->name); + } else +- ret = strcasecmp(a->name, b->name); ++ ret = OPENSSL_strcasecmp(a->name, b->name); + } + return ret; + } +diff --git a/crypto/params_dup.c b/crypto/params_dup.c +index 6a58b52f65cb..d92176da46e5 100644 +--- a/crypto/params_dup.c ++++ b/crypto/params_dup.c +@@ -11,7 +11,6 @@ + #include + #include + #include "internal/param_build_set.h" +-#include "e_os.h" /* strcasecmp */ + + #define OSSL_PARAM_ALLOCATED_END 127 + #define OSSL_PARAM_MERGE_LIST_MAX 128 +@@ -142,7 +141,7 @@ static int compare_params(const void *left, const void *right) + const OSSL_PARAM *l = *(const OSSL_PARAM **)left; + const OSSL_PARAM *r = *(const OSSL_PARAM **)right; + +- return strcasecmp(l->key, r->key); ++ return OPENSSL_strcasecmp(l->key, r->key); + } + + OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) +@@ -205,7 +204,7 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) + break; + } + /* consume the list element with the smaller key */ +- diff = strcasecmp((*p1cur)->key, (*p2cur)->key); ++ diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key); + if (diff == 0) { + /* If the keys are the same then throw away the list1 element */ + *dst++ = **p2cur; +diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c +index 8954ec724617..c5691395c424 100644 +--- a/crypto/property/property_parse.c ++++ b/crypto/property/property_parse.c +@@ -45,7 +45,7 @@ static int match(const char *t[], const char m[], size_t m_len) + { + const char *s = *t; + +- if (strncasecmp(s, m, m_len) == 0) { ++ if (OPENSSL_strncasecmp(s, m, m_len) == 0) { + *t = skip_space(s + m_len); + return 1; + } +diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c +index afe3521186ca..c453d3226133 100644 +--- a/crypto/rand/rand_lib.c ++++ b/crypto/rand/rand_lib.c +@@ -768,22 +768,22 @@ static int random_conf_init(CONF_IMODULE *md, const CONF *cnf) + + for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { + cval = sk_CONF_VALUE_value(elist, i); +- if (strcasecmp(cval->name, "random") == 0) { ++ if (OPENSSL_strcasecmp(cval->name, "random") == 0) { + if (!random_set_string(&dgbl->rng_name, cval->value)) + return 0; +- } else if (strcasecmp(cval->name, "cipher") == 0) { ++ } else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) { + if (!random_set_string(&dgbl->rng_cipher, cval->value)) + return 0; +- } else if (strcasecmp(cval->name, "digest") == 0) { ++ } else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) { + if (!random_set_string(&dgbl->rng_digest, cval->value)) + return 0; +- } else if (strcasecmp(cval->name, "properties") == 0) { ++ } else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) { + if (!random_set_string(&dgbl->rng_propq, cval->value)) + return 0; +- } else if (strcasecmp(cval->name, "seed") == 0) { ++ } else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) { + if (!random_set_string(&dgbl->seed_name, cval->value)) + return 0; +- } else if (strcasecmp(cval->name, "seed_properties") == 0) { ++ } else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) { + if (!random_set_string(&dgbl->seed_propq, cval->value)) + return 0; + } else { +diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c +index ad1623dd1444..254ebdb24287 100644 +--- a/crypto/rsa/rsa_backend.c ++++ b/crypto/rsa/rsa_backend.c +@@ -27,8 +27,6 @@ + #include "crypto/rsa.h" + #include "rsa_local.h" + +-#include "e_os.h" /* strcasecmp for Windows() */ +- + /* + * The intention with the "backend" source file is to offer backend support + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider +@@ -275,8 +273,8 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, + else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) + return 0; + +- if (strcasecmp(param_mgf->data, +- ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) ++ if (OPENSSL_strcasecmp(param_mgf->data, ++ ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) + return 0; + } + +diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c +index 7dcb939066f2..42bf9d555a36 100644 +--- a/crypto/store/store_lib.c ++++ b/crypto/store/store_lib.c +@@ -93,7 +93,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); + if ((p = strchr(scheme_copy, ':')) != NULL) { + *p++ = '\0'; +- if (strcasecmp(scheme_copy, "file") != 0) { ++ if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) { + if (strncmp(p, "//", 2) == 0) + schemes_n--; /* Invalidate the file scheme */ + schemes[schemes_n++] = scheme_copy; +diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c +index 1306b270bbaf..6f83da4beb02 100644 +--- a/crypto/store/store_result.c ++++ b/crypto/store/store_result.c +@@ -457,7 +457,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, + + /* If we have a data type, it should be a PEM name */ + if (data->data_type != NULL +- && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) ++ && (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) + ignore_trusted = 0; + + if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, +diff --git a/crypto/trace.c b/crypto/trace.c +index 40941990e673..d790409a2d62 100644 +--- a/crypto/trace.c ++++ b/crypto/trace.c +@@ -19,8 +19,6 @@ + #include "internal/refcount.h" + #include "crypto/cryptlib.h" + +-#include "e_os.h" /* strcasecmp for Windows */ +- + #ifndef OPENSSL_NO_TRACE + + static CRYPTO_RWLOCK *trace_lock = NULL; +@@ -158,7 +156,7 @@ int OSSL_trace_get_category_num(const char *name) + size_t i; + + for (i = 0; i < OSSL_NELEM(trace_categories); i++) +- if (strcasecmp(name, trace_categories[i].name) == 0) ++ if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0) + return trace_categories[i].num; + return -1; /* not found */ + } +diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c +index 6a613d64e6aa..9927c083b115 100644 +--- a/crypto/x509/v3_tlsf.c ++++ b/crypto/x509/v3_tlsf.c +@@ -108,7 +108,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, + extval = val->name; + + for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) +- if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) ++ if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) + break; + if (j < OSSL_NELEM(tls_feature_tbl)) + tlsextid = tls_feature_tbl[j].num; +diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c +index ff049c897bae..6e4ef26ed608 100644 +--- a/crypto/x509/v3_utl.c ++++ b/crypto/x509/v3_utl.c +@@ -715,7 +715,7 @@ static int wildcard_match(const unsigned char *prefix, size_t prefix_len, + } + /* IDNA labels cannot match partial wildcards */ + if (!allow_idna && +- subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0) ++ subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) + return 0; + /* The wildcard may match a literal '*' */ + if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') +@@ -775,7 +775,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, + || ('A' <= p[i] && p[i] <= 'Z') + || ('0' <= p[i] && p[i] <= '9')) { + if ((state & LABEL_START) != 0 +- && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0) ++ && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) + state |= LABEL_IDNA; + state &= ~(LABEL_HYPHEN | LABEL_START); + } else if (p[i] == '.') { +diff --git a/doc/build.info b/doc/build.info +index c1d98a4ca669..7e86de588aed 100644 +--- a/doc/build.info ++++ b/doc/build.info +@@ -1531,6 +1531,10 @@ DEPEND[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod + GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod + DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod + GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod ++DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod ++GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod ++DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod ++GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod + DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod + GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod + DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod +@@ -3110,6 +3114,7 @@ html/man3/OPENSSL_load_builtin_modules.html \ + html/man3/OPENSSL_malloc.html \ + html/man3/OPENSSL_s390xcap.html \ + html/man3/OPENSSL_secure_malloc.html \ ++html/man3/OPENSSL_strcasecmp.html \ + html/man3/OSSL_CMP_CTX_new.html \ + html/man3/OSSL_CMP_HDR_get0_transactionID.html \ + html/man3/OSSL_CMP_ITAV_set0.html \ +@@ -3704,6 +3709,7 @@ man/man3/OPENSSL_load_builtin_modules.3 \ + man/man3/OPENSSL_malloc.3 \ + man/man3/OPENSSL_s390xcap.3 \ + man/man3/OPENSSL_secure_malloc.3 \ ++man/man3/OPENSSL_strcasecmp.3 \ + man/man3/OSSL_CMP_CTX_new.3 \ + man/man3/OSSL_CMP_HDR_get0_transactionID.3 \ + man/man3/OSSL_CMP_ITAV_set0.3 \ +diff --git a/doc/man3/OPENSSL_strcasecmp.pod b/doc/man3/OPENSSL_strcasecmp.pod +new file mode 100644 +index 000000000000..1bb8b18c5013 +--- /dev/null ++++ b/doc/man3/OPENSSL_strcasecmp.pod +@@ -0,0 +1,47 @@ ++=pod ++ ++=head1 NAME ++ ++OPENSSL_strcasecmp, OPENSSL_strncasecmp - compare two strings ignoring case ++ ++=head1 SYNOPSIS ++ ++ #include ++ ++ int OPENSSL_strcasecmp(const char *s1, const char *s2); ++ int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); ++ ++=head1 DESCRIPTION ++ ++The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings ++B and B, ignoring the case of the characters. ++ ++The OPENSSL_strncasecmp function is similar, except that it compares no more than ++B bytes of B and B. ++ ++In POSIX-compatible system and on Windows these functions use "C" locale for ++case insensitive. Otherwise the comparison is done in current locale. ++ ++=head1 RETURN VALUES ++ ++Both functions return an integer less than, equal to, or greater than zero if ++s1 is found, respectively, to be less than, to match, or be greater than s2. ++ ++=head1 NOTES ++ ++OpenSSL extensively uses case insensitive comparison of ASCII strings. Though ++OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may ++unpredictably suffer when they use localization (e.g. Turkish locale is ++well-known with a specific I/i cases). These functions use C locale for string ++comparison. ++ ++=head1 COPYRIGHT ++ ++Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff --git a/e_os.h b/e_os.h +index e1608ae55d7d..5490a48fcd48 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -249,8 +249,6 @@ FILE *__iob_func(); + /***********************************************/ + + # if defined(OPENSSL_SYS_WINDOWS) +-# define strcasecmp _stricmp +-# define strncasecmp _strnicmp + # if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) + # define open _open + # define fdopen _fdopen +diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c +index fa01317db5eb..a9c10d375a58 100644 +--- a/engines/e_devcrypto.c ++++ b/engines/e_devcrypto.c +@@ -1159,9 +1159,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) + case DEVCRYPTO_CMD_CIPHERS: + if (p == NULL) + return 1; +- if (strcasecmp((const char *)p, "ALL") == 0) { ++ if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { + devcrypto_select_all_ciphers(selected_ciphers); +- } else if (strcasecmp((const char*)p, "NONE") == 0) { ++ } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { + memset(selected_ciphers, 0, sizeof(selected_ciphers)); + } else { + new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); +@@ -1179,9 +1179,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) + case DEVCRYPTO_CMD_DIGESTS: + if (p == NULL) + return 1; +- if (strcasecmp((const char *)p, "ALL") == 0) { ++ if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { + devcrypto_select_all_digests(selected_digests); +- } else if (strcasecmp((const char*)p, "NONE") == 0) { ++ } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { + memset(selected_digests, 0, sizeof(selected_digests)); + } else { + new_list=OPENSSL_zalloc(sizeof(selected_digests)); +diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c +index 391ed33d5e3a..f6de29c0c33a 100644 +--- a/engines/e_loader_attic.c ++++ b/engines/e_loader_attic.c +@@ -14,7 +14,6 @@ + /* We need to use some engine deprecated APIs */ + #define OPENSSL_SUPPRESS_DEPRECATED + +-/* #include "e_os.h" */ + #include + #include + #include +@@ -44,7 +43,6 @@ DEFINE_STACK_OF(OSSL_STORE_INFO) + + #ifdef _WIN32 + # define stat _stat +-# define strncasecmp _strnicmp + #endif + + #ifndef S_ISDIR +@@ -971,12 +969,12 @@ static OSSL_STORE_LOADER_CTX *file_open_ex + * There's a special case if the URI also contains an authority, then + * the full URI shouldn't be used as a path anywhere. + */ +- if (strncasecmp(uri, "file:", 5) == 0) { ++ if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { + const char *p = &uri[5]; + + if (strncmp(&uri[5], "//", 2) == 0) { + path_data_n--; /* Invalidate using the full URI */ +- if (strncasecmp(&uri[7], "localhost/", 10) == 0) { ++ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { + p = &uri[16]; + } else if (uri[7] == '/') { + p = &uri[7]; +@@ -1466,7 +1464,8 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) + /* + * First, check the basename + */ +- if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') ++ if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 ++ || name[len] != '.') + return 0; + p = &name[len + 1]; + +diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c +index 0506faa6285b..5d31b31c11f1 100644 +--- a/engines/e_ossltest.c ++++ b/engines/e_ossltest.c +@@ -42,10 +42,6 @@ + + #include "e_ossltest_err.c" + +-#ifdef _WIN32 +-# define strncasecmp _strnicmp +-#endif +- + /* Engine Id and Name */ + static const char *engine_ossltest_id = "ossltest"; + static const char *engine_ossltest_name = "OpenSSL Test engine support"; +@@ -383,7 +379,7 @@ static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub, + BIO *in; + EVP_PKEY *key; + +- if (strncasecmp(key_id, "ot:", 3) != 0) ++ if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0) + return NULL; + key_id += 3; + +diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h +index a35c137e8431..44fa9a8ae930 100644 +--- a/include/crypto/ctype.h ++++ b/include/crypto/ctype.h +@@ -80,4 +80,6 @@ int ossl_ascii_isdigit(const char inchar); + # define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) + # define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) + ++int ossl_init_casecmp(void); ++void ossl_deinit_casecmp(void); + #endif +diff --git a/include/internal/core.h b/include/internal/core.h +index d9dc424164c9..b63af84787af 100644 +--- a/include/internal/core.h ++++ b/include/internal/core.h +@@ -63,4 +63,6 @@ __owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); + ++void *ossl_c_locale(void); ++ + #endif +diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in +index c56885d2d6ff..7232f647e8a3 100644 +--- a/include/openssl/crypto.h.in ++++ b/include/openssl/crypto.h.in +@@ -133,6 +133,8 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, + const char *str, const char sep); + unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); + int OPENSSL_hexchar2int(unsigned char c); ++int OPENSSL_strcasecmp(const char *s1, const char *s2); ++int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); + + # define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c +index f6d95197f07c..e1e1961b2329 100644 +--- a/providers/common/capabilities.c ++++ b/providers/common/capabilities.c +@@ -217,7 +217,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) + int ossl_prov_get_capabilities(void *provctx, const char *capability, + OSSL_CALLBACK *cb, void *arg) + { +- if (strcasecmp(capability, "TLS-GROUP") == 0) ++ if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0) + return tls_group_capability(cb, arg); + + /* We don't support this capability */ +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index f4605dcd6ce5..fc17a958ce26 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -22,6 +22,7 @@ + #include "prov/provider_util.h" + #include "prov/seeding.h" + #include "self_test.h" ++#include "internal/core.h" + + static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; + static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; +@@ -35,6 +36,22 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; + static OSSL_FUNC_provider_get_params_fn fips_get_params; + static OSSL_FUNC_provider_query_operation_fn fips_query; + ++/* Locale object accessor functions */ ++#ifdef OPENSSL_SYS_MACOSX ++# include ++#else ++# include ++#endif ++ ++#if defined OPENSSL_SYS_WINDOWS ++# define locale_t _locale_t ++# define freelocale _free_locale ++#endif ++static locale_t loc; ++ ++static int fips_init_casecmp(void); ++static void fips_deinit_casecmp(void); ++ + #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } + #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) + extern OSSL_FUNC_core_thread_start_fn *c_thread_start; +@@ -486,6 +503,23 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, + return NULL; + } + ++void *ossl_c_locale() { ++ return (void *)loc; ++} ++ ++static int fips_init_casecmp(void) { ++# ifdef OPENSSL_SYS_WINDOWS ++ loc = _create_locale(LC_COLLATE, "C"); ++# else ++ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); ++# endif ++ return (loc == (locale_t) 0) ? 0 : 1; ++} ++ ++static void fips_deinit_casecmp(void) { ++ freelocale(loc); ++} ++ + static void fips_teardown(void *provctx) + { + OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); +@@ -498,6 +532,7 @@ static void fips_intern_teardown(void *provctx) + * We know that the library context is the same as for the outer provider, + * so no need to destroy it here. + */ ++ fips_deinit_casecmp(); + ossl_prov_ctx_free(provctx); + } + +@@ -547,6 +582,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, + + memset(&selftest_params, 0, sizeof(selftest_params)); + ++ if (!fips_init_casecmp()) ++ return 0; + if (!ossl_prov_seeding_from_dispatch(in)) + return 0; + for (; in->function_id != 0; in++) { +diff --git a/providers/implementations/ciphers/cipher_cts.c b/providers/implementations/ciphers/cipher_cts.c +index cb3372c646aa..5c48f37c9527 100644 +--- a/providers/implementations/ciphers/cipher_cts.c ++++ b/providers/implementations/ciphers/cipher_cts.c +@@ -46,7 +46,6 @@ + * Otherwise it is the same as CS2. + */ + +-#include "e_os.h" /* strcasecmp */ + #include + #include "prov/ciphercommon.h" + #include "internal/nelem.h" +@@ -92,7 +91,7 @@ int ossl_cipher_cbc_cts_mode_name2id(const char *name) + size_t i; + + for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { +- if (strcasecmp(name, cts_modes[i].name) == 0) ++ if (OPENSSL_strcasecmp(name, cts_modes[i].name) == 0) + return (int)cts_modes[i].id; + } + return -1; +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c +index 667d5e9619ff..89f304b41816 100644 +--- a/providers/implementations/kdfs/hkdf.c ++++ b/providers/implementations/kdfs/hkdf.c +@@ -199,11 +199,11 @@ static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[]) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { + if (p->data_type == OSSL_PARAM_UTF8_STRING) { +- if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { ++ if (OPENSSL_strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { + ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; +- } else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) { ++ } else if (OPENSSL_strcasecmp(p->data, "EXTRACT_ONLY") == 0) { + ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; +- } else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) { ++ } else if (OPENSSL_strcasecmp(p->data, "EXPAND_ONLY") == 0) { + ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; + } else { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); +diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c +index 5f30b037d94e..6be7f45fc58a 100644 +--- a/providers/implementations/kdfs/kbkdf.c ++++ b/providers/implementations/kdfs/kbkdf.c +@@ -298,10 +298,11 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + } + + p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); +- if (p != NULL && strncasecmp("counter", p->data, p->data_size) == 0) { ++ if (p != NULL ++ && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { + ctx->mode = COUNTER; + } else if (p != NULL +- && strncasecmp("feedback", p->data, p->data_size) == 0) { ++ && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { + ctx->mode = FEEDBACK; + } else if (p != NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); +diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c +index 74a0f7e1f3e6..e0b5971a3b7a 100644 +--- a/providers/implementations/kdfs/tls1_prf.c ++++ b/providers/implementations/kdfs/tls1_prf.c +@@ -172,7 +172,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + return 1; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { +- if (strcasecmp(p->data, SN_md5_sha1) == 0) { ++ if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) { + if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, + OSSL_MAC_NAME_HMAC, + NULL, SN_md5, libctx) +diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c +index 313ab133b33a..bfc3da690875 100644 +--- a/providers/implementations/kem/rsa_kem.c ++++ b/providers/implementations/kem/rsa_kem.c +@@ -12,8 +12,8 @@ + * internal use. + */ + #include "internal/deprecated.h" ++#include "internal/nelem.h" + +-#include "e_os.h" /* strcasecmp */ + #include + #include + #include +@@ -69,7 +69,7 @@ static int name2id(const char *name, const OSSL_ITEM *map, size_t sz) + return -1; + + for (i = 0; i < sz; ++i) { +- if (strcasecmp(map[i].ptr, name) == 0) ++ if (OPENSSL_strcasecmp(map[i].ptr, name) == 0) + return map[i].id; + } + return -1; +diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c +index 885bd62eeaae..2ab69f5f32f5 100644 +--- a/providers/implementations/keymgmt/dsa_kmgmt.c ++++ b/providers/implementations/keymgmt/dsa_kmgmt.c +@@ -13,7 +13,6 @@ + */ + #include "internal/deprecated.h" + +-#include "e_os.h" /* strcasecmp */ + #include + #include + #include +@@ -90,7 +89,7 @@ static int dsa_gen_type_name2id(const char *name) + size_t i; + + for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) { +- if (strcasecmp(dsatype2id[i].name, name) == 0) ++ if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0) + return dsatype2id[i].id; + } + return -1; +diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c +index f564a470ac04..68bb35e4cbe1 100644 +--- a/providers/implementations/keymgmt/ec_kmgmt.c ++++ b/providers/implementations/keymgmt/ec_kmgmt.c +@@ -13,7 +13,6 @@ + */ + #include "internal/deprecated.h" + +-#include "e_os.h" /* strcasecmp */ + #include + #include + #include +diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c +index 99d685735e2f..2a7f867aa56b 100644 +--- a/providers/implementations/keymgmt/ecx_kmgmt.c ++++ b/providers/implementations/keymgmt/ecx_kmgmt.c +@@ -9,8 +9,6 @@ + + #include + #include +-/* For strcasecmp on Windows */ +-#include "e_os.h" + #include + #include + #include +@@ -546,7 +544,7 @@ static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) + } + if (p->data_type != OSSL_PARAM_UTF8_STRING + || groupname == NULL +- || strcasecmp(p->data, groupname) != 0) { ++ || OPENSSL_strcasecmp(p->data, groupname) != 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } +diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c +index ec34a3ee7131..ecfd2eaaa5c0 100644 +--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c ++++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c +@@ -26,7 +26,6 @@ + #include "prov/providercommon.h" + #include "prov/provider_ctx.h" + #include "prov/macsignature.h" +-#include "e_os.h" /* strcasecmp */ + + static OSSL_FUNC_keymgmt_new_fn mac_new; + static OSSL_FUNC_keymgmt_free_fn mac_free; +diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c +index dbe57b0d2898..c51eb4b4e581 100644 +--- a/providers/implementations/rands/drbg_ctr.c ++++ b/providers/implementations/rands/drbg_ctr.c +@@ -14,7 +14,6 @@ + #include + #include + #include +-#include "e_os.h" /* strcasecmp */ + #include "crypto/modes.h" + #include "internal/thread_once.h" + #include "prov/implementations.h" +@@ -690,7 +689,7 @@ static int drbg_ctr_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + if (p->data_type != OSSL_PARAM_UTF8_STRING + || p->data_size < ctr_str_len) + return 0; +- if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { ++ if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER); + return 0; + } +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 325e855333e9..9460136bca0b 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -13,7 +13,6 @@ + */ + #include "internal/deprecated.h" + +-#include "e_os.h" /* strcasecmp */ + #include + #include + #include +@@ -854,7 +853,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, + + if (mdname != NULL + /* was rsa_setup_md already called in rsa_signverify_init()? */ +- && (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0) ++ && (mdname[0] == '\0' || OPENSSL_strcasecmp(prsactx->mdname, mdname) != 0) + && !rsa_setup_md(prsactx, mdname, prsactx->propq)) + return 0; + +diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c +index fef2b1d2900f..fceef73b7c09 100644 +--- a/providers/implementations/storemgmt/file_store.c ++++ b/providers/implementations/storemgmt/file_store.c +@@ -9,8 +9,6 @@ + + /* This file has quite some overlap with engines/e_loader_attic.c */ + +-#include "e_os.h" /* To get strncasecmp() on Windows */ +- + #include + #include + #include /* isdigit */ +@@ -220,12 +218,12 @@ static void *file_open(void *provctx, const char *uri) + * There's a special case if the URI also contains an authority, then + * the full URI shouldn't be used as a path anywhere. + */ +- if (strncasecmp(uri, "file:", 5) == 0) { ++ if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { + const char *p = &uri[5]; + + if (strncmp(&uri[5], "//", 2) == 0) { + path_data_n--; /* Invalidate using the full URI */ +- if (strncasecmp(&uri[7], "localhost/", 10) == 0) { ++ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { + p = &uri[16]; + } else if (uri[7] == '/') { + p = &uri[7]; +@@ -592,7 +590,8 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name) + /* + * First, check the basename + */ +- if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') ++ if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 ++ || name[len] != '.') + return 0; + p = &name[len + 1]; + +diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c +index deb0c9aaa650..ae97c38b1597 100644 +--- a/ssl/ssl_conf.c ++++ b/ssl/ssl_conf.c +@@ -148,7 +148,8 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, + if (namelen == -1) { + if (strcmp(tbl->name, name)) + return 0; +- } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen)) ++ } else if (tbl->namelen != namelen ++ || OPENSSL_strncasecmp(tbl->name, name, namelen)) + return 0; + ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); + return 1; +@@ -232,8 +233,8 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) + + /* Ignore values supported by 1.0.2 for the automatic selection */ + if ((cctx->flags & SSL_CONF_FLAG_FILE) +- && (strcasecmp(value, "+automatic") == 0 +- || strcasecmp(value, "automatic") == 0)) ++ && (OPENSSL_strcasecmp(value, "+automatic") == 0 ++ || OPENSSL_strcasecmp(value, "automatic") == 0)) + return 1; + if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && + strcmp(value, "auto") == 0) +@@ -812,7 +813,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) + strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) + return 0; + if (cctx->flags & SSL_CONF_FLAG_FILE && +- strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) ++ OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) + return 0; + *pcmd += cctx->prefixlen; + } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { +@@ -854,7 +855,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, + return t; + } + if (cctx->flags & SSL_CONF_FLAG_FILE) { +- if (t->str_file && strcasecmp(t->str_file, cmd) == 0) ++ if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0) + return t; + } + } +diff --git a/test/bntest.c b/test/bntest.c +index 4c1ee0c13b6d..c5894c157b3c 100644 +--- a/test/bntest.c ++++ b/test/bntest.c +@@ -10,9 +10,6 @@ + #include + #include + #include +-#ifdef __TANDEM +-# include /* strcasecmp */ +-#endif + #include + + #include +@@ -23,10 +20,6 @@ + #include "internal/numbers.h" + #include "testutil.h" + +-#ifdef OPENSSL_SYS_WINDOWS +-# define strcasecmp _stricmp +-#endif +- + /* + * Things in boring, not in openssl. + */ +@@ -64,7 +57,7 @@ static const char *findattr(STANZA *s, const char *key) + PAIR *pp = s->pairs; + + for ( ; --i >= 0; pp++) +- if (strcasecmp(pp->key, key) == 0) ++ if (OPENSSL_strcasecmp(pp->key, key) == 0) + return pp->value; + return NULL; + } +diff --git a/test/build.info b/test/build.info +index 0f379e11e222..14a84f00a258 100644 +--- a/test/build.info ++++ b/test/build.info +@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}] + sanitytest rsa_complex exdatatest bntest \ + ecstresstest gmdifftest pbelutest \ + destest mdc2test sha_test \ +- exptest pbetest \ ++ exptest pbetest localetest \ + evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ + evp_fetch_prov_test evp_libctx_test ossl_store_test \ + v3nametest v3ext \ +@@ -135,6 +135,10 @@ IF[{- !$disabled{tests} -}] + INCLUDE[exptest]=../include ../apps/include + DEPEND[exptest]=../libcrypto libtestutil.a + ++ SOURCE[localetest]=localetest.c ++ INCLUDE[localetest]=../include ../apps/include ++ DEPEND[localetest]=../libcrypto libtestutil.a ++ + SOURCE[pbetest]=pbetest.c + INCLUDE[pbetest]=../include ../apps/include + DEPEND[pbetest]=../libcrypto libtestutil.a +diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c +index 826e558cc0cd..3b597617791a 100644 +--- a/test/evp_extra_test.c ++++ b/test/evp_extra_test.c +@@ -35,7 +35,6 @@ + #include "internal/nelem.h" + #include "internal/sizes.h" + #include "crypto/evp.h" +-#include "../e_os.h" /* strcasecmp */ + + static OSSL_LIB_CTX *testctx = NULL; + static char *testpropq = NULL; +@@ -1739,7 +1738,7 @@ static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) + return 0; + + for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { +- if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { ++ if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { + *enc = ec_encodings[i].encoding; + break; + } +diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c +index e2663dc02998..9b2f4a016893 100644 +--- a/test/evp_libctx_test.c ++++ b/test/evp_libctx_test.c +@@ -33,7 +33,6 @@ + #include "testutil.h" + #include "internal/nelem.h" + #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +-#include "../e_os.h" /* strcasecmp */ + + static OSSL_LIB_CTX *libctx = NULL; + static OSSL_PROVIDER *nullprov = NULL; +@@ -478,7 +477,7 @@ static int test_cipher_reinit_partialupdate(int test_id) + + static int name_cmp(const char * const *a, const char * const *b) + { +- return strcasecmp(*a, *b); ++ return OPENSSL_strcasecmp(*a, *b); + } + + static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) +diff --git a/test/evp_test.c b/test/evp_test.c +index 7a5b9345e0db..8a0758f857a5 100644 +--- a/test/evp_test.c ++++ b/test/evp_test.c +@@ -12,7 +12,6 @@ + #include + #include + #include +-#include "../e_os.h" /* strcasecmp */ + #include + #include + #include +@@ -3886,9 +3885,9 @@ void cleanup_tests(void) + OSSL_LIB_CTX_free(libctx); + } + +-#define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0 ++#define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 + #define STR_ENDS_WITH(str, pre) \ +-strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) ++strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) + + static int is_digest_disabled(const char *name) + { +@@ -3897,31 +3896,31 @@ static int is_digest_disabled(const char *name) + return 1; + #endif + #ifdef OPENSSL_NO_MD2 +- if (strcasecmp(name, "MD2") == 0) ++ if (OPENSSL_strcasecmp(name, "MD2") == 0) + return 1; + #endif + #ifdef OPENSSL_NO_MDC2 +- if (strcasecmp(name, "MDC2") == 0) ++ if (OPENSSL_strcasecmp(name, "MDC2") == 0) + return 1; + #endif + #ifdef OPENSSL_NO_MD4 +- if (strcasecmp(name, "MD4") == 0) ++ if (OPENSSL_strcasecmp(name, "MD4") == 0) + return 1; + #endif + #ifdef OPENSSL_NO_MD5 +- if (strcasecmp(name, "MD5") == 0) ++ if (OPENSSL_strcasecmp(name, "MD5") == 0) + return 1; + #endif + #ifdef OPENSSL_NO_RMD160 +- if (strcasecmp(name, "RIPEMD160") == 0) ++ if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) + return 1; + #endif + #ifdef OPENSSL_NO_SM3 +- if (strcasecmp(name, "SM3") == 0) ++ if (OPENSSL_strcasecmp(name, "SM3") == 0) + return 1; + #endif + #ifdef OPENSSL_NO_WHIRLPOOL +- if (strcasecmp(name, "WHIRLPOOL") == 0) ++ if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) + return 1; + #endif + return 0; +diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c +index 1374b04cf02f..7236ffd4a6ac 100644 +--- a/test/helpers/ssl_test_ctx.c ++++ b/test/helpers/ssl_test_ctx.c +@@ -16,21 +16,17 @@ + #include "ssl_test_ctx.h" + #include "../testutil.h" + +-#ifdef OPENSSL_SYS_WINDOWS +-# define strcasecmp _stricmp +-#endif +- + static const int default_app_data_size = 256; + /* Default set to be as small as possible to exercise fragmentation. */ + static const int default_max_fragment_size = 512; + + static int parse_boolean(const char *value, int *result) + { +- if (strcasecmp(value, "Yes") == 0) { ++ if (OPENSSL_strcasecmp(value, "Yes") == 0) { + *result = 1; + return 1; + } +- else if (strcasecmp(value, "No") == 0) { ++ else if (OPENSSL_strcasecmp(value, "No") == 0) { + *result = 0; + return 1; + } +diff --git a/test/localetest.c b/test/localetest.c +new file mode 100644 +index 000000000000..3db66b7a9e5f +--- /dev/null ++++ b/test/localetest.c +@@ -0,0 +1,122 @@ ++ ++#include ++#include ++#include ++#include "testutil.h" ++#include "testutil/output.h" ++ ++#include ++#include ++#include ++#ifdef OPENSSL_SYS_WINDOWS ++# define strcasecmp _stricmp ++#else ++# include ++#endif ++ ++int setup_tests(void) ++{ ++ const unsigned char der_bytes[] = { ++ 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01, ++ 0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d, ++ 0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, ++ 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, ++ 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, ++ 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34, ++ 0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31, ++ 0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12, ++ 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, ++ 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, ++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, ++ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, ++ 0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48, ++ 0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8, ++ 0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab, ++ 0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a, ++ 0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06, ++ 0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1, ++ 0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc, ++ 0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1, ++ 0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda, ++ 0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59, ++ 0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a, ++ 0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36, ++ 0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3, ++ 0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe, ++ 0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed, ++ 0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3, ++ 0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57, ++ 0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05, ++ 0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe, ++ 0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f, ++ 0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff, ++ 0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01, ++ 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, ++ 0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, ++ 0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, ++ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, ++ 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f, ++ 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03, ++ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, ++ 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, ++ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e, ++ 0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa, ++ 0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88, ++ 0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e, ++ 0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a, ++ 0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f, ++ 0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22, ++ 0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9, ++ 0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e, ++ 0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c, ++ 0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54, ++ 0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7, ++ 0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb, ++ 0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e, ++ 0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15, ++ 0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0, ++ 0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2, ++ 0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d, ++ 0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0, ++ 0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6, ++ 0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45, ++ 0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73, ++ 0x5f ++}; ++ ++ char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo"; ++ int res; ++ X509 *cert = NULL; ++ X509_PUBKEY *cert_pubkey = NULL; ++ const unsigned char *p = der_bytes; ++ ++ TEST_ptr(setlocale(LC_ALL, "")); ++ ++ res = strcasecmp(str1, str2); ++ TEST_note("Case-insensitive comparison via strcasecmp in current locale %s\n", res ? "failed" : "succeeded"); ++ ++ TEST_false(OPENSSL_strcasecmp(str1, str2)); ++ ++ cert = d2i_X509(NULL, &p, sizeof(der_bytes)); ++ if (!TEST_ptr(cert)) ++ return 0; ++ ++ cert_pubkey = X509_get_X509_PUBKEY(cert); ++ if (!TEST_ptr(cert_pubkey)) { ++ X509_free(cert); ++ return 0; ++ } ++ ++ if (!TEST_ptr(X509_PUBKEY_get0(cert_pubkey))) { ++ X509_free(cert); ++ return 0; ++ } ++ ++ X509_free(cert); ++ return 1; ++} ++ ++void cleanup_tests(void) ++{ ++} +diff --git a/test/params_conversion_test.c b/test/params_conversion_test.c +index 9422ef14734a..710c2a9a2e9f 100644 +--- a/test/params_conversion_test.c ++++ b/test/params_conversion_test.c +@@ -15,10 +15,6 @@ + /* On machines that dont support just disable the tests */ + #if !defined(OPENSSL_NO_INTTYPES_H) + +-# ifdef OPENSSL_SYS_WINDOWS +-# define strcasecmp _stricmp +-# endif +- + # ifdef OPENSSL_SYS_VMS + # define strtoumax strtoull + # define strtoimax strtoll +@@ -62,7 +58,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + + for (i = 0; i < s->numpairs; i++, pp++) { + p = ""; +- if (strcasecmp(pp->key, "type") == 0) { ++ if (OPENSSL_strcasecmp(pp->key, "type") == 0) { + if (type != NULL) { + TEST_info("Line %d: multiple type lines", s->curr); + return 0; +@@ -72,48 +68,48 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + TEST_info("Line %d: unknown type line", s->curr); + return 0; + } +- } else if (strcasecmp(pp->key, "int32") == 0) { ++ } else if (OPENSSL_strcasecmp(pp->key, "int32") == 0) { + if (def_i32++) { + TEST_info("Line %d: multiple int32 lines", s->curr); + return 0; + } +- if (strcasecmp(pp->value, "invalid") != 0) { ++ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { + pc->valid_i32 = 1; + pc->i32 = (int32_t)strtoimax(pp->value, &p, 10); + } +- } else if (strcasecmp(pp->key, "int64") == 0) { ++ } else if (OPENSSL_strcasecmp(pp->key, "int64") == 0) { + if (def_i64++) { + TEST_info("Line %d: multiple int64 lines", s->curr); + return 0; + } +- if (strcasecmp(pp->value, "invalid") != 0) { ++ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { + pc->valid_i64 = 1; + pc->i64 = (int64_t)strtoimax(pp->value, &p, 10); + } +- } else if (strcasecmp(pp->key, "uint32") == 0) { ++ } else if (OPENSSL_strcasecmp(pp->key, "uint32") == 0) { + if (def_u32++) { + TEST_info("Line %d: multiple uint32 lines", s->curr); + return 0; + } +- if (strcasecmp(pp->value, "invalid") != 0) { ++ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { + pc->valid_u32 = 1; + pc->u32 = (uint32_t)strtoumax(pp->value, &p, 10); + } +- } else if (strcasecmp(pp->key, "uint64") == 0) { ++ } else if (OPENSSL_strcasecmp(pp->key, "uint64") == 0) { + if (def_u64++) { + TEST_info("Line %d: multiple uint64 lines", s->curr); + return 0; + } +- if (strcasecmp(pp->value, "invalid") != 0) { ++ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { + pc->valid_u64 = 1; + pc->u64 = (uint64_t)strtoumax(pp->value, &p, 10); + } +- } else if (strcasecmp(pp->key, "double") == 0) { ++ } else if (OPENSSL_strcasecmp(pp->key, "double") == 0) { + if (def_d++) { + TEST_info("Line %d: multiple double lines", s->curr); + return 0; + } +- if (strcasecmp(pp->value, "invalid") != 0) { ++ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { + pc->valid_d = 1; + pc->d = strtod(pp->value, &p); + } +@@ -133,7 +129,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + return 0; + } + +- if (strcasecmp(type, "int32") == 0) { ++ if (OPENSSL_strcasecmp(type, "int32") == 0) { + if (!TEST_true(def_i32) || !TEST_true(pc->valid_i32)) { + TEST_note("errant int32 on line %d", s->curr); + return 0; +@@ -142,7 +138,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + pc->datum = &datum_i32; + pc->ref = &ref_i32; + pc->size = sizeof(ref_i32); +- } else if (strcasecmp(type, "int64") == 0) { ++ } else if (OPENSSL_strcasecmp(type, "int64") == 0) { + if (!TEST_true(def_i64) || !TEST_true(pc->valid_i64)) { + TEST_note("errant int64 on line %d", s->curr); + return 0; +@@ -151,7 +147,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + pc->datum = &datum_i64; + pc->ref = &ref_i64; + pc->size = sizeof(ref_i64); +- } else if (strcasecmp(type, "uint32") == 0) { ++ } else if (OPENSSL_strcasecmp(type, "uint32") == 0) { + if (!TEST_true(def_u32) || !TEST_true(pc->valid_u32)) { + TEST_note("errant uint32 on line %d", s->curr); + return 0; +@@ -160,7 +156,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + pc->datum = &datum_u32; + pc->ref = &ref_u32; + pc->size = sizeof(ref_u32); +- } else if (strcasecmp(type, "uint64") == 0) { ++ } else if (OPENSSL_strcasecmp(type, "uint64") == 0) { + if (!TEST_true(def_u64) || !TEST_true(pc->valid_u64)) { + TEST_note("errant uint64 on line %d", s->curr); + return 0; +@@ -169,7 +165,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) + pc->datum = &datum_u64; + pc->ref = &ref_u64; + pc->size = sizeof(ref_u64); +- } else if (strcasecmp(type, "double") == 0) { ++ } else if (OPENSSL_strcasecmp(type, "double") == 0) { + if (!TEST_true(def_d) || !TEST_true(pc->valid_d)) { + TEST_note("errant double on line %d", s->curr); + return 0; +diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t +new file mode 100644 +index 000000000000..1bccd57d4c63 +--- /dev/null ++++ b/test/recipes/02-test_localetest.t +@@ -0,0 +1,24 @@ ++#! /usr/bin/env perl ++# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use OpenSSL::Test; ++use OpenSSL::Test::Utils; ++ ++setup("locale tests"); ++ ++plan skip_all => "Locale tests not available on Windows or VMS" ++ if $^O =~ /^(VMS|MSWin32)$/; ++ ++plan tests => 2; ++ ++$ENV{LANG} = "C"; ++ok(run(test(["localetest"])), "running localetest"); ++ ++$ENV{LANG} = "tr_TR.UTF-8"; ++ok(run(test(["localetest"])), "running localetest with Turkish locale"); +diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c +index b07b98062494..5fb54a3a2eb1 100644 +--- a/test/ssl_old_test.c ++++ b/test/ssl_old_test.c +@@ -216,7 +216,7 @@ static int servername_cb(SSL *s, int *ad, void *arg) + + if (servername) { + if (s_ctx2 != NULL && sn_server2 != NULL && +- !strcasecmp(servername, sn_server2)) { ++ !OPENSSL_strcasecmp(servername, sn_server2)) { + BIO_printf(bio_stdout, "Switching server context.