diff options
| author | Enji Cooper <ngie@FreeBSD.org> | 2025-05-07 21:18:24 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2025-05-07 22:37:22 +0000 |
| commit | 29536654cc41bf41b92dc836c47496dc6fe0b00c (patch) | |
| tree | 368a3c5b14e610bb5f6b71657f61a41e373eaf97 /test | |
| parent | 1c34280346af8284acdc0eae39496811d37df25d (diff) | |
Diffstat (limited to 'test')
313 files changed, 31735 insertions, 5482 deletions
diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index 50f68cbc1966..756c94d733e0 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -144,7 +144,7 @@ tsa_name = yes # Must the TSA name be included in the reply? ess_cert_id_chain = yes # Must the ESS cert id chain be included? # (optional, default: no) ess_cert_id_alg = sha256 # algorithm to compute certificate - # identifier (optional, default: sha1) + # identifier (optional, default: sha256) [ tsa_config2 ] diff --git a/test/README-external.md b/test/README-external.md index 3e10526b852f..d094c66f8254 100644 --- a/test/README-external.md +++ b/test/README-external.md @@ -17,7 +17,7 @@ First checkout the `PYCA/Cryptography` module into `./pyca-cryptography` using: Then configure/build OpenSSL compatible with the python module: - $ ./config shared enable-external-tests + $ ./config enable-external-tests $ make The tests will run in a python virtual environment which requires virtualenv @@ -66,7 +66,7 @@ of your system. Certain tests may require more installed packages to run. No tests are expected to fail. GOST engine test suite -=============== +====================== Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine tests against the local OpenSSL build. @@ -77,7 +77,7 @@ You will need a git checkout of gost-engine at the top level: Then configure/build OpenSSL enabling external tests: - $ ./config shared enable-external-tests + $ ./config enable-external-tests $ make GOST engine requires CMake for the build process. @@ -87,6 +87,65 @@ explicitly run (with more debugging): $ make test VERBOSE=1 TESTS=test_external_gost_engine +OQSprovider test suite +====================== + +Much like the PYCA/Cryptography test suite, this builds and runs the OQS +(OpenQuantumSafe -- www.openquantumsafe.org) provider tests against the +local OpenSSL build. + +You will need a git checkout of oqsprovider at the top level: + + $ git submodule update --init + +Then configure/build OpenSSL enabling external tests: + + $ ./config enable-external-tests + $ make + +oqsprovider requires CMake for the build process. + +OQSprovider tests will then be run as part of the rest of the suite, or can be +explicitly run (with more debugging): + + $ make test VERBOSE=1 TESTS=test_external_oqsprovider + +The names of all supported quantum-safe algorithms are available at +<https://github.com/open-quantum-safe/oqs-provider#algorithms>. + +Please note specific limitations of oqsprovider operations dependent on specific +openssl versions as documented at +<https://github.com/open-quantum-safe/oqs-provider#note-on-openssl-versions>. + +pkcs11-provider test suite +========================== + +This builds and runs pkcs11-provider tests against the local OpenSSL build. + +You will need a git checkout of pkcs11-provider at the top level: + + $ git submodule update --init + +Then configure/build OpenSSL enabling external tests: + + $ ./config enable-external-tests + $ make + +pkcs11-provider requires meson for the build process. Moreover, it requires +softhsm and nss softokn tokens and certtool, certutil, pkcs11-tool and expect +to run the tests. + +Tests will then be run as part of the rest of the suite, or can be +explicitly run (with more debugging): + + $ make test VERBOSE=1 TESTS=test_external_pkcs11_provider + +Test failures and suppressions +------------------------------ + +There are tests for different software tokens - softhsm, nss-softokn and kryoptic. +Kryoptic tests will not run at this point. Currently no test fails. + Updating test suites ==================== diff --git a/test/README.md b/test/README.md index 14ce32ecd62e..746a0156ceea 100644 --- a/test/README.md +++ b/test/README.md @@ -149,17 +149,33 @@ To run up to four tests in parallel at any given time: $ make HARNESS_JOBS=4 test +Random numbers in tests +----------------------- + +Some tests use random numbers as part of the test. In some cases a test failure +may occur for some random numbers, but not for others. The seed used for the +rand number generator can be set via the `OPENSSL_TEST_RAND_SEED` environment +variable. It can also be set via the `OPENSSL_TEST_RAND_ORDER` environment +variable which additionally randomises the order tests are run in (see below). + +When a test fails the test harness will display the seed used during the test +(displaying either the `OPENSSL_TEST_RAND_SEED` or `OPENSSL_TEST_RAND_ORDER` +environment variable value that must be used to recreate the results), e.g. + + $ make OPENSSL_TEST_RAND_SEED=42 test + Randomisation of Test Ordering ------------------------------ By default, the test harness will execute tests in the order they were added. By setting the `OPENSSL_TEST_RAND_ORDER` environment variable to zero, the -test ordering will be randomised. If a randomly ordered test fails, the -seed value used will be reported. Setting the `OPENSSL_TEST_RAND_ORDER` -environment variable to this value will rerun the tests in the same -order. This assures repeatability of randomly ordered test runs. -This repeatability is independent of the operating system, processor or -platform used. +test ordering will be randomised. This additionally seeds the random number +generator used within the tests as described in the section above. If a randomly +ordered test fails, the seed value used will be reported. Setting the +`OPENSSL_TEST_RAND_ORDER` environment variable to this value will rerun the +tests in the same order and will also seed the test random number generator. +This assures repeatability of randomly ordered test runs. This repeatability is +independent of the operating system, processor or platform used. To randomise the test ordering: diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 81ee7dfdb8d0..85a643079918 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -283,3 +283,14 @@ of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with the default Configure options. To run `ssl_test` manually from the command line in a build with a different configuration, you may need to generate the right `*.cnf` file from the `*.cnf.in` input first. + +Running a test manually via make +-------------------------------- + +Individual tests may be run by adding the SSL_TESTS variable to the `make` +command line. The SSL_TESTS variable is set to the list of input (or ".in") +files. The values in SSL_TESTS are globbed. + + $ make test TESTS=test_ssl_new SSL_TESTS="0*.cnf.in" + + $ make test TESTS=test_ssl_new SSL_TESTS="01-simple.cnf.in 05-sni.cnf.in" diff --git a/test/acvp_test.c b/test/acvp_test.c index eccf9d90a021..2bcc886fd290 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -46,6 +46,14 @@ static OSSL_PROVIDER *prov_null = NULL; static OSSL_LIB_CTX *libctx = NULL; static SELF_TEST_ARGS self_test_args = { 0 }; static OSSL_CALLBACK self_test_events; +static int pass_sig_gen_params = 1; +static int rsa_sign_x931_pad_allowed = 1; +#ifndef OPENSSL_NO_DSA +static int dsasign_allowed = 1; +#endif +#ifndef OPENSSL_NO_EC +static int ec_cofactors = 1; +#endif const OPTIONS *test_get_options(void) { @@ -93,12 +101,13 @@ static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, unsigned char *sig = NULL; size_t sig_len; size_t sz = EVP_PKEY_get_size(pkey); + OSSL_PARAM *p = pass_sig_gen_params ? params : NULL; sig_len = sz; if (!TEST_ptr(sig = OPENSSL_malloc(sz)) || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx, - NULL, pkey, NULL), 1) + NULL, pkey, p), 1) || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0)) goto err; *sig_out = sig; @@ -111,6 +120,25 @@ err: return ret; } +static int check_verify_message(EVP_PKEY_CTX *pkey_ctx, int expected) +{ + OSSL_PARAM params[2], *p = params; + int verify_message = -1; + + if (!OSSL_PROVIDER_available(libctx, "fips") + || fips_provider_version_match(libctx, "<3.4.0")) + return 1; + + *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, + &verify_message); + *p = OSSL_PARAM_construct_end(); + + if (!TEST_true(EVP_PKEY_CTX_get_params(pkey_ctx, params)) + || !TEST_int_eq(verify_message, expected)) + return 0; + return 1; +} + #ifndef OPENSSL_NO_EC static int ecdsa_keygen_test(int id) { @@ -276,6 +304,7 @@ static int ecdsa_sigver_test(int id) int ret = 0; EVP_MD_CTX *md_ctx = NULL; EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pkey_ctx; ECDSA_SIG *sign = NULL; size_t sig_len; unsigned char *sig = NULL; @@ -293,12 +322,20 @@ static int ecdsa_sigver_test(int id) goto err; rbn = sbn = NULL; - ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) - && TEST_ptr(md_ctx = EVP_MD_CTX_new()) - && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, - libctx, NULL, pkey, NULL) - && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, - tst->msg, tst->msg_len), tst->pass)); + if (!TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) + || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) + || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, + libctx, NULL, pkey, NULL)) + || !TEST_ptr(pkey_ctx = EVP_MD_CTX_get_pkey_ctx(md_ctx)) + || !check_verify_message(pkey_ctx, 1) + || !TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, + tst->msg, tst->msg_len), tst->pass) + || !check_verify_message(pkey_ctx, 1) + || !TEST_true(EVP_PKEY_verify_init(pkey_ctx)) + || !check_verify_message(pkey_ctx, 0)) + goto err; + + ret = 1; err: BN_free(rbn); BN_free(sbn); @@ -309,9 +346,71 @@ err: return ret; } + +static int ecdh_cofactor_derive_test(int tstid) +{ + int ret = 0; + const struct ecdh_cofactor_derive_st *t = &ecdh_cofactor_derive_data[tstid]; + unsigned char secret1[16]; + size_t secret1_len = sizeof(secret1); + const char *curve = "K-283"; /* A curve that has a cofactor that it not 1 */ + EVP_PKEY *peer1 = NULL, *peer2 = NULL; + EVP_PKEY_CTX *p1ctx = NULL; + OSSL_PARAM params[2], *prms = NULL; + int use_cofactordh = t->key_cofactor; + int cofactor_mode = t->derive_cofactor_mode; + + if (!ec_cofactors) + return TEST_skip("not supported by FIPS provider version"); + + if (!TEST_ptr(peer1 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve))) + return TEST_skip("Curve %s not supported by the FIPS provider", curve); + + if (!TEST_ptr(peer2 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve))) + goto err; + + params[1] = OSSL_PARAM_construct_end(); + + prms = NULL; + if (t->key_cofactor != COFACTOR_NOT_SET) { + params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + &use_cofactordh); + prms = params; + } + if (!TEST_int_eq(EVP_PKEY_set_params(peer1, prms), 1) + || !TEST_ptr(p1ctx = EVP_PKEY_CTX_new_from_pkey(libctx, peer1, NULL))) + goto err; + + prms = NULL; + if (t->derive_cofactor_mode != COFACTOR_NOT_SET) { + params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, + &cofactor_mode); + prms = params; + } + if (!TEST_int_eq(EVP_PKEY_derive_init_ex(p1ctx, prms), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(p1ctx, peer2), 1) + || !TEST_int_eq(EVP_PKEY_derive(p1ctx, secret1, &secret1_len), + t->expected)) + goto err; + + ret = 1; +err: + if (ret == 0) { + static const char *state[] = { "unset", "-1", "disabled", "enabled" }; + + TEST_note("ECDH derive() was expected to %s if key cofactor is" + "%s and derive mode is %s", t->expected ? "Pass" : "Fail", + state[2 + t->key_cofactor], state[2 + t->derive_cofactor_mode]); + } + EVP_PKEY_free(peer1); + EVP_PKEY_free(peer2); + EVP_PKEY_CTX_free(p1ctx); + return ret; +} + #endif /* OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name, unsigned char **out, size_t *out_len) { @@ -333,6 +432,91 @@ err: OPENSSL_free(buf); return 0; } +#endif /* !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) */ + +#ifndef OPENSSL_NO_ECX +static int eddsa_create_pkey(EVP_PKEY **pkey, const char *algname, + const unsigned char *pub, size_t pub_len, + int expected) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub, pub_len) > 0) + || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, NULL)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, + params), expected)) + goto err; + + ret = 1; +err: + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int eddsa_pub_verify_test(int id) +{ + const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id]; + int ret = 0; + EVP_PKEY_CTX *key_ctx = NULL; + EVP_PKEY *pkey = NULL; + + if (!TEST_true(eddsa_create_pkey(&pkey, tst->curve_name, + tst->pub, tst->pub_len, 1))) + goto err; + + if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) + || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass)) + goto err; + ret = 1; +err: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(key_ctx); + return ret; +} + +static int eddsa_keygen_test(int id) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *priv = NULL, *pub = NULL; + size_t priv_len = 0, pub_len = 0; + const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id]; + + self_test_args.called = 0; + self_test_args.enable = 1; + if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, tst->curve_name)) + || !TEST_int_ge(self_test_args.called, 3) + || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, + &priv, &priv_len)) + || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub, + &pub_len))) + goto err; + + test_output_memory("q", pub, pub_len); + test_output_memory("d", priv, priv_len); + ret = 1; +err: + self_test_args.enable = 0; + self_test_args.called = 0; + OPENSSL_clear_free(priv, priv_len); + OPENSSL_free(pub); + EVP_PKEY_free(pkey); + return ret; +} + +#endif /* OPENSSL_NO_ECX */ + +#ifndef OPENSSL_NO_DSA static EVP_PKEY *dsa_paramgen(int L, int N) { @@ -344,7 +528,7 @@ static EVP_PKEY *dsa_paramgen(int L, int N) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N)) || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) - return NULL; + TEST_info("dsa_paramgen failed"); EVP_PKEY_CTX_free(paramgen_ctx); return param_key; } @@ -375,6 +559,8 @@ static int dsa_keygen_test(int id) size_t priv_len = 0, pub_len = 0; const struct dsa_paramgen_st *tst = &dsa_keygen_data[id]; + if (!dsasign_allowed) + return TEST_skip("DSA signing is not allowed"); if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N)) || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, NULL)) @@ -418,23 +604,31 @@ static int dsa_paramgen_test(int id) if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L)) - || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N)) - || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) - || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, - &p, &plen)) - || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, - &q, &qlen)) - || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED, - &seed, &seedlen)) - || !TEST_true(EVP_PKEY_get_int_param(param_key, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - &counter))) + || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, + tst->N))) goto err; - test_output_memory("p", p, plen); - test_output_memory("q", q, qlen); - test_output_memory("domainSeed", seed, seedlen); - test_printf_stderr("%s: %d\n", "counter", counter); + if (!dsasign_allowed) { + if (!TEST_false(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) + goto err; + } else { + if (!TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) + || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, + &p, &plen)) + || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, + &q, &qlen)) + || !TEST_true(pkey_get_octet_bytes(param_key, + OSSL_PKEY_PARAM_FFC_SEED, + &seed, &seedlen)) + || !TEST_true(EVP_PKEY_get_int_param(param_key, + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &counter))) + goto err; + test_output_memory("p", p, plen); + test_output_memory("q", q, qlen); + test_output_memory("domainSeed", seed, seedlen); + test_printf_stderr("%s: %d\n", "counter", counter); + } ret = 1; err: OPENSSL_free(p); @@ -594,15 +788,19 @@ static int dsa_siggen_test(int id) size_t sig_len = 0, rlen = 0, slen = 0; const struct dsa_siggen_st *tst = &dsa_siggen_data[id]; - if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N))) - goto err; - - if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, - &sig, &sig_len)) - || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) - goto err; - test_output_memory("r", r, rlen); - test_output_memory("s", s, slen); + if (!dsasign_allowed) { + if (!TEST_ptr_null(pkey = dsa_keygen(tst->L, tst->N))) + goto err; + } else { + if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N))) + goto err; + if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, + &sig, &sig_len)) + || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) + goto err; + test_output_memory("r", r, rlen); + test_output_memory("s", s, slen); + } ret = 1; err: OPENSSL_free(r); @@ -807,13 +1005,14 @@ static int aes_gcm_enc_dec(const char *alg, const unsigned char *aad, size_t aad_len, const unsigned char *ct, size_t ct_len, const unsigned char *tag, size_t tag_len, - int enc, int pass) + int enc, int pass, + unsigned char *out, int *out_len, + unsigned char *outiv) { int ret = 0; EVP_CIPHER_CTX *ctx; EVP_CIPHER *cipher = NULL; - int out_len, len; - unsigned char out[1024]; + int olen, len; TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", pass ? "pass" : "fail"); @@ -831,9 +1030,9 @@ static int aes_gcm_enc_dec(const char *alg, goto err; } /* - * For testing purposes the IV it being set here. In a compliant application - * the IV would be generated internally. A fake entropy source could also - * be used to feed in the random IV bytes (see fake_random.c) + * For testing purposes the IV may be passed in here. In a compliant + * application the IV would be generated internally. A fake entropy source + * could also be used to feed in the random IV bytes (see fake_random.c) */ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) @@ -841,23 +1040,46 @@ static int aes_gcm_enc_dec(const char *alg, || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))) goto err; - if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass)) + if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &olen), pass)) goto err; if (!pass) { ret = 1; goto err; } - out_len += len; + olen += len; if (enc) { - if (!TEST_mem_eq(out, out_len, ct, ct_len) - || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len), 0) - || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) - goto err; + if ((ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len)) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + olen), 0) + || (tag != NULL + && !TEST_mem_eq(out + olen, tag_len, tag, tag_len))) + goto err; } else { - if (!TEST_mem_eq(out, out_len, ct, ct_len)) + if (ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len)) + goto err; + } + + { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM *p = params; + unsigned int iv_generated = -1; + const OSSL_PARAM *gettables = EVP_CIPHER_CTX_gettable_params(ctx); + const char *ivgenkey = OSSL_CIPHER_PARAM_AEAD_IV_GENERATED; + int ivgen = (OSSL_PARAM_locate_const(gettables, ivgenkey) != NULL); + + if (ivgen != 0) + *p++ = OSSL_PARAM_construct_uint(ivgenkey, &iv_generated); + if (outiv != NULL) + *p = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, + outiv, iv_len); + if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) + goto err; + if (ivgen != 0 + && !TEST_uint_eq(iv_generated, (enc == 0 || iv != NULL ? 0 : 1))) goto err; } + if (out_len != NULL) + *out_len = olen; ret = 1; err: @@ -871,23 +1093,45 @@ static int aes_gcm_enc_dec_test(int id) const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id]; int enc = 1; int pass = 1; + unsigned char out[1024]; return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, tst->key, tst->key_len, tst->iv, tst->iv_len, tst->aad, tst->aad_len, tst->ct, tst->ct_len, tst->tag, tst->tag_len, - enc, pass) + enc, pass, out, NULL, NULL) && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, tst->key, tst->key_len, tst->iv, tst->iv_len, tst->aad, tst->aad_len, tst->pt, tst->pt_len, tst->tag, tst->tag_len, - !enc, pass) + !enc, pass, out, NULL, NULL) /* Fail if incorrect tag passed to decrypt */ && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, tst->key, tst->key_len, tst->iv, tst->iv_len, tst->aad, tst->aad_len, tst->pt, tst->pt_len, tst->aad, tst->tag_len, - !enc, !pass); + !enc, !pass, out, NULL, NULL); +} + +static int aes_gcm_gen_iv_internal_test(void) +{ + const struct cipher_gcm_st *tst = &aes_gcm_enc_data[0]; + int enc = 1; + int pass = 1; + int out_len = 0; + unsigned char out[1024]; + unsigned char iv[16]; + + return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, + tst->key, tst->key_len, + NULL, tst->iv_len, tst->aad, tst->aad_len, + NULL, tst->ct_len, NULL, tst->tag_len, + enc, pass, out, &out_len, iv) + && aes_gcm_enc_dec(tst->alg, out, out_len, + tst->key, tst->key_len, + iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, out + out_len, tst->tag_len, + !enc, pass, out, NULL, NULL); } #ifndef OPENSSL_NO_DH @@ -1165,6 +1409,10 @@ static int rsa_siggen_test(int id) const struct rsa_siggen_st *tst = &rsa_siggen_data[id]; int salt_len = tst->pss_salt_len; + if (!rsa_sign_x931_pad_allowed + && (strcmp(tst->sig_pad_mode, OSSL_PKEY_RSA_PAD_MODE_X931) == 0)) + return TEST_skip("x931 signing is not allowed"); + TEST_note("RSA %s signature generation", tst->sig_pad_mode); p = params; @@ -1178,11 +1426,11 @@ static int rsa_siggen_test(int id) *p++ = OSSL_PARAM_construct_end(); if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod)) - || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) - || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) - || !TEST_true(sig_gen(pkey, params, tst->digest_alg, - tst->msg, tst->msg_len, - &sig, &sig_len))) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) + || !TEST_true(sig_gen(pkey, params, tst->digest_alg, + tst->msg, tst->msg_len, + &sig, &sig_len))) goto err; test_output_memory("n", n, n_len); test_output_memory("e", e, e_len); @@ -1218,7 +1466,7 @@ static int rsa_sigver_test(int id) if (salt_len >= 0) *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, &salt_len); - *p++ = OSSL_PARAM_construct_end(); + *p = OSSL_PARAM_construct_end(); if (!TEST_ptr(bn_ctx = BN_CTX_new()) || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len, @@ -1227,10 +1475,15 @@ static int rsa_sigver_test(int id) || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, tst->digest_alg, libctx, NULL, pkey, NULL)) + || !check_verify_message(pkey_ctx, 1) || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params)) || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len, - tst->msg, tst->msg_len), tst->pass)) + tst->msg, tst->msg_len), tst->pass) + || !check_verify_message(pkey_ctx, 1) + || !TEST_true(EVP_PKEY_verify_init(pkey_ctx)) + || !check_verify_message(pkey_ctx, 0)) goto err; + ret = 1; err: EVP_PKEY_free(pkey); @@ -1381,6 +1634,8 @@ static int drbg_test(int id) res = 1; err: EVP_RAND_CTX_free(ctx); + /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */ + /* coverity[pass_freed_arg] */ EVP_RAND_CTX_free(parent); EVP_RAND_free(rand); return res; @@ -1462,7 +1717,11 @@ int setup_tests(void) ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data)); ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data)); ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data)); + if (fips_provider_version_ge(libctx, 3, 4, 0)) + ADD_TEST(aes_gcm_gen_iv_internal_test); + pass_sig_gen_params = fips_provider_version_ge(libctx, 3, 4, 0); + rsa_sign_x931_pad_allowed = fips_provider_version_lt(libctx, 3, 4, 0); ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data)); ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data)); ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data)); @@ -1477,6 +1736,7 @@ int setup_tests(void) #endif /* OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DSA + dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0); ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data)); @@ -1485,12 +1745,21 @@ int setup_tests(void) #endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC + ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0); ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data)); ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data)); ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data)); + ADD_ALL_TESTS(ecdh_cofactor_derive_test, + OSSL_NELEM(ecdh_cofactor_derive_data)); #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_ECX + if (fips_provider_version_ge(libctx, 3, 4, 0)) { + ADD_ALL_TESTS(eddsa_keygen_test, OSSL_NELEM(eddsa_pv_data)); + ADD_ALL_TESTS(eddsa_pub_verify_test, OSSL_NELEM(eddsa_pv_data)); + } +#endif ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data)); return 1; } diff --git a/test/acvp_test.inc b/test/acvp_test.inc index ad11d3ae1eb5..67787f3740bb 100644 --- a/test/acvp_test.inc +++ b/test/acvp_test.inc @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,6 +45,12 @@ struct ecdsa_sigver_st { int pass; }; +struct ecdh_cofactor_derive_st { + int derive_cofactor_mode; + int key_cofactor; + int expected; +}; + static const struct ecdsa_keygen_st ecdsa_keygen_data[] = { { "P-224" }, }; @@ -231,8 +237,152 @@ static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { }, }; +/* + * FIPS EC DH key derivation requires the use of the cofactor if a curve has a + * cofactor that is not 1. The cofactor option is determined by either + * (1) The derive ctx using OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE or via + * (2) The EVP_PKEY (used by the derive) using OSSL_PKEY_PARAM_USE_COFACTOR_ECDH + * Test all combinations of these. + * Notes: + * COFACTOR_MODE is -1 by default. (It can be -1, 0, or 1). + * OSSL_PKEY_PARAM_USE_COFACTOR_ECDH is 0 by default. (It can be 0 or 1) + * + * OSSL_PKEY_PARAM_USE_COFACTOR_ECDH is only used if the COFACTOR_MODE is -1. + * + * If the cofactor is not set by either then the derived is expected to fail. + */ +# define COFACTOR_NOT_SET -2 /* Use the default by not setting the param */ +static const struct ecdh_cofactor_derive_st ecdh_cofactor_derive_data[] = { + { COFACTOR_NOT_SET, COFACTOR_NOT_SET, 0 }, + { COFACTOR_NOT_SET, 0, 0 }, + { COFACTOR_NOT_SET, 1, 1 }, + { -1, COFACTOR_NOT_SET, 0 }, + { -1, 0, 0 }, + { -1, 1, 1 }, + { 0, COFACTOR_NOT_SET, 0 }, + { 0, 0, 0 }, + { 0, 1, 0 }, + { 1, COFACTOR_NOT_SET, 1 }, + { 1, 0, 1 }, + { 1, 1, 1 } +}; + #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_ECX + +/* + * Test vectors obtained from + * https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/EDDSA-KeyVer-1.0 + */ +static const unsigned char ed25519_pv_pub0[] = { + 0xBE, 0xE1, 0x6F, 0x5B, 0x4A, 0x24, 0xEF, 0xF8, + 0xA6, 0x54, 0x0C, 0x04, 0x5C, 0xC4, 0x51, 0xCA, + 0x3A, 0x4E, 0x9B, 0x86, 0xDC, 0x5D, 0xE8, 0x12, + 0x0C, 0xDD, 0x1C, 0x23, 0x8E, 0x3F, 0x22, 0x7D +}; +static const unsigned char ed25519_pv_pub1[] = { + 0x1E, 0xE7, 0x74, 0x94, 0x73, 0xA1, 0xB8, 0x98, + 0xBF, 0x8C, 0x81, 0x11, 0x8E, 0x76, 0xEE, 0x8B, + 0xDB, 0xD4, 0x8C, 0x19, 0x29, 0xF7, 0x47, 0x2A, + 0x18, 0xAD, 0xCE, 0xFE, 0x2F, 0x8A, 0x25, 0x69 +}; +static const unsigned char ed25519_pv_pub2[] = { + 0x61, 0x4B, 0xC0, 0xBE, 0x80, 0xE6, 0xC6, 0x35, + 0xDC, 0xF5, 0x65, 0xE6, 0xCE, 0xEE, 0x1C, 0x14, + 0x3C, 0xF4, 0x46, 0xAC, 0x22, 0x82, 0xA0, 0xCE, + 0x28, 0xE6, 0x53, 0x62, 0x48, 0x3D, 0x8B, 0x94 +}; +static const unsigned char ed25519_pv_pub3[] = { + 0x38, 0x95, 0x95, 0x90, 0x4D, 0x7E, 0xDC, 0x9B, + 0xF3, 0xB6, 0xF9, 0x52, 0x40, 0xC4, 0x50, 0xC4, + 0x72, 0xC0, 0x5E, 0x83, 0x8E, 0x84, 0xD5, 0x9A, + 0x10, 0x3D, 0xCC, 0xFA, 0xD6, 0x19, 0x61, 0x07 +}; +static const unsigned char ed448_pv_pub0[] = { + 0xC3, 0xA9, 0x2B, 0xDD, 0xF1, 0x9C, 0x1F, 0xF1, + 0x69, 0x0E, 0xB0, 0x42, 0x73, 0x85, 0xCB, 0x8F, + 0x74, 0xE6, 0x49, 0x63, 0xF0, 0xF3, 0xA6, 0x28, + 0x11, 0xDB, 0x10, 0x54, 0x70, 0x52, 0x38, 0xB6, + 0xCE, 0x62, 0xE0, 0x9F, 0x7A, 0xD5, 0xA2, 0xFF, + 0xA9, 0xB4, 0xA1, 0xCD, 0x5E, 0x67, 0x6E, 0xFB, + 0x1B, 0x1C, 0xAE, 0x58, 0xF5, 0xE1, 0x74, 0x8C, + 0x00 +}; +static const unsigned char ed448_pv_pub1[] = { + 0x94, 0xFE, 0x99, 0x25, 0x2F, 0x5C, 0x05, 0x69, + 0xBF, 0x8B, 0x5B, 0xDD, 0x32, 0x61, 0x50, 0x08, + 0x95, 0x05, 0xEE, 0x44, 0x04, 0xCF, 0x76, 0x44, + 0x17, 0x56, 0x82, 0x03, 0xF1, 0x3A, 0xBB, 0x13, + 0xBB, 0xC6, 0x3E, 0xCE, 0xE2, 0x1F, 0xEC, 0x06, + 0x90, 0xA9, 0x53, 0x10, 0xB6, 0x86, 0x4D, 0x71, + 0x29, 0x1B, 0x12, 0xCE, 0x3A, 0x86, 0xFD, 0xE0, + 0x80 +}; +static const unsigned char ed448_pv_pub2[] = { + 0xD0, 0x88, 0xF0, 0xA9, 0x94, 0x86, 0x31, 0x9A, + 0xC7, 0xD0, 0x8C, 0x7C, 0xE4, 0xEB, 0xA0, 0x6C, + 0xF3, 0xF7, 0x20, 0x3A, 0xA9, 0x4C, 0x85, 0xEC, + 0x30, 0x10, 0xD7, 0x1A, 0x4B, 0x21, 0xA2, 0xFF, + 0x7F, 0x3D, 0xEF, 0xA9, 0x45, 0x28, 0x53, 0x30, + 0x16, 0x34, 0x3C, 0x4F, 0x19, 0xF5, 0xA3, 0x80, + 0xF4, 0x42, 0xFB, 0xE6, 0x3B, 0xEE, 0x35, 0x4D, + 0x80 +}; +static const unsigned char ed448_pv_pub3[] = { + 0x45, 0x42, 0x38, 0x5F, 0x3D, 0xD3, 0x4A, 0x84, + 0x87, 0x74, 0x56, 0x27, 0x62, 0x4E, 0xA2, 0xA9, + 0xE8, 0xB2, 0x45, 0x9E, 0x1A, 0xF4, 0x5D, 0xCB, + 0x70, 0x51, 0xBD, 0xD2, 0xEE, 0x07, 0xB9, 0x32, + 0xFD, 0x5E, 0xCA, 0x47, 0x56, 0xB0, 0x06, 0xC0, + 0xEF, 0xC0, 0x43, 0x5F, 0xE2, 0x1C, 0xAA, 0xE9, + 0x10, 0x6F, 0xD7, 0x16, 0xFC, 0xBE, 0xF4, 0xB8, + 0x80 +}; + +static const struct ecdsa_pub_verify_st eddsa_pv_data[] = { + { + "ED25519", + ITM(ed25519_pv_pub0), + FAIL + }, + { + "ED25519", + ITM(ed25519_pv_pub1), + FAIL + }, + { + "ED25519", + ITM(ed25519_pv_pub2), + PASS + }, + { + "ED25519", + ITM(ed25519_pv_pub3), + PASS + }, + { + "ED448", + ITM(ed448_pv_pub0), + FAIL + }, + { + "ED448", + ITM(ed448_pv_pub1), + FAIL + }, + { + "ED448", + ITM(ed448_pv_pub2), + PASS + }, + { + "ED448", + ITM(ed448_pv_pub3), + PASS + }, +}; +#endif /* OPENSSL_NO_ECX */ #ifndef OPENSSL_NO_DSA @@ -1225,7 +1375,7 @@ static const struct rsa_siggen_st rsa_siggen_data[] = { 2048, "SHA384", ITM(rsa_siggen0_msg), - 62 + 48 }, }; @@ -1391,70 +1541,70 @@ static const unsigned char rsa_sigver15_1_sig[] = { }; static const unsigned char rsa_sigverpss_0_n[] = { - 0xb2, 0xee, 0xdd, 0xdf, 0xa0, 0x35, 0x92, 0x21, - 0xf4, 0x8e, 0xc3, 0x24, 0x39, 0xed, 0xe2, 0x38, - 0xc0, 0xaa, 0xff, 0x35, 0x75, 0x27, 0x05, 0xd4, - 0x84, 0x78, 0x23, 0x50, 0xa5, 0x64, 0x1e, 0x11, - 0x45, 0x2a, 0xb1, 0xeb, 0x97, 0x07, 0x0b, 0xff, - 0xb3, 0x1f, 0xc4, 0xa4, 0x80, 0xae, 0x1c, 0x8c, - 0x66, 0x71, 0x95, 0x80, 0x60, 0xea, 0x4d, 0xde, - 0x90, 0x98, 0xe8, 0xe2, 0x96, 0xa7, 0x0e, 0x5f, - 0x00, 0x74, 0xed, 0x79, 0xc3, 0xe2, 0xc2, 0x4e, - 0xbe, 0x07, 0xbd, 0xb1, 0xb2, 0xeb, 0x6c, 0x29, - 0x9a, 0x59, 0x29, 0x81, 0xa3, 0x83, 0xa3, 0x00, - 0x24, 0xa8, 0xfd, 0x45, 0xbb, 0xca, 0x1e, 0x44, - 0x47, 0xbb, 0x82, 0x4a, 0x5b, 0x71, 0x46, 0xc0, - 0xb4, 0xcc, 0x1b, 0x5e, 0x88, 0x9c, 0x89, 0x69, - 0xb4, 0xb0, 0x7c, 0x8e, 0xea, 0x24, 0xc0, 0x2f, - 0xc8, 0x3f, 0x9d, 0x9f, 0x43, 0xd3, 0xf0, 0x25, - 0x67, 0xf1, 0xf0, 0x9b, 0xd4, 0xff, 0x17, 0x9f, - 0xc3, 0x41, 0x2f, 0x53, 0x33, 0xdd, 0x73, 0x8a, - 0x5c, 0x74, 0x04, 0x3b, 0x60, 0xcc, 0x9f, 0xca, - 0x01, 0xb0, 0x0d, 0xe0, 0xcf, 0xb2, 0xf0, 0x08, - 0x73, 0xb6, 0x67, 0x6c, 0x54, 0x9e, 0x1c, 0x01, - 0xb5, 0x34, 0xab, 0xcf, 0x77, 0xfe, 0x04, 0x01, - 0xc1, 0xd2, 0x4d, 0x47, 0x60, 0x5c, 0x68, 0x47, - 0x8a, 0x47, 0x3c, 0x3a, 0xa3, 0xb2, 0x75, 0x87, - 0x6e, 0x01, 0x7b, 0xdb, 0xe9, 0x6e, 0x63, 0xb2, - 0x65, 0xab, 0xc6, 0xed, 0x0d, 0xa6, 0x84, 0xff, - 0xf3, 0xcf, 0xd3, 0x9a, 0x96, 0x9b, 0x5c, 0x22, - 0xf8, 0x07, 0x7d, 0x63, 0x75, 0x50, 0x91, 0x5b, - 0xc4, 0x1f, 0x29, 0x1f, 0x5d, 0xb0, 0x6e, 0xfa, - 0x9b, 0x16, 0xf0, 0xe4, 0xda, 0x2c, 0x94, 0x20, - 0x9b, 0x44, 0x51, 0x38, 0xd0, 0xe4, 0x86, 0xc9, - 0x76, 0x12, 0x04, 0x1a, 0x25, 0x14, 0xb7, 0x14, - 0xdb, 0x6e, 0xd2, 0xc3, 0x57, 0x2c, 0x4c, 0xec, - 0xfe, 0x25, 0xed, 0x3e, 0xe3, 0x26, 0xa8, 0xd4, - 0xd0, 0x21, 0xbc, 0x09, 0x7e, 0xb0, 0x02, 0x3c, - 0xa3, 0x43, 0xa4, 0x1f, 0x73, 0x54, 0x5f, 0xa3, - 0xe2, 0x49, 0x4e, 0x25, 0xe8, 0xfc, 0xfb, 0xa9, - 0x29, 0xc0, 0x7d, 0xd0, 0x06, 0xd5, 0x5c, 0x52, - 0x68, 0x3c, 0xf8, 0xc5, 0xdb, 0x92, 0x27, 0x7c, - 0xd8, 0x56, 0x1a, 0x7d, 0xe3, 0x32, 0xe5, 0x08, - 0xc9, 0x36, 0x9d, 0x7e, 0xd2, 0x2d, 0xc2, 0x53, - 0xf2, 0x7e, 0xce, 0x8a, 0x10, 0x5c, 0xf7, 0xe9, - 0x99, 0xa6, 0xa8, 0xf5, 0x8d, 0x6c, 0xed, 0xf3, - 0xa1, 0xc8, 0x2a, 0x75, 0x77, 0x99, 0x18, 0xe1, - 0x32, 0xdb, 0x35, 0x4a, 0x8b, 0x4a, 0xec, 0xc2, - 0x15, 0xe9, 0x4b, 0x89, 0x13, 0x81, 0xfb, 0x0c, - 0xf9, 0xb4, 0xd8, 0xee, 0xb5, 0xba, 0x45, 0xa1, - 0xea, 0x01, 0xf9, 0xbb, 0xd5, 0xa1, 0x73, 0xa1, - 0x5b, 0xef, 0x98, 0xa8, 0xcf, 0x74, 0xf4, 0xd5, - 0x1a, 0xe2, 0xa7, 0xb9, 0x37, 0x43, 0xb1, 0x29, - 0x94, 0xc3, 0x71, 0x74, 0x34, 0x7d, 0x6f, 0xac, - 0x97, 0xb3, 0x5b, 0x3a, 0x0a, 0x3c, 0xe2, 0x94, - 0x6c, 0x39, 0xb8, 0xe9, 0x2c, 0xf9, 0xc3, 0x8b, - 0xd1, 0x80, 0x4d, 0x22, 0x64, 0x63, 0x20, 0x1b, - 0xeb, 0xf9, 0x09, 0x14, 0x86, 0x6e, 0xf4, 0x6d, - 0xfc, 0xe5, 0x1b, 0xf7, 0xf2, 0xe0, 0x4d, 0xc8, - 0xeb, 0x24, 0x35, 0x16, 0x0a, 0x81, 0x9f, 0x9e, - 0x47, 0xd8, 0xea, 0x85, 0xda, 0x77, 0x6c, 0x3d, - 0xd4, 0xa9, 0x15, 0xbd, 0xda, 0x5d, 0xf0, 0x72, - 0x8d, 0xb5, 0x12, 0x72, 0xb1, 0x62, 0xa0, 0xad, - 0xc8, 0x0e, 0x5b, 0x47, 0x4c, 0x69, 0xf7, 0x07, - 0xe8, 0xd9, 0x9b, 0xc7, 0x2f, 0xd5, 0x68, 0x1e, - 0x1c, 0xe0, 0x8f, 0x40, 0x45, 0x5f, 0x08, 0xc8, - 0x95, 0x57, 0xb7, 0x35, 0x92, 0x97, 0xf9, 0x7d, + 0xb2, 0x76, 0x6c, 0x31, 0x01, 0x15, 0xd8, 0xe7, + 0x88, 0xd3, 0x4a, 0xb2, 0x75, 0xc8, 0xeb, 0x1f, + 0xd4, 0xe3, 0xf7, 0xbc, 0x83, 0xb6, 0xe7, 0x88, + 0x1f, 0x77, 0x36, 0xe1, 0x61, 0x2b, 0xa1, 0x83, + 0xe5, 0x0b, 0x59, 0x8c, 0xd9, 0x7c, 0x88, 0x3e, + 0x68, 0xef, 0x71, 0x1b, 0x72, 0x5d, 0x5e, 0xfe, + 0xa8, 0x1f, 0xe9, 0x8c, 0x41, 0x18, 0xd3, 0x90, + 0x2f, 0x6d, 0xc3, 0x46, 0x74, 0x69, 0x9b, 0xe1, + 0x46, 0x9c, 0x9d, 0xaf, 0x5c, 0x36, 0xb8, 0x54, + 0xf0, 0x67, 0xcb, 0x2c, 0xf4, 0x81, 0x7a, 0x4d, + 0xaf, 0x1b, 0x53, 0xc9, 0x3d, 0xbf, 0x2e, 0xee, + 0xe2, 0xe5, 0x00, 0x34, 0x58, 0xfd, 0x9f, 0xd0, + 0xa5, 0xdf, 0x20, 0x04, 0x41, 0x5f, 0x1b, 0x53, + 0xd5, 0x25, 0x9a, 0x06, 0x9d, 0xb6, 0x57, 0xa0, + 0x3e, 0xea, 0x21, 0x32, 0x85, 0xed, 0x34, 0xcb, + 0x4e, 0x96, 0xcc, 0xe6, 0xe0, 0x86, 0x9a, 0x38, + 0xeb, 0x1c, 0xb0, 0x9c, 0x90, 0xf1, 0xca, 0xe0, + 0x56, 0x1e, 0xf3, 0x90, 0xe0, 0xa8, 0x1f, 0x18, + 0xcf, 0xac, 0x22, 0xec, 0x72, 0x59, 0xfd, 0x08, + 0x41, 0x68, 0xc0, 0x7a, 0x19, 0xfe, 0x85, 0x6b, + 0x7a, 0xf8, 0x20, 0x80, 0x66, 0xf2, 0xfc, 0x27, + 0xc7, 0xa9, 0x39, 0xa7, 0x39, 0x01, 0xed, 0x78, + 0xa7, 0x5f, 0xa5, 0x48, 0x99, 0x55, 0xb5, 0x0f, + 0xb3, 0x08, 0x14, 0x00, 0xfc, 0xc1, 0x5a, 0xb8, + 0xa1, 0xd4, 0xfd, 0x9b, 0xb8, 0xbc, 0x3b, 0x7f, + 0x0b, 0x2e, 0x52, 0x22, 0x01, 0xc0, 0x24, 0x2b, + 0xda, 0xfd, 0x61, 0xfc, 0x72, 0xe7, 0x72, 0x84, + 0x7d, 0x57, 0xae, 0x52, 0xda, 0x47, 0x29, 0xac, + 0x4b, 0x52, 0xb5, 0x0c, 0xa8, 0xe7, 0x70, 0x5d, + 0x06, 0x67, 0x29, 0xb2, 0x68, 0xae, 0xb5, 0x27, + 0x84, 0xab, 0x8f, 0x26, 0x8b, 0x6e, 0x8a, 0x61, + 0x25, 0x11, 0x92, 0xc6, 0x07, 0x7e, 0x05, 0x19, + 0xc2, 0xf3, 0xbc, 0xb1, 0xf9, 0x2d, 0x6e, 0x52, + 0x85, 0x1c, 0x72, 0xd8, 0x71, 0x58, 0x70, 0x8a, + 0x85, 0x7e, 0x2e, 0x89, 0xb1, 0x0c, 0xe2, 0x46, + 0xf6, 0x09, 0x79, 0x36, 0x02, 0xae, 0xb9, 0x87, + 0x29, 0x02, 0x98, 0x1c, 0x83, 0x89, 0x3b, 0xa1, + 0xd2, 0xfa, 0x92, 0x92, 0x3e, 0x40, 0x05, 0xf5, + 0xd6, 0x57, 0xda, 0xea, 0x77, 0x6f, 0xb2, 0x8e, + 0xdc, 0xfd, 0xdb, 0xb9, 0x78, 0xe1, 0xb0, 0xb8, + 0x57, 0x93, 0x60, 0x6a, 0xb7, 0x70, 0x48, 0x9e, + 0x52, 0xd8, 0x82, 0xd2, 0x3b, 0xa3, 0x7e, 0x92, + 0x5e, 0x5d, 0x5a, 0x88, 0xa0, 0x1f, 0x3c, 0x40, + 0xd3, 0xc5, 0xdf, 0xa1, 0x18, 0x38, 0xe5, 0xe8, + 0xdc, 0x59, 0x82, 0x55, 0x3a, 0x3a, 0x61, 0x4a, + 0xed, 0x63, 0xf0, 0xa3, 0x61, 0x1e, 0x2e, 0x16, + 0x35, 0xad, 0x99, 0x36, 0x3f, 0x1d, 0xc5, 0x36, + 0xc6, 0xcd, 0x5c, 0x80, 0x3d, 0x48, 0x29, 0xf3, + 0x37, 0xcd, 0xe1, 0xf7, 0x98, 0x27, 0x3c, 0x1e, + 0x2d, 0x7a, 0xbe, 0xf3, 0x81, 0x66, 0xc7, 0xf3, + 0x70, 0xb2, 0xe4, 0xb0, 0x86, 0x9b, 0xba, 0x00, + 0x2a, 0xeb, 0x08, 0xd1, 0xa2, 0x3f, 0x4c, 0x2e, + 0x7b, 0x87, 0xe1, 0x3b, 0xb9, 0xba, 0x3e, 0x78, + 0xaf, 0x46, 0x89, 0x14, 0x01, 0x5d, 0x3b, 0x7c, + 0x3e, 0x35, 0x58, 0xea, 0x76, 0x4a, 0xb2, 0xf8, + 0x9b, 0x94, 0x2c, 0xa6, 0xf3, 0x19, 0x85, 0xc0, + 0x91, 0x52, 0xc7, 0x57, 0x65, 0x99, 0x7a, 0x65, + 0xaf, 0xd9, 0x01, 0xed, 0xea, 0x64, 0x8a, 0x0a, + 0x62, 0x77, 0x14, 0xb0, 0xf6, 0xe2, 0x03, 0xdd, + 0x3a, 0x81, 0x62, 0x30, 0x40, 0x66, 0xfe, 0xbc, + 0xbd, 0x2a, 0xae, 0x6f, 0xd8, 0x94, 0xfd, 0xf1, + 0xd6, 0x9b, 0xb7, 0xe4, 0x0f, 0xae, 0xfe, 0x10, + 0x63, 0x72, 0x36, 0xc8, 0x75, 0x7c, 0x8e, 0xff, + 0x3f, 0xd6, 0xb4, 0x5e, 0xdc, 0xda, 0x5d, 0x4d }; static const unsigned char rsa_sigverpss_0_e[] = { 0x01, 0x00, 0x01, @@ -1478,70 +1628,70 @@ static const unsigned char rsa_sigverpss_0_msg[] = { 0x10, 0xe1, 0x92, 0xc3, 0x58, 0x51, 0xab, 0x7c, }; static const unsigned char rsa_sigverpss_0_sig[] = { - 0x43, 0xb2, 0x4a, 0x50, 0xa7, 0xe2, 0x6c, 0x5d, - 0x50, 0xc5, 0x39, 0xc1, 0xc1, 0x35, 0xbd, 0x66, - 0xbd, 0x86, 0x54, 0xc5, 0x2e, 0x65, 0xfc, 0x19, - 0x19, 0x6a, 0x22, 0x43, 0x22, 0x11, 0x26, 0xae, - 0x51, 0x78, 0xfa, 0xfa, 0xc1, 0xf0, 0x77, 0x1b, - 0xd6, 0x5b, 0x93, 0xbd, 0x84, 0xe4, 0x35, 0xbd, - 0x8d, 0x91, 0xb2, 0x7c, 0xb2, 0xb1, 0xda, 0xd7, - 0x72, 0x62, 0x88, 0x3e, 0xe9, 0x40, 0x27, 0x4e, - 0xa5, 0x17, 0x94, 0xf1, 0xe9, 0xdd, 0x8c, 0x6c, - 0x5b, 0xc0, 0x0b, 0xe3, 0x7c, 0x8b, 0xc8, 0x10, - 0x57, 0x35, 0x69, 0xb7, 0x56, 0xe0, 0x2f, 0x61, - 0x2e, 0x13, 0x11, 0x79, 0xfa, 0x60, 0x8f, 0x2a, - 0x65, 0x73, 0xf5, 0x17, 0x34, 0x74, 0x72, 0x22, - 0xff, 0x22, 0x5b, 0x97, 0x59, 0x44, 0xf4, 0xfb, - 0x4a, 0x2b, 0x7e, 0x28, 0xe3, 0x79, 0x84, 0x24, - 0x63, 0xeb, 0xde, 0x63, 0x88, 0xe0, 0xbd, 0x28, - 0xef, 0x49, 0x6d, 0xd4, 0x2a, 0x87, 0x53, 0xba, - 0x5f, 0xde, 0xe3, 0xd4, 0xb2, 0xc2, 0x6f, 0x49, - 0x10, 0xae, 0x5e, 0x15, 0xdd, 0x0f, 0x91, 0xe2, - 0xeb, 0x1e, 0xc5, 0x36, 0x8e, 0xdf, 0xa6, 0x17, - 0x25, 0x21, 0x16, 0x06, 0x72, 0x37, 0x77, 0x19, - 0xe5, 0x88, 0x1b, 0x0b, 0x5b, 0x80, 0x44, 0x8f, - 0x13, 0xef, 0xbb, 0xfa, 0xf6, 0x4a, 0x11, 0x6a, - 0x6a, 0x0c, 0xe0, 0x42, 0x6b, 0x7d, 0xfd, 0xad, - 0xb0, 0x4b, 0xff, 0x3f, 0x20, 0xca, 0x5f, 0x64, - 0xcc, 0xc9, 0x5b, 0x89, 0xc2, 0x05, 0x33, 0xf9, - 0xa5, 0x31, 0x55, 0xfb, 0xdc, 0xeb, 0xd1, 0x24, - 0xbf, 0x17, 0x0f, 0xc8, 0xfd, 0xe9, 0x6a, 0xc1, - 0xa7, 0x94, 0x36, 0x72, 0x22, 0x29, 0x2c, 0x1c, - 0xd1, 0x8b, 0x7b, 0x37, 0x42, 0x25, 0x8d, 0xe3, - 0xcc, 0x06, 0x5f, 0x3c, 0x15, 0xfa, 0x74, 0x8a, - 0x83, 0xf0, 0xcc, 0xf5, 0x30, 0xd1, 0xa8, 0x88, - 0x9f, 0x4e, 0x1d, 0xd8, 0xe3, 0x1b, 0xb5, 0xe3, - 0xdb, 0xce, 0xbc, 0x03, 0xfe, 0xe6, 0xa2, 0xb4, - 0x94, 0x76, 0xd1, 0xb7, 0xce, 0xae, 0x6a, 0x7c, - 0xbd, 0x4f, 0xd6, 0xfe, 0x60, 0xd0, 0x78, 0xd4, - 0x04, 0x3f, 0xe0, 0x17, 0x2a, 0x41, 0x26, 0x5a, - 0x81, 0x80, 0xcd, 0x40, 0x7c, 0x4f, 0xd6, 0xd6, - 0x1d, 0x1f, 0x58, 0x59, 0xaf, 0xa8, 0x00, 0x91, - 0x69, 0xb1, 0xf8, 0x3b, 0xef, 0x59, 0x7e, 0x83, - 0x4e, 0xca, 0x1d, 0x33, 0x35, 0xb6, 0xa5, 0x9a, - 0x0e, 0xc5, 0xe5, 0x11, 0xdd, 0x5d, 0xb7, 0x32, - 0x66, 0x23, 0x63, 0x08, 0xbc, 0x2e, 0x9c, 0x10, - 0x30, 0xa4, 0x13, 0x38, 0xee, 0xc7, 0x10, 0xf6, - 0xed, 0xe9, 0xe1, 0xd1, 0x89, 0x8b, 0x94, 0x21, - 0xde, 0x76, 0x72, 0x90, 0xc4, 0xbc, 0x59, 0x31, - 0x1b, 0x1b, 0xd7, 0xa0, 0xd0, 0x3d, 0xaa, 0x43, - 0x66, 0xfa, 0x43, 0x8d, 0xcc, 0x37, 0xdc, 0x60, - 0x59, 0xaf, 0x02, 0x98, 0xe5, 0xe0, 0x17, 0xd6, - 0xc3, 0x84, 0xf2, 0xaa, 0x5d, 0x88, 0xa8, 0x78, - 0xbf, 0xbd, 0x18, 0x34, 0x9f, 0x5c, 0x6d, 0x22, - 0x0c, 0x77, 0x4f, 0x16, 0xf2, 0x85, 0x88, 0x2e, - 0x9a, 0x2b, 0x30, 0x1e, 0x17, 0xc8, 0xc7, 0xd4, - 0x20, 0x93, 0x47, 0x0d, 0x32, 0x7d, 0xcb, 0x77, - 0x85, 0x82, 0xc3, 0x80, 0x75, 0x10, 0x83, 0x33, - 0xd5, 0xde, 0x47, 0xd4, 0x22, 0x55, 0x4d, 0xca, - 0x4f, 0x90, 0xd2, 0x9f, 0x80, 0x58, 0x22, 0x4c, - 0x5a, 0xaa, 0x53, 0x9e, 0xeb, 0xde, 0x62, 0x8a, - 0xfb, 0xd7, 0x4b, 0x28, 0xd5, 0xe1, 0x02, 0xf9, - 0x61, 0x74, 0x42, 0x12, 0x32, 0x5d, 0x1b, 0x10, - 0x8f, 0x51, 0x8d, 0x7c, 0x59, 0xc5, 0xb7, 0x5a, - 0x68, 0xe7, 0xdd, 0xb0, 0xc0, 0x22, 0xbc, 0xf1, - 0x37, 0xcc, 0x63, 0xa2, 0x85, 0xb9, 0x11, 0x91, - 0x43, 0xb9, 0x7b, 0xfb, 0x4a, 0x21, 0xc9, 0xd5, + 0xad, 0x38, 0x4f, 0x00, 0xdd, 0x95, 0xd7, 0x72, + 0x90, 0x50, 0x48, 0x4e, 0xfd, 0x87, 0x3b, 0xab, + 0x36, 0x75, 0xe5, 0xa7, 0x32, 0xcf, 0xf5, 0x3a, + 0x9e, 0xe9, 0x59, 0x54, 0xcf, 0x95, 0x59, 0x63, + 0x14, 0x43, 0xf8, 0x49, 0x55, 0x86, 0x13, 0x91, + 0x4f, 0x0b, 0x67, 0x70, 0xc1, 0xd6, 0x97, 0x19, + 0xc5, 0xd2, 0xba, 0x48, 0x1b, 0x16, 0x65, 0xd3, + 0xcf, 0xee, 0x35, 0x19, 0xc8, 0xa6, 0x0f, 0x72, + 0xc6, 0x13, 0x9f, 0xa4, 0x9f, 0x53, 0x62, 0x49, + 0x1e, 0x1f, 0x18, 0x89, 0x2a, 0x7f, 0xf3, 0x17, + 0x78, 0x9d, 0x8a, 0xc1, 0x8e, 0xdd, 0x91, 0xf1, + 0x1f, 0xdd, 0x98, 0xff, 0x9a, 0x6d, 0xb8, 0x14, + 0x87, 0xaa, 0x08, 0xad, 0xe8, 0x6d, 0x95, 0x6b, + 0xc3, 0xad, 0x6a, 0x56, 0xa2, 0x78, 0x2d, 0x8c, + 0xa3, 0x80, 0x4f, 0x97, 0x91, 0x2e, 0x14, 0x7b, + 0x7a, 0x70, 0x9b, 0x48, 0x4d, 0xa4, 0x64, 0xe6, + 0x3f, 0x6f, 0x26, 0x83, 0x73, 0xb0, 0x41, 0xd6, + 0x29, 0x57, 0x31, 0x2e, 0x87, 0x3b, 0xea, 0x69, + 0x97, 0xc5, 0xe7, 0x75, 0xc6, 0x05, 0xf7, 0x05, + 0xf2, 0x74, 0xb5, 0x96, 0x71, 0x48, 0xcf, 0x1e, + 0xa1, 0x67, 0x0a, 0x72, 0x28, 0xfb, 0x87, 0xde, + 0xca, 0x91, 0x97, 0x63, 0x1e, 0x70, 0x22, 0x5c, + 0xa2, 0xbe, 0x2a, 0x50, 0xf3, 0xac, 0x2f, 0x04, + 0x1d, 0x09, 0x14, 0xdf, 0x9d, 0xe5, 0x03, 0x8e, + 0xe1, 0xa1, 0x4e, 0x78, 0x71, 0xc5, 0xed, 0x04, + 0x3e, 0x34, 0xf7, 0xce, 0xae, 0xe9, 0xc7, 0xe8, + 0x25, 0xc2, 0xf8, 0x23, 0xfd, 0x8b, 0xec, 0x5a, + 0xe1, 0x16, 0x0c, 0x6f, 0x04, 0x8b, 0x10, 0xe7, + 0xc8, 0x9d, 0x6d, 0x8f, 0x21, 0x1d, 0x9d, 0xe6, + 0xfa, 0x5f, 0x4f, 0xc7, 0x98, 0x2f, 0x78, 0x1f, + 0x14, 0xcd, 0xc3, 0x6e, 0xfa, 0x36, 0xcf, 0x6e, + 0xda, 0xf7, 0x31, 0xa8, 0x7f, 0x70, 0x8a, 0xc0, + 0x24, 0xef, 0x5b, 0x0f, 0xab, 0x49, 0x89, 0xe2, + 0x61, 0xc5, 0x9c, 0xae, 0x04, 0xf2, 0x54, 0x9f, + 0x7a, 0xce, 0x2b, 0x62, 0x07, 0xdb, 0x86, 0x10, + 0xe9, 0x3a, 0xc1, 0xdd, 0xd1, 0xe5, 0x17, 0xcf, + 0x72, 0xe8, 0x03, 0x72, 0x23, 0xd8, 0xb3, 0x6e, + 0x2d, 0xfc, 0xa7, 0xd4, 0x7d, 0x85, 0x9b, 0x73, + 0x7e, 0xa6, 0xe1, 0x71, 0xd5, 0xf3, 0xf0, 0xe8, + 0x23, 0x80, 0x7e, 0x3c, 0x4e, 0xc9, 0x7c, 0x3a, + 0x9a, 0xc3, 0x65, 0xb8, 0xea, 0x49, 0x02, 0x92, + 0xda, 0x39, 0xb4, 0xb2, 0xde, 0xf3, 0x1d, 0xb2, + 0x81, 0xed, 0x21, 0x58, 0xdb, 0xb8, 0xe5, 0x96, + 0xe9, 0xd5, 0xd3, 0x76, 0xde, 0x45, 0xa1, 0x1a, + 0xfe, 0xcd, 0x41, 0x63, 0x86, 0xd5, 0x72, 0xf1, + 0xae, 0x41, 0xf0, 0x10, 0x47, 0xcb, 0xd0, 0x86, + 0x60, 0xb6, 0x38, 0x28, 0x6b, 0x96, 0xa5, 0xd0, + 0x8e, 0x7e, 0x8e, 0x4f, 0xbf, 0x26, 0xbc, 0x10, + 0x23, 0x7c, 0xd8, 0xba, 0x63, 0x0a, 0x61, 0x25, + 0x0d, 0x3c, 0xba, 0x37, 0xef, 0x58, 0xaf, 0x57, + 0x67, 0x10, 0xdc, 0xe6, 0x73, 0x6d, 0xf6, 0x0b, + 0x38, 0x75, 0x00, 0x9d, 0x50, 0x71, 0xf0, 0x79, + 0x33, 0xb0, 0xe4, 0xb9, 0x2a, 0x66, 0x48, 0xae, + 0x74, 0xb4, 0xcb, 0x88, 0x57, 0x35, 0x28, 0xfd, + 0xa1, 0x7b, 0x50, 0x8e, 0x7a, 0x09, 0x94, 0x01, + 0xed, 0x3b, 0x1d, 0x42, 0xc3, 0x34, 0x5e, 0x2c, + 0x1e, 0x94, 0x90, 0x45, 0x24, 0x0e, 0x2e, 0xaa, + 0x50, 0x90, 0x2b, 0x32, 0x16, 0xf7, 0xeb, 0xbd, + 0x49, 0x32, 0x10, 0xa1, 0xd6, 0xd6, 0x17, 0x88, + 0xbb, 0x6d, 0x5f, 0xfc, 0xc3, 0xf4, 0x78, 0x38, + 0x4c, 0xc8, 0xe0, 0x61, 0xd5, 0x5b, 0x30, 0xb1, + 0x18, 0xa8, 0x90, 0xaf, 0x2b, 0xe9, 0x36, 0xad, + 0xd0, 0x8b, 0x46, 0xe4, 0x38, 0xc0, 0x6f, 0xfc, + 0x86, 0xae, 0x64, 0x00, 0xd1, 0x39, 0x3f, 0xee }; #define rsa_sigverpss_1_n rsa_sigverpss_0_n @@ -1565,70 +1715,70 @@ static const unsigned char rsa_sigverpss_1_msg[] = { 0xfa, 0x38, 0x6b, 0x41, 0xe4, 0x39, 0x6e, 0x66, }; static const unsigned char rsa_sigverpss_1_sig[] = { - 0x48, 0x7f, 0x71, 0x82, 0x63, 0x1d, 0xf2, 0xee, - 0xe8, 0x79, 0xeb, 0x3a, 0xaf, 0x41, 0x8a, 0x7c, - 0xab, 0x0b, 0xd4, 0x57, 0xb6, 0x62, 0x9f, 0x6f, - 0xec, 0xc1, 0xd4, 0xef, 0x55, 0x51, 0xd1, 0x0a, - 0x0e, 0x1d, 0x8a, 0x64, 0x69, 0x08, 0x57, 0xf5, - 0x04, 0xa8, 0x6c, 0xde, 0x76, 0x4d, 0x81, 0xf4, - 0x95, 0x7e, 0x95, 0x6d, 0x41, 0x31, 0x2f, 0x9d, - 0xe7, 0x47, 0x45, 0x45, 0x9f, 0xa8, 0xf8, 0xe3, - 0x30, 0xa6, 0x41, 0x0f, 0x12, 0x05, 0x6d, 0x2b, - 0x1a, 0xae, 0xef, 0xd4, 0x6b, 0xc6, 0xf4, 0x61, - 0xa5, 0x07, 0xfe, 0xe8, 0xd0, 0xfd, 0xa3, 0x93, - 0x58, 0xb4, 0x22, 0x37, 0x1b, 0x84, 0xcb, 0xef, - 0xae, 0x24, 0xec, 0x62, 0xe2, 0x7d, 0xf4, 0x09, - 0x5a, 0xc3, 0x0f, 0x4b, 0x49, 0xb7, 0xe7, 0xb2, - 0x9b, 0x01, 0x2c, 0x8a, 0x39, 0xdd, 0x10, 0xec, - 0x30, 0xb9, 0x7e, 0x39, 0x98, 0x94, 0x2a, 0xa4, - 0xb3, 0x97, 0x7f, 0x85, 0x6e, 0x19, 0x75, 0x9e, - 0x91, 0x94, 0xaa, 0xb5, 0xb0, 0x1f, 0x72, 0x50, - 0xb5, 0x6d, 0x7a, 0xff, 0x90, 0xcc, 0x24, 0x80, - 0x20, 0x23, 0x1c, 0xf3, 0xbd, 0x01, 0xc7, 0x82, - 0x63, 0x04, 0xcc, 0xbd, 0xfb, 0x41, 0x9a, 0xb8, - 0xeb, 0x6d, 0x78, 0x02, 0xee, 0x4a, 0x6d, 0xbb, - 0xf7, 0xb7, 0xcf, 0x91, 0xca, 0x11, 0xf2, 0x62, - 0xec, 0x18, 0x14, 0xcd, 0x10, 0xd8, 0x60, 0xe5, - 0x20, 0x86, 0x74, 0x84, 0xd5, 0x35, 0x34, 0x69, - 0x65, 0x93, 0x31, 0x99, 0xb6, 0x2d, 0x43, 0x23, - 0x1d, 0x73, 0x55, 0xfa, 0x03, 0x76, 0x22, 0xcc, - 0x66, 0xbc, 0x20, 0x2f, 0x7f, 0x4f, 0x78, 0xdd, - 0xd1, 0x1f, 0xb6, 0x79, 0x6b, 0x58, 0x58, 0x57, - 0x56, 0x87, 0xbc, 0x72, 0x6c, 0x81, 0x0a, 0xe2, - 0xae, 0xb2, 0x4b, 0x66, 0x5b, 0x65, 0x35, 0x2b, - 0x89, 0x0b, 0xa8, 0x5c, 0x34, 0xb3, 0x5f, 0xb0, - 0x21, 0x5d, 0x4c, 0x60, 0x57, 0x73, 0xb6, 0x16, - 0x94, 0xa7, 0x55, 0x52, 0x2a, 0x87, 0x10, 0xc9, - 0x7c, 0x86, 0xb9, 0xdd, 0xf5, 0xb9, 0x30, 0xc0, - 0xe6, 0x2a, 0xc9, 0x08, 0x3a, 0x88, 0xdc, 0x27, - 0xea, 0x2f, 0xd9, 0x37, 0x06, 0x36, 0xd8, 0xe5, - 0x66, 0x11, 0x54, 0x72, 0x4c, 0xc8, 0xa2, 0xc1, - 0xed, 0xf5, 0x17, 0x3b, 0x06, 0x2b, 0x4c, 0xc9, - 0x49, 0x2b, 0x98, 0x6f, 0xb8, 0x77, 0x96, 0x0c, - 0x6b, 0x47, 0x81, 0x6c, 0xf3, 0x94, 0x3d, 0x3b, - 0x24, 0x2d, 0x26, 0x9c, 0x40, 0xc1, 0x1f, 0xa7, - 0xb2, 0xb4, 0x29, 0xb6, 0x05, 0xe5, 0x6e, 0x3c, - 0xab, 0xd4, 0xaa, 0x3d, 0x78, 0x63, 0x3e, 0xf2, - 0x75, 0x0d, 0xc3, 0x46, 0x0e, 0x68, 0xd7, 0x3d, - 0xb9, 0xcb, 0x9a, 0x0a, 0xce, 0xec, 0x6f, 0x21, - 0x8c, 0x86, 0xaa, 0xeb, 0x7b, 0x56, 0x41, 0xa6, - 0x7a, 0xd3, 0x03, 0x02, 0x5c, 0x76, 0x01, 0xf7, - 0x5d, 0x5e, 0x8e, 0x7d, 0xac, 0x35, 0x84, 0x11, - 0xc6, 0xbc, 0x9a, 0x53, 0xcc, 0x3b, 0x4f, 0x5b, - 0x23, 0x79, 0x30, 0x52, 0xc3, 0x73, 0x5d, 0xc8, - 0xf1, 0xec, 0x2e, 0x0d, 0xda, 0x64, 0x90, 0x50, - 0x62, 0xcf, 0x18, 0xc5, 0x52, 0x45, 0xe7, 0x38, - 0x1a, 0xec, 0x01, 0x18, 0xbb, 0x85, 0x97, 0x7f, - 0x68, 0x2b, 0x6f, 0xfc, 0xcd, 0x08, 0xc8, 0xe2, - 0xca, 0x7e, 0xa6, 0x4f, 0xca, 0x5d, 0xdd, 0xf8, - 0xfa, 0x52, 0x1c, 0x91, 0x82, 0x56, 0x07, 0xb2, - 0x03, 0x3e, 0xa2, 0x8d, 0x60, 0xff, 0x78, 0x05, - 0x1a, 0xfc, 0x6e, 0x27, 0x80, 0xbd, 0x90, 0x98, - 0x83, 0x46, 0xba, 0xec, 0xee, 0x89, 0xe3, 0x1b, - 0xc0, 0xcd, 0x2f, 0x05, 0x37, 0x18, 0xb5, 0xfa, - 0xc3, 0x91, 0x85, 0x0f, 0xb7, 0x74, 0x1c, 0x64, - 0xf0, 0xf8, 0x56, 0x35, 0xb8, 0x1d, 0xc3, 0x39, - 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b, + 0x2a, 0x7a, 0xc1, 0x6d, 0x2a, 0x7d, 0xc0, 0x0c, + 0x70, 0x8b, 0xab, 0xac, 0x8b, 0x93, 0xcd, 0x8c, + 0x9a, 0xdf, 0x93, 0x53, 0xda, 0x2d, 0x97, 0xf4, + 0xc5, 0x3d, 0xee, 0x5a, 0x5a, 0x51, 0x2a, 0xef, + 0xa2, 0xf0, 0x2e, 0x19, 0x83, 0x94, 0x43, 0x95, + 0x10, 0xde, 0x6a, 0xcc, 0xaf, 0xe0, 0xfb, 0xed, + 0xd0, 0xf9, 0x6a, 0x37, 0x66, 0x29, 0xee, 0xbb, + 0xce, 0xcc, 0x02, 0x27, 0xe4, 0xb9, 0x43, 0x3c, + 0xfd, 0x24, 0x93, 0x4e, 0x67, 0x1c, 0x8e, 0xfc, + 0xf0, 0xaa, 0x5f, 0x56, 0x68, 0x18, 0x5f, 0xd5, + 0x8e, 0xdc, 0x58, 0x7e, 0x2d, 0xc7, 0xd6, 0x16, + 0xfe, 0x3b, 0xb5, 0xcb, 0x9e, 0x50, 0xd1, 0x2f, + 0xce, 0x5e, 0x63, 0x81, 0xda, 0x46, 0xc1, 0x5b, + 0xaa, 0x6a, 0x3c, 0xcd, 0xa6, 0x4c, 0x1a, 0xff, + 0xda, 0xd0, 0x53, 0xeb, 0xbf, 0x83, 0x7f, 0x2b, + 0xb7, 0xee, 0x89, 0xbc, 0x70, 0x2c, 0xec, 0x29, + 0xce, 0xf9, 0xb6, 0x95, 0xde, 0xcc, 0x7b, 0x79, + 0xb5, 0x77, 0x6f, 0x0a, 0xf7, 0xe0, 0xc9, 0x90, + 0x58, 0xf1, 0x0b, 0xb1, 0xda, 0xdc, 0x11, 0xe9, + 0x6c, 0x46, 0x2e, 0x06, 0x84, 0x78, 0x57, 0xaa, + 0x54, 0xa2, 0x35, 0xec, 0xa0, 0x48, 0xec, 0xa6, + 0x15, 0x9d, 0x49, 0xbb, 0x43, 0x19, 0xa8, 0x6f, + 0x7d, 0xd3, 0x03, 0xbf, 0x9b, 0x42, 0x7e, 0x8d, + 0xee, 0x9a, 0x80, 0x3c, 0xe1, 0xe3, 0x1f, 0x61, + 0x6e, 0x21, 0x70, 0xf4, 0x37, 0x55, 0x83, 0x9a, + 0xe1, 0xe9, 0xb0, 0xe6, 0xf0, 0x94, 0x2d, 0xd6, + 0x8d, 0x1e, 0x3d, 0x12, 0xb9, 0xd4, 0xb0, 0x9b, + 0x40, 0x36, 0xb0, 0x39, 0x55, 0xdc, 0x04, 0x32, + 0x3c, 0xd1, 0xb9, 0x08, 0x43, 0x35, 0x57, 0x47, + 0x46, 0xea, 0x98, 0x26, 0x46, 0xef, 0xc3, 0x4d, + 0xc4, 0xa6, 0x3d, 0x1c, 0x35, 0x45, 0x78, 0x73, + 0xab, 0xe1, 0x33, 0x53, 0xad, 0xe9, 0xab, 0x32, + 0x18, 0xd8, 0x71, 0x69, 0xf5, 0x15, 0xb7, 0x30, + 0x00, 0xde, 0x0c, 0x01, 0x78, 0x82, 0xaf, 0xf0, + 0x10, 0x34, 0xab, 0xd9, 0x3a, 0xa7, 0x23, 0x13, + 0x31, 0x09, 0x90, 0x8a, 0xda, 0x2e, 0xc5, 0x38, + 0x59, 0x67, 0x24, 0xd9, 0x9e, 0x6f, 0xd8, 0x12, + 0x59, 0x16, 0x26, 0xd8, 0x31, 0x0e, 0x76, 0x82, + 0x7c, 0x8d, 0xd4, 0x80, 0xa8, 0x55, 0xeb, 0x97, + 0x76, 0xc9, 0x82, 0x4a, 0x73, 0x84, 0x0f, 0x9d, + 0x7f, 0x2e, 0x7b, 0x16, 0xa9, 0x89, 0xdc, 0x95, + 0x59, 0x11, 0xa2, 0xfd, 0xa3, 0x17, 0xc0, 0xe8, + 0xfd, 0xed, 0xd0, 0x2f, 0xca, 0x70, 0x6e, 0xa6, + 0x8b, 0x79, 0x39, 0xae, 0x77, 0xb2, 0x3d, 0x8f, + 0x8b, 0xf8, 0xaf, 0x05, 0x20, 0x80, 0xde, 0xb4, + 0x19, 0x77, 0x0b, 0x45, 0x87, 0xe0, 0xcb, 0x35, + 0x24, 0x46, 0x9d, 0xa5, 0xee, 0x30, 0xba, 0x9a, + 0xe9, 0x3c, 0x6a, 0x7e, 0xd4, 0xdc, 0x47, 0x26, + 0x83, 0xf5, 0x05, 0x8e, 0x70, 0xb5, 0x0c, 0x4f, + 0x83, 0xe2, 0x60, 0x99, 0x7b, 0xc5, 0xf4, 0x8a, + 0x8d, 0x87, 0xe1, 0x5c, 0x90, 0x5d, 0x21, 0x26, + 0xe1, 0x43, 0x0e, 0x4c, 0xed, 0xb4, 0xd9, 0x92, + 0xd6, 0x4c, 0x4e, 0xd4, 0x81, 0x12, 0x01, 0x88, + 0x3e, 0xf6, 0xab, 0x64, 0xed, 0x8f, 0x7d, 0x22, + 0xbb, 0x21, 0x4c, 0xc0, 0xe2, 0x72, 0x5a, 0x15, + 0x47, 0xdd, 0x1f, 0xf1, 0xb8, 0x32, 0x97, 0x08, + 0xc0, 0x8b, 0xe8, 0x65, 0x1a, 0x6b, 0x86, 0x22, + 0xee, 0x8d, 0xa5, 0xa2, 0x86, 0xf1, 0xcc, 0xb4, + 0x93, 0xc1, 0x8a, 0x99, 0x2d, 0x13, 0xad, 0xe5, + 0x28, 0x7e, 0xff, 0xfb, 0xfc, 0x43, 0x0e, 0xfa, + 0x9d, 0x08, 0x51, 0x40, 0x1f, 0x50, 0xa9, 0xb7, + 0xfa, 0xc3, 0x33, 0x24, 0x73, 0xb3, 0x30, 0x69, + 0xf8, 0x3d, 0xc3, 0x62, 0xac, 0x5e, 0x2b, 0x13, + 0xe9, 0x97, 0x20, 0x35, 0xf8, 0xf1, 0x78, 0xe1 }; static const unsigned char rsa_sigverx931_0_n[] = { @@ -1880,7 +2030,7 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { ITM(rsa_sigverpss_0_n), ITM(rsa_sigverpss_0_e), ITM(rsa_sigverpss_0_sig), - 62, + 48, PASS }, { @@ -1891,7 +2041,7 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { ITM(rsa_sigverpss_1_n), ITM(rsa_sigverpss_1_e), ITM(rsa_sigverpss_1_sig), - 62, + 48, FAIL }, }; diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c index cdb0cbd0216d..25e6f65fa97e 100644 --- a/test/aesgcmtest.c +++ b/test/aesgcmtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/afalgtest.c b/test/afalgtest.c index 02947c1ed365..764f07e92770 100644 --- a/test/afalgtest.c +++ b/test/afalgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -112,7 +112,7 @@ static int test_afalg_aes_cbc(int keysize_idx) static int test_pr16743(void) { int ret = 0; - const EVP_CIPHER * cipher; + const EVP_CIPHER *cipher; EVP_CIPHER_CTX *ctx; if (!TEST_true(ENGINE_init(e))) diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c index 9c676d3dccd7..04d73f350983 100644 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include <string.h> #include <openssl/rand.h> +#include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/obj_mac.h> #include "internal/numbers.h" @@ -161,6 +162,56 @@ static int test_uint64(void) return 1; } +/* GeneralizedTime underflow *********************************************** */ + +static int test_gentime(void) +{ + /* Underflowing GeneralizedTime 161208193400Z (YYMMDDHHMMSSZ) */ + const unsigned char der[] = { + 0x18, 0x0d, 0x31, 0x36, 0x31, 0x32, 0x30, 0x38, 0x31, + 0x39, 0x33, 0x34, 0x30, 0x30, 0x5a, + }; + const unsigned char *p; + int der_len, rc = 1; + ASN1_GENERALIZEDTIME *gentime; + + p = der; + der_len = sizeof(der); + gentime = d2i_ASN1_GENERALIZEDTIME(NULL, &p, der_len); + + if (!TEST_ptr_null(gentime)) + rc = 0; /* fail */ + + ASN1_GENERALIZEDTIME_free(gentime); + return rc; +} + +/* UTCTime underflow ******************************************************* */ + +static int test_utctime(void) +{ + /* Underflowing UTCTime 0205104700Z (MMDDHHMMSSZ) */ + const unsigned char der[] = { + 0x17, 0x0b, 0x30, 0x32, 0x30, 0x35, 0x31, 0x30, + 0x34, 0x37, 0x30, 0x30, 0x5a, + }; + const unsigned char *p; + int der_len, rc = 1; + ASN1_UTCTIME *utctime; + + p = der; + der_len = sizeof(der); + utctime = d2i_ASN1_UTCTIME(NULL, &p, der_len); + + if (!TEST_ptr_null(utctime)) + rc = 0; /* fail */ + + ASN1_UTCTIME_free(utctime); + return rc; +} + +/* Invalid template ******************************************************** */ + typedef struct { ASN1_STRING *invalidDirString; } INVALIDTEMPLATE; @@ -229,6 +280,8 @@ int setup_tests(void) ADD_TEST(test_uint32); ADD_TEST(test_int64); ADD_TEST(test_uint64); + ADD_TEST(test_gentime); + ADD_TEST(test_utctime); ADD_TEST(test_invalid_template); ADD_TEST(test_reuse_asn1_object); return 1; diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c index 335f24e1133f..88899dc93779 100644 --- a/test/asn1_encode_test.c +++ b/test/asn1_encode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -738,8 +738,7 @@ static int test_intern(const TEST_PACKAGE *package) /* Do decode_custom checks */ nelems = package->encode_expectations_size / package->encode_expectations_elem_size; - OPENSSL_assert(nelems == - sizeof(test_custom_data) / sizeof(test_custom_data[0])); + OPENSSL_assert(nelems == OSSL_NELEM(test_custom_data)); for (i = 0; i < nelems; i++) { size_t pos = i * package->encode_expectations_elem_size; EXPECTED *expected diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c index 61e4265c8b71..3c2222d988df 100644 --- a/test/asn1_internal_test.c +++ b/test/asn1_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,11 +190,87 @@ static int test_unicode_range(void) return ok; } +/********************************************************************** + * + * Tests of object creation + * + ***/ + +static int test_obj_create_once(const char *oid, const char *sn, const char *ln) +{ + int nid; + + ERR_set_mark(); + + nid = OBJ_create(oid, sn, ln); + + if (nid == NID_undef) { + unsigned long err = ERR_peek_last_error(); + int l = ERR_GET_LIB(err); + int r = ERR_GET_REASON(err); + + /* If it exists, that's fine, otherwise not */ + if (l != ERR_LIB_OBJ || r != OBJ_R_OID_EXISTS) { + ERR_clear_last_mark(); + return 0; + } + } + ERR_pop_to_mark(); + return 1; +} + +static int test_obj_create(void) +{ +/* Stolen from evp_extra_test.c */ +#define arc "1.3.6.1.4.1.16604.998866." +#define broken_arc "25." +#define sn_prefix "custom" +#define ln_prefix "custom" + + /* Try different combinations of correct object creation */ + if (!TEST_true(test_obj_create_once(NULL, sn_prefix "1", NULL)) + || !TEST_int_ne(OBJ_sn2nid(sn_prefix "1"), NID_undef) + || !TEST_true(test_obj_create_once(NULL, NULL, ln_prefix "2")) + || !TEST_int_ne(OBJ_ln2nid(ln_prefix "2"), NID_undef) + || !TEST_true(test_obj_create_once(NULL, sn_prefix "3", ln_prefix "3")) + || !TEST_int_ne(OBJ_sn2nid(sn_prefix "3"), NID_undef) + || !TEST_int_ne(OBJ_ln2nid(ln_prefix "3"), NID_undef) + || !TEST_true(test_obj_create_once(arc "4", NULL, NULL)) + || !TEST_true(test_obj_create_once(arc "5", sn_prefix "5", NULL)) + || !TEST_int_ne(OBJ_sn2nid(sn_prefix "5"), NID_undef) + || !TEST_true(test_obj_create_once(arc "6", NULL, ln_prefix "6")) + || !TEST_int_ne(OBJ_ln2nid(ln_prefix "6"), NID_undef) + || !TEST_true(test_obj_create_once(arc "7", + sn_prefix "7", ln_prefix "7")) + || !TEST_int_ne(OBJ_sn2nid(sn_prefix "7"), NID_undef) + || !TEST_int_ne(OBJ_ln2nid(ln_prefix "7"), NID_undef)) + return 0; + + if (!TEST_false(test_obj_create_once(NULL, NULL, NULL)) + || !TEST_false(test_obj_create_once(broken_arc "8", + sn_prefix "8", ln_prefix "8"))) + return 0; + + return 1; +} + +static int test_obj_nid_undef(void) +{ + if (!TEST_ptr(OBJ_nid2obj(NID_undef)) + || !TEST_ptr(OBJ_nid2sn(NID_undef)) + || !TEST_ptr(OBJ_nid2ln(NID_undef))) + return 0; + + return 1; +} + int setup_tests(void) { ADD_TEST(test_tbl_standard); ADD_TEST(test_standard_methods); ADD_TEST(test_empty_nonoptional_content); ADD_TEST(test_unicode_range); + ADD_TEST(test_obj_create); + ADD_TEST(test_obj_nid_undef); return 1; } diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c index 9dbad22a2deb..32bc4ff2adb1 100644 --- a/test/asn1_time_test.c +++ b/test/asn1_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,9 +9,11 @@ /* Time tests for the asn1 module */ +#include <limits.h> #include <stdio.h> #include <string.h> +#include <crypto/asn1.h> #include <openssl/asn1.h> #include <openssl/evp.h> #include <openssl/objects.h> @@ -28,6 +30,53 @@ struct testdata { int convert_result; /* conversion result */ }; +struct TESTDATA_asn1_to_utc { + char *input; + time_t expected; +}; + +static const struct TESTDATA_asn1_to_utc asn1_to_utc[] = { + { + /* + * last second of standard time in central Europe in 2021 + * specified in GMT + */ + "210328005959Z", + 1616893199, + }, + { + /* + * first second of daylight saving time in central Europe in 2021 + * specified in GMT + */ + "210328010000Z", + 1616893200, + }, + { + /* + * last second of standard time in central Europe in 2021 + * specified in offset to GMT + */ + "20210328015959+0100", + 1616893199, + }, + { + /* + * first second of daylight saving time in central Europe in 2021 + * specified in offset to GMT + */ + "20210328030000+0200", + 1616893200, + }, + { + /* + * Invalid strings should get -1 as a result + */ + "INVALID", + -1, + }, +}; + static struct testdata tbl_testdata_pos[] = { { "0", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, /* Bad time */ { "ABCD", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, @@ -52,6 +101,10 @@ static struct testdata tbl_testdata_pos[] = { { "1970010100000AZ", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, { "700101000000X", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, { "19700101000000X", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "209912312359Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "199912310000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, + { "9912312359Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, + { "9912310000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, { "19700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 0, -1, 1, }, /* Epoch begins */ { "700101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 0, -1, 1, }, /* ditto */ { "20380119031407Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 0x7FFFFFFF, 1, 1, }, /* Max 32bit time_t */ @@ -62,9 +115,7 @@ static struct testdata tbl_testdata_pos[] = { { "19701006121456Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 24063296, -1, 1, }, { "701006121456Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 24063296, -1, 1, }, { "19991231000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, /* Match baseline */ - { "199912310000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, /* In various flavors */ { "991231000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "9912310000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, { "9912310000+0000", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, { "199912310000+0000", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, { "9912310000-0000", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, @@ -379,6 +430,46 @@ static int test_time_dup(void) return ret; } +static int convert_asn1_to_time_t(int idx) +{ + time_t testdateutc; + + testdateutc = test_asn1_string_to_time_t(asn1_to_utc[idx].input); + + if (!TEST_time_t_eq(testdateutc, asn1_to_utc[idx].expected)) { + TEST_info("test_asn1_string_to_time_t (%s) failed: expected %lli, got %lli\n", + asn1_to_utc[idx].input, + (long long int)asn1_to_utc[idx].expected, + (long long int)testdateutc); + return 0; + } + return 1; +} + +/* + * this test is here to exercise ossl_asn1_time_from_tm + * with an integer year close to INT_MAX. + */ +static int convert_tm_to_asn1_time(void) +{ + /* we need 64 bit time_t */ +#if ((ULONG_MAX >> 31) >> 31) >= 1 + time_t t; + ASN1_TIME *at; + + if (sizeof(time_t) * CHAR_BIT >= 64) { + t = 67768011791126057ULL; + at = ASN1_TIME_set(NULL, t); + /* + * If ASN1_TIME_set returns NULL, it means it could not handle the input + * which is fine for this edge case. + */ + ASN1_STRING_free(at); + } +#endif + return 1; +} + int setup_tests(void) { /* @@ -414,5 +505,7 @@ int setup_tests(void) } ADD_ALL_TESTS(test_table_compare, OSSL_NELEM(tbl_compare_testdata)); ADD_TEST(test_time_dup); + ADD_ALL_TESTS(convert_asn1_to_time_t, OSSL_NELEM(asn1_to_utc)); + ADD_TEST(convert_tm_to_asn1_time); return 1; } diff --git a/test/asynctest.c b/test/asynctest.c index a83541ea5e98..a441d09ad4b9 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -18,6 +18,8 @@ static int ctr = 0; static ASYNC_JOB *currjob = NULL; +static int custom_alloc_used = 0; +static int custom_free_used = 0; static int only_pause(void *args) { @@ -414,6 +416,51 @@ static int test_ASYNC_start_job_ex(void) return ret; } +static void *test_alloc_stack(size_t *num) +{ + custom_alloc_used = 1; + return OPENSSL_malloc(*num); +} + +static void test_free_stack(void *addr) +{ + custom_free_used = 1; + OPENSSL_free(addr); +} + +static int test_ASYNC_set_mem_functions(void) +{ + ASYNC_stack_alloc_fn alloc_fn; + ASYNC_stack_free_fn free_fn; + + /* Not all platforms support this */ + if (ASYNC_set_mem_functions(test_alloc_stack, test_free_stack) == 0) return 1; + + ASYNC_get_mem_functions(&alloc_fn, &free_fn); + + if ((alloc_fn != test_alloc_stack) || (free_fn != test_free_stack)) { + fprintf(stderr, + "test_ASYNC_set_mem_functions() - setting and retrieving custom allocators failed\n"); + return 0; + } + + if (!ASYNC_init_thread(1, 1)) { + fprintf(stderr, + "test_ASYNC_set_mem_functions() - failed initialising ctx pool\n"); + return 0; + } + ASYNC_cleanup_thread(); + + if (!custom_alloc_used || !custom_free_used) { + fprintf(stderr, + "test_ASYNC_set_mem_functions() - custom allocation functions not used\n"); + + return 0; + } + + return 1; +} + int main(int argc, char **argv) { if (!ASYNC_is_capable()) { @@ -426,7 +473,8 @@ int main(int argc, char **argv) || !test_ASYNC_get_current_job() || !test_ASYNC_WAIT_CTX_get_all_fds() || !test_ASYNC_block_pause() - || !test_ASYNC_start_job_ex()) { + || !test_ASYNC_start_job_ex() + || !test_ASYNC_set_mem_functions()) { return 1; } } diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index dc3d4bc0d750..1df8cd84fe01 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -370,6 +370,7 @@ static int send_finished(SSL *s, BIO *rbio) /* Finished MAC (12 bytes) */ }; unsigned char handshake_hash[EVP_MAX_MD_SIZE]; + int md_size; /* Derive key material */ do_PRF(TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, @@ -381,8 +382,11 @@ static int send_finished(SSL *s, BIO *rbio) if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL)) return 0; + md_size = EVP_MD_CTX_get_size(handshake_md); + if (md_size <= 0) + return 0; do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, - handshake_hash, EVP_MD_CTX_get_size(handshake_md), + handshake_hash, md_size, NULL, 0, finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH); @@ -499,6 +503,7 @@ static int test_bad_dtls(void) || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) goto end; + SSL_CTX_set_security_level(ctx, 0); con = SSL_new(ctx); if (!TEST_ptr(con) || !TEST_true(SSL_set_session(con, sess))) diff --git a/test/bftest.c b/test/bftest.c index 8da47bc795f1..99e95edfc13d 100644 --- a/test/bftest.c +++ b/test/bftest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,8 +163,9 @@ static unsigned char cbc_key[16] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; -static unsigned char cbc_iv[8] = - { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_iv[8] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 +}; static char cbc_data[40] = "7654321 Now is the time for "; static unsigned char cbc_ok[32] = { 0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6, @@ -195,8 +196,9 @@ static unsigned char key_test[KEY_TEST_NUM] = { 0x88 }; -static unsigned char key_data[8] = - { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char key_data[8] = { + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 +}; static unsigned char key_out[KEY_TEST_NUM][8] = { {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E}, @@ -465,7 +467,7 @@ int setup_tests(void) # endif while ((o = opt_next()) != OPT_EOF) { - switch(o) { + switch (o) { case OPT_PRINT: print_test_data(); return 1; diff --git a/test/bio_core_test.c b/test/bio_core_test.c index 77e846735f76..be2ae49932e7 100644 --- a/test/bio_core_test.c +++ b/test/bio_core_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,7 +61,7 @@ static const OSSL_DISPATCH biocbs[] = { { OSSL_FUNC_BIO_CTRL, (void (*)(void))tst_bio_core_ctrl }, { OSSL_FUNC_BIO_UP_REF, (void (*)(void))tst_bio_core_up_ref }, { OSSL_FUNC_BIO_FREE, (void (*)(void))tst_bio_core_free }, - { 0, NULL } + OSSL_DISPATCH_END }; static int test_bio_core(void) diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c index accb74e7df41..b12cf9c38bf7 100644 --- a/test/bio_enc_test.c +++ b/test/bio_enc_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, BIO *b, *mem; static unsigned char inp[BUF_SIZE] = { 0 }; unsigned char out[BUF_SIZE], ref[BUF_SIZE]; - int i, lref, len; + int i, lref, len, tmplen; /* Fill buffer with non-zero data so that over steps can be detected */ if (!TEST_int_gt(RAND_bytes(inp, DATA_SIZE), 0)) @@ -77,13 +77,20 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; - len = BIO_read(b, out, i); + tmplen = BIO_read(b, out, i); + if (tmplen < 0) + goto err; + len = tmplen; /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Encrypt overstep check failed @ operation %d", i); goto err; } - len += BIO_read(b, out + len, sizeof(out) - len); + tmplen = BIO_read(b, out + len, sizeof(out) - len); + if (tmplen < 0) + goto err; + len += tmplen; + BIO_free_all(b); if (!TEST_mem_eq(out, len, ref, lref)) { @@ -206,8 +213,7 @@ err: static int do_test_bio_cipher(const EVP_CIPHER* cipher, int idx) { - switch(idx) - { + switch (idx) { case 0: return do_bio_cipher(cipher, KEY, NULL); case 1: diff --git a/test/bio_prefix_text.c b/test/bio_prefix_text.c index d31b71b4ce08..c16986fcad8b 100644 --- a/test/bio_prefix_text.c +++ b/test/bio_prefix_text.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,8 +101,10 @@ static int setup_bio_chain(const char *progname) if (chain != NULL) { size_t i; + if (!BIO_up_ref(bio_out)) /* Protection against freeing */ + goto err; + next = bio_out; - BIO_up_ref(next); /* Protection against freeing */ for (i = 0; n > 0; i++, n--) { BIO *curr = BIO_new(BIO_f_prefix()); diff --git a/test/bioprinttest.c b/test/bioprinttest.c index 04d1613c6cf4..5ac5025c40e8 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,12 +12,11 @@ #include <stdio.h> #include <string.h> #include <openssl/bio.h> +#include "internal/nelem.h" #include "internal/numbers.h" #include "testutil.h" #include "testutil/output.h" -#define nelem(x) (int)(sizeof(x) / sizeof((x)[0])) - static int justprint = 0; static char *fpexpected[][10][5] = { @@ -150,7 +149,7 @@ static j_data jf_data[] = { { 0xffffffffffffffffULL, "%jx", "ffffffffffffffff" }, { 0x8000000000000000ULL, "%ju", "9223372036854775808" }, /* - * These tests imply two's-complement, but it's the only binary + * These tests imply two's complement, but it's the only binary * representation we support, see test/sanitytest.c... */ { 0x8000000000000000ULL, "%ji", "-9223372036854775808" }, @@ -192,7 +191,7 @@ static int dofptest(int test, int sub, double val, const char *width, int prec) char format[80], result[80]; int ret = 1, i; - for (i = 0; i < nelem(fspecs); i++) { + for (i = 0; i < (int)OSSL_NELEM(fspecs); i++) { const char *fspec = fspecs[i]; if (prec >= 0) @@ -287,9 +286,9 @@ int setup_tests(void) } ADD_TEST(test_big); - ADD_ALL_TESTS(test_fp, nelem(pw_params)); - ADD_ALL_TESTS(test_zu, nelem(zu_data)); - ADD_ALL_TESTS(test_j, nelem(jf_data)); + ADD_ALL_TESTS(test_fp, OSSL_NELEM(pw_params)); + ADD_ALL_TESTS(test_zu, OSSL_NELEM(zu_data)); + ADD_ALL_TESTS(test_j, OSSL_NELEM(jf_data)); return 1; } diff --git a/test/bntest.c b/test/bntest.c index 2e0dcb9ae379..3b3671a62259 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,9 @@ #include <errno.h> #include <stdio.h> #include <string.h> +#ifdef __TANDEM +# include <strings.h> /* strcasecmp */ +#endif #include <ctype.h> #include <openssl/bn.h> @@ -38,6 +41,7 @@ typedef struct mpitest_st { static const int NUM0 = 100; /* number of tests */ static const int NUM1 = 50; /* additional tests for some functions */ +static const int NUM_PRIME_TESTS = 20; static BN_CTX *ctx; /* @@ -168,6 +172,11 @@ static int test_swap(void) || !equalBN("swap", b, c)) goto err; + /* regular swap: same pointer */ + BN_swap(a, a); + if (!equalBN("swap with same pointer", a, d)) + goto err; + /* conditional swap: true */ cond = 1; BN_consttime_swap(cond, a, b, top); @@ -175,6 +184,11 @@ static int test_swap(void) || !equalBN("cswap true", b, d)) goto err; + /* conditional swap: true, same pointer */ + BN_consttime_swap(cond, a, a, top); + if (!equalBN("cswap true", a, c)) + goto err; + /* conditional swap: false */ cond = 0; BN_consttime_swap(cond, a, b, top); @@ -182,6 +196,11 @@ static int test_swap(void) || !equalBN("cswap false", b, d)) goto err; + /* conditional swap: false, same pointer */ + BN_consttime_swap(cond, a, a, top); + if (!equalBN("cswap false", a, c)) + goto err; + /* same tests but checking flag swap */ BN_set_flags(a, BN_FLG_CONSTTIME); @@ -749,7 +768,7 @@ static int test_gf2m_add(void) static int test_gf2m_mod(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL, *e = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL, *e = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) @@ -842,7 +861,7 @@ static int test_gf2m_mul(void) static int test_gf2m_sqr(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) @@ -881,7 +900,7 @@ static int test_gf2m_sqr(void) static int test_gf2m_modinv(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) @@ -926,7 +945,7 @@ static int test_gf2m_modinv(void) static int test_gf2m_moddiv(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL; int i, j, st = 0; @@ -970,7 +989,7 @@ static int test_gf2m_moddiv(void) static int test_gf2m_modexp(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL; int i, j, st = 0; @@ -1018,7 +1037,7 @@ static int test_gf2m_modexp(void) static int test_gf2m_modsqrt(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL; int i, j, st = 0; @@ -1063,7 +1082,7 @@ static int test_gf2m_modsqrt(void) static int test_gf2m_modsolvequad(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; BIGNUM *e = NULL; int i, j, s = 0, t, st = 0; @@ -1844,6 +1863,137 @@ static int test_bn2padded(void) return st; } +static const MPITEST kSignedTests_BE[] = { + {"-1", "\xff", 1}, + {"0", "", 0}, + {"1", "\x01", 1}, + /* + * The above cover the basics, now let's go for possible bignum + * chunk edges and other word edges (for a broad definition of + * "word", i.e. 1 byte included). + */ + /* 1 byte edge */ + {"127", "\x7f", 1}, + {"-127", "\x81", 1}, + {"128", "\x00\x80", 2}, + {"-128", "\x80", 1}, + {"129", "\x00\x81", 2}, + {"-129", "\xff\x7f", 2}, + {"255", "\x00\xff", 2}, + {"-255", "\xff\x01", 2}, + {"256", "\x01\x00", 2}, + {"-256", "\xff\x00", 2}, + /* 2 byte edge */ + {"32767", "\x7f\xff", 2}, + {"-32767", "\x80\x01", 2}, + {"32768", "\x00\x80\x00", 3}, + {"-32768", "\x80\x00", 2}, + {"32769", "\x00\x80\x01", 3}, + {"-32769", "\xff\x7f\xff", 3}, + {"65535", "\x00\xff\xff", 3}, + {"-65535", "\xff\x00\x01", 3}, + {"65536", "\x01\x00\x00", 3}, + {"-65536", "\xff\x00\x00", 3}, + /* 4 byte edge */ + {"2147483647", "\x7f\xff\xff\xff", 4}, + {"-2147483647", "\x80\x00\x00\x01", 4}, + {"2147483648", "\x00\x80\x00\x00\x00", 5}, + {"-2147483648", "\x80\x00\x00\x00", 4}, + {"2147483649", "\x00\x80\x00\x00\x01", 5}, + {"-2147483649", "\xff\x7f\xff\xff\xff", 5}, + {"4294967295", "\x00\xff\xff\xff\xff", 5}, + {"-4294967295", "\xff\x00\x00\x00\x01", 5}, + {"4294967296", "\x01\x00\x00\x00\x00", 5}, + {"-4294967296", "\xff\x00\x00\x00\x00", 5}, + /* 8 byte edge */ + {"9223372036854775807", "\x7f\xff\xff\xff\xff\xff\xff\xff", 8}, + {"-9223372036854775807", "\x80\x00\x00\x00\x00\x00\x00\x01", 8}, + {"9223372036854775808", "\x00\x80\x00\x00\x00\x00\x00\x00\x00", 9}, + {"-9223372036854775808", "\x80\x00\x00\x00\x00\x00\x00\x00", 8}, + {"9223372036854775809", "\x00\x80\x00\x00\x00\x00\x00\x00\x01", 9}, + {"-9223372036854775809", "\xff\x7f\xff\xff\xff\xff\xff\xff\xff", 9}, + {"18446744073709551615", "\x00\xff\xff\xff\xff\xff\xff\xff\xff", 9}, + {"-18446744073709551615", "\xff\x00\x00\x00\x00\x00\x00\x00\x01", 9}, + {"18446744073709551616", "\x01\x00\x00\x00\x00\x00\x00\x00\x00", 9}, + {"-18446744073709551616", "\xff\x00\x00\x00\x00\x00\x00\x00\x00", 9}, +}; + +static int copy_reversed(uint8_t *dst, uint8_t *src, size_t len) +{ + for (dst += len - 1; len > 0; src++, dst--, len--) + *dst = *src; + return 1; +} + +static int test_bn2signed(int i) +{ + uint8_t scratch[10], reversed[10]; + const MPITEST *test = &kSignedTests_BE[i]; + BIGNUM *bn = NULL, *bn2 = NULL; + int st = 0; + + if (!TEST_ptr(bn = BN_new()) + || !TEST_true(BN_asc2bn(&bn, test->base10))) + goto err; + + /* + * Check BN_signed_bn2bin() / BN_signed_bin2bn() + * The interesting stuff happens in the last bytes of the buffers, + * the beginning is just padding (i.e. sign extension). + */ + i = sizeof(scratch) - test->mpi_len; + if (!TEST_int_eq(BN_signed_bn2bin(bn, scratch, sizeof(scratch)), + sizeof(scratch)) + || !TEST_true(copy_reversed(reversed, scratch, sizeof(scratch))) + || !TEST_mem_eq(test->mpi, test->mpi_len, scratch + i, test->mpi_len)) + goto err; + + if (!TEST_ptr(bn2 = BN_signed_bin2bn(scratch, sizeof(scratch), NULL)) + || !TEST_BN_eq(bn, bn2)) + goto err; + + BN_free(bn2); + bn2 = NULL; + + /* Check that a parse of the reversed buffer works too */ + if (!TEST_ptr(bn2 = BN_signed_lebin2bn(reversed, sizeof(reversed), NULL)) + || !TEST_BN_eq(bn, bn2)) + goto err; + + BN_free(bn2); + bn2 = NULL; + + /* + * Check BN_signed_bn2lebin() / BN_signed_lebin2bn() + * The interesting stuff happens in the first bytes of the buffers, + * the end is just padding (i.e. sign extension). + */ + i = sizeof(reversed) - test->mpi_len; + if (!TEST_int_eq(BN_signed_bn2lebin(bn, scratch, sizeof(scratch)), + sizeof(scratch)) + || !TEST_true(copy_reversed(reversed, scratch, sizeof(scratch))) + || !TEST_mem_eq(test->mpi, test->mpi_len, reversed + i, test->mpi_len)) + goto err; + + if (!TEST_ptr(bn2 = BN_signed_lebin2bn(scratch, sizeof(scratch), NULL)) + || !TEST_BN_eq(bn, bn2)) + goto err; + + BN_free(bn2); + bn2 = NULL; + + /* Check that a parse of the reversed buffer works too */ + if (!TEST_ptr(bn2 = BN_signed_bin2bn(reversed, sizeof(reversed), NULL)) + || !TEST_BN_eq(bn, bn2)) + goto err; + + st = 1; + err: + BN_free(bn2); + BN_free(bn); + return st; +} + static int test_dec2bn(void) { BIGNUM *bn = NULL; @@ -2077,6 +2227,74 @@ static int test_mpi(int i) return st; } +static int test_bin2zero(void) +{ + unsigned char input[] = { 0 }; + BIGNUM *zbn = NULL; + int ret = 0; + + if (!TEST_ptr(zbn = BN_new())) + goto err; + +#define zerotest(fn) \ + if (!TEST_ptr(fn(input, 1, zbn)) \ + || !TEST_true(BN_is_zero(zbn)) \ + || !TEST_ptr(fn(input, 0, zbn)) \ + || !TEST_true(BN_is_zero(zbn)) \ + || !TEST_ptr(fn(NULL, 0, zbn)) \ + || !TEST_true(BN_is_zero(zbn))) \ + goto err + + zerotest(BN_bin2bn); + zerotest(BN_signed_bin2bn); + zerotest(BN_lebin2bn); + zerotest(BN_signed_lebin2bn); +#undef zerotest + + ret = 1; + err: + BN_free(zbn); + return ret; +} + +static int test_bin2bn_lengths(void) +{ + unsigned char input[] = { 1, 2 }; + BIGNUM *bn_be = NULL, *bn_expected_be = NULL; + BIGNUM *bn_le = NULL, *bn_expected_le = NULL; + int ret = 0; + + if (!TEST_ptr(bn_be = BN_new()) + || !TEST_ptr(bn_expected_be = BN_new()) + || !TEST_true(BN_set_word(bn_expected_be, 0x102)) + || !TEST_ptr(bn_le = BN_new()) + || !TEST_ptr(bn_expected_le = BN_new()) + || !TEST_true(BN_set_word(bn_expected_le, 0x201))) + goto err; + +#define lengthtest(fn, e) \ + if (!TEST_ptr_null(fn(input, -1, bn_##e)) \ + || !TEST_ptr(fn(input, 0, bn_##e)) \ + || !TEST_true(BN_is_zero(bn_##e)) \ + || !TEST_ptr(fn(input, 2, bn_##e)) \ + || !TEST_int_eq(BN_cmp(bn_##e, bn_expected_##e), 0)) \ + goto err + + lengthtest(BN_bin2bn, be); + lengthtest(BN_signed_bin2bn, be); + lengthtest(BN_lebin2bn, le); + lengthtest(BN_signed_lebin2bn, le); +#undef lengthtest + + ret = 1; + err: + BN_free(bn_be); + BN_free(bn_expected_be); + BN_free(bn_le); + BN_free(bn_expected_le); + return ret; +} + static int test_rand(void) { BIGNUM *bn = NULL; @@ -2485,7 +2703,7 @@ static int test_not_prime(int i) for (trial = 0; trial <= 1; ++trial) { if (!TEST_true(BN_set_word(r, not_primes[i])) - || !TEST_false(BN_check_prime(r, ctx, NULL))) + || !TEST_int_eq(BN_check_prime(r, ctx, NULL), 0)) goto err; } @@ -2581,6 +2799,25 @@ static int test_ctx_consttime_flag(void) return st; } +static int test_coprime(void) +{ + BIGNUM *a = NULL, *b = NULL; + int ret = 0; + + ret = TEST_ptr(a = BN_new()) + && TEST_ptr(b = BN_new()) + && TEST_true(BN_set_word(a, 66)) + && TEST_true(BN_set_word(b, 99)) + && TEST_int_eq(BN_are_coprime(a, b, ctx), 0) + && TEST_int_eq(BN_are_coprime(b, a, ctx), 0) + && TEST_true(BN_set_word(a, 67)) + && TEST_int_eq(BN_are_coprime(a, b, ctx), 1) + && TEST_int_eq(BN_are_coprime(b, a, ctx), 1); + BN_free(a); + BN_free(b); + return ret; +} + static int test_gcd_prime(void) { BIGNUM *a = NULL, *b = NULL, *gcd = NULL; @@ -2593,11 +2830,12 @@ static int test_gcd_prime(void) if (!TEST_true(BN_generate_prime_ex(a, 1024, 0, NULL, NULL, NULL))) goto err; - for (i = 0; i < NUM0; i++) { + for (i = 0; i < NUM_PRIME_TESTS; i++) { if (!TEST_true(BN_generate_prime_ex(b, 1024, 0, NULL, NULL, NULL)) || !TEST_true(BN_gcd(gcd, a, b, ctx)) - || !TEST_true(BN_is_one(gcd))) + || !TEST_true(BN_is_one(gcd)) + || !TEST_true(BN_are_coprime(a, b, ctx))) goto err; } @@ -2609,12 +2847,11 @@ static int test_gcd_prime(void) return st; } -typedef struct mod_exp_test_st -{ - const char *base; - const char *exp; - const char *mod; - const char *res; +typedef struct mod_exp_test_st { + const char *base; + const char *exp; + const char *mod; + const char *res; } MOD_EXP_TEST; static const MOD_EXP_TEST ModExpTests[] = { @@ -3155,7 +3392,10 @@ int setup_tests(void) ADD_TEST(test_dec2bn); ADD_TEST(test_hex2bn); ADD_TEST(test_asc2bn); + ADD_TEST(test_bin2zero); + ADD_TEST(test_bin2bn_lengths); ADD_ALL_TESTS(test_mpi, (int)OSSL_NELEM(kMPITests)); + ADD_ALL_TESTS(test_bn2signed, (int)OSSL_NELEM(kSignedTests_BE)); ADD_TEST(test_negzero); ADD_TEST(test_badmod); ADD_TEST(test_expmodzero); @@ -3178,6 +3418,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); ADD_TEST(test_gcd_prime); + ADD_TEST(test_coprime); ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests)); ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests)); ADD_TEST(test_mod_exp2_mont); diff --git a/test/build.info b/test/build.info index 6089b8c97cf8..9d9be6b642e9 100644 --- a/test/build.info +++ b/test/build.info @@ -4,6 +4,11 @@ # Most of all, ../apps/lib/apps.c needs to be divided in smaller pieces to # be useful here. # + +IF[{- !$disabled{hqinterop} -}] + SUBDIRS=quic-openssl-docker +ENDIF + # Auxiliary program source (copied from ../apps/build.info) IF[{- $config{target} =~ /^(?:VC-|mingw|BC-)/ -}] # It's called 'init', but doesn't have much 'init' in it... @@ -26,47 +31,67 @@ IF[{- !$disabled{tests} -}] testutil/format_output.c testutil/load.c testutil/fake_random.c \ testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \ testutil/options.c testutil/test_options.c testutil/provider.c \ - testutil/apps_shims.c testutil/random.c $LIBAPPSSRC + testutil/apps_shims.c testutil/random.c testutil/helper.c $LIBAPPSSRC INCLUDE[libtestutil.a]=../include ../apps/include .. DEPEND[libtestutil.a]=../libcrypto PROGRAMS{noinst}= \ confdump \ versions \ - aborttest test_test pkcs12_format_test \ - sanitytest rsa_complex exdatatest bntest \ + aborttest test_test pkcs12_format_test pkcs12_api_test \ + sanitytest time_test rsa_complex exdatatest bntest \ ecstresstest gmdifftest pbelutest \ destest mdc2test sha_test \ - exptest pbetest localetest evp_pkey_ctx_new_from_name\ + exptest pbetest localetest evp_pkey_ctx_new_from_name \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test evp_libctx_test ossl_store_test \ - v3nametest v3ext punycode_test evp_byname_test \ + v3nametest v3ext byteorder_test punycode_test evp_byname_test \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ conf_include_test params_api_test params_conversion_test \ - constant_time_test verify_extra_test clienthellotest \ + constant_time_test safe_math_test verify_extra_test clienthellotest \ packettest asynctest secmemtest srptest memleaktest stack_test \ dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ - bio_callback_test bio_memleak_test bio_core_test param_build_test \ - bioprinttest sslapitest dtlstest sslcorrupttest \ - bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ - cipherbytes_test threadstest_fips \ + bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \ + bioprinttest sslapitest ssl_handshake_rtt_test dtlstest sslcorrupttest \ + bio_base64_test bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ + cipherbytes_test threadstest_fips threadpool_test \ asn1_encode_test asn1_decode_test asn1_string_table_test asn1_stable_parse_test \ x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ recordlentest drbgtest rand_status_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ - http_test servername_test ocspapitest fatalerrtest tls13ccstest \ - sysdefaulttest errtest ssl_ctx_test \ + servername_test ocspapitest fatalerrtest tls13ccstest \ + sysdefaulttest errtest ssl_ctx_test build_wincrypt_test \ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ bio_readbuffer_test user_property_test pkcs7_test upcallstest \ - provfetchtest prov_config_test rand_test fips_version_test \ - nodefltctxtest bio_pw_callback_test + provfetchtest prov_config_test rand_test \ + ca_internals_test bio_tfo_test membio_test bio_dgram_test list_test \ + fips_version_test x509_test hpke_test pairwise_fail_test \ + nodefltctxtest evp_xof_test x509_load_cert_file_test bio_meth_test \ + x509_acert_test x509_req_test strtoultest bio_pw_callback_test + + IF[{- !$disabled{'rpk'} -}] + PROGRAMS{noinst}=rpktest + ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=enginetest ENDIF + IF[{- !$disabled{quic} -}] + PROGRAMS{noinst}=priority_queue_test quicfaultstest quicapitest \ + quic_newcid_test quic_srt_gen_test + ENDIF + + IF[{- !$disabled{qlog} -}] + PROGRAMS{noinst}=json_test quic_qlog_test + ENDIF + + IF[{- !$disabled{comp} && (!$disabled{brotli} || !$disabled{zstd} || !$disabled{zlib}) -}] + PROGRAMS{noinst}=cert_comp_test + ENDIF + SOURCE[confdump]=confdump.c INCLUDE[confdump]=../include ../apps/include DEPEND[confdump]=../libcrypto @@ -81,11 +106,15 @@ IF[{- !$disabled{tests} -}] SOURCE[sanitytest]=sanitytest.c INCLUDE[sanitytest]=../include ../apps/include - DEPEND[sanitytest]=../libcrypto libtestutil.a + DEPEND[sanitytest]=../libcrypto.a libtestutil.a + + SOURCE[time_test]=time_test.c + INCLUDE[time_test]=../include ../apps/include + DEPEND[time_test]=../libcrypto.a libtestutil.a SOURCE[rand_test]=rand_test.c INCLUDE[rand_test]=../include ../apps/include - DEPEND[rand_test]=../libcrypto libtestutil.a + DEPEND[rand_test]=../libcrypto.a libtestutil.a SOURCE[rsa_complex]=rsa_complex.c INCLUDE[rsa_complex]=../include ../apps/include @@ -154,6 +183,13 @@ IF[{- !$disabled{tests} -}] INCLUDE[tls13ccstest]=../include ../apps/include DEPEND[tls13ccstest]=../libcrypto ../libssl libtestutil.a + IF[{- !$disabled{ecx} && !$disabled{tls} && !$disabled{tls1_3} -}] + PROGRAMS{noinst}=tls13groupselection_test + SOURCE[tls13groupselection_test]=tls13groupselection_test.c helpers/ssltestlib.c + INCLUDE[tls13groupselection_test]=../include ../apps/include + DEPEND[tls13groupselection_test]=../libcrypto ../libssl libtestutil.a + ENDIF + SOURCE[upcallstest]=upcallstest.c INCLUDE[upcallstest]=../include ../apps/include DEPEND[upcallstest]=../libcrypto libtestutil.a @@ -169,19 +205,23 @@ IF[{- !$disabled{tests} -}] DEFINE[evp_test]=NO_LEGACY_MODULE ENDIF - SOURCE[evp_extra_test]=evp_extra_test.c - INCLUDE[evp_extra_test]=../include ../apps/include + SOURCE[evp_extra_test]=evp_extra_test.c fake_rsaprov.c fake_pipelineprov.c + INCLUDE[evp_extra_test]=../include ../apps/include \ + ../providers/common/include \ + ../providers/implementations/include DEPEND[evp_extra_test]=../libcrypto.a libtestutil.a IF[{- !$disabled{module} && !$disabled{legacy} -}] DEFINE[evp_extra_test]=STATIC_LEGACY SOURCE[evp_extra_test]=../providers/legacyprov.c - INCLUDE[evp_extra_test]=../providers/common/include \ - ../providers/implementations/include DEPEND[evp_extra_test]=../providers/liblegacy.a \ ../providers/libcommon.a ENDIF - SOURCE[evp_extra_test2]=evp_extra_test2.c + SOURCE[hpke_test]=hpke_test.c + INCLUDE[hpke_test]=../include ../apps/include + DEPEND[hpke_test]=../libcrypto.a libtestutil.a + + SOURCE[evp_extra_test2]=evp_extra_test2.c $INITSRC tls-provider.c INCLUDE[evp_extra_test2]=../include ../apps/include DEPEND[evp_extra_test2]=../libcrypto libtestutil.a @@ -221,10 +261,25 @@ IF[{- !$disabled{tests} -}] INCLUDE[provider_status_test]=../include ../apps/include DEPEND[provider_status_test]=../libcrypto.a libtestutil.a + SOURCE[pairwise_fail_test]=pairwise_fail_test.c + INCLUDE[pairwise_fail_test]=../include ../apps/include + DEPEND[pairwise_fail_test]=../libcrypto.a libtestutil.a + SOURCE[nodefltctxtest]=nodefltctxtest.c INCLUDE[nodefltctxtest]=../include ../apps/include DEPEND[nodefltctxtest]=../libcrypto.a libtestutil.a + SOURCE[evp_pkey_dhkem_test]=evp_pkey_dhkem_test.c + INCLUDE[evp_pkey_dhkem_test]=../include ../apps/include + DEPEND[evp_pkey_dhkem_test]=../libcrypto.a libtestutil.a + + IF[{- !$disabled{'slh-dsa'} -}] + PROGRAMS{noinst}=slh_dsa_test + SOURCE[slh_dsa_test]=slh_dsa_test.c + INCLUDE[slh_dsa_test]=../include ../apps/include + DEPEND[slh_dsa_test]=../libcrypto.a libtestutil.a + ENDIF + IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=igetest bftest casttest @@ -241,6 +296,13 @@ IF[{- !$disabled{tests} -}] DEPEND[casttest]=../libcrypto libtestutil.a ENDIF + IF[{- !$disabled{'ml-dsa'} -}] + PROGRAMS{noinst}=ml_dsa_test + SOURCE[ml_dsa_test]=ml_dsa_test.c + INCLUDE[ml_dsa_test]=../include ../apps/include + DEPEND[ml_dsa_test]=../libcrypto.a libtestutil.a + ENDIF + SOURCE[v3nametest]=v3nametest.c INCLUDE[v3nametest]=../include ../apps/include DEPEND[v3nametest]=../libcrypto libtestutil.a @@ -261,6 +323,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[constant_time_test]=../include ../apps/include DEPEND[constant_time_test]=../libcrypto libtestutil.a + SOURCE[safe_math_test]=safe_math_test.c + INCLUDE[safe_math_test]=../include ../apps/include + DEPEND[safe_math_test]=../libcrypto libtestutil.a + SOURCE[verify_extra_test]=verify_extra_test.c INCLUDE[verify_extra_test]=../include ../apps/include DEPEND[verify_extra_test]=../libcrypto libtestutil.a @@ -273,10 +339,81 @@ IF[{- !$disabled{tests} -}] INCLUDE[bad_dtls_test]=../include ../apps/include DEPEND[bad_dtls_test]=../libcrypto ../libssl libtestutil.a - SOURCE[packettest]=packettest.c + SOURCE[packettest]=packettest.c ../crypto/quic_vlint.c INCLUDE[packettest]=../include ../apps/include DEPEND[packettest]=../libcrypto libtestutil.a + IF[{- !$disabled{'quic'} -}] + SOURCE[quic_wire_test]=quic_wire_test.c + INCLUDE[quic_wire_test]=../include ../apps/include + DEPEND[quic_wire_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_record_test]=quic_record_test.c + INCLUDE[quic_record_test]=../include ../apps/include + DEPEND[quic_record_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_fc_test]=quic_fc_test.c + INCLUDE[quic_fc_test]=../include ../apps/include + DEPEND[quic_fc_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_stream_test]=quic_stream_test.c + INCLUDE[quic_stream_test]=../include ../apps/include + DEPEND[quic_stream_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_cfq_test]=quic_cfq_test.c + INCLUDE[quic_cfq_test]=../include ../apps/include + DEPEND[quic_cfq_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_txpim_test]=quic_txpim_test.c + INCLUDE[quic_txpim_test]=../include ../apps/include + DEPEND[quic_txpim_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_srtm_test]=quic_srtm_test.c + INCLUDE[quic_srtm_test]=../include ../apps/include + DEPEND[quic_srtm_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_lcidm_test]=quic_lcidm_test.c + INCLUDE[quic_lcidm_test]=../include ../apps/include + DEPEND[quic_lcidm_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_rcidm_test]=quic_rcidm_test.c + INCLUDE[quic_rcidm_test]=../include ../apps/include + DEPEND[quic_rcidm_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_fifd_test]=quic_fifd_test.c cc_dummy.c + INCLUDE[quic_fifd_test]=../include ../apps/include + DEPEND[quic_fifd_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_txp_test]=quic_txp_test.c cc_dummy.c + INCLUDE[quic_txp_test]=../include ../apps/include + DEPEND[quic_txp_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_tserver_test]=quic_tserver_test.c + INCLUDE[quic_tserver_test]=../include ../apps/include + DEPEND[quic_tserver_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_client_test]=quic_client_test.c + INCLUDE[quic_client_test]=../include ../apps/include + DEPEND[quic_client_test]=../libcrypto.a ../libssl.a libtestutil.a + + $QUICTESTHELPERS=helpers/quictestlib.c helpers/noisydgrambio.c helpers/pktsplitbio.c + + SOURCE[quic_multistream_test]=quic_multistream_test.c helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[quic_multistream_test]=../include ../apps/include + DEPEND[quic_multistream_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_radix_test]=radix/quic_radix.c + SOURCE[quic_radix_test]=helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[quic_radix_test]=../include ../apps/include + DEPEND[quic_radix_test]=../libcrypto.a ../libssl.a libtestutil.a + ENDIF + + IF[{- !$disabled{'qlog'} -}] + SOURCE[quic_qlog_test]=quic_qlog_test.c + INCLUDE[quic_qlog_test]=../include ../apps/include + DEPEND[quic_qlog_test]=../libcrypto.a ../libssl.a libtestutil.a + ENDIF + SOURCE[asynctest]=asynctest.c INCLUDE[asynctest]=../include ../apps/include DEPEND[asynctest]=../libcrypto @@ -297,10 +434,18 @@ IF[{- !$disabled{tests} -}] INCLUDE[pkcs12_format_test]=../include ../apps/include DEPEND[pkcs12_format_test]=../libcrypto libtestutil.a + SOURCE[pkcs12_api_test]=pkcs12_api_test.c helpers/pkcs12.c + INCLUDE[pkcs12_api_test]=../include ../apps/include + DEPEND[pkcs12_api_test]=../libcrypto libtestutil.a + SOURCE[pkcs7_test]=pkcs7_test.c INCLUDE[pkcs7_test]=../include ../apps/include DEPEND[pkcs7_test]=../libcrypto libtestutil.a + SOURCE[byteorder_test]=byteorder_test.c + INCLUDE[byteorder_test]=../include ../apps/include + DEPEND[byteorder_test]=../libcrypto.a libtestutil.a + SOURCE[punycode_test]=punycode_test.c INCLUDE[punycode_test]=../include ../apps/include DEPEND[punycode_test]=../libcrypto.a libtestutil.a @@ -315,7 +460,7 @@ IF[{- !$disabled{tests} -}] SOURCE[lhash_test]=lhash_test.c INCLUDE[lhash_test]=../include ../apps/include - DEPEND[lhash_test]=../libcrypto libtestutil.a + DEPEND[lhash_test]=../libcrypto.a libtestutil.a SOURCE[dtlsv1listentest]=dtlsv1listentest.c INCLUDE[dtlsv1listentest]=../include ../apps/include @@ -325,9 +470,13 @@ IF[{- !$disabled{tests} -}] INCLUDE[ct_test]=../include ../apps/include DEPEND[ct_test]=../libcrypto libtestutil.a + SOURCE[threadpool_test]=threadpool_test.c + INCLUDE[threadpool_test]=.. ../include ../apps/include + DEPEND[threadpool_test]=../libcrypto.a libtestutil.a + SOURCE[threadstest]=threadstest.c - INCLUDE[threadstest]=../include ../apps/include - DEPEND[threadstest]=../libcrypto libtestutil.a + INCLUDE[threadstest]=.. ../include ../apps/include + DEPEND[threadstest]=../libcrypto.a libtestutil.a SOURCE[threadstest_fips]=threadstest_fips.c INCLUDE[threadstest_fips]=../include ../apps/include @@ -382,6 +531,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_memleak_test]=../include ../apps/include DEPEND[bio_memleak_test]=../libcrypto libtestutil.a + SOURCE[bio_meth_test]=bio_meth_test.c + INCLUDE[bio_meth_test]=../include ../apps/include + DEPEND[bio_meth_test]=../libcrypto libtestutil.a + SOURCE[bioprinttest]=bioprinttest.c INCLUDE[bioprinttest]=../include ../apps/include DEPEND[bioprinttest]=../libcrypto libtestutil.a @@ -390,6 +543,22 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_core_test]=../include ../apps/include DEPEND[bio_core_test]=../libcrypto libtestutil.a + SOURCE[bio_dgram_test]=bio_dgram_test.c + INCLUDE[bio_dgram_test]=../include ../apps/include + DEPEND[bio_dgram_test]=../libcrypto libtestutil.a + + SOURCE[bio_tfo_test]=bio_tfo_test.c + INCLUDE[bio_tfo_test]=../include ../apps/include .. + DEPEND[bio_tfo_test]=../libcrypto libtestutil.a + + SOURCE[membio_test]=membio_test.c + INCLUDE[membio_test]=../include ../apps/include .. + DEPEND[membio_test]=../libcrypto libtestutil.a + + SOURCE[bio_dgram_test]=bio_dgram_test.c + INCLUDE[bio_dgram_test]=../include ../apps/include .. + DEPEND[bio_dgram_test]=../libcrypto libtestutil.a + SOURCE[params_api_test]=params_api_test.c INCLUDE[params_api_test]=../include ../apps/include DEPEND[params_api_test]=../libcrypto libtestutil.a @@ -403,8 +572,16 @@ IF[{- !$disabled{tests} -}] DEPEND[param_build_test]=../libcrypto.a libtestutil.a SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c - INCLUDE[sslapitest]=../include ../apps/include .. - DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a + INCLUDE[sslapitest]=../include ../apps/include ../providers/common/include .. + DEPEND[sslapitest]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[ssl_handshake_rtt_test]=ssl_handshake_rtt_test.c helpers/ssltestlib.c + INCLUDE[ssl_handshake_rtt_test]=../include ../apps/include .. + DEPEND[ssl_handshake_rtt_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[rpktest]=rpktest.c helpers/ssltestlib.c + INCLUDE[rpktest]=../include ../apps/include .. + DEPEND[rpktest]=../libcrypto ../libssl libtestutil.a SOURCE[defltfips_test]=defltfips_test.c INCLUDE[defltfips_test]=../include ../apps/include @@ -419,12 +596,20 @@ IF[{- !$disabled{tests} -}] DEPEND[ocspapitest]=../libcrypto libtestutil.a IF[{- !$disabled{sock} -}] - PROGRAMS{noinst}=http_test - ENDIF + IF[{- !$disabled{http} -}] + PROGRAMS{noinst}=http_test + + SOURCE[http_test]=http_test.c + INCLUDE[http_test]=../include ../apps/include + DEPEND[http_test]=../libcrypto libtestutil.a + ENDIF + + PROGRAMS{noinst}=bio_addr_test - SOURCE[http_test]=http_test.c - INCLUDE[http_test]=../include ../apps/include - DEPEND[http_test]=../libcrypto libtestutil.a + SOURCE[bio_addr_test]=bio_addr_test.c + INCLUDE[bio_addr_test]=../include ../apps/include + DEPEND[bio_addr_test]=../libcrypto libtestutil.a + ENDIF SOURCE[dtlstest]=dtlstest.c helpers/ssltestlib.c INCLUDE[dtlstest]=../include ../apps/include @@ -434,6 +619,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[sslcorrupttest]=../include ../apps/include DEPEND[sslcorrupttest]=../libcrypto ../libssl libtestutil.a + SOURCE[bio_base64_test]=bio_base64_test.c + INCLUDE[bio_base64_test]=../include ../apps/include + DEPEND[bio_base64_test]=../libcrypto libtestutil.a + SOURCE[bio_enc_test]=bio_enc_test.c INCLUDE[bio_enc_test]=../include ../apps/include DEPEND[bio_enc_test]=../libcrypto libtestutil.a @@ -450,6 +639,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[evp_kdf_test]=../include ../apps/include DEPEND[evp_kdf_test]=../libcrypto libtestutil.a + SOURCE[evp_xof_test]=evp_xof_test.c + INCLUDE[evp_xof_test]=../include ../apps/include + DEPEND[evp_xof_test]=../libcrypto libtestutil.a + SOURCE[evp_pkey_dparams_test]=evp_pkey_dparams_test.c INCLUDE[evp_pkey_dparams_test]=../include ../apps/include DEPEND[evp_pkey_dparams_test]=../libcrypto libtestutil.a @@ -458,12 +651,17 @@ IF[{- !$disabled{tests} -}] INCLUDE[x509_time_test]=../include ../apps/include DEPEND[x509_time_test]=../libcrypto libtestutil.a + SOURCE[x509_test]=x509_test.c + INCLUDE[x509_test]=../include ../apps/include + DEPEND[x509_test]=../libcrypto libtestutil.a + SOURCE[recordlentest]=recordlentest.c helpers/ssltestlib.c INCLUDE[recordlentest]=../include ../apps/include DEPEND[recordlentest]=../libcrypto ../libssl libtestutil.a SOURCE[drbgtest]=drbgtest.c - INCLUDE[drbgtest]=../include ../apps/include ../providers/common/include + INCLUDE[drbgtest]=../include ../apps/include ../providers/common/include \ + ../providers/fips/include DEPEND[drbgtest]=../libcrypto.a libtestutil.a SOURCE[rand_status_test]=rand_status_test.c @@ -474,6 +672,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[x509_dup_cert_test]=../include ../apps/include DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a + SOURCE[x509_load_cert_file_test]=x509_load_cert_file_test.c + INCLUDE[x509_load_cert_file_test]=../include ../apps/include + DEPEND[x509_load_cert_file_test]=../libcrypto libtestutil.a + SOURCE[x509_check_cert_pkey_test]=x509_check_cert_pkey_test.c INCLUDE[x509_check_cert_pkey_test]=../include ../apps/include DEPEND[x509_check_cert_pkey_test]=../libcrypto libtestutil.a @@ -490,10 +692,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[ciphername_test]=../include ../apps/include DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a - SOURCE[http_test]=http_test.c - INCLUDE[http_test]=../include ../apps/include - DEPEND[http_test]=../libcrypto libtestutil.a - SOURCE[servername_test]=servername_test.c helpers/ssltestlib.c INCLUDE[servername_test]=../include ../apps/include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a @@ -603,6 +801,13 @@ IF[{- !$disabled{tests} -}] INCLUDE[cmp_client_test]=.. ../include ../apps/include DEPEND[cmp_client_test]=../libcrypto.a libtestutil.a + SOURCE[ca_internals_test]=ca_internals_test.c ../apps/ca.c ../apps/lib/apps.c \ + ../apps/lib/app_rand.c ../apps/lib/engine.c ../apps/lib/app_provider.c \ + ../apps/lib/app_libctx.c ../apps/lib/fmt.c ../apps/lib/apps_ui.c \ + ../apps/lib/app_x509.c ../crypto/asn1/a_time.c ../crypto/ctype.c + INCLUDE[ca_internals_test]=.. ../include ../apps/include + DEPEND[ca_internals_test]=libtestutil.a ../libssl + # Internal test programs. These are essentially a collection of internal # test routines. Some of them need to reach internal symbols that aren't # available through the shared library (at least on Linux, Solaris, Windows @@ -612,7 +817,7 @@ IF[{- !$disabled{tests} -}] IF[1] PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \ tls13encryptiontest wpackettest ctype_internal_test \ - rdrand_sanitytest property_test ideatest rsa_mp_test \ + rdcpu_sanitytest property_test ideatest rsa_mp_test \ rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \ rc2test rc4test rc5test hmactest ffc_internal_test \ asn1_dsa_internal_test dsatest dsa_no_digest_size_test \ @@ -637,7 +842,10 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=sm4_internal_test ENDIF IF[{- !$disabled{ec} -}] - PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test + PROGRAMS{noinst}=ectest ec_internal_test evp_pkey_dhkem_test + ENDIF + IF[{- !$disabled{ecx} -}] + PROGRAMS{noinst}=curve448_internal_test ENDIF IF[{- !$disabled{cmac} -}] PROGRAMS{noinst}=cmactest @@ -707,10 +915,42 @@ IF[{- !$disabled{tests} -}] INCLUDE[sparse_array_test]=../include ../apps/include DEPEND[sparse_array_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{quic} -}] + SOURCE[priority_queue_test]=priority_queue_test.c + INCLUDE[priority_queue_test]=../include ../apps/include + DEPEND[priority_queue_test]=../libcrypto ../libssl.a libtestutil.a + + SOURCE[quicfaultstest]=quicfaultstest.c helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[quicfaultstest]=../include ../apps/include .. + DEPEND[quicfaultstest]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quicapitest]=quicapitest.c helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[quicapitest]=../include ../apps/include + DEPEND[quicapitest]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_newcid_test]=quic_newcid_test.c helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[quic_newcid_test]=../include ../apps/include .. + DEPEND[quic_newcid_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_srt_gen_test]=quic_srt_gen_test.c helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[quic_srt_gen_test]=../include ../apps/include .. + DEPEND[quic_srt_gen_test]=../libcrypto.a ../libssl.a libtestutil.a + ENDIF + + IF[{- !$disabled{qlog} -}] + SOURCE[json_test]=json_test.c helpers/ssltestlib.c $QUICTESTHELPERS + INCLUDE[json_test]=../include ../apps/include + DEPEND[json_test]=../libcrypto.a ../libssl.a libtestutil.a + ENDIF + SOURCE[dhtest]=dhtest.c INCLUDE[dhtest]=../include ../apps/include DEPEND[dhtest]=../libcrypto.a libtestutil.a + SOURCE[list_test]=list_test.c + INCLUDE[list_test]=../include ../apps/include + DEPEND[list_test]=libtestutil.a + SOURCE[hmactest]=hmactest.c INCLUDE[hmactest]=../include ../apps/include DEPEND[hmactest]=../libcrypto.a libtestutil.a @@ -757,22 +997,31 @@ IF[{- !$disabled{tests} -}] INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a - SOURCE[curve448_internal_test]=curve448_internal_test.c - INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448 - DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{ecx} -}] + SOURCE[curve448_internal_test]=curve448_internal_test.c + INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448 + DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a + ENDIF SOURCE[rc4test]=rc4test.c INCLUDE[rc4test]=../include ../apps/include DEPEND[rc4test]=../libcrypto.a libtestutil.a - SOURCE[rdrand_sanitytest]=rdrand_sanitytest.c - INCLUDE[rdrand_sanitytest]=../include ../apps/include - DEPEND[rdrand_sanitytest]=../libcrypto.a libtestutil.a + SOURCE[rdcpu_sanitytest]=rdcpu_sanitytest.c + INCLUDE[rdcpu_sanitytest]=../include ../apps/include ../crypto + DEPEND[rdcpu_sanitytest]=../libcrypto.a libtestutil.a SOURCE[rsa_sp800_56b_test]=rsa_sp800_56b_test.c INCLUDE[rsa_sp800_56b_test]=.. ../include ../crypto/rsa ../apps/include DEPEND[rsa_sp800_56b_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{'deprecated-3.0'} -}] + PROGRAMS{noinst}=rsa_x931_test + SOURCE[rsa_x931_test]=rsa_x931_test.c + INCLUDE[rsa_x931_test]=.. ../include ../apps/include + DEPEND[rsa_x931_test]=../libcrypto.a libtestutil.a + ENDIF + SOURCE[bn_internal_test]=bn_internal_test.c INCLUDE[bn_internal_test]=.. ../include ../crypto/bn ../apps/include DEPEND[bn_internal_test]=../libcrypto.a libtestutil.a @@ -781,6 +1030,18 @@ IF[{- !$disabled{tests} -}] INCLUDE[asn1_dsa_internal_test]=.. ../include ../apps/include DEPEND[asn1_dsa_internal_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{'ml-kem'} -}] + PROGRAMS{noinst}=ml_kem_internal_test + SOURCE[ml_kem_internal_test]=ml_kem_internal_test.c + INCLUDE[ml_kem_internal_test]=../include ../apps/include + DEPEND[ml_kem_internal_test]=../libcrypto.a libtestutil.a + + PROGRAMS{noinst}=ml_kem_evp_extra_test + SOURCE[ml_kem_evp_extra_test]=ml_kem_evp_extra_test.c + INCLUDE[ml_kem_evp_extra_test]=../include ../apps/include + DEPEND[ml_kem_evp_extra_test]=../libcrypto.a libtestutil.a + ENDIF + SOURCE[keymgmt_internal_test]=keymgmt_internal_test.c INCLUDE[keymgmt_internal_test]=.. ../include ../apps/include DEPEND[keymgmt_internal_test]=../libcrypto.a libtestutil.a @@ -813,7 +1074,8 @@ IF[{- !$disabled{tests} -}] ENDIF PROGRAMS{noinst}=asn1_time_test - SOURCE[asn1_time_test]=asn1_time_test.c + SOURCE[asn1_time_test]=asn1_time_test.c ../crypto/ctype.c \ + ../crypto/asn1/a_time.c INCLUDE[asn1_time_test]=../include ../apps/include DEPEND[asn1_time_test]=../libcrypto libtestutil.a @@ -824,7 +1086,7 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=tls13secretstest SOURCE[tls13secretstest]=tls13secretstest.c DEFINE[tls13secretstest]=OPENSSL_NO_KTLS - SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../crypto/packet.c + SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../crypto/packet.c ../crypto/quic_vlint.c INCLUDE[tls13secretstest]=.. ../include ../apps/include DEPEND[tls13secretstest]=../libcrypto ../libssl libtestutil.a ENDIF @@ -850,6 +1112,13 @@ IF[{- !$disabled{tests} -}] INCLUDE[context_internal_test]=.. ../include ../apps/include DEPEND[context_internal_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{zlib} || !$disabled{brotli} || !$disabled{zstd} -}] + PROGRAMS{noinst}=bio_comp_test + SOURCE[bio_comp_test]=bio_comp_test.c + INCLUDE[bio_comp_test]=../include ../apps/include + DEPEND[bio_comp_test]=../libcrypto.a libtestutil.a + ENDIF + PROGRAMS{noinst}=provider_internal_test DEFINE[provider_internal_test]=PROVIDER_INIT_FUNCTION_NAME=p_test_init SOURCE[provider_internal_test]=provider_internal_test.c p_test.c @@ -894,6 +1163,16 @@ IF[{- !$disabled{tests} -}] INCLUDE[provider_pkey_test]=../include ../apps/include DEPEND[provider_pkey_test]=../libcrypto libtestutil.a + PROGRAMS{noinst}=evp_skey_test + SOURCE[evp_skey_test]=evp_skey_test.c fake_cipherprov.c + INCLUDE[evp_skey_test]=../include ../apps/include + DEPEND[evp_skey_test]=../libcrypto libtestutil.a + + PROGRAMS{noinst}=provider_default_search_path_test + SOURCE[provider_default_search_path_test]=provider_default_search_path_test.c + INCLUDE[provider_default_search_path_test]=../include ../apps/include + DEPEND[provider_default_search_path_test]=../libcrypto libtestutil.a + PROGRAMS{noinst}=params_test SOURCE[params_test]=params_test.c INCLUDE[params_test]=.. ../include ../apps/include @@ -913,6 +1192,14 @@ IF[{- !$disabled{tests} -}] SOURCE[endecode_test]=endecode_test.c helpers/predefined_dhparams.c INCLUDE[endecode_test]=.. ../include ../apps/include DEPEND[endecode_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{module} && !$disabled{legacy} -}] + DEFINE[endecode_test]=STATIC_LEGACY + SOURCE[endecode_test]=../providers/legacyprov.c + INCLUDE[endecode_test]=../providers/common/include \ + ../providers/implementations/include + DEPEND[endecode_test]=../providers/liblegacy.a \ + ../providers/libcommon.a + ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=endecoder_legacy_test @@ -921,6 +1208,11 @@ IF[{- !$disabled{tests} -}] DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a ENDIF + PROGRAMS{noinst}=decoder_propq_test + SOURCE[decoder_propq_test]=decoder_propq_test.c + INCLUDE[decoder_propq_test]=.. ../include ../apps/include + DEPEND[decoder_propq_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=namemap_internal_test SOURCE[namemap_internal_test]=namemap_internal_test.c INCLUDE[namemap_internal_test]=.. ../include ../apps/include @@ -943,6 +1235,50 @@ ENDIF INCLUDE[ssl_ctx_test]=../include ../apps/include DEPEND[ssl_ctx_test]=../libcrypto ../libssl libtestutil.a + SOURCE[build_wincrypt_test]=build_wincrypt_test.c + INCLUDE[build_wincrypt_test]=../include + DEPEND[build_wincrypt_test]=../libssl ../libcrypto + + IF[{- !$disabled{shared} -}] + PROGRAMS{noinst}=timing_load_creds + SOURCE[timing_load_creds]=timing_load_creds.c + INCLUDE[timing_load_creds]=../include + DEPEND[timing_load_creds]=../libcrypto.a + ENDIF + + IF[{- !$disabled{'quic'} -}] + PROGRAMS{noinst}=quic_wire_test quic_ackm_test quic_record_test + PROGRAMS{noinst}=quic_fc_test quic_stream_test quic_cfq_test quic_txpim_test + PROGRAMS{noinst}=quic_srtm_test quic_lcidm_test quic_rcidm_test + PROGRAMS{noinst}=quic_fifd_test quic_txp_test quic_tserver_test + PROGRAMS{noinst}=quic_client_test quic_cc_test quic_multistream_test + PROGRAMS{noinst}=quic_radix_test + + SOURCE[quic_ackm_test]=quic_ackm_test.c cc_dummy.c + INCLUDE[quic_ackm_test]=../include ../apps/include + DEPEND[quic_ackm_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[quic_cc_test]=quic_cc_test.c + INCLUDE[quic_cc_test]=../include ../apps/include + DEPEND[quic_cc_test]=../libcrypto.a ../libssl.a libtestutil.a + ENDIF + + SOURCE[cert_comp_test]=cert_comp_test.c helpers/ssltestlib.c + INCLUDE[cert_comp_test]=../include ../apps/include .. + DEPEND[cert_comp_test]=../libcrypto.a ../libssl.a libtestutil.a + + SOURCE[x509_acert_test]=x509_acert_test.c + INCLUDE[x509_acert_test]=../include ../apps/include + DEPEND[x509_acert_test]=../libcrypto libtestutil.a + + SOURCE[x509_req_test]=x509_req_test.c + INCLUDE[x509_req_test]=../include ../apps/include + DEPEND[x509_req_test]=../libcrypto libtestutil.a + + SOURCE[strtoultest]=strtoultest.c + INCLUDE[strtoultest]=../include ../apps/include + DEPEND[strtoultest]=../libcrypto libtestutil.a + SOURCE[bio_pw_callback_test]=bio_pw_callback_test.c INCLUDE[bio_pw_callback_test]=../include ../apps/include DEPEND[bio_pw_callback_test]=../libcrypto libtestutil.a @@ -952,8 +1288,7 @@ ENDIF use File::Basename; use OpenSSL::Glob; - my @nogo_headers = ( "asn1_mac.h", - "opensslconf.h", + my @nogo_headers = ( "opensslconf.h", "__decc_include_prologue.h", "__decc_include_epilogue.h" ); my @nogo_headers_re = ( qr/.