\n"); + SSL_set_SSL_CTX(s, s_ctx2); + } +diff --git a/test/v3nametest.c b/test/v3nametest.c +index 06d713b2feb1..ce1f4949fef2 100644 +--- a/test/v3nametest.c ++++ b/test/v3nametest.c +@@ -15,10 +15,6 @@ + #include "internal/nelem.h" + #include "testutil.h" + +-#ifdef OPENSSL_SYS_WINDOWS +-# define strcasecmp _stricmp +-#endif +- + static const char *const names[] = { + "a", "b", ".", "*", "@", + ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", +@@ -287,7 +283,7 @@ static int run_cert(X509 *crt, const char *nameincert, + int failed = 0; + + for (; *pname != NULL; ++pname) { +- int samename = strcasecmp(nameincert, *pname) == 0; ++ int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0; + size_t namelen = strlen(*pname); + char *name = OPENSSL_malloc(namelen + 1); + int match, ret; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 10b4e57d7969..1b9b23878e83 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5425,3 +5425,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: diff --git a/SOURCES/0057-strcasecmp-fix.patch b/SOURCES/0057-strcasecmp-fix.patch new file mode 100644 index 0000000..f5c59b5 --- /dev/null +++ b/SOURCES/0057-strcasecmp-fix.patch @@ -0,0 +1,104 @@ +From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 22 Apr 2022 18:16:56 +0200 +Subject: [PATCH 1/2] Ensure we initialized the locale before + evp_pkey_name2type + +Fixes #18158 +--- + crypto/evp/pmeth_lib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index 2b9c6c2351da..92d25de44532 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -27,6 +27,7 @@ + #ifndef FIPS_MODULE + # include "crypto/asn1.h" + #endif ++#include "crypto/ctype.h" + #include "crypto/evp.h" + #include "crypto/dh.h" + #include "crypto/ec.h" +@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, + } + #ifndef FIPS_MODULE + if (keytype != NULL) { ++ ossl_init_casecmp(); + id = evp_pkey_name2type(keytype); + if (id == NID_undef) + id = -1; + +From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 22 Apr 2022 19:26:08 +0200 +Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without + preliminary init + +--- + test/build.info | 6 +++++- + test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++ + test/recipes/02-test_localetest.t | 4 +++- + 3 files changed, 22 insertions(+), 2 deletions(-) + create mode 100644 test/evp_pkey_ctx_new_from_name.c + +diff --git a/test/build.info b/test/build.info +index 14a84f00a258..ee059973d31a 100644 +--- a/test/build.info ++++ b/test/build.info +@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}] + sanitytest rsa_complex exdatatest bntest \ + ecstresstest gmdifftest pbelutest \ + destest mdc2test sha_test \ +- exptest pbetest localetest \ ++ exptest pbetest localetest evp_pkey_ctx_new_from_name\ + evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ + evp_fetch_prov_test evp_libctx_test ossl_store_test \ + v3nametest v3ext \ +@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}] + INCLUDE[localetest]=../include ../apps/include + DEPEND[localetest]=../libcrypto libtestutil.a + ++ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c ++ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include ++ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto ++ + SOURCE[pbetest]=pbetest.c + INCLUDE[pbetest]=../include ../apps/include + DEPEND[pbetest]=../libcrypto libtestutil.a +diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c +new file mode 100644 +index 000000000000..24063ea05ea5 +--- /dev/null ++++ b/test/evp_pkey_ctx_new_from_name.c +@@ -0,0 +1,14 @@ ++#include ++#include ++#include ++#include ++ ++int main(int argc, char *argv[]) ++{ ++ EVP_PKEY_CTX *pctx = NULL; ++ ++ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL); ++ EVP_PKEY_CTX_free(pctx); ++ ++ return 0; ++} +diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t +index 1bccd57d4c63..77fba7d819ab 100644 +--- a/test/recipes/02-test_localetest.t ++++ b/test/recipes/02-test_localetest.t +@@ -15,7 +15,9 @@ setup("locale tests"); + plan skip_all => "Locale tests not available on Windows or VMS" + if $^O =~ /^(VMS|MSWin32)$/; + +-plan tests => 2; ++plan tests => 3; ++ ++ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init"); + + $ENV{LANG} = "C"; + ok(run(test(["localetest"])), "running localetest"); diff --git a/SOURCES/0058-FIPS-limit-rsa-encrypt.patch b/SOURCES/0058-FIPS-limit-rsa-encrypt.patch new file mode 100644 index 0000000..6dcf7c0 --- /dev/null +++ b/SOURCES/0058-FIPS-limit-rsa-encrypt.patch @@ -0,0 +1,540 @@ +diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c +--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200 ++++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200 +@@ -27,6 +27,7 @@ + * Set protect = 1 for encryption or signing operations, or 0 otherwise. See + * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. + */ ++/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */ + int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) + { + int protect = 0; +diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c +--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200 ++++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200 +@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac + return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); + } + ++# ifdef FIPS_MODULE ++static int fips_padding_allowed(const PROV_RSA_CTX *prsactx) ++{ ++ if (prsactx->pad_mode == RSA_PKCS1_PADDING ++ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) ++ return 0; ++ ++ return 1; ++} ++# endif ++ + static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + size_t outsize, const unsigned char *in, size_t inlen) + { +@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u + if (!ossl_prov_is_running()) + return 0; + ++# ifdef FIPS_MODULE ++ if (fips_padding_allowed(prsactx) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return 0; ++ } ++ ++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++# endif ++ + if (out == NULL) { + size_t len = RSA_size(prsactx->rsa); + +@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u + if (!ossl_prov_is_running()) + return 0; + ++# ifdef FIPS_MODULE ++ if (fips_padding_allowed(prsactx) == 0) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); ++ return 0; ++ } ++ ++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++# endif ++ + if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { + if (out == NULL) { + *outlen = SSL_MAX_MASTER_KEY_LENGTH; +diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t +--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200 ++++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200 +@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = ( + \&final_compare + ], + +- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", ++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, +@@ -865,5 +865,8 @@ sub check_availability { + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + ++ return "$tnam: skipped, Red Hat FIPS\n" ++ if ($tnam =~ /no Red Hat FIPS/); ++ + return ""; + } +diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t +--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200 ++++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200 +@@ -483,6 +483,18 @@ sub testssl { + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; ++ my %redhat_skip_cipher = map {$_ => 1} qw( ++AES256-GCM-SHA384:@SECLEVEL=0 ++AES256-CCM8:@SECLEVEL=0 ++AES256-CCM:@SECLEVEL=0 ++AES128-GCM-SHA256:@SECLEVEL=0 ++AES128-CCM8:@SECLEVEL=0 ++AES128-CCM:@SECLEVEL=0 ++AES256-SHA256:@SECLEVEL=0 ++AES128-SHA256:@SECLEVEL=0 ++AES256-SHA:@SECLEVEL=0 ++AES128-SHA:@SECLEVEL=0 ++ ); + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; +@@ -494,11 +506,16 @@ sub testssl { + } else { + $cipher = $cipher.':@SECLEVEL=0'; + } +- ok(run(test([@ssltest, @exkeys, "-cipher", +- $cipher, +- "-ciphersuites", $ciphersuites, +- $flag || ()])), +- "Testing $cipher"); ++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { ++ note "*****SKIPPING $cipher in Red Hat FIPS mode"; ++ ok(1); ++ } else { ++ ok(run(test([@ssltest, @exkeys, "-cipher", ++ $cipher, ++ "-ciphersuites", $ciphersuites, ++ $flag || ()])), ++ "Testing $cipher"); ++ } + } + } + next if $protocol eq "-tls1_3"; +diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200 ++++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200 +@@ -263,12 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974 + Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef + + # RSA decrypt +- ++Availablein = default + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 + Output = "Hello World" + + # Corrupted ciphertext ++Availablein = default + Decrypt = RSA-2048 + Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 + Output = "Hello World" +@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN + h90qjKHS9PvY4Q== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a + Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 + Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb + Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 + Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 + Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 + ++Availablein = default + Decrypt=RSA-OAEP-1 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64 + eG2e4XlBcKjI6A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e + Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 + Output=2d + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 + Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 + Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec + Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c + ++Availablein = default + Decrypt=RSA-OAEP-2 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W + Ya4qnqZe1onjY5o= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 + Output=087820b569e8fa8d + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 + Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a + Output=d94cd0e08fa404ed89 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 + Output=6cc641b6b61e6f963974dad23a9013284ef1 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 + Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 + ++Availablein = default + Decrypt=RSA-OAEP-3 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/ + aD0x7TDrmEvkEro= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 + Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e + Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 + Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 + Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 + Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 + ++Availablein = default + Decrypt=RSA-OAEP-4 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/ + MSwGUGLx60i3nRyDyw== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 + Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad + Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 + Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf + Output=15c5b9ee1185 + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 + Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a + ++Availablein = default + Decrypt=RSA-OAEP-5 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq + Yejn5Ly8mU2q+jBcRQ== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 + Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f + Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 + Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 + Output=684e3038c5c041f7 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab + Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 + ++Availablein = default + Decrypt=RSA-OAEP-6 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4 + FMlxv0gq65dqc3DC + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 + Output=47aae909 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 + Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b + Output=d976fc + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac + Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 + Output=bb47231ca5ea1d3ad46c99345d9a8a61 + ++Availablein = default + Decrypt=RSA-OAEP-7 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E + 2MiPa249Z+lh3Luj0A== + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 + Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d + Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f + Output=8604ac56328c1ab5ad917861 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 + Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 + Output=4a5f4914bee25de3c69341de07 + ++Availablein = default + Decrypt=RSA-OAEP-8 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 +@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc + tKo5Eb69iFQvBb4= + -----END PRIVATE KEY----- + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 + Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 + Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 + Output=fd326429df9b890e09b54b18b8f34f1e24 + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 + Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 + Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e + Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d + ++Availablein = default + Decrypt=RSA-OAEP-9 + Ctrl = rsa_padding_mode:oaep + Ctrl = rsa_mgf1_md:sha1 diff --git a/SOURCES/0060-FIPS-KAT-signature-tests.patch b/SOURCES/0060-FIPS-KAT-signature-tests.patch new file mode 100644 index 0000000..184b150 --- /dev/null +++ b/SOURCES/0060-FIPS-KAT-signature-tests.patch @@ -0,0 +1,420 @@ +diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c +--- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200 ++++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200 +@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con + const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL; + BN_CTX *ctx = NULL; + BIGNUM *priv_key = NULL; ++#ifdef FIPS_MODULE ++ const OSSL_PARAM *param_sign_kat_k = NULL; ++ BIGNUM *sign_kat_k = NULL; ++#endif + unsigned char *pub_key = NULL; + size_t pub_key_len; + const EC_GROUP *ecg = NULL; +@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con + if (include_private) + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); +- ++#ifdef FIPS_MODULE ++ param_sign_kat_k = ++ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K); ++#endif + ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); + if (ctx == NULL) + goto err; +@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con + && !EC_KEY_set_public_key(ec, pub_point)) + goto err; + ++#ifdef FIPS_MODULE ++ if (param_sign_kat_k) { ++ if ((sign_kat_k = BN_secure_new()) == NULL) ++ goto err; ++ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME); ++ ++ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k)) ++ goto err; ++ ec->sign_kat_k = sign_kat_k; ++ } ++#endif + ok = 1; + + err: +diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c +--- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200 ++++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200 +@@ -20,6 +20,10 @@ + #include "crypto/bn.h" + #include "ec_local.h" + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_signature_st; ++#endif ++ + int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp) + { +@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke + goto err; + + do { ++#ifdef FIPS_MODULE ++ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { ++ BN_copy(k, eckey->sign_kat_k); ++ } else { ++#endif + /* get random k */ + do { + if (dgst != NULL) { +@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke + } + } + } while (BN_is_zero(k)); +- ++#ifdef FIPS_MODULE ++ } ++#endif + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); +diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c +--- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200 ++++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200 +@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r) + EC_GROUP_free(r->group); + EC_POINT_free(r->pub_key); + BN_clear_free(r->priv_key); ++#ifdef FIPS_MODULE ++ BN_clear_free(r->sign_kat_k); ++#endif + OPENSSL_free(r->propq); + + OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); +diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h +--- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200 ++++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200 +@@ -298,6 +298,9 @@ struct ec_key_st { + #ifndef FIPS_MODULE + CRYPTO_EX_DATA ex_data; + #endif ++#ifdef FIPS_MODULE ++ BIGNUM *sign_kat_k; ++#endif + CRYPTO_RWLOCK *lock; + OSSL_LIB_CTX *libctx; + char *propq; +diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h +--- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200 ++++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200 +@@ -293,6 +293,7 @@ extern "C" { + #define OSSL_PKEY_PARAM_DIST_ID "distid" + #define OSSL_PKEY_PARAM_PUB_KEY "pub" + #define OSSL_PKEY_PARAM_PRIV_KEY "priv" ++#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" + + /* Diffie-Hellman/DSA Parameters */ + #define OSSL_PKEY_PARAM_FFC_P "p" +diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c +--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200 ++++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200 +@@ -530,7 +530,8 @@ end: + # define EC_IMEXPORTABLE_PUBLIC_KEY \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) + # define EC_IMEXPORTABLE_PRIVATE_KEY \ +- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \ ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0) + # define EC_IMEXPORTABLE_OTHER_PARAMETERS \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) +diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c +--- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200 ++++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200 +@@ -17,6 +17,8 @@ + #include "self_test.h" + #include "self_test_data.inc" + ++int REDHAT_FIPS_signature_st = 0; ++ + static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, + OSSL_LIB_CTX *libctx) + { +@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S + EVP_PKEY *pkey = NULL; + unsigned char sig[256]; + BN_CTX *bnctx = NULL; ++ BIGNUM *K = NULL; + size_t siglen = sizeof(sig); + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, +@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; ++ K = BN_CTX_get(bnctx); ++ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL) ++ goto err; + + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) +@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S + + if (!add_params(bld, t->key, bnctx)) + goto err; ++ /* set K for ECDSA KAT tests */ ++ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K)) ++ goto err; + params = OSSL_PARAM_BLD_to_param(bld); + + /* Create a EVP_PKEY_CTX to load the DSA key into */ +@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST + static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + { + int i, ret = 1; ++ REDHAT_FIPS_signature_st = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { + if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) + ret = 0; + } ++ REDHAT_FIPS_signature_st = 0; + return ret; + } + +diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc +--- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200 ++++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200 +@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), + ST_KAT_PARAM_END() + }; ++static const unsigned char ec224r1_kat_sig[] = { ++0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0, ++0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce, ++0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22, ++0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c ++}; + ++static const char ecd_prime_curve_name384[] = "secp384r1"; ++/* ++priv: ++ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34: ++ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a: ++ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87: ++ 4c:91:87 ++pub: ++ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92: ++ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23: ++ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43: ++ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7: ++ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3: ++ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f: ++ 11:f2:a3:bf:e8:0e:88 ++*/ ++static const unsigned char ecd_prime_priv384[] = { ++ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34, ++ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a, ++ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87, ++ 0x4c, 0x91, 0x87 ++}; ++static const unsigned char ecd_prime_pub384[] = { ++ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92, ++ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23, ++ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43, ++ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7, ++ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3, ++ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f, ++ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88 ++}; ++static const ST_KAT_PARAM ecdsa_prime_key384[] = { ++ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384), ++ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384), ++ ST_KAT_PARAM_END() ++}; ++static const unsigned char ec384r1_kat_sig[] = { ++0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98, ++0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b, ++0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79, ++0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7, ++0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33, ++0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30, ++0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f ++}; ++static const char ecd_prime_curve_name521[] = "secp521r1"; ++/* ++priv: ++ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae: ++ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20: ++ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69: ++ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2: ++ af:fe:6d:cb:c2:3b ++pub: ++ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3: ++ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5: ++ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5: ++ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c: ++ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2: ++ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7: ++ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de: ++ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f: ++ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d ++*/ ++static const unsigned char ecd_prime_priv521[] = { ++ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae, ++ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20, ++ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69, ++ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2, ++ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b ++}; ++static const unsigned char ecd_prime_pub521[] = { ++ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3, ++ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5, ++ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5, ++ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c, ++ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2, ++ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7, ++ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde, ++ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f, ++ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d ++}; ++static const ST_KAT_PARAM ecdsa_prime_key521[] = { ++ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521), ++ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521), ++ ST_KAT_PARAM_END() ++}; ++static const unsigned char ec521r1_kat_sig[] = { ++0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e, ++0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65, ++0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8, ++0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89, ++0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2, ++0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f, ++0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a, ++0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9, ++0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e ++}; ++static const char ecd_prime_curve_name256[] = "prime256v1"; ++/* ++priv: ++ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88: ++ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7: ++ 30:fa ++pub: ++ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73: ++ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34: ++ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6: ++ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74: ++ 98:66:c4:63:a6 ++*/ ++static const unsigned char ecd_prime_priv256[] = { ++ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88, ++ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7, ++ 0x30, 0xfa ++}; ++static const unsigned char ecd_prime_pub256[] = { ++ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73, ++ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34, ++ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6, ++ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74, ++ 0x98, 0x66, 0xc4, 0x63, 0xa6 ++}; ++static const ST_KAT_PARAM ecdsa_prime_key256[] = { ++ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256), ++ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256), ++ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256), ++ ST_KAT_PARAM_END() ++}; ++static const unsigned char ec256v1_kat_sig[] = { ++0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6, ++0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f, ++0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21, ++0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b, ++0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66 ++}; + # ifndef OPENSSL_NO_EC2M + static const char ecd_bin_curve_name[] = "sect233r1"; + static const unsigned char ecd_bin_priv[] = { +@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes + ecdsa_prime_key, + /* + * The ECDSA signature changes each time due to it using a random k. +- * So there is no expected KAT for this case. ++ * We provide this value in our build ++ */ ++ ITM(ec224r1_kat_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ECDSA, ++ "EC", ++ "SHA-256", ++ ecdsa_prime_key384, ++ /* ++ * The ECDSA signature changes each time due to it using a random k. ++ * We provide this value in our build ++ */ ++ ITM(ec384r1_kat_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ECDSA, ++ "EC", ++ "SHA-256", ++ ecdsa_prime_key521, ++ /* ++ * The ECDSA signature changes each time due to it using a random k. ++ * We provide this value in our build ++ */ ++ ITM(ec521r1_kat_sig) ++ }, ++ { ++ OSSL_SELF_TEST_DESC_SIGN_ECDSA, ++ "EC", ++ "SHA-256", ++ ecdsa_prime_key256, ++ /* ++ * The ECDSA signature changes each time due to it using a random k. ++ * We provide this value in our build + */ ++ ITM(ec256v1_kat_sig) + }, + # ifndef OPENSSL_NO_EC2M + { +diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c +--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200 ++++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200 +@@ -44,6 +44,10 @@ + #define S390X_OFF_RN(n) (4 * n) + #define S390X_OFF_Y(n) (4 * n) + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_signature_st; ++#endif ++ + static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, + size_t num, const EC_POINT *points[], +@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign + * because kdsa instruction constructs an in-range, invertible nonce + * internally implementing counter-measures for RNG weakness. + */ ++#ifdef FIPS_MODULE ++ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { ++ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len); ++ /* Turns KDSA internal nonce-generation off. */ ++ fc |= S390X_KDSA_D; ++ } else { ++#endif + if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), + (size_t)len, 0) != 1) { + ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); + goto ret; + } ++#ifdef FIPS_MODULE ++ } ++#endif + } else { + /* Reconstruct k = (k^-1)^-1. */ + if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 diff --git a/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch new file mode 100644 index 0000000..a4ea757 --- /dev/null +++ b/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch @@ -0,0 +1,1120 @@ +From 5f4f350ce797a7cd2fdca84c474ee196da9d6fae Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Wed, 18 May 2022 17:25:59 +0200 +Subject: [PATCH] Deny SHA-1 signature verification in FIPS provider + +For RHEL, we already disable SHA-1 signatures by default in the default +provider, so it is unexpected that the FIPS provider would have a more +lenient configuration in this regard. Additionally, we do not think +continuing to accept SHA-1 signatures is a good idea due to the +published chosen-prefix collision attacks. + +As a consequence, disable verification of SHA-1 signatures in the FIPS +provider. + +This requires adjusting a few tests that would otherwise fail: +- 30-test_acvp: Remove the test vectors that use SHA-1. +- 30-test_evp: Mark tests in evppkey_rsa_common.txt and + evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default", + which will not run them when the FIPS provider is enabled. +- 80-test_cms: Re-create all certificates in test/smime-certificates + with SHA256 signatures while keeping the same private keys. These + certificates were signed with SHA-1 and thus fail verification in the + FIPS provider. + Fix some other tests by explicitly running them in the default + provider, where SHA-1 is available. +- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with + the FIPS provider. + +Signed-off-by: Clemens Lang +--- + providers/implementations/signature/dsa_sig.c | 4 -- + .../implementations/signature/ecdsa_sig.c | 4 -- + providers/implementations/signature/rsa_sig.c | 8 +-- + test/acvp_test.inc | 20 ------- + .../30-test_evp_data/evppkey_ecdsa.txt | 7 +++ + .../30-test_evp_data/evppkey_rsa_common.txt | 51 +++++++++++++++- + test/recipes/80-test_cms.t | 4 +- + test/recipes/80-test_ssl_old.t | 4 ++ + test/smime-certs/smdh.pem | 18 +++--- + test/smime-certs/smdsa1.pem | 60 +++++++++---------- + test/smime-certs/smdsa2.pem | 60 +++++++++---------- + test/smime-certs/smdsa3.pem | 60 +++++++++---------- + test/smime-certs/smec1.pem | 30 +++++----- + test/smime-certs/smec2.pem | 30 +++++----- + test/smime-certs/smec3.pem | 30 +++++----- + test/smime-certs/smroot.pem | 38 ++++++------ + test/smime-certs/smrsa1.pem | 38 ++++++------ + test/smime-certs/smrsa2.pem | 38 ++++++------ + test/smime-certs/smrsa3.pem | 38 ++++++------ + 19 files changed, 286 insertions(+), 256 deletions(-) + +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index fa3822f39f..c365d7b13a 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -128,11 +128,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + int md_nid; + size_t mdname_len = strlen(mdname); +-#ifdef FIPS_MODULE +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + int sha1_allowed = 0; +-#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 99b228e82c..44a22832ec 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } +-#ifdef FIPS_MODULE +- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + sha1_allowed = 0; +-#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index f66d7705c3..34f45175e8 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -292,11 +292,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + int md_nid; + size_t mdname_len = strlen(mdname); +-#ifdef FIPS_MODULE +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +-#else + int sha1_allowed = 0; +-#endif + md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); + +@@ -1355,8 +1351,10 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + + if (prsactx->md == NULL && pmdname == NULL + && pad_mode == RSA_PKCS1_PSS_PADDING) { ++#ifdef FIPS_MODULE ++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; ++#else + pmdname = RSA_DEFAULT_DIGEST_NAME; +-#ifndef FIPS_MODULE + if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { + pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; + } +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index ad11d3ae1e..73b24bdb0c 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -1841,17 +1841,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { + NO_PSS_SALT_LEN, + FAIL + }, +- { +- "x931", +- 3072, +- "SHA1", +- ITM(rsa_sigverx931_0_msg), +- ITM(rsa_sigverx931_0_n), +- ITM(rsa_sigverx931_0_e), +- ITM(rsa_sigverx931_0_sig), +- NO_PSS_SALT_LEN, +- PASS +- }, + { + "x931", + 3072, +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +index f36982845d..51e507a61c 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC + + Title = ECDSA tests + ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + + # Digest too long ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF12345" +@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # Digest too short ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF123" +@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # Digest invalid ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1235" +@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # Invalid signature ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e + Result = VERIFY_ERROR + + # BER signature ++Availablein = default + Verify = P-256 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 + Result = VERIFY_ERROR + ++Availablein = default + Verify = P-256-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +index b8d8bb2993..8dd566067b 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +@@ -96,6 +96,7 @@ NDL6WCBbets= + + Title = RSA tests + ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224 + Input = "0123456789ABCDEF123456789ABC" + Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:SHA1 + Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Output = "0123456789ABCDEF1234" + + # Leading zero in the signature ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" + Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:SHA1 + Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + Result = KEYOP_ERROR + + # Mismatched digest ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1233" +@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2 + Result = VERIFY_ERROR + + # Corrupted signature ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1233" +@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2 + Result = VERIFY_ERROR + + # parameter is not NULLt ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" +@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e7 + Result = VERIFY_ERROR + + # embedded digest too long ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = KEYOP_ERROR + + # embedded digest too short ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d + Result = KEYOP_ERROR + + # Garbage after DigestInfo ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" + Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 + Result = VERIFY_ERROR + ++Availablein = default + VerifyRecover = RSA-2048 + Ctrl = digest:sha1 + Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 + Result = KEYOP_ERROR + + # invalid tag for parameter ++Availablein = default + Verify = RSA-2048 + Ctrl = digest:sha1 + Input = "0123456789ABCDEF1234" +@@ -195,6 +209,7 @@ Result = VERIFY_ERROR + + # Verify using public key + ++Availablein = default + Verify = RSA-2048-PUBLIC + Ctrl = digest:SHA1 + Input = "0123456789ABCDEF1234" +@@ -370,6 +385,8 @@ Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + + # Verify using salt length auto detect ++# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256 ++Availablein = default + Verify = RSA-2048-PUBLIC + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:auto +@@ -404,6 +421,10 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD + Result = VERIFY_ERROR + + # Verify using default parameters, explicitly setting parameters ++# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which ++# RHEL-9 does not support in FIPS mode; all these tests are thus marked ++# Availablein = default. ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:20 +@@ -412,6 +433,7 @@ Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + + # Verify explicitly setting parameters "digest" salt length ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_pss_saltlen:digest +@@ -420,18 +442,21 @@ Input="0123456789ABCDEF0123" + Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF + + # Verify using salt length larger than minimum ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:30 + Input="0123456789ABCDEF0123" + Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B + + # Verify using maximum salt length ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:max + Input="0123456789ABCDEF0123" + Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6 + + # Attempt to change salt length below minimum ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_pss_saltlen:0 + Result = PKEY_CTRL_ERROR +@@ -439,21 +464,25 @@ Result = PKEY_CTRL_ERROR + # Attempt to change padding mode + # Note this used to return PKEY_CTRL_INVALID + # but it is limited because setparams only returns 0 or 1. ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = rsa_padding_mode:pkcs1 + Result = PKEY_CTRL_ERROR + + # Attempt to change digest ++Availablein = default + Verify = RSA-PSS-DEFAULT + Ctrl = digest:sha256 + Result = PKEY_CTRL_ERROR + + # Invalid key: rejected when we try to init ++Availablein = default + Verify = RSA-PSS-BAD + Result = KEYOP_INIT_ERROR + Reason = invalid salt length + + # Invalid key: rejected when we try to init ++Availablein = default + Verify = RSA-PSS-BAD2 + Result = KEYOP_INIT_ERROR + Reason = invalid salt length +@@ -472,36 +501,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh + 4fINDOjP+yJJvZohNwIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e + Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd + Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0652ec67bcee30f9d2699122b91c19abdba89f91 + Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=39c21c4cceda9c1adf839c744e1212a6437575ec + Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=36dae913b77bd17cae6e7b09453d24544cebb33c + Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad + ++Availablein = default + Verify=RSA-PSS-1 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -517,36 +552,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+ESArV6D5KYZBKTySPs5cCc1fh + 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ== + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0 + Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=2dac956d53964748ac364d06595827c6b4f143cd + Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298 + Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e + Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a + Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c + ++Availablein = default + Verify=RSA-PSS-9 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -564,36 +605,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGu + BQIDAQAB + -----END PUBLIC KEY----- + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4 + Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=b503319399277fd6c1c8f1033cbf04199ea21716 + Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=50aaede8536b2c307208b275a67ae2df196c7628 + Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294 + Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 + Input=fad3902c9750622a2bc672622c48270cc57d3ea8 + Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc + ++Availablein = default + Verify=RSA-PSS-10 + Ctrl = rsa_padding_mode:pss + Ctrl = rsa_mgf1_md:sha1 +@@ -1329,11 +1376,13 @@ Title = RSA FIPS tests + + # FIPS tests + +-# Verifying with SHA1 is permitted in fips mode for older applications ++# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode ++Availablein = fips + DigestVerify = SHA1 + Key = RSA-2048 + Input = "Hello " + Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859 ++Result = DIGESTVERIFYINIT_ERROR + + # Verifying with a 1024 bit key is permitted in fips mode for older applications + DigestVerify = SHA256 +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 48a92f735d..34afe91b88 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -162,7 +162,7 @@ my @smime_pkcs7_tests = ( + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", + "-certfile", $smroot, + "-signer", $smrsa1, "-out", "{output}.cms" ], +- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", ++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], +@@ -170,7 +170,7 @@ my @smime_pkcs7_tests = ( + [ "signed zero-length content S/MIME format, RSA key SHA1", + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], +- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", ++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&zero_compare + ], +diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t +index 8c52b637fc..ff75c5b6ec 100644 +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -394,6 +394,9 @@ sub testssl { + 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); + } + ++ SKIP: { ++ skip "SSLv3 is not supported by the FIPS provider", 4 ++ if $provider eq "fips"; + ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), + 'test sslv2/sslv3 with server authentication'); + ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), +@@ -402,6 +405,7 @@ sub testssl { + 'test sslv2/sslv3 with both client and server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); ++ } + + SKIP: { + skip "No IPv4 available on this machine", 1 +diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem +index 7d66a6b421..894461f6da 100644 +--- a/test/smime-certs/smdh.pem ++++ b/test/smime-certs/smdh.pem +@@ -14,10 +14,10 @@ ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv + BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFljCCBH6gAwIBAgIUYmx57362u3KsYCqtKby2mYi+pLMwDQYJKoZIhvcNAQEL ++MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL + BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIxMDExNTEwMDk1MloXDTMwMTEy +-NDEwMDk1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz ++MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx + HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw + ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz + VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH +@@ -38,10 +38,10 @@ Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+ + xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h + wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE + FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI +-qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQA5r5k39ghJIgQKjOXSffhtAaBPT0Um +-WtLjijp/iBUAowFpncDRIp+Ng7n/feJHDdnh59H0ZHGljWqZ3rgG3HjjArvG+iUm +-6aaS4KdM6OwK60JTUXBQ/InISXzrZof2oZ5BjO6L6yV6cpaYOLlLo3QjU8HE54G9 +-7UyR48NSvhwPw+vS1Abjib+K1En/ctnlm0CurHgP56LrJxguFZZP6+UjCnEy0wxm +-VRr+y4+IgWikdOumMelJ+x9O9R7EPVfwQ9TYBtpo5hZQiGhSJ3Di9LZO5i0h2xjj +-AhtR8zmzusFX2Ruh2dXQWeNx/dMEcYRJLU1P+IxUq2g1GUiCgq2Xc7ZY ++qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y ++TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb ++L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC ++KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ ++EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2 ++/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5 + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem +index b424f6704e..597d98f827 100644 +--- a/test/smime-certs/smdsa1.pem ++++ b/test/smime-certs/smdsa1.pem +@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ + TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +-ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +-uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +-7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +-wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 +-+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +-Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +-AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +-0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +-g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +-0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +-yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +-7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +-aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x +-EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV +-86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE +-DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp +-O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit +-1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg +-MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO +-xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +-MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx +-d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 +-MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z +-Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt +-17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf +-0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO ++MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz ++MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB ++MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw ++N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs ++HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 ++Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt ++kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J ++MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 ++ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 ++6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ ++IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV ++ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv ++stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA ++EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E ++hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P ++faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH +++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy ++HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx ++ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd ++GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV ++HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL ++vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL ++sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq ++TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1 ++3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ ++2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW ++fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw= + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem +index 648447fc89..a995f665bb 100644 +--- a/test/smime-certs/smdsa2.pem ++++ b/test/smime-certs/smdsa2.pem +@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ + TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +-ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +-uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +-7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +-wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 +-+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +-Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +-AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +-0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +-g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +-0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +-yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +-7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +-aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E +-h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt +-tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa +-LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn +-3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 +-KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg +-MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k +-qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +-MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp +-VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb +-uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV +-6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD +-2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 +-GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I ++MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz ++MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB ++MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw ++N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs ++HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 ++Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt ++kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J ++MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 ++ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 ++6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ ++IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV ++ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv ++stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA ++EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s ++zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO ++b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR ++7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA ++DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r ++z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm ++MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV ++HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL ++vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat ++MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx ++53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW ++Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU ++q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r ++us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA= + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem +index 77acc5e46f..9f703e52f0 100644 +--- a/test/smime-certs/smdsa3.pem ++++ b/test/smime-certs/smdsa3.pem +@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ + TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +-ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +-uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +-7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +-wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 +-+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +-Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +-AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +-0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +-g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +-0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +-yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +-7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +-aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 +-msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf +-zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 +-cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp +-N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS +-2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg +-MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE +-FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +-MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask +-pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK +-YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM +-khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i +-Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv +-4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 ++MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz ++MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB ++MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw ++N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs ++HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 ++Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt ++kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J ++MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 ++ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 ++6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ ++IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV ++ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv ++stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA ++EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h ++nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY ++rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA ++LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl ++pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof ++nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc ++W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV ++HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL ++vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR ++egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5 ++OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw ++f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J ++deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87 ++2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs= + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem +index 75a862666b..05754f3963 100644 +--- a/test/smime-certs/smec1.pem ++++ b/test/smime-certs/smec1.pem +@@ -4,19 +4,19 @@ DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV + 3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +-ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I +-iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi +-ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg +-MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK +-Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy +-WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt +-7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV +-FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y +-S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1 +-DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7 +-qtcHJA== ++MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz ++MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI ++zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2 ++gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV ++HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud ++IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp ++sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9 ++1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj ++weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R ++mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy ++hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ ++V5ASvNRiGWIJK5XF+zRY + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem +index 457297a760..7c502d8799 100644 +--- a/test/smime-certs/smec2.pem ++++ b/test/smime-certs/smec2.pem +@@ -5,19 +5,19 @@ uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 + 6bQ= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +-ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+ +-huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj +-JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E +-BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA +-FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez +-ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK +-xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0 +-uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P +-rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq +-IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0 +-4ZdCllHZkhop ++MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz ++MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE ++ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT ++cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA ++MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw ++HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD ++ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ ++Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5 ++7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd ++oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60 ++cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ ++/UfNk+5Y3g5Mm642MLvjBEUqurw= + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smec3.pem b/test/smime-certs/smec3.pem +index 90eac867d0..5110e2984b 100644 +--- a/test/smime-certs/smec3.pem ++++ b/test/smime-certs/smec3.pem +@@ -4,19 +4,19 @@ zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo + xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +-ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy +-4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW +-aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg +-MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy +-KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA +-HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm +-diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj +-OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM +-UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI +-OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8 +-Ci1l4Q== ++MIICqzCCAZOgAwIBAgIUSG5MT0bOz48OfBayRWfoQwUcA50wDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0Mjg1MloXDTMyMDMz ++MTE0Mjg1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMzMFkwEwYHKoZIzj0CAQYIKoZI ++zj0DAQcDQgAER/LhwR5Ljn7sl4CY+1d5TalBD4kDaMRvJ7Ro1ZikR38sHVKECdT4 ++H25AhLAZN9+K0RZo2ta/jGMqp/wPQEYhgaNgMF4wDAYDVR0TAQH/BAIwADAOBgNV ++HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFAtH4f0KYBj8oPJdZ1VQz0U/vrpbMB8GA1Ud ++IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQBY ++xXTNWQz38q37bRjyl6FWMdIaVRkle1Qzjo0bAVHsrYNwY36PBnJpfZE8aJS6WwD2 ++PUHWVLc0zd50pXbAa41FlquOdP5FNa8wOc+jHIiyWaE8SEdt0jsxPRTJ9kElXuJ5 ++wFx7icmRde7DWLG32SWwR1pFi4R/aDOOxpTzUuYvKuawfAUVQtQyCz8sahbmI8EW ++H0KDuiyuncq1YjvHfaUR7QKijMJ0eBRsjUls0HeMjkehBkTrz78u7TJBWKE/BCiB ++HzuZeMqHpSXtK6ZCRtQXTLv0HyenFmbdVSDiOFSnvdL5lyLT3aFQ19DVtGFCAUwZ ++HQdD3KNn4i073Z7Ia2Xa + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem +index d1a253f409..f62a54e2a3 100644 +--- a/test/smime-certs/smroot.pem ++++ b/test/smime-certs/smroot.pem +@@ -27,23 +27,23 @@ vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ + KfvPCYimQwBjVrEnSntLPR0= + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +-ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +-ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT +-JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ +-LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E +-J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ +-MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe +-untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb +-i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G +-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB +-AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb +-Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl +-zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt +-9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C +-7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt +-Emsny2ah6fU2z7PztrUy/A80 ++MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy ++MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF ++AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR ++4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb ++qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj ++pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN ++lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2 ++QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E ++FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw ++doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI ++hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN ++r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z ++tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx ++kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo ++bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2 ++b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8= + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem +index d0d0b9e66b..7eb331e2c9 100644 +--- a/test/smime-certs/smrsa1.pem ++++ b/test/smime-certs/smrsa1.pem +@@ -27,23 +27,23 @@ iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST + zQpuMJliRlrq/5JkIbH6SA== + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +-ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +-AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK +-2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt +-+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF +-Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe +-bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM +-kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +-VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV +-HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +-dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o +-E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK +-WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp +-lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT +-GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu +-9Hjq6s316fk4Ne0EUF3PbA== ++MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz ++MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw ++D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy ++5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS ++9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH ++yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT ++0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T ++AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM ++y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm ++CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq ++oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ ++kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0 ++EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY ++7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem +index 2f17cb2978..4262742176 100644 +--- a/test/smime-certs/smrsa2.pem ++++ b/test/smime-certs/smrsa2.pem +@@ -27,23 +27,23 @@ hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n + yrLyf+8hjm6H6zkjqiOkHAl+ + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +-ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +-AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF +-AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp +-cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS +-0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 +-NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 +-EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +-VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV +-HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +-I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 +-Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv +-/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c +-XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv +-6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i +-NzYzLAPBkHCMY0Is3KKIBw== ++MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz ++MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6 ++RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7 ++snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk ++HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM ++ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2 ++Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T ++AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT ++6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD ++QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa ++9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv ++i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR ++pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM ++1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE + -----END CERTIFICATE----- +diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem +index 14c27f64aa..f7dca3a004 100644 +--- a/test/smime-certs/smrsa3.pem ++++ b/test/smime-certs/smrsa3.pem +@@ -27,23 +27,23 @@ yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF + RvOAi5wVkYylDxV4238MAZIq + -----END PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx +-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +-ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +-AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC +-FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF +-STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW +-m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha +-v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p +-1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +-VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV +-HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +-JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp +-sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa +-VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr +-O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 +-tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY +-CscFo2Z2pYROGtZDmYqhRw== ++MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL ++BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV ++BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz ++MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx ++HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x ++b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM ++sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5 ++FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO ++Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj ++If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T ++AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868 ++yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c ++P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs ++s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn ++Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7 ++xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu ++r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf + -----END CERTIFICATE----- +-- +2.35.3 + diff --git a/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch b/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch new file mode 100644 index 0000000..6d368d8 --- /dev/null +++ b/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch @@ -0,0 +1,466 @@ +From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Tue, 7 Jun 2022 12:02:49 +0200 +Subject: [PATCH] fips: Expose a FIPS indicator + +FIPS 140-3 requires us to indicate whether an operation was using +approved services or not. The FIPS 140-3 implementation guidelines +provide two basic approaches to doing this: implicit indicators, and +explicit indicators. + +Implicit indicators are basically the concept of "if the operation +passes, it was approved". We were originally aiming for implicit +indicators in our copy of OpenSSL. However, this proved to be a problem, +because we wanted to certify a signature service, and FIPS 140-3 +requires that a signature service computes the digest to be signed +within the boundaries of the FIPS module. Since we were planning to +certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify +would have to be blocked. Unfortunately, EVP_SignFinal uses +EVP_PKEY_sign internally, but outside of fips.so and thus outside of the +FIPS module boundary. This means that using implicit indicators in +combination with certifying only fips.so would require us to block both +EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used +by most users of OpenSSL for signatures. + +EVP_DigestSign would be acceptable, but has only been added in 3.0 and +is thus not yet widely used. + +As a consequence, we've decided to introduce explicit indicators so that +EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but +FIPS-aware applications can query the explicit indicator to check +whether the operation was approved. + +To avoid affecting the ABI and public API too much, this is implemented +as an exported symbol in fips.so and a private header, so applications +that wish to use this will have to dlopen(3) fips.so, locate the +function using dlsym(3), and then call it. These applications will have +to build against the private header in order to use the returned +pointer. + +Modify util/mkdef.pl to support exposing a symbol only for a specific +provider identified by its name and path. + +Signed-off-by: Clemens Lang +--- + doc/build.info | 6 ++ + doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++ + providers/fips/fipsprov.c | 71 +++++++++++++ + providers/fips/indicator.h | 66 ++++++++++++ + util/mkdef.pl | 25 ++++- + util/providers.num | 1 + + 6 files changed, 322 insertions(+), 1 deletion(-) + create mode 100644 doc/man7/fips_module_indicators.pod + create mode 100644 providers/fips/indicator.h + +diff --git a/doc/build.info b/doc/build.info +index b0aa4297a4..af235113bb 100644 +--- a/doc/build.info ++++ b/doc/build.info +@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod + GENERATE[html/man7/fips_module.html]=man7/fips_module.pod + DEPEND[man/man7/fips_module.7]=man7/fips_module.pod + GENERATE[man/man7/fips_module.7]=man7/fips_module.pod ++DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod ++GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod ++DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod ++GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod + DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod + GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod + DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod +@@ -4631,6 +4635,7 @@ html/man7/ct.html \ + html/man7/des_modes.html \ + html/man7/evp.html \ + html/man7/fips_module.html \ ++html/man7/fips_module_indicators.html \ + html/man7/life_cycle-cipher.html \ + html/man7/life_cycle-digest.html \ + html/man7/life_cycle-kdf.html \ +@@ -4754,6 +4759,7 @@ man/man7/ct.7 \ + man/man7/des_modes.7 \ + man/man7/evp.7 \ + man/man7/fips_module.7 \ ++man/man7/fips_module_indicators.7 \ + man/man7/life_cycle-cipher.7 \ + man/man7/life_cycle-digest.7 \ + man/man7/life_cycle-kdf.7 \ +diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod +new file mode 100644 +index 0000000000..23db2b395c +--- /dev/null ++++ b/doc/man7/fips_module_indicators.pod +@@ -0,0 +1,154 @@ ++=pod ++ ++=head1 NAME ++ ++fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide ++ ++=head1 DESCRIPTION ++ ++This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider ++implements Approved Security Service Indicators according to the FIPS 140-3 ++Implementation Guidelines, section 2.4.C. See ++L ++for the FIPS 140-3 Implementation Guidelines. ++ ++For all approved services except signatures, the Red Hat OpenSSL FIPS provider ++uses the return code as the indicator as understood by FIPS 140-3. That means ++that every operation that succeeds denotes use of an approved security service. ++Operations that do not succeed may not have been approved security services, or ++may have been used incorrectly. ++ ++For signatures, an explicit indicator API is available to determine whether ++a selected operation is an approved security service, in combination with the ++return code of the operation. For a signature operation to be approved, the ++explicit indicator must claim it as approved, and it must succeed. ++ ++=head2 Querying the explicit indicator ++ ++The Red Hat OpenSSL FIPS provider exports a symbol named ++I that provides information on which signature ++operations are approved security functions. To use this function, either link ++against I directly, or load it at runtime using dlopen(3) and ++dlsym(3). ++ ++ #include ++ #include "providers/fips/indicator.h" ++ ++ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY); ++ if (provider == NULL) { ++ fprintf(stderr, "%s\n", dlerror()); ++ // handle error ++ } ++ ++ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \ ++ = dlsym(provider, "redhat_ossl_query_fipsindicator"); ++ if (redhat_ossl_query_fipsindicator == NULL) { ++ fprintf(stderr, "%s\n", dlerror()); ++ fprintf(stderr, "Does your copy of fips.so have the required Red Hat" ++ " patches?\n"); ++ // handle error ++ } ++ ++Note that this uses the I header, which is not ++public. Install the I package from the I ++repository using I and include ++I in the compiler's include path. ++ ++I expects an operation ID as its only ++argument. Currently, the only supported operation ID is I to ++obtain the indicators for signature operations. On success, the return value is ++a pointer to an array of Is. On failure, NULL is ++returned. The last entry in the array is indicated by I being ++NULL. ++ ++ typedef struct ossl_rh_fipsindicator_algorithm_st { ++ const char *algorithm_names; /* key */ ++ const char *property_definition; /* key */ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; ++ } OSSL_RH_FIPSINDICATOR_ALGORITHM; ++ ++ typedef struct ossl_rh_fipsindicator_dispatch_st { ++ int function_id; ++ int approved; ++ } OSSL_RH_FIPSINDICATOR_DISPATCH; ++ ++The I field is a colon-separated list of algorithm names from ++one of the I constants, e.g., I. strtok(3) can ++be used to locate the appropriate entry. See the example below, where ++I contains the algorithm name to search for: ++ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL; ++ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator = ++ redhat_ossl_query_fipsindicator(operation_id); ++ if (indicator == NULL) { ++ fprintf(stderr, "No indicator for operation, probably using implicit" ++ " indicators.\n"); ++ // handle error ++ } ++ ++ for (; indicator->algorithm_names != NULL; ++indicator) { ++ char *algorithm_names = strdup(indicator->algorithm_names); ++ if (algorithm_names == NULL) { ++ perror("strdup(3)"); ++ // handle error ++ } ++ ++ const char *algorithm_name = strtok(algorithm_names, ":"); ++ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) { ++ if (strcasecmp(algorithm_name, algorithm) == 0) { ++ indicator_dispatch = indicator->indicators; ++ free(algorithm_names); ++ algorithm_names = NULL; ++ break; ++ } ++ } ++ free(algorithm_names); ++ } ++ if (indicator_dispatch == NULL) { ++ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm); ++ // handle error ++ } ++ ++If an appropriate I array is available for the ++given algorithm name, it maps function IDs to their approval status. The last ++entry is indicated by a zero I. I is ++I if the operation is an approved security ++service, or part of an approved security service, or ++I otherwise. Any other value is invalid. ++Function IDs are I constants from I, ++e.g., I or I. ++ ++Assuming I is the function in question, the following code can be ++used to query the approval status: ++ ++ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) { ++ if (indicator_dispatch->function_id == function_id) { ++ switch (indicator_dispatch->approved) { ++ case OSSL_RH_FIPSINDICATOR_APPROVED: ++ // approved security service ++ break; ++ case OSSL_RH_FIPSINDICATOR_UNAPPROVED: ++ // unapproved security service ++ break; ++ default: ++ // invalid result ++ break; ++ } ++ break; ++ } ++ } ++ ++=head1 SEE ALSO ++ ++L, L ++ ++=head1 COPYRIGHT ++ ++Copyright 2022 Red Hat, Inc. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c +index de391ce067..1cfd71c5cf 100644 +--- a/providers/fips/fipsprov.c ++++ b/providers/fips/fipsprov.c +@@ -23,6 +23,7 @@ + #include "prov/seeding.h" + #include "self_test.h" + #include "internal/core.h" ++#include "indicator.h" + + static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; + static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; +@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = { + { NULL, NULL, NULL } + }; + ++static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = { ++ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } ++}; ++ ++static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = { ++ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, ++ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } ++}; ++ ++static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = { ++ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ++ redhat_rsa_signature_indicators }, ++#ifndef OPENSSL_NO_EC ++ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ++ redhat_ecdsa_signature_indicators }, ++#endif ++ { NULL, NULL, NULL } ++}; ++ + static const OSSL_ALGORITHM fips_asym_cipher[] = { + { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, + { NULL, NULL, NULL } +@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) { + freelocale(loc); + } + ++const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { ++ switch (operation_id) { ++ case OSSL_OP_SIGNATURE: ++ return redhat_indicator_fips_signature; ++ } ++ return NULL; ++} ++ + static void fips_teardown(void *provctx) + { + OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); +diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h +new file mode 100644 +index 0000000000..b323efe44c +--- /dev/null ++++ b/providers/fips/indicator.h +@@ -0,0 +1,66 @@ ++/* ++ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OPENSSL_FIPS_INDICATOR_H ++# define OPENSSL_FIPS_INDICATOR_H ++# pragma once ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0) ++# define OSSL_RH_FIPSINDICATOR_APPROVED (1) ++ ++/* ++ * FIPS indicator dispatch table element. function_id numbers and the ++ * functions are defined in core_dispatch.h, see macros with ++ * 'OSSL_CORE_MAKE_FUNC' in their names. ++ * ++ * An array of these is always terminated by function_id == 0 ++ */ ++typedef struct ossl_rh_fipsindicator_dispatch_st { ++ int function_id; ++ int approved; ++} OSSL_RH_FIPSINDICATOR_DISPATCH; ++ ++/* ++ * Type to tie together algorithm names, property definition string and the ++ * algorithm implementation's FIPS indicator status in the form of a FIPS ++ * indicator dispatch table. ++ * ++ * An array of these is always terminated by algorithm_names == NULL ++ */ ++typedef struct ossl_rh_fipsindicator_algorithm_st { ++ const char *algorithm_names; /* key */ ++ const char *property_definition; /* key */ ++ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; ++} OSSL_RH_FIPSINDICATOR_ALGORITHM; ++ ++/** ++ * Query FIPS indicator status for the given operation. Possible values for ++ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms ++ * use implicit indicators. The return value is an array of ++ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with ++ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of ++ * algorithm names, 'property_definition' a comma-separated list of properties, ++ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This ++ * list is terminated by function_id == 0. 'function_id' is one of the ++ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL. ++ * ++ * If there is no entry in the returned struct for the given operation_id, ++ * algorithm name, or function_id, the algorithm is unapproved. ++ */ ++const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id); ++ ++# ifdef __cplusplus ++} ++# endif ++ ++#endif +diff --git a/util/mkdef.pl b/util/mkdef.pl +index a1c76f7c97..eda39b71ee 100755 +--- a/util/mkdef.pl ++++ b/util/mkdef.pl +@@ -149,7 +149,8 @@ $ordinal_opts{filter} = + return + $item->exists() + && platform_filter($item) +- && feature_filter($item); ++ && feature_filter($item) ++ && fips_filter($item, $name); + }; + my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file); + +@@ -205,6 +206,28 @@ sub feature_filter { + return $verdict; + } + ++sub fips_filter { ++ my $item = shift; ++ my $name = uc(shift); ++ my @features = ( $item->features() ); ++ ++ # True if no features are defined ++ return 1 if scalar @features == 0; ++ ++ my @matches = grep(/^ONLY_.*$/, @features); ++ if (@matches) { ++ # There is at least one only_* flag on this symbol, check if any of ++ # them match the name ++ for (@matches) { ++ if ($_ eq "ONLY_${name}") { ++ return 1; ++ } ++ } ++ return 0; ++ } ++ return 1; ++} ++ + sub sorter_unix { + my $by_name = OpenSSL::Ordinals::by_name(); + my %weight = ( +diff --git a/util/providers.num b/util/providers.num +index 4e2fa81b98..77879d0e5f 100644 +--- a/util/providers.num ++++ b/util/providers.num +@@ -1 +1,2 @@ + OSSL_provider_init 1 * EXIST::FUNCTION: ++redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS +-- +2.35.3 + diff --git a/SOURCES/0063-CVE-2022-1473.patch b/SOURCES/0063-CVE-2022-1473.patch new file mode 100644 index 0000000..b4b12dc --- /dev/null +++ b/SOURCES/0063-CVE-2022-1473.patch @@ -0,0 +1,13 @@ +diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c +index 2a574fbfe6aa..16f482db68a9 100644 +--- a/crypto/lhash/lhash.c ++++ b/crypto/lhash/lhash.c +@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh) + } + lh->b[i] = NULL; + } ++ ++ lh->num_items = 0; + } + + void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) diff --git a/SOURCES/0064-CVE-2022-1343.diff b/SOURCES/0064-CVE-2022-1343.diff new file mode 100644 index 0000000..d473597 --- /dev/null +++ b/SOURCES/0064-CVE-2022-1343.diff @@ -0,0 +1,263 @@ +diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c +index 7a4a45d537..3c5f48ec0a 100644 +--- a/crypto/ocsp/ocsp_vfy.c ++++ b/crypto/ocsp/ocsp_vfy.c +@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response, + + ret = X509_verify_cert(ctx); + if (ret <= 0) { +- ret = X509_STORE_CTX_get_error(ctx); ++ int err = X509_STORE_CTX_get_error(ctx); ++ + ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR, +- "Verify error: %s", X509_verify_cert_error_string(ret)); ++ "Verify error: %s", X509_verify_cert_error_string(err)); + goto end; + } + if (chain != NULL) +diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t +index d42030cb89..34fdfcbccc 100644 +--- a/test/recipes/80-test_ocsp.t ++++ b/test/recipes/80-test_ocsp.t +@@ -35,6 +35,7 @@ sub test_ocsp { + $untrusted = $CAfile; + } + my $expected_exit = shift; ++ my $nochecks = shift; + my $outputfile = basename($inputfile, '.ors') . '.dat'; + + run(app(["openssl", "base64", "-d", +@@ -45,7 +46,8 @@ sub test_ocsp { + "-partial_chain", @check_time, + "-CAfile", catfile($ocspdir, $CAfile), + "-verify_other", catfile($ocspdir, $untrusted), +- "-no-CApath", "-no-CAstore"])), ++ "-no-CApath", "-no-CAstore", ++ $nochecks ? "-no_cert_checks" : ()])), + $title); }); + } + +@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub { + plan tests => 7; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); ++ "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "ND2.ors", "ND2_Issuer_Root.pem", "", 0); ++ "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "ND3.ors", "ND3_Issuer_Root.pem", "", 0); ++ "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0); + test_ocsp("NON-DELEGATED; 3-level CA hierarchy", +- "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); ++ "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "D1.ors", "D1_Issuer_ICA.pem", "", 0); ++ "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "D2.ors", "D2_Issuer_Root.pem", "", 0); ++ "D2.ors", "D2_Issuer_Root.pem", "", 0, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "D3.ors", "D3_Issuer_Root.pem", "", 0); ++ "D3.ors", "D3_Issuer_Root.pem", "", 0, 0); + }; + + subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); ++ "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); ++ "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); ++ "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); ++ "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); ++ "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); ++ "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); ++ "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); ++ "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); ++ "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); ++ "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); ++ "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); ++ "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); ++ "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); ++ "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); ++ "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); ++ "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); ++ "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); ++ "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); ++ "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); ++ "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); ++ "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); ++ "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); ++ "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); ++ "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { + plan tests => 3; + + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); ++ "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); ++ "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); ++ "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { +- plan tests => 3; ++ plan tests => 6; + + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); ++ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); ++ test_ocsp("DELEGATED; Root CA -> Intermediate CA", ++ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); ++ test_ocsp("DELEGATED; Root CA -> EE", ++ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); ++ test_ocsp("DELEGATED; Intermediate CA -> EE", ++ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); ++ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1); + test_ocsp("DELEGATED; Root CA -> EE", +- "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); ++ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1); + }; + + subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); ++ "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); ++ "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); ++ "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); ++ "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); ++ "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); ++ "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); ++ "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); ++ "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); ++ "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); ++ "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); ++ "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); ++ "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0); + }; + + subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { +@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { + + # Expect success, because we're explicitly trusting the issuer certificate. + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", +- "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); ++ "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", +- "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); ++ "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", +- "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); ++ "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", +- "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); ++ "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", +- "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); ++ "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0); + test_ocsp("DELEGATED; Root CA -> EE", +- "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); ++ "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0); + }; + + subtest "=== OCSP API TESTS===" => sub { diff --git a/SOURCES/0065-CVE-2022-1292.patch b/SOURCES/0065-CVE-2022-1292.patch new file mode 100644 index 0000000..5531fb3 --- /dev/null +++ b/SOURCES/0065-CVE-2022-1292.patch @@ -0,0 +1,58 @@ +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index d51d8856d7..a630773a02 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -152,6 +152,23 @@ sub check_file { + return ($is_cert, $is_crl); + } + ++sub compute_hash { ++ my $fh; ++ if ( $^O eq "VMS" ) { ++ # VMS uses the open through shell ++ # The file names are safe there and list form is unsupported ++ if (!open($fh, "-|", join(' ', @_))) { ++ print STDERR "Cannot compute hash on '$fname'\n"; ++ return; ++ } ++ } else { ++ if (!open($fh, "-|", @_)) { ++ print STDERR "Cannot compute hash on '$fname'\n"; ++ return; ++ } ++ } ++ return (<$fh>, <$fh>); ++} + + # Link a certificate to its subject name hash value, each hash is of + # the form . where n is an integer. If the hash value already exists +@@ -161,10 +178,12 @@ sub check_file { + + sub link_hash_cert { + my $fname = $_[0]; +- $fname =~ s/\"/\\\"/g; +- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; ++ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, ++ "-fingerprint", "-noout", ++ "-in", $fname); + chomp $hash; + chomp $fprint; ++ return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; +@@ -202,10 +221,12 @@ sub link_hash_cert { + + sub link_hash_crl { + my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; ++ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, ++ "-fingerprint", "-noout", ++ "-in", $fname); + chomp $hash; + chomp $fprint; ++ return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; diff --git a/SOURCES/0066-replace-expired-certs.patch b/SOURCES/0066-replace-expired-certs.patch new file mode 100644 index 0000000..adc9460 --- /dev/null +++ b/SOURCES/0066-replace-expired-certs.patch @@ -0,0 +1,212 @@ +diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem +index 1fa449d5a098..6aa9455f09ed 100644 +--- a/test/certs/embeddedSCTs1_issuer.pem ++++ b/test/certs/embeddedSCTs1_issuer.pem +@@ -1,18 +1,18 @@ + -----BEGIN CERTIFICATE----- +-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk ++MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk + MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf +-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 +-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP +-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL +-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk +-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG +-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO +-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB +-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt +-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy +-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP +-OwqULg== ++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw ++ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy ++YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w ++gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG ++0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4 ++SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG ++acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw ++wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw ++CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB ++MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD ++AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq +++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo ++2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c ++Doud4XrO + -----END CERTIFICATE----- +diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem +index 5677ac6c9f6a..70ce71e43091 100644 +--- a/test/certs/sm2-ca-cert.pem ++++ b/test/certs/sm2-ca-cert.pem +@@ -1,14 +1,14 @@ + -----BEGIN CERTIFICATE----- +-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT ++MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT + AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw +-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG +-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU +-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW +-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU +-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI +-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X +-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 ++c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg ++Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x ++CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP ++cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH ++KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ ++ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O ++BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp ++SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 ++A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC ++WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu + -----END CERTIFICATE----- +diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt +index 5677ac6c9f6a..70ce71e43091 100644 +--- a/test/certs/sm2-root.crt ++++ b/test/certs/sm2-root.crt +@@ -1,14 +1,14 @@ + -----BEGIN CERTIFICATE----- +-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT ++MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT + AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw +-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG +-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU +-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW +-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU +-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI +-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X +-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 ++c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg ++Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x ++CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP ++cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH ++KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ ++ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O ++BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp ++SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 ++A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC ++WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu + -----END CERTIFICATE----- +diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem +index 189abb137625..daf12926aff9 100644 +--- a/test/certs/sm2.pem ++++ b/test/certs/sm2.pem +@@ -1,13 +1,14 @@ + -----BEGIN CERTIFICATE----- +-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT +-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw +-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw +-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE +-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ +-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT +-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH +-OZOfmtx613VyzXwc ++MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw ++aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER ++MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl ++c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw ++CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD ++VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT ++TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt ++SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN ++v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl ++u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/ ++Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9 ++/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg== + -----END CERTIFICATE----- +diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh +index 12e8a7305402..109b9c4abc28 100644 +--- a/test/smime-certs/mksmime-certs.sh ++++ b/test/smime-certs/mksmime-certs.sh +@@ -15,23 +15,23 @@ export OPENSSL_CONF + + # Root CA: create certificate directly + CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ +- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 ++ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501 + + # EE RSA certificates: create request first + CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \ + -keyout smrsa1.pem -out req.pem -newkey rsa:2048 + # Sign request: end entity extensions +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem + + CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \ + -keyout smrsa2.pem -out req.pem -newkey rsa:2048 +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem + + CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \ + -keyout smrsa3.pem -out req.pem -newkey rsa:2048 +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem + + # Create DSA parameters +@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048 + + CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \ + -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem + CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \ + -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem + CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \ + -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem + + # Create EC parameters +@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283 + + CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \ + -keyout smec1.pem -out req.pem -newkey ec:ecp.pem +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem + CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \ + -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem +-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ +- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ +- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem ++# Do not renew this cert as it is used for legacy data decrypt test ++#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ ++# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem ++#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ ++# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem + # Create X9.42 DH parameters. + $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem + # Generate X9.42 DH key. +@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem + CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \ + -keyout smtmp.pem -out req.pem -newkey rsa:2048 + # Sign request but force public key to DH +-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ ++$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ + -force_pubkey dhpub.pem \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem + # Remove temp files. diff --git a/SOURCES/0067-fix-ppc64-montgomery.patch b/SOURCES/0067-fix-ppc64-montgomery.patch new file mode 100644 index 0000000..a572ef8 --- /dev/null +++ b/SOURCES/0067-fix-ppc64-montgomery.patch @@ -0,0 +1,662 @@ +diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl +index 56df89dc27da..e69de29bb2d1 100755 +--- a/crypto/bn/asm/ppc64-mont-fixed.pl ++++ b/crypto/bn/asm/ppc64-mont-fixed.pl +@@ -1,581 +0,0 @@ +-#! /usr/bin/env perl +-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +-# +-# Licensed under the Apache License 2.0 (the "License"). You may not use +-# this file except in compliance with the License. You can obtain a copy +-# in the file LICENSE in the source distribution or at +-# https://www.openssl.org/source/license.html +- +-# ==================================================================== +-# Written by Amitay Isaacs , Martin Schwenke +-# & Alastair D'Silva for +-# the OpenSSL project. +-# ==================================================================== +- +-# +-# Fixed length (n=6), unrolled PPC Montgomery Multiplication +-# +- +-# 2021 +-# +-# Although this is a generic implementation for unrolling Montgomery +-# Multiplication for arbitrary values of n, this is currently only +-# used for n = 6 to improve the performance of ECC p384. +-# +-# Unrolling allows intermediate results to be stored in registers, +-# rather than on the stack, improving performance by ~7% compared to +-# the existing PPC assembly code. +-# +-# The ISA 3.0 implementation uses combination multiply/add +-# instructions (maddld, maddhdu) to improve performance by an +-# additional ~10% on Power 9. +-# +-# Finally, saving non-volatile registers into volatile vector +-# registers instead of onto the stack saves a little more. +-# +-# On a Power 9 machine we see an overall improvement of ~18%. +-# +- +-use strict; +-use warnings; +- +-my ($flavour, $output, $dir, $xlate); +- +-# $output is the last argument if it looks like a file (it has an extension) +-# $flavour is the first argument if it doesn't look like a file +-$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; +-$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; +- +-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +-die "can't locate ppc-xlate.pl"; +- +-open STDOUT,"| $^X $xlate $flavour \"$output\"" +- or die "can't call $xlate: $!"; +- +-if ($flavour !~ /64/) { +- die "bad flavour ($flavour) - only ppc64 permitted"; +-} +- +-my $SIZE_T= 8; +- +-# Registers are global so the code is remotely readable +- +-# Parameters for Montgomery multiplication +-my $sp = "r1"; +-my $toc = "r2"; +-my $rp = "r3"; +-my $ap = "r4"; +-my $bp = "r5"; +-my $np = "r6"; +-my $n0 = "r7"; +-my $num = "r8"; +- +-my $i = "r9"; +-my $c0 = "r10"; +-my $bp0 = "r11"; +-my $bpi = "r11"; +-my $bpj = "r11"; +-my $tj = "r12"; +-my $apj = "r12"; +-my $npj = "r12"; +-my $lo = "r14"; +-my $c1 = "r14"; +- +-# Non-volatile registers used for tp[i] +-# +-# 12 registers are available but the limit on unrolling is 10, +-# since registers from $tp[0] to $tp[$n+1] are used. +-my @tp = ("r20" .. "r31"); +- +-# volatile VSRs for saving non-volatile GPRs - faster than stack +-my @vsrs = ("v32" .. "v46"); +- +-package Mont; +- +-sub new($$) +-{ +- my ($class, $n) = @_; +- +- if ($n > 10) { +- die "Can't unroll for BN length ${n} (maximum 10)" +- } +- +- my $self = { +- code => "", +- n => $n, +- }; +- bless $self, $class; +- +- return $self; +-} +- +-sub add_code($$) +-{ +- my ($self, $c) = @_; +- +- $self->{code} .= $c; +-} +- +-sub get_code($) +-{ +- my ($self) = @_; +- +- return $self->{code}; +-} +- +-sub get_function_name($) +-{ +- my ($self) = @_; +- +- return "bn_mul_mont_fixed_n" . $self->{n}; +-} +- +-sub get_label($$) +-{ +- my ($self, $l) = @_; +- +- return "L" . $l . "_" . $self->{n}; +-} +- +-sub get_labels($@) +-{ +- my ($self, @labels) = @_; +- +- my %out = (); +- +- foreach my $l (@labels) { +- $out{"$l"} = $self->get_label("$l"); +- } +- +- return \%out; +-} +- +-sub nl($) +-{ +- my ($self) = @_; +- +- $self->add_code("\n"); +-} +- +-sub copy_result($) +-{ +- my ($self) = @_; +- +- my ($n) = $self->{n}; +- +- for (my $j = 0; $j < $n; $j++) { +- $self->add_code(<<___); +- std $tp[$j],`$j*$SIZE_T`($rp) +-___ +- } +- +-} +- +-sub mul_mont_fixed($) +-{ +- my ($self) = @_; +- +- my ($n) = $self->{n}; +- my $fname = $self->get_function_name(); +- my $label = $self->get_labels("outer", "enter", "sub", "copy", "end"); +- +- $self->add_code(<<___); +- +-.globl .${fname} +-.align 5 +-.