*err\.h/ ); diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf index 463b49954c63..58ca0eda6443 100644 --- a/test/ca-and-certs.cnf +++ b/test/ca-and-certs.cnf @@ -31,6 +31,8 @@ organizationName = Dodgy Brothers 0.commonName = Brother 1 1.commonName = $ENV::CN2 +[ empty ] + [ v3_ee ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always diff --git a/test/casttest.c b/test/casttest.c index 5bc47e824ad2..8500a0ab3d43 100644 --- a/test/casttest.c +++ b/test/casttest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,8 +29,9 @@ static unsigned char k[16] = { 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A }; -static unsigned char in[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; +static unsigned char in[8] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF +}; static int k_len[3] = { 16, 10, 5 }; diff --git a/test/certs/ext-check.csr b/test/certs/ext-check.csr index ee974e05ceca..a5ca8881563f 100644 --- a/test/certs/ext-check.csr +++ b/test/certs/ext-check.csr @@ -1,18 +1,9 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICzTCCAbcCAQAwVDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEdGVz -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvdj9Ix -sogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOzn1k5 -0DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/Wl9rF -QtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0lYW5I -NvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAcZGh7 -r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9CLNN -sUcCAwEAAaA2MBYGCSqGSIb3DQEJAjEJDAdDb21wYW55MBwGCSqGSIb3DQEJDjEP -MA0wCwYDVR0PBAQDAgeAMAsGCSqGSIb3DQEBCwOCAQEAYd4B+FkWRuVVDPYfrN8P -UdZbLTggUGrpdhRibnoAsLNQ3cCS90OsCq5FLD6TVUCNb1gnp15Jp1WChQSyD3zC -jb8VgivDeDOuk08Zy2Fl2+QvuwyQ9hKTAOTdAmP/bapAi7zniElSTP6BZ8vyEtuP -FCEWJ5UjhvUYbZOG5WIHxhT+24CtYH3iHNir4OlDbsYrUBKEmQZIDj6WC01UT+4U -/up2xKq1Y+rOUv2Xy3K9O/U1W/3AF7IvcDyd7+qQTGD8U2X3efzZYOffhTN+9Rvn -5t82CnHLjFn4Co43RBiOcbjSDbvtaghtDiYB2tSUuqafHiuAJKx6zAm0Y2FR8X+z -gg== +MIIBJzCBsgIBADAPMQ0wCwYDVQQDDAR0ZXN0MHwwDQYJKoZIhvcNAQEBBQADawAw +aAJhALntqSk2YVnhNalAikA2tuSOvHUKVSJlqjKmzlUPI+gQFyBWxtyQdwepI87t +l8EW1in2IiOeN49W+OtVOlBiMxwqi/BcBltTbbSrlRpoSKOH6V7zIXvfsqjwWsDi +37V1xQIDAQABoB4wHAYJKoZIhvcNAQkOMQ8wDTALBgNVHQ8EBAMCB4AwDQYJKoZI +hvcNAQELBQADYQCu+Qad0pgxIY8PUo6pvg8nNruEyrk/0/weL+sPZxEv0hSrIaGo +ZaVGcPGi67oidiUyM2eMwDUUz3UmPA4oHNGRCddnTMISDxynLEM55CUECLFxXhP+ +8dJsKuJ9jbdasn4= -----END CERTIFICATE REQUEST----- diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 648d91cd9ebe..1cb4a9000c69 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -238,12 +238,14 @@ geneealt() { genee() { local OPTIND=1 local purpose=serverAuth + local ku= - while getopts p: o + while getopts p:k: o do case $o in p) purpose="$OPTARG";; - *) echo "Usage: $0 genee [-p EKU] cn keyname certname cakeyname cacertname" >&2 + k) ku="keyUsage = $OPTARG";; + *) echo "Usage: $0 genee [-k KU] [-p EKU] cn keyname certname cakeyname cacertname" >&2 return 1;; esac done @@ -259,6 +261,7 @@ genee() { "subjectKeyIdentifier = hash" \ "authorityKeyIdentifier = keyid, issuer" \ "basicConstraints = CA:false" \ + "$ku" \ "extendedKeyUsage = $purpose" \ "subjectAltName = @alts" "DNS=${cn}") csr=$(req "$key" "CN = $cn") || return 1 diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 76ceadc7d8de..5bd87087cc1f 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -174,6 +174,25 @@ openssl x509 -in ee-client.pem -trustout \ openssl x509 -in ee-client.pem -trustout \ -addreject clientAuth -out ee-clientAuth.pem +# time stamping certificates +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum ca-key ca-cert +./mkcert.sh genee -p timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-noncritxku ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping,serverAuth -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-serverauth ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping,2.5.29.37.0 -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-anyextkeyusage ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,cRLSign server.example ee-key ee-timestampsign-CABforum-crlsign ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,keyCertSign server.example ee-key ee-timestampsign-CABforum-keycertsign ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping server.example ee-key ee-timestampsign-rfc3161 ca-key ca-cert +./mkcert.sh genee -p timeStamping server.example ee-key ee-timestampsign-rfc3161-noncritxku ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k digitalSignature server.example ee-key ee-timestampsign-rfc3161-digsig ca-key ca-cert + +# code signing certificate +./mkcert.sh genee -p codeSigning -k critical,digitalSignature server.example ee-key ee-codesign ca-key ca-cert +./mkcert.sh genee -p codeSigning,serverAuth -k critical,digitalSignature server.example ee-key ee-codesign-serverauth ca-key ca-cert +./mkcert.sh genee -p codeSigning,2.5.29.37.0 -k critical,digitalSignature server.example ee-key ee-codesign-anyextkeyusage ca-key ca-cert +./mkcert.sh genee -p codeSigning -k critical,digitalSignature,cRLSign server.example ee-key ee-codesign-crlsign ca-key ca-cert +./mkcert.sh genee -p codeSigning -k critical,digitalSignature,keyCertSign server.example ee-key ee-codesign-keycertsign ca-key ca-cert +./mkcert.sh genee -p codeSigning -k digitalSignature server.example ee-key ee-codesign-noncritical ca-key ca-cert + # Leaf cert security level variants # MD5 issuer signature OPENSSL_SIGALG=md5 \ @@ -207,6 +226,10 @@ OPENSSL_KEYBITS=8192 \ # self-signed end-entity cert with explicit keyUsage not including KeyCertSign openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36525 +# self-signed end-entity cert signed with RSA-PSS +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed-pss -out ee-self-signed-pss.pem -days 36525 \ + -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest + # Proxy certificates, off of ee-client # Start with some good ones ./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \ @@ -388,6 +411,18 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ "email.1 = good@good.org" "email.2 = any@good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" +# NC CA4 only permits URIs matching good.org. + +NC="permitted;URI:good.org" +NC=$NC ./mkcert.sh genca "Test NC CA 4" ncca4-key ncca4-cert root-key root-cert + +# A certificate with an URI SAN +./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \ + "CN=Joe Bloggs" | \ + ./mkcert.sh geneealt nc-uri-key nc-uri-cert ncca4-key ncca4-cert \ + "URI.1 = foo://%40something@good.org" \ + "URI.2 = bar://other@good.org/baz/quux" + # Certs for CVE-2022-4203 testcase NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \ @@ -424,6 +459,12 @@ openssl req -new -noenc -subj "/CN=localhost" \ ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \ server-pss-restrict-cert rootkey rootcert +openssl req -new -noenc -subj "/CN=Client-RSA-PSS" \ + -newkey rsa-pss -keyout client-pss-restrict-key.pem \ + -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \ + ./mkcert.sh geneenocsr -p clientAuth "Client RSA-PSS restricted cert" \ + client-pss-restrict-cert rootkey rootcert + # CT entry ./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key @@ -446,3 +487,14 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \ ./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1" # We can create a cert with a duplicate policy oid - but its actually invalid! ./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1,1.3.6.1.4.1.16604.998855.1" + +# EC cert signed by curve ca with SHA3-224, SHA3-256, SHA3-384, SHA3-512 +OPENSSL_SIGALG="sha3-224" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-224 ca-key-ec-named ca-cert-ec-named +OPENSSL_SIGALG="sha3-256" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-256 ca-key-ec-named ca-cert-ec-named +OPENSSL_SIGALG="sha3-384" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-384 ca-key-ec-named ca-cert-ec-named +OPENSSL_SIGALG="sha3-512" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-512 ca-key-ec-named ca-cert-ec-named + +# EC cert seigned RSA intermediate CA +OPENSSL_KEYALG=ec OPENSSL_KEYBITS=prime256v1 ./mkcert.sh genee \ + "P-256 cert EE issuer" p256-ee-rsa-ca-key \ + p256-ee-rsa-ca-cert ca-key ca-cert diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index 2d166e2b4655..c46e431b0018 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -244,10 +244,26 @@ end: return result; } +/* SSL_CTX_set_cipher_list matching with cipher standard name */ +static int test_stdname_cipherlist(void) +{ + SETUP_CIPHERLIST_TEST_FIXTURE(); + if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, TLS1_RFC_RSA_WITH_AES_128_SHA)) + || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, TLS1_RFC_RSA_WITH_AES_128_SHA))) { + goto end; + } + result = 1; +end: + tear_down(fixture); + fixture = NULL; + return result; +} + int setup_tests(void) { ADD_TEST(test_default_cipherlist_implicit); ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); + ADD_TEST(test_stdname_cipherlist); return 1; } diff --git a/test/ciphername_test.c b/test/ciphername_test.c index c4ec6cadd740..de7af03f94b2 100644 --- a/test/ciphername_test.c +++ b/test/ciphername_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 BaishanCloud. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"); @@ -361,6 +361,8 @@ static CIPHER_ID_NAME cipher_names[] = { {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, {0x1304, "TLS_AES_128_CCM_SHA256"}, {0x1305, "TLS_AES_128_CCM_8_SHA256"}, + {0xC0B4, "TLS_SHA256_SHA256"}, + {0xC0B5, "TLS_SHA384_SHA384"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 2f6d336dbc15..7fc21d9b1262 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ #define CLIENT_VERSION_LEN 2 -#define TOTAL_NUM_TESTS 4 +#define TOTAL_NUM_TESTS 3 /* * Test that explicitly setting ticket data results in it appearing in the @@ -34,16 +34,10 @@ #define TEST_ADD_PADDING 1 /* Enable padding and make sure ClientHello is short enough to not need it */ #define TEST_PADDING_NOT_NEEDED 2 -/* - * Enable padding and add a PSK to the ClientHello (this will also ensure the - * ClientHello is long enough to need padding) - */ -#define TEST_ADD_PADDING_AND_PSK 3 #define F5_WORKAROUND_MIN_MSG_LEN 0x7f #define F5_WORKAROUND_MAX_MSG_LEN 0x200 -static const char *sessionfile = NULL; /* Dummy ALPN protocols used to pad out the size of the ClientHello */ /* ASCII 'O' = 79 = 0x4F = EBCDIC '|'*/ #ifdef CHARSET_EBCDIC @@ -72,11 +66,6 @@ static int test_client_hello(int currtest) BIO *sessbio = NULL; SSL_SESSION *sess = NULL; -#ifdef OPENSSL_NO_TLS1_3 - if (currtest == TEST_ADD_PADDING_AND_PSK) - return 1; -#endif - memset(&pkt, 0, sizeof(pkt)); memset(&pkt2, 0, sizeof(pkt2)); memset(&pkt3, 0, sizeof(pkt3)); @@ -91,7 +80,7 @@ static int test_client_hello(int currtest) if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, 0))) goto end; - switch(currtest) { + switch (currtest) { case TEST_SET_SESSION_TICK_DATA_VER_NEG: #if !defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2) /* TLSv1.3 is enabled and TLSv1.2 is disabled so can't do this test */ @@ -104,21 +93,15 @@ static int test_client_hello(int currtest) #endif break; - case TEST_ADD_PADDING_AND_PSK: - /* - * In this case we're doing TLSv1.3 and we're sending a PSK so the - * ClientHello is already going to be quite long. To avoid getting one - * that is too long for this test we use a restricted ciphersuite list - */ - if (!TEST_false(SSL_CTX_set_cipher_list(ctx, ""))) - goto end; - ERR_clear_error(); - /* Fall through */ case TEST_ADD_PADDING: case TEST_PADDING_NOT_NEEDED: SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING); /* Make sure we get a consistent size across TLS versions */ SSL_CTX_clear_options(ctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT); + /* Avoid large keyshares */ + if (!TEST_true(SSL_CTX_set1_groups_list(ctx, + "?X25519:?secp256r1:?ffdhe2048:?ffdhe3072"))) + goto end; /* * Add some dummy ALPN protocols so that the ClientHello is at least * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be @@ -149,26 +132,6 @@ static int test_client_hello(int currtest) if (!TEST_ptr(con)) goto end; - if (currtest == TEST_ADD_PADDING_AND_PSK) { - sessbio = BIO_new_file(sessionfile, "r"); - if (!TEST_ptr(sessbio)) { - TEST_info("Unable to open session.pem"); - goto end; - } - sess = PEM_read_bio_SSL_SESSION(sessbio, NULL, NULL, NULL); - if (!TEST_ptr(sess)) { - TEST_info("Unable to load SSL_SESSION"); - goto end; - } - /* - * We reset the creation time so that we don't discard the session as - * too old. - */ - if (!TEST_true(SSL_SESSION_set_time(sess, (long)time(NULL))) - || !TEST_true(SSL_set_session(con, sess))) - goto end; - } - rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { @@ -234,8 +197,7 @@ static int test_client_hello(int currtest) if (type == TLSEXT_TYPE_padding) { if (!TEST_false(currtest == TEST_PADDING_NOT_NEEDED)) goto end; - else if (TEST_true(currtest == TEST_ADD_PADDING - || currtest == TEST_ADD_PADDING_AND_PSK)) + else if (TEST_true(currtest == TEST_ADD_PADDING)) testresult = TEST_true(msglen == F5_WORKAROUND_MAX_MSG_LEN); } } @@ -252,8 +214,6 @@ end: return testresult; } -OPT_TEST_DECLARE_USAGE("sessionfile\n") - int setup_tests(void) { if (!test_skip_common_options()) { @@ -261,9 +221,6 @@ int setup_tests(void) return 0; } - if (!TEST_ptr(sessionfile = test_get_argument(0))) - return 0; - ADD_ALL_TESTS(test_client_hello, TOTAL_NUM_TESTS); return 1; } diff --git a/test/cmactest.c b/test/cmactest.c index 72f7a0d9366b..a550d4edecd1 100644 --- a/test/cmactest.c +++ b/test/cmactest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,10 +34,10 @@ static const char xtskey[32] = { static struct test_st { const char key[32]; int key_len; - const unsigned char data[64]; + unsigned char data[4096]; int data_len; const char *mac; -} test[3] = { +} test[] = { { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, @@ -70,6 +70,69 @@ static struct test_st { 18, "65c11c75ecf590badd0a5e56cbb8af60" }, + /* for aes-128-cbc */ + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }, + 16, + /* repeat the string below until filling 3072 bytes */ + "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789#", + 3072, + "35da8a02a7afce90e5b711308cee2dee" + }, + /* for aes-192-cbc */ + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17 + }, + 24, + /* repeat the string below until filling 4095 bytes */ + "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789#", + 4095, + "59053f4e81f3593610f987adb547c5b2" + }, + /* for aes-256-cbc */ + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + /* repeat the string below until filling 2560 bytes */ + "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789#", + 2560, + "9c6cf85f7f4baca99725764a0df973a9" + }, + /* for des-ede3-cbc */ + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 24, + /* repeat the string below until filling 2048 bytes */ + "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789#", + 2048, + "2c2fccc7fcc5d98a" + }, + /* for sm4-cbc */ + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }, + 16, + /* repeat the string below until filling 2049 bytes */ + "#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789#", + 2049, + "c9a9cbc82a3b2d96074e386fce1216f2" + }, }; static char *pt(unsigned char *md, unsigned int len); @@ -110,9 +173,27 @@ static int test_cmac_run(void) unsigned char buf[AES_BLOCK_SIZE]; size_t len; int ret = 0; + size_t case_idx = 0; ctx = CMAC_CTX_new(); + /* Construct input data, fill repeatedly until reaching data length */ + for (case_idx = 0; case_idx < OSSL_NELEM(test); case_idx++) { + size_t str_len = strlen((char *)test[case_idx].data); + size_t fill_len = test[case_idx].data_len - str_len; + size_t fill_idx = str_len; + while (fill_len > 0) { + if (fill_len > str_len) { + memcpy(&test[case_idx].data[fill_idx], test[case_idx].data, str_len); + fill_len -= str_len; + fill_idx += str_len; + } else { + memcpy(&test[case_idx].data[fill_idx], test[case_idx].data, fill_len); + fill_len = 0; + } + } + } + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, EVP_aes_128_cbc(), NULL)) || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) @@ -159,6 +240,56 @@ static int test_cmac_run(void) if (!TEST_str_eq(p, test[2].mac)) goto err; + /* Test data length is greater than 1 block length */ + if (!TEST_true(CMAC_Init(ctx, test[3].key, test[3].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[3].data, test[3].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[3].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[4].key, test[4].key_len, + EVP_aes_192_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[4].data, test[4].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[4].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[5].key, test[5].key_len, + EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[5].data, test[5].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[5].mac)) + goto err; + +#ifndef OPENSSL_NO_DES + if (!TEST_true(CMAC_Init(ctx, test[6].key, test[6].key_len, + EVP_des_ede3_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[6].data, test[6].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[6].mac)) + goto err; +#endif + +#ifndef OPENSSL_NO_SM4 + if (!TEST_true(CMAC_Init(ctx, test[7].key, test[7].key_len, + EVP_sm4_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[7].data, test[7].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[7].mac)) + goto err; +#endif + ret = 1; err: CMAC_CTX_free(ctx); diff --git a/test/cmp_asn_test.c b/test/cmp_asn_test.c index 42a6b93b6b27..786bd3296e0f 100644 --- a/test/cmp_asn_test.c +++ b/test/cmp_asn_test.c @@ -119,7 +119,6 @@ static int test_ASN1_OCTET_STRING_set_tgt_is_src(void) return result; } - void cleanup_tests(void) { return; diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index c1148b82aa00..4b3b5f4929c9 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -13,8 +13,6 @@ #include "cmp_mock_srv.h" -#ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */ - static const char *server_key_f; static const char *server_cert_f; static const char *client_key_f; @@ -64,6 +62,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) fixture->test_case_name = test_case_name; if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(libctx, NULL)) || !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1) + || !ossl_cmp_mock_srv_set1_refCert(fixture->srv_ctx, client_cert) || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) || (srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL @@ -142,7 +141,7 @@ static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture) STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx); int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0); - sk_X509_pop_free(caPubs, X509_free); + OSSL_STACK_OF_X509_free(caPubs); return ret; } return 1; @@ -185,52 +184,64 @@ static int test_exec_RR_ses_receive_error(void) static int test_exec_IR_ses(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_IR; + fixture->req_type = OSSL_CMP_PKIBODY_IR; fixture->expected = OSSL_CMP_PKISTATUS_accepted; fixture->caPubs = sk_X509_new_null(); - sk_X509_push(fixture->caPubs, server_cert); - sk_X509_push(fixture->caPubs, server_cert); + if (!sk_X509_push(fixture->caPubs, server_cert) + || !sk_X509_push(fixture->caPubs, server_cert)) { + tear_down(fixture); + return 0; + } ossl_cmp_mock_srv_set1_caPubsOut(fixture->srv_ctx, fixture->caPubs); EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } -static int test_exec_IR_ses_poll(int check_after, int poll_count, - int total_timeout, int expect) +static int test_exec_REQ_ses_poll(int req_type, int check_after, + int poll_count, int total_timeout, + int expect) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_IR; + fixture->req_type = req_type; fixture->expected = expect; ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, check_after); ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, poll_count); OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT, total_timeout); - EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); + + if (req_type == OSSL_CMP_PKIBODY_IR) { + EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); + } else if (req_type == OSSL_CMP_PKIBODY_GENM) { + EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); + } return result; } static int checkAfter = 1; static int test_exec_IR_ses_poll_ok(void) { - return test_exec_IR_ses_poll(checkAfter, 2, 0, OSSL_CMP_PKISTATUS_accepted); + return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter, 2, 0, + OSSL_CMP_PKISTATUS_accepted); } static int test_exec_IR_ses_poll_no_timeout(void) { - return test_exec_IR_ses_poll(checkAfter, 1 /* pollCount */, checkAfter + 1, - OSSL_CMP_PKISTATUS_accepted); + return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter, + 2 /* pollCount */, checkAfter + 4, + OSSL_CMP_PKISTATUS_accepted); } static int test_exec_IR_ses_poll_total_timeout(void) { - return test_exec_IR_ses_poll(checkAfter + 1, 2 /* pollCount */, checkAfter, - OSSL_CMP_PKISTATUS_waiting); + return !test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1, + 3 /* pollCount */, checkAfter + 6, + OSSL_CMP_PKISTATUS_waiting); } static int test_exec_CR_ses(int implicit_confirm, int granted, int reject) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_CR; + fixture->req_type = OSSL_CMP_PKIBODY_CR; OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm); OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted); @@ -257,7 +268,7 @@ static int test_exec_CR_ses_implicit_confirm(void) static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_KUR; + fixture->req_type = OSSL_CMP_PKIBODY_KUR; /* ctx->oldCert has already been set */ if (transfer_error) @@ -265,7 +276,9 @@ static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified) if (pubkey) { EVP_PKEY *key = raverified /* wrong key */ ? server_key : client_key; - EVP_PKEY_up_ref(key); + if (!EVP_PKEY_up_ref(key)) + return 0; + OSSL_CMP_CTX_set0_newPkey(fixture->cmp_ctx, 0 /* not priv */, key); OSSL_CMP_SRV_CTX_set_accept_raverified(fixture->srv_ctx, 1); } @@ -325,7 +338,7 @@ static int test_exec_P10CR_ses(int reject) X509_REQ *csr = NULL; SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_P10CR; + fixture->req_type = OSSL_CMP_PKIBODY_P10CR; fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection : OSSL_CMP_PKISTATUS_accepted; ctx = fixture->cmp_ctx; @@ -355,8 +368,8 @@ static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture) { OSSL_CMP_CTX *ctx = fixture->cmp_ctx; int check_after; - const int CHECK_AFTER = 5; - const int TYPE = OSSL_CMP_KUR; + const int CHECK_AFTER = 0; + const int TYPE = OSSL_CMP_PKIBODY_KUR; ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); @@ -385,7 +398,7 @@ static int execute_try_certreq_poll_abort_test(CMP_SES_TEST_FIXTURE *fixture) OSSL_CMP_CTX *ctx = fixture->cmp_ctx; int check_after; const int CHECK_AFTER = 99; - const int TYPE = OSSL_CMP_CR; + const int TYPE = OSSL_CMP_PKIBODY_CR; ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 3); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, CHECK_AFTER); @@ -405,6 +418,26 @@ static int test_try_certreq_poll_abort(void) return result; } +static int test_exec_GENM_ses_poll_ok(void) +{ + return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter, 2, 0, + OSSL_CMP_PKISTATUS_accepted); +} + +static int test_exec_GENM_ses_poll_no_timeout(void) +{ + return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter, + 1 /* pollCount */, checkAfter + 1, + OSSL_CMP_PKISTATUS_accepted); +} + +static int test_exec_GENM_ses_poll_total_timeout(void) +{ + return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter + 1, + 3 /* pollCount */, checkAfter + 2, + OSSL_CMP_PKISTATUS_waiting); +} + static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); @@ -441,6 +474,7 @@ static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) ossl_cmp_exchange_certConf(fixture->cmp_ctx, OSSL_CMP_CERTREQID, OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable, "abcdefg"); + return TEST_int_eq(fixture->expected, res); } @@ -487,7 +521,7 @@ void cleanup_tests(void) return; } -# define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" +#define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) @@ -539,17 +573,10 @@ int setup_tests(void) ADD_TEST(test_exec_GENM_ses_ok); ADD_TEST(test_exec_GENM_ses_transfer_error); ADD_TEST(test_exec_GENM_ses_total_timeout); + ADD_TEST(test_exec_GENM_ses_poll_ok); + ADD_TEST(test_exec_GENM_ses_poll_no_timeout); + ADD_TEST(test_exec_GENM_ses_poll_total_timeout); ADD_TEST(test_exchange_certConf); ADD_TEST(test_exchange_error); return 1; } - -#else /* !defined (NDEBUG) */ - -int setup_tests(void) -{ - TEST_note("CMP session tests are disabled in this build (NDEBUG)."); - return 1; -} - -#endif diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 4a10653fc87f..f38493b33445 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -13,11 +13,6 @@ #include <openssl/x509_vfy.h> -static X509 *test_cert; - -/* Avoid using X509_new() via the generic macros below. */ -#define X509_new() X509_dup(test_cert) - typedef struct test_fixture { const char *test_case_name; OSSL_CMP_CTX *ctx; @@ -47,7 +42,7 @@ static OSSL_CMP_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) static STACK_OF(X509) *sk_X509_new_1(void) { STACK_OF(X509) *sk = sk_X509_new_null(); - X509 *x = X509_dup(test_cert); + X509 *x = X509_new(); if (x == NULL || !sk_X509_push(sk, x)) { sk_X509_free(sk); @@ -59,7 +54,7 @@ static STACK_OF(X509) *sk_X509_new_1(void) static void sk_X509_pop_X509_free(STACK_OF(X509) *sk) { - sk_X509_pop_free(sk, X509_free); + OSSL_STACK_OF_X509_free(sk); } static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) @@ -67,18 +62,19 @@ static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) OSSL_CMP_CTX *ctx = fixture->ctx; ASN1_OCTET_STRING *bytes = NULL; STACK_OF(X509) *certs = NULL; + X509 *cert = X509_new(); int res = 0; /* set non-default values in all relevant fields */ ctx->status = 1; ctx->failInfoCode = 1; if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) - || !ossl_cmp_ctx_set0_newCert(ctx, X509_dup(test_cert)) + || !ossl_cmp_ctx_set0_newCert(ctx, X509_new()) || !TEST_ptr(certs = sk_X509_new_1()) || !ossl_cmp_ctx_set1_newChain(ctx, certs) || !ossl_cmp_ctx_set1_caPubs(ctx, certs) || !ossl_cmp_ctx_set1_extraCertsIn(ctx, certs) - || !ossl_cmp_ctx_set0_validatedSrvCert(ctx, X509_dup(test_cert)) + || !ossl_cmp_ctx_set1_validatedSrvCert(ctx, cert) || !TEST_ptr(bytes = ASN1_OCTET_STRING_new()) || !OSSL_CMP_CTX_set1_transactionID(ctx, bytes) || !OSSL_CMP_CTX_set1_senderNonce(ctx, bytes) @@ -106,11 +102,27 @@ static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) res = 1; err: + X509_free(cert); sk_X509_pop_X509_free(certs); ASN1_OCTET_STRING_free(bytes); return res; } +static int test_CTX_libctx_propq(void) +{ + OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); + const char *propq = "?provider=legacy"; + OSSL_CMP_CTX *cmpctx = OSSL_CMP_CTX_new(libctx, propq); + int res = TEST_ptr(libctx) + && TEST_ptr(cmpctx) + && TEST_ptr_eq(libctx, OSSL_CMP_CTX_get0_libctx(cmpctx)) + && TEST_str_eq(propq, OSSL_CMP_CTX_get0_propq(cmpctx)); + + OSSL_CMP_CTX_free(cmpctx); + OSSL_LIB_CTX_free(libctx); + return res; +} + static int test_CTX_reinit(void) { SETUP_TEST_FIXTURE(OSSL_CMP_CTX_TEST_FIXTURE, set_up); @@ -306,10 +318,12 @@ static int test_cmp_ctx_log_cb(void) return result; } +#ifndef OPENSSL_NO_HTTP static BIO *test_http_cb(BIO *bio, void *arg, int use_ssl, int detail) { return NULL; } +#endif static OSSL_CMP_MSG *test_transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req) @@ -510,6 +524,7 @@ static X509_STORE *X509_STORE_new_1(void) return ret; \ } +/* cannot use PREFIX instead of OSSL_CMP and CTX due to #define OSSL_CMP_CTX */ #define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ TYPE *, NULL, IS_0, TYPE##_new(), TYPE##_free) @@ -550,7 +565,9 @@ static X509_STORE *X509_STORE_new_1(void) STACK_OF(TYPE)*, NULL, IS_0, \ sk_##TYPE##_new_null(), sk_##TYPE##_free) +#ifndef OPENSSL_NO_HTTP typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t; +#endif #define DEFINE_SET_CB_TEST(FIELD) \ static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ { \ @@ -673,7 +690,7 @@ static int execute_CTX_##PUSHN##_##ELEM(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ } \ \ if (!(*push_fn)(ctx, val2)) { \ - TEST_error("pushting second value failed"); \ + TEST_error("pushing second value failed"); \ res = 0; \ } \ if (PUSHN == 0) \ @@ -736,15 +753,17 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, server, char) DEFINE_SET_INT_TEST(serverPort) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, proxy, char) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, no_proxy, char) +#ifndef OPENSSL_NO_HTTP DEFINE_SET_CB_TEST(http_cb) DEFINE_SET_GET_P_VOID_TEST(http_cb_arg) +#endif DEFINE_SET_CB_TEST(transfer_cb) DEFINE_SET_GET_P_VOID_TEST(transfer_cb_arg) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, srvCert, X509) -DEFINE_SET_TEST(ossl_cmp, ctx, 0, 0, validatedSrvCert, X509) +DEFINE_SET_GET_TEST(ossl_cmp, ctx, 1, 0, 0, validatedSrvCert, X509) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME) -DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore, +DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trusted, X509_STORE *, NULL, DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted) @@ -794,19 +813,13 @@ DEFINE_SET_TEST(ossl_cmp, ctx, 1, 1, recipNonce, ASN1_OCTET_STRING) int setup_tests(void) { - char *cert_file; - if (!test_skip_common_options()) { TEST_error("Error parsing test options\n"); return 0; } - if (!TEST_ptr(cert_file = test_get_argument(0)) - || !TEST_ptr(test_cert = load_cert_pem(cert_file, NULL))) - return 0; - - /* OSSL_CMP_CTX_new() is tested by set_up() */ - /* OSSL_CMP_CTX_free() is tested by tear_down() */ + /* also tests OSSL_CMP_CTX_new() and OSSL_CMP_CTX_free(): */ + ADD_TEST(test_CTX_libctx_propq); ADD_TEST(test_CTX_reinit); /* various CMP options: */ @@ -833,15 +846,17 @@ int setup_tests(void) ADD_TEST(test_CTX_set_get_serverPort); ADD_TEST(test_CTX_set1_get0_proxy); ADD_TEST(test_CTX_set1_get0_no_proxy); +#ifndef OPENSSL_NO_HTTP ADD_TEST(test_CTX_set_get_http_cb); ADD_TEST(test_CTX_set_get_http_cb_arg); +#endif ADD_TEST(test_CTX_set_get_transfer_cb); ADD_TEST(test_CTX_set_get_transfer_cb_arg); /* server authentication: */ ADD_TEST(test_CTX_set1_get0_srvCert); - ADD_TEST(test_CTX_set0_get0_validatedSrvCert); + ADD_TEST(test_CTX_set1_get0_validatedSrvCert); ADD_TEST(test_CTX_set1_get0_expected_sender); - ADD_TEST(test_CTX_set0_get0_trustedStore); + ADD_TEST(test_CTX_set0_get0_trusted); ADD_TEST(test_CTX_set1_get0_untrusted); /* client authentication: */ ADD_TEST(test_CTX_set1_get0_cert); diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index e2bd210118d8..8cdf6b9b07a6 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -408,7 +408,6 @@ static int test_HDR_set_and_check_implicit_confirm(void) return result; } - static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) { ASN1_OCTET_STRING *header_nonce, *header_transactionID; @@ -428,8 +427,8 @@ static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) fixture->cmp_ctx->senderNonce))) return 0; header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr); - if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID, - fixture->cmp_ctx->transactionID))) + if (!TEST_true(ASN1_OCTET_STRING_cmp(header_transactionID, + fixture->cmp_ctx->transactionID) == 0)) return 0; header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr); @@ -478,7 +477,6 @@ static int test_HDR_init_with_subject(void) return result; } - void cleanup_tests(void) { return; diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index e0fb1c7906d0..e98b5624285b 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -339,7 +339,6 @@ static int test_cmp_create_error_msg(void) return result; } - static int test_cmp_create_pollreq(void) { SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); @@ -423,7 +422,6 @@ static int test_cmp_create_certrep(void) return result; } - static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) { OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text"); diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 09bf2ec17faf..9b975b86c3a6 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -12,6 +12,7 @@ #include "helpers/cmp_testlib.h" static const char *ir_protected_f; +static const char *genm_prot_Ed_f; static const char *ir_unprotected_f; static const char *ip_PBM_f; @@ -64,10 +65,13 @@ static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) return fixture; } -static EVP_PKEY *loadedprivkey = NULL; -static EVP_PKEY *loadedpubkey = NULL; -static EVP_PKEY *loadedkey = NULL; -static X509 *cert = NULL; +static EVP_PKEY *prot_RSA_key = NULL; +#ifndef OPENSSL_NO_ECX +static EVP_PKEY *prot_Ed_key = NULL; +static OSSL_CMP_MSG *genm_protected_Ed; +#endif +static EVP_PKEY *server_key = NULL; +static X509 *server_cert = NULL; static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; static OSSL_CMP_MSG *ir_unprotected, *ir_protected; static X509 *endentity1 = NULL, *endentity2 = NULL, @@ -96,33 +100,20 @@ static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) } /* - * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c, - * but without the need for a OSSL_CMP_CTX or a X509 certificate + * This function works similarly to parts of verify_signature in cmp_vfy.c, + * but without the need for an OSSL_CMP_CTX or an X509 certificate. */ static int verify_signature(OSSL_CMP_MSG *msg, ASN1_BIT_STRING *protection, EVP_PKEY *pkey, EVP_MD *digest) { OSSL_CMP_PROTECTEDPART prot_part; - unsigned char *prot_part_der = NULL; - int len; - EVP_MD_CTX *ctx = NULL; - int res; prot_part.header = OSSL_CMP_MSG_get0_header(msg); prot_part.body = msg->body; - len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); - res = - TEST_int_ge(len, 0) - && TEST_ptr(ctx = EVP_MD_CTX_new()) - && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) - && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, - protection->length, - prot_part_der, len), 1); - /* cleanup */ - EVP_MD_CTX_free(ctx); - OPENSSL_free(prot_part_der); - return res; + return ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), + msg->header->protectionAlg, protection, + &prot_part, NULL, pkey, libctx, NULL) > 0; } /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ @@ -132,11 +123,9 @@ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); int ret = (TEST_ptr(protection) - && TEST_true(ASN1_STRING_cmp(protection, - fixture->msg->protection) == 0) - && TEST_true(verify_signature(fixture->msg, protection, - fixture->pubkey, - fixture->cmp_ctx->digest))); + && TEST_true(verify_signature(fixture->msg, protection, + fixture->pubkey, + fixture->cmp_ctx->digest))); ASN1_BIT_STRING_free(protection); return ret; @@ -159,15 +148,30 @@ static int test_cmp_calc_protection_no_key_no_secret(void) static int test_cmp_calc_protection_pkey(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); - fixture->pubkey = loadedpubkey; - if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { + fixture->pubkey = prot_RSA_key; + if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_RSA_key)) + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); + return result; +} + +#ifndef OPENSSL_NO_ECX +static int test_cmp_calc_protection_pkey_Ed(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->pubkey = prot_Ed_key; + if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, prot_Ed_key)) + || !TEST_ptr(fixture->msg = load_pkimsg(genm_prot_Ed_f, libctx))) { tear_down(fixture); fixture = NULL; } EXECUTE_TEST(execute_calc_protection_signature_test, tear_down); return result; } +#endif static int test_cmp_calc_protection_pbmac(void) { @@ -238,8 +242,9 @@ static int test_MSG_protect_with_certificate_and_key(void) if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) - || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) - || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { + || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, server_key)) + || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, + server_cert))) { tear_down(fixture); fixture = NULL; } @@ -257,11 +262,11 @@ static int test_MSG_protect_certificate_based_without_cert(void) if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) - || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { + || !TEST_true(EVP_PKEY_up_ref(server_key)) + || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, server_key))) { tear_down(fixture); fixture = NULL; } - EVP_PKEY_up_ref(loadedkey); EXECUTE_TEST(execute_MSG_protect_test, tear_down); return result; } @@ -342,7 +347,7 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) if (TEST_ptr(chain)) { /* Check whether chain built is equal to the expected one */ ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); } if (!ret) return 0; @@ -357,7 +362,7 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) if (ret && chain != NULL) { /* Check whether chain built is equal to the expected one */ ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); } } X509_STORE_free(store); @@ -477,7 +482,7 @@ static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture) res = 1; err: X509_STORE_free(store); - sk_X509_pop_free(sk, X509_free); + OSSL_STACK_OF_X509_free(sk); return res; } @@ -517,13 +522,15 @@ static int test_X509_STORE_only_self_issued(void) return result; } - void cleanup_tests(void) { - EVP_PKEY_free(loadedprivkey); - EVP_PKEY_free(loadedpubkey); - EVP_PKEY_free(loadedkey); - X509_free(cert); + EVP_PKEY_free(prot_RSA_key); +#ifndef OPENSSL_NO_ECX + EVP_PKEY_free(prot_Ed_key); + OSSL_CMP_MSG_free(genm_protected_Ed); +#endif + EVP_PKEY_free(server_key); + X509_free(server_cert); X509_free(endentity1); X509_free(endentity2); X509_free(root); @@ -535,14 +542,16 @@ void cleanup_tests(void) OSSL_LIB_CTX_free(libctx); } -#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ +#define USAGE "prot_RSA.pem IR_protected.der prot_Ed.pem " \ + "GENM_protected_Ed.der IR_unprotected.der IP_PBM.der " \ "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ "Intermediate_CA.crt module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) { - char *server_f; + char *prot_RSA_f; + char *prot_Ed_f; char *server_key_f; char *server_cert_f; char *endentity1_f; @@ -556,33 +565,40 @@ int setup_tests(void) } RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); - if (!TEST_ptr(server_f = test_get_argument(0)) + if (!TEST_ptr(prot_RSA_f = test_get_argument(0)) || !TEST_ptr(ir_protected_f = test_get_argument(1)) - || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) - || !TEST_ptr(ip_PBM_f = test_get_argument(3)) - || !TEST_ptr(server_cert_f = test_get_argument(4)) - || !TEST_ptr(server_key_f = test_get_argument(5)) - || !TEST_ptr(endentity1_f = test_get_argument(6)) - || !TEST_ptr(endentity2_f = test_get_argument(7)) - || !TEST_ptr(root_f = test_get_argument(8)) - || !TEST_ptr(intermediate_f = test_get_argument(9))) { + || !TEST_ptr(prot_Ed_f = test_get_argument(2)) + || !TEST_ptr(genm_prot_Ed_f = test_get_argument(3)) + || !TEST_ptr(ir_unprotected_f = test_get_argument(4)) + || !TEST_ptr(ip_PBM_f = test_get_argument(5)) + || !TEST_ptr(server_cert_f = test_get_argument(6)) + || !TEST_ptr(server_key_f = test_get_argument(7)) + || !TEST_ptr(endentity1_f = test_get_argument(8)) + || !TEST_ptr(endentity2_f = test_get_argument(9)) + || !TEST_ptr(root_f = test_get_argument(10)) + || !TEST_ptr(intermediate_f = test_get_argument(11))) { TEST_error("usage: cmp_protect_test %s", USAGE); return 0; } - if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) + if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 12, USAGE)) return 0; - if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) - || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) + if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) + || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))) return 0; - if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) + if (!TEST_ptr(prot_RSA_key = load_pkey_pem(prot_RSA_f, libctx))) return 0; - if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) - loadedpubkey = loadedprivkey; +#ifndef OPENSSL_NO_ECX + if (!TEST_ptr(prot_Ed_key = load_pkey_pem(prot_Ed_f, libctx))) + return 0; +#endif if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) - || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) +#ifndef OPENSSL_NO_ECX + || !TEST_ptr(genm_protected_Ed = load_pkimsg(genm_prot_Ed_f, libctx)) +#endif + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) @@ -595,6 +611,9 @@ int setup_tests(void) /* Message protection tests */ ADD_TEST(test_cmp_calc_protection_no_key_no_secret); ADD_TEST(test_cmp_calc_protection_pkey); +#ifndef OPENSSL_NO_ECX + ADD_TEST(test_cmp_calc_protection_pkey_Ed); +#endif ADD_TEST(test_cmp_calc_protection_pbmac); ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key); diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index e270bb924bad..5e778ab656e6 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -76,6 +76,7 @@ static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture) if (!TEST_true(OSSL_CMP_SRV_CTX_init(ctx, dummy_custom_ctx, process_cert_request, NULL, NULL, NULL, NULL, NULL)) + || !TEST_true(OSSL_CMP_SRV_CTX_init_trans(ctx, NULL, NULL)) || !TEST_ptr(custom_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(ctx)) || !TEST_int_eq(strcmp(custom_ctx, dummy_custom_ctx), 0)) goto end; diff --git a/test/cmp_status_test.c b/test/cmp_status_test.c index 96f9336b8496..ac1c54ac198a 100644 --- a/test/cmp_status_test.c +++ b/test/cmp_status_test.c @@ -34,7 +34,6 @@ static void tear_down(CMP_STATUS_TEST_FIXTURE *fixture) OPENSSL_free(fixture); } - /* * Tests PKIStatusInfo creation and get-functions */ @@ -89,8 +88,6 @@ static int test_PKISI(void) return result; } - - void cleanup_tests(void) { return; diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index b82ae142c24d..114b1044975f 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -61,7 +61,7 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name) fixture->test_case_name = test_case_name; if (ts == NULL || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) - || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts) + || !OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, ts) || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) { tear_down(fixture); X509_STORE_free(ts); @@ -104,6 +104,7 @@ static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture) if (fixture->expected == 0) { const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir; const OSSL_CRMF_MSG *req = sk_OSSL_CRMF_MSG_value(reqs, 0); + if (req == NULL || !flip_bit(req->popo->value.signature->signature)) return 0; } @@ -130,16 +131,20 @@ static int test_verify_popo_bad(void) } #endif +/* indirectly checks also OSSL_CMP_validate_msg() */ static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture) { - return TEST_int_eq(fixture->expected, - ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg, - NULL, 0)); + int res = TEST_int_eq(fixture->expected, + ossl_cmp_msg_check_update(fixture->cmp_ctx, + fixture->msg, NULL, 0)); + X509 *validated = OSSL_CMP_CTX_get0_validatedSrvCert(fixture->cmp_ctx); + + return res && (!fixture->expected || TEST_ptr_eq(validated, fixture->cert)); } static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture) { - X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); + X509_STORE *ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx); int res = TEST_int_eq(fixture->expected, OSSL_CMP_validate_cert_path(fixture->cmp_ctx, ts, fixture->cert)); @@ -151,9 +156,10 @@ static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture) static int test_validate_msg_mac_alg_protection(int miss, int wrong) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); + fixture->cert = NULL; fixture->expected = !miss && !wrong; - if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, NULL) + if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, NULL) : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, wrong ? 4 : sizeof(sec_1))) || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { @@ -169,6 +175,7 @@ static int test_validate_msg_mac_alg_protection_ok(void) return test_validate_msg_mac_alg_protection(0, 0); } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_mac_alg_protection_missing(void) { return test_validate_msg_mac_alg_protection(1, 0); @@ -179,7 +186,6 @@ static int test_validate_msg_mac_alg_protection_wrong(void) return test_validate_msg_mac_alg_protection(0, 1); } -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_mac_alg_protection_bad(void) { const unsigned char sec_bad[] = { @@ -188,6 +194,7 @@ static int test_validate_msg_mac_alg_protection_bad(void) }; SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); + fixture->cert = NULL; fixture->expected = 0; if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad, @@ -203,7 +210,7 @@ static int test_validate_msg_mac_alg_protection_bad(void) static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert) { - return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trustedStore(ctx), cert); + return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trusted(ctx), cert); } static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert) @@ -217,8 +224,9 @@ static int test_validate_msg_signature_partial_chain(int expired) X509_STORE *ts; SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); + fixture->cert = srvcert; - ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); + ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx); fixture->expected = !expired; if (ts == NULL || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) @@ -227,6 +235,7 @@ static int test_validate_msg_signature_partial_chain(int expired) fixture = NULL; } else { X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); + X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN); if (expired) X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); @@ -265,10 +274,12 @@ static int test_validate_msg_signature_srvcert(int bad_sig, int miss, int wrong) return result; } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_srvcert_missing(void) { return test_validate_msg_signature_srvcert(0, 1, 0); } +#endif static int test_validate_msg_signature_srvcert_wrong(void) { @@ -290,6 +301,7 @@ static int test_validate_msg_signature_sender_cert_srvcert(void) static int test_validate_msg_signature_sender_cert_untrusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); + fixture->cert = insta_cert; fixture->expected = 1; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) @@ -304,6 +316,7 @@ static int test_validate_msg_signature_sender_cert_untrusted(void) static int test_validate_msg_signature_sender_cert_trusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); + fixture->cert = insta_cert; fixture->expected = 1; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) @@ -323,18 +336,20 @@ static int test_validate_msg_signature_sender_cert_extracert(void) || !add_trusted(fixture->cmp_ctx, instaca_cert)) { tear_down(fixture); fixture = NULL; + } else { + fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */ } EXECUTE_TEST(execute_validate_msg_test, tear_down); return result; } - #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_sender_cert_absent(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) { + if (!TEST_ptr(fixture->msg = + load_pkimsg(ir_protected_0_extracerts, libctx))) { tear_down(fixture); fixture = NULL; } @@ -346,6 +361,7 @@ static int test_validate_msg_signature_sender_cert_absent(void) static int test_validate_with_sender(const X509_NAME *name, int expected) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); + fixture->cert = srvcert; fixture->expected = expected; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name)) @@ -386,8 +402,9 @@ static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired) (*fixture)->cert = endentity2; (*fixture)->expected = wrong == NULL && !expired; if (expired) { - X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore((*fixture)->cmp_ctx); + X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx); X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); + X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); } if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong) @@ -434,7 +451,7 @@ static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture) fixture->additional_arg))) return 0; - if (fixture->expected == 0) /* error expected aready during above check */ + if (fixture->expected == 0) /* error expected already during above check */ return 1; return TEST_int_eq(0, @@ -471,6 +488,7 @@ static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected, (*fixture) = NULL; } else if (trid_data != NULL) { ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new(); + if (trid == NULL || !ASN1_OCTET_STRING_set(trid, trid_data, OSSL_CMP_TRANSACTIONID_LENGTH) @@ -574,7 +592,6 @@ void cleanup_tests(void) return; } - #define USAGE "server.crt client.crt " \ "EndEntity1.crt EndEntity2.crt " \ "Root_CA.crt Intermediate_CA.crt " \ @@ -642,7 +659,8 @@ int setup_tests(void) if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) - || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) + || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, + libctx))) goto err; /* Message validation tests */ diff --git a/test/cmsapitest.c b/test/cmsapitest.c index dbb05cd49622..59dd7faeb284 100644 --- a/test/cmsapitest.c +++ b/test/cmsapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include <openssl/bio.h> #include <openssl/x509.h> #include <openssl/pem.h> +#include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */ #include "testutil.h" @@ -28,6 +29,7 @@ static int test_encrypt_decrypt(const EVP_CIPHER *cipher) BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg)); BIO *outmsgbio = BIO_new(BIO_s_mem()); CMS_ContentInfo* content = NULL; + BIO *contentbio = NULL; char buf[80]; if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio)) @@ -44,6 +46,12 @@ static int test_encrypt_decrypt(const EVP_CIPHER *cipher) CMS_TEXT))) goto end; + if (!TEST_ptr(contentbio = + CMS_EnvelopedData_decrypt(content->d.envelopedData, + NULL, privkey, cert, NULL, + CMS_TEXT, NULL, NULL))) + goto end; + /* Check we got the message we first started with */ if (!TEST_int_eq(BIO_gets(outmsgbio, buf, sizeof(buf)), strlen(msg)) || !TEST_int_eq(strcmp(buf, msg), 0)) @@ -51,6 +59,7 @@ static int test_encrypt_decrypt(const EVP_CIPHER *cipher) testresult = 1; end: + BIO_free(contentbio); sk_X509_free(certstack); BIO_free(msgbio); BIO_free(outmsgbio); @@ -79,10 +88,24 @@ static int test_encrypt_decrypt_aes_256_gcm(void) return test_encrypt_decrypt(EVP_aes_256_gcm()); } +static int test_CMS_add1_cert(void) +{ + CMS_ContentInfo *cms = NULL; + int ret = 0; + + ret = TEST_ptr(cms = CMS_ContentInfo_new()) + && TEST_ptr(CMS_add1_signer(cms, cert, privkey, NULL, 0)) + && TEST_true(CMS_add1_cert(cms, cert)); /* add cert again */ + + CMS_ContentInfo_free(cms); + return ret; +} + static int test_d2i_CMS_bio_NULL(void) { - BIO *bio; + BIO *bio, *content = NULL; CMS_ContentInfo *cms = NULL; + unsigned int flags = CMS_NO_SIGNER_CERT_VERIFY; int ret = 0; /* @@ -281,9 +304,12 @@ static int test_d2i_CMS_bio_NULL(void) }; ret = TEST_ptr(bio = BIO_new_mem_buf(cms_data, sizeof(cms_data))) - && TEST_ptr(cms = d2i_CMS_bio(bio, NULL)) - && TEST_true(CMS_verify(cms, NULL, NULL, NULL, NULL, - CMS_NO_SIGNER_CERT_VERIFY)); + && TEST_ptr(cms = d2i_CMS_bio(bio, NULL)) + && TEST_true(CMS_verify(cms, NULL, NULL, NULL, NULL, flags)) + && TEST_ptr(content = + CMS_SignedData_verify(cms->d.signedData, NULL, NULL, NULL, + NULL, NULL, flags, NULL, NULL)); + BIO_free(content); CMS_ContentInfo_free(cms); BIO_free(bio); return ret && TEST_int_eq(ERR_peek_error(), 0); @@ -306,6 +332,9 @@ static unsigned char *read_all(BIO *bio, long *p_len) if (ret < 0) break; + if (LONG_MAX - ret < *p_len) + break; + *p_len += ret; if (ret < step) @@ -400,6 +429,7 @@ int setup_tests(void) ADD_TEST(test_encrypt_decrypt_aes_128_gcm); ADD_TEST(test_encrypt_decrypt_aes_192_gcm); ADD_TEST(test_encrypt_decrypt_aes_256_gcm); + ADD_TEST(test_CMS_add1_cert); ADD_TEST(test_d2i_CMS_bio_NULL); ADD_ALL_TESTS(test_d2i_CMS_decode, 2); return 1; diff --git a/test/conf_include_test.c b/test/conf_include_test.c index f6835d59e79e..74c5c72b64f5 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,28 +37,32 @@ #endif /* changes path to that of the filename */ -static int change_path(const char *file) +static char *change_path(const char *file) { char *s = OPENSSL_strdup(file); char *p = s; char *last = NULL; int ret = 0; + char *new_config_name = NULL; if (s == NULL) - return -1; + return NULL; while ((p = strpbrk(p, DIRSEP)) != NULL) { last = p++; } if (last == NULL) goto err; - last[DIRSEP_PRESERVE] = 0; + last[DIRSEP_PRESERVE] = 0; TEST_note("changing path to %s", s); + ret = chdir(s); + if (ret == 0) + new_config_name = OPENSSL_strdup(last + DIRSEP_PRESERVE + 1); err: OPENSSL_free(s); - return ret; + return new_config_name; } /* @@ -68,6 +72,9 @@ static int change_path(const char *file) static CONF *conf; static BIO *in; static int expect_failure = 0; +static int test_providers = 0; +static OSSL_LIB_CTX *libctx = NULL; +static char *rel_conf_file = NULL; static int test_load_config(void) { @@ -116,6 +123,27 @@ static int test_load_config(void) return 0; } + if (test_providers != 0) { + /* test for `active` directive in configuration file */ + val = 0; + if (!TEST_int_eq(NCONF_get_number(conf, "null_sect", "activate", &val), 1) + || !TEST_int_eq(val, 1)) { + TEST_note("null provider not activated"); + return 0; + } + val = 0; + if (!TEST_int_eq(NCONF_get_number(conf, "default_sect", "activate", &val), 1) + || !TEST_int_eq(val, 1)) { + TEST_note("default provider not activated"); + return 0; + } + val = 0; + if (!TEST_int_eq(NCONF_get_number(conf, "legacy_sect", "activate", &val), 1) + || !TEST_int_eq(val, 1)) { + TEST_note("legacy provider not activated"); + return 0; + } + } return 1; } @@ -174,10 +202,33 @@ static int test_check_overflow(void) return 1; } +static int test_available_providers(void) +{ + libctx = OSSL_LIB_CTX_new(); + if (!TEST_ptr(libctx)) + return 0; + + if (!TEST_ptr(rel_conf_file) || !OSSL_LIB_CTX_load_config(libctx, rel_conf_file)) { + TEST_note("Failed to load config"); + return 0; + } + + if (OSSL_PROVIDER_available(libctx, "default") != 1) { + TEST_note("Default provider is missing"); + return 0; + } + if (OSSL_PROVIDER_available(libctx, "legacy") != 1) { + TEST_note("Legacy provider is missing"); + return 0; + } + return 1; +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_FAIL, + OPT_TEST_PROV, OPT_TEST_ENUM } OPTION_CHOICE; @@ -186,6 +237,8 @@ const OPTIONS *test_get_options(void) static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"), { "f", OPT_FAIL, '-', "A failure is expected" }, + { "providers", OPT_TEST_PROV, '-', + "Test for activated default and legacy providers"}, { NULL } }; return test_options; @@ -193,7 +246,7 @@ const OPTIONS *test_get_options(void) int setup_tests(void) { - const char *conf_file; + char *conf_file = NULL; OPTION_CHOICE o; if (!TEST_ptr(conf = NCONF_new(NULL))) @@ -204,6 +257,8 @@ int setup_tests(void) case OPT_FAIL: expect_failure = 1; break; + case OPT_TEST_PROV: + test_providers = 1; case OPT_TEST_CASES: break; default: @@ -222,16 +277,24 @@ int setup_tests(void) * For this test we need to chdir as we use relative * path names in the config files. */ - change_path(conf_file); + rel_conf_file = change_path(conf_file); + if (!TEST_ptr(rel_conf_file)) { + TEST_note("Unable to change path"); + return 0; + } ADD_TEST(test_load_config); ADD_TEST(test_check_null_numbers); ADD_TEST(test_check_overflow); + if (test_providers != 0) + ADD_TEST(test_available_providers); + return 1; } void cleanup_tests(void) { + OPENSSL_free(rel_conf_file); BIO_vfree(in); NCONF_free(conf); CONF_modules_unload(1); diff --git a/test/constant_time_test.c b/test/constant_time_test.c index 044100b14af0..ad54dbef458f 100644 --- a/test/constant_time_test.c +++ b/test/constant_time_test.c @@ -85,9 +85,9 @@ static int test_binary_op_s(size_t (*op) (size_t a, size_t b), const char *op_name, size_t a, size_t b, int is_true) { - if (is_true && !TEST_size_t_eq(op(a,b), CONSTTIME_TRUE_S)) + if (is_true && !TEST_size_t_eq(op(a, b), CONSTTIME_TRUE_S)) return 0; - if (!is_true && !TEST_uint_eq(op(a,b), CONSTTIME_FALSE_S)) + if (!is_true && !TEST_uint_eq(op(a, b), CONSTTIME_FALSE_S)) return 0; return 1; } diff --git a/test/context_internal_test.c b/test/context_internal_test.c index 4c02f601cc52..238d48db8d13 100644 --- a/test/context_internal_test.c +++ b/test/context_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,103 +12,25 @@ #include "internal/cryptlib.h" #include "testutil.h" -/* - * Everything between BEGIN EXAMPLE and END EXAMPLE is copied from - * doc/internal/man3/ossl_lib_ctx_get_data.pod - */ - -/* - * ====================================================================== - * BEGIN EXAMPLE - */ - -typedef struct foo_st { - int i; - void *data; -} FOO; - -static void *foo_new(OSSL_LIB_CTX *ctx) -{ - FOO *ptr = OPENSSL_zalloc(sizeof(*ptr)); - if (ptr != NULL) - ptr->i = 42; - return ptr; -} -static void foo_free(void *ptr) -{ - OPENSSL_free(ptr); -} -static const OSSL_LIB_CTX_METHOD foo_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - foo_new, - foo_free -}; - -/* - * END EXAMPLE - * ====================================================================== - */ - -static int test_context(OSSL_LIB_CTX *ctx) -{ - FOO *data = NULL; - - return TEST_ptr(data = ossl_lib_ctx_get_data(ctx, 0, &foo_method)) - /* OPENSSL_zalloc in foo_new() initialized it to zero */ - && TEST_int_eq(data->i, 42); -} - -static int test_app_context(void) -{ - OSSL_LIB_CTX *ctx = NULL; - int result = - TEST_ptr(ctx = OSSL_LIB_CTX_new()) - && test_context(ctx); - - OSSL_LIB_CTX_free(ctx); - return result; -} - -static int test_def_context(void) -{ - return test_context(NULL); -} - static int test_set0_default(void) { OSSL_LIB_CTX *global = OSSL_LIB_CTX_get0_global_default(); OSSL_LIB_CTX *local = OSSL_LIB_CTX_new(); OSSL_LIB_CTX *prev; int testresult = 0; - FOO *data = NULL; if (!TEST_ptr(global) || !TEST_ptr(local) - || !TEST_ptr_eq(global, OSSL_LIB_CTX_set0_default(NULL)) - || !TEST_ptr(data = ossl_lib_ctx_get_data(local, 0, &foo_method))) - goto err; - - /* Set local "i" value to 43. Global "i" should be 42 */ - data->i++; - if (!TEST_int_eq(data->i, 43)) - goto err; - - /* The default context should still be the "global" default */ - if (!TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 42)) + || !TEST_ptr_eq(global, OSSL_LIB_CTX_set0_default(NULL))) goto err; /* Check we can change the local default context */ if (!TEST_ptr(prev = OSSL_LIB_CTX_set0_default(local)) - || !TEST_ptr_eq(global, prev) - || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 43)) + || !TEST_ptr_eq(global, prev)) goto err; /* Calling OSSL_LIB_CTX_set0_default() with a NULL should be a no-op */ - if (!TEST_ptr_eq(local, OSSL_LIB_CTX_set0_default(NULL)) - || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 43)) + if (!TEST_ptr_eq(local, OSSL_LIB_CTX_set0_default(NULL))) goto err; /* Global default should be unchanged */ @@ -116,10 +38,8 @@ static int test_set0_default(void) goto err; /* Check we can swap back to the global default */ - if (!TEST_ptr(prev = OSSL_LIB_CTX_set0_default(global)) - || !TEST_ptr_eq(local, prev) - || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 42)) + if (!TEST_ptr(prev = OSSL_LIB_CTX_set0_default(global)) + || !TEST_ptr_eq(local, prev)) goto err; testresult = 1; @@ -128,10 +48,36 @@ static int test_set0_default(void) return testresult; } +static int test_set_get_conf_diagnostics(void) +{ + OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); + int res = 0; + + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx))) + goto err; + + OSSL_LIB_CTX_set_conf_diagnostics(ctx, 1); + + if (!TEST_true(OSSL_LIB_CTX_get_conf_diagnostics(ctx))) + goto err; + + OSSL_LIB_CTX_set_conf_diagnostics(ctx, 0); + + if (!TEST_false(OSSL_LIB_CTX_get_conf_diagnostics(ctx))) + goto err; + + res = 1; + err: + OSSL_LIB_CTX_free(ctx); + return res; +} + int setup_tests(void) { - ADD_TEST(test_app_context); - ADD_TEST(test_def_context); ADD_TEST(test_set0_default); + ADD_TEST(test_set_get_conf_diagnostics); return 1; } diff --git a/test/crltest.c b/test/crltest.c index c96561c69bfa..c18448122024 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -266,9 +266,13 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, goto err; /* Create a stack; upref the cert because we free it below. */ - X509_up_ref(root); - if (!TEST_true(sk_X509_push(roots, root)) - || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) + if (!TEST_true(X509_up_ref(root))) + goto err; + if (!TEST_true(sk_X509_push(roots, root))) { + X509_free(root); + goto err; + } + if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); @@ -285,7 +289,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, status = X509_verify_cert(ctx) == 1 ? X509_V_OK : X509_STORE_CTX_get_error(ctx); err: - sk_X509_pop_free(roots, X509_free); + OSSL_STACK_OF_X509_free(roots); sk_X509_CRL_pop_free(crls, X509_CRL_free); X509_VERIFY_PARAM_free(param); X509_STORE_CTX_free(ctx); @@ -302,13 +306,29 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2) { STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); - sk_X509_CRL_push(sk, x1); - X509_CRL_up_ref(x1); + if (x1 != NULL) { + if (!X509_CRL_up_ref(x1)) + goto err; + if (!sk_X509_CRL_push(sk, x1)) { + X509_CRL_free(x1); + goto err; + } + } + if (x2 != NULL) { - sk_X509_CRL_push(sk, x2); - X509_CRL_up_ref(x2); + if (!X509_CRL_up_ref(x2)) + goto err; + if (!sk_X509_CRL_push(sk, x2)) { + X509_CRL_free(x2); + goto err; + } } + return sk; + +err: + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; } static int test_basic_crl(void) diff --git a/test/ct_test.c b/test/ct_test.c index ff253414f806..f98dd6060285 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -463,7 +463,11 @@ static int test_encode_tls_sct(void) return 0; } - sk_SCT_push(fixture->sct_list, sct); + if (!sk_SCT_push(fixture->sct_list, sct)) { + tear_down(fixture); + return 0; + } + fixture->sct_dir = ct_dir; fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c index 9d811e08a886..c0b3ae3c80c3 100644 --- a/test/curve448_internal_test.c +++ b/test/curve448_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -602,43 +602,43 @@ static int test_ed448(void) if (!TEST_ptr(hashctx) || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1, - privkey1, NULL, 0, NULL)) + privkey1, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2), - pubkey2, privkey2, NULL, 0, NULL)) + pubkey2, privkey2, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3), pubkey3, privkey3, context3, - sizeof(context3), NULL)) + sizeof(context3), 0, NULL)) || !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4), - pubkey4, privkey4, NULL, 0, NULL)) + pubkey4, privkey4, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5), - pubkey5, privkey5, NULL, 0, NULL)) + pubkey5, privkey5, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6), - pubkey6, privkey6, NULL, 0, NULL)) + pubkey6, privkey6, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7), - pubkey7, privkey7, NULL, 0, NULL)) + pubkey7, privkey7, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8), - pubkey8, privkey8, NULL, 0, NULL)) + pubkey8, privkey8, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0) || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9), - pubkey9, privkey9, NULL, 0, NULL)) + pubkey9, privkey9, NULL, 0, 0, NULL)) || !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0) - || !TEST_true(ossl_ed448ph_sign(NULL, outsig, - dohash(hashctx, phmsg1, - sizeof(phmsg1)), phpubkey1, - phprivkey1, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, + dohash(hashctx, phmsg1, + sizeof(phmsg1)), 64, phpubkey1, + phprivkey1, NULL, 0, 1, NULL)) || !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0) - || !TEST_true(ossl_ed448ph_sign(NULL, outsig, - dohash(hashctx, phmsg2, - sizeof(phmsg2)), phpubkey2, - phprivkey2, phcontext2, - sizeof(phcontext2), NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, + dohash(hashctx, phmsg2, + sizeof(phmsg2)), 64, phpubkey2, + phprivkey2, phcontext2, + sizeof(phcontext2), 1, NULL)) || !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) { EVP_MD_CTX_free(hashctx); return 0; diff --git a/test/danetest.c b/test/danetest.c index 0ed460039d48..d7ef87b6d267 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -143,7 +143,7 @@ err: OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); return NULL; } @@ -344,7 +344,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name, } ok = verify_chain(ssl, chain); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); err = SSL_get_verify_result(ssl); /* * Peek under the hood, normally TLSA match data is hidden when diff --git a/test/default-and-fips.cnf b/test/default-and-fips.cnf index 2ca6487fd2fd..71af0a385abb 100644 --- a/test/default-and-fips.cnf +++ b/test/default-and-fips.cnf @@ -13,4 +13,4 @@ default = default_sect fips = fips_sect [default_sect] -activate = 1 +activate = yes diff --git a/test/default.cnf b/test/default.cnf index f29d0e92bae8..21c7e070a9e0 100644 --- a/test/default.cnf +++ b/test/default.cnf @@ -8,6 +8,10 @@ providers = provider_sect [provider_sect] default = default_sect +legacy = legacy_sect [default_sect] -activate = 1 +activate = true + +[legacy_sect] +activate = false diff --git a/test/defltfips_test.c b/test/defltfips_test.c index 9def654c5d3a..685a2e1d2677 100644 --- a/test/defltfips_test.c +++ b/test/defltfips_test.c @@ -79,7 +79,7 @@ int setup_tests(void) } argc = test_get_argument_count(); - switch(argc) { + switch (argc) { case 0: is_fips = 0; bad_fips = 0; diff --git a/test/destest.c b/test/destest.c index d5f00fa691ff..7bc844ae88bd 100644 --- a/test/destest.c +++ b/test/destest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,14 +177,18 @@ static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = { {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85} }; -static unsigned char cbc_key[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; -static unsigned char cbc2_key[8] = - { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 }; -static unsigned char cbc3_key[8] = - { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; -static unsigned char cbc_iv[8] = - { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_key[8] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef +}; +static unsigned char cbc2_key[8] = { + 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 +}; +static unsigned char cbc3_key[8] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 +}; +static unsigned char cbc_iv[8] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 +}; /* * Changed the following text constant to binary so it will work on ebcdic * machines :-) @@ -208,8 +212,9 @@ static unsigned char cbc_ok[32] = { # ifdef SCREW_THE_PARITY # error "SCREW_THE_PARITY is not meant to be defined." # error "Original vectors are preserved for reference only." -static unsigned char cbc2_key[8] = - { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; +static unsigned char cbc2_key[8] = { + 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 +}; static unsigned char xcbc_ok[32] = { 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48, 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD, @@ -239,10 +244,12 @@ static unsigned char pcbc_ok[32] = { 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88 }; -static unsigned char cfb_key[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; -static unsigned char cfb_iv[8] = - { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char cfb_key[8] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef +}; +static unsigned char cfb_iv[8] = { + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef +}; static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; static unsigned char plain[24] = { 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, @@ -276,10 +283,12 @@ static unsigned char cfb_cipher64[24] = { 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22 }; -static unsigned char ofb_key[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; -static unsigned char ofb_iv[8] = - { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char ofb_key[8] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef +}; +static unsigned char ofb_iv[8] = { + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef +}; static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8]; static unsigned char ofb_cipher[24] = { 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51, @@ -287,8 +296,9 @@ static unsigned char ofb_cipher[24] = { 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3 }; static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; -static unsigned char cbc_cksum_data[8] = - { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; +static unsigned char cbc_cksum_data[8] = { + 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 +}; static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE]) { diff --git a/test/dhtest.c b/test/dhtest.c index 000dd5b69805..bef706909c73 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -600,7 +600,7 @@ static int rfc5114_test(void) if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL)) || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL)) - || !TEST_true( DH_set0_key(dhB, pub_key, priv_key))) + || !TEST_true(DH_set0_key(dhB, pub_key, priv_key))) goto bad_err; priv_key = pub_key = NULL; diff --git a/test/drbgtest.c b/test/drbgtest.c index afbc55112529..f12493b5cf82 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,12 +28,6 @@ # include <windows.h> #endif -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include <floss.h(floss_fork)> -# endif -#endif - #if defined(OPENSSL_SYS_UNIX) # include <sys/types.h> # include <sys/wait.h> @@ -148,7 +142,7 @@ static int using_fips_rng(void) if (!TEST_ptr(prov)) return 0; name = OSSL_PROVIDER_get0_name(prov); - return strcmp(name, "OpenSSL FIPS Provider") == 0; + return strstr(name, "FIPS Provider") != NULL; } /* @@ -299,7 +293,7 @@ typedef struct drbg_fork_result_st { * This simplifies finding duplicate random output and makes * the printout in case of an error more readable. */ -static int compare_drbg_fork_result(const void * left, const void * right) +static int compare_drbg_fork_result(const void *left, const void *right) { int result; const drbg_fork_result *l = left; @@ -322,7 +316,7 @@ static int compare_drbg_fork_result(const void * left, const void * right) * * Used for finding collisions in two-byte chunks */ -static int compare_rand_chunk(const void * left, const void * right) +static int compare_rand_chunk(const void *left, const void *right) { return memcmp(left, right, 2); } diff --git a/test/dsatest.c b/test/dsatest.c index b849105d33d8..04fabc0cb949 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -247,7 +247,7 @@ static int dsa_keygen_test(void) goto end; if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0) - || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx)) + || !TEST_ptr(EVP_PKEY_CTX_gettable_params(pg_ctx)) || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) || !TEST_ptr(OSSL_PARAM_locate_const(settables, OSSL_PKEY_PARAM_FFC_PBITS)) diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 25844aa0ff58..f1b705fd59e6 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,7 @@ /* for SSL_READ_ETM() */ #include "../ssl/ssl_local.h" +#include "internal/ssl_unwrap.h" static int debug = 0; @@ -55,6 +56,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) size_t mtus[30]; unsigned char buf[600]; int rv = 0; + SSL_CONNECTION *clnt_sc; memset(buf, 0x5a, sizeof(buf)); @@ -132,8 +134,10 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) } } } + if (!TEST_ptr(clnt_sc = SSL_CONNECTION_FROM_SSL_ONLY(clnt_ssl))) + goto end; rv = 1; - if (SSL_READ_ETM(clnt_ssl)) + if (SSL_READ_ETM(clnt_sc)) rv = 2; end: SSL_free(clnt_ssl); @@ -168,7 +172,7 @@ static int run_mtu_tests(void) const char *cipher_name = SSL_CIPHER_get_name(cipher); /* As noted above, only one test for each enc/mac variant. */ - if (strncmp(cipher_name, "PSK-", 4) != 0) + if (!HAS_PREFIX(cipher_name, "PSK-")) continue; if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0)) diff --git a/test/dtlstest.c b/test/dtlstest.c index 463b1d93179a..011d8775c157 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -125,7 +125,7 @@ static int test_dtls_unprocessed(int testidx) * they will fail to decrypt. */ if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1, - SSL_ERROR_NONE, 0))) + SSL_ERROR_NONE, 0, 0))) goto end; if (timer_cb_count == 0) { @@ -425,6 +425,12 @@ static int test_just_finished(void) &sctx, NULL, cert, privkey))) return 0; +#ifdef OPENSSL_NO_DTLS1_2 + /* DTLSv1 is not allowed at the default security level */ + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))) + goto end; +#endif + serverssl = SSL_new(sctx); rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); @@ -577,6 +583,56 @@ static int test_swap_records(int idx) SSL_free(sssl); SSL_CTX_free(cctx); SSL_CTX_free(sctx); + + return testresult; +} + +/* Confirm that we can create a connections using DTLSv1_listen() */ +static int test_listen(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) + return 0; + +#ifdef OPENSSL_NO_DTLS1_2 + /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "DEFAULT:@SECLEVEL=0"))) + goto end; +#endif + + SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); + SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + DTLS_set_timer_cb(clientssl, timer_cb); + DTLS_set_timer_cb(serverssl, timer_cb); + + /* + * The last parameter to create_bare_ssl_connection() requests that + * DTLSv1_listen() is used. + */ + if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE, 1, 1))) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; } @@ -601,6 +657,7 @@ int setup_tests(void) ADD_TEST(test_dtls_duplicate_records); ADD_TEST(test_just_finished); ADD_ALL_TESTS(test_swap_records, 4); + ADD_TEST(test_listen); return 1; } diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c index 02cfd4e9d885..0268142ae7fd 100644 --- a/test/ec_internal_test.c +++ b/test/ec_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include "testutil.h" #include <openssl/ec.h> #include "ec_local.h" +#include <crypto/bn.h> #include <openssl/objects.h> static size_t crv_len = 0; @@ -483,6 +484,68 @@ end: return testresult; } + +static int check_bn_mont_ctx(BN_MONT_CTX *mont, BIGNUM *mod, BN_CTX *ctx) +{ + int ret = 0; + BN_MONT_CTX *regenerated = BN_MONT_CTX_new(); + + if (!TEST_ptr(regenerated)) + return ret; + if (!TEST_ptr(mont)) + goto err; + + if (!TEST_true(BN_MONT_CTX_set(regenerated, mod, ctx))) + goto err; + + if (!TEST_true(ossl_bn_mont_ctx_eq(regenerated, mont))) + goto err; + + ret = 1; + + err: + BN_MONT_CTX_free(regenerated); + return ret; +} + +static int montgomery_correctness_test(EC_GROUP *group) +{ + int ret = 0; + BN_CTX *ctx = NULL; + + ctx = BN_CTX_new(); + if (!TEST_ptr(ctx)) + return ret; + if (!TEST_true(check_bn_mont_ctx(group->mont_data, group->order, ctx))) { + TEST_error("group order issue"); + goto err; + } + if (group->field_data1 != NULL) { + if (!TEST_true(check_bn_mont_ctx(group->field_data1, group->field, ctx))) + goto err; + } + ret = 1; + err: + BN_CTX_free(ctx); + return ret; +} + +static int named_group_creation_test(void) +{ + int ret = 0; + EC_GROUP *group = NULL; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) + || !TEST_true(montgomery_correctness_test(group))) + goto err; + + ret = 1; + + err: + EC_GROUP_free(group); + return ret; +} + int setup_tests(void) { crv_len = EC_get_builtin_curves(NULL, 0); @@ -503,6 +566,7 @@ int setup_tests(void) ADD_TEST(set_private_key); ADD_TEST(decoded_flag_test); ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); + ADD_TEST(named_group_creation_test); return 1; } diff --git a/test/ectest.c b/test/ectest.c index 946973c2f4d9..70df89ee2f87 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -2054,6 +2054,118 @@ err: return r; } +/* + * This test validates converting an EC_GROUP to an OSSL_PARAM array + * using EC_GROUP_to_params(). A named and an explicit curve are tested. + */ +static int ossl_parameter_test(void) +{ + EC_GROUP *group_nmd = NULL, *group_nmd2 = NULL, *group_nmd3 = NULL; + EC_GROUP *group_exp = NULL, *group_exp2 = NULL; + OSSL_PARAM *params_nmd = NULL, *params_nmd2 = NULL; + OSSL_PARAM *params_exp = NULL, *params_exp2 = NULL; + unsigned char *buf = NULL, *buf2 = NULL; + BN_CTX *bn_ctx = NULL; + OSSL_PARAM_BLD *bld = NULL; + BIGNUM *p, *a, *b; + const EC_POINT *group_gen = NULL; + size_t bsize; + int r = 0; + + if (!TEST_ptr(bn_ctx = BN_CTX_new())) + goto err; + + /* test named curve */ + if (!TEST_ptr(group_nmd = EC_GROUP_new_by_curve_name(NID_secp384r1)) + /* test with null BN_CTX */ + || !TEST_ptr(params_nmd = EC_GROUP_to_params( + group_nmd, NULL, NULL, NULL)) + || !TEST_ptr(group_nmd2 = EC_GROUP_new_from_params( + params_nmd, NULL, NULL)) + || !TEST_int_eq(EC_GROUP_cmp(group_nmd, group_nmd2, NULL), 0) + /* test with BN_CTX set */ + || !TEST_ptr(params_nmd2 = EC_GROUP_to_params( + group_nmd, NULL, NULL, bn_ctx)) + || !TEST_ptr(group_nmd3 = EC_GROUP_new_from_params( + params_nmd2, NULL, NULL)) + || !TEST_int_eq(EC_GROUP_cmp(group_nmd, group_nmd3, NULL), 0)) + goto err; + + /* test explicit curve */ + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())) + goto err; + + BN_CTX_start(bn_ctx); + p = BN_CTX_get(bn_ctx); + a = BN_CTX_get(bn_ctx); + b = BN_CTX_get(bn_ctx); + + if (!TEST_true(EC_GROUP_get_curve(group_nmd, p, a, b, bn_ctx)) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string( + bld, OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))) + goto err; + + if (EC_GROUP_get0_seed(group_nmd) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string( + bld, OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group_nmd), + EC_GROUP_get_seed_len(group_nmd)))) + goto err; + } + if (EC_GROUP_get0_cofactor(group_nmd) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_BN( + bld, OSSL_PKEY_PARAM_EC_COFACTOR, + EC_GROUP_get0_cofactor(group_nmd)))) + goto err; + } + + if (!TEST_ptr(group_gen = EC_GROUP_get0_generator(group_nmd)) + || !TEST_size_t_gt(bsize = EC_POINT_point2oct( + group_nmd, EC_GROUP_get0_generator(group_nmd), + POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx), 0) + || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) + || !TEST_size_t_eq(EC_POINT_point2oct( + group_nmd, EC_GROUP_get0_generator(group_nmd), + POINT_CONVERSION_UNCOMPRESSED, buf2, bsize, bn_ctx), bsize) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string( + bld, OSSL_PKEY_PARAM_EC_GENERATOR, buf2, bsize)) + || !TEST_true(OSSL_PARAM_BLD_push_BN( + bld, OSSL_PKEY_PARAM_EC_ORDER, EC_GROUP_get0_order(group_nmd)))) + goto err; + + if (!TEST_ptr(params_exp = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(group_exp = + EC_GROUP_new_from_params(params_exp, NULL, NULL)) + || !TEST_ptr(params_exp2 = + EC_GROUP_to_params(group_exp, NULL, NULL, NULL)) + || !TEST_ptr(group_exp2 = + EC_GROUP_new_from_params(params_exp2, NULL, NULL)) + || !TEST_int_eq(EC_GROUP_cmp(group_exp, group_exp2, NULL), 0)) + goto err; + + r = 1; + +err: + EC_GROUP_free(group_nmd); + EC_GROUP_free(group_nmd2); + EC_GROUP_free(group_nmd3); + OSSL_PARAM_free(params_nmd); + OSSL_PARAM_free(params_nmd2); + OPENSSL_free(buf); + + EC_GROUP_free(group_exp); + EC_GROUP_free(group_exp2); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + OPENSSL_free(buf2); + OSSL_PARAM_BLD_free(bld); + OSSL_PARAM_free(params_exp); + OSSL_PARAM_free(params_exp2); + return r; +} + /*- * random 256-bit explicit parameters curve, cofactor absent * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) @@ -2345,7 +2457,7 @@ static int ec_point_hex2point_test(int id) EC_GROUP *group = NULL; const EC_POINT *G = NULL; EC_POINT *P = NULL; - BN_CTX * bnctx = NULL; + BN_CTX *bnctx = NULL; /* Do some setup */ nid = curves[id].nid; @@ -2861,11 +2973,11 @@ static int custom_params_test(int id) goto err; /* create two `EVP_PKEY`s from the `EC_KEY`s */ - if(!TEST_ptr(pkey1 = EVP_PKEY_new()) + if (!TEST_ptr(pkey1 = EVP_PKEY_new()) || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) goto err; eckey1 = NULL; /* ownership passed to pkey1 */ - if(!TEST_ptr(pkey2 = EVP_PKEY_new()) + if (!TEST_ptr(pkey2 = EVP_PKEY_new()) || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) goto err; eckey2 = NULL; /* ownership passed to pkey2 */ @@ -3015,6 +3127,7 @@ int setup_tests(void) return 0; ADD_TEST(parameter_test); + ADD_TEST(ossl_parameter_test); ADD_TEST(cofactor_range_test); ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); diff --git a/test/endecode_test.c b/test/endecode_test.c index 0611d94216f0..028deb4ed134 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,6 +26,10 @@ #include "helpers/predefined_dhparams.h" #include "testutil.h" +#ifdef STATIC_LEGACY +OSSL_provider_init_fn ossl_legacy_provider_init; +#endif + /* Extended test macros to allow passing file & line number */ #define TEST_FL_ptr(a) test_ptr(file, line, #a, a) #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) @@ -44,6 +48,7 @@ static int default_libctx = 1; static int is_fips = 0; static int is_fips_3_0_0 = 0; +static int is_fips_lt_3_5 = 0; static OSSL_LIB_CTX *testctx = NULL; static OSSL_LIB_CTX *keyctx = NULL; @@ -101,7 +106,12 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) } #endif -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_DH) || \ + !defined(OPENSSL_NO_DSA) || \ + !defined(OPENSSL_NO_EC) || \ + !defined(OPENSSL_NO_ML_DSA) || \ + !defined(OPENSSL_NO_ML_KEM) || \ + !defined(OPENSSL_NO_SLH_DSA) static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, OSSL_PARAM *genparams) { @@ -692,9 +702,9 @@ static int check_PVK(const char *file, const int line, { const unsigned char *in = data; unsigned int saltlen = 0, keylen = 0; - int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen); + int isdss = -1; - return ok; + return ossl_do_PVK_header(&in, data_len, 0, &isdss, &saltlen, &keylen); } static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) @@ -1032,6 +1042,12 @@ IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") KEYS(SM2); IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) # endif +#endif +#ifndef OPENSSL_NO_ECX +/* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. + */ KEYS(ED25519); IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) KEYS(ED448); @@ -1040,11 +1056,45 @@ KEYS(X25519); IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) KEYS(X448); IMPLEMENT_TEST_SUITE(X448, "X448", 1) +#endif +#ifndef OPENSSL_NO_ML_KEM /* - * ED25519, ED448, X25519 and X448 have no support for - * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. + * ML-KEM has no support for PEM_write_bio_PrivateKey_traditional(), so no + * legacy tests. */ +KEYS(ML_KEM_512); +IMPLEMENT_TEST_SUITE(ML_KEM_512, "ML-KEM-512", 1) +KEYS(ML_KEM_768); +IMPLEMENT_TEST_SUITE(ML_KEM_768, "ML-KEM-768", 1) +KEYS(ML_KEM_1024); +IMPLEMENT_TEST_SUITE(ML_KEM_1024, "ML-KEM-1024", 1) #endif +#ifndef OPENSSL_NO_SLH_DSA +KEYS(SLH_DSA_SHA2_128s); +KEYS(SLH_DSA_SHA2_128f); +KEYS(SLH_DSA_SHA2_192s); +KEYS(SLH_DSA_SHA2_192f); +KEYS(SLH_DSA_SHA2_256s); +KEYS(SLH_DSA_SHA2_256f); +KEYS(SLH_DSA_SHAKE_128s); +KEYS(SLH_DSA_SHAKE_128f); +KEYS(SLH_DSA_SHAKE_192s); +KEYS(SLH_DSA_SHAKE_192f); +KEYS(SLH_DSA_SHAKE_256s); +KEYS(SLH_DSA_SHAKE_256f); +IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_128s, "SLH-DSA-SHA2-128s", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_128f, "SLH-DSA-SHA2-128f", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_192s, "SLH-DSA-SHA2-192s", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_192f, "SLH-DSA-SHA2-192f", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_256s, "SLH-DSA-SHA2-256s", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_256f, "SLH-DSA-SHA2-256f", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_128s, "SLH-DSA-SHAKE-128s", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_128f, "SLH-DSA-SHAKE-128f", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_192s, "SLH-DSA-SHAKE-192s", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_192f, "SLH-DSA-SHAKE-192f", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_256s, "SLH-DSA-SHAKE-256s", 1) +IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_256f, "SLH-DSA-SHAKE-256f", 1) +#endif /* OPENSSL_NO_SLH_DSA */ KEYS(RSA); IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") @@ -1060,6 +1110,15 @@ IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA") IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA") #endif +#ifndef OPENSSL_NO_ML_DSA +KEYS(ML_DSA_44); +KEYS(ML_DSA_65); +KEYS(ML_DSA_87); +IMPLEMENT_TEST_SUITE(ML_DSA_44, "ML-DSA-44", 1) +IMPLEMENT_TEST_SUITE(ML_DSA_65, "ML-DSA-65", 1) +IMPLEMENT_TEST_SUITE(ML_DSA_87, "ML-DSA-87", 1) +#endif /* OPENSSL_NO_ML_DSA */ + #ifndef OPENSSL_NO_EC /* Explicit parameters that match a named curve */ static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld, @@ -1241,6 +1300,28 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); } # endif /* OPENSSL_NO_EC2M */ + +/* + * Test that multiple calls to OSSL_ENCODER_to_data() do not cause side effects + */ +static int ec_encode_to_data_multi(void) +{ + int ret; + OSSL_ENCODER_CTX *ectx = NULL; + EVP_PKEY *key = NULL; + uint8_t *enc = NULL; + size_t enc_len = 0; + + ret = TEST_ptr(key = EVP_PKEY_Q_keygen(testctx, "", "EC", "P-256")) + && TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(key, EVP_PKEY_KEYPAIR, + "DER", NULL, NULL)) + && TEST_int_eq(OSSL_ENCODER_to_data(ectx, NULL, &enc_len), 1) + && TEST_int_eq(OSSL_ENCODER_to_data(ectx, &enc, &enc_len), 1); + OPENSSL_free(enc); + EVP_PKEY_free(key); + OSSL_ENCODER_CTX_free(ectx); + return ret; +} #endif /* OPENSSL_NO_EC */ typedef enum OPTION_choice { @@ -1338,6 +1419,18 @@ int setup_tests(void) /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0); + /* FIPS(3.5.0) is the first to support ML-DSA, ML-KEM and SLH-DSA */ + is_fips_lt_3_5 = is_fips && fips_provider_version_lt(testctx, 3, 5, 0); + +#ifdef STATIC_LEGACY + /* + * This test is always statically linked against libcrypto. We must not + * attempt to load legacy.so that might be dynamically linked against + * libcrypto. Instead we use a built-in version of the legacy provider. + */ + if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) + return 0; +#endif /* Separate provider/ctx for generating the test data */ if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) @@ -1388,11 +1481,44 @@ int setup_tests(void) # ifndef OPENSSL_NO_SM2 MAKE_KEYS(SM2, "SM2", NULL); # endif +#endif +#ifndef OPENSSL_NO_ECX MAKE_KEYS(ED25519, "ED25519", NULL); MAKE_KEYS(ED448, "ED448", NULL); MAKE_KEYS(X25519, "X25519", NULL); MAKE_KEYS(X448, "X448", NULL); #endif +#ifndef OPENSSL_NO_ML_DSA + if (!is_fips_lt_3_5) { + MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL); + MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL); + MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL); + } +#endif /* OPENSSL_NO_ML_DSA */ +#ifndef OPENSSL_NO_ML_KEM + if (!is_fips_lt_3_5) { + MAKE_KEYS(ML_KEM_512, "ML-KEM-512", NULL); + MAKE_KEYS(ML_KEM_768, "ML-KEM-768", NULL); + MAKE_KEYS(ML_KEM_1024, "ML-KEM-1024", NULL); + } +#endif +#ifndef OPENSSL_NO_SLH_DSA + if (!is_fips_lt_3_5) { + MAKE_KEYS(SLH_DSA_SHA2_128s, "SLH-DSA-SHA2-128s", NULL); + MAKE_KEYS(SLH_DSA_SHA2_128f, "SLH-DSA-SHA2-128f", NULL); + MAKE_KEYS(SLH_DSA_SHA2_192s, "SLH-DSA-SHA2-192s", NULL); + MAKE_KEYS(SLH_DSA_SHA2_192f, "SLH-DSA-SHA2-192f", NULL); + MAKE_KEYS(SLH_DSA_SHA2_256s, "SLH-DSA-SHA2-256s", NULL); + MAKE_KEYS(SLH_DSA_SHA2_256f, "SLH-DSA-SHA2-256f", NULL); + MAKE_KEYS(SLH_DSA_SHAKE_128s, "SLH-DSA-SHAKE-128s", NULL); + MAKE_KEYS(SLH_DSA_SHAKE_128f, "SLH-DSA-SHAKE-128f", NULL); + MAKE_KEYS(SLH_DSA_SHAKE_192s, "SLH-DSA-SHAKE-192s", NULL); + MAKE_KEYS(SLH_DSA_SHAKE_192f, "SLH-DSA-SHAKE-192f", NULL); + MAKE_KEYS(SLH_DSA_SHAKE_256s, "SLH-DSA-SHAKE-256s", NULL); + MAKE_KEYS(SLH_DSA_SHAKE_256f, "SLH-DSA-SHAKE-256f", NULL); + } +#endif /* OPENSSL_NO_SLH_DSA */ + TEST_info("Loading RSA key..."); ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); TEST_info("Loading RSA_PSS key..."); @@ -1421,6 +1547,7 @@ int setup_tests(void) # endif #endif #ifndef OPENSSL_NO_EC + ADD_TEST(ec_encode_to_data_multi); ADD_TEST_SUITE(EC); ADD_TEST_SUITE_PARAMS(EC); ADD_TEST_SUITE_LEGACY(EC); @@ -1440,6 +1567,8 @@ int setup_tests(void) ADD_TEST_SUITE(SM2); } # endif +#endif +#ifndef OPENSSL_NO_ECX ADD_TEST_SUITE(ED25519); ADD_TEST_SUITE(ED448); ADD_TEST_SUITE(X25519); @@ -1449,6 +1578,13 @@ int setup_tests(void) * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. */ #endif +#ifndef OPENSSL_NO_ML_KEM + if (!is_fips_lt_3_5) { + ADD_TEST_SUITE(ML_KEM_512); + ADD_TEST_SUITE(ML_KEM_768); + ADD_TEST_SUITE(ML_KEM_1024); + } +#endif ADD_TEST_SUITE(RSA); ADD_TEST_SUITE_LEGACY(RSA); ADD_TEST_SUITE(RSA_PSS); @@ -1461,6 +1597,31 @@ int setup_tests(void) # ifndef OPENSSL_NO_RC4 ADD_TEST_SUITE_PROTECTED_PVK(RSA); # endif + +#ifndef OPENSSL_NO_ML_DSA + if (!is_fips_lt_3_5) { + ADD_TEST_SUITE(ML_DSA_44); + ADD_TEST_SUITE(ML_DSA_65); + ADD_TEST_SUITE(ML_DSA_87); + } +#endif /* OPENSSL_NO_ML_DSA */ + +#ifndef OPENSSL_NO_SLH_DSA + if (!is_fips_lt_3_5) { + ADD_TEST_SUITE(SLH_DSA_SHA2_128s); + ADD_TEST_SUITE(SLH_DSA_SHA2_128f); + ADD_TEST_SUITE(SLH_DSA_SHA2_192s); + ADD_TEST_SUITE(SLH_DSA_SHA2_192f); + ADD_TEST_SUITE(SLH_DSA_SHA2_256s); + ADD_TEST_SUITE(SLH_DSA_SHA2_256f); + ADD_TEST_SUITE(SLH_DSA_SHAKE_128s); + ADD_TEST_SUITE(SLH_DSA_SHAKE_128f); + ADD_TEST_SUITE(SLH_DSA_SHAKE_192s); + ADD_TEST_SUITE(SLH_DSA_SHAKE_192f); + ADD_TEST_SUITE(SLH_DSA_SHAKE_256s); + ADD_TEST_SUITE(SLH_DSA_SHAKE_256f); + } +#endif /* OPENSSL_NO_SLH_DSA */ } return 1; @@ -1500,14 +1661,48 @@ void cleanup_tests(void) # ifndef OPENSSL_NO_SM2 FREE_KEYS(SM2); # endif +#endif +#ifndef OPENSSL_NO_ECX FREE_KEYS(ED25519); FREE_KEYS(ED448); FREE_KEYS(X25519); FREE_KEYS(X448); #endif +#ifndef OPENSSL_NO_ML_KEM + if (!is_fips_lt_3_5) { + FREE_KEYS(ML_KEM_512); + FREE_KEYS(ML_KEM_768); + FREE_KEYS(ML_KEM_1024); + } +#endif FREE_KEYS(RSA); FREE_KEYS(RSA_PSS); +#ifndef OPENSSL_NO_ML_DSA + if (!is_fips_lt_3_5) { + FREE_KEYS(ML_DSA_44); + FREE_KEYS(ML_DSA_65); + FREE_KEYS(ML_DSA_87); + } +#endif /* OPENSSL_NO_ML_DSA */ + +#ifndef OPENSSL_NO_SLH_DSA + if (!is_fips_lt_3_5) { + FREE_KEYS(SLH_DSA_SHA2_128s); + FREE_KEYS(SLH_DSA_SHA2_128f); + FREE_KEYS(SLH_DSA_SHA2_192s); + FREE_KEYS(SLH_DSA_SHA2_192f); + FREE_KEYS(SLH_DSA_SHA2_256s); + FREE_KEYS(SLH_DSA_SHA2_256f); + FREE_KEYS(SLH_DSA_SHAKE_128s); + FREE_KEYS(SLH_DSA_SHAKE_128f); + FREE_KEYS(SLH_DSA_SHAKE_192s); + FREE_KEYS(SLH_DSA_SHAKE_192f); + FREE_KEYS(SLH_DSA_SHAKE_256s); + FREE_KEYS(SLH_DSA_SHAKE_256f); + } +#endif /* OPENSSL_NO_SLH_DSA */ + OSSL_PROVIDER_unload(nullprov); OSSL_PROVIDER_unload(deflprov); OSSL_PROVIDER_unload(keyprov); diff --git a/test/errtest.c b/test/errtest.c index 2d827ff89364..2a66b483fec9 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -334,6 +334,97 @@ static int test_clear_error(void) return res; } +/* + * Test saving and restoring error state. + * Test 0: Save using OSSL_ERR_STATE_save() + * Test 1: Save using OSSL_ERR_STATE_save_to_mark() + */ +static int test_save_restore(int idx) +{ + ERR_STATE *es; + int res = 0, i, flags = -1; + unsigned long mallocfail, interr; + static const char testdata[] = "test data"; + const char *data = NULL; + + if (!TEST_ptr(es = OSSL_ERR_STATE_new())) + goto err; + + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + mallocfail = ERR_peek_last_error(); + if (!TEST_ulong_gt(mallocfail, 0)) + goto err; + + if (idx == 1 && !TEST_int_eq(ERR_set_mark(), 1)) + goto err; + + ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR, testdata); + interr = ERR_peek_last_error(); + if (!TEST_ulong_ne(mallocfail, ERR_peek_last_error())) + goto err; + + if (idx == 0) { + OSSL_ERR_STATE_save(es); + + if (!TEST_ulong_eq(ERR_peek_last_error(), 0)) + goto err; + } else { + OSSL_ERR_STATE_save_to_mark(es); + + if (!TEST_ulong_ne(ERR_peek_last_error(), 0)) + goto err; + } + + for (i = 0; i < 2; i++) { + OSSL_ERR_STATE_restore(es); + + if (!TEST_ulong_eq(ERR_peek_last_error(), interr)) + goto err; + ERR_peek_last_error_data(&data, &flags); + if (!TEST_str_eq(data, testdata) + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + + /* restore again to duplicate the entries */ + OSSL_ERR_STATE_restore(es); + + /* verify them all */ + if (idx == 0 || i == 0) { + if (!TEST_ulong_eq(ERR_get_error_all(NULL, NULL, NULL, + &data, &flags), mallocfail) + || !TEST_int_ne(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + } + + if (!TEST_ulong_eq(ERR_get_error_all(NULL, NULL, NULL, + &data, &flags), interr) + || !TEST_str_eq(data, testdata) + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + + if (idx == 0) { + if (!TEST_ulong_eq(ERR_get_error_all(NULL, NULL, NULL, + &data, &flags), mallocfail) + || !TEST_int_ne(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + } + + if (!TEST_ulong_eq(ERR_get_error_all(NULL, NULL, NULL, + &data, &flags), interr) + || !TEST_str_eq(data, testdata) + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + + if (!TEST_ulong_eq(ERR_get_error(), 0)) + goto err; + } + + res = 1; + err: + OSSL_ERR_STATE_free(es); + return res; +} + int setup_tests(void) { ADD_TEST(preserves_system_error); @@ -343,6 +434,7 @@ int setup_tests(void) ADD_TEST(test_print_error_format); #endif ADD_TEST(test_marks); + ADD_ALL_TESTS(test_save_restore, 2); ADD_TEST(test_clear_error); return 1; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index c5fbbf8a8309..d6d973d5b925 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,10 +32,14 @@ #include <openssl/rsa.h> #include <openssl/engine.h> #include <openssl/proverr.h> +#include <openssl/rand.h> +# include <crypto/ml_kem.h> #include "testutil.h" #include "internal/nelem.h" #include "internal/sizes.h" #include "crypto/evp.h" +#include "fake_rsaprov.h" +#include "fake_pipelineprov.h" #ifdef STATIC_LEGACY OSSL_provider_init_fn ossl_legacy_provider_init; @@ -106,8 +110,187 @@ static const unsigned char kExampleRSAKeyDER[] = { 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +/* An invalid key whose prime factors exceed modulus n. */ +static const unsigned char kInvalidRSAKeyDER[] = { + 0x30, 0x80, 0x02, 0x00, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, + 0x02, 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, + 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, + 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, + 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, + 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, + 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, + 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, + 0x00, 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, + 0x02, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, + 0x00, 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x5d, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, + 0x15, 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, + 0x00, 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, + 0xea, 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, + 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, + 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x02, 0x02, 0xb6, 0x00, 0x02, 0x02, 0x04, 0x80, 0x02, + 0x00, 0x02, 0x82, 0x08, 0x01, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x01, 0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, + 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, + 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x2b, 0x31, + 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0x29, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, 0x01, 0xc8, + 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, 0xee, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, + 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x29, 0x0f, 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0xec, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0xe6, 0x15, 0x15, 0x15, 0x15, 0xff, 0x03, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x00, 0x55, 0x15, 0x15, 0x15, 0x15, 0x11, 0x05, 0x15, 0x15, 0x15, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0xf9, 0xf8, 0xf9, 0x02, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, + 0x02, 0x00, 0x6d, 0x61, 0x78, 0x00, 0x02, 0x00, 0x02, 0x15, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x51, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0xa5, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x5d, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, + 0x15, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, + 0x22, 0x00, 0x15, 0x15, 0x15, 0xeb, 0xea, 0xea, 0xea, 0xea, 0xea, 0xea, + 0xf1, 0x15, 0x15, 0x15, 0x15, 0x15, 0x40, 0x55, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x05, 0x15, 0x15, 0x30, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, + 0x00, 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, + 0x00, 0x02, 0x00, 0x02, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, + 0x07, 0x07, 0x4d, 0x00, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x15, 0x14, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x06, 0xce, 0x15, 0x00, 0xfe, 0xf7, 0x52, 0x53, 0x41, + 0x31, 0x01, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0x2b, 0x31, 0xff, 0x44, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xd9, 0xd9, 0xbf, 0x02, + 0x01, 0xc8, 0x02, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, 0x88, 0x88, 0x88, + 0xee, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, + 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x29, 0x07, 0x07, 0x07, 0x4d, 0x00, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x14, 0x15, + 0x15, 0xec, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, 0x15, 0x05, 0x15, 0x15, + 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, 0x00, 0x4d, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x15, 0x15, 0x15, + 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x15, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, + 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x59, 0x8f, + 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, + 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, + 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, + 0x8f, 0x8f, 0x8f, 0x8f, 0x59, 0x59, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x3d, 0xc1, 0xc1, + 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, 0xc1, + 0xc1, 0xc1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xa5, 0x02, 0x02, 0x42, 0x02, + 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0xe8, 0xe8, 0xe8, 0xe8, + 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, + 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, + 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, + 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, + 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, + 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x02, + 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, + 0x21, 0x2b, 0x02, 0x02, 0x02, 0x02, 0x02, 0x21, 0x02, 0x02, 0x32, 0x80, + 0x02, 0x02, 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, + 0x02, 0x02, 0x42, 0x02, 0x12, 0x02, 0x42, 0x02, 0x79, 0x70, 0x65, 0x36, + 0x28, 0xc8, 0x02, 0x01, 0x81, 0x08, 0xfe, 0x00, 0xf9, 0x02, 0x42, 0x10, + 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, + 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, + 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, + 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, + 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa5, 0x02, + 0x02, 0x42, 0x02, 0x02, 0x51, 0x01, 0x02, 0x02, 0xd2, 0x42, 0x02, 0x02, + 0x02, 0x42, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, + 0x21, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x32, 0x80, 0x02, 0x02, + 0x7f, 0x1b, 0x02, 0x00, 0x1f, 0x04, 0xff, 0x80, 0x02, 0x02, 0x02, 0x02, + 0x42, 0x02, 0x12, 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x47, + 0x4f, 0x53, 0x54, 0x20, 0x52, 0x20, 0x33, 0x34, 0x2e, 0x31, 0x31, 0x2d, + 0x32, 0x30, 0x31, 0x32, 0x20, 0x77, 0x69, 0x74, 0x68, 0x30, 0x80, 0x60, + 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, 0x31, 0x32, + 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, 0x5b, 0xff, + 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x00, 0x00, 0x30, + 0x80, 0x60, 0x02, 0x82, 0x24, 0x02, 0x02, 0x41, 0x52, 0x49, 0x41, 0x2d, + 0x31, 0x32, 0x38, 0x2d, 0x43, 0x46, 0x42, 0x38, 0xff, 0xff, 0xff, 0x3a, + 0x5b, 0xff, 0xff, 0x7f, 0x49, 0x74, 0x84, 0x00, 0x00, 0x70, 0x65, 0x33, + 0x28, 0xc8, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x55, 0x15, 0x15, 0x15, 0x15, + 0x15, 0x05, 0x15, 0x95, 0x15, 0x07, 0x07, 0x07, 0x07, 0x07, 0x00, 0x00, + 0x00, 0x4d, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x0b, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, + 0x07, 0x15, 0x15, 0x15, 0x15, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, + 0x02, 0x00, 0x25, 0x02, 0x02, 0x22, 0x3a, 0x02, 0x02, 0x02, 0x42, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0xe2, 0x80, +}; + /* -* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you + * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you * should never use this key anywhere but in an example. */ #ifndef OPENSSL_NO_DSA @@ -276,7 +459,7 @@ static const unsigned char kSignature[] = { }; /* - * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v1 * PrivateKeyInfo. */ static const unsigned char kExampleRSAKeyPKCS8[] = { @@ -335,6 +518,79 @@ static const unsigned char kExampleRSAKeyPKCS8[] = { 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS#8 v2 + * PrivateKeyInfo (with an optional public key). + */ +static const unsigned char kExampleRSAKeyPKCS8_v2[] = { + 0x30, 0x82, 0x03, 0x06, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, + /* Implicit optional Public key BIT STRING */ + 0x81, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + #ifndef OPENSSL_NO_EC /* * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey @@ -354,6 +610,28 @@ static const unsigned char kExampleECKeyDER[] = { 0xc1, }; +static const unsigned char kExampleECKeyPKCS8_v2[] = { + 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, + 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, + 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, + 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, + 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, + 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, + 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, + 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, + 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, + /* Optional implicit public key BIT STRING */ + 0x81, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, + 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, + 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, + 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, + 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, + 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1 +}; + /* * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey * structure. The private key is equal to the order and will fail to import @@ -401,6 +679,7 @@ static const unsigned char pExampleECParamDER[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; +# ifndef OPENSSL_NO_ECX static const unsigned char kExampleED25519KeyDER[] = { 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, @@ -422,6 +701,7 @@ static const unsigned char kExampleX25519KeyDER[] = { 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e }; +# endif # endif #endif @@ -580,6 +860,13 @@ static APK_DATA keydata[] = { #endif }; +static APK_DATA keydata_v2[] = { + {kExampleRSAKeyPKCS8_v2, sizeof(kExampleRSAKeyPKCS8_v2), "RSA", EVP_PKEY_RSA}, +#ifndef OPENSSL_NO_EC + {kExampleECKeyPKCS8_v2, sizeof(kExampleECKeyPKCS8_v2), "EC", EVP_PKEY_EC} +#endif +}; + static APK_DATA keycheckdata[] = { {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0}, @@ -594,10 +881,12 @@ static APK_DATA keycheckdata[] = { 1, 1}, {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}, +# ifndef OPENSSL_NO_ECX {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", EVP_PKEY_ED25519, 1, 1, 1, 0}, {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", EVP_PKEY_ED25519, 0, 1, 1, 1}, +# endif #endif }; @@ -647,7 +936,7 @@ static EVP_PKEY *load_example_dh_key(void) } # endif -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX static EVP_PKEY *load_example_ed25519_key(void) { return load_example_key("ED25519", kExampleED25519KeyDER, @@ -679,11 +968,33 @@ static EVP_PKEY *load_example_hmac_key(void) return pkey; } +static int test_EVP_set_config_properties(void) +{ + char *fetched_properties = NULL; + const char test_propq[] = "test.fizzbuzz=buzzfizz"; + int res = 0; + + fetched_properties = EVP_get1_default_properties(OSSL_LIB_CTX_get0_global_default()); + if (!TEST_ptr(fetched_properties) + || !TEST_str_eq(fetched_properties, test_propq)) + goto err; + OPENSSL_free(fetched_properties); + fetched_properties = NULL; + + res = 1; +err: + OPENSSL_free(fetched_properties); + return res; +} + static int test_EVP_set_default_properties(void) { OSSL_LIB_CTX *ctx; EVP_MD *md = NULL; int res = 0; + char *fetched_properties = NULL; + const char test_propq[] = "provider=fizzbang"; + const char test_fips_propq[] = "fips=yes,provider=fizzbang"; if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) @@ -691,18 +1002,38 @@ static int test_EVP_set_default_properties(void) EVP_MD_free(md); md = NULL; - if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang")) + if (!TEST_true(EVP_set_default_properties(ctx, test_propq)) || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) goto err; EVP_MD_free(md); md = NULL; + fetched_properties = EVP_get1_default_properties(ctx); + if (!TEST_ptr(fetched_properties) + || !TEST_str_eq(fetched_properties, test_propq)) + goto err; + OPENSSL_free(fetched_properties); + fetched_properties = NULL; + + if (!TEST_true(EVP_default_properties_enable_fips(ctx, 1))) + goto err; + fetched_properties = EVP_get1_default_properties(ctx); + if (!TEST_ptr(fetched_properties) + || !TEST_str_eq(fetched_properties, test_fips_propq)) + goto err; + OPENSSL_free(fetched_properties); + fetched_properties = NULL; + + if (!TEST_true(EVP_default_properties_enable_fips(ctx, 0))) + goto err; + if (!TEST_true(EVP_set_default_properties(ctx, NULL)) || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) goto err; res = 1; err: + OPENSSL_free(fetched_properties); EVP_MD_free(md); OSSL_LIB_CTX_free(ctx); return res; @@ -716,7 +1047,9 @@ static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) goto err; - if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) + /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ + if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, params), 0)) goto err; @@ -1071,6 +1404,65 @@ static int test_EC_priv_pub(void) return ret; } +/* Also test that we can read the EC PUB affine coordinates */ +static int test_evp_get_ec_pub(void) +{ + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + unsigned char *pad = NULL; + EVP_PKEY *keypair = NULL; + BIGNUM *priv = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + int ret = 0; + + if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) + goto err; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_GROUP_NAME, + "P-256", 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_PUB_KEY, + ec_pub, sizeof(ec_pub))) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, + priv))) + goto err; + + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(keypair = make_key_fromdata("EC", params))) + goto err; + + if (!test_selection(keypair, EVP_PKEY_KEYPAIR)) + goto err; + + if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x) + || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y)) + goto err; + + if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) + goto err; + + pad[0] = ec_pub[0]; + BN_bn2bin(x, &pad[1]); + BN_bn2bin(y, &pad[33]); + if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) + goto err; + + ret = 1; + +err: + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_free(keypair); + OPENSSL_free(pad); + BN_free(priv); + BN_free(x); + BN_free(y); + return ret; +} + /* Test that using a legacy EC key with only a private key in it works */ # ifndef OPENSSL_NO_DEPRECATED_3_0 static int test_EC_priv_only_legacy(void) @@ -1138,6 +1530,76 @@ static int test_EC_priv_only_legacy(void) return ret; } + +static int test_evp_get_ec_pub_legacy(void) +{ + OSSL_LIB_CTX *libctx = NULL; + unsigned char *pad = NULL; + EVP_PKEY *pkey = NULL; + EC_KEY *eckey = NULL; + BIGNUM *priv = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + int ret = 0; + + if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) + goto err; + + /* Create the legacy key */ + if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL, + NID_X9_62_prime256v1))) + goto err; + + if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) + goto err; + + if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) + goto err; + + if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL))) + goto err; + + if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL))) + goto err; + + if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y))) + goto err; + + if (!TEST_ptr(pkey = EVP_PKEY_new())) + goto err; + + /* Transfer the legacy key */ + if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) + goto err; + eckey = NULL; + + if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x)) + || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y))) + goto err; + + if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub)))) + goto err; + + pad[0] = ec_pub[0]; + BN_bn2bin(x, &pad[1]); + BN_bn2bin(y, &pad[33]); + + if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0)) + goto err; + + ret = 1; + +err: + OSSL_LIB_CTX_free(libctx); + EVP_PKEY_free(pkey); + EC_KEY_free(eckey); + OPENSSL_free(pad); + BN_free(priv); + BN_free(x); + BN_free(y); + + return ret; +} # endif /* OPENSSL_NO_DEPRECATED_3_0 */ #endif /* OPENSSL_NO_EC */ @@ -1153,7 +1615,7 @@ static int test_EVP_PKEY_sign(int tst) 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; - if (tst == 0 ) { + if (tst == 0) { if (!TEST_ptr(pkey = load_example_rsa_key())) goto out; } else if (tst == 1) { @@ -1555,6 +2017,46 @@ static int test_EVP_DigestVerifyInit(void) return ret; } +#ifndef OPENSSL_NO_EC +static int test_ecdsa_digestsign_keccak(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *ctx = NULL; + EVP_MD *md = NULL; + + if (nullprov != NULL) + return TEST_skip("Test does not support a non-default library context"); + + pkey = load_example_ec_key(); + if (!TEST_ptr(pkey)) + goto err; + + /* This would not work with FIPS provider so just use NULL libctx */ + md = EVP_MD_fetch(NULL, "KECCAK-256", NULL); + if (!TEST_ptr(md)) + goto err; + + ctx = EVP_MD_CTX_new(); + if (!TEST_ptr(ctx)) + goto err; + + /* + * Just check EVP_DigestSignInit_ex() works. + */ + if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) + goto err; + + ret = 1; + err: + EVP_MD_CTX_free(ctx); + EVP_PKEY_free(pkey); + EVP_MD_free(md); + + return ret; +} +#endif + #ifndef OPENSSL_NO_SIPHASH /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ static int test_siphash_digestsign(void) @@ -1768,7 +2270,6 @@ static int test_invalide_ec_char2_pub_range_decode(int id) return ret; } -/* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY(void) { int ret = 0; @@ -1797,6 +2298,30 @@ static int test_EVP_PKCS82PKEY(void) } #endif + +static int test_EVP_PKCS82PKEY_v2(int i) +{ + int ret = 0; + const unsigned char *p; + const APK_DATA *ak = &keydata_v2[i]; + const unsigned char *input = ak->kder; + size_t input_len = ak->size; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + + /* Can we parse PKCS#8 v2, ignoring the public key for now? */ + p = input; + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, input_len); + if (!TEST_ptr(p8inf) + || !TEST_true(p == input + input_len)) + goto done; + + ret = 1; + done: + PKCS8_PRIV_KEY_INFO_free(p8inf); + return ret; +} + +/* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY_wrong_tag(void) { EVP_PKEY *pkey = NULL; @@ -2216,66 +2741,456 @@ done: #endif +#ifndef OPENSSL_NO_ML_KEM +static const uint8_t ml_kem_seed[] = { + 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, + 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, + 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, + 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, + 0x87, 0x2b, 0xfb, 0x8f +}; +static const uint8_t ml_kem_512_pubkey[] = { + 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, + 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, + 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, + 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, + 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, + 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, + 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, + 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, + 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, + 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, + 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, + 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, + 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, + 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, + 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, + 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, + 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, + 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, + 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, + 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, + 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, + 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, + 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, + 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, + 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, + 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, + 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, + 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, + 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, + 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, + 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, + 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, + 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, + 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, + 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, + 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, + 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, + 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, + 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, + 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, + 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, + 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, + 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, + 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, + 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, + 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, + 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, + 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, + 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, + 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, + 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, + 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, + 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, + 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, + 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, + 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, + 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, + 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, + 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, + 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, + 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, + 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, + 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, + 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, + 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, + 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, + 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 +}; +static const uint8_t ml_kem_768_pubkey[] = { + 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, + 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, + 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, + 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, + 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, + 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, + 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, + 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, + 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, + 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, + 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, + 