${fname}: +- +-___ +- +- $self->save_registers(); +- +- $self->add_code(<<___); +- ld $n0,0($n0) +- +- ld $bp0,0($bp) +- +- ld $apj,0($ap) +-___ +- +- $self->mul_c_0($tp[0], $apj, $bp0, $c0); +- +- for (my $j = 1; $j < $n - 1; $j++) { +- $self->add_code(<<___); +- ld $apj,`$j*$SIZE_T`($ap) +-___ +- $self->mul($tp[$j], $apj, $bp0, $c0); +- } +- +- $self->add_code(<<___); +- ld $apj,`($n-1)*$SIZE_T`($ap) +-___ +- +- $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0); +- +- $self->add_code(<<___); +- li $tp[$n+1],0 +- +-___ +- +- $self->add_code(<<___); +- li $i,0 +- mtctr $num +- b $label->{"enter"} +- +-.align 4 +-$label->{"outer"}: +- ldx $bpi,$bp,$i +- +- ld $apj,0($ap) +-___ +- +- $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0); +- +- for (my $j = 1; $j < $n; $j++) { +- $self->add_code(<<___); +- ld $apj,`$j*$SIZE_T`($ap) +-___ +- $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0); +- } +- +- $self->add_code(<<___); +- addc $tp[$n],$tp[$n],$c0 +- addze $tp[$n+1],$tp[$n+1] +-___ +- +- $self->add_code(<<___); +-.align 4 +-$label->{"enter"}: +- mulld $bpi,$tp[0],$n0 +- +- ld $npj,0($np) +-___ +- +- $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0); +- +- for (my $j = 1; $j < $n; $j++) { +- $self->add_code(<<___); +- ld $npj,`$j*$SIZE_T`($np) +-___ +- $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0); +- } +- +- $self->add_code(<<___); +- addc $tp[$n-1],$tp[$n],$c0 +- addze $tp[$n],$tp[$n+1] +- +- addi $i,$i,$SIZE_T +- bdnz $label->{"outer"} +- +- and. $tp[$n],$tp[$n],$tp[$n] +- bne $label->{"sub"} +- +- cmpld $tp[$n-1],$npj +- blt $label->{"copy"} +- +-$label->{"sub"}: +-___ +- +- # +- # Reduction +- # +- +- $self->add_code(<<___); +- ld $bpj,`0*$SIZE_T`($np) +- subfc $c1,$bpj,$tp[0] +- std $c1,`0*$SIZE_T`($rp) +- +-___ +- for (my $j = 1; $j < $n - 1; $j++) { +- $self->add_code(<<___); +- ld $bpj,`$j*$SIZE_T`($np) +- subfe $c1,$bpj,$tp[$j] +- std $c1,`$j*$SIZE_T`($rp) +- +-___ +- } +- +- $self->add_code(<<___); +- subfe $c1,$npj,$tp[$n-1] +- std $c1,`($n-1)*$SIZE_T`($rp) +- +-___ +- +- $self->add_code(<<___); +- addme. $tp[$n],$tp[$n] +- beq $label->{"end"} +- +-$label->{"copy"}: +-___ +- +- $self->copy_result(); +- +- $self->add_code(<<___); +- +-$label->{"end"}: +-___ +- +- $self->restore_registers(); +- +- $self->add_code(<<___); +- li r3,1 +- blr +-.size .${fname},.-.${fname} +-___ +- +-} +- +-package Mont::GPR; +- +-our @ISA = ('Mont'); +- +-sub new($$) +-{ +- my ($class, $n) = @_; +- +- return $class->SUPER::new($n); +-} +- +-sub save_registers($) +-{ +- my ($self) = @_; +- +- my $n = $self->{n}; +- +- $self->add_code(<<___); +- std $lo,-8($sp) +-___ +- +- for (my $j = 0; $j <= $n+1; $j++) { +- $self->{code}.=<<___; +- std $tp[$j],-`($j+2)*8`($sp) +-___ +- } +- +- $self->add_code(<<___); +- +-___ +-} +- +-sub restore_registers($) +-{ +- my ($self) = @_; +- +- my $n = $self->{n}; +- +- $self->add_code(<<___); +- ld $lo,-8($sp) +-___ +- +- for (my $j = 0; $j <= $n+1; $j++) { +- $self->{code}.=<<___; +- ld $tp[$j],-`($j+2)*8`($sp) +-___ +- } +- +- $self->{code} .=<<___; +- +-___ +-} +- +-# Direct translation of C mul() +-sub mul($$$$$) +-{ +- my ($self, $r, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- mulld $lo,$a,$w +- addc $r,$lo,$c +- mulhdu $c,$a,$w +- addze $c,$c +- +-___ +-} +- +-# Like mul() but $c is ignored as an input - an optimisation to save a +-# preliminary instruction that would set input $c to 0 +-sub mul_c_0($$$$$) +-{ +- my ($self, $r, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- mulld $r,$a,$w +- mulhdu $c,$a,$w +- +-___ +-} +- +-# Like mul() but does not to the final addition of CA into $c - an +-# optimisation to save an instruction +-sub mul_last($$$$$$) +-{ +- my ($self, $r1, $r2, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- mulld $lo,$a,$w +- addc $r1,$lo,$c +- mulhdu $c,$a,$w +- +- addze $r2,$c +-___ +-} +- +-# Like C mul_add() but allow $r_out and $r_in to be different +-sub mul_add($$$$$$) +-{ +- my ($self, $r_out, $r_in, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- mulld $lo,$a,$w +- addc $lo,$lo,$c +- mulhdu $c,$a,$w +- addze $c,$c +- addc $r_out,$r_in,$lo +- addze $c,$c +- +-___ +-} +- +-# Like mul_add() but $c is ignored as an input - an optimisation to save a +-# preliminary instruction that would set input $c to 0 +-sub mul_add_c_0($$$$$$) +-{ +- my ($self, $r_out, $r_in, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- mulld $lo,$a,$w +- addc $r_out,$r_in,$lo +- mulhdu $c,$a,$w +- addze $c,$c +- +-___ +-} +- +-package Mont::GPR_300; +- +-our @ISA = ('Mont::GPR'); +- +-sub new($$) +-{ +- my ($class, $n) = @_; +- +- my $mont = $class->SUPER::new($n); +- +- return $mont; +-} +- +-sub get_function_name($) +-{ +- my ($self) = @_; +- +- return "bn_mul_mont_300_fixed_n" . $self->{n}; +-} +- +-sub get_label($$) +-{ +- my ($self, $l) = @_; +- +- return "L" . $l . "_300_" . $self->{n}; +-} +- +-# Direct translation of C mul() +-sub mul($$$$$) +-{ +- my ($self, $r, $a, $w, $c, $last) = @_; +- +- $self->add_code(<<___); +- maddld $r,$a,$w,$c +- maddhdu $c,$a,$w,$c +- +-___ +-} +- +-# Save the last carry as the final entry +-sub mul_last($$$$$) +-{ +- my ($self, $r1, $r2, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- maddld $r1,$a,$w,$c +- maddhdu $r2,$a,$w,$c +- +-___ +-} +- +-# Like mul() but $c is ignored as an input - an optimisation to save a +-# preliminary instruction that would set input $c to 0 +-sub mul_c_0($$$$$) +-{ +- my ($self, $r, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- mulld $r,$a,$w +- mulhdu $c,$a,$w +- +-___ +-} +- +-# Like C mul_add() but allow $r_out and $r_in to be different +-sub mul_add($$$$$$) +-{ +- my ($self, $r_out, $r_in, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- maddld $lo,$a,$w,$c +- maddhdu $c,$a,$w,$c +- addc $r_out,$r_in,$lo +- addze $c,$c +- +-___ +-} +- +-# Like mul_add() but $c is ignored as an input - an optimisation to save a +-# preliminary instruction that would set input $c to 0 +-sub mul_add_c_0($$$$$$) +-{ +- my ($self, $r_out, $r_in, $a, $w, $c) = @_; +- +- $self->add_code(<<___); +- maddld $lo,$a,$w,$r_in +- maddhdu $c,$a,$w,$r_in +-___ +- +- if ($r_out ne $lo) { +- $self->add_code(<<___); +- mr $r_out,$lo +-___ +- } +- +- $self->nl(); +-} +- +- +-package main; +- +-my $code; +- +-$code.=<<___; +-.machine "any" +-.text +-___ +- +-my $mont; +- +-$mont = new Mont::GPR(6); +-$mont->mul_mont_fixed(); +-$code .= $mont->get_code(); +- +-$mont = new Mont::GPR_300(6); +-$mont->mul_mont_fixed(); +-$code .= $mont->get_code(); +- +-$code =~ s/\`([^\`]*)\`/eval $1/gem; +- +-$code.=<<___; +-.asciz "Montgomery Multiplication for PPC by , " +-___ +- +-print $code; +-close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c +index 1e9421bee213..3ee76ea96574 100644 +--- a/crypto/bn/bn_ppc.c ++++ b/crypto/bn/bn_ppc.c +@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); + int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); +- int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, +- const BN_ULONG *bp, const BN_ULONG *np, +- const BN_ULONG *n0, int num); +- int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, +- const BN_ULONG *bp, const BN_ULONG *np, +- const BN_ULONG *n0, int num); + + if (num < 4) + return 0; +@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + * no opportunity to figure it out... + */ + +-#if defined(_ARCH_PPC64) +- if (num == 6) { +- if (OPENSSL_ppccap_P & PPC_MADD300) +- return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); +- else +- return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); +- } +-#endif +- + return bn_mul_mont_int(rp, ap, bp, np, n0, num); + } +diff --git a/crypto/bn/build.info b/crypto/bn/build.info +index 987a70ae263b..4f8d0689b5ea 100644 +--- a/crypto/bn/build.info ++++ b/crypto/bn/build.info +@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}] + + $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s + $BNDEF_ppc32=OPENSSL_BN_ASM_MONT +- $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s ++ $BNASM_ppc64=$BNASM_ppc32 + $BNDEF_ppc64=$BNDEF_ppc32 + + $BNASM_c64xplus=asm/bn-c64xplus.asm +@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl + GENERATE[bn-ppc.s]=asm/ppc.pl + GENERATE[ppc-mont.s]=asm/ppc-mont.pl + GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl +-GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl + + GENERATE[alpha-mont.S]=asm/alpha-mont.pl + +diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +index f36982845db4..1543ed9f7534 100644 +--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +@@ -97,6 +97,18 @@ Key = P-256-PUBLIC + Input = "Hello World" + Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 + ++PublicKey=P-384-PUBLIC ++-----BEGIN PUBLIC KEY----- ++MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd ++nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19 ++twD8guGxyFRaoMDTtW47/nifwYqRaIfC ++-----END PUBLIC KEY----- ++ ++DigestVerify = SHA384 ++Key = P-384-PUBLIC ++Input = "123400" ++Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970 ++ + # Oneshot tests + OneShotDigestVerify = SHA256 + Key = P-256-PUBLIC diff --git a/SOURCES/0068-CVE-2022-2068.patch b/SOURCES/0068-CVE-2022-2068.patch new file mode 100644 index 0000000..c4dd7f2 --- /dev/null +++ b/SOURCES/0068-CVE-2022-2068.patch @@ -0,0 +1,174 @@ +diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in +--- openssl-3.0.1/tools/c_rehash.in.cve20222068 2022-06-22 13:15:57.347421765 +0200 ++++ openssl-3.0.1/tools/c_rehash.in 2022-06-22 13:16:14.797576250 +0200 +@@ -104,18 +104,41 @@ foreach (@dirlist) { + } + exit($errorcount); + ++sub copy_file { ++ my ($src_fname, $dst_fname) = @_; ++ ++ if (open(my $in, "<", $src_fname)) { ++ if (open(my $out, ">", $dst_fname)) { ++ print $out $_ while (<$in>); ++ close $out; ++ } else { ++ warn "Cannot open $dst_fname for write, $!"; ++ } ++ close $in; ++ } else { ++ warn "Cannot open $src_fname for read, $!"; ++ } ++} ++ + sub hash_dir { ++ my $dir = shift; + my %hashlist; +- print "Doing $_[0]\n"; +- chdir $_[0]; +- opendir(DIR, "."); ++ ++ print "Doing $dir\n"; ++ ++ if (!chdir $dir) { ++ print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; ++ return; ++ } ++ ++ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { +- print "unlink $_" if $verbose; ++ print "unlink $_\n" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } +@@ -130,13 +153,16 @@ sub hash_dir { + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } ++ ++ chdir $pwd; + } + + sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; +- open IN, $fname; +- while() { ++ ++ open(my $in, "<", $fname); ++ while(<$in>) { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { +@@ -148,7 +174,7 @@ sub check_file { + } + } + } +- close IN; ++ close $in; + return ($is_cert, $is_crl); + } + +@@ -177,76 +203,49 @@ sub compute_hash { + # certificate fingerprints + + sub link_hash_cert { +- my $fname = $_[0]; +- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, +- "-fingerprint", "-noout", +- "-in", $fname); +- chomp $hash; +- chomp $fprint; +- return if !$hash; +- $fprint =~ s/^.*=//; +- $fprint =~ tr/://d; +- my $suffix = 0; +- # Search for an unused hash filename +- while(exists $hashlist{"$hash.$suffix"}) { +- # Hash matches: if fingerprint matches its a duplicate cert +- if ($hashlist{"$hash.$suffix"} eq $fprint) { +- print STDERR "WARNING: Skipping duplicate certificate $fname\n"; +- return; +- } +- $suffix++; +- } +- $hash .= ".$suffix"; +- if ($symlink_exists) { +- print "link $fname -> $hash\n" if $verbose; +- symlink $fname, $hash || warn "Can't symlink, $!"; +- } else { +- print "copy $fname -> $hash\n" if $verbose; +- if (open($in, "<", $fname)) { +- if (open($out,">", $hash)) { +- print $out $_ while (<$in>); +- close $out; +- } else { +- warn "can't open $hash for write, $!"; +- } +- close $in; +- } else { +- warn "can't open $fname for read, $!"; +- } +- } +- $hashlist{$hash} = $fprint; ++ link_hash($_[0], 'cert'); + } + + # Same as above except for a CRL. CRL links are of the form .r + + sub link_hash_crl { +- my $fname = $_[0]; +- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, ++ link_hash($_[0], 'crl'); ++} ++ ++sub link_hash { ++ my ($fname, $type) = @_; ++ my $is_cert = $type eq 'cert'; ++ ++ my ($hash, $fprint) = compute_hash($openssl, ++ $is_cert ? "x509" : "crl", ++ $is_cert ? $x509hash : $crlhash, + "-fingerprint", "-noout", + "-in", $fname); + chomp $hash; ++ $hash =~ s/^.*=// if !$is_cert; + chomp $fprint; + return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename +- while(exists $hashlist{"$hash.r$suffix"}) { ++ my $crlmark = $is_cert ? "" : "r"; ++ while(exists $hashlist{"$hash.$crlmark$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert +- if ($hashlist{"$hash.r$suffix"} eq $fprint) { +- print STDERR "WARNING: Skipping duplicate CRL $fname\n"; ++ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { ++ my $what = $is_cert ? 'certificate' : 'CRL'; ++ print STDERR "WARNING: Skipping duplicate $what $fname\n"; + return; + } + $suffix++; + } +- $hash .= ".r$suffix"; ++ $hash .= ".$crlmark$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { +- print "cp $fname -> $hash\n" if $verbose; +- system ("cp", $fname, $hash); +- warn "Can't copy, $!" if ($? >> 8) != 0; ++ print "copy $fname -> $hash\n" if $verbose; ++ copy_file($fname, $hash); + } + $hashlist{$hash} = $fprint; + } diff --git a/SOURCES/0069-CVE-2022-2097.patch b/SOURCES/0069-CVE-2022-2097.patch new file mode 100644 index 0000000..47fcaa5 --- /dev/null +++ b/SOURCES/0069-CVE-2022-2097.patch @@ -0,0 +1,151 @@ +From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001 +From: Alex Chernyakhovsky +Date: Thu, 16 Jun 2022 12:00:22 +1000 +Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path +that performs operations on 6 16-byte blocks concurrently (the +"grandloop") and then proceeds to handle the "short" tail (which can +be anywhere from 0 to 5 blocks) that remain. + +As part of initialization, the assembly initializes $len to the true +length, less 96 bytes and converts it to a pointer so that the $inp +can be compared to it. Each iteration of "grandloop" checks to see if +there's a full 96-byte chunk to process, and if so, continues. Once +this has been exhausted, it falls through to "short", which handles +the remaining zero to five blocks. + +Unfortunately, the jump at the end of "grandloop" had a fencepost +error, doing a `jb` ("jump below") rather than `jbe` (jump below or +equal). This should be `jbe`, as $inp is pointing to the *end* of the +chunk currently being handled. If $inp == $len, that means that +there's a whole 96-byte chunk waiting to be handled. If $inp > $len, +then there's 5 or fewer 16-byte blocks left to be handled, and the +fall-through is intended. + +The net effect of `jb` instead of `jbe` is that the last 16-byte block +of the last 96-byte chunk was completely omitted. The contents of +`out` in this position were never written to. Additionally, since +those bytes were never processed, the authentication tag generated is +also incorrect. + +The same fencepost error, and identical logic, exists in both +aesni_ocb_encrypt and aesni_ocb_decrypt. + +This addresses CVE-2022-2097. + +Co-authored-by: Alejandro Sedeño +Co-authored-by: David Benjamin + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c) +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93] +--- + crypto/aes/asm/aesni-x86.pl | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl +index 4245fe34e17e..7cf838db170b 100644 +--- a/crypto/aes/asm/aesni-x86.pl ++++ b/crypto/aes/asm/aesni-x86.pl +@@ -2025,7 +2025,7 @@ sub aesni_generate6 + &movdqu (&QWP(-16*2,$out,$inp),$inout4); + &movdqu (&QWP(-16*1,$out,$inp),$inout5); + &cmp ($inp,$len); # done yet? +- &jb (&label("grandloop")); ++ &jbe (&label("grandloop")); + + &set_label("short"); + &add ($len,16*6); +@@ -2451,7 +2451,7 @@ sub aesni_generate6 + &pxor ($rndkey1,$inout5); + &movdqu (&QWP(-16*1,$out,$inp),$inout5); + &cmp ($inp,$len); # done yet? +- &jb (&label("grandloop")); ++ &jbe (&label("grandloop")); + + &set_label("short"); + &add ($len,16*6); +From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001 +From: Alex Chernyakhovsky +Date: Thu, 16 Jun 2022 12:02:37 +1000 +Subject: [PATCH] AES OCB test vectors +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. + +Co-authored-by: Alejandro Sedeño +Co-authored-by: David Benjamin + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be) +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8] +--- + .../30-test_evp_data/evpciph_aes_ocb.txt | 50 +++++++++++++++++++ + 1 file changed, 50 insertions(+) + +diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt +index e58ee34b6b3f..de098905230b 100644 +--- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt ++++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt +@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021 + Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 + Operation = DECRYPT + Result = CIPHERFINAL_ERROR ++ ++#Test vectors generated to validate aesni_ocb_encrypt on x86 ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = C14DFF7D62A13C4A3422456207453190 ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333 ++ ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = D47D84F6FF912C79B6A4223AB9BE2DB8 ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204 ++ ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = 41970D13737B7BD1B5FBF49ED4412CA5 ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91 ++ ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = BE0228651ED4E48A11BDED68D953F3A0 ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F ++ ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = 17BC6E10B16E5FDC52836E7D589518C7 ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B ++ ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = E84AAC18666116990A3A37B3A5FC55BD ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED ++ ++Cipher = aes-128-ocb ++Key = 000102030405060708090A0B0C0D0E0F ++IV = 000000000001020304050607 ++Tag = 3E5EA7EE064FE83B313E28D411E91EAD ++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D ++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C diff --git a/SOURCES/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch b/SOURCES/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch new file mode 100644 index 0000000..5a16ae7 --- /dev/null +++ b/SOURCES/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch @@ -0,0 +1,56 @@ +From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 5 May 2022 08:11:24 +0200 +Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init + strcasecmp + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18247) + +(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9) + +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483] +--- + crypto/evp/evp_lib.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c +index 3fe4743761..d9b8c0af41 100644 +--- a/crypto/evp/evp_lib.c ++++ b/crypto/evp/evp_lib.c +@@ -24,6 +24,7 @@ + #include + #include + #include "crypto/evp.h" ++#include "crypto/cryptlib.h" + #include "internal/provider.h" + #include "evp_local.h" + +@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) + return (ctx->flags & flags); + } + ++#if !defined(FIPS_MODULE) ++ + int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) + { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; +@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + + va_start(args, type); + ++ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); ++ + if (OPENSSL_strcasecmp(type, "RSA") == 0) { + bits = va_arg(args, size_t); + params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); +@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + va_end(args); + return ret; + } ++ ++#endif /* !defined(FIPS_MODULE) */ +-- +2.35.3 + diff --git a/SOURCES/0071-AES-GCM-performance-optimization.patch b/SOURCES/0071-AES-GCM-performance-optimization.patch new file mode 100644 index 0000000..edf40ec --- /dev/null +++ b/SOURCES/0071-AES-GCM-performance-optimization.patch @@ -0,0 +1,1635 @@ +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c, https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd] +diff --git a/crypto/modes/asm/aes-gcm-ppc.pl b/crypto/modes/asm/aes-gcm-ppc.pl +new file mode 100644 +index 0000000..6624e6c +--- /dev/null ++++ b/crypto/modes/asm/aes-gcm-ppc.pl +@@ -0,0 +1,1438 @@ ++#! /usr/bin/env perl ++# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright 2021- IBM Inc. All rights reserved ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++# ++#=================================================================================== ++# Written by Danny Tsen for OpenSSL Project, ++# ++# GHASH is based on the Karatsuba multiplication method. ++# ++# Xi xor X1 ++# ++# X1 * H^4 + X2 * H^3 + x3 * H^2 + X4 * H = ++# (X1.h * H4.h + xX.l * H4.l + X1 * H4) + ++# (X2.h * H3.h + X2.l * H3.l + X2 * H3) + ++# (X3.h * H2.h + X3.l * H2.l + X3 * H2) + ++# (X4.h * H.h + X4.l * H.l + X4 * H) ++# ++# Xi = v0 ++# H Poly = v2 ++# Hash keys = v3 - v14 ++# ( H.l, H, H.h) ++# ( H^2.l, H^2, H^2.h) ++# ( H^3.l, H^3, H^3.h) ++# ( H^4.l, H^4, H^4.h) ++# ++# v30 is IV ++# v31 - counter 1 ++# ++# AES used, ++# vs0 - vs14 for round keys ++# v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted) ++# ++# This implementation uses stitched AES-GCM approach to improve overall performance. ++# AES is implemented with 8x blocks and GHASH is using 2 4x blocks. ++# ++# Current large block (16384 bytes) performance per second with 128 bit key -- ++# ++# Encrypt Decrypt ++# Power10[le] (3.5GHz) 5.32G 5.26G ++# ++# =================================================================================== ++# ++# $output is the last argument if it looks like a file (it has an extension) ++# $flavour is the first argument if it doesn't look like a file ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++if ($flavour =~ /64/) { ++ $SIZE_T=8; ++ $LRSAVE=2*$SIZE_T; ++ $STU="stdu"; ++ $POP="ld"; ++ $PUSH="std"; ++ $UCMP="cmpld"; ++ $SHRI="srdi"; ++} elsif ($flavour =~ /32/) { ++ $SIZE_T=4; ++ $LRSAVE=$SIZE_T; ++ $STU="stwu"; ++ $POP="lwz"; ++ $PUSH="stw"; ++ $UCMP="cmplw"; ++ $SHRI="srwi"; ++} else { die "nonsense $flavour"; } ++ ++$sp="r1"; ++$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or ++die "can't locate ppc-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour \"$output\"" ++ or die "can't call $xlate: $!"; ++ ++$code=<<___; ++.machine "any" ++.text ++ ++# 4x loops ++# v15 - v18 - input states ++# vs1 - vs9 - round keys ++# ++.macro Loop_aes_middle4x ++ xxlor 19+32, 1, 1 ++ xxlor 20+32, 2, 2 ++ xxlor 21+32, 3, 3 ++ xxlor 22+32, 4, 4 ++ ++ vcipher 15, 15, 19 ++ vcipher 16, 16, 19 ++ vcipher 17, 17, 19 ++ vcipher 18, 18, 19 ++ ++ vcipher 15, 15, 20 ++ vcipher 16, 16, 20 ++ vcipher 17, 17, 20 ++ vcipher 18, 18, 20 ++ ++ vcipher 15, 15, 21 ++ vcipher 16, 16, 21 ++ vcipher 17, 17, 21 ++ vcipher 18, 18, 21 ++ ++ vcipher 15, 15, 22 ++ vcipher 16, 16, 22 ++ vcipher 17, 17, 22 ++ vcipher 18, 18, 22 ++ ++ xxlor 19+32, 5, 5 ++ xxlor 20+32, 6, 6 ++ xxlor 21+32, 7, 7 ++ xxlor 22+32, 8, 8 ++ ++ vcipher 15, 15, 19 ++ vcipher 16, 16, 19 ++ vcipher 17, 17, 19 ++ vcipher 18, 18, 19 ++ ++ vcipher 15, 15, 20 ++ vcipher 16, 16, 20 ++ vcipher 17, 17, 20 ++ vcipher 18, 18, 20 ++ ++ vcipher 15, 15, 21 ++ vcipher 16, 16, 21 ++ vcipher 17, 17, 21 ++ vcipher 18, 18, 21 ++ ++ vcipher 15, 15, 22 ++ vcipher 16, 16, 22 ++ vcipher 17, 17, 22 ++ vcipher 18, 18, 22 ++ ++ xxlor 23+32, 9, 9 ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++.endm ++ ++# 8x loops ++# v15 - v22 - input states ++# vs1 - vs9 - round keys ++# ++.macro Loop_aes_middle8x ++ xxlor 23+32, 1, 1 ++ xxlor 24+32, 2, 2 ++ xxlor 25+32, 3, 3 ++ xxlor 26+32, 4, 4 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ vcipher 15, 15, 25 ++ vcipher 16, 16, 25 ++ vcipher 17, 17, 25 ++ vcipher 18, 18, 25 ++ vcipher 19, 19, 25 ++ vcipher 20, 20, 25 ++ vcipher 21, 21, 25 ++ vcipher 22, 22, 25 ++ ++ vcipher 15, 15, 26 ++ vcipher 16, 16, 26 ++ vcipher 17, 17, 26 ++ vcipher 18, 18, 26 ++ vcipher 19, 19, 26 ++ vcipher 20, 20, 26 ++ vcipher 21, 21, 26 ++ vcipher 22, 22, 26 ++ ++ xxlor 23+32, 5, 5 ++ xxlor 24+32, 6, 6 ++ xxlor 25+32, 7, 7 ++ xxlor 26+32, 8, 8 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ vcipher 15, 15, 25 ++ vcipher 16, 16, 25 ++ vcipher 17, 17, 25 ++ vcipher 18, 18, 25 ++ vcipher 19, 19, 25 ++ vcipher 20, 20, 25 ++ vcipher 21, 21, 25 ++ vcipher 22, 22, 25 ++ ++ vcipher 15, 15, 26 ++ vcipher 16, 16, 26 ++ vcipher 17, 17, 26 ++ vcipher 18, 18, 26 ++ vcipher 19, 19, 26 ++ vcipher 20, 20, 26 ++ vcipher 21, 21, 26 ++ vcipher 22, 22, 26 ++ ++ xxlor 23+32, 9, 9 ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++.endm ++ ++# ++# Compute 4x hash values based on Karatsuba method. ++# ++ppc_aes_gcm_ghash: ++ vxor 15, 15, 0 ++ ++ xxlxor 29, 29, 29 ++ ++ vpmsumd 23, 12, 15 # H4.L * X.L ++ vpmsumd 24, 9, 16 ++ vpmsumd 25, 6, 17 ++ vpmsumd 26, 3, 18 ++ ++ vxor 23, 23, 24 ++ vxor 23, 23, 25 ++ vxor 23, 23, 26 # L ++ ++ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L ++ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L ++ vpmsumd 26, 7, 17 ++ vpmsumd 27, 4, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 # M ++ ++ # sum hash and reduction with H Poly ++ vpmsumd 28, 23, 2 # reduction ++ ++ xxlor 29+32, 29, 29 ++ vsldoi 26, 24, 29, 8 # mL ++ vsldoi 29, 29, 24, 8 # mH ++ vxor 23, 23, 26 # mL + L ++ ++ vsldoi 23, 23, 23, 8 # swap ++ vxor 23, 23, 28 ++ ++ vpmsumd 24, 14, 15 # H4.H * X.H ++ vpmsumd 25, 11, 16 ++ vpmsumd 26, 8, 17 ++ vpmsumd 27, 5, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 ++ ++ vxor 24, 24, 29 ++ ++ # sum hash and reduction with H Poly ++ vsldoi 27, 23, 23, 8 # swap ++ vpmsumd 23, 23, 2 ++ vxor 27, 27, 24 ++ vxor 23, 23, 27 ++ ++ xxlor 32, 23+32, 23+32 # update hash ++ ++ blr ++ ++# ++# Combine two 4x ghash ++# v15 - v22 - input blocks ++# ++.macro ppc_aes_gcm_ghash2_4x ++ # first 4x hash ++ vxor 15, 15, 0 # Xi + X ++ ++ xxlxor 29, 29, 29 ++ ++ vpmsumd 23, 12, 15 # H4.L * X.L ++ vpmsumd 24, 9, 16 ++ vpmsumd 25, 6, 17 ++ vpmsumd 26, 3, 18 ++ ++ vxor 23, 23, 24 ++ vxor 23, 23, 25 ++ vxor 23, 23, 26 # L ++ ++ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L ++ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L ++ vpmsumd 26, 7, 17 ++ vpmsumd 27, 4, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ ++ # sum hash and reduction with H Poly ++ vpmsumd 28, 23, 2 # reduction ++ ++ xxlor 29+32, 29, 29 ++ ++ vxor 24, 24, 27 # M ++ vsldoi 26, 24, 29, 8 # mL ++ vsldoi 29, 29, 24, 8 # mH ++ vxor 23, 23, 26 # mL + L ++ ++ vsldoi 23, 23, 23, 8 # swap ++ vxor 23, 23, 28 ++ ++ vpmsumd 24, 14, 15 # H4.H * X.H ++ vpmsumd 25, 11, 16 ++ vpmsumd 26, 8, 17 ++ vpmsumd 27, 5, 18 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 # H ++ ++ vxor 24, 24, 29 # H + mH ++ ++ # sum hash and reduction with H Poly ++ vsldoi 27, 23, 23, 8 # swap ++ vpmsumd 23, 23, 2 ++ vxor 27, 27, 24 ++ vxor 27, 23, 27 # 1st Xi ++ ++ # 2nd 4x hash ++ vpmsumd 24, 9, 20 ++ vpmsumd 25, 6, 21 ++ vpmsumd 26, 3, 22 ++ vxor 19, 19, 27 # Xi + X ++ vpmsumd 23, 12, 19 # H4.L * X.L ++ ++ vxor 23, 23, 24 ++ vxor 23, 23, 25 ++ vxor 23, 23, 26 # L ++ ++ vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L ++ vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L ++ vpmsumd 26, 7, 21 ++ vpmsumd 27, 4, 22 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ ++ # sum hash and reduction with H Poly ++ vpmsumd 28, 23, 2 # reduction ++ ++ xxlor 29+32, 29, 29 ++ ++ vxor 24, 24, 27 # M ++ vsldoi 26, 24, 29, 8 # mL ++ vsldoi 29, 29, 24, 8 # mH ++ vxor 23, 23, 26 # mL + L ++ ++ vsldoi 23, 23, 23, 8 # swap ++ vxor 23, 23, 28 ++ ++ vpmsumd 24, 14, 19 # H4.H * X.H ++ vpmsumd 25, 11, 20 ++ vpmsumd 26, 8, 21 ++ vpmsumd 27, 5, 22 ++ ++ vxor 24, 24, 25 ++ vxor 24, 24, 26 ++ vxor 24, 24, 27 # H ++ ++ vxor 24, 24, 29 # H + mH ++ ++ # sum hash and reduction with H Poly ++ vsldoi 27, 23, 23, 8 # swap ++ vpmsumd 23, 23, 2 ++ vxor 27, 27, 24 ++ vxor 23, 23, 27 ++ ++ xxlor 32, 23+32, 23+32 # update hash ++ ++.endm ++ ++# ++# Compute update single hash ++# ++.macro ppc_update_hash_1x ++ vxor 28, 28, 0 ++ ++ vxor 19, 19, 19 ++ ++ vpmsumd 22, 3, 28 # L ++ vpmsumd 23, 4, 28 # M ++ vpmsumd 24, 5, 28 # H ++ ++ vpmsumd 27, 22, 2 # reduction ++ ++ vsldoi 25, 23, 19, 8 # mL ++ vsldoi 26, 19, 23, 8 # mH ++ vxor 22, 22, 25 # LL + LL ++ vxor 24, 24, 26 # HH + HH ++ ++ vsldoi 22, 22, 22, 8 # swap ++ vxor 22, 22, 27 ++ ++ vsldoi 20, 22, 22, 8 # swap ++ vpmsumd 22, 22, 2 # reduction ++ vxor 20, 20, 24 ++ vxor 22, 22, 20 ++ ++ vmr 0, 22 # update hash ++ ++.endm ++ ++# ++# ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len, ++# const AES_KEY *key, unsigned char iv[16], ++# void *Xip); ++# ++# r3 - inp ++# r4 - out ++# r5 - len ++# r6 - AES round keys ++# r7 - iv ++# r8 - Xi, HPoli, hash keys ++# ++.global ppc_aes_gcm_encrypt ++.align 5 ++ppc_aes_gcm_encrypt: ++_ppc_aes_gcm_encrypt: ++ ++ stdu 1,-512(1) ++ mflr 0 ++ ++ std 14,112(1) ++ std 15,120(1) ++ std 16,128(1) ++ std 17,136(1) ++ std 18,144(1) ++ std 19,152(1) ++ std 20,160(1) ++ std 21,168(1) ++ li 9, 256 ++ stvx 20, 9, 1 ++ addi 9, 9, 16 ++ stvx 21, 9, 1 ++ addi 9, 9, 16 ++ stvx 22, 9, 1 ++ addi 9, 9, 16 ++ stvx 23, 9, 1 ++ addi 9, 9, 16 ++ stvx 24, 9, 1 ++ addi 9, 9, 16 ++ stvx 25, 9, 1 ++ addi 9, 9, 16 ++ stvx 26, 9, 1 ++ addi 9, 9, 16 ++ stvx 27, 9, 1 ++ addi 9, 9, 16 ++ stvx 28, 9, 1 ++ addi 9, 9, 16 ++ stvx 29, 9, 1 ++ addi 9, 9, 16 ++ stvx 30, 9, 1 ++ addi 9, 9, 16 ++ stvx 31, 9, 1 ++ std 0, 528(1) ++ ++ # Load Xi ++ lxvb16x 32, 0, 8 # load Xi ++ ++ # load Hash - h^4, h^3, h^2, h ++ li 10, 32 ++ lxvd2x 2+32, 10, 8 # H Poli ++ li 10, 48 ++ lxvd2x 3+32, 10, 8 # Hl ++ li 10, 64 ++ lxvd2x 4+32, 10, 8 # H ++ li 10, 80 ++ lxvd2x 5+32, 10, 8 # Hh ++ ++ li 10, 96 ++ lxvd2x 6+32, 10, 8 # H^2l ++ li 10, 112 ++ lxvd2x 7+32, 10, 8 # H^2 ++ li 10, 128 ++ lxvd2x 8+32, 10, 8 # H^2h ++ ++ li 10, 144 ++ lxvd2x 9+32, 10, 8 # H^3l ++ li 10, 160 ++ lxvd2x 10+32, 10, 8 # H^3 ++ li 10, 176 ++ lxvd2x 11+32, 10, 8 # H^3h ++ ++ li 10, 192 ++ lxvd2x 12+32, 10, 8 # H^4l ++ li 10, 208 ++ lxvd2x 13+32, 10, 8 # H^4 ++ li 10, 224 ++ lxvd2x 14+32, 10, 8 # H^4h ++ ++ # initialize ICB: GHASH( IV ), IV - r7 ++ lxvb16x 30+32, 0, 7 # load IV - v30 ++ ++ mr 12, 5 # length ++ li 11, 0 # block index ++ ++ # counter 1 ++ vxor 31, 31, 31 ++ vspltisb 22, 1 ++ vsldoi 31, 31, 22,1 # counter 1 ++ ++ # load round key to VSR ++ lxv 0, 0(6) ++ lxv 1, 0x10(6) ++ lxv 2, 0x20(6) ++ lxv 3, 0x30(6) ++ lxv 4, 0x40(6) ++ lxv 5, 0x50(6) ++ lxv 6, 0x60(6) ++ lxv 7, 0x70(6) ++ lxv 8, 0x80(6) ++ lxv 9, 0x90(6) ++ lxv 10, 0xa0(6) ++ ++ # load rounds - 10 (128), 12 (192), 14 (256) ++ lwz 9,240(6) ++ ++ # ++ # vxor state, state, w # addroundkey ++ xxlor 32+29, 0, 0 ++ vxor 15, 30, 29 # IV + round key - add round key 0 ++ ++ cmpdi 9, 10 ++ beq Loop_aes_gcm_8x ++ ++ # load 2 more round keys (v11, v12) ++ lxv 11, 0xb0(6) ++ lxv 12, 0xc0(6) ++ ++ cmpdi 9, 12 ++ beq Loop_aes_gcm_8x ++ ++ # load 2 more round keys (v11, v12, v13, v14) ++ lxv 13, 0xd0(6) ++ lxv 14, 0xe0(6) ++ cmpdi 9, 14 ++ beq Loop_aes_gcm_8x ++ ++ b aes_gcm_out ++ ++.align 5 ++Loop_aes_gcm_8x: ++ mr 14, 3 ++ mr 9, 4 ++ ++ # n blocks ++ li 10, 128 ++ divdu 10, 5, 10 # n 128 bytes-blocks ++ cmpdi 10, 0 ++ beq Loop_last_block ++ ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 16, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 29 ++ ++ mtctr 10 ++ ++ li 15, 16 ++ li 16, 32 ++ li 17, 48 ++ li 18, 64 ++ li 19, 80 ++ li 20, 96 ++ li 21, 112 ++ ++ lwz 10, 240(6) ++ ++Loop_8x_block: ++ ++ lxvb16x 15, 0, 14 # load block ++ lxvb16x 16, 15, 14 # load block ++ lxvb16x 17, 16, 14 # load block ++ lxvb16x 18, 17, 14 # load block ++ lxvb16x 19, 18, 14 # load block ++ lxvb16x 20, 19, 14 # load block ++ lxvb16x 21, 20, 14 # load block ++ lxvb16x 22, 21, 14 # load block ++ addi 14, 14, 128 ++ ++ Loop_aes_middle8x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_next_ghash ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_next_ghash ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_next_ghash ++ b aes_gcm_out ++ ++Do_next_ghash: ++ ++ # ++ # last round ++ vcipherlast 15, 15, 23 ++ vcipherlast 16, 16, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ xxlxor 48, 48, 16 ++ stxvb16x 48, 15, 9 # store output ++ ++ vcipherlast 17, 17, 23 ++ vcipherlast 18, 18, 23 ++ ++ xxlxor 49, 49, 17 ++ stxvb16x 49, 16, 9 # store output ++ xxlxor 50, 50, 18 ++ stxvb16x 50, 17, 9 # store output ++ ++ vcipherlast 19, 19, 23 ++ vcipherlast 20, 20, 23 ++ ++ xxlxor 51, 51, 19 ++ stxvb16x 51, 18, 9 # store output ++ xxlxor 52, 52, 20 ++ stxvb16x 52, 19, 9 # store output ++ ++ vcipherlast 21, 21, 23 ++ vcipherlast 22, 22, 23 ++ ++ xxlxor 53, 53, 21 ++ stxvb16x 53, 20, 9 # store output ++ xxlxor 54, 54, 22 ++ stxvb16x 54, 21, 9 # store output ++ ++ addi 9, 9, 128 ++ ++ # ghash here ++ ppc_aes_gcm_ghash2_4x ++ ++ xxlor 27+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vmr 29, 30 ++ vxor 15, 30, 27 # add round key ++ vaddudm 30, 30, 31 ++ vxor 16, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 27 ++ ++ addi 12, 12, -128 ++ addi 11, 11, 128 ++ ++ bdnz Loop_8x_block ++ ++ vmr 30, 29 ++ ++Loop_last_block: ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++ # loop last few blocks ++ li 10, 16 ++ divdu 10, 12, 10 ++ ++ mtctr 10 ++ ++ lwz 10, 240(6) ++ ++ cmpdi 12, 16 ++ blt Final_block ++ ++.macro Loop_aes_middle_1x ++ xxlor 19+32, 1, 1 ++ xxlor 20+32, 2, 2 ++ xxlor 21+32, 3, 3 ++ xxlor 22+32, 4, 4 ++ ++ vcipher 15, 15, 19 ++ vcipher 15, 15, 20 ++ vcipher 15, 15, 21 ++ vcipher 15, 15, 22 ++ ++ xxlor 19+32, 5, 5 ++ xxlor 20+32, 6, 6 ++ xxlor 21+32, 7, 7 ++ xxlor 22+32, 8, 8 ++ ++ vcipher 15, 15, 19 ++ vcipher 15, 15, 20 ++ vcipher 15, 15, 21 ++ vcipher 15, 15, 22 ++ ++ xxlor 19+32, 9, 9 ++ vcipher 15, 15, 19 ++.endm ++ ++Next_rem_block: ++ lxvb16x 15, 0, 14 # load block ++ ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_next_1x ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_next_1x ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_next_1x ++ ++Do_next_1x: ++ vcipherlast 15, 15, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ addi 14, 14, 16 ++ addi 9, 9, 16 ++ ++ vmr 28, 15 ++ ppc_update_hash_1x ++ ++ addi 12, 12, -16 ++ addi 11, 11, 16 ++ xxlor 19+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 15, 30, 19 # add round key ++ ++ bdnz Next_rem_block ++ ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++Final_block: ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_final_1x ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_final_1x ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_final_1x ++ ++Do_final_1x: ++ vcipherlast 15, 15, 23 ++ ++ lxvb16x 15, 0, 14 # load last block ++ xxlxor 47, 47, 15 ++ ++ # create partial block mask ++ li 15, 16 ++ sub 15, 15, 12 # index to the mask ++ ++ vspltisb 16, -1 # first 16 bytes - 0xffff...ff ++ vspltisb 17, 0 # second 16 bytes - 0x0000...00 ++ li 10, 192 ++ stvx 16, 10, 1 ++ addi 10, 10, 16 ++ stvx 17, 10, 1 ++ ++ addi 10, 1, 192 ++ lxvb16x 16, 15, 10 # load partial block mask ++ xxland 47, 47, 16 ++ ++ vmr 28, 15 ++ ppc_update_hash_1x ++ ++ # * should store only the remaining bytes. ++ bl Write_partial_block ++ ++ b aes_gcm_out ++ ++# ++# Write partial block ++# r9 - output ++# r12 - remaining bytes ++# v15 - partial input data ++# ++Write_partial_block: ++ li 10, 192 ++ stxvb16x 15+32, 10, 1 # last block ++ ++ #add 10, 9, 11 # Output ++ addi 10, 9, -1 ++ addi 16, 1, 191 ++ ++ mtctr 12 # remaining bytes ++ li 15, 0 ++ ++Write_last_byte: ++ lbzu 14, 1(16) ++ stbu 14, 1(10) ++ bdnz Write_last_byte ++ blr ++ ++aes_gcm_out: ++ # out = state ++ stxvb16x 32, 0, 8 # write out Xi ++ add 3, 11, 12 # return count ++ ++ li 9, 256 ++ lvx 20, 9, 1 ++ addi 9, 9, 16 ++ lvx 21, 9, 1 ++ addi 9, 9, 16 ++ lvx 22, 9, 1 ++ addi 9, 9, 16 ++ lvx 23, 9, 1 ++ addi 9, 9, 16 ++ lvx 24, 9, 1 ++ addi 9, 9, 16 ++ lvx 25, 9, 1 ++ addi 9, 9, 16 ++ lvx 26, 9, 1 ++ addi 9, 9, 16 ++ lvx 27, 9, 1 ++ addi 9, 9, 16 ++ lvx 28, 9, 1 ++ addi 9, 9, 16 ++ lvx 29, 9, 1 ++ addi 9, 9, 16 ++ lvx 30, 9, 1 ++ addi 9, 9, 16 ++ lvx 31, 9, 1 ++ ++ ld 0, 528(1) ++ ld 14,112(1) ++ ld 15,120(1) ++ ld 16,128(1) ++ ld 17,136(1) ++ ld 18,144(1) ++ ld 19,152(1) ++ ld 20,160(1) ++ ld 21,168(1) ++ ++ mtlr 0 ++ addi 1, 1, 512 ++ blr ++ ++# ++# 8x Decrypt ++# ++.global ppc_aes_gcm_decrypt ++.align 5 ++ppc_aes_gcm_decrypt: ++_ppc_aes_gcm_decrypt: ++ ++ stdu 1,-512(1) ++ mflr 0 ++ ++ std 14,112(1) ++ std 15,120(1) ++ std 16,128(1) ++ std 17,136(1) ++ std 18,144(1) ++ std 19,152(1) ++ std 20,160(1) ++ std 21,168(1) ++ li 9, 256 ++ stvx 20, 9, 1 ++ addi 9, 9, 16 ++ stvx 21, 9, 1 ++ addi 9, 9, 16 ++ stvx 22, 9, 1 ++ addi 9, 9, 16 ++ stvx 23, 9, 1 ++ addi 9, 9, 16 ++ stvx 24, 9, 1 ++ addi 9, 9, 16 ++ stvx 25, 9, 1 ++ addi 9, 9, 16 ++ stvx 26, 9, 1 ++ addi 9, 9, 16 ++ stvx 27, 9, 1 ++ addi 9, 9, 16 ++ stvx 28, 9, 1 ++ addi 9, 9, 16 ++ stvx 29, 9, 1 ++ addi 9, 9, 16 ++ stvx 30, 9, 1 ++ addi 9, 9, 16 ++ stvx 31, 9, 1 ++ std 0, 528(1) ++ ++ # Load Xi ++ lxvb16x 32, 0, 8 # load Xi ++ ++ # load Hash - h^4, h^3, h^2, h ++ li 10, 32 ++ lxvd2x 2+32, 10, 8 # H Poli ++ li 10, 48 ++ lxvd2x 3+32, 10, 8 # Hl ++ li 10, 64 ++ lxvd2x 4+32, 10, 8 # H ++ li 10, 80 ++ lxvd2x 5+32, 10, 8 # Hh ++ ++ li 10, 96 ++ lxvd2x 6+32, 10, 8 # H^2l ++ li 10, 112 ++ lxvd2x 7+32, 10, 8 # H^2 ++ li 10, 128 ++ lxvd2x 8+32, 10, 8 # H^2h ++ ++ li 10, 144 ++ lxvd2x 9+32, 10, 8 # H^3l ++ li 10, 160 ++ lxvd2x 10+32, 10, 8 # H^3 ++ li 10, 176 ++ lxvd2x 11+32, 10, 8 # H^3h ++ ++ li 10, 192 ++ lxvd2x 12+32, 10, 8 # H^4l ++ li 10, 208 ++ lxvd2x 13+32, 10, 8 # H^4 ++ li 10, 224 ++ lxvd2x 14+32, 10, 8 # H^4h ++ ++ # initialize ICB: GHASH( IV ), IV - r7 ++ lxvb16x 30+32, 0, 7 # load IV - v30 ++ ++ mr 12, 5 # length ++ li 11, 0 # block index ++ ++ # counter 1 ++ vxor 31, 31, 31 ++ vspltisb 22, 1 ++ vsldoi 31, 31, 22,1 # counter 1 ++ ++ # load round key to VSR ++ lxv 0, 0(6) ++ lxv 1, 0x10(6) ++ lxv 2, 0x20(6) ++ lxv 3, 0x30(6) ++ lxv 4, 0x40(6) ++ lxv 5, 0x50(6) ++ lxv 6, 0x60(6) ++ lxv 7, 0x70(6) ++ lxv 8, 0x80(6) ++ lxv 9, 0x90(6) ++ lxv 10, 0xa0(6) ++ ++ # load rounds - 10 (128), 12 (192), 14 (256) ++ lwz 9,240(6) ++ ++ # ++ # vxor state, state, w # addroundkey ++ xxlor 32+29, 0, 0 ++ vxor 15, 30, 29 # IV + round key - add round key 0 ++ ++ cmpdi 9, 10 ++ beq Loop_aes_gcm_8x_dec ++ ++ # load 2 more round keys (v11, v12) ++ lxv 11, 0xb0(6) ++ lxv 12, 0xc0(6) ++ ++ cmpdi 9, 12 ++ beq Loop_aes_gcm_8x_dec ++ ++ # load 2 more round keys (v11, v12, v13, v14) ++ lxv 13, 0xd0(6) ++ lxv 14, 0xe0(6) ++ cmpdi 9, 14 ++ beq Loop_aes_gcm_8x_dec ++ ++ b aes_gcm_out ++ ++.align 5 ++Loop_aes_gcm_8x_dec: ++ mr 14, 3 ++ mr 9, 4 ++ ++ # n blocks ++ li 10, 128 ++ divdu 10, 5, 10 # n 128 bytes-blocks ++ cmpdi 10, 0 ++ beq Loop_last_block_dec ++ ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 16, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 29 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 29 ++ ++ mtctr 10 ++ ++ li 15, 16 ++ li 16, 32 ++ li 17, 48 ++ li 18, 64 ++ li 19, 80 ++ li 20, 96 ++ li 21, 112 ++ ++ lwz 10, 240(6) ++ ++Loop_8x_block_dec: ++ ++ lxvb16x 15, 0, 14 # load block ++ lxvb16x 16, 15, 14 # load block ++ lxvb16x 17, 16, 14 # load block ++ lxvb16x 18, 17, 14 # load block ++ lxvb16x 19, 18, 14 # load block ++ lxvb16x 20, 19, 14 # load block ++ lxvb16x 21, 20, 14 # load block ++ lxvb16x 22, 21, 14 # load block ++ addi 14, 14, 128 ++ ++ Loop_aes_middle8x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_last_aes_dec ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_last_aes_dec ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 16, 16, 23 ++ vcipher 17, 17, 23 ++ vcipher 18, 18, 23 ++ vcipher 19, 19, 23 ++ vcipher 20, 20, 23 ++ vcipher 21, 21, 23 ++ vcipher 22, 22, 23 ++ ++ vcipher 15, 15, 24 ++ vcipher 16, 16, 24 ++ vcipher 17, 17, 24 ++ vcipher 18, 18, 24 ++ vcipher 19, 19, 24 ++ vcipher 20, 20, 24 ++ vcipher 21, 21, 24 ++ vcipher 22, 22, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_last_aes_dec ++ b aes_gcm_out ++ ++Do_last_aes_dec: ++ ++ # ++ # last round ++ vcipherlast 15, 15, 23 ++ vcipherlast 16, 16, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ xxlxor 48, 48, 16 ++ stxvb16x 48, 15, 9 # store output ++ ++ vcipherlast 17, 17, 23 ++ vcipherlast 18, 18, 23 ++ ++ xxlxor 49, 49, 17 ++ stxvb16x 49, 16, 9 # store output ++ xxlxor 50, 50, 18 ++ stxvb16x 50, 17, 9 # store output ++ ++ vcipherlast 19, 19, 23 ++ vcipherlast 20, 20, 23 ++ ++ xxlxor 51, 51, 19 ++ stxvb16x 51, 18, 9 # store output ++ xxlxor 52, 52, 20 ++ stxvb16x 52, 19, 9 # store output ++ ++ vcipherlast 21, 21, 23 ++ vcipherlast 22, 22, 23 ++ ++ xxlxor 53, 53, 21 ++ stxvb16x 53, 20, 9 # store output ++ xxlxor 54, 54, 22 ++ stxvb16x 54, 21, 9 # store output ++ ++ addi 9, 9, 128 ++ ++ xxlor 15+32, 15, 15 ++ xxlor 16+32, 16, 16 ++ xxlor 17+32, 17, 17 ++ xxlor 18+32, 18, 18 ++ xxlor 19+32, 19, 19 ++ xxlor 20+32, 20, 20 ++ xxlor 21+32, 21, 21 ++ xxlor 22+32, 22, 22 ++ ++ # ghash here ++ ppc_aes_gcm_ghash2_4x ++ ++ xxlor 27+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vmr 29, 30 ++ vxor 15, 30, 27 # add round key ++ vaddudm 30, 30, 31 ++ vxor 16, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 17, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 18, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 19, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 20, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 21, 30, 27 ++ vaddudm 30, 30, 31 ++ vxor 22, 30, 27 ++ addi 12, 12, -128 ++ addi 11, 11, 128 ++ ++ bdnz Loop_8x_block_dec ++ ++ vmr 30, 29 ++ ++Loop_last_block_dec: ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++ # loop last few blocks ++ li 10, 16 ++ divdu 10, 12, 10 ++ ++ mtctr 10 ++ ++ lwz 10,240(6) ++ ++ cmpdi 12, 16 ++ blt Final_block_dec ++ ++Next_rem_block_dec: ++ lxvb16x 15, 0, 14 # load block ++ ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_next_1x_dec ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_next_1x_dec ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_next_1x_dec ++ ++Do_next_1x_dec: ++ vcipherlast 15, 15, 23 ++ ++ xxlxor 47, 47, 15 ++ stxvb16x 47, 0, 9 # store output ++ addi 14, 14, 16 ++ addi 9, 9, 16 ++ ++ xxlor 28+32, 15, 15 ++ ppc_update_hash_1x ++ ++ addi 12, 12, -16 ++ addi 11, 11, 16 ++ xxlor 19+32, 0, 0 ++ vaddudm 30, 30, 31 # IV + counter ++ vxor 15, 30, 19 # add round key ++ ++ bdnz Next_rem_block_dec ++ ++ cmpdi 12, 0 ++ beq aes_gcm_out ++ ++Final_block_dec: ++ Loop_aes_middle_1x ++ ++ xxlor 23+32, 10, 10 ++ ++ cmpdi 10, 10 ++ beq Do_final_1x_dec ++ ++ # 192 bits ++ xxlor 24+32, 11, 11 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 12, 12 ++ ++ cmpdi 10, 12 ++ beq Do_final_1x_dec ++ ++ # 256 bits ++ xxlor 24+32, 13, 13 ++ ++ vcipher 15, 15, 23 ++ vcipher 15, 15, 24 ++ ++ xxlor 23+32, 14, 14 ++ ++ cmpdi 10, 14 ++ beq Do_final_1x_dec ++ ++Do_final_1x_dec: ++ vcipherlast 15, 15, 23 ++ ++ lxvb16x 15, 0, 14 # load block ++ xxlxor 47, 47, 15 ++ ++ # create partial block mask ++ li 15, 16 ++ sub 15, 15, 12 # index to the mask ++ ++ vspltisb 16, -1 # first 16 bytes - 0xffff...ff ++ vspltisb 17, 0 # second 16 bytes - 0x0000...00 ++ li 10, 192 ++ stvx 16, 10, 1 ++ addi 10, 10, 16 ++ stvx 17, 10, 1 ++ ++ addi 10, 1, 192 ++ lxvb16x 16, 15, 10 # load block mask ++ xxland 47, 47, 16 ++ ++ xxlor 28+32, 15, 15 ++ ppc_update_hash_1x ++ ++ # * should store only the remaining bytes. ++ bl Write_partial_block ++ ++ b aes_gcm_out ++ ++ ++___ ++ ++foreach (split("\n",$code)) { ++ s/\`([^\`]*)\`/eval $1/geo; ++ ++ if ($flavour =~ /le$/o) { # little-endian ++ s/le\?//o or ++ s/be\?/#be#/o; ++ } else { ++ s/le\?/#le#/o or ++ s/be\?//o; ++ } ++ print $_,"\n"; ++} ++ ++close STDOUT or die "error closing STDOUT: $!"; # enforce flush +diff --git a/crypto/modes/build.info b/crypto/modes/build.info +index 687e872..0ea122e 100644 +--- a/crypto/modes/build.info ++++ b/crypto/modes/build.info +@@ -32,7 +32,7 @@ IF[{- !$disabled{asm} -}] + $MODESASM_parisc20_64=$MODESASM_parisc11 + $MODESDEF_parisc20_64=$MODESDEF_parisc11 + +- $MODESASM_ppc32=ghashp8-ppc.s ++ $MODESASM_ppc32=ghashp8-ppc.s aes-gcm-ppc.s + $MODESDEF_ppc32= + $MODESASM_ppc64=$MODESASM_ppc32 + $MODESDEF_ppc64=$MODESDEF_ppc32 +@@ -71,6 +71,7 @@ INCLUDE[ghash-sparcv9.o]=.. + GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl + GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl + GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl ++GENERATE[aes-gcm-ppc.s]=asm/aes-gcm-ppc.pl + GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl + INCLUDE[ghash-armv4.o]=.. + GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl +diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h +index e95ad5a..0c281a3 100644 +--- a/include/crypto/aes_platform.h ++++ b/include/crypto/aes_platform.h +@@ -74,6 +74,26 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, + # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks + # define HWAES_xts_encrypt aes_p8_xts_encrypt + # define HWAES_xts_decrypt aes_p8_xts_decrypt ++# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) ++# define AES_GCM_ENC_BYTES 128 ++# define AES_GCM_DEC_BYTES 128 ++size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, unsigned char ivec[16], ++ u64 *Xi); ++size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, unsigned char ivec[16], ++ u64 *Xi); ++size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], u64 *Xi); ++size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, ++ size_t len, const void *key, ++ unsigned char ivec[16], u64 *Xi); ++# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap ++# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap ++# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ ++ (gctx)->gcm.ghash==gcm_ghash_p8) ++void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); + # endif /* PPC */ + + # if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c +index 44fa9d4..789ec12 100644 +--- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c ++++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c +@@ -141,6 +141,8 @@ static const PROV_GCM_HW aes_gcm = { + # include "cipher_aes_gcm_hw_t4.inc" + #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM) + # include "cipher_aes_gcm_hw_armv8.inc" ++#elif defined(PPC_AES_GCM_CAPABLE) ++# include "cipher_aes_gcm_hw_ppc.inc" + #else + const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) + { +diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc +new file mode 100644 +index 0000000..4eed0f4 +--- /dev/null ++++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc +@@ -0,0 +1,119 @@ ++/* ++ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++/*- ++ * PPC support for AES GCM. ++ * This file is included by cipher_aes_gcm_hw.c ++ */ ++ ++static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, ++ size_t keylen) ++{ ++ PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; ++ AES_KEY *ks = &actx->ks.ks; ++ ++ GCM_HW_SET_KEY_CTR_FN(ks, aes_p8_set_encrypt_key, aes_p8_encrypt, ++ aes_p8_ctr32_encrypt_blocks); ++ return 1; ++} ++ ++ ++extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi); ++extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi); ++ ++static inline u32 UTO32(unsigned char *buf) ++{ ++ return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); ++} ++ ++static inline u32 add32TOU(unsigned char buf[4], u32 n) ++{ ++ u32 r; ++ ++ r = UTO32(buf); ++ r += n; ++ buf[0] = (unsigned char) (r >> 24) & 0xFF; ++ buf[1] = (unsigned char) (r >> 16) & 0xFF; ++ buf[2] = (unsigned char) (r >> 8) & 0xFF; ++ buf[3] = (unsigned char) r & 0xFF; ++ return r; ++} ++ ++static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) ++{ ++ int s = 0; ++ int ndone = 0; ++ int ctr_reset = 0; ++ u64 blocks_unused; ++ u64 nb = len / 16; ++ u64 next_ctr = 0; ++ unsigned char ctr_saved[12]; ++ ++ memcpy(ctr_saved, ivec, 12); ++ ++ while (nb) { ++ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12); ++ if (nb > blocks_unused) { ++ len = blocks_unused * 16; ++ nb -= blocks_unused; ++ next_ctr = blocks_unused; ++ ctr_reset = 1; ++ } else { ++ len = nb * 16; ++ next_ctr = nb; ++ nb = 0; ++ } ++ ++ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi) ++ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi); ++ ++ /* add counter to ivec */ ++ add32TOU(ivec + 12, (u32) next_ctr); ++ if (ctr_reset) { ++ ctr_reset = 0; ++ in += len; ++ out += len; ++ } ++ memcpy(ivec, ctr_saved, 12); ++ ndone += s; ++ } ++ ++ return ndone; ++} ++ ++size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi) ++{ ++ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); ++} ++ ++size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, ++ const void *key, unsigned char ivec[16], u64 *Xi) ++{ ++ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); ++} ++ ++ ++static const PROV_GCM_HW aes_ppc_gcm = { ++ aes_ppc_gcm_initkey, ++ ossl_gcm_setiv, ++ ossl_gcm_aad_update, ++ generic_aes_gcm_cipher_update, ++ ossl_gcm_cipher_final, ++ ossl_gcm_one_shot ++}; ++ ++const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) ++{ ++ return PPC_AES_GCM_CAPABLE ? &aes_ppc_gcm : &aes_gcm; ++} ++ diff --git a/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch new file mode 100644 index 0000000..527b901 --- /dev/null +++ b/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch @@ -0,0 +1,1493 @@ +Upstream-Status: Backport [ + https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149, + https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa, + hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 +] +diff --git a/crypto/chacha/asm/chachap10-ppc.pl b/crypto/chacha/asm/chachap10-ppc.pl +new file mode 100755 +index 0000000..36e9a8d +--- /dev/null ++++ b/crypto/chacha/asm/chachap10-ppc.pl +@@ -0,0 +1,1288 @@ ++#! /usr/bin/env perl ++# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# ++# ==================================================================== ++# Written by Andy Polyakov for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++# ++# October 2015 ++# ++# ChaCha20 for PowerPC/AltiVec. ++# ++# June 2018 ++# ++# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for ++# processors that can't issue more than one vector instruction per ++# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x ++# interleave would perform better. Incidentally PowerISA 2.07 (first ++# implemented by POWER8) defined new usable instructions, hence 4xVSX ++# code path... ++# ++# Performance in cycles per byte out of large buffer. ++# ++# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX ++# ++# Freescale e300 13.6/+115% - - ++# PPC74x0/G4e 6.81/+310% 3.81 - ++# PPC970/G5 9.29/+160% ? - ++# POWER7 8.62/+61% 3.35 - ++# POWER8 8.70/+51% 2.91 2.09 ++# POWER9 8.80/+29% 4.44(*) 2.45(**) ++# ++# (*) this is trade-off result, it's possible to improve it, but ++# then it would negatively affect all others; ++# (**) POWER9 seems to be "allergic" to mixing vector and integer ++# instructions, which is why switch to vector-only code pays ++# off that much; ++ ++# $output is the last argument if it looks like a file (it has an extension) ++# $flavour is the first argument if it doesn't look like a file ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++if ($flavour =~ /64/) { ++ $SIZE_T =8; ++ $LRSAVE =2*$SIZE_T; ++ $STU ="stdu"; ++ $POP ="ld"; ++ $PUSH ="std"; ++ $UCMP ="cmpld"; ++} elsif ($flavour =~ /32/) { ++ $SIZE_T =4; ++ $LRSAVE =$SIZE_T; ++ $STU ="stwu"; ++ $POP ="lwz"; ++ $PUSH ="stw"; ++ $UCMP ="cmplw"; ++} else { die "nonsense $flavour"; } ++ ++$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0; ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or ++die "can't locate ppc-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour \"$output\"" ++ or die "can't call $xlate: $!"; ++ ++$LOCALS=6*$SIZE_T; ++$FRAME=$LOCALS+64+18*$SIZE_T; # 64 is for local variables ++ ++sub AUTOLOAD() # thunk [simplified] x86-style perlasm ++{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; ++ $code .