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, + 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, + 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, + 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, + 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, + 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, + 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, + 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, + 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, + 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, + 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, + 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, + 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, + 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, + 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, + 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, + 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, + 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, + 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, + 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, + 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, + 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, + 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, + 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, + 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, + 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, + 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, + 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, + 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, + 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, + 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, + 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, + 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, + 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, + 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, + 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, + 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, + 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, + 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, + 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, + 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, + 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, + 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, + 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, + 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, + 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, + 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, + 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, + 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, + 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, + 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, + 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, + 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, + 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, + 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, + 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, + 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, + 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, + 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, + 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, + 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, + 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, + 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, + 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, + 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, + 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, + 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, + 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, + 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, + 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, + 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, + 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, + 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, + 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, + 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, + 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, + 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, + 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, + 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, + 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, + 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, + 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, + 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, + 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, + 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, + 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, + 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, + 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 +}; +static const uint8_t ml_kem_1024_pubkey[] = { + 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, + 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, + 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, + 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, + 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, + 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, + 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, + 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, + 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, + 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, + 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, + 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, + 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, + 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, + 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, + 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, + 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, + 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, + 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, + 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, + 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, + 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, + 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, + 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, + 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, + 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, + 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, + 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, + 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, + 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, + 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, + 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, + 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, + 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, + 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, + 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, + 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, + 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, + 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, + 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, + 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, + 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, + 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, + 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, + 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, + 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, + 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, + 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, + 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, + 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, + 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, + 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, + 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, + 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, + 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, + 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, + 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, + 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, + 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, + 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, + 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, + 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, + 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, + 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, + 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, + 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, + 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, + 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, + 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, + 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, + 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, + 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, + 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, + 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, + 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, + 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, + 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, + 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, + 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, + 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, + 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, + 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, + 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, + 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, + 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, + 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, + 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, + 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, + 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, + 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, + 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, + 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, + 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, + 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, + 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, + 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, + 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, + 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, + 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, + 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, + 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, + 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, + 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, + 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, + 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, + 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, + 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, + 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, + 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, + 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, + 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, + 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, + 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, + 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, + 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, + 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, + 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, + 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, + 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, + 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, + 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, + 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, + 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, + 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, + 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, + 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, + 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, + 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, + 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, + 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, + 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb +}; +#endif + static struct keys_st { int type; - char *priv; - char *pub; + const uint8_t *priv; + const uint8_t *pub; + /* If "name" is non-NULL, create via non-legacy _ex() API */ + char *name; + int privlen; + int publen; } keys[] = { { - EVP_PKEY_HMAC, "0123456789", NULL + EVP_PKEY_HMAC, + (const uint8_t *)"0123456789", + NULL, + NULL, 10, 0 }, { - EVP_PKEY_HMAC, "", NULL + EVP_PKEY_HMAC, (const uint8_t *)"", NULL, + NULL, 0, 0 #ifndef OPENSSL_NO_POLY1305 }, { - EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL + EVP_PKEY_POLY1305, + (const uint8_t *)"01234567890123456789012345678901", + NULL, + NULL, 32, 0 #endif #ifndef OPENSSL_NO_SIPHASH }, { - EVP_PKEY_SIPHASH, "0123456789012345", NULL + EVP_PKEY_SIPHASH, + (const uint8_t *)"0123456789012345", + NULL, + NULL, 16, 0 #endif }, -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX { - EVP_PKEY_X25519, "01234567890123456789012345678901", - "abcdefghijklmnopqrstuvwxyzabcdef" + EVP_PKEY_X25519, + (const uint8_t *)"01234567890123456789012345678901", + (const unsigned char *)"abcdefghijklmnopqrstuvwxyzabcdef", + NULL, 32, 32 }, { - EVP_PKEY_ED25519, "01234567890123456789012345678901", - "abcdefghijklmnopqrstuvwxyzabcdef" + EVP_PKEY_ED25519, + (const uint8_t *)"01234567890123456789012345678901", + (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdef", + NULL, 32, 32 }, { EVP_PKEY_X448, - "01234567890123456789012345678901234567890123456789012345", - "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" + (const uint8_t *)"01234567890123456789012345678901234567890123456789012345", + (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd", + NULL, 56, 56 }, { EVP_PKEY_ED448, - "012345678901234567890123456789012345678901234567890123456", - "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" - } + (const uint8_t *)"012345678901234567890123456789012345678901234567890123456", + (const uint8_t *)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde", + NULL, 57, 57 + }, +#endif +#ifndef OPENSSL_NO_ML_KEM + { + NID_undef, ml_kem_seed, ml_kem_512_pubkey, + "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) + }, { + NID_undef, ml_kem_seed, ml_kem_768_pubkey, + "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) + }, { + NID_undef, ml_kem_seed, ml_kem_1024_pubkey, + "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) + }, #endif }; +#ifndef OPENSSL_NO_ML_KEM +static int +ml_kem_seed_to_priv(const char *alg, const unsigned char *seed, int seedlen, + unsigned char **ret, size_t *retlen) +{ + OSSL_PARAM parr[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + const OSSL_PARAM *p; + OSSL_PARAM *params = NULL; + int selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; + int ok = 0; + + /* Import the seed to generate a key */ + ctx = EVP_PKEY_CTX_new_from_name(testctx, alg, NULL); + if (!TEST_ptr(ctx) + || !TEST_int_gt(EVP_PKEY_fromdata_init(ctx), 0)) + goto done; + parr[0] = OSSL_PARAM_construct_octet_string( + OSSL_PKEY_PARAM_ML_KEM_SEED, (unsigned char *)seed, seedlen); + if (!TEST_int_gt(EVP_PKEY_fromdata(ctx, &pkey, selection, parr), 0)) + goto done; + + /* Export the key to get the encoded form */ + if (!TEST_true(EVP_PKEY_todata(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, ¶ms))) + goto done; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + if (!TEST_ptr(p) + || !TEST_true(OSSL_PARAM_get_octet_string(p, (void **)ret, 0, retlen))) + goto done; + ok = 1; + + done: + EVP_PKEY_free(pkey); + OSSL_PARAM_free(params); + EVP_PKEY_CTX_free(ctx); + return ok; +} +#endif + static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) { int ret = 0; - unsigned char buf[80]; - unsigned char *in; - size_t inlen, len = 0, shortlen = 1; - EVP_PKEY *pkey; + uint8_t *buf = NULL; + const uint8_t *in; + uint8_t shortbuf[1]; + size_t inlen, len = 0, shortlen = sizeof(shortbuf); + EVP_PKEY *pkey = NULL; + unsigned char *privalloc = NULL; + const char *name; /* Check if this algorithm supports public keys */ if (pub && keys[tst].pub == NULL) return 1; - memset(buf, 0, sizeof(buf)); + name = keys[tst].name ? keys[tst].name : OBJ_nid2sn(keys[tst].type); if (pub) { #ifndef OPENSSL_NO_EC - inlen = strlen(keys[tst].pub); - in = (unsigned char *)keys[tst].pub; - if (uselibctx) { + inlen = keys[tst].publen; + in = keys[tst].pub; + if (uselibctx || keys[tst].name != NULL) { pkey = EVP_PKEY_new_raw_public_key_ex( testctx, - OBJ_nid2sn(keys[tst].type), + name, NULL, in, inlen); @@ -2289,11 +3204,20 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) return 1; #endif } else { - inlen = strlen(keys[tst].priv); - in = (unsigned char *)keys[tst].priv; - if (uselibctx) { + inlen = keys[tst].privlen; + in = keys[tst].priv; +#ifndef OPENSSL_NO_ML_KEM + if (in == ml_kem_seed) { + if (!TEST_true(ml_kem_seed_to_priv(name, in, inlen, + &privalloc, &inlen))) + goto done; + in = privalloc; + } +#endif + if (uselibctx || keys[tst].name != NULL) { pkey = EVP_PKEY_new_raw_private_key_ex( - testctx, OBJ_nid2sn(keys[tst].type), + testctx, + name, NULL, in, inlen); @@ -2316,12 +3240,14 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) * Test that supplying a buffer that is too small fails. Doesn't apply * to HMAC with a zero length key */ - if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf, + if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, shortbuf, &shortlen))) - || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf, + || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, shortbuf, &shortlen)))) goto done; } + if (!TEST_ptr(buf = OPENSSL_zalloc(len <= 80 ? 80 : len))) + goto done; if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) || !TEST_mem_eq(in, inlen, buf, len)) @@ -2329,6 +3255,8 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) ret = 1; done: + OPENSSL_free(privalloc); + OPENSSL_free(buf); EVP_PKEY_free(pkey); return ret; } @@ -2398,7 +3326,9 @@ static int test_EVP_PKEY_check(int i) #ifndef OPENSSL_NO_DEPRECATED_3_0 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); /* assign the pkey directly, as an internal test */ - EVP_PKEY_up_ref(pkey); + if (!EVP_PKEY_up_ref(pkey)) + goto done; + ctx2->pkey = pkey; if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) @@ -2470,7 +3400,7 @@ static int test_CMAC_keygen(void) if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_CIPHER, - 0, (void *)EVP_aes_256_ecb()), 0) + 0, (void *)EVP_aes_256_cbc()), 0) || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_SET_MAC_KEY, sizeof(key), (void *)key), 0) @@ -2486,7 +3416,7 @@ static int test_CMAC_keygen(void) * Test a CMAC key using the direct method, and compare with the mac * created above. */ - pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb()); + pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc()); if (!TEST_ptr(pkey) || !TEST_true(get_cmac_val(pkey, mac2)) || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) @@ -3005,6 +3935,70 @@ static int test_RSA_OAEP_set_null_label(void) return ret; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 +static int test_RSA_legacy(void) +{ + int ret = 0; + BIGNUM *p = NULL; + BIGNUM *q = NULL; + BIGNUM *n = NULL; + BIGNUM *e = NULL; + BIGNUM *d = NULL; + const EVP_MD *md = EVP_sha256(); + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + + if (nullprov != NULL) + return TEST_skip("Test does not support a non-default library context"); + + if (!TEST_ptr(p = BN_dup(BN_value_one())) + || !TEST_ptr(q = BN_dup(BN_value_one())) + || !TEST_ptr(n = BN_dup(BN_value_one())) + || !TEST_ptr(e = BN_dup(BN_value_one())) + || !TEST_ptr(d = BN_dup(BN_value_one()))) + goto err; + + if (!TEST_ptr(rsa = RSA_new()) + || !TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_ptr(ctx = EVP_MD_CTX_new())) + goto err; + + if (!TEST_true(RSA_set0_factors(rsa, p, q))) + goto err; + p = NULL; + q = NULL; + + if (!TEST_true(RSA_set0_key(rsa, n, e, d))) + goto err; + n = NULL; + e = NULL; + d = NULL; + + if (!TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) + goto err; + + rsa = NULL; + + if (!TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))) + goto err; + + ret = 1; + +err: + RSA_free(rsa); + EVP_MD_CTX_free(ctx); + EVP_PKEY_free(pkey); + BN_free(p); + BN_free(q); + BN_free(n); + BN_free(e); + BN_free(d); + + return ret; +} +#endif + #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) static int test_decrypt_null_chunks(void) { @@ -3223,9 +4217,9 @@ static int test_pkey_ctx_fail_without_provider(int tst) /* * We check for certain algos in the null provider. - * If an algo is expected to have a provider keymgmt, contructing an + * If an algo is expected to have a provider keymgmt, constructing an * EVP_PKEY_CTX is expected to fail (return NULL). - * Otherwise, if it's expected to have legacy support, contructing an + * Otherwise, if it's expected to have legacy support, constructing an * EVP_PKEY_CTX is expected to succeed (return non-NULL). */ switch (tst) { @@ -3306,28 +4300,43 @@ static int test_evp_iv_aes(int idx) { int ret = 0; EVP_CIPHER_CTX *ctx = NULL; - unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, - 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57}; - unsigned char init_iv[EVP_MAX_IV_LENGTH] = - {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, - 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34}; - static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, - 9, 10, 11, 12, 13, 14, 15, 16 }; + unsigned char key[16] = { + 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, + 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 + }; + unsigned char init_iv[EVP_MAX_IV_LENGTH] = { + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 + }; + static const unsigned char msg[] = { + 1, 2, 3, 4, 5, 6, 7, 8, + 9, 10, 11, 12, 13, 14, 15, 16 + }; unsigned char ciphertext[32], oiv[16], iv[16]; unsigned char *ref_iv; - unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, - 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e}; + unsigned char cbc_state[16] = { + 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, + 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e + }; - unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, - 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd}; - unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, - 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed}; - unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, - 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; - unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98}; + unsigned char ofb_state[16] = { + 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, + 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd + }; + unsigned char cfb_state[16] = { + 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, + 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed + }; + unsigned char gcm_state[12] = { + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, + 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 + }; + unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; #ifndef OPENSSL_NO_OCB - unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, - 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; + unsigned char ocb_state[12] = { + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, + 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 + }; #endif int len = sizeof(ciphertext); size_t ivlen, ref_len; @@ -3337,7 +4346,7 @@ static int test_evp_iv_aes(int idx) if (nullprov != NULL && idx < 6) return TEST_skip("Test does not support a non-default library context"); - switch(idx) { + switch (idx) { case 0: type = EVP_aes_128_cbc(); /* FALLTHROUGH */ @@ -3415,6 +4424,10 @@ static int test_evp_iv_aes(int idx) || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + + if (!TEST_int_gt(ivlen, 0)) + goto err; + if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; @@ -3452,8 +4465,10 @@ static int test_evp_iv_des(int idx) static const unsigned char init_iv[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; - static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, - 9, 10, 11, 12, 13, 14, 15, 16 }; + static const unsigned char msg[] = { + 1, 2, 3, 4, 5, 6, 7, 8, + 9, 10, 11, 12, 13, 14, 15, 16 + }; unsigned char ciphertext[32], oiv[8], iv[8]; unsigned const char *ref_iv; static const unsigned char cbc_state_des[8] = { @@ -3481,7 +4496,7 @@ static int test_evp_iv_des(int idx) if (lgcyprov == NULL && idx < 3) return TEST_skip("Test requires legacy provider to be loaded"); - switch(idx) { + switch (idx) { case 0: type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); ref_iv = cbc_state_des; @@ -3526,6 +4541,10 @@ static int test_evp_iv_des(int idx) || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + + if (!TEST_int_gt(ivlen, 0)) + goto err; + if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; @@ -3692,6 +4711,19 @@ static int test_EVP_rsa_pss_set_saltlen(void) return ret; } +static int test_EVP_rsa_invalid_key(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + + pkey = load_example_key("RSA", kInvalidRSAKeyDER, sizeof(kInvalidRSAKeyDER)); + /* we expect to fail to load bogus key */ + ret = !TEST_ptr(pkey); + EVP_PKEY_free(pkey); + + return ret; +} + static int success = 1; static void md_names(const char *name, void *vctx) { @@ -3830,7 +4862,7 @@ static const EVP_INIT_TEST_st evp_reinit_tests[] = { static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) { int res = 0; - + if (t->ivlen != 0) { if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) goto err; @@ -4140,7 +5172,8 @@ static int test_evp_updated_iv(int idx) errmsg = "CIPHER_CTX_GET_UPDATED_IV"; goto err; } - if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { + iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); + if (!TEST_int_ge(iv_len,0)) { errmsg = "CIPHER_CTX_GET_IV_LEN"; goto err; } @@ -4513,7 +5546,7 @@ static int test_custom_pmeth(int idx) if (testctx != NULL) return 1; - switch(idx) { + switch (idx) { case 0: case 6: id = EVP_PKEY_RSA; @@ -4539,7 +5572,7 @@ static int test_custom_pmeth(int idx) # endif case 3: case 9: -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX id = EVP_PKEY_ED25519; md = NULL; pkey = load_example_ed25519_key(); @@ -4559,7 +5592,7 @@ static int test_custom_pmeth(int idx) # endif case 5: case 11: -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX id = EVP_PKEY_X25519; doderive = 1; pkey = load_example_x25519_key(); @@ -4720,6 +5753,7 @@ static int custom_md_cleanup(EVP_MD_CTX *ctx) static int test_custom_md_meth(void) { + ASN1_OBJECT *o = NULL; EVP_MD_CTX *mdctx = NULL; EVP_MD *tmp = NULL; char mess[] = "Test Message\n"; @@ -4765,8 +5799,21 @@ static int test_custom_md_meth(void) || !TEST_int_eq(custom_md_cleanup_called, 1)) goto err; + if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", + "custom-md", "custom-md"), NID_undef) + || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) + goto err; + + o = ASN1_OBJECT_create(nid, (unsigned char *) + "\53\6\1\4\1\201\201\134\274\373\122\1", 12, + "custom-md", "custom-md"); + if (!TEST_int_eq(OBJ_add_object(o), nid)) + goto err; + testresult = 1; err: + ASN1_OBJECT_free(o); EVP_MD_CTX_free(mdctx); EVP_MD_meth_free(tmp); return testresult; @@ -4883,6 +5930,11 @@ static int test_signatures_with_engine(int tst) if (tst <= 1) return 1; # endif +# ifdef OPENSSL_NO_ECX + /* Skip ECX tests in a no-ecx build */ + if (tst == 2) + return 1; +# endif if (!TEST_ptr(e = ENGINE_by_id(engine_id))) return 0; @@ -4996,6 +6048,7 @@ static int test_cipher_with_engine(void) # endif /* OPENSSL_NO_DYNAMIC_ENGINE */ #endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#ifndef OPENSSL_NO_ECX static int ecxnids[] = { NID_X25519, NID_X448, @@ -5019,11 +6072,13 @@ static int test_ecx_short_keys(int tst) return 1; } +#endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_CONTEXT, + OPT_CONFIG_FILE, OPT_TEST_ENUM } OPTION_CHOICE; @@ -5032,12 +6087,14 @@ const OPTIONS *test_get_options(void) static const OPTIONS options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the libctx" }, { NULL } }; return options; } -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX /* Test that trying to sign with a public key errors out gracefully */ static int test_ecx_not_private_key(int tst) { @@ -5048,21 +6105,22 @@ static int test_ecx_not_private_key(int tst) EVP_MD_CTX *ctx = NULL; unsigned char *mac = NULL; size_t maclen = 0; - unsigned char *pubkey; + const uint8_t *pubkey; size_t pubkeylen; switch (keys[tst].type) { case NID_X25519: case NID_X448: - return TEST_skip("signing not supported for X25519/X448"); + case NID_undef: + return TEST_skip("signing not supported for X25519/X448/ML-KEM"); } /* Check if this algorithm supports public keys */ if (keys[tst].pub == NULL) return TEST_skip("no public key present"); - pubkey = (unsigned char *)keys[tst].pub; - pubkeylen = strlen(keys[tst].pub); + pubkey = keys[tst].pub; + pubkeylen = keys[tst].publen; pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), NULL, pubkey, pubkeylen); @@ -5102,7 +6160,66 @@ static int test_ecx_not_private_key(int tst) return testresult; } -#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_ECX */ + +static int test_sign_continuation(void) +{ + OSSL_PROVIDER *fake_rsa = NULL; + int testresult = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX *mctx = NULL; + const char sigbuf[] = "To Be Signed"; + unsigned char signature[256]; + size_t siglen = 256; + static int nodupnum = 1; + static const OSSL_PARAM nodup_params[] = { + OSSL_PARAM_int("NO_DUP", &nodupnum), + OSSL_PARAM_END + }; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx))) + return 0; + + /* Construct a pkey using precise propq to use our provider */ + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(pctx)) + || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL)) + || !TEST_ptr(pkey)) + goto end; + + /* First test it continues (classic behavior) */ + if (!TEST_ptr(mctx = EVP_MD_CTX_new()) + || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, + NULL, pkey, NULL)) + || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) + || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) + || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) + || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))) + goto end; + + EVP_MD_CTX_free(mctx); + + /* try again but failing the continuation */ + if (!TEST_ptr(mctx = EVP_MD_CTX_new()) + || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx, + NULL, pkey, nodup_params)) + || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) + || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)) + || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf))) + || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen))) + goto end; + + testresult = 1; + +end: + EVP_MD_CTX_free(mctx); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + fake_rsa_finish(fake_rsa); + return testresult; +} static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, const unsigned char *gcm_iv, size_t gcm_ivlen, @@ -5370,8 +6487,223 @@ static int test_invalid_ctx_for_digest(void) return ret; } +static int test_evp_cipher_pipeline(void) +{ + OSSL_PROVIDER *fake_pipeline = NULL; + int testresult = 0; + EVP_CIPHER *cipher = NULL; + EVP_CIPHER *pipeline_cipher = NULL; + EVP_CIPHER_CTX *ctx = NULL; + unsigned char key[32]; + size_t keylen = 32; + size_t ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_FIXED_IV_LEN; + size_t taglen = EVP_GCM_TLS_TAG_LEN; + unsigned char *iv_array[EVP_MAX_PIPES], *tag_array[EVP_MAX_PIPES]; + unsigned char *plaintext_array[EVP_MAX_PIPES]; + unsigned char *ciphertext_array_p[EVP_MAX_PIPES]; + void **aead_tags = (void **)&tag_array; + unsigned char *temp[EVP_MAX_PIPES]; + size_t outsize_array[EVP_MAX_PIPES], outlen_array[EVP_MAX_PIPES]; + size_t ciphertextlen_array[EVP_MAX_PIPES]; + size_t inlen_array[EVP_MAX_PIPES]; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned char *ciphertext, *exp_plaintext, *tag; + size_t numpipes, plaintextlen, i; + + if (!TEST_ptr(fake_pipeline = fake_pipeline_start(testctx))) + return 0; + if (!TEST_ptr(pipeline_cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", + "provider=fake-pipeline")) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", + "provider!=fake-pipeline")) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto end; + memset(key, 0x01, sizeof(key)); + + /* Negative tests */ + if (!TEST_false(EVP_CIPHER_can_pipeline(cipher, 1))) + goto end; + if (!TEST_false(EVP_CIPHER_can_pipeline(EVP_aes_256_gcm(), 1))) + goto end; + if (!TEST_false(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, + key, keylen, + EVP_MAX_PIPES + 1, NULL, 0))) + goto end; + + /* Positive tests */ + for (numpipes = 1; numpipes <= EVP_MAX_PIPES; numpipes++) { + for (plaintextlen = 1; plaintextlen <= 256; plaintextlen++) { + size_t ciphertextlen = 0; + int outlen = 0; + + /* Cleanup to be able to error out */ + memset(iv_array, 0, sizeof(iv_array)); + memset(plaintext_array, 0, sizeof(plaintext_array)); + memset(ciphertext_array_p, 0, sizeof(ciphertext_array_p)); + memset(tag_array, 0, sizeof(tag_array)); + ciphertext = NULL; + exp_plaintext = NULL; + tag = NULL; + + /* Allocate fresh buffers with exact size to catch buffer overwrites */ + for (i = 0; i < numpipes; i++) { + if (!TEST_ptr(iv_array[i] = OPENSSL_malloc(ivlen)) + || !TEST_ptr(plaintext_array[i] = OPENSSL_malloc(plaintextlen)) + || !TEST_ptr(ciphertext_array_p[i] = + OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) + || !TEST_ptr(tag_array[i] = OPENSSL_malloc(taglen))) + goto err; + + memset(iv_array[i], i + 33, ivlen); + memset(plaintext_array[i], i + 1, plaintextlen); + inlen_array[i] = plaintextlen; + outlen_array[i] = 0; + ciphertextlen_array[i] = 0; + outsize_array[i] = plaintextlen + EVP_MAX_BLOCK_LENGTH; + } + if (!TEST_ptr(ciphertext = + OPENSSL_malloc(plaintextlen + EVP_MAX_BLOCK_LENGTH)) + || !TEST_ptr(tag = OPENSSL_malloc(taglen)) + || !TEST_ptr(exp_plaintext = OPENSSL_malloc(plaintextlen))) + goto err; + + /* Encrypt using pipeline API */ + if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) + || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 1)) + || !TEST_true(EVP_CipherPipelineEncryptInit(ctx, pipeline_cipher, + key, keylen, numpipes, + (const unsigned char **)iv_array, + ivlen)) + /* reuse plaintext for AAD as it won't affect test */ + || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, + (const unsigned char **)plaintext_array, + inlen_array)) + || !TEST_true(EVP_CipherPipelineUpdate(ctx, ciphertext_array_p, + outlen_array, outsize_array, + (const unsigned char **)plaintext_array, + inlen_array))) + goto err; + + for (i = 0; i < numpipes; i++) { + ciphertextlen_array[i] = outlen_array[i]; + temp[i] = ciphertext_array_p[i] + ciphertextlen_array[i]; + outsize_array[i] = outsize_array[i] - ciphertextlen_array[i]; + } + + if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) + goto err; + + for (i = 0; i < numpipes; i++) + ciphertextlen_array[i] += outlen_array[i]; + + params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, + (void **)&aead_tags, taglen); + if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) + goto err; + + /* Encrypt using non-pipeline API and compare */ + if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))) + goto err; + + for (i = 0; i < numpipes; i++) { + if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, iv_array[i])) + || !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, + plaintext_array[i], + plaintextlen)) + || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &outlen, + plaintext_array[i], + plaintextlen))) + goto err; + ciphertextlen = outlen; + + if (!TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &outlen))) + goto err; + ciphertextlen += outlen; + + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + (void *)tag, taglen); + if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) + goto err; + + if (!TEST_mem_eq(ciphertext_array_p[i], ciphertextlen_array[i], + ciphertext, ciphertextlen) + || !TEST_mem_eq(tag_array[i], taglen, tag, taglen)) + goto err; + } + + for (i = 0; i < numpipes; i++) + outsize_array[i] = plaintextlen; + + /* Decrypt using pipeline API and compare */ + params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG, + (void **)&aead_tags, taglen); + if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) + || !TEST_true(EVP_CIPHER_can_pipeline(pipeline_cipher, 0)) + || !TEST_true(EVP_CipherPipelineDecryptInit(ctx, pipeline_cipher, + key, keylen, numpipes, + (const unsigned char **)iv_array, + ivlen)) + || !TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) + || !TEST_true(EVP_CipherPipelineUpdate(ctx, NULL, outlen_array, NULL, + (const unsigned char **)plaintext_array, + inlen_array)) + || !TEST_true(EVP_CipherPipelineUpdate(ctx, plaintext_array, + outlen_array, outsize_array, + (const unsigned char **)ciphertext_array_p, + ciphertextlen_array))) + goto err; + + for (i = 0; i < numpipes; i++) { + temp[i] = plaintext_array[i] + outlen_array[i]; + outsize_array[i] = outsize_array[i] - outlen_array[i]; + } + + if (!TEST_true(EVP_CipherPipelineFinal(ctx, temp, outlen_array, outsize_array))) + goto err; + + for (i = 0; i < numpipes; i++) { + memset(exp_plaintext, i + 1, plaintextlen); + if (!TEST_mem_eq(plaintext_array[i], plaintextlen, + exp_plaintext, plaintextlen)) + goto err; + } + + for (i = 0; i < numpipes; i++) { + OPENSSL_free(iv_array[i]); + OPENSSL_free(plaintext_array[i]); + OPENSSL_free(ciphertext_array_p[i]); + OPENSSL_free(tag_array[i]); + } + OPENSSL_free(exp_plaintext); + OPENSSL_free(ciphertext); + OPENSSL_free(tag); + } + } + + testresult = 1; + goto end; + +err: + for (i = 0; i < numpipes; i++) { + OPENSSL_free(iv_array[i]); + OPENSSL_free(plaintext_array[i]); + OPENSSL_free(ciphertext_array_p[i]); + OPENSSL_free(tag_array[i]); + } + OPENSSL_free(exp_plaintext); + OPENSSL_free(ciphertext); + OPENSSL_free(tag); +end: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(cipher); + EVP_CIPHER_free(pipeline_cipher); + fake_pipeline_finish(fake_pipeline); + return testresult; +} + int setup_tests(void) { + char *config_file = NULL; OPTION_CHOICE o; while ((o = opt_next()) != OPT_EOF) { @@ -5382,18 +6714,25 @@ int setup_tests(void) if (!TEST_ptr(testctx)) return 0; #ifdef STATIC_LEGACY - /* - * This test is always statically linked against libcrypto. We must not - * attempt to load legacy.so that might be dynamically linked against - * libcrypto. Instead we use a built-in version of the legacy provider. - */ - if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) - return 0; + /* + * This test is always statically linked against libcrypto. We must not + * attempt to load legacy.so that might be dynamically linked against + * libcrypto. Instead we use a built-in version of the legacy provider. + */ + if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) + return 0; #endif /* Swap the libctx to test non-default context only */ nullprov = OSSL_PROVIDER_load(NULL, "null"); deflprov = OSSL_PROVIDER_load(testctx, "default"); +#ifndef OPENSSL_SYS_TANDEM lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); +#endif + break; + case OPT_CONFIG_FILE: + config_file = opt_arg(); + if (!test_get_libctx(&testctx, &nullprov, config_file, NULL, NULL)) + return 0; break; case OPT_TEST_CASES: break; @@ -5402,9 +6741,17 @@ int setup_tests(void) } } + if (config_file != NULL) { + ADD_TEST(test_EVP_set_config_properties); + return 1; + } + ADD_TEST(test_EVP_set_default_properties); ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); ADD_TEST(test_EVP_DigestVerifyInit); +#ifndef OPENSSL_NO_EC + ADD_TEST(test_ecdsa_digestsign_keccak); +#endif #ifndef OPENSSL_NO_SIPHASH ADD_TEST(test_siphash_digestsign); #endif @@ -5418,6 +6765,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); ADD_TEST(test_privatekey_to_pkcs8); ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); + ADD_ALL_TESTS(test_EVP_PKCS82PKEY_v2, OSSL_NELEM(keydata_v2)); #ifndef OPENSSL_NO_EC ADD_TEST(test_EVP_PKCS82PKEY); #endif @@ -5459,6 +6807,9 @@ int setup_tests(void) ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); ADD_TEST(test_RSA_OAEP_set_null_label); +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ADD_TEST(test_RSA_legacy); +#endif #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ADD_TEST(test_decrypt_null_chunks); #endif @@ -5470,8 +6821,10 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_EC ADD_TEST(test_EC_priv_pub); + ADD_TEST(test_evp_get_ec_pub); # ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_EC_priv_only_legacy); + ADD_TEST(test_evp_get_ec_pub_legacy); # endif #endif ADD_ALL_TESTS(test_keygen_with_empty_template, 2); @@ -5487,6 +6840,7 @@ int setup_tests(void) #endif ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); ADD_TEST(test_EVP_rsa_pss_set_saltlen); + ADD_TEST(test_EVP_rsa_invalid_key); #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); #endif @@ -5521,12 +6875,13 @@ int setup_tests(void) # endif #endif +#ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); - -#ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); #endif + ADD_TEST(test_sign_continuation); + /* Test cases for CVE-2023-5363 */ ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); #ifndef OPENSSL_NO_RC4 @@ -5535,6 +6890,8 @@ int setup_tests(void) ADD_TEST(test_invalid_ctx_for_digest); + ADD_TEST(test_evp_cipher_pipeline); + return 1; } @@ -5542,6 +6899,8 @@ void cleanup_tests(void) { OSSL_PROVIDER_unload(nullprov); OSSL_PROVIDER_unload(deflprov); +#ifndef OPENSSL_SYS_TANDEM OSSL_PROVIDER_unload(lgcyprov); +#endif OSSL_LIB_CTX_free(testctx); } diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index 06a6683ef9b7..90690bbeb52f 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -27,6 +27,14 @@ #include "testutil.h" #include "internal/nelem.h" +#include "crypto/evp.h" +#include "../crypto/evp/evp_local.h" + +/* Defined in tls-provider.c */ +int tls_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); static OSSL_LIB_CTX *mainctx = NULL; static OSSL_PROVIDER *nullprov = NULL; @@ -231,12 +239,14 @@ static const unsigned char kExampleECKey2DER[] = { 0x96, 0x69, 0xE0, 0x04, 0xCB, 0x89, 0x0B, 0x42 }; +# ifndef OPENSSL_NO_ECX static const unsigned char kExampleECXKey2DER[] = { 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 0x04, 0x22, 0x04, 0x20, 0xc8, 0xa9, 0xd5, 0xa9, 0x10, 0x91, 0xad, 0x85, 0x1c, 0x66, 0x8b, 0x07, 0x36, 0xc1, 0xc9, 0xa0, 0x29, 0x36, 0xc0, 0xd3, 0xad, 0x62, 0x67, 0x08, 0x58, 0x08, 0x80, 0x47, 0xba, 0x05, 0x74, 0x75 }; +# endif #endif typedef struct APK_DATA_st { @@ -249,7 +259,9 @@ static APK_DATA keydata[] = { {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX {kExampleECXKey2DER, sizeof(kExampleECXKey2DER), EVP_PKEY_X25519}, +# endif {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}, {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC}, #endif @@ -389,9 +401,139 @@ static int test_dh_paramgen(void) return ret; } +static int set_fromdata_string(EVP_PKEY_CTX *ctx, const char *name, char *value) +{ + int ret; + OSSL_PARAM params[2]; + EVP_PKEY *pkey = NULL; + + if (EVP_PKEY_fromdata_init(ctx) != 1) + return -1; + params[0] = OSSL_PARAM_construct_utf8_string(name, value, 0); + params[1] = OSSL_PARAM_construct_end(); + ret = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params); + EVP_PKEY_free(pkey); + return ret; +} + +static int set_fromdata_uint(EVP_PKEY_CTX *ctx, const char *name) +{ + int ret; + unsigned int tmp = 0; + OSSL_PARAM params[2]; + EVP_PKEY *pkey = NULL; + + if (EVP_PKEY_fromdata_init(ctx) != 1) + return -1; + params[0] = OSSL_PARAM_construct_uint(name, &tmp); + params[1] = OSSL_PARAM_construct_end(); + ret = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params); + EVP_PKEY_free(pkey); + return ret; +} + +static int test_dh_paramfromdata(void) +{ + EVP_PKEY_CTX *ctx = NULL; + int ret = 0; + + /* Test failure paths for FFC - mainly due to setting the wrong param type */ + ret = TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(mainctx, "DH", NULL)) + && TEST_int_eq(set_fromdata_uint(ctx, OSSL_PKEY_PARAM_GROUP_NAME), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_GROUP_NAME, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_P, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_GINDEX, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_PCOUNTER, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_COFACTOR, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_H, "bad"), 0) + && TEST_int_eq(set_fromdata_uint(ctx, OSSL_PKEY_PARAM_FFC_SEED), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_VALIDATE_G, "bad"), 0) + && TEST_int_eq(set_fromdata_string(ctx, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY, "bad"), 0) + && TEST_int_eq(set_fromdata_uint(ctx, OSSL_PKEY_PARAM_FFC_DIGEST), 0); + + EVP_PKEY_CTX_free(ctx); + return ret; +} + #endif +/* Test that calling EVP_PKEY_Q_keygen() for a non-standard keytype works as expected */ +static int test_new_keytype(void) +{ + int ret = 0; + EVP_PKEY *key = NULL; + OSSL_PROVIDER *tlsprov = NULL; + EVP_PKEY_CTX *ctx = NULL; + size_t outlen, secretlen, secretlen2; + unsigned char *out = NULL, *secret = NULL, *secret2 = NULL; + + /* without tls-provider key should not be create-able */ + if (TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "XOR"))) + goto err; + /* prepare & load tls-provider */ + if (!TEST_true(OSSL_PROVIDER_add_builtin(mainctx, "tls-provider", + tls_provider_init)) + || !TEST_ptr(tlsprov = OSSL_PROVIDER_load(mainctx, "tls-provider"))) + goto err; + /* now try creating key again, should work this time */ + if (!TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "XOR"))) + goto err; + /* now do encaps/decaps to validate all is good */ + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(key, NULL)) + || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) + || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &outlen, NULL, &secretlen), 1)) + goto err; + out = OPENSSL_malloc(outlen); + secret = OPENSSL_malloc(secretlen); + secret2 = OPENSSL_malloc(secretlen); + if (out == NULL || secret == NULL || secret2 == NULL + || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, out, &outlen, secret, &secretlen), 1) + || !TEST_int_eq(EVP_PKEY_decapsulate_init(ctx, NULL), 1) + || !TEST_int_eq(EVP_PKEY_decapsulate(ctx, secret2, &secretlen2, out, outlen), 1) + || !TEST_mem_eq(secret, secretlen, secret2, secretlen2)) + goto err; + ret = OSSL_PROVIDER_unload(tlsprov); + +err: + OPENSSL_free(out); + OPENSSL_free(secret); + OPENSSL_free(secret2); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(key); + return ret; +} + #ifndef OPENSSL_NO_EC + +static int test_ec_d2i_i2d_pubkey(void) +{ + int ret = 0; + FILE *fp = NULL; + EVP_PKEY *key = NULL, *outkey = NULL; + static const char *filename = "pubkey.der"; + + if (!TEST_ptr(fp = fopen(filename, "wb")) + || !TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "EC", "P-256")) + || !TEST_true(i2d_PUBKEY_fp(fp, key)) + || !TEST_int_eq(fclose(fp), 0)) + goto err; + fp = NULL; + + if (!TEST_ptr(fp = fopen(filename, "rb")) + || !TEST_ptr(outkey = d2i_PUBKEY_ex_fp(fp, NULL, mainctx, NULL)) + || !TEST_int_eq(EVP_PKEY_eq(key, outkey), 1)) + goto err; + + ret = 1; + +err: + EVP_PKEY_free(outkey); + EVP_PKEY_free(key); + fclose(fp); + return ret; +} + static int test_ec_tofrom_data_select(void) { int ret; @@ -403,6 +545,7 @@ static int test_ec_tofrom_data_select(void) return ret; } +# ifndef OPENSSL_NO_ECX static int test_ecx_tofrom_data_select(void) { int ret; @@ -413,6 +556,7 @@ static int test_ecx_tofrom_data_select(void) EVP_PKEY_free(key); return ret; } +# endif #endif #ifndef OPENSSL_NO_SM2 @@ -1177,6 +1321,21 @@ static int test_rsa_pss_sign(void) return ret; } +static int test_evp_md_ctx_dup(void) +{ + EVP_MD_CTX *mdctx; + EVP_MD_CTX *copyctx = NULL; + int ret; + + /* test copying freshly initialized context */ + ret = TEST_ptr(mdctx = EVP_MD_CTX_new()) + && TEST_ptr(copyctx = EVP_MD_CTX_dup(mdctx)); + + EVP_MD_CTX_free(mdctx); + EVP_MD_CTX_free(copyctx); + return ret; +} + static int test_evp_md_ctx_copy(void) { EVP_MD_CTX *mdctx = NULL; @@ -1193,6 +1352,46 @@ static int test_evp_md_ctx_copy(void) return ret; } +static int test_evp_md_ctx_copy2(void) +{ + int ret = 0; + EVP_MD *md = NULL; + OSSL_LIB_CTX *ctx = NULL; + EVP_MD_CTX *inctx = NULL, *outctx = NULL; + void *origin_algctx = NULL; + + if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) + goto end; + + inctx = EVP_MD_CTX_new(); + outctx = EVP_MD_CTX_new(); + + if (!TEST_ptr(inctx) || !TEST_ptr(outctx)) + goto end; + + /* init inctx and outctx, now the contexts are from same providers */ + if (!TEST_true(EVP_DigestInit_ex2(inctx, md, NULL))) + goto end; + if (!TEST_true(EVP_DigestInit_ex2(outctx, md, NULL))) + goto end; + + /* + * Test the EVP_MD_CTX_copy_ex function. After copying, + * outctx->algctx should be the same as the original. + */ + origin_algctx = outctx->algctx; + ret = TEST_true(EVP_MD_CTX_copy_ex(outctx, inctx)) + && TEST_true(outctx->algctx == origin_algctx); + +end: + EVP_MD_free(md); + EVP_MD_CTX_free(inctx); + EVP_MD_CTX_free(outctx); + OSSL_LIB_CTX_free(ctx); + return ret; +} + #if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_MD5 static int test_evp_pbe_alg_add(void) { @@ -1250,10 +1449,14 @@ int setup_tests(void) ADD_TEST(evp_test_name_parsing); ADD_TEST(test_alternative_default); ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata)); + ADD_TEST(test_new_keytype); #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 2); ADD_TEST(test_ec_tofrom_data_select); +# ifndef OPENSSL_NO_ECX ADD_TEST(test_ecx_tofrom_data_select); +# endif + ADD_TEST(test_ec_d2i_i2d_pubkey); #else ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 1); #endif @@ -1268,6 +1471,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_DH ADD_TEST(test_dh_tofrom_data_select); ADD_TEST(test_dh_paramgen); + ADD_TEST(test_dh_paramfromdata); #endif ADD_TEST(test_rsa_tofrom_data_select); @@ -1280,7 +1484,9 @@ int setup_tests(void) ADD_ALL_TESTS(test_PEM_read_bio_negative, OSSL_NELEM(keydata)); ADD_ALL_TESTS(test_PEM_read_bio_negative_wrong_password, 2); ADD_TEST(test_rsa_pss_sign); + ADD_TEST(test_evp_md_ctx_dup); ADD_TEST(test_evp_md_ctx_copy); + ADD_TEST(test_evp_md_ctx_copy2); ADD_ALL_TESTS(test_provider_unload_effective, 2); #if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_MD5 ADD_TEST(test_evp_pbe_alg_add); diff --git a/test/evp_fetch_prov_test.c b/test/evp_fetch_prov_test.c index d237082bdcc0..876d6ccc0a3d 100644 --- a/test/evp_fetch_prov_test.c +++ b/test/evp_fetch_prov_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -121,6 +121,27 @@ static void unload_providers(OSSL_LIB_CTX **libctx, OSSL_PROVIDER *prov[]) } } +static int test_legacy_provider_unloaded(void) +{ + OSSL_LIB_CTX *ctx = NULL; + int rc = 0; + + ctx = OSSL_LIB_CTX_new(); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, config_file))) + goto err; + + if (!TEST_int_eq(OSSL_PROVIDER_available(ctx, "legacy"), 0)) + goto err; + + rc = 1; +err: + OSSL_LIB_CTX_free(ctx); + return rc; +} + static X509_ALGOR *make_algor(int nid) { X509_ALGOR *algor; @@ -212,7 +233,7 @@ static int test_explicit_EVP_MD_fetch_by_X509_ALGOR(int idx) int ret = 0; X509_ALGOR *algor = make_algor(NID_sha256); const ASN1_OBJECT *obj; - char id[OSSL_MAX_NAME_SIZE]; + char id[OSSL_MAX_NAME_SIZE] = { 0 }; if (algor == NULL) return 0; @@ -328,7 +349,7 @@ static int test_explicit_EVP_CIPHER_fetch_by_X509_ALGOR(int idx) int ret = 0; X509_ALGOR *algor = make_algor(NID_aes_128_cbc); const ASN1_OBJECT *obj; - char id[OSSL_MAX_NAME_SIZE]; + char id[OSSL_MAX_NAME_SIZE] = { 0 }; if (algor == NULL) return 0; @@ -379,6 +400,7 @@ int setup_tests(void) return 0; } } + ADD_TEST(test_legacy_provider_unloaded); if (strcmp(alg, "digest") == 0) { ADD_TEST(test_implicit_EVP_MD_fetch); ADD_TEST(test_explicit_EVP_MD_fetch_by_name); diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 0ee1aaea6f37..721b495ef09f 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -273,9 +273,9 @@ static int do_kdf_hkdf_gettables(int expand_only, int has_digest) goto err; } - /* Get params returns -2 if an unsupported parameter is requested */ + /* Get params returns 1 if an unsupported parameter is requested */ params_get[0] = OSSL_PARAM_construct_end(); - if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2)) + if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)) goto err; ret = 1; err: @@ -1123,9 +1123,9 @@ static int test_kdf_kbkdf_6803_256(void) #endif static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key, - size_t keylen, char *salt, char *info) + size_t keylen, char *salt, char *info, int *r) { - OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7); + OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8); OSSL_PARAM *p = params; if (params == NULL) @@ -1143,6 +1143,8 @@ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char OSSL_KDF_PARAM_SALT, salt, strlen(salt)); *p++ = OSSL_PARAM_construct_octet_string( OSSL_KDF_PARAM_INFO, info, strlen(info)); + *p++ = OSSL_PARAM_construct_int( + OSSL_KDF_PARAM_KBKDF_R, r); *p = OSSL_PARAM_construct_end(); return params; @@ -1155,8 +1157,9 @@ static int test_kdf_kbkdf_invalid_digest(void) OSSL_PARAM *params; static unsigned char key[] = {0x01}; + int r = 32; - params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); + params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r); if (!TEST_ptr(params)) return 0; @@ -1177,8 +1180,9 @@ static int test_kdf_kbkdf_invalid_mac(void) OSSL_PARAM *params; static unsigned char key[] = {0x01}; + int r = 32; - params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); + params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r); if (!TEST_ptr(params)) return 0; @@ -1192,6 +1196,30 @@ static int test_kdf_kbkdf_invalid_mac(void) return ret; } +static int test_kdf_kbkdf_invalid_r(void) +{ + int ret; + EVP_KDF_CTX *kctx; + OSSL_PARAM *params; + + static unsigned char key[] = {0x01}; + int r = 31; + + params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); + if (!TEST_ptr(params)) + return 0; + + /* Negative test case - derive should fail */ + kctx = get_kdfbyname("KBKDF"); + ret = TEST_ptr(kctx) + && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); + + EVP_KDF_CTX_free(kctx); + OPENSSL_free(params); + return ret; +} + + static int test_kdf_kbkdf_empty_key(void) { int ret; @@ -1200,8 +1228,9 @@ static int test_kdf_kbkdf_empty_key(void) static unsigned char key[] = {0x01}; unsigned char result[32] = { 0 }; + int r = 32; - params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); + params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r); if (!TEST_ptr(params)) return 0; @@ -1224,8 +1253,9 @@ static int test_kdf_kbkdf_1byte_key(void) static unsigned char key[] = {0x01}; unsigned char result[32] = { 0 }; + int r = 32; - params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); + params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); if (!TEST_ptr(params)) return 0; @@ -1246,8 +1276,9 @@ static int test_kdf_kbkdf_zero_output_size(void) static unsigned char key[] = {0x01}; unsigned char result[32] = { 0 }; + int r = 32; - params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); + params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); if (!TEST_ptr(params)) return 0; @@ -1353,7 +1384,6 @@ static int test_kdf_kbkdf_8009_prf2(void) * Test vector taken from * https://csrc.nist.gov/CSRC/media/Projects/ * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip - * Note: Only 32 bit counter is supported ([RLEN=32_BITS]) */ static int test_kdf_kbkdf_fixedinfo(void) { @@ -1409,6 +1439,158 @@ static int test_kdf_kbkdf_fixedinfo(void) } #endif /* OPENSSL_NO_CMAC */ +static int test_kdf_kbkdf_kmac(void) +{ + int ret; + EVP_KDF_CTX *kctx; + OSSL_PARAM params[5], *p = params; + static char *mac = "KMAC256"; + + static unsigned char input_key[] = { + 0xDD, 0x81, 0xEF, 0xC8, 0x2C, 0xDD, 0xEC, 0x51, + 0xC4, 0x09, 0xBD, 0x8C, 0xCB, 0xAF, 0x94, 0xF6, + 0x5F, 0xFA, 0x7B, 0x92, 0xF1, 0x11, 0xF9, 0x40, + 0x2B, 0x0D, 0x6A, 0xE0, 0x5E, 0x44, 0x92, 0x34, + 0xF0, 0x3B, 0xBA, 0xF5, 0x4F, 0xEF, 0x19, 0x45, + 0xDA + }; + static unsigned char context[] = { + 0x81, 0xA1, 0xFE, 0x39, 0x91, 0xEE, 0x3F, 0xD3, + 0x90, 0x4E, 0x82, 0xE6, 0x13, 0x20, 0xEC, 0x6B, + 0x6E, 0x14, 0x0B, 0xBA, 0x95, 0x5D, 0x0B, 0x52, + 0x8E, 0x27, 0x67, 0xB3, 0xE0, 0x77, 0x05, 0x15, + 0xBD, 0x78, 0xF6, 0xE8, 0x8A, 0x7D, 0x9B, 0x08, + 0x20, 0x0F, 0xE9, 0x8D, 0xD6, 0x24, 0x67, 0xE2, + 0xCC, 0x6D, 0x42, 0xE6, 0x60, 0x50, 0x20, 0x77, + 0x89, 0x89, 0xB7, 0x2D, 0xF7, 0x5F, 0xE2, 0x79, + 0xDB, 0x58, 0x0B, 0x7B, 0x02, 0xB9, 0xD9, 0xB0, + 0xFA, 0x6B, 0x0B, 0xB6, 0xD4, 0x95, 0xDB, 0x46, + 0x55, 0x5F, 0x12, 0xC3, 0xF0, 0xE0, 0x6E, 0xC8, + 0xF4, 0xF8, 0xA1, 0x64, 0x2E, 0x96, 0x74, 0x2B, + 0xC6, 0xBD, 0x22, 0xB1, 0x6A, 0xBC, 0x41, 0xDF, + 0x30, 0x32, 0xC7, 0xCE, 0x18, 0x14, 0x70, 0x2A, + 0xED, 0xE5, 0xC4, 0x6B, 0x8A, 0xA8, 0x36, 0xFD, + 0x0A, 0x76, 0x38, 0x44, 0x98, 0x0A, 0xE3, 0xC2, + 0x3A, 0x24, 0xCB, 0x45, 0xBF, 0xC9, 0x2C, 0x19, + 0xCB, 0x9D, 0x6C, 0x27, 0xDE, 0x78, 0x3E, 0x2C, + 0x3D, 0x39, 0x6E, 0x11, 0x59, 0xAE, 0x4F, 0x91, + 0x03, 0xE2, 0x7B, 0x97, 0xD6, 0x0C, 0x7D, 0x9D, + 0x5A, 0xA5, 0x47, 0x57, 0x41, 0xAD, 0x64, 0x5B, + 0xF7, 0x1D, 0x1A, 0xDA, 0x3A, 0x39, 0xDF, 0x85, + 0x0D, 0x0F, 0x50, 0x15, 0xA7, 0x3D, 0x68, 0x81, + 0x7B, 0x0D, 0xF2, 0x24, 0x24, 0x23, 0x37, 0xE5, + 0x77, 0xA6, 0x61, 0xBE, 0xFE, 0x4B, 0x3B, 0x8E, + 0x4F, 0x15, 0x4F, 0xC1, 0x30, 0xCB, 0x9E, 0xF5, + 0x06, 0x9F, 0xBB, 0x0E, 0xF2, 0xF4, 0x43, 0xBB, + 0x64, 0x45, 0xA3, 0x7D, 0x3B, 0xB4, 0x70, 0x47, + 0xDF, 0x4A, 0xA5, 0xD9, 0x2F, 0xE6, 0x25, 0xC8, + 0x1D, 0x43, 0x0A, 0xEA, 0xF9, 0xCC, 0xC7, 0x1F, + 0x8A, 0x2D, 0xD8, 0x95, 0x6B, 0x16, 0x30, 0x1D, + 0x80, 0x90, 0xA4, 0x23, 0x14, 0x59, 0xD1, 0x5A, + 0x00, 0x48, 0x8D, 0xF7, 0xEA, 0x29, 0x23, 0xDF, + 0x35, 0x26, 0x25, 0x22, 0x12, 0xC4, 0x4C, 0x09, + 0x69, 0xB8, 0xD6, 0x0C, 0x0E, 0x71, 0x90, 0x6C, + 0x42, 0x90, 0x02, 0x53, 0xC5, 0x5A, 0xEF, 0x42, + 0x66, 0x1D, 0xAF, 0x45, 0xD5, 0x31, 0xD7, 0x61, + 0x3A, 0xE6, 0x06, 0xFB, 0x83, 0x72, 0xAD, 0x82, + 0xE3, 0x6A, 0x7E, 0x03, 0x9B, 0x37, 0x77, 0xAF, + 0x8D, 0x63, 0x28, 0xC2, 0x8A, 0x5E, 0xC6, 0x3B, + 0x22, 0xA8, 0x94, 0xC0, 0x46, 0x2F, 0x73, 0xE7, + 0xBB, 0x72, 0x44, 0x85, 0x20, 0x1D, 0xD0, 0x6A, + 0x52, 0x8C, 0xB1, 0x8B, 0x96, 0x11, 0xEB, 0xFB, + 0xDD, 0xF5, 0x74, 0x49, 0x19, 0x93, 0xD3, 0x7F, + 0x6C, 0x27, 0x19, 0x54, 0xDD, 0x00, 0x0F, 0x95, + 0xF6, 0x14, 0x15, 0x87, 0x32, 0x54, 0xA5, 0x02, + 0xAD, 0x41, 0x55, 0x5E, 0xDD, 0x32, 0x62, 0x3B, + 0xFC, 0x71, 0xC1, 0x56, 0xC4, 0x6A, 0xFC, 0xD0, + 0xF9, 0x77, 0xDA, 0xC5, 0x20, 0x7D, 0xAC, 0xA8, + 0xEB, 0x8F, 0xBE, 0xF9, 0x4D, 0xE8, 0x6D, 0x9E, + 0x4C, 0x39, 0xB3, 0x15, 0x63, 0xCD, 0xF6, 0x46, + 0xEC, 0x3A, 0xD2, 0x89, 0xA9, 0xFA, 0x24, 0xB4, + 0x0E, 0x62, 0x6F, 0x9F, 0xF3, 0xF1, 0x3C, 0x61, + 0x57, 0xB9, 0x2C, 0xD4, 0x78, 0x4F, 0x76, 0xCF, + 0xFB, 0x6A, 0x51, 0xE8, 0x1E, 0x0A, 0x33, 0x69, + 0x16, 0xCD, 0xB7, 0x5C, 0xDF, 0x03, 0x62, 0x17, + 0x63, 0x37, 0x49, 0xC3, 0xB7, 0x68, 0x09, 0x9E, + 0x22, 0xD2, 0x20, 0x96, 0x37, 0x0D, 0x13, 0xA4, + 0x96, 0xB1, 0x8D, 0x0B, 0x12, 0x87, 0xEB, 0x57, + 0x25, 0x27, 0x08, 0xFC, 0x90, 0x5E, 0x33, 0x77, + 0x50, 0x63, 0xE1, 0x8C, 0xF4, 0x0C, 0x80, 0x89, + 0x76, 0x63, 0x70, 0x0A, 0x61, 0x59, 0x90, 0x1F, + 0xC9, 0x47, 0xBA, 0x12, 0x7B, 0xB2, 0x7A, 0x44, + 0xC3, 0x3D, 0xD0, 0x38, 0xF1, 0x7F, 0x02, 0x92 + }; + static unsigned char label[] = { + 0xA5, 0xDE, 0x2A, 0x0A, 0xF0, 0xDA, 0x59, 0x04, + 0xCC, 0xFF, 0x50, 0xD3, 0xA5, 0xD2, 0xDE, 0xA3, + 0x33, 0xC0, 0x27, 0xED, 0xDC, 0x6A, 0x54, 0x54, + 0x95, 0x78, 0x74, 0x0D, 0xE7, 0xB7, 0x92, 0xD6, + 0x64, 0xD5, 0xFB, 0x1F, 0x0F, 0x87, 0xFD, 0x65, + 0x79, 0x8B, 0x81, 0x83, 0x95, 0x40, 0x7A, 0x19, + 0x8D, 0xCA, 0xE0, 0x4A, 0x93, 0xA8 + }; + static unsigned char output[] = { + 0xB5, 0x61, 0xE3, 0x7D, 0x06, 0xD5, 0x34, 0x80, + 0x74, 0x61, 0x16, 0x08, 0x6F, 0x89, 0x6F, 0xB1, + 0x43, 0xAF, 0x61, 0x28, 0x93, 0xD8, 0xDF, 0xF6, + 0xB6, 0x23, 0x43, 0x68, 0xE4, 0x84, 0xF3, 0xED, + 0x50, 0xB6, 0x81, 0x6D, 0x50, 0xF4, 0xAF, 0xF2, + 0xA5, 0x50, 0x7E, 0x25, 0xBF, 0x05, 0xBE, 0xE7, + 0x07, 0xB0, 0x95, 0xC3, 0x04, 0x38, 0xB4, 0xF9, + 0xC1, 0x1E, 0x96, 0x08, 0xF4, 0xC9, 0x05, 0x54, + 0x4A, 0xB6, 0x81, 0x92, 0x5B, 0x34, 0x8A, 0x45, + 0xDD, 0x7D, 0x98, 0x51, 0x1F, 0xD9, 0x90, 0x23, + 0x59, 0x97, 0xA2, 0x4E, 0x43, 0x49, 0xEB, 0x4E, + 0x86, 0xEC, 0x20, 0x3C, 0x31, 0xFF, 0x49, 0x55, + 0x49, 0xF5, 0xF5, 0x16, 0x79, 0xD9, 0x1C, 0x8E, + 0x6E, 0xB3, 0x1C, 0xAF, 0xC8, 0xAB, 0x3A, 0x5A, + 0xCE, 0xB1, 0xBD, 0x59, 0x69, 0xEE, 0xC0, 0x28, + 0x3E, 0x94, 0xD2, 0xCC, 0x91, 0x93, 0x73, 0x6A, + 0xD6, 0xB6, 0xC1, 0x42, 0x97, 0xB1, 0x13, 0xCF, + 0xF9, 0x55, 0x35, 0x50, 0xFC, 0x86, 0x75, 0x98, + 0x9F, 0xFC, 0x96, 0xB1, 0x43, 0x41, 0x8F, 0xFC, + 0x31, 0x09, 0x3B, 0x35, 0x22, 0x7B, 0x01, 0x96, + 0xA7, 0xF0, 0x78, 0x7B, 0x57, 0x00, 0xF2, 0xE5, + 0x92, 0x36, 0xCE, 0x64, 0xFD, 0x65, 0x09, 0xD8, + 0xBC, 0x5C, 0x82, 0x5C, 0x4C, 0x62, 0x5B, 0xCE, + 0x09, 0xB6, 0xCF, 0x4D, 0xAD, 0x8E, 0xDD, 0x96, + 0xB0, 0xCA, 0x52, 0xC1, 0xF4, 0x17, 0x0E, 0x2D, + 0x4E, 0xC3, 0xF9, 0x89, 0x1A, 0x24, 0x3D, 0x01, + 0xC8, 0x05, 0xBF, 0x7D, 0x2A, 0x46, 0xCD, 0x9A, + 0x66, 0xEE, 0x05, 0x78, 0x88, 0x2A, 0xEF, 0x37, + 0x9E, 0x72, 0x55, 0xDA, 0x82, 0x7A, 0x9B, 0xE8, + 0xF7, 0xA6, 0x74, 0xB8, 0x74, 0x39, 0x03, 0xE8, + 0xB9, 0x1F, 0x97, 0x78, 0xB9, 0xD9, 0x37, 0x16, + 0xFD, 0x2F, 0x31, 0xDE, 0xCC, 0x06, 0xD6, 0x5A, + 0xEB, 0xD1, 0xBB, 0x84, 0x30, 0x16, 0x81, 0xB0, + 0x7E, 0x04, 0x8C, 0x06, 0x67, 0xD1, 0x8A, 0x07, + 0x33, 0x76, 0x42, 0x8E, 0x87, 0xAB, 0x90, 0x6F, + 0x08, 0xED, 0x8D, 0xE8, 0xD0, 0x20, 0x00, 0x7E, + 0x3C, 0x4D, 0xA4, 0x40, 0x37, 0x13, 0x0F, 0x00, + 0x0C, 0xB7, 0x26, 0x03, 0x93, 0xD0, 0xBB, 0x08, + 0xD3, 0xCC, 0xA9, 0x28, 0xC2 + }; + unsigned char result[sizeof(output)] = { 0 }; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + input_key, sizeof(input_key)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + context, sizeof(context)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + label, sizeof(label)); + *p = OSSL_PARAM_construct_end(); + + kctx = get_kdfbyname("KBKDF"); + ret = TEST_ptr(kctx) + && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX) + && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0) + && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); + + EVP_KDF_CTX_free(kctx); + return ret; +} + static int test_kdf_ss_hmac(void) { int ret; @@ -1559,7 +1741,7 @@ static int test_kdf_sshkdf(void) return ret; } -static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2) +static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2) { /* Fast path in case the two are the same algorithm pointer */ if (kdf1 == kdf2) @@ -1595,7 +1777,7 @@ static int test_kdf_get_kdf(void) || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL)) || !test_kdfs_same(kdf1, kdf2)) ok = 0; - /* kdf1 is re-used below, so don't free it here */ + /* kdf1 is reused below, so don't free it here */ EVP_KDF_free(kdf2); kdf2 = NULL; @@ -1682,6 +1864,172 @@ static int test_kdf_krb5kdf(void) return ret; } +static int test_kdf_hmac_drbg_settables(void) +{ + int ret = 0, i = 0, j = 0; + EVP_KDF_CTX *kctx = NULL; + const OSSL_PARAM *settableparams; + OSSL_PARAM params[5]; + static const unsigned char ent[32] = { 0 }; + unsigned char out[32]; + char digestname[32]; + char macname[32]; + EVP_MD *shake256 = NULL; + + /* Test there are settables */ + if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HMACDRBGKDF)) + || !TEST_ptr(settableparams = EVP_KDF_CTX_settable_params(kctx))) + goto err; + + /* Fail if no params have been set when doing a derive */ + if (!TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) + goto err; + + /* Fail if we pass the wrong type for params */ + params[1] = OSSL_PARAM_construct_end(); + for (i = 0; settableparams[i].key != NULL; ++i) { + /* Skip "properties" key since it returns 1 unless the digest is also set */ + if (OPENSSL_strcasecmp(settableparams[i].key, + OSSL_KDF_PARAM_PROPERTIES) != 0) { + TEST_note("Testing set int into %s fails", settableparams[i].key); + params[0] = OSSL_PARAM_construct_int(settableparams[i].key, &j); + if (!TEST_int_le(EVP_KDF_CTX_set_params(kctx, params), 0)) + goto err; + } + } + /* Test that we can set values multiple times */ + params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_HMACDRBG_ENTROPY, + (char *)ent, sizeof(ent)); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_HMACDRBG_NONCE, + (char *)ent, sizeof(ent)); + params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, "SHA256", + 0); + params[3] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, "", + 0); + params[4] = OSSL_PARAM_construct_end(); + if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1)) + goto err; + if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1)) + goto err; + /* Test we can retrieve values back */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, + digestname, sizeof(digestname)); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC, + macname, sizeof(macname)); + params[2] = OSSL_PARAM_construct_end(); + if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params), 1) + || !TEST_mem_eq(digestname, params[0].return_size, "SHA2-256", 8) + || !TEST_mem_eq(macname, params[1].return_size, "HMAC", 4)) + goto err; + + /* Test the derive */ + if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 1)) + goto err; + + /* test that XOF digests are not allowed */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, + "shake256", 0); + params[1] = OSSL_PARAM_construct_end(); + if (!TEST_int_le(EVP_KDF_CTX_set_params(kctx, params), 0)) + goto err; + + ret = 1; +err: + EVP_MD_free(shake256); + EVP_KDF_CTX_free(kctx); + return ret; +} + +static int test_kdf_hmac_drbg_gettables(void) +{ + int ret = 0, i, j = 0; + EVP_KDF_CTX *kctx = NULL; + const OSSL_PARAM *gettableparams; + OSSL_PARAM params[3]; + char buf[64]; + + /* Test there are gettables */ + if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HMACDRBGKDF)) + || !TEST_ptr(gettableparams = EVP_KDF_CTX_gettable_params(kctx))) + goto err; + /* Fail if we pass the wrong type for params */ + params[1] = OSSL_PARAM_construct_end(); + for (i = 0; gettableparams[i].key != NULL; ++i) { + params[0] = OSSL_PARAM_construct_int(gettableparams[i].key, &j); + if (!TEST_int_le(EVP_KDF_CTX_get_params(kctx, params), 0)) + goto err; + } + /* fail to get params if they are not set yet */ + for (i = 0; gettableparams[i].key != NULL; ++i) { + params[0] = OSSL_PARAM_construct_utf8_string(gettableparams[i].key, + buf, sizeof(buf)); + if (!TEST_int_le(EVP_KDF_CTX_get_params(kctx, params), 0)) + goto err; + } + ret = 1; +err: + EVP_KDF_CTX_free(kctx); + return ret; +} + +/* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */ +static int test_kbkdf_mac_change(void) +{ + int ret = 0; + EVP_KDF_CTX *kctx = NULL; + OSSL_PARAM params[9], *p = params; + /* Test data taken from the evptest corpus */ + int l = 0, sep = 0, r = 8; + static /* const */ unsigned char key[] = { + 0x3e, 0xdc, 0x6b, 0x5b, 0x8f, 0x7a, 0xad, 0xbd, + 0x71, 0x37, 0x32, 0xb4, 0x82, 0xb8, 0xf9, 0x79, + 0x28, 0x6e, 0x1e, 0xa3, 0xb8, 0xf8, 0xf9, 0x9c, + 0x30, 0xc8, 0x84, 0xcf, 0xe3, 0x34, 0x9b, 0x83 + }; + static /* const */ unsigned char info[] = { + 0x98, 0xe9, 0x98, 0x8b, 0xb4, 0xcc, 0x8b, 0x34, + 0xd7, 0x92, 0x2e, 0x1c, 0x68, 0xad, 0x69, 0x2b, + 0xa2, 0xa1, 0xd9, 0xae, 0x15, 0x14, 0x95, 0x71, + 0x67, 0x5f, 0x17, 0xa7, 0x7a, 0xd4, 0x9e, 0x80, + 0xc8, 0xd2, 0xa8, 0x5e, 0x83, 0x1a, 0x26, 0x44, + 0x5b, 0x1f, 0x0f, 0xf4, 0x4d, 0x70, 0x84, 0xa1, + 0x72, 0x06, 0xb4, 0x89, 0x6c, 0x81, 0x12, 0xda, + 0xad, 0x18, 0x60, 0x5a + }; + static const unsigned char output[] = { + 0x6c, 0x03, 0x76, 0x52, 0x99, 0x06, 0x74, 0xa0, + 0x78, 0x44, 0x73, 0x2d, 0x0a, 0xd9, 0x85, 0xf9 + }; + unsigned char out[sizeof(output)]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + OSSL_MAC_NAME_KMAC128, 0); + params[1] = OSSL_PARAM_construct_end(); + if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KBKDF)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))) + goto err; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "COUNTER", 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "HMAC", 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &l); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, &sep); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_R, &r); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + key, sizeof(key)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + info, sizeof(info)); + *p = OSSL_PARAM_construct_end(); + if (!TEST_true(EVP_KDF_derive(kctx, out, sizeof(out), params)) + || !TEST_mem_eq(out, sizeof(out), output, sizeof(output))) + goto err; + + ret = 1; +err: + EVP_KDF_CTX_free(kctx); + return ret; +} + int setup_tests(void) { ADD_TEST(test_kdf_pbkdf1); @@ -1692,6 +2040,7 @@ int setup_tests(void) #endif ADD_TEST(test_kdf_kbkdf_invalid_digest); ADD_TEST(test_kdf_kbkdf_invalid_mac); + ADD_TEST(test_kdf_kbkdf_invalid_r); ADD_TEST(test_kdf_kbkdf_zero_output_size); ADD_TEST(test_kdf_kbkdf_empty_key); ADD_TEST(test_kdf_kbkdf_1byte_key); @@ -1700,6 +2049,8 @@ int setup_tests(void) #if !defined(OPENSSL_NO_CMAC) ADD_TEST(test_kdf_kbkdf_fixedinfo); #endif + if (fips_provider_version_ge(NULL, 3, 1, 0)) + ADD_TEST(test_kdf_kbkdf_kmac); ADD_TEST(test_kdf_get_kdf); ADD_TEST(test_kdf_tls1_prf); ADD_TEST(test_kdf_tls1_prf_invalid_digest); @@ -1740,5 +2091,8 @@ int setup_tests(void) ADD_TEST(test_kdf_x942_asn1); #endif ADD_TEST(test_kdf_krb5kdf); + ADD_TEST(test_kdf_hmac_drbg_settables); + ADD_TEST(test_kdf_hmac_drbg_gettables); + ADD_TEST(test_kbkdf_mac_change); return 1; } diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index fd114a118cb2..039fca9bb09f 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ */ #include "internal/deprecated.h" #include <assert.h> +#include <string.h> #include <openssl/evp.h> #include <openssl/provider.h> #include <openssl/dsa.h> @@ -38,6 +39,8 @@ static OSSL_LIB_CTX *libctx = NULL; static OSSL_PROVIDER *nullprov = NULL; static OSSL_PROVIDER *libprov = NULL; static STACK_OF(OPENSSL_STRING) *cipher_names = NULL; +static int is_fips = 0; +static int is_fips_lt_3_5 = 0; typedef enum OPTION_choice { OPT_ERR = -1, @@ -71,6 +74,37 @@ static const char *getname(int id) } #endif +static int test_evp_cipher_api_safety(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx = NULL; + + ctx = EVP_CIPHER_CTX_new(); + + if (!TEST_ptr(ctx)) + goto err; + + /* + * Ensure that EVP_CIPHER_get_block_size returns 0 + * if we haven't initialized the cipher in this context + */ + if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0)) + goto err_free; + + /* + * Ensure that EVP_CIPHER_get_iv_length returns 0 + * if we haven't initialized the cipher in this context + */ + if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0)) + goto err_free; + + ret = 1; +err_free: + EVP_CIPHER_CTX_free(ctx); +err: + return ret; +} + /* * We're using some DH specific values in this test, so we skip compilation if * we're in a no-dh build. @@ -334,7 +368,11 @@ static int test_cipher_reinit(int test_id) 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, }; - unsigned char iv[16] = { + unsigned char iv[48] = { + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; @@ -363,7 +401,6 @@ static int test_cipher_reinit(int test_id) /* DES3-WRAP uses random every update - so it will give a different value */ diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); - if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) @@ -425,7 +462,11 @@ static int test_cipher_reinit_partialupdate(int test_id) 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, }; - static const unsigned char iv[16] = { + static const unsigned char iv[48] = { + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; @@ -438,7 +479,11 @@ static int test_cipher_reinit_partialupdate(int test_id) if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) goto err; - in_len = EVP_CIPHER_get_block_size(cipher) / 2; + in_len = EVP_CIPHER_get_block_size(cipher); + if (!TEST_int_gt(in_len, 0)) + goto err; + if (in_len > 1) + in_len /= 2; /* skip any ciphers that don't allow partial updates */ if (((EVP_CIPHER_get_flags(cipher) @@ -456,16 +501,18 @@ static int test_cipher_reinit_partialupdate(int test_id) || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len))) goto err; - if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) - goto err; + if (EVP_CIPHER_get_iv_length(cipher) != 0) + if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) + goto err; if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) { if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len))) goto err; - if (!TEST_mem_eq(out1, out1_len, out3, out3_len)) - goto err; + if (EVP_CIPHER_get_iv_length(cipher) != 0) + if (!TEST_mem_eq(out1, out1_len, out3, out3_len)) + goto err; } ret = 1; err: @@ -474,7 +521,6 @@ err: return ret; } - static int name_cmp(const char * const *a, const char * const *b) { return OPENSSL_strcasecmp(*a, *b); @@ -486,6 +532,10 @@ static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) const char *name = EVP_CIPHER_get0_name(cipher); char *namedup = NULL; + /* Skip Triple-DES encryption operations in FIPS mode */ + if (OSSL_PROVIDER_available(libctx, "fips") + && strncmp(name, "DES", 3) == 0) + return; assert(name != NULL); /* the cipher will be freed after returning, strdup is needed */ if ((namedup = OPENSSL_strdup(name)) != NULL @@ -586,13 +636,18 @@ static int test_cipher_tdes_randkey(void) EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL; unsigned char key[24] = { 0 }; + OSSL_PARAM params[2]; + int check = 0; + params[0] = OSSL_PARAM_construct_int("encrypt-check", &check); + params[1] = OSSL_PARAM_construct_end(); ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL)) && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1)) + && TEST_true(EVP_CipherInit_ex2(ctx, tdes_cipher, NULL, NULL, 1, + params)) && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0); EVP_CIPHER_CTX_free(ctx); @@ -631,9 +686,13 @@ static int kem_rsa_params(void) && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, sizeof(ct)), 0) && TEST_uchar_eq(secret[0], 0) - /* Test encapsulate fails if the mode is not set */ + /* Unless older FIPS, test encapsulate succeeds even if the mode is not set */ && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2) + && (is_fips_lt_3_5 || + (TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) + && TEST_true(ctlen <= sizeof(ct)) + && TEST_true(secretlen <= sizeof(secret)) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), 1))) /* Test setting a bad kem ops fail */ && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) @@ -743,8 +802,16 @@ int setup_tests(void) if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) return 0; + ADD_TEST(test_evp_cipher_api_safety); + + if (strcmp(prov_name, "fips") == 0) + is_fips = 1; + + is_fips_lt_3_5 = is_fips && fips_provider_version_lt(libctx, 3, 5, 0); + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) - ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); + if (!is_fips || fips_provider_version_lt(libctx, 3, 4, 0)) + ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); #endif #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 688a8c1c5e55..a51a4a3c073a 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -322,7 +322,7 @@ static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk) return ret; } -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX static int test_print_key_using_encoder_public(const char *alg, const EVP_PKEY *pk) { @@ -432,7 +432,8 @@ static int test_fromdata_rsa(void) /* for better diagnostics always compare key params */ for (i = 0; fromdata_params[i].key != NULL; ++i) { if (!TEST_true(BN_set_word(bn_from, key_numbers[i])) - || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, &bn)) + || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, + &bn)) || !TEST_BN_eq(bn, bn_from)) ret = 0; } @@ -446,6 +447,400 @@ static int test_fromdata_rsa(void) return ret; } +struct check_data { + const char *pname; + BIGNUM *comparebn; +}; + +static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params, + struct check_data check[], + int expected_nbits, int expected_sbits, + int expected_ksize) +{ + const OSSL_PARAM *check_param = NULL; + BIGNUM *check_bn = NULL; + OSSL_PARAM *todata_params = NULL; + EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL; + EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL; + int i; + int ret = 0; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) + goto err; + + /* + * get the generated key parameters back and validate that the + * exponents/coeffs are correct + */ + if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1)) + goto err; + + for (i = 0; check[i].pname != NULL; i++) { + if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params, + check[i].pname))) + goto err; + if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1)) + goto err; + if (!TEST_BN_eq(check_bn, check[i].comparebn)) { + TEST_info("Data mismatch for parameter %s", check[i].pname); + goto err; + } + BN_free(check_bn); + check_bn = NULL; + } + + for (;;) { + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits) + || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize) + || !TEST_false(EVP_PKEY_missing_parameters(pk))) + goto err; + + EVP_PKEY_CTX_free(key_ctx); + if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))) + goto err; + + if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0)) + goto err; + + /* EVP_PKEY_copy_parameters() should fail for RSA */ + if (!TEST_ptr(copy_pk = EVP_PKEY_new()) + || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk))) + goto err; + EVP_PKEY_free(copy_pk); + copy_pk = NULL; + + if (dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + goto err; + if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) { + EVP_PKEY_free(dup_pk); + goto err; + } + EVP_PKEY_free(pk); + pk = dup_pk; + } + ret = 1; +err: + BN_free(check_bn); + EVP_PKEY_free(pk); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(key_ctx); + OSSL_PARAM_free(fromdata_params); + OSSL_PARAM_free(todata_params); + return ret; +} + +static int test_fromdata_rsa_derive_from_pq_sp800(void) +{ + OSSL_PARAM_BLD *bld = NULL; + BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + OSSL_PARAM *fromdata_params = NULL; + struct check_data cdata[4]; + int ret = 0; + /* + * 512-bit RSA key, extracted from this command, + * openssl genrsa 512 | openssl rsa -text + * Note: When generating a key with EVP_PKEY_fromdata, and using + * crt derivation, openssl requires a minimum of 512 bits of n data, + * and 2048 bits in the FIPS case + */ + static unsigned char n_data[] = + {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90, + 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a, + 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc, + 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c, + 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03, + 0x17, 0x2d, 0xec, 0x17, 0x87}; + static unsigned char e_data[] = {0x01, 0x00, 0x01}; + static unsigned char d_data[] = + {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00, + 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b, + 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09, + 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79, + 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0, + 0xf5, 0xdb, 0xe6, 0x81}; + static unsigned char p_data[] = + {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3, + 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed, + 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5}; + static unsigned char q_data[] = + {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98, + 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32, + 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb}; + static unsigned char dmp1_data[] = + {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4, + 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d, + 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49}; + static unsigned char dmq1_data[] = + {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a, + 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40, + 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27}; + static unsigned char iqmp_data[] = + {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6, + 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e, + 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08}; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL)) + || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL)) + || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL)) + || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL)) + || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL)) + || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL)) + || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL)) + || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, + p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, + q)) + || !TEST_true(OSSL_PARAM_BLD_push_int(bld, + OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1)) + || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1; + cdata[0].comparebn = dmp1; + cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2; + cdata[1].comparebn = dmq1; + cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1; + cdata[2].comparebn = iqmp; + cdata[3].pname = NULL; + cdata[3].comparebn = NULL; + + ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64); + +err: + BN_free(n); + BN_free(e); + BN_free(d); + BN_free(p); + BN_free(q); + BN_free(dmp1); + BN_free(dmq1); + BN_free(iqmp); + OSSL_PARAM_BLD_free(bld); + return ret; +} + +static int test_fromdata_rsa_derive_from_pq_multiprime(void) +{ + OSSL_PARAM_BLD *bld = NULL; + BIGNUM *n = NULL, *e = NULL, *d = NULL; + BIGNUM *p = NULL, *q = NULL, *p2 = NULL; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + BIGNUM *exp3 = NULL, *coeff2 = NULL; + OSSL_PARAM *fromdata_params = NULL; + struct check_data cdata[12]; + int ret = 0; + /* + * multiprime RSA key, extracted from this command, + * openssl genrsa -primes 3 | openssl rsa -text + * Note: When generating a key with EVP_PKEY_fromdata, and using + * crt derivation, openssl requires a minimum of 512 bits of n data, + * and 2048 bits in the FIPS case + */ + static unsigned char n_data[] = + {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01, + 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71, + 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39, + 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5, + 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e, + 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44, + 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7, + 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51, + 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f, + 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91, + 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38, + 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c, + 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30, + 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9, + 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5, + 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54, + 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc, + 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05, + 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44, + 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e, + 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12, + 0x1b, 0x59, 0x67, 0x14, 0x9d}; + static unsigned char e_data[] = {0x01, 0x00, 0x01}; + static unsigned char d_data[] = + {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94, + 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06, + 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19, + 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0, + 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43, + 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71, + 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c, + 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72, + 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0, + 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41, + 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee, + 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b, + 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec, + 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b, + 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7, + 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23, + 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18, + 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa, + 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c, + 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e, + 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93, + 0xa6, 0x07, 0x60, 0x01}; + static unsigned char p_data[] = + {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54, + 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94, + 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c, + 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa, + 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a, + 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8, + 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61, + 0xa4, 0xd1}; + static unsigned char p2_data[] = + {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32, + 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8, + 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88, + 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13, + 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7, + 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1, + 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c, + 0x66, 0x2d}; + static unsigned char q_data[] = + {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb, + 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23, + 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37, + 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20, + 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93, + 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47, + 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47, + 0xfb, 0x61}; + static unsigned char dmp1_data[] = + {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40, + 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05, + 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13, + 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68, + 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82, + 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d, + 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac, + 0x9e, 0x41}; + static unsigned char dmq1_data[] = + {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc, + 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb, + 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86, + 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e, + 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7, + 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54, + 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc, + 0x75, 0x61}; + static unsigned char iqmp_data[] = + {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9, + 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b, + 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a, + 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7, + 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41, + 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2, + 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7, + 0xae, 0xef}; + static unsigned char exp3_data[] = + {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f, + 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb, + 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a, + 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06, + 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26, + 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14, + 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7, + 0x2d, 0xb9}; + static unsigned char coeff2_data[] = + {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1, + 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13, + 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a, + 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38, + 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91, + 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c, + 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0, + 0x4b, 0xf4}; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL)) + || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL)) + || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL)) + || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL)) + || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL)) + || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL)) + || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL)) + || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL)) + || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL)) + || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL)) + || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, + p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, + q)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3, + p2)) + || !TEST_true(OSSL_PARAM_BLD_push_int(bld, + OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1)) + || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1; + cdata[0].comparebn = dmp1; + cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2; + cdata[1].comparebn = dmq1; + cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1; + cdata[2].comparebn = iqmp; + cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3; + cdata[3].comparebn = exp3; + cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2; + cdata[4].comparebn = coeff2; + cdata[5].pname = OSSL_PKEY_PARAM_RSA_N; + cdata[5].comparebn = n; + cdata[6].pname = OSSL_PKEY_PARAM_RSA_E; + cdata[6].comparebn = e; + cdata[7].pname = OSSL_PKEY_PARAM_RSA_D; + cdata[7].comparebn = d; + cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1; + cdata[8].comparebn = p; + cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2; + cdata[9].comparebn = q; + cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3; + cdata[10].comparebn = p2; + cdata[11].pname = NULL; + cdata[11].comparebn = NULL; + + ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256); + +err: + BN_free(n); + BN_free(e); + BN_free(d); + BN_free(p); + BN_free(p2); + BN_free(q); + BN_free(dmp1); + BN_free(dmq1); + BN_free(iqmp); + BN_free(exp3); + BN_free(coeff2); + OSSL_PARAM_BLD_free(bld); + return ret; +} + static int test_evp_pkey_get_bn_param_large(void) { int ret = 0; @@ -462,7 +857,7 @@ static int test_evp_pkey_get_bn_param_large(void) static const unsigned char e_data[] = { 0x1, 0x00, 0x01 }; - static const unsigned char d_data[]= { + static const unsigned char d_data[] = { 0x99, 0x33, 0x13, 0x7b }; @@ -897,6 +1292,7 @@ err: #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX /* Array indexes used in test_fromdata_ecx */ # define PRIV_KEY 0 # define PUB_KEY 1 @@ -1174,6 +1570,7 @@ err: return ret; } +# endif /* OPENSSL_NO_ECX */ static int test_fromdata_ec(void) { @@ -1754,11 +2151,10 @@ static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key, return params; } -/* Test that EVP_PKEY_CTX_dup() fails gracefully for a KDF */ -static int test_evp_pkey_ctx_dup_kdf_fail(void) +static int test_evp_pkey_ctx_dup_kdf(void) { int ret = 0; - size_t len = 0; + size_t len = 0, dlen = 0; EVP_PKEY_CTX *pctx = NULL, *dctx = NULL; OSSL_PARAM *params = NULL; @@ -1769,10 +2165,12 @@ static int test_evp_pkey_ctx_dup_kdf_fail(void) goto err; if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1)) goto err; - if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1) - || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)) + if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx))) goto err; - if (!TEST_ptr_null(dctx = EVP_PKEY_CTX_dup(pctx))) + if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1) + || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH) + || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1) + || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH)) goto err; ret = 1; err: @@ -1792,9 +2190,11 @@ int setup_tests(void) if (!TEST_ptr(datadir = test_get_argument(0))) return 0; - ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail); + ADD_TEST(test_evp_pkey_ctx_dup_kdf); ADD_TEST(test_evp_pkey_get_bn_param_large); ADD_TEST(test_fromdata_rsa); + ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800); + ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime); #ifndef OPENSSL_NO_DH ADD_TEST(test_fromdata_dh_fips186_4); ADD_TEST(test_fromdata_dh_named_group); @@ -1804,7 +2204,9 @@ int setup_tests(void) ADD_TEST(test_fromdata_dsa_fips186_4); #endif #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3); +# endif ADD_TEST(test_fromdata_ec); ADD_TEST(test_ec_dup_no_operation); ADD_TEST(test_ec_dup_keygen_operation); diff --git a/test/evp_test.c b/test/evp_test.c index 2701040dabe7..e34ea1d96e67 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,10 +20,13 @@ #include <openssl/pkcs12.h> #include <openssl/kdf.h> #include <openssl/params.h> +#include <openssl/param_build.h> #include <openssl/core_names.h> #include <openssl/fips_names.h> +#include <openssl/thread.h> #include "internal/numbers.h" #include "internal/nelem.h" +#include "internal/sizes.h" #include "crypto/evp.h" #include "testutil.h" @@ -44,6 +47,7 @@ typedef struct evp_test_st { char *expected_err; /* Expected error value of test */ char *reason; /* Expected error reason string */ void *data; /* test specific data */ + int expect_unapproved; } EVP_TEST; /* Test method structure */ @@ -51,13 +55,13 @@ struct evp_test_method_st { /* Name of test as it appears in file */ const char *name; /* Initialise test for "alg" */ - int (*init) (EVP_TEST * t, const char *alg); + int (*init) (EVP_TEST *t, const char *alg); /* Clean up method */ - void (*cleanup) (EVP_TEST * t); + void (*cleanup) (EVP_TEST *t); /* Test specific name value pair processing */ - int (*parse) (EVP_TEST * t, const char *name, const char *value); + int (*parse) (EVP_TEST *t, const char *name, const char *value); /* Run the test itself */ - int (*run_test) (EVP_TEST * t); + int (*run_test) (EVP_TEST *t); }; /* Linked list of named keys. */ @@ -71,11 +75,18 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_CONFIG_FILE, + OPT_IN_PLACE, + OPT_PROVIDER_NAME, + OPT_PROV_PROPQUERY, + OPT_DATA_CHUNK, OPT_TEST_ENUM } OPTION_CHOICE; static OSSL_PROVIDER *prov_null = NULL; +static OSSL_PROVIDER *libprov = NULL; static OSSL_LIB_CTX *libctx = NULL; +static int fips_indicator_callback_unapproved_count = 0; +static int extended_tests = 0; /* List of public and private keys */ static KEY_LIST *private_keys; @@ -83,12 +94,229 @@ static KEY_LIST *public_keys; static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); +static int parse_bin_chunk(const char *value, size_t offset, size_t max, + unsigned char **buf, size_t *buflen, size_t *out_offset); static int is_digest_disabled(const char *name); static int is_pkey_disabled(const char *name); static int is_mac_disabled(const char *name); static int is_cipher_disabled(const char *name); static int is_kdf_disabled(const char *name); +/* A callback that is triggered if fips unapproved mode is detected */ +static int fips_indicator_cb(const char *type, const char *desc, + const OSSL_PARAM params[]) +{ + fips_indicator_callback_unapproved_count++; + TEST_info("(Indicator Callback received %s : %s is not approved)", type, desc); + return 1; +} + +static int check_fips_approved(EVP_TEST *t, int approved) +{ + /* + * If the expected result is approved + * then it is expected that approved will be 1 + * and the fips indicator callback has not been triggered, otherwise + * approved should be 0 and the fips indicator callback should be triggered. + */ + if (t->expect_unapproved) { + if (approved == 1 || fips_indicator_callback_unapproved_count == 0) { + TEST_error("Test is not expected to be FIPS approved"); + return 0; + } + } else { + if (approved == 0 || fips_indicator_callback_unapproved_count > 0) { + TEST_error("Test is expected to be FIPS approved"); + return 0; + } + } + return 1; +} + +static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + /* + * For any getters that do not handle the FIPS indicator assume a default + * value of approved. + */ + int approved = 1; + + if (EVP_MAC_CTX_gettable_params(ctx) == NULL) + return 1; + + params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR, + &approved); + if (!EVP_MAC_CTX_get_params(ctx, params)) + return 0; + return check_fips_approved(t, approved); +} + +static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + /* + * For any getters that do not handle the FIPS indicator assume a default + * value of approved. + */ + int approved = 1; + const OSSL_PARAM *gettables = EVP_PKEY_CTX_gettable_params(ctx); + + if (gettables == NULL + || OSSL_PARAM_locate_const(gettables, + OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR) + == NULL) + return 1; + + /* Older providers dont have a gettable */ + if (EVP_PKEY_CTX_gettable_params(ctx) == NULL) + return 1; + + params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, + &approved); + if (!EVP_PKEY_CTX_get_params(ctx, params)) + return 0; + return check_fips_approved(t, approved); +} + +static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + /* + * For any getters that do not handle the FIPS indicator assume a default + * value of approved. + */ + int approved = 1; + + if (EVP_RAND_CTX_gettable_params(ctx) == NULL) + return 1; + + params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR, + &approved); + if (!EVP_RAND_CTX_get_params(ctx, params)) + return 0; + return check_fips_approved(t, approved); +} + +static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value) +{ + char *data = OPENSSL_strdup(value); + + if (data == NULL) + return -1; + + if (sk_OPENSSL_STRING_push(controls, data) <= 0) { + OPENSSL_free(data); + return -1; + } + + return 1; +} + +/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ +static void openssl_free(char *m) +{ + OPENSSL_free(m); +} + +static void ctrlfree(STACK_OF(OPENSSL_STRING) *controls) +{ + sk_OPENSSL_STRING_pop_free(controls, openssl_free); +} + +/* + * This is used if ctrl2params() passes settables as NULL. + * A default list of settable OSSL_PARAM that may be set during an operations + * init(). + * Using the algorithms settable list is problematic since it requires that the + * init() has already run. + */ +static const OSSL_PARAM settable_ctx_params[] = { + OSSL_PARAM_int("key-check", NULL), + OSSL_PARAM_int("digest-check", NULL), + OSSL_PARAM_int("ems_check", NULL), + OSSL_PARAM_int("sign-check", NULL), + OSSL_PARAM_int("encrypt-check", NULL), + OSSL_PARAM_int("rsa-pss-saltlen-check", NULL), + OSSL_PARAM_int("sign-x931-pad-check", NULL), + OSSL_PARAM_END +}; + +static int ctrl2params(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, + const OSSL_PARAM *settables, + OSSL_PARAM params[], size_t params_sz, size_t *params_n) +{ + int i; + + if (settables == NULL) + settables = settable_ctx_params; + /* check bounds */ + if (*params_n + sk_OPENSSL_STRING_num(controls) >= params_sz) { + t->err = "ERR_TOO_MANY_PARAMETERS"; + goto err; + } + for (i = 0; i < sk_OPENSSL_STRING_num(controls); i++) { + char *tmpkey, *tmpval; + char *value = sk_OPENSSL_STRING_value(controls, i); + + if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) { + t->err = "ERR_PARAM_ERROR"; + goto err; + } + tmpval = strchr(tmpkey, ':'); + if (tmpval != NULL) + *tmpval++ = '\0'; + + if (tmpval == NULL + || !OSSL_PARAM_allocate_from_text(¶ms[*params_n], + settables, + tmpkey, tmpval, + strlen(tmpval), NULL)) { + OPENSSL_free(tmpkey); + t->err = "ERR_PARAM_ERROR"; + goto err; + } + *params_n += 1; + OPENSSL_free(tmpkey); + } + params[*params_n] = OSSL_PARAM_construct_end(); + return 1; +err: + return 0; +} + +static void ctrl2params_free(OSSL_PARAM params[], + size_t params_n, size_t params_n_allocstart) +{ + while (params_n-- > params_n_allocstart) { + OPENSSL_free(params[params_n].data); + } +} + +static int kdf_check_fips_approved(EVP_KDF_CTX *ctx, EVP_TEST *t) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int approved = 1; + + params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR, + &approved); + if (!EVP_KDF_CTX_get_params(ctx, params)) + return 0; + return check_fips_approved(t, approved); +} + +static int cipher_check_fips_approved(EVP_CIPHER_CTX *ctx, EVP_TEST *t) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int approved = 1; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR, + &approved); + if (!EVP_CIPHER_CTX_get_params(ctx, params)) + return 0; + return check_fips_approved(t, approved); +} + /* * Compare two memory regions for equality, returning zero if they differ. * However, if there is expected to be an error and the actual error @@ -110,6 +338,20 @@ static int memory_err_compare(EVP_TEST *t, const char *err, return r; } +/* Option specific for evp test */ +static int process_mode_in_place; +static const char *propquery = NULL; +static int data_chunk_size; + +static int evp_test_process_mode(char *mode) +{ + if (strcmp(mode, "in_place") == 0) + return 1; + else if (strcmp(mode, "both") == 0) + return 0; + return -1; +} + /* * Structure used to hold a list of blocks of memory to test * calls to "update" like functions. @@ -130,23 +372,42 @@ static void evp_test_buffer_free(EVP_TEST_BUFFER *db) } /* append buffer to a list */ -static int evp_test_buffer_append(const char *value, +static int evp_test_buffer_append(const char *value, size_t max_len, STACK_OF(EVP_TEST_BUFFER) **sk) { EVP_TEST_BUFFER *db = NULL; + int rv = 0; + size_t offset = 0; - if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db)))) + if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) goto err; - if (!parse_bin(value, &db->buf, &db->buflen)) - goto err; - db->count = 1; - db->count_set = 0; + do { + if (!TEST_ptr(db = OPENSSL_zalloc(sizeof(*db)))) + goto err; + if (max_len == 0) { + /* parse all in one shot */ + if ((rv = parse_bin(value, &db->buf, &db->buflen)) != 1) + goto err; + } else { + /* parse in chunks */ + size_t new_offset = 0; - if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) - goto err; - if (!sk_EVP_TEST_BUFFER_push(*sk, db)) - goto err; + if ((rv = parse_bin_chunk(value, offset, max_len, &db->buf, + &db->buflen, &new_offset)) == -1) + goto err; + offset = new_offset; + } + + db->count = 1; + db->count_set = 0; + + if (db->buf == NULL) + evp_test_buffer_free(db); + else if (db->buf != NULL && !sk_EVP_TEST_BUFFER_push(*sk, db)) + goto err; + /* if processing by chunks, continue until the whole value is parsed */ + } while (rv == 1 && max_len != 0); return 1; @@ -320,6 +581,66 @@ static int parse_bin(const char *value, unsigned char **buf, size_t *buflen) return 1; } +/* + * Convert at maximum "max" bytes to a binary allocated buffer. + * Return 1 on success, -1 on failure or 0 for end of value string. + */ +static int parse_bin_chunk(const char *value, size_t offset, size_t max, + unsigned char **buf, size_t *buflen, size_t *out_offset) +{ + size_t vlen; + size_t chunk_len; + const char *value_str = value[0] == '"' ? value + offset + 1 : value + offset; + + if (max < 1) + return -1; + + if (*value == '\0' || strcmp(value, "\"\"") == 0) { + *buf = OPENSSL_malloc(1); + if (*buf == NULL) + return 0; + **buf = 0; + *buflen = 0; + return 0; + } + + if (*value_str == '\0') + return 0; + + vlen = strlen(value_str); + if (value[0] == '"') { + /* Parse string literal */ + if (vlen == 1 && value_str[0] != '"') + /* Missing ending quotation mark */ + return -1; + if (vlen == 1 && value_str[0] == '"') + /* End of value */ + return 0; + vlen--; + chunk_len = max > vlen ? vlen : max; + if ((*buf = unescape(value_str, chunk_len, buflen)) == NULL) + return -1; + } else { + /* Parse hex string chunk */ + long len; + char *chunk = NULL; + + chunk_len = 2 * max > vlen ? vlen : 2 * max; + chunk = OPENSSL_strndup(value_str, chunk_len); + if (chunk == NULL) + return -1; + if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(chunk, &len))) { + OPENSSL_free(chunk); + TEST_openssl_errors(); + return -1; + } + OPENSSL_free(chunk); + *buflen = len; + } + *out_offset = value[0] == '"' ? offset + (*buflen) : offset + 2 * (*buflen); + return 1; +} + /** ** MESSAGE DIGEST TESTS **/ @@ -335,6 +656,10 @@ typedef struct digest_data_st { size_t output_len; /* Padding type */ int pad_type; + /* XOF mode? */ + int xof; + /* Size for variable output length but non-XOF */ + size_t digest_size; } DIGEST_DATA; static int digest_test_init(EVP_TEST *t, const char *alg) @@ -349,7 +674,7 @@ static int digest_test_init(EVP_TEST *t, const char *alg) return 1; } - if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, NULL)) == NULL + if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL && (digest = EVP_get_digestbyname(alg)) == NULL) return 0; if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) @@ -358,6 +683,7 @@ static int digest_test_init(EVP_TEST *t, const char *alg) mdat->digest = digest; mdat->fetched_digest = fetched_digest; mdat->pad_type = 0; + mdat->xof = 0; if (fetched_digest != NULL) TEST_info("%s is fetched", alg); return 1; @@ -378,7 +704,7 @@ static int digest_test_parse(EVP_TEST *t, DIGEST_DATA *mdata = t->data; if (strcmp(keyword, "Input") == 0) - return evp_test_buffer_append(value, &mdata->input); + return evp_test_buffer_append(value, data_chunk_size, &mdata->input); if (strcmp(keyword, "Output") == 0) return parse_bin(value, &mdata->output, &mdata->output_len); if (strcmp(keyword, "Count") == 0) @@ -387,6 +713,17 @@ static int digest_test_parse(EVP_TEST *t, return evp_test_buffer_ncopy(value, mdata->input); if (strcmp(keyword, "Padding") == 0) return (mdata->pad_type = atoi(value)) > 0; + if (strcmp(keyword, "XOF") == 0) + return (mdata->xof = atoi(value)) > 0; + if (strcmp(keyword, "OutputSize") == 0) { + int sz; + + sz = atoi(value); + if (sz < 0) + return -1; + mdata->digest_size = sz; + return 1; + } return 0; } @@ -395,6 +732,26 @@ static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen) return EVP_DigestUpdate(ctx, buf, buflen); } +static int test_duplicate_md_ctx(EVP_TEST *t, EVP_MD_CTX *mctx) +{ + char dont[] = "touch"; + + if (!TEST_ptr(mctx)) + return 0; + if (!EVP_DigestFinalXOF(mctx, (unsigned char *)dont, 0)) { + EVP_MD_CTX_free(mctx); + t->err = "DIGESTFINALXOF_ERROR"; + return 0; + } + if (!TEST_str_eq(dont, "touch")) { + EVP_MD_CTX_free(mctx); + t->err = "DIGESTFINALXOF_ERROR"; + return 0; + } + EVP_MD_CTX_free(mctx); + return 1; +} + static int digest_test_run(EVP_TEST *t) { DIGEST_DATA *expected = t->data; @@ -404,7 +761,7 @@ static int digest_test_run(EVP_TEST *t) unsigned int got_len; size_t size = 0; int xof = 0; - OSSL_PARAM params[2]; + OSSL_PARAM params[4], *p = ¶ms[0]; t->err = "TEST_FAILURE"; if (!TEST_ptr(mctx = EVP_MD_CTX_new())) @@ -415,47 +772,46 @@ static int digest_test_run(EVP_TEST *t) if (!TEST_ptr(got)) goto err; - if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) { + if (expected->xof > 0) { + xof |= 1; + *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, + &expected->output_len); + } + if (expected->digest_size > 0) { + *p++ = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, + &expected->digest_size); + } + if (expected->pad_type > 0) + *p++ = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, + &expected->pad_type); + *p++ = OSSL_PARAM_construct_end(); + + if (!EVP_DigestInit_ex2(mctx, expected->digest, params)) { t->err = "DIGESTINIT_ERROR"; goto err; } - if (expected->pad_type > 0) { - params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, - &expected->pad_type); - params[1] = OSSL_PARAM_construct_end(); - if (!TEST_int_gt(EVP_MD_CTX_set_params(mctx, params), 0)) { - t->err = "PARAMS_ERROR"; - goto err; - } - } + if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) { t->err = "DIGESTUPDATE_ERROR"; goto err; } - xof = (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) != 0; + xof |= EVP_MD_xof(expected->digest); if (xof) { EVP_MD_CTX *mctx_cpy; - char dont[] = "touch"; if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) { goto err; } - if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) { + if (!TEST_true(EVP_MD_CTX_copy(mctx_cpy, mctx))) { EVP_MD_CTX_free(mctx_cpy); goto err; - } - if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) { - EVP_MD_CTX_free(mctx_cpy); - t->err = "DIGESTFINALXOF_ERROR"; + } else if (!test_duplicate_md_ctx(t, mctx_cpy)) { goto err; } - if (!TEST_str_eq(dont, "touch")) { - EVP_MD_CTX_free(mctx_cpy); - t->err = "DIGESTFINALXOF_ERROR"; + + if (!test_duplicate_md_ctx(t, EVP_MD_CTX_dup(mctx))) goto err; - } - EVP_MD_CTX_free(mctx_cpy); got_len = expected->output_len; if (!EVP_DigestFinalXOF(mctx, got, got_len)) { @@ -543,8 +899,28 @@ typedef struct cipher_data_st { int tag_late; unsigned char *mac_key; size_t mac_key_len; + const char *xts_standard; + STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ } CIPHER_DATA; + +/* + * XTS, SIV, CCM, stitched ciphers and Wrap modes have special + * requirements about input lengths so we don't fragment for those + */ +static int cipher_test_valid_fragmentation(CIPHER_DATA *cdat) +{ + return (cdat->aead == EVP_CIPH_CCM_MODE + || cdat->aead == EVP_CIPH_CBC_MODE + || (cdat->aead == -1 + && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER) + || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_GCM_SIV_MODE + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) ? 0 : 1; +} + static int cipher_test_init(EVP_TEST *t, const char *alg) { const EVP_CIPHER *cipher; @@ -559,7 +935,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg) } ERR_set_mark(); - if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, NULL)) == NULL + if ((cipher = fetched_cipher = EVP_CIPHER_fetch(libctx, alg, propquery)) == NULL && (cipher = EVP_get_cipherbyname(alg)) == NULL) { /* a stitched cipher might not be available */ if (strstr(alg, "HMAC") != NULL) { @@ -576,6 +952,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg) if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat)))) return 0; + cdat->init_controls = sk_OPENSSL_STRING_new_null(); cdat->cipher = cipher; cdat->fetched_cipher = fetched_cipher; cdat->enc = -1; @@ -585,6 +962,15 @@ static int cipher_test_init(EVP_TEST *t, const char *alg) else cdat->aead = 0; + if (data_chunk_size != 0 && !cipher_test_valid_fragmentation(cdat)) { + ERR_pop_to_mark(); + EVP_CIPHER_free(fetched_cipher); + OPENSSL_free(cdat); + t->skip = 1; + TEST_info("skipping, '%s' does not support fragmentation", alg); + return 1; + } + t->data = cdat; if (fetched_cipher != NULL) TEST_info("%s is fetched", alg); @@ -606,6 +992,7 @@ static void cipher_test_cleanup(EVP_TEST *t) OPENSSL_free(cdat->tag); OPENSSL_free(cdat->mac_key); EVP_CIPHER_free(cdat->fetched_cipher); + ctrlfree(cdat->init_controls); } static int cipher_test_parse(EVP_TEST *t, const char *keyword, @@ -684,21 +1071,26 @@ static int cipher_test_parse(EVP_TEST *t, const char *keyword, cdat->cts_mode = value; return 1; } + if (strcmp(keyword, "XTSStandard") == 0) { + cdat->xts_standard = value; + return 1; + } + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(cdat->init_controls, value); return 0; } -static int cipher_test_enc(EVP_TEST *t, int enc, - size_t out_misalign, size_t inp_misalign, int frag) +static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign, + size_t inp_misalign, int frag, int in_place, + const OSSL_PARAM initparams[]) { CIPHER_DATA *expected = t->data; unsigned char *in, *expected_out, *tmp = NULL; size_t in_len, out_len, donelen = 0; int ok = 0, tmplen, chunklen, tmpflen, i; EVP_CIPHER_CTX *ctx_base = NULL; - EVP_CIPHER_CTX *ctx = NULL; - int fips_dupctx_supported = (fips_provider_version_gt(libctx, 3, 0, 12) - && fips_provider_version_lt(libctx, 3, 1, 0)) - || fips_provider_version_ge(libctx, 3, 1, 3); + EVP_CIPHER_CTX *ctx = NULL, *duped; + int fips_dupctx_supported = fips_provider_version_ge(libctx, 3, 2, 0); t->err = "TEST_FAILURE"; if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) @@ -717,7 +1109,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, expected_out = expected->plaintext; out_len = expected->plaintext_len; } - if (inp_misalign == (size_t)-1) { + if (in_place == 1) { /* Exercise in-place encryption */ tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH); if (!tmp) @@ -740,7 +1132,8 @@ static int cipher_test_enc(EVP_TEST *t, int enc, in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign, in, in_len); } - if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) { + if (!EVP_CipherInit_ex2(ctx_base, expected->cipher, NULL, NULL, enc, + initparams)) { t->err = "CIPHERINIT_ERROR"; goto err; } @@ -844,6 +1237,21 @@ static int cipher_test_enc(EVP_TEST *t, int enc, EVP_CIPHER_CTX_free(ctx_base); ctx_base = NULL; } + /* Likewise for dup */ + duped = EVP_CIPHER_CTX_dup(ctx); + if (duped != NULL) { + EVP_CIPHER_CTX_free(ctx); + ctx = duped; + } else { + if (fips_dupctx_supported) { + TEST_info("Doing a dup of Cipher %s Fails!\n", + EVP_CIPHER_get0_name(expected->cipher)); + ERR_print_errors_fp(stderr); + goto err; + } else { + TEST_info("Allowing dup fail as an old fips provider is in use."); + } + } ERR_pop_to_mark(); if (expected->mac_key != NULL @@ -875,15 +1283,26 @@ static int cipher_test_enc(EVP_TEST *t, int enc, if (expected->aad[0] != NULL && !expected->tls_aad) { t->err = "AAD_SET_ERROR"; if (!frag) { + /* Supply the data all in one go or according to data_chunk_size */ for (i = 0; expected->aad[i] != NULL; i++) { - if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], - expected->aad_len[i])) - goto err; + size_t aad_len = expected->aad_len[i]; + donelen = 0; + + do { + size_t current_aad_len = (size_t) data_chunk_size; + + if (data_chunk_size == 0 || (size_t) data_chunk_size > aad_len) + current_aad_len = aad_len; + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, + expected->aad[i] + donelen, + current_aad_len)) + goto err; + donelen += current_aad_len; + aad_len -= current_aad_len; + } while (aad_len > 0); } } else { - /* - * Supply the AAD in chunks less than the block size where possible - */ + /* Supply the AAD in chunks less than the block size where possible */ for (i = 0; expected->aad[i] != NULL; i++) { if (expected->aad_len[i] > 0) { if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], 1)) @@ -931,14 +1350,35 @@ static int cipher_test_enc(EVP_TEST *t, int enc, goto err; } } + if (expected->xts_standard != NULL) { + OSSL_PARAM params[2]; + params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD, + (char *)expected->xts_standard, 0); + params[1] = OSSL_PARAM_construct_end(); + if (!EVP_CIPHER_CTX_set_params(ctx, params)) { + t->err = "SET_XTS_STANDARD_ERROR"; + goto err; + } + } EVP_CIPHER_CTX_set_padding(ctx, 0); t->err = "CIPHERUPDATE_ERROR"; tmplen = 0; if (!frag) { - /* We supply the data all in one go */ - if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len)) - goto err; + do { + /* Supply the data all in one go or according to data_chunk_size */ + size_t current_in_len = (size_t) data_chunk_size; + + if (data_chunk_size == 0 || (size_t) data_chunk_size > in_len) + current_in_len = in_len; + if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, + in, current_in_len)) + goto err; + tmplen += chunklen; + in += current_in_len; + in_len -= current_in_len; + } while (in_len > 0); } else { /* Supply the data in chunks less than the block size where possible */ if (in_len > 0) { @@ -956,7 +1396,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, in += in_len - 1; in_len = 1; } - if (in_len > 0 ) { + if (in_len > 0) { if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, in, 1)) goto err; @@ -967,6 +1407,11 @@ static int cipher_test_enc(EVP_TEST *t, int enc, t->err = "CIPHERFINAL_ERROR"; goto err; } + if (!cipher_check_fips_approved(ctx, t)) { + t->err = "FIPSAPPROVED_ERROR"; + goto err; + } + if (!enc && expected->tls_aad) { if (expected->tls_version >= TLS1_1_VERSION && (EVP_CIPHER_is_a(expected->cipher, "AES-128-CBC-HMAC-SHA1") @@ -982,7 +1427,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, tmp + out_misalign, tmplen + tmpflen)) goto err; if (enc && expected->aead && !expected->tls_aad) { - unsigned char rtag[16]; + unsigned char rtag[48]; /* longest known for TLS_SHA384_SHA384 */ if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) { t->err = "TAG_LENGTH_INTERNAL_ERROR"; @@ -1024,15 +1469,17 @@ static int cipher_test_enc(EVP_TEST *t, int enc, static int cipher_test_run(EVP_TEST *t) { CIPHER_DATA *cdat = t->data; - int rv, frag = 0; + int rv, frag, fragmax, in_place; size_t out_misalign, inp_misalign; + OSSL_PARAM initparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t params_n = 0; TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher)); if (!cdat->key) { t->err = "NO_KEY"; return 0; } - if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) { + if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) { /* IV is optional and usually omitted in wrap mode */ if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { t->err = "NO_IV"; @@ -1043,66 +1490,64 @@ static int cipher_test_run(EVP_TEST *t) t->err = "NO_TAG"; return 0; } - for (out_misalign = 0; out_misalign <= 1;) { + + if (sk_OPENSSL_STRING_num(cdat->init_controls) > 0) { + if (!ctrl2params(t, cdat->init_controls, NULL, + initparams, OSSL_NELEM(initparams), ¶ms_n)) + return 0; + } + + fragmax = (cipher_test_valid_fragmentation(cdat) == 0) ? 0 : 1; + for (in_place = 1; in_place >= 0; in_place--) { static char aux_err[64]; + t->aux_err = aux_err; - for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) { - if (inp_misalign == (size_t)-1) { - /* kludge: inp_misalign == -1 means "exercise in-place" */ - BIO_snprintf(aux_err, sizeof(aux_err), - "%s in-place, %sfragmented", - out_misalign ? "misaligned" : "aligned", - frag ? "" : "not "); - } else { - BIO_snprintf(aux_err, sizeof(aux_err), - "%s output and %s input, %sfragmented", - out_misalign ? "misaligned" : "aligned", - inp_misalign ? "misaligned" : "aligned", - frag ? "" : "not "); - } - if (cdat->enc) { - rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag); - /* Not fatal errors: return */ - if (rv != 1) { - if (rv < 0) - return 0; - return 1; - } - } - if (cdat->enc != 1) { - rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag); - /* Not fatal errors: return */ - if (rv != 1) { - if (rv < 0) - return 0; - return 1; - } - } - } + /* Test only in-place data processing */ + if (process_mode_in_place == 1 && in_place == 0) + break; - if (out_misalign == 1 && frag == 0) { - /* - * XTS, SIV, CCM, stitched ciphers and Wrap modes have special - * requirements about input lengths so we don't fragment for those - */ - if (cdat->aead == EVP_CIPH_CCM_MODE - || cdat->aead == EVP_CIPH_CBC_MODE - || (cdat->aead == -1 - && EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_STREAM_CIPHER) - || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) - || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE - || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE - || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) + for (frag = 0; frag <= fragmax; frag++) { + if (frag == 1 && data_chunk_size != 0) break; - out_misalign = 0; - frag++; - } else { - out_misalign++; + for (out_misalign = 0; out_misalign <= 1; out_misalign++) { + for (inp_misalign = 0; inp_misalign <= 1; inp_misalign++) { + /* Skip input misalign tests for in-place processing */ + if (inp_misalign == 1 && in_place == 1) + break; + if (in_place == 1) { + BIO_snprintf(aux_err, sizeof(aux_err), + "%s in-place, %sfragmented", + out_misalign ? "misaligned" : "aligned", + frag ? "" : "not "); + } else { + BIO_snprintf(aux_err, sizeof(aux_err), + "%s output and %s input, %sfragmented", + out_misalign ? "misaligned" : "aligned", + inp_misalign ? "misaligned" : "aligned", + frag ? "" : "not "); + } + if (cdat->enc) { + rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, + frag, in_place, initparams); + if (rv != 1) + goto end; + } + if (cdat->enc != 1) { + rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, + frag, in_place, initparams); + if (rv != 1) + goto end; + } + } + } } } + ctrl2params_free(initparams, params_n, 0); t->aux_err = NULL; - return 1; + end: + ctrl2params_free(initparams, params_n, 0); + return (rv < 0 ? 0 : 1); } static const EVP_TEST_METHOD cipher_test_method = { @@ -1165,7 +1610,7 @@ static int mac_test_init(EVP_TEST *t, const char *alg) t->skip = 1; return 1; } - if ((mac = EVP_MAC_fetch(libctx, alg, NULL)) == NULL) { + if ((mac = EVP_MAC_fetch(libctx, alg, propquery)) == NULL) { /* * Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods * For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running @@ -1211,12 +1656,6 @@ static int mac_test_init(EVP_TEST *t, const char *alg) return 1; } -/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ -static void openssl_free(char *m) -{ - OPENSSL_free(m); -} - static void mac_test_cleanup(EVP_TEST *t) { MAC_DATA *mdat = t->data; @@ -1260,13 +1699,8 @@ static int mac_test_parse(EVP_TEST *t, return mdata->xof = 1; if (strcmp(keyword, "NoReinit") == 0) return mdata->no_reinit = 1; - if (strcmp(keyword, "Ctrl") == 0) { - char *data = OPENSSL_strdup(value); - - if (data == NULL) - return -1; - return sk_OPENSSL_STRING_push(mdata->controls, data) != 0; - } + if (strcmp(keyword, "Ctrl") == 0) + return ctrladd(mdata->controls, value); if (strcmp(keyword, "OutputSize") == 0) { mdata->output_size = atoi(value); if (mdata->output_size < 0) @@ -1316,6 +1750,7 @@ static int mac_test_run_pkey(EVP_TEST *t) unsigned char *got = NULL; size_t got_len; int i; + size_t input_len, donelen; /* We don't do XOF mode via PKEY */ if (expected->xof) @@ -1342,7 +1777,7 @@ static int mac_test_run_pkey(EVP_TEST *t) t->err = NULL; goto err; } - if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, NULL))) { + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, expected->alg, propquery))) { t->err = "MAC_KEY_CREATE_ERROR"; goto err; } @@ -1385,10 +1820,21 @@ static int mac_test_run_pkey(EVP_TEST *t) t->err = "EVPPKEYCTXCTRL_ERROR"; goto err; } - if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) { - t->err = "DIGESTSIGNUPDATE_ERROR"; - goto err; - } + input_len = expected->input_len; + donelen = 0; + do { + size_t current_len = (size_t) data_chunk_size; + + if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) + current_len = input_len; + if (!EVP_DigestSignUpdate(mctx, expected->input + donelen, current_len)) { + t->err = "DIGESTSIGNUPDATE_ERROR"; + goto err; + } + donelen += current_len; + input_len -= current_len; + } while (input_len > 0); + if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) { t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; goto err; @@ -1421,14 +1867,15 @@ static int mac_test_run_mac(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = 0, size = 0; size_t size_before_init = 0, size_after_init, size_val = 0; - int i, block_size = -1, output_size = -1; - OSSL_PARAM params[21], sizes[3], *psizes = sizes; + int block_size = -1, output_size = -1; + OSSL_PARAM params[21], sizes[3], *psizes = sizes, *p; size_t params_n = 0; size_t params_n_allocstart = 0; const OSSL_PARAM *defined_params = EVP_MAC_settable_ctx_params(expected->mac); int xof; int reinit = 1; + size_t input_len, donelen ; if (expected->alg == NULL) TEST_info("Trying the EVP_MAC %s test", expected->mac_name); @@ -1487,51 +1934,27 @@ static int mac_test_run_mac(EVP_TEST *t) expected->iv, expected->iv_len); - /* Unknown controls. They must match parameters that the MAC recognizes */ - if (params_n + sk_OPENSSL_STRING_num(expected->controls) - >= OSSL_NELEM(params)) { - t->err = "MAC_TOO_MANY_PARAMETERS"; - goto err; - } params_n_allocstart = params_n; - for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { - char *tmpkey, *tmpval; - char *value = sk_OPENSSL_STRING_value(expected->controls, i); - - if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) { - t->err = "MAC_PARAM_ERROR"; - goto err; - } - tmpval = strchr(tmpkey, ':'); - if (tmpval != NULL) - *tmpval++ = '\0'; + if (!ctrl2params(t, expected->controls, defined_params, + params, OSSL_NELEM(params), ¶ms_n)) + goto err; - if (tmpval == NULL - || !OSSL_PARAM_allocate_from_text(¶ms[params_n], - defined_params, - tmpkey, tmpval, - strlen(tmpval), NULL)) { - OPENSSL_free(tmpkey); - t->err = "MAC_PARAM_ERROR"; + p = OSSL_PARAM_locate(params + params_n_allocstart, "size"); + if (p != NULL) { + if (!OSSL_PARAM_get_size_t(p, &size_val)) goto err; - } - params_n++; - - if (strcmp(tmpkey, "size") == 0) - size_val = (size_t)strtoul(tmpval, NULL, 0); - - OPENSSL_free(tmpkey); } - params[params_n] = OSSL_PARAM_construct_end(); if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { t->err = "MAC_CREATE_ERROR"; goto err; } - if (fips_provider_version_gt(libctx, 3, 1, 4) - || (fips_provider_version_lt(libctx, 3, 1, 0) - && fips_provider_version_gt(libctx, 3, 0, 12))) + if (fips_provider_version_gt(libctx, 3, 2, 0)) { + /* HMAC will put an error on the stack here (digest is not set yet) */ + ERR_set_mark(); size_before_init = EVP_MAC_CTX_get_mac_size(ctx); + ERR_pop_to_mark(); + } if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { t->err = "MAC_INIT_ERROR"; goto err; @@ -1577,10 +2000,21 @@ static int mac_test_run_mac(EVP_TEST *t) } } retry: - if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) { - t->err = "MAC_UPDATE_ERROR"; - goto err; - } + input_len = expected->input_len; + donelen = 0; + do { + size_t current_len = (size_t) data_chunk_size; + + if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) + current_len = input_len; + if (!EVP_MAC_update(ctx, expected->input + donelen, current_len)) { + t->err = "MAC_UPDATE_ERROR"; + goto err; + } + donelen += current_len; + input_len -= current_len; + } while (input_len > 0); + xof = expected->xof; if (xof) { if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) { @@ -1610,6 +2044,8 @@ static int mac_test_run_mac(EVP_TEST *t) t->err = "TEST_MAC_ERR"; goto err; } + if (!mac_check_fips_approved(ctx, t)) + goto err; } /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */ if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) { @@ -1662,9 +2098,7 @@ static int mac_test_run_mac(EVP_TEST *t) } } err: - while (params_n-- > params_n_allocstart) { - OPENSSL_free(params[params_n].data); - } + ctrl2params_free(params, params_n, params_n_allocstart); EVP_MAC_CTX_free(ctx); OPENSSL_free(got); return 1; @@ -1687,6 +2121,316 @@ static const EVP_TEST_METHOD mac_test_method = { mac_test_run }; +typedef struct kem_data_st { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + const char *op; + /* Input to decapsulate */ + unsigned char *input; + size_t inputlen; + /* Expected secret */ + unsigned char *output; + size_t outputlen; + STACK_OF(OPENSSL_STRING) *init_ctrls; + /* Algorithm name */ + char *algname; + /* Name of previously generated key */ + char *keyname; + /* Encoded public key */ + unsigned char *encoded_pub_key; + size_t encoded_pub_key_len; + /* Encoded private key */ + unsigned char *encoded_priv_key; + size_t encoded_priv_key_len; + /* Entropy for encapsulation */ + unsigned char *entropy; + size_t entropylen; + /* Ciphertext */ + unsigned char *ciphertext; + size_t ciphertext_len; +} KEM_DATA; + +static int kem_test_init(EVP_TEST *t, const char *alg) +{ + KEM_DATA *kdata = NULL; + EVP_PKEY *pkey = NULL; + + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))) + || !TEST_ptr(kdata->algname = OPENSSL_strdup(alg))) + goto err; + + kdata->init_ctrls = sk_OPENSSL_STRING_new_null(); + t->data = kdata; + return 1; +err: + EVP_PKEY_free(pkey); + OPENSSL_free(kdata); + return 0; +} + +static void kem_test_cleanup(EVP_TEST *t) +{ + KEM_DATA *kdata = t->data; + + ctrlfree(kdata->init_ctrls); + OPENSSL_free(kdata->input); + OPENSSL_free(kdata->output); + OPENSSL_free(kdata->algname); + OPENSSL_free(kdata->keyname); + OPENSSL_free(kdata->encoded_pub_key); + OPENSSL_free(kdata->encoded_priv_key); + OPENSSL_free(kdata->entropy); + OPENSSL_free(kdata->ciphertext); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int kem_test_parse(EVP_TEST *t, const char *keyword, const char *value) +{ + KEM_DATA *kdata = t->data; + + if (strcmp(keyword, "Op") == 0) { + kdata->op = value; + return 1; + } + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(kdata->init_ctrls, value); + if (strcmp(keyword, "Input") == 0) + return parse_bin(value, &kdata->input, &kdata->inputlen); + if (strcmp(keyword, "Output") == 0) + return parse_bin(value, &kdata->output, &kdata->outputlen); + if (strcmp(keyword, "EncodedPublicKey") == 0) + return parse_bin(value, &kdata->encoded_pub_key, + &kdata->encoded_pub_key_len); + if (strcmp(keyword, "EncodedPrivateKey") == 0) + return parse_bin(value, &kdata->encoded_priv_key, + &kdata->encoded_priv_key_len); + if (strcmp(keyword, "Entropy") == 0) + return parse_bin(value, &kdata->entropy, &kdata->entropylen); + if (strcmp(keyword, "Ciphertext") == 0) + return parse_bin(value, &kdata->ciphertext, &kdata->ciphertext_len); + if (strcmp(keyword, "KeyName") == 0) + return TEST_ptr(kdata->keyname = OPENSSL_strdup(value)); + return 1; +} + +static int encapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op, + unsigned char **outwrapped, size_t *outwrappedlen, + unsigned char **outsecret, size_t *outsecretlen) +{ + int ret = 0; + KEM_DATA *kdata = t->data; + unsigned char *wrapped = NULL, *secret = NULL; + size_t wrappedlen = 0, secretlen = 0; + OSSL_PARAM params[10]; + size_t params_n = 0; + /* Reserve space for the terminator and possibly IKME */ + const size_t params_max = OSSL_NELEM(params) - 1 - (kdata->entropy != NULL); + + if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) + if (!ctrl2params(t, kdata->init_ctrls, NULL, params, params_max, + ¶ms_n)) + goto err; + + /* We don't expect very many controls here */ + if (!TEST_size_t_lt(params_n, params_max)) + goto err; + + if (kdata->entropy != NULL) + /* Input key material a.k.a entropy */ + params[params_n++] = + OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME, + kdata->entropy, + kdata->entropylen); + params[params_n] = OSSL_PARAM_construct_end(); + + if (EVP_PKEY_encapsulate_init(ctx, params) <= 0) { + t->err = "TEST_ENCAPSULATE_INIT_ERROR"; + goto ok; + } + + if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) { + t->err = "TEST_SET_KEM_OP_ERROR"; + goto ok; + } + if (EVP_PKEY_encapsulate(ctx, NULL, &wrappedlen, NULL, &secretlen) <= 0) { + t->err = "TEST_ENCAPSULATE_LEN_ERROR"; + goto ok; + } + wrapped = OPENSSL_malloc(wrappedlen); + secret = OPENSSL_malloc(secretlen); + if (!TEST_ptr(wrapped) || !TEST_ptr(secret)) { + ret = 0; + goto err; + } + if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0) { + t->err = "TEST_ENCAPSULATE_ERROR"; + goto ok; + } + ret = pkey_check_fips_approved(ctx, t); + + if (kdata->ciphertext != NULL + && !TEST_mem_eq(wrapped, wrappedlen, kdata->ciphertext, kdata->ciphertext_len)) { + ret = 0; + goto err; + } + + if (kdata->output != NULL + && !TEST_mem_eq(secret, secretlen, kdata->output, kdata->outputlen)) { + ret = 0; + goto err; + } + + if (ret == 0) + goto err; + + t->err = NULL; + *outwrapped = wrapped; + *outsecret = secret; + *outwrappedlen = wrappedlen; + *outsecretlen = secretlen; +ok: + ret = 1; +err: + if (ret == 0) { + OPENSSL_free(wrapped); + OPENSSL_free(secret); + } + if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) + ctrl2params_free(params, params_n, 0); + return ret; +} + +static int decapsulate(EVP_TEST *t, EVP_PKEY_CTX *ctx, const char *op, + const unsigned char *in, size_t inlen, + const unsigned char *expected, size_t expectedlen) +{ + int ret = 0; + KEM_DATA *kdata = t->data; + size_t outlen = 0; + unsigned char *out = NULL; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM *p = NULL; + size_t params_n = 0, params_n_allocated = 0; + + if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) { + if (!ctrl2params(t, kdata->init_ctrls, NULL, + params, 2, ¶ms_n)) + goto err; + p = params; + } + + if (EVP_PKEY_decapsulate_init(ctx, p) <= 0) { + t->err = "TEST_DECAPSULATE_INIT_ERROR"; + goto ok; + } + + if (op != NULL && EVP_PKEY_CTX_set_kem_op(ctx, op) <= 0) { + t->err = "TEST_SET_KEM_OP_ERROR"; + goto ok; + } + if (EVP_PKEY_decapsulate(ctx, NULL, &outlen, in, inlen) <= 0) { + t->err = "TEST_DECAPSULATE_LEN_ERROR"; + goto ok; + } + if (!TEST_ptr(out = OPENSSL_malloc(outlen))) { + ret = 0; + goto err; + } + + if (EVP_PKEY_decapsulate(ctx, out, &outlen, in, inlen) <= 0) { + t->err = "TEST_DECAPSULATE_ERROR"; + goto err; + } + if (!TEST_mem_eq(out, outlen, expected, expectedlen)) { + t->err = "TEST_SECRET_MISMATCH"; + goto ok; + } + t->err = NULL; +ok: + ret = 1; +err: + OPENSSL_free(out); + if (sk_OPENSSL_STRING_num(kdata->init_ctrls) > 0) + ctrl2params_free(params, params_n, params_n_allocated); + return ret; +} + +static int kem_test_run(EVP_TEST *t) +{ + int ret = 0, found_key = 0; + EVP_PKEY *pkey = NULL; + KEM_DATA *kdata = t->data; + unsigned char *wrapped = NULL, *secret = NULL; + + /* Generate either public or private key based on given params */ + if (kdata->keyname != NULL) { + /* Previously generated private key */ + found_key = find_key(&pkey, kdata->keyname, private_keys); + if (found_key == 0 || pkey == NULL) { + TEST_info("skipping, key '%s' is disabled", kdata->keyname); + t->skip = 1; + goto ok; + } + } else if (kdata->encoded_pub_key != NULL) { + /* Encoded public key */ + if ((pkey = EVP_PKEY_new_raw_public_key_ex(libctx, kdata->algname, + propquery, + kdata->encoded_pub_key, + kdata->encoded_pub_key_len)) == NULL) { + t->err = "TEST_PARSE_PUBLIC_KEY_ERROR"; + goto ok; + } + } else if (kdata->encoded_priv_key != NULL) { + /* Encoded private key */ + if ((pkey = EVP_PKEY_new_raw_private_key_ex(libctx, kdata->algname, + propquery, + kdata->encoded_priv_key, + kdata->encoded_priv_key_len)) == NULL) { + t->err = "TEST_PARSE_PRIVATE_KEY_ERROR"; + goto ok; + } + } else { + TEST_info("Missing parameters to create key"); + goto err; + } + + if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) + goto err; + + if (kdata->input == NULL) { + size_t wrappedlen = 0, secretlen = 0; + + ret = encapsulate(t, kdata->ctx, kdata->op, &wrapped, &wrappedlen, + &secret, &secretlen); + if (ret == 0 || t->err != NULL) + goto err; + + /* Also attempt to decrypt if we have the private key */ + if (found_key || kdata->encoded_priv_key != NULL) + ret = decapsulate(t, kdata->ctx, kdata->op, wrapped, wrappedlen, + secret, secretlen); + } else { + ret = decapsulate(t, kdata->ctx, kdata->op, kdata->input, kdata->inputlen, + kdata->output, kdata->outputlen); + } + +ok: + ret = 1; +err: + if (!found_key) + EVP_PKEY_free(pkey); + OPENSSL_free(wrapped); + OPENSSL_free(secret); + return ret; +} + +static const EVP_TEST_METHOD pkey_kem_test_method = { + "Kem", + kem_test_init, + kem_test_cleanup, + kem_test_parse, + kem_test_run +}; /** ** PUBLIC KEY TESTS @@ -1696,7 +2440,12 @@ static const EVP_TEST_METHOD mac_test_method = { typedef struct pkey_data_st { /* Context for this operation */ EVP_PKEY_CTX *ctx; + /* Signature algo for such operations */ + EVP_SIGNATURE *sigalgo; /* Key operation to perform */ + int (*keyopinit) (EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); + int (*keyopinit_ex2) (EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo, + const OSSL_PARAM params[]); int (*keyop) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); @@ -1706,30 +2455,29 @@ typedef struct pkey_data_st { /* Expected output */ unsigned char *output; size_t output_len; + STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ + STACK_OF(OPENSSL_STRING) *controls; /* collection of controls */ + EVP_PKEY *peer; + int validate; } PKEY_DATA; /* * Perform public key operation setup: lookup key, allocated ctx and call * the appropriate initialisation function */ -static int pkey_test_init(EVP_TEST *t, const char *name, - int use_public, - int (*keyopinit) (EVP_PKEY_CTX *ctx), - int (*keyop)(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) +static int pkey_test_init_keyctx(EVP_TEST *t, const char *keyname, + int use_public) { PKEY_DATA *kdata; EVP_PKEY *pkey = NULL; int rv = 0; if (use_public) - rv = find_key(&pkey, name, public_keys); + rv = find_key(&pkey, keyname, public_keys); if (rv == 0) - rv = find_key(&pkey, name, private_keys); + rv = find_key(&pkey, keyname, private_keys); if (rv == 0 || pkey == NULL) { - TEST_info("skipping, key '%s' is disabled", name); + TEST_info("skipping, key '%s' is disabled", keyname); t->skip = 1; return 1; } @@ -1738,25 +2486,92 @@ static int pkey_test_init(EVP_TEST *t, const char *name, EVP_PKEY_free(pkey); return 0; } - kdata->keyop = keyop; - if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL))) { + if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) { EVP_PKEY_free(pkey); OPENSSL_free(kdata); return 0; } - if (keyopinit(kdata->ctx) <= 0) - t->err = "KEYOP_INIT_ERROR"; t->data = kdata; return 1; } +static int pkey_test_init(EVP_TEST *t, const char *name, + int use_public, + int (*keyopinit) (EVP_PKEY_CTX *ctx, + const OSSL_PARAM params[]), + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + PKEY_DATA *kdata = NULL; + int rv = 0; + + rv = pkey_test_init_keyctx(t, name, use_public); + if (t->skip || !rv) + return rv; + kdata = t->data; + kdata->keyopinit = keyopinit; + kdata->keyop = keyop; + kdata->init_controls = sk_OPENSSL_STRING_new_null(); + kdata->controls = sk_OPENSSL_STRING_new_null(); + return 1; +} + +static int pkey_test_init_ex2(EVP_TEST *t, const char *name, + int use_public, + int (*keyopinit)(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, + const OSSL_PARAM param[]), + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + PKEY_DATA *kdata = NULL; + int rv = 0; + char algoname[OSSL_MAX_NAME_SIZE + 1]; + const char *p; + + if ((p = strchr(name, ':')) == NULL + || p == name || p[1] == '\0' || p - name > OSSL_MAX_NAME_SIZE) { + TEST_info("Can't extract algorithm or key name from '%s'", name); + return 0; + } + memcpy(algoname, name, p - name); + algoname[p - name] = '\0'; + + if (is_pkey_disabled(algoname)) { + t->skip = 1; + return 1; + } + + rv = pkey_test_init_keyctx(t, /* keyname */ p + 1, use_public); + if (t->skip || !rv) + return rv; + kdata = t->data; + kdata->keyopinit_ex2 = keyopinit; + kdata->keyop = keyop; + if (!TEST_ptr(kdata->sigalgo + = EVP_SIGNATURE_fetch(libctx, algoname, propquery))) { + TEST_info("algoname = '%s'", algoname); + return 0; + } + kdata->init_controls = sk_OPENSSL_STRING_new_null(); + kdata->controls = sk_OPENSSL_STRING_new_null(); + return 1; +} + static void pkey_test_cleanup(EVP_TEST *t) { PKEY_DATA *kdata = t->data; + ctrlfree(kdata->init_controls); + ctrlfree(kdata->controls); OPENSSL_free(kdata->input); OPENSSL_free(kdata->output); EVP_PKEY_CTX_free(kdata->ctx); + EVP_SIGNATURE_free(kdata->sigalgo); } static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, @@ -1789,6 +2604,27 @@ static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, return rv > 0; } +static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, + const char *value) +{ + char *p; + + if (controls == NULL) + return 0; + + p = strchr(value, ':'); + if (p == NULL) + return 0; + p++; + if (is_digest_disabled(p) || is_cipher_disabled(p)) { + TEST_info("skipping, '%s' is disabled", p); + t->skip = 1; + return 1; + } + + return ctrladd(controls, value) > 0; +} + static int pkey_test_parse(EVP_TEST *t, const char *keyword, const char *value) { @@ -1797,11 +2633,58 @@ static int pkey_test_parse(EVP_TEST *t, return parse_bin(value, &kdata->input, &kdata->input_len); if (strcmp(keyword, "Output") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(kdata->init_controls, value); if (strcmp(keyword, "Ctrl") == 0) - return pkey_test_ctrl(t, kdata->ctx, value); + return pkey_add_control(t, kdata->controls, value); return 0; } +static int pkey_test_run_init(EVP_TEST *t) +{ + PKEY_DATA *data = t->data; + int i, ret = 0; + OSSL_PARAM params[5] = { + OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, + OSSL_PARAM_END, OSSL_PARAM_END + }; + OSSL_PARAM *p = NULL; + size_t params_n = 0, params_n_allocstart = 0; + + if (sk_OPENSSL_STRING_num(data->init_controls) > 0) { + if (!ctrl2params(t, data->init_controls, + NULL, + params, OSSL_NELEM(params), ¶ms_n)) + goto err; + p = params; + } + if (data->keyopinit != NULL) { + if (data->keyopinit(data->ctx, p) <= 0) { + t->err = "KEYOP_INIT_ERROR"; + goto err; + } + } else if (data->keyopinit_ex2 != NULL) { + if (data->keyopinit_ex2(data->ctx, data->sigalgo, p) <= 0) { + t->err = "KEYOP_INIT_ERROR"; + goto err; + } + } else { + t->err = "KEYOP_INIT_ERROR"; + goto err; + } + + for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) { + char *value = sk_OPENSSL_STRING_value(data->controls, i); + + if (!pkey_test_ctrl(t, data->ctx, value) || t->err != NULL) + goto err; + } + ret = 1; +err: + ctrl2params_free(params, params_n, params_n_allocstart); + return ret; +} + static int pkey_test_run(EVP_TEST *t) { PKEY_DATA *expected = t->data; @@ -1809,6 +2692,15 @@ static int pkey_test_run(EVP_TEST *t) size_t got_len; EVP_PKEY_CTX *copy = NULL; + if (!pkey_test_run_init(t)) + goto err; + + /* Make a copy of the EVP_PKEY context, for repeat use further down */ + if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { + t->err = "INTERNAL_ERROR"; + goto err; + } + if (expected->keyop(expected->ctx, NULL, &got_len, expected->input, expected->input_len) <= 0 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { @@ -1820,6 +2712,7 @@ static int pkey_test_run(EVP_TEST *t) t->err = "KEYOP_ERROR"; goto err; } + if (!memory_err_compare(t, "KEYOP_MISMATCH", expected->output, expected->output_len, got, got_len)) @@ -1829,11 +2722,7 @@ static int pkey_test_run(EVP_TEST *t) OPENSSL_free(got); got = NULL; - /* Repeat the test on a copy. */ - if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { - t->err = "INTERNAL_ERROR"; - goto err; - } + /* Repeat the test on the EVP_PKEY context copy. */ if (expected->keyop(copy, NULL, &got_len, expected->input, expected->input_len) <= 0 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { @@ -1850,15 +2739,114 @@ static int pkey_test_run(EVP_TEST *t) got, got_len)) goto err; + if (pkey_check_fips_approved(expected->ctx, t) <= 0) + goto err; + err: OPENSSL_free(got); EVP_PKEY_CTX_free(copy); return 1; } +static int pkey_fromdata_test_init(EVP_TEST *t, const char *name) +{ + PKEY_DATA *kdata = NULL; + + if (is_pkey_disabled(name)) { + TEST_info("skipping, '%s' is disabled", name); + t->skip = 1; + return 1; + } + + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) + return 0; + kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, ""); + if (kdata->ctx == NULL) + goto err; + if (EVP_PKEY_fromdata_init(kdata->ctx) <= 0) + goto err; + kdata->controls = sk_OPENSSL_STRING_new_null(); + if (kdata->controls == NULL) + goto err; + t->data = kdata; + return 1; + err: + EVP_PKEY_CTX_free(kdata->ctx); + OPENSSL_free(kdata); + return 0; +} + +static void pkey_fromdata_test_cleanup(EVP_TEST *t) +{ + PKEY_DATA *kdata = t->data; + + ctrlfree(kdata->controls); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int pkey_fromdata_test_parse(EVP_TEST *t, + const char *keyword, const char *value) +{ + PKEY_DATA *kdata = t->data; + + if (strcmp(keyword, "Ctrl") == 0) + return pkey_add_control(t, kdata->controls, value); + return 0; +} + +static int pkey_fromdata_test_run(EVP_TEST *t) +{ + EVP_PKEY *key = NULL; + PKEY_DATA *kdata = t->data; + int ret = 0; + static const OSSL_PARAM key_settable_ctx_params[] = { + OSSL_PARAM_octet_string("priv", NULL, 0), + OSSL_PARAM_octet_string("pub", NULL, 0), + OSSL_PARAM_END + }; + OSSL_PARAM params[5] = { + OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, + OSSL_PARAM_END, OSSL_PARAM_END + }; + OSSL_PARAM *p = NULL; + size_t params_n = 0, params_n_allocstart = 0; + + if (sk_OPENSSL_STRING_num(kdata->controls) > 0) { + if (!ctrl2params(t, kdata->controls, key_settable_ctx_params, + params, OSSL_NELEM(params), ¶ms_n)) + goto err; + p = params; + } + + ret = 1; + if (EVP_PKEY_fromdata(kdata->ctx, &key, EVP_PKEY_KEYPAIR, p) <= 0) { + t->err = "KEY_FROMDATA_ERROR"; + goto err; + } +err: + ctrl2params_free(params, params_n, params_n_allocstart); + EVP_PKEY_free(key); + return ret; +} + +static const EVP_TEST_METHOD pkey_fromdata_test_method = { + "KeyFromData", + pkey_fromdata_test_init, + pkey_fromdata_test_cleanup, + pkey_fromdata_test_parse, + pkey_fromdata_test_run +}; + +/* + * "Sign" implies EVP_PKEY_sign_init_ex2() if the argument is a colon-separated + * pair, {algorithm}:{key}. If not, it implies EVP_PKEY_sign_init_ex() + */ static int sign_test_init(EVP_TEST *t, const char *name) { - return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); + if (strchr(name, ':') != NULL) + return pkey_test_init_ex2(t, name, 0, + EVP_PKEY_sign_init_ex2, EVP_PKEY_sign); + return pkey_test_init(t, name, 0, EVP_PKEY_sign_init_ex, EVP_PKEY_sign); } static const EVP_TEST_METHOD psign_test_method = { @@ -1869,9 +2857,36 @@ static const EVP_TEST_METHOD psign_test_method = { pkey_test_run }; +/* + * "Sign-Message" is like "Sign", but uses EVP_PKEY_sign_message_init() + * The argument must be a colon separated pair, {algorithm}:{key} + */ +static int sign_test_message_init(EVP_TEST *t, const char *name) +{ + return pkey_test_init_ex2(t, name, 0, + EVP_PKEY_sign_message_init, EVP_PKEY_sign); +} + +static const EVP_TEST_METHOD psign_message_test_method = { + "Sign-Message", + sign_test_message_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +/* + * "VerifyRecover" implies EVP_PKEY_verify_recover_init_ex2() if the argument is a + * colon-separated pair, {algorithm}:{key}. + * If not, it implies EVP_PKEY_verify_recover_init_ex() + */ static int verify_recover_test_init(EVP_TEST *t, const char *name) { - return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, + if (strchr(name, ':') != NULL) + return pkey_test_init_ex2(t, name, 1, + EVP_PKEY_verify_recover_init_ex2, + EVP_PKEY_verify_recover); + return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init_ex, EVP_PKEY_verify_recover); } @@ -1885,7 +2900,7 @@ static const EVP_TEST_METHOD pverify_recover_test_method = { static int decrypt_test_init(EVP_TEST *t, const char *name) { - return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, + return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init_ex, EVP_PKEY_decrypt); } @@ -1897,19 +2912,35 @@ static const EVP_TEST_METHOD pdecrypt_test_method = { pkey_test_run }; +/* + * "Verify" implies EVP_PKEY_verify_init_ex2() if the argument is a + * colon-separated pair, {algorithm}:{key}. + * If not, it implies EVP_PKEY_verify_init_ex() + */ static int verify_test_init(EVP_TEST *t, const char *name) { - return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); + if (strchr(name, ':') != NULL) + return pkey_test_init_ex2(t, name, 1, + EVP_PKEY_verify_init_ex2, NULL); + return pkey_test_init(t, name, 1, EVP_PKEY_verify_init_ex, NULL); } static int verify_test_run(EVP_TEST *t) { + int ret = 1; PKEY_DATA *kdata = t->data; + if (!pkey_test_run_init(t)) + goto err; if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, - kdata->input, kdata->input_len) <= 0) + kdata->input, kdata->input_len) <= 0) { t->err = "VERIFY_ERROR"; - return 1; + goto err; + } + if (!pkey_check_fips_approved(kdata->ctx, t)) + ret = 0; +err: + return ret; } static const EVP_TEST_METHOD pverify_test_method = { @@ -1920,9 +2951,46 @@ static const EVP_TEST_METHOD pverify_test_method = { verify_test_run }; +/* + * "Verify-Message" is like "Verify", but uses EVP_PKEY_verify_message_init() + * The argument must be a colon separated pair, {algorithm}:{key} + */ +static int verify_message_test_init(EVP_TEST *t, const char *name) +{ + return pkey_test_init_ex2(t, name, 0, + EVP_PKEY_verify_message_init, NULL); +} + +static const EVP_TEST_METHOD pverify_message_test_method = { + "Verify-Message", + verify_message_test_init, + pkey_test_cleanup, + pkey_test_parse, + verify_test_run +}; + +/* + * "Verify-Message-Public" is like "Verify-Message", but uses a public key + * instead of a private key. + * The argument must be a colon separated pair, {algorithm}:{key} + */ +static int verify_message_public_test_init(EVP_TEST *t, const char *name) +{ + return pkey_test_init_ex2(t, name, 1, + EVP_PKEY_verify_message_init, NULL); +} + +static const EVP_TEST_METHOD pverify_message_public_test_method = { + "Verify-Message-Public", + verify_message_public_test_init, + pkey_test_cleanup, + pkey_test_parse, + verify_test_run +}; + static int pderive_test_init(EVP_TEST *t, const char *name) { - return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0); + return pkey_test_init(t, name, 0, EVP_PKEY_derive_init_ex, 0); } static int pderive_test_parse(EVP_TEST *t, @@ -1935,65 +3003,20 @@ static int pderive_test_parse(EVP_TEST *t, validate = 1; if (validate || strcmp(keyword, "PeerKey") == 0) { - EVP_PKEY *peer; + EVP_PKEY *peer = NULL; + + kdata->validate = validate; if (find_key(&peer, value, public_keys) == 0) return -1; - if (EVP_PKEY_derive_set_peer_ex(kdata->ctx, peer, validate) <= 0) { - t->err = "DERIVE_SET_PEER_ERROR"; - return 1; - } - t->err = NULL; + kdata->peer = peer; return 1; } if (strcmp(keyword, "SharedSecret") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); if (strcmp(keyword, "Ctrl") == 0) - return pkey_test_ctrl(t, kdata->ctx, value); - if (strcmp(keyword, "KDFType") == 0) { - OSSL_PARAM params[2]; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, - (char *)value, 0); - params[1] = OSSL_PARAM_construct_end(); - if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) - return -1; - return 1; - } - if (strcmp(keyword, "KDFDigest") == 0) { - OSSL_PARAM params[2]; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, - (char *)value, 0); - params[1] = OSSL_PARAM_construct_end(); - if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) - return -1; - return 1; - } - if (strcmp(keyword, "CEKAlg") == 0) { - OSSL_PARAM params[2]; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, - (char *)value, 0); - params[1] = OSSL_PARAM_construct_end(); - if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) - return -1; - return 1; - } - if (strcmp(keyword, "KDFOutlen") == 0) { - OSSL_PARAM params[2]; - char *endptr; - size_t outlen = (size_t)strtoul(value, &endptr, 0); - - if (endptr[0] != '\0') - return -1; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &outlen); - params[1] = OSSL_PARAM_construct_end(); - if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) - return -1; - return 1; - } + return pkey_add_control(t, kdata->controls, value); + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(kdata->init_controls, value); return 0; } @@ -2003,6 +3026,17 @@ static int pderive_test_run(EVP_TEST *t) PKEY_DATA *expected = t->data; unsigned char *got = NULL; size_t got_len; + int ret = 1; + + if (!pkey_test_run_init(t)) + goto err; + + t->err = NULL; + if (EVP_PKEY_derive_set_peer_ex(expected->ctx, expected->peer, + expected->validate) <= 0) { + t->err = "DERIVE_SET_PEER_ERROR"; + goto err; + } if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) { t->err = "DERIVE_ERROR"; @@ -2027,11 +3061,15 @@ static int pderive_test_run(EVP_TEST *t) got, got_len)) goto err; + if (!pkey_check_fips_approved(dctx, t)) { + ret = 0; + goto err; + } t->err = NULL; err: OPENSSL_free(got); EVP_PKEY_CTX_free(dctx); - return 1; + return ret; } static const EVP_TEST_METHOD pderive_test_method = { @@ -2042,7 +3080,6 @@ static const EVP_TEST_METHOD pderive_test_method = { pderive_test_run }; - /** ** PBE TESTS **/ @@ -2238,7 +3275,7 @@ static int pbe_test_run(EVP_TEST *t) #endif } else if (expected->pbe_type == PBE_TYPE_PKCS12) { fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md), - NULL); + propquery); if (fetched_digest == NULL) { t->err = "PKCS12_ERROR"; goto err; @@ -2346,6 +3383,7 @@ static int encode_test_run(EVP_TEST *t) unsigned char *encode_out = NULL, *decode_out = NULL; int output_len, chunk_len; EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL; + size_t input_len, donelen, decode_length; if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { t->err = "INTERNAL_ERROR"; @@ -2360,13 +3398,25 @@ static int encode_test_run(EVP_TEST *t) goto err; EVP_EncodeInit(encode_ctx); - if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, - expected->input, expected->input_len))) - goto err; - output_len = chunk_len; + input_len = expected->input_len; + donelen = 0; + output_len = 0; + do { + size_t current_len = (size_t) data_chunk_size; + + if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) + current_len = input_len; + if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, + expected->input + donelen, + current_len))) + goto err; + donelen += current_len; + input_len -= current_len; + output_len += chunk_len; + } while (input_len > 0); - EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); + EVP_EncodeFinal(encode_ctx, encode_out + output_len, &chunk_len); output_len += chunk_len; if (!memory_err_compare(t, "BAD_ENCODING", @@ -2375,19 +3425,36 @@ static int encode_test_run(EVP_TEST *t) goto err; } - if (!TEST_ptr(decode_out = - OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len)))) + decode_length = EVP_DECODE_LENGTH(expected->output_len); + if (!TEST_ptr(decode_out = OPENSSL_malloc(decode_length))) goto err; + /* + * Fill memory with non-zeros + * to check that decoding does not place redundant zeros. + */ + memset(decode_out, 0xff, decode_length); + output_len = 0; EVP_DecodeInit(decode_ctx); - if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output, - expected->output_len) < 0) { - t->err = "DECODE_ERROR"; - goto err; - } - output_len = chunk_len; - if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { + input_len = expected->output_len; + donelen = 0; + do { + size_t current_len = (size_t) data_chunk_size; + + if (data_chunk_size == 0 || (size_t) data_chunk_size > input_len) + current_len = input_len; + if (EVP_DecodeUpdate(decode_ctx, decode_out + output_len, &chunk_len, + expected->output + donelen, current_len) < 0) { + t->err = "DECODE_ERROR"; + goto err; + } + donelen += current_len; + input_len -= current_len; + output_len += chunk_len; + } while (input_len > 0); + + if (EVP_DecodeFinal(decode_ctx, decode_out + output_len, &chunk_len) != 1) { t->err = "DECODE_ERROR"; goto err; } @@ -2401,6 +3468,13 @@ static int encode_test_run(EVP_TEST *t) goto err; } + for (; output_len < (int)decode_length; output_len++) { + if (decode_out[output_len] != 0xff) { + t->err = "BAD_DECODING"; + goto err; + } + } + t->err = NULL; err: OPENSSL_free(encode_out); @@ -2450,6 +3524,7 @@ typedef struct rand_data_st { unsigned int generate_bits; char *cipher; char *digest; + STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ /* Expected output */ RAND_DATA_PASS data[MAX_RAND_REPEATS]; @@ -2478,13 +3553,14 @@ static int rand_test_init(EVP_TEST *t, const char *name) if (!EVP_RAND_CTX_set_params(rdata->parent, params)) goto err; - rand = EVP_RAND_fetch(libctx, name, NULL); + rand = EVP_RAND_fetch(libctx, name, propquery); if (rand == NULL) goto err; rdata->ctx = EVP_RAND_CTX_new(rand, rdata->parent); EVP_RAND_free(rand); if (rdata->ctx == NULL) goto err; + rdata->init_controls = sk_OPENSSL_STRING_new_null(); rdata->n = -1; t->data = rdata; @@ -2500,6 +3576,7 @@ static void rand_test_cleanup(EVP_TEST *t) RAND_DATA *rdata = t->data; int i; + ctrlfree(rdata->init_controls); OPENSSL_free(rdata->cipher); OPENSSL_free(rdata->digest); @@ -2534,33 +3611,27 @@ static int rand_test_parse(EVP_TEST *t, if (n > rdata->n) rdata->n = n; item = rdata->data + n; - if (strncmp(keyword, "Entropy.", sizeof("Entropy")) == 0) + if (HAS_PREFIX(keyword, "Entropy.")) return parse_bin(value, &item->entropy, &item->entropy_len); - if (strncmp(keyword, "ReseedEntropy.", sizeof("ReseedEntropy")) == 0) + if (HAS_PREFIX(keyword, "ReseedEntropy.")) return parse_bin(value, &item->reseed_entropy, &item->reseed_entropy_len); - if (strncmp(keyword, "Nonce.", sizeof("Nonce")) == 0) + if (HAS_PREFIX(keyword, "Nonce.")) return parse_bin(value, &item->nonce, &item->nonce_len); - if (strncmp(keyword, "PersonalisationString.", - sizeof("PersonalisationString")) == 0) + if (HAS_PREFIX(keyword, "PersonalisationString.")) return parse_bin(value, &item->pers, &item->pers_len); - if (strncmp(keyword, "ReseedAdditionalInput.", - sizeof("ReseedAdditionalInput")) == 0) + if (HAS_PREFIX(keyword, "ReseedAdditionalInput.")) return parse_bin(value, &item->reseed_addin, &item->reseed_addin_len); - if (strncmp(keyword, "AdditionalInputA.", - sizeof("AdditionalInputA")) == 0) + if (HAS_PREFIX(keyword, "AdditionalInputA.")) return parse_bin(value, &item->addinA, &item->addinA_len); - if (strncmp(keyword, "AdditionalInputB.", - sizeof("AdditionalInputB")) == 0) + if (HAS_PREFIX(keyword, "AdditionalInputB.")) return parse_bin(value, &item->addinB, &item->addinB_len); - if (strncmp(keyword, "EntropyPredictionResistanceA.", - sizeof("EntropyPredictionResistanceA")) == 0) + if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA.")) return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len); - if (strncmp(keyword, "EntropyPredictionResistanceB.", - sizeof("EntropyPredictionResistanceB")) == 0) + if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB.")) return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len); - if (strncmp(keyword, "Output.", sizeof("Output")) == 0) + if (HAS_PREFIX(keyword, "Output.")) return parse_bin(value, &item->output, &item->output_len); } else { if (strcmp(keyword, "Cipher") == 0) @@ -2581,6 +3652,8 @@ static int rand_test_parse(EVP_TEST *t, rdata->prediction_resistance = atoi(value) != 0; return 1; } + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(rdata->init_controls, value); } return 0; } @@ -2591,14 +3664,23 @@ static int rand_test_run(EVP_TEST *t) RAND_DATA_PASS *item; unsigned char *got; size_t got_len = expected->generate_bits / 8; - OSSL_PARAM params[5], *p = params; + OSSL_PARAM params[8], *p = params; int i = -1, ret = 0; unsigned int strength; unsigned char *z; + size_t params_n = 0, params_allocated_n = 0; if (!TEST_ptr(got = OPENSSL_malloc(got_len))) return 0; + if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) { + if (!ctrl2params(t, expected->init_controls, + NULL, + params, OSSL_NELEM(params), ¶ms_n)) + goto err; + } + p = params + params_n; + *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df); if (expected->cipher != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, @@ -2608,8 +3690,15 @@ static int rand_test_run(EVP_TEST *t) expected->digest, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); *p = OSSL_PARAM_construct_end(); - if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params))) + if (!EVP_RAND_CTX_set_params(expected->ctx, params)) { + if (t->expect_unapproved == 0) { + t->err = "EVP_RAND_CTX_set_params"; + ret = 1; + } goto err; + } + ctrl2params_free(params, params_n, params_allocated_n); + params_n = 0; strength = EVP_RAND_get_strength(expected->ctx); for (i = 0; i <= expected->n; i++) { @@ -2677,6 +3766,8 @@ static int rand_test_run(EVP_TEST *t) goto err; if (!TEST_mem_eq(got, got_len, item->output, item->output_len)) goto err; + if (!rand_check_fips_approved(expected->ctx, t)) + goto err; if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx)) || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) @@ -2691,6 +3782,7 @@ static int rand_test_run(EVP_TEST *t) if (ret == 0 && i >= 0) TEST_info("Error in test case %d of %d\n", i, expected->n + 1); OPENSSL_free(got); + ctrl2params_free(params, params_n, params_allocated_n); return ret; } @@ -2702,7 +3794,6 @@ static const EVP_TEST_METHOD rand_test_method = { rand_test_run }; - /** ** KDF TESTS **/ @@ -2714,6 +3805,7 @@ typedef struct kdf_data_st { size_t output_len; OSSL_PARAM params[20]; OSSL_PARAM *p; + STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ } KDF_DATA; /* @@ -2736,7 +3828,7 @@ static int kdf_test_init(EVP_TEST *t, const char *name) kdata->p = kdata->params; *kdata->p = OSSL_PARAM_construct_end(); - kdf = EVP_KDF_fetch(libctx, name, NULL); + kdf = EVP_KDF_fetch(libctx, name, propquery); if (kdf == NULL) { OPENSSL_free(kdata); return 0; @@ -2748,6 +3840,7 @@ static int kdf_test_init(EVP_TEST *t, const char *name) return 0; } t->data = kdata; + kdata->init_controls = sk_OPENSSL_STRING_new_null(); return 1; } @@ -2756,6 +3849,7 @@ static void kdf_test_cleanup(EVP_TEST *t) KDF_DATA *kdata = t->data; OSSL_PARAM *p; + ctrlfree(kdata->init_controls); for (p = kdata->params; p->key != NULL; p++) OPENSSL_free(p->data); OPENSSL_free(kdata->output); @@ -2778,6 +3872,55 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, else *p++ = '\0'; + if (strcmp(name, "r") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'r' is unsupported"); + t->skip = 1; + goto end; + } + + if (strcmp(name, "lanes") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'lanes' is unsupported"); + t->skip = 1; + goto end; + } + + if (strcmp(name, "iter") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'iter' is unsupported"); + t->skip = 1; + goto end; + } + + if (strcmp(name, "memcost") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'memcost' is unsupported"); + t->skip = 1; + goto end; + } + + if (strcmp(name, "secret") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'secret' is unsupported"); + t->skip = 1; + goto end; + } + + if (strcmp(name, "pass") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'pass' is unsupported"); + t->skip = 1; + goto end; + } + + if (strcmp(name, "ad") == 0 + && OSSL_PARAM_locate_const(defs, name) == NULL) { + TEST_info("skipping, setting 'ad' is unsupported"); + t->skip = 1; + goto end; + } + rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, strlen(p), NULL); *++kdata->p = OSSL_PARAM_construct_end(); @@ -2791,6 +3934,7 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, TEST_info("skipping, '%s' is disabled", p); t->skip = 1; } + goto end; } if ((strcmp(name, "cipher") == 0 @@ -2798,8 +3942,14 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, && is_cipher_disabled(p)) { TEST_info("skipping, '%s' is disabled", p); t->skip = 1; + goto end; } - + if ((strcmp(name, "mac") == 0) + && is_mac_disabled(p)) { + TEST_info("skipping, '%s' is disabled", p); + t->skip = 1; + } + end: OPENSSL_free(name); return 1; } @@ -2811,29 +3961,56 @@ static int kdf_test_parse(EVP_TEST *t, if (strcmp(keyword, "Output") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); - if (strncmp(keyword, "Ctrl", 4) == 0) + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(kdata->init_controls, value); + if (HAS_PREFIX(keyword, "Ctrl")) return kdf_test_ctrl(t, kdata->ctx, value); return 0; } static int kdf_test_run(EVP_TEST *t) { + int ret = 1; KDF_DATA *expected = t->data; unsigned char *got = NULL; size_t got_len = expected->output_len; + EVP_KDF_CTX *ctx; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t params_n = 0, params_allocated_n = 0; + + if (sk_OPENSSL_STRING_num(expected->init_controls) > 0) { + if (!ctrl2params(t, expected->init_controls, + NULL, + params, OSSL_NELEM(params), ¶ms_n)) + goto err; + if (!EVP_KDF_CTX_set_params(expected->ctx, params)) { + t->err = "KDF_CTRL_ERROR"; + goto err; + } + } if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { t->err = "KDF_CTRL_ERROR"; - return 1; + goto err; } if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { t->err = "INTERNAL_ERROR"; goto err; } + /* FIPS(3.0.0): can't dup KDF contexts #17572 */ + if (fips_provider_version_gt(libctx, 3, 0, 0) + && (ctx = EVP_KDF_CTX_dup(expected->ctx)) != NULL) { + EVP_KDF_CTX_free(expected->ctx); + expected->ctx = ctx; + } if (EVP_KDF_derive(expected->ctx, got, got_len, NULL) <= 0) { t->err = "KDF_DERIVE_ERROR"; goto err; } + if (!kdf_check_fips_approved(expected->ctx, t)) { + ret = 0; + goto err; + } if (!memory_err_compare(t, "KDF_MISMATCH", expected->output, expected->output_len, got, got_len)) @@ -2842,8 +4019,9 @@ static int kdf_test_run(EVP_TEST *t) t->err = NULL; err: + ctrl2params_free(params, params_n, params_allocated_n); OPENSSL_free(got); - return 1; + return ret; } static const EVP_TEST_METHOD kdf_test_method = { @@ -2883,7 +4061,7 @@ static int pkey_kdf_test_init(EVP_TEST *t, const char *name) if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; - kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, NULL); + kdata->ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propquery); if (kdata->ctx == NULL || EVP_PKEY_derive_init(kdata->ctx) <= 0) goto err; @@ -2911,13 +4089,14 @@ static int pkey_kdf_test_parse(EVP_TEST *t, if (strcmp(keyword, "Output") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); - if (strncmp(keyword, "Ctrl", 4) == 0) + if (HAS_PREFIX(keyword, "Ctrl")) return pkey_test_ctrl(t, kdata->ctx, value); return 0; } static int pkey_kdf_test_run(EVP_TEST *t) { + int ret = 1; PKEY_KDF_DATA *expected = t->data; unsigned char *got = NULL; size_t got_len = 0; @@ -2951,6 +4130,10 @@ static int pkey_kdf_test_run(EVP_TEST *t) t->err = "KDF_DERIVE_ERROR"; goto err; } + if (!pkey_check_fips_approved(expected->ctx, t)) { + ret = 0; + goto err; + } if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { t->err = "KDF_MISMATCH"; goto err; @@ -2959,7 +4142,7 @@ static int pkey_kdf_test_run(EVP_TEST *t) err: OPENSSL_free(got); - return 1; + return ret; } static const EVP_TEST_METHOD pkey_kdf_test_method = { @@ -3020,7 +4203,7 @@ static int keypair_test_init(EVP_TEST *t, const char *pair) rv = 1; t->err = NULL; -end: + end: OPENSSL_free(priv); return rv; } @@ -3055,12 +4238,12 @@ static int keypair_test_run(EVP_TEST *t) goto end; } - if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) { - if ( 0 == rv ) { + if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) { + if (0 == rv) { t->err = "KEYPAIR_MISMATCH"; - } else if ( -1 == rv ) { + } else if (-1 == rv) { t->err = "KEYPAIR_TYPE_MISMATCH"; - } else if ( -2 == rv ) { + } else if (-2 == rv) { t->err = "UNSUPPORTED_KEY_COMPARISON"; } else { TEST_error("Unexpected error in key comparison"); @@ -3091,53 +4274,43 @@ static const EVP_TEST_METHOD keypair_test_method = { **/ typedef struct keygen_test_data_st { - EVP_PKEY_CTX *genctx; /* Keygen context to use */ char *keyname; /* Key name to store key or NULL */ + char *paramname; + char *alg; + STACK_OF(OPENSSL_STRING) *in_controls; /* Collection of controls */ + STACK_OF(OPENSSL_STRING) *out_controls; } KEYGEN_TEST_DATA; static int keygen_test_init(EVP_TEST *t, const char *alg) { KEYGEN_TEST_DATA *data; - EVP_PKEY_CTX *genctx; - int nid = OBJ_sn2nid(alg); - - if (nid == NID_undef) { - nid = OBJ_ln2nid(alg); - if (nid == NID_undef) - return 0; - } if (is_pkey_disabled(alg)) { t->skip = 1; return 1; } - if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, alg, NULL))) - goto err; - - if (EVP_PKEY_keygen_init(genctx) <= 0) { - t->err = "KEYGEN_INIT_ERROR"; - goto err; - } - if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) - goto err; - data->genctx = genctx; + if (!TEST_ptr(data = OPENSSL_zalloc(sizeof(*data)))) + return 0; data->keyname = NULL; + data->paramname = NULL; + data->in_controls = sk_OPENSSL_STRING_new_null(); + data->out_controls = sk_OPENSSL_STRING_new_null(); + data->alg = OPENSSL_strdup(alg); t->data = data; t->err = NULL; return 1; - -err: - EVP_PKEY_CTX_free(genctx); - return 0; } static void keygen_test_cleanup(EVP_TEST *t) { KEYGEN_TEST_DATA *keygen = t->data; - EVP_PKEY_CTX_free(keygen->genctx); + ctrlfree(keygen->in_controls); + ctrlfree(keygen->out_controls); + OPENSSL_free(keygen->alg); OPENSSL_free(keygen->keyname); + OPENSSL_free(keygen->paramname); OPENSSL_free(t->data); t->data = NULL; } @@ -3149,26 +4322,119 @@ static int keygen_test_parse(EVP_TEST *t, if (strcmp(keyword, "KeyName") == 0) return TEST_ptr(keygen->keyname = OPENSSL_strdup(value)); + if (strcmp(keyword, "KeyParam") == 0) + return TEST_ptr(keygen->paramname = OPENSSL_strdup(value)); if (strcmp(keyword, "Ctrl") == 0) - return pkey_test_ctrl(t, keygen->genctx, value); + return ctrladd(keygen->in_controls, value); + if (strcmp(keyword, "CtrlOut") == 0) + return ctrladd(keygen->out_controls, value); return 0; } +/* Iterate thru the key's expected values */ +static int check_pkey_expected_values(EVP_TEST *t, const EVP_PKEY *pkey, + STACK_OF(OPENSSL_STRING) *out_controls) +{ + int ret = 0; + OSSL_PARAM out_params[4], *p; + size_t out_params_n = 0, len; + + if (sk_OPENSSL_STRING_num(out_controls) > 0) { + + if (!ctrl2params(t, out_controls, + EVP_PKEY_gettable_params(pkey), + out_params, OSSL_NELEM(out_params), &out_params_n)) + goto err; + for (p = out_params; p->key != NULL; ++p) { + if (p->data_type == OSSL_PARAM_OCTET_STRING) { + uint8_t *data = OPENSSL_malloc(p->data_size); + + if (data == NULL) + goto err; + ret = EVP_PKEY_get_octet_string_param(pkey, p->key, data, + p->data_size, &len) + && len == p->data_size + && (TEST_mem_eq(p->data, len, data, len) == 1); + OPENSSL_free(data); + if (ret == 0) { + TEST_error("Expected %s value is incorrect", p->key); + goto err; + } + } + } + } + ret = 1; +err: + ctrl2params_free(out_params, out_params_n, 0); + return ret; +} + static int keygen_test_run(EVP_TEST *t) { KEYGEN_TEST_DATA *keygen = t->data; - EVP_PKEY *pkey = NULL; + EVP_PKEY *pkey = NULL, *keyparams = NULL; + EVP_PKEY_CTX *genctx = NULL; /* Keygen context to use */ int rv = 1; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + size_t params_n = 0; + int key_free = 1; + + if (keygen->paramname != NULL) { + rv = find_key(&keyparams, keygen->paramname, public_keys); + if (rv == 0 || keyparams == NULL) { + TEST_info("skipping, key '%s' is disabled", keygen->paramname); + t->skip = 1; + return 1; + } + if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_pkey(libctx, keyparams, + propquery))) + goto err; + + } else { + if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_from_name(libctx, keygen->alg, + propquery))) + goto err; + } + + if (EVP_PKEY_keygen_init(genctx) <= 0) { + t->err = "KEYGEN_INIT_ERROR"; + goto err; + } + + if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) { + if ((params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4)) == NULL) + goto err; + if (!ctrl2params(t, keygen->in_controls, + EVP_PKEY_CTX_settable_params(genctx), + params, 4, ¶ms_n)) + goto err; + if (!EVP_PKEY_CTX_set_params(genctx, params)) { + t->err = "PKEY_CTRL_ERROR"; + goto err; + } + } - if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) { + if (EVP_PKEY_keygen(genctx, &pkey) <= 0) { t->err = "KEYGEN_GENERATE_ERROR"; goto err; } + if (!pkey_check_fips_approved(genctx, t)) { + rv = 0; + goto err; + } + if (!evp_pkey_is_provided(pkey)) { TEST_info("Warning: legacy key generated %s", keygen->keyname); goto err; } + + if (!check_pkey_expected_values(t, pkey, keygen->out_controls)) { + t->err = "KEYGEN_PKEY_MISMATCH_ERROR"; + goto err; + } + if (keygen->keyname != NULL) { KEY_LIST *key; @@ -3186,13 +4452,20 @@ static int keygen_test_run(EVP_TEST *t) key->next = private_keys; private_keys = key; rv = 1; - } else { - EVP_PKEY_free(pkey); + key_free = 0; } t->err = NULL; - err: + if (key_free) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + EVP_PKEY_CTX_free(genctx); + if (sk_OPENSSL_STRING_num(keygen->in_controls) > 0) + ctrl2params_free(params, params_n, 0); + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(bld); return rv; } @@ -3219,6 +4492,10 @@ typedef struct { size_t osin_len; /* Input length data if one shot */ unsigned char *output; /* Expected output */ size_t output_len; /* Expected output length */ + int deterministic_noncetype; + EVP_PKEY *key; + STACK_OF(OPENSSL_STRING) *init_controls; /* collection of controls */ + STACK_OF(OPENSSL_STRING) *controls; /* Collection of controls */ } DIGESTSIGN_DATA; static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, @@ -3238,6 +4515,8 @@ static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, } if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) return 0; + mdat->init_controls = sk_OPENSSL_STRING_new_null(); + mdat->controls = sk_OPENSSL_STRING_new_null(); mdat->md = md; if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) { OPENSSL_free(mdat); @@ -3258,6 +4537,8 @@ static void digestsigver_test_cleanup(EVP_TEST *t) { DIGESTSIGN_DATA *mdata = t->data; + ctrlfree(mdata->init_controls); + ctrlfree(mdata->controls); EVP_MD_CTX_free(mdata->ctx); sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free); OPENSSL_free(mdata->osin); @@ -3274,7 +4555,6 @@ static int digestsigver_test_parse(EVP_TEST *t, if (strcmp(keyword, "Key") == 0) { EVP_PKEY *pkey = NULL; int rv = 0; - const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md); if (mdata->is_verify) rv = find_key(&pkey, value, public_keys); @@ -3284,40 +4564,101 @@ static int digestsigver_test_parse(EVP_TEST *t, t->skip = 1; return 1; } - if (mdata->is_verify) { - if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx, - NULL, pkey, NULL)) - t->err = "DIGESTVERIFYINIT_ERROR"; - return 1; - } - if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL, - pkey, NULL)) - t->err = "DIGESTSIGNINIT_ERROR"; + mdata->key = pkey; return 1; } if (strcmp(keyword, "Input") == 0) { if (mdata->is_oneshot) return parse_bin(value, &mdata->osin, &mdata->osin_len); - return evp_test_buffer_append(value, &mdata->input); + return evp_test_buffer_append(value, data_chunk_size, &mdata->input); } if (strcmp(keyword, "Output") == 0) return parse_bin(value, &mdata->output, &mdata->output_len); - if (!mdata->is_oneshot) { + if (!mdata->is_oneshot && data_chunk_size == 0) { if (strcmp(keyword, "Count") == 0) return evp_test_buffer_set_count(value, mdata->input); if (strcmp(keyword, "Ncopy") == 0) return evp_test_buffer_ncopy(value, mdata->input); } - if (strcmp(keyword, "Ctrl") == 0) { - if (mdata->pctx == NULL) - return -1; - return pkey_test_ctrl(t, mdata->pctx, value); + if (strcmp(keyword, "Ctrl") == 0) + return pkey_add_control(t, mdata->controls, value); + if (strcmp(keyword, "CtrlInit") == 0) + return ctrladd(mdata->init_controls, value); + if (strcmp(keyword, "NonceType") == 0) { + if (strcmp(value, "deterministic") == 0) + mdata->deterministic_noncetype = 1; + return 1; } return 0; } +static int check_deterministic_noncetype(EVP_TEST *t, + DIGESTSIGN_DATA *mdata) +{ + if (mdata->deterministic_noncetype == 1) { + OSSL_PARAM params[2]; + unsigned int nonce_type = 1; + + params[0] = + OSSL_PARAM_construct_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, + &nonce_type); + params[1] = OSSL_PARAM_construct_end(); + if (!EVP_PKEY_CTX_set_params(mdata->pctx, params)) + t->err = "EVP_PKEY_CTX_set_params_ERROR"; + else if (!EVP_PKEY_CTX_get_params(mdata->pctx, params)) + t->err = "EVP_PKEY_CTX_get_params_ERROR"; + else if (!OSSL_PARAM_modified(¶ms[0])) + t->err = "nonce_type_not_modified_ERROR"; + else if (nonce_type != 1) + t->err = "nonce_type_value_ERROR"; + } + return t->err == NULL; +} + +static int signverify_init(EVP_TEST *t, DIGESTSIGN_DATA *data) +{ + const char *name = data->md == NULL ? NULL : EVP_MD_get0_name(data->md); + OSSL_PARAM params[5]; + OSSL_PARAM *p = NULL; + int i, ret = 0; + size_t params_n = 0, params_allocated_n = 0; + + if (sk_OPENSSL_STRING_num(data->init_controls) > 0) { + if (!ctrl2params(t, data->init_controls, + NULL, + params, OSSL_NELEM(params), ¶ms_n)) + goto err; + p = params; + } + + if (data->is_verify) { + if (!EVP_DigestVerifyInit_ex(data->ctx, &data->pctx, name, libctx, + NULL, data->key, p)) { + t->err = "DIGESTVERIFYINIT_ERROR"; + goto err; + } + } else { + if (!EVP_DigestSignInit_ex(data->ctx, &data->pctx, name, libctx, NULL, + data->key, p)) { + t->err = "DIGESTSIGNINIT_ERROR"; + goto err; + } + } + + for (i = 0; i < sk_OPENSSL_STRING_num(data->controls); i++) { + char *value = sk_OPENSSL_STRING_value(data->controls, i); + + if (!pkey_test_ctrl(t, data->pctx, value) || t->err != NULL) + goto err; + } + ret = 1; +err: + ctrl2params_free(params, params_n, params_allocated_n); + return ret; +} + static int digestsign_update_fn(void *ctx, const unsigned char *buf, size_t buflen) { @@ -3326,10 +4667,22 @@ static int digestsign_update_fn(void *ctx, const unsigned char *buf, static int digestsign_test_run(EVP_TEST *t) { + int i; DIGESTSIGN_DATA *expected = t->data; unsigned char *got = NULL; size_t got_len; + if (!signverify_init(t, expected)) + goto err; + if (!check_deterministic_noncetype(t, expected)) + goto err; + + for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) { + char *value = sk_OPENSSL_STRING_value(expected->controls, i); + if (!pkey_test_ctrl(t, expected->pctx, value) || t->err != NULL) + return 0; + } + if (!evp_test_buffer_do(expected->input, digestsign_update_fn, expected->ctx)) { t->err = "DIGESTUPDATE_ERROR"; @@ -3383,6 +4736,9 @@ static int digestverify_test_run(EVP_TEST *t) { DIGESTSIGN_DATA *mdata = t->data; + if (!signverify_init(t, mdata)) + return 1; + if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) { t->err = "DIGESTUPDATE_ERROR"; return 1; @@ -3413,6 +4769,9 @@ static int oneshot_digestsign_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len; + if (!signverify_init(t, expected)) + goto err; + if (!EVP_DigestSign(expected->ctx, NULL, &got_len, expected->osin, expected->osin_len)) { t->err = "DIGESTSIGN_LENGTH_ERROR"; @@ -3456,6 +4815,9 @@ static int oneshot_digestverify_test_run(EVP_TEST *t) { DIGESTSIGN_DATA *mdata = t->data; + if (!signverify_init(t, mdata)) + return 1; + if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, mdata->osin, mdata->osin_len) <= 0) t->err = "VERIFY_ERROR"; @@ -3493,8 +4855,13 @@ static const EVP_TEST_METHOD *evp_test_list[] = { &pdecrypt_test_method, &pderive_test_method, &psign_test_method, + &psign_message_test_method, &pverify_recover_test_method, &pverify_test_method, + &pverify_message_test_method, + &pverify_message_public_test_method, + &pkey_kem_test_method, + &pkey_fromdata_test_method, NULL }; @@ -3528,6 +4895,11 @@ static void clear_test(EVP_TEST *t) t->err = NULL; t->skip = 0; t->meth = NULL; + t->expect_unapproved = 0; + +#if !defined(OPENSSL_NO_DEFAULT_THREAD_POOL) + OSSL_set_max_threads(libctx, 0); +#endif } /* Check for errors in the test structure; return 1 if okay, else 0. */ @@ -3746,6 +5118,7 @@ static int parse(EVP_TEST *t) PAIR *pp; int i, j, skipped = 0; + fips_indicator_callback_unapproved_count = 0; top: do { if (BIO_eof(t->s.fp)) @@ -3778,8 +5151,17 @@ start: return 0; } klist = &public_keys; + } else if (strcmp(pp->key, "ParamKey") == 0) { + pkey = PEM_read_bio_Parameters_ex(t->s.key, NULL, libctx, NULL); + if (pkey == NULL && !key_unsupported()) { + EVP_PKEY_free(pkey); + TEST_info("Can't read params key %s", pp->value); + TEST_openssl_errors(); + return 0; + } + klist = &public_keys; } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 - || strcmp(pp->key, "PublicKeyRaw") == 0 ) { + || strcmp(pp->key, "PublicKeyRaw") == 0) { char *strnid = NULL, *keydata = NULL; unsigned char *keybin; size_t keylen; @@ -3913,6 +5295,20 @@ start: return 0; } t->reason = take_value(pp); + } else if (strcmp(pp->key, "Threads") == 0) { + if (OSSL_set_max_threads(libctx, atoi(pp->value)) == 0) { + TEST_info("skipping, '%s' threads not available: %s:%d", + pp->value, t->s.test_file, t->s.start); + t->skip = 1; + } + } else if (strcmp(pp->key, "Unapproved") == 0) { + t->expect_unapproved = 1; + } else if (strcmp(pp->key, "Extended-Test") == 0) { + if (!extended_tests) { + TEST_info("skipping extended test: %s:%d", + t->s.test_file, t->s.start); + t->skip = 1; + } } else { /* Must be test specific line: try to parse it */ int rv = t->meth->parse(t, pp->key, pp->value); @@ -3926,6 +5322,8 @@ start: t->s.curr, pp->key, pp->value); return 0; } + if (t->skip) + return 0; } } @@ -3945,6 +5343,7 @@ static int run_file_tests(int i) return 0; } + OSSL_INDICATOR_set_callback(libctx, fips_indicator_cb); while (!BIO_eof(t->s.fp)) { c = parse(t); if (t->skip) { @@ -3973,6 +5372,13 @@ const OPTIONS *test_get_options(void) OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), { "config", OPT_CONFIG_FILE, '<', "The configuration file to use for the libctx" }, + { "process", OPT_IN_PLACE, 's', + "Mode for data processing by cipher tests [in_place/both], both by default"}, + { "provider", OPT_PROVIDER_NAME, 's', + "The provider to load (when no configuration file, the default value is 'default')" }, + { "propquery", OPT_PROV_PROPQUERY, 's', + "Property query used when fetching algorithms" }, + { "chunk", OPT_DATA_CHUNK, 'N', "Size of data chunks to be processed, 0 for default size"}, { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" }, { NULL } }; @@ -3983,16 +5389,31 @@ int setup_tests(void) { size_t n; char *config_file = NULL; + char *provider_name = NULL; OPTION_CHOICE o; + extended_tests = getenv("EVP_TEST_EXTENDED") != NULL; + while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_CONFIG_FILE: config_file = opt_arg(); break; + case OPT_IN_PLACE: + if ((process_mode_in_place = evp_test_process_mode(opt_arg())) == -1) + case OPT_DATA_CHUNK: + if (!opt_int(opt_arg(), &data_chunk_size)) + return 0; + break; + case OPT_PROVIDER_NAME: + provider_name = opt_arg(); + break; + case OPT_PROV_PROPQUERY: + propquery = opt_arg(); + break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; @@ -4004,7 +5425,9 @@ int setup_tests(void) * Load the 'null' provider into the default library context to ensure that * the tests do not fallback to using the default provider. */ - if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL)) + if (config_file == NULL && provider_name == NULL) + provider_name = "default"; + if (!test_get_libctx(&libctx, &prov_null, config_file, &libprov, provider_name)) return 0; n = test_get_argument_count(); @@ -4017,18 +5440,15 @@ int setup_tests(void) void cleanup_tests(void) { + OSSL_PROVIDER_unload(libprov); OSSL_PROVIDER_unload(prov_null); OSSL_LIB_CTX_free(libctx); } -#define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 -#define STR_ENDS_WITH(str, pre) \ -strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) - static int is_digest_disabled(const char *name) { #ifdef OPENSSL_NO_BLAKE2 - if (STR_STARTS_WITH(name, "BLAKE")) + if (HAS_CASE_PREFIX(name, "BLAKE")) return 1; #endif #ifdef OPENSSL_NO_MD2 @@ -4065,15 +5485,33 @@ static int is_digest_disabled(const char *name) static int is_pkey_disabled(const char *name) { #ifdef OPENSSL_NO_EC - if (STR_STARTS_WITH(name, "EC")) + if (HAS_CASE_PREFIX(name, "EC")) return 1; #endif #ifdef OPENSSL_NO_DH - if (STR_STARTS_WITH(name, "DH")) + if (HAS_CASE_PREFIX(name, "DH")) return 1; #endif #ifdef OPENSSL_NO_DSA - if (STR_STARTS_WITH(name, "DSA")) + if (HAS_CASE_PREFIX(name, "DSA")) + return 1; +#endif +#ifdef OPENSSL_NO_SM2 + if (HAS_CASE_PREFIX(name, "SM2")) + return 1; +#endif + + /* For sigalgs we use, we also check for digest suffixes */ +#ifdef OPENSSL_NO_RMD160 + if (HAS_CASE_SUFFIX(name, "-RIPEMD160")) + return 1; +#endif +#ifdef OPENSSL_NO_SM3 + if (HAS_CASE_SUFFIX(name, "-SM3")) + return 1; +#endif +#ifdef OPENSSL_NO_ML_DSA + if (HAS_CASE_PREFIX(name, "ML-DSA")) return 1; #endif return 0; @@ -4082,20 +5520,20 @@ static int is_pkey_disabled(const char *name) static int is_mac_disabled(const char *name) { #ifdef OPENSSL_NO_BLAKE2 - if (STR_STARTS_WITH(name, "BLAKE2BMAC") - || STR_STARTS_WITH(name, "BLAKE2SMAC")) + if (HAS_CASE_PREFIX(name, "BLAKE2BMAC") + || HAS_CASE_PREFIX(name, "BLAKE2SMAC")) return 1; #endif #ifdef OPENSSL_NO_CMAC - if (STR_STARTS_WITH(name, "CMAC")) + if (HAS_CASE_PREFIX(name, "CMAC")) return 1; #endif #ifdef OPENSSL_NO_POLY1305 - if (STR_STARTS_WITH(name, "Poly1305")) + if (HAS_CASE_PREFIX(name, "Poly1305")) return 1; #endif #ifdef OPENSSL_NO_SIPHASH - if (STR_STARTS_WITH(name, "SipHash")) + if (HAS_CASE_PREFIX(name, "SipHash")) return 1; #endif return 0; @@ -4103,7 +5541,11 @@ static int is_mac_disabled(const char *name) static int is_kdf_disabled(const char *name) { #ifdef OPENSSL_NO_SCRYPT - if (STR_ENDS_WITH(name, "SCRYPT")) + if (HAS_CASE_SUFFIX(name, "SCRYPT")) + return 1; +#endif +#ifdef OPENSSL_NO_ARGON2 + if (HAS_CASE_SUFFIX(name, "ARGON2")) return 1; #endif return 0; @@ -4112,65 +5554,65 @@ static int is_kdf_disabled(const char *name) static int is_cipher_disabled(const char *name) { #ifdef OPENSSL_NO_ARIA - if (STR_STARTS_WITH(name, "ARIA")) + if (HAS_CASE_PREFIX(name, "ARIA")) return 1; #endif #ifdef OPENSSL_NO_BF - if (STR_STARTS_WITH(name, "BF")) + if (HAS_CASE_PREFIX(name, "BF")) return 1; #endif #ifdef OPENSSL_NO_CAMELLIA - if (STR_STARTS_WITH(name, "CAMELLIA")) + if (HAS_CASE_PREFIX(name, "CAMELLIA")) return 1; #endif #ifdef OPENSSL_NO_CAST - if (STR_STARTS_WITH(name, "CAST")) + if (HAS_CASE_PREFIX(name, "CAST")) return 1; #endif #ifdef OPENSSL_NO_CHACHA - if (STR_STARTS_WITH(name, "CHACHA")) + if (HAS_CASE_PREFIX(name, "CHACHA")) return 1; #endif #ifdef OPENSSL_NO_POLY1305 - if (STR_ENDS_WITH(name, "Poly1305")) + if (HAS_CASE_SUFFIX(name, "Poly1305")) return 1; #endif #ifdef OPENSSL_NO_DES - if (STR_STARTS_WITH(name, "DES")) + if (HAS_CASE_PREFIX(name, "DES")) return 1; - if (STR_ENDS_WITH(name, "3DESwrap")) + if (HAS_CASE_SUFFIX(name, "3DESwrap")) return 1; #endif #ifdef OPENSSL_NO_OCB - if (STR_ENDS_WITH(name, "OCB")) + if (HAS_CASE_SUFFIX(name, "OCB")) return 1; #endif #ifdef OPENSSL_NO_IDEA - if (STR_STARTS_WITH(name, "IDEA")) + if (HAS_CASE_PREFIX(name, "IDEA")) return 1; #endif #ifdef OPENSSL_NO_RC2 - if (STR_STARTS_WITH(name, "RC2")) + if (HAS_CASE_PREFIX(name, "RC2")) return 1; #endif #ifdef OPENSSL_NO_RC4 - if (STR_STARTS_WITH(name, "RC4")) + if (HAS_CASE_PREFIX(name, "RC4")) return 1; #endif #ifdef OPENSSL_NO_RC5 - if (STR_STARTS_WITH(name, "RC5")) + if (HAS_CASE_PREFIX(name, "RC5")) return 1; #endif #ifdef OPENSSL_NO_SEED - if (STR_STARTS_WITH(name, "SEED")) + if (HAS_CASE_PREFIX(name, "SEED")) return 1; #endif #ifdef OPENSSL_NO_SIV - if (STR_ENDS_WITH(name, "SIV")) + if (HAS_CASE_SUFFIX(name, "SIV")) return 1; #endif #ifdef OPENSSL_NO_SM4 - if (STR_STARTS_WITH(name, "SM4")) + if (HAS_CASE_PREFIX(name, "SM4")) return 1; #endif return 0; diff --git a/test/exptest.c b/test/exptest.c index 59285b17a392..143dfa99581a 100644 --- a/test/exptest.c +++ b/test/exptest.c @@ -252,11 +252,12 @@ static int test_mod_exp_x2(int idx) BIGNUM *m2 = NULL; int factor_size = 0; - /* - * Currently only 1024-bit factor size is supported. - */ if (idx <= 100) factor_size = 1024; + else if (idx <= 200) + factor_size = 1536; + else if (idx <= 300) + factor_size = 2048; if (!TEST_ptr(ctx = BN_CTX_new())) goto err; @@ -332,6 +333,6 @@ int setup_tests(void) { ADD_TEST(test_mod_exp_zero); ADD_ALL_TESTS(test_mod_exp, 200); - ADD_ALL_TESTS(test_mod_exp_x2, 100); + ADD_ALL_TESTS(test_mod_exp_x2, 300); return 1; } diff --git a/test/ext_internal_test.c b/test/ext_internal_test.c index dec6ee61efb3..20cf708de27a 100644 --- a/test/ext_internal_test.c +++ b/test/ext_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,12 +61,15 @@ static EXT_LIST ext_list[] = { EXT_ENTRY(extended_master_secret), EXT_ENTRY(signature_algorithms_cert), EXT_ENTRY(post_handshake_auth), + EXT_ENTRY(client_cert_type), + EXT_ENTRY(server_cert_type), EXT_ENTRY(signature_algorithms), EXT_ENTRY(supported_versions), EXT_ENTRY(psk_kex_modes), EXT_ENTRY(key_share), EXT_ENTRY(cookie), EXT_ENTRY(cryptopro_bug), + EXT_ENTRY(compress_certificate), EXT_ENTRY(early_data), EXT_ENTRY(certificate_authorities), EXT_ENTRY(padding), diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c index be08bfd39981..c1b8e2828614 100644 --- a/test/fake_rsaprov.c +++ b/test/fake_rsaprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,12 +30,18 @@ static int has_selection; static int imptypes_selection; static int exptypes_selection; static int query_id; +static int key_deleted; struct fake_rsa_keydata { int selection; int status; }; +void fake_rsa_restore_store_state(void) +{ + key_deleted = 0; +} + static void *fake_rsa_keymgmt_new(void *provctx) { struct fake_rsa_keydata *key; @@ -277,7 +283,7 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = { { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))fake_rsa_gen_cleanup }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM fake_rsa_keymgmt_algs[] = { @@ -346,12 +352,171 @@ static int fake_rsa_sig_sign(void *ctx, unsigned char *sig, return 1; } +#define FAKE_DGSTSGN_SIGN 0x01 +#define FAKE_DGSTSGN_VERIFY 0x02 +#define FAKE_DGSTSGN_UPDATED 0x04 +#define FAKE_DGSTSGN_FINALISED 0x08 +#define FAKE_DGSTSGN_NO_DUP 0xA0 + +static void *fake_rsa_sig_dupctx(void *ctx) +{ + unsigned char *sigctx = ctx; + unsigned char *newctx; + + if ((*sigctx & FAKE_DGSTSGN_NO_DUP) != 0) + return NULL; + + if (!TEST_ptr(newctx = OPENSSL_zalloc(1))) + return NULL; + + *newctx = *sigctx; + return newctx; +} + +static int fake_rsa_dgstsgnvfy_init(void *ctx, unsigned char type, + void *provkey, const OSSL_PARAM params[]) +{ + unsigned char *sigctx = ctx; + struct fake_rsa_keydata *keydata = provkey; + + /* we must have a ctx */ + if (!TEST_ptr(sigctx)) + return 0; + + /* we must have some initialized key */ + if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0)) + return 0; + + /* record that sign/verify init was called */ + *sigctx = type; + + if (params) { + const OSSL_PARAM *p; + int dup; + p = OSSL_PARAM_locate_const(params, "NO_DUP"); + if (p != NULL) { + if (OSSL_PARAM_get_int(p, &dup)) { + *sigctx |= FAKE_DGSTSGN_NO_DUP; + } + } + } + + return 1; +} + +static int fake_rsa_dgstsgn_init(void *ctx, const char *mdname, + void *provkey, const OSSL_PARAM params[]) +{ + return fake_rsa_dgstsgnvfy_init(ctx, FAKE_DGSTSGN_SIGN, provkey, params); +} + +static int fake_rsa_dgstvfy_init(void *ctx, const char *mdname, + void *provkey, const OSSL_PARAM params[]) +{ + return fake_rsa_dgstsgnvfy_init(ctx, FAKE_DGSTSGN_VERIFY, provkey, params); +} + +static int fake_rsa_dgstsgnvfy_update(void *ctx, const unsigned char *data, + size_t datalen) +{ + unsigned char *sigctx = ctx; + + /* we must have a ctx */ + if (!TEST_ptr(sigctx)) + return 0; + + if (*sigctx == 0 || (*sigctx & FAKE_DGSTSGN_FINALISED) != 0) + return 0; + + *sigctx |= FAKE_DGSTSGN_UPDATED; + return 1; +} + +static int fake_rsa_dgstsgnvfy_final(void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize) +{ + unsigned char *sigctx = ctx; + + /* we must have a ctx */ + if (!TEST_ptr(sigctx)) + return 0; + + if (*sigctx == 0 || (*sigctx & FAKE_DGSTSGN_FINALISED) != 0) + return 0; + + if ((*sigctx & FAKE_DGSTSGN_SIGN) != 0 && (siglen == NULL)) + return 0; + + if ((*sigctx & FAKE_DGSTSGN_VERIFY) != 0 && (siglen != NULL)) + return 0; + + /* this is sign op */ + if (siglen) { + *siglen = 256; + /* record that the real sign operation was called */ + if (sig != NULL) { + if (!TEST_int_ge(sigsize, *siglen)) + return 0; + /* produce a fake signature */ + memset(sig, 'a', *siglen); + } + } + + /* simulate inability to duplicate context and finalise it */ + if ((*sigctx & FAKE_DGSTSGN_NO_DUP) != 0) { + *sigctx |= FAKE_DGSTSGN_FINALISED; + } + return 1; +} + +static int fake_rsa_dgstvfy_final(void *ctx, unsigned char *sig, + size_t siglen) +{ + return fake_rsa_dgstsgnvfy_final(ctx, sig, NULL, siglen); +} + +static int fake_rsa_dgstsgn(void *ctx, unsigned char *sig, size_t *siglen, + size_t sigsize, const unsigned char *tbs, + size_t tbslen) +{ + if (!fake_rsa_dgstsgnvfy_update(ctx, tbs, tbslen)) + return 0; + + return fake_rsa_dgstsgnvfy_final(ctx, sig, siglen, sigsize); +} + +static int fake_rsa_dgstvfy(void *ctx, unsigned char *sig, size_t siglen, + const unsigned char *tbv, size_t tbvlen) +{ + if (!fake_rsa_dgstsgnvfy_update(ctx, tbv, tbvlen)) + return 0; + + return fake_rsa_dgstvfy_final(ctx, sig, siglen); +} + static const OSSL_DISPATCH fake_rsa_sig_funcs[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))fake_rsa_sig_newctx }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))fake_rsa_sig_freectx }, { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))fake_rsa_sig_sign_init }, { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))fake_rsa_sig_sign }, - { 0, NULL } + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))fake_rsa_sig_dupctx }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, + (void (*)(void))fake_rsa_dgstsgn_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, + (void (*)(void))fake_rsa_dgstsgnvfy_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, + (void (*)(void))fake_rsa_dgstsgnvfy_final }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN, + (void (*)(void))fake_rsa_dgstsgn }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, + (void (*)(void))fake_rsa_dgstvfy_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, + (void (*)(void))fake_rsa_dgstsgnvfy_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, + (void (*)(void))fake_rsa_dgstvfy_final }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY, + (void (*)(void))fake_rsa_dgstvfy }, + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM fake_rsa_sig_algs[] = { @@ -360,15 +525,22 @@ static const OSSL_ALGORITHM fake_rsa_sig_algs[] = { }; static OSSL_FUNC_store_open_fn fake_rsa_st_open; +static OSSL_FUNC_store_open_ex_fn fake_rsa_st_open_ex; static OSSL_FUNC_store_settable_ctx_params_fn fake_rsa_st_settable_ctx_params; static OSSL_FUNC_store_set_ctx_params_fn fake_rsa_st_set_ctx_params; static OSSL_FUNC_store_load_fn fake_rsa_st_load; static OSSL_FUNC_store_eof_fn fake_rsa_st_eof; static OSSL_FUNC_store_close_fn fake_rsa_st_close; +static OSSL_FUNC_store_delete_fn fake_rsa_st_delete; static const char fake_rsa_scheme[] = "fake_rsa:"; +static const char fake_rsa_openpwtest[] = "fake_rsa:openpwtest"; +static const char fake_rsa_prompt[] = "Fake Prompt Info"; -static void *fake_rsa_st_open(void *provctx, const char *uri) +static void *fake_rsa_st_open_ex(void *provctx, const char *uri, + const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, + void *pw_cbarg) { unsigned char *storectx = NULL; @@ -376,10 +548,47 @@ static void *fake_rsa_st_open(void *provctx, const char *uri) if (strncmp(uri, fake_rsa_scheme, sizeof(fake_rsa_scheme) - 1) != 0) return NULL; + if (strncmp(uri, fake_rsa_openpwtest, + sizeof(fake_rsa_openpwtest) - 1) == 0) { + const char *pw_check = FAKE_PASSPHRASE; + char fakepw[sizeof(FAKE_PASSPHRASE) + 1] = { 0 }; + size_t fakepw_len = 0; + OSSL_PARAM pw_params[2] = { + OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO, + (void *)fake_rsa_prompt, + sizeof(fake_rsa_prompt) - 1), + OSSL_PARAM_END, + }; + + if (pw_cb == NULL) { + return NULL; + } + + if (!pw_cb(fakepw, sizeof(fakepw), &fakepw_len, pw_params, pw_cbarg)) { + TEST_info("fake_rsa_open_ex failed passphrase callback"); + return NULL; + } + if (strncmp(pw_check, fakepw, sizeof(pw_check) - 1) != 0) { + TEST_info("fake_rsa_open_ex failed passphrase check"); + return NULL; + } + } + storectx = OPENSSL_zalloc(1); if (!TEST_ptr(storectx)) return NULL; + TEST_info("fake_rsa_open_ex called"); + + return storectx; +} + +static void *fake_rsa_st_open(void *provctx, const char *uri) +{ + unsigned char *storectx = NULL; + + storectx = fake_rsa_st_open_ex(provctx, uri, NULL, NULL, NULL); + TEST_info("fake_rsa_open called"); return storectx; @@ -411,6 +620,11 @@ static int fake_rsa_st_load(void *loaderctx, switch (*storectx) { case 0: + if (key_deleted == 1) { + *storectx = 1; + break; + } + /* Construct a new key using our keymgmt functions */ if (!TEST_ptr(key = fake_rsa_keymgmt_new(NULL))) break; @@ -441,13 +655,21 @@ static int fake_rsa_st_load(void *loaderctx, TEST_info("fake_rsa_load called - rv: %d", rv); - if (rv == 0) { + if (rv == 0 && key_deleted == 0) { fake_rsa_keymgmt_free(key); *storectx = 2; } return rv; } +static int fake_rsa_st_delete(void *loaderctx, const char *uri, + const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + key_deleted = 1; + return 1; +} + static int fake_rsa_st_eof(void *loaderctx) { unsigned char *storectx = loaderctx; @@ -464,13 +686,15 @@ static int fake_rsa_st_close(void *loaderctx) static const OSSL_DISPATCH fake_rsa_store_funcs[] = { { OSSL_FUNC_STORE_OPEN, (void (*)(void))fake_rsa_st_open }, + { OSSL_FUNC_STORE_OPEN_EX, (void (*)(void))fake_rsa_st_open_ex }, { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS, (void (*)(void))fake_rsa_st_settable_ctx_params }, { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))fake_rsa_st_set_ctx_params }, { OSSL_FUNC_STORE_LOAD, (void (*)(void))fake_rsa_st_load }, { OSSL_FUNC_STORE_EOF, (void (*)(void))fake_rsa_st_eof }, { OSSL_FUNC_STORE_CLOSE, (void (*)(void))fake_rsa_st_close }, - { 0, NULL }, + { OSSL_FUNC_STORE_DELETE, (void (*)(void))fake_rsa_st_delete }, + OSSL_DISPATCH_END, }; static const OSSL_ALGORITHM fake_rsa_store_algs[] = { @@ -500,7 +724,7 @@ static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, static const OSSL_DISPATCH fake_rsa_method[] = { { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fake_rsa_query }, - { 0, NULL } + OSSL_DISPATCH_END }; static int fake_rsa_provider_init(const OSSL_CORE_HANDLE *handle, diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h index 190c46a285c0..cb2e66eb68ef 100644 --- a/test/fake_rsaprov.h +++ b/test/fake_rsaprov.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,10 @@ #include <openssl/core_dispatch.h> +#define FAKE_PASSPHRASE "Passphrase Testing" + /* Fake RSA provider implementation */ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); void fake_rsa_finish(OSSL_PROVIDER *p); OSSL_PARAM *fake_rsa_key_params(int priv); +void fake_rsa_restore_store_state(void); diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index 83dec13c8c9b..c56d1d0e9982 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -297,7 +297,7 @@ static int ffc_params_validate_pq_test(void) &res, NULL))) goto err; - /* Provided seed doesnt produce a valid prime q */ + /* Provided seed doesn't produce a valid prime q */ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed, sizeof(dsa_2048_224_sha224_bad_seed), dsa_2048_224_sha224_counter); diff --git a/test/filterprov.c b/test/filterprov.c index e14c802b1df6..fe724cf482dc 100644 --- a/test/filterprov.c +++ b/test/filterprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,10 +14,12 @@ #include <string.h> #include <openssl/core.h> +#include <openssl/core_dispatch.h> #include <openssl/provider.h> #include <openssl/crypto.h> #include "testutil.h" #include "filterprov.h" +#include "prov/bio.h" #define MAX_FILTERS 10 #define MAX_ALG_FILTERS 5 @@ -118,6 +120,8 @@ static void filter_teardown(void *provctx) OSSL_PROVIDER_unload(globs->deflt); OSSL_LIB_CTX_free(globs->libctx); memset(globs, 0, sizeof(*globs)); + BIO_meth_free(ossl_prov_ctx_get0_core_bio_method(provctx)); + ossl_prov_ctx_free(provctx); } /* Functions we provide to the core */ @@ -128,7 +132,7 @@ static const OSSL_DISPATCH filter_dispatch_table[] = { { OSSL_FUNC_PROVIDER_UNQUERY_OPERATION, (void (*)(void))filter_unquery }, { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))filter_get_capabilities }, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))filter_teardown }, - { 0, NULL } + OSSL_DISPATCH_END }; int filter_provider_init(const OSSL_CORE_HANDLE *handle, @@ -136,6 +140,25 @@ int filter_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH **out, void **provctx) { + OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; + BIO_METHOD *corebiometh; + + if (!ossl_prov_bio_from_dispatch(in)) + return 0; + for (; in->function_id != 0; in++) { + switch (in->function_id) { + case OSSL_FUNC_CORE_GET_LIBCTX: + c_get_libctx = OSSL_FUNC_core_get_libctx(in); + break; + default: + /* Just ignore anything we don't understand */ + break; + } + } + + if (c_get_libctx == NULL) + return 0; + memset(&ourglobals, 0, sizeof(ourglobals)); ourglobals.libctx = OSSL_LIB_CTX_new(); if (ourglobals.libctx == NULL) @@ -145,7 +168,23 @@ int filter_provider_init(const OSSL_CORE_HANDLE *handle, if (ourglobals.deflt == NULL) goto err; - *provctx = OSSL_PROVIDER_get0_provider_ctx(ourglobals.deflt); + /* + * We want to make sure that all calls from this provider that requires + * a library context use the same context as the one used to call our + * functions. We do that by passing it along in the provider context. + * + * This only works for built-in providers. Most providers should + * create their own library context. + */ + if ((*provctx = ossl_prov_ctx_new()) == NULL + || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) { + ossl_prov_ctx_free(*provctx); + *provctx = NULL; + goto err; + } + ossl_prov_ctx_set0_libctx(*provctx, (OSSL_LIB_CTX *)c_get_libctx(handle)); + ossl_prov_ctx_set0_handle(*provctx, handle); + ossl_prov_ctx_set0_core_bio_method(*provctx, corebiometh); *out = filter_dispatch_table; return 1; diff --git a/test/fips-and-base.cnf b/test/fips-and-base.cnf index 494e96a87ef3..f233f830623b 100644 --- a/test/fips-and-base.cnf +++ b/test/fips-and-base.cnf @@ -7,6 +7,12 @@ config_diagnostics = 1 [openssl_init] providers = provider_sect +# You MUST uncomment the following line to operate in a FIPS approved manner, +# It is commented out here purely for testing purposes. +#alg_section = evp_properties + +[evp_properties] +default_properties = "fips=yes" [provider_sect] fips = fips_sect diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index 9ff556c0a931..f1c8027fb847 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ use Cwd qw/abs_path/; use File::Basename; use File::Spec::Functions; -use OpenSSL::Test qw/srctop_dir srctop_file/; +use OpenSSL::Test qw/srctop_dir srctop_file run test/; use OpenSSL::Test::Utils; use FindBin; @@ -136,10 +136,26 @@ sub print_templates { sub read_config { my $fname = shift; my $provider = shift; - local $ssltests::fips_mode = $provider eq "fips"; + + my $fips_mode = $provider eq "fips"; + local $ssltests::fips_3_4 = 0; + local $ssltests::fips_3_5 = 0; + + if ($fips_mode) { + my $provconf = srctop_file("test", "fips-and-base.cnf"); + my $exit; + + run(test(["fips_version_test", "-config", $provconf, ">=3.4.0"]), + capture => 1, statusvar => \$exit); + $ssltests::fips_3_4 = $exit; + run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]), + capture => 1, statusvar => \$exit); + $ssltests::fips_3_5 = $exit; + } + + local $ssltests::fips_mode = $fips_mode; local $ssltests::no_deflt_libctx = $provider eq "default" || $provider eq "fips"; - open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n"; local $/ = undef; my $content = <INPUT>; diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 5744c6a54ee5..64eb6ae44109 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include <openssl/core_names.h> #include "../../ssl/ssl_local.h" +#include "internal/ssl_unwrap.h" #include "internal/sockets.h" #include "internal/nelem.h" #include "handshake.h" @@ -174,7 +175,7 @@ static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore) remaining = len; servername = (const char *)p; - if (len == strlen("server2") && strncmp(servername, "server2", len) == 0) { + if (len == strlen("server2") && HAS_PREFIX(servername, "server2")) { SSL_CTX *new_ctx = arg; SSL_set_SSL_CTX(s, new_ctx); /* @@ -188,7 +189,7 @@ static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore) ex_data->servername = SSL_TEST_SERVERNAME_SERVER2; return 1; } else if (len == strlen("server1") && - strncmp(servername, "server1", len) == 0) { + HAS_PREFIX(servername, "server1")) { ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; return 1; } else if (ignore) { @@ -647,6 +648,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, if (extra->server.session_ticket_app_data != NULL) { server_ctx_data->session_ticket_app_data = OPENSSL_strdup(extra->server.session_ticket_app_data); + if (!TEST_ptr(server_ctx_data->session_ticket_app_data)) + goto err; SSL_CTX_set_session_ticket_cb(server_ctx, generate_session_ticket_cb, decrypt_session_ticket_cb, server_ctx_data); } @@ -655,6 +658,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, goto err; server2_ctx_data->session_ticket_app_data = OPENSSL_strdup(extra->server2.session_ticket_app_data); + if (!TEST_ptr(server2_ctx_data->session_ticket_app_data)) + goto err; SSL_CTX_set_session_ticket_cb(server2_ctx, NULL, decrypt_session_ticket_cb, server2_ctx_data); } @@ -697,6 +702,14 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, server2_ctx_data, client_ctx_data)) goto err; #endif /* !OPENSSL_NO_SRP */ +#ifndef OPENSSL_NO_COMP_ALG + if (test->compress_certificates) { + if (!TEST_true(SSL_CTX_compress_certs(server_ctx, 0))) + goto err; + if (server2_ctx != NULL && !TEST_true(SSL_CTX_compress_certs(server2_ctx, 0))) + goto err; + } +#endif return 1; err: return 0; @@ -980,9 +993,15 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) return; } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) { if (SSL_is_server(peer->ssl)) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(peer->ssl); + + if (sc == NULL) { + peer->status = PEER_ERROR; + return; + } /* Make the server believe it's received the extension */ if (test_ctx->extra.server.force_pha) - peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; ret = SSL_verify_client_post_handshake(peer->ssl); if (!ret) { peer->status = PEER_ERROR; @@ -1535,7 +1554,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( * The handshake succeeds once both peers have succeeded. If one peer * errors out, we also let the other peer retry (and presumably fail). */ - for(;;) { + for (;;) { if (client_turn) { do_connect_step(test_ctx, &client, phase); status = handshake_status(client.status, server.status, diff --git a/test/helpers/handshake_srp.c b/test/helpers/handshake_srp.c index 43a5a4fd605a..8522388a47f0 100644 --- a/test/helpers/handshake_srp.c +++ b/test/helpers/handshake_srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,8 +8,9 @@ */ /* - * SRP is deprecated and there is no replacent. When SRP is removed, the code in - * this file can be removed too. Until then we have to use the deprecated APIs. + * SRP is deprecated and there is no replacement. When SRP is removed, + * the code in this file can be removed too. Until then we have to use + * the deprecated APIs. */ #define OPENSSL_SUPPRESS_DEPRECATED diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c index a87683dc9506..e31018d9fa02 100644 --- a/test/helpers/pkcs12.c +++ b/test/helpers/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -338,13 +338,15 @@ err: * PKCS12 safeBag/attribute builder */ -static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs) +static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attr) { int ret = 0; int attr_nid; - const PKCS12_ATTR *p_attr = attrs; + const PKCS12_ATTR *p_attr = attr; + STACK_OF(X509_ATTRIBUTE)* attrs = NULL; + X509_ATTRIBUTE *x509_attr = NULL; - if (attrs == NULL) + if (attr == NULL) return 1; while (p_attr->oid != NULL) { @@ -358,6 +360,12 @@ static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs) if (!TEST_true(PKCS12_add_localkeyid(bag, (unsigned char *)p_attr->value, strlen(p_attr->value)))) goto err; + } else if (attr_nid == NID_oracle_jdk_trustedkeyusage) { + attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag); + x509_attr = X509_ATTRIBUTE_create(attr_nid, V_ASN1_OBJECT, OBJ_txt2obj(p_attr->value, 0)); + X509at_add1_attr(&attrs, x509_attr); + PKCS12_SAFEBAG_set0_attrs(bag, attrs); + X509_ATTRIBUTE_free(x509_attr); } else { /* Custom attribute values limited to ASCII in these tests */ if (!TEST_true(PKCS12_add1_attr_by_txt(bag, p_attr->oid, MBSTRING_ASC, @@ -517,14 +525,13 @@ static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_A attr_obj = X509_ATTRIBUTE_get0_object(attr); OBJ_obj2txt(attr_txt, 100, attr_obj, 0); - while(p_attr->oid != NULL) { + while (p_attr->oid != NULL) { /* Find a matching attribute type */ if (strcmp(p_attr->oid, attr_txt) == 0) { if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1)) goto err; - for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) - { + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) { av = X509_ATTRIBUTE_get0_type(attr, j); if (!TEST_true(check_asn1_string(av, p_attr->value))) goto err; diff --git a/test/helpers/pkcs12.h b/test/helpers/pkcs12.h index d1a3b93d3299..f09013222ee2 100644 --- a/test/helpers/pkcs12.h +++ b/test/helpers/pkcs12.h @@ -82,6 +82,7 @@ void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, const PKCS12_ATTR *attrs, const PKCS12_ENC *enc); void add_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, const PKCS12_ATTR *attrs); +void add_extra_attr(PKCS12_BUILDER *pb); /* Decode/check functions */ void start_check_pkcs12(PKCS12_BUILDER *pb); diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index a0e2e794c6d3..ec2c7885ba7c 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -328,6 +328,7 @@ const char *ssl_session_id_name(ssl_session_id_t server) static const test_enum ssl_test_methods[] = { {"TLS", SSL_TEST_METHOD_TLS}, {"DTLS", SSL_TEST_METHOD_DTLS}, + {"QUIC", SSL_TEST_METHOD_QUIC} }; __owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value) @@ -445,6 +446,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compress_certificates) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug) @@ -532,6 +534,17 @@ __owur static int parse_expected_key_type(int *ptype, const char *value) if (nid == NID_undef) nid = EC_curve_nist2nid(value); #endif + switch (nid) { + case NID_brainpoolP256r1tls13: + nid = NID_brainpoolP256r1; + break; + case NID_brainpoolP384r1tls13: + nid = NID_brainpoolP384r1; + break; + case NID_brainpoolP512r1tls13: + nid = NID_brainpoolP512r1; + break; + } if (nid == NID_undef) return 0; *ptype = nid; @@ -639,6 +652,9 @@ IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg) +/* FIPS provider version limiting */ +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, fips_version) + /* Known test options and their corresponding parse methods. */ /* Top-level options. */ @@ -674,10 +690,12 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedClientSignType", &parse_expected_client_sign_type }, { "ExpectedClientCANames", &parse_expected_client_ca_names }, { "UseSCTP", &parse_test_use_sctp }, + { "CompressCertificates", &parse_test_compress_certificates }, { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug }, { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug }, { "ExpectedCipher", &parse_test_expected_cipher }, { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data }, + { "FIPSversion", &parse_test_fips_version }, }; /* Nested client options. */ @@ -767,6 +785,7 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free); OPENSSL_free(ctx->expected_cipher); + OPENSSL_free(ctx->fips_version); OPENSSL_free(ctx); } diff --git a/test/helpers/ssl_test_ctx.h b/test/helpers/ssl_test_ctx.h index 7b35dcb998f7..017d2d112151 100644 --- a/test/helpers/ssl_test_ctx.h +++ b/test/helpers/ssl_test_ctx.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,7 +65,8 @@ typedef enum { typedef enum { SSL_TEST_METHOD_TLS = 0, /* Default */ - SSL_TEST_METHOD_DTLS + SSL_TEST_METHOD_DTLS, + SSL_TEST_METHOD_QUIC } ssl_test_method_t; typedef enum { @@ -217,6 +218,8 @@ typedef struct { STACK_OF(X509_NAME) *expected_client_ca_names; /* Whether to use SCTP for the transport */ int use_sctp; + /* Whether to pre-compress server certificates */ + int compress_certificates; /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */ int enable_client_sctp_label_bug; /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on server side */ @@ -228,6 +231,9 @@ typedef struct { char *expected_session_ticket_app_data; OSSL_LIB_CTX *libctx; + + /* FIPS version string to check for compatibility */ + char *fips_version; } SSL_TEST_CTX; const char *ssl_test_result_name(ssl_test_result_t result); diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c index b0ef7d719c53..e9a51c9c30d0 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,21 +18,16 @@ #include <string.h> #include <openssl/engine.h> +#include "internal/e_os.h" #include "internal/nelem.h" #include "ssltestlib.h" #include "../testutil.h" -#include "e_os.h" /* for ossl_sleep() etc. */ -#ifdef OPENSSL_SYS_UNIX -# include <unistd.h> -# ifndef OPENSSL_NO_KTLS -# include <netinet/in.h> -# include <netinet/in.h> -# include <arpa/inet.h> -# include <sys/socket.h> -# include <unistd.h> -# include <fcntl.h> -# endif +#if (!defined(OPENSSL_NO_KTLS) || !defined(OPENSSL_NO_QUIC)) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_NO_SOCK) +# define OSSL_USE_SOCKETS 1 +# include "internal/e_winsock.h" +# include "internal/sockets.h" +# include <openssl/bio.h> #endif static int tls_dump_new(BIO *bi); @@ -44,13 +39,15 @@ static int tls_dump_gets(BIO *bp, char *buf, int size); static int tls_dump_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) #define BIO_TYPE_MEMPACKET_TEST 0x81 #define BIO_TYPE_ALWAYS_RETRY 0x82 +#define BIO_TYPE_MAYBE_RETRY (0x83 | BIO_TYPE_FILTER) static BIO_METHOD *method_tls_dump = NULL; static BIO_METHOD *meth_mem = NULL; static BIO_METHOD *meth_always_retry = NULL; +static BIO_METHOD *meth_maybe_retry = NULL; static int retry_err = -1; /* Note: Not thread safe! */ @@ -59,7 +56,7 @@ const BIO_METHOD *bio_f_tls_dump_filter(void) if (method_tls_dump == NULL) { method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, "TLS dump filter"); - if ( method_tls_dump == NULL + if (method_tls_dump == NULL || !BIO_meth_set_write(method_tls_dump, tls_dump_write) || !BIO_meth_set_read(method_tls_dump, tls_dump_read) || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) @@ -273,7 +270,7 @@ static void mempacket_free(MEMPACKET *pkt) typedef struct mempacket_test_ctx_st { STACK_OF(MEMPACKET) *pkts; - unsigned int epoch; + uint16_t epoch; unsigned int currrec; unsigned int currpkt; unsigned int lastpkt; @@ -819,6 +816,100 @@ static int always_retry_puts(BIO *bio, const char *str) return retry_err; } +struct maybe_retry_data_st { + unsigned int retrycnt; +}; + +static int maybe_retry_new(BIO *bi); +static int maybe_retry_free(BIO *a); +static int maybe_retry_write(BIO *b, const char *in, int inl); +static long maybe_retry_ctrl(BIO *b, int cmd, long num, void *ptr); + +const BIO_METHOD *bio_s_maybe_retry(void) +{ + if (meth_maybe_retry == NULL) { + if (!TEST_ptr(meth_maybe_retry = BIO_meth_new(BIO_TYPE_MAYBE_RETRY, + "Maybe Retry")) + || !TEST_true(BIO_meth_set_write(meth_maybe_retry, + maybe_retry_write)) + || !TEST_true(BIO_meth_set_ctrl(meth_maybe_retry, + maybe_retry_ctrl)) + || !TEST_true(BIO_meth_set_create(meth_maybe_retry, + maybe_retry_new)) + || !TEST_true(BIO_meth_set_destroy(meth_maybe_retry, + maybe_retry_free))) + return NULL; + } + return meth_maybe_retry; +} + +void bio_s_maybe_retry_free(void) +{ + BIO_meth_free(meth_maybe_retry); +} + +static int maybe_retry_new(BIO *bio) +{ + struct maybe_retry_data_st *data = OPENSSL_zalloc(sizeof(*data)); + + if (data == NULL) + return 0; + + BIO_set_data(bio, data); + BIO_set_init(bio, 1); + return 1; +} + +static int maybe_retry_free(BIO *bio) +{ + struct maybe_retry_data_st *data = BIO_get_data(bio); + + OPENSSL_free(data); + BIO_set_data(bio, NULL); + BIO_set_init(bio, 0); + return 1; +} + +static int maybe_retry_write(BIO *bio, const char *in, int inl) +{ + struct maybe_retry_data_st *data = BIO_get_data(bio); + + if (data == NULL) + return -1; + + if (data->retrycnt == 0) { + BIO_set_retry_write(bio); + return -1; + } + data->retrycnt--; + + return BIO_write(BIO_next(bio), in, inl); +} + +static long maybe_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + struct maybe_retry_data_st *data = BIO_get_data(bio); + + if (data == NULL) + return 0; + + switch (cmd) { + case MAYBE_RETRY_CTRL_SET_RETRY_AFTER_CNT: + data->retrycnt = num; + return 1; + + case BIO_CTRL_FLUSH: + if (data->retrycnt == 0) { + BIO_set_retry_write(bio); + return -1; + } + data->retrycnt--; + /* fall through */ + default: + return BIO_ctrl(BIO_next(bio), cmd, num, ptr); + } +} + int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, const SSL_METHOD *cm, int min_proto_version, int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, @@ -898,19 +989,26 @@ int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, #define MAXLOOPS 1000000 -#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) -static int set_nb(int fd) +#if defined(OSSL_USE_SOCKETS) + +int wait_until_sock_readable(int sock) { - int flags; + fd_set readfds; + struct timeval timeout; + int width; + + width = sock + 1; + FD_ZERO(&readfds); + openssl_fdset(sock, &readfds); + timeout.tv_sec = 10; /* give up after 10 seconds */ + timeout.tv_usec = 0; - flags = fcntl(fd,F_GETFL,0); - if (flags == -1) - return flags; - flags = fcntl(fd, F_SETFL, flags | O_NONBLOCK); - return flags; + select(width, &readfds, NULL, NULL, &timeout); + + return FD_ISSET(sock, &readfds); } -int create_test_sockets(int *cfdp, int *sfdp) +int create_test_sockets(int *cfdp, int *sfdp, int socktype, BIO_ADDR *saddr) { struct sockaddr_in sin; const char *host = "127.0.0.1"; @@ -922,8 +1020,9 @@ int create_test_sockets(int *cfdp, int *sfdp) sin.sin_family = AF_INET; sin.sin_addr.s_addr = inet_addr(host); - afd = socket(AF_INET, SOCK_STREAM, 0); - if (afd < 0) + afd = BIO_socket(AF_INET, socktype, + socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0); + if (afd == INVALID_SOCKET) return 0; if (bind(afd, (struct sockaddr*)&sin, sizeof(sin)) < 0) @@ -932,17 +1031,33 @@ int create_test_sockets(int *cfdp, int *sfdp) if (getsockname(afd, (struct sockaddr*)&sin, &slen) < 0) goto out; - if (listen(afd, 1) < 0) + if (saddr != NULL + && !BIO_ADDR_rawmake(saddr, sin.sin_family, &sin.sin_addr, + sizeof(sin.sin_addr), sin.sin_port)) + goto out; + + if (socktype == SOCK_STREAM && listen(afd, 1) < 0) goto out; - cfd = socket(AF_INET, SOCK_STREAM, 0); - if (cfd < 0) + cfd = BIO_socket(AF_INET, socktype, + socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0); + if (cfd == INVALID_SOCKET) goto out; - if (set_nb(afd) == -1) + if (!BIO_socket_nbio(afd, 1)) goto out; - while (sfd == -1 || !cfd_connected ) { + /* + * If a DGRAM socket then we don't call "accept" or "connect" - so act like + * we already called them. + */ + if (socktype == SOCK_DGRAM) { + cfd_connected = 1; + sfd = afd; + afd = -1; + } + + while (sfd == -1 || !cfd_connected) { sfd = accept(afd, NULL, 0); if (sfd == -1 && errno != EAGAIN) goto out; @@ -953,7 +1068,7 @@ int create_test_sockets(int *cfdp, int *sfdp) cfd_connected = 1; } - if (set_nb(cfd) == -1 || set_nb(sfd) == -1) + if (!BIO_socket_nbio(cfd, 1) || !BIO_socket_nbio(sfd, 1)) goto out; ret = 1; *cfdp = cfd; @@ -976,6 +1091,7 @@ int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, { SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; + BIO_POLL_DESCRIPTOR rdesc = {0}, wdesc = {0}; if (*sssl != NULL) serverssl = *sssl; @@ -990,8 +1106,29 @@ int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE))) goto error; + if (!TEST_false(SSL_get_rpoll_descriptor(clientssl, &rdesc) + || !TEST_false(SSL_get_wpoll_descriptor(clientssl, &wdesc)))) + goto error; + SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio); SSL_set_bio(serverssl, s_to_c_bio, s_to_c_bio); + + if (!TEST_true(SSL_get_rpoll_descriptor(clientssl, &rdesc)) + || !TEST_true(SSL_get_wpoll_descriptor(clientssl, &wdesc)) + || !TEST_int_eq(rdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) + || !TEST_int_eq(wdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) + || !TEST_int_eq(rdesc.value.fd, cfd) + || !TEST_int_eq(wdesc.value.fd, cfd)) + goto error; + + if (!TEST_true(SSL_get_rpoll_descriptor(serverssl, &rdesc)) + || !TEST_true(SSL_get_wpoll_descriptor(serverssl, &wdesc)) + || !TEST_int_eq(rdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) + || !TEST_int_eq(wdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) + || !TEST_int_eq(rdesc.value.fd, sfd) + || !TEST_int_eq(wdesc.value.fd, sfd)) + goto error; + *sssl = serverssl; *cssl = clientssl; return 1; @@ -1003,7 +1140,15 @@ int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, BIO_free(c_to_s_bio); return 0; } -#endif + +#else + +int wait_until_sock_readable(int sock) +{ + return 0; +} + +#endif /* defined(OSSL_USE_SOCKETS) */ /* * NOTE: Transfers control of the BIOs - this function will free them on error @@ -1045,9 +1190,14 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, BIO_set_mem_eof_return(c_to_s_bio, -1); /* Up ref these as we are passing them to two SSL objects */ + if (!BIO_up_ref(s_to_c_bio)) + goto error; + if (!BIO_up_ref(c_to_s_bio)) { + BIO_free(s_to_c_bio); + goto error; + } + SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); - BIO_up_ref(s_to_c_bio); - BIO_up_ref(c_to_s_bio); SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); *sssl = serverssl; *cssl = clientssl; @@ -1075,11 +1225,29 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, * attempt could be restarted by a subsequent call to this function. */ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, - int read) + int read, int listen) { - int retc = -1, rets = -1, err, abortctr = 0; + int retc = -1, rets = -1, err, abortctr = 0, ret = 0; int clienterr = 0, servererr = 0; int isdtls = SSL_is_dtls(serverssl); +#ifndef OPENSSL_NO_SOCK + BIO_ADDR *peer = NULL; + + if (listen) { + if (!isdtls) { + TEST_error("DTLSv1_listen requested for non-DTLS object\n"); + return 0; + } + peer = BIO_ADDR_new(); + if (!TEST_ptr(peer)) + return 0; + } +#else + if (listen) { + TEST_error("DTLSv1_listen requested in a no-sock build\n"); + return 0; + } +#endif do { err = SSL_ERROR_WANT_WRITE; @@ -1096,13 +1264,29 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, clienterr = 1; } if (want != SSL_ERROR_NONE && err == want) - return 0; + goto err; err = SSL_ERROR_WANT_WRITE; while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { - rets = SSL_accept(serverssl); - if (rets <= 0) - err = SSL_get_error(serverssl, rets); +#ifndef OPENSSL_NO_SOCK + if (listen) { + rets = DTLSv1_listen(serverssl, peer); + if (rets < 0) { + err = SSL_ERROR_SSL; + } else if (rets == 0) { + err = SSL_ERROR_WANT_READ; + } else { + /* Success - stop listening and call SSL_accept from now on */ + listen = 0; + rets = 0; + } + } else +#endif + { + rets = SSL_accept(serverssl); + if (rets <= 0) + err = SSL_get_error(serverssl, rets); + } } if (!servererr && rets <= 0 @@ -1114,9 +1298,9 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, servererr = 1; } if (want != SSL_ERROR_NONE && err == want) - return 0; + goto err; if (clienterr && servererr) - return 0; + goto err; if (isdtls && read) { unsigned char buf[20]; @@ -1125,20 +1309,20 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, if (SSL_read(serverssl, buf, sizeof(buf)) > 0) { /* We don't expect this to succeed! */ TEST_info("Unexpected SSL_read() success!"); - return 0; + goto err; } } if (retc > 0 && rets <= 0) { if (SSL_read(clientssl, buf, sizeof(buf)) > 0) { /* We don't expect this to succeed! */ TEST_info("Unexpected SSL_read() success!"); - return 0; + goto err; } } } if (++abortctr == MAXLOOPS) { TEST_info("No progress made"); - return 0; + goto err; } if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) { /* @@ -1146,11 +1330,16 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, * give the DTLS timer a chance to do something. We only do this for * the first few times to prevent hangs. */ - ossl_sleep(50); + OSSL_sleep(50); } } while (retc <=0 || rets <= 0); - return 1; + ret = 1; + err: +#ifndef OPENSSL_NO_SOCK + BIO_ADDR_free(peer); +#endif + return ret; } /* @@ -1163,7 +1352,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) unsigned char buf; size_t readbytes; - if (!create_bare_ssl_connection(serverssl, clientssl, want, 1)) + if (!create_bare_ssl_connection(serverssl, clientssl, want, 1, 0)) return 0; /* @@ -1192,6 +1381,92 @@ void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) SSL_free(clientssl); } +SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize) +{ + const SSL_CIPHER *cipher = NULL; + const unsigned char key[SHA384_DIGEST_LENGTH] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, + 0x2c, 0x2d, 0x2e, 0x2f + }; + SSL_SESSION *sess = NULL; + + if (mdsize == SHA384_DIGEST_LENGTH) { + cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); + } else if (mdsize == SHA256_DIGEST_LENGTH) { + /* + * Any ciphersuite using SHA256 will do - it will be compatible with + * the actual ciphersuite selected as long as it too is based on SHA256 + */ + cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); + } else { + /* Should not happen */ + return NULL; + } + sess = SSL_SESSION_new(); + if (!TEST_ptr(sess) + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize)) + || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) + || !TEST_true( + SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION))) { + SSL_SESSION_free(sess); + return NULL; + } + return sess; +} + +#define NUM_EXTRA_CERTS 40 + +int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, + const char *cert_file) +{ + BIO *certbio = NULL; + X509 *chaincert = NULL; + int certlen; + int ret = 0; + int i; + + if (!TEST_ptr(certbio = BIO_new_file(cert_file, "r"))) + goto end; + + if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL))) + goto end; + + if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL) + goto end; + BIO_free(certbio); + certbio = NULL; + + /* + * We assume the supplied certificate is big enough so that if we add + * NUM_EXTRA_CERTS it will make the overall message large enough. The + * default buffer size is requested to be 16k, but due to the way BUF_MEM + * works, it ends up allocating a little over 21k (16 * 4/3). So, in this + * test we need to have a message larger than that. + */ + certlen = i2d_X509(chaincert, NULL); + OPENSSL_assert(certlen * NUM_EXTRA_CERTS > + (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); + for (i = 0; i < NUM_EXTRA_CERTS; i++) { + if (!X509_up_ref(chaincert)) + goto end; + if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { + X509_free(chaincert); + goto end; + } + } + + ret = 1; + end: + BIO_free(certbio); + X509_free(chaincert); + return ret; +} + ENGINE *load_dasync(void) { #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) diff --git a/test/helpers/ssltestlib.h b/test/helpers/ssltestlib.h index 0fbca34afa75..5369bb6e9250 100644 --- a/test/helpers/ssltestlib.h +++ b/test/helpers/ssltestlib.h @@ -12,6 +12,14 @@ # include <openssl/ssl.h> +#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03") +#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04") +#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") +#define TLS13_SHA256_SHA256_BYTES ((const unsigned char *)"\xC0\xB4") +#define TLS13_SHA384_SHA384_BYTES ((const unsigned char *)"\xC0\xB5") + int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, const SSL_METHOD *cm, int min_proto_version, int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, @@ -19,10 +27,11 @@ int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, - int read); + int read, int listen); int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, int sfd, int cfd); -int create_test_sockets(int *cfd, int *sfd); +int wait_until_sock_readable(int sock); +int create_test_sockets(int *cfdp, int *sfdp, int socktype, BIO_ADDR *saddr); int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want); void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl); @@ -37,6 +46,15 @@ const BIO_METHOD *bio_s_always_retry(void); void bio_s_always_retry_free(void); void set_always_retry_err_val(int err); +/* + * Maybe retry BIO ctrls. We make them large enough to not clash with standard + * BIO ctrl codes. + */ +#define MAYBE_RETRY_CTRL_SET_RETRY_AFTER_CNT (1 << 15) + +const BIO_METHOD *bio_s_maybe_retry(void); +void bio_s_maybe_retry_free(void); + /* Packet types - value 0 is reserved */ #define INJECT_PACKET 1 #define INJECT_PACKET_IGNORE_REC_SEQ 2 @@ -59,5 +77,12 @@ typedef struct mempacket_st MEMPACKET; DEFINE_STACK_OF(MEMPACKET) +SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize); + +/* Add cert from `cert_file` multiple times to create large extra cert chain */ +int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, + const char *cert_file); + ENGINE *load_dasync(void); + #endif /* OSSL_TEST_SSLTESTLIB_H */ diff --git a/test/hexstr_test.c b/test/hexstr_test.c index 566615ed6d68..7f3bd505b7d6 100644 --- a/test/hexstr_test.c +++ b/test/hexstr_test.c @@ -16,8 +16,7 @@ #include "internal/cryptlib.h" #include "testutil.h" -struct testdata -{ +struct testdata { const char *in; const unsigned char *expected; size_t expected_len; diff --git a/test/hmactest.c b/test/hmactest.c index 0a29c58731f6..28aba7f6309a 100644 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -291,6 +291,144 @@ static char *pt(unsigned char *md, unsigned int len) } #endif +static struct test_chunks_st { + const char *md_name; + char key[256]; + int key_len; + int chunks; + int chunk_size[10]; + const char *digest; +} test_chunks[12] = { + { + "SHA224", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 64, + 4, { 1, 50, 200, 4000 }, + "40821a39dd54f01443b3f96b9370a15023fbdd819a074ffc4b703c77" + }, + { + "SHA224", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 192, + 10, { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }, + "55ffa85e53e9a68f41c8d653c60b4ada9566d22aed3811834882661c" + }, + { + "SHA224", "0123456789abcdef0123456789abcdef", 32, + 4, { 100, 4096, 100, 3896 }, + "0fd18e7d8e974f401b29bf0502a71f6a9b77804e9191380ce9f48377" + }, + { + "SHA256", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 64, + 4, { 1, 50, 200, 4000 }, + "f67a46fa77c66d3ea5b3ffb9a10afb3e501eaadd16b15978fdee9f014a782140" + }, + { + "SHA256", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 192, + 10, { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }, + "21a6f61ed6dbec30b58557a80988ff610d69b50b2e96d75863ab50f99da58c9d" + }, + { + "SHA256", "0123456789abcdef0123456789abcdef", 32, + 4, { 100, 4096, 100, 3896 }, + "7bfd45c1bdde9b79244816b0aea0a67ea954a182e74c60410bfbc1fdc4842660" + }, + { + "SHA384", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 64, + 4, { 1, 50, 200, 4000 }, + "e270e3c8ca3f2796a0c29cc7569fcec7584b04db26da64326aca0d17bd7731de" + "938694b273f3dafe6e2dc123cde26640" + }, + { + "SHA384", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 192, + 10, { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }, + "7036fd7d251298975acd18938471243e92fffe67be158f16c910c400576592d2" + "618c3c077ef25d703312668bd2d813ff" + }, + { + "SHA384", "0123456789abcdef0123456789abcdef", 32, + 4, { 100, 8192, 100, 8092 }, + "0af8224145bd0812d2e34ba1f980ed4d218461271a54cce75dc43d36eda01e4e" + "ff4299c1ebf533a7ae636fa3e6aff903" + }, + { + "SHA512", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 64, + 4, { 1, 50, 200, 4000 }, + "4016e960e2342553d4b9d34fb57355ab8b7f33af5dc2676fc1189e94b38f2b2c" + "a0ec8dc3c8b95fb1109d58480cea1e8f88e02f34ad79b303e4809373c46c1b16" + }, + { + "SHA512", + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 192, + 10, { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }, + "7ceb6a421fc19434bcb7ec9c8a15ea524dbfb896c24f5f517513f06597de99b1" + "918eb6b2472e52215ec7d1b5544766f79ff6ac6d1eb456f19a93819fa2d43c29" + }, + { + "SHA512", "0123456789abcdef0123456789abcdef", 32, + 4, { 100, 8192, 100, 8092 }, + "cebf722ffdff5f0e4cbfbd480cd086101d4627d30d42f1f7cf21c43251018069" + "854d8e030b5a54cec1e2245d5b4629ff928806d4eababb427d751ec7c274047f" + }, +}; + +static int test_hmac_chunks(int idx) +{ + char *p; + HMAC_CTX *ctx = NULL; + unsigned char buf[32768]; + unsigned int len; + const EVP_MD *md; + int i, ret = 0; + + if (!TEST_ptr(md = EVP_get_digestbyname(test_chunks[idx].md_name))) + goto err; + + if (!TEST_ptr(ctx = HMAC_CTX_new())) + goto err; + +#ifdef CHARSET_EBCDIC + ebcdic2ascii(test_chunks[idx].key, test_chunks[idx].key, + test_chunks[idx].key_len); +#endif + + if (!TEST_true(HMAC_Init_ex(ctx, test_chunks[idx].key, + test_chunks[idx].key_len, md, NULL))) + goto err; + + for (i = 0; i < test_chunks[idx].chunks; i++) { + if (!TEST_true((test_chunks[idx].chunk_size[i] < (int)sizeof(buf)))) + goto err; + memset(buf, i, test_chunks[idx].chunk_size[i]); + if (!TEST_true(HMAC_Update(ctx, buf, test_chunks[idx].chunk_size[i]))) + goto err; + } + + if (!TEST_true(HMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_ptr(p) || !TEST_str_eq(p, test_chunks[idx].digest)) + goto err; + + ret = 1; + +err: + HMAC_CTX_free(ctx); + return ret; +} + int setup_tests(void) { ADD_ALL_TESTS(test_hmac_md5, 4); @@ -299,6 +437,8 @@ int setup_tests(void) ADD_TEST(test_hmac_run); ADD_TEST(test_hmac_copy); ADD_TEST(test_hmac_copy_uninited); + ADD_ALL_TESTS(test_hmac_chunks, + sizeof(test_chunks) / sizeof(struct test_chunks_st)); return 1; } diff --git a/test/http_test.c b/test/http_test.c index b6897a17fdd8..548af69535a5 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -15,39 +15,58 @@ #include "testutil.h" +#define HTTP_STATUS_CODE_OK 200 +#define HTTP_STATUS_CODES_FATAL_ERROR 399 +#define HTTP_STATUS_CODES_NONFATAL_ERROR 400 + static const ASN1_ITEM *x509_it = NULL; static X509 *x509 = NULL; -#define RPATH "/path/result.crt" +#define RPATH "/path" typedef struct { BIO *out; + const char *content_type; + const char *txt; char version; int keep_alive; } server_args; /*- * Pretty trivial HTTP mock server: - * For POST, copy request headers+body from mem BIO 'in' as response to 'out'. - * For GET, redirect to RPATH, else respond with 'rsp' of ASN1 type 'it'. - * Respond with HTTP version 1.'version' and 'keep_alive' (unless implicit). + * For POST, copy request headers+body from mem BIO |in| as response to |out|. + * For GET, redirect to RPATH unless already there, else use |content_type| and + * respond with |txt| if not NULL, else with |rsp| of ASN1 type |it|. + * Take the status code suggsted by the client via special prefix of the path. + * On fatal status, respond with empty content. + * Response hdr has HTTP version 1.