= "\t$opcode\t".join(',',@_)."\n"; ++} ++ ++my $sp = "r1"; ++ ++my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); ++ ++ ++{{{ ++my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, ++ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); ++my @K = map("v$_",(16..19)); ++my $CTR = "v26"; ++my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); ++my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); ++my $beperm = "v31"; ++ ++my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); ++ ++my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload ++ ++ ++sub VSX_lane_ROUND_4x { ++my ($a0,$b0,$c0,$d0)=@_; ++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); ++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); ++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++my @x=map("\"v$_\"",(0..15)); ++ ++ ( ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vrlw (@x[$d0],@x[$d0],'$sixteen')", ++ "&vrlw (@x[$d1],@x[$d1],'$sixteen')", ++ "&vrlw (@x[$d2],@x[$d2],'$sixteen')", ++ "&vrlw (@x[$d3],@x[$d3],'$sixteen')", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vrlw (@x[$b0],@x[$b0],'$twelve')", ++ "&vrlw (@x[$b1],@x[$b1],'$twelve')", ++ "&vrlw (@x[$b2],@x[$b2],'$twelve')", ++ "&vrlw (@x[$b3],@x[$b3],'$twelve')", ++ ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vrlw (@x[$d0],@x[$d0],'$eight')", ++ "&vrlw (@x[$d1],@x[$d1],'$eight')", ++ "&vrlw (@x[$d2],@x[$d2],'$eight')", ++ "&vrlw (@x[$d3],@x[$d3],'$eight')", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vrlw (@x[$b0],@x[$b0],'$seven')", ++ "&vrlw (@x[$b1],@x[$b1],'$seven')", ++ "&vrlw (@x[$b2],@x[$b2],'$seven')", ++ "&vrlw (@x[$b3],@x[$b3],'$seven')" ++ ); ++} ++ ++$code.=<<___; ++ ++.globl .ChaCha20_ctr32_vsx_p10 ++.align 5 ++.ChaCha20_ctr32_vsx_p10: ++ ${UCMP}i $len,255 ++ bgt ChaCha20_ctr32_vsx_8x ++ $STU $sp,-$FRAME($sp) ++ mflr r0 ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ mfspr r12,256 ++ stvx v26,r10,$sp ++ addi r10,r10,32 ++ stvx v27,r11,$sp ++ addi r11,r11,32 ++ stvx v28,r10,$sp ++ addi r10,r10,32 ++ stvx v29,r11,$sp ++ addi r11,r11,32 ++ stvx v30,r10,$sp ++ stvx v31,r11,$sp ++ stw r12,`$FRAME-4`($sp) # save vrsave ++ li r12,-4096+63 ++ $PUSH r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # preserve 29 AltiVec registers ++ ++ bl Lconsts # returns pointer Lsigma in r12 ++ lvx_4w @K[0],0,r12 # load sigma ++ addi r12,r12,0x70 ++ li $x10,16 ++ li $x20,32 ++ li $x30,48 ++ li r11,64 ++ ++ lvx_4w @K[1],0,$key # load key ++ lvx_4w @K[2],$x10,$key ++ lvx_4w @K[3],0,$ctr # load counter ++ ++ vxor $xt0,$xt0,$xt0 ++ lvx_4w $xt1,r11,r12 ++ vspltw $CTR,@K[3],0 ++ vsldoi @K[3],@K[3],$xt0,4 ++ vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0] ++ vadduwm $CTR,$CTR,$xt1 ++ ++ be?lvsl $beperm,0,$x10 # 0x00..0f ++ be?vspltisb $xt0,3 # 0x03..03 ++ be?vxor $beperm,$beperm,$xt0 # swap bytes within words ++ ++ li r0,10 # inner loop counter ++ mtctr r0 ++ b Loop_outer_vsx ++ ++.align 5 ++Loop_outer_vsx: ++ lvx $xa0,$x00,r12 # load [smashed] sigma ++ lvx $xa1,$x10,r12 ++ lvx $xa2,$x20,r12 ++ lvx $xa3,$x30,r12 ++ ++ vspltw $xb0,@K[1],0 # smash the key ++ vspltw $xb1,@K[1],1 ++ vspltw $xb2,@K[1],2 ++ vspltw $xb3,@K[1],3 ++ ++ vspltw $xc0,@K[2],0 ++ vspltw $xc1,@K[2],1 ++ vspltw $xc2,@K[2],2 ++ vspltw $xc3,@K[2],3 ++ ++ vmr $xd0,$CTR # smash the counter ++ vspltw $xd1,@K[3],1 ++ vspltw $xd2,@K[3],2 ++ vspltw $xd3,@K[3],3 ++ ++ vspltisw $sixteen,-16 # synthesize constants ++ vspltisw $twelve,12 ++ vspltisw $eight,8 ++ vspltisw $seven,7 ++ ++Loop_vsx_4x: ++___ ++ foreach (&VSX_lane_ROUND_4x(0, 4, 8,12)) { eval; } ++ foreach (&VSX_lane_ROUND_4x(0, 5,10,15)) { eval; } ++$code.=<<___; ++ ++ bdnz Loop_vsx_4x ++ ++ vadduwm $xd0,$xd0,$CTR ++ ++ vmrgew $xt0,$xa0,$xa1 # transpose data ++ vmrgew $xt1,$xa2,$xa3 ++ vmrgow $xa0,$xa0,$xa1 ++ vmrgow $xa2,$xa2,$xa3 ++ vmrgew $xt2,$xb0,$xb1 ++ vmrgew $xt3,$xb2,$xb3 ++ vpermdi $xa1,$xa0,$xa2,0b00 ++ vpermdi $xa3,$xa0,$xa2,0b11 ++ vpermdi $xa0,$xt0,$xt1,0b00 ++ vpermdi $xa2,$xt0,$xt1,0b11 ++ ++ vmrgow $xb0,$xb0,$xb1 ++ vmrgow $xb2,$xb2,$xb3 ++ vmrgew $xt0,$xc0,$xc1 ++ vmrgew $xt1,$xc2,$xc3 ++ vpermdi $xb1,$xb0,$xb2,0b00 ++ vpermdi $xb3,$xb0,$xb2,0b11 ++ vpermdi $xb0,$xt2,$xt3,0b00 ++ vpermdi $xb2,$xt2,$xt3,0b11 ++ ++ vmrgow $xc0,$xc0,$xc1 ++ vmrgow $xc2,$xc2,$xc3 ++ vmrgew $xt2,$xd0,$xd1 ++ vmrgew $xt3,$xd2,$xd3 ++ vpermdi $xc1,$xc0,$xc2,0b00 ++ vpermdi $xc3,$xc0,$xc2,0b11 ++ vpermdi $xc0,$xt0,$xt1,0b00 ++ vpermdi $xc2,$xt0,$xt1,0b11 ++ ++ vmrgow $xd0,$xd0,$xd1 ++ vmrgow $xd2,$xd2,$xd3 ++ vspltisw $xt0,4 ++ vadduwm $CTR,$CTR,$xt0 # next counter value ++ vpermdi $xd1,$xd0,$xd2,0b00 ++ vpermdi $xd3,$xd0,$xd2,0b11 ++ vpermdi $xd0,$xt2,$xt3,0b00 ++ vpermdi $xd2,$xt2,$xt3,0b11 ++ ++ vadduwm $xa0,$xa0,@K[0] ++ vadduwm $xb0,$xb0,@K[1] ++ vadduwm $xc0,$xc0,@K[2] ++ vadduwm $xd0,$xd0,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx ++ ++ vadduwm $xa0,$xa1,@K[0] ++ vadduwm $xb0,$xb1,@K[1] ++ vadduwm $xc0,$xc1,@K[2] ++ vadduwm $xd0,$xd1,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx ++ ++ vadduwm $xa0,$xa2,@K[0] ++ vadduwm $xb0,$xb2,@K[1] ++ vadduwm $xc0,$xc2,@K[2] ++ vadduwm $xd0,$xd2,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx ++ ++ vadduwm $xa0,$xa3,@K[0] ++ vadduwm $xb0,$xb3,@K[1] ++ vadduwm $xc0,$xc3,@K[2] ++ vadduwm $xd0,$xd3,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ mtctr r0 ++ bne Loop_outer_vsx ++ ++Ldone_vsx: ++ lwz r12,`$FRAME-4`($sp) # pull vrsave ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ $POP r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # restore vrsave ++ lvx v26,r10,$sp ++ addi r10,r10,32 ++ lvx v27,r11,$sp ++ addi r11,r11,32 ++ lvx v28,r10,$sp ++ addi r10,r10,32 ++ lvx v29,r11,$sp ++ addi r11,r11,32 ++ lvx v30,r10,$sp ++ lvx v31,r11,$sp ++ mtlr r0 ++ addi $sp,$sp,$FRAME ++ blr ++ ++.align 4 ++Ltail_vsx: ++ addi r11,$sp,$LOCALS ++ mtctr $len ++ stvx_4w $xa0,$x00,r11 # offload block to stack ++ stvx_4w $xb0,$x10,r11 ++ stvx_4w $xc0,$x20,r11 ++ stvx_4w $xd0,$x30,r11 ++ subi r12,r11,1 # prepare for *++ptr ++ subi $inp,$inp,1 ++ subi $out,$out,1 ++ ++Loop_tail_vsx: ++ lbzu r6,1(r12) ++ lbzu r7,1($inp) ++ xor r6,r6,r7 ++ stbu r6,1($out) ++ bdnz Loop_tail_vsx ++ ++ stvx_4w $K[0],$x00,r11 # wipe copy of the block ++ stvx_4w $K[0],$x10,r11 ++ stvx_4w $K[0],$x20,r11 ++ stvx_4w $K[0],$x30,r11 ++ ++ b Ldone_vsx ++ .long 0 ++ .byte 0,12,0x04,1,0x80,0,5,0 ++ .long 0 ++.size .ChaCha20_ctr32_vsx_p10,.-.ChaCha20_ctr32_vsx_p10 ++___ ++}}} ++ ++##This is 8 block in parallel implementation. The heart of chacha round uses vector instruction that has access to ++# vsr[32+X]. To perform the 8 parallel block we tend to use all 32 register to hold the 8 block info. ++# WE need to store few register value on side, so we can use VSR{32+X} for few vector instructions used in round op and hold intermediate value. ++# WE use the VSR[0]-VSR[31] for holding intermediate value and perform 8 block in parallel. ++# ++{{{ ++#### ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); ++my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, ++ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3, ++ $xa4,$xa5,$xa6,$xa7, $xb4,$xb5,$xb6,$xb7, ++ $xc4,$xc5,$xc6,$xc7, $xd4,$xd5,$xd6,$xd7) = map("v$_",(0..31)); ++my ($xcn4,$xcn5,$xcn6,$xcn7, $xdn4,$xdn5,$xdn6,$xdn7) = map("v$_",(8..15)); ++my ($xan0,$xbn0,$xcn0,$xdn0) = map("v$_",(0..3)); ++my @K = map("v$_",27,(24..26)); ++my ($xt0,$xt1,$xt2,$xt3,$xt4) = map("v$_",23,(28..31)); ++my $xr0 = "v4"; ++my $CTR0 = "v22"; ++my $CTR1 = "v5"; ++my $beperm = "v31"; ++my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); ++my ($xv0,$xv1,$xv2,$xv3,$xv4,$xv5,$xv6,$xv7) = map("v$_",(0..7)); ++my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("v$_",(8..17)); ++my ($xv18,$xv19,$xv20,$xv21) = map("v$_",(18..21)); ++my ($xv22,$xv23,$xv24,$xv25,$xv26) = map("v$_",(22..26)); ++ ++my $FRAME=$LOCALS+64+9*16; # 8*16 is for v24-v31 offload ++ ++sub VSX_lane_ROUND_8x { ++my ($a0,$b0,$c0,$d0,$a4,$b4,$c4,$d4)=@_; ++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); ++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); ++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++my ($a5,$b5,$c5,$d5)=map(($_&~3)+(($_+1)&3),($a4,$b4,$c4,$d4)); ++my ($a6,$b6,$c6,$d6)=map(($_&~3)+(($_+1)&3),($a5,$b5,$c5,$d5)); ++my ($a7,$b7,$c7,$d7)=map(($_&~3)+(($_+1)&3),($a6,$b6,$c6,$d6)); ++my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("\"v$_\"",(8..17)); ++my @x=map("\"v$_\"",(0..31)); ++ ++ ( ++ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", #copy v30 to v13 ++ "&vxxlorc (@x[$c7], $xv9,$xv9)", ++ ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 ++ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", # Q1 ++ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", # Q2 ++ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", # Q3 ++ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", # Q4 ++ ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vxor (@x[$d4],@x[$d4],@x[$a4])", ++ "&vxor (@x[$d5],@x[$d5],@x[$a5])", ++ "&vxor (@x[$d6],@x[$d6],@x[$a6])", ++ "&vxor (@x[$d7],@x[$d7],@x[$a7])", ++ ++ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", ++ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", ++ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", ++ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", ++ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", ++ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", ++ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", ++ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", ++ ++ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", ++ "&vxxlorc (@x[$c7], $xv15,$xv15)", ++ "&vxxlorc (@x[$a7], $xv10,$xv10)", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", ++ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", ++ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", ++ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", ++ ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vxor (@x[$b4],@x[$b4],@x[$c4])", ++ "&vxor (@x[$b5],@x[$b5],@x[$c5])", ++ "&vxor (@x[$b6],@x[$b6],@x[$c6])", ++ "&vxor (@x[$b7],@x[$b7],@x[$c7])", ++ ++ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", ++ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", ++ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", ++ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", ++ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", ++ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", ++ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", ++ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", ++ ++ "&vxxlorc (@x[$a7], $xv13,$xv13)", ++ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", ++ "&vxxlorc (@x[$c7], $xv11,$xv11)", ++ ++ ++ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", ++ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", ++ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", ++ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", ++ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", ++ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", ++ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", ++ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", ++ ++ "&vxor (@x[$d0],@x[$d0],@x[$a0])", ++ "&vxor (@x[$d1],@x[$d1],@x[$a1])", ++ "&vxor (@x[$d2],@x[$d2],@x[$a2])", ++ "&vxor (@x[$d3],@x[$d3],@x[$a3])", ++ "&vxor (@x[$d4],@x[$d4],@x[$a4])", ++ "&vxor (@x[$d5],@x[$d5],@x[$a5])", ++ "&vxor (@x[$d6],@x[$d6],@x[$a6])", ++ "&vxor (@x[$d7],@x[$d7],@x[$a7])", ++ ++ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", ++ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", ++ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", ++ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", ++ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", ++ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", ++ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", ++ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", ++ ++ "&vxxlorc (@x[$c7], $xv15,$xv15)", ++ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", ++ "&vxxlorc (@x[$a7], $xv12,$xv12)", ++ ++ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", ++ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", ++ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", ++ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", ++ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", ++ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", ++ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", ++ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", ++ "&vxor (@x[$b0],@x[$b0],@x[$c0])", ++ "&vxor (@x[$b1],@x[$b1],@x[$c1])", ++ "&vxor (@x[$b2],@x[$b2],@x[$c2])", ++ "&vxor (@x[$b3],@x[$b3],@x[$c3])", ++ "&vxor (@x[$b4],@x[$b4],@x[$c4])", ++ "&vxor (@x[$b5],@x[$b5],@x[$c5])", ++ "&vxor (@x[$b6],@x[$b6],@x[$c6])", ++ "&vxor (@x[$b7],@x[$b7],@x[$c7])", ++ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", ++ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", ++ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", ++ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", ++ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", ++ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", ++ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", ++ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", ++ ++ "&vxxlorc (@x[$a7], $xv13,$xv13)", ++ ); ++} ++ ++$code.=<<___; ++ ++.globl .ChaCha20_ctr32_vsx_8x ++.align 5 ++.ChaCha20_ctr32_vsx_8x: ++ $STU $sp,-$FRAME($sp) ++ mflr r0 ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ mfspr r12,256 ++ stvx v24,r10,$sp ++ addi r10,r10,32 ++ stvx v25,r11,$sp ++ addi r11,r11,32 ++ stvx v26,r10,$sp ++ addi r10,r10,32 ++ stvx v27,r11,$sp ++ addi r11,r11,32 ++ stvx v28,r10,$sp ++ addi r10,r10,32 ++ stvx v29,r11,$sp ++ addi r11,r11,32 ++ stvx v30,r10,$sp ++ stvx v31,r11,$sp ++ stw r12,`$FRAME-4`($sp) # save vrsave ++ li r12,-4096+63 ++ $PUSH r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # preserve 29 AltiVec registers ++ ++ bl Lconsts # returns pointer Lsigma in r12 ++ ++ lvx_4w @K[0],0,r12 # load sigma ++ addi r12,r12,0x70 ++ li $x10,16 ++ li $x20,32 ++ li $x30,48 ++ li r11,64 ++ ++ vspltisw $xa4,-16 # synthesize constants ++ vspltisw $xb4,12 # synthesize constants ++ vspltisw $xc4,8 # synthesize constants ++ vspltisw $xd4,7 # synthesize constants ++ ++ lvx $xa0,$x00,r12 # load [smashed] sigma ++ lvx $xa1,$x10,r12 ++ lvx $xa2,$x20,r12 ++ lvx $xa3,$x30,r12 ++ ++ vxxlor $xv9 ,$xa4,$xa4 #save shift val in vr9-12 ++ vxxlor $xv10 ,$xb4,$xb4 ++ vxxlor $xv11 ,$xc4,$xc4 ++ vxxlor $xv12 ,$xd4,$xd4 ++ vxxlor $xv22 ,$xa0,$xa0 #save sigma in vr22-25 ++ vxxlor $xv23 ,$xa1,$xa1 ++ vxxlor $xv24 ,$xa2,$xa2 ++ vxxlor $xv25 ,$xa3,$xa3 ++ ++ lvx_4w @K[1],0,$key # load key ++ lvx_4w @K[2],$x10,$key ++ lvx_4w @K[3],0,$ctr # load counter ++ vspltisw $xt3,4 ++ ++ ++ vxor $xt2,$xt2,$xt2 ++ lvx_4w $xt1,r11,r12 ++ vspltw $xa2,@K[3],0 #save the original count after spltw ++ vsldoi @K[3],@K[3],$xt2,4 ++ vsldoi @K[3],$xt2,@K[3],12 # clear @K[3].word[0] ++ vadduwm $xt1,$xa2,$xt1 ++ vadduwm $xt3,$xt1,$xt3 # next counter value ++ vspltw $xa0,@K[2],2 # save the K[2] spltw 2 and save v8. ++ ++ be?lvsl $beperm,0,$x10 # 0x00..0f ++ be?vspltisb $xt0,3 # 0x03..03 ++ be?vxor $beperm,$beperm,$xt0 # swap bytes within words ++ be?vxxlor $xv26 ,$beperm,$beperm ++ ++ vxxlor $xv0 ,@K[0],@K[0] # K0,k1,k2 to vr0,1,2 ++ vxxlor $xv1 ,@K[1],@K[1] ++ vxxlor $xv2 ,@K[2],@K[2] ++ vxxlor $xv3 ,@K[3],@K[3] ++ vxxlor $xv4 ,$xt1,$xt1 #CTR ->4, CTR+4-> 5 ++ vxxlor $xv5 ,$xt3,$xt3 ++ vxxlor $xv8 ,$xa0,$xa0 ++ ++ li r0,10 # inner loop counter ++ mtctr r0 ++ b Loop_outer_vsx_8x ++ ++.align 5 ++Loop_outer_vsx_8x: ++ vxxlorc $xa0,$xv22,$xv22 # load [smashed] sigma ++ vxxlorc $xa1,$xv23,$xv23 ++ vxxlorc $xa2,$xv24,$xv24 ++ vxxlorc $xa3,$xv25,$xv25 ++ vxxlorc $xa4,$xv22,$xv22 ++ vxxlorc $xa5,$xv23,$xv23 ++ vxxlorc $xa6,$xv24,$xv24 ++ vxxlorc $xa7,$xv25,$xv25 ++ ++ vspltw $xb0,@K[1],0 # smash the key ++ vspltw $xb1,@K[1],1 ++ vspltw $xb2,@K[1],2 ++ vspltw $xb3,@K[1],3 ++ vspltw $xb4,@K[1],0 # smash the key ++ vspltw $xb5,@K[1],1 ++ vspltw $xb6,@K[1],2 ++ vspltw $xb7,@K[1],3 ++ ++ vspltw $xc0,@K[2],0 ++ vspltw $xc1,@K[2],1 ++ vspltw $xc2,@K[2],2 ++ vspltw $xc3,@K[2],3 ++ vspltw $xc4,@K[2],0 ++ vspltw $xc7,@K[2],3 ++ vspltw $xc5,@K[2],1 ++ ++ vxxlorc $xd0,$xv4,$xv4 # smash the counter ++ vspltw $xd1,@K[3],1 ++ vspltw $xd2,@K[3],2 ++ vspltw $xd3,@K[3],3 ++ vxxlorc $xd4,$xv5,$xv5 # smash the counter ++ vspltw $xd5,@K[3],1 ++ vspltw $xd6,@K[3],2 ++ vspltw $xd7,@K[3],3 ++ vxxlorc $xc6,$xv8,$xv8 #copy of vlspt k[2],2 is in v8.v26 ->k[3] so need to wait until k3 is done ++ ++Loop_vsx_8x: ++___ ++ foreach (&VSX_lane_ROUND_8x(0,4, 8,12,16,20,24,28)) { eval; } ++ foreach (&VSX_lane_ROUND_8x(0,5,10,15,16,21,26,31)) { eval; } ++$code.=<<___; ++ ++ bdnz Loop_vsx_8x ++ vxxlor $xv13 ,$xd4,$xd4 # save the register vr24-31 ++ vxxlor $xv14 ,$xd5,$xd5 # ++ vxxlor $xv15 ,$xd6,$xd6 # ++ vxxlor $xv16 ,$xd7,$xd7 # ++ ++ vxxlor $xv18 ,$xc4,$xc4 # ++ vxxlor $xv19 ,$xc5,$xc5 # ++ vxxlor $xv20 ,$xc6,$xc6 # ++ vxxlor $xv21 ,$xc7,$xc7 # ++ ++ vxxlor $xv6 ,$xb6,$xb6 # save vr23, so we get 8 regs ++ vxxlor $xv7 ,$xb7,$xb7 # save vr23, so we get 8 regs ++ be?vxxlorc $beperm,$xv26,$xv26 # copy back the the beperm. ++ ++ vxxlorc @K[0],$xv0,$xv0 #27 ++ vxxlorc @K[1],$xv1,$xv1 #24 ++ vxxlorc @K[2],$xv2,$xv2 #25 ++ vxxlorc @K[3],$xv3,$xv3 #26 ++ vxxlorc $CTR0,$xv4,$xv4 ++###changing to vertical ++ ++ vmrgew $xt0,$xa0,$xa1 # transpose data ++ vmrgew $xt1,$xa2,$xa3 ++ vmrgow $xa0,$xa0,$xa1 ++ vmrgow $xa2,$xa2,$xa3 ++ ++ vmrgew $xt2,$xb0,$xb1 ++ vmrgew $xt3,$xb2,$xb3 ++ vmrgow $xb0,$xb0,$xb1 ++ vmrgow $xb2,$xb2,$xb3 ++ ++ vadduwm $xd0,$xd0,$CTR0 ++ ++ vpermdi $xa1,$xa0,$xa2,0b00 ++ vpermdi $xa3,$xa0,$xa2,0b11 ++ vpermdi $xa0,$xt0,$xt1,0b00 ++ vpermdi $xa2,$xt0,$xt1,0b11 ++ vpermdi $xb1,$xb0,$xb2,0b00 ++ vpermdi $xb3,$xb0,$xb2,0b11 ++ vpermdi $xb0,$xt2,$xt3,0b00 ++ vpermdi $xb2,$xt2,$xt3,0b11 ++ ++ vmrgew $xt0,$xc0,$xc1 ++ vmrgew $xt1,$xc2,$xc3 ++ vmrgow $xc0,$xc0,$xc1 ++ vmrgow $xc2,$xc2,$xc3 ++ vmrgew $xt2,$xd0,$xd1 ++ vmrgew $xt3,$xd2,$xd3 ++ vmrgow $xd0,$xd0,$xd1 ++ vmrgow $xd2,$xd2,$xd3 ++ ++ vpermdi $xc1,$xc0,$xc2,0b00 ++ vpermdi $xc3,$xc0,$xc2,0b11 ++ vpermdi $xc0,$xt0,$xt1,0b00 ++ vpermdi $xc2,$xt0,$xt1,0b11 ++ vpermdi $xd1,$xd0,$xd2,0b00 ++ vpermdi $xd3,$xd0,$xd2,0b11 ++ vpermdi $xd0,$xt2,$xt3,0b00 ++ vpermdi $xd2,$xt2,$xt3,0b11 ++ ++ vspltisw $xt0,8 ++ vadduwm $CTR0,$CTR0,$xt0 # next counter value ++ vxxlor $xv4 ,$CTR0,$CTR0 #CTR+4-> 5 ++ ++ vadduwm $xa0,$xa0,@K[0] ++ vadduwm $xb0,$xb0,@K[1] ++ vadduwm $xc0,$xc0,@K[2] ++ vadduwm $xd0,$xd0,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xa0,$xa1,@K[0] ++ vadduwm $xb0,$xb1,@K[1] ++ vadduwm $xc0,$xc1,@K[2] ++ vadduwm $xd0,$xd1,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xa0,$xa2,@K[0] ++ vadduwm $xb0,$xb2,@K[1] ++ vadduwm $xc0,$xc2,@K[2] ++ vadduwm $xd0,$xd2,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xa0,$xa3,@K[0] ++ vadduwm $xb0,$xb3,@K[1] ++ vadduwm $xc0,$xc3,@K[2] ++ vadduwm $xd0,$xd3,@K[3] ++ ++ be?vperm $xa0,$xa0,$xa0,$beperm ++ be?vperm $xb0,$xb0,$xb0,$beperm ++ be?vperm $xc0,$xc0,$xc0,$beperm ++ be?vperm $xd0,$xd0,$xd0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x ++ ++ lvx_4w $xt0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xt0,$xt0,$xa0 ++ vxor $xt1,$xt1,$xb0 ++ vxor $xt2,$xt2,$xc0 ++ vxor $xt3,$xt3,$xd0 ++ ++ stvx_4w $xt0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++#blk4-7: 24:31 remain the same as we can use the same logic above . Reg a4-b7 remain same.Load c4,d7--> position 8-15.we can reuse vr24-31. ++#VR0-3 : are used to load temp value, vr4 --> as xr0 instead of xt0. ++ ++ vxxlorc $CTR1 ,$xv5,$xv5 ++ ++ vxxlorc $xcn4 ,$xv18,$xv18 ++ vxxlorc $xcn5 ,$xv19,$xv19 ++ vxxlorc $xcn6 ,$xv20,$xv20 ++ vxxlorc $xcn7 ,$xv21,$xv21 ++ ++ vxxlorc $xdn4 ,$xv13,$xv13 ++ vxxlorc $xdn5 ,$xv14,$xv14 ++ vxxlorc $xdn6 ,$xv15,$xv15 ++ vxxlorc $xdn7 ,$xv16,$xv16 ++ vadduwm $xdn4,$xdn4,$CTR1 ++ ++ vxxlorc $xb6 ,$xv6,$xv6 ++ vxxlorc $xb7 ,$xv7,$xv7 ++#use xa1->xr0, as xt0...in the block 4-7 ++ ++ vmrgew $xr0,$xa4,$xa5 # transpose data ++ vmrgew $xt1,$xa6,$xa7 ++ vmrgow $xa4,$xa4,$xa5 ++ vmrgow $xa6,$xa6,$xa7 ++ vmrgew $xt2,$xb4,$xb5 ++ vmrgew $xt3,$xb6,$xb7 ++ vmrgow $xb4,$xb4,$xb5 ++ vmrgow $xb6,$xb6,$xb7 ++ ++ vpermdi $xa5,$xa4,$xa6,0b00 ++ vpermdi $xa7,$xa4,$xa6,0b11 ++ vpermdi $xa4,$xr0,$xt1,0b00 ++ vpermdi $xa6,$xr0,$xt1,0b11 ++ vpermdi $xb5,$xb4,$xb6,0b00 ++ vpermdi $xb7,$xb4,$xb6,0b11 ++ vpermdi $xb4,$xt2,$xt3,0b00 ++ vpermdi $xb6,$xt2,$xt3,0b11 ++ ++ vmrgew $xr0,$xcn4,$xcn5 ++ vmrgew $xt1,$xcn6,$xcn7 ++ vmrgow $xcn4,$xcn4,$xcn5 ++ vmrgow $xcn6,$xcn6,$xcn7 ++ vmrgew $xt2,$xdn4,$xdn5 ++ vmrgew $xt3,$xdn6,$xdn7 ++ vmrgow $xdn4,$xdn4,$xdn5 ++ vmrgow $xdn6,$xdn6,$xdn7 ++ ++ vpermdi $xcn5,$xcn4,$xcn6,0b00 ++ vpermdi $xcn7,$xcn4,$xcn6,0b11 ++ vpermdi $xcn4,$xr0,$xt1,0b00 ++ vpermdi $xcn6,$xr0,$xt1,0b11 ++ vpermdi $xdn5,$xdn4,$xdn6,0b00 ++ vpermdi $xdn7,$xdn4,$xdn6,0b11 ++ vpermdi $xdn4,$xt2,$xt3,0b00 ++ vpermdi $xdn6,$xt2,$xt3,0b11 ++ ++ vspltisw $xr0,8 ++ vadduwm $CTR1,$CTR1,$xr0 # next counter value ++ vxxlor $xv5 ,$CTR1,$CTR1 #CTR+4-> 5 ++ ++ vadduwm $xan0,$xa4,@K[0] ++ vadduwm $xbn0,$xb4,@K[1] ++ vadduwm $xcn0,$xcn4,@K[2] ++ vadduwm $xdn0,$xdn4,@K[3] ++ ++ be?vperm $xan0,$xa4,$xa4,$beperm ++ be?vperm $xbn0,$xb4,$xb4,$beperm ++ be?vperm $xcn0,$xcn4,$xcn4,$beperm ++ be?vperm $xdn0,$xdn4,$xdn4,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xan0,$xa5,@K[0] ++ vadduwm $xbn0,$xb5,@K[1] ++ vadduwm $xcn0,$xcn5,@K[2] ++ vadduwm $xdn0,$xdn5,@K[3] ++ ++ be?vperm $xan0,$xan0,$xan0,$beperm ++ be?vperm $xbn0,$xbn0,$xbn0,$beperm ++ be?vperm $xcn0,$xcn0,$xcn0,$beperm ++ be?vperm $xdn0,$xdn0,$xdn0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xan0,$xa6,@K[0] ++ vadduwm $xbn0,$xb6,@K[1] ++ vadduwm $xcn0,$xcn6,@K[2] ++ vadduwm $xdn0,$xdn6,@K[3] ++ ++ be?vperm $xan0,$xan0,$xan0,$beperm ++ be?vperm $xbn0,$xbn0,$xbn0,$beperm ++ be?vperm $xcn0,$xcn0,$xcn0,$beperm ++ be?vperm $xdn0,$xdn0,$xdn0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ vadduwm $xan0,$xa7,@K[0] ++ vadduwm $xbn0,$xb7,@K[1] ++ vadduwm $xcn0,$xcn7,@K[2] ++ vadduwm $xdn0,$xdn7,@K[3] ++ ++ be?vperm $xan0,$xan0,$xan0,$beperm ++ be?vperm $xbn0,$xbn0,$xbn0,$beperm ++ be?vperm $xcn0,$xcn0,$xcn0,$beperm ++ be?vperm $xdn0,$xdn0,$xdn0,$beperm ++ ++ ${UCMP}i $len,0x40 ++ blt Ltail_vsx_8x_1 ++ ++ lvx_4w $xr0,$x00,$inp ++ lvx_4w $xt1,$x10,$inp ++ lvx_4w $xt2,$x20,$inp ++ lvx_4w $xt3,$x30,$inp ++ ++ vxor $xr0,$xr0,$xan0 ++ vxor $xt1,$xt1,$xbn0 ++ vxor $xt2,$xt2,$xcn0 ++ vxor $xt3,$xt3,$xdn0 ++ ++ stvx_4w $xr0,$x00,$out ++ stvx_4w $xt1,$x10,$out ++ addi $inp,$inp,0x40 ++ stvx_4w $xt2,$x20,$out ++ subi $len,$len,0x40 ++ stvx_4w $xt3,$x30,$out ++ addi $out,$out,0x40 ++ beq Ldone_vsx_8x ++ ++ mtctr r0 ++ bne Loop_outer_vsx_8x ++ ++Ldone_vsx_8x: ++ lwz r12,`$FRAME-4`($sp) # pull vrsave ++ li r10,`15+$LOCALS+64` ++ li r11,`31+$LOCALS+64` ++ $POP r0, `$FRAME+$LRSAVE`($sp) ++ mtspr 256,r12 # restore vrsave ++ lvx v24,r10,$sp ++ addi r10,r10,32 ++ lvx v25,r11,$sp ++ addi r11,r11,32 ++ lvx v26,r10,$sp ++ addi r10,r10,32 ++ lvx v27,r11,$sp ++ addi r11,r11,32 ++ lvx v28,r10,$sp ++ addi r10,r10,32 ++ lvx v29,r11,$sp ++ addi r11,r11,32 ++ lvx v30,r10,$sp ++ lvx v31,r11,$sp ++ mtlr r0 ++ addi $sp,$sp,$FRAME ++ blr ++ ++.align 4 ++Ltail_vsx_8x: ++ addi r11,$sp,$LOCALS ++ mtctr $len ++ stvx_4w $xa0,$x00,r11 # offload block to stack ++ stvx_4w $xb0,$x10,r11 ++ stvx_4w $xc0,$x20,r11 ++ stvx_4w $xd0,$x30,r11 ++ subi r12,r11,1 # prepare for *++ptr ++ subi $inp,$inp,1 ++ subi $out,$out,1 ++ bl Loop_tail_vsx_8x ++Ltail_vsx_8x_1: ++ addi r11,$sp,$LOCALS ++ mtctr $len ++ stvx_4w $xan0,$x00,r11 # offload block to stack ++ stvx_4w $xbn0,$x10,r11 ++ stvx_4w $xcn0,$x20,r11 ++ stvx_4w $xdn0,$x30,r11 ++ subi r12,r11,1 # prepare for *++ptr ++ subi $inp,$inp,1 ++ subi $out,$out,1 ++ bl Loop_tail_vsx_8x ++ ++Loop_tail_vsx_8x: ++ lbzu r6,1(r12) ++ lbzu r7,1($inp) ++ xor r6,r6,r7 ++ stbu r6,1($out) ++ bdnz Loop_tail_vsx_8x ++ ++ stvx_4w $K[0],$x00,r11 # wipe copy of the block ++ stvx_4w $K[0],$x10,r11 ++ stvx_4w $K[0],$x20,r11 ++ stvx_4w $K[0],$x30,r11 ++ ++ b Ldone_vsx_8x ++ .long 0 ++ .byte 0,12,0x04,1,0x80,0,5,0 ++ .long 0 ++.size .ChaCha20_ctr32_vsx_8x,.-.ChaCha20_ctr32_vsx_8x ++___ ++}}} ++ ++ ++$code.=<<___; ++.align 5 ++Lconsts: ++ mflr r0 ++ bcl 20,31,\$+4 ++ mflr r12 #vvvvv "distance between . and Lsigma ++ addi r12,r12,`64-8` ++ mtlr r0 ++ blr ++ .long 0 ++ .byte 0,12,0x14,0,0,0,0,0 ++ .space `64-9*4` ++Lsigma: ++ .long 0x61707865,0x3320646e,0x79622d32,0x6b206574 ++ .long 1,0,0,0 ++ .long 2,0,0,0 ++ .long 3,0,0,0 ++ .long 4,0,0,0 ++___ ++$code.=<<___ if ($LITTLE_ENDIAN); ++ .long 0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001 ++ .long 0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300 ++___ ++$code.=<<___ if (!$LITTLE_ENDIAN); # flipped words ++ .long 0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d ++ .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c ++___ ++$code.=<<___; ++ .long 0x61707865,0x61707865,0x61707865,0x61707865 ++ .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e ++ .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 ++ .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 ++ .long 0,1,2,3 ++ .long 0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c ++.asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " ++.align 2 ++___ ++ ++foreach (split("\n",$code)) { ++ s/\`([^\`]*)\`/eval $1/ge; ++ ++ # instructions prefixed with '?' are endian-specific and need ++ # to be adjusted accordingly... ++ if ($flavour !~ /le$/) { # big-endian ++ s/be\?// or ++ s/le\?/#le#/ or ++ s/\?lvsr/lvsl/ or ++ s/\?lvsl/lvsr/ or ++ s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or ++ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; ++ } else { # little-endian ++ s/le\?// or ++ s/be\?/#be#/ or ++ s/\?([a-z]+)/$1/ or ++ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; ++ } ++ ++ print $_,"\n"; ++} ++ ++close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/chacha/build.info b/crypto/chacha/build.info +index c12cb9c..2a819b2 100644 +--- a/crypto/chacha/build.info ++++ b/crypto/chacha/build.info +@@ -12,7 +12,7 @@ IF[{- !$disabled{asm} -}] + $CHACHAASM_armv4=chacha-armv4.S + $CHACHAASM_aarch64=chacha-armv8.S + +- $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s ++ $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s chachap10-ppc.s + $CHACHAASM_ppc64=$CHACHAASM_ppc32 + + $CHACHAASM_c64xplus=chacha-c64xplus.s +@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM + GENERATE[chacha-x86.s]=asm/chacha-x86.pl + GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl + GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl ++GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl + GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl + INCLUDE[chacha-armv4.o]=.. + GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl +diff --git a/crypto/chacha/chacha_ppc.c b/crypto/chacha/chacha_ppc.c +index 5319040..f99cca8 100644 +--- a/crypto/chacha/chacha_ppc.c ++++ b/crypto/chacha/chacha_ppc.c +@@ -23,13 +23,18 @@ void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, + void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); ++void ChaCha20_ctr32_vsx_p10(unsigned char *out, const unsigned char *inp, ++ size_t len, const unsigned int key[8], ++ const unsigned int counter[4]); + void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]) + { +- OPENSSL_ppccap_P & PPC_CRYPTO207 +- ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) +- : OPENSSL_ppccap_P & PPC_ALTIVEC +- ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) +- : ChaCha20_ctr32_int(out, inp, len, key, counter); ++ OPENSSL_ppccap_P & PPC_BRD31 ++ ? ChaCha20_ctr32_vsx_p10(out, inp, len, key, counter) ++ :OPENSSL_ppccap_P & PPC_CRYPTO207 ++ ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) ++ : OPENSSL_ppccap_P & PPC_ALTIVEC ++ ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) ++ : ChaCha20_ctr32_int(out, inp, len, key, counter); + } +diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl +index 2ee4440..4590340 100755 +--- a/crypto/perlasm/ppc-xlate.pl ++++ b/crypto/perlasm/ppc-xlate.pl +@@ -293,6 +293,14 @@ my $vpermdi = sub { # xxpermdi + $dm = oct($dm) if ($dm =~ /^0/); + " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; + }; ++my $vxxlor = sub { # xxlor ++ my ($f, $vrt, $vra, $vrb) = @_; ++ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|6; ++}; ++my $vxxlorc = sub { # xxlor ++ my ($f, $vrt, $vra, $vrb) = @_; ++ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|1; ++}; + + # PowerISA 2.07 stuff + sub vcrypto_op { +@@ -377,6 +385,15 @@ my $addex = sub { + }; + my $vmsumudm = sub { vfour_vsr(@_, 35); }; + ++# PowerISA 3.1 stuff ++my $brd = sub { ++ my ($f, $ra, $rs) = @_; ++ " .long ".sprintf "0x%X",(31<<26)|($rs<<21)|($ra<<16)|(187<<1); ++}; ++my $vsrq = sub { vcrypto_op(@_, 517); }; ++ ++ ++ + while($line=<>) { + + $line =~ s|[#!;].*$||; # get rid of asm-style comments... +diff --git a/crypto/ppccap.c b/crypto/ppccap.c +index 8bcfed2..664627c 100644 +--- a/crypto/ppccap.c ++++ b/crypto/ppccap.c +@@ -45,6 +45,7 @@ void OPENSSL_ppc64_probe(void); + void OPENSSL_altivec_probe(void); + void OPENSSL_crypto207_probe(void); + void OPENSSL_madd300_probe(void); ++void OPENSSL_brd31_probe(void); + + long OPENSSL_rdtsc_mftb(void); + long OPENSSL_rdtsc_mfspr268(void); +@@ -117,16 +118,21 @@ static unsigned long getauxval(unsigned long key) + #endif + + /* I wish was universally available */ +-#define HWCAP 16 /* AT_HWCAP */ ++#ifndef AT_HWCAP ++# define AT_HWCAP 16 /* AT_HWCAP */ ++#endif + #define HWCAP_PPC64 (1U << 30) + #define HWCAP_ALTIVEC (1U << 28) + #define HWCAP_FPU (1U << 27) + #define HWCAP_POWER6_EXT (1U << 9) + #define HWCAP_VSX (1U << 7) + +-#define HWCAP2 26 /* AT_HWCAP2 */ ++#ifndef AT_HWCAP2 ++# define AT_HWCAP2 26 /* AT_HWCAP2 */ ++#endif + #define HWCAP_VEC_CRYPTO (1U << 25) + #define HWCAP_ARCH_3_00 (1U << 23) ++#define HWCAP_ARCH_3_1 (1U << 18) + + # if defined(__GNUC__) && __GNUC__>=2 + __attribute__ ((constructor)) +@@ -187,6 +193,9 @@ void OPENSSL_cpuid_setup(void) + if (__power_set(0xffffffffU<<17)) /* POWER9 and later */ + OPENSSL_ppccap_P |= PPC_MADD300; + ++ if (__power_set(0xffffffffU<<18)) /* POWER10 and later */ ++ OPENSSL_ppccap_P |= PPC_BRD31; ++ + return; + # endif + #endif +@@ -215,8 +224,8 @@ void OPENSSL_cpuid_setup(void) + + #ifdef OSSL_IMPLEMENT_GETAUXVAL + { +- unsigned long hwcap = getauxval(HWCAP); +- unsigned long hwcap2 = getauxval(HWCAP2); ++ unsigned long hwcap = getauxval(AT_HWCAP); ++ unsigned long hwcap2 = getauxval(AT_HWCAP2); + + if (hwcap & HWCAP_FPU) { + OPENSSL_ppccap_P |= PPC_FPU; +@@ -242,6 +251,10 @@ void OPENSSL_cpuid_setup(void) + if (hwcap2 & HWCAP_ARCH_3_00) { + OPENSSL_ppccap_P |= PPC_MADD300; + } ++ ++ if (hwcap2 & HWCAP_ARCH_3_1) { ++ OPENSSL_ppccap_P |= PPC_BRD31; ++ } + } + #endif + +@@ -263,7 +276,7 @@ void OPENSSL_cpuid_setup(void) + sigaction(SIGILL, &ill_act, &ill_oact); + + #ifndef OSSL_IMPLEMENT_GETAUXVAL +- if (sigsetjmp(ill_jmp,1) == 0) { ++ if (sigsetjmp(ill_jmp, 1) == 0) { + OPENSSL_fpu_probe(); + OPENSSL_ppccap_P |= PPC_FPU; + +diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl +index c6555df..706164a 100755 +--- a/crypto/ppccpuid.pl ++++ b/crypto/ppccpuid.pl +@@ -81,6 +81,17 @@ $code=<<___; + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + ++.globl .OPENSSL_brd31_probe ++.align 4 ++.OPENSSL_brd31_probe: ++ xor r0,r0,r0 ++ brd r3,r0 ++ blr ++ .long 0 ++ .byte 0,12,0x14,0,0,0,0,0 ++.size .OPENSSL_brd31_probe,.-.OPENSSL_brd31_probe ++ ++ + .globl .OPENSSL_wipe_cpu + .align 4 + .OPENSSL_wipe_cpu: +diff --git a/include/crypto/ppc_arch.h b/include/crypto/ppc_arch.h +index 3b3ce4b..fcc846c 100644 +--- a/include/crypto/ppc_arch.h ++++ b/include/crypto/ppc_arch.h +@@ -24,5 +24,6 @@ extern unsigned int OPENSSL_ppccap_P; + # define PPC_MADD300 (1<<4) + # define PPC_MFTB (1<<5) + # define PPC_MFSPR268 (1<<6) ++# define PPC_BRD31 (1<<7) + + #endif diff --git a/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch new file mode 100644 index 0000000..27f86f5 --- /dev/null +++ b/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -0,0 +1,367 @@ +From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 22 Jul 2022 13:59:37 +0200 +Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed + +Review by our lab for FIPS 140-3 certification expects the RSA +encryption and decryption tests to use a supported padding mode, not raw +RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that. + +The FIPS 140-3 Implementation Guidance specifies in section 10.3.A +"Cryptographic Algorithm Self-Test Requirements" that a self-test may be +a known-answer test, a comparison test, or a fault-detection test. + +Comparison tests are not an option, because they would require +a separate implementation of RSA-OAEP, which we do not have. Fault +detection tests require implementing fault detection mechanisms into the +cryptographic algorithm implementation, we we also do not have. + +As a consequence, a known-answer test must be used to test RSA +encryption and decryption, but RSA encryption with OAEP padding is not +deterministic, and thus encryption will always yield different results +that could not be compared to known answers. For this reason, this +change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1), +which is the source of randomness for RSA-OAEP, to a fixed value. This +setting is only available during self-test execution, and the parameter +set using EVP_PKEY_CTX_set_params() will be ignored otherwise. + +Signed-off-by: Clemens Lang +--- + crypto/rsa/rsa_local.h | 8 ++ + crypto/rsa/rsa_oaep.c | 34 ++++++-- + include/openssl/core_names.h | 3 + + providers/fips/self_test_data.inc | 83 +++++++++++-------- + providers/fips/self_test_kats.c | 7 ++ + .../implementations/asymciphers/rsa_enc.c | 41 ++++++++- + 6 files changed, 133 insertions(+), 43 deletions(-) + +diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h +index ea70da05ad..dde57a1a0e 100644 +--- a/crypto/rsa/rsa_local.h ++++ b/crypto/rsa/rsa_local.h +@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to + int tlen, const unsigned char *from, + int flen); + ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md, ++ const char *redhat_st_seed); ++ + #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ +diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c +index d9be1a4f98..b2f7f7dc4b 100644 +--- a/crypto/rsa/rsa_oaep.c ++++ b/crypto/rsa/rsa_oaep.c +@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + param, plen, NULL, NULL); + } + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_asym_cipher_st; ++#endif /* FIPS_MODULE */ ++ + /* + * Perform the padding as per NIST 800-56B 7.2.2.3 + * from (K) is the key material. +@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + * Step numbers are included here but not in the constant time inverse below + * to avoid complicating an already difficult enough function. + */ +-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, +- unsigned char *to, int tlen, +- const unsigned char *from, int flen, +- const unsigned char *param, +- int plen, const EVP_MD *md, +- const EVP_MD *mgf1md) ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md, ++ const char *redhat_st_seed) + { + int rv = 0; + int i, emlen = tlen - 1; +@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + db[emlen - flen - mdlen - 1] = 0x01; + memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); + /* step 3d: generate random byte string */ ++#ifdef FIPS_MODULE ++ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { ++ memcpy(seed, redhat_st_seed, mdlen); ++ } else ++#endif + if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) + goto err; + +@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + return rv; + } + ++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, ++ unsigned char *to, int tlen, ++ const unsigned char *from, int flen, ++ const unsigned char *param, ++ int plen, const EVP_MD *md, ++ const EVP_MD *mgf1md) ++{ ++ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, ++ flen, param, plen, md, ++ mgf1md, NULL); ++} ++ + int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 59a6e79566..11216fb8f8 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -469,6 +469,9 @@ extern "C" { + #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" + #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" + #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" ++#ifdef FIPS_MODULE ++#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" ++#endif + + /* + * Encoder / decoder parameters +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index 4e30ec56dd..0103c87528 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { + ST_KAT_PARAM_END() + }; + ++/*- ++ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the ++ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient ++ * HP/UX PA-RISC compilers. ++ */ ++static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; ++static const char oaep_fixed_seed[] = { ++ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, ++ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, ++ 0x2e, 0x4b, 0x2c, 0xe6 ++}; ++ + static const ST_KAT_PARAM rsa_enc_params[] = { +- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, +- OSSL_PKEY_RSA_PAD_MODE_NONE), ++ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), ++ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, ++ oaep_fixed_seed), + ST_KAT_PARAM_END() + }; + +@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = { + 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 + }; + +-static const unsigned char rsa_asym_plaintext_encrypt[256] = { ++static const unsigned char rsa_asym_plaintext_encrypt[208] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + }; + static const unsigned char rsa_asym_expected_encrypt[256] = { +- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, +- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, +- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, +- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, +- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, +- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, +- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, +- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, +- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, +- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, +- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, +- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, +- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, +- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, +- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, +- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, +- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, +- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, +- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, +- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, +- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, +- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, +- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, +- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, +- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, +- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, +- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, +- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, +- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, +- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, +- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, +- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, ++ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, ++ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, ++ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, ++ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, ++ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, ++ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, ++ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, ++ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, ++ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, ++ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, ++ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, ++ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, ++ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, ++ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, ++ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, ++ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, ++ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, ++ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, ++ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, ++ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, ++ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, ++ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, ++ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, ++ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, ++ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, ++ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, ++ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, ++ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, ++ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, ++ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, ++ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, ++ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 + }; + + #ifndef OPENSSL_NO_EC +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index 064794d9bf..b6d5e8e134 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + return ret; + } + ++int REDHAT_FIPS_asym_cipher_st = 0; ++ + static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + { + int i, ret = 1; + ++ REDHAT_FIPS_asym_cipher_st = 1; ++ + for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { + if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) + ret = 0; + } ++ ++ REDHAT_FIPS_asym_cipher_st = 0; ++ + return ret; + } + +diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c +index 00cf65fcd6..83be3d8ede 100644 +--- a/providers/implementations/asymciphers/rsa_enc.c ++++ b/providers/implementations/asymciphers/rsa_enc.c +@@ -30,6 +30,9 @@ + #include "prov/implementations.h" + #include "prov/providercommon.h" + #include "prov/securitycheck.h" ++#ifdef FIPS_MODULE ++# include "crypto/rsa/rsa_local.h" ++#endif + + #include + +@@ -75,6 +78,9 @@ typedef struct { + /* TLS padding */ + unsigned int client_version; + unsigned int alt_version; ++#ifdef FIPS_MODULE ++ char *redhat_st_oaep_seed; ++#endif /* FIPS_MODULE */ + } PROV_RSA_CTX; + + static void *rsa_newctx(void *provctx) +@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + return 0; + } + ret = +- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, ++#ifdef FIPS_MODULE ++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( ++#else ++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( ++#endif ++ prsactx->libctx, tbuf, + rsasize, in, inlen, + prsactx->oaep_label, + prsactx->oaep_labellen, + prsactx->oaep_md, +- prsactx->mgf1_md); ++ prsactx->mgf1_md ++#ifdef FIPS_MODULE ++ , prsactx->redhat_st_oaep_seed ++#endif ++ ); + + if (!ret) { + OPENSSL_free(tbuf); +@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx) + EVP_MD_free(prsactx->oaep_md); + EVP_MD_free(prsactx->mgf1_md); + OPENSSL_free(prsactx->oaep_label); ++#ifdef FIPS_MODULE ++ OPENSSL_free(prsactx->redhat_st_oaep_seed); ++#endif /* FIPS_MODULE */ + + OPENSSL_free(prsactx); + } +@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + NULL, 0), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), ++#endif /* FIPS_MODULE */ + OSSL_PARAM_END + }; + +@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, + return known_gettable_ctx_params; + } + ++#ifdef FIPS_MODULE ++extern int REDHAT_FIPS_asym_cipher_st; ++#endif /* FIPS_MODULE */ ++ + static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + { + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; +@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + prsactx->oaep_labellen = tmp_labellen; + } + ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); ++ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { ++ void *tmp_oaep_seed = NULL; ++ ++ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) ++ return 0; ++ OPENSSL_free(prsactx->redhat_st_oaep_seed); ++ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; ++ } ++#endif /* FIPS_MODULE */ ++ + p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); + if (p != NULL) { + unsigned int client_version; +-- +2.37.1 + diff --git a/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch new file mode 100644 index 0000000..c7e4731 --- /dev/null +++ b/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -0,0 +1,313 @@ +From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 15 Jul 2022 17:45:40 +0200 +Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test + +In review for FIPS 140-3, the lack of a self-test for the digest_sign +and digest_verify provider functions was highlighted as a problem. NIST +no longer provides ACVP tests for the RSA SigVer primitive (see +https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 +recommends the use of functions that compute the digest and signature +within the module, we have been advised in our module review that the +self tests should also use the combined digest and signature APIs, i.e. +the digest_sign and digest_verify provider functions. + +Modify the signature self-test to use these instead by switching to +EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to +crypto/evp/m_sigver.c to make these functions usable in the FIPS module. + +Signed-off-by: Clemens Lang +--- + crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ + providers/fips/self_test_kats.c | 37 +++++++++++++++------------- + 2 files changed, 56 insertions(+), 24 deletions(-) + +diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c +index db1a1d7bc3..c94c3c53bd 100644 +--- a/crypto/evp/m_sigver.c ++++ b/crypto/evp/m_sigver.c +@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) + ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); + return 0; + } ++#endif /* !defined(FIPS_MODULE) */ + + /* + * If we get the "NULL" md then the name comes back as "UNDEF". We want to use +@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + reinit = 0; + if (e == NULL) + ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); ++#ifndef FIPS_MODULE + else + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); ++#endif /* !defined(FIPS_MODULE) */ + } + if (ctx->pctx == NULL) + return 0; +@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + locpctx = ctx->pctx; + ERR_set_mark(); + ++#ifndef FIPS_MODULE + if (evp_pkey_ctx_is_legacy(locpctx)) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + /* do not reinitialize if pkey is set or operation is different */ + if (reinit +@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + signature = + evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_sig, locpctx->propquery); ++#ifndef FIPS_MODULE + if (signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + break; + } + if (signature == NULL) +@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->fetched_digest != NULL) { + ctx->digest = ctx->reqdigest = ctx->fetched_digest; ++#ifndef FIPS_MODULE + } else { + /* legacy engine support : remove the mark when this is deleted */ + ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); +@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } ++#endif /* !defined(FIPS_MODULE) */ + } + (void)ERR_pop_to_mark(); + } + } + ++#ifndef FIPS_MODULE + if (ctx->reqdigest != NULL + && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) + && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) +@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + goto err; + } + } ++#endif /* !defined(FIPS_MODULE) */ + + if (ver) { + if (signature->digest_verify_init == NULL) { +@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + EVP_KEYMGMT_free(tmp_keymgmt); + return 0; + ++#ifndef FIPS_MODULE + legacy: + /* + * If we don't have the full support we need with provided methods, +@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + ctx->pctx->flag_call_digest_custom = 1; + + ret = 1; ++#endif /* !defined(FIPS_MODULE) */ + + end: + #ifndef FIPS_MODULE +@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, + NULL); + } +-#endif /* FIPS_MDOE */ + + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + { +@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) + return EVP_DigestUpdate(ctx, data, dsize); + } + +-#ifndef FIPS_MODULE + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ int r = 0; ++#ifndef FIPS_MODULE ++ int sctx = 0; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, + sigret, siglen, + (siglen == NULL) ? 