|version| and |keep_alive| (unless implicit). */ static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive, + const char *content_type, const char *txt, ASN1_VALUE *rsp, const ASN1_ITEM *it) { const char *req, *path; long count = BIO_get_mem_data(in, (unsigned char **)&req); - const char *hdr = (char *)req; - int is_get = count >= 4 && strncmp(hdr, "GET ", 4) == 0; + const char *hdr = (char *)req, *suggested_status; + char status[4] = "200"; int len; + int is_get = count >= 4 && CHECK_AND_SKIP_PREFIX(hdr, "GET "); - /* first line should contain "<GET or POST> <path> HTTP/1.x" */ - if (is_get) - hdr += 4; - else if (TEST_true(count >= 5 && strncmp(hdr, "POST ", 5) == 0)) - hdr += 5; - else + /* first line should contain "(GET|POST) (/<suggested status>)?/<path> HTTP/1.x" */ + if (!is_get + && !(TEST_true(count >= 5 && CHECK_AND_SKIP_PREFIX(hdr, "POST ")))) return 0; + /* get any status code string to be returned suggested by test client */ + if (*hdr == '/') { + suggested_status = ++hdr; + while (*hdr >= '0' && *hdr <= '9') + hdr++; + if (hdr == suggested_status + sizeof(status) - 1) + strncpy(status, suggested_status, sizeof(status) - 1); + else + hdr = suggested_status - 1; + } + path = hdr; hdr = strchr(hdr, ' '); if (hdr == NULL) @@ -61,35 +80,46 @@ static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive, return 0; if (!TEST_char_eq(*hdr++, '\r') || !TEST_char_eq(*hdr++, '\n')) return 0; + count -= (hdr - req); if (count < 0 || out == NULL) return 0; - if (strncmp(path, RPATH, strlen(RPATH)) != 0) { + if (!HAS_PREFIX(path, RPATH)) { if (!is_get) return 0; return BIO_printf(out, "HTTP/1.%c 301 Moved Permanently\r\n" "Location: %s\r\n\r\n", version, RPATH) > 0; /* same server */ } - if (BIO_printf(out, "HTTP/1.%c 200 OK\r\n", version) <= 0) + if (BIO_printf(out, "HTTP/1.%c %s %s\r\n", version, status, + /* mock some reason string: */ + strcmp(status, "200") == 0 ? "OK" : + strcmp(status, "400") >= 0 ? "error" : "fatal") <= 0) return 0; if ((version == '0') == keep_alive) /* otherwise, default */ if (BIO_printf(out, "Connection: %s\r\n", version == '0' ? "keep-alive" : "close") <= 0) return 0; + + if (strcmp(status, "399") == 0) /* HTTP_STATUS_CODES_FATAL_ERROR */ + return BIO_puts(out, "\r\n") == 2; /* empty content */ + if (is_get) { /* construct new header and body */ - if ((len = ASN1_item_i2d(rsp, NULL, it)) <= 0) + if (txt != NULL) + len = strlen(txt); + else if ((len = ASN1_item_i2d(rsp, NULL, it)) <= 0) return 0; - if (BIO_printf(out, "Content-Type: application/x-x509-ca-cert\r\n" - "Content-Length: %d\r\n\r\n", len) <= 0) + if (BIO_printf(out, "Content-Type: %s\r\n" + "Content-Length: %d\r\n\r\n", content_type, len) <= 0) return 0; + if (txt != NULL) + return BIO_puts(out, txt); return ASN1_item_i2d_bio(it, out, rsp); - } else { - len = strlen("Connection: "); - if (strncmp(hdr, "Connection: ", len) == 0) { + } else { /* respond on POST request */ + if (CHECK_AND_SKIP_PREFIX(hdr, "Connection: ")) { /* skip req Connection header */ - hdr = strstr(hdr + len, "\r\n"); + hdr = strstr(hdr, "\r\n"); if (hdr == NULL) return 0; hdr += 2; @@ -106,47 +136,98 @@ static long http_bio_cb_ex(BIO *bio, int oper, const char *argp, size_t len, if (oper == (BIO_CB_CTRL | BIO_CB_RETURN) && cmd == BIO_CTRL_FLUSH) ret = mock_http_server(bio, args->out, args->version, args->keep_alive, + args->content_type, args->txt, (ASN1_VALUE *)x509, x509_it); return ret; } -static int test_http_x509(int do_get) +#define text1 "test\n" +#define text2 "more\n" +#define REAL_SERVER_URL "http://httpbin.org/" +#define DOCTYPE_HTML "<!DOCTYPE html>\n" + +/* do_get > 1 used for testing redirection */ +static int test_http_method(int do_get, int do_txt, int suggested_status) { - X509 *rcert = NULL; BIO *wbio = BIO_new(BIO_s_mem()); BIO *rbio = BIO_new(BIO_s_mem()); - server_args mock_args = { NULL, '0', 0 }; - BIO *rsp, *req = ASN1_item_i2d_mem_bio(x509_it, (ASN1_VALUE *)x509); + server_args mock_args = { NULL, NULL, NULL, '0', 0 }; + BIO *req, *rsp; + char path[80]; STACK_OF(CONF_VALUE) *headers = NULL; - const char content_type[] = "application/x-x509-ca-cert"; + const char *content_type; int res = 0; + int real_server = do_txt && 0; /* remove "&& 0" for using real server */ + BIO_snprintf(path, sizeof(path), "/%d%s", suggested_status, + do_get > 1 ? "/will-be-redirected" : RPATH); + if (do_txt) { + content_type = "text/plain"; + req = BIO_new(BIO_s_mem()); + if (req == NULL + || BIO_puts(req, text1) != sizeof(text1) - 1 + || BIO_puts(req, text2) != sizeof(text2) - 1) { + BIO_free(req); + req = NULL; + } + mock_args.txt = text1; + } else { + content_type = "application/x-x509-ca-cert"; + req = ASN1_item_i2d_mem_bio(x509_it, (ASN1_VALUE *)x509); + mock_args.txt = NULL; + } if (wbio == NULL || rbio == NULL || req == NULL) goto err; + mock_args.out = rbio; + mock_args.content_type = content_type; BIO_set_callback_ex(wbio, http_bio_cb_ex); BIO_set_callback_arg(wbio, (char *)&mock_args); rsp = do_get ? - OSSL_HTTP_get("/will-be-redirected", + OSSL_HTTP_get(real_server ? REAL_SERVER_URL : path, NULL /* proxy */, NULL /* no_proxy */, - wbio, rbio, NULL /* bio_update_fn */, NULL /* arg */, - 0 /* buf_size */, headers, content_type, - 1 /* expect_asn1 */, + real_server ? NULL : wbio, + real_server ? NULL : rbio, + NULL /* bio_update_fn */, NULL /* arg */, + 0 /* buf_size */, headers, + real_server ? "text/html; charset=utf-8": content_type, + !do_txt /* expect_asn1 */, OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */) - : OSSL_HTTP_transfer(NULL, NULL /* host */, NULL /* port */, RPATH, - 0 /* use_ssl */,NULL /* proxy */, NULL /* no_pr */, + : OSSL_HTTP_transfer(NULL, NULL /* host */, NULL /* port */, path, + 0 /* use_ssl */, NULL /* proxy */, NULL /* no_pr */, wbio, rbio, NULL /* bio_fn */, NULL /* arg */, 0 /* buf_size */, headers, content_type, - req, content_type, 1 /* expect_asn1 */, + req, content_type, !do_txt /* expect_asn1 */, OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */, 0 /* keep_alive */); - rcert = d2i_X509_bio(rsp, NULL); - BIO_free(rsp); - res = TEST_ptr(rcert) && TEST_int_eq(X509_cmp(x509, rcert), 0); + if (!TEST_int_eq(suggested_status == HTTP_STATUS_CODES_FATAL_ERROR, rsp == NULL)) + goto err; + if (suggested_status == HTTP_STATUS_CODES_FATAL_ERROR) + res = 1; + if (rsp != NULL) { + if (do_get && real_server) { + char rtext[sizeof(DOCTYPE_HTML)]; + + res = TEST_int_eq(BIO_gets(rsp, rtext, sizeof(rtext)), + sizeof(DOCTYPE_HTML) - 1) + && TEST_str_eq(rtext, DOCTYPE_HTML); + } else if (do_txt) { + char rtext[sizeof(text1) + 1 /* more space than needed */]; + + res = TEST_int_eq(BIO_gets(rsp, rtext, sizeof(rtext)), + sizeof(text1) - 1) + && TEST_str_eq(rtext, text1); + } else { + X509 *rcert = d2i_X509_bio(rsp, NULL); + + res = TEST_ptr(rcert) && TEST_int_eq(X509_cmp(x509, rcert), 0); + X509_free(rcert); + } + BIO_free(rsp); + } err: - X509_free(rcert); BIO_free(req); BIO_free(wbio); BIO_free(rbio); @@ -159,14 +240,15 @@ static int test_http_keep_alive(char version, int keep_alive, int kept_alive) BIO *wbio = BIO_new(BIO_s_mem()); BIO *rbio = BIO_new(BIO_s_mem()); BIO *rsp; - server_args mock_args = { NULL, '0', 0 }; const char *const content_type = "application/x-x509-ca-cert"; + server_args mock_args = { NULL, NULL, NULL, '0', 0 }; OSSL_HTTP_REQ_CTX *rctx = NULL; int i, res = 0; if (wbio == NULL || rbio == NULL) goto err; mock_args.out = rbio; + mock_args.content_type = content_type; mock_args.version = version; mock_args.keep_alive = kept_alive; BIO_set_callback_ex(wbio, http_bio_cb_ex); @@ -307,14 +389,54 @@ static int test_http_url_invalid_path(void) return test_http_url_invalid("https://[FF01::101]pkix"); } +static int test_http_get_txt(void) +{ + return test_http_method(1 /* GET */, 1, HTTP_STATUS_CODE_OK); +} + +static int test_http_get_txt_redirected(void) +{ + return test_http_method(2 /* GET with redirection */, 1, HTTP_STATUS_CODE_OK); +} + +static int test_http_get_txt_fatal_status(void) +{ + return test_http_method(1 /* GET */, 1, HTTP_STATUS_CODES_FATAL_ERROR); +} + +static int test_http_get_txt_error_status(void) +{ + return test_http_method(1 /* GET */, 1, HTTP_STATUS_CODES_NONFATAL_ERROR); +} + +static int test_http_post_txt(void) +{ + return test_http_method(0 /* POST */, 1, HTTP_STATUS_CODE_OK); +} + static int test_http_get_x509(void) { - return test_http_x509(1); + return test_http_method(1 /* GET */, 0, HTTP_STATUS_CODE_OK); +} + +static int test_http_get_x509_redirected(void) +{ + return test_http_method(2 /* GET with redirection */, 0, HTTP_STATUS_CODE_OK); } static int test_http_post_x509(void) { - return test_http_x509(0); + return test_http_method(0 /* POST */, 0, HTTP_STATUS_CODE_OK); +} + +static int test_http_post_x509_fatal_status(void) +{ + return test_http_method(0 /* POST */, 0, HTTP_STATUS_CODES_FATAL_ERROR); +} + +static int test_http_post_x509_error_status(void) +{ + return test_http_method(0 /* POST */, 0, HTTP_STATUS_CODES_NONFATAL_ERROR); } static int test_http_keep_alive_0_no_no(void) @@ -357,6 +479,69 @@ static int test_http_keep_alive_1_require_no(void) return test_http_keep_alive('1', 2, 0); } +static int test_http_resp_hdr_limit(size_t limit) +{ + BIO *wbio = BIO_new(BIO_s_mem()); + BIO *rbio = BIO_new(BIO_s_mem()); + BIO *mem = NULL; + server_args mock_args = { NULL, NULL, NULL, '0', 0 }; + int res = 0; + OSSL_HTTP_REQ_CTX *rctx = NULL; + + if (TEST_ptr(wbio) == 0 || TEST_ptr(rbio) == 0) + goto err; + + mock_args.txt = text1; + mock_args.content_type = "text/plain"; + mock_args.version = '1'; + mock_args.out = rbio; + + BIO_set_callback_ex(wbio, http_bio_cb_ex); + BIO_set_callback_arg(wbio, (char *)&mock_args); + + rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, 8192); + if (TEST_ptr(rctx) == 0) + goto err; + + if (!TEST_true(OSSL_HTTP_REQ_CTX_set_request_line(rctx, 0 /* GET */, + NULL, NULL, RPATH))) + goto err; + + OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(rctx, limit); + mem = OSSL_HTTP_REQ_CTX_exchange(rctx); + + /* + * Note the server sends 4 http response headers, thus we expect to + * see failure here when we set header limit in http response to 1. + */ + if (limit == 1) + res = TEST_ptr_null(mem); + else + res = TEST_ptr(mem); + + err: + BIO_free(wbio); + BIO_free(rbio); + OSSL_HTTP_REQ_CTX_free(rctx); + + return res; +} + +static int test_hdr_resp_hdr_limit_none(void) +{ + return test_http_resp_hdr_limit(0); +} + +static int test_hdr_resp_hdr_limit_short(void) +{ + return (test_http_resp_hdr_limit(1)); +} + +static int test_hdr_resp_hdr_limit_256(void) +{ + return test_http_resp_hdr_limit(256); +} + void cleanup_tests(void) { X509_free(x509); @@ -381,8 +566,18 @@ int setup_tests(void) ADD_TEST(test_http_url_invalid_prefix); ADD_TEST(test_http_url_invalid_port); ADD_TEST(test_http_url_invalid_path); + + ADD_TEST(test_http_get_txt); + ADD_TEST(test_http_get_txt_redirected); + ADD_TEST(test_http_get_txt_fatal_status); + ADD_TEST(test_http_get_txt_error_status); + ADD_TEST(test_http_post_txt); ADD_TEST(test_http_get_x509); + ADD_TEST(test_http_get_x509_redirected); ADD_TEST(test_http_post_x509); + ADD_TEST(test_http_post_x509_fatal_status); + ADD_TEST(test_http_post_x509_error_status); + ADD_TEST(test_http_keep_alive_0_no_no); ADD_TEST(test_http_keep_alive_1_no_no); ADD_TEST(test_http_keep_alive_0_prefer_yes); @@ -391,5 +586,9 @@ int setup_tests(void) ADD_TEST(test_http_keep_alive_1_require_yes); ADD_TEST(test_http_keep_alive_0_require_no); ADD_TEST(test_http_keep_alive_1_require_no); + + ADD_TEST(test_hdr_resp_hdr_limit_none); + ADD_TEST(test_hdr_resp_hdr_limit_short); + ADD_TEST(test_hdr_resp_hdr_limit_256); return 1; } diff --git a/test/ideatest.c b/test/ideatest.c index ff5e4601f3b3..f6d73d9d783c 100644 --- a/test/ideatest.c +++ b/test/ideatest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,8 +38,9 @@ static const unsigned char cfb_key[16] = { 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e, }; -static const unsigned char cfb_iv[80] = - { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; +static const unsigned char cfb_iv[80] = { + 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd +}; static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; # define CFB_TEST_SIZE 24 static const unsigned char plain[CFB_TEST_SIZE] = { diff --git a/test/lhash_test.c b/test/lhash_test.c index 537ae1876c1d..94e9f3944ea5 100644 --- a/test/lhash_test.c +++ b/test/lhash_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -14,9 +14,12 @@ #include <openssl/opensslconf.h> #include <openssl/lhash.h> #include <openssl/err.h> +#include <openssl/rand.h> #include <openssl/crypto.h> +#include <internal/hashtable.h> #include "internal/nelem.h" +#include "threadstest.h" #include "testutil.h" /* @@ -27,11 +30,11 @@ #pragma clang diagnostic ignored "-Wunused-function" #endif -DEFINE_LHASH_OF(int); +DEFINE_LHASH_OF_EX(int); static int int_tests[] = { 65537, 13, 1, 3, -5, 6, 7, 4, -10, -12, -14, 22, 9, -17, 16, 17, -23, 35, 37, 173, 11 }; -static const unsigned int n_int_tests = OSSL_NELEM(int_tests); +static const size_t n_int_tests = OSSL_NELEM(int_tests); static short int_found[OSSL_NELEM(int_tests)]; static short int_not_found; @@ -106,7 +109,7 @@ static int test_int_lhash(void) } /* num_items */ - if (!TEST_int_eq(lh_int_num_items(h), n_int_tests)) + if (!TEST_int_eq((size_t)lh_int_num_items(h), n_int_tests)) goto end; /* retrieve */ @@ -180,21 +183,176 @@ end: return testresult; } + +static int int_filter_all(HT_VALUE *v, void *arg) +{ + return 1; +} + +HT_START_KEY_DEFN(intkey) +HT_DEF_KEY_FIELD(mykey, int) +HT_END_KEY_DEFN(INTKEY) + +IMPLEMENT_HT_VALUE_TYPE_FNS(int, test, static) + +static int int_foreach(HT_VALUE *v, void *arg) +{ + int *vd = ossl_ht_test_int_from_value(v); + const int n = int_find(*vd); + + if (n < 0) + int_not_found++; + else + int_found[n]++; + return 1; +} + +static uint64_t hashtable_hash(uint8_t *key, size_t keylen) +{ + return (uint64_t)(*(uint32_t *)key); +} + +static int test_int_hashtable(void) +{ + static struct { + int data; + int should_del; + } dels[] = { + { 65537 , 1}, + { 173 , 1}, + { 999 , 0 }, + { 37 , 1 }, + { 1 , 1 }, + { 34 , 0 } + }; + const size_t n_dels = OSSL_NELEM(dels); + HT_CONFIG hash_conf = { + NULL, + NULL, + NULL, + 0, + 1, + }; + INTKEY key; + int rc = 0; + size_t i; + HT *ht = NULL; + int todel; + HT_VALUE_LIST *list = NULL; + + ht = ossl_ht_new(&hash_conf); + + if (ht == NULL) + return 0; + + /* insert */ + HT_INIT_KEY(&key); + for (i = 0; i < n_int_tests; i++) { + HT_SET_KEY_FIELD(&key, mykey, int_tests[i]); + if (!TEST_int_eq(ossl_ht_test_int_insert(ht, TO_HT_KEY(&key), + &int_tests[i], NULL), 1)) { + TEST_info("int insert %zu", i); + goto end; + } + } + + /* num_items */ + if (!TEST_int_eq((size_t)ossl_ht_count(ht), n_int_tests)) + goto end; + + /* foreach, no arg */ + memset(int_found, 0, sizeof(int_found)); + int_not_found = 0; + ossl_ht_foreach_until(ht, int_foreach, NULL); + if (!TEST_int_eq(int_not_found, 0)) { + TEST_info("hashtable int foreach encountered a not found condition"); + goto end; + } + + for (i = 0; i < n_int_tests; i++) + if (!TEST_int_eq(int_found[i], 1)) { + TEST_info("hashtable int foreach %zu", i); + goto end; + } + + /* filter */ + list = ossl_ht_filter(ht, 64, int_filter_all, NULL); + if (!TEST_int_eq((size_t)list->list_len, n_int_tests)) + goto end; + ossl_ht_value_list_free(list); + + /* delete */ + for (i = 0; i < n_dels; i++) { + HT_SET_KEY_FIELD(&key, mykey, dels[i].data); + todel = ossl_ht_delete(ht, TO_HT_KEY(&key)); + if (dels[i].should_del) { + if (!TEST_int_eq(todel, 1)) { + TEST_info("hashtable couldn't find entry %d to delete\n", + dels[i].data); + goto end; + } + } else { + if (!TEST_int_eq(todel, 0)) { + TEST_info("%d found an entry that shouldn't be there\n", dels[i].data); + goto end; + } + } + } + + rc = 1; +end: + ossl_ht_free(ht); + return rc; +} + static unsigned long int stress_hash(const int *p) { return *p; } +#ifdef MEASURE_HASH_PERFORMANCE +static int +timeval_subtract (struct timeval *result, struct timeval *x, struct timeval *y) +{ + /* Perform the carry for the later subtraction by updating y. */ + if (x->tv_usec < y->tv_usec) { + int nsec = (y->tv_usec - x->tv_usec) / 1000000 + 1; + y->tv_usec -= 1000000 * nsec; + y->tv_sec += nsec; + } + if (x->tv_usec - y->tv_usec > 1000000) { + int nsec = (x->tv_usec - y->tv_usec) / 1000000; + y->tv_usec += 1000000 * nsec; + y->tv_sec -= nsec; + } + + /* + * Compute the time remaining to wait. + * tv_usec is certainly positive. + */ + result->tv_sec = x->tv_sec - y->tv_sec; + result->tv_usec = x->tv_usec - y->tv_usec; + + /* Return 1 if result is negative. */ + return x->tv_sec < y->tv_sec; +} +#endif + static int test_stress(void) { LHASH_OF(int) *h = lh_int_new(&stress_hash, &int_cmp); const unsigned int n = 2500000; unsigned int i; int testresult = 0, *p; +#ifdef MEASURE_HASH_PERFORMANCE + struct timeval start, end, delta; +#endif if (!TEST_ptr(h)) goto end; - +#ifdef MEASURE_HASH_PERFORMANCE + gettimeofday(&start, NULL); +#endif /* insert */ for (i = 0; i < n; i++) { p = OPENSSL_malloc(sizeof(i)); @@ -210,11 +368,6 @@ static int test_stress(void) if (!TEST_int_eq(lh_int_num_items(h), n)) goto end; - TEST_info("hash full statistics:"); - OPENSSL_LH_stats_bio((OPENSSL_LHASH *)h, bio_err); - TEST_note("hash full node usage:"); - OPENSSL_LH_node_usage_stats_bio((OPENSSL_LHASH *)h, bio_err); - /* delete in a different order */ for (i = 0; i < n; i++) { const int j = (7 * i + 4) % n * 3 + 1; @@ -230,20 +383,346 @@ static int test_stress(void) OPENSSL_free(p); } - TEST_info("hash empty statistics:"); - OPENSSL_LH_stats_bio((OPENSSL_LHASH *)h, bio_err); - TEST_note("hash empty node usage:"); - OPENSSL_LH_node_usage_stats_bio((OPENSSL_LHASH *)h, bio_err); - testresult = 1; end: +#ifdef MEASURE_HASH_PERFORMANCE + gettimeofday(&end, NULL); + timeval_subtract(&delta, &end, &start); + TEST_info("lhash stress runs in %ld.%ld seconds", delta.tv_sec, delta.tv_usec); +#endif lh_int_free(h); return testresult; } +static void hashtable_intfree(HT_VALUE *v) +{ + OPENSSL_free(v->value); +} + +static int test_hashtable_stress(int idx) +{ + const unsigned int n = 2500000; + unsigned int i; + int testresult = 0, *p; + HT_CONFIG hash_conf = { + NULL, /* use default context */ + hashtable_intfree, /* our free function */ + hashtable_hash, /* our hash function */ + 625000, /* preset hash size */ + 1, /* Check collisions */ + 0 /* Lockless reads */ + }; + HT *h; + INTKEY key; + HT_VALUE *v; +#ifdef MEASURE_HASH_PERFORMANCE + struct timeval start, end, delta; +#endif + + hash_conf.lockless_reads = idx; + h = ossl_ht_new(&hash_conf); + + + if (!TEST_ptr(h)) + goto end; +#ifdef MEASURE_HASH_PERFORMANCE + gettimeofday(&start, NULL); +#endif + + HT_INIT_KEY(&key); + + /* insert */ + for (i = 0; i < n; i++) { + p = OPENSSL_malloc(sizeof(i)); + if (!TEST_ptr(p)) { + TEST_info("hashtable stress out of memory %d", i); + goto end; + } + *p = 3 * i + 1; + HT_SET_KEY_FIELD(&key, mykey, *p); + if (!TEST_int_eq(ossl_ht_test_int_insert(h, TO_HT_KEY(&key), + p, NULL), 1)) { + TEST_info("hashtable unable to insert element %d\n", *p); + goto end; + } + } + + /* make sure we stored everything */ + if (!TEST_int_eq((size_t)ossl_ht_count(h), n)) + goto end; + + /* delete or get in a different order */ + for (i = 0; i < n; i++) { + const int j = (7 * i + 4) % n * 3 + 1; + HT_SET_KEY_FIELD(&key, mykey, j); + + switch (idx) { + case 0: + if (!TEST_int_eq((ossl_ht_delete(h, TO_HT_KEY(&key))), 1)) { + TEST_info("hashtable didn't delete key %d\n", j); + goto end; + } + break; + case 1: + if (!TEST_ptr(p = ossl_ht_test_int_get(h, TO_HT_KEY(&key), &v)) + || !TEST_int_eq(*p, j)) { + TEST_info("hashtable didn't get key %d\n", j); + goto end; + } + break; + } + } + + testresult = 1; +end: +#ifdef MEASURE_HASH_PERFORMANCE + gettimeofday(&end, NULL); + timeval_subtract(&delta, &end, &start); + TEST_info("hashtable stress runs in %ld.%ld seconds", delta.tv_sec, delta.tv_usec); +#endif + ossl_ht_free(h); + return testresult; +} + +typedef struct test_mt_entry { + int in_table; + int pending_delete; +} TEST_MT_ENTRY; + +static HT *m_ht = NULL; +#define TEST_MT_POOL_SZ 256 +#define TEST_THREAD_ITERATIONS 1000000 +#define NUM_WORKERS 16 + +static struct test_mt_entry test_mt_entries[TEST_MT_POOL_SZ]; +static char *worker_exits[NUM_WORKERS]; + +HT_START_KEY_DEFN(mtkey) +HT_DEF_KEY_FIELD(index, uint32_t) +HT_END_KEY_DEFN(MTKEY) + +IMPLEMENT_HT_VALUE_TYPE_FNS(TEST_MT_ENTRY, mt, static) + +static int worker_num = 0; +static CRYPTO_RWLOCK *worker_lock; +static CRYPTO_RWLOCK *testrand_lock; +static int free_failure = 0; +static int shutting_down = 0; +static int global_iteration = 0; + +static void hashtable_mt_free(HT_VALUE *v) +{ + TEST_MT_ENTRY *m = ossl_ht_mt_TEST_MT_ENTRY_from_value(v); + int pending_delete; + int ret; + + CRYPTO_atomic_load_int(&m->pending_delete, &pending_delete, worker_lock); + + if (shutting_down == 1) + return; + + if (pending_delete == 0) { + TEST_info("Freeing element which was not scheduled for free"); + free_failure = 1; + } else { + CRYPTO_atomic_add(&m->pending_delete, -1, + &ret, worker_lock); + } +} + +#define DO_LOOKUP 0 +#define DO_INSERT 1 +#define DO_REPLACE 2 +#define DO_DELETE 3 +#define NUM_BEHAVIORS (DO_DELETE + 1) + +static void do_mt_hash_work(void) +{ + MTKEY key; + uint32_t index; + int num; + TEST_MT_ENTRY *m; + TEST_MT_ENTRY *expected_m = NULL; + HT_VALUE *v = NULL; + TEST_MT_ENTRY **r = NULL; + int expected_rc; + int ret; + char behavior; + size_t iter = 0; + int giter; + + CRYPTO_atomic_add(&worker_num, 1, &num, worker_lock); + num--; /* atomic_add is an add/fetch operation */ + + HT_INIT_KEY(&key); + + for (iter = 0; iter < TEST_THREAD_ITERATIONS; iter++) { + if (!TEST_true(CRYPTO_THREAD_write_lock(testrand_lock))) + return; + index = test_random() % TEST_MT_POOL_SZ; + behavior = (char)(test_random() % NUM_BEHAVIORS); + CRYPTO_THREAD_unlock(testrand_lock); + + expected_m = &test_mt_entries[index]; + HT_KEY_RESET(&key); + HT_SET_KEY_FIELD(&key, index, index); + + if (!CRYPTO_atomic_add(&global_iteration, 1, &giter, worker_lock)) { + worker_exits[num] = "Unable to increment global iterator"; + return; + } + switch(behavior) { + case DO_LOOKUP: + ossl_ht_read_lock(m_ht); + m = ossl_ht_mt_TEST_MT_ENTRY_get(m_ht, TO_HT_KEY(&key), &v); + if (m != NULL && m != expected_m) { + worker_exits[num] = "Read unexpected value from hashtable"; + TEST_info("Iteration %d Read unexpected value %p when %p expected", + giter, (void *)m, (void *)expected_m); + } + ossl_ht_read_unlock(m_ht); + if (worker_exits[num] != NULL) + return; + break; + case DO_INSERT: + case DO_REPLACE: + ossl_ht_write_lock(m_ht); + if (behavior == DO_REPLACE) { + expected_rc = 1; + r = &m; + } else { + expected_rc = !expected_m->in_table; + r = NULL; + } + + if (expected_rc != ossl_ht_mt_TEST_MT_ENTRY_insert(m_ht, + TO_HT_KEY(&key), + expected_m, r)) { + TEST_info("Iteration %d Expected rc %d on %s of element %u which is %s\n", + giter, expected_rc, behavior == DO_REPLACE ? "replace" : "insert", + (unsigned int)index, + expected_m->in_table ? "in table" : "not in table"); + worker_exits[num] = "Failure on insert"; + } + if (expected_rc == 1) + expected_m->in_table = 1; + ossl_ht_write_unlock(m_ht); + if (worker_exits[num] != NULL) + return; + break; + case DO_DELETE: + ossl_ht_write_lock(m_ht); + expected_rc = expected_m->in_table; + if (expected_rc == 1) { + /* + * We must set pending_delete before the actual deletion + * as another inserting or deleting thread can pick up + * the delete callback before the ossl_ht_write_unlock() call. + * This can happen only if no read locks are pending and + * only on Windows where we do not use the write mutex + * to get the callback list. + */ + expected_m->in_table = 0; + CRYPTO_atomic_add(&expected_m->pending_delete, 1, &ret, worker_lock); + } + if (expected_rc != ossl_ht_delete(m_ht, TO_HT_KEY(&key))) { + TEST_info("Iteration %d Expected rc %d on delete of element %u which is %s\n", + giter, expected_rc, (unsigned int)index, + expected_m->in_table ? "in table" : "not in table"); + worker_exits[num] = "Failure on delete"; + } + ossl_ht_write_unlock(m_ht); + if (worker_exits[num] != NULL) + return; + break; + default: + worker_exits[num] = "Undefined behavior specified"; + return; + } + } +} + +static int test_hashtable_multithread(void) +{ + HT_CONFIG hash_conf = { + NULL, /* use default context */ + hashtable_mt_free, /* our free function */ + NULL, /* default hash function */ + 0, /* default hash size */ + 1, /* Check collisions */ + }; + int ret = 0; + thread_t workers[NUM_WORKERS]; + int i; +#ifdef MEASURE_HASH_PERFORMANCE + struct timeval start, end, delta; +#endif + + memset(worker_exits, 0, sizeof(char *) * NUM_WORKERS); + memset(test_mt_entries, 0, sizeof(TEST_MT_ENTRY) * TEST_MT_POOL_SZ); + memset(workers, 0, sizeof(thread_t) * NUM_WORKERS); + + m_ht = ossl_ht_new(&hash_conf); + + if (!TEST_ptr(m_ht)) + goto end; + + if (!TEST_ptr(worker_lock = CRYPTO_THREAD_lock_new())) + goto end_free; + if (!TEST_ptr(testrand_lock = CRYPTO_THREAD_lock_new())) + goto end_free; +#ifdef MEASURE_HASH_PERFORMANCE + gettimeofday(&start, NULL); +#endif + + for (i = 0; i < NUM_WORKERS; i++) { + if (!run_thread(&workers[i], do_mt_hash_work)) + goto shutdown; + } + +shutdown: + for (--i; i >= 0; i--) { + wait_for_thread(workers[i]); + } + + + /* + * Now that the workers are done, check for any error + * conditions + */ + ret = 1; + for (i = 0; i < NUM_WORKERS; i++) { + if (worker_exits[i] != NULL) { + TEST_info("Worker %d failed: %s\n", i, worker_exits[i]); + ret = 0; + } + } + if (free_failure == 1) { + TEST_info("Encountered a free failure"); + ret = 0; + } + +#ifdef MEASURE_HASH_PERFORMANCE + gettimeofday(&end, NULL); + timeval_subtract(&delta, &end, &start); + TEST_info("multithread stress runs 40000 ops in %ld.%ld seconds", delta.tv_sec, delta.tv_usec); +#endif + +end_free: + shutting_down = 1; + ossl_ht_free(m_ht); + CRYPTO_THREAD_lock_free(worker_lock); + CRYPTO_THREAD_lock_free(testrand_lock); +end: + return ret; +} + int setup_tests(void) { ADD_TEST(test_int_lhash); ADD_TEST(test_stress); + ADD_TEST(test_int_hashtable); + ADD_ALL_TESTS(test_hashtable_stress, 2); + ADD_TEST(test_hashtable_multithread); return 1; } diff --git a/test/localetest.c b/test/localetest.c index 9df90ed901ea..616356a1404d 100644 --- a/test/localetest.c +++ b/test/localetest.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "../e_os.h" +#include "internal/e_os.h" #include <stdio.h> #include <string.h> #include <stdlib.h> diff --git a/test/mdc2test.c b/test/mdc2test.c index 619574fb048e..a524ceca160d 100644 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,6 @@ #include <openssl/params.h> #include <openssl/types.h> #include <openssl/core_names.h> -#include "internal/nelem.h" #include "testutil.h" #if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2) @@ -48,7 +47,7 @@ static int test_mdc2(void) int testresult = 0; unsigned int pad_type = 2; unsigned char md[MDC2_DIGEST_LENGTH]; - EVP_MD_CTX *c; + EVP_MD_CTX *c = NULL; static char text[] = "Now is the time for all "; size_t tlen = strlen(text), i = 0; OSSL_PROVIDER *prov = NULL; @@ -59,6 +58,9 @@ static int test_mdc2(void) params[i++] = OSSL_PARAM_construct_end(); prov = OSSL_PROVIDER_load(NULL, "legacy"); + if (!TEST_ptr(prov)) + goto end; + # ifdef CHARSET_EBCDIC ebcdic2ascii(text, text, tlen); # endif diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c index 32fb756060b2..aa667b16d167 100644 --- a/test/modes_internal_test.c +++ b/test/modes_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,8 +40,9 @@ static const unsigned char cts128_test_key[16] = "chicken teriyaki"; static const unsigned char cts128_test_input[64] = "I would like the" " General Gau's C" "hicken, please, " "and wonton soup."; -static const unsigned char cts128_test_iv[] = - { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; +static const unsigned char cts128_test_iv[] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; static const unsigned char vector_17[17] = { 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, @@ -869,7 +870,7 @@ static int test_gcm128(int idx) if (A.data != NULL) CRYPTO_gcm128_aad(&ctx, A.data, A.size); if (P.data != NULL) - if (!TEST_int_ge(CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size), 0)) + if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx, P.data, out, P.size), 0)) return 0; if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) || (C.data != NULL diff --git a/test/namemap_internal_test.c b/test/namemap_internal_test.c index b3f498004fb1..fdfc782539d6 100644 --- a/test/namemap_internal_test.c +++ b/test/namemap_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ static int test_namemap_empty(void) int ok; ok = TEST_int_eq(ossl_namemap_empty(NULL), 1) - && TEST_ptr(nm = ossl_namemap_new()) + && TEST_ptr(nm = ossl_namemap_new(NULL)) && TEST_int_eq(ossl_namemap_empty(nm), 1) && TEST_int_ne(ossl_namemap_add_name(nm, 0, NAME1), 0) && TEST_int_eq(ossl_namemap_empty(nm), 0); @@ -55,7 +55,7 @@ static int test_namemap(OSSL_NAMEMAP *nm) static int test_namemap_independent(void) { - OSSL_NAMEMAP *nm = ossl_namemap_new(); + OSSL_NAMEMAP *nm = ossl_namemap_new(NULL); int ok = TEST_ptr(nm) && test_namemap(nm); ossl_namemap_free(nm); diff --git a/test/ocspapitest.c b/test/ocspapitest.c index 97a56e777b10..13026d6b4a42 100644 --- a/test/ocspapitest.c +++ b/test/ocspapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -193,7 +193,7 @@ static int test_ocsp_url_svcloc_new(void) }; X509 *issuer = NULL; - X509_EXTENSION * ext = NULL; + X509_EXTENSION *ext = NULL; int ret = 0; if (!TEST_true(get_cert(&issuer))) diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c index b45d1d548f23..ba1bc6fdc50f 100644 --- a/test/ossl_store_test.c +++ b/test/ossl_store_test.c @@ -105,7 +105,7 @@ static int test_store_get_params(int idx) const char *urifmt; char uri[PATH_MAX]; - switch(idx) { + switch (idx) { #ifndef OPENSSL_NO_DH case 0: type = "DH"; diff --git a/test/p_test.c b/test/p_test.c index 46f990113fb6..05f71ec8347c 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ # define OSSL_provider_init PROVIDER_INIT_FUNCTION_NAME #endif -#include "e_os.h" +#include "internal/e_os.h" #include <openssl/core.h> #include <openssl/core_dispatch.h> #include <openssl/err.h> @@ -245,7 +245,7 @@ static const OSSL_DISPATCH p_test_table[] = { (void (*)(void))p_get_reason_strings}, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, - { 0, NULL } + OSSL_DISPATCH_END }; int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, diff --git a/test/packettest.c b/test/packettest.c index 17831d940bff..40b68d310a72 100644 --- a/test/packettest.c +++ b/test/packettest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/packet.h" +#include "internal/packet_quic.h" #include "testutil.h" #define BUF_LEN 255 @@ -465,6 +465,114 @@ static int test_PACKET_as_length_prefixed_2(void) return 1; } +#ifndef OPENSSL_NO_QUIC + +static int test_PACKET_get_quic_vlint(void) +{ + struct quic_test_case { + unsigned char buf[16]; + size_t expected_read_count; + uint64_t value; + }; + + static const struct quic_test_case cases[] = { + { {0x00}, 1, 0 }, + { {0x01}, 1, 1 }, + { {0x3e}, 1, 62 }, + { {0x3f}, 1, 63 }, + { {0x40,0x00}, 2, 0 }, + { {0x40,0x01}, 2, 1 }, + { {0x40,0x02}, 2, 2 }, + { {0x40,0xff}, 2, 255 }, + { {0x41,0x00}, 2, 256 }, + { {0x7f,0xfe}, 2, 16382 }, + { {0x7f,0xff}, 2, 16383 }, + { {0x80,0x00,0x00,0x00}, 4, 0 }, + { {0x80,0x00,0x00,0x01}, 4, 1 }, + { {0x80,0x00,0x01,0x02}, 4, 258 }, + { {0x80,0x18,0x49,0x65}, 4, 1591653 }, + { {0xbe,0x18,0x49,0x65}, 4, 1041779045 }, + { {0xbf,0xff,0xff,0xff}, 4, 1073741823 }, + { {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, 8, 0 }, + { {0xc0,0x00,0x00,0x00,0x00,0x00,0x01,0x02}, 8, 258 }, + { {0xfd,0x1f,0x59,0x8d,0xc9,0xf8,0x71,0x8a}, 8, 4404337426105397642 }, + }; + + PACKET pkt; + size_t i; + uint64_t v; + + for (i = 0; i < OSSL_NELEM(cases); ++i) { + memset(&pkt, 0, sizeof(pkt)); + v = 55; + + if (!TEST_true(PACKET_buf_init(&pkt, cases[i].buf, sizeof(cases[i].buf))) + || !TEST_true(PACKET_get_quic_vlint(&pkt, &v)) + || !TEST_uint64_t_eq(v, cases[i].value) + || !TEST_size_t_eq(PACKET_remaining(&pkt), + sizeof(cases[i].buf) - cases[i].expected_read_count) + ) + return 0; + } + + return 1; +} + +static int test_PACKET_get_quic_length_prefixed(void) +{ + struct quic_test_case { + unsigned char buf[16]; + size_t enclen, len; + int fail; + }; + + static const struct quic_test_case cases[] = { + /* success cases */ + { {0x00}, 1, 0, 0 }, + { {0x01}, 1, 1, 0 }, + { {0x02}, 1, 2, 0 }, + { {0x03}, 1, 3, 0 }, + { {0x04}, 1, 4, 0 }, + { {0x05}, 1, 5, 0 }, + + /* failure cases */ + { {0x10}, 1, 0, 1 }, + { {0x3f}, 1, 0, 1 }, + }; + + size_t i; + PACKET pkt, subpkt = {0}; + + for (i = 0; i < OSSL_NELEM(cases); ++i) { + memset(&pkt, 0, sizeof(pkt)); + + if (!TEST_true(PACKET_buf_init(&pkt, cases[i].buf, + cases[i].fail + ? sizeof(cases[i].buf) + : cases[i].enclen + cases[i].len))) + return 0; + + if (!TEST_int_eq(PACKET_get_quic_length_prefixed(&pkt, &subpkt), !cases[i].fail)) + return 0; + + if (cases[i].fail) { + if (!TEST_ptr_eq(pkt.curr, cases[i].buf)) + return 0; + continue; + } + + if (!TEST_ptr_eq(subpkt.curr, cases[i].buf + cases[i].enclen)) + return 0; + + if (!TEST_size_t_eq(subpkt.remaining, cases[i].len)) + return 0; + } + + return 1; +} + +#endif + int setup_tests(void) { unsigned int i; @@ -495,5 +603,9 @@ int setup_tests(void) ADD_TEST(test_PACKET_get_length_prefixed_3); ADD_TEST(test_PACKET_as_length_prefixed_1); ADD_TEST(test_PACKET_as_length_prefixed_2); +#ifndef OPENSSL_NO_QUIC + ADD_TEST(test_PACKET_get_quic_vlint); + ADD_TEST(test_PACKET_get_quic_length_prefixed); +#endif return 1; } diff --git a/test/param_build_test.c b/test/param_build_test.c index 8257c6fba9f3..f693b4b11bf6 100644 --- a/test/param_build_test.c +++ b/test/param_build_test.c @@ -16,7 +16,7 @@ static const OSSL_PARAM params_empty[] = { OSSL_PARAM_END }; -static int template_public_single_zero_test(void) +static int template_public_single_zero_test(int idx) { OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM *params = NULL, *params_blt = NULL, *p; @@ -25,7 +25,8 @@ static int template_public_single_zero_test(void) if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || !TEST_ptr(zbn = BN_new()) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", + idx == 0 ? zbn : NULL)) || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) goto err; @@ -86,8 +87,9 @@ static int template_public_test(int tstid) { OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); OSSL_PARAM *params = NULL, *params_blt = NULL, *p1 = NULL, *p; - BIGNUM *bn = NULL, *bn_res = NULL; BIGNUM *zbn = NULL, *zbn_res = NULL; + BIGNUM *pbn = NULL, *pbn_res = NULL; + BIGNUM *nbn = NULL, *nbn_res = NULL; int i; long int l; int32_t i32; @@ -106,9 +108,13 @@ static int template_public_test(int tstid) || !TEST_true(OSSL_PARAM_BLD_push_double(bld, "d", 1.61803398875)) || !TEST_ptr(zbn = BN_new()) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) - || !TEST_ptr(bn = BN_new()) - || !TEST_true(BN_set_word(bn, 1729)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", bn)) + || !TEST_ptr(pbn = BN_new()) + || !TEST_true(BN_set_word(pbn, 1729)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", pbn)) + || !TEST_ptr(nbn = BN_secure_new()) + || !TEST_true(BN_set_word(nbn, 1733)) + || !TEST_true((BN_set_negative(nbn, 1), 1)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "negativebignumber", nbn)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, "utf8_s", "foo", sizeof("foo"))) || !TEST_true(OSSL_PARAM_BLD_push_utf8_ptr(bld, "utf8_p", "bar-boom", @@ -117,7 +123,7 @@ static int template_public_test(int tstid) || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) goto err; - switch(tstid) { + switch (tstid) { case 0: params = params_blt; break; @@ -193,12 +199,18 @@ static int template_public_test(int tstid) || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) || !TEST_true(OSSL_PARAM_get_BN(p, &zbn_res)) || !TEST_BN_eq(zbn_res, zbn) - /* Check BN */ + /* Check BN (positive BN becomes unsigned integer) */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "bignumber")) || !TEST_str_eq(p->key, "bignumber") || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) - || !TEST_true(OSSL_PARAM_get_BN(p, &bn_res)) - || !TEST_int_eq(BN_cmp(bn_res, bn), 0)) + || !TEST_true(OSSL_PARAM_get_BN(p, &pbn_res)) + || !TEST_BN_eq(pbn_res, pbn) + /* Check BN (negative BN becomes signed integer) */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "negativebignumber")) + || !TEST_str_eq(p->key, "negativebignumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &nbn_res)) + || !TEST_BN_eq(nbn_res, nbn)) goto err; res = 1; err: @@ -210,8 +222,10 @@ err: OPENSSL_free(utf); BN_free(zbn); BN_free(zbn_res); - BN_free(bn); - BN_free(bn_res); + BN_free(pbn); + BN_free(pbn_res); + BN_free(nbn); + BN_free(nbn_res); return res; } @@ -230,7 +244,8 @@ static int template_private_test(int tstid) uint64_t i64; size_t st; BIGNUM *zbn = NULL, *zbn_res = NULL; - BIGNUM *bn = NULL, *bn_res = NULL; + BIGNUM *pbn = NULL, *pbn_res = NULL; + BIGNUM *nbn = NULL, *nbn_res = NULL; int res = 0; if (!TEST_ptr(data1 = OPENSSL_secure_malloc(data1_size)) @@ -250,16 +265,20 @@ static int template_private_test(int tstid) || !TEST_true(OSSL_PARAM_BLD_push_size_t(bld, "st", 65537)) || !TEST_ptr(zbn = BN_secure_new()) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) - || !TEST_ptr(bn = BN_secure_new()) - || !TEST_true(BN_set_word(bn, 1729)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", bn)) + || !TEST_ptr(pbn = BN_secure_new()) + || !TEST_true(BN_set_word(pbn, 1729)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", pbn)) + || !TEST_ptr(nbn = BN_secure_new()) + || !TEST_true(BN_set_word(nbn, 1733)) + || !TEST_true((BN_set_negative(nbn, 1), 1)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "negativebignumber", nbn)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, "oct_s", data1, data1_size)) || !TEST_true(OSSL_PARAM_BLD_push_octet_ptr(bld, "oct_p", data2, data2_size)) || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) goto err; - switch(tstid) { + switch (tstid) { case 0: params = params_blt; break; @@ -337,16 +356,24 @@ static int template_private_test(int tstid) || !TEST_str_eq(p->key, "zeronumber") || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) || !TEST_true(OSSL_PARAM_get_BN(p, &zbn_res)) - || !TEST_int_eq(BN_get_flags(zbn, BN_FLG_SECURE), BN_FLG_SECURE) + || !TEST_int_eq(BN_get_flags(pbn, BN_FLG_SECURE), BN_FLG_SECURE) || !TEST_BN_eq(zbn_res, zbn) - /* Check BN */ + /* Check BN (positive BN becomes unsigned integer) */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "bignumber")) || !TEST_true(CRYPTO_secure_allocated(p->data)) || !TEST_str_eq(p->key, "bignumber") || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) - || !TEST_true(OSSL_PARAM_get_BN(p, &bn_res)) - || !TEST_int_eq(BN_get_flags(bn, BN_FLG_SECURE), BN_FLG_SECURE) - || !TEST_int_eq(BN_cmp(bn_res, bn), 0)) + || !TEST_true(OSSL_PARAM_get_BN(p, &pbn_res)) + || !TEST_int_eq(BN_get_flags(pbn, BN_FLG_SECURE), BN_FLG_SECURE) + || !TEST_BN_eq(pbn_res, pbn) + /* Check BN (negative BN becomes signed integer) */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "negativebignumber")) + || !TEST_true(CRYPTO_secure_allocated(p->data)) + || !TEST_str_eq(p->key, "negativebignumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &nbn_res)) + || !TEST_int_eq(BN_get_flags(nbn, BN_FLG_SECURE), BN_FLG_SECURE) + || !TEST_BN_eq(nbn_res, nbn)) goto err; res = 1; err: @@ -359,8 +386,10 @@ err: OPENSSL_secure_free(data2); BN_free(zbn); BN_free(zbn_res); - BN_free(bn); - BN_free(bn_res); + BN_free(pbn); + BN_free(pbn_res); + BN_free(nbn); + BN_free(nbn_res); return res; } @@ -374,7 +403,7 @@ static int builder_limit_test(void) if (!TEST_ptr(bld)) goto err; - + for (i = 0; i < n; i++) { names[i][0] = 'A' + (i / 26) - 1; names[i][1] = 'a' + (i % 26) - 1; @@ -384,7 +413,7 @@ static int builder_limit_test(void) } if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; - /* Count the elements in the params arrary, expecting n */ + /* Count the elements in the params array, expecting n */ for (i = 0; params[i].key != NULL; i++); if (!TEST_int_eq(i, n)) goto err; @@ -396,7 +425,7 @@ static int builder_limit_test(void) if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, "g", 2)) || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; - /* Count the elements in the params arrary, expecting 1 */ + /* Count the elements in the params array, expecting 1 */ for (i = 0; params[i].key != NULL; i++); if (!TEST_int_eq(i, 1)) goto err; @@ -522,7 +551,7 @@ err: int setup_tests(void) { - ADD_TEST(template_public_single_zero_test); + ADD_ALL_TESTS(template_public_single_zero_test, 2); ADD_ALL_TESTS(template_public_test, 5); /* Only run the secure memory testing if we have secure memory available */ if (CRYPTO_secure_malloc_init(1<<16, 16)) { diff --git a/test/params_api_test.c b/test/params_api_test.c index 48e2f8920aa2..715c2718bb32 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -34,14 +34,18 @@ static void swap_copy(unsigned char *out, const void *in, size_t len) * big endian machine copying from native to or from little endian involves * byte reversal. */ -static void le_copy(unsigned char *out, const void *in, size_t len) +static void le_copy(unsigned char *out, size_t outlen, + const void *in, size_t inlen) { DECLARE_IS_ENDIAN; - if (IS_LITTLE_ENDIAN) - memcpy(out, in, len); - else - swap_copy(out, in, len); + if (IS_LITTLE_ENDIAN) { + memcpy(out, in, outlen); + } else { + if (outlen < inlen) + in = (const char *)in + inlen - outlen; + swap_copy(out, in, outlen); + } } static const struct { @@ -66,6 +70,49 @@ static const struct { 0x89, 0x67, 0xf2, 0x68, 0x33, 0xa0, 0x14, 0xb0 } }, }; +static int test_param_type_null(OSSL_PARAM *param) +{ + int rc = 0; + uint64_t intval; + double dval; + BIGNUM *bn; + + switch(param->data_type) { + case OSSL_PARAM_INTEGER: + if (param->data_size == sizeof(int32_t)) + rc = OSSL_PARAM_get_int32(param, (int32_t *)&intval); + else if (param->data_size == sizeof(uint64_t)) + rc = OSSL_PARAM_get_int64(param, (int64_t *)&intval); + else + return 1; + break; + case OSSL_PARAM_UNSIGNED_INTEGER: + if (param->data_size == sizeof(uint32_t)) + rc = OSSL_PARAM_get_uint32(param, (uint32_t *)&intval); + else if (param->data_size == sizeof(uint64_t)) + rc = OSSL_PARAM_get_uint64(param, &intval); + else + rc = OSSL_PARAM_get_BN(param, &bn); + break; + case OSSL_PARAM_REAL: + rc = OSSL_PARAM_get_double(param, &dval); + break; + case OSSL_PARAM_UTF8_STRING: + case OSSL_PARAM_OCTET_STRING: + case OSSL_PARAM_UTF8_PTR: + case OSSL_PARAM_OCTET_PTR: + /* these are allowed to be null */ + return 1; + break; + } + + /* + * we expect the various OSSL_PARAM_get functions above + * to return failure when the data is set to NULL + */ + return rc == 0; +} + static int test_param_type_extra(OSSL_PARAM *param, const unsigned char *cmp, size_t width) { @@ -78,7 +125,7 @@ static int test_param_type_extra(OSSL_PARAM *param, const unsigned char *cmp, const int signd = param->data_type == OSSL_PARAM_INTEGER; /* - * Set the unmodified sentinal directly because there is no param array + * Set the unmodified sentinel directly because there is no param array * for these tests. */ param->return_size = OSSL_PARAM_UNMODIFIED; @@ -98,17 +145,17 @@ static int test_param_type_extra(OSSL_PARAM *param, const unsigned char *cmp, /* Check signed types */ if (bit32) { - le_copy(buf, &i32, sizeof(i32)); + le_copy(buf, sizeof(i32), &i32, sizeof(i32)); sz = sizeof(i32) < width ? sizeof(i32) : width; if (!TEST_mem_eq(buf, sz, cmp, sz)) return 0; } - le_copy(buf, &i64, sizeof(i64)); + le_copy(buf, sizeof(i64), &i64, sizeof(i64)); sz = sizeof(i64) < width ? sizeof(i64) : width; if (!TEST_mem_eq(buf, sz, cmp, sz)) return 0; if (sizet && !signd) { - le_copy(buf, &s, sizeof(s)); + le_copy(buf, sizeof(s), &s, sizeof(s)); sz = sizeof(s) < width ? sizeof(s) : width; if (!TEST_mem_eq(buf, sz, cmp, sz)) return 0; @@ -153,19 +200,22 @@ static int test_param_int(int n) sizeof(int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_int(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_int(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -180,19 +230,22 @@ static int test_param_long(int n) ? sizeof(long int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_long("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_long(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_long(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -206,19 +259,22 @@ static int test_param_uint(int n) const size_t len = raw_values[n].len >= sizeof(unsigned int) ? sizeof(unsigned int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_uint(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_uint(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -233,19 +289,22 @@ static int test_param_ulong(int n) ? sizeof(unsigned long int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_ulong("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_ulong(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_ulong(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -260,19 +319,22 @@ static int test_param_int32(int n) ? sizeof(int32_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int32("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_int32(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_int32(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -287,19 +349,22 @@ static int test_param_uint32(int n) ? sizeof(uint32_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint32("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_uint32(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_uint32(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -314,19 +379,22 @@ static int test_param_int64(int n) ? sizeof(int64_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int64("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_int64(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_int64(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -341,19 +409,22 @@ static int test_param_uint64(int n) ? sizeof(uint64_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint64("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_uint64(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_uint64(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -368,19 +439,22 @@ static int test_param_size_t(int n) ? sizeof(size_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_size_t("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_size_t(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_size_t(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -395,19 +469,22 @@ static int test_param_time_t(int n) ? sizeof(time_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_time_t("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); - le_copy(buf, raw_values[n].value, sizeof(in)); + le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_time_t(¶m, in))) return 0; - le_copy(cmp, &out, sizeof(out)); + le_copy(cmp, sizeof(out), &out, sizeof(out)); if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; if (!TEST_true(OSSL_PARAM_get_time_t(¶m, &in))) return 0; - le_copy(cmp, &in, sizeof(in)); + le_copy(cmp, sizeof(in), &in, sizeof(in)); if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; @@ -423,15 +500,19 @@ static int test_param_bignum(int n) NULL, 0); int ret = 0; + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + param.data = bnbuf; - param.data_size = len; + param.data_size = sizeof(bnbuf); - le_copy(buf, raw_values[n].value, len); if (!TEST_ptr(b = BN_lebin2bn(raw_values[n].value, (int)len, NULL))) goto err; - if (!TEST_true(OSSL_PARAM_set_BN(¶m, b)) - || !TEST_mem_eq(bnbuf, param.return_size, buf, param.return_size)) + if (!TEST_true(OSSL_PARAM_set_BN(¶m, b))) + goto err; + le_copy(buf, len, bnbuf, sizeof(bnbuf)); + if (!TEST_mem_eq(raw_values[n].value, len, buf, len)) goto err; param.data_size = param.return_size; if (!TEST_true(OSSL_PARAM_get_BN(¶m, &c)) @@ -445,11 +526,53 @@ err: return ret; } +static int test_param_signed_bignum(int n) +{ + unsigned char buf[MAX_LEN], bnbuf[MAX_LEN]; + const size_t len = raw_values[n].len; + BIGNUM *b = NULL, *c = NULL; + OSSL_PARAM param = OSSL_PARAM_DEFN("bn", OSSL_PARAM_INTEGER, NULL, 0); + int ret = 0; + + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + + param.data = bnbuf; + param.data_size = sizeof(bnbuf); + + if (!TEST_ptr(b = BN_signed_lebin2bn(raw_values[n].value, (int)len, NULL))) + goto err; + + /* raw_values are little endian */ + if (!TEST_false(!!(raw_values[n].value[len - 1] & 0x80) ^ BN_is_negative(b))) + goto err; + if (!TEST_true(OSSL_PARAM_set_BN(¶m, b))) + goto err; + le_copy(buf, len, bnbuf, sizeof(bnbuf)); + if (!TEST_mem_eq(raw_values[n].value, len, buf, len)) + goto err; + param.data_size = param.return_size; + if (!TEST_true(OSSL_PARAM_get_BN(¶m, &c)) + || !TEST_BN_eq(b, c)) { + BN_print_fp(stderr, c); + goto err; + } + + ret = 1; +err: + BN_free(b); + BN_free(c); + return ret; +} + static int test_param_real(void) { double p; OSSL_PARAM param = OSSL_PARAM_double("r", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + param.data = &p; return TEST_true(OSSL_PARAM_set_double(¶m, 3.14159)) && TEST_double_eq(p, 3.14159); @@ -505,7 +628,7 @@ static int test_param_construct(int tstid) params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", &vp, 0); params[n] = OSSL_PARAM_construct_end(); - switch(tstid) { + switch (tstid) { case 0: p = params; break; @@ -620,7 +743,7 @@ static int test_param_construct(int tstid) goto err; /* Match the return size to avoid trailing garbage bytes */ cp->data_size = cp->return_size; - if(!TEST_true(OSSL_PARAM_get_BN(cp, &bn2)) + if (!TEST_true(OSSL_PARAM_get_BN(cp, &bn2)) || !TEST_BN_eq(bn, bn2)) goto err; ret = 1; @@ -706,6 +829,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_param_int64, OSSL_NELEM(raw_values)); ADD_ALL_TESTS(test_param_uint64, OSSL_NELEM(raw_values)); ADD_ALL_TESTS(test_param_bignum, OSSL_NELEM(raw_values)); + ADD_ALL_TESTS(test_param_signed_bignum, OSSL_NELEM(raw_values)); ADD_TEST(test_param_real); ADD_ALL_TESTS(test_param_construct, 4); ADD_TEST(test_param_modified); diff --git a/test/params_conversion_test.c b/test/params_conversion_test.c index 30477e812796..01a768efd085 100644 --- a/test/params_conversion_test.c +++ b/test/params_conversion_test.c @@ -190,7 +190,8 @@ static int param_conversion_test(const PARAM_CONVERSION *pc, int line) double d; if (!pc->valid_i32) { - if (!TEST_false(OSSL_PARAM_get_int32(pc->param, &i32))) { + if (!TEST_false(OSSL_PARAM_get_int32(pc->param, &i32)) + || !TEST_ulong_ne(ERR_get_error(), 0)) { TEST_note("unexpected valid conversion to int32 on line %d", line); return 0; } @@ -210,7 +211,8 @@ static int param_conversion_test(const PARAM_CONVERSION *pc, int line) } if (!pc->valid_i64) { - if (!TEST_false(OSSL_PARAM_get_int64(pc->param, &i64))) { + if (!TEST_false(OSSL_PARAM_get_int64(pc->param, &i64)) + || !TEST_ulong_ne(ERR_get_error(), 0)) { TEST_note("unexpected valid conversion to int64 on line %d", line); return 0; } @@ -230,7 +232,8 @@ static int param_conversion_test(const PARAM_CONVERSION *pc, int line) } if (!pc->valid_u32) { - if (!TEST_false(OSSL_PARAM_get_uint32(pc->param, &u32))) { + if (!TEST_false(OSSL_PARAM_get_uint32(pc->param, &u32)) + || !TEST_ulong_ne(ERR_get_error(), 0)) { TEST_note("unexpected valid conversion to uint32 on line %d", line); return 0; } @@ -250,7 +253,8 @@ static int param_conversion_test(const PARAM_CONVERSION *pc, int line) } if (!pc->valid_u64) { - if (!TEST_false(OSSL_PARAM_get_uint64(pc->param, &u64))) { + if (!TEST_false(OSSL_PARAM_get_uint64(pc->param, &u64)) + || !TEST_ulong_ne(ERR_get_error(), 0)) { TEST_note("unexpected valid conversion to uint64 on line %d", line); return 0; } @@ -270,7 +274,8 @@ static int param_conversion_test(const PARAM_CONVERSION *pc, int line) } if (!pc->valid_d) { - if (!TEST_false(OSSL_PARAM_get_double(pc->param, &d))) { + if (!TEST_false(OSSL_PARAM_get_double(pc->param, &d)) + || !TEST_ulong_ne(ERR_get_error(), 0)) { TEST_note("unexpected valid conversion to double on line %d", line); return 0; } diff --git a/test/params_test.c b/test/params_test.c index 5d19f0304e6c..cd3c836c7ec7 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -47,7 +47,7 @@ struct object_st { */ double p2; /* - * Documented as an arbitrarly large unsigned integer. + * Documented as an arbitrarily large unsigned integer. * The data size must be large enough to accommodate. * Assumed data type OSSL_PARAM_UNSIGNED_INTEGER */ diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c index f7ecd7c1e635..ccc951c75b3a 100644 --- a/test/pkcs12_format_test.c +++ b/test/pkcs12_format_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,6 @@ #include <string.h> #include <stdlib.h> -#include "internal/nelem.h" - #include <openssl/pkcs12.h> #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -32,8 +30,7 @@ static OSSL_PROVIDER *lgcyprov = NULL; * PKCS12 component test data */ -static const unsigned char CERT1[] = -{ +static const unsigned char CERT1[] = { 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, @@ -65,11 +62,10 @@ static const unsigned char CERT1[] = 0x09, 0xc0, 0xca, 0xe0, 0xaa, 0x9f, 0x07, 0xb2, 0xc2, 0xbb, 0x31, 0x96, 0xa2, 0x04, 0x62, 0xd3, 0x13, 0x32, 0x29, 0x67, 0x6e, 0xad, 0x2e, 0x0b, 0xea, 0x04, 0x7c, 0x8c, 0x5a, 0x5d, 0xac, 0x14, 0xaa, 0x61, 0x7f, 0x28, 0x6c, 0x2d, 0x64, 0x2d, 0xc3, 0xaf, 0x77, 0x52, 0x90, 0xb4, 0x37, 0xc0, - 0x30, + 0x30, }; -static const unsigned char CERT2[] = -{ +static const unsigned char CERT2[] = { 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, @@ -101,11 +97,10 @@ static const unsigned char CERT2[] = 0x2a, 0x67, 0xff, 0x16, 0x78, 0xa8, 0x2c, 0x10, 0xe0, 0x52, 0x8c, 0xe6, 0xe9, 0x90, 0x8d, 0xe0, 0x62, 0x04, 0x9a, 0x0f, 0x44, 0x01, 0x82, 0x14, 0x92, 0x44, 0x25, 0x69, 0x22, 0xb7, 0xb8, 0xc5, 0x94, 0x4c, 0x4b, 0x1c, 0x9b, 0x92, 0x60, 0x66, 0x90, 0x4e, 0xb9, 0xa8, 0x4c, 0x89, 0xbb, 0x0f, - 0x0b, + 0x0b, }; -static const unsigned char KEY1[] = -{ +static const unsigned char KEY1[] = { 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c, 0x7a, 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1, 0xc8, 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84, 0x81, @@ -144,12 +139,11 @@ static const unsigned char KEY1[] = 0x13, 0xbd, 0x83, 0xff, 0xb4, 0xbc, 0xf4, 0xdd, 0xa1, 0xbb, 0x1c, 0x96, 0x37, 0x35, 0xf4, 0xbf, 0xed, 0x4c, 0xed, 0x92, 0xe8, 0xac, 0xc9, 0xc1, 0xa5, 0xa3, 0x23, 0x66, 0x40, 0x8a, 0xa1, 0xe6, 0xe3, 0x95, 0xfe, 0xc4, 0x53, 0xf5, 0x7d, 0x6e, 0xca, 0x45, 0x42, 0xe4, 0xc2, 0x9f, 0xe5, 0x1e, - 0xb5, + 0xb5, }; -static const unsigned char KEY2[] = -{ +static const unsigned char KEY2[] = { 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86, 0x9f, 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35, 0x4d, 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8, 0xa5, @@ -205,6 +199,19 @@ static const PKCS12_ATTR ATTRS2[] = { { NULL, NULL } }; +static const PKCS12_ATTR ATTRS3[] = { + { "friendlyName", "wildduk" }, + { "localKeyID", "1122334455" }, + { "oracle-jdk-trustedkeyusage", "anyExtendedKeyUsage" }, + { NULL, NULL } +}; + +static const PKCS12_ATTR ATTRS4[] = { + { "friendlyName", "wildduk" }, + { "localKeyID", "1122334455" }, + { NULL, NULL } +}; + static const PKCS12_ENC enc_default = { #ifndef OPENSSL_NO_DES NID_pbe_WithSHA1And3_Key_TripleDES_CBC, @@ -306,7 +313,7 @@ static const char *passwords[] = { /* -------------------------------------------------------------------------- * Local functions - */ + */ static int get_custom_oid(void) { @@ -427,7 +434,7 @@ static int test_single_key_enc_iter(int z) static int test_single_key_with_attrs(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1keyattrs.p12"); - + /* Generate/encode */ start_pkcs12(pb); @@ -524,7 +531,7 @@ static int test_single_cert_mac_iter(int z) static int test_cert_key_with_attrs_and_mac(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key.p12"); - + /* Generate/encode */ start_pkcs12(pb); @@ -555,7 +562,7 @@ static int test_cert_key_with_attrs_and_mac(void) static int test_cert_key_encrypted_content(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key_enc.p12"); - + /* Generate/encode */ start_pkcs12(pb); @@ -587,7 +594,7 @@ static int test_single_secret_encrypted_content(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1secret.p12"); int custom_nid = get_custom_oid(); - + /* Generate/encode */ start_pkcs12(pb); @@ -667,7 +674,7 @@ static int test_multiple_contents(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("multi_contents.p12"); int custom_nid = get_custom_oid(); - + /* Generate/encode */ start_pkcs12(pb); @@ -711,6 +718,85 @@ static int test_multiple_contents(void) return end_pkcs12_builder(pb); } +static int test_jdk_trusted_attr(void) +{ + PKCS12_BUILDER *pb = new_pkcs12_builder("jdk_trusted.p12"); + + /* Generate/encode */ + start_pkcs12(pb); + + start_contentinfo(pb); + + add_certbag(pb, CERT1, sizeof(CERT1), ATTRS3); + + end_contentinfo(pb); + + end_pkcs12_with_mac(pb, &mac_default); + + /* Read/decode */ + start_check_pkcs12_with_mac(pb, &mac_default); + + start_check_contentinfo(pb); + + check_certbag(pb, CERT1, sizeof(CERT1), ATTRS3); + + end_check_contentinfo(pb); + + end_check_pkcs12(pb); + + return end_pkcs12_builder(pb); +} + +static int test_set0_attrs(void) +{ + PKCS12_BUILDER *pb = new_pkcs12_builder("attrs.p12"); + PKCS12_SAFEBAG *bag = NULL; + STACK_OF(X509_ATTRIBUTE) *attrs = NULL; + X509_ATTRIBUTE *attr = NULL; + + start_pkcs12(pb); + + start_contentinfo(pb); + + /* Add cert and attrs (name/locakkey only) */ + add_certbag(pb, CERT1, sizeof(CERT1), ATTRS4); + + bag = sk_PKCS12_SAFEBAG_value(pb->bags, 0); + attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag); + + /* Create new attr, add to list and confirm return attrs is not NULL */ + attr = X509_ATTRIBUTE_create(NID_oracle_jdk_trustedkeyusage, V_ASN1_OBJECT, OBJ_txt2obj("anyExtendedKeyUsage", 0)); + X509at_add1_attr(&attrs, attr); + PKCS12_SAFEBAG_set0_attrs(bag, attrs); + attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag); + X509_ATTRIBUTE_free(attr); + if(!TEST_ptr(attrs)) { + goto err; + } + + end_contentinfo(pb); + + end_pkcs12(pb); + + /* Read/decode */ + start_check_pkcs12(pb); + + start_check_contentinfo(pb); + + /* Use existing check functionality to confirm cert bag attrs identical to ATTRS3 */ + check_certbag(pb, CERT1, sizeof(CERT1), ATTRS3); + + end_check_contentinfo(pb); + + end_check_pkcs12(pb); + + return end_pkcs12_builder(pb); + +err: + (void)end_pkcs12_builder(pb); + return 0; +} + #ifndef OPENSSL_NO_DES static int pkcs12_create_test(void) { @@ -952,6 +1038,8 @@ int setup_tests(void) ADD_TEST(test_cert_key_encrypted_content); ADD_TEST(test_single_secret_encrypted_content); ADD_TEST(test_multiple_contents); + ADD_TEST(test_jdk_trusted_attr); + ADD_TEST(test_set0_attrs); return 1; } diff --git a/test/pkcs7_test.c b/test/pkcs7_test.c index c30bf0eabca1..7c0380444407 100644 --- a/test/pkcs7_test.c +++ b/test/pkcs7_test.c @@ -48,6 +48,84 @@ static const unsigned char cert_der[] = { 0x5f, 0x0e, 0x27, 0x32, 0xa9 }; +static const unsigned char smroot_der[] = { + 0x30, 0x82, 0x03, 0x7B, 0x30, 0x82, 0x02, 0x63, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x07, 0x18, 0x76, 0x2F, 0x72, 0x2D, 0xB1, 0x53, 0xEE, + 0x06, 0x88, 0x03, 0x23, 0x45, 0x9F, 0x51, 0x7D, 0x65, 0x16, 0x73, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x44, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x4B, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x0D, 0x4F, 0x70, 0x65, 0x6E, 0x53, 0x53, 0x4C, 0x20, + 0x47, 0x72, 0x6F, 0x75, 0x70, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x14, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x2F, 0x4D, + 0x49, 0x4D, 0x45, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, + 0x30, 0x20, 0x17, 0x0D, 0x32, 0x32, 0x30, 0x36, 0x30, 0x32, 0x31, 0x35, + 0x33, 0x33, 0x31, 0x33, 0x5A, 0x18, 0x0F, 0x32, 0x31, 0x32, 0x32, 0x30, + 0x35, 0x31, 0x30, 0x31, 0x35, 0x33, 0x33, 0x31, 0x33, 0x5A, 0x30, 0x44, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x4B, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0D, + 0x4F, 0x70, 0x65, 0x6E, 0x53, 0x53, 0x4C, 0x20, 0x47, 0x72, 0x6F, 0x75, + 0x70, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x14, + 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x2F, 0x4D, 0x49, 0x4D, 0x45, 0x20, + 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xD9, 0x2D, 0x29, 0x7C, 0x2D, 0xD5, 0x39, + 0xE0, 0xE5, 0x00, 0x4F, 0xC7, 0x2D, 0x16, 0xE2, 0x8B, 0x4A, 0x12, 0x6E, + 0x97, 0x62, 0x0C, 0xCD, 0xA1, 0x03, 0x90, 0x52, 0xE8, 0x2F, 0x86, 0xA0, + 0x71, 0xC6, 0xA3, 0x82, 0xFB, 0x11, 0xC5, 0x6F, 0xBC, 0xBD, 0xB7, 0x36, + 0x45, 0xED, 0x32, 0xD6, 0x65, 0x4C, 0xBD, 0xF3, 0x73, 0xEC, 0x28, 0x39, + 0x6B, 0xB2, 0x9E, 0x89, 0x2B, 0x85, 0x24, 0xEA, 0xD0, 0xB6, 0xF0, 0xED, + 0xF8, 0x79, 0x14, 0xE5, 0xCE, 0xF4, 0xE9, 0x80, 0xE6, 0xC3, 0x5E, 0x66, + 0x06, 0x90, 0xD2, 0x1D, 0xAA, 0x64, 0x5E, 0xBF, 0x34, 0x1B, 0xF0, 0x01, + 0x15, 0xBB, 0x2D, 0x59, 0xA7, 0xCE, 0x7D, 0xA8, 0x15, 0x5B, 0x8E, 0x70, + 0xBF, 0xAE, 0x4A, 0x1F, 0x87, 0x27, 0xA5, 0xCA, 0xB0, 0xAC, 0xB8, 0x5A, + 0x82, 0x60, 0xBC, 0x40, 0x6D, 0x0A, 0x7D, 0x66, 0xDF, 0xF9, 0x9D, 0x9E, + 0x7C, 0xEC, 0x5A, 0x1A, 0xEF, 0xDD, 0x4C, 0xD0, 0x37, 0x0A, 0x7A, 0xBF, + 0x05, 0x01, 0x93, 0x76, 0x59, 0x10, 0xDB, 0xCC, 0x5B, 0xAE, 0xF7, 0x7E, + 0x51, 0xBC, 0xE0, 0x71, 0x8E, 0x18, 0xFE, 0x12, 0x7B, 0x17, 0x0D, 0x7F, + 0x21, 0xE1, 0x21, 0x82, 0xBF, 0xE2, 0x54, 0x98, 0x50, 0x21, 0x40, 0x24, + 0x96, 0x9F, 0x41, 0xFB, 0x1A, 0x83, 0x7D, 0x6B, 0xB1, 0x22, 0xDE, 0x66, + 0x37, 0x05, 0x96, 0x87, 0xF2, 0xDF, 0x93, 0xE5, 0x31, 0xA8, 0x4F, 0x7D, + 0x12, 0x14, 0x11, 0xD1, 0x86, 0x56, 0xC8, 0x82, 0x9F, 0x2B, 0x36, 0xDE, + 0x24, 0xB0, 0x73, 0x0E, 0xA6, 0x36, 0x85, 0x0C, 0xD5, 0x2F, 0xA9, 0x00, + 0xBD, 0x8F, 0x5C, 0x47, 0x55, 0x9B, 0x04, 0x8B, 0x53, 0x03, 0x41, 0xB6, + 0x17, 0x9A, 0x99, 0xF4, 0x1F, 0xF7, 0x10, 0x71, 0x05, 0x59, 0x93, 0x01, + 0xBE, 0x86, 0xED, 0xF9, 0x44, 0xC4, 0x92, 0xE0, 0x5D, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xA3, 0x63, 0x30, 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x15, 0xC1, 0x13, 0x21, 0x6B, 0xE2, 0x55, + 0x5F, 0xA7, 0x6A, 0x1D, 0x57, 0x20, 0xD6, 0xCF, 0xF3, 0xA9, 0x73, 0x64, + 0x59, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0x15, 0xC1, 0x13, 0x21, 0x6B, 0xE2, 0x55, 0x5F, 0xA7, 0x6A, + 0x1D, 0x57, 0x20, 0xD6, 0xCF, 0xF3, 0xA9, 0x73, 0x64, 0x59, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, + 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0xBD, 0xD0, 0x26, 0xA4, 0x33, 0xE2, 0xD5, 0x6B, 0x7B, + 0x1E, 0x4D, 0xF4, 0x75, 0x72, 0x85, 0xED, 0x48, 0x3A, 0x31, 0x42, 0x84, + 0x4E, 0x2F, 0xAE, 0xA0, 0xED, 0x52, 0xBA, 0x8F, 0x49, 0x84, 0xD9, 0x28, + 0xFD, 0xCA, 0x6F, 0xA2, 0x2F, 0x1F, 0x6E, 0x8F, 0xDD, 0x9D, 0x65, 0x43, + 0x7C, 0x75, 0x68, 0x22, 0xD1, 0x27, 0xEB, 0x8E, 0x12, 0xBE, 0xF7, 0xAB, + 0xE5, 0x42, 0x5D, 0x28, 0x96, 0x3A, 0xD8, 0x3B, 0xE1, 0x8A, 0x5A, 0x42, + 0xB4, 0x0C, 0xB0, 0x61, 0xF0, 0xA9, 0x83, 0x19, 0x29, 0x2A, 0x82, 0x84, + 0x76, 0x7A, 0x63, 0x9D, 0x10, 0x52, 0x31, 0xC6, 0xD5, 0x0C, 0x89, 0xAC, + 0xAA, 0xF7, 0xF5, 0x62, 0x3C, 0xC5, 0x2A, 0x23, 0xA2, 0x0F, 0xB9, 0x1C, + 0x56, 0xFC, 0xF8, 0x57, 0x43, 0x59, 0x63, 0xDD, 0x59, 0x5B, 0x0B, 0xB7, + 0xBE, 0x06, 0x92, 0xBD, 0xC4, 0xC9, 0x42, 0x4A, 0x56, 0x37, 0x46, 0xBE, + 0x2D, 0x66, 0xA7, 0xA5, 0x52, 0xAA, 0x8A, 0x09, 0x7C, 0x9E, 0xC9, 0x2D, + 0xB6, 0x70, 0x5E, 0x88, 0x70, 0xC7, 0x19, 0xE6, 0xF1, 0x8F, 0x78, 0x5A, + 0xC2, 0x52, 0x1D, 0xB5, 0x59, 0x64, 0x6D, 0x0C, 0x0B, 0x2F, 0x09, 0x55, + 0x91, 0x7F, 0x7D, 0xC7, 0x51, 0x7B, 0xDE, 0xE4, 0xB7, 0xDC, 0x8C, 0xC1, + 0x63, 0xAF, 0x99, 0x27, 0x68, 0xAC, 0xEE, 0x60, 0xFC, 0xDF, 0xD0, 0x7C, + 0x7C, 0xE5, 0x5D, 0xF6, 0x9B, 0xCF, 0xBC, 0x10, 0x60, 0x6A, 0x12, 0x2B, + 0xC3, 0x9B, 0x73, 0x27, 0xF4, 0x3E, 0x80, 0x84, 0xEE, 0x55, 0x07, 0x7D, + 0x13, 0xA4, 0x55, 0x5E, 0x1D, 0x74, 0xFC, 0x0C, 0x3E, 0x8B, 0xFF, 0x12, + 0xEE, 0xD1, 0xE9, 0x11, 0x48, 0x0F, 0xDE, 0x10, 0x64, 0xD4, 0xFF, 0xB0, + 0x45, 0x00, 0x56, 0x0F, 0x16, 0xC7, 0x07, 0x6F, 0x25, 0x13, 0xEE, 0x35, + 0x8E, 0xF8, 0x77, 0x24, 0xE6, 0xD0, 0x59 +}; + static int pkcs7_verify_test(void) { int ret = 0; @@ -92,12 +170,228 @@ end: BIO_free(bio); return ret; } + +/* + * PKCS7_verify() BIO *indata parameter refers to the signed data if the content + * is detached from p7. Otherwise indata should be NULL, and then the signed + * data must be in p7. The content is written to the BIO out unless it is NULL. + * + * $ openssl asn1parse -i -inform pem -in sig.pem + * 0:d=0 hl=4 l=1571 cons: SEQUENCE + * 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData + * 15:d=1 hl=4 l=1556 cons: cont [ 0 ] + * 19:d=2 hl=4 l=1552 cons: SEQUENCE + *** ASN1_INTEGER *version; *** + * 23:d=3 hl=2 l= 1 prim: INTEGER :01 + *** STACK_OF(X509_ALGOR) *md_algs; + * 26:d=3 hl=2 l= 15 cons: SET + * 28:d=4 hl=2 l= 13 cons: SEQUENCE + * 30:d=5 hl=2 l= 9 prim: OBJECT :sha256 + * 41:d=5 hl=2 l= 0 prim: NULL + *** struct pkcs7_st *contents; *** + * 43:d=3 hl=2 l= 92 cons: SEQUENCE + * 45:d=4 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.2.1.4 + * 57:d=4 hl=2 l= 78 cons: cont [ 0 ] + * 59:d=5 hl=2 l= 76 cons: SEQUENCE + * 61:d=6 hl=2 l= 23 cons: SEQUENCE + * 63:d=7 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.2.1.15 + * 75:d=7 hl=2 l= 9 cons: SEQUENCE + * 77:d=8 hl=2 l= 1 prim: BIT STRING + * 80:d=8 hl=2 l= 4 cons: cont [ 0 ] + * 82:d=9 hl=2 l= 2 cons: cont [ 2 ] + * 84:d=10 hl=2 l= 0 prim: cont [ 0 ] + * 86:d=6 hl=2 l= 49 cons: SEQUENCE + * 88:d=7 hl=2 l= 13 cons: SEQUENCE + * 90:d=8 hl=2 l= 9 prim: OBJECT :sha256 + * 101:d=8 hl=2 l= 0 prim: NULL + *** Hash of a signed PE file (sha256) *** + * 103:d=7 hl=2 l= 32 prim: OCTET STRING + * [HEX DUMP]:2D2C7B382C8163A419B9FF214A7B651C33F9EA43335907F11377290C5158A7A4 + *** STACK_OF(X509) *cert; *** + * 137:d=3 hl=4 l= 913 cons: cont [ 0 ] + * 141:d=4 hl=4 l= 909 cons: SEQUENCE + * 145:d=5 hl=4 l= 629 cons: SEQUENCE + * ... + *** STACK_OF(PKCS7_SIGNER_INFO) *signer_info; *** + * 1054:d=3 hl=4 l= 517 cons: SET + * 1058:d=4 hl=4 l= 513 cons: SEQUENCE + * ... + */ + +static int pkcs7_inner_content_verify_test(void) +{ + int ret = 0; + BIO *x509_bio = NULL, *bio = NULL; + X509 *cert = NULL; + X509_STORE *store = NULL; + PKCS7 *p7 = NULL; + X509_VERIFY_PARAM *param; + const unsigned char sig_der[] = { + 0x30, 0x82, 0x06, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x02, 0xA0, 0x82, 0x06, 0x14, 0x30, 0x82, 0x06, 0x10, 0x02, + 0x01, 0x01, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x5C, 0x06, 0x0A, 0x2B, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0xA0, 0x4E, 0x30, + 0x4C, 0x30, 0x17, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, + 0x02, 0x01, 0x0F, 0x30, 0x09, 0x03, 0x01, 0x00, 0xA0, 0x04, 0xA2, 0x02, + 0x80, 0x00, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x2D, 0x2C, 0x7B, + 0x38, 0x2C, 0x81, 0x63, 0xA4, 0x19, 0xB9, 0xFF, 0x21, 0x4A, 0x7B, 0x65, + 0x1C, 0x33, 0xF9, 0xEA, 0x43, 0x33, 0x59, 0x07, 0xF1, 0x13, 0x77, 0x29, + 0x0C, 0x51, 0x58, 0xA7, 0xA4, 0xA0, 0x82, 0x03, 0x91, 0x30, 0x82, 0x03, + 0x8D, 0x30, 0x82, 0x02, 0x75, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, + 0x1A, 0x2F, 0x94, 0x5F, 0x4D, 0x1E, 0x9B, 0x68, 0xF8, 0xBF, 0xC6, 0xC9, + 0xD6, 0xC7, 0x07, 0xB0, 0x3E, 0x35, 0xFD, 0xC7, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x44, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x4B, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x0D, 0x4F, 0x70, 0x65, 0x6E, 0x53, 0x53, 0x4C, 0x20, 0x47, 0x72, 0x6F, + 0x75, 0x70, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x14, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x2F, 0x4D, 0x49, 0x4D, 0x45, + 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x20, 0x17, + 0x0D, 0x32, 0x32, 0x30, 0x38, 0x31, 0x36, 0x31, 0x31, 0x35, 0x38, 0x30, + 0x30, 0x5A, 0x18, 0x0F, 0x32, 0x31, 0x32, 0x32, 0x30, 0x38, 0x31, 0x36, + 0x31, 0x31, 0x35, 0x38, 0x30, 0x30, 0x5A, 0x30, 0x47, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x4B, 0x31, 0x16, + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0D, 0x4F, 0x70, 0x65, + 0x6E, 0x53, 0x53, 0x4C, 0x20, 0x47, 0x72, 0x6F, 0x75, 0x70, 0x31, 0x20, + 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x17, 0x54, 0x65, 0x73, + 0x74, 0x20, 0x43, 0x6F, 0x64, 0x65, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x45, + 0x45, 0x20, 0x52, 0x53, 0x41, 0x20, 0x23, 0x31, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xA8, 0xFF, 0x89, 0x58, 0x61, 0x85, 0xAE, + 0xDE, 0xDB, 0x2C, 0x0F, 0xD5, 0x73, 0xFB, 0xE2, 0xB7, 0xA8, 0x1B, 0x7A, + 0x75, 0x60, 0x2B, 0xD4, 0x7D, 0x3C, 0x73, 0x76, 0xB5, 0xAE, 0xDE, 0x93, + 0x2F, 0x7F, 0x24, 0x90, 0x6D, 0xC9, 0x1C, 0xF4, 0x8A, 0x38, 0xCD, 0x9F, + 0xA2, 0x80, 0x16, 0x56, 0xCB, 0xB4, 0x2C, 0xBB, 0x93, 0xE5, 0x17, 0x1F, + 0xFF, 0x0D, 0xC6, 0x43, 0xFE, 0x31, 0x34, 0xF8, 0x28, 0xD8, 0x75, 0xE9, + 0xA3, 0xBB, 0x88, 0x82, 0xEF, 0xA3, 0x72, 0xE2, 0x53, 0x62, 0x05, 0x45, + 0x4D, 0xE0, 0x31, 0x97, 0xEF, 0xAA, 0x9D, 0x10, 0xD2, 0x58, 0x0D, 0x9E, + 0x06, 0x9E, 0x32, 0xBB, 0x1B, 0x08, 0x56, 0x5D, 0x65, 0x0F, 0x3F, 0x66, + 0x8E, 0xC2, 0x36, 0xA0, 0x11, 0xFF, 0xC0, 0x59, 0x35, 0xFD, 0x49, 0x1C, + 0xDD, 0x1C, 0x42, 0x33, 0x06, 0x78, 0xAE, 0x04, 0x38, 0x23, 0xE5, 0xE7, + 0x75, 0x67, 0xD3, 0x94, 0xAD, 0x5A, 0xA9, 0x40, 0x1F, 0xAC, 0x59, 0x10, + 0xF5, 0x0C, 0xC1, 0x64, 0xAD, 0x4A, 0xC4, 0xC6, 0x35, 0x53, 0xB3, 0x96, + 0x6A, 0x82, 0x1B, 0x15, 0x8B, 0xD1, 0x99, 0xAB, 0xE4, 0x9E, 0x6F, 0x94, + 0xAA, 0xD2, 0x96, 0xE5, 0x57, 0xFB, 0x8C, 0x91, 0x64, 0x8A, 0x3C, 0x24, + 0x16, 0xC6, 0xD2, 0x19, 0xBE, 0x82, 0x60, 0x13, 0x3B, 0x62, 0xB0, 0xED, + 0x3E, 0x1D, 0xB3, 0xCA, 0xF9, 0x6B, 0xDF, 0x31, 0xB9, 0x7A, 0x9E, 0x4B, + 0x47, 0x68, 0xA7, 0x29, 0xC7, 0x3F, 0x4A, 0xE2, 0x22, 0x27, 0xB4, 0xEF, + 0x90, 0x63, 0xD7, 0xEF, 0xD0, 0x72, 0x49, 0x3E, 0x5B, 0xAD, 0xB9, 0x1B, + 0xD4, 0x2B, 0x6F, 0x86, 0x68, 0xDD, 0xD5, 0x73, 0x12, 0xB8, 0x43, 0xC9, + 0xDC, 0x41, 0x0F, 0xA2, 0xA3, 0x46, 0x4F, 0x8B, 0x67, 0x88, 0x84, 0x0F, + 0x61, 0xFE, 0x79, 0x34, 0x1F, 0x4A, 0x89, 0x1F, 0xB7, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xA3, 0x72, 0x30, 0x70, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1D, + 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, + 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE7, 0x9B, 0xE2, 0x2A, 0xAD, 0x8A, 0x6C, + 0x3A, 0xCB, 0x76, 0x51, 0xE5, 0x8E, 0x07, 0x98, 0x22, 0x97, 0xE1, 0x73, + 0xA2, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0x15, 0xC1, 0x13, 0x21, 0x6B, 0xE2, 0x55, 0x5F, 0xA7, 0x6A, + 0x1D, 0x57, 0x20, 0xD6, 0xCF, 0xF3, 0xA9, 0x73, 0x64, 0x59, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x32, 0x92, 0xC7, 0x7B, 0x6A, 0xB7, + 0x39, 0x82, 0x7C, 0x90, 0xA6, 0x00, 0xBE, 0x34, 0xB9, 0x54, 0x38, 0x84, + 0x4A, 0xA3, 0xCF, 0x57, 0x26, 0x0C, 0x48, 0xA6, 0xFA, 0x07, 0xB6, 0xEC, + 0x7B, 0x1F, 0xC1, 0x80, 0x50, 0x2B, 0xC6, 0x69, 0x3E, 0xF2, 0x13, 0xA9, + 0xBB, 0x2B, 0xAA, 0x4A, 0x87, 0xA3, 0x8B, 0x25, 0x40, 0x3B, 0xDA, 0xDE, + 0xFC, 0x9A, 0xE6, 0x41, 0xEB, 0x4C, 0xD6, 0xD3, 0x68, 0xEE, 0x47, 0x7D, + 0x47, 0x75, 0x83, 0x2F, 0x50, 0xF7, 0xE2, 0x11, 0xBB, 0x92, 0x00, 0xD3, + 0x01, 0xAA, 0x9B, 0x70, 0x13, 0xC3, 0x51, 0xCE, 0xE0, 0x8A, 0x7F, 0x1B, + 0x4E, 0x46, 0x77, 0x4C, 0x9E, 0x9B, 0xED, 0xC5, 0x09, 0xAF, 0x08, 0x7D, + 0x5C, 0x2C, 0x16, 0x5D, 0x37, 0x0E, 0x94, 0x9D, 0x4E, 0xE7, 0x05, 0xDE, + 0x17, 0xD9, 0x80, 0x4F, 0x21, 0xD9, 0x1B, 0x00, 0xA1, 0x3A, 0xBA, 0xE8, + 0x88, 0x4C, 0xC3, 0x91, 0x1A, 0x0E, 0x75, 0xE3, 0xE3, 0xD2, 0xC2, 0x8D, + 0x65, 0x94, 0x68, 0xA6, 0x33, 0x95, 0x67, 0x9D, 0x1D, 0xFD, 0x7F, 0x09, + 0x30, 0x29, 0x96, 0xFF, 0x1F, 0x25, 0xBC, 0xEB, 0xA2, 0x47, 0xEB, 0x83, + 0x4E, 0x8B, 0x47, 0xF7, 0xEB, 0x1B, 0xDE, 0xD8, 0x21, 0x27, 0x47, 0x26, + 0xA5, 0x52, 0xA4, 0x14, 0x2D, 0x29, 0x5D, 0x2F, 0xF4, 0x0C, 0x1E, 0x6A, + 0x54, 0x7A, 0xE8, 0x84, 0x97, 0x64, 0xC0, 0xB4, 0x6E, 0xF0, 0x05, 0xF7, + 0x09, 0x66, 0xDC, 0x42, 0x01, 0xD6, 0x83, 0xB0, 0x51, 0x65, 0xB4, 0x3A, + 0x4D, 0xA9, 0x90, 0x07, 0xC0, 0x25, 0x5D, 0xD6, 0x23, 0xF0, 0x5B, 0x3B, + 0x9B, 0xB0, 0xCC, 0x92, 0x49, 0x81, 0xC6, 0x3A, 0xD0, 0x52, 0xED, 0xEC, + 0xEC, 0x54, 0x53, 0x00, 0xBC, 0x69, 0xFE, 0x5A, 0x8C, 0x72, 0x86, 0x99, + 0xCB, 0xE6, 0xDD, 0x07, 0x37, 0x79, 0xF4, 0x66, 0x8E, 0x15, 0x31, 0x82, + 0x02, 0x05, 0x30, 0x82, 0x02, 0x01, 0x02, 0x01, 0x01, 0x30, 0x5C, 0x30, + 0x44, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x4B, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x0D, 0x4F, 0x70, 0x65, 0x6E, 0x53, 0x53, 0x4C, 0x20, 0x47, 0x72, 0x6F, + 0x75, 0x70, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x14, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x2F, 0x4D, 0x49, 0x4D, 0x45, + 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x02, 0x14, 0x1A, + 0x2F, 0x94, 0x5F, 0x4D, 0x1E, 0x9B, 0x68, 0xF8, 0xBF, 0xC6, 0xC9, 0xD6, + 0xC7, 0x07, 0xB0, 0x3E, 0x35, 0xFD, 0xC7, 0x30, 0x0D, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xA0, 0x7C, + 0x30, 0x10, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, + 0x01, 0x0C, 0x31, 0x02, 0x30, 0x00, 0x30, 0x19, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03, 0x31, 0x0C, 0x06, 0x0A, 0x2B, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0x30, 0x1C, 0x06, + 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0B, 0x31, + 0x0E, 0x30, 0x0C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, + 0x02, 0x01, 0x15, 0x30, 0x2F, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x04, 0x31, 0x22, 0x04, 0x20, 0x06, 0x1E, 0x2B, 0xC2, + 0x31, 0xF7, 0x1B, 0xA4, 0x8C, 0x65, 0x4A, 0x26, 0x5B, 0xAD, 0x3E, 0x8C, + 0x25, 0xB3, 0xAA, 0xAF, 0xB2, 0x0F, 0xA1, 0xF6, 0x8B, 0x6A, 0x6B, 0x87, + 0x45, 0x47, 0x9E, 0x35, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x45, + 0x98, 0xCB, 0xA9, 0x2B, 0x49, 0xFD, 0x33, 0xA0, 0xBD, 0x27, 0x98, 0xE1, + 0xA4, 0x2D, 0xD7, 0x73, 0xC1, 0x77, 0x66, 0x97, 0x26, 0x5A, 0xA0, 0x72, + 0xD9, 0x8E, 0x3B, 0x9B, 0x74, 0x20, 0xCF, 0x13, 0x6A, 0xE1, 0xD3, 0x97, + 0xAC, 0xAB, 0xEA, 0x4A, 0x43, 0x98, 0xA2, 0x7C, 0x71, 0x95, 0xFF, 0x61, + 0x7B, 0x9B, 0x56, 0xF7, 0xBF, 0xF0, 0x33, 0xB4, 0x3E, 0xBF, 0xF0, 0x8A, + 0xA0, 0x78, 0x3B, 0xF9, 0xAF, 0x9E, 0xFD, 0x54, 0x92, 0xC5, 0x81, 0x6D, + 0xE0, 0x29, 0x78, 0xBC, 0x00, 0xD8, 0xF1, 0xA6, 0xFF, 0x00, 0x03, 0xF9, + 0x8E, 0x9E, 0xB4, 0x09, 0x10, 0x4A, 0x1D, 0xF6, 0x0E, 0x76, 0x15, 0xAA, + 0x96, 0x86, 0x38, 0x3A, 0x0B, 0x3C, 0x0E, 0x37, 0x6E, 0xF9, 0xA3, 0x59, + 0x0F, 0x41, 0x42, 0xC3, 0xA2, 0x74, 0x77, 0x10, 0x7F, 0xA0, 0xA8, 0x17, + 0xFB, 0xD2, 0x68, 0x8A, 0x17, 0x71, 0x89, 0x2C, 0x30, 0x49, 0x54, 0xDF, + 0x29, 0x80, 0xC2, 0xB9, 0x13, 0x36, 0x77, 0xF4, 0xBE, 0x6B, 0x76, 0xBC, + 0x42, 0x1A, 0xB2, 0xE7, 0x4D, 0x36, 0xED, 0x85, 0xB8, 0x25, 0xEC, 0x03, + 0xF8, 0x1E, 0x2F, 0x41, 0x48, 0x18, 0xAD, 0x58, 0x3D, 0x40, 0xEB, 0x4F, + 0x5B, 0xFB, 0x15, 0x57, 0xD5, 0xE0, 0x68, 0xC6, 0x84, 0x21, 0x57, 0x9E, + 0x20, 0x46, 0x45, 0xDB, 0x30, 0xA3, 0x6F, 0x44, 0x35, 0x17, 0xAC, 0xE6, + 0xD1, 0x0E, 0xEE, 0x43, 0x38, 0x87, 0xCD, 0x22, 0xE9, 0x83, 0xFE, 0x9D, + 0x30, 0x8F, 0xE0, 0x51, 0xDB, 0xFF, 0x26, 0x5A, 0x53, 0x21, 0xBF, 0xE7, + 0x1F, 0xD8, 0xA4, 0x53, 0xDD, 0xAE, 0xF2, 0xF5, 0x73, 0xEA, 0xFE, 0x50, + 0x99, 0x1B, 0x16, 0x1C, 0xBD, 0x4E, 0xFD, 0x8B, 0x2E, 0x22, 0x31, 0x05, + 0x90, 0x9D, 0x41, 0x7C, 0xA7, 0x83, 0xE9, 0xCA, 0x8E, 0x01, 0x6D, 0xB2, + 0x2D, 0x6F, 0x81 + }; + + if (!TEST_ptr(bio = BIO_new_mem_buf(sig_der, sizeof sig_der))) + goto end; + + ret = TEST_ptr(x509_bio = BIO_new_mem_buf(smroot_der, sizeof smroot_der)) + && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL)) + && TEST_int_eq(ERR_peek_error(), 0) + && TEST_ptr(store = X509_STORE_new()) + && TEST_true(X509_STORE_add_cert(store, cert)) + && TEST_ptr(param = X509_STORE_get0_param(store)) + && TEST_true(X509_VERIFY_PARAM_set_purpose(param, + X509_PURPOSE_CODE_SIGN)) + && TEST_true(X509_STORE_set1_param(store, param)) + && TEST_ptr(p7 = d2i_PKCS7_bio(bio, NULL)) + && TEST_int_eq(ERR_peek_error(), 0) + && TEST_true(PKCS7_verify(p7, NULL, store, NULL, NULL, 0)) + && TEST_int_eq(ERR_peek_error(), 0); +end: + X509_STORE_free(store); + X509_free(cert); + PKCS7_free(p7); + BIO_free(x509_bio); + BIO_free(bio); + return ret; +} #endif /* OPENSSL_NO_EC */ int setup_tests(void) { #ifndef OPENSSL_NO_EC ADD_TEST(pkcs7_verify_test); + ADD_TEST(pkcs7_inner_content_verify_test); #endif /* OPENSSL_NO_EC */ return 1; } diff --git a/test/property_test.c b/test/property_test.c index 1f1171ad90a6..18f8cc8740e0 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -64,6 +64,19 @@ static int test_property_string(void) && TEST_int_eq(ossl_property_name(ctx, "fnord", 0), 0) && TEST_int_ne(ossl_property_name(ctx, "fnord", 1), 0) && TEST_int_ne(ossl_property_name(ctx, "name", 1), 0) + /* Pre loaded names */ + && TEST_str_eq(ossl_property_name_str(ctx, 1), "provider") + && TEST_str_eq(ossl_property_name_str(ctx, 2), "version") + && TEST_str_eq(ossl_property_name_str(ctx, 3), "fips") + && TEST_str_eq(ossl_property_name_str(ctx, 4), "output") + && TEST_str_eq(ossl_property_name_str(ctx, 5), "input") + && TEST_str_eq(ossl_property_name_str(ctx, 6), "structure") + /* The names we added */ + && TEST_str_eq(ossl_property_name_str(ctx, 7), "fnord") + && TEST_str_eq(ossl_property_name_str(ctx, 8), "name") + /* Out of range */ + && TEST_ptr_null(ossl_property_name_str(ctx, 0)) + && TEST_ptr_null(ossl_property_name_str(ctx, 9)) /* Property value checks */ && TEST_int_eq(ossl_property_value(ctx, "fnord", 0), 0) && TEST_int_ne(i = ossl_property_value(ctx, "no", 0), 0) @@ -74,6 +87,15 @@ static int test_property_string(void) && TEST_int_ne(i = ossl_property_value(ctx, "illuminati", 1), 0) && TEST_int_eq(j = ossl_property_value(ctx, "fnord", 1), i + 1) && TEST_int_eq(ossl_property_value(ctx, "fnord", 1), j) + /* Pre loaded values */ + && TEST_str_eq(ossl_property_value_str(ctx, 1), "yes") + && TEST_str_eq(ossl_property_value_str(ctx, 2), "no") + /* The value we added */ + && TEST_str_eq(ossl_property_value_str(ctx, 3), "illuminati") + && TEST_str_eq(ossl_property_value_str(ctx, 4), "fnord") + /* Out of range */ + && TEST_ptr_null(ossl_property_value_str(ctx, 0)) + && TEST_ptr_null(ossl_property_value_str(ctx, 5)) /* Check name and values are distinct */ && TEST_int_eq(ossl_property_value(ctx, "cold", 0), 0) && TEST_int_ne(ossl_property_name(ctx, "fnord", 0), diff --git a/test/provfetchtest.c b/test/provfetchtest.c index 11a59ab63ed1..d8c9307ddd17 100644 --- a/test/provfetchtest.c +++ b/test/provfetchtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ static int dummy_decoder_decode(void *ctx, OSSL_CORE_BIO *cin, int selection, static const OSSL_DISPATCH dummy_decoder_functions[] = { { OSSL_FUNC_DECODER_DECODE, (void (*)(void))dummy_decoder_decode }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM dummy_decoders[] = { @@ -43,7 +43,7 @@ static int dummy_encoder_encode(void *ctx, OSSL_CORE_BIO *out, static const OSSL_DISPATCH dummy_encoder_functions[] = { { OSSL_FUNC_DECODER_DECODE, (void (*)(void))dummy_encoder_encode }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM dummy_encoders[] = { @@ -78,7 +78,7 @@ static const OSSL_DISPATCH dummy_store_functions[] = { { OSSL_FUNC_STORE_LOAD, (void (*)(void))dummy_store_load }, { OSSL_FUNC_STORE_EOF, (void (*)(void))dumm_store_eof }, { OSSL_FUNC_STORE_CLOSE, (void (*)(void))dummy_store_close }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM dummy_store[] = { @@ -167,7 +167,7 @@ static const OSSL_DISPATCH dummy_rand_functions[] = { { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))dummy_rand_enable_locking }, { OSSL_FUNC_RAND_LOCK, (void(*)(void))dummy_rand_lock }, { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))dummy_rand_unlock }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM dummy_rand[] = { @@ -195,7 +195,7 @@ static const OSSL_ALGORITHM *dummy_query(void *provctx, int operation_id, static const OSSL_DISPATCH dummy_dispatch_table[] = { { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))dummy_query }, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, - { 0, NULL } + OSSL_DISPATCH_END }; static int dummy_provider_init(const OSSL_CORE_HANDLE *handle, diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index e42af73b1746..29e5b8ae1c55 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -64,7 +64,7 @@ static int test_builtin_provider(void) ret = TEST_ptr(prov = - ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, 0)) + ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, NULL, 0)) && test_provider(prov, expected_greeting1(name)); EVP_set_default_properties(NULL, ""); @@ -79,7 +79,7 @@ static int test_loaded_provider(void) OSSL_PROVIDER *prov = NULL; return - TEST_ptr(prov = ossl_provider_new(NULL, name, NULL, 0)) + TEST_ptr(prov = ossl_provider_new(NULL, name, NULL, NULL, 0)) && test_provider(prov, expected_greeting1(name)); } diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c index 249e9babcfa8..4abbdd33ec4d 100644 --- a/test/provider_pkey_test.c +++ b/test/provider_pkey_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,10 +14,12 @@ #include <openssl/core_names.h> #include <openssl/evp.h> #include <openssl/store.h> +#include <openssl/ui.h> #include "testutil.h" #include "fake_rsaprov.h" static OSSL_LIB_CTX *libctx = NULL; +extern int key_deleted; /* From fake_rsaprov.c */ /* Fetch SIGNATURE method using a libctx and propq */ static int fetch_sig(OSSL_LIB_CTX *ctx, const char *alg, const char *propq, @@ -93,7 +95,7 @@ static int test_pkey_sig(void) /* * If this picks the wrong signature without realizing it * we can get a segfault or some internal error. At least watch - * whether fake-rsa sign_init is is exercised by calling sign. + * whether fake-rsa sign_init is exercised by calling sign. */ if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1)) goto end; @@ -288,6 +290,140 @@ end: return ret; } +static int test_pkey_delete(void) +{ + OSSL_PROVIDER *deflt = NULL; + OSSL_PROVIDER *fake_rsa = NULL; + int ret = 0; + EVP_PKEY *pkey = NULL; + OSSL_STORE_LOADER *loader = NULL; + OSSL_STORE_CTX *ctx = NULL; + OSSL_STORE_INFO *info; + const char *propq = "?provider=fake-rsa"; + + /* It's important to load the default provider first for this test */ + if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default"))) + goto end; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) + goto end; + + if (!TEST_ptr(loader = OSSL_STORE_LOADER_fetch(libctx, "fake_rsa", + propq))) + goto end; + + OSSL_STORE_LOADER_free(loader); + + /* First iteration: load key, check it, delete it */ + if (!TEST_ptr(ctx = OSSL_STORE_open_ex("fake_rsa:test", libctx, propq, + NULL, NULL, NULL, NULL, NULL))) + goto end; + + while (!OSSL_STORE_eof(ctx) + && (info = OSSL_STORE_load(ctx)) != NULL + && pkey == NULL) { + if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) + pkey = OSSL_STORE_INFO_get1_PKEY(info); + OSSL_STORE_INFO_free(info); + info = NULL; + } + + if (!TEST_ptr(pkey) || !TEST_int_eq(EVP_PKEY_is_a(pkey, "RSA"), 1)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + if (!TEST_int_eq(OSSL_STORE_delete("fake_rsa:test", libctx, propq, + NULL, NULL, NULL), 1)) + goto end; + if (!TEST_int_eq(OSSL_STORE_close(ctx), 1)) + goto end; + + /* Second iteration: load key should fail */ + if (!TEST_ptr(ctx = OSSL_STORE_open_ex("fake_rsa:test", libctx, propq, + NULL, NULL, NULL, NULL, NULL))) + goto end; + + while (!OSSL_STORE_eof(ctx)) { + info = OSSL_STORE_load(ctx); + if (!TEST_ptr_null(info)) + goto end; + } + + ret = 1; + +end: + fake_rsa_finish(fake_rsa); + OSSL_PROVIDER_unload(deflt); + OSSL_STORE_close(ctx); + fake_rsa_restore_store_state(); + return ret; +} + +static int fake_pw_read_string(UI *ui, UI_STRING *uis) +{ + const char *passphrase = FAKE_PASSPHRASE; + + if (UI_get_string_type(uis) == UIT_PROMPT) { + UI_set_result(ui, uis, passphrase); + return 1; + } + + return 0; +} + +static int test_pkey_store_open_ex(void) +{ + OSSL_PROVIDER *deflt = NULL; + OSSL_PROVIDER *fake_rsa = NULL; + int ret = 0; + EVP_PKEY *pkey = NULL; + OSSL_STORE_LOADER *loader = NULL; + OSSL_STORE_CTX *ctx = NULL; + const char *propq = "?provider=fake-rsa"; + UI_METHOD *ui_method = NULL; + + /* It's important to load the default provider first for this test */ + if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default"))) + goto end; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) + goto end; + + if (!TEST_ptr(loader = OSSL_STORE_LOADER_fetch(libctx, "fake_rsa", + propq))) + goto end; + + OSSL_STORE_LOADER_free(loader); + + if (!TEST_ptr(ui_method= UI_create_method("PW Callbacks"))) + goto end; + + if (UI_method_set_reader(ui_method, fake_pw_read_string)) + goto end; + + if (!TEST_ptr(ctx = OSSL_STORE_open_ex("fake_rsa:openpwtest", libctx, propq, + ui_method, NULL, NULL, NULL, NULL))) + goto end; + + /* retry w/o ui_method to ensure we actually enter pw checks and fail */ + OSSL_STORE_close(ctx); + if (!TEST_ptr_null(ctx = OSSL_STORE_open_ex("fake_rsa:openpwtest", libctx, + propq, NULL, NULL, NULL, NULL, + NULL))) + goto end; + + ret = 1; + +end: + UI_destroy_method(ui_method); + fake_rsa_finish(fake_rsa); + OSSL_PROVIDER_unload(deflt); + OSSL_STORE_close(ctx); + EVP_PKEY_free(pkey); + return ret; +} + int setup_tests(void) { libctx = OSSL_LIB_CTX_new(); @@ -298,6 +434,8 @@ int setup_tests(void) ADD_TEST(test_alternative_keygen_init); ADD_TEST(test_pkey_eq); ADD_ALL_TESTS(test_pkey_store, 2); + ADD_TEST(test_pkey_delete); + ADD_TEST(test_pkey_store_open_ex); return 1; } diff --git a/test/provider_status_test.c b/test/provider_status_test.c index 551277c8e0b2..9fcd2c2b14bd 100644 --- a/test/provider_status_test.c +++ b/test/provider_status_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #include <openssl/core_names.h> #include <openssl/self_test.h> #include <openssl/evp.h> +#include <openssl/rsa.h> #include "testutil.h" typedef enum OPTION_choice { @@ -147,6 +148,8 @@ static int test_provider_status(void) OSSL_PROVIDER *prov = NULL; OSSL_PARAM params[2]; EVP_MD *fetch = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; if (!TEST_ptr(prov = OSSL_PROVIDER_load(libctx, provider_name))) goto err; @@ -163,6 +166,16 @@ static int test_provider_status(void) goto err; EVP_MD_free(fetch); fetch = NULL; + /* Use RNG before triggering on-demand self tests */ + if (!TEST_ptr((pctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))) + || !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048), 0) + || !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0)) + goto err; + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + pkey = NULL; + pctx = NULL; /* Test that the provider self test is ok */ self_test_args.count = 0; diff --git a/test/provider_test.c b/test/provider_test.c index 762c2ee16eff..ef08cc51ea30 100644 --- a/test/provider_test.c +++ b/test/provider_test.c @@ -9,6 +9,7 @@ #include <stddef.h> #include <openssl/provider.h> +#include <openssl/param_build.h> #include "testutil.h" extern OSSL_provider_init_fn PROVIDER_INIT_FUNCTION_NAME; @@ -157,6 +158,63 @@ static int test_provider(OSSL_LIB_CTX **libctx, const char *name, return ok; } +#ifndef NO_PROVIDER_MODULE +static int test_provider_ex(OSSL_LIB_CTX **libctx, const char *name) +{ + OSSL_PROVIDER *prov = NULL; + const char *greeting = NULL; + int ok = 0; + long err; + const char custom_buf[] = "Custom greeting"; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, "greeting", custom_buf, + strlen(custom_buf))) + || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) { + goto err; + } + + if (!TEST_ptr(prov = OSSL_PROVIDER_load_ex(*libctx, name, params))) + goto err; + + if (!TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request)) + || !TEST_ptr(greeting = greeting_request[0].data) + || !TEST_size_t_gt(greeting_request[0].data_size, 0) + || !TEST_str_eq(greeting, custom_buf)) + goto err; + + /* Make sure we got the error we were expecting */ + err = ERR_peek_last_error(); + if (!TEST_int_gt(err, 0) + || !TEST_int_eq(ERR_GET_REASON(err), 1)) + goto err; + + if (!TEST_true(OSSL_PROVIDER_unload(prov))) + goto err; + prov = NULL; + + /* + * We must free the libctx to force the provider to really be unloaded from + * memory + */ + OSSL_LIB_CTX_free(*libctx); + *libctx = NULL; + + /* We print out all the data to make sure it can still be accessed */ + ERR_print_errors_fp(stderr); + ok = 1; + err: + OSSL_PARAM_BLD_free(bld); + OSSL_PARAM_free(params); + OSSL_PROVIDER_unload(prov); + OSSL_LIB_CTX_free(*libctx); + *libctx = NULL; + return ok; +} +#endif + static int test_builtin_provider(void) { OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); @@ -212,12 +270,22 @@ static int test_loaded_provider(void) { OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); const char *name = "p_test"; + int res = 0; if (!TEST_ptr(libctx)) return 0; /* test_provider will free libctx as part of the test */ - return test_provider(&libctx, name, NULL); + res = test_provider(&libctx, name, NULL); + + libctx = OSSL_LIB_CTX_new(); + if (!TEST_ptr(libctx)) + return 0; + + /* test_provider_ex will free libctx as part of the test */ + res = res && test_provider_ex(&libctx, name); + + return res; } #endif diff --git a/test/punycode_test.c b/test/punycode_test.c index 9d8171346caa..00a21bb78e5b 100644 --- a/test/punycode_test.c +++ b/test/punycode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include "crypto/punycode.h" #include "internal/nelem.h" +#include "internal/packet.h" #include "testutil.h" @@ -19,6 +20,11 @@ static const struct puny_test { unsigned int raw[50]; const char *encoded; } puny_cases[] = { + { /* Test of 4 byte codepoint using smileyface emoji */ + { 0x1F600 + }, + "e28h" + }, /* Test cases from RFC 3492 */ { /* Arabic (Egyptian) */ { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644, @@ -163,34 +169,53 @@ static int test_punycode(int n) return 1; } +static const struct bad_decode_test { + size_t outlen; + const char input[20]; +} bad_decode_tests[] = { + { 20, "xn--e-*" }, /* bad digit '*' */ + { 10, "xn--e-999" }, /* loop > enc_len */ + { 20, "xn--e-999999999" }, /* Too big */ + { 20, {'x', 'n', '-', '-', (char)0x80, '-' } }, /* Not basic */ + { 20, "xn--e-Oy65t" }, /* codepoint > 0x10FFFF */ +}; + +static int test_a2ulabel_bad_decode(int tst) +{ + char out[20]; + + return TEST_int_eq(ossl_a2ulabel(bad_decode_tests[tst].input, out, bad_decode_tests[tst].outlen), -1); +} + static int test_a2ulabel(void) { char out[50]; - size_t outlen; + char in[530] = { 0 }; /* - * Test that no buffer correctly returns the true length. * The punycode being passed in and parsed is malformed but we're not * verifying that behaviour here. */ - if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0) - || !TEST_size_t_eq(outlen, 7) - || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) - return 0; - /* Test that a short input length returns the true length */ - outlen = 1; - if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) - || !TEST_size_t_eq(outlen, 7) - || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) - || !TEST_str_eq(out,"\xc2\x80.b.c")) + if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, 1), 0) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, 7), 1)) return 0; /* Test for an off by one on the buffer size works */ - outlen = 6; - if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) - || !TEST_size_t_eq(outlen, 7) - || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) + if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, 6), 0) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, 7), 1) || !TEST_str_eq(out,"\xc2\x80.b.c")) return 0; + + /* Test 4 byte smiley face */ + if (!TEST_int_eq(ossl_a2ulabel("xn--e28h.com", out, 10), 1)) + return 0; + + /* Test that we dont overflow the fixed internal buffer of 512 bytes when the starting bytes are copied */ + strcpy(in, "xn--"); + memset(in + 4, 'e', 513); + memcpy(in + 517, "-3ya", 4); + if (!TEST_int_eq(ossl_a2ulabel(in, out, 50), -1)) + return 0; + return 1; } @@ -211,10 +236,59 @@ static int test_puny_overrun(void) return 1; } +static int test_dotted_overflow(void) +{ + static const char string[] = "a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a"; + const size_t num_reps = OSSL_NELEM(string) / 2; + WPACKET p; + BUF_MEM *in; + char *out = NULL; + size_t i; + int res = 0; + + /* Create out input punycode string */ + if (!TEST_ptr(in = BUF_MEM_new())) + return 0; + if (!TEST_true(WPACKET_init_len(&p, in, 0))) { + BUF_MEM_free(in); + return 0; + } + for (i = 0; i < num_reps; i++) { + if (i > 1 && !TEST_true(WPACKET_put_bytes_u8(&p, '.'))) + goto err; + if (!TEST_true(WPACKET_memcpy(&p, "xn--a", sizeof("xn--a") - 1))) + goto err; + } + if (!TEST_true(WPACKET_put_bytes_u8(&p, '\0'))) + goto err; + if (!TEST_ptr(out = OPENSSL_malloc(in->length))) + goto err; + + /* Test the decode into an undersized buffer */ + memset(out, 0x7f, in->length - 1); + if (!TEST_int_le(ossl_a2ulabel(in->data, out, num_reps), 0) + || !TEST_int_eq(out[num_reps], 0x7f)) + goto err; + + /* Test the decode works into a full size buffer */ + if (!TEST_int_gt(ossl_a2ulabel(in->data, out, in->length), 0) + || !TEST_size_t_eq(strlen(out), num_reps * 3)) + goto err; + + res = 1; + err: + WPACKET_cleanup(&p); + BUF_MEM_free(in); + OPENSSL_free(out); + return res; +} + int setup_tests(void) { ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases)); + ADD_TEST(test_dotted_overflow); ADD_TEST(test_a2ulabel); ADD_TEST(test_puny_overrun); + ADD_ALL_TESTS(test_a2ulabel_bad_decode, OSSL_NELEM(bad_decode_tests)); return 1; } diff --git a/test/rand_test.c b/test/rand_test.c index c6cf32610eb3..0dd0e506ed5a 100644 --- a/test/rand_test.c +++ b/test/rand_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the >License>). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,15 @@ #include <openssl/rand.h> #include <openssl/bio.h> #include <openssl/core_names.h> +#include <openssl/params.h> +#include "crypto/rand.h" #include "testutil.h" static int test_rand(void) { EVP_RAND_CTX *privctx; + const OSSL_PROVIDER *prov; + int indicator = 1; OSSL_PARAM params[2], *p = params; unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; unsigned char entropy2[] = { 0xff, 0xfe, 0xfd }; @@ -41,13 +45,223 @@ static int test_rand(void) || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf))) return 0; + + if (fips_provider_version_lt(NULL, 3, 4, 0)) { + /* Skip the rest and pass the test */ + return 1; + } + /* Verify that the FIPS indicator can be read and is false */ + prov = EVP_RAND_get0_provider(EVP_RAND_CTX_get0_rand(privctx)); + if (prov != NULL + && strcmp(OSSL_PROVIDER_get0_name(prov), "fips") == 0) { + params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_FIPS_APPROVED_INDICATOR, + &indicator); + if (!TEST_true(EVP_RAND_CTX_get_params(privctx, params)) + || !TEST_int_eq(indicator, 0)) + return 0; + } return 1; } +static int test_rand_uniform(void) +{ + uint32_t x, i, j; + int err = 0, res = 0; + OSSL_LIB_CTX *ctx; + + if (!test_get_libctx(&ctx, NULL, NULL, NULL, NULL)) + goto err; + + for (i = 1; i < 100; i += 13) { + x = ossl_rand_uniform_uint32(ctx, i, &err); + if (!TEST_int_eq(err, 0) + || !TEST_uint_ge(x, 0) + || !TEST_uint_lt(x, i)) + return 0; + } + for (i = 1; i < 100; i += 17) + for (j = i + 1; j < 150; j += 11) { + x = ossl_rand_range_uint32(ctx, i, j, &err); + if (!TEST_int_eq(err, 0) + || !TEST_uint_ge(x, i) + || !TEST_uint_lt(x, j)) + return 0; + } + + res = 1; + err: + OSSL_LIB_CTX_free(ctx); + return res; +} + +/* Test the FIPS health tests */ +static int fips_health_test_one(const uint8_t *buf, size_t n, size_t gen) +{ + int res = 0; + EVP_RAND *crngt_alg = NULL, *parent_alg = NULL; + EVP_RAND_CTX *crngt = NULL, *parent = NULL; + OSSL_PARAM p[2]; + uint8_t out[1000]; + int indicator = -1; + + p[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, + (void *)buf, n); + p[1] = OSSL_PARAM_construct_end(); + + if (!TEST_ptr(parent_alg = EVP_RAND_fetch(NULL, "TEST-RAND", "-fips")) + || !TEST_ptr(crngt_alg = EVP_RAND_fetch(NULL, "CRNG-TEST", "-fips")) + || !TEST_ptr(parent = EVP_RAND_CTX_new(parent_alg, NULL)) + || !TEST_ptr(crngt = EVP_RAND_CTX_new(crngt_alg, parent)) + || !TEST_true(EVP_RAND_instantiate(parent, 0, 0, + (unsigned char *)"abc", 3, p)) + || !TEST_true(EVP_RAND_instantiate(crngt, 0, 0, + (unsigned char *)"def", 3, NULL)) + || !TEST_size_t_le(gen, sizeof(out))) + goto err; + + /* Verify that the FIPS indicator is negative */ + p[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_FIPS_APPROVED_INDICATOR, + &indicator); + if (!TEST_true(EVP_RAND_CTX_get_params(crngt, p)) + || !TEST_int_le(indicator, 0)) + goto err; + + ERR_set_mark(); + res = EVP_RAND_generate(crngt, out, gen, 0, 0, NULL, 0); + ERR_pop_to_mark(); + err: + EVP_RAND_CTX_free(crngt); + EVP_RAND_CTX_free(parent); + EVP_RAND_free(crngt_alg); + EVP_RAND_free(parent_alg); + return res; +} + +static int fips_health_tests(void) +{ + uint8_t buf[1000]; + size_t i; + + /* Verify tests can pass */ + for (i = 0; i < sizeof(buf); i++) + buf[i] = 0xff & i; + if (!TEST_true(fips_health_test_one(buf, i, i))) + return 0; + + /* Verify RCT can fail */ + for (i = 0; i < 20; i++) + buf[i] = 0xff & (i > 10 ? 200 : i); + if (!TEST_false(fips_health_test_one(buf, i, i))) + return 0; + + /* Verify APT can fail */ + for (i = 0; i < sizeof(buf); i++) + buf[i] = 0xff & (i >= 512 && i % 8 == 0 ? 0x80 : i); + if (!TEST_false(fips_health_test_one(buf, i, i))) + return 0; + return 1; +} + +typedef struct r_test_ctx { + const OSSL_CORE_HANDLE *handle; +} R_TEST_CTX; + +static void r_teardown(void *provctx) +{ + R_TEST_CTX *ctx = (R_TEST_CTX *)provctx; + + free(ctx); +} + +static int r_random_bytes(ossl_unused void *vprov, ossl_unused int which, + void *buf, size_t n, ossl_unused unsigned int strength) +{ + while (n-- > 0) + ((unsigned char *)buf)[n] = 0xff & n; + return 1; +} + +static const OSSL_DISPATCH r_test_table[] = { + { OSSL_FUNC_PROVIDER_RANDOM_BYTES, (void (*)(void))r_random_bytes }, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))r_teardown }, + OSSL_DISPATCH_END +}; + +static int r_init(const OSSL_CORE_HANDLE *handle, + ossl_unused const OSSL_DISPATCH *oin, + const OSSL_DISPATCH **out, + void **provctx) +{ + R_TEST_CTX *ctx; + + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + return 0; + ctx->handle = handle; + + *provctx = (void *)ctx; + *out = r_test_table; + return 1; +} + +static int test_rand_random_provider(void) +{ + OSSL_LIB_CTX *ctx = NULL; + OSSL_PROVIDER *prov = NULL; + int res = 0; + static const unsigned char data[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; + unsigned char buf[sizeof(data)], privbuf[sizeof(data)]; + + memset(buf, 255, sizeof(buf)); + memset(privbuf, 255, sizeof(privbuf)); + + if (!test_get_libctx(&ctx, NULL, NULL, NULL, NULL) + || !TEST_true(OSSL_PROVIDER_add_builtin(ctx, "r_prov", &r_init)) + || !TEST_ptr(prov = OSSL_PROVIDER_try_load(ctx, "r_prov", 1)) + || !TEST_true(RAND_set1_random_provider(ctx, prov)) + || !RAND_bytes_ex(ctx, buf, sizeof(buf), 256) + || !TEST_mem_eq(buf, sizeof(buf), data, sizeof(data)) + || !RAND_priv_bytes_ex(ctx, privbuf, sizeof(privbuf), 256) + || !TEST_mem_eq(privbuf, sizeof(privbuf), data, sizeof(data))) + goto err; + + /* Test we can revert to not using the provider based randomness */ + if (!TEST_true(RAND_set1_random_provider(ctx, NULL)) + || !RAND_bytes_ex(ctx, buf, sizeof(buf), 256) + || !TEST_mem_ne(buf, sizeof(buf), data, sizeof(data))) + goto err; + + /* And back to the provided randomness */ + if (!TEST_true(RAND_set1_random_provider(ctx, prov)) + || !RAND_bytes_ex(ctx, buf, sizeof(buf), 256) + || !TEST_mem_eq(buf, sizeof(buf), data, sizeof(data))) + goto err; + + res = 1; + err: + OSSL_PROVIDER_unload(prov); + OSSL_LIB_CTX_free(ctx); + return res; +} + int setup_tests(void) { - if (!TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", NULL, NULL, NULL))) + char *configfile; + + if (!TEST_ptr(configfile = test_get_argument(0)) + || !TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", "fips=no", + NULL, NULL)) + || (fips_provider_version_ge(NULL, 3, 0, 8) + && !TEST_true(OSSL_LIB_CTX_load_config(NULL, configfile)))) return 0; + ADD_TEST(test_rand); + ADD_TEST(test_rand_uniform); + + if (OSSL_PROVIDER_available(NULL, "fips") + && fips_provider_version_ge(NULL, 3, 4, 0)) + ADD_TEST(fips_health_tests); + + ADD_TEST(test_rand_random_provider); return 1; } diff --git a/test/rdrand_sanitytest.c b/test/rdrand_sanitytest.c deleted file mode 100644 index dcc9d2800ae0..000000000000 --- a/test/rdrand_sanitytest.c +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include "testutil.h" -#include "internal/cryptlib.h" - -#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) - -size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); -size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); - -static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t), - int rounds, int min_failures, int max_retries, int max_zero_words) -{ - int testresult = 0; - unsigned char prior[31] = {0}, buf[31] = {0}, check[7]; - int failures = 0, zero_words = 0; - - int i; - for (i = 0; i < rounds; i++) { - size_t generated = 0; - - int retry; - for (retry = 0; retry < max_retries; retry++) { - generated = rng(buf, sizeof(buf)); - if (generated == sizeof(buf)) - break; - failures++; - } - - /*- - * Verify that we don't have too many unexpected runs of zeroes, - * implying that we might be accidentally using the 32-bit RDRAND - * instead of the 64-bit one on 64-bit systems. - */ - size_t j; - for (j = 0; j < sizeof(buf) - 1; j++) { - if (buf[j] == 0 && buf[j+1] == 0) { - zero_words++; - } - } - - if (!TEST_int_eq(generated, sizeof(buf))) - goto end; - if (!TEST_false(!memcmp(prior, buf, sizeof(buf)))) - goto end; - - /* Verify that the last 7 bytes of buf aren't all the same value */ - unsigned char *tail = &buf[sizeof(buf) - sizeof(check)]; - memset(check, tail[0], 7); - if (!TEST_false(!memcmp(check, tail, sizeof(check)))) - goto end; - - /* Save the result and make sure it's different next time */ - memcpy(prior, buf, sizeof(buf)); - } - - if (!TEST_int_le(zero_words, max_zero_words)) - goto end; - - if (!TEST_int_ge(failures, min_failures)) - goto end; - - testresult = 1; -end: - return testresult; -} - -static int sanity_check_rdrand_bytes(void) -{ - return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10); -} - -static int sanity_check_rdseed_bytes(void) -{ - /*- - * RDSEED may take many retries to succeed; note that this is effectively - * multiplied by the 8x retry loop in asm, and failure probabilities are - * increased by the fact that we need either 4 or 8 samples depending on - * the platform. - */ - return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10); -} - -int setup_tests(void) -{ - OPENSSL_cpuid_setup(); - - int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0; - int have_rdrand = (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0; - - if (have_rdrand) { - ADD_TEST(sanity_check_rdrand_bytes); - } - - if (have_rdseed) { - ADD_TEST(sanity_check_rdseed_bytes); - } - - return 1; -} - - -#else - -int setup_tests(void) -{ - return 1; -} - -#endif diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t index 8d53e8a40fdb..4e3a6d85e839 100644 --- a/test/recipes/00-prep_fipsmodule_cnf.t +++ b/test/recipes/00-prep_fipsmodule_cnf.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf'); plan tests => 1; # Create the $fipsmoduleconf file -ok(run(app(['openssl', 'fipsinstall', +ok(run(app(['openssl', 'fipsinstall', '-pedantic', '-module', $fipsmodule, '-provider_name', 'fips', '-section_name', 'fips_sect', '-out', $fipsmoduleconf])), "fips install"); diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t index 3de3d2ccf19b..222b1886aec0 100644 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: Perl -*- -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ use strict; use File::Spec::Functions qw(devnull); +use IPC::Cmd; use OpenSSL::Test qw(:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file); use OpenSSL::Test::Utils; @@ -23,56 +24,98 @@ use platform; plan skip_all => "Test is disabled on NonStop" if config('target') =~ m|^nonstop|; # MacOS arranges symbol names differently plan skip_all => "Test is disabled on MacOS" if config('target') =~ m|^darwin|; -plan skip_all => "This is unsupported on MSYS, MinGW or MSWin32" - if $^O eq 'msys' or $^O eq 'MSWin32' or config('target') =~ m|^mingw|; -plan skip_all => "Only useful when building shared libraries" - if disabled("shared"); - -my @libnames = ("crypto", "ssl"); -my $testcount = scalar @libnames; - -plan tests => $testcount * 2; +plan skip_all => "This is unsupported on platforms that don't have 'nm'" + unless IPC::Cmd::can_run('nm'); note "NOTE: developer test! It's possible that it won't run on your\n", "platform, and that's perfectly fine. This is mainly for developers\n", "on Unix to check that our shared libraries are consistent with the\n", - "ordinals (util/*.num in the source tree), something that should be\n", - "good enough a check for the other platforms as well.\n"; + "ordinals (util/*.num in the source tree), and that our static libraries\n", + "don't share symbols, something that should be a good enough check for\n", + "the other platforms as well.\n"; + +my %stlibname; +my %shlibname; +my %stlibpath; +my %shlibpath; +my %defpath; +foreach (qw(crypto ssl)) { + $stlibname{$_} = platform->staticlib("lib$_"); + $stlibpath{$_} = bldtop_file($stlibname{$_}); + $shlibname{$_} = platform->sharedlib("lib$_") unless disabled('shared'); + $shlibpath{$_} = bldtop_file($shlibname{$_}) unless disabled('shared'); +} + +my $testcount + = 1 # Check for static library symbols duplicates + ; +$testcount + += (scalar keys %shlibpath) # Check for missing symbols in shared lib + unless disabled('shared'); + +plan tests => $testcount; + +###################################################################### +# Collect symbols +# [3 tests per library] -foreach my $libname (@libnames) { - SKIP: - { - my $shlibname = platform->sharedlib("lib$libname"); - my $shlibpath = bldtop_file($shlibname); - *OSTDERR = *STDERR; - *OSTDOUT = *STDOUT; - open STDERR, ">", devnull(); - open STDOUT, ">", devnull(); - my @nm_lines = map { s|\R$||; $_ } `nm -DPg $shlibpath 2> /dev/null`; - close STDERR; - close STDOUT; - *STDERR = *OSTDERR; - *STDOUT = *OSTDOUT; - skip "Can't run 'nm -DPg $shlibpath' => $?... ignoring", 2 - unless $? == 0; +my %stsymbols; # Static library symbols +my %shsymbols; # Shared library symbols +my %defsymbols; # Symbols taken from ordinals +foreach (sort keys %stlibname) { + my $stlib_cmd = "nm -Pg $stlibpath{$_} 2> /dev/null"; + my $shlib_cmd = "nm -DPg $shlibpath{$_} 2> /dev/null"; + my @stlib_lines; + my @shlib_lines; + *OSTDERR = *STDERR; + *OSTDOUT = *STDOUT; + open STDERR, ">", devnull(); + open STDOUT, ">", devnull(); + @stlib_lines = map { s|\R$||; $_ } `$stlib_cmd`; + if ($? != 0) { + note "running '$stlib_cmd' => $?"; + @stlib_lines = (); + } + unless (disabled('shared')) { + @shlib_lines = map { s|\R$||; $_ } `$shlib_cmd`; + if ($? != 0) { + note "running '$shlib_cmd' => $?"; + @shlib_lines = (); + } + } + close STDERR; + close STDOUT; + *STDERR = *OSTDERR; + *STDOUT = *OSTDOUT; - my $bldtop = bldtop_dir(); - my @def_lines; + my $bldtop = bldtop_dir(); + my @def_lines; + unless (disabled('shared')) { indir $bldtop => sub { my $mkdefpath = srctop_file("util", "mkdef.pl"); - my $libnumpath = srctop_file("util", "lib$libname.num"); - @def_lines = map { s|\R$||; $_ } `$^X $mkdefpath --ordinals $libnumpath --name $libname --OS linux 2> /dev/null`; - ok($? == 0, "running 'cd $bldtop; $^X $mkdefpath --ordinals $libnumpath --name $libname --OS linux' => $?"); + my $def_path = srctop_file("util", "lib$_.num"); + my $def_cmd = "$^X $mkdefpath --ordinals $def_path --name $_ --OS linux 2> /dev/null"; + @def_lines = map { s|\R$||; $_ } `$def_cmd`; + if ($? != 0) { + note "running 'cd $bldtop; $def_cmd' => $?"; + @def_lines = (); + } }, create => 0, cleanup => 0; + } - note "Number of lines in \@nm_lines before massaging: ", scalar @nm_lines; + note "Number of lines in \@stlib_lines before massaging: ", scalar @stlib_lines; + unless (disabled('shared')) { + note "Number of lines in \@shlib_lines before massaging: ", scalar @shlib_lines; note "Number of lines in \@def_lines before massaging: ", scalar @def_lines; + } - # Massage the nm output to only contain defined symbols - # Common symbols need separate treatment + # Massage the nm output to only contain defined symbols + my @arrays = ( \@stlib_lines ); + push @arrays, \@shlib_lines unless disabled('shared'); + foreach (@arrays) { my %commons; - foreach (@nm_lines) { + foreach (@$_) { if (m|^(.*) C .*|) { $commons{$1}++; } @@ -81,7 +124,7 @@ foreach my $libname (@libnames) { note "Common symbol: $_"; } - @nm_lines = + @$_ = sort ( map { # Drop the first space and everything following it @@ -97,14 +140,16 @@ foreach my $libname (@libnames) { grep !m|^__|, # Only look at external definitions grep m|.* [BDST] .*|, - @nm_lines ), + @$_ ), keys %commons; + } - # Massage the mkdef.pl output to only contain global symbols - # The output we got is in Unix .map format, which has a global - # and a local section. We're only interested in the global - # section. - my $in_global = 0; + # Massage the mkdef.pl output to only contain global symbols + # The output we got is in Unix .map format, which has a global + # and a local section. We're only interested in the global + # section. + my $in_global = 0; + unless (disabled('shared')) { @def_lines = sort map { s|;||; s|\s+||g; $_ } @@ -112,46 +157,86 @@ foreach my $libname (@libnames) { $in_global = 0 if m|local:|; $in_global = 0 if m|\}|; $in_global && m|;|; } @def_lines; + } + + note "Number of lines in \@stlib_lines after massaging: ", scalar @stlib_lines; + unless (disabled('shared')) { - note "Number of lines in \@nm_lines after massaging: ", scalar @nm_lines; + note "Number of lines in \@shlib_lines after massaging: ", scalar @shlib_lines; note "Number of lines in \@def_lines after massaging: ", scalar @def_lines; + } + + $stsymbols{$_} = [ @stlib_lines ]; + unless (disabled('shared')) { + $shsymbols{$_} = [ @shlib_lines ]; + $defsymbols{$_} = [ @def_lines ]; + } +} + +###################################################################### +# Check that there are no duplicate symbols in all our static libraries +# combined +# [1 test] +my %symbols; +foreach (sort keys %stlibname) { + foreach (@{$stsymbols{$_}}) { + $symbols{$_}++; + } +} +my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; +if (@duplicates) { + note "Duplicates:"; + note join('\n', @duplicates); +} +ok(scalar @duplicates == 0, "checking no duplicate symbols in static libraries"); + +###################################################################### +# Check that the exported symbols in our shared libraries are consistent +# with our ordinals files. +# [1 test per library] + +unless (disabled('shared')) { + foreach (sort keys %stlibname) { # Maintain lists of symbols that are missing in the shared library, # or that are extra. my @missing = (); my @extra = (); - while (scalar @nm_lines || scalar @def_lines) { - my $nm_first = $nm_lines[0]; - my $def_first = $def_lines[0]; + my @sh_symbols = ( @{$shsymbols{$_}} ); + my @def_symbols = ( @{$defsymbols{$_}} ); + + while (scalar @sh_symbols || scalar @def_symbols) { + my $sh_first = $sh_symbols[0]; + my $def_first = $def_symbols[0]; - if (!defined($nm_first)) { - push @missing, shift @def_lines; + if (!defined($sh_first)) { + push @missing, shift @def_symbols; } elsif (!defined($def_first)) { - push @extra, shift @nm_lines; - } elsif ($nm_first gt $def_first) { - push @missing, shift @def_lines; - } elsif ($nm_first lt $def_first) { - push @extra, shift @nm_lines; + push @extra, shift @sh_symbols; + } elsif ($sh_first gt $def_first) { + push @missing, shift @def_symbols; + } elsif ($sh_first lt $def_first) { + push @extra, shift @sh_symbols; } else { - shift @def_lines; - shift @nm_lines; + shift @def_symbols; + shift @sh_symbols; } } if (scalar @missing) { - note "The following symbols are missing in ${shlibname}:"; + note "The following symbols are missing in $_:"; foreach (@missing) { note " $_"; } } if (scalar @extra) { - note "The following symbols are extra in ${shlibname}:"; + note "The following symbols are extra in $_:"; foreach (@extra) { note " $_"; } } ok(scalar @missing == 0, - "check that there are no missing symbols in ${shlibname}"); + "check that there are no missing symbols in $_"); } } diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t index 396d2731761c..07a68ad94095 100644 --- a/test/recipes/02-test_errstr.t +++ b/test/recipes/02-test_errstr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -134,8 +134,9 @@ sub match_opensslerr_reason { my @strings = @_; my $errcode_hex = sprintf "%x", $errcode; - my $reason = - ( run(app([ qw(openssl errstr), $errcode_hex ]), capture => 1) )[0]; + my @res = run(app([ qw(openssl errstr), $errcode_hex ]), capture => 1); + return 0 unless $#res >= 0; + my $reason = $res[0]; $reason =~ s|\R$||; $reason = ( split_error($reason) )[3]; diff --git a/test/recipes/02-test_internal_keymgmt.t b/test/recipes/02-test_internal_keymgmt.t index 165f54807be1..28f510f1648c 100644 --- a/test/recipes/02-test_internal_keymgmt.t +++ b/test/recipes/02-test_internal_keymgmt.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index c243b5646d37..1f9110ef600a 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -24,15 +24,52 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 29; +# Compatible options for pedantic FIPS compliance +my @pedantic_okay = + ( 'ems_check', 'no_drbg_truncated_digests', 'self_test_onload', + 'signature_digest_check' + ); + +# Incompatible options for pedantic FIPS compliance +my @pedantic_fail = + ( 'no_conditional_errors', 'no_security_checks', 'self_test_oninstall', + 'no_pbkdf2_lower_bound_check' ); + +# Command line options +my @commandline = + ( + ( 'ems_check', 'tls1-prf-ems-check' ), + ( 'no_short_mac', 'no-short-mac' ), + ( 'no_drbg_truncated_digests', 'drbg-no-trunc-md' ), + ( 'signature_digest_check', 'signature-digest-check' ), + ( 'hkdf_digest_check', 'hkdf-digest-check' ), + ( 'tls13_kdf_digest_check', 'tls13-kdf-digest-check' ), + ( 'tls1_prf_digest_check', 'tls1-prf-digest-check' ), + ( 'sshkdf_digest_check', 'sshkdf-digest-check' ), + ( 'sskdf_digest_check', 'sskdf-digest-check' ), + ( 'x963kdf_digest_check', 'x963kdf-digest-check' ), + ( 'dsa_sign_disabled', 'dsa-sign-disabled' ), + ( 'tdes_encrypt_disabled', 'tdes-encrypt-disabled' ), + ( 'rsa_pkcs15_pad_disabled', 'rsa-pkcs15-pad-disabled' ), + ( 'rsa_pss_saltlen_check', 'rsa-pss-saltlen-check' ), + ( 'rsa_sign_x931_disabled', 'rsa-sign-x931-pad-disabled' ), + ( 'hkdf_key_check', 'hkdf-key-check' ), + ( 'kbkdf_key_check', 'kbkdf-key-check' ), + ( 'tls13_kdf_key_check', 'tls13-kdf-key-check' ), + ( 'tls1_prf_key_check', 'tls1-prf-key-check' ), + ( 'sshkdf_key_check', 'sshkdf-key-check' ), + ( 'sskdf_key_check', 'sskdf-key-check' ), + ( 'x963kdf_key_check', 'x963kdf-key-check' ), + ( 'x942kdf_key_check', 'x942kdf-key-check' ) + ); + +plan tests => 40 + (scalar @pedantic_okay) + (scalar @pedantic_fail) + + 4 * (scalar @commandline); my $infile = bldtop_file('providers', platform->dso('fips')); my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; my $provconf = srctop_file("test", "fips-and-base.cnf"); -run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]), - capture => 1, statusvar => \my $indicatorpost); - # Read in a text $infile and replace the regular expression in $srch with the # value in $repl and output to a new file $outfile. sub replace_line_file_internal { @@ -83,6 +120,22 @@ sub replace_parent_line_file { $srch, $rep, $outfile); } +# Check if the specified pattern occurs in the given file +# Returns 1 if the pattern is found and 0 if not +sub find_line_file { + my ($key, $file) = @_; + + open(my $in, $file) or return -1; + while (my $line = <$in>) { + if ($line =~ /$key/) { + close($in); + return 1; + } + } + close($in); + return 0; +} + # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', '-provider_name', 'fips', @@ -97,7 +150,6 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, '-section_name', 'fips_sect', '-verify'])), "fipsinstall verify fail"); - # output a fips.cnf file containing mac data ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', @@ -112,114 +164,145 @@ ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-section_name', 'fips_sect', '-verify'])), "fipsinstall verify"); -ok(replace_line_file('module-mac', '', 'fips_no_module_mac.cnf') - && !run(app(['openssl', 'fipsinstall', - '-in', 'fips_no_module_mac.cnf', - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail no module mac"); +# Test that default options for fipsinstall output the 'install-status' for +# FIPS 140-2 providers. +SKIP: { + run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), + capture => 1, statusvar => \my $exit); -ok(replace_line_file('install-mac', '', 'fips_no_install_mac.cnf') - && !run(app(['openssl', 'fipsinstall', - '-in', 'fips_no_install_mac.cnf', - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail no install indicator mac"); + skip "Skipping FIPS 140-3 provider", 2 + if !$exit; -ok(replace_line_file('module-mac', '00:00:00:00:00:00', - 'fips_bad_module_mac.cnf') - && !run(app(['openssl', 'fipsinstall', - '-in', 'fips_bad_module_mac.cnf', - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail if invalid module integrity value"); + ok(find_line_file('install-mac = ', 'fips.cnf') == 1, + 'FIPS 140-2 should output install-mac'); -ok(replace_line_file('install-mac', '00:00:00:00:00:00', - 'fips_bad_install_mac.cnf') - && !run(app(['openssl', 'fipsinstall', - '-in', 'fips_bad_install_mac.cnf', - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail if invalid install indicator integrity value"); + ok(find_line_file('install-status = INSTALL_SELF_TEST_KATS_RUN', + 'fips.cnf') == 1, + 'FIPS 140-2 should output install-status'); +} -ok(replace_line_file('install-status', 'INCORRECT_STATUS_STRING', - 'fips_bad_indicator.cnf') - && !run(app(['openssl', 'fipsinstall', - '-in', 'fips_bad_indicator.cnf', - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail if invalid install indicator status"); +# Skip Tests if POST is disabled +SKIP: { + skip "Skipping POST checks", 13 + if disabled("fips-post"); -# fail to verify the fips.cnf file if a different key is used -ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail bad key"); + ok(replace_line_file('module-mac', '', 'fips_no_module_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_no_module_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail no module mac"); -# fail to verify the fips.cnf file if a different mac digest is used -ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA512', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-verify'])), - "fipsinstall verify fail incorrect digest"); + ok(replace_line_file('install-mac', '', 'fips_no_install_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_no_install_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail no install indicator mac"); -# corrupt the module hmac -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'HMAC'])), - "fipsinstall fails when the module integrity is corrupted"); + ok(replace_line_file('module-mac', '00:00:00:00:00:00', + 'fips_bad_module_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_bad_module_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail if invalid module integrity value"); -# corrupt the first digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'SHA2'])), - "fipsinstall fails when the digest result is corrupted"); + ok(replace_line_file('install-mac', '00:00:00:00:00:00', + 'fips_bad_install_mac.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_bad_install_mac.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail if invalid install indicator integrity value"); -# corrupt another digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'SHA3'])), - "fipsinstall fails when the digest result is corrupted"); + ok(replace_line_file('install-status', 'INCORRECT_STATUS_STRING', + 'fips_bad_indicator.cnf') + && !run(app(['openssl', 'fipsinstall', + '-in', 'fips_bad_indicator.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail if invalid install indicator status"); -# corrupt cipher encrypt test -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])), - "fipsinstall fails when the AES_GCM result is corrupted"); + # fail to verify the fips.cnf file if a different key is used + ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:01", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail bad key"); -# corrupt cipher decrypt test -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'AES_ECB_Decrypt'])), - "fipsinstall fails when the AES_ECB result is corrupted"); + # fail to verify the fips.cnf file if a different mac digest is used + ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA512', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-verify'])), + "fipsinstall verify fail incorrect digest"); -# corrupt DRBG -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'CTR'])), - "fipsinstall fails when the DRBG CTR result is corrupted"); + # corrupt the module hmac + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-corrupt_desc', 'HMAC'])), + "fipsinstall fails when the module integrity is corrupted"); + + # corrupt the first digest + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-corrupt_desc', 'SHA2'])), + "fipsinstall fails when the digest result is corrupted"); + + # corrupt another digest + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-corrupt_desc', 'SHA3'])), + "fipsinstall fails when the digest result is corrupted"); + + # corrupt cipher encrypt test + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-corrupt_desc', 'AES_GCM'])), + "fipsinstall fails when the AES_GCM result is corrupted"); + + # corrupt cipher decrypt test + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-corrupt_desc', 'AES_ECB_Decrypt'])), + "fipsinstall fails when the AES_ECB result is corrupted"); + + # corrupt DRBG + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-corrupt_desc', 'CTR'])), + "fipsinstall fails when the DRBG CTR result is corrupted"); +} # corrupt a KAS test SKIP: { skip "Skipping KAS DH corruption test because of no dh in this build", 1 - if disabled("dh"); + if disabled("dh") || disabled("fips-post"); ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', @@ -230,16 +313,33 @@ SKIP: { "fipsinstall fails when the kas result is corrupted"); } -# corrupt a Signature test +# corrupt a Signature test - 140-3 requires a known answer test SKIP: { skip "Skipping Signature DSA corruption test because of no dsa in this build", 1 - if disabled("dsa"); + if disabled("dsa") || disabled("fips-post"); + + run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version is too old for KAT DSA signature test", 1 + if !$exit; + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-self_test_oninstall', + '-corrupt_desc', 'DSA', + '-corrupt_type', 'KAT_Signature'])), + "fipsinstall fails when the signature result is corrupted"); +} + +# corrupt a Signature test - 140-2 allows a pairwise consistency test +SKIP: { + skip "Skipping Signature DSA corruption test because of no dsa in this build", 1 + if disabled("dsa") || disabled("fips-post"); run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), capture => 1, statusvar => \my $exit); skip "FIPS provider version is too new for PCT DSA signature test", 1 if !$exit; - ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", @@ -249,18 +349,47 @@ SKIP: { "fipsinstall fails when the signature result is corrupted"); } -# corrupt an Asymmetric cipher test +# corrupt ML-KEM tests SKIP: { - skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1 - if disabled("rsa"); - run(test(["fips_version_test", "-config", $provconf, "<3.5.0"]), + skip "Skipping ML_KEM corruption tests because of no ML-KEM in this build", 4 + if disabled("ml-kem") || disabled("fips-post"); + + run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]), capture => 1, statusvar => \my $exit); - skip "FIPS provider version is too new for Asymmetric RSA corruption test", 1 + skip "FIPS provider version doesn't support ML-KEM", 4 if !$exit; + + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', + '-corrupt_desc', 'ML-KEM', + '-corrupt_type', 'KAT_AsymmetricKeyGeneration'])), + "fipsinstall fails when the ML-KEM key generation result is corrupted"); + + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', + '-corrupt_desc', 'KEM_Encap', + '-corrupt_type', 'KAT_KEM'])), + "fipsinstall fails when the ML-KEM encapsulate result is corrupted"); + + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', + '-corrupt_desc', 'KEM_Decap', + '-corrupt_type', 'KAT_KEM'])), + "fipsinstall fails when the ML-KEM decapsulate result is corrupted"); + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, - '-corrupt_desc', 'RSA_Encrypt', - '-corrupt_type', 'KAT_AsymmetricCipher'])), - "fipsinstall fails when the asymmetric cipher result is corrupted"); + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', + '-corrupt_desc', 'KEM_Decap_Reject', + '-corrupt_type', 'KAT_KEM'])), + "fipsinstall fails when the ML-KEM decapsulate implicit failure result is corrupted"); } # 'local' ensures that this change is only done in this file. @@ -276,21 +405,25 @@ ok(replace_parent_line_file('fips_no_module_mac.cnf', '-config', 'fips_parent_no_module_mac.cnf'])), "verify load config fail no module mac"); - SKIP: { - skip "Newer FIPS provider version does not support this feature", 3 - if !$indicatorpost; + run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version doesn't support self test indicator", 3 + if !$exit; ok(replace_parent_line_file('fips_no_install_mac.cnf', 'fips_parent_no_install_mac.cnf') && !run(app(['openssl', 'fipsinstall', '-config', 'fips_parent_no_install_mac.cnf'])), "verify load config fail no install mac"); + ok(replace_parent_line_file('fips_bad_indicator.cnf', 'fips_parent_bad_indicator.cnf') && !run(app(['openssl', 'fipsinstall', '-config', 'fips_parent_bad_indicator.cnf'])), "verify load config fail bad indicator"); + + ok(replace_parent_line_file('fips_bad_install_mac.cnf', 'fips_parent_bad_install_mac.cnf') && !run(app(['openssl', 'fipsinstall', @@ -304,17 +437,81 @@ ok(replace_parent_line_file('fips_bad_module_mac.cnf', '-config', 'fips_parent_bad_module_mac.cnf'])), "verify load config fail bad module mac"); +SKIP: { + run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version doesn't support self test indicator", 3 + if !$exit; + + my $stconf = "fipsmodule_selftest.cnf"; -my $stconf = "fipsmodule_selftest.cnf"; + ok(run(app(['openssl', 'fipsinstall', '-out', $stconf, + '-module', $infile, '-self_test_onload'])), + "fipsinstall config saved without self test indicator"); -ok(run(app(['openssl', 'fipsinstall', '-out', $stconf, - '-module', $infile, '-self_test_onload'])), - "fipsinstall config saved without self test indicator"); + ok(!run(app(['openssl', 'fipsinstall', '-in', $stconf, + '-module', $infile, '-verify'])), + "fipsinstall config verify fails without self test indicator"); -ok(!run(app(['openssl', 'fipsinstall', '-in', $stconf, - '-module', $infile, '-verify'])), - "fipsinstall config verify fails without self test indicator"); + ok(run(app(['openssl', 'fipsinstall', '-in', $stconf, + '-module', $infile, '-self_test_onload', '-verify'])), + "fipsinstall config verify passes when self test indicator is not present"); +} -ok(run(app(['openssl', 'fipsinstall', '-in', $stconf, - '-module', $infile, '-self_test_onload', '-verify'])), - "fipsinstall config verify passes when self test indicator is not present"); +SKIP: { + run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version can run self tests on install", 1 + if !$exit; + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-self_test_oninstall', + '-ems_check'])), + "fipsinstall fails when attempting to run self tests on install"); +} + +ok(find_line_file('drbg-no-trunc-md = 0', 'fips.cnf') == 1, + 'fipsinstall defaults to not banning truncated digests with DRBGs'); + +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-no_drbg_truncated_digests'])), + "fipsinstall knows about allowing truncated digests in DRBGs"); + +ok(find_line_file('drbg-no-trunc-md = 1', 'fips.cnf') == 1, + 'fipsinstall will allow option for truncated digests with DRBGs'); + + +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips-pedantic.cnf', + '-module', $infile, '-pedantic'])), + "fipsinstall accepts -pedantic option"); + +foreach my $o (@pedantic_okay) { + ok(run(app(['openssl', 'fipsinstall', '-out', "fips-${o}.cnf", + '-module', $infile, '-pedantic', "-${o}"])), + "fipsinstall accepts -${o} after -pedantic option"); +} + +foreach my $o (@pedantic_fail) { + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', + '-module', $infile, '-pedantic', "-${o}"])), + "fipsinstall disallows -${o} after -pedantic option"); +} + +foreach my $cp (@commandline) { + my $o = $commandline[0]; + my $l = $commandline[1]; + + ok(find_line_file("${l} = 1", 'fips-pedantic.cnf') == 1, + "fipsinstall enables ${l} with -pendantic option"); + ok(find_line_file("${l} = 0", 'fips.cnf') == 1, + "fipsinstall disables ${l} without -pendantic option"); + + ok(run(app(['openssl', 'fipsinstall', '-out', "fips-${o}.cnf", + '-module', $infile, "-${o}"])), + "fipsinstall accepts -${o} option"); + ok(find_line_file("${l} = 1", "fips-${o}.cnf") == 1, + "fipsinstall enables ${l} with -${o} option"); +} diff --git a/test/recipes/03-test_internal_curve448.t b/test/recipes/03-test_internal_curve448.t index 01ca5ad38cfa..0497d4d2c537 100644 --- a/test/recipes/03-test_internal_curve448.t +++ b/test/recipes/03-test_internal_curve448.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ use OpenSSL::Test::Utils; setup("test_internal_curve448"); -plan skip_all => "This test is unsupported in a no-ec build" - if disabled("ec"); +plan skip_all => "This test is unsupported in a no-ecx build" + if disabled("ecx"); simple_test("test_internal_curve448", "curve448_internal_test"); diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t index d5d79f3a5754..2acc980e901f 100644 --- a/test/recipes/04-test_encoder_decoder.t +++ b/test/recipes/04-test_encoder_decoder.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $rsa_key = srctop_file("test", "certs", "ee-key.pem"); my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem"); -plan tests => ($no_fips ? 0 : 3) + 2; # FIPS install test + test +plan tests => ($no_fips ? 0 : 5) + 2; # FIPS install test + test my $conf = srctop_file("test", "default.cnf"); @@ -73,4 +73,15 @@ SKIP: { ok(find_line_file('NIST CURVE: P-256', 'ec.txt') == 1, 'Printing an FIPS provider EC private key'); } + my $no_des = disabled("des"); +SKIP: { + skip "MD5 disabled", 2 if disabled("md5"); + ok(run(app([ 'openssl', 'genrsa', '-aes128', '-out', 'epki.pem', + '-traditional', '-passout', 'pass:pass' ])), + "rsa encrypted using a non fips algorithm MD5 in pbe"); + + my $conf2 = srctop_file("test", "default-and-fips.cnf"); + ok(run(test(['decoder_propq_test', '-config', $conf2, + '-provider', 'fips', 'epki.pem']))); +} } diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t index aa012c1907ad..746263012724 100644 --- a/test/recipes/05-test_rand.t +++ b/test/recipes/05-test_rand.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,11 +10,19 @@ use strict; use warnings; use OpenSSL::Test; use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; -plan tests => 5; +plan tests => 6; setup("test_rand"); -ok(run(test(["rand_test"]))); +ok(run(test(["rand_test", srctop_file("test", "default.cnf")]))); + +SKIP: { + skip "Skipping FIPS test in this build", 1 if disabled('fips'); + + ok(run(test(["rand_test", srctop_file("test", "fips.cnf")]))); +} + ok(run(test(["drbgtest"]))); ok(run(test(["rand_status_test"]))); @@ -32,6 +40,10 @@ SKIP: { ok($success && $randdata[0] eq $expected, "rand with ossltest: Check rand output is as expected"); + @randdata = run(app(['openssl', 'rand', '-hex', '2K' ]), + capture => 1, statusvar => \$success); + chomp(@randdata); + @randdata = run(app(['openssl', 'rand', '-engine', 'dasync', '-hex', '16' ]), capture => 1, statusvar => \$success); chomp(@randdata); diff --git a/test/recipes/06-test_algorithmid.t b/test/recipes/06-test_algorithmid.t index 8b98efe90961..d73794aa62bf 100644 --- a/test/recipes/06-test_algorithmid.t +++ b/test/recipes/06-test_algorithmid.t @@ -1,6 +1,6 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,8 @@ my @pubkeys = ( 'testrsapub', disabled('dsa') ? () : 'testdsapub', - disabled('ec') ? () : qw(testecpub-p256 tested25519pub tested448pub) + disabled('ec') ? () : qw(testecpub-p256), + disabled('ecx') ? () : qw(tested25519pub tested448pub) ); my @certs = sort keys %certs_info; diff --git a/test/recipes/06-test_rdrand_sanity.t b/test/recipes/06-test_rdrand_sanity.t deleted file mode 100644 index a20e09e77804..000000000000 --- a/test/recipes/06-test_rdrand_sanity.t +++ /dev/null @@ -1,22 +0,0 @@ -#! /usr/bin/env perl - -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -use OpenSSL::Test; # get 'plan' -use OpenSSL::Test::Simple; -use OpenSSL::Test::Utils; - -setup("test_rdrand_sanity"); - -# We also need static builds to be enabled even on linux -plan skip_all => "This test is unsupported if static builds are not enabled" - if disabled("static"); - -simple_test("test_rdrand_sanity", "rdrand_sanitytest"); diff --git a/test/recipes/10-test_bn_data/bngcd.txt b/test/recipes/10-test_bn_data/bngcd.txt index ea19336b5dcd..a4bed99b4923 100644 --- a/test/recipes/10-test_bn_data/bngcd.txt +++ b/test/recipes/10-test_bn_data/bngcd.txt @@ -1,4 +1,4 @@ -# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17177,3 +17177,154 @@ GCD = 40000000000000000000000000000000000000000000000000000000000000000000000000 A = 58b6214f1521e171d06d7e3c30d35f05bab6a3b2eab879284e28e7a4d847a1cbaa9f9ed1eec0a6e71ceabfccad751936c9050ab89be2952d73196c4ae6df4b876ee2534267fb17514b5494cad0c66a9d44f5568107be450663d46b1f5bf39bfde15a781f98e861c0bad9eb1e3e5fd718e35b1c04a7b5501bec2145d9e0175230cd6ac68d112b591a9b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 B = 20d05fc0686051297fef03b2e53ef9eec2d2a0cd3aa4de878311aaa7f544ad19c04fd2b79800bbcb742732aa39a16a59695a0464a4faac7e6ce87018408e89ae96266058b0448722c5b04d8c30e1d619a2c644528afd132a6975cc1023dd2cafae93bf2d6ed9508a8832ed41934cbb11c3bcb51db4de08e934edc941d369dac0aa54ddc2eefa3e1d65000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 GCD = 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + + +# tests for shared pow of 2 calculation + +A = a599ed2713b687266bbb7387c7138d9f000000000000000000000000000077b22d12a1550a66a27ea8047e1c1314 +B = a7d3501b485990e3e5284f5fda5ceda300000000000000000000000000008603e0ae1b5287a0b74c67ecb3357bbf +GCD = 1 + +A = 516afa2dabf3e076df5a97c14cd1048a0000000000000000000000000000ac7a909728bafa5d08248e1bc4ea2478 +B = cf500f6be20732d3ebc1bcf5286babf90000000000000000000000000000571228d8b12290ed4121dd34dd036c86 +GCD = 1a + +A = f1c727cc79d33ffeab24ef7b059beddf00000000000000000000000000000000667bdd6ac05bb2633d4376c7f616071b +B = a53fa1d115d399d7decaa64e52ae7928000000000000000000000000000000007896bc648b7b64e3f21926f0222c9bb6 +GCD = 5 + +A = b21a4002a406fd7f0ab021f537c8d5a20000000000000000000000000000000033c3b8f18952effa89c0557a61236769 +B = 832d1ffec50bec1979071687348c0e9e00000000000000000000000000000000907adb518b7e7d895d846f86ddbd2d53 +GCD = 1 + +A = 8263d2d19f6aa93f9c989237e15bb00500000000000000000000000000000000c737cb949066346d77679fc03ab4763a +B = 1e110fe2d29b1d06b68aad6b0431958000000000000000000000000000000000601ba7bd1c6ddb762dd44f1e08e70268 +GCD = 2 + +A = 47ff5bfcbec8dece7781db5ae7745a3900000000000000000000000000000000c61426b070d6399c352eb47d9f407bc0 +B = 8e5afc09c691d39cd38e6f6206da20c90000000000000000000000000000000013ba9e00633e65490ac98bdf2e1c028c +GCD = 4 + +A = ee6fe3fcb8a7b90459bac2716d31744e00000000000000000000000000000000fe69590ad7cf320d7b05d1ec21a17aec +B = b64d178a66233f1559f0f37df3fd40b700000000000000000000000000000000bc882d1d224a37567895b4795cbde675 +GCD = 1 + +A = ff3b8f0f011790d216cac27883b5f3ed00000000000000000000000000000000464d6d60e6a7d9b208e188ea3e881481 +B = 3d703d9c75a20e83dd41831fc96ae338000000000000000000000000000000001ef846d7a67252c7d0356dd88af99bda +GCD = 1 + +A = 9f3061cbd46fe9d950f0aa917fe8016a000000000000000000000000000000007092e39710a0ce2646eea198cbf1ff66 +B = 32987d4eb8732c22e397df917d9953bb000000000000000000000000000000001b9cd9e1ea3698ee86a22fc3509e041d +GCD = 1 + +A = 9b1c01fcb99a7dbfc0bc6c20165e9f0100000000000000000000000000000000cc04125a9957537456281a6a118f27cc +B = bc3f4bf4c8ff8cf402a4da5c2e30e00f000000000000000000000000000000003fcbf7d35c9b8f9c279115eec8f11ac9 +GCD = 3 + +A = 70f06aa9d02479c106bd7be5af59bc98674dedac03348e554d0ca1094e38aacc000000000000000000000000000000002563139f6bcba65a102df9a33ff81837 +B = abf0e80d6cf5a3a572516d851c9471ba000000000000000000000000000000008d0e49c532867f23b095aaa6cb7fb8e33148261c738ad807e129b8c63540ddcc +GCD = 1 + +A = e16b46d2c83a380eb1b0583a017fdb0247c63f23c787e70c35298c451022a70a00000000000000000000000000000000b6f1921fd80f3ec56e13484d733e6820 +B = d5e8cb03f28f67edff1368bba27ee64f00000000000000000000000000000000d22e91286568c55f5b083d7f5f8a94f7e42e9cecea53bafc59bf20a0632967ee +GCD = 2 + +A = 9b0e14bc505d982210119f86375038e3c7a1396f2e7469a80e13f9de86b70cfd000000000000000000000000000000008cbae5a000165d381ef454c8e3a08fb3 +B = 886a372f68fdd3d56cb199ec980cc34e0000000000000000000000000000000041a913d07b9795bff0dd80e0228401a04b05f0d19163ec525726ad3465fd719a +GCD = 3 + +A = 921c699de90190ae9b7877adffa38ef32216c107d4c9f7e13cc1253139983c0b000000000000000000000000000000002312276da564839f958def57df6e6188 +B = a9deca82a2b65bfc3f2b204ceae03d8c00000000000000000000000000000000154c009d6f929803af910b14bb3682e98482df68da31f76fe8c450e04e19d747 +GCD = 1 + +A = bbf45d086b95732506609a3a1de14e5b659235166c6670c50cd7d47bbd85c2be000000000000000000000000000000009638621c88ac6fe737101af05511965c +B = 8646f475f45d84c463bae1538ab31e400000000000000000000000000000000018b893b827435b0b4ddf66328853aa4447d7f325dcd9d1701a7bdc62bed44942 +GCD = 2 + +A = 625a6c9f944566942e300c38ae8f6a9b6f7981faa65da5d7d7a34114e07f1f030000000000000000000000000000000090f58d8f90a853db6b5382faa495668b +B = cfdbd7426f57129563b3b629de14c30d000000000000000000000000000000001e30550d8bd5f99ce1f6e0f503f42ea0eee33cc94a33f82ef71a33fb82dfe36e +GCD = 3 + +A = a3510a39f48ccb5842989e5e6ef7e8aac4e4a1df9adde2f816583ce379d6658c000000000000000000000000000000007bdac360657ed8e3712ee5d8fe142779 +B = e376626e1c68d7544e5f906d100c7ea800000000000000000000000000000000afe91481cdd5dc165af0af9eee64b0faadd888835f4ad743288972ad18b620ef +GCD = 1 + +A = a779a2eb3ae70edff3e542e70a0631b48d03db0f6e87020b52d44b941b7d0885000000000000000000000000000000006ef7755ed2b6e61e3308c26494926f43 +B = 41ecf75d424681d1eb5727026450f2c3000000000000000000000000000000003a04d696999d29cb915d80ccad4c2498dae654c8971765c88550df458f97d52f +GCD = 31 + +A = f132afba9288e09f346b48b2ed3c7dea507a9b0d04834173c371990b53fb6b3a00000000000000000000000000000000f1218a4ded6dd5305734e796a38b98bb +B = 46e488f84f768156db17e3337b1ba73200000000000000000000000000000000b2f7692918becc971c26b78c5562e2526e26cf16e1f93c27bd32b70f1940dc7f +GCD = 1 + +A = 7f58adeb17bc5e0d17cb95d0e689762c4abdd3145cc51a9df11e5a3df2008d2900000000000000000000000000000000993d76a76e32eacd9bd65fe96bcf6ae9 +B = b97340f588d736b20a743c768082f6f100000000000000000000000000000000638d904855ca97ce2205d0a10750dd5ecd7fa873a741e1695c826d8857cd41d1 +GCD = 1 + +A = fe58b009d101061f826df5f61c758d0d2ec97f2ef4f273b0d1d49f068f41cecd00000000000000000000000000000000b3ff6ca10a5943d7f9524664a91b0aa9 +B = 5bba4f0175ba308046832e893bdaedf500000000000000000000000000000000c5ced5452d3a33426ef2126770807174e1db5d6002dca8486edbbf32804a34aa +GCD = 5 + +A = 8d5fe35940c048d82043475a4b1beb70833ca9a25f1a648cbe0ab0bbb5a64d55000000000000000000000000000000008ab382d911038e3935960d03a25f50d8 +B = 813e2b4c88c056999c9068f11a21092400000000000000000000000000000000d84e0941f34cc3757be34ad1c08df143f38bee26e934a419ce906429717132a8 +GCD = 8 + +A = 5e9f96db8871d4ee8d2fb8134708bf67a79eef310cc9d7a95b0dbaf99cbcf9df7e3b9563159f21952a11fd9ba483adc300000000000000000000000000000000c15c598c93683ee8df65ae6a88c804f8 +B = 41f154265fc06480569adc472b9caaf900000000000000000000000000000000987f22fab89e45edc9a86aa1e3fd5b06887bec647b4652accecc9ee9b7f4c582ae7935dfc313e719ae6f45effab637ab +GCD = 3 + +A = a893c172b1eabf99e2a0a314e1cce17029ab8a70a9eac4e4bbb395516bc2cf3bd70b317d2639233eadc2dc135f2401c1000000000000000000000000000000008588edbebd10f95b71ea959e23bc8eaf +B = fd8c545781c244e2ebab0b7338cfeb0b0000000000000000000000000000000012e9c8b846b68b4724c4c88281c5532276fd550e93f5efce3471c6f912aea9e87f9d349347c1d44c301d77158ff9ba03 +GCD = 1 + +A = 43b42a6ce2c89a98cb0946e2e4a0d927143b743d5cbe531f5b87964ef781e6d77a4beae116ff11db9d02304214312c2700000000000000000000000000000000f103e7668b2c97cc84407d383fc6449d +B = a224aef269134ce2d6428262fb8f5884000000000000000000000000000000005851cbdf9e61a9865fb7b2a0fa6179d6c98918f7043544a6ebfecadc79acbb65b9a8c345372ec5b71417e0d5358aab48 +GCD = 1 + +A = fbec20bb3a2a5eefdd9d2345f1f8c72649967986fa8873ad007e1f01618b4047968400bbf0a2f57d556b6d49898e365d0000000000000000000000000000000015570b6e85b7bf5c9fe2bdebd0776440 +B = 52bd3a3c4126be2ccaeb6cea501be44d00000000000000000000000000000000c447b8e8da3364b12fe33180d3576df8e0a9611cae259ba1af5b9b8f09db1baccef4e6b841448735a25f7a6ff6180d3c +GCD = 4 + +A = d6a75feed0233f66484124781ce3e799b6122ef88fef6e791a7300fa21908ad2ab773bb845a0a409f491bf553df9ad560000000000000000000000000000000062d2bc6ab15a99f8944e294e6c34dad8 +B = 72906ece088bf07e48b6cfd2a5c599ee00000000000000000000000000000000481bc91d99a172b7e134876b5d2df765c7a56ed005481f859413e92448cc4988c539a18cac6e3d82d846ee931504bcf2 +GCD = 2 + +A = ba1d3f4f0c79bcd68450dbfeb8a0437fa1e10ca7f57fa4d077f354b6ab5b8f6ddc9e3b2217c4b63daeab7be16e2bd23200000000000000000000000000000000c498dce6c703b006be1a160e9b4b0ba9 +B = 4d4473550153422281e5d9b3570a5aa10000000000000000000000000000000087f383c1132ba230cda0f7a45ef9741781216a78de7a5779d7704d3e9a79efb13e3b15a69cad9fe68c9183605867403e +GCD = 1 + +A = 686b5bedf648365aa260fb3735e8a3a63d4eb97d7a095d6c4364595eef0fbc7f81a4d2d5731a4df9d66718ef2dc520a800000000000000000000000000000000f65f1e08376077a18c8172d17b4aec2c +B = cb630b746c4f9d7672ea0a95663ad91a00000000000000000000000000000000e7c440d34ba295a7a17a24d98d569b2a57e1fcf1267b1042f471eb7c797c33f3ecd882dd89e7ac54e360363d6736bc24 +GCD = 1c + +A = a0b1b319e1841d6a48f75bdc9c26c47c46b408dc86d9e611e27967194e0abdb3baec6cd369924b41e9006a4f8ff1d7eb00000000000000000000000000000000a92d26208ca3d82a462b90b3c6f42725 +B = f78162c60cc5f0d1a366d876c44ee30a000000000000000000000000000000002d1b2fc1676cda2bec02f68358a73b40a5ac6b3597e55e7ee7ca3e4778ee3590c36a84ac347922483524575ebce8655f +GCD = 15 + +A = 3cda15bcaf63424bb09e3387f6b9383875347b1f4dcf8986597a5ddbc89b630f7dc895861cfee2d46dec73a727bebc5200000000000000000000000000000000c8d731e99cc7fe91a109569228c83873 +B = e14f25dff7d086b57dcaf3a0cace4a9700000000000000000000000000000000d799c90a2f6b354a6bc022d1223df178ea4b2139a470845588a06b65a3b922e6cebc2aa67ba40c233731dea133e574a2 +GCD = 3 + +A = 9d650c05f9bb5aea0fad6cb29a4195b65f21be3e33f944a79c62edbdd88ddaf44126cabdba0cc664d7bee119450d04d700000000000000000000000000000000c6e6465cca81ab4e08eff021b5500465 +B = 73626f946e5b2155ed2571b67aec585f000000000000000000000000000000005c40649c401527dc708a24a0d8115fcd9ad646ed550f73cc6092c07df729e50f833075a236b294a2b208fd9663af5461 +GCD = 5 + +A = 6d88c4cc98dd2b43e6fdb5f7f538383e88525712691cc58fa4628d151010c79b86a233def4ec44e05f6a808f680d2ff20000000000000000000000000000000066991b9d4f8275af5abd7a8154b98217 +B = ed7e25fb1918d8f3f01a9074463b9d3300000000000000000000000000000000b5207d51f4390f8e67af515b2c36699f3280e6d61f27ac263c4c0bad8aac00e4ab3c29d5141c7dfb59d56fede9535aea +GCD = 19 + +A = de647afe24543a31c9eb639ef61a2b808c7a190fbd614dfeb664f64300d656c9b4253070f9cb33f90eaed8b860c031c9000000000000000000000000000000004c671a089eaa353d53cf13895cbdeb93 +B = b8b76e7f2e471b82110e707c1cd1d81b000000000000000000000000000000003ae628d9858c3bce2d3ea432b27dddecb54b36946b41fd28322e82b3fc2811cb56fc3e5fafdc68d9d10024e5e15f5acf +GCD = 1 + +A = 173f3a57393657f5387f8fa34e9823dd1c6e37786f6f62fad48c3edeccff425ce4000c05e8c8780156eb509ce2e7f12900000000000000000000000000000000235de2f2d749456ffe50e84593e8b25e +B = db9b5cbf2a1c04ba7856ef09302d8e5d0000000000000000000000000000000093e0a6f7021eae0cc212d84ab0adb01e1168557462adfe81286fda320fff68599ad449956d9948b064ca2510c945e4c9 +GCD = 1 + +A = afa0643df67646be7f8d69c65ad6e4a168ecf3b5f3a932c62d77426aed526066b4d754c66317b969df72015b372de52a000000000000000000000000000000005a4825219aaa05263849a0cb5244560b +B = 5e32cb16ba43203c3e18c95e6f0494e300000000000000000000000000000000b7ea981d3fbc567c617142c2986800c3bc63ef4d8c6a402532ce87dbcf239ed4cc1bfd0d726603c80ee85e7063c4a2a7 +GCD = 1 + +A = 792a1d3ba80c6134e1b610b82429adab8212084ff66fcceb3c01f735cc6b84f8c123d2e8ae3c9f375040e9dbe0fbd54c00000000000000000000000000000000377a2d6f6385fdf7b2b48d97d639a0a6 +B = 18a68ed3ce626204cd6371f981ceb812000000000000000000000000000000007c16a303a092ae791b4989d85caf6027b9627cce8c5b6be6915cbb855435802143c6294c757ec9d15af65c72adeb3fbe +GCD = 2 diff --git a/test/recipes/15-test_dsaparam.t b/test/recipes/15-test_dsaparam.t index 2f06c1f4e058..8f7d2af1754e 100644 --- a/test/recipes/15-test_dsaparam.t +++ b/test/recipes/15-test_dsaparam.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,8 @@ use strict; use warnings; use File::Spec; +use File::Copy; +use File::Compare qw/compare_text/; use OpenSSL::Glob; use OpenSSL::Test qw/:DEFAULT data_file/; use OpenSSL::Test::Utils; @@ -66,7 +68,7 @@ plan skip_all => "DSA isn't supported in this build" my @valid = glob(data_file("valid", "*.pem")); my @invalid = glob(data_file("invalid", "*.pem")); -my $num_tests = scalar @valid + scalar @invalid; +my $num_tests = scalar @valid + scalar @invalid + 2; plan tests => $num_tests; foreach (@valid) { @@ -76,3 +78,10 @@ foreach (@valid) { foreach (@invalid) { ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); } + +my $input = data_file("valid", "p3072_q256_t1864.pem"); +my $inout = "inout.pem"; +copy($input, $inout); +ok(run(app(['openssl', 'dsaparam', '-in', $inout, '-out', $inout])), + "identical infile and outfile"); +ok(!compare_text($input, $inout), "converted file $inout did not change"); diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t index 0638d626e744..c953fad9f1ec 100644 --- a/test/recipes/15-test_ec.t +++ b/test/recipes/15-test_ec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -59,34 +59,38 @@ subtest 'PKEY conversions -- public key' => sub { -args => [ "pkey", "-pubin", "-pubout" ] ); }; -subtest 'Ed25519 conversions -- private key' => sub { - tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", - -in => srctop_file("test", "tested25519.pem") ); -}; -subtest 'Ed25519 conversions -- private key PKCS#8' => sub { - tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", - -in => srctop_file("test", "tested25519.pem"), - -args => ["pkey"] ); -}; -subtest 'Ed25519 conversions -- public key' => sub { - tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", - -in => srctop_file("test", "tested25519pub.pem"), - -args => ["pkey", "-pubin", "-pubout"] ); -}; -subtest 'Ed448 conversions -- private key' => sub { - tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", - -in => srctop_file("test", "tested448.pem") ); -}; -subtest 'Ed448 conversions -- private key PKCS#8' => sub { - tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", - -in => srctop_file("test", "tested448.pem"), - -args => ["pkey"] ); -}; -subtest 'Ed448 conversions -- public key' => sub { - tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", - -in => srctop_file("test", "tested448pub.pem"), - -args => ["pkey", "-pubin", "-pubout"] ); -}; +SKIP: { + skip "ECX is not supported by this OpenSSL build", 6 + if disabled("ecx"); + subtest 'Ed25519 conversions -- private key' => sub { + tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", + -in => srctop_file("test", "tested25519.pem") ); + }; + subtest 'Ed25519 conversions -- private key PKCS#8' => sub { + tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", + -in => srctop_file("test", "tested25519.pem"), + -args => ["pkey"] ); + }; + subtest 'Ed25519 conversions -- public key' => sub { + tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", + -in => srctop_file("test", "tested25519pub.pem"), + -args => ["pkey", "-pubin", "-pubout"] ); + }; + subtest 'Ed448 conversions -- private key' => sub { + tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", + -in => srctop_file("test", "tested448.pem") ); + }; + subtest 'Ed448 conversions -- private key PKCS#8' => sub { + tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", + -in => srctop_file("test", "tested448.pem"), + -args => ["pkey"] ); + }; + subtest 'Ed448 conversions -- public key' => sub { + tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", + -in => srctop_file("test", "tested448pub.pem"), + -args => ["pkey", "-pubin", "-pubout"] ); + }; +} subtest 'Check loading of fips and non-fips keys' => sub { plan skip_all => "FIPS is disabled" diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t index 37bf620f35ee..0d7215474515 100644 --- a/test/recipes/15-test_ecparam.t +++ b/test/recipes/15-test_ecparam.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,8 @@ use strict; use warnings; use File::Spec; -use File::Compare qw/compare_text/; +use File::Copy; +use File::Compare qw/compare_text compare/; use OpenSSL::Glob; use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; use OpenSSL::Test::Utils; @@ -25,7 +26,11 @@ my @valid = glob(data_file("valid", "*.pem")); my @noncanon = glob(data_file("noncanon", "*.pem")); my @invalid = glob(data_file("invalid", "*.pem")); -plan tests => 12; +if (disabled("sm2")) { + @valid = grep { !/sm2-.*\.pem/} @valid; +} + +plan tests => 14; sub checkload { my $files = shift; # List of files @@ -59,6 +64,19 @@ sub checkcompare { } } +sub check_identical { + my $apps = shift; # List of applications + + foreach (@$apps) { + my $inout = "$_.tst"; + my $backup = "backup.tst"; + + copy($inout, $backup); + ok(run(app(['openssl', $_, '-in', $inout, '-out', $inout]))); + ok(!compare($inout, $backup), "converted file $inout did not change"); + } +} + my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); subtest "Check loading valid parameters by ecparam with -check" => sub { @@ -116,6 +134,12 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub { checkcompare(\@valid, "pkeyparam"); }; +my @apps = ("ecparam", "pkeyparam"); +subtest "Check param apps do not garble infile identical to outfile" => sub { + plan tests => 2 * scalar(@apps); + check_identical(\@apps); +}; + subtest "Check loading of fips and non-fips params" => sub { plan skip_all => "FIPS is disabled" if $no_fips; @@ -174,3 +198,5 @@ subtest "Check loading of fips and non-fips params" => sub { $ENV{OPENSSL_CONF} = $defaultconf; }; + +ok(run(app(['openssl', 'ecparam', '-list_curves'])), "Test -list_curves"); diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t index b495b08bda58..cd331c4cfc22 100644 --- a/test/recipes/15-test_gendsa.t +++ b/test/recipes/15-test_gendsa.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 2) # FIPS related tests - + 11; + + 18; ok(run(app([ 'openssl', 'genpkey', '-genparam', '-algorithm', 'DSA', @@ -107,6 +107,51 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA'])), "genpkey DSA with no params should fail"); +ok(run(app(["openssl", "gendsa", "-verbose", + 'dsagen.pem'])), + "gendsa with -verbose option and dsagen parameter"); + +ok(!run(app(["openssl", "gendsa", + 'dsagen.pem', "-verbose"])), + "gendsa with extra parameter (at end) should fail"); + +# test key generation with dsaparam tool +ok(run(app([ 'openssl', 'dsaparam', + '-genkey', + '-text', + '1024', + ])), + "dsaparam -genkey DSA 1024 with default qbits"); + +ok(run(app([ 'openssl', 'dsaparam', + '-genkey', + '-text', + '2048', + ])), + "dsaparam -genkey DSA 2048 with default qbits"); + +ok(run(app([ 'openssl', 'dsaparam', + '-genkey', + '-text', + '1024', '160', + ])), + "dsaparam -genkey DSA 1024 with 160 qbits"); + +ok(run(app([ 'openssl', 'dsaparam', + '-genkey', + '-text', + '2048', '224', + ])), + "dsaparam -genkey DSA 2048 with 224 qbits"); + +ok(run(app([ 'openssl', 'dsaparam', + '-genkey', + '-text', + '2048', '256', + ])), + "dsaparam -genkey DSA 2048 with 256 qbits"); +# genkey test for 3072 bits keys were removed to speed up the tests + unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); @@ -115,22 +160,28 @@ unless ($no_fips) { $ENV{OPENSSL_TEST_LIBCTX} = "1"; + # DSA signing/keygen is not approved in FIPS 140-3 + run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]), + capture => 1, statusvar => \my $dsasignpass); + # Generate params - ok(run(app(['openssl', 'genpkey', + is(run(app(['openssl', 'genpkey', @prov, '-genparam', '-algorithm', 'DSA', '-pkeyopt', 'pbits:3072', '-pkeyopt', 'qbits:256', '-out', 'gendsatest3072params.pem'])), + $dsasignpass, "Generating 3072-bit DSA params"); # Generate keypair - ok(run(app(['openssl', 'genpkey', + is(run(app(['openssl', 'genpkey', @prov, '-paramfile', 'gendsatest3072params.pem', '-text', '-out', 'gendsatest3072.pem'])), + $dsasignpass, "Generating 3072-bit DSA keypair"); } diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t index 2dfed387ca06..4d5090fa398a 100644 --- a/test/recipes/15-test_genec.t +++ b/test/recipes/15-test_genec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -232,13 +232,15 @@ foreach my $curvename (@curve_list) { foreach my $outform (@output_formats) { my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + my $outpubfile = "ecgen.${curvename}.${paramenc}-pub." . lc $outform; $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", app([ 'openssl', 'genpkey', '-algorithm', 'EC', '-pkeyopt', 'ec_paramgen_curve:'.$curvename, '-pkeyopt', 'ec_param_enc:'.$paramenc, '-outform', $outform, - '-out', $outfile])); + '-out', $outfile, + '-outpubkey', $outpubfile])); } } } diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index fe99f3369490..83196031d776 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 5) # Extra FIPS related tests - + 15; + + 16; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -106,6 +106,13 @@ ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', '-aes256', '-passout', 'pass:x' ])), "rsa encrypt"); +# Check the default salt length for PBKDF2 is 16 bytes +# We expect the output to be of the form "0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687" +# i.e. 2 byte header + 16 byte salt. +ok(run(app(([ 'openssl', 'asn1parse', + '-in', 'genrsatest-enc.pem', + '-offset', '34', '-length', '18']))), + "Check the default size of the PBKDF2 PARAM 'salt length' is 16"); ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), "rsa decrypt"); diff --git a/test/recipes/15-test_gensm2.t b/test/recipes/15-test_gensm2.t index 5c655b3d1358..c62434cb1502 100644 --- a/test/recipes/15-test_gensm2.t +++ b/test/recipes/15-test_gensm2.t @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; # These are special key generation tests for SM2 keys specifically, # as they could be said to be a bit special in their encoding. -# This is an auxilliary test to 15-test_genec.t +# This is an auxiliary test to 15-test_genec.t setup("test_gensm2"); diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t index 420a57f8c10d..e0ac15772a5b 100644 --- a/test/recipes/15-test_rsa.t +++ b/test/recipes/15-test_rsa.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_rsa"); -plan tests => 12; +plan tests => 14; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -33,6 +33,11 @@ sub run_rsa_tests { "$cmd -check" ); SKIP: { + skip "Skipping Deprecated rsa_x931_test", 1 if disabled("deprecated-3.0"); + ok(run(test(['rsa_x931_test'])), "RSA X931 test"); + }; + + SKIP: { skip "Skipping $cmd conversion test", 3 if disabled("rsa"); diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t index 44721a32372f..35be4784fce8 100644 --- a/test/recipes/15-test_rsapss.t +++ b/test/recipes/15-test_rsapss.t @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_rsapss"); -plan tests => 13; +plan tests => 18; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', @@ -70,10 +70,45 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:auto-digestmax', + '-sigopt', 'rsa_mgf1_md:sha512', + '-signature', 'testrsapss-restricted.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:auto-digestmax verifies signatures with saltlen > digestlen"); + +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + '-sha1', + '-sigopt', 'rsa_padding_mode:pss', '-signature', 'testrsapss-unrestricted.sig', srctop_file('test', 'testrsa.pem')])), "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]"); +ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:auto-digestmax', + '-out', 'testrsapss-sha1-autodigestmax.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign -sha1 -rsa_pss_saltlen:auto-digestmax"); +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:20', + '-signature', 'testrsapss-sha1-autodigestmax.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign -sha1 -rsa_padding_mode:auto-digestmax produces 20 (i.e., digestlen) bits of PSS salt"); + +ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha256', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:auto-digestmax', + '-out', 'testrsapss-sha256-autodigestmax.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign -sha256 -rsa_pss_saltlen:auto-digestmax"); +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha256', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:30', + '-signature', 'testrsapss-sha256-autodigestmax.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign rsa512bit.pem -sha256 -rsa_padding_mode:auto-digestmax produces 30 bits of PSS salt (due to 512bit key)"); + # Test that RSA-PSS keys are supported by genpkey and rsa commands. { my $rsapss = "rsapss.key"; diff --git a/test/recipes/20-test_app.t b/test/recipes/20-test_app.t index be79b3775009..29ce3e6e486f 100644 --- a/test/recipes/20-test_app.t +++ b/test/recipes/20-test_app.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ use OpenSSL::Test; setup("test_app"); -plan tests => 5; +plan tests => 7; ok(run(app(["openssl"])), "Run openssl app with no args"); @@ -29,3 +29,9 @@ ok(run(app(["openssl", "-help"])), ok(run(app(["openssl", "--help"])), "Run openssl app with --help"); + +ok(run(app(["openssl", "-version"])), + "Run openssl app with -version"); + +ok(run(app(["openssl", "--version"])), + "Run openssl app with --version"); diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t index d4b4d4ca51c6..2abc4d243414 100644 --- a/test/recipes/20-test_cli_fips.t +++ b/test/recipes/20-test_cli_fips.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ use platform; my $no_check = disabled("fips") || disabled('fips-securitychecks'); plan skip_all => "Test only supported in a fips build with security checks" if $no_check; -plan tests => 11; +plan tests => 12; my $fipsmodule = bldtop_file('providers', platform->dso('fips')); my $fipsconf = srctop_file("test", "fips-and-base.cnf"); @@ -36,6 +36,9 @@ my $bogus_data = $fipsconf; $ENV{OPENSSL_CONF} = $fipsconf; +run(test(["fips_version_test", "-config", $fipsconf, "<3.4.0"]), + capture => 1, statusvar => \my $dsasignpass); + ok(run(app(['openssl', 'list', '-public-key-methods', '-verbose'])), "provider listing of public key methods"); ok(run(app(['openssl', 'list', '-public-key-algorithms', '-verbose'])), @@ -48,6 +51,8 @@ ok(run(app(['openssl', 'list', '-kem-algorithms', '-verbose'])), "provider listing of key encapsulation algorithms"); ok(run(app(['openssl', 'list', '-signature-algorithms', '-verbose'])), "provider listing of signature algorithms"); +ok(run(app(['openssl', 'list', '-tls-signature-algorithms', '-verbose'])), + "provider listing of TLS signature algorithms"); ok(run(app(['openssl', 'list', '-asymcipher-algorithms', '-verbose'])), "provider listing of encryption algorithms"); ok(run(app(['openssl', 'list', '-key-managers', '-verbose', '-select', 'DSA' ])), @@ -279,7 +284,7 @@ SKIP: { SKIP : { skip "FIPS DSA tests because of no dsa in this build", 1 - if disabled("dsa"); + if disabled("dsa") || $dsasignpass == '0'; subtest DSA => sub { my $testtext_prefix = 'DSA'; diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 96744b3741fa..248232b7e43a 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 13; +plan tests => 17; sub tsignverify { my $testtext = shift; @@ -129,9 +129,7 @@ SKIP: { SKIP: { skip "EdDSA is not supported by this OpenSSL build", 2 - if disabled("ec"); - - skip "EdDSA is not supported with `dgst` CLI", 2; + if disabled("ecx"); subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub { tsignverify("Ed25519", @@ -147,6 +145,27 @@ SKIP: { } SKIP: { + skip "ML-DSA is not supported by this OpenSSL build", 3 + if disabled("ml-dsa"); + + subtest "ML-DSA-44 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ml-DSA-44", + srctop_file("test","testmldsa44.pem"), + srctop_file("test","testmldsa44pub.pem")); + }; + subtest "ML-DSA-65 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ml-DSA-65", + srctop_file("test","testmldsa65.pem"), + srctop_file("test","testmldsa65pub.pem")); + }; + subtest "ML-DSA-87 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ml-DSA-87", + srctop_file("test","testmldsa87.pem"), + srctop_file("test","testmldsa87pub.pem")); + }; +} + +SKIP: { skip "dgst with engine is not supported by this OpenSSL build", 1 if disabled("engine") || disabled("dynamic-engine"); @@ -198,11 +217,11 @@ subtest "HMAC generation with `dgst` CLI, key via option" => sub { my $testdata = srctop_file('test', 'data.bin'); #HMAC the data twice to check consistency - my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', + my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-mac', 'HMAC', '-macopt', 'hexkey:FFFF', $testdata, $testdata]), capture => 1); chomp(@hmacdata); - my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/; + my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= 7c02d4a17d2560a5bb6763edbf33f3a34f415398f8f2e07f04b83ffd7c087dae/; ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)"); ok($hmacdata[1] =~ $expected, "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); @@ -223,17 +242,15 @@ subtest "Custom length XOF digest generation with `dgst` CLI" => sub { }; subtest "SHAKE digest generation with no xoflen set `dgst` CLI" => sub { - plan tests => 1; + plan tests => 2; my $testdata = srctop_file('test', 'data.bin'); - my @xofdata = run(app(['openssl', 'dgst', '-shake128', $testdata], stderr => "outerr.txt"), capture => 1); - chomp(@xofdata); - my $expected = qr/SHAKE-128\(\Q$testdata\E\)= bb565dac72640109e1c926ef441d3fa6/; - ok($xofdata[0] =~ $expected, "Check short digest is output"); + ok(!run(app(['openssl', 'dgst', '-shake128', $testdata])), "SHAKE128 must fail without xoflen"); + ok(!run(app(['openssl', 'dgst', '-shake256', $testdata])), "SHAKE256 must fail without xoflen"); }; SKIP: { - skip "ECDSA is not supported by this OpenSSL build", 1 + skip "ECDSA is not supported by this OpenSSL build", 2 if disabled("ec"); subtest "signing with xoflen is not supported `dgst` CLI" => sub { @@ -245,5 +262,17 @@ SKIP: { '-out', 'test.sig', srctop_file('test', 'data.bin')])), "Generating signature with xoflen should fail"); + }; + + subtest "signing using the nonce-type sigopt" => sub { + plan tests => 1; + my $data_to_sign = srctop_file('test', 'data.bin'); + + ok(run(app(['openssl', 'dgst', '-sha256', + '-sign', srctop_file("test","testec-p256.pem"), + '-out', 'test.sig', + '-sigopt', 'nonce-type:1', + srctop_file('test', 'data.bin')])), + "Sign using the nonce-type sigopt"); } } diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t index eefd897b1038..f08e8dd43724 100644 --- a/test/recipes/20-test_dhparam.t +++ b/test/recipes/20-test_dhparam.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,8 @@ use strict; use warnings; +use File::Copy; +use File::Compare qw/compare_text/; use OpenSSL::Test qw(:DEFAULT data_file srctop_file); use OpenSSL::Test::Utils; @@ -19,7 +21,7 @@ setup("test_dhparam"); plan skip_all => "DH is not supported in this build" if disabled("dh"); -plan tests => 21; +plan tests => 23; my $fipsconf = srctop_file("test", "fips-and-base.cnf"); @@ -29,6 +31,7 @@ sub checkdhparams { my $gen = shift; #2, 5 or something else (0 is "something else")? my $format = shift; #DER or PEM? my $bits = shift; #Number of bits in p + my $keybits = shift; #Recommended private key bits my $pemtype; my $readtype; my $readbits = 0; @@ -84,6 +87,13 @@ sub checkdhparams { ok((grep { (index($_, $genline) + length ($genline)) == length ($_)} @textdata), "Checking generator is correct"); + + if ($keybits) { + my $keybits_line = "recommended-private-length: $keybits bits"; + ok((grep { (index($_, $keybits_line) + length($keybits_line)) + == length($_) } @textdata), + "Checking recommended private key bits is correct"); + } } #Test some "known good" parameter files to check that we can read them @@ -122,28 +132,28 @@ subtest "Read: 1024 bit X9.42 params, DER file" => sub { #Test that generating parameters of different types creates what we expect. We #use 512 for the size for speed reasons. Don't use this in real applications! subtest "Generate: 512 bit PKCS3 params, generator 2, PEM file" => sub { - plan tests => 5; + plan tests => 6; ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.pem', '512' ]))); - checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512); + checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512, 125); }; subtest "Generate: 512 bit PKCS3 params, explicit generator 2, PEM file" => sub { - plan tests => 5; + plan tests => 6; ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-exp2-512.pem', '-2', '512' ]))); - checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512); + checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512, 125); }; subtest "Generate: 512 bit PKCS3 params, generator 5, PEM file" => sub { - plan tests => 5; + plan tests => 6; ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-5-512.pem', '-5', '512' ]))); - checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512); + checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512, 125); }; subtest "Generate: 512 bit PKCS3 params, generator 2, explicit PEM file" => sub { - plan tests => 5; + plan tests => 6; ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.exp.pem', '-outform', 'PEM', '512' ]))); - checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512); + checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512, 125); }; SKIP: { skip "Skipping tests that require DSA", 4 if disabled("dsa"); @@ -202,6 +212,13 @@ SKIP: { delete $ENV{OPENSSL_CONF}; } +my $input = data_file("pkcs3-2-1024.pem"); ok(run(app(["openssl", "dhparam", "-noout", "-text"], - stdin => data_file("pkcs3-2-1024.pem"))), + stdin => $input)), "stdinbuffer input test that uses BIO_gets"); + +my $inout = "inout.pem"; +copy($input, $inout); +ok(run(app(['openssl', 'dhparam', '-in', $inout, '-out', $inout])), + "identical infile and outfile"); +ok(!compare_text($input, $inout), "converted file $inout did not change"); diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t index c5391d53f252..2b430b74fcb6 100644 --- a/test/recipes/20-test_enc.t +++ b/test/recipes/20-test_enc.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ my @ciphers = |rc2|rc4|seed)/x} @ciphers if disabled("legacy"); -plan tests => 2 + (scalar @ciphers)*2; +plan tests => 5 + (scalar @ciphers)*2; SKIP: { skip "Problems getting ciphers...", 1 + scalar(@ciphers) @@ -72,4 +72,22 @@ plan tests => 2 + (scalar @ciphers)*2; && compare_text($test,$clearfile) == 0, $t); } } + ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-out", + "salted_default.cipher", "-pass", "pass:password"])) + && run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2", + "-saltlen", "8", "-out", "salted_default.clear", "-pass", "pass:password"])) + && compare_text($test,"salted_default.clear") == 0, + "Check that the default salt length of 8 bytes is used for PKDF2"); + + ok(!run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2", + "-saltlen", "16", "-out", "salted_fail.clear", "-pass", "pass:password"])), + "Check the decrypt fails if the saltlen is incorrect"); + + ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-saltlen", "16", + "-out", "salted.cipher", "-pass", "pass:password"])) + && run(app([$cmd, "enc", "-d", "-in", "salted.cipher", "-aes256", "-pbkdf2", + "-saltlen", "16", "-out", "salted.clear", "-pass", "pass:password"])) + && compare_text($test,"salted.clear") == 0, + "Check that we can still use a salt length of 16 bytes for PKDF2"); + } diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 2c9540b70f93..31e46c6d99b0 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,13 +11,13 @@ use warnings; use File::Spec; use File::Basename; -use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; +use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/; use OpenSSL::Test::Utils; -use File::Compare qw/compare_text/; +use File::Compare qw/compare_text compare/; setup("test_pkeyutl"); -plan tests => 14; +plan tests => 27; # For the tests below we use the cert itself as the TBS file @@ -54,20 +54,27 @@ SKIP: { } SKIP: { - skip "Skipping tests that require EC", 4 - if disabled("ec"); + skip "Skipping tests that require ECX", 7 + if disabled("ecx"); # Ed25519 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', srctop_file('test', 'certs', 'server-ed25519-cert.pem'), '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'), - '-out', 'Ed25519.sig', '-rawin']))), + '-out', 'Ed25519.sig']))), "Sign a piece of data using Ed25519"); ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', srctop_file('test', 'certs', 'server-ed25519-cert.pem'), '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'), - '-sigfile', 'Ed25519.sig', '-rawin']))), + '-sigfile', 'Ed25519.sig']))), "Verify an Ed25519 signature against a piece of data"); + #Check for failure return code + with({ exit_checker => sub { return shift == 1; } }, + sub { + ok(run(app(([ 'openssl', 'pkeyutl', '-verifyrecover', '-in', 'Ed25519.sig', + '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem')]))), + "Cannot use -verifyrecover with EdDSA"); + }); # Ed448 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', @@ -80,8 +87,19 @@ SKIP: { '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), '-sigfile', 'Ed448.sig', '-rawin']))), "Verify an Ed448 signature against a piece of data"); + ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', + srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), + '-out', 'Ed448.sig']))), + "Sign a piece of data using Ed448 -rawin no more needed"); + ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', + srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), + '-sigfile', 'Ed448.sig']))), + "Verify an Ed448 signature against a piece of data, no -rawin"); } +my $sigfile; sub tsignverify { my $testtext = shift; my $privkey = shift; @@ -90,7 +108,7 @@ sub tsignverify { my $data_to_sign = srctop_file('test', 'data.bin'); my $other_data = srctop_file('test', 'data2.bin'); - my $sigfile = basename($privkey, '.pem') . '.sig'; + $sigfile = basename($privkey, '.pem') . '.sig'; my @args = (); plan tests => 5; @@ -109,8 +127,12 @@ sub tsignverify { '-out', $sigfile, '-in', $data_to_sign); push(@args, @extraopts); - ok(!run(app([@args])), - $testtext.": Checking that mismatching keyform fails"); + #Check for failure return code + with({ exit_checker => sub { return shift == 1; } }, + sub { + ok(run(app([@args])), + $testtext.": Checking that mismatching keyform fails"); + }); @args = ('openssl', 'pkeyutl', '-verify', '-inkey', $privkey, @@ -134,12 +156,16 @@ sub tsignverify { '-sigfile', $sigfile, '-in', $other_data); push(@args, @extraopts); - ok(!run(app([@args])), - $testtext.": Expect failure verifying mismatching data"); + #Check for failure return code + with({ exit_checker => sub { return shift == 1; } }, + sub { + ok(run(app([@args])), + $testtext.": Expect failure verifying mismatching data"); + }); } SKIP: { - skip "RSA is not supported by this OpenSSL build", 1 + skip "RSA is not supported by this OpenSSL build", 3 if disabled("rsa"); subtest "RSA CLI signature generation and verification" => sub { @@ -149,6 +175,10 @@ SKIP: { "-rawin", "-digest", "sha256"); }; + ok(run(app((['openssl', 'pkeyutl', '-verifyrecover', '-in', $sigfile, + '-pubin', '-inkey', srctop_file('test', 'testrsapub.pem')]))), + "RSA: Verify signature with -verifyrecover"); + subtest "RSA CLI signature and verification with pkeyopt" => sub { tsignverify("RSA", srctop_file("test","testrsa.pem"), @@ -156,6 +186,7 @@ SKIP: { "-rawin", "-digest", "sha256", "-pkeyopt", "rsa_padding_mode:pss"); }; + } SKIP: { @@ -183,8 +214,8 @@ SKIP: { } SKIP: { - skip "EdDSA is not supported by this OpenSSL build", 2 - if disabled("ec"); + skip "EdDSA is not supported by this OpenSSL build", 4 + if disabled("ecx"); subtest "Ed2559 CLI signature generation and verification" => sub { tsignverify("Ed25519", @@ -199,4 +230,53 @@ SKIP: { srctop_file("test","tested448pub.pem"), "-rawin"); }; + + subtest "Ed2559 CLI signature generation and verification, no -rawin" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 CLI signature generation and verification, no -rawin" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem")); + }; +} + +#Encap/decap tests +# openssl pkeyutl -encap -pubin -inkey rsa_pub.pem -secret secret.bin -out encap_out.bin +# openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin +# decap_out is equal to secret +SKIP: { + skip "RSA is not supported by this OpenSSL build", 7 + if disabled("rsa"); # Note "rsa" isn't (yet?) disablable. + + # Self-compat + ok(run(app(([ 'openssl', 'pkeyutl', '-encap', + '-inkey', srctop_file('test', 'testrsa2048pub.pem'), + '-out', 'encap_out.bin', '-secret', 'secret.bin']))), + "RSA pubkey encapsulation"); + ok(run(app(([ 'openssl', 'pkeyutl', '-decap', + '-inkey', srctop_file('test', 'testrsa2048.pem'), + '-in', 'encap_out.bin', '-secret', 'decap_secret.bin']))), + "RSA pubkey decapsulation"); + is(compare("secret.bin", "decap_secret.bin"), 0, "Secret is correctly decapsulated"); + + # Legacy CLI with decap output written to '-out' and with '-kemop` specified + ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE', + '-inkey', srctop_file('test', 'testrsa2048.pem'), + '-in', 'encap_out.bin', '-out', 'decap_out.bin']))), + "RSA pubkey decapsulation"); + is(compare("secret.bin", "decap_out.bin"), 0, "Secret is correctly decapsulated"); + + # Pregenerated + ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE', + '-inkey', srctop_file('test', 'testrsa2048.pem'), + '-in', srctop_file('test', 'encap_out.bin'), + '-secret', 'decap_out_etl.bin']))), + "RSA pubkey decapsulation - pregenerated"); + + is(compare(srctop_file('test', 'encap_secret.bin'), "decap_out_etl.bin"), 0, + "Secret is correctly decapsulated - pregenerated"); } diff --git a/test/recipes/25-test_eai_data/san.ascii b/test/recipes/25-test_eai_data/san.ascii index e719e2660f00..15043655049a 100644 --- a/test/recipes/25-test_eai_data/san.ascii +++ b/test/recipes/25-test_eai_data/san.ascii @@ -1,2 +1,2 @@ X509v3 Subject Alternative Name: - othername: SmtpUTF8Mailbox::å¦ç”Ÿ@elementary.school.example.com + othername: SmtpUTF8Mailbox:å¦ç”Ÿ@elementary.school.example.com diff --git a/test/recipes/25-test_eai_data/san.utf8 b/test/recipes/25-test_eai_data/san.utf8 index cf62d9dfbe63..063ccc02e4cf 100644 --- a/test/recipes/25-test_eai_data/san.utf8 +++ b/test/recipes/25-test_eai_data/san.utf8 @@ -1,2 +1,2 @@ X509v3 Subject Alternative Name: - othername: SmtpUTF8Mailbox::医生@大å¦.example.com + othername: SmtpUTF8Mailbox:医生@大å¦.example.com diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t index cbb9902bdddd..23f1c8a7645d 100644 --- a/test/recipes/25-test_pkcs7.t +++ b/test/recipes/25-test_pkcs7.t @@ -15,10 +15,15 @@ use OpenSSL::Test qw/:DEFAULT srctop_file data_file/; setup("test_pkcs7"); -plan tests => 4; +plan tests => 7; require_ok(srctop_file('test','recipes','tconversion.pl')); +my @path = qw(test certs); +my $pemfile = "grfc.pem"; +my $p7file = "grfc.p7b"; +my $out = "grfc.out"; + subtest 'pkcs7 conversions -- pkcs7' => sub { tconversion( -type => 'p7', -in => srctop_file("test", "testp7.pem"), -args => ["pkcs7"] ); @@ -27,6 +32,14 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub { tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"), -args => ["pkcs7"] ); }; +ok(run(app(["openssl", "crl2pkcs7", "-nocrl", + "-certfile", srctop_file(@path, $pemfile), + "-out", $p7file]))); +ok(run(app(["openssl", "pkcs7", "-print_certs", "-quiet", + "-in", $p7file, + "-out", $out]))); +is(cmp_text($out, data_file('grfc.out')), + 0, 'Comparing output'); my $malformed = data_file('malformed.pkcs7'); ok(run(app(["openssl", "pkcs7", "-in", $malformed]))); diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 932635f4b2c1..0b1c16aee05b 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 50; +plan tests => 113; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -36,8 +36,8 @@ if (disabled("rsa")) { $ENV{MSYS2_ARG_CONV_EXCL} = "/CN="; # Check for duplicate -addext parameters, and one "working" case. -my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", - "-key", srctop_file("test", "certs", "ee-key.pem"), +my @addext_args = ( "openssl", "req", "-new", "-out", "testreq-addexts.pem", + "-key", srctop_file(@certs, "ee-key.pem"), "-config", srctop_file("test", "test.cnf"), @req_new ); my $val = "subjectAltName=DNS:example.com"; my $val1 = "subjectAltName=otherName:1.2.3.4;UTF8:test,email:info\@example.com"; @@ -55,6 +55,9 @@ ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); ok(run(app([@addext_args, "-addext", "subjectAltName=dirName:dirname_sec"]))); +ok(run(app([@addext_args, "-addext", "keyUsage=digitalSignature", + "-reqexts", "reqexts"]))); # referring to section in test.cnf + # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. ok(!run(app(["openssl", "req", "-x509", "-in", srctop_file(@certs, "x509-check.csr"), @@ -205,7 +208,7 @@ subtest "generating certificate requests with RSA-PSS" => sub { ok(!run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq-rsapss3.pem", "-utf8", - "-sigopt", "rsa_pss_saltlen:-4", + "-sigopt", "rsa_pss_saltlen:-5", "-key", srctop_file("test", "testrsapss.pem")])), "Generating request with expected failure"); @@ -270,7 +273,7 @@ subtest "generating certificate requests with Ed25519" => sub { SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ecx"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), @@ -290,7 +293,7 @@ subtest "generating certificate requests with Ed448" => sub { SKIP: { skip "Ed448 is not supported by this OpenSSL build", 2 - if disabled("ec"); + if disabled("ecx"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), @@ -309,7 +312,7 @@ subtest "generating certificate requests" => sub { plan tests => 2; ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), - "-key", srctop_file("test", "certs", "ee-key.pem"), + "-key", srctop_file(@certs, "ee-key.pem"), @req_new, "-out", "testreq.pem"])), "Generating request"); @@ -352,6 +355,154 @@ subtest "generating SM2 certificate requests" => sub { } }; +subtest "generating certificate requests with ML-DSA" => sub { + plan tests => 5; + + SKIP: { + skip "ML-DSA is not supported by this OpenSSL build", 5 + if disabled("ml-dsa"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-x509", "-sha256", "-nodes", "-days", "365", + "-newkey", "ML-DSA-44", + "-keyout", "privatekey_ml_dsa_44.pem", + "-out", "cert_ml_dsa_44.pem", + "-subj", "/CN=test-self-signed", + "-addext","keyUsage=digitalSignature"])), + "Generating self signed ML-DSA-44 cert and private key"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-x509", "-sha256", "-nodes", "-days", "365", + "-newkey", "ML-DSA-65", + "-keyout", "privatekey_ml_dsa_65.pem", + "-out", "cert_ml_dsa_65.pem", + "-subj", "/CN=test-self-signed", + "-addext","keyUsage=digitalSignature"])), + "Generating self signed ML-DSA-65 cert and private key"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-x509", "-sha256", "-nodes", "-days", "365", + "-newkey", "ML-DSA-44", + "-keyout", "privatekey_ml_dsa_87.pem", + "-out", "cert_ml_dsa_87.pem", + "-subj", "/CN=test-self-signed", + "-addext","keyUsage=digitalSignature"])), + "Generating self signed ML-DSA-87 cert and private key"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", + "-sigopt","hextest-entropy:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "-out", "csr_ml_dsa_87.pem", + "-newkey", "ML-DSA-87", + "-passout", "pass:x"])), + "Generating ML-DSA-87 csr"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-in", "csr_ml_dsa_87.pem"])), + "verifying ML-DSA-87 csr"); + } +}; + +subtest "generating certificate requests with -cipher flag" => sub { + plan tests => 6; + + diag("Testing -cipher flag with aes-256-cbc..."); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-newkey", "rsa:2048", + "-keyout", "privatekey-aes256.pem", + "-out", "testreq-rsa-cipher.pem", + "-utf8", + "-cipher", "aes-256-cbc", + "-passout", "pass:password"])), + "Generating request with -cipher flag (AES-256-CBC)"); + + diag("Verifying signature for aes-256-cbc..."); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq-rsa-cipher.pem", "-noout"])), + "Verifying signature on request with -cipher (AES-256-CBC)"); + + open my $fh, '<', "privatekey-aes256.pem" or BAIL_OUT("Could not open key file: $!"); + my $first_line = <$fh>; + close $fh; + ok($first_line =~ /^-----BEGIN ENCRYPTED PRIVATE KEY-----/, + "Check that the key file is encrypted (AES-256-CBC)"); + + diag("Testing -cipher flag with aes-128-cbc..."); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-newkey", "rsa:2048", + "-keyout", "privatekey-aes128.pem", + "-out", "testreq-rsa-cipher-aes128.pem", + "-utf8", + "-cipher", "aes-128-cbc", + "-passout", "pass:password"])), + "Generating request with -cipher flag (AES-128-CBC)"); + + diag("Verifying signature for aes-128-cbc..."); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq-rsa-cipher-aes128.pem", "-noout"])), + "Verifying signature on request with -cipher (AES-128-CBC)"); + + open my $fh_aes128, '<', "privatekey-aes128.pem" or BAIL_OUT("Could not open key file: $!"); + my $first_line_aes128 = <$fh_aes128>; + close $fh_aes128; + ok($first_line_aes128 =~ /^-----BEGIN ENCRYPTED PRIVATE KEY-----/, + "Check that the key file is encrypted (AES-128-CBC)"); +}; + +subtest "generating certificate requests with SLH-DSA" => sub { + plan tests => 5; + + SKIP: { + skip "SLH-DSA is not supported by this OpenSSL build", 5 + if disabled("slh-dsa"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-x509", "-sha256", "-nodes", "-days", "365", + "-newkey", "SLH-DSA-SHA2-128f", + "-keyout", "privatekey_slh_dsa_sha2_128f.pem", + "-out", "cert_slh_dsa_sha2_128f.pem", + "-subj", "/CN=test-self-signed", + "-addext","keyUsage=digitalSignature"])), + "Generating self signed SLH-DSA-SHA2-128f cert and private key"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-x509", "-sha256", "-nodes", "-days", "365", + "-newkey", "SLH-DSA-SHA2-256s", + "-keyout", "privatekey_slh_dsa_sha2_256s.pem", + "-out", "cert_slh_dsa_sha2_256s.pem", + "-subj", "/CN=test-self-signed", + "-addext","keyUsage=digitalSignature"])), + "Generating self signed SLH-DSA-SHA2-256s cert and private key"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-x509", "-sha256", "-nodes", "-days", "365", + "-newkey", "SLH-DSA-SHAKE-256f", + "-keyout", "privatekey_slh_dsa_shake_256f.pem", + "-out", "cert_slh_dsa_shake_256f.pem", + "-subj", "/CN=test-self-signed", + "-addext","keyUsage=digitalSignature"])), + "Generating self signed SLH-DSA-SHAKE-256f cert and private key"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", + "-sigopt","hextest-entropy:000102030405060708090a0b0c0d0e0f", + "-out", "csr_slh_dsa_shake128.pem", + "-newkey", "SLH-DSA-SHAKE-128s", + "-passout", "pass:x"])), + "Generating SLH-DSA-SHAKE-128s csr"); + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-in", "csr_slh_dsa_shake128.pem"])), + "verifying SLH-DSA-SHAKE-128s csr"); + } +}; + my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); run_conversion('req conversions', @@ -399,16 +550,7 @@ sub generate_cert { push(@cmd, ("-CA", $ca_cert, "-CAkey", $ca_key)) unless $ss; ok(run(app([@cmd])), "generate $cert"); } -sub has_SKID { - my $cert = shift @_; - my $expect = shift @_; - cert_contains($cert, "Subject Key Identifier", $expect); -} -sub has_AKID { - my $cert = shift @_; - my $expect = shift @_; - cert_contains($cert, "Authority Key Identifier", $expect); -} + sub has_keyUsage { my $cert = shift @_; my $expect = shift @_; @@ -427,55 +569,181 @@ sub strict_verify { my @v3_ca = ("-addext", "basicConstraints = critical,CA:true", "-addext", "keyUsage = keyCertSign"); my $SKID_AKID = "subjectKeyIdentifier,authorityKeyIdentifier"; -my $cert = "self-signed_v1_CA_no_KIDs.pem"; + +# # SKID + +my $cert = "self-signed_default_SKID_no_explicit_exts.pem"; generate_cert($cert); -cert_ext_has_n_different_lines($cert, 0, $SKID_AKID); # no SKID and no AKID -#TODO strict_verify($cert, 1); # self-signed v1 root cert should be accepted as CA +has_version($cert, 3); +has_SKID($cert, 1); # SKID added, though no explicit extensions given +has_AKID($cert, 0); -$ca_cert = "self-signed_v3_CA_default_SKID.pem"; -generate_cert($ca_cert, @v3_ca); -has_SKID($ca_cert, 1); -has_AKID($ca_cert, 0); -strict_verify($ca_cert, 1); +my $cert = "self-signed_v3_CA_hash_SKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = hash"); +has_SKID($cert, 1); # explicit hash SKID $cert = "self-signed_v3_CA_no_SKID.pem"; generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = none"); cert_ext_has_n_different_lines($cert, 0, $SKID_AKID); # no SKID and no AKID #TODO strict_verify($cert, 0); -$cert = "self-signed_v3_CA_both_KIDs.pem"; -generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = hash", - "-addext", "authorityKeyIdentifier = keyid:always"); -cert_ext_has_n_different_lines($cert, 3, $SKID_AKID); # SKID == AKID +$cert = "self-signed_v3_CA_given_SKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "subjectKeyIdentifier = 45"); +cert_contains($cert, "Subject Key Identifier: 45 ", 1); # given SKID strict_verify($cert, 1); +# AKID of self-signed certs + +$cert = "self-signed_v1_CA_no_KIDs.pem"; +generate_cert($cert, "-x509v1"); +has_version($cert, 1); +cert_ext_has_n_different_lines($cert, 0, $SKID_AKID); # no SKID and no AKID +#TODO strict_verify($cert, 1); # self-signed v1 root cert should be accepted as CA + +$ca_cert = "self-signed_v3_CA_default_SKID.pem"; # will also be used below +generate_cert($ca_cert, @v3_ca); +has_SKID($ca_cert, 1); # default SKID +has_AKID($ca_cert, 0); # no default AKID +strict_verify($ca_cert, 1); + +$cert = "self-signed_v3_CA_no_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = none"); +has_AKID($cert, 0); # forced no AKID + +$cert = "self-signed_v3_CA_explicit_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid"); +has_AKID($cert, 0); # for self-signed cert, AKID suppressed and not forced + +$cert = "self-signed_v3_CA_forced_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always"); +cert_ext_has_n_different_lines($cert, 3, $SKID_AKID); # forced AKID, AKID == SKID +strict_verify($cert, 1); + +$cert = "self-signed_v3_CA_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer"); +has_AKID($cert, 0); # suppressed AKID since not forced + +$cert = "self-signed_v3_CA_forced_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer:always"); +cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # forced issuer AKID + +$cert = "self-signed_v3_CA_nonforced_keyid_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid, issuer"); +has_AKID($cert, 0); # AKID not present because not forced and cert self-signed + +$cert = "self-signed_v3_CA_keyid_forced_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid, issuer:always"); +cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # issuer AKID forced, with keyid not forced + +$cert = "self-signed_v3_CA_forced_keyid_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always, issuer"); +has_AKID($cert, 1); # AKID with keyid forced +cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 0); # no issuer AKID + +$cert = "self-signed_v3_CA_forced_keyid_forced_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always, issuer:always"); +cert_contains($cert, "Authority Key Identifier: keyid(:[0-9A-Fa-f]{2})+ DirName:/CN=CA serial:", 1); # AKID with keyid and issuer forced + $cert = "self-signed_v3_EE_wrong_keyUsage.pem"; generate_cert($cert, "-addext", "keyUsage = keyCertSign"); #TODO strict_verify($cert, 1); # should be accepted because RFC 5280 does not apply -$cert = "v3_EE_default_KIDs.pem"; +# AKID of self-issued but not self-signed certs + +$cert = "self-issued_x509_v3_CA_default_KIDs.pem"; +ok(run(app([("openssl", "x509", "-copy_extensions", "copy", + "-req", "-in", srctop_file(@certs, "ext-check.csr"), + "-key", srctop_file(@certs, "ca-key.pem"), + "-force_pubkey", srctop_file("test", "testrsapub.pem"), + "-out", $cert)])), "generate using x509: $cert"); +cert_contains($cert, "Issuer: CN=test .*? Subject: CN=test", 1); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID +strict_verify($cert, 1); + +$cert = "self-issued_v3_CA_default_KIDs.pem"; generate_cert($cert, "-addext", "keyUsage = dataEncipherment", - "-key", srctop_file(@certs, "ee-key.pem")); + "-in", srctop_file(@certs, "x509-check.csr")); +cert_contains($cert, "Issuer: CN=CA .*? Subject: CN=CA", 1); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID +strict_verify($cert, 1); + +$cert = "self-issued_v3_CA_no_AKID.pem"; +generate_cert($cert, "-addext", "authorityKeyIdentifier = none", + "-in", srctop_file(@certs, "x509-check.csr")); +has_version($cert, 3); +has_SKID($cert, 1); # SKID added, though no explicit extensions given +has_AKID($cert, 0); +strict_verify($cert, 1); + +$cert = "self-issued_v3_CA_explicit_AKID.pem"; +generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID +strict_verify($cert, 1); + +$cert = "self-issued_v3_CA_forced_AKID.pem"; +generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid:always", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID + +$cert = "self-issued_v3_CA_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # just issuer AKID + +$cert = "self-issued_v3_CA_forced_issuer_AKID.pem"; +generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer:always", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # just issuer AKID + +$cert = "self-issued_v3_CA_keyid_issuer_AKID.pem"; +generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid, issuer", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID, not forced + +$cert = "self-issued_v3_CA_keyid_forced_issuer_AKID.pem"; +generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid, issuer:always", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_ext_has_n_different_lines($cert, 6, $SKID_AKID); # SKID != AKID, with forced issuer + +$cert = "self-issued_v3_CA_forced_keyid_and_issuer_AKID.pem"; +generate_cert($cert, "-addext", "authorityKeyIdentifier = keyid:always, issuer:always", + "-in", srctop_file(@certs, "x509-check.csr")); +cert_ext_has_n_different_lines($cert, 6, $SKID_AKID); # SKID != AKID, both forced + +# AKID of not self-issued certs + +$cert = "regular_v3_EE_default_KIDs_no_other_exts.pem"; +generate_cert($cert, "-key", srctop_file(@certs, "ee-key.pem")); +has_version($cert, 3); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID + +$cert = "regular_v3_EE_default_KIDs.pem"; +generate_cert($cert, "-addext", "keyUsage = dataEncipherment", + "-key", srctop_file(@certs, "ee-key.pem")); cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID strict_verify($cert, 1, $ca_cert); +$cert = "regular_v3_EE_copied_exts_default_KIDs.pem"; +generate_cert($cert, "-copy_extensions", "copy", + "-in", srctop_file(@certs, "ext-check.csr")); +cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID +strict_verify($cert, 1); + $cert = "v3_EE_no_AKID.pem"; generate_cert($cert, "-addext", "authorityKeyIdentifier = none", - "-key", srctop_file(@certs, "ee-key.pem")); + "-key", srctop_file(@certs, "ee-key.pem")); has_SKID($cert, 1); has_AKID($cert, 0); strict_verify($cert, 0, $ca_cert); -$cert = "self-issued_v3_EE_default_KIDs.pem"; -generate_cert($cert, "-addext", "keyUsage = dataEncipherment", - "-in", srctop_file(@certs, "x509-check.csr")); -cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID -strict_verify($cert, 1); -my $cert = "self-signed_CA_no_keyUsage.pem"; +# Key Usage + +$cert = "self-signed_CA_no_keyUsage.pem"; generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr")); has_keyUsage($cert, 0); -my $cert = "self-signed_CA_with_keyUsages.pem"; +$cert = "self-signed_CA_with_keyUsages.pem"; generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr"), "-copy_extensions", "copy"); has_keyUsage($cert, 1); @@ -490,3 +758,16 @@ ok(run(app(["openssl", "req", "-x509", "-new", "-days", "365", # Verify cert ok(run(app(["openssl", "x509", "-in", "testreq-cert.pem", "-noout", "-text"])), "cert verification"); + +# Generate cert with explicit start and end dates +my %today = (strftime("%Y-%m-%d", gmtime) => 1); +my $cert = "self-signed_explicit_date.pem"; +ok(run(app(["openssl", "req", "-x509", "-new", "-text", + "-config", srctop_file('test', 'test.cnf'), + "-key", srctop_file("test", "testrsa.pem"), + "-not_before", "today", + "-not_after", "today", + "-out", $cert])) +&& ++$today{strftime("%Y-%m-%d", gmtime)} +&& (grep { defined $today{$_} } get_not_before_date($cert)) +&& (grep { defined $today{$_} } get_not_after_date($cert)), "explicit start and end dates"); diff --git a/test/recipes/25-test_rusext.t b/test/recipes/25-test_rusext.t index 05727f9d04f9..6c02ed1ba232 100644 --- a/test/recipes/25-test_rusext.t +++ b/test/recipes/25-test_rusext.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_rusext"); -plan tests => 5; +plan tests => 7; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); my $pem = srctop_file("test/certs", "grfc.pem"); @@ -31,3 +31,7 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, "-nameopt", "utf8", "-certopt", "no_pubkey"]))); is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')), 0, 'Comparing utf8 output'); +ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, + "-certopt", "no_pubkey"]))); +is(cmp_text($out_utf8, srctop_file('test', 'recipes', '25-test_rusext_data', 'grfc.utf8')), + 0, 'Comparing cyrillic utf8 output by default'); diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 7fa14d9daa8b..57f9081799fd 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -29,7 +29,7 @@ sub verify { run(app([@args])); } -plan tests => 166; +plan tests => 194; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -242,6 +242,48 @@ ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]), ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"), "reject non-ca with pathlen:0 with strict flag"); +# EE veaiants wrt timestamp signing +ok(verify("ee-timestampsign-CABforum", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "accept timestampsign according to CAB forum"); +ok(!verify("ee-timestampsign-CABforum-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with extendedKeyUsage not critical"); +ok(!verify("ee-timestampsign-CABforum-serverauth", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with serverAuth"); +ok(!verify("ee-timestampsign-CABforum-anyextkeyusage", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with anyExtendedKeyUsage"); +ok(!verify("ee-timestampsign-CABforum-crlsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with cRLSign"); +ok(!verify("ee-timestampsign-CABforum-keycertsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with keyCertSign"); +ok(verify("ee-timestampsign-rfc3161", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "accept timestampsign according to RFC 3161"); +ok(!verify("ee-timestampsign-rfc3161-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to RFC 3161 with extendedKeyUsage not critical"); +ok(verify("ee-timestampsign-rfc3161-digsig", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "accept timestampsign according to RFC 3161 with digitalSignature"); + +# EE variants wrt code signing +ok(verify("ee-codesign", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "accept codesign"); +ok(!verify("ee-codesign-serverauth", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail codesign with additional serverAuth"); +ok(!verify("ee-codesign-anyextkeyusage", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail codesign with additional anyExtendedKeyUsage"); +ok(!verify("ee-codesign-crlsign", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail codesign with additional cRLSign"); +ok(!verify("ee-codesign-keycertsign", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail codesign with additional keyCertSign"); +ok(!verify("ee-codesign-noncritical", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail codesign without critical KU"); +ok(!verify("ee-cert", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail sslserver as code sign"); +ok(!verify("ee-client", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail sslclient as codesign"); +ok(!verify("ee-timestampsign-CABforum", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum as codesign"); +ok(!verify("ee-timestampsign-rfc3161", "codesign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to RFC 3161 as codesign"); + # Proxy certificates ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]), "fail to accept proxy cert without -allow_proxy_certs"); @@ -297,7 +339,7 @@ ok(!verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"]), # Explicit vs named curve tests SKIP: { - skip "EC is not supported by this OpenSSL build", 3 + skip "EC is not supported by this OpenSSL build", 7 if disabled("ec"); ok(!verify("ee-cert-ec-explicit", "", ["root-cert"], ["ca-cert-ec-named"]), @@ -308,6 +350,14 @@ SKIP: { ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ["ca-cert-ec-named"]), "accept named curve leaf with named curve intermediate"); + ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-224"); + ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-256"); + ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-384"); + ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-512"); } # Same as above but with base provider used for decoding SKIP: { @@ -316,9 +366,22 @@ SKIP: { my $provpath = bldtop_dir("providers"); my @prov = ("-provider-path", $provpath); - skip "EC is not supported or FIPS is disabled", 3 + skip "EC is not supported or FIPS is disabled", 7 if disabled("ec") || $no_fips; + $ENV{OPENSSL_CONF} = $provconf; + + ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-224 w/fips"); + ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-256 w/fips"); + ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-384 w/fips"); + ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-512 w/fips"); + + delete $ENV{OPENSSL_CONF}; + run(test(["fips_version_test", "-config", $provconf, ">3.0.0"]), capture => 1, statusvar => \my $exit); skip "FIPS provider version is too old", 3 @@ -335,7 +398,6 @@ SKIP: { ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ["ca-cert-ec-named"], @prov), "accept named curve leaf with named curve intermediate w/fips"); - delete $ENV{OPENSSL_CONF}; } @@ -405,6 +467,9 @@ ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ), "CVE-2022-4203 type confusion test"); +ok(verify("nc-uri-cert", "", ["root-cert"], ["ncca4-cert"], ), + "Name constraints URI with userinfo"); + #Check that we get the expected failure return code with({ exit_checker => sub { return shift == 2; } }, sub { @@ -453,7 +518,7 @@ ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []), SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 6 - if disabled("ec"); + if disabled("ecx"); # ED25519 certificate from draft-ietf-curdle-pkix-04 ok(verify("ee-ed25519", "", ["root-ed25519"], []), diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 8092f7b71549..09b61708ff8a 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 29; +plan tests => 134; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -43,6 +43,18 @@ is(cmp_text($out_utf8, $utf), 0, 'Comparing utf8 output with cyrillic.utf8'); SKIP: { + skip "EdDSA disabled", 2 if disabled("ecx"); + + $pem = srctop_file(@certs, "tab-in-dn.pem"); + my $out_text = "out-tab-in-dn.text"; + my $text = srctop_file(@certs, "tab-in-dn.text"); + ok(run(app(["openssl", "x509", "-text", "-noout", + "-in", $pem, "-out", $out_text]))); + is(cmp_text($out_text, $text), + 0, 'Comparing default output with tab-in-dn.text'); +} + +SKIP: { skip "DES disabled", 1 if disabled("des"); skip "Platform doesn't support command line UTF-8", 1 if $^O =~ /^(VMS|msys)$/; @@ -70,18 +82,34 @@ my $extfile = srctop_file("test", "v3_ca_exts.cnf"); my $pkey = srctop_file(@certs, "ca-key.pem"); # issuer private key my $pubkey = "ca-pubkey.pem"; # the corresponding issuer public key # use any (different) key for signing our self-issued cert: -my $signkey = srctop_file(@certs, "serverkey.pem"); +my $key = srctop_file(@certs, "serverkey.pem"); my $selfout = "self-issued.out"; my $testcert = srctop_file(@certs, "ee-cert.pem"); ok(run(app(["openssl", "pkey", "-in", $pkey, "-pubout", "-out", $pubkey])) -&& run(app(["openssl", "x509", "-new", "-force_pubkey", $pubkey, - "-subj", $subj, "-extfile", $extfile, - "-signkey", $signkey, "-out", $selfout])) +&& run(app(["openssl", "x509", "-new", "-force_pubkey", $pubkey, "-subj", $subj, + "-extfile", $extfile, "-key", $key, "-out", $selfout])) && run(app(["openssl", "verify", "-no_check_time", "-trusted", $selfout, "-partial_chain", $testcert]))); # not unlinking $pubkey # not unlinking $selfout +# test -set_issuer option +my $ca_issu = srctop_file(@certs, "ca-cert.pem"); # issuer cert +my $caout_issu = "ca-issu.out"; +ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE", + "-set_issuer", "/CN=TEST-CA", "-extfile", $extfile, "-CA", $ca_issu, + "-CAkey", $pkey, "-text", "-out", $caout_issu]))); +ok(get_issuer($caout_issu) =~ /CN=TEST-CA/); +# not unlinking $caout + +# simple way of directly producing a CA-signed cert with private/pubkey input +my $ca = srctop_file(@certs, "ca-cert.pem"); # issuer cert +my $caout = "ca-issued.out"; +ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE", + "-extfile", $extfile, "-CA", $ca, "-CAkey", $pkey, "-out", $caout])) +&& run(app(["openssl", "verify", "-no_check_time", + "-trusted", $ca, "-partial_chain", $caout]))); + subtest 'x509 -- x.509 v1 certificate' => sub { tconversion( -type => 'x509', -prefix => 'x509v1', -in => srctop_file("test", "testx509.pem") ); @@ -103,6 +131,316 @@ cert_contains(srctop_file(@certs, "fake-gp.pem"), "2.16.528.1.1003.1.3.5.5.2-1-0000006666-Z-12345678-01.015-12345678", 1, 'x500 -- subjectAltName'); +cert_contains(srctop_file(@certs, "ext-noAssertion.pem"), + "No Assertion", + 1, 'X.509 Not Assertion Extension'); + +cert_contains(srctop_file(@certs, "ext-groupAC.pem"), + "Group Attribute Certificate", + 1, 'X.509 Group Attribute Certificate Extension'); + +cert_contains(srctop_file(@certs, "ext-sOAIdentifier.pem"), + "Source of Authority", + 1, 'X.509 Source of Authority Extension'); + +cert_contains(srctop_file(@certs, "ext-noRevAvail.pem"), + "No Revocation Available", + 1, 'X.509 No Revocation Available'); + +cert_contains(srctop_file(@certs, "ext-singleUse.pem"), + "Single Use", + 1, 'X509v3 Single Use'); + +cert_contains(srctop_file(@certs, "ext-indirectIssuer.pem"), + "Indirect Issuer", + 1, 'X.509 Indirect Issuer'); + +my $tgt_info_cert = srctop_file(@certs, "ext-targetingInformation.pem"); +cert_contains($tgt_info_cert, + "AC Targeting", + 1, 'X.509 Targeting Information Extension'); +cert_contains($tgt_info_cert, + "Targets:", + 1, 'X.509 Targeting Information Targets'); +cert_contains($tgt_info_cert, + "Target:", + 1, 'X.509 Targeting Information Target'); +cert_contains($tgt_info_cert, + "Target Name: DirName:CN = W", + 1, 'X.509 Targeting Information Target Name'); +cert_contains($tgt_info_cert, + "Target Group: DNS:wildboarsoftware.com", + 1, 'X.509 Targeting Information Target Name'); +cert_contains($tgt_info_cert, + "Issuer Names:", + 1, 'X.509 Targeting Information Issuer Names'); +cert_contains($tgt_info_cert, + "Issuer Serial: 01020304", + 1, 'X.509 Targeting Information Issuer Serial'); +cert_contains($tgt_info_cert, + "Issuer UID: B0", + 1, 'X.509 Targeting Information Issuer UID'); +cert_contains($tgt_info_cert, + "Digest Type: Public Key", + 1, 'X.509 Targeting Information Object Digest Type'); + +my $hnc_cert = srctop_file(@certs, "ext-holderNameConstraints.pem"); +cert_contains($hnc_cert, + "X509v3 Holder Name Constraints", + 1, 'X.509 Holder Name Constraints'); +cert_contains($hnc_cert, + "Permitted:", + 1, 'X.509 Holder Name Constraints Permitted'); +cert_contains($hnc_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Holder Name Constraint'); + +my $dnc_cert = srctop_file(@certs, "ext-delegatedNameConstraints.pem"); +cert_contains($dnc_cert, + "X509v3 Delegated Name Constraints", + 1, 'X.509 Delegated Name Constraints'); +cert_contains($dnc_cert, + "Permitted:", + 1, 'X.509 Delegated Name Constraints Permitted'); +cert_contains($dnc_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Delegated Name Constraint'); +my $sda_cert = srctop_file(@certs, "ext-subjectDirectoryAttributes.pem"); +cert_contains($sda_cert, + "Steve Brule", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "CN=Hi mom", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "<No Values>", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "Funkytown", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "commonName", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "owner", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "givenName", + 1, 'X.509 Subject Directory Attributes'); +cert_contains($sda_cert, + "localityName", + 1, 'X.509 Subject Directory Attributes'); + +my $ass_info_cert = srctop_file(@certs, "ext-associatedInformation.pem"); +cert_contains($ass_info_cert, + "Steve Brule", + 1, 'X509v3 Associated Information'); +cert_contains($ass_info_cert, + "CN=Hi mom", + 1, 'X509v3 Associated Information'); +cert_contains($ass_info_cert, + "<No Values>", + 1, 'X509v3 Associated Information'); +cert_contains($ass_info_cert, + "Funkytown", + 1, 'X509v3 Associated Information'); +cert_contains($ass_info_cert, + "commonName", + 1, 'X509v3 Associated Information'); +cert_contains($ass_info_cert, + "owner", + 1, 'X509v3 Associated Information'); +cert_contains($sda_cert, + "givenName", + 1, 'X509v3 Associated Information'); +cert_contains($ass_info_cert, + "localityName", + 1, 'X509v3 Associated Information'); + +my $acc_cert_pol = srctop_file(@certs, "ext-acceptableCertPolicies.pem"); +cert_contains($acc_cert_pol, + "X509v3 Acceptable Certification Policies", + 1, 'X509v3 Acceptable Certification Policies'); +# Yes, I know these OIDs make no sense in a policies extension. It's just a test. +cert_contains($acc_cert_pol, + "organizationalUnitName", + 1, 'X509v3 Acceptable Certification Policies'); +cert_contains($acc_cert_pol, + "description", + 1, 'X509v3 Acceptable Certification Policies'); + +my $acc_priv_pol = srctop_file(@certs, "ext-acceptablePrivilegePolicies.pem"); +cert_contains($acc_priv_pol, + "X509v3 Acceptable Privilege Policies", + 1, 'X509v3 Acceptable Privilege Policies'); +# Yes, I know these OIDs make no sense in a policies extension. It's just a test. +cert_contains($acc_priv_pol, + "commonName", + 1, 'X509v3 Acceptable Certification Policies'); +cert_contains($acc_priv_pol, + "organizationName", + 1, 'X509v3 Acceptable Certification Policies'); + +my $user_notice_cert = srctop_file(@certs, "ext-userNotice.pem"); +cert_contains($user_notice_cert, + "Organization: Wildboar Software", + 1, 'X509v3 User Notice'); +cert_contains($user_notice_cert, + "Numbers: 123, 456", + 1, 'X509v3 User Notice'); +cert_contains($user_notice_cert, + "Explicit Text: Hey there big boi", + 1, 'X509v3 User Notice'); +cert_contains($user_notice_cert, + "Number: 50505", + 1, 'X509v3 User Notice'); +cert_contains($user_notice_cert, + "Explicit Text: Ice ice baby", + 1, 'X509v3 User Notice'); + +my $battcons_cert = srctop_file(@certs, "ext-basicAttConstraints.pem"); +cert_contains($battcons_cert, + "authority:TRUE", + 1, 'X.509 Basic Attribute Constraints Authority'); +cert_contains($battcons_cert, + "pathlen:3", + 1, 'X.509 Basic Attribute Constraints Path Length'); + +my $audit_id_cert = srctop_file(@certs, "ext-auditIdentity.pem"); +cert_contains($audit_id_cert, + "09:08:07", + 1, 'X509v3 Audit Identity'); + +my $iobo_cert = srctop_file(@certs, "ext-issuedOnBehalfOf.pem"); +cert_contains($iobo_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Issued On Behalf Of'); + +my $auth_att_id_cert = srctop_file(@certs, "ext-authorityAttributeIdentifier.pem"); +cert_contains($auth_att_id_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Authority Attribute Identifier'); +cert_contains($auth_att_id_cert, + "Issuer Serial: 01030507", + 1, 'X.509 Authority Attribute Identifier'); +cert_contains($auth_att_id_cert, + "Issuer UID: B2", + 1, 'X.509 Authority Attribute Identifier'); + +my $role_spec_cert = srctop_file(@certs, "ext-roleSpecCertIdentifier.pem"); +cert_contains($role_spec_cert, + "Role Name: DirName:CN = Wildboar", + 1, 'X.509 Role Spec Certificate Identifier'); +cert_contains($role_spec_cert, + "Role Certificate Issuer: DirName:CN", + 1, 'X.509 Role Spec Certificate Identifier'); +cert_contains($role_spec_cert, + "Role Certificate Serial Number: 33818120 \\(0x2040608\\)", + 1, 'X.509 Role Spec Certificate Identifier'); +cert_contains($role_spec_cert, + "DNS:wildboarsoftware.com", + 1, 'X.509 Role Spec Certificate Identifier'); +cert_contains($role_spec_cert, + "Registered ID:description", + 1, 'X.509 Role Spec Certificate Identifier'); + +my $attr_desc_cert = srctop_file(@certs, "ext-attributeDescriptor.pem"); +cert_contains($attr_desc_cert, + "Identifier: 2.5.4.3", + 1, 'X.509 Attribute Descriptor'); +# This comes from the syntax field, which starts on the next line. +cert_contains($attr_desc_cert, + "UnboundedDirectoryString", + 1, 'X.509 Attribute Descriptor'); +cert_contains($attr_desc_cert, + "Name: commonName", + 1, 'X.509 Attribute Descriptor'); +# These comes from the dominationRule field. +cert_contains($attr_desc_cert, + "Privilege Policy Identifier: 2.5.4.10", + 1, 'X.509 Attribute Descriptor'); +cert_contains($attr_desc_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Attribute Descriptor'); +cert_contains($attr_desc_cert, + "Algorithm: sha256", + 1, 'X.509 Attribute Descriptor'); + +my $time_spec_abs_cert = srctop_file(@certs, "ext-timeSpecification-absolute.pem"); +cert_contains($time_spec_abs_cert, + "Timezone: UTC-05:00", + 1, 'X.509 Time Specification (Absolute)'); +cert_contains($time_spec_abs_cert, + "Absolute: Any time between Dec 20 13:07:21 2022 GMT and Dec 20 13:07:21 2022 GMT", + 1, 'X.509 Time Specification (Absolute)'); + +my $time_spec_per_cert = srctop_file(@certs, "ext-timeSpecification-periodic.pem"); +cert_contains($time_spec_per_cert, + "Timezone: UTC-05:00", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "NOT this time:", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "05:43:21 - 12:34:56", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "Days of the week: SUN, MON", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "Weeks of the month: 3, 4", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "Months: MAY, JUN", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "Years: 2022, 2023", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "Months: JUL, AUG", + 1, 'X.509 Time Specification (Periodic)'); +cert_contains($time_spec_per_cert, + "Years: 2023, 2024", + 1, 'X.509 Time Specification (Periodic)'); + +my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem"); +cert_contains($attr_map_cert, + "commonName == localityName", + 1, 'X.509 Attribute Mappings'); +# localityName has an INTEGER value here, which was intentional to test the +# display of non-string values. +cert_contains($attr_map_cert, + "commonName:asdf == localityName:03:3E", + 1, 'X.509 Attribute Mappings'); + +my $aaa_cert = srctop_file(@certs, "ext-allowedAttributeAssignments.pem"); +cert_contains($aaa_cert, + "Attribute Type: commonName", + 1, 'X.509 Allowed Attribute Assignments'); +cert_contains($aaa_cert, + "Holder Domain: email:jonathan.wilbur", + 1, 'X.509 Allowed Attribute Assignments'); + +my $aa_idp_cert = srctop_file(@certs, "ext-aAissuingDistributionPoint.pem"); +cert_contains($aa_idp_cert, + "DirName:CN = Wildboar", + 1, 'X.509 Attribute Authority Issuing Distribution Point'); +cert_contains($aa_idp_cert, + "CA Compromise", + 1, 'X.509 Attribute Authority Issuing Distribution Point'); +cert_contains($aa_idp_cert, + "Indirect CRL: TRUE", + 1, 'X.509 Attribute Authority Issuing Distribution Point'); +cert_contains($aa_idp_cert, + "Contains User Attribute Certificates: TRUE", + 1, 'X.509 Attribute Authority Issuing Distribution Point'); +cert_contains($aa_idp_cert, + "Contains Attribute Authority \\(AA\\) Certificates: TRUE", + 1, 'X.509 Attribute Authority Issuing Distribution Point'); +cert_contains($aa_idp_cert, + "Contains Source Of Authority \\(SOA\\) Public Key Certificates: TRUE", + 1, 'X.509 Attribute Authority Issuing Distribution Point'); + sub test_errors { # actually tests diagnostics of OSSL_STORE my ($expected, $cert, @opts) = @_; my $infile = srctop_file(@certs, $cert); @@ -147,20 +485,6 @@ ok(!run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "invalid_format" "-in", srctop_file("test/certs", "ca-cert.pem")])), "Run with invalid -dateopt format"); -# extracts issuer from a -text formatted-output -sub get_issuer { - my $f = shift(@_); - my $issuer = ""; - open my $fh, $f or die; - while (my $line = <$fh>) { - if ($line =~ /Issuer:/) { - $issuer = $line; - } - } - close $fh; - return $issuer; -} - # Tests for signing certs (broken in 1.1.1o) my $a_key = "a-key.pem"; my $a_cert = "a-cert.pem"; @@ -184,7 +508,7 @@ ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert, "-CAkey", $ca_key, "-set_serial", "1234567890", "-preserve_dates", "-sha256", "-text", "-out", $a2_cert]))); # verify issuer is CA -ok (get_issuer($a2_cert) =~ /CN = ca.example.com/); +ok(get_issuer($a2_cert) =~ /CN=ca.example.com/); my $in_csr = srctop_file('test', 'certs', 'x509-check.csr'); my $in_key = srctop_file('test', 'certs', 'x509-check-key.pem'); @@ -208,4 +532,77 @@ ok(run(app(["openssl", "x509", "-req", "-text", "-CAcreateserial", "-CA", $ca_cert, "-CAkey", $ca_key, "-in", $b_csr, "-out", $b_cert]))); # Verify issuer is CA -ok(get_issuer($b_cert) =~ /CN = ca.example.com/); +ok(get_issuer($b_cert) =~ /CN=ca.example.com/); + +# although no explicit extensions given: +has_version($b_cert, 3); +has_SKID($b_cert, 1); +has_AKID($b_cert, 1); + +# Tests for https://github.com/openssl/openssl/issues/10442 (fixed in 1.1.1a) +# (incorrect default `-CAcreateserial` if `-CA` path has a dot in it) +my $folder_with_dot = "test_x509.folder"; +ok(mkdir $folder_with_dot); +my $ca_cert_dot_in_dir = File::Spec->catfile($folder_with_dot, "ca-cert.pem"); +ok(copy($ca_cert,$ca_cert_dot_in_dir)); +my $ca_serial_dot_in_dir = File::Spec->catfile($folder_with_dot, "ca-cert.srl"); + +ok(run(app(["openssl", "x509", "-req", "-text", "-CAcreateserial", + "-CA", $ca_cert_dot_in_dir, "-CAkey", $ca_key, + "-in", $b_csr]))); +ok(-e $ca_serial_dot_in_dir); + +# Tests for explicit start and end dates of certificates +my %today = (strftime("%Y-%m-%d", gmtime) => 1); +my $enddate; +ok(run(app(["openssl", "x509", "-req", "-text", + "-key", $b_key, + "-not_before", "20231031000000Z", + "-not_after", "today", + "-in", $b_csr, "-out", $b_cert])) +&& get_not_before($b_cert) =~ /Oct 31 00:00:00 2023 GMT/ +&& ++$today{strftime("%Y-%m-%d", gmtime)} +&& (grep { defined $today{$_} } get_not_after_date($b_cert))); +# explicit start and end dates +ok(run(app(["openssl", "x509", "-req", "-text", + "-key", $b_key, + "-not_before", "20231031000000Z", + "-not_after", "20231231000000Z", + "-days", "99", + "-in", $b_csr, "-out", $b_cert])) +&& get_not_before($b_cert) =~ /Oct 31 00:00:00 2023 GMT/ +&& get_not_after($b_cert) =~ /Dec 31 00:00:00 2023 GMT/); +# start date today and days +%today = (strftime("%Y-%m-%d", gmtime) => 1); +$enddate = strftime("%Y-%m-%d", gmtime(time + 99 * 24 * 60 * 60)); +ok(run(app(["openssl", "x509", "-req", "-text", + "-key", $b_key, + "-not_before", "today", + "-days", "99", + "-in", $b_csr, "-out", $b_cert])) +&& ++$today{strftime("%Y-%m-%d", gmtime)} +&& (grep { defined $today{$_} } get_not_before_date($b_cert)) +&& get_not_after_date($b_cert) eq $enddate); +# end date before start date +ok(!run(app(["openssl", "x509", "-req", "-text", + "-key", $b_key, + "-not_before", "today", + "-not_after", "20231031000000Z", + "-in", $b_csr, "-out", $b_cert]))); +# default days option +%today = (strftime("%Y-%m-%d", gmtime) => 1); +$enddate = strftime("%Y-%m-%d", gmtime(time + 30 * 24 * 60 * 60)); +ok(run(app(["openssl", "x509", "-req", "-text", + "-key", $b_key, + "-in", $b_csr, "-out", $b_cert])) +&& ++$today{strftime("%Y-%m-%d", gmtime)} +&& (grep { defined $today{$_} } get_not_before_date($b_cert)) +&& get_not_after_date($b_cert) eq $enddate); + +SKIP: { + skip "EC is not supported by this OpenSSL build", 1 + if disabled("ec"); + my $psscert = srctop_file(@certs, "ee-self-signed-pss.pem"); + + ok(run(test(["x509_test", $psscert])), "running x509_test"); +} diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t index c8f145405b2b..4541a7c52eb5 100644 --- a/test/recipes/30-test_defltfips.t +++ b/test/recipes/30-test_defltfips.