0 : *siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + sigret, siglen, + (siglen == NULL) ? 0 : *siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + } + } + return 1; ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, +@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { +- unsigned char md[EVP_MAX_MD_SIZE]; + int r = 0; ++#ifndef FIPS_MODULE ++ unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + int vctx = 0; +- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; ++ EVP_PKEY_CTX *dctx; ++#endif /* !defined(FIPS_MODULE) */ ++ EVP_PKEY_CTX *pctx = ctx->pctx; + ++#ifndef FIPS_MODULE + if (pctx == NULL + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) + goto legacy; ++#endif /* !defined(FIPS_MODULE) */ + + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) + return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, + sig, siglen); ++#ifndef FIPS_MODULE + dctx = EVP_PKEY_CTX_dup(pctx); + if (dctx == NULL) + return 0; +@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, + sig, siglen); + EVP_PKEY_CTX_free(dctx); ++#endif /* !defined(FIPS_MODULE) */ + return r; + ++#ifndef FIPS_MODULE + legacy: + if (pctx == NULL || pctx->pmeth == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); +@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + if (vctx || !r) + return r; + return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); ++#endif /* !defined(FIPS_MODULE) */ + } + + int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + return -1; + return EVP_DigestVerifyFinal(ctx, sigret, siglen); + } +-#endif /* FIPS_MODULE */ +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index b6d5e8e134..77eec075e6 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t, + int ret = 0; + OSSL_PARAM *params = NULL, *params_sig = NULL; + OSSL_PARAM_BLD *bld = NULL; ++ EVP_MD *md = NULL; ++ EVP_MD_CTX *ctx = NULL; + EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; + EVP_PKEY *pkey = NULL; +- unsigned char sig[256]; + BN_CTX *bnctx = NULL; + BIGNUM *K = NULL; ++ const char *msg = "Hello World!"; ++ unsigned char sig[256]; + size_t siglen = sizeof(sig); + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, +@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, + || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) + goto err; + +- /* Create a EVP_PKEY_CTX to use for the signing operation */ +- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); +- if (sctx == NULL +- || EVP_PKEY_sign_init(sctx) <= 0) +- goto err; +- +- /* set signature parameters */ +- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, +- t->mdalgorithm, +- strlen(t->mdalgorithm) + 1)) +- goto err; ++ /* Create a EVP_MD_CTX to use for the signature operation, assign signature ++ * parameters and sign */ + params_sig = OSSL_PARAM_BLD_to_param(bld); +- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) ++ md = EVP_MD_fetch(libctx, "SHA256", NULL); ++ ctx = EVP_MD_CTX_new(); ++ if (md == NULL || ctx == NULL) ++ goto err; ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 ++ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 ++ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 ++ || EVP_MD_CTX_reset(ctx) <= 0) + goto err; + +- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 +- || EVP_PKEY_verify_init(sctx) <= 0 ++ /* sctx is not freed automatically inside the FIPS module */ ++ EVP_PKEY_CTX_free(sctx); ++ sctx = NULL; ++ ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); ++ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 + || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) + goto err; + +@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, + goto err; + + OSSL_SELF_TEST_oncorrupt_byte(st, sig); +- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) ++ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) + goto err; + ret = 1; + err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); +- EVP_PKEY_CTX_free(kctx); ++ EVP_MD_free(md); ++ EVP_MD_CTX_free(ctx); ++ /* sctx is not freed automatically inside the FIPS module */ + EVP_PKEY_CTX_free(sctx); ++ EVP_PKEY_CTX_free(kctx); + OSSL_PARAM_free(params); + OSSL_PARAM_free(params_sig); + OSSL_PARAM_BLD_free(bld); +-- +2.37.1 + diff --git a/SOURCES/0075-FIPS-Use-FFDHE2048-in-self-test.patch b/SOURCES/0075-FIPS-Use-FFDHE2048-in-self-test.patch new file mode 100644 index 0000000..096e62d --- /dev/null +++ b/SOURCES/0075-FIPS-Use-FFDHE2048-in-self-test.patch @@ -0,0 +1,378 @@ +From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 22 Jul 2022 17:51:16 +0200 +Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test + +Signed-off-by: Clemens Lang +--- + providers/fips/self_test_data.inc | 342 +++++++++++++++--------------- + 1 file changed, 172 insertions(+), 170 deletions(-) + +diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc +index a29cc650b5..1b5623833f 100644 +--- a/providers/fips/self_test_data.inc ++++ b/providers/fips/self_test_data.inc +@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = + + #ifndef OPENSSL_NO_DH + /* DH KAT */ ++/* RFC7919 FFDHE2048 p */ + static const unsigned char dh_p[] = { +- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, +- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, +- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, +- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, +- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, +- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, +- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, +- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, +- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, +- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, +- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, +- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, +- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, +- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, +- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, +- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, +- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, +- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, +- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, +- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, +- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, +- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, +- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, +- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, +- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, +- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, +- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, +- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, +- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, +- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, +- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, +- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 +-}; ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, ++ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, ++ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, ++ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, ++ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, ++ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, ++ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, ++ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, ++ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, ++ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, ++ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, ++ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, ++ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, ++ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, ++ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, ++ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, ++ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, ++ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, ++ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, ++ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, ++ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, ++ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, ++ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, ++ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, ++ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, ++ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, ++ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, ++ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, ++ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, ++ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ++}; ++/* RFC7919 FFDHE2048 q */ + static const unsigned char dh_q[] = { +- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, +- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, +- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, +- 0x11, 0xac, 0xb5, 0x7d +-}; ++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d, ++ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, ++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, ++ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd, ++ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, ++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, ++ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd, ++ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, ++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, ++ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79, ++ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, ++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, ++ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39, ++ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, ++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, ++ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0, ++ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, ++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, ++ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa, ++ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, ++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, ++ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76, ++ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, ++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, ++ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1, ++ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, ++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, ++ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9, ++ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, ++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ++}; ++/* RFC7919 FFDHE2048 g */ + static const unsigned char dh_g[] = { +- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, +- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, +- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, +- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, +- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, +- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, +- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, +- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, +- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, +- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, +- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, +- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, +- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, +- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, +- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, +- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, +- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, +- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, +- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, +- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, +- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, +- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, +- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, +- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, +- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, +- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, +- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, +- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, +- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, +- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, +- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, +- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 ++ 0x02 + }; + static const unsigned char dh_priv[] = { +- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, +- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, +- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, +- 0x40, 0xb8, 0xfc, 0xe6 ++ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f, ++ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d, ++ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d, ++ 0x6c, 0xdc, 0x5d, 0x6e, 0x94 + }; + static const unsigned char dh_pub[] = { +- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, +- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, +- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, +- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, +- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, +- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, +- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, +- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, +- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, +- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, +- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, +- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, +- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, +- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, +- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, +- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, +- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, +- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, +- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, +- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, +- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, +- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, +- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, +- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, +- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, +- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, +- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, +- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, +- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, +- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, +- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, +- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 ++ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05, ++ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f, ++ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43, ++ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23, ++ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a, ++ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b, ++ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c, ++ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63, ++ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38, ++ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6, ++ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a, ++ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94, ++ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92, ++ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44, ++ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53, ++ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13, ++ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30, ++ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b, ++ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01, ++ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d, ++ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18, ++ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81, ++ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f, ++ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7, ++ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39, ++ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed, ++ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71, ++ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce, ++ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04, ++ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69, ++ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed, ++ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2, ++ 0x32 + }; + static const unsigned char dh_peer_pub[] = { +- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, +- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, +- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, +- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, +- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, +- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, +- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, +- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, +- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, +- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, +- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, +- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, +- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, +- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, +- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, +- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, +- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, +- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, +- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, +- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, +- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, +- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, +- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, +- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, +- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, +- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, +- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, +- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, +- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, +- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, +- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, +- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b ++ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79, ++ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda, ++ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29, ++ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84, ++ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57, ++ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5, ++ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68, ++ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c, ++ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6, ++ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20, ++ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d, ++ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3, ++ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a, ++ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77, ++ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73, ++ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53, ++ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1, ++ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05, ++ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a, ++ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5, ++ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9, ++ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91, ++ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31, ++ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f, ++ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4, ++ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e, ++ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59, ++ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84, ++ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a, ++ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd, ++ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2, ++ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87, ++ 0x64 + }; + + static const unsigned char dh_secret_expected[] = { +- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, +- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, +- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, +- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, +- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, +- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, +- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, +- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, +- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, +- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, +- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, +- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, +- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, +- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, +- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, +- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, +- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, +- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, +- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, +- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, +- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, +- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, +- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, +- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, +- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, +- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, +- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, +- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, +- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, +- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, +- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, +- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 ++ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5, ++ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5, ++ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93, ++ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5, ++ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e, ++ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39, ++ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04, ++ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d, ++ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c, ++ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47, ++ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae, ++ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08, ++ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19, ++ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8, ++ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f, ++ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e, ++ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2, ++ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d, ++ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4, ++ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4, ++ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66, ++ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46, ++ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0, ++ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70, ++ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c, ++ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f, ++ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25, ++ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc, ++ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02, ++ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04, ++ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1, ++ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89 + }; + + static const ST_KAT_PARAM dh_group[] = { +-- +2.35.3 + diff --git a/SOURCES/0076-FIPS-140-3-DRBG.patch b/SOURCES/0076-FIPS-140-3-DRBG.patch new file mode 100644 index 0000000..0d91598 --- /dev/null +++ b/SOURCES/0076-FIPS-140-3-DRBG.patch @@ -0,0 +1,129 @@ +diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c +--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200 ++++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200 +@@ -48,6 +48,8 @@ + # include + # include + # include ++# include ++# include + + static uint64_t get_time_stamp(void); + static uint64_t get_timer_bits(void); +@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf, + * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion + * between size_t and ssize_t is safe even without a range check. + */ +- +- /* +- * Do runtime detection to find getentropy(). +- * +- * Known OSs that should support this: +- * - Darwin since 16 (OSX 10.12, IOS 10.0). +- * - Solaris since 11.3 +- * - OpenBSD since 5.6 +- * - Linux since 3.17 with glibc 2.25 +- * - FreeBSD since 12.0 (1200061) +- * +- * Note: Sometimes getentropy() can be provided but not implemented +- * internally. So we need to check errno for ENOSYS +- */ +-# if !defined(__DragonFly__) && !defined(__NetBSD__) +-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) +- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); +- +- if (getentropy != NULL) { +- if (getentropy(buf, buflen) == 0) +- return (ssize_t)buflen; +- if (errno != ENOSYS) +- return -1; +- } +-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) +- +- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) +- return (ssize_t)buflen; +- +- return -1; +-# else +- union { +- void *p; +- int (*f)(void *buffer, size_t length); +- } p_getentropy; +- +- /* +- * We could cache the result of the lookup, but we normally don't +- * call this function often. +- */ +- ERR_set_mark(); +- p_getentropy.p = DSO_global_lookup("getentropy"); +- ERR_pop_to_mark(); +- if (p_getentropy.p != NULL) +- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; +-# endif +-# endif /* !__DragonFly__ */ +- +- /* Linux supports this since version 3.17 */ +-# if defined(__linux) && defined(__NR_getrandom) +- return syscall(__NR_getrandom, buf, buflen, 0); +-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +- return sysctl_random(buf, buflen); +-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ +- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) +- return getrandom(buf, buflen, 0); +-# else +- errno = ENOSYS; +- return -1; +-# endif ++ /* Red Hat uses downstream patch to always seed from getrandom() */ ++ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); + } + # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ + +diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c +--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200 ++++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200 +@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb + #endif + } + ++#ifdef FIPS_MODULE ++ prediction_resistance = 1; ++#endif + /* Reseed using our sources in addition */ + entropylen = get_entropy(drbg, &entropy, drbg->strength, + drbg->min_entropylen, drbg->max_entropylen, +diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c +--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200 ++++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200 +@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused + size_t entropy_available; + RAND_POOL *pool; + +- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); ++ /* ++ * OpenSSL still implements an internal entropy pool of ++ * some size that is hashed to get seed data. ++ * Note that this is a conditioning step for which SP800-90C requires ++ * 64 additional bits from the entropy source to claim the requested ++ * amount of entropy. ++ */ ++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); + if (pool == NULL) { + ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); + return 0; +diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c +--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200 ++++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200 +@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG + * to the nearest byte. If the entropy is of less than full quality, + * the amount required should be scaled up appropriately here. + */ +- bytes_needed = (entropy + 7) / 8; ++ /* ++ * FIPS 140-3: the yet draft SP800-90C requires requested entropy ++ * + 128 bits during initial seeding ++ */ ++ bytes_needed = (entropy + 128 + 7) / 8; + if (bytes_needed < min_len) + bytes_needed = min_len; + if (bytes_needed > max_len) diff --git a/SOURCES/0077-FIPS-140-3-zeroization.patch b/SOURCES/0077-FIPS-140-3-zeroization.patch new file mode 100644 index 0000000..f6a50a5 --- /dev/null +++ b/SOURCES/0077-FIPS-140-3-zeroization.patch @@ -0,0 +1,76 @@ +diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c +--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200 ++++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200 +@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa + + void ossl_ffc_params_cleanup(FFC_PARAMS *params) + { +- BN_free(params->p); +- BN_free(params->q); +- BN_free(params->g); +- BN_free(params->j); ++ BN_clear_free(params->p); ++ BN_clear_free(params->q); ++ BN_clear_free(params->g); ++ BN_clear_free(params->j); + OPENSSL_free(params->seed); + ossl_ffc_params_init(params); + } +diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c +--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200 ++++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200 +@@ -155,8 +155,8 @@ void RSA_free(RSA *r) + + CRYPTO_THREAD_lock_free(r->lock); + +- BN_free(r->n); +- BN_free(r->e); ++ BN_clear_free(r->n); ++ BN_clear_free(r->e); + BN_clear_free(r->d); + BN_clear_free(r->p); + BN_clear_free(r->q); +diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c +--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200 ++++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200 +@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx) + void *provctx = ctx->provctx; + + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_free(ctx->prefix); + OPENSSL_free(ctx->label); + OPENSSL_clear_free(ctx->data, ctx->data_len); +diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c +--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200 ++++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200 +@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct + static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) + { + ossl_prov_digest_reset(&ctx->digest); +- OPENSSL_free(ctx->salt); ++ OPENSSL_clear_free(ctx->salt, ctx->salt_len); + OPENSSL_clear_free(ctx->pass, ctx->pass_len); + memset(ctx, 0, sizeof(*ctx)); + } +diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c +--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200 ++++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200 +@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g + + void EC_POINT_free(EC_POINT *point) + { ++#ifdef FIPS_MODULE ++ EC_POINT_clear_free(point); ++#else + if (point == NULL) + return; + + if (point->meth->point_finish != 0) + point->meth->point_finish(point); + OPENSSL_free(point); ++#endif + } + + void EC_POINT_clear_free(EC_POINT *point) diff --git a/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch new file mode 100644 index 0000000..31e3c7d --- /dev/null +++ b/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch @@ -0,0 +1,119 @@ +From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 11 Aug 2022 09:27:12 +0200 +Subject: [PATCH] Add FIPS indicator parameter to HKDF + +NIST considers HKDF only acceptable when used as in TLS 1.3, and +otherwise unapproved. Add an explicit indicator attached to the +EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to +determine whether the KDF operation was approved after performing it. + +Related: rhbz#2114772 +Signed-off-by: Clemens Lang +--- + include/openssl/core_names.h | 1 + + include/openssl/kdf.h | 4 ++ + providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++ + 3 files changed, 58 insertions(+) + +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 21c94d0488..87786680d7 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -223,6 +223,7 @@ extern "C" { + #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" + #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" + #define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" ++#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator" + + /* Known KDF names */ + #define OSSL_KDF_NAME_HKDF "HKDF" +diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h +index 0983230a48..869f23d8fb 100644 +--- a/include/openssl/kdf.h ++++ b/include/openssl/kdf.h +@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf, + # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 + # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + ++# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1 ++# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2 ++ + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 + #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c +index afdb7138e1..9d28d292d8 100644 +--- a/providers/implementations/kdfs/hkdf.c ++++ b/providers/implementations/kdfs/hkdf.c +@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + return 0; + return OSSL_PARAM_set_size_t(p, sz); + } ++ ++#ifdef FIPS_MODULE ++ if ((p = OSSL_PARAM_locate(params, ++ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) { ++ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED; ++ switch (ctx->mode) { ++ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: ++ /* TLS 1.3 never uses extract-and-expand */ ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ break; ++ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: ++ { ++ /* When TLS 1.3 uses extract, the following holds: ++ * 1. The salt length matches the hash length, and either ++ * 2.1. the key is all zeroes and matches the hash length, or ++ * 2.2. the key originates from a PSK (resumption_master_secret ++ * or some externally esablished key), or an ECDH or DH key ++ * derivation. See ++ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1. ++ * Unfortunately at this point, we cannot verify where the key ++ * comes from, so all we can do is check the salt length. ++ */ ++ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); ++ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md)) ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; ++ else ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ break; ++ case EVP_KDF_HKDF_MODE_EXPAND_ONLY: ++ /* When TLS 1.3 uses expand, it always provides a label that ++ * contains an uint16 for the length, followed by between 7 and 255 ++ * bytes for a label string that starts with "tls13 " or "dtls13". ++ * For compatibility with future versions, we only check for "tls" ++ * or "dtls". See ++ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and ++ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */ ++ if (ctx->label != NULL ++ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */ ++ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 || ++ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0)) ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; ++ else ++ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ break; ++ } ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + return -2; + } + +@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, + { + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +-- +2.37.1 + diff --git a/SOURCES/0079-CVE-2022-3602.patch b/SOURCES/0079-CVE-2022-3602.patch new file mode 100644 index 0000000..4f935e4 --- /dev/null +++ b/SOURCES/0079-CVE-2022-3602.patch @@ -0,0 +1,399 @@ +diff --git a/crypto/punycode.c b/crypto/punycode.c +index 385b4b1df4..b9b4e3d785 100644 +--- a/crypto/punycode.c ++++ b/crypto/punycode.c +@@ -123,7 +123,6 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, + unsigned int bias = initial_bias; + size_t processed_in = 0, written_out = 0; + unsigned int max_out = *pout_length; +- + unsigned int basic_count = 0; + unsigned int loop; + +@@ -181,11 +180,11 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, + n = n + i / (written_out + 1); + i %= (written_out + 1); + +- if (written_out > max_out) ++ if (written_out >= max_out) + return 0; + + memmove(pDecoded + i + 1, pDecoded + i, +- (written_out - i) * sizeof *pDecoded); ++ (written_out - i) * sizeof(*pDecoded)); + pDecoded[i] = n; + i++; + written_out++; +@@ -255,30 +254,35 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) + */ + char *outptr = out; + const char *inptr = in; +- size_t size = 0; ++ size_t size = 0, maxsize; + int result = 1; +- ++ unsigned int i, j; + unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ +- if (out == NULL) ++ ++ if (out == NULL) { + result = 0; ++ maxsize = 0; ++ } else { ++ maxsize = *outlen; ++ } ++ ++#define PUSHC(c) \ ++ do \ ++ if (size++ < maxsize) \ ++ *outptr++ = c; \ ++ else \ ++ result = 0; \ ++ while (0) + + while (1) { + char *tmpptr = strchr(inptr, '.'); +- size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr); ++ size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); + + if (strncmp(inptr, "xn--", 4) != 0) { +- size += delta + 1; +- +- if (size >= *outlen - 1) +- result = 0; +- +- if (result > 0) { +- memcpy(outptr, inptr, delta + 1); +- outptr += delta + 1; +- } ++ for (i = 0; i < delta + 1; i++) ++ PUSHC(inptr[i]); + } else { + unsigned int bufsize = LABEL_BUF_SIZE; +- unsigned int i; + + if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) + return -1; +@@ -286,26 +290,15 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) + for (i = 0; i < bufsize; i++) { + unsigned char seed[6]; + size_t utfsize = codepoint2utf8(seed, buf[i]); ++ + if (utfsize == 0) + return -1; + +- size += utfsize; +- if (size >= *outlen - 1) +- result = 0; +- +- if (result > 0) { +- memcpy(outptr, seed, utfsize); +- outptr += utfsize; +- } ++ for (j = 0; j < utfsize; j++) ++ PUSHC(seed[j]); + } + +- if (tmpptr != NULL) { +- *outptr = '.'; +- outptr++; +- size++; +- if (size >= *outlen - 1) +- result = 0; +- } ++ PUSHC(tmpptr != NULL ? '.' : '\0'); + } + + if (tmpptr == NULL) +@@ -313,7 +306,9 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) + + inptr = tmpptr + 1; + } ++#undef PUSHC + ++ *outlen = size; + return result; + } + +@@ -327,12 +322,11 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) + + int ossl_a2ucompare(const char *a, const char *u) + { +- char a_ulabel[LABEL_BUF_SIZE]; ++ char a_ulabel[LABEL_BUF_SIZE + 1]; + size_t a_size = sizeof(a_ulabel); + +- if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) { ++ if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) + return -1; +- } + +- return (strcmp(a_ulabel, u) == 0) ? 0 : 1; ++ return strcmp(a_ulabel, u) != 0; + } +diff --git a/test/build.info b/test/build.info +index 9d2d41e417..638f215da6 100644 +--- a/test/build.info ++++ b/test/build.info +@@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}] + exptest pbetest localetest evp_pkey_ctx_new_from_name\ + evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ + evp_fetch_prov_test evp_libctx_test ossl_store_test \ +- v3nametest v3ext \ ++ v3nametest v3ext punycode_test \ + evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ + evp_fetch_prov_test v3nametest v3ext \ + crltest danetest bad_dtls_test lhash_test sparse_array_test \ +@@ -290,6 +290,10 @@ IF[{- !$disabled{tests} -}] + INCLUDE[pkcs7_test]=../include ../apps/include + DEPEND[pkcs7_test]=../libcrypto libtestutil.a + ++ SOURCE[punycode_test]=punycode_test.c ++ INCLUDE[punycode_test]=../include ../apps/include ++ DEPEND[punycode_test]=../libcrypto.a libtestutil.a ++ + SOURCE[stack_test]=stack_test.c + INCLUDE[stack_test]=../include ../apps/include + DEPEND[stack_test]=../libcrypto libtestutil.a +diff --git a/test/punycode_test.c b/test/punycode_test.c +new file mode 100644 +index 0000000000..285ead6966 +--- /dev/null ++++ b/test/punycode_test.c +@@ -0,0 +1,219 @@ ++/* ++ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++ ++#include "crypto/punycode.h" ++#include "internal/nelem.h" ++#include "testutil.h" ++ ++ ++static const struct puny_test { ++ unsigned int raw[50]; ++ const char *encoded; ++} puny_cases[] = { ++ /* Test cases from RFC 3492 */ ++ { /* Arabic (Egyptian) */ ++ { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644, ++ 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F ++ }, ++ "egbpdaj6bu4bxfgehfvwxn" ++ }, ++ { /* Chinese (simplified) */ ++ { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587 ++ }, ++ "ihqwcrb4cv8a8dqg056pqjye" ++ }, ++ { /* Chinese (traditional) */ ++ { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587 ++ }, ++ "ihqwctvzc91f659drss3x8bo0yb" ++ }, ++ { /* Czech: Proprostnemluvesky */ ++ { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074, ++ 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, ++ 0x0065, 0x0073, 0x006B, 0x0079 ++ }, ++ "Proprostnemluvesky-uyb24dma41a" ++ }, ++ { /* Hebrew */ ++ { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8, ++ 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, ++ 0x05D1, 0x05E8, 0x05D9, 0x05EA ++ }, ++ "4dbcagdahymbxekheh6e0a7fei0b" ++ }, ++ { /* Hindi (Devanagari) */ ++ { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D, ++ 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, ++ 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, ++ 0x0939, 0x0948, 0x0902 ++ }, ++ "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd" ++ }, ++ { /* Japanese (kanji and hiragana) */ ++ { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092, ++ 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B ++ }, ++ "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa" ++ }, ++ { /* Korean (Hangul syllables) */ ++ { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774, ++ 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, ++ 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C ++ }, ++ "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c" ++ }, ++ { /* Russian (Cyrillic) */ ++ { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E, ++ 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, ++ 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, ++ 0x0438 ++ }, ++ "b1abfaaepdrnnbgefbaDotcwatmq2g4l" ++ }, ++ { /* Spanish */ ++ { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070, ++ 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, ++ 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, ++ 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, ++ 0x0061, 0x00F1, 0x006F, 0x006C ++ }, ++ "PorqunopuedensimplementehablarenEspaol-fmd56a" ++ }, ++ { /* Vietnamese */ ++ { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B, ++ 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, ++ 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, ++ 0x0056, 0x0069, 0x1EC7, 0x0074 ++ }, ++ "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g" ++ }, ++ { /* Japanese: 3B */ ++ { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F ++ }, ++ "3B-ww4c5e180e575a65lsy2b" ++ }, ++ { /* Japanese: -with-SUPER-MONKEYS */ ++ { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074, ++ 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, ++ 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053 ++ }, ++ "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n" ++ }, ++ { /* Japanese: Hello-Another-Way- */ ++ { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F, ++ 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, ++ 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240 ++ }, ++ "Hello-Another-Way--fc4qua05auwb3674vfr0b" ++ }, ++ { /* Japanese: 2 */ ++ { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032 ++ }, ++ "2-u9tlzr9756bt3uc0v" ++ }, ++ { /* Japanese: MajiKoi5 */ ++ { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059, ++ 0x308B, 0x0035, 0x79D2, 0x524D ++ }, ++ "MajiKoi5-783gue6qz075azm5e" ++ }, ++ { /* Japanese: de */ ++ { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0 ++ }, ++ "de-jg4avhby1noc0d" ++ }, ++ { /* Japanese: */ ++ { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067 ++ }, ++ "d9juau41awczczp" ++ }, ++ { /* -> $1.00 <- */ ++ { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020, ++ 0x003C, 0x002D ++ }, ++ "-> $1.00 <--" ++ } ++}; ++ ++static int test_punycode(int n) ++{ ++ const struct puny_test *tc = puny_cases + n; ++ unsigned int buffer[50]; ++ unsigned int bsize = OSSL_NELEM(buffer); ++ size_t i; ++ ++ if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded), ++ buffer, &bsize))) ++ return 0; ++ for (i = 0; i < sizeof(tc->raw); i++) ++ if (tc->raw[i] == 0) ++ break; ++ if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer), ++ tc->raw, i * sizeof(*tc->raw))) ++ return 0; ++ return 1; ++} ++ ++static int test_a2ulabel(void) ++{ ++ char out[50]; ++ size_t outlen; ++ ++ /* ++ * Test that no buffer correctly returns the true length. ++ * The punycode being passed in and parsed is malformed but we're not ++ * verifying that behaviour here. ++ */ ++ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0) ++ || !TEST_size_t_eq(outlen, 7) ++ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) ++ return 0; ++ /* Test that a short input length returns the true length */ ++ outlen = 1; ++ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) ++ || !TEST_size_t_eq(outlen, 7) ++ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) ++ || !TEST_str_eq(out,"\xc2\x80.b.c")) ++ return 0; ++ /* Test for an off by one on the buffer size works */ ++ outlen = 6; ++ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) ++ || !TEST_size_t_eq(outlen, 7) ++ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) ++ || !TEST_str_eq(out,"\xc2\x80.b.c")) ++ return 0; ++ return 1; ++} ++ ++static int test_puny_overrun(void) ++{ ++ static const unsigned int out[] = { ++ 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F ++ }; ++ static const char *in = "3B-ww4c5e180e575a65lsy2b"; ++ unsigned int buf[OSSL_NELEM(out)]; ++ unsigned int bsize = OSSL_NELEM(buf) - 1; ++ ++ if (!TEST_false(ossl_punycode_decode(in, strlen(in), buf, &bsize))) { ++ if (TEST_mem_eq(buf, bsize * sizeof(*buf), out, sizeof(out))) ++ TEST_error("CRITICAL: buffer overrun detected!"); ++ return 0; ++ } ++ return 1; ++} ++ ++int setup_tests(void) ++{ ++ ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases)); ++ ADD_TEST(test_a2ulabel); ++ ADD_TEST(test_puny_overrun); ++ return 1; ++} +diff --git a/test/recipes/04-test_punycode.t b/test/recipes/04-test_punycode.t +new file mode 100644 +index 0000000000..de213c7e15 +--- /dev/null ++++ b/test/recipes/04-test_punycode.t +@@ -0,0 +1,11 @@ ++#! /usr/bin/env perl ++# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use OpenSSL::Test::Simple; ++ ++simple_test("test_punycode", "punycode_test"); diff --git a/SOURCES/Makefile.certificate b/SOURCES/Makefile.certificate new file mode 100644 index 0000000..cc88c52 --- /dev/null +++ b/SOURCES/Makefile.certificate @@ -0,0 +1,82 @@ +UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) +DAYS=365 +KEYLEN=2048 +TYPE=rsa:$(KEYLEN) +EXTRA_FLAGS= +ifdef SERIAL + EXTRA_FLAGS+=-set_serial $(SERIAL) +endif + +.PHONY: usage +.SUFFIXES: .key .csr .crt .pem +.PRECIOUS: %.key %.csr %.crt %.pem + +usage: + @echo "This makefile allows you to create:" + @echo " o public/private key pairs" + @echo " o SSL certificate signing requests (CSRs)" + @echo " o self-signed SSL test certificates" + @echo + @echo "To create a key pair, run \"make SOMETHING.key\"." + @echo "To create a CSR, run \"make SOMETHING.csr\"." + @echo "To create a test certificate, run \"make SOMETHING.crt\"." + @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." + @echo + @echo "To create a key for use with Apache, run \"make genkey\"." + @echo "To create a CSR for use with Apache, run \"make certreq\"." + @echo "To create a test certificate for use with Apache, run \"make testcert\"." + @echo + @echo "To create a test certificate with serial number other than random, add SERIAL=num" + @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" + @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS" + @echo + @echo Examples: + @echo " make server.key" + @echo " make server.csr" + @echo " make server.crt" + @echo " make stunnel.pem" + @echo " make genkey" + @echo " make certreq" + @echo " make testcert" + @echo " make server.crt SERIAL=1" + @echo " make stunnel.pem EXTRA_FLAGS=-sha384" + @echo " make testcert DAYS=600" + +%.pem: + umask 77 ; \ + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ + cat $$PEM1 > $@ ; \ + echo "" >> $@ ; \ + cat $$PEM2 >> $@ ; \ + $(RM) $$PEM1 $$PEM2 + +%.key: + umask 77 ; \ + /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ + +%.csr: %.key + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $^ -out $@ + +%.crt: %.key + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) + +TLSROOT=/etc/pki/tls +KEY=$(TLSROOT)/private/localhost.key +CSR=$(TLSROOT)/certs/localhost.csr +CRT=$(TLSROOT)/certs/localhost.crt + +genkey: $(KEY) +certreq: $(CSR) +testcert: $(CRT) + +$(CSR): $(KEY) + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) + +$(CRT): $(KEY) + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) diff --git a/SOURCES/configuration-prefix.h b/SOURCES/configuration-prefix.h new file mode 100644 index 0000000..13b6e23 --- /dev/null +++ b/SOURCES/configuration-prefix.h @@ -0,0 +1,7 @@ +/* Prepended at openssl package build-time. Don't include this file directly, + * use instead. */ + +#ifndef openssl_conf_multilib_redirection_h +#error "Don't include this file directly, use instead!" +#endif + diff --git a/SOURCES/configuration-switch.h b/SOURCES/configuration-switch.h new file mode 100644 index 0000000..1c4d238 --- /dev/null +++ b/SOURCES/configuration-switch.h @@ -0,0 +1,47 @@ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will frequently occur because arch-specific build-time + * configuration options are stored (and used, so they can't just be stripped + * out) in configuration.h. The original configuration.h has been renamed. + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifdef openssl_conf_multilib_redirection_h +#error "Do not define openssl_conf_multilib_redirection_h!" +#endif +#define openssl_conf_multilib_redirection_h + +#if defined(__i386__) +#include "configuration-i386.h" +#elif defined(__ia64__) +#include "configuration-ia64.h" +#elif defined(__mips64) && defined(__MIPSEL__) +#include "configuration-mips64el.h" +#elif defined(__mips64) +#include "configuration-mips64.h" +#elif defined(__mips) && defined(__MIPSEL__) +#include "configuration-mipsel.h" +#elif defined(__mips) +#include "configuration-mips.h" +#elif defined(__powerpc64__) +#include +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#include "configuration-ppc64.h" +#else +#include "configuration-ppc64le.h" +#endif +#elif defined(__powerpc__) +#include "configuration-ppc.h" +#elif defined(__s390x__) +#include "configuration-s390x.h" +#elif defined(__s390__) +#include "configuration-s390.h" +#elif defined(__sparc__) && defined(__arch64__) +#include "configuration-sparc64.h" +#elif defined(__sparc__) +#include "configuration-sparc.h" +#elif defined(__x86_64__) +#include "configuration-x86_64.h" +#else +#error "The openssl-devel package does not work your architecture?" +#endif + +#undef openssl_conf_multilib_redirection_h diff --git a/SOURCES/ec_curve.c b/SOURCES/ec_curve.c new file mode 100644 index 0000000..64ac40b --- /dev/null +++ b/SOURCES/ec_curve.c @@ -0,0 +1,628 @@ +/* + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * ECDSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include "ec_local.h" +#include +#include +#include +#include +#include "internal/nelem.h" + +typedef struct { + int field_type, /* either NID_X9_62_prime_field or + * NID_X9_62_characteristic_two_field */ + seed_len, param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ +} EC_CURVE_DATA; + +/* the nist prime curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; +} _EC_NIST_PRIME_224 = { + { + NID_X9_62_prime_field, 20, 28, 1 + }, + { + /* seed */ + 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, + 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, + /* b */ + 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, + 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, + 0x23, 0x55, 0xFF, 0xB4, + /* x */ + 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, + 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, + 0x11, 0x5C, 0x1D, 0x21, + /* y */ + 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, + 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, + 0x85, 0x00, 0x7e, 0x34, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, + 0x5C, 0x5C, 0x2A, 0x3D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 48 * 6]; +} _EC_NIST_PRIME_384 = { + { + NID_X9_62_prime_field, 20, 48, 1 + }, + { + /* seed */ + 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, + 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, + 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, + 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, + 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, + /* x */ + 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, + 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, + 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, + 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, + /* y */ + 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, + 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, + 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, + 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, + 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 66 * 6]; +} _EC_NIST_PRIME_521 = { + { + NID_X9_62_prime_field, 20, 66, 1 + }, + { + /* seed */ + 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, + /* p */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, + 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, + 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, + 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, + 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, + 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, + /* x */ + 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, + 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, + 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, + 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, + 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, + 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, + /* y */ + 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, + 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, + 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, + 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, + 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, + 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + /* order */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, + 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, + 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, + 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 32 * 6]; +} _EC_X9_62_PRIME_256V1 = { + { + NID_X9_62_prime_field, 20, 32, 1 + }, + { + /* seed */ + 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, + 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, + 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, + 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, + /* x */ + 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, + 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, + 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, + /* y */ + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, + 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_SECG_PRIME_256K1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, + /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + /* x */ + 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, + 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, + 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, + /* y */ + 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, + 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, + 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, + 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 + } +}; + +typedef struct _ec_list_element_st { + int nid; + const EC_CURVE_DATA *data; + const EC_METHOD *(*meth) (void); + const char *comment; +} ec_list_element; + +#ifdef FIPS_MODULE +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ + {NID_secp224r1, &_EC_NIST_PRIME_224.h, +# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp224_method, +# else + 0, +# endif + "NIST/SECG curve over a 224 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +# else + 0, +# endif + "NIST/SECG curve over a 384 bit prime field"}, + + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +# else + 0, +# endif + "NIST/SECG curve over a 521 bit prime field"}, + + /* X9.62 curves */ + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +# if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +# else + 0, +# endif + "X9.62/SECG curve over a 256 bit prime field"}, +}; + +#else + +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +# else + {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, + "NIST/SECG curve over a 224 bit prime field"}, +# endif + {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, + "SECG curve over a 256 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +# else + 0, +# endif + "NIST/SECG curve over a 384 bit prime field"}, + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +# else + 0, +# endif + "NIST/SECG curve over a 521 bit prime field"}, + /* X9.62 curves */ + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +# if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +# else + 0, +# endif + "X9.62/SECG curve over a 256 bit prime field"}, +}; +#endif /* FIPS_MODULE */ + +#define curve_list_length OSSL_NELEM(curve_list) + +static const ec_list_element *ec_curve_nid2curve(int nid) +{ + size_t i; + + if (nid <= 0) + return NULL; + + for (i = 0; i < curve_list_length; i++) { + if (curve_list[i].nid == nid) + return &curve_list[i]; + } + return NULL; +} + +static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, + const char *propq, + const ec_list_element curve) +{ + EC_GROUP *group = NULL; + EC_POINT *P = NULL; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = + NULL; + int ok = 0; + int seed_len, param_len; + const EC_METHOD *meth; + const EC_CURVE_DATA *data; + const unsigned char *params; + + /* If no curve data curve method must handle everything */ + if (curve.data == NULL) + return ossl_ec_group_new_ex(libctx, propq, + curve.meth != NULL ? curve.meth() : NULL); + + if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); + goto err; + } + + data = curve.data; + seed_len = data->seed_len; + param_len = data->param_len; + params = (const unsigned char *)(data + 1); /* skip header */ + params += seed_len; /* skip seed */ + + if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL + || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL + || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); + goto err; + } + + if (curve.meth != 0) { + meth = curve.meth(); + if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || + (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } else if (data->field_type == NID_X9_62_prime_field) { + if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* field_type == + * NID_X9_62_characteristic_two_field */ + + if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } +#endif + + EC_GROUP_set_curve_name(group, curve.nid); + + if ((P = EC_POINT_new(group)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + + if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL + || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL + || !BN_set_word(x, (BN_ULONG)data->cofactor)) { + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); + goto err; + } + if (!EC_GROUP_set_generator(group, P, order, x)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + if (seed_len) { + if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + } + ok = 1; + err: + if (!ok) { + EC_GROUP_free(group); + group = NULL; + } + EC_POINT_free(P); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); + return group; +} + +EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, + int nid) +{ + EC_GROUP *ret = NULL; + const ec_list_element *curve; + + if ((curve = ec_curve_nid2curve(nid)) == NULL + || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { +#ifndef FIPS_MODULE + ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, + "name=%s", OBJ_nid2sn(nid)); +#else + ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); +#endif + return NULL; + } + + return ret; +} + +#ifndef FIPS_MODULE +EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +{ + return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); +} +#endif + +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) +{ + size_t i, min; + + if (r == NULL || nitems == 0) + return curve_list_length; + + min = nitems < curve_list_length ? nitems : curve_list_length; + + for (i = 0; i < min; i++) { + r[i].nid = curve_list[i].nid; + r[i].comment = curve_list[i].comment; + } + + return curve_list_length; +} + +const char *EC_curve_nid2nist(int nid) +{ + return ossl_ec_curve_nid2nist_int(nid); +} + +int EC_curve_nist2nid(const char *name) +{ + return ossl_ec_curve_nist2nid_int(name); +} + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_GROUP_get_field_type(group); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/SOURCES/ectest.c b/SOURCES/ectest.c new file mode 100644 index 0000000..b2708ea --- /dev/null +++ b/SOURCES/ectest.c @@ -0,0 +1,2311 @@ +/* + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * EC_KEY low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include "internal/nelem.h" +#include "testutil.h" + +#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static size_t crv_len = 0; +static EC_builtin_curve *curves = NULL; + +/* test multiplication with group order, long and negative scalars */ +static int group_order_tests(EC_GROUP *group) +{ + BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; + const EC_POINT *G = NULL; + BN_CTX *ctx = NULL; + int i = 0, r = 0; + + if (!TEST_ptr(n1 = BN_new()) + || !TEST_ptr(n2 = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(S = EC_POINT_new(group))) + goto err; + + if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) +#ifndef OPENSSL_NO_DEPRECATED_3_0 + || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) +#endif + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(BN_one(n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + || !TEST_true(BN_sub(n1, order, n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + + for (i = 1; i <= 2; i++) { +#ifndef OPENSSL_NO_DEPRECATED_3_0 + const BIGNUM *scalars[6]; + const EC_POINT *points[6]; +#endif + + if (!TEST_true(BN_set_word(n1, i)) + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx))) + || !TEST_true(BN_one(n1)) + /* n1 = 1 - order */ + || !TEST_true(BN_sub(n1, n1, order)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = 1 + order */ + || !TEST_true(BN_add(n2, order, BN_value_one())) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + || !TEST_true(BN_mul(n2, n1, n2, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + + /* n2 = order^2 - 1 */ + BN_set_negative(n2, 0); + if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + /* Add P to verify the result. */ + || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_false(EC_POINT_is_at_infinity(group, P))) + goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Exercise EC_POINTs_mul, including corner cases. */ + scalars[0] = scalars[1] = BN_value_one(); + points[0] = points[1] = P; + + if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx))) + goto err; + + scalars[0] = n1; + points[0] = Q; /* => infinity */ + scalars[1] = n2; + points[1] = P; /* => -P */ + scalars[2] = n1; + points[2] = Q; /* => infinity */ + scalars[3] = n2; + points[3] = Q; /* => infinity */ + scalars[4] = n1; + points[4] = P; /* => P */ + scalars[5] = n2; + points[5] = Q; /* => infinity */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; +#endif + } + + r = 1; +err: + if (r == 0 && i != 0) + TEST_info(i == 1 ? "allowing precomputation" : + "without precomputation"); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + EC_POINT_free(S); + BN_free(n1); + BN_free(n2); + BN_free(order); + BN_CTX_free(ctx); + return r; +} + +static int prime_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; + EC_GROUP *group = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; +#endif + unsigned char buf[100]; + size_t len, r = 0; + int k; + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + /* + * applications should use EC_GROUP_new_curve_GFp so + * that the library gets to choose the EC_METHOD + */ + || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) + goto err; + + buf[0] = 0; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(yplusone = BN_new())) + goto err; + + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + + if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" + "5044B0B7D7BFD8BA270B39432355FFB4")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" + "4A03C1D356C21122343280D6115C1D21")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF16A2E0B8F03E13DD29455C5C2A3D")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-224 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" + "CD4375A05A07476444D5819985007E34")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 224) + || !group_order_tests(group) + + /* Curve P-256 (FIPS PUB 186-2, App. 6) */ + + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" + "651D06B0CC53B0F63BCE3C3E27D2604B")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" + "BCE6FAADA7179E84F3B9CAC2FC632551")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-256 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 256) + || !group_order_tests(group) + + /* Curve P-384 (FIPS PUB 186-2, App. 6) */ + + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFF")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" + "181D9C6EFE8141120314088F5013875A" + "C656398D8A2ED19D2A85C8EDD3EC2AEF")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" + "6E1D3B628BA79B9859F741E082542A38" + "5502F25DBF55296C3A545E3872760AB7")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFC7634D81F4372DDF" + "581A0DB248B0A77AECEC196ACCC52973")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-384 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29" + "F8F41DBD289A147CE9DA3113B5F0B8C0" + "0A60B1CE1D7E819D7A431D7C90EA0E5F")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 384) + || !group_order_tests(group) + + /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + || !TEST_true(BN_hex2bn(&p, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "051" + "953EB9618E1C9A1F929A21A0B68540EE" + "A2DA725B99B315F3B8B489918EF109E1" + "56193951EC7E937B1652C0BD3BB1BF07" + "3573DF883D2C34F1EF451FD46B503F00")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "C6" + "858E06B70404E9CD9E3ECB662395B442" + "9C648139053FB521F828AF606B4D3DBA" + "A14B5E77EFE75928FE1DC127A2FFA8DE" + "3348B3C1856A429BF97E7E31C2E5BD66")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" + "51868783BF2F966B7FCC0148F709A5D0" + "3BB5C9B8899C47AEBB6FB71E91386409")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-521 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "118" + "39296A789A3BC0045C8A5FB42C7D1BD9" + "98F54449579B446817AFBD17273E662C" + "97EE72995EF42640C550B9013FAD0761" + "353C7086A272C24088BE94769FD16650")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 521) + || !group_order_tests(group) + + /* more tests using the last curve */ + + /* Restore the point that got mangled in the (x, y + 1) test. */ + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_copy(Q, P)) + || !TEST_false(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) + || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_false(EC_POINT_is_at_infinity(group, Q))) + goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + TEST_note("combined multiplication ..."); + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; + + if (!TEST_true(EC_GROUP_get_order(group, z, ctx)) + || !TEST_true(BN_add(y, z, BN_value_one())) + || !TEST_BN_even(y) + || !TEST_true(BN_rshift1(y, y))) + goto err; + + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + /* z is still the group order */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) + || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_add(z, z, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_add(z, x, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!TEST_ptr(scalar3 = BN_new())) + goto err; + BN_zero(scalar3); + scalars[3] = scalar3; + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; +#endif + TEST_note(" ok\n"); + r = 1; +err: + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(yplusone); + BN_free(scalar3); + return r; +} + +static int internal_curve_test(int n) +{ + EC_GROUP *group = NULL; + int nid = curves[n].nid; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", + OBJ_nid2sn(nid)); + return 0; + } + if (!TEST_true(EC_GROUP_check(group, NULL))) { + TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid)); + EC_GROUP_free(group); + return 0; + } + EC_GROUP_free(group); + return 1; +} + +static int internal_curve_test_method(int n) +{ + int r, nid = curves[n].nid; + EC_GROUP *group; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("Curve %s failed\n", OBJ_nid2sn(nid)); + return 0; + } + r = group_order_tests(group); + EC_GROUP_free(group); + return r; +} + +static int group_field_test(void) +{ + int r = 1; + BIGNUM *secp521r1_field = NULL; + BIGNUM *sect163r2_field = NULL; + EC_GROUP *secp521r1_group = NULL; + EC_GROUP *sect163r2_group = NULL; + + BN_hex2bn(&secp521r1_field, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF"); + + + BN_hex2bn(§163r2_field, + "08000000000000000000000000000000" + "00000000C9"); + + secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1); + if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group))) + r = 0; + + # ifndef OPENSSL_NO_EC2M + sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2); + if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group))) + r = 0; + # endif + + EC_GROUP_free(secp521r1_group); + EC_GROUP_free(sect163r2_group); + BN_free(secp521r1_field); + BN_free(sect163r2_field); + return r; +} +/* + * nistp_test_params contains magic numbers for testing + * several NIST curves with characteristic > 3. + */ +struct nistp_test_params { + const int nid; + int degree; + /* + * Qx, Qy and D are taken from + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * Otherwise, values are standard curve parameters from FIPS 180-3 + */ + const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; +}; + +static const struct nistp_test_params nistp_tests_params[] = { + { + /* P-224 */ + NID_secp224r1, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, + { + /* P-256 */ + NID_X9_62_prime256v1, + 256, + /* p */ + "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + /* a */ + "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + /* b */ + "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + /* Qx */ + "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", + /* Qy */ + "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", + /* Gx */ + "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + /* Gy */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + /* order */ + "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + /* d */ + "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", + }, + { + /* P-521 */ + NID_secp521r1, + 521, + /* p */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + /* a */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + /* b */ + "051" + "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" + "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + /* Qx */ + "0098" + "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" + "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + /* Qy */ + "0164" + "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" + "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + /* Gx */ + "c6" + "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" + "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + /* Gy */ + "118" + "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" + "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + /* order */ + "1ff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" + "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + /* d */ + "0100" + "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" + "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + }, +}; + +static int nistp_single_test(int idx) +{ + const struct nistp_test_params *test = nistp_tests_params + idx; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; + BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL; + EC_GROUP *NISTP = NULL; + EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL; + int r = 0; + + TEST_note("NIST curve P-%d (optimised implementation):", + test->degree); + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + + || !TEST_ptr(NISTP = EC_GROUP_new_by_curve_name(test->nid)) + || !TEST_true(BN_hex2bn(&p, test->p)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, test->a)) + || !TEST_true(BN_hex2bn(&b, test->b)) + || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) + || !TEST_ptr(G = EC_POINT_new(NISTP)) + || !TEST_ptr(P = EC_POINT_new(NISTP)) + || !TEST_ptr(Q = EC_POINT_new(NISTP)) + || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP)) + || !TEST_true(BN_hex2bn(&x, test->Qx)) + || !TEST_true(BN_hex2bn(&y, test->Qy)) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, + yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, + ctx)) + || !TEST_true(BN_hex2bn(&x, test->Gx)) + || !TEST_true(BN_hex2bn(&y, test->Gy)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) + || !TEST_true(BN_hex2bn(&order, test->order)) + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) + goto err; + + TEST_note("NIST test vectors ... "); + if (!TEST_true(BN_hex2bn(&n, test->d))) + goto err; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* set generator to P = 2*G, where G is the standard generator */ + || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx)) + || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + /* set the scalar to m=n/2, where n is the NIST test scalar */ + || !TEST_true(BN_rshift(m, n, 1))) + goto err; + + /* test the non-standard generator */ + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* We have not performed precomp so this should be false */ + || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) + /* now repeat all tests with precomputation */ + || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) +#endif + ) + goto err; + + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* reset generator */ + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) + goto err; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + + /* regression test for felem_neg bug */ + if (!TEST_true(BN_set_word(m, 32)) + || !TEST_true(BN_set_word(n, 31)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) + || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) + goto err; + + r = 1; +err: + EC_GROUP_free(NISTP); + EC_POINT_free(G); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(Q_CHECK); + BN_free(n); + BN_free(m); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(x); + BN_free(y); + BN_free(order); + BN_free(yplusone); + BN_CTX_free(ctx); + return r; +} + +static const unsigned char p521_named[] = { + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, +}; + +static const unsigned char p521_explicit[] = { + 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, + 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, + 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, + 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, + 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, + 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, + 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, + 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, + 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, + 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, + 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, + 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, + 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, + 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, + 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, + 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, + 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, + 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, +}; + +/* + * This test validates a named curve's group parameters using + * EC_GROUP_check_named_curve(). It also checks that modifying any of the + * group parameters results in the curve not being valid. + */ +static int check_named_curve_test(int id) +{ + int ret = 0, nid, field_nid, has_seed; + EC_GROUP *group = NULL, *gtest = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_p = NULL, *group_a = NULL, *group_b = NULL; + BIGNUM *other_p = NULL, *other_a = NULL, *other_b = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_order = NULL; + const BIGNUM *group_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(bn_ctx = BN_CTX_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(gtest = EC_GROUP_dup(group)) + || !TEST_ptr(group_p = BN_new()) + || !TEST_ptr(group_a = BN_new()) + || !TEST_ptr(group_b = BN_new()) + || !TEST_ptr(group_cofactor = BN_new()) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_ptr(other_order = BN_dup(group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_ptr(other_a = BN_dup(group_a)) + || !TEST_true(BN_add_word(other_a, 1)) + || !TEST_ptr(other_b = BN_dup(group_b)) + || !TEST_true(BN_add_word(other_b, 1)) + || !TEST_ptr(other_cofactor = BN_dup(group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + /* Determine if the built-in curve has a seed field set */ + has_seed = (EC_GROUP_get_seed_len(group) > 0); + field_nid = EC_GROUP_get_field_type(group); + if (field_nid == NID_X9_62_characteristic_two_field) { + if (!TEST_ptr(other_p = BN_dup(group_p)) + || !TEST_true(BN_lshift1(other_p, other_p))) + goto err; + } else { + if (!TEST_ptr(other_p = BN_dup(group_p))) + goto err; + /* + * Just choosing any arbitrary prime does not work.. + * Setting p via ec_GFp_nist_group_set_curve() needs the prime to be a + * nist prime. So only select one of these as an alternate prime. + */ + if (!TEST_ptr(BN_copy(other_p, + BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? + BN_get0_nist_prime_256() : + BN_get0_nist_prime_192()))) + goto err; + } + + /* Passes because this is a valid curve */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid) + /* Only NIST curves pass */ + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL), + EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) + goto err; + + /* Fail if the curve name doesn't match the parameters */ + EC_GROUP_set_curve_name(group, nid + 1); + ERR_set_mark(); + if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0, NULL), 0)) + goto err; + ERR_pop_to_mark(); + + /* Restore curve name and ensure it's passing */ + EC_GROUP_set_curve_name(group, nid); + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + + if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len), + invalid_seed_len)) + goto err; + + if (has_seed) { + /* + * If the built-in curve has a seed and we set the seed to another value + * then it will fail the check. + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), 0)) + goto err; + } else { + /* + * If the built-in curve does not have a seed then setting the seed will + * pass the check (as the seed is optional). + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + } + /* Pass if the seed is unknown (as it is optional) */ + if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1) + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + + /* Check that a duped group passes */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + /* check that changing any generator parameter fails */ + if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL, + group_cofactor)) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + other_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + /* Check that if the cofactor is not set then it still passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + /* + * check that changing any curve parameter fails + * + * Setting arbitrary p, a or b might fail for some EC_GROUPs + * depending on the internal EC_METHOD implementation, hence run + * these tests conditionally to the success of EC_GROUP_set_curve(). + */ + ERR_set_mark(); + if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + ERR_pop_to_mark(); + + /* Check that restoring the curve parameters passes */ + if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + ret = 1; +err: + BN_free(group_p); + BN_free(other_p); + BN_free(group_a); + BN_free(other_a); + BN_free(group_b); + BN_free(other_b); + BN_free(group_cofactor); + BN_free(other_cofactor); + BN_free(other_order); + EC_POINT_free(other_gen); + EC_GROUP_free(gtest); + EC_GROUP_free(group); + BN_CTX_free(bn_ctx); + return ret; +} + +/* + * This checks the lookup capability of EC_GROUP_check_named_curve() + * when the given group was created with explicit parameters. + * + * It is possible to retrieve an alternative alias that does not match + * the original nid in this case. + */ +static int check_named_curve_lookup_test(int id) +{ + int ret = 0, nid, rv = 0; + EC_GROUP *g = NULL , *ga = NULL; + ECPARAMETERS *p = NULL, *pa = NULL; + BN_CTX *ctx = NULL; + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(p = EC_GROUP_get_ecparameters(g, NULL))) + goto err; + + /* replace with group from explicit parameters */ + EC_GROUP_free(g); + if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p))) + goto err; + + if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0, NULL), 0)) + goto err; + if (rv != nid) { + /* + * Found an alias: + * fail if the returned nid is not an alias of the original group. + * + * The comparison here is done by comparing two explicit + * parameter EC_GROUPs with EC_GROUP_cmp(), to ensure the + * comparison happens with unnamed EC_GROUPs using the same + * EC_METHODs. + */ + if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv)) + || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) + goto err; + + /* replace with group from explicit parameters, then compare */ + EC_GROUP_free(ga); + if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa)) + || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) + goto err; + } + + ret = 1; + + err: + EC_GROUP_free(g); + EC_GROUP_free(ga); + ECPARAMETERS_free(p); + ECPARAMETERS_free(pa); + BN_CTX_free(ctx); + + return ret; +} + +/* + * Sometime we cannot compare nids for equality, as the built-in curve table + * includes aliases with different names for the same curve. + * + * This function returns TRUE (1) if the checked nids are identical, or if they + * alias to the same curve. FALSE (0) otherwise. + */ +static ossl_inline +int are_ec_nids_compatible(int n1d, int n2d) +{ + int ret = 0; + switch (n1d) { +#ifndef OPENSSL_NO_EC2M + case NID_sect113r1: + case NID_wap_wsg_idm_ecid_wtls4: + ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); + break; + case NID_sect163k1: + case NID_wap_wsg_idm_ecid_wtls3: + ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); + break; + case NID_sect233k1: + case NID_wap_wsg_idm_ecid_wtls10: + ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); + break; + case NID_sect233r1: + case NID_wap_wsg_idm_ecid_wtls11: + ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); + break; + case NID_X9_62_c2pnb163v1: + case NID_wap_wsg_idm_ecid_wtls5: + ret = (n2d == NID_X9_62_c2pnb163v1 + || n2d == NID_wap_wsg_idm_ecid_wtls5); + break; +#endif /* OPENSSL_NO_EC2M */ + case NID_secp112r1: + case NID_wap_wsg_idm_ecid_wtls6: + ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); + break; + case NID_secp160r2: + case NID_wap_wsg_idm_ecid_wtls7: + ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); + break; +#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 + case NID_secp224r1: + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); + break; +#else + /* + * For SEC P-224 we want to ensure that the SECP nid is returned, as + * that is associated with a specialized method. + */ + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1); + break; +#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + default: + ret = (n1d == n2d); + } + return ret; +} + +/* + * This checks that EC_GROUP_bew_from_ecparameters() returns a "named" + * EC_GROUP for built-in curves. + * + * Note that it is possible to retrieve an alternative alias that does not match + * the original nid. + * + * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. + */ +static int check_named_curve_from_ecparameters(int id) +{ + int ret = 0, nid, tnid; + EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_gen_x = NULL, *other_gen_y = NULL; + const BIGNUM *group_order = NULL; + BIGNUM *other_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + ECPARAMETERS *params = NULL, *other_params = NULL; + EC_GROUP *g_ary[8] = {NULL}; + EC_GROUP **g_next = &g_ary[0]; + ECPARAMETERS *p_ary[8] = {NULL}; + ECPARAMETERS **p_next = &p_ary[0]; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(bn_ctx = BN_CTX_new())) + return ret; + BN_CTX_start(bn_ctx); + + if (/* Allocations */ + !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_order = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx)) + /* Generate reference group and params */ + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + /* compute `other_*` values */ + || !TEST_ptr(tmpg = EC_GROUP_dup(group)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, + other_gen_x, other_gen_y, bn_ctx)) + || !TEST_true(BN_copy(other_order, group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_true(BN_copy(other_cofactor, group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + EC_POINT_free(other_gen); + other_gen = NULL; + + if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) + || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, + other_gen_x, other_gen_y, + bn_ctx))) + goto err; + + /* + * ########################### + * # Actual tests start here # + * ########################### + */ + + /* + * Creating a group from built-in explicit parameters returns a + * "named" EC_GROUP + */ + if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)) + goto err; + /* + * We cannot always guarantee the names match, as the built-in table + * contains aliases for the same curve with different names. + */ + if (!TEST_true(are_ec_nids_compatible(nid, tnid))) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */ + if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + /* + * An invalid seed in the parameters should be ignored: expect a "named" + * group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), + invalid_seed_len) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * A null seed in the parameters should be ignored, as it is optional: + * expect a "named" group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * Check that changing any of the generator parameters does not yield a + * match with the built-in curves + */ + if (/* Other gen, same group order & cofactor */ + !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* Same gen & cofactor, different order */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, + group_cofactor)) + /* Check that a wrong cofactor is ignored, and we still match */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + other_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* Check that if the cofactor is not set then it still matches */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + NULL)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + ret = 1; +err: + for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++) + EC_GROUP_free(*g_next); + for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++) + ECPARAMETERS_free(*p_next); + ECPARAMETERS_free(params); + EC_POINT_free(other_gen); + EC_GROUP_free(tmpg); + EC_GROUP_free(group); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + return ret; +} + + +static int parameter_test(void) +{ + EC_GROUP *group = NULL, *group2 = NULL; + ECPARAMETERS *ecparameters = NULL; + unsigned char *buf = NULL; + int r = 0, len; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) + || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) + || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) + goto err; + + EC_GROUP_free(group); + group = NULL; + + /* Test the named curve encoding, which should be default. */ + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) + || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) + goto err; + + OPENSSL_free(buf); + buf = NULL; + + /* + * Test the explicit encoding. P-521 requires correctly zero-padding the + * curve coefficients. + */ + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) + goto err; + + r = 1; +err: + EC_GROUP_free(group); + EC_GROUP_free(group2); + ECPARAMETERS_free(ecparameters); + OPENSSL_free(buf); + return r; +} + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) + * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit) + */ +static const unsigned char params_cf_pass[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc, + 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27, + 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23, + 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77, + 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b, + 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4, + 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9, + 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a, + 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c, + 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96, + 0x14, 0xa8, 0x2f, 0x4f +}; + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit) + * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit) + */ +static const unsigned char params_cf_fail[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09, + 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d, + 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02, + 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59, + 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11, + 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24, + 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70, + 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73, + 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04, + 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e, + 0x34, 0xa2, 0x21, 0x01 +}; + +/*- + * Test two random 256-bit explicit parameters curves with absent cofactor. + * The two curves are chosen to roughly straddle the bounds at which the lib + * can compute the cofactor automatically, roughly 4*sqrt(p). So test that: + * + * - params_cf_pass: order is sufficiently close to p to compute cofactor + * - params_cf_fail: order is too far away from p to compute cofactor + * + * For standards-compliant curves, cofactor is chosen as small as possible. + * So you can see neither of these curves are fit for cryptographic use. + * + * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2: + * h <= 2**(t/8) where t is the security level of the curve, for which the lib + * will always succeed in computing the cofactor. Neither of these curves + * conform to that -- this is just robustness testing. + */ +static int cofactor_range_test(void) +{ + EC_GROUP *group = NULL; + BIGNUM *cf = NULL; + int ret = 0; + const unsigned char *b1 = (const unsigned char *)params_cf_fail; + const unsigned char *b2 = (const unsigned char *)params_cf_pass; + + if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) + || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) + || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, + sizeof(params_cf_pass))) + || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) + || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) + goto err; + ret = 1; + err: + BN_free(cf); + EC_GROUP_free(group); + return ret; +} + +/*- + * For named curves, test that: + * - the lib correctly computes the cofactor if passed a NULL or zero cofactor + * - a nonsensical cofactor throws an error (negative test) + * - nonsensical orders throw errors (negative tests) + */ +static int cardinality_test(int n) +{ + int ret = 0, is_binary = 0; + int nid = curves[n].nid; + BN_CTX *ctx = NULL; + EC_GROUP *g1 = NULL, *g2 = NULL; + EC_POINT *g2_gen = NULL; + BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, + *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; + + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) { + BN_CTX_free(ctx); + return 0; + } + + is_binary = (EC_GROUP_get_field_type(g1) == NID_X9_62_characteristic_two_field); + + BN_CTX_start(ctx); + g1_p = BN_CTX_get(ctx); + g1_a = BN_CTX_get(ctx); + g1_b = BN_CTX_get(ctx); + g1_x = BN_CTX_get(ctx); + g1_y = BN_CTX_get(ctx); + g1_order = BN_CTX_get(ctx); + g1_cf = BN_CTX_get(ctx); + + if (!TEST_ptr(g2_cf = BN_CTX_get(ctx)) + /* pull out the explicit curve parameters */ + || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(g1, + EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) + || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) + || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) + /* construct g2 manually with g1 parameters */ +#ifndef OPENSSL_NO_EC2M + || !TEST_ptr(g2 = (is_binary) ? + EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : + EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +#else + || !TEST_int_eq(0, is_binary) + || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +#endif + || !TEST_ptr(g2_gen = EC_POINT_new(g2)) + || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) + /* pass NULL cofactor: lib should compute it */ + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* pass zero cofactor: lib should compute it */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* negative test for invalid cofactor */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + /* negative test for NULL order */ + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) + /* negative test for zero order */ + || !TEST_true(BN_set_word(g1_order, 0)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for negative order */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for too large order */ + || !TEST_true(BN_lshift(g1_order, g1_p, 2)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) + goto err; + ret = 1; + err: + EC_POINT_free(g2_gen); + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + +static int check_ec_key_field_public_range_test(int id) +{ + int ret = 0, type = 0; + const EC_POINT *pub = NULL; + const EC_GROUP *group = NULL; + const BIGNUM *field = NULL; + BIGNUM *x = NULL, *y = NULL; + EC_KEY *key = NULL; + + if (!TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) + || !TEST_ptr(group = EC_KEY_get0_group(key)) + || !TEST_ptr(field = EC_GROUP_get0_field(group)) + || !TEST_int_gt(EC_KEY_generate_key(key), 0) + || !TEST_int_gt(EC_KEY_check_key(key), 0) + || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) + || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, + NULL), 0)) + goto err; + + /* + * Make the public point out of range by adding the field (which will still + * be the same point on the curve). The add is different for char2 fields. + */ + type = EC_GROUP_get_field_type(group); +#ifndef OPENSSL_NO_EC2M + if (type == NID_X9_62_characteristic_two_field) { + /* test for binary curves */ + if (!TEST_true(BN_GF2m_add(x, x, field))) + goto err; + } else +#endif + if (type == NID_X9_62_prime_field) { + /* test for prime curves */ + if (!TEST_true(BN_add(x, x, field))) + goto err; + } else { + /* this should never happen */ + TEST_error("Unsupported EC_METHOD field_type"); + goto err; + } + if (!TEST_int_le(EC_KEY_set_public_key_affine_coordinates(key, x, y), 0)) + goto err; + + ret = 1; +err: + BN_free(x); + BN_free(y); + EC_KEY_free(key); + return ret; +} + +/* + * Helper for ec_point_hex2point_test + * + * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given + * (group,P) pair. + * + * If P is NULL use point at infinity. + */ +static ossl_inline +int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P, + point_conversion_form_t form, + BN_CTX *bnctx) +{ + int ret = 0; + EC_POINT *Q = NULL, *Pinf = NULL; + char *hex = NULL; + + if (P == NULL) { + /* If P is NULL use point at infinity. */ + if (!TEST_ptr(Pinf = EC_POINT_new(group)) + || !TEST_true(EC_POINT_set_to_infinity(group, Pinf))) + goto err; + P = Pinf; + } + + if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx)) + || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx))) + goto err; + + /* + * The next check is most likely superfluous, as EC_POINT_cmp should already + * cover this. + * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity, + * so we include it anyway! + */ + if (Pinf != NULL + && !TEST_true(EC_POINT_is_at_infinity(group, Q))) + goto err; + + ret = 1; + + err: + EC_POINT_free(Pinf); + OPENSSL_free(hex); + EC_POINT_free(Q); + + return ret; +} + +/* + * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex() + */ +static int ec_point_hex2point_test(int id) +{ + int ret = 0, nid; + EC_GROUP *group = NULL; + const EC_POINT *G = NULL; + EC_POINT *P = NULL; + BN_CTX * bnctx = NULL; + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(bnctx = BN_CTX_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_dup(G, group))) + goto err; + + if (!TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_COMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_COMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_UNCOMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_UNCOMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_HYBRID, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_HYBRID, + bnctx))) + goto err; + + ret = 1; + + err: + EC_POINT_free(P); + EC_GROUP_free(group); + BN_CTX_free(bnctx); + + return ret; +} + +static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + unsigned char *gen, int gen_size) +{ + int ret = 0, i_out; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkeyparam = NULL; + OSSL_PARAM_BLD *bld = NULL; + const char *field_name; + OSSL_PARAM *params = NULL; + const OSSL_PARAM *gettable; + BIGNUM *p, *a, *b; + BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL; + BIGNUM *order_out = NULL, *cofactor_out = NULL; + char name[80]; + unsigned char buf[1024]; + size_t buf_len, name_len; +#ifndef OPENSSL_NO_EC2M + unsigned int k1 = 0, k2 = 0, k3 = 0; + const char *basis_name = NULL; +#endif + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + + if (!TEST_ptr(b) + || !TEST_ptr(bld = OSSL_PARAM_BLD_new())) + goto err; + + if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { + field_name = SN_X9_62_prime_field; + } else { + field_name = SN_X9_62_characteristic_two_field; +#ifndef OPENSSL_NO_EC2M + if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { + basis_name = SN_X9_62_tpBasis; + if (!TEST_true(EC_GROUP_get_trinomial_basis(group, &k1))) + goto err; + } else { + basis_name = SN_X9_62_ppBasis; + if (!TEST_true(EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))) + goto err; + } +#endif /* OPENSSL_NO_EC2M */ + } + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))) + goto err; + + if (EC_GROUP_get0_seed(group) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group)))) + goto err; + } + if (EC_GROUP_get0_cofactor(group) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, + EC_GROUP_get0_cofactor(group)))) + goto err; + } + + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER, + EC_GROUP_get0_order(group)))) + goto err; + + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, + EVP_PKEY_KEY_PARAMETERS, params), 0)) + goto err; + + /*- Check that all the set values are retrievable -*/ + + /* There should be no match to a group name since the generator changed */ + if (!TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), + &name_len))) + goto err; + + /* The encoding should be explicit as it has no group */ + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_ENCODING, + name, sizeof(name), &name_len)) + || !TEST_str_eq(name, OSSL_PKEY_EC_ENCODING_EXPLICIT)) + goto err; + + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name), + &name_len)) + || !TEST_str_eq(name, field_name)) + goto err; + + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len)) + || !TEST_mem_eq(buf, (int)buf_len, gen, gen_size)) + goto err; + + if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_P, &p_out)) + || !TEST_BN_eq(p_out, p) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_A, + &a_out)) + || !TEST_BN_eq(a_out, a) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_B, + &b_out)) + || !TEST_BN_eq(b_out, b) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_ORDER, + &order_out)) + || !TEST_BN_eq(order_out, EC_GROUP_get0_order(group))) + goto err; + + if (EC_GROUP_get0_cofactor(group) != NULL) { + if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, + OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out)) + || !TEST_BN_eq(cofactor_out, EC_GROUP_get0_cofactor(group))) + goto err; + } + if (EC_GROUP_get0_seed(group) != NULL) { + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len)) + || !TEST_mem_eq(buf, buf_len, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group))) + goto err; + } + + if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { + /* No extra fields should be set for a prime field */ + if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + || !TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len))) + goto err; + } else { +#ifndef OPENSSL_NO_EC2M + if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + || !TEST_int_eq(EC_GROUP_get_degree(group), i_out) + || !TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len)) + || !TEST_str_eq(name, basis_name)) + goto err; + + if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { + if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_int_eq(k1, i_out) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))) + goto err; + } else { + if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_int_eq(k1, i_out) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_int_eq(k2, i_out) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + || !TEST_int_eq(k3, i_out)) + goto err; + } +#endif /* OPENSSL_NO_EC2M */ + } + if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pkeyparam)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_GROUP_NAME)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ENCODING)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_FIELD_TYPE)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_P)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_A)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_B)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_GENERATOR)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ORDER)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_COFACTOR)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_SEED)) +#ifndef OPENSSL_NO_EC2M + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_M)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TYPE)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K1)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K2)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K3)) +#endif + ) + goto err; + ret = 1; +err: + BN_free(order_out); + BN_free(cofactor_out); + BN_free(a_out); + BN_free(b_out); + BN_free(p_out); + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_free(pkeyparam); + EVP_PKEY_CTX_free(pctx); + return ret; +} + +/* + * check the EC_METHOD respects the supplied EC_GROUP_set_generator G + */ +static int custom_generator_test(int id) +{ + int ret = 0, nid, bsize; + EC_GROUP *group = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *b1 = NULL, *b2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + BN_CTX_start(ctx); + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ + + if (!TEST_ptr(k = BN_CTX_get(ctx)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + || !TEST_ptr(Q1 = EC_POINT_new(group)) + /* Q1 := kG */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, b1, + bsize, ctx), bsize) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), + ctx)) + || !TEST_true(EC_GROUP_set_generator(group, G2, + EC_GROUP_get0_order(group), + EC_GROUP_get0_cofactor(group))) + || !TEST_ptr(Q2 = EC_POINT_new(group)) + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 */ + || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, b2, + bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(b1, bsize, b2, bsize)) + goto err; + + if (!do_test_custom_explicit_fromdata(group, ctx, b1, bsize)) + goto err; + + ret = 1; + + err: + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OPENSSL_free(b1); + OPENSSL_free(b2); + + return ret; +} + +/* + * check creation of curves from explicit params through the public API + */ +static int custom_params_test(int id) +{ + int ret = 0, nid, bsize; + const char *curve_name = NULL; + EC_GROUP *group = NULL, *altgroup = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + const EC_POINT *Q = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *buf1 = NULL, *buf2 = NULL; + const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + int is_prime = 0; + EC_KEY *eckey1 = NULL, *eckey2 = NULL; + EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; + EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; + size_t sslen, t; + unsigned char *pub1 = NULL , *pub2 = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params1 = NULL, *params2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + curve_name = OBJ_nid2sn(nid); + TEST_note("Curve %s", curve_name); + + if (nid == NID_sm2) + return TEST_skip("custom params not supported with SM2"); + + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field; +#ifdef OPENSSL_NO_EC2M + if (!is_prime) { + ret = TEST_skip("binary curves not supported in this build"); + goto err; + } +#endif + + BN_CTX_start(ctx); + if (!TEST_ptr(p = BN_CTX_get(ctx)) + || !TEST_ptr(a = BN_CTX_get(ctx)) + || !TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_ptr(k = BN_CTX_get(ctx))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ + + /* extract parameters from built-in curve */ + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, + EC_GROUP_get0_generator(group), ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + || !TEST_ptr(z = EC_GROUP_get0_order(group)) + || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group)) + ) + goto err; + + /* create a new group using same params (but different generator) */ + if (is_prime) { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx))) + goto err; + } +#ifndef OPENSSL_NO_EC2M + else { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + goto err; + } +#endif + + /* set 2*G as the generator of altgroup */ + EC_POINT_free(G2); /* discard G2 as it refers to the original group */ + if (!TEST_ptr(G2 = EC_POINT_new(altgroup)) + || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) + || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) + || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof)) + ) + goto err; + + /* verify math checks out */ + if (/* allocate temporary points on group and altgroup */ + !TEST_ptr(Q1 = EC_POINT_new(group)) + || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + /* Q1 := kG on group */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + /* k := k/2 */ + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 on altgroup */ + || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + buf2, bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(buf1, bsize, buf2, bsize)) + goto err; + + /* create two `EC_KEY`s on altgroup */ + if (!TEST_ptr(eckey1 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey1)) + || !TEST_ptr(eckey2 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey2))) + goto err; + + /* retrieve priv1 for later */ + if (!TEST_ptr(priv1 = EC_KEY_get0_private_key(eckey1))) + goto err; + + /* + * retrieve bytes for pub1 for later + * + * We compute the pub key in the original group as we will later use it to + * define a provider key in the built-in group. + */ + if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + pub1, bsize, ctx), bsize)) + goto err; + + /* retrieve bytes for pub2 for later */ + if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + pub2, bsize, ctx), bsize)) + goto err; + + /* create two `EVP_PKEY`s from the `EC_KEY`s */ + if(!TEST_ptr(pkey1 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) + goto err; + eckey1 = NULL; /* ownership passed to pkey1 */ + if(!TEST_ptr(pkey2 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) + goto err; + eckey2 = NULL; /* ownership passed to pkey2 */ + + /* Compute keyexchange in both directions */ + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) + goto err; + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) + goto err; + + /* Both sides should expect the same shared secret */ + if (!TEST_mem_eq(buf1, sslen, buf2, t)) + goto err; + + /* Build parameters for provider-native keys */ + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub1, bsize)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, + priv1)) + || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + OSSL_PARAM_BLD_free(param_bld); + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub2, bsize)) + || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + /* create two new provider-native `EVP_PKEY`s */ + EVP_PKEY_CTX_free(pctx2); + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_true(EVP_PKEY_fromdata_init(pctx2)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR, + params1)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY, + params2))) + goto err; + + /* compute keyexchange once more using the provider keys */ + EVP_PKEY_CTX_free(pctx1); + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OSSL_PARAM_BLD_free(param_bld); + OSSL_PARAM_free(params1); + OSSL_PARAM_free(params2); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + EC_GROUP_free(altgroup); + OPENSSL_free(buf1); + OPENSSL_free(buf2); + OPENSSL_free(pub1); + OPENSSL_free(pub2); + EC_KEY_free(eckey1); + EC_KEY_free(eckey2); + EVP_PKEY_free(pkey1); + EVP_PKEY_free(pkey2); + EVP_PKEY_CTX_free(pctx1); + EVP_PKEY_CTX_free(pctx2); + + return ret; +} + +int setup_tests(void) +{ + crv_len = EC_get_builtin_curves(NULL, 0); + if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) + || !TEST_true(EC_get_builtin_curves(curves, crv_len))) + return 0; + + ADD_TEST(parameter_test); + /*ADD_TEST(cofactor_range_test);*/ + ADD_ALL_TESTS(cardinality_test, crv_len); + ADD_TEST(prime_field_tests); +#ifndef OPENSSL_NO_EC2M + ADD_TEST(char2_field_tests); + ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); +#endif + ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); + ADD_ALL_TESTS(internal_curve_test, crv_len); + ADD_ALL_TESTS(internal_curve_test_method, crv_len); + ADD_TEST(group_field_test); + ADD_ALL_TESTS(check_named_curve_test, crv_len); + ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); + ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); + ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); + ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); + /* ADD_ALL_TESTS(custom_generator_test, crv_len); + ADD_ALL_TESTS(custom_params_test, crv_len); */ + return 1; +} + +void cleanup_tests(void) +{ + OPENSSL_free(curves); +} diff --git a/SOURCES/genpatches b/SOURCES/genpatches new file mode 100755 index 0000000..60c36a4 --- /dev/null +++ b/SOURCES/genpatches @@ -0,0 +1,26 @@ +#!/bin/bash + +if [ $# -ne 2 ] ; then + echo "Usage:" + echo " $0 " + exit 1 +fi + +git_dir="$1" +base_tag="$2" + +target_dir="$(pwd)" + +pushd "$git_dir" >/dev/null +git format-patch -k -o "$target_dir" "$base_tag" >/dev/null +popd >/dev/null + +echo "# Patches exported from source git" + +i=1 +for p in *.patch ; do + printf "# " + sed '/^Subject:/{s/^Subject: //;p};d' "$p" + printf "Patch%s: %s\n" $i "$p" + i=$(($i + 1)) +done diff --git a/SOURCES/hobble-openssl b/SOURCES/hobble-openssl new file mode 100755 index 0000000..9a23ca6 --- /dev/null +++ b/SOURCES/hobble-openssl @@ -0,0 +1,40 @@ +#!/bin/sh + +# Quit out if anything fails. +set -e + +# Clean out patent-or-otherwise-encumbered code. +# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway +# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore +# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore +# EC: ????????? ??/??/2020 +# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore + +# Remove assembler portions of IDEA, MDC2, and RC5. +# (find crypto/rc5/asm -type f | xargs -r rm -fv) + +for c in `find crypto/bn -name "*gf2m.c"`; do + echo Destroying $c + > $c +done + +for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do + echo Destroying $c + > $c +done + +for c in `find test -name "ectest.c"`; do + echo Destroying $c + > $c +done + +for h in `find crypto ssl apps test -name "*.h"` ; do + echo Removing EC2M references from $h + cat $h | \ + awk 'BEGIN {ech=1;} \ + /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ + /^#[ \t]*if/ {if(ech < 1) ech--;} \ + {if(ech>0) {;print $0};} \ + /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ + mv $h.hobbled $h +done diff --git a/SOURCES/make-dummy-cert b/SOURCES/make-dummy-cert new file mode 100755 index 0000000..f5f0453 --- /dev/null +++ b/SOURCES/make-dummy-cert @@ -0,0 +1,28 @@ +#!/bin/sh +umask 077 + +answers() { + echo -- + echo SomeState + echo SomeCity + echo SomeOrganization + echo SomeOrganizationalUnit + echo localhost.localdomain + echo root@localhost.localdomain +} + +if [ $# -eq 0 ] ; then + echo $"Usage: `basename $0` filename [...]" + exit 0 +fi + +for target in $@ ; do + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` + trap "rm -f $PEM1 $PEM2" SIGINT + answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null + cat $PEM1 > ${target} + echo "" >> ${target} + cat $PEM2 >> ${target} + rm -f $PEM1 $PEM2 +done diff --git a/SOURCES/openssl-3.0.1-hobbled.tar.xz b/SOURCES/openssl-3.0.1-hobbled.tar.xz new file mode 100644 index 0000000..bb20d5d Binary files /dev/null and b/SOURCES/openssl-3.0.1-hobbled.tar.xz differ diff --git a/SOURCES/renew-dummy-cert b/SOURCES/renew-dummy-cert new file mode 100755 index 0000000..92e271c --- /dev/null +++ b/SOURCES/renew-dummy-cert @@ -0,0 +1,39 @@ +#!/bin/bash + +if [ $# -eq 0 ]; then + echo $"Usage: `basename $0` filename" 1>&2 + exit 1 +fi + +PEM=$1 +REQ=`/bin/mktemp /tmp/openssl.XXXXXX` +KEY=`/bin/mktemp /tmp/openssl.XXXXXX` +CRT=`/bin/mktemp /tmp/openssl.XXXXXX` +NEW=${PEM}_ + +trap "rm -f $REQ $KEY $CRT $NEW" SIGINT + +if [ ! -f $PEM ]; then + echo "$PEM: file not found" 1>&2 + exit 1 +fi + +umask 077 + +OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` + +openssl rsa -inform pem -in $PEM -out $KEY +openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ +openssl x509 -req -in $REQ -signkey $KEY -days 365 \ + -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT + +(cat $KEY ; echo "" ; cat $CRT) > $NEW + +chown $OWNER $NEW + +mv -f $NEW $PEM + +rm -f $REQ $KEY $CRT + +exit 0 + diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec new file mode 100644 index 0000000..0c8b7d3 --- /dev/null +++ b/SPECS/openssl.spec @@ -0,0 +1,852 @@ +# For the curious: +# 0.9.8jk + EAP-FAST soversion = 8 +# 1.0.0 soversion = 10 +# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols +# depends on build configuration options) +# 3.0.0 soversion = 3 (same as upstream) +%define soversion 3 + +# Arches on which we need to prevent arch conflicts on opensslconf.h, must +# also be handled in opensslconf-new.h. +%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 + +%define srpmhash() %{lua: +local files = rpm.expand("%_specdir/openssl.spec") +for i, p in ipairs(patches) do + files = files.." "..p +end +for i, p in ipairs(sources) do + files = files.." "..p +end +local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum")) +local hash = sha256sum:read("*a") +sha256sum:close() +print(string.sub(hash, 0, 16)) +} + +%global _performance_build 1 + +Summary: Utilities from the general purpose cryptography library with TLS implementation +Name: openssl +Version: 3.0.1 +Release: 43%{?dist} +Epoch: 1 +# We have to remove certain patented algorithms from the openssl source +# tarball with the hobble-openssl script which is included below. +# The original openssl upstream tarball cannot be shipped in the .src.rpm. +Source: openssl-%{version}-hobbled.tar.xz +Source1: hobble-openssl +Source2: Makefile.certificate +Source3: genpatches +Source6: make-dummy-cert +Source7: renew-dummy-cert +Source9: configuration-switch.h +Source10: configuration-prefix.h +Source12: ec_curve.c +Source13: ectest.c +Source14: 0025-for-tests.patch + +# Patches exported from source git +# Aarch64 and ppc64le use lib64 +Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch +# Use more general default values in openssl.cnf +Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch +# Do not install html docs +Patch3: 0003-Do-not-install-html-docs.patch +# Override default paths for the CA directory tree +Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch +# apps/ca: fix md option help text +Patch5: 0005-apps-ca-fix-md-option-help-text.patch +# Disable signature verification with totally unsafe hash algorithms +Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +# Add support for PROFILE=SYSTEM system default cipherlist +Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +# Add FIPS_mode() compatibility macro +Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch +# Add check to see if fips flag is enabled in kernel +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +# remove unsupported EC curves +Patch11: 0011-Remove-EC-curves.patch +# Disable explicit EC curves +# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 +Patch12: 0012-Disable-explicit-ec.patch +# https://github.com/openssl/openssl/pull/17981 +Patch13: 0013-FIPS-provider-explicit-ec.patch +# https://github.com/openssl/openssl/pull/17998 +Patch14: 0014-FIPS-disable-explicit-ec.patch +# https://github.com/openssl/openssl/pull/18609 +Patch15: 0015-FIPS-decoded-from-explicit.patch +# Instructions to load legacy provider in openssl.cnf +Patch24: 0024-load-legacy-prov.patch +# Tmp: test name change +Patch31: 0031-tmp-Fix-test-names.patch +# We load FIPS provider and set FIPS properties implicitly +Patch32: 0032-Force-fips.patch +# Embed HMAC into the fips.so +Patch33: 0033-FIPS-embed-hmac.patch +# Comment out fipsinstall command-line utility +Patch34: 0034.fipsinstall_disable.patch +# Skip unavailable algorithms running `openssl speed` +Patch35: 0035-speed-skip-unavailable-dgst.patch +# Extra public/private key checks required by FIPS-140-3 +Patch44: 0044-FIPS-140-3-keychecks.patch +# Minimize fips services +Patch45: 0045-FIPS-services-minimize.patch +# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486 +Patch46: 0046-FIPS-s390x-hardening.patch +# Execute KATS before HMAC verification +Patch47: 0047-FIPS-early-KATS.patch +# Backport of correctly handle 2^14 byte long records #17538 +Patch48: 0048-correctly-handle-records.patch +# Selectively disallow SHA1 signatures +Patch49: 0049-Selectively-disallow-SHA1-signatures.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2049265 +Patch50: 0050-FIPS-enable-pkcs12-mac.patch +# Backport of patch for RHEL for Edge rhbz #2027261 +Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch +# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes +Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +# CVE 2022-0778 +Patch53: 0053-CVE-2022-0778.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 +Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch +# https://github.com/openssl/openssl/pull/17324 +Patch55: 0055-nonlegacy-fetch-null-deref.patch +# https://github.com/openssl/openssl/pull/18103 +Patch56: 0056-strcasecmp.patch +# https://github.com/openssl/openssl/pull/18175 +Patch57: 0057-strcasecmp-fix.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +Patch58: 0058-FIPS-limit-rsa-encrypt.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2069235 +Patch60: 0060-FIPS-KAT-signature-tests.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 +Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +Patch62: 0062-fips-Expose-a-FIPS-indicator.patch +# https://github.com/openssl/openssl/pull/18141 +Patch63: 0063-CVE-2022-1473.patch +# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a +Patch64: 0064-CVE-2022-1343.diff +# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 +Patch65: 0065-CVE-2022-1292.patch +# https://github.com/openssl/openssl/pull/18444 +# https://github.com/openssl/openssl/pull/18467 +Patch66: 0066-replace-expired-certs.patch +# https://github.com/openssl/openssl/pull/18512 +Patch67: 0067-fix-ppc64-montgomery.patch +#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa +#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739 +Patch68: 0068-CVE-2022-2068.patch +# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93 +# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 +Patch69: 0069-CVE-2022-2097.patch +# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483 +Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch +# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c +# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd +Patch71: 0071-AES-GCM-performance-optimization.patch +# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149 +# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa +# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 +Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 +Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch +# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) +# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 +Patch76: 0076-FIPS-140-3-DRBG.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 +Patch77: 0077-FIPS-140-3-zeroization.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 +Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +#https://bugzilla.redhat.com/show_bug.cgi?id=2137723 +Patch79: 0079-CVE-2022-3602.patch + +License: ASL 2.0 +URL: http://www.openssl.org/ +BuildRequires: gcc g++ +BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp +BuildRequires: lksctp-tools-devel +BuildRequires: /usr/bin/rename +BuildRequires: /usr/bin/pod2man +BuildRequires: /usr/sbin/sysctl +BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) +BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) +BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA) +BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint) +BuildRequires: git-core +Requires: coreutils +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} + +%description +The OpenSSL toolkit provides support for secure communications between +machines. OpenSSL includes a certificate management tool and shared +libraries which provide various cryptographic algorithms and +protocols. + +%package libs +Summary: A general purpose cryptography library with TLS implementation +Requires: ca-certificates >= 2008-5 +Requires: crypto-policies >= 20180730 +Recommends: openssl-pkcs11%{?_isa} + +%description libs +OpenSSL is a toolkit for supporting cryptography. The openssl-libs +package contains the libraries that are used by various applications which +support cryptographic algorithms and protocols. + +%package devel +Summary: Files for development of applications which will use OpenSSL +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: pkgconfig + +%description devel +OpenSSL is a toolkit for supporting cryptography. The openssl-devel +package contains include files needed to develop applications which +support various cryptographic algorithms and protocols. + +%package perl +Summary: Perl scripts provided with OpenSSL +Requires: perl-interpreter +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} + +%description perl +OpenSSL is a toolkit for supporting cryptography. The openssl-perl +package provides Perl scripts for converting certificates and keys +from other formats to the formats used by the OpenSSL toolkit. + +%prep +%autosetup -S git -n %{name}-%{version} + +# The hobble_openssl is called here redundantly, just to be sure. +# The tarball has already the sources removed. +%{SOURCE1} > /dev/null + +cp %{SOURCE12} crypto/ec/ +cp %{SOURCE13} test/ + +%build +# Figure out which flags we want to use. +# default +sslarch=%{_os}-%{_target_cpu} +%ifarch %ix86 +sslarch=linux-elf +if ! echo %{_target} | grep -q i686 ; then + sslflags="no-asm 386" +fi +%endif +%ifarch x86_64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch sparcv9 +sslarch=linux-sparcv9 +sslflags=no-asm +%endif +%ifarch sparc64 +sslarch=linux64-sparcv9 +sslflags=no-asm +%endif +%ifarch alpha alphaev56 alphaev6 alphaev67 +sslarch=linux-alpha-gcc +%endif +%ifarch s390 sh3eb sh4eb +sslarch="linux-generic32 -DB_ENDIAN" +%endif +%ifarch s390x +sslarch="linux64-s390x" +%endif +%ifarch %{arm} +sslarch=linux-armv4 +%endif +%ifarch aarch64 +sslarch=linux-aarch64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch sh3 sh4 +sslarch=linux-generic32 +%endif +%ifarch ppc64 ppc64p7 +sslarch=linux-ppc64 +%endif +%ifarch ppc64le +sslarch="linux-ppc64le" +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch mips mipsel +sslarch="linux-mips32 -mips32r2" +%endif +%ifarch mips64 mips64el +sslarch="linux64-mips64 -mips64r2" +%endif +%ifarch mips64el +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch riscv64 +sslarch=linux-generic64 +%endif + +# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be +# marked as not requiring an executable stack. +# Also add -DPURIFY to make using valgrind with openssl easier as we do not +# want to depend on the uninitialized memory as a source of entropy anyway. +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS" + +export HASHBANGPERL=/usr/bin/perl + +%define fips %{version}-%{srpmhash} +# ia64, x86_64, ppc are OK by default +# Configure the build tree. Override OpenSSL defaults with known-good defaults +# usable on all platforms. The Configure script already knows to use -fPIC and +# RPM_OPT_FLAGS, so we can skip specifiying them here. +./Configure \ + --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ + --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ + no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""' + +# Do not run this in a production package the FIPS symbols must be patched-in +#util/mkdef.pl crypto update + +make %{?_smp_mflags} all + +# Clean up the .pc files +for i in libcrypto.pc libssl.pc openssl.pc ; do + sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i +done + +%check +# Verify that what was compiled actually works. + +# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check +(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ +(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && + sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ + touch -r configdata.pm configdata.pm.new && \ + mv -f configdata.pm.new configdata.pm) + +# We must revert patch4 before tests otherwise they will fail +patch -p1 -R < %{PATCH4} +#We must disable default provider before tests otherwise they will fail +patch -p1 < %{SOURCE14} + +OPENSSL_ENABLE_MD5_VERIFY= +export OPENSSL_ENABLE_MD5_VERIFY +OPENSSL_ENABLE_SHA1_SIGNATURES= +export OPENSSL_ENABLE_SHA1_SIGNATURES +OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE +#embed HMAC into fips provider for test run +LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac +objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac +mv providers/fips.so.mac providers/fips.so +#run tests itself +make test HARNESS_JOBS=8 + +# Add generation of HMAC checksum of the final stripped library +# We manually copy standard definition of __spec_install_post +# and add hmac calculation/embedding to fips.so +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ + objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \ + mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \ + rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ +%{nil} + +%define __provides_exclude_from %{_libdir}/openssl + +%install +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT +# Install OpenSSL. +install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}} +%make_install +rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} +for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do + chmod 755 ${lib} + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} +done + +# Remove static libraries +for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do + rm -f ${lib} +done + +# Install a makefile for generating keys and self-signed certs, and a script +# for generating them on the fly. +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs +install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate +install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert +install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert + +# Move runable perl scripts to bindir +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir} +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir} + +# Rename man pages so that they don't conflict with other system man pages. +pushd $RPM_BUILD_ROOT%{_mandir} +mv man5/config.5ossl man5/openssl.cnf.5 +popd + +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA +mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts + +# Ensure the config file timestamps are identical across builds to avoid +# mulitlib conflicts and unnecessary renames on upgrade +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf + +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist +#we don't use native fipsmodule.cnf because FIPS module is loaded automatically +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf + +# Determine which arch opensslconf.h is going to try to #include. +basearch=%{_arch} +%ifarch %{ix86} +basearch=i386 +%endif +%ifarch sparcv9 +basearch=sparc +%endif +%ifarch sparc64 +basearch=sparc64 +%endif + +# Next step of gradual disablement of SSL3. +# Make SSL3 disappear to newly built dependencies. +sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\ +#ifndef OPENSSL_NO_SSL3\ +# define OPENSSL_NO_SSL3\ +#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h + +%ifarch %{multilib_arches} +# Do an configuration.h switcheroo to avoid file conflicts on systems where you +# can have both a 32- and 64-bit version of the library, and they each need +# their own correct-but-different versions of opensslconf.h to be usable. +install -m644 %{SOURCE10} \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h +cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h +install -m644 %{SOURCE9} \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h +%endif + +%files +%{!?_licensedir:%global license %%doc} +%license LICENSE.txt +%doc NEWS.md README.md +%{_bindir}/make-dummy-cert +%{_bindir}/renew-dummy-cert +%{_bindir}/openssl +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man7/* +%{_pkgdocdir}/Makefile.certificate +%exclude %{_mandir}/man1/*.pl* +%exclude %{_mandir}/man1/tsget* + +%files libs +%{!?_licensedir:%global license %%doc} +%license LICENSE.txt +%dir %{_sysconfdir}/pki/tls +%dir %{_sysconfdir}/pki/tls/certs +%dir %{_sysconfdir}/pki/tls/misc +%dir %{_sysconfdir}/pki/tls/private +%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf +%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} +%{_libdir}/libcrypto.so.%{soversion} +%attr(0755,root,root) %{_libdir}/libssl.so.%{version} +%{_libdir}/libssl.so.%{soversion} +%attr(0755,root,root) %{_libdir}/engines-%{soversion} +%attr(0755,root,root) %{_libdir}/ossl-modules + +%files devel +%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el +%{_prefix}/include/openssl +%{_libdir}/*.so +%{_mandir}/man3/* +%{_libdir}/pkgconfig/*.pc + +%files perl +%{_bindir}/c_rehash +%{_bindir}/*.pl +%{_bindir}/tsget +%{_mandir}/man1/*.pl* +%{_mandir}/man1/tsget* +%dir %{_sysconfdir}/pki/CA +%dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts + +%ldconfig_scriptlets libs + +%changelog +* Wed Oct 26 2022 Dmitry Belyavskiy - 1:3.0.1-43 +- CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests + Resolves: CVE-2022-3602 + +* Wed Oct 26 2022 Dmitry Belyavskiy - 1:3.0.1-42 +- CVE-2022-3602: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 + +* Thu Aug 11 2022 Clemens Lang - 1:3.0.1-41 +- Zeroize public keys as required by FIPS 140-3 + Resolves: rhbz#2115861 +- Add FIPS indicator for HKDF + Resolves: rhbz#2118388 + +* Fri Aug 05 2022 Dmitry Belyavskiy - 1:3.0.1-40 +- Deal with DH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2115856 +- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2115857 +- Use signature for RSA pairwise test according FIPS-140-3 requirements + Related: rhbz#2115858 +- Reseed all the parent DRBGs in chain on reseeding a DRBG + Related: rhbz#2115859 +- Zeroization according to FIPS-140-3 requirements + Related: rhbz#2115861 + +* Mon Aug 01 2022 Clemens Lang - 1:3.0.1-39 +- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test +- Use Use digest_sign & digest_verify in FIPS signature self test +- Use FFDHE2048 in Diffie-Hellman FIPS self-test + Resolves: rhbz#2112978 + +* Thu Jul 14 2022 Clemens Lang - 1:3.0.1-38 +- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously + initialized. + Resolves: rhbz#2107530 +- Improve AES-GCM performance on Power9 and Power10 ppc64le + Resolves: rhbz#2103044 +- Improve ChaCha20 performance on Power10 ppc64le + Resolves: rhbz#2103044 + +* Tue Jul 05 2022 Clemens Lang - 1:3.0.1-37 +- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 + Resolves: CVE-2022-2097 + +* Thu Jun 16 2022 Dmitry Belyavskiy - 1:3.0.1-36 +- Ciphersuites with RSAPSK KX should be filterd in FIPS mode +- Related: rhbz#2091994 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available if key length is enough +- Related: rhbz#2091977 +- Improve diagnostics when passing unsupported groups in TLS +- Related: rhbz#2086554 +- Fix PPC64 Montgomery multiplication bug +- Related: rhbz#2101346 +- Strict certificates validation shouldn't allow explicit EC parameters +- Related: rhbz#2085521 +- CVE-2022-2068: the c_rehash script allows command injection +- Related: rhbz#2098276 + +* Wed Jun 08 2022 Clemens Lang - 1:3.0.1-35 +- Add explicit indicators for signatures in FIPS mode and mark signature + primitives as unapproved. + Resolves: rhbz#2087234 + +* Fri Jun 03 2022 Dmitry Belyavskiy - 1:3.0.1-34 +- Some OpenSSL test certificates are expired, updating +- Resolves: rhbz#2095696 + +* Thu May 26 2022 Dmitry Belyavskiy - 1:3.0.1-33 +- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory +- Resolves: rhbz#2089443 +- CVE-2022-1343 openssl: Signer certificate verification returned + inaccurate response when using OCSP_NOCHECKS +- Resolves: rhbz#2089439 +- CVE-2022-1292 openssl: c_rehash script allows command injection +- Resolves: rhbz#2090361 +- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" + Related: rhbz#2087234 +- Use KAT for ECDSA signature tests, s390 arch +- Resolves: rhbz#2086866 + +* Thu May 19 2022 Dmitry Belyavskiy - 1:3.0.1-32 +- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode +- Resolves: rhbz#2091929 +- Ciphersuites with RSA KX should be filterd in FIPS mode +- Related: rhbz#2091994 +- In FIPS mode, signature verification works with keys of arbitrary size + above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys + below 2048 bits +- Resolves: rhbz#2091938 + +* Wed May 18 2022 Clemens Lang - 1:3.0.1-31 +- Disable SHA-1 signature verification in FIPS mode +- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode + Resolves: rhbz#2087234 + +* Mon May 16 2022 Dmitry Belyavskiy - 1:3.0.1-30 +- Use KAT for ECDSA signature tests +- Resolves: rhbz#2086866 + +* Thu May 12 2022 Dmitry Belyavskiy - 1:3.0.1-29 +- `-config` argument of openssl app should work properly in FIPS mode +- Resolves: rhbz#2085500 +- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC +- Resolves: rhbz#2085499 + +* Fri May 06 2022 Dmitry Belyavskiy - 1:3.0.1-28 +- OpenSSL should not accept custom elliptic curve parameters +- Resolves rhbz#2085508 +- OpenSSL should not accept explicit curve parameters in FIPS mode +- Resolves rhbz#2085521 + +* Fri May 06 2022 Clemens Lang - 1:3.0.1-27 +- Change FIPS module version to include hash of specfile, patches and sources + Resolves: rhbz#2082585 + +* Thu May 05 2022 Dmitry Belyavskiy - 1:3.0.1-26 +- OpenSSL FIPS module should not build in non-approved algorithms + Resolves: rhbz#2082584 + +* Mon May 02 2022 Dmitry Belyavskiy - 1:3.0.1-25 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available +- Resolves: rhbz#2053289 + +* Mon May 02 2022 Clemens Lang - 1:3.0.1-24 +- Fix occasional internal error in TLS when DHE is used + Resolves: rhbz#2080323 + +* Tue Apr 26 2022 Clemens Lang - 1:3.0.1-23 +- Update missing initialization patch with feedback from upstream + Resolves: rhbz#2076654 + +* Fri Apr 22 2022 Dmitry Belyavskiy - 1:3.0.1-22 +- Invocation of the missing initialization +- Resolves: rhbz#2076654 + +* Wed Apr 20 2022 Dmitry Belyavskiy - 1:3.0.1-21 +- Fix openssl curl error with LANG=tr_TR.utf8 +- Resolves: rhbz#2076654 + +* Fri Mar 18 2022 Clemens Lang - 1:3.0.1-20 +- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when + no OpenSSL library context is set +- Resolves: rhbz#2063306 + +* Fri Mar 18 2022 Clemens Lang - 1:3.0.1-19 +- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2063306 + +* Wed Mar 16 2022 Dmitry Belyavskiy - 1:3.0.1-18 +- CVE-2022-0778 fix +- Resolves: rhbz#2062314 + +* Thu Mar 10 2022 Clemens Lang - 1:3.0.1-15.1 +- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before + setting an allowed digest with EVP_PKEY_CTX_set_signature_md() +- Resolves: rhbz#2061607 + +* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-14.1 +- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2031742 + +* Fri Feb 25 2022 Clemens Lang - 1:3.0.1-14 +- Prevent use of SHA1 with ECDSA +- Resolves: rhbz#2031742 + +* Fri Feb 25 2022 Dmitry Belyavskiy - 1:3.0.1-13 +- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters +- Resolves: rhbz#1977867 + +* Thu Feb 24 2022 Peter Robinson - 1:3.0.1-12 +- Support KBKDF (NIST SP800-108) with an R value of 8bits +- Resolves: rhbz#2027261 + +* Wed Feb 23 2022 Clemens Lang - 1:3.0.1-11 +- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures +- Resolves: rhbz#2031742 + +* Wed Feb 23 2022 Dmitry Belyavskiy - 1:3.0.1-10 +- rebuilt + +* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-9 +- Allow SHA1 usage in HMAC in TLS +- Resolves: rhbz#2031742 + +* Tue Feb 22 2022 Dmitry Belyavskiy - 1:3.0.1-8 +- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters +- Resolves: rhbz#1977867 +- pkcs12 export broken in FIPS mode +- Resolves: rhbz#2049265 + +* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-8 +- Disable SHA1 signature creation and verification by default +- Set rh-allow-sha1-signatures = yes to re-enable +- Resolves: rhbz#2031742 + +* Thu Feb 03 2022 Sahana Prasad - 1:3.0.1-7 +- s_server: correctly handle 2^14 byte long records +- Resolves: rhbz#2042011 + +* Tue Feb 01 2022 Dmitry Belyavskiy - 1:3.0.1-6 +- Adjust FIPS provider version +- Related: rhbz#2026445 + +* Wed Jan 26 2022 Dmitry Belyavskiy - 1:3.0.1-5 +- On the s390x, zeroize all the copies of TLS premaster secret +- Related: rhbz#2040448 + +* Fri Jan 21 2022 Dmitry Belyavskiy - 1:3.0.1-4 +- rebuilt + +* Fri Jan 21 2022 Dmitry Belyavskiy - 1:3.0.1-3 +- KATS tests should be executed before HMAC verification +- Restoring fips=yes for SHA1 +- Related: rhbz#2026445, rhbz#2041994 + +* Thu Jan 20 2022 Sahana Prasad - 1:3.0.1-2 +- Add enable-buildtest-c++ to the configure options. +- Related: rhbz#1990814 + +* Tue Jan 18 2022 Sahana Prasad - 1:3.0.1-1 +- Rebase to upstream version 3.0.1 +- Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl +- Resolves: rhbz#2038910, rhbz#2035148 + +* Mon Jan 17 2022 Dmitry Belyavskiy - 1:3.0.0-7 +- Remove algorithms we don't plan to certify from fips module +- Remove native fipsmodule.cnf +- Related: rhbz#2026445 + +* Tue Dec 21 2021 Dmitry Belyavskiy - 1:3.0.0-6 +- openssl speed should run in FIPS mode +- Related: rhbz#1977318 + +* Wed Nov 24 2021 Dmitry Belyavskiy - 1:3.0.0-5 +- rebuilt for spec cleanup +- Related: rhbz#1985362 + +* Thu Nov 18 2021 Dmitry Belyavskiy - 1:3.0.0-4 +- Embed FIPS HMAC in fips.so +- Enforce loading FIPS provider when FIPS kernel flag is on +- Related: rhbz#1985362 + +* Thu Oct 07 2021 Dmitry Belyavskiy - 1:3.0.0-3 +- Fix memory leak in s_client +- Related: rhbz#1996092 + +* Mon Sep 20 2021 Dmitry Belyavskiy - 1:3.0.0-2 +- Avoid double-free on error seeding the RNG. +- KTLS and FIPS may interfere, so tests need to be tuned +- Resolves: rhbz#1952844, rhbz#1961643 + +* Thu Sep 09 2021 Sahana Prasad - 1:3.0.0-1 +- Rebase to upstream version 3.0.0 +- Related: rhbz#1990814 + +* Wed Aug 25 2021 Sahana Prasad - 1:3.0.0-0.beta2.7 +- Removes the dual-abi build as it not required anymore. The mass rebuild + was completed and all packages are rebuilt against Beta version. +- Resolves: rhbz#1984097 + +* Mon Aug 23 2021 Dmitry Belyavskiy - 1:3.0.0-0.beta2.6 +- Correctly process CMS reading from /dev/stdin +- Resolves: rhbz#1986315 + +* Mon Aug 16 2021 Sahana Prasad - 3.0.0-0.beta2.5 +- Add instruction for loading legacy provider in openssl.cnf +- Resolves: rhbz#1975836 + +* Mon Aug 16 2021 Sahana Prasad - 3.0.0-0.beta2.4 +- Adds support for IDEA encryption. +- Resolves: rhbz#1990602 + +* Tue Aug 10 2021 Sahana Prasad - 3.0.0-0.beta2.3 +- Fixes core dump in openssl req -modulus +- Fixes 'openssl req' to not ask for password when non-encrypted private key + is used +- cms: Do not try to check binary format on stdin and -rctform fix +- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 + +* Mon Aug 09 2021 Mohan Boddu - 1:3.0.0-0.beta2.2.1 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Aug 04 2021 Dmitry Belyavskiy - 3.0.0-0.beta2.2 +- When signature_algorithm extension is omitted, use more relevant alerts +- Resolves: rhbz#1965017 + +* Tue Aug 03 2021 Sahana Prasad 3.0.0-0.beta2.1 +- Rebase to upstream version beta2 +- Related: rhbz#1903209 + +* Thu Jul 22 2021 Sahana Prasad 3.0.0-0.beta1.5 +- Prevents creation of duplicate cert entries in PKCS #12 files +- Resolves: rhbz#1978670 + +* Wed Jul 21 2021 Sahana Prasad 3.0.0-0.beta1.4 +- NVR bump to update to OpenSSL 3.0 Beta1 + +* Mon Jul 19 2021 Sahana Prasad 3.0.0-0.beta1.3 +- Update patch dual-abi.patch to add the #define macros in implementation + files instead of public header files + +* Wed Jul 14 2021 Sahana Prasad 3.0.0-0.beta1.2 +- Removes unused patch dual-abi.patch + +* Wed Jul 14 2021 Sahana Prasad 3.0.0-0.beta1.1 +- Update to Beta1 version +- Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 + +* Tue Jul 06 2021 Sahana Prasad 3.0.0-0.alpha16.7 +- Fixes override of openssl_conf in openssl.cnf +- Use AI_ADDRCONFIG only when explicit host name is given +- Temporarily remove fipsmodule.cnf for arch i686 +- Fixes segmentation fault in BN_lebin2bn +- Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 + +* Fri Jul 02 2021 Sahana Prasad 3.0.0-0.alpha16.6 +- Adds FIPS mode compatibility patch (sahana@redhat.com) +- Related: rhbz#1977318 + +* Fri Jul 02 2021 Sahana Prasad 3.0.0-0.alpha16.5 +- Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) +- Temporarily disable downstream FIPS patches +- Related: rhbz#1977318 + +* Fri Jun 11 2021 Mohan Boddu 3.0.0-0.alpha16.4 +- Speeding up building openssl (dbelyavs@redhat.com) + Resolves: rhbz#1903209 + +* Fri Jun 04 2021 Sahana Prasad 3.0.0-0.alpha16.3 +- Fix reading SPKAC data from stdin +- Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 +- Return 0 after cleanup in OPENSSL_init_crypto() +- Cleanup the peer point formats on regotiation +- Fix default digest to SHA256 + +* Thu May 27 2021 Sahana Prasad 3.0.0-0.alpha16.2 +- Enable FIPS via config options + +* Mon May 17 2021 Sahana Prasad 3.0.0-0.alpha16.1 +- Update to alpha 16 version + Resolves: rhbz#1952901 openssl sends alert after orderly connection close + +* Mon Apr 26 2021 Sahana Prasad 3.0.0-0.alpha15.1 +- Update to alpha 15 version + Resolves: rhbz#1903209, rhbz#1952598, + +* Fri Apr 16 2021 Mohan Boddu - 1:3.0.0-0.alpha13.1.1 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Apr 09 2021 Sahana Prasad 3.0.0-0.alpha13.1 +- Update to new major release OpenSSL 3.0.0 alpha 13 + Resolves: rhbz#1903209