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ use lib bldtop_dir('.'); plan skip_all => "Configuration loading is turned off" if disabled("autoload-config"); -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $no_fips = disabled('fips') || disabled('fips-post') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 1 : 5); diff --git a/test/recipes/30-test_engine.t b/test/recipes/30-test_engine.t index d66c8b60c878..88db8ec9a7fc 100644 --- a/test/recipes/30-test_engine.t +++ b/test/recipes/30-test_engine.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index af823515f9bd..a86456157b69 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -24,9 +24,16 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0); my $no_des = disabled("des"); my $no_dh = disabled("dh"); +my $no_slh_dsa = disabled("slh-dsa"); my $no_dsa = disabled("dsa"); my $no_ec = disabled("ec"); +my $no_ecx = disabled("ecx"); +my $no_ec2m = disabled("ec2m"); my $no_sm2 = disabled("sm2"); +my $no_siv = disabled("siv"); +my $no_argon2 = disabled("argon2"); +my $no_ml_dsa = disabled("ml-dsa"); +my $no_ml_kem = disabled("ml-kem"); # Default config depends on if the legacy module is built or not my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; @@ -44,6 +51,8 @@ my @files = qw( evpciph_aes_stitched.txt evpciph_des3_common.txt evpkdf_hkdf.txt + evpkdf_kbkdf_counter.txt + evpkdf_kbkdf_kmac.txt evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt evpkdf_ss.txt @@ -56,7 +65,10 @@ my @files = qw( evpmd_sha.txt evppbe_pbkdf2.txt evppkey_kdf_hkdf.txt + evppkey_rsa.txt evppkey_rsa_common.txt + evppkey_rsa_kem.txt + evppkey_rsa_sigalg.txt evprand.txt ); push @files, qw( @@ -67,21 +79,56 @@ push @files, qw( evpkdf_x942_des.txt evpmac_cmac_des.txt ) unless $no_des; -push @files, qw(evppkey_dsa.txt) unless $no_dsa; -push @files, qw(evppkey_ecx.txt) unless $no_ec; +push @files, qw( + evppkey_slh_dsa_siggen.txt + evppkey_slh_dsa_sigver.txt + ) unless $no_slh_dsa; +push @files, qw( + evppkey_dsa.txt + evppkey_dsa_sigalg.txt + ) unless $no_dsa; +push @files, qw( + evppkey_ecx.txt + evppkey_ecx_sigalg.txt + evppkey_mismatch_ecx.txt + ) unless $no_ecx; push @files, qw( evppkey_ecc.txt evppkey_ecdh.txt evppkey_ecdsa.txt + evppkey_ecdsa_sigalg.txt evppkey_kas.txt evppkey_mismatch.txt ) unless $no_ec; +push @files, qw( + evppkey_ml_dsa_keygen.txt + evppkey_ml_dsa_siggen.txt + evppkey_ml_dsa_sigver.txt + evppkey_ml_dsa_44_wycheproof_sign.txt + evppkey_ml_dsa_44_wycheproof_verify.txt + evppkey_ml_dsa_65_wycheproof_sign.txt + evppkey_ml_dsa_65_wycheproof_verify.txt + evppkey_ml_dsa_87_wycheproof_sign.txt + evppkey_ml_dsa_87_wycheproof_verify.txt + ) unless $no_ml_dsa; +push @files, qw( + evppkey_ml_kem_512_keygen.txt + evppkey_ml_kem_512_encap.txt + evppkey_ml_kem_512_decap.txt + evppkey_ml_kem_768_keygen.txt + evppkey_ml_kem_768_encap.txt + evppkey_ml_kem_768_decap.txt + evppkey_ml_kem_1024_keygen.txt + evppkey_ml_kem_1024_encap.txt + evppkey_ml_kem_1024_decap.txt + evppkey_ml_kem_keygen.txt + evppkey_ml_kem_encap_decap.txt + ) unless $no_ml_kem; # A list of tests that only run with the default provider # (i.e. The algorithms are not present in the fips provider) my @defltfiles = qw( evpciph_aes_ocb.txt - evpciph_aes_siv.txt evpciph_aria.txt evpciph_bf.txt evpciph_camellia.txt @@ -100,6 +147,7 @@ my @defltfiles = qw( evpkdf_krb5.txt evpkdf_scrypt.txt evpkdf_tls11_prf.txt + evpkdf_hmac_drbg.txt evpmac_blake.txt evpmac_poly1305.txt evpmac_siphash.txt @@ -114,10 +162,15 @@ my @defltfiles = qw( evppbe_pkcs12.txt evppkey_kdf_scrypt.txt evppkey_kdf_tls1_prf.txt - evppkey_rsa.txt ); push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; +push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec; +push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx; +push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; +push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; +push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; +push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2; plan tests => + (scalar(@configs) * scalar(@files)) diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt b/test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt index 41b7b065cb0b..0fa1f547ea98 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt @@ -1,5 +1,5 @@ # -# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # Tests from NIST CCM Test Vectors (SP800-38C) -Title = NIST CCM 128 Decryption-Verfication Process Tests +Title = NIST CCM 128 Decryption-Verification Process Tests Cipher = aes-128-ccm Key = 4ae701103c63deca5b5a3939d7d05992 @@ -2241,7 +2241,7 @@ Plaintext = 4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10 Ciphertext = 1bf0ba0ebb20d8edba59f29a9371750c9c714078f73c335d -Title = NIST CCM 192 Decryption-Verfication Process Tests +Title = NIST CCM 192 Decryption-Verification Process Tests Cipher = aes-192-ccm Key = c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c @@ -4474,7 +4474,7 @@ Plaintext = 4da40b80579c1d9a5309f7efecb7c059a2f914511ca5fc10 Ciphertext = 30c154c616946eccc2e241d336ad33720953e449a0e6b0f0 -Title = NIST CCM 256 Decryption-Verfication Process Tests +Title = NIST CCM 256 Decryption-Verification Process Tests Cipher = aes-256-ccm Key = eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6 diff --git a/test/recipes/30-test_evp_data/evpciph_aes_common.txt b/test/recipes/30-test_evp_data/evpciph_aes_common.txt index 484147b26a96..5dcbdd89e4f0 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_common.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_common.txt @@ -98,6 +98,18 @@ Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 7B0C785E27E8AD3F8223207104725DD4 +# Test AES-ECB with larger input length. +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF973AD77BB40D7A3660A89ECAF32466EF973AD77BB40D7A3660A89ECAF32466EF973AD77BB40D7A3660A89ECAF32466EF97 + +# Test AES-ECB with larger input length. +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = F5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAFF5D3D58503B9699DE785895A96FDBAAF + # ECB-AES192.Encrypt and ECB-AES192.Decrypt Cipher = AES-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B @@ -119,6 +131,18 @@ Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E +# Test AES-ECB with larger input length. +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BD334F1D6E45F25FF712A214571FA5CCBD334F1D6E45F25FF712A214571FA5CCBD334F1D6E45F25FF712A214571FA5CCBD334F1D6E45F25FF712A214571FA5CC + +# Test AES-ECB with larger input length. +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF974104846D0AD3AD7734ECB3ECEE4EEF + # ECB-AES256.Encrypt and ECB-AES256.Decrypt Cipher = AES-256-ECB Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 @@ -140,6 +164,18 @@ Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 23304B7A39F9F3FF067D8D8F9E24ECC7 +# Test AES-ECB with larger input length. +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8F3EED1BDB5D2A03C064B5A7E3DB181F8 + +# Test AES-ECB with larger input length. +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870591CCB10D410ED26DC5BA74A31362870 + # For all CBC encrypts and decrypts, the transformed sequence is # AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec # CBC-AES128.Encrypt and CBC-AES128.Decrypt @@ -171,6 +207,22 @@ Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7 NextIV = 3ff1caa1681fac09120eca307586e1a7 +# 128 bytes plaintext +Cipher = AES-128-CBC +Key = cea7f6d343bb1ef40998ecb90aca8249 +IV = ced2c3991da2a1d485990e2e9c9246f3 +Plaintext = f836bb4afd5c1d8efca719467030ed53ff17949b7a2037189eff2acd6f4b97c978522edaa998d88293ff203637c8b91e076cd03cb37af4203e1ebb276fd81f18ae144e203fb9484d8b90109aa8eff494c701f322ca02c9834f8c4ca91372df8d08e27fe8b8cdf670845d295660d2e87ded8fcd4b913fa0d102e87313ee3c31e5 +Ciphertext = ab73a74b8b6d44747741c363748b2571ff46102c90913b83a3326faf5f6f949d20a9bbab222f8ce102d3d70c0867d0690241e73401b9b9c6af3280dd49969f22a7eade6db00c6c4b2764c9373a6c24e25c107e730da20317849065d2b3770840084fbf941e64c7e9b08440b83f7fc0afaa4ee0981626d71126bb8155290ba7b5 +NextIV = aa4ee0981626d71126bb8155290ba7b5 + +# 1024 bytes plaintext +Cipher = AES-128-CBC +Key = 0dd82568e0a0ad0938150ae5c0944f36 +IV = 8b32cb9ef61ee47acdb5299f7fb4c705 +Plaintext = 16ebe2213bdbd704e6c56e836abdaa5f8b59fed9935e113a58f2f5452a865c58e6661cf0774baf0b76a2630a8e587c644f1389ba3d537f43ce310d1d6939f8eb4e2317aac67a37777ee940be3d5aed78ccbb24622bcb57c6d63d34b62167121a91cbbf1483d2dd175d90cc6f35cd7a2b37d03caf5d4e9da880694ba8d69abe2af0f560f32f19ad2e40813aaf139cdbd008bd314a71691d4a5ff5aaf09cb1d26438e92b0d1924fdf504b83010d8963a30bf1e20a3aa4e42135af0845559f24b8f0666bb0a93908939210ba7aaaaa1194ebbfc2d1efa0b872fc7936b1b6696a738d51b75e6258fa0e1e3e046e891a07517a65ffdbc2b0c373a5d205181185df8aa9174e6e0cee685f7757c3f4c3a504fb3fa9e9aa682c4ddaca0c409ca1c46040c24f7d66b8af996a076d140caafad52a91cec864588f9daac1e9032ad57c9f0f5da2025104a1823cb36ca3ea53dc42250ffdb74267c28c47e00a60dd3d593ce1029ffe0802ef1b57745ee35a42bcc0c363dbbf98da6e086f8b5fdd02b9eb813b86bfb31f4f205f5a5f396a0a0397953c7229111f51acedd819985aaeb94a18a0ceda5079f2a52687e6cb6f82f38552a27c6533de6e865ab30cd753335a27727fd8ad79eb3cb48f4cd8371478abde70040c8b7e6e4a17a19136859e231004e9f1a30471da8b387177de9bd30d2163ef6bfe88275b47c441c0deb733c2522727ae03e35f2a318acdcd22f685f5e5aabcc6570433fc4d81cb0978e03fc36e8eea9d2786c16a399e8764f4460c7956498519d4789cee47cfce766b04022747163127bae1cd919a490620bc221b5c6ff8c9e31e4975d70e917034ecf1620de0d2315a4bf2c0c7786bd706961c04fb4c39baac8c839b7a6363585f96e35bed0b109158f41923200ad1e7fb4bcc920f1459d9a0e2448d295ab969e87a2b7007e8d1e2dc19b1b9bd1c1a412bcf5acbf8640d4d9ea90925ce18b552d3f73dfec70ed19267552135db92a93e4a9437386729c172e36f218d041242f232e160ff5310f614a70b821b1c52a3c8d398d7df30b42125b829f89fc050325796e0b3b4d8e0504556741082a81d8096b449ddf8b619e2aba017ed5d28e6572c96c2121baf24df096457747a076935677221cd9ce7ba81a83974a2c0cac102ce10a828c4eeea507ecca8bf62cbc868be2a75afc62763624a32e05294ad07666fd145ad54be4476d7c889174ada4156ba7f5e95138865ff1fff5693bad8317fbfee1651319b42550a0570da8e75c92962c44aefc6f3567467fb91f9b3e759f0bc67f54b82c4f91245373d2adba70e876cf1f7fa4797150d805f358f0d59d2706050fcc7ad558e37564082a33c8ae0acc5ab76b755896996a383474849e8e6e34e51279f7477dfd0a0bfacceef9d53610f9d7492cc26e3d207b84326638fe822234c06cabc1b38f98754f +Ciphertext = b6a9e1349db543a56129d6b15d7300e88da351280c75e7fa9697a3362565dc6c26a4bf234a7a161101ab527d5c71be6cef8f1ee2f11980f8c20e9c99b0d205ef2c3ea8b42d9d91475299bf7dc08e3200966d7398a965d2dc5b1532d1e5d1bfc94e89f685e148eca99c42ecdc2c2ded3f2ff738c9fc727844892eb761e067b24d61a5af9cfd83d1538c7b60dc6e9f4bef5da49d725b5028d5e3e4d359622ecc93b06df46c2ad9caf9290521b888e58aa18a93ab85097a754fbbc2b66ee0934729859b967d2b7859dea7dca660462357a615c5e0c0b9f968555bb5137b7579951c45310a669f4c0a4042f6c6c354afbe465cf8762e0db473a089c1d2a17dda09b7c9b78b9597b3222042c7a74347601e32f0fb982e855719f47210ec5e1d3f0aa4ebe7ab6c40c95ce894d83b93a093c5cee53ce656912461af6ba1811840140fff2d66814d137202b8f6de9cd3eb3e30bcef8b7633a91e343a7433b9a0ee493a98b92f48385f04b5e51f056a7b0d46c25c18ae88ad83d902a49f61eaf9c1a22b38e4d2472623a33a1604b892306663f710d02eccd03a3e25bbbf0f651d3e126f9abd1711f5258d0d4d8b197ef6d3807c12fcf4afea926c2d8a5402319a8d4ab441359196661a8ef6e33599094bdb92326884e5d3a837b923462b61eefd22e535f5109f33901b09b5bb9652a3535b1ce5a2a565cccc9b05aaa35989de9564e2dddf28170be012c87a58825b545200f3a3780367799a4908b9151f1047ad7811865a1950b485910f62af12d65d84bfe3091968334baf8c2bf3247bf545a0b9e38075ddc76680e7ca2c1d8c0fcdb4f7c92afe2dfd7993b5786e794877942222ae568528e03b1383bd983d19436d6fc3290168fedc4144ea7285575b1faaab868106841ed5c51baeb7540c90fdc23c49138353856e4462c9ae30266fa9c46588b3a66e3d56b0b984f8c7a6d23ef0c9d7127032e779b4f57fc3dc5ad066f1f9fb8f1ebd3d837483370f04aa04221d4dedaf76831adba87d8f7b193cf077361344d2c587c965607b745575cc8db320622cacb5c057039100acf950cc8a4f87f5cb55dcec6adf4c1082bba9c5b1bf1b967ab070de5350559c14cae80a614e6ed25e3b5b80682a7877eb3a42029787c55d50fd53b47a51aa32020815666e83df67471f5fd99139b91db9d046b21c16cc43f039fb012a3c28d0d754e8892fc0ee254b3d7727c15c9d8f64c8889efc5e42c073a4b36d982858652d7b7f3644d55bf1ed96a4f9ab3105c83cf4dc0085637439615fd346f1ce56247c62af2443cbd07c842e71013a0a298edb5e1ffb57711443a6f29dab16949cc6232ffe5f1630891cee4e3b689dc18686b7ae4f257f34b711ac28412340d77bb24ed009e9344d73e6db52e7acbdb21a732cc0538e9b0fc26aa3f5a6c43a1150826949ca7b602614dae349b8e5 +NextIV = 3a1150826949ca7b602614dae349b8e5 + # CBC-AES192.Encrypt and CBC-AES192.Decrypt Cipher = AES-192-CBC Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B @@ -1221,6 +1273,36 @@ IV = 00000000000000000000000000000000 Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1 Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D8A750E8768DEFFFED9122810AAEB99F910409B03D164E727C31290FD4E039500872AF +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10 +Ciphertext = b5f737852b18e4cf31d7353ff220ca5e3a + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f +Ciphertext = 3a060a8cad115a6f44572e3759e43c8fcad8bfcb233ff6ad71b7c1e7ca651508860aed34ec9506d368aa50274a31c16d2deae4d64c2a8096091c093f3820fb6d21089bcedaac361e3febe706cafe14b96bffbd29ff8fb716d4ed8fb39ccfb667 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061 +Ciphertext = 3a060a8cad115a6f44572e3759e43c8fcad8bfcb233ff6ad71b7c1e7ca651508860aed34ec9506d368aa50274a31c16d2deae4d64c2a8096091c093f3820fb6d21089bcedaac361e3febe706cafe14b9bc89de34258d32ec3ad59fd2986a401e6bff + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f +Ciphertext = 3a060a8cad115a6f44572e3759e43c8fcad8bfcb233ff6ad71b7c1e7ca651508860aed34ec9506d368aa50274a31c16d2deae4d64c2a8096091c093f3820fb6d21089bcedaac361e3febe706cafe14b96bffbd29ff8fb716d4ed8fb39ccfb667a6b985d89b9c862780185c839f60307a + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071 +Ciphertext = 3a060a8cad115a6f44572e3759e43c8fcad8bfcb233ff6ad71b7c1e7ca651508860aed34ec9506d368aa50274a31c16d2deae4d64c2a8096091c093f3820fb6d21089bcedaac361e3febe706cafe14b96bffbd29ff8fb716d4ed8fb39ccfb6671ae1fd167248af55dc14646bd7e2e8c3a6b9 + Title = AES XTS Non standard test vectors - generated from reference implementation Cipher = aes-128-xts @@ -1303,3 +1385,959 @@ Plaintext = 00000000000000000000000000000000 Ciphertext = 0388dace60b6a392f328c2b971b2fe78 NextIV = 000000000000000000000000 +Title = AES-GCM tests from boringssl + +# https://github.com/google/boringssl/blob/7ae2b910c13017b63f1a8bd6c8decfce692869b0/crypto/cipher_extra/test/aes_128_gcm_tests.txt +Cipher = aes-128-gcm +Key = 3881e7be1bb3bbcaff20bdb78e5d1b67 +IV = dcf5b7ae2d7552e2297fcfa9 +AAD = c60c64bbf7 +Tag = ff4c4f1d92b0abb1d0820833d9eb83c7 +Plaintext = 0a2714aa7d +Ciphertext = 5626f96ecb + +Cipher = aes-128-gcm +Key = ea4f6f3c2fed2b9dd9708c2e721ae00f +IV = f975809ddb5172382745634f +Plaintext = 8d6c08446cb10d9a2075 +AAD = 5c65d4f261d2c54ffe6a +Ciphertext = 0f51f7a83c5b5aa796b9 +Tag = 70259cddfe8f9a15a5c5eb485af578fb + +Cipher = aes-128-gcm +Key = cdbc90e60aab7905bdffdfd8d13c0138 +IV = 9d987184c4b4e873d4774931 +Plaintext = cb75a0f9134c579bebbd27fe4a3011 +AAD = 7dc79f38e1df9383e5d3a1378b56ef +Ciphertext = c6a899758b6c11208241627c8a0096 +Tag = 7525125e650d397d0e176fa21315f09a + +Cipher = aes-128-gcm +Key = 819bc8d2f41996baca697441f982ad37 +IV = 08b7a15f388fafb16711ce19 +Plaintext = 9b1ddd177d2842a701b794450e3c81f151f195a1 +AAD = 277c372784559784b0e047c6f8b7e9efb6f7491e +Ciphertext = de9b9c8fe09f705f558c62dc6d40b75e3aa625b6 +Tag = 52e2d2f153a4235eb6fac87ff6b96926 + +Cipher = aes-128-gcm +Key = 682769d52fa0bfeaebe0d0c898d3cda7 +IV = 6af0738b249d09547837883c +Plaintext = 3461523cd98a6e8bdddd01150812e6c58d5cfa25d385cdbbc4 +AAD = abe8302d7d5595698d9f31011c24d4d180a637597098361354 +Ciphertext = aa3ecb46b9330554b36d0cf6f6ac4cf5e27bfd5f602da1b3c9 +Tag = 0ba547961eba5c58726c418f51d31311 + +Cipher = aes-128-gcm +Key = e2b30b9b040bce7902c54ca7eec00d09 +IV = 28ccf218e8de56ea91422a25 +Plaintext = 483080d7e2fb42580dfb862d2d266fad9fdce7cdcdb1158d415f84b6e269 +AAD = 9f06fbe67eb2ace15c8011032feeaf72fdf6d316e1e08ef4cc0a176588af +Ciphertext = 67e1980ced4cd232ce893938e40b0798b17a1692476342e520b480a18570 +Tag = 9994185d4329cfa5f4bbeb170ef3a54b + +Cipher = aes-128-gcm +Key = eaafa992ef6dbcc29cc58b6b8684f7c7 +IV = 1ded022dbc56e9ad733e880f +Plaintext = 900951f487221c7125aa140104b776ba77e7b656194933fa4b94a6d7f9722aad51b2fe +AAD = 863ceb297cb90c445dbcf2fcffe85b71db88d8c935158f697023e2cea103ec39766679 +Ciphertext = e0b3aaa890e45f1c39ad4f13ba7592f5251d6a02ca40fe3633651b35fba74a579f48c5 +Tag = 5c95fd941b272bafbd757553f394991b + +Cipher = aes-128-gcm +Key = a43859049b2702e8807ac55b0ad27b0e +IV = bbe8c571342cac7fcc5d66cd +Plaintext = 8673d6ee2903265c92446ce110d5bb30aa2dd1b1ac5558029f23974acb8a2fbf4c74858fc73d6104 +AAD = f77c998ad3ace0839a8657e350bed15ffbd58f152a0dc04ffc227d6beb5738ad061d0f83c2a26999 +Ciphertext = 40e201a513979b093637445275b2db5ed4cb1fa050af0e20e43b21af6bc56dec654541e55b295b72 +Tag = 41bbef45727d19ee544fba5b360312f0 + +Cipher = aes-128-gcm +Key = 68fd608c8697243d30bd3f1f028c5b74 +IV = 319a210b33c523d8bc39fbea +Plaintext = 2c088f38f7a58e68bdd92632da84770303cd1ff115d6364479fb0aa706571f68d51be745f5c1d1b44fa1501cd5 +AAD = 1417a65249b85a918622472a49df50bdb2766aae7bc74a6230b056549851b3c2f0cef727dc805ba2160727fbb2 +Ciphertext = 9d376b147620c2ac6a5eaa8ee44f82f179f61c9bc8acdd21680a7ff03acec953437a3cc9660c7ecb1204563944 +Tag = 05a4fb5be11e3edd89e34d0b7132d0fa + +Cipher = aes-128-gcm +Key = 6edd3bd2aa318f78b4a51103cb08d489 +IV = ef0027b144691bc9716fbeca +Plaintext = e98f2f99680dc748fe0b57390df38a99950faaf555a888d463d005ef4e4b1c22663d3d3daa812b20ae35ac934c2e187cbba7 +AAD = 97337902507391de0f15c88462aa5ffc5e4760543850719ccd8a0cfef89484d8095c23ff8c1d06eae4ff6d758c95e65cc3b5 +Ciphertext = 3c54842c2099b73daa9c3f1cb64bb913c0527955d923510f3f3046df471c1365db97333bc5a86dc7c5f23047e938fac976c0 +Tag = 375b2a25421434e5e3a021d434fb2d04 + +Cipher = aes-128-gcm +Key = f70482d53d3ef70cdc3cd3c4a37aeb2b +IV = e69d3de363e225749cb1666f +Plaintext = 4cb68874e69125e1a6f6e68669b48317e1b361d0f7f95ec4cf613b7da2c835832010e8f95eaef4e6800b79bd86cd7cda869d2df258c267 +AAD = d72975f15721bd0957f5cb1edecaad2d1ef047afb0e779035f777f94cd7ed1bdf8ca9d4f357d2a1e195f195e7483dea1476133235f7e6b +Ciphertext = caa1e48decbda18e314057c5ec32f8733a5cf03ed0d05c3654531bf56faa70751a6c7f70fbd7d39f7e9775a772aba8fe7731cd0230beab +Tag = 47d909cbdd1c7f8b485fc3232bb7185f + +Cipher = aes-128-gcm +Key = 98a12fe16a02ec2a4b3a45c82138ae82 +IV = 4b3404684825dfcf81966e96 +Plaintext = 899710fc8333c0d2d87f4496436349259cf57c592e98ec1e3c54c037bc7ef24d039a8c573ec7868e8ce9610b0404ea1b553ae10cc8cec26468cc975c +AAD = ea1a99cee666bf56c8c3667ef4c73c2e1e6534800d6e39a97de3bd5d39068bb3e2f74f96c03463afa18f1ee88c21209bae87f37e5d0269b68db370fe +Ciphertext = 0431b7fc4889ae401eab5edba07a60f9682fe58419d4140cbf4f20c62d79d8a3cc1f23fabead0e96e1c8c90929756ea1efab508336e1d0ed552eafd0 +Tag = 01053ceeb4f9c797eef9426930573d23 + +Cipher = aes-128-gcm +Key = 6538e8c8753928960ffc9356d43306b6 +IV = eee386a2b1e310665e335746 +Plaintext = a92eb9a93a90fdbb2c74dea91d273a48efe9582f8af7a4e3a377b114770a69ca45421959fcf36107815e53dc61b7bf018fc42965fb71d1eafce0961d7698fabbd4 +AAD = c5e572e464718398374c8b45ff8749cd9f517bbd97767f77a96cd021176c49c0acec8b055ef761f49aa6d910375a45b2f572cd5420b99153971a682b377ac88f09 +Ciphertext = f36353de609d0b5246f64a519d89a4dfcd9d53325a2d2cf910e7692e68391b0357b056b944e0b53e41568f304bea8822f9ff7a0375a5a8087509799226862f707f +Tag = f7f9b891089d02cac1181337d95b6725 + +Cipher = aes-128-gcm +Key = cabdcf541aebf917bac019f13925d267 +IV = 2c34c00c42dae382279d7974 +Plaintext = 88cc1e07dfde8e08082e6766e0a88103384742af378d7b6b8a87fce036af7441c13961c25afea7f6e56193f54bee0011cb78642c3ab9e6d5b2e35833ec16cd355515af1a190f +AAD = dd10e371b22e15671c31afee552bf1dea07cbbf685e2caa0e0363716a276e120c6c0eb4acb1a4d1ba73fde6615f708aaa46bc76c7ff345a4f76bda117fe56f0dc9b939040ddd +Ciphertext = 049453baf1578787d68ed5478726c0b8a636337a0b8a82b86836f91cde25e6e44c345940e819a0c505751e603cb8f8c4fe98719185562794a185e5dec415c81f2f162cdcd650 +Tag = dce7198728bfc1b5f949b9b5374199c6 + +Cipher = aes-128-gcm +Key = fd1dd6a237a12d7f64f68eb96890c872 +IV = 459ced97ebc385ab3a8da8d5 +Plaintext = 04a9709fdc0a4edb423fe8cf61c33a40043f1a585d5458c7512ec8e4e066a0f95e2e6609abf3c95a5d3ae2c738269533855daedd92eca20bdedbbd5677cd4eee84b7a1efae0904364f1e54 +AAD = d253b829a2fbc5877b0fbe92e7b79f38886a49ca889ae72b91f2c3aebe257a3ffe0d390b5d320bea22d6a5536cd9213612f5ed6e3b0ea33ac91cfee284cb25eaaf6b85b15f7ca894317182 +Ciphertext = 4a565d3ba4f2ec461c9bd8dd0f96bc00d2a561bfb56443c8cf47681bdf1c61f55854bea060c4219696cac79c09aa9400a7e5c59c6b6ca556f38c619a662905fc5f0e8437b906af6138e3fb +Tag = be5f93201d7980af4c5bceb24ac1d238 + +Cipher = aes-128-gcm +Key = b09a4d99112e1637d7f89a058988b417 +IV = 74348f7126c0cac836e9de5d +Plaintext = 6b3c4cfd1eb139b62d91ed5d1d8b0f3b52278d5c48787ce46f12b9f026e3eed1bfbc8c6684c6662f06614c69440b3d7cff7c46b2e4aebaa4b5b89236a3cc75535bc600104f240d01de91e0fb3bcad02c +AAD = 7883ad259fa5d856ce283419f6da371b444b9b64ea0ddb371b17ec0a9ada27b0eb61b53bd3605f21a848b1e7ed91162f3d51f25481f32d61ec902a7f2cbd6938a7ce466a37e4467e4ec2b2c82b4e66ca +Ciphertext = 5e1b783b20fd740310333eddde99a06b5740428cb1a910812219fabd394b72a22a6e3ca31df0afae0a965f0bc0ae631feeaa5ce4c9a38cd5233140b8557bde9f878e65e8932b9e3c3f6e57a73cda36cc +Tag = 784b73ee7824adf7279c0a18e46d9a2b + +Cipher = aes-128-gcm +Key = 284bd8c4b5d7b16aebce1b12988fa1d3 +IV = 7ff05007c5d018b17562f803 +Plaintext = 903416331583dcbd31420906c64dc76e14d0c5044d728cd9b605b531ddc350fdaadeabe67d08f0b4c7179f82a1044696716cd96459506453141e9ec3130e893d8c2ff9b8b4c241b73866ca4fc1f712d17d7a88bf4a +AAD = d0a1f92f80094c1fad630ca584edd953bf44cdde404f22c8e476df8708a97a0712e7fbd8054caa7d65144d0be3b30442d0dfa5469ba720afe1d00aa6bb53c79c1c178ed42fce596eeb6c638c8a8dedf76a431976c5 +Ciphertext = 9bc3708f70a68fc16bcc33099325c821a0ae9a2fd0a6a98382fa21b42ddb3a9ac6c34a13c4805d3beb92586cdf0f4dce3885793d49abce33190685e7009a79242dd93594722a1ceaa44886371c30bcc8312fa2bf67 +Tag = 3fd8a4d760d5b878852b1ca2d34dde6e + +Cipher = aes-128-gcm +Key = 6d76dd7dea607a5cf5c21cd44c21a315 +IV = c1d13e56b080a500f1cb80bd +Plaintext = cb959b92e777f835afc4ae4149b190638851238b7b13c9bf65343adb3130e8ad2356101037f30997d4a5fcc0a1d6415210179fdec881236a799f6e90dd43ea3817819b432611eaafd072368b9c7036c7a88c8b7774a8ed986134 +AAD = 92a2bc3b6b6ca9de0cef10d8bdeaadf6f54782cdb2b09e66cce8cb5b56895636e982f7a3c7bd9d221ade62c9ecf68bde70becf683804386606ab1c48ac764c4e11620064545c5beaa5911c118856dfc5cdb8df50052b01762c6c +Ciphertext = 522ba9bfb47efc624cd8933fc9e17784919d2b3ccfaeec46af414c1b316355f65b9f9fd7f0be6ac3064b4016e43b8fb2028459f0fa0d81fb6656be0ab8fd841d05d24682b4a57c7c59d89af384db22c2f77ce10abc4d1c352a1a +Tag = 5ea4a77381679876e0e272b53519d533 + +Cipher = aes-128-gcm +Key = 1dbcbe45a47e527e3b6f9c5c9c89e675 +IV = 98f2da8ed8aa23e137148913 +Plaintext = bb23b884c897103b7850b83f65b2fea85264784737d40f93ecf867bfdba1052f41f10d2c5607127da2c10c23b1fbd3a05ce378a9583b1a29c0efbf78a84b382698346e27469330a898b341ec1554d7bf408cf979d81807c0cc78260afdb214 +AAD = 46f1bde51f6c97a9dae712e653fcac4da639d93a10b39350956681e121fb9ea969d9dc8ef6ddfb2203fad7ab7e3ef7b71eb90b5089844d60d666e8b55388d8afb261f92b6252f4d56240fe8c6c48bfde63e54bd994ff17e0bf9380ebfb653b +Ciphertext = 0d90e869d2f4c85b511fdf85b947ba3ab75c6b1845d8191634770413d7574a6fbd9d86897cb3d3b5d3d8e6f74fac3bd2a9b783cb16cfbec55dd7d2f7fc5c39fe85d39bf186a3fdd3564bc27d86f4019ae0cb73f5f516b602331433689c1b08 +Tag = 8777f2002d5a5214a7bd8ef5a3ccfbbb + +Cipher = aes-128-gcm +Key = fe33f47136506e5cc14114eb62d26d64 +IV = 9534a10af0c96d8981eaf6b3 +Plaintext = 3ca38385513eaf1fcd03ac837e4db95c0ed1a2528b7ab3ac8e09ecc95698d52b7d90bf974bf96d8f791aa595965e2527aa466fb76da53b5743eda30bb3ebd9f6a8a7721fbfe71fe637d99a7b4b622e6da89e0824ac8aea299ea15e43250d2eccb0d4d553 +AAD = 50b7bd342df76bea99b2e9118a525c0f7041c7acdf4a3b17912b5cbb9650900246ed945cfc7db2b34a988af822c763451ac2e769ec67361eded9bcab37ac41f04cdb1d2471c9520a02db9673daaf07001570f9d9f4ac38f09da03ff1c56fdefe16a855ac +Ciphertext = 927fe3c924d914a7aae6695ddad54961142b7dd5ff4c0ba5ca3e0cf3d73bdb576afd59bd2b54d820d2a5da03286c124507a48008c571c28a0ce76f0ed68dbac3a61848e7e2162be8e0bee8147b9bf60da625cdab8601bfb37dfcd165f533e94a32c26952 +Tag = 9bd47a4a2acaf865a8a260179aabf8ad + +Cipher = aes-128-gcm +Key = dec1b34b7b81fb19586c6ec948ecf462 +IV = d9faf07e72e3c39a0165fecd +Plaintext = f7b0bbe9f0ff4dcf162792e9ee14d1ed286114f411c834ad06b143cadbbe10a6fbc86f6664e0e07ff7c6876d4543e5b01ff5ddb629f896c30c8cefd56c15d9f24dfd2ed590304a6aae24caac5870ddafc0e672ac3aacae1867891942998c712d45efbfa4d99a8a6f03 +AAD = d3c4fc4838cb3cda3937455229ddaf1cb9102e815cb9f519a5434677c68b11a0bae1280faee82f1a5bee593e669e6f81d5ece3675b8af63f1491bb298531aacc940f53678ba56ae96fc66be92b904bc35f2d5b68b3ed98569a4d04e8f8a9689ad9fa4b51db0938a9f3 +Ciphertext = 2f44ecf549077b98ba551819538097bb80304a55c48ef853e20ed8c3f808dc8cb5eb41c2463d19fed2606b59cee4b458958ea75715f7654146df4519dc63524a0569a00d7bbc4b32a372f82d955be5f190d09d35c267da1017e8b16096ae84f8a671b45aaf0d1ca59c +Tag = bc3af80cf9388d35deadecff5455d515 + +Cipher = aes-128-gcm +Key = 021add6030bd9f3fed8b0d1f16f83783 +IV = 4e460f51fe6b5eb9558c4571 +Plaintext = d9aa1d0db5de536cfbacb59bb75c592ae3f34a5f9c5ff4f22d14e8e4bd0754af19570221893797f60c89a251cd6a19c2953662dca51264afc21099ed5c80077b0e10a5295b3c4c6fe47d3c1c84fee69ebf7d8a7d9b1b338dae162e657e6cf5277ca70d47b9290aa7efe67b0ce574 +AAD = 38d99cfd7578d40ffa1749d5fe83500362ceee76c5af38935806837b2f2d1b3422a5057bf617b07868dd95d8e5f4a24e74f96177d53a0275450b429a2b1f364805030765e376151ae35001d6a4872200142fdce82017f3e976ab0edac1a08d2649d297648320e7dd9143b554fa3d +Ciphertext = 8863ad51578fd1c9dc40702e34236adee885955f0478ad9a094a6941f95f900e466882dcd5b86e1563ba89aa105f56f3ba5ed860ec3338ee1b750a2f9332acb3f0f61718de7e40fb80442d046b35f147f178bd05362f0559a20a53ebbf78e920fe14c9d80d1c9fb21bee152f8ab2 +Tag = 614539247fdcf1a2aa851102d25bb3bc + +Cipher = aes-128-gcm +Key = 311c2045d5486bfadd698e5e14faa58a +IV = f1cd8b373cec6451ae405618 +Plaintext = bd154e428369aac5c13128d29bd3031364939abd071c34bacac6ea7292b657b794b2e717d9bcb5d7d01496d805283fffd8f7de6a3493ddd8d1dd7f58835a44d43ea22d95468d1239ca5567d6c80bdf432fce2afc544a731a2852ef733667b9f8f4f8923eaa9de3aa32addddf99b607efce966f +AAD = f70cb7e67b2842207df55fc7582013bbddff8c7f3bd9ebbaf43827aa40f8490e65397934ee6a412de6272cd568566ea172789a006a92e5920140ca5f93f292b47dc262cefc66b75543f94365c08795b7c5e9c6c29b7dc67b2532fbf8a6487d40a3eff504e75c3f2bb2cc3969621028e2112e67 +Ciphertext = f88f4ef0431d0f23911aaa38a4022e700d3a33c31e0c7bdebe00f62ca3b55d358385de25ceb0538242871eb9c24530e557d7981fa0182436e1e49272d52689541f09517fd147a8da0f0d2bb32d54911a36eded0b87bcba54d6842edf461b45839df1cab5176e2c82c871b3be4ec1bced67ec5d +Tag = ae8d847f106e914ffadbdfe7cb57beba + +Cipher = aes-128-gcm +Key = ceab57de6220b2c80e67f0c088e97b36 +IV = 8cf438aeb0cb29dd67506b9c +Plaintext = ce2a7a5663449cf6e0068085e3c373c5ca6f027544e327bbc09ac00f1571268bee186d51a00bbc16da7429e4d3d5235d8d54ac96b6ecb2fb7d77a6e5b9e70d431dd4dce78ceb972e9e4b63059e350efaff841c2c42bc29c139b7fd070097556b6281b58e074d5271d9f66c6744ec6dd3b9db2f4a21aeeb7d +AAD = 03e464d111ac9228d39d22a00120c6ee671fe5bbf462b1ee3fdf348b34999518998ac4e175ed48189c29b49b5527c27c43094eecbeaeacd3cdb48cd15aa82573e884a7b97bbcdad610a6955f7d8b04f6f98a13a907bc2bec4c940b77582b248f5fced1771f810977b2d0a4fa48bd4d78e4bc383bb92743fd +Ciphertext = 1fa9c379c78b92fa3c1e478443ae38d7b4b50235448ce2a88467514bc9db95844ec1baf4dbdbd1b0720e377d05d82c3b58b52af8c9c50417b39ad225e373c7ff18ac5a6ea5d182b255f1c8a2766e31e3e4e3d55dc08dfc64b818ead40a0e824b06ab24f0dc9f4f0c383db7cd4d40016b31701bb401b126dd +Tag = a9a885578467430504731d1a8f537e3c + +Cipher = aes-128-gcm +Key = 585bbac0ab4508afb8b72d84167551aa +IV = 774c82af194277a5506e45ba +Plaintext = d788112213d2b8b5b66b056e8b3e344a7876f6193b59a480c51fc04d3ec2e5166344c833187b14117276fd671a20937a4553181c29d3d85afe385dd86093708226f082a2ea4ec3288f372c772ca7ceae86b746ff428e8add17b0f34f8553e3db63f55224c39edf41f138a2c28be49d56aa8b4c93502b9794a16310f78b +AAD = a29665261a8eb58c88803bcf623dd1a14e76af49ec5db72a267f2ebcbc479385fb6b32bafcb1239515d74a8282b228e83daf282d1ab228099b315bbed0f0e6b3427e029cc28c025460a8bf0914bd584c13e7de7830ab77fb4a9258dfdc9fdaa96ca941546477f04cea19a365a27de34e23e154e7419aefb0be0e871bbe +Ciphertext = 24f2856e4e40c0b2b8b47e43d94c1faba498884f59d2ae1cdf58c73770279c96feeee3025ec698cd8f0ae25bf0c9fbf2b350674c317e52bad50aa6ed9845e194f294eb71ff192604af50ac7192f308583a3edaf6c7aeb588990be81b801dc916ffd621dd4016e2b76e9078c89fac9da39f3a88f6548006a48b0199a732 +Tag = a5c8f9daa30b045bd3e1c1b01f438518 + +Cipher = aes-128-gcm +Key = c5d727d159dd328b4160ff45a183226b +IV = 881c0802db519ce1595573ff +Plaintext = 88b4be77bb8a2f37bc5e84ef9da92a4b8c3777dbcccfed13b97e93c19674c8c3f13119363ace377a14e5f36501ba9a3898fc09340886d91bf0a17ef0d028f2a92ec150071623a4a5db8e56e99e764629679943ea879ec7634fad1480e8617fe834c26210276d7db208b13f9b4c2060f2867aacb1b47c8e110830beff721dd8d120de +AAD = 5f6513ad3d490f784dd68ca1df41e8c8e1ab9a240ea8e9bc22d0b1d7353da94d5d37c94f0dcd1a2dedd6d8e1c79a383e7e214cbb6ee2ccb7c6d894ffce5d01b6cf13876ae2648d36adccd88710d7d2ab6d43826d37ee0ee3b434972a2cb8f4db1c3304cee0a352bbef76f05de0e6f55a410eea5e697afb197f2483f0200d0abee224 +Ciphertext = 66bbee209eb11c675ecd3303c38cf1087b010c532e1357732c4911ca9db78c67805c95c829194cd413b635a900a08454c6eb9cfa3597ab531fc9ddfdc5b02b290be2a618df7d03b1ab465d6d03e8b87a430bf4e80d8cb9916145cf2d2342a91fc79defa151b1f3c695608e76ca2abc4c0383897f1cbb9d4bd9969b2f33813e2b5502 +Tag = 43daa08e6eac70e3238ce655adb65005 + +Cipher = aes-128-gcm +Key = 16af56326046c92afca49fe173d643ad +IV = d32a935b4e56472d92d9f2ce +Plaintext = c49c8e5769670384d23d9af9834026395d3f3bd32d88e61ed06b2e00e52a5ae4fe3867993c2af95203cd4006470a89677864431fb9edbed17412913bad4bb3eaff0fccaa150c9b13f83b9bf06698af844841a640d6f94d845296638ac27fb5ed87c310dbbd36415161310b284b8f84b4e025267906e0a4c822b76a682d44a70f9afde9bcf48ac2 +AAD = f713886f4086026779a7e479fa646cb33574e6c977d70b8da49c8fdbb395dc7c149a59e219db8e4fff053cb00e2a1df9850fce94e52fd34661fd3d4cd8ad3ffe0b4bc7ccfbbf42eeef3e30ce13cdfd77dbd067ae9f5aebfa068f6b7ae2c17ad956dc03511dfcc38eac9fa3c0c0e9a340f5c58e39d868b77dede54fea1173216c0bb8f0a6c2990f +Ciphertext = d5d7d1ed0ae3e3481e2ccee201857ce1f427734fbb4fbe82a2b90601104008b8ad4daf74514b8ab3e42b6f6b509159ca04489b1175ce1e3fe33d36ea521e0aedff8c69fd00aa588d7a2eb9d2d551e2b8fea321f573e2a1df147535a873d540a3169d3ebc099ea6c33cefc04a2d55dc2d47237b95ad269fcdcd3c3750af426beb4edfe7837b413f +Tag = cbe0fb9509c224bb0e8e33f7ef9b49e6 + +Cipher = aes-128-gcm +Key = b3df227e6dc2c846095e2a3b825d7645 +IV = 578bc24ca3845e23204df661 +Plaintext = bf69be81cf0b340b006badc9f644d10376f4f9a7a78c997edb8729e3786447f21e97e4c1e0c0c74e01ef655d0a84ffc04ff7c6712ad65adc9a0da2e3078d4c9e796c9bcd71e7a9da26b987990d366b5e00a23a93652e10942e07a6aa01375af27080c9cbab5f554497abc48260937a6fe895361e79cd3d5e78c1a65c6723d4a4fbe9b3dcae3c05699cf6d3fb +AAD = 00898eedad307fc017917a3296bcedabaad8a505edd34e93d92f3b61797ddccf3fc31144ef70f255be3b0c165c97eb8706f14c495f4aa9b3f15d2dafd65bf6741d67fe240967efbf0e75e610db9a8f722035e039b5e9246d258084a04c12ee8ad1668032f8caec737481fd894dba2ef702d3e6089acbb0fe0bdd6daa2a5cd47fc62603499fe3ea37365072e5 +Ciphertext = cfeb249551a695ddfec5f789e7f0a9f916abc8ee01d6233c32744c10a09b5b19ff9ed15e9f10de8f93c8ca1ae3c34e26fdbbb7f3b0f5f8b064501830d3cc982da99b294ce51bd33085c98b0ac0bfe44a8f4a5a26511afa3461aa88b770f076fe119ec90f33d8c9e7777f30b8cc95864f06e04dd8e328ad7a2c7dab83b03abfdde065bcd0c7d6dd47389108c4 +Tag = 3dedd1054f1a29286a51817264317b83 + +Cipher = aes-128-gcm +Key = 58a57f04d1d5cbdd1bfbe01dd5f7e915 +IV = 47affabd7dbb4cce76661081 +Plaintext = 5f82d481a6a3856c6f0be2aca54d666f16de88294a4d763134dd51ef03661bab45da94b9871d94e5b574a52214b22c92cf9690ecbffca9b108fe796abed9e608778c0b99d7bea1daec08dae89d5f7229c04fd52cc906b5f5b9fc0f0fc1e0b2272dcf4865286ee22bd9edcce1afadb579ec72cdf6038cfc75c2dbab5a1fd64b6f8e200d1ad0afcf25863293fdb7276648de +AAD = 4b662822b48005fbd85bb99e6a946eaa74403909f646d914a236eecc5f4558b60b2efb1584b1f32d936b90428dda6568515801d21d24d6fb622e6463897c70be01f81fef741d6dd5c6556d163c3f048abe49f21817b41850ce79d7ec1fdfeba32935b58d898e964fa4b36f79c0f1f560b0afec3887ab325e1a025fa7662f9baf8e08a9ee714b8369621a2f1e6d2e96896a +Ciphertext = 31ab08ce0aaa883628f4b33369e5f6e5a54ee4a6596f25ecd54eeea30e81b41d357cb6c671adb6acd3d4e6654feb2ab1f3259692502efb33c5121e0852cbcb2dc5d9a4c65752debe9c4bf5e995fc909a2881621d46cc220806703795e61c0fe74c99e3c1230521b1f97bcbf4e95326e2d581f0cc879a2fc06ef88226a4413f9e9985edc913c418cc198c4df13cd46afc24 +Tag = 1e54066c6cc37f35c62b47426b609457 + +Cipher = aes-128-gcm +Key = 64011470970333b7b677d4ad8ebf3ea2 +IV = 17031c5133a426d96de93123 +Plaintext = 882cac1ece2d22a1db7f8339332379eb68516c8b7dcb3c089a5bfecceb49f48a169215313686eb5708135f379d89962af478cae865841e0c97ab47a57a456f634282c4e03c99abf7f7cc4e8360deb48160288f06e96cb09114877f9d91dae98828285626a1528aac87f39cfb8ad3db344fe4318aeef6f6ba14bd1edf9caab548c09f8eea091229a90dbc4b0fa34fda2bf13d300a1f9c +AAD = 0394bb920cf58806b909d90c046402c745f6876af85d8a281081e22a1908f8475126594b39a0e191a070bda7c78d30dc4867e69ea522cfc962fa5f9915daea9133e998eab22f32a18957a3cf7d91c6f3d54cea94875d60be694ee841fef01e69bf5997ba4f25e846558431eb592605265f235211c2bb2d4807278f4b9c314039d0768df24e9c098c6a01c689d6a143073fb1a29f4400 +Ciphertext = dd347d6a3d4a71b2bcae0a0c690ca311f012c6ceda4f7fc054b8f9b59bad54237b64b93331b99f1305801640a68e7d50cef581a57ff2564c90995a8dbf57fa8cff046d0b946af5f68e0aa3d73262965622fe6d35c78f949a6cf9e4f62ba71accbf403b690e31f610305faa6737a19efba1e1ee97084cff2d125bd69a5a4ff99aa399df650452daa835b3e54114b295f00d94fc60e2f8 +Tag = e5e72cda6755bfb3a44377945adb5ca1 + +Cipher = aes-128-gcm +Key = 4852e546fdea545d7dd12493a687e895 +IV = 7a3e136cd961191570c1b0b7 +Plaintext = 30c10d7a63b614bcae1b79b07c252dc55f322554ac34ca664910fe4a0c9a33e30698e124d91cbb55cf34e931807cbe591a87667f2284c1c18dacd108163aa7a82e274ae659c4ea144191e3fc0f82d4cac929969a50b98ed9fbee52cdf465a1f0535d7d7df15a9a6eff3f4a14e254571cc47f82716d7a835dfa839213677c4da8c8623517244891993ad5956f65d318d9bba16f1eb54d2974a741ac +AAD = c5ded7f545d2eaccbc2cf5cbd1b38b0ec3b6bbc054ba25a16efdd448e5a47b0085974e469c1b0df22441340170d6677f5158e4ccd71446d7ac73dcf5fcfe4ad7248c4ddcfab4c8ccab0968d74d66d9c9561650eb98c088d87766440fc9967e8463febcd12ed07f7e44fef47cabf05274002d0014c4e31f230a41171868db68bf5a83c902724397ed181dd8c6768a898e0c78f6aeb886df95442e99 +Ciphertext = f798de4998683da7fa9ca030a23dbc493f36c48bb52cd1113c3ea97ef2b67433c00195000777fa3b75a3f689a66b148159524a1fe9576587948760b279cda56164a23748564ec66ea51368ba2a900c97169eb33cf1e557f46100193575737dba670175035f0d921675d45415c6591cae079698e6b1f74e82d4b9216c20e907b148a1d514b2cf653d2e4994f7f668dcfe88dc49c29c544de96d8dd0 +Tag = 3663fb2672223154981b4c580ed3d2d9 + +Cipher = aes-128-gcm +Key = a65b520a2ab67a24fb8fc669c41f2753 +IV = 3bd6c7e8d29242abecc4c108 +Plaintext = 9d1559d283f7a38847088116f2156b19a8feab0731f04d0d499c6b0d21b8563a89a9c284230c1298b28a622cbdd38dbceb098ab896a7259caaabfcc7b0d9ea797178c18aaaa351c7f516342dcb9d3e91405882c8faa9a28f7c67f3db8913b31c0dcd56472d8ebbfb20cda2896a66bff2706b12ae0d9bc8c6c123c02f1f0bbaa418c1806482423eac72d718cad0dbccd208eb81663a9d9043d6ae7a52cf32b1fa +AAD = 2538529cc6eec03f70df2ab085027ce015279484981422f31e58aeee31e79703d72752af2b8822dce9b385f1530f19e692e00e20ef973d333f4bd585ecf122bd4ed9b0626cef46baff0302c71411d27e372361f36c7245096faff21f0236f3dd675646760d5687b3cf1544dbcaa863f1267bce04bca976616b890c7c6ff3448d16072c3938f9b62377609950ff7818cbdd21fba2560bf1954a93517962181b18 +Ciphertext = c3194fbb5c319a94c0f61c432a730ce7611a005cfc78266ac4e5d7c95351e71d613f06f52d9d008b9d886f4d9a57bcc232d47e0c75ab755dfccc057a9c7558d7fb696a8c29843a8b9199e2406d23cd6507d35a872fa54cb95e2cb9af45405ebc6b6ee353e8a80debc393329bb9499c61c6344a6380c118f30fcd76376a9765517652e1b21ecafa63c0d19c1875658f1eda89c15ac2daf1a6f526ca72ee792a4f +Tag = fc16cd532c926ba01e2e6b15327bfb3a + +Cipher = aes-128-gcm +Key = 84215d2c8f86e5b7bf93cb0620da6bb7 +IV = b35e99ce89dffd1ec616ed92 +Plaintext = dfe500919f97713f6d9c4f53913175b162b8b7587d85d5b63f0cd5f51def23119e2e02c224142ecfba7f0a519aaea3c28be20b9c2a9c98eb145afd4db523b7f0b822e67dad630846b2a192bb146dcbeae00198c81b80c290d881125c24a6b01ec901b8912bad5b081ec7d97d6997b33052ec287f692489df928ce36cba1e3d6a41cf10c697a9e1f4aaf75dc5be054b98965ec3ce173be7e127c4c5387048ae6ab5a8d247f3 +AAD = 6bf6222e64a46c90f83f47305554d090bc8d3838b7a856f0e5e1d92c4e7231eda6af1d9eb7ff6ce914f2256a3b0c853453b9bc75e46109cf8d7e8a9dca224e022d3d1a139d00476775622799541edf9d53eb645a40f6d98ea559e181d96e4df0141e51fe067542300581c0424f534d2c2e3b1b27153c0cd496a1c03301226beeed2b5cce0710d1f485e68b44a918b63fd8db610c7ff894514e272b6ed7ae33a38907e0698b +Ciphertext = 6c6faa54df62ba5659d45f64a5f014684138c93bf152da8a495e9d067b13a30b9fb84847f56231b2da4d87e6cd509a3e38a9ff47589c627e5b5a1196e27fc7afaa14a8432c2d10d8fbfd5d6d394e4b947c456420708a76c2aa638df7de119c160636fc8dfba32227c5de12e5ef429da933ab04e77b489f2eb761d0c753738647ad6793cad64b8942f621ac67b13bd0cab106ffeff21f24c79de69424e50ae550f2241d4029 +Tag = 202b232472d050b9bbc68b59a0c02040 + +Cipher = aes-128-gcm +Key = 7c02b6bc3db61e23736c5f36faddd942 +IV = b958decc680d5f79ea7b8632 +Plaintext = 7e5992ed0474f4224b8da1d038eeb78413fc2f9614fab7120043e75986a4bf1114a80703780a149fcc8dfd115b768f45917065c85176a3f00be40b427fe3765d3919a5b741708624e29bcae876d251fd46dd8d36a8ef66f671c25f984761cf7f75f4329de7093937cdabe32f130b77531ab1aa0a1bc38fbe2758c2664eded828b2589fc5c34d9a0d57a5a4463163736f419b65f0543f50207fff4cf1065a551bc00ffe9466538b673b2a +AAD = 76e430fce1a7d8340104e6001f1c2048d457ac335c5453e48727244b75c3c4f04f55afbb5ce55ba6f8632dbc168ed715b83968a32e5b8e91cb24abc9efee6dcb7a8bed9394a546f0b9efc5823ecaa192df061eb41c671bd863498c2130f322074a711ee43791a1cc02b5cacccf25119ecdd99233abf3b131c83ddb8c62c93a0d653e91499e7481303adc8dbac615ec464eb8640ea138f6236b0ee31cea060f97ea9145a22d15e28eaf6b +Ciphertext = 14cfd190ae0521f94ee6b36bfcc403139782bfac3d33fe95c81f53e83c7d0c9a8fdebbddd79746b550a383ece1b5c93316b2fdf5aa36b4e97f739f78ccd2de9963ee7fb4d77b581cf676bb679b2dc4a48d977b45564f21181dc60ecee84d736f2324196c20327495d18973660ccb5dae69b79853d12e48ee0706c8ed821b7f722e46f35c8dee2b7b55ebee01dd3ea1e8ef80493cab6b27c264a67596cee06c15062e3a96b140d0d9ba38 +Tag = b6c47410e6f4a2f2b172c6a4490732f8 + +Cipher = aes-128-gcm +Key = 1f58ccb33649d0dc91c50f2aedc95cbc +IV = b3a392b1fff0157e95f82a44 +Plaintext = 738e04dc5a8188d775262c2cdaa04468844755dc912a4edf9db308efb3c229b8e46b2b34aee2c6330219bcd29d3493e3cead142cef5f192b043502b8a4cf0419f9b3f5e001a640541c84141e36d585b05a2f702356bd39bda518c42b461564326969983d22c3ac5a2aa214807ede803d57a61c9547505dd7e08402cc43e6ed1574a48366cf5b5573afcc7aa3c4d4721b362d20a58cbf251315f2b5f9e2c97c5ef6bff44beaa5004e5b7c7f28295df2 +AAD = 93f7f5054605edc769efc30b35018ee6c929a83bc6454352c69ba9c72e4b4ea6f51c9ed06f314b5682be6a701c719087765d0a7022e5c9d495f28a9053bd435b8b834045c3670856149b08dae742b372a15a0184375d50eb09877bf94f63859e64228606791c516e76c5695a4e529b9dc5f76eff1d4641a22597e4460aea4eff107348077d4ed2d6262744b0a2d6610f25264d905133309ace10bb52f7138674c25e5d43ededbd87c13dc8fd9d3b1b +Ciphertext = a002b47b18d1febaf64842fe9011484d618a2e855c4efcccc7d08f02dc9b53d0bd4fc8013e01e21fbf2d9bc7fdda69e68be0c06d32003d045dca6bd251c0bb8c2cbe3693b252265c8694295772b767f83661ecefd57353f6f1c442f9d21ed98c55cbe1db8171ef7b54fe3e3a1a253b4dd48416b5fbc7c18d73692e9fc90dc75d4b88de1fa47c9ad33ddfa4e582d3fc61ca2a8b1eab898b9992c8e56d170730454ca50cd4f28d2759388cb8e302be10 +Tag = ac502a9a52fb3a68a7e90dc639c7ad42 + +Cipher = aes-128-gcm +Key = c67510714f556ea1744af9207917eb60 +IV = 71b347a21653cec3d113087a +Plaintext = 7040fde3513cf7f1886d7be9c0f371a3b75415e94c3bdfbef485081199bec4494beeee76dcea05b6601ebd4c8fe231fa16d3b0f046eb3e9c9ed8baef25bb0ff6bc85469b2eb41b929fe904735f819b241b01230c68c0b61577899426bf0dd30e085cccb4ac290244d8c1cd7514412a3ebc51aecb6bb4be1a5a4a8d2ff3fc99191f7d7d0b44fe2cc4ec34deccf901f54e3dbe19d2dfe663855fa9d93a01ab14faed7f00c14834f63e1d153441c6fabb3cf22506e8 +AAD = 6d28b410c788dba025c387f5b94c0bc392c69ef646b9cdce53dc169326359de26a721703d9a7c5017631a469da13b2d9ad9115de7d06922ed6f093792ac25ae2e27993ad6be5217dc4f6c51e18f230d4eabb01a474704b71b1407d9cff921bd98e28bb60c4fc019b4d609667c747e83eef779ee62000b6800ba2666f415dccb12d43af4f585d3185d66ba2ecf0b0fcddf762445dd1b6154591dd069f03977243b45b113b6f9b110f9fdd96f0b74e2c9843a45c6a +Ciphertext = f2a2cdb4f890241f44e00b3373769542cc3dd24c3d07502ed162dfa10be9906871051b991f36b2d5c4240df483c2ad704be14b9efe79ca704e8eeb9dc250e75a92ebf5800c59fb9a6a32228fa1121d21e0b423b77e20010d36b9e6c68dbc000f69bddbd521a1f7bbc9d7e431e4e46e5094be96a928c6729293d2d805c468a3993fb7439f192b1142272a78585e3b7fcedd2f7cced52ab2bc42e2521603b89ba7633fa3b4d07d9a314d1159d7bd5b2dc5198b0c34 +Tag = 0b386c3a58ad23e9a45f00ae107d319c + +Cipher = aes-128-gcm +Key = 171d25e195bae2eaf666993f3b42d690 +IV = fc16bde0c69d5c894642f1f3 +Plaintext = 8775d6aa2e46ffea6ad4439000a968bcd4fce86535b7265684071a498e0bfb37646f56fad79e0fdc4d6016fd1e935dac5ad74b11c69f5261c3321efdb9cf03f9b7ec681a7f708ba8e3f66648b24c41485a5147df31385809c800155d0d4bbf41d248453302c3754eed4909b267893309ba5249588cb4a4a14b4a29496f1e799559ac9f4baba7a9b4cb5bace1c11dc0e7ef7a2ddd2596c29cdaa378b97c7d3c50db49bcadb8e1840c6b9fa12ad88c0b8152fd753efb04ead427 +AAD = ebb169a863dd05cffb9deb866bdd130a1c6852046881f3f8e9013158c83bfcbaa98743957ed4b0619eb88d7ff69b3a5d06da74076c3cc2dff83dc0375236d363c0e2b1fb60c9cf10ecc0fec94757b1b719abc7066af15ff9b66788b38083f766d67005369319967995407ea20339ba27e7bf1dc263fdd54ddd8088232a500f605ba825fedfed69cccca75c207b06594d1d0070ed12a259d4f574f352d2e2ea6fa45199213b6a42d53a7c717250715e0404f2fe7b64e3ec7e89 +Ciphertext = 8694eac2bb3968303f795bf0118e43c132c9dd22ec320ecffefbe878ebe6b1e0833d19515c07ebc83f12cd9bb50d2658e6d7fe44a9fbcc2225e93ed58e1bebd78edecbe6c8b3491eedfdcc957cc8ddc95d8116d50cc50b1999ac420802605cc652134ce51a41533e00fe232344e805df146a952b40ce27a2f5c6bbba2154489ca40cbb617476ce6ceac1a6b9c0175ee33615f252377f52583e970f77795b573610baf5cbf5edc6d2837244f88bc155f71588c9c4c1c802be9c +Tag = f6725998336b3ef020b99818e0d932ac + +Cipher = aes-128-gcm +Key = f7db0fd345ca6ca82ec8624950f8e672 +IV = 3e7ee1a209b1a191f0a00370 +Plaintext = fa86869e14df0fd8e77eba7fe5a933fd1bc58654deab310a03aa7202a089713e323a323f4932b4b8f6b40982d6738aef48951f621aeb82a747d290d93d1eb5bdec6a62fe66774209a4aea7261acff80af9512af090e0eb0f5905ce8baf2a0ec50ed89906d8d67f370639e6f16eafbdfa982897cd5a3f88929d7f1032a8b3355223bf666be94ba9945fb5cafe655d59af69829ef92365f54ff3eebc45e01ffc439b16e23ce892ba6db7e661fc3676a175a8ede746000ca147db57a14303a1 +AAD = f7b826afe62356f985e8e10ff356dc9b5b9d9df24486523c3bab7db355c84ec7e4bbdf66482b74fc6b4c6aaeccd7717fba44eb4820a40f03639076776719ea7aabd3a815c201146428bf4c6bf1e8b056b5a22ebcb214fbba64de54089a20ababda5c860ec301f36e1801fc55fe8fa189f35722a2cbf83ae921a9537be2b4f060d918af9b12f9111909d59db7cad24418896ce49762223d8a20a3a83fdf24b64703c19c78f528daecaa8689f307da7fe0befa1d6b1bef24ac8d9f5f12b6c1 +Ciphertext = acdacc648833698eff4d42a5dc0b123cdf6f2985ef05e6f2d42c9cd04663635d240648da18dce158b21cc0a3f7a2c35441799a4f1f5622e11051c874b2bcc64314bf0b94c2589d2a24d996af57d22085a64f10135322cb68428fbb951d8b14683bf6fc96b1395829a0b05ec83eeb20e54daf7a413e070ae1e0b73bde56faac630363fe215f1883cd9eef9c3b7d076bbb56f6f5ffcce0d31570f79be8864482b6b3666424dadb674f873a1b52ae6e3d8ec8984edf54186e38c71602098308 +Tag = 4dba5b1385565427a987c9d0b030f4b2 + +Cipher = aes-128-gcm +Key = ca80ac4cf4057182d06d65dcdc09763a +IV = 63cdd8090e041baa9dca5bec +Plaintext = 701c739ba0c146983b9e1fe0a9723850caeb818514860c3d4adef10dc5e020a8dd7f2fa282896170f9039d5b3fa629dbee3bcb81db44d0d68f9522477619269a59ec1a9ed399d4902f25271dff5c42f3747ab0f4b61c26a2c1bfe1c0fed02282fc2ef88b47825cdfb11df3ced0fe0227e8264132dd62af2d31f23d0c0e253f01c80400127c37806762eb28bc71f31807229172c78ae994b4ad800d6247ea12d3f4f902bb50b72c132902dd4faee05e67836facc7001c8f58475366668ed20d4899aec4 +AAD = 0e91b38fdc70951b97e43aa9ea2c6f78d445d90ddf4faabd3e6e0ef74f528fbd5c3d4da18cc3d8bd3167b756da495cba49ea35e2db849bc37f6db8370b492d7f82f2efafa5444ac62835cb5602796cdbe85caa50084e51eec2651996d2da0dc18fe10bd6f374168d4c9ea0a36ba665148192252ce9d05cb78429c55256fbb65f1bbffb8799d63bf41701d1d706a44e3f27eb245cf720f2a329ea24fbea803c575513830fff579a1bde3daa975eecdb8d3956ddd374fe252637aac86ed3c702c4ec63e6 +Ciphertext = ca46eac0addd544bb45a97a4989d45d21599ec70f843d9db38157d186716dc39a5d1a5c0624e6c825b5b7f1fd41aa542ac846ec0edfe6bc28f727823667a33cf6cb5ba1ba6654cd023857c53ff00a63b34d2c17ebae5d46dbd073edb7b2f9e02842dbf663bbe36238f3eaeb7a23e328b0d3d50f49674253898f360c0243722af266c934f021e4f2fb8747fae728d06717b2d68cadbff762956826c910cc8ad2d4aea4518d5ac4deec978a13072fd1675a272539ebea31d736c759227f31abc911e0e76 +Tag = 9f0202c228ec48f4be6b2f876fd05a83 + +Cipher = aes-128-gcm +Key = 9c2daabcfae974ae165a2ea58ecb212a +IV = 4b9317e4be2256a467e2831c +Plaintext = 09169c1f5d873f03821393bef013bbcafcd82314cc986675922e2d43031417c8e65e625ce737af4621aabea6fe75030b84acf96967e791f8427b8f052051d6247a897006c6ddedd49cb7148afa5109a561e78abff7c55b97091f356e31b5667270d5653a497e2503d75e5856ac1efdcf3fb6e80b8deba8802acc064905e2b09d45e446d7d810971e5996540ee9c01fac1b4331f99ad329565a8db38eb93f2e2a8ca37d64d73cc8a7f4fe3234cc155226393f1f2ad17d0f01d5e60537ea44835dea853e027dd597f7 +AAD = 1feb0ca13b3022456a4801d8f5382cad95f7a50e466a102d2208e7482dc8ba5c710d1721de7103000fe8811bb13fdf698844257dd164f1e21b0707251f228ca8bd437994526ed5684c4165c9754d1cefe7eb18f9e116a455c28db1f7c04feab74ab06af029819f51ed96f453fb6a634f73ba8c80e19dc62384e82feac70a12d42e3125c360ec2a97f4ce0a07039687ffc37c5dc1df1ed24f05a37591fcd5c34a3fc5f825c79213adbbdef65078f5e41a4062517334a67560ab215fedde53cd8129a51f27baa80f53 +Ciphertext = 8a4d4ae0842f8032d83b2e4eecfaea439f745f1d0d07808bee4b68e3b58fcb65a4c8fd9b93cba2d5b4781d28a9cc01508e9e85796551064867551f9083cce342ba1aac4d2b8f5b0b0e4e3d7c82082c441467e47aa2b0f47e167b28fd29cb8d5ee52c2298c1f87cf811061d922f056214346c1ec3d2534045c5c485ccddac7d9998d3d08a80a62eceb2ee18e1a27f97616969df52ec486015974f160745667d6be25ffc20b143d89bcc8b6eab9dff82ce3c8f95a034316a8f2f2a52674105f1246b2daa28edfd829d +Tag = 0361e65b1fdb9d967492ded32e1fe811 + +Cipher = aes-128-gcm +Key = c98ed84949749efd2ee41eaeec51edba +IV = 7b056c9c7b393b0b04382946 +Plaintext = 41b87fe62c82bd34cbdc70033ca8d2ec5f13eb2c14947f97fbb5d97da7323f8eb5c2eba210be11b1ab9554feaa516aa493822af4a264c8849e9c6ff41f690f44966bb49c9c1df5995de8070a2fcfa42d0b0b5115a36738102134f571988ba4fb210edc3202d3c74b5f8801a7d1e217b90caa27acb49ece590ebe6637fb6e2f5f0b849f29804efdeb8c102b3e3d2abfc4f6f2c5f71f0a6e4d5daa5cf16561914f14601edc40547d55f7d11eb4768d5c64fc621d04e8c64aa3aa1245c7192852d2ccaaabd448e06f806eae66da1b +AAD = 2fdac5a70356c2c8d70def497321c6bee8ebb08a5abc8dd508d83f03bf1a09942d7f7a387d4f875a1ff16c7b5abb53d32bcc372012eab7a3b848a93f7af634eff8c5deb3269d418be698a3026f6f08f55a6e31543105cf1ccf56193cd1af802f32e10512a6bcd3101b7b54a8f3efdba03018d5f2475b51bd65e5e183a62ab11c9462450883e3e87a9640eac909f72b83da8bbd34431ed87d14c6f7e79957067c1cf2a12b5fa083496f903269a3c6c8ccd5e3f9cc287904223ee62bffc4f157f0db409e82101e3ca5e05d962378 +Ciphertext = 384ddc8e7ed6868aa722f6785fab15eb69caadf43246521b97c8d016afd976360365bbfc9f48c08b0eaf5437af8a9c23061dcbdd0d22e1d58c92951b43e013689afa6b1587f79fe9ad3104ee1f80b3c95388e35b0b9a5a3b733b32a3e62fc143e6255d0e5b1b55bc9439d3c1cbed610d36c3667378bbc1ac20d93a5a7e5563409a5b94ec799a5281213d724e46f4987588e6bc7e9e6468bbcf340d5f1a1eb1b45dc9fe9c832befff54c8a85db9c07196d7d45cc389fc9d62f4bf1f4bb82801cfa9c408498331eef4ae1ee2809e +Tag = e8cbdc1d6d51ac64f16cf08725f81370 + +Cipher = aes-128-gcm +Key = 42ece9aeffc9d2e8ea02e73d1a4de834 +IV = b59e0770c689d60823c06c69 +Plaintext = eccbb9a2c1241c88d17204cb0f0c069e20512bb1d31f966349add203d84cbb79d88f7add957a0a8370b9a0e04c9f17215531cd48d08c4612bbeeecf3dce68d41724166e06a331e7897e8c7c6a6affb7bf07dae1874bf3bec044d38227bef5c228f4cface9ea37255e15d6b27e154b349b16048b0e7984f17cffa03da07924b190f9b91d6222db1124c1e4e77c2b989fe2a7c338c7316a49c7df0be173d0420e8790bad669f6da96745cf34cd2eb429d18eeb61a8e80a5e03294dcf3a5886bd1865e2a55a72574db8db04a9560f969711aa7a +AAD = 2aeb8ee162a7aafe5a72a8d8873ce3bc43a65fd7bbdef1f6ba71b61e5a9c3bd033e7e8eaa55e08ae381362ad0991d65bf22c99a425019c4cd7768622f108f5917a4be22b4ab65ede66c58191e402f8cdad69decf6552dd52b62e8d62268b84122b64145c97115373a26d2d5e59e69b7dca5f96c48106e9fb3f7fc7e0ab11c78a1fafc697fc73603d3f08fdfc0ee885f84572fb04fda718a21744c7e5dbace91b0e141fa82fbd4d1a7dc35edafaba7c5894778c5952ec787bb547a37e509b035c684a8f51ceac5e12ae71b165dfe957c6de15 +Ciphertext = c5874137f5e75ef02521b37f0759b5724798aaab8a1e62df81b73175690ca1d32cab6e7a9d7803a8aea420ab273fb46eab9e5f0773b7f5457d7a8c0058ed9675a6e1a7f15805c7fb695d277ba06adc3963606ead0cedb342614cb410f4197f4fad0b5df2187f8d2ebfe85ad3d5f59bbf652364c7e8c3542c5d7f15bc6e6c24eeb1d3232bcddf6588ab1c1953085bd0a1516046b76714d2b97718ce57ad23cd213507f6cda95ee9c5c23036cc7d4133c84a1d36393979f9d1bbc613350252a6de78d905607adf51368175a20106f81aa9ff9d +Tag = eab1c7790a5941270f2ae49895b3113d + +Cipher = aes-128-gcm +Key = 6ace8b5fa16054558c9d0e272573a7a1 +IV = 358c73828e032f0e0db608fa +Plaintext = 915466e994705239afebb8025aa965626973e41a750bd75f9e8ccc7c1078ec555fa618120b4f4b5e273fb9b262df73d39950fe5cc1c265c06a08e2318efa83c63dfc689de80966f45cab0d2dba603bf116b9ef7242bf4d9cc691a775f78148d2c75059d6049c861da5dc40d5f94848c7247a724db956d050975d613433066ab89bf91936e0fc85c61af5c2c61cd1eb414b9df0dc125a31a3805903a886b427fb78551bc696610833a9e55c7776ec1622abf839d733594864de06999be8d483f8dbc4da99f541c6f7e21d946cce229a104a57e4b823bfea +AAD = e54b90d037c375238f4989910d423bc58d32ccc06ddee558dc6a0c2f9a0f13b2332883e2c4ef9cce41d72cd636516b3506f28f914dcc88311fd7c79bff0ad32770e4847362affd98ad468117cf0daa0f5747c86359615ad6087ee18e6c58453be60f3bf30f8c61c1466d107116f88499fb1b5df9a01eb762317676d5413b839c66e5c1b74121f6f2f7408825745fafa2b10ba7450f4ce207a9cc682d1e1442f972a86d5d4039c4856ccbc00c43b5b3412f5b3f87c16508ffa527c8080a556944d359f388f787f9cbc033fb3333e72127e94c455b433222 +Ciphertext = 37be446820f5635c1b5ca1d8ccc2c5ab5b393243ef5229999a2c084fbb54a330bb338963740ba470973adc86e640fcc167a88bb940e5ad1723a01089b5e804b932138efed6fa0ed99c1ac4e9c607f466c829af04407a4a2e5cba486685f693a7b973921746902ad8a0242e02075cab66204084e6b281d58430f2d62bf55ad56ad279bdab0fc8c3d570fc3371dc3280ef3aea70d686c855d40ff205c04d457adb518d904f5715fc6a9a5f30bf1cc74703b175d70a1470cc810a366cb8927fb937aecc200928db6b73873935c429e2f8d595b418c5b1bf9c +Tag = 01b05fbaa9f2257b3c23ed3cf91bcbd0 + +Cipher = aes-128-gcm +Key = c5bf40aa1127073b03c114b10f3f78f2 +IV = b4ac4fe9920fbb4e032f6aa6 +Plaintext = 164906110c34354a0d4cb6370e1ccc17a739350cbb11d6570f398d50efe3d9db1a97f00d031a579f56d23da2441295af18a640a4e33c29dfdc848d722786d9b73550bfb76da1676af24a7bdf5fd3301090bf342369a24ba830c7f8883db6ed77a2ced83bb85205ca31f75a16a58fbbbd163a3af5e5021bee2d2cece33c08442e89d3f4d6d2359b94a7ec6cac388208a689b584d5dd1103fcf6af10ea2c7cda4f690ea0e4c7376fe2c3e69365d982da28c5bc18d58fe384c9ad2689f4047f9575e54970961a02419d9f2bac8061ce943f132edae1b9622738593cde52 +AAD = 9f05d0391cb128690cd8bd120120f21725a79e5d2d0ef9e8322c04bf775f7215a82ce1ffdcf0f6562c188e84cb520f30842b8dcbdec36436725633325020cfdda7ed1af3323d86b2bc72d1b4a326f02be2231fcf133762c4fa76c8a7d5d3ac31cd19f63411a220eba4fcbdec40b8eb01e4ef33c6620978d09a8d428ce0e74d02c140881f46f6f81c2850edd82dc46f3460b5d5fe0b54f09a3f31548dc520f1dd46ed657995e63297b6834df57525408b944badf56234eb2b9a43b1422a5c6a59bc58be683e47753803f7341cbb0075b5795228b586cc571c1bca70d5 +Ciphertext = 5c75ee10a917651c49eab6a1187ed631c7069134e492bdb5e5698f8ccd5503cea5b1902d779c2f6e6c03b0108cee3fba03f2b47803e390930060ee4ac984b1ceb9488b4cce80e329d3427851aa7da2213eca2dc5f79366caf601c49a6b7a8ab068f1a9bb899b81a23c99a9de20466fe01398bc071c724b2942640cb1a00489e0ca7052f7a06398ad42500780f194078e3e77142df5710ae88540761b902084f57d87c2b0ec57bcb7eacee6743d419d8877d61666f93a127d22ccb49b5db0b93e4f4ac0dd9393d6351780dafa412380205a90fc8daad3dfcb1b7ffaff +Tag = 8048088e7e9dadc4ef98777c0f6cb661 + +Cipher = aes-128-gcm +Key = b628ee6726a4d7925734ab1db3ec4645 +IV = c830b0d1b4113f4c9aae46b2 +Plaintext = cdccda3718f2b0963414d965a3c36bce0a165f8e88aa70ca9eb3de6510d02b0b49c29cda4a7f6d439c18cc8fd80b932d0a4190236a13edc9994b1c4a71dbdb694ea5dea53ef781ed398e453ce372a99c204a138739edf5b606160e38cc8444c8fb6e9cfc3aeecc1760e90d13d01692ca894572a0bcb02e13f61d8604a75bb98e96f5f36d10e70a48bbb4f73771ef97031c7da23550b3a12554c2c436115fe56713dd303d1c3d87bcebf25f61710eecc9f01c555494facac496c68ef44344aae40bbe1199de793096d4630018a725b130a27d38ab2e8c629e61d2d8d37b5974f9b7 +AAD = f4d345e55ebd1ef9faf967d76736f7ef38e5eb9d659bf8a89fd3c6c3c674161bb54758f1c14856281a7dff7c9cec16cc138384f644544881d50c7692bf22513223b63274e3cb7509c8a410a389277f86cefc801d026b0049c13d85b26da1dbcc7cb387084a3d4a469788ef85b6da02ed2ba0412ba999c8cd83c9c6716cd66b65760c42d4ef3e324b470c2a5e031846fde97cadc448e87bec15164da006c10d3a846adab2b09c29ecc27ec8a9134d5fcfd2c54f17fb23f1a05dc8da46e737f317db42e927818ed00d36af8dabfef09c8641159fabfcfaed344b03a1dd6f9b883f7e +Ciphertext = 4f39b8fbd8ecbc8aaea871db2e67583a5b06cb83ed8035ff639dbc9af92c4e3f9fe57b970f4e998a0262dbf77dc024d5e208d3678ae0d90e6fa5d45e2c7f0cf90676368c8784c851d3818e221abaa87c5e54298229a2f4d3f82505ef7bf45686aaf12e8322210a727cfd57c74a5f23bb5d8222115b28503eae7a5c600ebc4765011161736a346b535e1bfcded85c198c6ce6fccfcff0fdb0c2fc480bc6e71fd5de77355932d82f8eae245091bcf5abfa0d62123302e5805ab1f5006a976bc1468e3bed0452c5844029d7d4ea6cbd4a907e905dfc796c01bbeb69c54807354a5bd8 +Tag = 2b55edb998ac9971e53ebc8973c4e8fc + +Cipher = aes-128-gcm +Key = 095b26bf096971842fae34af6833c77c +IV = d59d30bd5384b86b19b33c13 +Plaintext = 3be9eeac265ec4eb947dd32583ac2e595505b363d660f8b8c2ef631390bb152f016ba7c75bf7c2e5e23c980d6967772ca4535bcbf4871ac1bf70b53826a34174e5a2e6118d7ff86d4836736c9a1f9de44c80b236c5530bb5f80e5fbce9814f3b0843a088afd029f4cd2e6190dd51fa804f8216448e7acc785ddc5478287b101bab80256977494fae87d0c13054fa4470c3827b2e8172224944c8c4f78b0a33dd78ee2bff16fabff15e5909f62c49beb455dd655ee1188b8eff35bfba72f2ec5e4ebad63d7db8b6338660f9b818c6832954241860925ea9b7eb07479dd6de27489d64b1a9191b +AAD = 2ff9a8d12980e63a378d6d635d319c26e8f747435aa5d797c6e21aa69fe21f653f56da7db7d67cbf54451f336f683aa9cf373ab40c16738c44efd3e664ecc6eec40d6af82df2b3e58d7abcf26b1d9ebbe6263176ce4ef8087d14b0d5ae1c16917141d2ebdc76a0834e8d83c4ef76add82e957ae376b210ce2d94d2684a045a109454799f3cb453279d89c60ba9d038a1dcb99540fac078d7216ee94f96f5cce939eca9b5f9715b1cf3c9f1e6be982897c2f25225919db3e31595713a4e281e9919bc2c5a88c46835ce05411d0757eb738ac9e45ab3f1a42ffcd6dbd09f17f656f40f1cc2c050 +Ciphertext = 4723fb7339048f811434eaaf1db24759fc232466f5f53926b84e740b67f457c8c76f902f4d70ebfd97696380de95e8e40e62434ab1089e3a5308cb066fd4cc7e862a391c2f727a63a01bfd9fdb8ceae55067fd9d6f55312f73bc2c38e4b12b3aa96edd156dd758e9175e67a64a17aedd27c9c70945a065216773d756f533b035f2ab53335a159d9ed3f97b2b7a57aef676fad95c46e3b82eb800197c03812ca4e580916c5f7cdbd4aa1308ab16096a8af5290a0a2330902966a58dcf2e72eea7ce799a8f05c986c6457b05e3eec2adfdd4ed38926a3dc07ef208c91a619848917b96a082ac27 +Tag = 3ff349a628f7fa8d3f970aff8a6302f0 + +Cipher = aes-128-gcm +Key = e27171ed1baad563d3d299abc0968b75 +IV = 5931a4414d5a90e93d2ac47b +Plaintext = 1d209b32a772e87c5bc593fe943d3d7a1497f390ecdccfefac50ce14595b98b682111f82957278241f291e655b3af108a9cc1523721652b6d446f34cdba2e61464a3217b29344e18ce8f47f10da88c2845a009b7491bbd1e1f36ec49997a0fb09764ee25355de29e56eae7af42a8c96aa137c02268078b7f145fb1249bdd74f2d4e4685de75be4dd7fcf29482eb26b5dfa5028accbd23c3c654bc202c1c0ae7a597ef15f4d14f7b8a14fd45698470ac6355e04fe4a14e3b2907bcade18e4152c68631f313cbef48341008482f434c017bf8e1dbd048f0d6d207446e697fea68202be7283188d1227f21ae4 +AAD = af2f6abc40ca82d92901de02113cb8f7638f0a510f6a03bf056a75b02beb10157c97632320fe14fdf0610235e3a06172b6b6e80d2fe18263b11e9a5e3a07758c55131ffca0a6c9b121c37a0c85658125d5bc2edc8e4e247a636d7793a1cde364ac22bf754844607daec0a6b939d05fff5a8c44ad030181aad2361ff61f20a224f2bbf2083b2fc2a5b92f5a66bf2f9b4c49b39dcc23cd3ba66b5e7c19c5b7b74a766c3da0c2b02ac80ac22c006e8eaddf48ce6f6887f69fff1fd0aaba0a0f70ef84b54280830a62d8b0dba55ddaa5b0385c586dee60d1a05a28863a081cb9b41edbf3ee9ebff98cff983917 +Ciphertext = 673ae48b6080a3dbd08034312c36201d18508f4e1ee178ae2632a9a5ce0938687ac7e6cb238cff852ecfc736bb8b3c04b42752fe65cbf6ff897e207582e85533f7c238b0be14bb1deb4cdaff524b013661e4f2c96807bcd928e15e4e159390e1eeed036ce776b579d9f3fadcad81adfcbb99986babc9a8465def3de8de0cae19bdbf6488c12534a9b6b7d6fdaeb1d4c3be36b4adf7444a0b9fc69c69a46f7bdeced1214743f3357803d2eae24dc50933a733defc653dec56f0e0bfb8928de76699d4f7029fce9175b3b7cfb6c7ab1018f6f3eeb2b9401115c8cd382b06e4b9b43a097f42bebcc1493a49d4 +Tag = 285c1a0028fed3ab2a4d68946399d700 + +Cipher = aes-128-gcm +Key = cfea8c059d7b866051aa54b8977befe3 +IV = e54e684ef16a2fa8e25786d9 +Plaintext = 5a20333c4dd9b7378bfb773b7d64ab80379d16c0a56eb1f48f53c19d0fc4519d0b5f478e37f16d6e5085af31dc63488f9f2cbde3e49ba954b674b0a4e20df811098f7b8e716efaee6a4109f16afe128ddb0e54034d66bd00d13a6c69c9ef2e5a065825701f5e85634e118c69ff0fd71bfccc25030fe94e778e7f474136cd3722eb5bfd88bc99fb45dbc3060a24ac2bdadc5c82d883c5c63ccc0f7aaf5384f4c7fb07310b66a7c767d025c1a02dc9aa3d7aa921a72084906ae6039f837454493aac3e3549ad3722a735dfce4211819a2d7ec279221d43360edd9a4cb930815c8565c22b94b4849a979d5e2a57b2da8ecb +AAD = 376d8e02071a93c892293902e369b8c7c44a4c9541b5050347b016243935408d0c9557b0f66c6cd493c1b8da68c8635f4c868e685674aed42f196ee9b6e56ee44510eb9b9e89108d878be917454dca0c62d207fa462a563a267270d6b1602d6795717475bc6fb5c87b747589328e39b1d4db3cb19f0fbe9791aa4232e33abd9e14b5fa3abe4705ee988c657677fa063aa349f1a05de045f3ee66da03af18b6b8b83e29b203e12bb02a4cbaf79eab3cfeb83a5a997daaf8f36fa9e12faee86c9cb351ff361351d98ee3a10af999799955a02fc46ddf56c23070319b3fe0cb42d07d811ae976f242670e618eed113b4342 +Ciphertext = 06ccc7336773919c2b1bd832e7c48ae4a569db96545363ae0b28061fede28a25ab6cc0382aae3e6b31efaa4c225073640d0148878524a7f381f53b4d21a43e39afd4c12cfdcda442d5023a8d2a8ad49f4a002ecc8354c86520524017e561fe891b6962682d168a860210e0def1cb4be1bfc6590121c1b1988254757fc5a37ef916827a5fc258ae772773a6902b084817f3641c21d3d1d1e8818b9851dd05aa49ea74e16778593f6f486957345462732ab92b1e4b06c32b5ad3270c5ef3d80b4e4bd08451e92c26acebcac1a4592e08ea434a1fbc6dfedc677151ae9471661913db19723184d9ef4bb49342606f784d98 +Tag = e7be877dad60c889d397726bf1b6ea89 + +Cipher = aes-128-gcm +Key = 40d35704108a944f1e7582503018cc85 +IV = 26048431289e7e100481e2bb +Plaintext = 515f9bd4935dc10e77dadd81f5a4e0b53eb858ded393979ed75330b80adb36f6b81288dcbc581e8d93b0e4705c07be3e200422397ca3648c9676952e60ea26d12198add3e33cdc589ee5a800a750d77978976344dd5dc710e56dbad462fab7fbd08c057a9f8765c4caa9418e6380038d288e09a90befeffb1e8d60e79925dcb3772cbb3258b15544f9c9554181df3483784b89b73bb6f9ca55f6d644c02fbd7e31bfbff45cc40132d2bbd08db6a27f5a302e1dce2f0afe4ef5bd4ca844c7900ba18faa1896a36896a1c80307cb37162174205665613b39cabd0a5b2dd1d5f8b6fee948006f0b2e31488c0c613c1d178b7800dddcfc +AAD = 9c86692c874fa785e0d9384061bfce8d8332871ecc195621ed478706c46057bb4fff80515ed65b5fbbca3d463a62e227c228a340143bf012233b1c05a50fdb4ed04b840d983f47e00e001844a0d2ce14f6dcea58069c9b0bd8824537d2420147be7caf4a88dc9912853a7fde6d2a5cc21f85eeabca7902b94eb79d5fa143d02585acd57b93e4eb6bcdbe289a51c6631f7aea7bd9dc0f6cc2ee8426b37220216f834033fde15e3543422612fb3d972b8eacaece9614a4b759d93dcdeed026cc90ea058d7dc985c10859d4ef14ac5cb14849d4ae404badbcd98c28663eaf7274aade4bb7527c4f960875ca703ee6732c9a3720b629f2 +Ciphertext = 89a21a1d502ba947ac1921efd3c998bfdb437c2da0802e5eefff66de3af00bde934fb9109e961f179771c52de783680683f4bb752f877897882103146d030bea5bc3c03f923b477443e640450244cdf66d7d346954f6e862a3a577820d49151a82f4205340ccf2e11e4575b53f7ffeef09ec640df65a0b8c04b37f6dad7f940cf2d7446a6fc5bc2dc31854c27567b2badf6f8e94294ed5d899a458a080f38d6e72df59f13f5c8f736264fa2b302d5375d6e3f8c3abe4811f4f85cb6e302e2c12a892a1e7a78a5a33e4b555c02917330ea7a45f20cb59fa991f183d1e2a5bb1761005b73fb728124fa2082f41cdbc88bb06389eb165 +Tag = 5476c08e9561442745fd2f222d08b535 + +Cipher = aes-128-gcm +Key = 2c6796d0773d12455829a3242ac7d480 +IV = b43c0e7842006f6a7953d598 +Plaintext = e0f7ac13e8cdf4da6c17f1221df18b98267277e79c362ec2793dbb842bb9662b5e2fa34e43cea12f71b4eb53d9c862f176efc5d91f06b5c532d9c30206eb4355ad442127d325ae2c30ec436889e3d7a56b683ee09c7d79768d6876ebeb67b5a2cc13df02ab93646386106e0473149ed77ad0ec91dd282712d0aa26f30bfc44f93cad39504356e3472c5bfcbbf9557cd85b53e33e1a88d2f08686955a3d876e4eacfe783e5f6089b3106295899d4a73fbbdc1bd22e1408a2b93a9d89c9489cfe7a9a7cda7c92b06560a189f5ed04d1f02489685c602f8741baeef3fddf610b1a25ed26d88daf9a05aa0a476c8000dbbf798de92b0ab8779add7b7 +AAD = 1048769719a44958dbafe1a59a159ddf2427c5dd8746a8454180dbf59f48ff6467d760f8e06aae8d2d2a79efefaef2dd2abf33ba1929073685d0320a583a56e8748288b50c7eac551aa859b274629f3d3cdca5fd7b2a08f0bc830e929584bcba85f80e2eb12bf83de607e4749eaf7631c3545f06ac236d55769c8a08427abce0174c52718c2c08b02afc7e418bd7aa7715de95a930eaf92f54c7dfa2f3ff3691187a21c6bb9b238d2fe2dac7266de30c94c7ee96fa60caf5ec0f5aae5cef28264933cbbc295cade787321f4c12f63ddd85185997a63fec48fc5ddb83be3b47a94e15dda3f315e7495098bc7a0b7d26802e12fdfc6a94bc6c5a76 +Ciphertext = 794ba0a7df144e66e6e7fc83ee290431818d149673d1821e1df496565aa7996f9e581fcfe9499c01d8716fd3f6d67acd6641285b70f8457108063933126c95b665e551925722af60aed5343e429e645574a65cb6fd767b204ca8fa91979c6fe49377fe4b43fb9994e619e1dd962fa49a8ae5ae0b8eb630f112c43a4e9c28ad91fee9b5bec0b27c5472e30c2699e984dcd9f984a3eb7a7b7209a165b2f4a74bca555dceb81e3495a3d39115d32609f372d8dfce820aded274ac567112d295de5b261b10c01f4939ac532d4a0591f87742d9502d7a2201178b4cb4c069b1873c44b73a901e299d4a41e57dabdefa39907dc559b44e99f2b950e09c +Tag = ae5afc2bc4096e308cffe8063277ef88 + +Cipher = aes-128-gcm +Key = 092e4a78c47bcd0b169aa35343c885f6 +IV = adb73023c873661f02bf4ea6 +Plaintext = 0751fac5f54602181fac252cd2fc408ea3763fe229b80149bfb4b0044f541801843c8a20ffa1ec931830bdbde31efa998e0875c09eadaba6906c870549dcc650b865665c56b5cf29b75da63de088fe4d79cce59499518a04a17dce18879e3e33ed11ad808d470b2811da4617039758109f56fe75eeee696ff51c18d5ac04fe895518fe59435ed1f073b56079dec1701999ce0e5ab45829cbb85cb1f94dc67c9ad28815728f6de85fb7ae12203eff28420393c1ae5cf644bfb5633156e9189beb02294d7199e54ca0d2012bee2dcd6322eb90f41b3c6086cf0ac6b3888b21131f3e57643f2ab60141aeb17d9d07daa213658b52503482fabc4a0ba17bbe3a1a +AAD = 60fbcd82efaa99e17f3cb16a4d2a1e04659d13d84a83135a5e332366ba5e6716bb3674d27e6b2df4269180a0df25841e2235eed7d8eaba571b34178ac1a1041623138641f500a7d4ceb28efdc0ab45274cf26c0dd16174c77dcdbb79a7980e04d48b35efd3656e501e352b605bdd1b57cb7f9ceca5ca14a3953b2dc77d18fe1c4e1b859d2b02feffd3da7e259fbbf27721d330049f0d1c2729ed2f8048abfdc0e7b3609d2e6b4f5b42ece472f0fc330247880fd04768b678fbe20ba9581f3db18bf3668fa0c80751d78286e1927aa6e27ecce63fe883ee88e7a05f8ca2a387b86246f7d1a4791881b14f619a340163da62f4130b2a2c0bf39f463ef0af4120 +Ciphertext = eb0fffeb17e3309d1104c9a9c211bfbd585f9516f775793c365d36352e93af1b4db15430b454d1e7aa913f2af994191c365d76a4d49eda531fa7ce9c49b98bad4d591c868fb066a2e00a6bf4b1bf529002d403313c5df306ae34b8c62e939569bb5401eb7ba87080ba505e5c40a3856d2e177d247a5d8c727b32a13014a00a57e9f01cdeacb4d1abd16f1548256d661c45da12c2fe3ab561375875c7b6e273bbff5659749631fe26cef86e02742d0cc3f63a76ae5ece59b6556ab27da9de1a20c627da8bef3c596ebd7b246505006d1a381c2a24dda70e52b126b919471acfce274b89e07d125bc69bd94f2c65bddb82441897973566014fef625bca7e342f +Tag = 8f2dbbcc01538ccc45436e7176c2df47 + +Cipher = aes-128-gcm +Key = ab1405116f454a3b1f106fd491cdfc8e +IV = a9e9a06e4bb83c215fc59a00 +Plaintext = f64f0ed5ca25e118f2a2dbf069a9dc0169ab0079d91c6552d4a7e8d0314c910ce0614e1f6157b0f758ed6d3fb3fc3e2eaaa9718ef30e8d0c136c8bd6dcff97c0f5ff8a5d3808d8c23f2a9ccc35fb9427afd10dc1c298e95b335044b8d33e414ecc17d7b34901608284bc175418910116410a40b29dbb379eacf4ead521db3ab2a3d9956081af6d7438714c0631147b7d1e9ee4789751d4260b57630bb573739a3fd0b19a7ee8c301d7f1b09f86e60e31d5f2a86c7a65b244d5e4d591df3df3caab80887ea5f1dbb569516672eee351db5d5ee4d662a3d3c0e48cca108966ac6dfa6e4f9b88e5e577752826d2da05f2677dac7c31774eb64b1b0fc938580a78e4a296889c +AAD = 3726f25fea1d10c2712d157e1a1bfa75d6f9e5bda448944ea2b7b85c7d4ff4ac00f68988f2a290cff3d5dfd6af33770a021b03fadd5741bffb7532924f3f2841a7f7658c49c6b915b1dc41ee4bb9ee89386c9911974979f43e71297bcb34ad6ed085177ea91300c9b42524503bbbbfcdcaea03e3f2c939d6b1dfc9c6b6e53e221568d2557bc3055752f4fd487b903a2a0bb7697a19a763fb7c615c7edd099f72e87849f57722cb0987651bfc476a0acfe13d02d6b01f761784d247301bf514a14a990cd4b59664f826649e0f389787641c1e5b87388cff42fec144d6ff3f382b85062bc21368c93019bacb56b643808a848c60bb3d804aa64e2b8fa1c128d6914663d9d3 +Ciphertext = bc1c14f1df6ca46e6b4daafb016daa235718fcccfc1ac698a061885c33479c0a7fd44e46e805869383232168940b1a9379bc652c565059ba81b4ec2ab435eb9b91de5bc03cb0a7dc11805690ed9abbadafeab2add15f9fd69b5ff4bf4ab5cdb4a6fd3164ceb7820530641d8460b83929b13860bd2e64b984407dbfd2de51e865d88c63554ea1f04305ab72bfc991fa5573bd6b41c4f8c848fff4b0c5d2398a57b4de4678ca4dfcb16a7612773a24088893444a8ea3d0916e4b460b33657f41d2b04d0c28653ed068a3653975402c31088cd74722d3bc09c50679d0ec94c1e84844886b1a56c4fc3b14614634f08c5b0868d276e9f8f992f94b2c55be5f2e408a498d27c7 +Tag = ee43dba528a9ce84a53ed8fc1fbcd871 + +Cipher = aes-128-gcm +Key = 7990cd12d13fbb929fa541bdb8e3107e +IV = ff7b2818b62e856952aa2cac +Plaintext = 5ba2afc1da8c18d8be3936a2e515bf9eabb93e44905a86773a38de7f959c49ca56d7f1fb43213cf7fe394b49733b031334729ce6c7ef17d843790fde814672ca982807b76475350210871ddf8309f59fb280a7d41726ba7f00ed2fd96b4a17aeb7d157130cb7e49c8a454cd08622824d20f86b4ba062bb3b3f9d4a9c1402a9d80f3324e4127ee57ad94f87d6ccfda76145363fa70df95341d483dfcc304757da7541a0f148036b2e2dc7f93697d8d275456107a016b425542a89ee33ec02289f5260257176369d990c8c89df73892d7e67227086c0c2c258e5fbfff8bf9129a230c229356fb0935738d2d6fb82992c3465ca5a9472ec06c7b5a29240b611837225c61a0e14ca2dd30f +AAD = 865a9b2706eea62f3fd3164805cd8fe4740d1ba7be809cad9fb39cac26f7c57d4c449f4eac03d87f87dcf219c562b9ee07ab3ce22abd46237eef8221049fe499c9189f789948af92bc434b24aa44fff600c2d698593bdfcaea878f8780adbe8dad2cf453d253e8668631a6eb831be01db9c7f1b7b8bfedfae83bcdfef3501cf2b2ea48bcb19f40a70733f3e4c3dd90e17912d5797fa46ec852edcd49b0780bf6287679aaad13a926f750ad7d3ca1ccab577b74fc0ce4cb22e5c619d2d668292c9db4a98c5acc4c49561a77275c06f5c3fd514ed8555db3e2f50dde5c23e84a38129e7a91cec8d168bc828d09239a5c6bbb180bf69950540d8876f9fac5d1a258543a771610991b92ec +Ciphertext = 1901c8f9b5a99c46c9cbdf8ace9db03f36ac17183295544d8170fdc3a16c7194a2fda400f8f0b251a3eccf639f539cc356ed3fd09383954a8119b536290865c30a629d44e467acff5fc323d2be97f29fb9b4ef7cf2c18a63dabfefd7f75e696c574372f4a35249897a3387a2b10c1a50ae23ea74560b498c9d06bede78f4c8c9d879667c8c8e137a0a254f3f881ce8d183588546e066314bf1989d1acadbae61f7836fa633de9fd0fcc5b3f72aa03ac432be8f7a14c8e86b45bee416acfdace44b783137e3135a801342061781007ab939a52c68d686f5e3b401240bb10e764211a059fb0aa00e2f635ef214322918fffd0326ae38ee939b4045c6039df7e7def36fdad7f5b65c20dd +Tag = 3e003897b4d9411cbd449cd8dca5b58b + +Cipher = aes-128-gcm +Key = 64f0a8065987a4713e35dede10afb708 +IV = d6ee984b82f1097331400f38 +Plaintext = 29327f95b41119679b80c3b51fb5240490689880ebb5ff7b59a62ae5e08f7cf0993c09b13fd845ffb32a99ce18c22bb8825c137c3aa622cf3a8390042c6a1a159aa1dcb6b6b21f4e07fada584dd21620b2fe0aef64dc609aac925d8b8d26915fc101031b68a4bc89898bb92146a0a580103da265cad1946791c5735b95d85d3f0f1f39a88f47b9c52e61307627c084d68d14bd14e3572825e190bc7146080bca423099f643d53ee3989386b87fe3dd9c383f6a58fc0437fdb2087b5211df2069bfd981d8ca785384cab31545ecfc35345f38837883dbde917155e631a46ed1444ea0ea8a5441bebd54e5f6ff914fcdd66d62efd223f34e16a880370a529b2ce6ade88e907102021dc87aba9900b6 +AAD = c8116196a12363785d4d6fc593b23226a5fe83b00a77ba24c69644d2e52291dc59d2af3c6ae102707439f22c33251a01c41867f54ecc552396a5aa98ffc687e3a88d8d0dcf826645bc78ff9c1a3052481933c3e8ba8e30bc249e6d095699ebdc51684696a15dcc9e28d09cac757e51336f79a0cd5ce8d070579e12956a740666d28ead49c47bae10db20fff8dfe6fb0260a87cc6f5a879cd0b2f949dbff046d90cf42c7ab51337e8908302935e50755a4503107c84fc94f7db3d3f0e8eac9c0def7435676701c9acd7f4c2349c3b7324622dfc4d6ddd8265a810c000158260aa6a7e3af973f8b178959de409792652e9c4ed1d50fce2e5e6bcf205c6889ed717db7f4b14500aa8641b8514150cab +Ciphertext = 3e04445e0ba21e8788f6f192b710b466d5d3433463f0308a3c0fbf7f1666fe01853b9d340f496bb0c2212ae3e3d34b0fa1adaf33f039201d1962f2b51031c2a4dd9aedc08f7c895682d1352e9a21225d81c98ac7fd4b4de6efe3dbe437d255e4464a1258d4497e2a1d4ef6c319869b78fdbcf4632743825112fc21acc0a1431d8cf8eb8865e695c0f3668ff5acd8e850373331ed7ae3bbe515b42c1d0ca0b9caa4df0048425fcd08850f23a86b4adc859291b5c49ed54e41778c7ee2a11da9598396aa889dda9513afb9fa0b66c0affa555bf76849d754702163004fe3e77ae5a7c46f3696bbd52cb8680583aa5cac22608c6d45b96770dbbfca14312fba61b3fd0d7041ded80d8dfbdc3f901b10 +Tag = f42a0e4e6e6a1e0654aca2ab7877350d + +Cipher = aes-128-gcm +Key = 2c351f0b77cf0920873fb57c910cea15 +IV = 4f844d27dd26df3015608119 +Plaintext = 227ae9330bfd5a662af4137ca7fa164f383a63e5bc33eba94726a0e7a27f666887fe484680899ad8aaf6fc5426600760f5e6ba53b0484615d0089d9b1e75f5952ce0665d16a045b272c3c50194ab7b3831b313dbd800168a24e576cab5dca4319660fc6add76bb400376fa29cbcaa25adf3cac81f3e66a6baeb0d94ed92aa37271d2cbd8219c0647f0af6a4ba8a8e169c10cf6354122054a547ba046e67cf1fb424271d3d3eee5b51e94019d450de6c1f770395316421b61c5ee9ff00c910103e58d423946c68369730a974a392c21be3fc8223cd816e7432200390fd7cc3f5160795422c9daffed23df42a7f8259e295d43fe57f75f674886c6405bc6954d17c2a36348761ba09694964646cb86c0d8c64c00 +AAD = 9d7d5e5f63267154bab863a7b53e0ba159a6d8a57a8c49e084b513b463a1e812e94611116dce9c1ceab2b7e18b4d69f7dfd225d2bdf5b7750d0d9dc131f22987bc812da5b0a8ecbe9d0ca2210cf6ed8a791d95c3f72898497226f69c8971c2da342500b75367842d14983384b5985041eda7f1cd73e2b5c71bbbec6537390313583bbd53d2d563848fc93d81579d8db321d1bec973f7c4e8f34b6cab8bd7b5789a7b40f599f2f8c43f6d7f8fdf940577ca8b5159e699d449ffb00acee0940937d491a71a81ee9da0949f8fa1d780f3957908819221941f0c5d011bfb2560acf2d7386f973358d68487954e26ea9ad3068c65b797307831e03aef7d1f1bba9ddbba2f251329e85172ed8efb1a689f8026b5068c +Ciphertext = 4ef2a097a8e507143b6354ecd94d072c0068c68698fd04f2211a771bec45d616d8eb7eaf90140850c135cf468dab9e9f3dbf059b56efcf616b32992df407bdb735a8b5ac2c361973abf47029bcde46dd5b13728add772264f2faf60f3de10494b0606618c383c8929377f2390c4a104141a11711ba7e3a3c83396761d7d62a997e8782822f51ffd0eaa0e6c9e02ae4effc0686af29f2805039c1cabc8b826d1ceb75c4274e95f854a9f5be709ddf1002481272586aa021acc2fcfe3e6cb0b2a47d124bd8b83585b43bc38599a497d0de3979c30c81536ab06a1649a3cf5dc2c2a6e52bcbb05a76e35139c668dc8a3c038ffd1fde8c1b4a31de48341b5fd586c674e35bef3b104e4b84063889907c268226dc73 +Tag = 12aa2a46a9014800b3243d1020290d1b + +Cipher = aes-128-gcm +Key = d94582550b2e0d42255f13a8753f8e82 +IV = 82f7abb31dfc28491697b347 +Plaintext = 53ba297d691fc3abd93ea8b6f3d629584370ac045934b1b738a73c09a8236bf5f99f357b1cbb120414c68ee64d304b7751c88c563d5d16fa094602c0ad3c803a8f116f3a5071c049a4b88f19ba2d500a171565c719fa64e691bd4a9c4588077b0c2b91733a30a214e474d868ac6b301898dc85346523bdd4f6c9807ef69941a5369b4b7ff7fdfd252729d3829a7bde65427639de0b2b154b4830f57ac13894bbe705f02362f8b75367ec7962c53bd6aebbf15d72b25c08570392592b6a83d4f44d2037da8cbfea2456696cc39a3272e46a5b4fb837bc6e4bcd9606afa58d3b260e9f6f58bb5d0f07438f378b6a36c1931e9eaf923c2a3679a789e7ef5865c7e799ff4633f1b2acfb79a5a0fe9cdda9cf347b9664568def93 +AAD = 2bfb6a6726c6564b31cca749bec29a8c9fd7bfa22f26af0a80db5e6b13a3b10367be6ad87325abc59252453422535466347059b7d57fd2b1eda1d6d37dcfa9da7df34746e1bbc98baeb4bae17281a537fff85c0785f9f27617e77333f11be28f9aa3704651e4ddd72502c79cb2a810c4686147cedf056b5f035566eb34d117c83ae7815e7e1e83163907020cf0736ff1862371e87269e5c8c1926e0bafbc10610a6ba6cfc273c9d9bec0922726dea04acf72b3f88a5fffc57e0af6dddd0396b4937d2e7d52feaf60d29dddc5b4cc139eb855acbb794b99d74b8a93e3731f9092b92b9bd50c846eecb6eaed2e51290cd1f98dccf3fe746c5293e0b970dde72835c44b3a445dc1f2bd67fff6b1a7e378611eaa42889fb92de1 +Ciphertext = 1afa2fec98728ce39fba26bcc769e9766993c8276f88613db574773c84c91fce6ee7dc6ba4281b8d2dfe13820723526f0d6f20cc21f305b792e9a2bb1622c742fbc05ca1f0121cb9f6e1ad6c3ba80891e2043adaac4f1bdf29260a44a182cb165f58f480be5f16b51fddfd0d264bc4a18bec589d24817f586fc8bad15df7cb4d48d788fe7fbe69f821b5558b0a664ee12ba8ddc6bbd325f9b83a024245b4e68b310f2282f4cc6005209f7b7aa6ccc025d435441e3bb990e81bcd4c8218b8360163ab266be4a1f5603059db2bb67e541e1edbe8e7762ac522a81f495f5ff8bf99948050e61c86e83134f4e1212f879c86f7fccff472fd9753e27a0601f914655a5f803061cc986431445021c907b3ae0f060fac13f3723867 +Tag = 5ef1ed1e2bf562893b094d58516c11a9 + +Cipher = aes-128-gcm +Key = 31d93fd51c2d6450cf35d9edd71413f4 +IV = 28f6f0c288c9f92e80252e1e +Plaintext = e78eba6c58f93cc2374932fc21e54f695f2daeda3bd1e0121a77d178e3bf5c0e824a99042e8f2522df829d014e4d35a756780e8c07f53ca8fb78db6fb76754ad461665051c4572b2514804d0a9cbae1a1a013b796565eee13a7832ab8834b8406b1185332552d38754dde2344ff4f6e4823390964ba2dc43de136f2235b1d919e0f4ad60813d30f0ac1dad35abe3bee9479337c7b430841d2c722f12aeaf931cedd8a82053f697fff8d07f0af6013da7da58a5dfcf45561943e7ccdfd8d11fbe96a68a5a27982e47346500c0284caf8e6b63c6621e80503a7365d6693dc9a249093dc45221cfd88562e25910034c2c123e44e3b09d8a8a15547285d2596b98c7a0ee9d10b2cdb032d08a6caee1212420b6854181a583c15e046aa202dd +AAD = a4fdd42aad5475ffc1b122170024486406033c8640233cd9b23c286fdd40c5b69eee39cfbf965f7a10c73663f9804e6821c4f62980f8362a580bab446325b009a004b60b1dbd12566b55b42e58d8037d86c1050cd6ecaaac2fb0ef616a15bc5bcd8252fd459165795c500bbb2fb1476e5cfef9549db733be65bde391c810d099e3745a2cc7a94debe1f4ff6653b338123ef7d2f9a602bc9a4bbe757a63f932a802014f2f06c6688faf14332a355b1025f33687124399f55b6a5adb4864727ec6c5334c41d78d1463400925f6c29c0f611f35c9640045a740dad5b4f0dcb632e7f9a3478b526aa9f97cd9f8d3ad094b7922890e7b6d9c67fcc4f747d04ddcd115fba0a8f0433c6fb1bf6011a9cd153f866c76b26d427a25aebc60d10540 +Ciphertext = 8d668fb50efda82552aeb5d075ff3977c37929d73f6639289e7c6da8c89c664df80b2387e788d12398d62d3c0ed2f9f918010d41021c464d54f016c4e10e85e29ba3a45793df2ebd6cdf30045363434387bb0d20439f4986e6eb7ae9fd85fe776f7b8035025624c2413ca8491cc6e79fe901b9c40ff3a0e37a7c7e88b56de4fee65861865162821e046846d253982e4ecd17bd26214b0923a4297d4ed9423395d856940829ca5ee74488c3b4d8aa3c5ceade17d8a3f2e45d3ba91360ac1c76d6a29f8243bf49c1d75aa41ba239fa6f3b123e198ba799e3b70c674607c5371894800954eda0264b3b82606433f71371dabc5f1fb3d703232533662920a241f613c38d16b0bad24f4aa3b336af89cdcd2f371e1bed7aaa47c56d17100a01 +Tag = 594ee5c93636cfb5fde940e3d561440a + +Cipher = aes-128-gcm +Key = b06d694a83b14768ae26a8f00fb78ecf +IV = af11369ee342454cddb8db62 +Plaintext = c01130afd7d3f4276dcfc1ffaf4bb636a85d18e0778df6c6791b6edb92a617894b84cffef6556c834a4800b336dc295e80b699b28cf478a01c54052ab0d0d4208e1865edd6906e3a263862c05f033668d7eb5b42baf36c702d102a6a5c723974e63bec848c89d16584f0d1ec429c87686b1ccffd7626e0a83f9c471cb615541ccb02cb58d10e63ffef171f1affca492ace4d39fbf33bb5126c575963e6b6ef9fd2ee4d6efcae5afe422bbfd9c3dc22b6b47cab8dc04127ff93b016e0f92f5d8518d5bd3bc6edd45e0397440f1a4a0c7c9c2773c0a0cd3b890effb010dbcc00237dbed1177b86bf60913309bfda9376b4192da59a360afc5bcfaf8be16ea8313de97b417aaddceadc63a1c3a355693616413ed4101ad68f6e6aaa99c839dd2a9ff536 +AAD = 18e3195358bae4ccf43ff8daa34902fe48f99fc1371d34060aaa442a43016a1d756f795fa5c9c4a828525554571e18c27134f46094790dd1e68471ee40c17bfa02f175b2c2f7f2aef20f00e4d71926560b58f015de19c871d808acdd341675d8fc19d1e6d4028e1e8926df500c4685c14729c6a056898cf919bf3ae429fa3ca8746495716d78c9a8f2ecde596f985b1c25ad0e73aa305a86259319176b4c4f3bb231fdaa478a856f46416ddb10a14ed23c96dcb86f5bea3114568a44d8fc6ff4bb47fd0e2538b70d964842910a682e7bc7c7263249832c21b7083a1e8b143828de0f3dea8b404cbd82efb19a11e4d60aeef13abd86621ccbc3d8f220715730eabbe04a6bf0e11a4f78cd2c4369ce2447a76f4fa48ef8d322a8a28a67039c24c4bfbf +Ciphertext = 6beeb306c71318cedabe3877ec916ce2074b2c3f1df887cc3a3e8019c10d353854b6b65c947359138d5decc62a42d50921dc8f6cf63a16062af47aa8cd50d0b2dcbc3300ba0d7d069a5e4b4fe03bbf7062c6001e276be116fdd00d15a6399d1b0db71c58f396f8bc7e51c2b1f47430d4ebd6c5d05328b29aa79bcb26927ea5a40c82715aa0e36cc83ca6d250812c1305c02ed4291a25762cd709cb3d808031b5f918ce253f622c1afcb83c43707edc493d18ec6f0dba4353a1cde7184db65654088fa13baf45f7643f0dfedf4058e6095156b791ed30827c556a7721658314356e7a3f3c62cd62fe938b008cda56ceca71442fa0ffeb78b13c5847a3ee9668bcd2a01c753bd797c240378505d1e8f2b8905428b23bf589de9af390f94f21630d1826 +Tag = df5a21a399354b2b3346a9eb6820b81f + +Cipher = aes-128-gcm +Key = 06a4c6a8aa189134f5784a525d46ff10 +IV = 0f765d3893af99f5c3e6d9e1 +Plaintext = 706b754094869313523493089e591d34868b708cbde9bd8b42cba8175d1fdb6a8769bb9ec156d44bcb8f9cbf2685a0dc18b5a802dcf7a12570bb9042a0aa53dfb19af8c0f13763f388d9626a480d6d435dd90fbdbb4292d9015a5633252aa0583498d6f7ec54460d8589c1d6a6d16a349d10ec6070e1cc52e5fb996f810d333675a7130e4f3db9f4db0e3fd3541d32e0b2efbd40ba70cd59295bc8d08481f0f137832b01bac1778ffd7450376e174067b3ec23d0495cbf936bdc176cabc3f42e2991947a4fa87dd8343c32fa3d7ac0e2d22660a0c128a00e1b51a8742fdb2aff44540e39e588c5920ea16293aaa522513c944d3b77f3a0e90bd9105319c170886202e336893d100b0a25aa609a49a8255f78233561f7b88256386d1c3c002c3ee68f2775585c65 +AAD = 18e2ed6d500b176e49f7e1b5074c0b7dbfdefdf00a63d9fa2fea8c5e78a1c4ae00f17b23442933543ac864097629e112a099f3dce6d5beb1e3f3c8e19522c6b8f615cbe23444bc91a802edf8a08995a55125da805ebb073fd89863996ef708f7293069a744ad95db8c17cbcfedc331119e85020df8852d74b8092fd38ad424f3da41b4775beac19536ed801ac1069925b12303d8ad2c52c36ca5b4ec95e96f02ebc5725ee6cdc099e666d9055b789e39ded77a8fdca0fe2d94b8039be55b6a75209cbee4fc7864957402b50427db71bc75a0b1e3d2ed6ea20f12a980c5ee916067d0dde7d686570d075da4df7088fe5dccf0d440064a96998da6f318b603d513104c723f27484780bdad586ee358d821b480f9569e4dbdd1a45ab9056f8d8e5a879789a0d65338 +Ciphertext = 5f3627bd53f8da0bbe6f3c9246d6f96fe9abb91cdecf66ddd42f833d98f4d4634c2e1e1ad4088c84c22191bdb9d99ef227320e455dd112c4a9e9cca95724fcc9ae024ed12bf60a802d0b87b99d9bf22590786567c2962171d2b05bec9754c627608e9eba7bccc70540aa4da72e1e04b26d8f968b10230f707501c0091a8ac118f86e87aae1ac00257aee29c3345bd3839154977acd378fc1b2197f5c1fd8e12262f9c2974fb92dc481eeb51aadd44a8851f61b93a84ba57f2870df0423d289bfdcfe634f9ecb7d7c6110a95b49418a2dd6663377690275c205b3efa79a0a77c92567fb429d8ee437312a39df7516dc238f7b9414938223d7ec24d256d3fb3a5954a7c75dbd79486d49ba6bb38a7ccce0f58700260b71319adf98ab8684e34913abe2d9d97193e2 +Tag = e690e89af39ff367f5d40a1b7c7ccd4f + +# https://github.com/google/boringssl/blob/7ae2b910c13017b63f1a8bd6c8decfce692869b0/crypto/cipher_extra/test/aes_256_gcm_tests.txt + +Cipher = aes-256-gcm +Key = e5ac4a32c67e425ac4b143c83c6f161312a97d88d634afdf9f4da5bd35223f01 +IV = 5bf11a0951f0bfc7ea5c9e58 +Plaintext = +AAD = +Ciphertext = +Tag = d7cba289d6d19a5af45dc13857016bac + +Cipher = aes-256-gcm +Key = 73ad7bbbbc640c845a150f67d058b279849370cd2c1f3c67c4dd6c869213e13a +IV = a330a184fc245812f4820caa +Plaintext = f0535fe211 +AAD = e91428be04 +Ciphertext = e9b8a896da +Tag = 9115ed79f26a030c14947b3e454db9e7 + +Cipher = aes-256-gcm +Key = 80e2e561886eb2a953cf923aaac1653ed2db0111ee62e09cb20d9e2652bd3476 +IV = 5daf201589654da8884c3c68 +Plaintext = 96669d2d3542a4d49c7c +AAD = e51e5bce7cbceb660399 +Ciphertext = 4521953e7d39497e4563 +Tag = 2083e3c0d84d663066bbe2961b08dcf7 + +Cipher = aes-256-gcm +Key = 881cca012ef9d6f1241b88e4364084d8c95470c6022e59b62732a1afcc02e657 +IV = 172ec639be736062bba5c32f +Plaintext = 8ed8ef4c09360ef70bb22c716554ef +AAD = 98c115f2c3bbe22e3a0c562e8e67ff +Ciphertext = 06a761987a7eb0e57a31979043747d +Tag = cf07239b9d40a759e0f4f8ef088f016a + +Cipher = aes-256-gcm +Key = a6efd2e2b0056d0f955e008ca88ca59fb21a8f5fc0e9aa6d730fbfc5a28b5f90 +IV = f6775dca7cd8674c16fdb4ee +Plaintext = 5dc495d949f4b2c8a709092b120ac8078cdfd104 +AAD = 86a597f5e2c398fff963fcfe126eae1bc13f097f +Ciphertext = 04416e23586ee364b1cf3fb75405f8ef28fddbde +Tag = e7b9d5ecb2cf30162a28c8f645f62f87 + +Cipher = aes-256-gcm +Key = 8d6ed9a6d410989e3bd37874edb5a89f9ab355fa395967dcbbfa216ec9ce3f45 +IV = 55debbb289b9439eb47834ab +Plaintext = 52939c7416220822a77435a46687f134cebc70a2f1a4c33d37 +AAD = 7790af913d84a04c1b72d4484ea2e09fdaa802d8b1733b8470 +Ciphertext = d7bddae8929ed6bbc9ac077e2415d9fbafae4a0432f8f7eb6b +Tag = e6383b16ed9c32521dcaeef3a7b9b67f + +Cipher = aes-256-gcm +Key = 525429d45a66b9d860c83860111cc65324ab91ff77938bbc30a654220bb3e526 +IV = 31535d82b9b46f5ad75a1629 +Plaintext = 677eca74660499acf2e2fd6c7800fd6da2d0273a31906a691205b5765b85 +AAD = 513bc218acee89848e73ab108401bfc4f9c2aa70310a4e543644c37dd2f3 +Ciphertext = f1e6032ee3ce224b2e8f17f91055c81a480398e07fd9366ad69d84dca712 +Tag = e39da5658f1d2994a529646d692c55d8 + +Cipher = aes-256-gcm +Key = 630b506aa4b15c555cf279dc4a7ee9add213219d2c68163ceaeda903fb892c30 +IV = 79eca200a5cdf92b28be5a7a +Plaintext = b12e6f1f8160cd65278c48f68ad53c8c82fd17c2c39bbb109f077c17fdcb8a0b3a5dbf +AAD = 46cb18593b3b26ba75e4cb20a252caef31d00be31093d2369e93572a393d650c68313f +Ciphertext = 9a9ad1f78b4d411afe450d2e46347a7df98f39daa4fd478b9ab6e6b417878bcd52743a +Tag = 55453a003b021c8a247379cdc4fa6da6 + +Cipher = aes-256-gcm +Key = d10bb6641e9ba0a3f1b016317831ad4232f81c2137adac0940ecd7fa36de0563 +IV = 99c922d37c95ebeda8e81ae8 +Plaintext = 8b9089df5bb048cebbe709cb61e178ec768515a0031288d95b7cc4dfffeb51b836e126a237ec50cc +AAD = f1cbf6c83493b2087d9f88e02121a114f45ed51817e46ffc0b66a783350eae89c6700db3f3be5f4a +Ciphertext = 8a838c51a8ef8134481e9951033295ae686624aa4df72f869d140980347a5e69a6d7cb3d7119b303 +Tag = 9152bef766579a3e9a1e36abd7ebb64c + +Cipher = aes-256-gcm +Key = ca665229adcc7554f1b1c8f50e7444c6d4059c525f9c0da1406ffb35d50cae97 +IV = 8e2df19123ce0ad41df416d4 +Plaintext = 12365eaac86b270e9c61b3ae7702a6f3583ef4accb80a98454c56e34e2ab97d8afa23ddee34e7e3a522497f985 +AAD = bf539d8e9e3a02f3e5834970e7efd40cc7cb340a075041428d6a69ed9fa5105e4bc63720be9a7040ce5b4af6e1 +Ciphertext = 96027efdcd4433df8e7f6181c05be365cdce550b09d45cfc96fe258eab6d55976a9306a0070c9589ef08cf7a42 +Tag = ec9fb5e79cdf8ad4c8a79c900975159d + +Cipher = aes-256-gcm +Key = 5033338bf7526cca0425f4a620424662ebc58364c8d985d130e525fd1f598f3f +IV = b40842b30758aa3eef7cda62 +Plaintext = 69a62b8c5f9b81cebee3a9345f4e49ea089b0d9c1cc57b4ef707956d0287de83fcca6d8f5270a9393e00693075028189bda7 +AAD = 3efe0ed6fbafa61070388abc59c0d06589309736b02418df5534c8c594d61a2afefbee17af8283d01634b6ca3e8e2aeadff8 +Ciphertext = d6184677a21978b6443d99d7de1fd01c6b6334cf01b7e7d58456267453f4de96708b62301172c8c87e970f91c5301e0ff61e +Tag = f8ac7aef208712845d137b8b176c89f1 + +Cipher = aes-256-gcm +Key = f33c39140999a2cb69e43129cb5df18fffeb3513ec3560792e9909784daee43b +IV = 70608463f1dfabb1fc4451e9 +Plaintext = e2802c4d290468177fdb031a717345753cd7c3028ed07dea428db84e7c50c3eb7b24f7381a167b4ee31bf88dcaf5251fdb90ecbb74ac2f +AAD = 10a6f463dc59d4791b3c2b4c93cbe2dec579a154962cb2c4cc77664e8c2b106c574fe115fd43dad94b8b1bf2f74820e28435b4444b2b82 +Ciphertext = a27419a46037323c033d7cf2a716777fedc02a5ddd8bfbdbca82ffbdea3037bc1cc80df7c5e502b32276ae88ad6fd0f0cfe72604648812 +Tag = b1ae330d47fd399aaaa687e141e23fc7 + +Cipher = aes-256-gcm +Key = 2121056225a7b2316a93c4bfeb970486fa9c586c14ba8b40be5844a31e9449c0 +IV = b4b7d1e8fa7d0e2334c92315 +Plaintext = 2038e2c6cdf5282f081292448f8febbb60a1520fa3771cbfef387f48c5915a1438ab709628e8d4c81623ddbc2f6f159c3c9a8922905c4994269898b8 +AAD = b07f66508a39c4932b04c16172d6462d78273cd9463e52284bb73e3b8b8e7047bdf10c5ace1f903e5a5eacbf67c9351f82c74bda140df2fe0480c80a +Ciphertext = 7b54618ae09b37ee72e51873c82cdd20b6dca37c334af89548f52f34df3a757e632cc0d453fc97270898eb50ce2f2a98c4cbd4cbb22a5b7c7564406b +Tag = de3a9e2aab2439675c4f7f0b61216d5a + +Cipher = aes-256-gcm +Key = efb15235bc91771aa32d51472877b0eb364de2f88766908eebc6e6b57a702099 +IV = 1a510b42dc20d1d0fb34fb52 +Plaintext = 4eff604dd4bba67f143dab0728b8597e269d4e0ecb4ce80c9850afc645d96da239d9db360605bb4268d74e1fe3431a44242ae862fa2340c076db13315f615b85f0 +AAD = e8dad34f727e77444a96cf06425640f1fc80fe3b01dafd1d91476140afe8204286d01b0ebdadc0270a3d218516ff5f08a69a7ba251ac325983caccbe0d9e1de359 +Ciphertext = 989fef0145e2fe93b9f99fd90123632d83d9df8f37d8e1f80dac329dbe0c214c2191009e31232538fec63a29665f0fc1c77dc86b2f5f2050b86b3ae48e85d63116 +Tag = 6816304faeb45da4e4772f5c35730f8a + +Cipher = aes-256-gcm +Key = 998c22912d5687fc3faac262a902783fcb0c738520b5c4135a8dd2cdbd7b0dfb +IV = eeb535c5bd6edfd696655b60 +Plaintext = 1f6ae10d425923c882b7d2f556571acfc10333ec665b07bfad9f8948a3b8c5e5f163a4e99d4726da1a35359c657c848f327b7fd9b5f61987440ab12b9399db24715715a2d1c8 +AAD = 9a3c76dbaeb69a6481a89318caeb6358267ef51a1a364a48387bf77526837c9c70afb6f105cd47d2b976dbda7d2b6bfea7b76b135810c53437472f7b80ffc8ce4dc95c7e5045 +Ciphertext = 87f4e2c80a4f15f92a8e94f468e70fe7f0e0f83c0a7799a1d465043d25210ac6f0f39a5e9765b4daca637864d1bcc090d2ef33ddfccded2d2dad61dab443b3cfcc683147c490 +Tag = 0744d928a5b5ec95f3087cc2623f0031 + +Cipher = aes-256-gcm +Key = e12effa8da2c90a5d35d257c07d1b467991bd5f75fecd7129aea4e26b9e27ff1 +IV = 4edd0b4cc349d37eb77f5576 +Plaintext = 21dc87984edca46a629ed95ffb04471397da8806c525a781d9a71818422e344e4af577f38e7cdbc556d4766770a9a3c95bea59ad497fe0127816ec4dcecb6b999486719b0b86cdb2c9d09e +AAD = bc158e6570fb0a08d73367dba65b80a8c8e57ba6c7b99493ebdaef0424e18d8ab1f7c88670cf51c4d91b77eb9ce0f89a46ed1316141e4299ec6c3d6e712ec9e92d3db44640402aa4ac00ba +Ciphertext = 07ab8c623d683ff83030392e2864edd4b8e3d296d60579a226a8d2aff6bc5af3c4598a18cc1e8d7db4ac8eb56a082af864ac52a324851dd29af51a0945cee4bf303ea111b9b627aabf5ff8 +Tag = 53e69b7be969c39560c016c6bc1aa4e1 + +Cipher = aes-256-gcm +Key = 3d9723c9235939df8647529b7e4a57b8536476d5b71b424e2c27ba4d0b82b0e8 +IV = 60163d2eb7822af7fad64c04 +Plaintext = b44face0f45e4a8da19aa0c5cbe3aa960ed6b74fe3d3d9201f52523dfe7651756b2ce482e759c87bde4ec670a0e808fb4883e437c7cbcf2f6470352174327824200cb0897edc4def1736f51e229addaa +AAD = a4b2b7bf36a70a5246feee52c474058100bc618fb0e3d32e8c1f76153edec47fab3045dcc7eed9ca1886bb2593703c9ffb8883c45386d2f4e3fbb0b7c722d19f2eca94767174d9127450549e8993ae33 +Ciphertext = 66fa63ded066ac67bf218af7bc21169a875f4bd695f44fbdff906f0a9b8a067be721fd260571c53a8b51661c8d49fe178dcb28c31deb3fa71b096b387f9fc8f3657d280404c05d2b6443eba7e60b562e +Tag = 59d5450872510c4bfb590d9497524331 + +Cipher = aes-256-gcm +Key = 75b0a20935c4a5e2126ac7420d632bfda8d41bc947c2402bed4759b6e617ff92 +IV = 0c3edf0dcd1125d7e263b897 +Plaintext = 8edc98e70030e40bea1548f6f56b4561272be0c333f3b7ae53ff3e27c35a91b1aa42d39e6305ec4811e75931e5cae2261d88a6f7d6c5b05bfb48802264e9cac782411f1de579e29d464ba56840b126a3fad07f01c4 +AAD = 7e35081ef652424da6304852243ce43ff711da17f7881d5e0433b1ad7535e755a8531b93d67ce99ffe66e59fbb24f6b42655524b39f2c84daa5cdacb5e7916266c05711a118b2128930b95de83ff1a67e53337474a +Ciphertext = 858dc74dbec6fdbe4ef15a3596ff7201c8f4fcca765bf5452f678b1493a66ed9852a6fa174a73099acf951a35699f33289ec50625538c01eaa456dc658013a29e4d133b856eb969c1f221f99e11fadc98b0ee08243 +Tag = 3d8f17838c4fc69f04d7e2b76eebbc0b + +Cipher = aes-256-gcm +Key = 7a3823191abcebadb7970d1b65c2a8dab8a908151737bd5400b3b6c0d59e3b08 +IV = e32eb00e5106097e2ef0e8ba +Plaintext = 220db5400dce604adee4cb698cdc02d2ca61622bbdeebe347b0bfef55cc45319b940f93773a9878725c5f55485d7a26363251b9ce0d3da1f8f6e34ad5329dc9f752ec7dc12b2d259ac89a8059085996a431a56cc2dc2400a26b4 +AAD = a83b6dc78931cb7500eddcf77792e810c1edbd5f4e33f85018807a8539a3cace094fb794fa9ea058e82c830d42d5a6b3e22b7785698774aec5c73edd92731c51106a23c569c0c0fef18d13da1562a9a42aa435b243c4fbc9fe42 +Ciphertext = 5ce6ec0e1d67ced5a6aa46c909b9b8907b372be03331dd0940ceb6d87e928c14a1a1e8ef9096c9b63ab4cd93242ec7be7e38b80643f9c52e7e90ffa06b8f2d238fa63dcd97af74ae37802d124623b8a272e68ca18b3432b7c017 +Tag = e21c61d604253bc5b5d58283756b9eb3 + +Cipher = aes-256-gcm +Key = 53ff6dc0af3e89fc2de7370caa433f539d068609fcfed6400a5b9fda4c83e3aa +IV = 91a824c5e023283959858062 +Plaintext = fc23e07b4018460279f8392e86423ecfe465b25b60382f58995ef5fa1f9ca235e4bf87112554aa0e72836831d7b5f39125df11518b8aeb1809d804419beb05ae013482213012e4ce980ddd1c58e11608b775d12b450ecace83e678c69d2c5d +AAD = b3a1db2d467780480f166859e0e7aab212738b85e88237c2782496c9c503347de02f3dad6bfc671fda71a04ff1e4661767c11303daa0c36d944346d39e3e29ec63d695cdcd83b2b57181582c5ac692b13e4299ab5e86c59d09c2dc6194ebe9 +Ciphertext = 88af588ec33bdac2cc748a01ee3eec97e5bbfdf69de1d66176f42b66383bbffa8b185cdedc25b11a62237d334d68120fccfd68c2f9447b3b8e1f623f33f7f97ad8815d29bf11bc0c65641ba8fca4a087783f4694fb1d574450191825f84402 +Tag = 2c4973323e635a885f78ee106eddf19e + +Cipher = aes-256-gcm +Key = ca2b4d335598f26d3d3607e62b9ef853d3543e741350f92f3050894721d3d450 +IV = 2431b5cee8c3ecec4caad278 +Plaintext = 75e29e46350d1fa99403b1e5baa414e41a8e714910f313f8e850cf3076508ff650011af766b51283fbd5626166d775fd4b4cb7124d26d77b41eb17bf642bf67a34c1caf0fa9b43eec12103f864e56c5ccdc81b89c1a35e394362688d05dd94eda3d05dd2 +AAD = 31c3ce532bc1bae65b5ced69449129b112019cc6078268b853dd17c41832ecae07f9c6b068ef6cba2b55f352904afd6096ff8432081aed408d9340c319fd8e2029c389b6e3a4bdc38853444c3f7be9385ff1ca27e59c43b542e99799bb4ce56b8e26d6c1 +Ciphertext = 90c13ec26d01b7b96bdd6816d3ee57df57efeabdb15ba602229ff71d71793fe8081eb1b462e8b2967bc4af96fd6dc72cee3d2b6495c7f04c9068b2ad0b073e11cd5999df541ad705c6315eefa8da49c5dbc258f7ba922908489c1ce672971c3bfb6e8482 +Tag = 3a7741a094be92b838850c32e4b06c6d + +Cipher = aes-256-gcm +Key = 49fbbdb5ae21cd955be7f7603cb8563ea0b02b77a9ea14016baa5cffc55d20c9 +IV = c0a4463350506d2af9e35d8f +Plaintext = f31003aaf5d8fd6261c01c5bb1e7bf6af248e0be3cf8aac67ccaeb0b7468a40d98be526a8e4f692dd23763563e601915ebcb59ecbf03bf9c665c4c5313c318939a911888fd427d5297b9b2fd91dd33eb7ed38e2f0f6ab74ec263989cdd9915811a022d4a46ed35eef0 +AAD = 17e01af2386531ce67d5bc3325d8f83b53a87b38f1c305f99c0798380a7e59d3ecddf33a5ad23a82e33f0fa34eb2438b17e958451439774ab642fafd3794f80a0ee1b9bc165f32df705a6175310670ba54af3a204e446db35170ab02670086c47a475c22d1f14cbe44 +Ciphertext = bd661836d1b74244baca62d7d1cb6717e17e2fb0bcbc8d36b3265a983d557c562b0be60708499d0e7e9626825bc049db79a0ef4d2393fef6024d849089455e55693fd4da3d910eac11496492a645e4376855732765e1b3580461a2a2533cebb482736ac928cba175bb +Tag = 4596e3802109c899f27f6cfcbdceac5d + +Cipher = aes-256-gcm +Key = 30d0e4f6425e38c92ac34dcaa06a815166f301289ca9cb0ed08156617d87bdf4 +IV = 525618ac9e317405c7d44367 +Plaintext = 06f2204ca864dd3f7c9d0290f6fe3d0337eb9442cd5d2b586d1d5c30e58951fc2f4e99831ac7bca4356db4609a0428c482f2580b9e8cf5fd00d86d474fd88ac3b2413f44c1ff66e59e7538c090b2444396f02004ff636aca05ec40439f4e3f470a24916fa4033cb60127223addc1 +AAD = 23c1a3e1083904f7226be7242027abb7af9d62f1115340cd4a57611be88303955cbcbeba44eab5488c80aed3e063c70cb7bbdd9ac289c8c8977868c3702be63d0358836838a97b31f6aee148f2b8615ad7c5dc0de7c48db7752e5f1ae8637f8c70335bbecf1313ae1b972ffb9442 +Ciphertext = afe3e71953bad46ad28113b7c8f2092fdebaeb81626bf94bd7e9dd59e000e8ba31c1ce7f728fe19dbbb42322e54aab278e3c29beb59b2d085e65cb8e54ea45d6a9fb1f561bac0bb74afe18cc8de51abf962c2fbc974c7ed54ccf2c063ff148b3e6cccdaa65cc89ab19fcd9cd0436 +Tag = e9f5edea1fdfc31cd5da693b50b72094 + +Cipher = aes-256-gcm +Key = 661309741227606892db13ab553070b456c5e421cca59087144873ae6d59e590 +IV = 9f07692c017e1391a981e70e +Plaintext = 40b5f8081b5dd173203e02e90a6c171fc41f804b2903ea18109edcf77c03dba687b47ca389c55389bd7b0ac59bfaefaf43b5f97065df6a5375c1fbb95d95cad589c2a45cd9e1e7960b1d13622440f7180aa565863b4f9dfe26ed336ff4318653e1a520bdb830e01db78a7e598f251834d0c9bb +AAD = e8540d084f24b80414af554f470048b29a5af8adb2f9d55c9759e5ff1595ca74884af67027324587131d90c77ca72b2d15b66564549ce93df7f667d0218a6e874848563a33886c6a0c5a9d00fa435dfabaa9053243b4c8c25779a4dbf79eb4b8530a7c7bf4263ea824713a90cee92dec78c449 +Ciphertext = d543f49e6cbe26f1d8a6e058769d5b16e6f8255a28b4d73ba2cbdf664bbc5ded73f9dea12a11b86b6a6acd578f685afabc232dbe9ff8431a5318ec7f0202959a310595b147353a7ca89c9d1fc2d2b92ea610cf6d9ad2716df2dfed70f5b74d498edab114058c22c96873a2a64abc254c82af46 +Tag = 31a8441886d0e4c6bfcd6d74f6a5ee5e + +Cipher = aes-256-gcm +Key = a248b0d683973d205ef2d3f86468cf5a343d6ad7c5aaac0b9b6b2a412eed3552 +IV = 8f62ffac4027f4dfeacf3df2 +Plaintext = c2d7d29256832def577392acb9fe4f249eb4859025ea55cc0c4a67806caba3e1cb81bc7f5717d94e1c91ff06607b23c238daafcb0fa96905616f02205b702508970fe3bfca87270ed1102a9ab96df57ebdcfd86ef6e9c4c4242b4febd82b0220b0d6f76d8c2d0fba33ca49279907f6bcf7e8401d1419ed58 +AAD = c738cdbde6dc277ab81dae20fbbb4a50d71bcf0ac1ee0ec6a39747ccd87be40b1f0f2c37f2c6b32ea99722979fcfddd0ddc2e4ff34a2e6113b591cbfda317c6f4b021ad30325276f8d8dd78f757618b53297fec091f029f9b00850b35f3863a3801c882422b318b4a1bdd89002f928371ea05c6fabcb1792 +Ciphertext = 7a837df292ad2e58f21b89da43a74de411e1746556fe47db55a136757513bd249384bf67887a5c1f605e7f7e3057596e17039701ea351e5ccaf0fd4882559e87197144632977cf07cf9e86784a959fa7399476a4fd196d7c507fe3876d759e2b37bd37edb3c12b89716f29ddc8b64974263a1ec1b6364b0e +Tag = 291098a2376a0faa5da6fb2606b4f2a4 + +Cipher = aes-256-gcm +Key = 80634a8baea1c4fe5dedb664c9b5d714422dd1726d642e60d15e02364195206e +IV = 725ee5023ae08fece15d621a +Plaintext = 4d1d8855b4d155e77bd1bf34b3d049ef09b2b94f4e604306406b015a2d520e8772b084ed668b868e32c7563085f2a82e7d99219da549e507aff9515e45a045c7cd5292c0e09a3a38c769acfd0a11826b27d8bf05184971670200e79c49754debbfc57d9ebc661b25f22f241c4d143bd922f7b0981a48c6a63462cb5cfd +AAD = 12b3fa94a64454dc5b47433df1ce0a7dd5e8066d05b2433c6cbcb83087bb7d22d153a19c05aeb76141431c5f9801cb13531691655939c0c812611c6a30083ed3ec27e63e6868f186be559c48367a00b18085ffb8c7727638e833a7b907ff8465e3a01d654b52432767b18b855c05a9cfb5d4aabae19164f0dc2ca6346c +Ciphertext = 6b01e934916823f391cd0d2829c224a12eeddc79f18351d2484ef6cb5d492ec9ec4d8c4bd3354f01d538bbd81327f6360a7d157feee64b539489bfdd1be4d7f724d2a6dfa1af91e4108dbfffd529afa71388b07e5079236644da289ae236100b2fbeda0c17bf2a01e76cd1f88081682c2d074223fb8a41d59e70a37870 +Tag = 55762e95d897a33c4c75106449112986 + +Cipher = aes-256-gcm +Key = 4f2edc967b11983f05ef5ee2a4364039ac02dbcccef3f3719913ae2719c8217c +IV = 255f8209b0c67a6277bdb42e +Plaintext = f8217163bcaf77c1383089e396b271e22c517e8ccda244256cc39315fab7d0c291078d90e9b6e336992f015282caa1ec0ea858a179c9735b7a2f0d50f6f1eecaf3b9308772279ebb95f8aa53826e9dd60fb354de0c50c10001c98812b59d7c0f36daa1aecda6782ca36130fbb559363fe07704b0b91ea85be319ada027e47840c764 +AAD = 1dc7065f1585384b88be47598ca484782716c78f49b3b6bf5d24a5b0d24fbd7831f18d77d80951d2c4fafb6f939d46362a69b558afadb3bb4d8aa27f7fcf3dd9624e1e075fce9bb239926d51ea9dff03619d64d5828103a414e360adcda8fd864fca55c21df86c76972c3765ab1d68ce89f708e7e5a3e06cd4de08573cf750c6f5f9 +Ciphertext = 6719849b7cea3f7f2a8e4de13d7a864d581b7c638f49fb06378a768d2034548179963c33f0ad099254c2edda9ef771daf5d299f58850033e2e449d7bc21ca3f7d3b7408429b596da615c8582886a6d8c1a9ba81fec4a41a38b7cbf1a80ee0ec8bd71451e727051fbf2a1d1e3c6ca98ee113e47650ba4fe80451e79b04abc8bb99a2a +Tag = 2ac7f962553a8007de3369c7795bc876 + +Cipher = aes-256-gcm +Key = 51c5cf1f0c76ec96f4a5f9aa50a36185521f3ba259145ac6cb4da3cd12467696 +IV = c751e5e7e3d75874acfd2bfa +Plaintext = fcda42cd098b7936f4bebaa37d5850cb0fdd6526966b1b5734f23d5050ee44466627576e1144957929123198e40b64eaef74476870afecd7b70f7583208603a1b5247074c6c77e10b9bbd41a3d468ff41db89895b0e9ca95be77526ddb30d4c5eb0796ba97d7d5c56d0eece344dde3ebd7de586226c00da224b04e74d9abe832686797df067c52 +AAD = 343ae5e73fd1da48dce92ba7b86d21de0a203ba8587536fbaf4646bc45051a7feb343e38916f6c4c75b65f940045e830857c7b62b34a44622a36b34268b8a397892ed3e4de5df3fa7384d4ca50202b5b0833f921349c877931f4b735cec45db6b95410c8042ba49c1a39870276e0165f09c73b14bdf7f36d19084f958695c7ad2cc56f0487eae9 +Ciphertext = 04192659d6a2f1b7be472372c8f969a7de388c97d37b4a89653593e48b630947d2160b569379698e94de49b21572ef0b4dd330487a8be814a84e959a1a8e3cf33dcc9f7464fd44814d0cd7ab85e4c01c9d015f42ce3723c8ef8c311222b0c78eb83d81696c217992be725faf27701b4922c6e6099442787ddde2b7572500a5320a4d0c787b786e +Tag = 23c7a866574976dca8f401c4b5b58292 + +Cipher = aes-256-gcm +Key = 1cec3efc0311d623f34b6853b3dc97e470fa728cdfd65993d9d48fdc192b28e9 +IV = 320fe742ef171b7b8cb615cc +Plaintext = 722e503a97166a07974dcbf136fbaec6c03668fa52495b040383433ca59f6311103f2fc6a95ba4c925f8637167537321eff6949aa3051269fc094393a7b17d1ac8d29af052760835665b0ee89adda5dae7738656af9e8513c96e8a532a46ef34cd7430832d2be51c586a14e9aaec2458c1911bbc0f90b496737e838a12ff37d3db058bda9360d7d33e11629a +AAD = fd5ccf6b6948c3eb96543aa40f107fafe94e5206c326dd8900ea510c6b61d1bcf746151a75404e31406c8e991fbf6e660db7c18e243fd2608aa22dd7ca9de88f277037661ce6dea4ff0a86809dbfe1708cd47d3061a34657cad143e6577549c9944e081f79c276300bb406378b26f349a91fa87de02a1405d712c516ae11b4bcf30ac9d56e677d03eb33e3be +Ciphertext = 363c1d6b806a6d97e2fddf53b242378e1d2b818828863fbb3f856f7737d63998a84e02d6c91e1df5f5eb6cf89f7ef53e16d10ad52f82362292d3acafaa02c23be7da7616a8b8daf8ee3ae74ee1078742c4ddc3e5a110e510417b9f43fbcbb00e17af3301b2fbcb784fb0a05b66469e771fbd78114fce3c4352c42928bf5a0ecc49228a3c930b0790bde7ad7b +Tag = 669482999be99149f9b723b60fec62d3 + +Cipher = aes-256-gcm +Key = d3465cdecaecbf25943b7bbf8084ccabc15474a4228c46cbe652a99be24a861b +IV = 04fc836de3a1420b8e7136ca +Plaintext = 81e0e984ce0a4074a44524f93e375eabc650a847a42393f5c524c65523368d38a7e2b677fe08502dd3bc42311775016b5689c660cc0ca8cb33a09b89f3ed3d02fa0fb75ca5bf0dc3c27c546b369ab5e7731f93bc074d37ee50d6f8366f6c8a45f73ac92b05c4aa552ecc5266041dc122a0df69a36ad625a26edb57bfff43a84e527ea0d9d3cf076f8de9eda28eb09de3ff +AAD = e4adc14ac4bbf3ae7ec7d97f5c0e6090bf8127a75e8b70e9b86496a62a759dba5a4eef64a8c679c362785501260d29b58e1af647782564947950428dbf14edab8e6841c7afaf9e7949b560419c44bae30315c597f6f6e02204da7ec605a4d9a8753de1268bb0b1c84c972b4e7296da5c969781feeb35a44d2aef799ed228aa399ea04e21cf9f7d5600a2c07b047aa78388 +Ciphertext = d7995e7b610eede708526c05c584039d48b9b4356fc71b0c37ec2559309a688a7c69ac9655f94e178cd2311db58587863b0fbb990554dc9a6aa849571f945c61e5611ae7e1a96903be725a1aa75adc381b86e43fbc68a36f44e0e0cb8fe5c494caa91f758597b6ef3b80a879154cd8a7e5f570893b4f768105b24b58efb67c5f07c6db60e0f48eba9563f17d38aaf0847e +Tag = cc3fe61642c2d7fcbd579048fdfb19ec + +Cipher = aes-256-gcm +Key = 1a0dfe2a6bc6a69659c68942ad0858e1df905890f47dab728ab9c73f742f469f +IV = f8f76b014116ba61392597de +Plaintext = d93eead436e835a061ca061e3a53c3f9c66c6f011b21682b8a6fed098bde2018a2462aa5ab542c69bfa2805612cf6146c9150888b9720db1dcd0f359c1fa3416df4cd225dd0b0d949e917adfb3e83bf5ba2b967d48908e6b6d8aabc545335014d951a67390d7b5c7cd7dcbcf66e4e3f02aa4e5e9cccaf73e75622bad006c63433d36cb1c6aa4aa253dd1b2eacac75c548aa6648ecf9d +AAD = 56ca2d5340629ca75de4e98921da352941559bd79f47ef0ab42d1d5857059352f96ee877f5458f090ca237e4eef5b08a53311c8dfd4c4582f18a93aaa8cf75080734cb2ea3389c9c74d2b04ead614eb54512ea93f0e3434e9a9366454b303a8129d6ce6cf96b1d6dd4f751311c736b517dcb50a6f6e0962c46637b4f5aaf0f34bff518cbd551a7aad3fa615708b17cf6d8fbc864f580 +Ciphertext = 8dc4d8483dc665b174ba32d6b6244da5f2a8fcc4b1865d662ec23057838b332a07ff073ecc893d413696f3fffc6dca5d107a5673f14abe8e0457a02e61138380d25e269686cbbd23cb7da3060f482f62bf80a40dcc2e711ecf5f7836ca14e456c4b73a48bef90749024393f5f8af01b73302e81bc37c4110dc26174702231d831cd14231905d2dd3f375cf2bef0425084d5b19f1039f +Tag = 825e7b7e195f65c454ce9fdd637138c1 + +Cipher = aes-256-gcm +Key = 03cec87d0a947822493b5b67b918b5c6a6bbdebe45d016ec5cb6779c3ddfb35d +IV = eb7d261a6b56a179c88e88ad +Plaintext = 2326102c58524326759ad399222c5b5a563cd01a29809d6aed4d49772a4723cfdf30c9f85f031063e838f543c201412d6f085a8f5435b0b2fe94659aaf70cf7bde99309239ed5b815b48342d4f81011f5aefe10ba105ac15601c64a91076c29c3cdafaa12bdd5706dd7305b48e923873cf06944b5027b210c59d79856f602bd6481980ea909152216756d77362c59d57673cedb91ee6f56a40061e +AAD = 4d0fbeb69c1869d2d23198ec49b3dc23149005a84aace7025293c3afb8cb2e38c167a822e25c2fdf667d3677f4e94ed6574529c987de506d26b7ffccf3b7a36d9adac48bca76084710338eeb5bfca9df1bf6b403e33e90761a0b3152afac333071a5ef4f54010b945d03b51f123865673e8877f41ca23359e60518f076cc64232b306bd858634417e92e546ede4ac6231635c9cfcf43aab1f8fc1e +Ciphertext = 06746f993843901ce72f2fcd4af7d15e64b3102d2f9bec0fe72cdd0b97e43177a1a2238c9c1dfc3311f701196653249e767a73dbe819b660cee07a5f3bb8f25823875fb4b4d34a5a3a212d2e166311bbe11fb1d36f4e725c3b74054ed7fffb7082203ccb5e9d65873cb8a1ce28d5c6e2b6555c1a864a725e6c7d5555d37dcaf1d0884264be72d38cc4b65bc2f0d039d542c5055da56c57e084b804 +Tag = d36a4b6d2f592d4f0d347d906fc319cc + +Cipher = aes-256-gcm +Key = 7f4b4bfa26719d9610c80ba3f474c43127f4aa3414fb070fc2f389e5219886e1 +IV = b144d4df961d4f1c25342d12 +Plaintext = 638982b95d66ddb689b7b92e3adb683ac0ac19480148bac9db550be034cd18dbd10f2459c915e99c385cd8dc4dc6ec48b75f97e818030fc2d8fcdf66d66b80df64f0ca4af91bba83a74f3946b17af405bbbc6e216435641f5633ad3ee24c1a2ed1b39f649acce59ee56c282a3aebaee6e97f96b34cfc63d5b0482fec20d755f399dd5f61688fe55878713cc55d562c2d72236eb674a340d1a64932cdd8534a06 +AAD = f2fe3d27bfc278cdcf16fffc541846d428b31534ec5cf51c30c8b6d988dc36cd6c0d41a4485a3f4469e92ea0fc7e694065bd8130c2854c95549630bd9cbaab2205f27a6efdc2c918c3be53f2d12f8f7cc8e6a81dc8be7cccd217be1fa2e6887cea7d637d2e2a390f50d2c5be10a32a9b380a400cddbdd40eac67f1fe9ba6033d4bfa88c563eaf57272c8a7052916cf4460f31ad026a0ac2588a45d082fbb5c0e +Ciphertext = 0d4de3489e09c7239972b675063579e409acbb663bea76bee8fb3f7e8785158ebe1c26db9219a9b97ea29e74762999518613249c3a87fbcd0128f651e2db8e2167f10ab532eced3464b56bcaa09780e5ece18182a6e092477ad933bd8de015c80e67c6802257a97a647fe2b1e9ab6a76c1cbf7d905deeb824aba2a34095f84b276d55ff940d6ab788c16cd63d9b16e0908d718c851a3230b0a37257751df5a38 +Tag = 9f0a882d4456847f44c7287c8ff3ba04 + +Cipher = aes-256-gcm +Key = 9799ae8045d58250e4d9c3b0ccc8897a04b5b9fb164e54019dc58d7d77b65459 +IV = 0f20d002dbcd06528a23d5e0 +Plaintext = 8f323018b1b636617c935791e1c8023f887da67974080af07378b533a7573424f1de9193c5d38f55e9af870f6c60ab49c80d7d1ad1f18f1a34893fd2892d49c315ee668c431f5f35e3f60ecfd534b4b09b64cc77cd16b0e1b8882872cd109a5ca377518e5b660d75052e9a4228e3935705b6bf6b4f4249346b7bf4afb891641a76621cd315cd75de391c898959be945ccca7a96073f2569f217617b08502f7d569bd2f80e0 +AAD = 3f1e297bd91a276a4a4b613add617b0488414a57ede2ac75d10934e03be58ec518a418e98a4dbb39d2365889db7c5f389b2a16d8c702cf21b888a4cbf77b356df48a30298c825fb86128de45d7fa0e5f4b0b7bf82a2c4cad2470f33c231802263901fbda54a6edbf2df638716492157ec1407e7fc2eb6c663d9a215afbec3612778b8115e78a5fd68cf6ce66c12c0ca26e5c1f7ab079bc09c3bc7b673d21835671a13dd2a0 +Ciphertext = 9a5758dad7997a766db05d698b43fd491bdcec21352032cc023bcf10e136523219745a56f0360efee75a37de55da23cc7d8184a50ccebb110bcb960dcf6b25fe731e21f26290281d9c1c7715c4e6ff3dc0026cce52929163ba222f123d4f50e1d3cf67725fb4737f4010ee2b5b163ca6251c50efe05c5ab0b1ff57b97ffa24c98653f5c82690d40c791047a3d5e553a0142fa2f4346cfcd1c849a9647885c0daaac9efe222 +Tag = 5b85501a476217f100be680b2f5882cb + +Cipher = aes-256-gcm +Key = a26c0e3864a7dd3b589d17a74a7c9c1f7e8f9adb4aafa0e75c083d10956b6bf6 +IV = b54a2a43ca3f84aef3824375 +Plaintext = 6fd4ec60613646490791d82de30ded1a12e61fd270f1642d2221272dbb150ef63ef2604213e203b740dfc9c4bcdf722b3c85aa20abb1197949de710d7e8311956c8649524afc72a9bf5eddf0b284c7fc6d48a741b82c215a0dcd73bb8afd08d5532a6f7f99b5c6beb2ad793d6da53a81e6523b2240729924ddac996a723421f57125f928990daa7a55a5b6b53d7361d9728f66590d969659aacd9aa5c0ec627d991b55e9fd0bf9c3210f +AAD = d6d8b570eca29a48a4d408d5b27ec6aec291d70cfefcd02bbfe8d8ba8aeb6db770bfd723d2c3a4859f1992767d24e7b33e3e241874292af640e2bd22a5b77e0e9e1e0d5e485041cac41d4694ac929ae1fbc08e7591e1cef689028f5db26f95fc9e0868887fb9c635579fc6335757697f63b4f2b46664ae338eafdd827988c8f2ebad80ea9787871ed8d6b302d5dbf7e8019f2e139c59036cb5964a3701ec049b839e19e33e68b83539c8 +Ciphertext = 2420e09adb24098038b2750c946551a5f6a5bdf23b126947348ddb5e938b3fcb874b33fbac6407095e05ce62df999e7234cd2b4e413009c71d855b23993cd58c1e26ba0deed891dc88f099fdf852cec0aab45f488a90edd8feb6f4c837036945bd304edbf7a2737921a2f8c1b00a1daaf9e25b908a65a8f69963fc767bc975b5b7bcc215ce37009009dc90b5c7edb1a1174a10ad28f4c1d1a2241e7ffc215edef4f847ceedf7b64f2d15 +Tag = 20521b35310385ae66557740b435d204 + +Cipher = aes-256-gcm +Key = 53ef3dc7a10e435650dd20550cf3ec2b997afc8d9e79cca8f7062622afac3496 +IV = 257a205ed0f84016183f4613 +Plaintext = 081e2769935f945419aa06fb5fa7d8412efd1f9b52a45863808022850836c1974d53d2b2c5c0cd420711a71e6d1a09e984366b8b677e6c61bbce8f3adf9f5a9fb5860887617a08c923171d681c4fbc6d569690f6a183d42b52a80ef0693862efd22bf83b7b4014a7008424c356b5022df1842309b3a4a2caee0fd3f4d3fc52a17d53959daccf8e0ca889578ee2905dd8c17d52e76712dc104344148e8184c82af8165ea8386f91de585b54fc8535c3 +AAD = 5b73ae02bf4a70e57f5d48fbf45f85b8496ae8514c8aeb779c184f9cf823d8c1883c9e5a42b2c099d959c2298ace2d86c4479059256d6a4325e109fa4b6c4ce90f84a8228316e80aa86de9b5e111d88b2be447a29297b35ca90a8eb280d4c0fe92a1d593cb966cb0010bc06831efb0c72c1e222b031e900ef06ab8da542a5abe2870a0efbe92351d5915ab545b14900e41a27c5ca9d75d6277afafe7ae861131c2767eb314c0c3da5c264f8f2b4ac7 +Ciphertext = 20ecb6cda861b660656d692c626436227bd4ac17a9bc71f6c84a1917ef3b5a0f6ba370f00fa2e7f1bd5aa8d6c15032572090482c23e4ab7376ef1f4dfb77f79d5dc065792fe3476c9c37614e32f493e461981b519dd7d10234c2c69264ffe5be06a8e14c81022b652c8cfa24adcc7c7536a55a2fc41e9ffcd09e1c483541cba814eafd5e09e9e44477018a41b073e387c9257c07d97e40f0761fe295d015e1f2df5be65b13f34b6ef0fe1b109ad109 +Tag = c129ba4c10bc9e9c2b7d67f5f249d971 + +Cipher = aes-256-gcm +Key = 15ddf0d794b1bf2e67db1af47b45b8abb0c62ff5fe09b29659f63ff943815c39 +IV = a6e6b4fd129bee3ab8144da1 +Plaintext = 9c82ac83e3dd227d0cb9692703dbf41292fbaf4961e28b7407ef069e33850371ce2838b1808ec1f837511dae9899a867959183ef3d988ac20758d7a1a6859cedf687d8a42f3dd53fa4b5843e5be61422fb8774c9eb0fd22cbda5950155caa0ceaa00417f1e89a863fcc08cbf911776fbea8d7c14a6d819c070c9abe76a7f0d04598188d07fcbb822758081172e654c025703bb24c523cee2dfdc31c8d2c84534a60e7efa9f52f7e74e19c859889f9bd024f28763 +AAD = 892bc04375e9ad5ad2b5c117d1aacc202a74ee4cd4125019f38ed4d716ce361b8b50463ec3255a00670f5f95d361e79349e90bfccbf084586cb5fa145b9eece8a10187c13055ba0d17c0fa526ba7985f00f3eb4a2cd53b6da488827fa8481cf47f6be58771d1e40125652732a7dd5adc49cf99ed6b085fa9fe8721c86f7241b6efb6002e65ae5f72e16ce6a09ce81365485b20f1fc2e092216024b1acd0bb4c2b4ffe28d62a9a813fcc389774688eedd76c0b041 +Ciphertext = e30465518e7dab44b9ca4ab6c86fd7b701e334b050a7889fefd08aa12c9e381acc7875ad5f8574fa44f8550bfc820b6d9a5600cfb82d1f98721a875610a91c8f47960ea64445c0e22fd3ebe94b3564e98b9b00a68e9bd941eef5382a67782c5e24ac44b928fc986c62a02fc702b145843b1c6882188dcbbb6f6b51ce1aa7784da03cbdc3efb1a01c1cfd7e90dc3332fc6e912a6a967ef1f239cfdc9752e235dfe75dab8088f8cc207a4a28994f122859aeb52d01 +Tag = 62e7455cd6b95319efa3ae0d14b88452 + +Cipher = aes-256-gcm +Key = dc0cff51030582f29676482ec8dbf0490a135a4cf3e444edfb7d1ec733cdf7b9 +IV = 58c892d618ceb6027afbabb9 +Plaintext = d6c4d49a9431d51bfda5bd4b07997690748fdc3df196d27d219a62480dfcb6300c5a234d675aec1239280446cc134bd4e0e0b5ebf6f10bb11b788caf949c0c3553497b62e729f08700b66c6720c35f1f434f16b15a4e404d627fd054ae1394a77d5ba728f3422aad5d99a608c2aa52b058946a76a408c5dfb210d280629ac999e86ab1f9da8f2b7b79ec07cb666105582564974180ace98c63bdb962e4580692abe58929d29f066d2f7e25c23a3824483d9e49cb6f5fc4a1b0 +AAD = ee3bc8d875a4d43c278cfeefed8ced8a3da946adaef93dc356001da151010548990fe08b62edda46634db320601c7f4b50956e29868bda9ae5df186f15c3ab4a19d7cec274209cecc71602e45c37c273b7e4b2a168de5c29278042a3dd1fbea0998d7d9707d412f476ac8de7936e2e5c268a2f22646f682e664e526f88004e7c461bd42337dd21b1cb39ff678974adb67c2ea1b7055ca98697ec16c4b3bfa95b4dcbd7fb015480135634c34acb20f58549f7e7e11e20a991a1 +Ciphertext = 54eedf8ca21f31d21067af5a05dc3cb99c3dc046540d2cd1664abb32fc7714ac057d039cebdeb124e1ca9511bc71f92ddfd4c6bd3edc8a1934f2fa2511503944f2a0818e30b9bdd26bd3c51b9673f55ad3f2ee5e41de114ccc55abcdce06a5bcf63a5bd61fe71dbbfc97e1c7f3417fcb9c1462e244ad91725081c9176a0b91d3485400d273a16eecd870ec1e9e016a7f4af2fab39a0bc93576ffd1eeef9cc15b7e47feaef85b21de422666ec722cbaef26edd1941e7dc03f72 +Tag = 1cc8c395b2ccae3a685183667ee7bd34 + +Cipher = aes-256-gcm +Key = 90da49f8f64e8a585697a43644a48bcbef33a8ed23c1a93c65e59a217c04a1e0 +IV = 0812f87792508dee6868d454 +Plaintext = 26dac57d9f30bae5831f98ed074cbc9af9731a52b2322cdd23f1f0abbf78092c48d6d24a43c7d49edb3fa66086030f37dd9dc67847714437b11577d2bec645b3210baa8f7a540cbfc20deec5973b7489b7607eafe72e249df5d0fed95e29f03cf7f0c7a22fb2f06a0bc75214446b06d25a45ab8087270eec56af3960f53b80412a4ea7b45e54a2c374e8a3789e8eb57e656e22107503920313ee3e4025836b9e1a98541446c23bd5674cb83483642f2f3e8270bd1f77c85bcfb205a9133c +AAD = f2168cef97c27a902d93cbca07b03f35c5c3ed934192d29a743c3a6c480c5a62172c088fc89cb2d8651b8979e5bd1864272ff179be8003c6dee18789c17583dc1de4e8b4fec80e5c7575838e621cac4b5b51ce5952f22e06b1c196101d2ac8d05e797323e5baacc49d1e74db97142e1bed723d46ab858d59fd36d5d08eaa63f696b610eebdc9662e504992fd3481de1264bcac8ac426b09fbc641ebc93f72c5d460088fe0b08420d88fae219b6a5a67420a5f9d1201bf8d64b2ab3e9050a +Ciphertext = 82196d89624689bb172e4ff71619046a91149c8ea99ebbaa3f2c32c77938b5ac466481575dd82a008c7f5867bc46ee44faf95fa40b6237c8c3b62474af2efcf07c771e23a63e65b48b0bd8ed26fc64dffe03e71fac6d3857b1248df63d888567d7d3618c68d6b8f1c88029bd7af8677d3b51f70ccccb4eec9e100768515637ad8a4b2e2e317902e456974ce9fe23095cc68566e85cd913e8b64119444f124640d16ef3e98136f32d618eef78f7ffbafb64227b3185bda8f541c0e7ee8405 +Tag = 71fffdbd6358f755dd22f1dbe42c4aca + +Cipher = aes-256-gcm +Key = 0b1b256665284390a9193b7b7aa4e3ad15a3d2a58e79d75da8ec284c02fa3a2f +IV = 346ae65660de8920605fe8d1 +Plaintext = acfa83f56f137ac39d6447d98c5f7d5e812d1d8e7c7fa7f7beea9a87c59961449683fcf5332c9ef1587135030309a1c2d95257114b790b18cc32f65f4c7d1652c0106e3331f826e9b8b0dffc50aa6723d0827076b71c668370ddc8156db3831559a72e48266b3886a6d88318e6ca646ff561ed4f71e665abb7a60089f0a115c7b7fad9cbba6c4cb0c242b9e1f17705825d98f4bc10bacd8ab2e11cf579f29b2a0b085d8c96a372434785856b483c3fc9ae909029b0c931098d7e59f233cb6450fe0b0d +AAD = 64347fc132379d39cf142ca81d7e49c010f54f354ca3365d5195a7e43175c9a47603062c5ca61aaf2b381f5cd538bbf48f50d620ff2b5980c086049a378aca69570ab7c406b510a6aa6b7e8682ade6a091b1f822a97ce671fcf7c911c43c4795b78ce1c86e990e32bc5c9fa34a8a4b22a20d6f7c46722d1bafd49443b4da9634db4615f7cabc3d5bd9a8921e67de45dac261f54bcd0af2b2f845e255a16f2d2f1ffe26e88238f5dbdbe111393aab3409e08dee8b9bc85c51b385c191ee9290454236ab +Ciphertext = 9d7421330f0c2a525495bc360cd5c2273531d050d461336a254c9af8611d07c3559931cd6804fbdc6e6c9c997283cf40bc23596efd1bf116fffcc6620e45d1c738569af012a7ed0d575ace3c12662f88f3ee480af30ee015ae70db112bf4a185e220660a912f9ad840346e7cc0715e853dcd9b415ca9e865d5e4de2321e6a1b7cd8a35c760abd3f099d395576a91503147bdd51cb4bd1452c4043b42dd526de6f61bcbe819cfa3c122c6f62e0d4c38b443f5a138325a5f0ff8a9a2071c2773ce62edda +Tag = 2af508d74bcf8157ae9c55b28b5d2db9 + +Cipher = aes-256-gcm +Key = c055bfc7828d9fe8fa8d9851d33f3e4888e0f7e286e1eed455e14832369f26fa +IV = 2804e5ec079eada8bb3946e4 +Plaintext = a26a9b189ada0ccafab92a79711360c7c396374c6170de395bd8ed80dc5db96ef1534adc4dcd419fdf1801add1444a195367213e374eb1ab093f1f54cd82eaba5c1cde6b867e0d8fff99cdab4d96e69aee0c58a64120ce0cfd923f15cdf65076a12e06e53ab37463096d9ccb11ec654e401c24309fda7afa45ee26e5e4b8adc8febbddaff1e7cecacad1d825a6b16a115287b4b3c9f8a29b30fa6236ca6e883abda412177af38b93e0e64b012d33d7bf52ed18c4219bdf07f36151b7ea4c53091ddfe58b6c9beeca +AAD = a184e4811d5565849a08d0b312f009143ac954d426ca8d563ad47550688c82dbddc1edbdea672f3a94a3c145676de66085ded7bcf356c5b7e798f5ab3bb3a11bd63c485fbcded50c3b31f914d020840cbc936c24e0b3245fead8c2f0f3e10b165d5f9c3f6be8f8d9e99b97efda5c6722051d5b81a343a7d107e30d9319c94dbc7c31c23b06a4ae948f276d0eabd050394c05781712b879317ac03eb7752462f048bcd0dccb5440f6740ad0a3a4c742c3da32a49dfda82ed1b66380a8cfd09dda73178ffa49236d20 +Ciphertext = 58dca29b5008f74bf132947df768dc85e2492a381429f151a3bad3132e63a4a977aa09f10879d206f43f27a26909495d0a2c8cb252fbcb3abd953f6e0ef0f6d5e89d89a1d9ecdb0e44686fbf5567a6fe7557a084a8a5ef5316890917bc432164266a331118c828fad4f5d1776645d163dc5444c2e12def608efb47adeb8f9928a5ffd3c46f963a749c310688e78525e34a510f529472a14bc7a5b65594338f6f5ea1d95bb5bddc6e8e1d1a449d126442accd162e4e03c10824fd48b32df763de5d7700dafc54206b +Tag = 141c80e1d044e1e9cf1c217bd881589c + +Cipher = aes-256-gcm +Key = a54a347a7a388c2e0661d4ae1b5743d1c2f9116c0a7aa2d6c778a21e2bf691a9 +IV = bd3456b0dd0e971451627522 +Plaintext = 3d17e3d9b5020d51295f7bd72e524027e763b94e045755af4b3cc4f86bce632a1286f71734e051dbcac95780b9817b5f1b272c419e6bc00d90c27496ac5ab8a65d63c2ea16eeeebe4b06457e66beeed20fc8d23a9b844ba2cc3eb3d87e16e1230fdb6a9134bad3e42eadccd49baed5e03e055f389a488d939c276982e4bc77f0a1c738fcdee222e2641b06fe12ed63ede2ab2fee3c54d7901d0911c32980b7c663a67d35ece23136c77f8e4536464225ab427d937e7a4260460d55bb5fdd7ea2f105604c4b0cf129dec49b81b1 +AAD = c12d1ffb08acf27d51e63f5c0e311180b687438e825204074d4456d70b7c5ba9903ad0b0778a5fe36c3e12e82718c00f5d1ce585e5c73b23d6c5e41ac4a180c97c9418b07ccccbfc58c678e97882ea36395c0a05572b4cd25ddb3c32fa580c89c48a0e3066b8032e3823893a5721a4fd1e59c7d012a01b9e9afc12f3bea93e9d1a2cf5cab26e064576b36bb65606de62fe2887ace0cf399dec08da618954ce55362c8a2bcf31457a1804bbfff68a76d752f9aea81be8868bbca8f1af3375f7137941a1924b8a2b178f06a9e33f +Ciphertext = 938f8f596e17eae6920410f602c805ad9715833087e1d543eb20b1b313771266dc6a8f86f2ba033609fadec92ac38c1f1f0f728e568fe8bcecbae2ade7b9c4128fb3133c8b4107ad5c29cacbd5937f66905e18cc52d9239c14e4c8edbb2db89b26f5f4a9ff0f2045192fd212af6c65e448834580deb8787b612d6345466483dbec00b03fee4751f543a6155f2dbb745c1094e9721aea3e544a894e4a19a14645725cb8fdc21d259e086b1e411fb1bdb11293d0224ada25da2896dfe0d35095230af6894404d27d901540b0ec35 +Tag = c55c870a5eac5c0c774dd10dbadd3fec + +Cipher = aes-256-gcm +Key = b262f6a609c4ad6da3710d58530b634fd7bed875956d426bf4b2412209902233 +IV = 0b455031d28e4e17a45b7a60 +Plaintext = 9cff6ec8832bd0e62d9063e43821db6a1e0f3ae7947ab4d029643b0e7db8224f8bd00a2c011b246a4d5eccf9801fb314aeadc0532fa71cffe188e801d7c045e81b9dfc5cf6ae1e310b363adec4e7ca52fa754ece2540545a5161eaf9ed5748070b6e232125fa8e0fb7548fd3eed57a6be72ce0a9112f166776816a0a4ccf8151b6b93780875d03ea3d59ac57e7904c83b90b7666de85f055b25f9e342af4cb04b0c3f123ea0906c04f252f2b16b28d612e37b2a7b788d66beb8b361385efb73a825ccfb1a5ca55d60afde0349e5dad8096c7 +AAD = fb99bc661b51464c0df92ba4f64c4c56d601622287bb1bf8e0a082ed3793e74db6a2f5a546391ef55dc45fd2f24878834bdc2903054d9d02ac05bd5ff122b65555d7ab1664cc36b630039e4432315445f303837e57149fdf6bf8d6856ba97abc5a18b6cd2f8f28cd3ac079355b314561c50126812861c39180fd94f9aa24edbec37bead760093d32b96ce30e389f63b2b271fc051b42952b3f5cf3950def581f7cbb2b4aa5b151a16ed3773166761232c106d3ff57851895640ea12befd69daadecc4122b4a481e85088edb093e02d5d3d8a +Ciphertext = 5341e8c7e67303d5374e3f5693c28dd9f9a5c9368efaaf82d900b4a4ab44337f7d53364544bbd822020d79443e2ab0fd2381bc73750203caa3d28858a8f9a6dba57a7c5248361ebb152a81a89c00b1bf49de9e2d08c0243b38eefe316ef89164b4907515f340468291e0b51009c9d80cf5a998d9cd8fce41d0c7405fc2d1854aae873f0e24cfad253ee07d9f4cd27080ee8ec85d787459080a06d290e6e721d23738470835f173ed815f1a15f293ffe95ad973210486372e19a9cc737c73928572cbc03f64201d1b6fd23ebb7b49d12f2eef +Tag = 5e0ac1993ceccc89d44cfa37bb319d1c + +Cipher = aes-256-gcm +Key = 9b4387e01c03d2e039a44ca2991aa8557dea6179d19259d819d70ab2d5179eb0 +IV = 852124b4e04d7d1d63743d74 +Plaintext = 92c6f01cd2cd959495bd8aca704f948060bee01ca61c46005b4db43e2e7655af4c0d96656cd75d904325ecc325f5fc9a5fff3eeafde6f81323b0e3b64269028cb64c9fbe866b400e76487f1759d6ab8fc66589e23df0c008974e1613bb4ec556bd1a6a0751f6dbbbaeff219874c57dffca59a955e0aae62e8fd6a904a50fa7eaacccc6dfd4a2b8c6c040505d3448ed2217b7024224bbc4335c63b2ae8172d7d3088b819edbaa17991a4729bcd5a456cad20ba20dbee99ae56f8ef669dff93c99a995c8f5dcb5d113db4178a49516206a1cba7d872682b1 +AAD = 92a1d2574182f850e37aa62338b19f403fe99dbc7ddbe1e6524ac67c4092cfe296b5ee9b94eddb5c228c902c18ec1ec26e1ef0263d05c5caf1c71ed9e5ff987e9964b46f27be05a83e20867f1f2107db26b6bc7066af2b0efdcad2b65f2ebe8b31fbe2f3c30171f2e4969f1650c9642ae47c8db5bda47e57e8a9af210a6fd4894dcc2934b4ecf823cc841cdb3c93ecc779b455b8cc796d7d60437da201c3f848dcd5f45e88973e06364e7cd01afd2d49fd3032550f1c1a60c4ba48137398f4d58e5fd0093c06042b103ce0064f2cd1cfdd39b7440121d7 +Ciphertext = 28b87d324854d5c9c6ebb303fb802b12d946ed681ed5b3384dce2cd782bfbd022f213f193bcac579176440bbf2af378b019d21dde5d70e42d257722d15417a9fecc8e56430551ea3bee798a01faf74d0fb09be6dd0c14cd03feaae29c7d17581e1fda0b4bce632ef790202e98c8c4f8f842fb3e33b3fa5e8700c8644ed6d64280652bc2a5d40b3ee0e47dd5a9f3535e15b1fabb30264515afd4f9b1caa5c224574636935baebf6d1992bf1a7a3d698d457db4248a2b38a803837ac4fab7998722d52de61bfab4f98e1933a77046bfb3941bb7988acebce +Tag = 1b07d58be48b81f7007e5683b399dc28 + +Cipher = aes-256-gcm +Key = 9d36155d429b90b5ff22ded128c9f0cfe77ed514d410998091bfca4dce7e3c88 +IV = a7b73ba1b2b0e846c3f635aa +Plaintext = 2510210b420b12300d51ee4a7ad233c9c97d71672c0f9a7b9041d32172fdf3a6ce274aca77a0db6961d7921d1681ede2c1088a7618382481296778e7f56d2c0074c7c545ccda313495ae2a6dfd042474b07d2b59c79a0cd8c3dc16132beff1687111a48ee3d291ac556987e73c5a3807923c2deb3b9a59a135a8fa0d85d5b39016edfe0649dc13be672a639db58839d3362eaeca046767fa1182ef8a63abc104e7cdc8610b1e956aac89af76b40844a358fe6f7343d217e1838aad19587ab4b1c765d2cd7bf7018e338c0207d4c9dabdb1625af0c75749e9a20a0d8d +AAD = 39e96c8d824bee306189a3bc8a8d4862df55e8016726222a528d76de169746a363e82e82e359b774d061a6e98e3c35aca8ba802a5956a2c512501fed44ae341cfa65ec9d95485763d99cbd9aea078ce551f7f82272bf54dfb6420ae7653f275ef145b2c87720c9ccfa56bd286c61cb822d0473dc2cc3fa22d50fd16bc0358e7c615aa1791b990f30b1d737f798219f4446d173e80fa62380dfdfebdb36b1284a62c2b6638f28fc370034812d09b57d27e5b7d589075bbab42fcd6a91fa2714538be6286e4c7b2657b80f045df7f8954738efa7d49a38e5a55a2af934 +Ciphertext = 8cb991b10218bfefa522e2f808dc973620ea391623947cb260b852efd28939ccca4c8b1f02d66fd6d0d7058854fac028fa0f23e8de801ed9a4361bf7e5a23e6a7086624a64a29815bedd5e5ebe4d9f9386d47e1408286971654b38ff8e5dd1fef7686d7614ef01900ad33bf97896b4ad02e7445782b1794b45af967ca3ba72a2e5cd5252a9ff0ff550ee56fdd8aa555bbb0bf8a5dd534fd65b13235fa6650761dfe2a28b2757077a2680ef88c84eaada743d1f0d25de38fdd1974ffc07dbb9c7fa67cacca309a10753c6e2561c4784470f5c7e116e12070fb3d87131 +Tag = 665fe87506f8df07d173fedcc401d18b + +Cipher = aes-256-gcm +Key = bd187500219308edd6ac7340d72813ee20054d6d4b1bc2ebcde466046e96a255 +IV = aab93d3181e7a04cedf17031 +Plaintext = 55b824816e045702526f8b5def71a0d023a2e42257fc1e06f9a8531ef9f7717474ba4f469e442b471d5da6e71aa635a307205c0a935a54b8a59be8856144dec435e29aa1a3568073aa6bd3439bc0f219fa1179ba0a316f7d966ea379da16be4db2f1fdac2fa6d00bef9351b78bb2773bc30ddc9d019e6e7d78dfaf38010080027afac33e751c0429ef6c70a1f2d01f103482818e9353e39a3a4b785a7dd2c7e1ba7a4c36a5f3836d5465c002bcd1ac576d90ad276952ac155dabba6873e6d92b5278280a540071b205ba99b77b7568862e70e6ddbd804906c33fa130f8b0862001 +AAD = 11b35743bbcd0113d2c188f75d382df44e874a2d4b3c3148ecf8e0406479305f29197a3a71dc7bcd71b6136ab11a7cf46de80140e15046acfa18774cbcc755e9f3beb37202fc308c03b1c20470b3128f5b91d925bd6703dfb3277d65159688f656d5ccd83d2beadfd778854472b1cb8fe440bdb7efe806f4cb95249cddf69fa0013dc5a626eb8ab69a48b3ddb1a317b35f7772f711221cee1cee9469e2639c44448c5942c95324dc2fcfdc952e05aa336ddbaf57cec2d1b33981ecb8f70ccd34a279b211c50a7784906f2981a2d2ad8fb130100c4f6bdb09c95dfcf4b0eb7ac6d5 +Ciphertext = 1e99d06f82333ec8e4fa1e81014458c81325e5d69db561449b153727da35c0b540c570b60488aca6aae58f75f84792388d0160dc45e4e5bef552c49228d806fcc22259f0f94da2f786cc94a3ecf3cc15ac67719379d86abaa54ce41e868110ed2b56dbeeaad4a444eab51a96aed404a4f4b9677d22345fdb67ed0df091d23d8acd70bf6cd29f19c99910888b3281b65637590af984e493ac70011486ca88e72fd14ef1cba06a50070f138dfaed35ab12690a14b1c8ac319f597bb690cae28019d64c868acf9a58fde1d8aa18dc1ec9c3c4a0ee9c4cfff8912b1bf23c805af6df48 +Tag = 1a43147e6e097a46b61f8b05c7dbbe1b + +Cipher = aes-256-gcm +Key = ce53e967bb4675a51652a9e6e87da6be36d16245c1e37ee00bae09cc30ed8528 +IV = 0f53ed18bfdd28918c3993d9 +Plaintext = 3f2416477ff2ce7da3e5766f043e7a06ea2b87fdf06320d296c71cbaec4b115da356f8c7f34220f91e90c97a5cbbb7fcf0048fb89414eddeb2ec1062d08cc75a39a1f9f214fc3efd6fc8e70d78418007d7d28944b3f37fa5667ff79098d7af36a9324419b53efa76e98a311e1436ecedd977397cd02cc8d377ea8558edca35ff4c71ec31943119b76af4c78a435033eafe73c7079224bf2328b49ed58acef9b043ae3c7ff17a66b521e190d6ca2b2835ed8edc2c173f04616af237391a4440fc5306366c834f6a504e902dca6d3e9e1554088eaf5b15db7fc1fa19f0867ece90ded639ee8072 +AAD = 64a596ffca0889833fcb537f58d94791f9ba9b6b7ce0c7f144f2f1a95d62ce334f7bf7f0d2ef0c6e7afa2324b069dc6a7a522f19a001c335cc0252ac4a26079c3f267cdca1e3f933069f52fe72e1a00c83d8fcbd2e76149a912c7b37663c2e7967a3a80656c87094d349af6b9d64b3873f467ed376eaa1e0abae06180c847e981c6a12d32b580acd34f779c343f8b79df1b5004d333a5c37a8be7a94c6f6400f819ffbe6d54d3c1a92824fb15c279fc8121c735b6c42248ee22e665245966d40eadc51f12904cd64110d69354cc9d9fc415b3469317d5e4643942dd4b649de0ee2fc5d200701 +Ciphertext = be462da8cc9d8cdf343f7025df0b8b41c24f7b6060cea2d3c63338b6c3e83f0797e966b8c5dd889bf1b5058fb4d694be2178fb33d9be1a351812046a6d3bd36c84ee3665d39fb98159e4d30f8a25a60064caf980f744fc519e2dc451f5fbcc0834b72920d32f0492abedc1022b0db4f2f44b91ec48c588334775fac91f174a4714b3825e96fa53cad3de94807f3b888950c8776189cc18fdf379cdc9d6054952c6ed2b3fb7f6b49beebacee7ddcb19a3eaee2b2e2b7a5d6476e5fc1f216ca443b859a9a661dcf2f7709f87361186368a62f255d78150f09ad4ab1a20e7329f3d96fa2a33cbf6 +Tag = 1cf74908f6fbfa5b2b309ebeff2f3ad1 + +Cipher = aes-256-gcm +Key = 093d932ed969cfae63f07e0c04c7f9eaf1b36f656095f8d5f112517dfc430cdc +IV = ce36a837ae93a280d2fffc63 +Plaintext = d9da99635f8d728843dd587cbb24e68e1df2f81b5f7abfe233a224cdbd48cd8b82da3711d2ab6c1ca722610b87f426a2cdee4456b50781e3b25da037ca636f2a5eea01f4eeea52d0feb7f1f6c2594d63d8c05c2adf339839449cb1d2aca94852d1b64b5641a572c2da02ebe299c7d1ff4da8706f44b14602f44c0ced711fc78005f87b1686106250d3d3860b67f5b38788db1891150f88d4c5276751afa0b2e37a59587cd8b718767455e65eef25bddaf787d52b88556710f740f117b02f244edd47cf0e45646d40e789671ae61ab06336e24fad8b64cd8f60b427ea1f58af443c6f55d54028edd5f40d78 +AAD = 5e9c95c3449cee3f9f726be031089b2358ee92fe7b408b355739c8da6369304f3b287ca60dde4685bdc59879e1530ffd8f6589449196abf0f0dc6dcd82ba7fba481f13376cf29b32af2ecca24a161e6e57b6db70a7e02ee2154cc0bb5280b08f8dca35b1a342fa18b8025c7a805cebaed99e30b43c139de7c37adc25b0b6b5d873ed86530622ef2d0ed3ab19e9c27df98a4a15324f902c35a23adcad4598c6e990c64893355be15fa7320c1935b4ad3c069c068d6b3c8f43d6fe0588b59170bf567ac3a53a50db68e4be17964f55acfe695638cb5fdea5c40805334a385c2d35aa836637ccdf71390487d9 +Ciphertext = 40380718f069f44c88932af22a10f80513821caa71fd7a9e5c4f37e1c756c43fe491ac13f244bd1299844cc78d7812110f570b693e63614e639ec7395cf65c206eb6fc9bba86f89d03dd19e45d5ec64c7d3a308ced4ac1f59cf4e13be64e49acd9ebee209afc508c97ac817f1367629af9d59b0cd48f138d23abb61f92dac530351f46a4e7f70ac87388e44f6e9548d3e6a26884bb7611f632da7db2a12fd9174773e685df316ea9401d8b352135b6b32a374eef8661b77eeedc34fa4178d0a5731ac9bfc14bce1dfe96af095b0088371ab1a04b2062625f0c4fdf01fc0a6bbf1661cca11932e93690501a +Tag = ef7f960b146747ba4f25c705d942f8c7 + +Cipher = aes-256-gcm +Key = 86875efa72ec1827f133a8935193292463ecef801bf3b461c96b0312cfcf32e1 +IV = 738136465c8935d77c8d4ea4 +Plaintext = d692d3ef47a5c9d0d9a3b6a0d498e90a3ea06278134ce90cc1d69da2159d9a1f5d0a9ef4b4ce5f873e26e8f9d53ced79991491325ba5511be4d9e6563b70459b10e60d8c5da45d3b0b34dad86772b0560314f0215bef7b55c6ae53999cb2d6a14a35b50fe5a1598adb7ebeee097968ee7624bde42862824900c8cb45b12785d9c4d50ef38133d31a66a612d8638008d03edd19c4d7edb5f9b9f195c60883a7d6aa85bc3ca3b59c395b85dbe9bb30ef6896c4ebae8d72cbecfadfa451bf36631aefddd3feb36978aa8d9a45c9fa09bfa0b2c040d9a422840e68f4dcc3eb902f6be1d91b11e1749183d89715761b6cf22c +AAD = 17208cfe5a96adf0ec903c7618d994492d3eb77275fe5bfce5ab1f67d27431c7746314e52934b8c44481e5760cc8f6b0e17d1fcac7fd5b476196e3152c3dc90adeb58c2c9c62cd684b4b18d4a94f8e5b4336ed3f1758b58a254f48b3aecd9cfa63cf758f2df54c52eb246d046198b6eabc90b2a0dd6c5323e915a117235174fc9089cc9bcb1a3bb49080cbcc24367e7f4e17e27a2054bdda0ad8996df1cfc6bcf43f70cd854f4d97aaa4badb5826dd86765d36a2ecc83d3daaf31594eff02999a423185356d693f26025a576037336c156543353423dd3b5da75f45e297c60dd8e091b961f60eb6786fc988f6324f9e8 +Ciphertext = 55f48dc2b6836b8603e19264382ddfc568b1bf06e678de255d355fd865ef03339f644312c4372494386589431d4ae7af2eaee5dd3c16340ecae3e87dda9220a5f9b9fe6cc3eaa226d9608385b7e8a6216e7da71997088eaf7c67b5402be01c0b182383ed3c0e72e91fc51fc99c59cc8271660dd7a59ee0e7d9626ccd4439bb9a1499c71492807f8126891ce09451d07d9c5525c5f185559ec44aa31498be3fc574389cf948640dcc37d0b122249060bb7d5d7e5194d4b7a7bb64d98d82a1155e30970a854f7c0d294fbb1a9e058f3b9f4762972c21086e0bf228768d0d879a9cdb110f9e3a172feca7417d48b3fa0b0b +Tag = e588a9849c6b7556b2f9068d5f9ead57 + +Cipher = aes-256-gcm +Key = e9467b3a75dde39b0dd44e7cbf2b70ba1757ba6a2f70cc233d5258e321d5b3ad +IV = a9756c7b8e2e2f4e0459f1bb +Plaintext = d6d7f6112947be12e7ec8d27ce02924503f548456d0ba407bf23e848b9ecc310e4a0c7b00c0de141777a94cb4b84a5cc34b2b05c8a37cda08b6c2dba80e80853f2a18bcc41341a719f84262b601610a93721f638a8ca651a2f6c03c3cf1070f32b92c4ab7a4982a8f5e8ae70800f7513405f3ae28ba97a9ce8241608eeb5351e6cef5560c4209790ee528b3876896846e013a0bd3a1aa89edaefe08fb4b73b3fa64c0c8b0f7ab70653ee138456319230174f0f1f7f3477f0cfc80eab8a96e29e85e20658cebb830ba216b1d8281ce499f729278dcfeb59cde3a043ef3fe2c42705f311a422e9f80fc3b58ca849dd4b99e5e66a958c +AAD = ccab7afe4d320e94f77963d779ade1343e66ae80446eaa5f9ec4d3e3bb3166255e4aac5707ab407b284dfcdbb18ff515cf08790f0470cf335946040438c7de2d2a342096d7607e1920d86b519e96cec1715f4b0dfe375c5959644bd664d23d879b825dffbbdc458ea9da5ede5682ce1ad1cff33dd8820761b1c067cec638873a3cae79c7682ee8d4f97cb96a413dbbded1c242ca669d50ebb6de3c27eca3041fa8aee8974c3d17b0cf79c32c7bbfe20dcfd57303cc40334fbdc43e925df1d63fde57bf60553d7790fc56bd95e675db934dabb1125eb97cded95f397b32bfb3a2d40703e3f11c6c226633b3cb7f9da1e3367de2ba4d +Ciphertext = 47bb258ddc0945079a0b99ed5cdc0186f453f8e0393cfea258412e423dde4a00c014ac298c4dfe7c03b0d9bbd4ad189624cb6fbaf13e60ec2b4d83c5bc3294dfec30bd6c8f7125e11d7be145a966dfd78fd77af68099b855989fe077cd9f427d4381b4930abc1daae55722540e4bcbe1b560fde208ef1c2dfcaa2c51b76072e67da311c2556eaa2c25413bfc43d00dd84aa8859b296e05945683e028699d60a29227de1363c4138b9ec2db8f3b502fe09d368c5f2ffd81abe50cc1ec1ef216f27f401456d061429d1910623af00bcf500cbc6509c5aebf7de9c956e40a3f0b0d562775b03c282c204e33c0b380ce1475eb5c0441f6 +Tag = 9ea19333f5050354a7937fed68e38dd4 + +Cipher = aes-256-gcm +Key = 4e323dedb68bb5cc4cf2edfe3a54a19b410f849492ed6f66fc053d8903c3d766 +IV = f77b876eff796db621eabe88 +Plaintext = a7514c4111d7d8bce2d56faee25d9f5fbb527162576b444fadebf42d48d2631cfed344b0437ce8a7609bf30bf0a44aef172f8b12ea7567cfa5dccbd08bb3115efec59437ff02e7128df9d9e5193794373e30dff7b3d8ec0fcd6cd3872d755c0314f1cd9cb996e4c6ca8ee2e35f9b64a1f0bd1669369f9b333a356ba58e553ff9bf9cb6c5522599dccca2f7f57a91006e7dca4095d11955e5aabff69febb98a408aee92293c0abc12ff23482ebe9d541bf8fc7493eef2c68044dd185eb243b54a2bad9844d831d9b0766a0ef013ad3ac03627b1feeb287e5e61875bb1d0a01315761bae6323a9d678cdcd3c4a85be71b70213d081b348c63fc603 +AAD = 9bd10dc97ab5e9b35e1c8c36ef37f90a11bae7dd18af436fa8b283eafe04a5bbb16bede6ce1260187299ae6474628e706cc08b3627f5243f1a9ab469455666e6d5f2ab597b6799bd60a365a9248341decc36d473fa52ac5ac469b965cb2023d43b437dded84ad49de95a6dfc6ae4bbefaf86f9b06e3a33ec90d32ea3af541fd2c43387c75dbd94d44b9582e8ea41afba5e49f1d158d48e979d04888fbd42876e12bfd6695cb99640c537f2f9223d37cf6b627207b9318bd1f4c64556b5db1101c486c53dd8dccd7405e148d6d9b38b7ac875a44bd6df75edfa4da8594a9c43b223e7a6f5b81a5cb8dd6e06e9a976ef156e45520af332e4d56035 +Ciphertext = 9885d7a11004ec546955fb7a8c77ae57588fa2e7fedcc8e9000123495b9016d1a101fec1e6724302e93eb8e01bd05efbe8502eb97b1064bafa9bba5658b1677819cec4998dbf02df1f1eef51bb3e75c19f570efdda98b0b8dc5dd9250eae8396090ca9ebecdb90f32c5e2085e86b64e57464d251af62d9f8c01d7bd6cec5f9dfa5eb7c4cd412077571bd071a4eff5098883940d63b917c08bf373916cccd7a446abff0aa5c687518703c25cd8d3c5d724f348e20be54f77fd18dbf6344d1d25c788ccb5a5747d575435829b1825e31f9e94abc33c0d2750fb62ae167a7a74fc9e39db620d43e0b8514d5f70a647e53dd5764254b7785b1519474 +Tag = 936072d637b12b0b6a4141050f4024ce + +Cipher = aes-256-gcm +Key = e57e74595d230e8eae078df1dbc071c66a979a912e2252257e28447e97fc82a7 +IV = b613d6d5fff507e917674f2f +Plaintext = f1ecbb2a45f04ca844616528b10ffa4d2c5d522ed4ae3366888fb371b6ee7eb4be53c8204783e43265931f58f308623f7b2733384c173540aa0bdf879fad0283c2be6c42a7b4feb2b29265fffdb518ea77d33507dbbff7d9921bd97fd27f1100402e02135f7df4b5df85f7472fa75618facca3e24d487453e831efa91242e62ee9d32880bc20f7ec016eb12edb589dc8a669f7c78375f915d7c2b03457b00ac2aceaf37c0369a85c3f6fe7c0447c022d66bb5acaee62163837a36e882cfb8579ba9182d3153a25623f339758ede5a62f67b199fc8abe235fe4b607a6804fd4d15378c76e0c26c1edf1cd637b7ea59edc66cd5ef9b8cf79b95ff89c235ab195 +AAD = bf4c0737e461c1d6fc45b87175fd7833625c98a03e089c4e3d47c6b21f4bf38cb4b7666322217eb8fa022afae473df56ba3502c88cf702276bf39c6fcccf01e629925a83816a5096e612458af6380dcb7f63cfc0eae99d63475616b18b44111a1927b05503c4ce46ca48321b0f8f247a54919fc844fbabd3a2481e83bed8a5ee8086d7559db00fd1d64f4892ee9363d59829ce1e10af66696c28e86297b43190800251f346bec1b577446120529d486266a271c71011528b24ff4caf2c30f9748a2b03c788dd583541368a643075a52127c48b3b6f0c6ef413e61479c9afdbeb4bda44340ff0d81c7bc0321d3de4080cf7e108dda3fd4e480e685b202c6bfc +Ciphertext = afb2aae2dce03cb0bd3467447ef6895a132cec06b9f7764ee24d90078660dc820b8384c01375e03c20a6c688a780d7d7fbe5837d477e8f3d7ab3ab865dacb0eedb5694d3276ea914a421b03b9d4e4f586227a3af7e8d5d579bd832450f038eaa7bac57aab996df55367ddf59b338e5d370e310124e8ef43c9fe54e5d23d60023aee266054ea66c9f32170ce97998b527073fd178ed4e1752cb9c515c0b32766b363c39c513c2e9ff6d1c24807afb43af3c5a317f1536087d8576fa3be3b007d3a77ab0422303cd0b142c4ad194e1bb86471b91861235dc336dfe9666f4f2c6a32a92b8fc52b99873f9792cb359476a2aea21996d21c17ab814de4a52eeeb33 +Tag = 05906cbf531931559cf2d86c383c145e + +Cipher = aes-256-gcm +Key = 847eb274561fdf0c1af8b565a92da74641f17261a0ea4cf63ba5f36ba7028192 +IV = a379511688390ade6f0318bb +Plaintext = 1e588cd0636f34b656b140b591a9adafb8dc68d0abb75531942e3c6ec1d29e4f67853e3d718dbe61b733490525c7f9ce6746f8639e4d271267a95f0940b3406c67ded0aaed36374b9a4bb8c753579051c6dc3244d6126a8a97d4a912569ba139d55dd00c380e7ec450d44f6c7b9482c2594b21f61ef8d165666c830867139262be5ad3a31f44a286d7e86d4e5c9bd6118147efc8e606c522ad0e9a218aea4daa39d1653157e4c3730240fff67a42e4f34186de1c13ddcb1e44020b7a31d21ba6ba96b3f42360dd1d754a7bae75b6fdb6eb3c76412cc1fd8e900d7aacf4d897f4224f19a1d44a77e06c95eda5fe76b11c6f5088e8ca75c87e07edc64c09a6a31371552449 +AAD = 331d48e814f660516f3a796b08afb1312625b3b17218819cfdbbbca4c333378b57fd93482d971992b5b15b62f0724d6e7b9beb5ddffd3c70b6f8bdd3cd826663eeb91d37734a686c987efeb4d4906b80c5378fcd07806d2dbf3eb528472a110743df8cd96b6eb67e98b13ac506c9bda167f045a412c93d78e860c9b4bbd7a2d71adbd3530f30253847b4112d4b898b520c7a14fd075e62605b05084f26fd138179c2791fd6e8d3bfbb2735002ae12d986f92d7d300fd6f1dc12c993449f8522f6f32f506a677c8a981aef9815e83019713b2f9943acc8d5b3f6f65b9e2b9a14ad2e300d636166da2d35a6a0a756a76d08709a043d65341695490124971a7574cf0b5845a +Ciphertext = fc1f0d7309e6420b42d59740c9b9d4b97075b874015251ad55483068b00f87502b18182b140db07c70a80fd884fd79b7b5fef1d307ca4db0ff046494443e1cae83478d275c31402035f1fc24e26214b78d9a4dac78d074150012f9fee810a121d87a16d8e1eec5700e9facba350029788480a259d9f30df1c2b8df7691629314391719853c0b68614134f6028865700b1fc4e7f34ff28f449c6abc3027f38d7a7f6d84b8f27f7cc5afa09478c809eec346bb58244ab42a3bef61a14ae7640d76591343983de9fe5f1b985ce56c9fcfb2e3f6220779ca6f92a6b8aa726573b38ed7663ebe4c85066ae3f488ea3309593fa41dba8efd2b8f44b9fa8f7a427823c1228093a3 +Tag = f1832022e06228c36181856325d4eb68 + +Cipher = aes-256-gcm +Key = 3828b138f72f8fe793d46c55ad413bab31a51e7a9093cdd10fddb4739e28e678 +IV = a60413c0ab529ccf3de58468 +Plaintext = fec017c1c51da5ce9dcd8e84cdc03a43145b31edfd039c7c85d8811a2f58efe7a2d7590149a98cf0b5af82d3e0a325223bc9d5585ceb1afc4cdd96024be6c8064c2abac14f68e65de49e25e3e967500ce5b4504d00a9cbad1e86bbdcf65c01a7a92de27583b7b92122b6a4923b7192994a1edf00b75d14a982f92559dbc2d5e427a75ad29715375d90193ddbb39b9a52c1a23d75629c539e0a6ce822c7c08fc77dcd3adc357893215df4694673a16d34513de21217ce86897c8f0575d213ce0c66eb1d1985fe73dd86da3ab5e89df4243e1be9dd95af94f878995d02929ee42a062100d6d4d3884730f54593d5ff7b7ae53e03d4f0e10f6f4c3077206499ab7d4de1e825d532d0918f +AAD = e2b16ff2b6c73c9374704ffb4cdfe7bad9eeee32157f2eedf427f99c2cce80c5aa4d9145e85af0cb08e6ed477cbe79ee168ded5c0895f9f4f939c21916b3dd5c9d268b3aabdefb85d953bce9b70732fc9acf6c7b727f78d8c9aaca9e022d7cf0f95583e81744227d87fa34ae19de44d202ba01e3d03993f38c9b2fb00b54dfb677d67e6f5a15f46c29eb5597ae3d5384b37bbeca3f3d825e2b7cceaaeb36a8c1273062259608956dd0c79877cc460d0268de27355e34b9d8d1188c062ac5e10a73f2d70fd0636304b3de06cffeedd246e2db19b8b66785f9f9c62b8f0198f29d37a4ab5280f4aa0320559810f89a1618844d0ad5f3a4f5a0e834ab31e56798b7158217f834d372c36f +Ciphertext = 88ea11ef6b6ee6fb0be77bcbf227e77508922550ef0d7534bf05668ae5fcab2f4defe643747716e7e000950e36c6cb24b79987389a150382c091d39ddf841b0a5e31d763d9c59753a3ef36a23b81f38e6e715357395ce715d30c14d6ab5b7454804ecf633daa39b6107f562fae6a646efb25c1119dd17955bb9e640105a21566345408f72f2acc8f2726a0be465551f9ae566da559fc0b92c36764c5ca20a18a316c02e606030a53450e7ae1146050a48a64c600d33cb84389b0bdac7ff45d3d1f2f669a6e365ef722d76d2fe9bef2df93c58bbdd6965e18111b5de0f4a62dbb874161bf8adfa61e9cdecd97b4fff668b3efeb3e32eeb929cf58d94ad8077c0a2ca79e80877c5d9329 +Tag = 9b47afc5816b7229213cd3c9135545ed + +Cipher = aes-256-gcm +Key = 91ea63dc27d9d6bbc279ec6cecdce6c45ff0b247cfb8e26b6ab15f9b63b031a4 +IV = 80a134fac73eca30459d5964 +Plaintext = a848e41c77ac8c733370435b5b6a9960af36031e96260d5703ce15b003606875a7901cd11e4571bf88dda29a627c0b98065a8b4e6d382852dfa4f47d86fa08e48ad8f5a98e55c305900b83200d44029f304abd21e0264115192a3fd7b0eb69b9f8ca7865b3be93f4ba5a28468fd7bbb584c32ae867f5146efbeb1412d3ac36c30cb308c327a6f207e30f561d6efe0a535446c693e14176e9e714ffb5a5b1075812909a362a6c4bbe18322e15690c2c9cf5a18e0120c11551cb7055b5aee97e7a56d7c24fdf1214641c8eacb196d74f3d96a7fbecdd4fe52dc7b6ead9041cafd5a3fdf91fd3614e63189b488d4d7c1ea3c6351d112a2223b29d390ac3ab7f09a60bbd3df6e0d606d902aa44244334 +AAD = 47940a0694183b2fcb5e760c9ef6dbe4cbff6ccf33208337a981138f9d35c03f8adbd810e94636acaebef6791b531a65e99b03fc78e7eb48036615874e97cf762fa6ca5d880bb2c2f644f1aed70c667880f98834d501caa277cb8ef1095ff882e79c3a92ea8982abebf63ea9ed7e9a24d32cb81d5d98e891974e3d636a59e165984e00f05a040d33f07b39eccb924fb24780a422a6b2b7bddb5b316beddcf6fad20e4cee7d0141c2f7c4e4f759db8691dc7b8525ccbc3ee6071a2ead63e750d6d92dde7eb1303d5b1194702b6c3e0c2e6f9649e60eeddec9c1f71cf309af0672cd2ffcf94ba7e6c3d7cee020a224a9a956274d1d36ba16030e215d90a165756666eff066a8e51bf7d4babe8b7d8d +Ciphertext = b90449af99327afb1124bb24f1c8b5cb878423b0370d5f7cd297b28cc4135ee77d6f1913a221cfeee119bafa873072bfa79e303fe377bbed05add41ce3a42ca4632b98f40a36227de1a9ba84d6176c01eca9d33d954d0ebdf4e40f136e0f6a56156fbb33b344a8a433941fd6e08774bd00075aedb0e396c2bc37d1250541248dbeb899e1b5170cdfeaf7b89995b049428bb277c501354f8cd48fb58f6f04f956dfd099c48778dbdbb4c95b7c9d6797cf6d3bcd1d00e88cea885ee4a10d94356509e148990a0e10dd89103a9d5c8434a7bdbed6c0ac1271e0709eba144abf3cf075c020e9f7835d5a98fb2439b399e377ae6e19fc5f32df9ddfb9e936190d3e9c62de99835249d1f32ca3f92ecd44 +Tag = 6ccaf7c142d86b83e4d0b4289b49c4d4 + +Cipher = aes-256-gcm +Key = 1344db082889367fd48c5f06bc39f9cb9e3ad4b92fa484ccf49418dd4caa2e19 +IV = c04a98e7e29326b5330818d4 +Plaintext = b0e12e3122c1ebfdcadded5a45163a6208548e9bdf95cfd18ea504e5d2e97372e58dbfe460a57b724d38f3bc0ce02a54015779bcf127343474d7d4c1402d598bee56897203b903da5b819e2218bd0d1a2af11c542544f02c46969cd2bfac683b76a8de61698ccba63361a1a0b570adf69d24e9a7e466873c8c12e25e0bcead7828386179a4d65d5bbdb800eb52fc01b67498d7b5f9864270162158a8572eccf541b07833f001848672098c57708eb479855799567c318b1aa097efa70db0d8a8d36fe0ac22ebcc2870baacac690a79e07ab286acad9f7a877939cf2989cd6200eb86dfa7a41e969a3683ceacc7c97d1cd5487f13c439a9777a67770687657d38267a347a0b6d3aa3cf64e7f31017246e4369da +AAD = c96db14dbc2aa0ce3ac63794f75c7e78037dac6763282edb307821a7938de4baa3d2e35a8cfe0c8724c2a8d870d0a462ea157e15aacc69a3c881d9c819225ea8be479872d55e655c897936c95b9ab340820264567495fc5e4e3354f42b84e191b470ca9f4d8fc25d011bf9c9e73e1590e1bb919dd2f288b26935fbfb8c93e54331dc8edad5e1cc4aec103c2f3320d59870c1770319f105ee790b704ed655be423e63ab040f1153f41e7070ae3a0f34d217c4649c180c84814463902d99a9396f8c7c85a3a4c8ae2f01737649fae478a40fc72303a108822775e9c421f945cc0eea992730790a9aa0c0d014518dab371b52d30b5a560f34946a9344cfb8a19b09ee9b123bcb8f642780697508f04983b790dd2d +Ciphertext = ffda075dbde7b874995230e1324f17894689baaa7f1354e26100befb546ea23dc74807818e43a3cee00ec1bbb95c82180489ae5f3a1c482dec28f96ecaf5ca4655ff7f33c814197cb1973cf02a0b720a5c44068d8ddff0789fc1e7f20ef408c1a438133fce4f7a3e8c85d95a381b94e949ce47a85895c4be7cbfad468e52a160dee34b8ddeef2ab280eaaed4990ecec790ac16de3c74aac6fe2d5e28ea2b66a921c894a3971cee4a2158054c3567e0d941f867ded5ed1d21d8ab090848fb3eddfb1559bf11815db52b8eed871cfc117980f297da79da31da32de3f162a03d95090d3329da3662df29e6ec9b236e0f7c1d7d957cfd54d5efc99c694b9dece989912388254798513d881e5943ce830729a8e2ddf +Tag = 81c55fe9aa2de0d63efe3f74a3d8096f + +Cipher = aes-256-gcm +Key = 31dbefe589b661af00a6fbad426e013f30f448c763f957bbcbaf9c09764f4a95 +IV = 147fe99bba0f606c57242314 +Plaintext = 908bd801b70d85085dd480e1207a4a4b7ef179dac495a9befb16afe5adf7cb6f6d734882e6e96f587d38bfc080341dc8d5428a5fe3498b9d5faa497f60646bcb1155d2342f6b26381795daeb261d4ab1415f35c6c8ac9c8e90ea34823122df25c6ddae365cc66d92fc2fe2941f60895e00233b2e5968b01e2811c8c6f7a0a229f1c301a72715bd5c35234c1be81ef7d5cc2779e146314d3783a7aa72d87a8f107654b93cb66e3648c26fc9e4a2f0378fa178c586d096092f6a80e2e03708da72d6e4d7316c2384a522459a4ad369c82d192f6f695b0d90fcc47c6f86b8bbc6f2f4ea303aa64f5ce8b8710da62482147bcc29c8238116549256a7a011fd9c78bbb8c40e278740dc156c2cc99c3591fec2918cdeb5240fb428 +AAD = 5a32d7044f003b2ffefffe5896933f4d8d64909fa03e321a1bdf063099b9f89752d72e877291d8da12340c5dd570d7d42984ffab5177824fc5483b4faf488504e6822e371dca9af541c6a97312b9cbf341b4198b0902cd2985ac10a8b5b5fe9691bb29a88344f863c980e4e871a72a8b74f92eef68c176e9d2ef037898ff567298e186af52ec62eb7429a8004ac46b945678b82859396d36d388ec3d67653aec35cf1da2684bbc6c78a5f9e3ce1b355af3b207f64e0fa73501c5d48a14638d0906c87eaa876debcf1a532c1475d80ed3d4b96458d2236eb9f67988863bc6d5c16b96b93d898683d248d7bc601b5035fc365481b89465e37a8f7dd64635e19a0282639cecde72c6b1638e0aa6e56f9c00d031cdadc59ce37e +Ciphertext = aeab9db30a579ca54195e54a9e6c787f40100c6d12ceee35643f36ae45f618cc9bb66aa4c0fae0ec2686cb4101a5b23a46877460c7e020b38b0d8d1f533ecfa99df03d346bc854a578276d7d5685ad1fb03655683a64aae4159c9efa6781f053057e0811226c7c533967a94587f4025353b28cc3a2ce5763783b4c31e7818b8ad9195bc03be8f294f9f6ceac578f9d30b22b1f5a68d647d46cf6db4a9c3a8a5c06fa97c9efb4578f501ea96db1f40942e3f24c44a7e4070a6b931c39947d9692930b67767357015de51a39e46fff94b6019e4bc1ad9d216a571ba0dc88859c49d2c487ca657384e49b4d382d86a60c8d5195320909c4e82fc077a3b22bd4eccf0f067e66ec78eed642b2d16f0f304f60f1d9ba69e205c982 +Tag = 17ca09e3084504fc22e914ee28312c8e + +Cipher = aes-256-gcm +Key = 0ecc44c9036961fba57c841ace4ca3c547c51d9f126567bf41626765cfcbd53b +IV = aa98b6ddff7e4b2041f29d70 +Plaintext = e49a2a5713f507bfa00c140dfbefc0c43e37bcb932e0741db03f0055da61cd837b6e2d8f99115d70750fb23685a17121b52e98a37c87204e0207729fd9219d11a48e57970d790338793cf329f7b239512a44dd4409fe9d157f92123dfc5cba24af106442644dedda87e1d9e95fd395f2f0ad8f7d27f313e6ce1a07d9845dec5ad732e6e4749b3a161527c8ce42331f5de1d700650072fb68e9c7645a0e0e529d0563d2727e3fb38ed341f74ef1ad95a0216a440e1384d0e7ef71cde38cecdc9e2b2d563f19014c40c1f92ea0af3b4f6da9146d433ae85f647153db326a28ef6ea2e0ebac0cc1aff157067c7dba7cc4317d56920ee9deab5764368e7e5b3ce8bebd0fa129f869b15897c09659c53188bf8efb7b6ac7d265c9b85fe96166 +AAD = df41db4ef5350d4afcaa88b4a577b3370b96699bbd73e59aeebca6ea856cf22694a9399ae7f97a3bec226d82f5598f8949dfb92530dcfe77770f066f2af988fba5543b8ba7655bc43f8dca032981a34a1beff695c6908169d475c55b2119fe5578623f68a9dd85b653656881b0db4006d3336fdfc784d1805e48ff478fdc196601f044c9d33fca3ddde2db0102f90fff0b370f520e00e3786c2a9b0b4a9a7ea6f9d866f77d870c8ef0f3a8bedef17949a32598512af665679dfbe71e1c3efc3dee8f5d4499e20dc63281191751f67e51f201973a6675896484527d66bed94d6aaceff65fbc4192cec19452b8873f22d72bf2f4981fe656285cb24be5c58e77dafd3e096166b230f18d3f4197fe16f6ec84c060ce0793ae6848311a18b7 +Ciphertext = b15b2bc4b9e8ecc5d9c4a6359a805b7590bdb4bfaa9b3fc4d7676d721edc4b3b1ef71b18a3d78f1b31a477cf25e55b278eb3ed774805ae8e5a2a0204f7291d9587663c4d8b1b744154f3b7cef796e0b91590161f3bde82f1d8139cb8d017606ae6d0552ba144788fd8caf435ab09a43a1f4057776af49bad98fc35cefefb159cfebfed76f2e4d18b7be143677ff8b3d6e2b440fe68475b5a1193bcd19ab157d0d2257f33de8e50091ea3388648c3410aa68c830566a0413d92454e4eff433c3edc74e8f7516ec17b2c01cf57a2d7c48db97b706b8d7da0b68051f2d6a87c417f46cf217a48611980890f669d39b478c35d834ed2c79299df2381a1215d6db303cb63e2795fe517649874226e0a6dbfe2c86370b9fbdd8c5de349bfa25f +Tag = 7082c7ef72c82d23e0ba524132acd208 + +Cipher = aes-256-gcm +Key = c05dc14b5def43f2e8f86c3008ef44e4dc6513768812e9218b2b216818c4cec6 +IV = 5cfe0dca6e599ed9aa89ba97 +Plaintext = 8a06e2997b8e5f8040b22e07978c83c48d0f90bd2b2f8b426b43feea0b614d3b0681745ea4224cabcaa25ca45c3053a6300c47ffa4f72e838db135ae35c27939aad4cf7f75fb61daa3148d869057598e4e8b44c6fb19b0d9281e18676d8bc137489bb77a51a3a8f807a896d558f00040e8729ea9bbdc7db6102c8b99c8a1eacb0735577bc6533cd1d8147013935b6344116090a1bdef1f2e38a877a50c8fc0f394bafede31375c57476ba06d95ae734e6dae771a32e5091dff71d845c5f7385b9b9069ced12fcfea34a510880b088bb0016e94a5932c89baee038cbafbf06b3d09426afd2d5dd5e392636362e9ffa9186b5c753eb84f82f68fb1286ed06c58a5a936cad018ebc4269037b49f2ea0349373adea99f06062e5dbb0bf94f2883f5c0556 +AAD = f2a3f7af8ea984bbd85953f14202c6e478f98d0bcaacd414329ec480d0c29fb4c1a052d3228c883928448f0bef12cee5b69829b4a3eb4680084131867cfc3d3af84fcc0d80c2292d3fe02405634f6cfb20b0fb90345da3a557fb30582175c32e432be66ad096f9425ff4060df54d6741fd6567a1e2fc5f6f3ed95cefc806ff64ae91ae82920b5c829ea026f83fd90d760e240da3c9ddaafe4d08507f4af1049056dc6d09657779a3dbd889d851e97d4ac60dc66df2d24979ba8947a7890a304bb301d0d42b67824e0c68fc882e90cb6deee50c2e3d9f0da59ab23c997b05635a0d56c71fc39aa0e6b19c43a7fe12d4e4145453cd7fbd8a3f33bf5451addf05052df7ef044a33513bc5f1a4cfc8b68015664bb5c8e4bf54a85efff109ee96af75d4a5 +Ciphertext = 2cf630548d6f2b449057c7861920308958199f77b123a142c6b7c89c4982f4ed0efa2fe899914ddbf4543e70865a5e683b0721d6c8443df2e697acf31e11c8809aba94196409020a7c64d396fe136826455aec973af23a6c7733cb567f5ea550e50e0b796623a97807d042855568e3c568990cfc818c31a1bf415337f43e9baed57fada2fb2ad3c3543f2b7f2777e03f84040c1c854c310ab1cc5dc7f2a5fb213af79ac068b46c7d9475bea126adf079e2100bb57904a931faf248e0f7d5832ca83ea8a283e0136979737132afb1f4ab38d307ac0774814f4d5ecdc4aad79185c05f8a706f579b78f2c1c7004cb38e6cd22c2080735b34c3f6134955ed3bc36b1ad5c8e33209c9f3c658fb07b59b6002b2526cd8d853a5c624b7108573d7df60c827 +Tag = 3dcdabcd1c82002a551cea41921570e5 + +Cipher = aes-256-gcm +Key = b33f449deccc2ef0d7616f22b4a00fcd84c51a8383782f66f1696bc6405005ee +IV = 6afa8baf923f986b5779ac6a +Plaintext = b0af85a6deae5fcaa94778bce015ce2da7400ab768f3e114cc1b645fb2716789e2aeb96894fda6da5bc24fcf2466124720d6ba99e5475d77e5bcf2c2f8c8e5becf5eb73ad650861bbdeb51ba5ee789c227478934200fc18f36e4fe392c99d4c3fe0b38b40d2e84f831b8ef9bce9ac1362c755943521ecf5b5cf8fbcdf08f2d47ff7cd62838597dd342695a1b037bcede69500bf70bf1edbb40a17b44695bd8ff8bc8664b3211a6bbfdcbd1bffbfb1a2ea0141cfbc6ac841c803b137be5eeb2666c46c09cc1c4fa82be43bfd56e7a2b8ceeecb6efc1933a90213a0e1bc7aca2af35f2d1dad5f0d9002561064a699f1ce76c39d9c2224ae596e88a1517e19c2115370768d50107f3f2a55051838ae5897acf2ac0814ccd864eee2f6b5d7a6728c6ac6e6a57327102 +AAD = 2134f74e882a44e457c38b6580cd58ce20e81267baeb4a9d50c41ababc2a91ddf300c39963643d3c0797b628c75a5fc39c058d319e7d6deb836334dbe8e1fe3cc5704b90c712e1fb60a3c8b58d474a73d65fae886394f8b2c029e420b923f2af4d54c9de3c7fa2bccaa1e96664ccf681cacbbf9845069a4bfd6c135c4392d7d6be338eca414e3a45f50510718e2a5a3e5815eafa0c50172cf5f147510645d2269929843bbbab682deb5823d4cdf42bd250bdbd20c43e2919d7a6e48973f43a4cab73454b97cdca96721ebd83b6dbaaec7e12cf0dae678a57c431b81421657037dd47dccbee73a41f56495fd7c25c75744fe8f55cbd1eac4a174d8f7dd6f6ba57b3e53449a9ce7806517e3e07cf6546a0fa62c7b1fa244d42eee64a3182461792edb628e567b23a +Ciphertext = 0fe35823610ea698aeb5b571f3ebbaf0ac3586ecb3b24fcc7c56943d4426f7fdf4e4a53fb430751456d41551f8e5502faa0e1ac5f452b27b13c1dc63e9231c6b192f8dd2978300293298acb6293459d3204429e374881085d49ed6ad76f1d85e3f6dd5455a7a5a9d7127386a30f80658395dc8eb158e5ca052a7137feef28aa247e176cceb9c031f73fb8d48139e3bdb30e2e19627f7fc3501a6d6287e2fb89ad184cefa1774585aa663586f289c778462eee3cd88071140274770e4ed98b9b83cd4fa659fcdd2d1fde7e58333c6cf7f83fe285b97ad8f276a375fafa15f88e6167f5f2bfb95af1aefee80b0620a9bc09402ab79036e716f0c8d518ae2fa15094f6ea4c5e8b283f97cc27f2f1d0b6367b4b508c7bad16f1539325751bd785e9e08cd508bdb3b84 +Tag = 1976d7e121704ce463a8d4fe1b93d90f diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt index 3dda513eb677..de098905230b 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt index ab7f2b6f6aa2..ccc715c2bc81 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt @@ -1,5 +1,5 @@ # -# Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -73,3 +73,3618 @@ AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 Tag = 724dfb2eaf94dbb19b0ba3a299a0801e Plaintext = 112233445566778899aabbccddee Ciphertext = f3b05a55498ec2552690b89810e4 + +# https://github.com/C2SP/wycheproof/blob/master/testvectors/aes_siv_cmac_test.json +Title = Wycheproof Test Vectors + +Title = RFC 5297 + +Cipher = aes-128-siv +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 +Tag = 85632d07c6e8f37f950acd320a2ecc93 +Plaintext = 112233445566778899aabbccddee +Ciphertext = 40c02b9690c4dc04daef7f6afe5c + +Title = empty message + +Cipher = aes-128-siv +Key = 2b27e429fb6c02678e589ccc4437c5adfb44b331ab6d21ea321727e6ec03d354 +AAD = +Tag = b2b2354e3724dcdaa85ecf029b49a90c +Plaintext = +Ciphertext = + +Cipher = aes-128-siv +Key = e40992eb4f649e5d49134652aecc24bafa6b45ce8dd9e9d371ede7d5de84fa72 +AAD = 8268c5194a71aed0fc1dafe3 +Tag = 92bc07ee200fbd488b7f70a10da26a21 +Plaintext = +Ciphertext = + +Cipher = aes-128-siv +Key = 99037935e620da1d67faf1e26d5a0e2c5ac2eae5eec7cbb7b7a613056f6719e3 +AAD = 24ab40e7966c5bfe8a5d2b0a6a9765 +Tag = f44934d6f5ba77122f198599cd0e5e52 +Plaintext = +Ciphertext = + +Cipher = aes-128-siv +Key = 7bf9e536b66a215c22233fe2daaa743a898b9acb9f7802de70b40e3d6e43ef97 +AAD = 9ffff196befb5ffba01afa9235418d57 +Tag = c11ab0ae193018d2c9c7985aec3f8a5b +Plaintext = +Ciphertext = + +Cipher = aes-128-siv +Key = ea7081db53ce49559f9fd2b53e00f91b68c2bdba946961da1a5bc70918297a43 +AAD = a9efd155159b533f2b649b2e5fbf87e6a2c11ee8 +Tag = cf52a3c9e2d3d99a66f74135f39e28bb +Plaintext = +Ciphertext = + +Cipher = aes-128-siv +Key = 1e225cafb90339bba1b24076d4206c3e79c355805d851682bc818baa4f5a7779 +AAD = 896dcdb367f3c76d60093dc5ae09bc4f30e5cb88e3434e6eb0f0700ac752cd97 +Tag = 8f603b65e767ef178b4dd11db6c114c1 +Plaintext = +Ciphertext = + +Title = message size divisible by block size + +Cipher = aes-128-siv +Key = 612e837843ceae7f61d49625faa7e7494f9253e20cb3adcea686512b043936cd +AAD = 865d39ae9b5e9ff8d6308e00208745bc +Tag = c79c86cd7509e60a16ca8cec6bcaa1c5 +Plaintext = cc37fae15f745a2f40e2c8b192f2b38d +Ciphertext = 8fbd6099718991fe775bf5a659d30a24 + +Cipher = aes-128-siv +Key = 96e1e4896fb2cd05f133a6a100bc5609a7ac3ca6d81721e922dadd69ad07a892 +AAD = 8ee21f1a5e2b3f8b8f2064e5cecac81d +Tag = 849195031e8927a1af4f64cbdd804846 +Plaintext = 91a17e4dfcc3166a1add26ff0e7c12056e8a654f28a6de24f4ba739ceb5b5b18 +Ciphertext = 1c03598bfba441312776a4e8ac959bee44c521801287a2fd95e2329b1c694441 + +Cipher = aes-128-siv +Key = 649e373e681ef52e3c10ac265484750932a9918f28fb824f7cb50adab39781fe +AAD = 3a8363f51bce891eba7bcc0aa4311e10 +Tag = 9f66765a019277a7a7acb92e80f8300b +Plaintext = 39b447bd3a01983c1cb761b456d69000948ceb870562a536126a0d18a8e7e49b16de8fe672f13d0808d8b7d957899917 +Ciphertext = aa724c92560951eb09d855f471fe1b589928e51f7a8a4bbc6cc9f55fabb2eca2ebb4faca14d1ae20cfdc31b9602e9891 + +Title = small plaintext size + +Cipher = aes-128-siv +Key = 298962335a075e9eacb7a7627beafa4ee5a02242423cdfb0b4f106eb61cf5663 +AAD = 4c375fd3c4d45c5cfff16d55 +Tag = f5c8155c7dd7f47c61d980ccd2175beb +Plaintext = 49 +Ciphertext = 9b + +Cipher = aes-128-siv +Key = ea1a7831e6fd080456507a996b6d71668c2cec43c757539c3b5342fadbe64dc4 +AAD = 599f61c649e7cc5cbbd7a78f +Tag = 130e8de11080a3b27cc1ef1272586c24 +Plaintext = 7c0c +Ciphertext = 717c + +Cipher = aes-128-siv +Key = 009e8288da0a3d22aeaa231fbbfde9ed901d22df9f3ab707e15aa2fc390d0679 +AAD = 9a582245b46c6170e3f5ca53 +Tag = b98902dc89e6811dfba5eafb1561186d +Plaintext = 2f5c53 +Ciphertext = c1849e + +Cipher = aes-128-siv +Key = b6202ef3dad5a42667f020f0e4bd89d845711da77f98c747eb914de869638bcf +AAD = eab41f3417c79bc7262c7b64 +Tag = cd824717886f3363622937bcd118960a +Plaintext = 41ec7178 +Ciphertext = 0e2605fe + +Cipher = aes-128-siv +Key = fa82aef8c8d6e3cd8f8d053ea6b1b07ca3bc0152506d464926630d6fd83e8a72 +AAD = e9a4b08a8e2ebbb13f82f870 +Tag = 85288834b25f27e96083e2f360d3c7e7 +Plaintext = ebe656a97b +Ciphertext = 486519b4f5 + +Cipher = aes-128-siv +Key = 4ed237ae3d066df766bea923116bf9d2ce6f63d34a4f56ed8631baccabd70647 +AAD = fca537f50d5fce3cdc994b70 +Tag = 9acd6ee8a827c2c5d0da7bf7815dbd85 +Plaintext = 82f0d49b77a5 +Ciphertext = 11bd8c5a79c1 + +Cipher = aes-128-siv +Key = 56df5d41a110a63acc7b7c045be9f35a8f2faf16d83fb559268eb8963484f552 +AAD = 95dceafcd426a9bcbe99b842 +Tag = f7c739f6a0e20e94265ecbbdaec36cd5 +Plaintext = 1d635248014c3b +Ciphertext = 97088967917d47 + +Cipher = aes-128-siv +Key = 2e94a84c78be80cd598366058d4f6cdf8095666dcac7a00ad832d9f33e20d13c +AAD = 0c784125715b7f9b1067b077 +Tag = 163833ac904d30589cad9a002bd702f5 +Plaintext = b978587bf028558d +Ciphertext = c7809b04693fd8fb + +Cipher = aes-128-siv +Key = 60bf711a162cf6a1b108d1351f9fd2ee5022a9df3c5e494268226b17518a93b7 +AAD = 53353976f18ae8c8cbc7e066 +Tag = 87a37e3de3690b11fba089c068e1c1ea +Plaintext = 078a6a3d7d1d312004 +Ciphertext = 17a4d05ecfb0a97631 + +Cipher = aes-128-siv +Key = 5aadf8dd380e4287582155f11165b31dc8ed76946889a2bb8633990fb62fc46f +AAD = 0baed8c06718697b4e845acb +Tag = 1ee7891afbc92d52282eb3fdada6f886 +Plaintext = 435e101a1a4416abe5ce +Ciphertext = ae613f6d60e5d8c1a3a6 + +Cipher = aes-128-siv +Key = b099c4a613f5efda82b069d9a76c02a4049c12310e25f272dbd9d155aedd8d52 +AAD = 30699dc6f497215acda15441 +Tag = a78a01331bb6da90967319859434dbfd +Plaintext = ccb3e3e1bbf6c3b03c257b +Ciphertext = d2f9b9c68265c190e28ba3 + +Cipher = aes-128-siv +Key = dd0655b5099c4acb60c8afacede1b6ac04283c4fcdd1fee2f5aaa6d86bf6c025 +AAD = 164400936032de67a4660b87 +Tag = 1a104a2de459a3aa9f7b501438b12060 +Plaintext = 6c9a0029bfc98973676d4208 +Ciphertext = 2de27a8d259ae4f58ef50294 + +Cipher = aes-128-siv +Key = aa6285693fc40a59ebc2bdab16f1e9111ec794ce5ec63b8f89fafe1b7fedfacf +AAD = 009002fcf132820ad3838938 +Tag = 3d8175b843301690089b8aa54136d698 +Plaintext = 9e9813cd498166220bd0d49da9 +Ciphertext = ccd3d88a5d02a3a65f2b115b00 + +Cipher = aes-128-siv +Key = 18a4688da2ad1e112ea56ef6da9107e0f1094eeed3f6b868202952d56e0f8239 +AAD = 52dfc32bab8bc1502d18a334 +Tag = 9fc042a08918741e2b7beab9cd79d762 +Plaintext = 2e7a1b4c808c1cf4e64e8c5ce54f +Ciphertext = 6214d8960091cf305256e549ee36 + +Cipher = aes-128-siv +Key = 95b330aa5fffa6c0e29fd6fa0debdcb9cf6b448820bea24875089ec8ca5a2387 +AAD = 4dbf5c20ce4caeedfefcae1d +Tag = 91a7f5c4585351b8b76d4a4836a3199a +Plaintext = c96596ebba6f89761b9d14dfcc8fb4 +Ciphertext = a761e5f9ee1cdd84258a6a3696f7e9 + +Title = plaintext size > 16 + +Cipher = aes-128-siv +Key = b3b7c2c6d3d80918218afcd8bf2a71cf0220e2e8084ead8ba1abfb893ae36d40 +AAD = a5c2f6cf309f29c25f5ce35d +Tag = 96bf5dd0c28dbd6072b70e2b5b72d3eb +Plaintext = dbcf98254157727c35f367fe6e15a2d089 +Ciphertext = 9f41adc6d5d877e808fbf15ed4117b5007 + +Cipher = aes-128-siv +Key = 2700a20ef5c3eb4df123568d0df042c35d32b42437efb1032a6a1fe5359767cc +AAD = e40e09fea86442dcf2cd176d +Tag = be366ca76d9afe36c7d017c1221e1be4 +Plaintext = 3de21865217c94c4f82208ccd62ad57f13ba1f5e +Ciphertext = 1a594e1d853574c06d235775b71cc0b56a7da631 + +Cipher = aes-128-siv +Key = cc5d599aecbed35bb4e13a2f79586dfe42e6382e8fa8326b674f34716d6376f2 +AAD = 34eafb781863d85649f8c9b0 +Tag = 73fb501f903d90c35039c065563a0b8f +Plaintext = 8a69fb2ab53b995daf2cd43fc316690f71e171ffc5ab84f68bae3c038a9fd7 +Ciphertext = 274610f05b8d988a193460658d325a255e808847f3faf937e0354a93201ab0 + +Cipher = aes-128-siv +Key = 71a7adc7222f471c28f682c12d45feed45556000a986035922924ad154ba5fa5 +AAD = 46a65672d2699267ab27da82 +Tag = b30ec3b9c85402c356728391acf04fcc +Plaintext = 227e714e3efa84e48049142edaa311dab285407f9b628b146f1d6132c2500ca28497fbd6e386679c +Ciphertext = 0d02ba85b6a9e90cf846155d4ab3158952bd1791885370bf23ba26d8d23359637b6e24e8763ed107 + +Cipher = aes-128-siv +Key = 83bc39bf7b5faaf0f9223ed2aa761ab32c04993e3fbccd34ee616ffd28ce5766 +AAD = ed9ec561ecf5e289a1516c9f +Tag = fafea55bba0680a510ce095d5c8a40a8 +Plaintext = f70ef1598f403902dcab4cc23bb1265f34e825b99abc61b26a22b9bbf478c3c1e61e67e98201bc564d022b87b4106aad0c4ca2d30e8927fba5b52a76971ef79a92a1eb6cf4ef87aea6b551567a2c4c41 +Ciphertext = 4a76071b8938dcfe99c8c73b049230ac52df7e09769852a6057353a7df7b8d18882ce5369c6bb855f271d88108719a1b5ea5765f549c282639c8bfacc34b5b10991b8fbdae2e42429fb7f0554e0e5611 + +Title = edge case SIV + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 1d7f9cc81b316c518efcd7927e8f7b88 +Ciphertext = f0dcac3115ddbd3d8ec28822e54088d0 + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = 00000000000000000000000000000000 +Plaintext = f16d4958e933778c54aabcd6fda1cabc +Ciphertext = 1cce79a1e7dfa6e05494e366666e39e4 + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 110d3aa6f558c30977870672804064e0 +Ciphertext = 01f74b8e43a262001d8357f95489432e + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffffffffffffffffffff +Plaintext = fd1fef36075ad8d4add16d36036ed5d4 +Ciphertext = ede59e1eb1a079ddc7d53cbdd7a7f21a + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffffffffffff7fffffff +Plaintext = c83e256ba8baec0938e51a60bd819cc1 +Ciphertext = d8c454431e404d0052e14beb6948bb0f + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffffffffffff7fffffff +Plaintext = 242cf0fb5ab8f7d4e2b371243eaf2df5 +Ciphertext = 34d681d3ec4256dd88b720afea660a3b + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffff7fffffffffffffff +Plaintext = d8c89e8ece83de437eac13ca7b1ebb2c +Ciphertext = c832efa678797f4a14a84241afd79ce2 + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffff7fffffffffffffff +Plaintext = 34da4b1e3c81c59ea4fa788ef8300a18 +Ciphertext = 24203a368a7b6497cefe29052cf92dd6 + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = fffffffffffffffffffffffffffffffe +Plaintext = b076687f33460af32b7f0edc3304bfff +Ciphertext = e2149531223f5703d3cce887d0dfe544 + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = fffffffffffffffffffffffffffffffe +Plaintext = 5c64bdefc144112ef1296598b02a0ecb +Ciphertext = 0e0640a1d03d4cde099a83c353f15470 + +Title = Flipped bit 0 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 656a1c3efeb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 45c0cc09b8cc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 61e80297b0ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 10ecf972c00209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 1 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 666a1c3efeb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 46c0cc09b8cc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 62e80297b0ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 13ecf972c00209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 7 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = e46a1c3efeb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = c4c0cc09b8cc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = e0e80297b0ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 91ecf972c00209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 8 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646b1c3efeb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c1cc09b8cc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e90297b0ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11edf972c00209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 31 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1cbefeb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc89b8cc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80217b0ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf9f2c00209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 32 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3effb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b9cc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b1ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c10209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 33 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efcb7d2589bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09bacc0c37f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b2ba41c54eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c20209652ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 63 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2d89bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0cb7f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41454eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209e52ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 64 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589afdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f9626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54fda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652fa6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 71 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2581bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c3778626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c5ceda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c0020965aea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 77 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bddd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8426b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54efa58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652e86ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 80 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd1892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626a36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda59c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ee4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 96 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd0892dc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b36dbb95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c469502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4a3a46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 97 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd0892ec86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b36d8b95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c46a502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4a3946ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 103 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd089acc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b365ab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c4e8502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4abb46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 120 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd0892cc86922 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b36dab95df2 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c468502b33 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4a3b46ea22 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 121 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd0892cc86921 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b36dab95df1 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c468502b30 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4a3b46ea21 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 126 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd0892cc86963 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b36dab95db3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c468502b72 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4a3b46ea63 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 127 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2589bfdd0892cc869a3 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0c37f8626b36dab95d73 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41c54eda58c468502bb2 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209652ea6ef4a3b46eaa3 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 0 and 64 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 656a1c3efeb7d2589afdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 45c0cc09b8cc0c37f9626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 61e80297b0ba41c54fda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 10ecf972c00209652fa6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 31 and 63 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1cbefeb7d2d89bfdd0892cc86923 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc89b8cc0cb7f8626b36dab95df3 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80217b0ba41454eda58c468502b32 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf9f2c00209e52ea6ef4a3b46ea23 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 63 and 127 in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 646a1c3efeb7d2d89bfdd0892cc869a3 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 44c0cc09b8cc0cb7f8626b36dab95d73 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 60e80297b0ba41454eda58c468502bb2 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 11ecf972c00209e52ea6ef4a3b46eaa3 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = all bits of tag flipped + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 9b95e3c101482da764022f76d33796dc +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = bb3f33f64733f3c8079d94c92546a20c +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 9f17fd684f45be3ab125a73b97afd4cd +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ee13068d3ffdf69ad15910b5c4b915dc +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = Tag changed to all zero + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = tag changed to all 1 + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = msbs changed in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = e4ea9cbe7e3752d81b7d5009ac48e9a3 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = c4404c89384c8cb778e2ebb65a39dd73 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = e0688217303ac145ce5ad844e8d0abb2 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 916c79f2408289e5ae266fcabbc66aa3 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = lsbs changed in tag + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 656b1d3fffb6d3599afcd1882dc96822 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 45c1cd08b9cd0d36f9636a37dbb85cf2 +Plaintext = 3031323334353637 +Ciphertext = 2aa03ceafa0e45e6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 61e90396b1bb40c44fdb59c569512a33 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = da4e0efa57352f1a114e4b3f0cb234c6 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-128-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +AAD = +Tag = 10edf873c10308642fa7ee4b3a47eb22 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 59e6faebd6af7063c8660362866f1b2af53a989e +Result = TAG_VALUE_MISMATCH + +Title = empty message + +Cipher = aes-192-siv +Key = d3d58a2f21e62f5095542e618168ef040922ab7d80b3840055eb9caf5726a8d4a7f071dc40ddb320effc094211735090 +AAD = +Tag = 59e0a9a04cdb1d9d7bee6be8bb06fd61 +Plaintext = +Ciphertext = + +Cipher = aes-192-siv +Key = ad0f7862386c35fee128ae7ff18db084a0f457fcfc7fe1c5370b145f7fa645a97ba3eb4f90e18941b18e8d89494ec796 +AAD = b402ae880487cfaa9314549b +Tag = b50be5e46a3912dcacff27115e209e24 +Plaintext = +Ciphertext = + +Cipher = aes-192-siv +Key = 278e770ca600bb23f5d8725bfd0cfc05b91057e79c890a697d41e9ff687c6a14ea48fb228d7f95ab4a93c5ba9d966262 +AAD = 3f33c781ea57ec1c298f402cbbd27e +Tag = 2aec07db61e8e403fa04659921ccaf65 +Plaintext = +Ciphertext = + +Cipher = aes-192-siv +Key = 5ad985b9bcb461f9115937b6bde7073fbed9e8bf32245afe5836e8c2f67b3999266ba0d8d9eba6fa978c47ea9ef4690a +AAD = bd2aa07a70aca69c4621d91a6686f42a +Tag = 863161c67e86648340fc5eab9fb728a7 +Plaintext = +Ciphertext = + +Cipher = aes-192-siv +Key = b65c2a4f88f733142cc66ed9aff47e77f3a6339d30e030290d34be40dfa7b33e37bc2f48ea8617f4e7d60c28c0c01a0d +AAD = 9ce588daa79d6825305a97572d27674a9602bfeb +Tag = 4c9cb52e91ee8fd784e9901b2bbfd07e +Plaintext = +Ciphertext = + +Cipher = aes-192-siv +Key = 4cd9d4d729792e6a599bd59c330ae8a4df4077225c9c633cb59190f3a5d1150fdc38a7fbc687516f82d6354e57281c1a +AAD = 960dbaaff375101529f193a5b7adc2cd95a36b7222df7e9f6fbf3110e16462a1 +Tag = fffc486f0299703902926186e43932d0 +Plaintext = +Ciphertext = + +Title = message size divisible by block size + +Cipher = aes-192-siv +Key = ca9db62214c3afab385b9086f1cb90d17195d495ef47642dbad06f4e7d0bab136c77885029ad442b30c34c8b5290e7d0 +AAD = d4dbfdce11f1147e29dd062ea3bbbd17 +Tag = a4e08bdd8ab8cbef46e0fdb8a7ca1097 +Plaintext = ded5a13d759903ecd36cb238527776c6 +Ciphertext = a8f963e45e554a5882496270f9fd6de8 + +Cipher = aes-192-siv +Key = c4bb58d73a61eeef0ec23490dc3c3a3e140244c9be88209658cc5654a996db2372c2212ffdc260bbdb92a520c86f96d8 +AAD = 2e4b50221284bc07d7e30b1a6621676d +Tag = 0131705a9a6c645f13fe4679bd03daac +Plaintext = d0535403fed2c1dec9f858eebd688afe4d0010b2823275d1bacfd564c074415f +Ciphertext = 234bc11db1f0941be0788c1c14bbf95ef1dbfbdf5af786a5a5a3a7d4f35fd169 + +Cipher = aes-192-siv +Key = 9eae72a3964bdf14adef8616aa5441577b7bbc324652516b4c29a7b0f3bfa719be49e3d2ae6297588ada652eb45b0a00 +AAD = 999a35705530c2f6a7f2427d6b258836 +Tag = d237a9dd9ea0f70ebc5526fd5e414f31 +Plaintext = cd9bfe9821b1a5895737a827b41e0ee271ab2687128bb87f173709b73bf18c7c25822f32282895ca8935db00a1d171db +Ciphertext = 8c8a016bc6ecbcb3de5f0aff9330259e67b4984f13fb7e904ae8ac91d8e35faf41ad860bc9423d2ef596c13e15025cdf + +Title = small plaintext size + +Cipher = aes-192-siv +Key = ba783a715ff6ee6d71e3a4a7adb6356687db12cc2954807099f97471c951c7f0c33571d3334d111c4ea33a12365c0061 +AAD = 06b2cd261a3508a7bfd1c049 +Tag = 002abeac978f66d934b9ed06f215c495 +Plaintext = 7e +Ciphertext = 1d + +Cipher = aes-192-siv +Key = b5ba35a597be37f8f8168a40e9f47b96077ceced6ac0968a4e5ffabc402199267bcd4f740640c6877441c63e8015d86c +AAD = 90f605a2cf3ff6e79d6ad4b9 +Tag = ae43eb59494a5fe7a7cac8d5d20f7d40 +Plaintext = 5bff +Ciphertext = 177f + +Cipher = aes-192-siv +Key = 17a44937a1f8b8029a7f64137eaa2d7de950b49b0ef2d83994151c7b9dde2e87c5aa3debfa0ad9f028260c6dc2fc7e01 +AAD = 80235b12c840e3fd50dc62fd +Tag = 6b8c54cd6d99f5470a2461aef614012c +Plaintext = 8b2a68 +Ciphertext = ee7341 + +Cipher = aes-192-siv +Key = bff684f086ef3314211ba782a2e7e75a60a9a3df9fc505057f54e2b264fbe2e5eae299879fccd26ca39d1e33b883966e +AAD = 43634a3668f78c0b00597166 +Tag = ad0d302a322ca73b5514d8cfd6d40478 +Plaintext = 41a1241d +Ciphertext = fc60aee6 + +Cipher = aes-192-siv +Key = 379c425581ca8094e47d1ee49fe9a5dd3dd8d68c6c85f8b4cb56849e99698ee73332c8b0cc6da0627c95f2de9ddd0871 +AAD = 26306f1d6a4316522a928715 +Tag = 717e9e25286ac7eb4d5aa50e613046c4 +Plaintext = 22faba3076 +Ciphertext = 296f693bf4 + +Cipher = aes-192-siv +Key = 0f11a54e9f03071828944e39a3f5a5538c4c94122e757aa7062afdb90d5e8b4aeb41e681818a149831ab7b25e2ca3b96 +AAD = 8ff666163c2af99f3e653b38 +Tag = c11178fb46a4334df8044ca1746ddd12 +Plaintext = 2ef90d77c725 +Ciphertext = 9ca6185d21e1 + +Cipher = aes-192-siv +Key = e959e0c14f3e0d8dd44162d27f4c333a337332550167731949c6732b23a5dbd9aa3dd801b66543755474f44774e5d823 +AAD = e5cb907e8df42f0e568e588a +Tag = 533fa1781af3a3679e5779c9c7c727fa +Plaintext = 8f1dbfb8c9dd6a +Ciphertext = 5a1d20d7a89f6c + +Cipher = aes-192-siv +Key = fe6412c43463c22b98992f8c319b662718255d12277ce62e56ba258ccc7a4694121e6912ed745b4a6e12ff9d38c86ef2 +AAD = 825d771373d6e019043dd2a0 +Tag = 0528c021158609e07d3c71fd363365a6 +Plaintext = 3da09c275906835f +Ciphertext = 44ca61b932c161ba + +Cipher = aes-192-siv +Key = 71002b321b1e924a45d97302a08f2361af1d2093faf661f04ab47ecca9f5ec9a35be3ccff8a4aed1ff658d195c05aed7 +AAD = 987604cee29b9ee32f26f332 +Tag = 4f4d3533c0a6d2302cc3ce547ca78f1d +Plaintext = cf1e93a067ed6b4f26 +Ciphertext = 6dce6f333cca0fe889 + +Cipher = aes-192-siv +Key = dff1d025a8b62dfbe8fd7d0480e572f1c5e125c1ab4c148e37ff9a8ec5d8a4cf35bc304445be3bc45ed37f92e032af14 +AAD = 80b9534f1e83598235c85690 +Tag = c4c97f0c3530981bcade42a174a65038 +Plaintext = b81cc3a382a1ad29c1dd +Ciphertext = d8925ed8a5decee8a7c6 + +Cipher = aes-192-siv +Key = dae6920703b80500b4197269faf5d74de8e610415e194b423080ebaf6d99873dc307dc4f6d9f32ad0ebad8ad7852690c +AAD = 1b7a5ce2ff405b019125910b +Tag = 2d60ae19a38f400e0ed78b65db3df852 +Plaintext = 962c7c7ca5bdfcbcb3eba4 +Ciphertext = f41f0d1e22c917b42e7c5a + +Cipher = aes-192-siv +Key = e69ea366fd385e0ed8b9cbb01700654fa28add8e56b7ea683e1fd718511ab0fb22dcd710c530e00fb66f4584fa21e9e6 +AAD = b55d19772f2776772c04078a +Tag = b97290f5f225d05b40704c53ee8fdfcf +Plaintext = 3c32cafeedcce54108e39588 +Ciphertext = fd972185aa96d4db4b8ddb16 + +Cipher = aes-192-siv +Key = b60b83856f56cdf89027460a76993fdbde0f2ab01e9dde2fa7c27ef47155ec7caba892b27fd9a31e8923bfc44794cd71 +AAD = b60c69a4befed39eac27790b +Tag = 0afe675b5b92febddc6bd6d450715ad4 +Plaintext = 550d0e8b8373a27e4072a5b76c +Ciphertext = da97711bfbf3465da408517401 + +Cipher = aes-192-siv +Key = 859698a852a131a3804838f3d012d6088e135b6db160b2ac68e6dfa6ec330dc0d682e406c87c15b9a74affe441749495 +AAD = 29d834bc7bdd2a3e95ae8308 +Tag = 92e143e457be47a18ca6827811320ce9 +Plaintext = c969bd4b5acf1f7b500f8f21f3c9 +Ciphertext = c70a1b4e0ef64cf3658b25cd8f51 + +Cipher = aes-192-siv +Key = ebe1c273ba54b877b937e9906c4063e188efd57bd3a32be825369380f1b9f6b8b6a0c2ab1390e589f6101c5ffb7460c7 +AAD = c3f0f5c438de5fd85b7a21af +Tag = 2eea0115c34a461d4de5de4a41b9654b +Plaintext = e8d7ac78d2805bfd656634d19b5834 +Ciphertext = 8aa87b4cc944c05057f5b306942a0f + +Title = plaintext size > 16 + +Cipher = aes-192-siv +Key = 80d50fafb3ede5ddbb5058827303a098bf213e47dcff12ea5338a2a0f914d84bff58c8c69c3b151d6dc380fd8f3e4178 +AAD = b49b12ba140fa8d794a31738 +Tag = adc724b7fabbad1036ded152b968e557 +Plaintext = 340612da2d2dbbd25d7fa05c775a6ecfa8 +Ciphertext = a4a1b3f5014f42f84a21ca45727f4b4339 + +Cipher = aes-192-siv +Key = 5f6bfe19987d5bf6471dd9e436094f7fe33f8acca3b8a41e277861e202bd7262fc2b0bd3df9b35fa2fc3c579620f00eb +AAD = b96c8682cd3ce676b0d79865 +Tag = 8fd1214e80782d7c14007d037feb1ab1 +Plaintext = 1485126d0476bb4b86d087d1892632b53cb4f8a2 +Ciphertext = 81fdcb20985887b5ee8d4acf5589924be644947d + +Cipher = aes-192-siv +Key = 9ea37352e41b57d61ed837b2ace481870d2413d92bf00f30dbb8fe8d250b3cebd0f64d714cf61a0533d02d372284c6c3 +AAD = 0f1eb4eee461615bc0be8474 +Tag = 0da4c7885ffc4125878efe1d14eb5f64 +Plaintext = 80d977965a880bc6bb5e1cc92f234771adb61e7ae7198844623c6b1d1b54ec +Ciphertext = 740bcaed915088806c89fb2efdde2a5b0d89aeef6a2324ba2626b42113ee27 + +Cipher = aes-192-siv +Key = 25b0b404bb1f78446d0e5cde012ee5832cb403398a3e66e9b5a244b59d8994ee10184a5776f3578faab830e865f8133c +AAD = 7fe497bacf30af3a85662aa1 +Tag = b44039f1e5ba808ca055aea6bc2d819d +Plaintext = b1b197cd7ff68b62e274f5d1046f42f9817163f0a105a0fb7736fa9e5e8f76944a22282af480ee79 +Ciphertext = 388e3c271cd97c046061e57223bbc2a17aa9b368d5cf281de46f48b34d179c16cc9e9d4600a87af4 + +Cipher = aes-192-siv +Key = 7e225cf2004a28a091986f131fd43ed111c0693e63433ffc9dad9029c535096397636e13296eb62143162643b13c7546 +AAD = 01685c58b14805d636541179 +Tag = aa3d2cd732974b733597a369d47a6801 +Plaintext = 81c8a10fcd668100dc762125e03627ac4e68d34c72568be438a7a068c27e2f12e2f17823e41fdd13e53616c622d4f320a38f97c2edead9800ed1091c303f10d172a284284d86708e53dedc82f6a7366b +Ciphertext = 32dd5a944431231e6f77122d40ae70c5d032cc7d62208f428e6a931c7da6e88364d5ce1a4d9403436740b9e714a2c3b239febe6a6a7b42f78894442c912e6a9c22ea9548ef85540ca76d7c6df42b6534 + +Title = edge case SIV + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 05ae1ded78b927e7bf5560571e177760 +Ciphertext = 81460aba44a680fc6c776c00a1e94b6b + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = 00000000000000000000000000000000 +Plaintext = 11a7fae3b1b8297b31bdea77a8d6d67c +Ciphertext = 954fedb48da78e60e29fe6201728ea77 + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 3de1fd2ff8d5260005edbf9b59b6cf06 +Ciphertext = e8a56dbae884e990cc0df180d5e456ba + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 29e81a2131d4289c8b0535bbef776e1a +Ciphertext = fcac8ab42185e70c42e57ba06325f7a6 + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffffffffffff7fffffff +Plaintext = b3c75b1d29b3d5d09501c429c3b8faf2 +Ciphertext = 6683cb8839e21a405ce18a324fea634e + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffffffffffff7fffffff +Plaintext = a7cebc13e0b2db4c1be94e0975795bee +Ciphertext = 728a2c86f0e314dcd2090012f92bc252 + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffff7fffffffffffffff +Plaintext = 6a142a8909ed51e7b2d77fd071f230df +Ciphertext = bf50ba1c19bc9e777b3731cbfda0a963 + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffff7fffffffffffffff +Plaintext = 7e1dcd87c0ec5f7b3c3ff5f0c73391c3 +Ciphertext = ab595d12d0bd90ebf5dfbbeb4b61087f + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = fffffffffffffffffffffffffffffffe +Plaintext = e7202abbfe6fcffa7887a7ef06840040 +Ciphertext = a0d032efc9533bf7bb8ac7af5c9c7cdc + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = fffffffffffffffffffffffffffffffe +Plaintext = f329cdb5376ec166f66f2dcfb045a15c +Ciphertext = b4d9d5e10052356b35624d8fea5dddc0 + +Title = Flipped bit 0 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e94dda18e98cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a359304879d74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e98ecb00ac9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c259760003211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 1 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ea4dda18e98cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a059304879d74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ea8ecb00ac9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c159760003211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 7 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 684dda18e98cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 2259304879d74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 688ecb00ac9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 4359760003211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 8 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84cda18e98cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a258304879d74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88fcb00ac9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c358760003211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 31 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda98e98cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a25930c879d74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb80ac9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359768003211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 32 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e88cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304878d74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ad9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760002211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 33 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18eb8cc8139cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a25930487bd74e14fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ae9a462cdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760001211319acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 63 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8939cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e94fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a46acdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211399acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 64 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139dbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fcf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdde6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319add9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 71 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8131cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e147df520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462c5ce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c3597600032113192cd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 77 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139c9dfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdd520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdcc6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acf9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 80 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfc2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf521588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6252b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d3d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 96 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd2270d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520588c3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b1a4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d8fb260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 97 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd2273d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520588f3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b194951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d8f8260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 103 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd22f1d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520580d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b9b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d87a260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 120 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd2271d8bae1 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520588d3888f1 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b1b4951e5 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d8fa260845 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 121 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd2271d8bae2 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520588d3888f2 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b1b4951e6 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d8fa260846 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 126 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd2271d8baa0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520588d3888b0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b1b4951a4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d8fa260804 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 127 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8139cbdfd2271d8ba60 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e14fdf520588d388870 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a462cdce6242b1b495164 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211319acd9d2d8fa2608c4 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 0 and 64 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e94dda18e98cc8139dbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a359304879d74e14fcf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e98ecb00ac9a462cdde6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c259760003211319add9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 31 and 63 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda98e98cc8939cbdfd2271d8bae0 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a25930c879d74e94fdf520588d3888f0 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb80ac9a46acdce6242b1b4951e4 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359768003211399acd9d2d8fa260844 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 63 and 127 in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e84dda18e98cc8939cbdfd2271d8ba60 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a259304879d74e94fdf520588d388870 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e88ecb00ac9a46acdce6242b1b495164 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c359760003211399acd9d2d8fa2608c4 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = all bits of tag flipped + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 17b225e7167337ec634202dd8e27451f +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 5da6cfb78628b1eb020adfa772c7770f +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 177134ff5365b9d32319dbd4e4b6ae1b +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 3ca689fffcdeece653262d2705d9f7bb +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = Tag changed to all zero + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = tag changed to all 1 + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = msbs changed in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 68cd5a98690c48931c3d7da2f1583a60 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 22d9b0c8f957ce947d75a0d80db80870 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 680e4b802c1ac6ac5c66a4ab9bc9d164 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = 43d9f68083a193992c5952587aa688c4 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = lsbs changed in tag + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e94cdb19e88dc9129dbcfc2370d9bbe1 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = a358314978d64f15fcf421598c3989f1 +Plaintext = 3031323334353637 +Ciphertext = 7ab3dd3c6c31a386 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = e98fca01ad9b472ddde7252a1a4850e5 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 738b595aebf6ee3e7be424bfb51bfdee +Result = TAG_VALUE_MISMATCH + +Cipher = aes-192-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f +AAD = +Tag = c258770102201218add8d3d9fb270945 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = 8b0b5df8332150ff0877d85471d540c4cff1e183 +Result = TAG_VALUE_MISMATCH + +Title = empty message + +Cipher = aes-256-siv +Key = bc7635c1fd566aa8357fd103714bfaee1c9e5b3c578b3980401a981030254a54b1756a8c96e600b7252fd0aab12f39d115d256b3f3e7c2c41a7fece72ba7c3c4 +AAD = +Tag = 44b1c6fe8a8c07dee5377b161f283c31 +Plaintext = +Ciphertext = + +Cipher = aes-256-siv +Key = aff6388fdd2908e0c3b610e3dcd410c8146a268d6befd5c45ffdd23508b5b311cc3a9d8f838f456436b289018682151dd57d8d65d1a823c06eca8ab8ee01da01 +AAD = d0bb2949a411e22d32964526 +Tag = e288d802a0e56ed7544a2e5775459389 +Plaintext = +Ciphertext = + +Cipher = aes-256-siv +Key = 484261ebf7e1fb66e0bcafe8f4ccf9c5accc908fdb23eb7c5254d614072f26e106b34501d13c1dad1f14648c6a142132dd7f2f1268dd6b70fbcde2fe98f03245 +AAD = 1d5ce9288627a12f8f5d809167a3b2 +Tag = f8083e55307932d971bfc2a8913c1951 +Plaintext = +Ciphertext = + +Cipher = aes-256-siv +Key = 0b6aaf05f9b5221e539940cd83cb29d2bcc7a0aa472d8fc67bedd0108869394e33c9f233d4b2cc9c6a59e8ce9cd268a0f3f2857e08fe1eb329ef347dace1557d +AAD = 76aade95964f074c693886f245fa57f9 +Tag = f1ad6ea998a2a438acaf90bad0cb9f9f +Plaintext = +Ciphertext = + +Cipher = aes-256-siv +Key = d47ab6d51f99f4249da56c93d1f09e856231f3fed777b303111ad31079270839e4bc4b5d8623162d4738d70803934a75f457fdbf4a277b828cb6e2753e88702a +AAD = 41257da6108bedbb150d4e290b6b9a76d11092c6 +Tag = a8d27944a84317098eed170631f4c867 +Plaintext = +Ciphertext = + +Cipher = aes-256-siv +Key = eef6bcf16ef7ae17326a33f22d1406ec1bd3f866505f4b2e4fe8b45bd62ccbd85032a9899facf2db0c93a2345cb8892afb74db549781211dd8881a8c8e25c171 +AAD = e941d15fadebaf4671e0e3d6d835f87bfb1cc7028f149930daa69c3de446c423 +Tag = b754ecb55c1e124de0c8a973d033bd7f +Plaintext = +Ciphertext = + +Title = message size divisible by block size + +Cipher = aes-256-siv +Key = c25cafc6018b98dfbb79a40ec89c575a4f88c4116489bba27707479800c0130235334a45dbe8d8dae3da8dcb45bbe5dce031b0f68ded544fda7eca30d6749442 +AAD = deeb0ccf3aef47a296ed1ca8f4ae5907 +Tag = 5865208eab9163db85cab9f96d846234 +Plaintext = beec61030fa3d670337196beade6aeaa +Ciphertext = a2626aae22f5c17c9aad4b501f4416e4 + +Cipher = aes-256-siv +Key = 27faf97fb303aa4f2f364edd23997f4c77b8e51ebb8293c59dfb1d24f0fb629f6c820fc2d91bf48f0035eeec347e37ec4fb0cb36102bcdc5a248c47a2f97eab9 +AAD = cc94f64e14df90265f7f12a8a0386d0a +Tag = d0016d675b49f11ea873707412d45709 +Plaintext = 6b1db0f5a43376885002dc98bd556f1dac9b66b66213a9fa6069df995a123384 +Ciphertext = b7703a028a0cfc312cf61cbe22b91e3cf20b7d4c9308ee15f18b4eba00889284 + +Cipher = aes-256-siv +Key = 97bfd0f3e9bb8167bbb55f4cdc14529d8307c0ec2c3fe8bc88522d05c1261ba460c9cb4116f630edd74d413ec417324c6e29b566fb2dd3df18e07b53b1f9f83b +AAD = 1cda342c166ea208df5c56bcf995a59b +Tag = d55c5d0af0260dc1123adb5d7869201f +Plaintext = 48ef10ccb1978b53ae73167abe1cc538fa80da3f5df93e3d5c4e9a9ad1f213504f22a694b98a35ad67620af9d8a29fc7 +Ciphertext = 8ccee46deb66dd695c593cde1d7645c72796e42a1733b6705753631b9b626991ddbd28473ce75cfdc4c14d20e66f212d + +Title = small plaintext size + +Cipher = aes-256-siv +Key = e2c5662bb18fbb411d0304e4241db073fe60a4704fee290073513038a22b4cd542580b2b4edbc37e3de01c0cb61abcad46986cdc491ce9e5ae5af223ff58b953 +AAD = fab912dec29a34aabfaef176 +Tag = 1c6969ecb15741a9959b7a8492250e39 +Plaintext = 0d +Ciphertext = 1a + +Cipher = aes-256-siv +Key = 3ab062dbdd38b951a9fb0d8bb185959a93dab3496b850a3062b93003036c8bd2aabbf37d5d3f6a399d4cedefb70c1b8a7b45639fe118c10e39f36fa58618a84d +AAD = e8605f13db8c482d48bdba2d +Tag = fddea9ac778b978a968033ce52ec6116 +Plaintext = 5c6f +Ciphertext = 2588 + +Cipher = aes-256-siv +Key = 9e575cd8991b32f06fbaf55ad79eb74822349e07fa77c409848c86820011569f26dcb49afaea19a52a96b27e67f780ac7a00da9a3054d1678d60417cf34996b1 +AAD = 7f89a3f648c1c7c23edbd5ca +Tag = 3834fbedc3502227e3c91a861f2e3195 +Plaintext = 35ac33 +Ciphertext = fbb344 + +Cipher = aes-256-siv +Key = 6d43cfc930a1e0051f607d0c4a76ad5bec77d9f98bbd9ae5e56a1d65fcf1bf68c7780f727bfe690497bae478afbc4ebf7a89943ee146f72d352940794ff202f4 +AAD = c2b75c998f4cac28b4b69dfb +Tag = 0d1e1981da44a7d9eda60e48e7ae4f85 +Plaintext = 1d25f833 +Ciphertext = 05d8ba98 + +Cipher = aes-256-siv +Key = 673cea582bf3982ce3fba5304de8fe46e316d6804749d6db58b7ab7d64bd4e0af641997975234f8b918cca3247d67cfeac9230d15ed28f8071a85e84fa9ef211 +AAD = f5042d5a5b68b262274974a8 +Tag = 655ef7f09f4cff47b427e9df7fcc6426 +Plaintext = 9e99912c7b +Ciphertext = 64715ad14c + +Cipher = aes-256-siv +Key = 8f13f2bf02d72360d9958eb8aa90634ae48331e7dfdbf16fc51c7238ae9f9d50d4495d196676ef5259b64a616305ffaae517c587d4e7afba40e4a2c5b0989182 +AAD = 755f50cfdfc849654ad98cc7 +Tag = adee2a373a7f6bbaf4f00e5f3f93435a +Plaintext = ac598720b96e +Ciphertext = 09091b5221ae + +Cipher = aes-256-siv +Key = 67b3ab00075a0e3d07f3fe73fabea5d0373206a0aafa9397981924ddaf2cb283c66af61166815dffbe8fafa688b793fd259fad4a1f75a259342e58814448a4b4 +AAD = f8799bc732cbf6a39ae2268e +Tag = ff6173a70dee05ddbde75a960f84523e +Plaintext = 8f6b2b21a6dc73 +Ciphertext = 01b30adcac5275 + +Cipher = aes-256-siv +Key = a661c6a90fd40d8a734873d66afd4477c5041cdc2b31a3cd0ac3604cac4f74411219e544615b56e17f5774b5085129f6dd69893bb7216b539cf42b79f0068278 +AAD = 7a5dbdbf803b2593d3e17097 +Tag = 2f8b7583773ae03ba7b3952453c81431 +Plaintext = deb2c7c6204496e5 +Ciphertext = 780bfcc9d7df9a43 + +Cipher = aes-256-siv +Key = a40b1cc110e1aa28ab86f714abd6d313016989a1c8cfcb62063e2c396ca12a246de3b9bd82994e5f1cb1323f78a9a0ed02fe841976a659423603d91ccf71d58e +AAD = e482e942ce26d244d4962acf +Tag = 8185d14ee87cc891bb9bcf3fafde4ed2 +Plaintext = 122d1ba394afad1fe3 +Ciphertext = 46599626211fe04d23 + +Cipher = aes-256-siv +Key = 8af0e57998dd68b0f45b58e708405d0ad8269397249295fd336096e065db2bb1e4110d5507c04d73c150f6e7d87ced029ab38661f201ec77874e43953373b38a +AAD = 89f95250fb66b2cda70b8854 +Tag = c4deca5c53bcfa6208b3374742124185 +Plaintext = 9cab7bde926307386505 +Ciphertext = 41e44d0fbf2de7b48c6f + +Cipher = aes-256-siv +Key = 6e063240d83d4a90e44e56e631fefe9f6c7c7d56518eff3a902ddd5ca9b837a2044b3727571d1ca56a68abfd997da945e4d14f71dc86b0149a19a93d1e5fec85 +AAD = 5c3661f4047454bac445f1ac +Tag = 67673064fc540ae128232ba87ba2e9bb +Plaintext = 08eb0a196e8f3cb6428b0a +Ciphertext = e7d3569dd419bcc52796ec + +Cipher = aes-256-siv +Key = 9593f0d6679e8e18b43cb4d26a7ea9da9d6037fd5a82db0b091a682b6547a77298e4fd1d1481f3603d0b1e7e6dcf27200105af0f844f2aaacd98540ab2b6c8a8 +AAD = 7b3f9591076e32a21766e2bb +Tag = 56e6fd5a7f449a8e6bafa38f945c70cf +Plaintext = 0628d19cc94c4b4f3d703e1f +Ciphertext = 8a534179b3b1f26266fb6b56 + +Cipher = aes-256-siv +Key = 77f7dd662a8f0aaf7f19c6614584e4acf5c774d19e10d2070eaa977e9c6ba21ba82f0bc84939cf70283dcac9c645b7423ca0cc94bac827ea378f1ca0c9da0eee +AAD = a3c4e387bfc005402acd20bb +Tag = 4e7b642dcc3cbd935d4cda8193982ef7 +Plaintext = a171376f2a66dbdf17f32961e8 +Ciphertext = 240fa47f951ec8b3fd37204a73 + +Cipher = aes-256-siv +Key = 8916d0342001561922e674b0cc51c05a935e5dc45a6d6284f34a4c5c79e92062dc3091217584607e9cf9056aa495ca4cd53fd3d4c6a94c4b384007e62174506b +AAD = 890dcea871da1caff4766d32 +Tag = fbb68324b8c5b3e55ebc1feb4b987615 +Plaintext = 6ad348470891d1babb13f3bf0e8c +Ciphertext = 21f4aac7eb7b6c0fb0505a08457b + +Cipher = aes-256-siv +Key = 2a93a0c37797bee0c344b9ceed1a609813d8c5ee686d260f3aa6fc2f66dc59f400479d1dfe04e89e6df608a3f699ff1cb4e9bf24a78fb2dfddaa0011a2e40208 +AAD = 6ae54f41ac52baf2f89abe8e +Tag = 2d344a54038a857f47e0c77eb0834538 +Plaintext = 3fc3bf53bb485c9edcb1d25adb4ca0 +Ciphertext = aaf01e61a8ac82c0012f9dac6f15ef + +Title = plaintext size > 16 + +Cipher = aes-256-siv +Key = 139383f3f82dc78e0b380027f9e5fcd2ed23716404be5c554452e4dc73d237026594491820c6b8297185cc1fa84f49a5c7d7cd05c5de090ff1c3397bc2740437 +AAD = d39da73ffc03ad0a9213ffc7 +Tag = a9cf73951cb39823777f35c96c845169 +Plaintext = 48604944a80fadf50d55b87727934458c8 +Ciphertext = 476e2ec2317cb6b8dd8b6172fdceabff9d + +Cipher = aes-256-siv +Key = eac96a89b8e0c928a85c91396346efe8287730595064554cd13574f8b340f541c5f0bb55e654e51b05e21ba007942cabab5ee1020922f0dd002196a39d7fda1d +AAD = 29d614f908593f6a5ab03cea +Tag = bce886623d11320d22dfdc1defb04d17 +Plaintext = 0c22e4875dcd23de89a6d32f2082dd40e1848fc2 +Ciphertext = bd001d9370a3d8c83aabe4494d16ca75ce534f7c + +Cipher = aes-256-siv +Key = c0f4bede68c6ed5ad14918e2ddeced692dfd5419c04204d5b96f4ca47078b07028c6fb87b1b490d875f070bbe4d790f65e5df19947f02c9d3a4e493b542d0291 +AAD = b411e4d2facca67ea4a9f2a1 +Tag = d27ae26dfe02e3eedf544e1b452cb0f0 +Plaintext = 2f358d4534559ac99dd71798b7925705d6f013f6b848ffe01cc86cef09d88f +Ciphertext = c9303a4e4819318315ae08839bcce558e4741817ec08dae406bbfc09f59aa9 + +Cipher = aes-256-siv +Key = cd8689f821817f59bfaa755131f2565161c7f4489f89b657ac9fa127a9768535a702d001b9b99cc11c3976467b1b45865ff417dc256ebb5079b7f1b3e08307b5 +AAD = b3edffbb89b373fe04da244b +Tag = 1ac78aae2ede04eb47924d8f9f99fe75 +Plaintext = ebcfb2ffb681cc5dfa0c5c524c1b1cc87cc6b2bfa35dc36d15e80505118b84a072a78a157b4d1837 +Ciphertext = deb61bf693da7f3a2147c05f6d29d17392356fe00f82b24cdbce774fd864561548f33dd3192d806f + +Cipher = aes-256-siv +Key = 72a76714e0171e8213de624f00e273bc900050e69d25c454cc42b61e8b3fbc92d4942e1ae14421e164046c1479a7b9c9f4b50b382cb62dfeaa210b98dec7d937 +AAD = 6a8aaf2c84003e0e6f409658 +Tag = 69f720f36b0da86ec8cc0f46d62835dc +Plaintext = 92d8f4dc7d41e8b180d66e8994022db79249cdc76fd7f3ea12d9925b51925250cd75a15fcfd78ea85c57fe6196f8d7545086f99ea796a0ea69170db9944200435d9d3d551943892400ce787f703c1105 +Ciphertext = b35ac23f5b891152d861c4e0f0018f19d272ee8b12d83300bfd46aeec0124d5d23b3cb849c1cab1fdf64b70947ebf79f5442e209076dfa9a3f36ab0a6d3cf4a75ddfcdc21837743b20885db4c803ac27 + +Title = edge case SIV + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 8dbfee9580e7e2bc66100a674497f4e1 +Ciphertext = 7ef8aa7e4dd49d9cfa09e9cb574fd90d + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = 00000000000000000000000000000000 +Plaintext = bfa1733d07afa03cb3f2eeb81bbde037 +Ciphertext = 4ce637d6ca9cdf1c2feb0d140865cddb + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 72543a9a07a3c18a280060653432c05c +Ciphertext = 3db09cc48f2780859351901d1014ae06 + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 404aa73280eb830afde284ba6b18d48a +Ciphertext = 0fae016c086fc20546b374c24f3ebad0 + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffffffffffff7fffffff +Plaintext = ff4d7cdeb8f3c4e37a05a91ee26e2a84 +Ciphertext = b0a9da80307785ecc1545966c64844de + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffffffffffff7fffffff +Plaintext = cd53e1763fbb8663afe74dc1bd443e52 +Ciphertext = 82b74728b73fc76c14b6bdb999625008 + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffff7fffffffffffffff +Plaintext = 6eb52fc95a5185a3bd2a30d3058414ab +Ciphertext = 21518997d2d5c4ac067bc0ab21a27af1 + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = ffffffffffffffff7fffffffffffffff +Plaintext = 5cabb261dd19c72368c8d40c5aae007d +Ciphertext = 134f143f559d862cd39924747e886e27 + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = fffffffffffffffffffffffffffffffe +Plaintext = 114cc36e58faceb2e6a2344a679ea4c3 +Ciphertext = 2f849650d6e89e2668e990219195719c + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = 000102030405060708090a0b0c0d0e0f +Tag = fffffffffffffffffffffffffffffffe +Plaintext = 23525ec6dfb28c323340d09538b4b015 +Ciphertext = 1d9a0bf851a0dca6bd0b74fecebf654a + +Title = Flipped bit 0 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ef5b8ef53fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 202e4a8f8b4c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 05b4e8166f28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 315d6cf8eeb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 1 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6df5b8ef53fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 232e4a8f8b4c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 06b4e8166f28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 325d6cf8eeb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 7 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = eff5b8ef53fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = a12e4a8f8b4c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 84b4e8166f28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = b05d6cf8eeb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 8 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff4b8ef53fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212f4a8f8b4c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b5e8166f28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305c6cf8eeb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 31 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b86f53fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a0f8b4c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8966f28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6c78eeb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 32 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef52fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8a4c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166e28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8efb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 33 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef51fc365606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f894c66788f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166d28082987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8ecb36a37849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 63 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc36d606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66f88f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f2808a987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36ab7849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 64 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365607cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788e3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082986a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37859710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 71 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365686cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66780f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082907a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37049710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 77 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606ed3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f1af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987832cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a3784b710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 80 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3fa047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af330fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32ddaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849711e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 96 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea046374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af230fa1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cdaf43deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e7d0f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 97 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea045374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af230f91c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cdaf73deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e7d3f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 103 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea0c7374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af2307b1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cda753deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e751f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 120 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea047374884 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af230fb1c3adb +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cdaf53deb60 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e7d1f72941 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 121 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea047374887 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af230fb1c3ad8 +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cdaf53deb63 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e7d1f72942 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 126 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea0473748c5 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af230fb1c3a9a +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cdaf53deb21 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e7d1f72900 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bit 127 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc365606cd3ea047374805 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66788f3af230fb1c3a5a +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f28082987a32cdaf53debe1 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36a37849710e7d1f729c0 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 0 and 64 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ef5b8ef53fc365607cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 202e4a8f8b4c66788e3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 05b4e8166f28082986a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 315d6cf8eeb36a37859710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 31 and 63 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b86f53fc36d606cd3ea047374885 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a0f8b4c66f88f3af230fb1c3ada +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8966f2808a987a32cdaf53deb61 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6c78eeb36ab7849710e7d1f72940 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Flipped bits 63 and 127 in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ff5b8ef53fc36d606cd3ea047374805 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 212e4a8f8b4c66f88f3af230fb1c3a5a +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 04b4e8166f2808a987a32cdaf53debe1 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 305d6cf8eeb36ab7849710e7d1f729c0 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = all bits of tag flipped + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 900a4710ac03c9a9f932c15fb8c8b77a +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ded1b57074b3998770c50dcf04e3c525 +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = fb4b17e990d7f7d6785cd3250ac2149e +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = cfa29307114c95c87b68ef182e08d6bf +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = Tag changed to all zero + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 00000000000000000000000000000000 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = tag changed to all 1 + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ffffffffffffffffffffffffffffffff +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = msbs changed in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = ef75386fd37cb6d6864dbe20c7b7c805 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = a1aeca0f0bcce6f80fba72b07b9cba5a +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 84346896efa888a90723ac5a75bd6be1 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = b0ddec786e33eab7041790675177a9c0 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH + +Title = lsbs changed in tag + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 6ef4b9ee52fd375707cc3fa146364984 +Plaintext = +Ciphertext = +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 202f4b8e8a4d67798e3bf331fa1d3bdb +Plaintext = 3031323334353637 +Ciphertext = 5ead70c7f066d4df +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 05b5e9176e29092886a22ddbf43cea60 +Plaintext = 303132333435363738393a3b3c3d3e3f +Ciphertext = 211dffad7562c4b924bb79fed73d9ce2 +Result = TAG_VALUE_MISMATCH + +Cipher = aes-256-siv +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f +AAD = +Tag = 315c6df9efb26b36859611e6d0f62841 +Plaintext = 303132333435363738393a3b3c3d3e3f40414243 +Ciphertext = adfd10a7615d6515b999dbfc5a10f3ae9df5f19a +Result = TAG_VALUE_MISMATCH diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt index aa238df2d90a..1947e21f748d 100644 --- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt +++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ Title = DES3 Tests # DES EDE3 CBC tests (from destest) +FIPSversion = <3.4.0 Cipher = DES-EDE3-CBC Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 IV = fedcba9876543210 @@ -24,6 +25,7 @@ NextIV = 1c673812cfde9675 # DES EDE3 ECB test # FIPS(3.0.0): has a bug in the IV length #17591 FIPSversion = >3.0.0 +FIPSversion = <3.4.0 Cipher = DES-EDE3-ECB Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 @@ -35,3 +37,49 @@ Cipher = DES-EDE-ECB Key = 0123456789abcdeffedcba9876543210 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d + +# DES EDE3 CBC tests (from destest) + +# Test that DES3 CBC mode encryption fails because it is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +Cipher = DES-EDE3-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +Result = CIPHERINIT_ERROR + +# Test that DES3 EBC mode encryption fails because it is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +Cipher = DES-EDE3-ECB +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1 +Result = CIPHERINIT_ERROR + +Title = DES3 FIPS Indicator Tests + +# Test that DES3 CBC mode encryption is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +Cipher = DES-EDE3-CBC +Unapproved = 1 +CtrlInit = encrypt-check:0 +Operation = ENCRYPT +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + +# Test that DES3 ECB mode encryption is not FIPS approved +Availablein = fipss +FIPSversion = >=3.4.0 +Cipher = DES-EDE3-ECB +Operation = ENCRYPT +Unapproved = 1 +CtrlInit = encrypt-check:0 +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1 diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt index ec8a45bd3f84..993cf7b51e55 100644 --- a/test/recipes/30-test_evp_data/evpciph_sm4.txt +++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,18 @@ IV = 0123456789ABCDEFFEDCBA9876543210 Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B +Cipher = SM4-CBC +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3BFFF5A4F208092C0901BA02D5772977369915E3FA2356C9F4EB6460ECC457E7f8E3CFA3DEEBFE9883E3A48BCF7C4A11AA3EC9E0D317C5D319BE72A5CDDDEC640C + +Cipher = SM4-CBC +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 2677f46b09c122cc975533105bd4a22af6125f7275ce552c3a2bbcf533de8a3bfff5a4f208092c0901ba02d5772977369915e3fa2356c9f4eb6460ecc457e7f8e3cfa3deebfe9883e3a48bcf7c4a11aa3ec9e0d317c5d319be72a5cdddec640c6fc70bfa3ddaafffdd7c09b2774dcb2cec29f0c6f0b6773e985b3e395e924238505a8f120d9ca84de5c3cf7e45f097b14b3a46c5b1068669982a5c1f5f61be291b984f331d44ffb2758f771672448fc957fa1416c446427a41e25d5524a2418b9d96b2f17582f0f1aa9c204c6807f54f7b6833c5f00856659ddabc245936868c + Cipher = SM4-OFB Key = 0123456789ABCDEFFEDCBA9876543210 IV = 0123456789ABCDEFFEDCBA9876543210 @@ -36,3 +48,53 @@ Key = 0123456789ABCDEFFEDCBA9876543210 IV = 0123456789ABCDEFFEDCBA9876543210 Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D + +Title = SM4 GCM test vectors from RFC8998 + +Cipher = SM4-GCM +Key = 0123456789abcdeffedcba9876543210 +IV = 00001234567800000000abcd +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 83de3541e4c2b58177e065a9bf7b62ec +Plaintext = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaaaaaaaaa +Ciphertext = 17f399f08c67d5ee19d0dc9969c4bb7d5fd46fd3756489069157b282bb200735d82710ca5c22f0ccfa7cbf93d496ac15a56834cbcf98c397b4024a2691233b8d + +Title = SM4 CCM test vectors from RFC8998 + +Cipher = SM4-CCM +Key = 0123456789abcdeffedcba9876543210 +IV = 00001234567800000000abcd +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 16842d4fa186f56ab33256971fa110f4 +Plaintext = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaaaaaaaaa +Ciphertext = 48af93501fa62adbcd414cce6034d895dda1bf8f132f042098661572e7483094fd12e518ce062c98acee28d95df4416bed31a2f04476c18bb40c84a74b97dc5b + +Title = SM4 XTS test vectors from GB/T 17964-2021 + +Cipher = SM4-XTS +Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F +IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF +Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 +Ciphertext = E9538251C71D7B80BBE4483FEF497BD12C5C581BD6242FC51E08964FB4F60FDB0BA42F63499279213D318D2C11F6886E903BE7F93A1B3479 + +Cipher = SM4-XTS +Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F +IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF +Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 +Ciphertext = E9538251C71D7B80BBE4483FEF497BD12C5C581BD6242FC51E08964FB4F60FDB0BA42F63499279213D318D2C11F6886E903BE7F93A1B3479 +XTSStandard = GB + +Title = SM4 XTS test vectors, while the XTS mode is standardized in IEEE Std 1619-2007 + +Cipher = SM4-XTS +Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F +IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF +Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 +Ciphertext = E9538251C71D7B80BBE4483FEF497BD1B3DB1A3E60408C575D63FF7DB39F83260869F9E2585FEC9F0B863BF8FD784B8627D16C0DB6D2CFC7 +XTSStandard = IEEE + +Cipher = SM4-XTS +Key = FFFEFDFCFBFAF9F8F7F6F5F4F3F2F1F0BFBEBDBCBBBAB9B8B7B6B5B4B3B2B1B0 +IV = 9A785634120000000000000000000000 +Plaintext = 000102030405060708090A0B0C0D0E0F10 +Ciphertext = 9E52443A35410CA0BA5637B94C0766F469 diff --git a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt index 60f92c4db4fb..c617f2cc4409 100644 --- a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,7 @@ Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb Ctrl.info = info: Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 +Availablein = default KDF = HKDF Ctrl.digest = digest:SHA1 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b @@ -84,6 +85,7 @@ Ctrl.salt = hexsalt:000102030405060708090a0b0c Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 +Availablein = default KDF = HKDF Ctrl.mode = mode:EXTRACT_ONLY Ctrl.digest = digest:SHA1 @@ -213,3 +215,47 @@ Ctrl.info = hexinfo:c1c2c3 Ctrl.info = hexinfo:c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9 Ctrl.info = hexinfo:dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 + +Availablein = default +KDF = HKDF +Ctrl.digest = digest:BLAKE2S-256 +Ctrl.IKM = hexkey:1a2d +Ctrl.salt = hexsalt:000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.info = info: +Output = 62f99231760bedd72319cc6cad + +# Test that the operation with XOF digest function is rejected +FIPSversion = >=3.4.0 +KDF = HKDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Title = FIPS indicator tests + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = HKDF +Ctrl.digest = digest:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Result = KDF_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = HKDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 diff --git a/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt b/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt index 3f5972407217..b64091114b83 100644 --- a/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt +++ b/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ Title = PBKDF2 tests +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -21,6 +22,7 @@ Ctrl.iter = iter:1 Ctrl.digest = digest:sha1 Output = 0c60c80f961f0e71f3a9b524af6012062fe037a6 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -29,6 +31,7 @@ Ctrl.iter = iter:1 Ctrl.digest = digest:sha256 Output = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -37,6 +40,7 @@ Ctrl.iter = iter:1 Ctrl.digest = digest:sha512 Output = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -45,6 +49,7 @@ Ctrl.iter = iter:2 Ctrl.digest = digest:sha1 Output = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -53,6 +58,7 @@ Ctrl.iter = iter:2 Ctrl.digest = digest:sha256 Output = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -61,6 +67,7 @@ Ctrl.iter = iter:2 Ctrl.digest = digest:sha512 Output = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -69,6 +76,7 @@ Ctrl.iter = iter:4096 Ctrl.digest = digest:sha1 Output = 4b007901b765489abead49d926f721d065a429c1 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -77,6 +85,7 @@ Ctrl.iter = iter:4096 Ctrl.digest = digest:sha256 Output = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass:password @@ -106,6 +115,7 @@ Ctrl.iter = iter:4096 Ctrl.digest = digest:sha512 Output = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.hexpass = hexpass:7061737300776f7264 @@ -114,6 +124,7 @@ Ctrl.iter = iter:4096 Ctrl.digest = digest:sha1 Output = 56fa6aa75548099dcc37d7f03425e0c3 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.hexpass = hexpass:7061737300776f7264 @@ -122,6 +133,7 @@ Ctrl.iter = iter:4096 Ctrl.digest = digest:sha256 Output = 89b69d0516f829893c696226650a8687 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.hexpass = hexpass:7061737300776f7264 @@ -130,8 +142,45 @@ Ctrl.iter = iter:4096 Ctrl.digest = digest:sha512 Output = 9d9e9c4cd21fe4be24d5b8244c759665 +Availablein = default +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha3-224 +Output = 691292bc3683d7d41ea2910f5b3eed23 + +Availablein = default +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha3-256 +Output = 778b6e237a0f49621549ff70d218d208 + +Availablein = default +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha3-384 +Output = 9a5f1e45e8b83f1b259ba72d11c59087 + +Availablein = default +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha3-512 +Output = 2bfaf2d5ceb6d10f5e262cd902488cfd + Title = PBKDF2 tests for empty inputs +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass: @@ -140,6 +189,7 @@ Ctrl.iter = iter:1 Ctrl.digest = digest:sha1 Output = a33dddc30478185515311f8752895d36ea4363a2 +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass: @@ -148,6 +198,7 @@ Ctrl.iter = iter:1 Ctrl.digest = digest:sha256 Output = f135c27993baf98773c5cdb40a5706ce6a345cde +Availablein = default KDF = PBKDF2 Ctrl.pkcs5 = pkcs5:1 Ctrl.pass = pass: @@ -155,3 +206,72 @@ Ctrl.salt = salt:salt Ctrl.iter = iter:1 Ctrl.digest = digest:sha512 Output = 00ef42cdbfc98d29db20976608e455567fdddf14 + +Availablein = fips +FIPSversion = <3.4.0 +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:1 +Ctrl.digest = digest:shake-128 +Result = KDF_DERIVE_ERROR + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:1 +Ctrl.digest = digest:shake-128 +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Title = FIPS indicator tests + +# Test that operations with unapproved parameters are rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = PBKDF2 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha1 +Result = KDF_CTRL_ERROR +Reason = invalid salt length + +# Test that operations with unapproved parameters are reported as unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = PBKDF2 +Unapproved = 1 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:salt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha1 +Output = 4b007901b765489abead49d926f721d065a429c1 + +# Test that the operation with approved parameters and unapproved pkcs5 value is +# reposted as approved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = PBKDF2 +Ctrl.pkcs5 = pkcs5:1 +Ctrl.pass = pass:password +Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt +Ctrl.iter = iter:4096 +Ctrl.digest = digest:sha1 +Output = 043c508e57c6427036fd2c6cd2a02ec7530a412c + +Title = Test that a too low iteration count raises an error + +Availablein = fips +KDF = PBKDF2 +Ctrl.pass = pass:password +Ctrl.salt = salt:saltydaysarethebest +Ctrl.iter = iter:10 +Ctrl.digest = digest:sha1 +Result = KDF_CTRL_ERROR +Reason = invalid iteration count diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt index 6de5c2d99969..07691ccf579f 100644 --- a/test/recipes/30-test_evp_data/evpkdf_ss.txt +++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -280,36 +280,42 @@ Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d480d9192 +Availablein = default KDF = SSKDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:d7e6 Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff Output = 31e798e9931b612a3ad1b9b1008faa8c +Availablein = default KDF = SSKDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:4646779d Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff Output = 139f68bcca879b490e268e569087d04d +Availablein = default KDF = SSKDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:d9811c81d4c6 Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff Output = 914dc4f09cb633a76e6c389e04c64485 +Availablein = default KDF = SSKDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:8838f9d99ec46f09 Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff Output = 4f07dfb6f7a5bf348689e08b2e29c948 +Availablein = default KDF = SSKDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:3e0939b33f34e779f30e Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff Output = b42c7a98c23be19d1187ff960e87557f +Availablein = default KDF = SSKDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:f36230cacca4d245d303058c @@ -781,6 +787,7 @@ Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7fe193c9546d45849133d +Availablein = default KDF = SSKDF Ctrl.mac = mac:HMAC Ctrl.digest = digest:SHA256 @@ -789,6 +796,7 @@ Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc Output = 3f661ec46fcc1e110b88f33ee7dbc308 +Availablein = default KDF = SSKDF Ctrl.mac = mac:HMAC Ctrl.digest = digest:SHA256 @@ -797,6 +805,7 @@ Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc Output = 73ccb357554ca44967d507518262e38d +Availablein = default KDF = SSKDF Ctrl.mac = mac:HMAC Ctrl.digest = digest:SHA256 @@ -805,6 +814,7 @@ Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc Output = c4f1cf190980b6777bb35107654b25f9 +Availablein = default KDF = SSKDF Ctrl.mac = mac:HMAC Ctrl.digest = digest:SHA256 @@ -813,6 +823,7 @@ Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc Output = ddb2d7475d00cc65bff6904b4f0b54ba +Availablein = default KDF = SSKDF Ctrl.mac = mac:HMAC Ctrl.digest = digest:SHA256 @@ -821,6 +832,7 @@ Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc Output = 1100a6049ae9d8be01ab3829754cecc2 +Availablein = default KDF = SSKDF Ctrl.mac = mac:HMAC Ctrl.digest = digest:SHA256 @@ -1119,3 +1131,135 @@ Ctrl.digest = digest:SHA512 Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Ctrl.hexinfo = hexinfo:307e300a06082b06010502030603a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db + +# Test concat of multiple info (Uses existing test data, and just splits the info into separate fields) +FIPSversion = >=3.2.0 +KDF = SSKDF +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexinfo = hexinfo:307e300a06082b06010502030603a01f041d301ba0071b0553552e53 +Ctrl.hexinfo = hexinfo:45a110300ea003020101a10730051b036c6861a12904273025a0071b +Ctrl.hexinfo = hexinfo:0553552e5345a11a3018a003020101a111300f1b066b72627467741b +Ctrl.hexinfo = hexinfo:0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaa +Ctrl.hexinfo = hexinfo:aaaaaaa20b0409bbbbbbbbbbbbbbbbbb +Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db + +# Test that the operation with XOF digest function is rejected +FIPSversion = >=3.4.0 +KDF = SSKDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744 +Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0 +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Title = ACVP Server Tests +# Test vectors extracted from https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/KDA-OneStep-Sp800-56Cr* +# The info field is composed of multiple fields concatenated together which includes l = 1024 bits (00000400) + +KDF = SSKDF +Ctrl.digest = digest:SHA2-224 +Ctrl.hexsecret = hexsecret:B88A5DBAB00483107C1839742A0E0EEE128EE83F715AE23E15C7CED18133754B095917F99C2EE421FE9EEE3B3E0F8D74F791B6EA930E2CD083F9E9952581AE6B537784B7820680C9797C4E9E2B6638FE5CF452309FC9C28D109AFF1CF75E9D4D3C1AA276 +Ctrl.hexinfo = hexinfo:0EEA684AC156B3569C3C6B8316E0F3C339BE2C9458FFFAC5A5261082744805D24E12FC795D54D8109EE1101F313F56F5BF1AD8B58E103FC30269CAFBF1B830BBBBFF898DCF9DD81BCA9F01CE8D3B99848DF2FF1EA0AFDBD89FCB17366FA3AFA0B09E5BCAC4E3E8BF39796469E8DE8F1A9F3A9FA158E05A16CA4D70B75D12952F09EAAD1C421511F18FCA3830B9910047EEE4F3DB00000400 +Output = 4F0F153EF1DC7F9B832A9403FD68BCEB4F32B608003EA429FF28D46235166C2D4E28DF8776DCDB34A984AA643A8D8E112CAD6674705B0D7B24CB15039F210DCEE13A8EDD52135B253CB56C3EA5B314651C1C40EDAFEBF7ED017CC8A24E232811ADD28592D26A07CC331807618316E6D21B860BC35F418F67AC17534F45FE8A3B + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA224 +Ctrl.salt = hexsalt:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96CB056DEBAEB6E5E706F99435257C6A068E78C1369C5AD7FC42D3FCCA2EC9EAA +Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400 +Output = 428979EA52175DC833C04215AC6B4BA89BA4FCAA0E0FA3B4E2C0E264C5746F0A5C788F2907A2C2B90719E396B35A14C4B583C51B9911125D34100FADDC4D94C0D936263CC1EF0B0D526E3891FE1F67BCB94DEA2525B84A8E7949A4CA34F36AEEC55099BF0EC5DE24B86428F4E6E6E23FE9AA443E2BDCF25A77ECD22BF758D554 + +KDF = SSKDF +Ctrl.mac = mac:KMAC-128 +Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390ADBA9DFB291EE8C1920CB13452FDF851E0A6DBBB862FD8811F8CB29CDEC13591D8C047065FCD2 +Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400 +Output = 4460D885F11A2E173F65FD89A5CE6668075C2592A2D9C356B977EF39C09D3A00DFFCB56687F053397ADD00D873C2E8A89A3A43C6D7A6AFC8A6AD08E2700B899DD4808771FC36E4E46075009F13D39237F3E815A4B8A3DC439727AA814082077E4544D2B65805EC122973B48097861591DF0F9A8048BCF945702EA7578D2B481C + +Title = Secret length < 112 bits is not allowed in FIPS + +Title = FIPS indicator tests + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:d7e6 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Result = KDF_CTRL_ERROR +Reason = invalid key length + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA224 +Ctrl.salt = hexsalt:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96C +Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400 +Result = KDF_CTRL_ERROR +Reason = invalid key length + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSKDF +Ctrl.mac = mac:KMAC-128 +Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390A +Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400 +Result = KDF_CTRL_ERROR +Reason = invalid key length + +Title = Secret length < 112 is not approved in FIPS + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSKDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:d7e6 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 31e798e9931b612a3ad1b9b1008faa8c + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSKDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA224 +Ctrl.salt = hexsalt:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96C +Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400 +Output = 55ce7dc6234c66ffbdc3cbcf79bf6bfb2d4773ed37caf936d878fa1581f8b872 + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSKDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.mac = mac:KMAC-128 +Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390A +Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400 +Output = b160ca853957becf10f4edd06b24cff412b6ca85cff76490afb53ce2f81081ef + +Title = Test Small salt is allowed + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:6ee6c00d70a6cd14bd5a4e8fcfec8386 +Ctrl.hexsalt = hexsalt:00 +Ctrl.hexinfo = hexinfo:861aa2886798231259bd0314 +Output = 02cfca07797566285b38982b86762abd + +KDF = SSKDF +Ctrl.mac = mac:KMAC-128 +Ctrl.hexsalt = hexsalt:00000000 +Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390ADBA9DFB291EE8C1920CB13452FDF851E0A6DBBB862FD8811F8CB29CDEC13591D8C047065FCD2 +Ctrl.hexinfo = hexinfo:A2641090E75D5BDC0B23CCD49BB02DC63B41D3F38E0947D491DFDDC734A8582DF5C961EFE586378317AB7E5821DE3146EA26C823EE4FA48C22D7142E5BDEF50DE8BD9940E6E5AC58A6441DFCD9D5C8F6199D05BEBE1394C706F2354AC902EB5C4533EB00000400 +Output = 41782b11ba2e19c98d1dea6f859e30defcf5380cbc586fd7b8f9ffe8ddedf9da diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt index d870df7037aa..6688c217aa52 100644 --- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt +++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -4848,6 +4848,7 @@ Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 Output = FF Result = KDF_DERIVE_ERROR +Availablein = default KDF = SSHKDF Ctrl.digest = digest:SHA1 Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 @@ -4865,3 +4866,78 @@ Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 Ctrl.type = type:A Output = FF Result = KDF_MISMATCH + +# Test that unsupported XOF is rejected +FIPSversion = >=3.4.0 +KDF = SSHKDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Availablein = fips +FIPSversion = <3.4.0 +KDF = SSHKDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Result = KDF_MISMATCH + +Title = FIPS indicator tests + +# Test that the operation with unapproved digest function is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSHKDF +Ctrl.digest = digest:SHA512-256 +Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Result = KDF_CTRL_ERROR +Reason = digest not allowed + +# Test that the operation with unapproved digest function is is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSHKDF +Unapproved = 1 +Ctrl.digest-check = digest-check:0 +Ctrl.digest = digest:SHA512-256 +Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2 + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSHKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexkey = hexkey:0102030405060708090a0b +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Result = KDF_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = SSHKDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA1 +Ctrl.hexkey = hexkey:0102030405060708090a0b +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Output = 825b46b410c8b6ea diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt index 3ff4b536e44a..50944328cb34 100644 --- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ Title = TLS12 PRF tests (from NIST test vectors) +FIPSversion = <=3.1.0 KDF = TLS1-PRF Ctrl.digest = digest:SHA256 Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc @@ -21,6 +22,7 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf +FIPSversion = <=3.1.0 KDF = TLS1-PRF Ctrl.digest = digest:SHA256 Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf @@ -30,6 +32,7 @@ Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e94 Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 # As above but use long name for KDF +FIPSversion = <=3.1.0 KDF = tls1-prf Ctrl.digest = digest:SHA256 Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf @@ -39,8 +42,98 @@ Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e94 Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 # Missing digest. +Availablein = default KDF = TLS1-PRF Ctrl.Secret = hexsecret:01 Ctrl.Seed = hexseed:02 Output = 03 Result = KDF_DERIVE_ERROR + +# Test that "master secret" is not not used in FIPS mode +FIPSversion = >=3.4.0 +KDF = TLS1-PRF +Ctrl.digest = digest:SHA256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_DERIVE_ERROR +Reason = invalid key length + +# FIPS indicator callback test +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS1-PRF +Unapproved = 1 +CtrlInit = ems_check:0 +Ctrl.digest = digest:SHA256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf + +# Test that unsupported XOF is rejected +Availablein = default +KDF = TLS1-PRF +Ctrl.digest = digest:SHAKE-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR + +Title = FIPS indicator tests + +# Test that the operation with unapproved digest function is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS1-PRF +Ctrl.digest = digest:SHA512-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR +Reason = digest not allowed + +# Test that the operation with unapproved digest function is is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS1-PRF +Unapproved = 1 +Ctrl.digest-check = digest-check:0 +Ctrl.digest = digest:SHA512-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09 + + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS1-PRF +Ctrl.digest = digest:SHA256 +Ctrl.Secret = hexsecret:0102030405060708090a0b +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS1-PRF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA256 +Ctrl.Secret = hexsecret:0102030405060708090a0b +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt index c7e7b4b5bf90..f2ea9ac44ac9 100644 --- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt @@ -1,5 +1,5 @@ # -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -4935,6 +4935,96 @@ Ctrl.mode = mode:EXTRACT_AND_EXPAND Ctrl.digest = digest:SHA256 Result = KDF_CTRL_ERROR +Title = TLS13-KDF unsupported XOF test + +Availablein = fips +FIPSversion = <3.4.0 +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHAKE-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Result = KDF_DERIVE_ERROR + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHAKE-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Title = FIPS indicator tests + +# Test that the operation with unapproved digest function is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA512-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Result = KDF_CTRL_ERROR + +# Test that the operation with unapproved digest function is is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Unapproved = 1 +Ctrl.digest-check = digest-check:0 +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA512-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Output = c8240b43113bb8bd211ee97c5145d389e8074f76eeeaac74eb55691062a436e4 +Reason = digest not allowed + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0102030405060708090a0b +Result = KDF_CTRL_ERROR +Reason = invalid key length + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0102030405060708090a0b +Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Result = KDF_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0102030405060708090a0b +Output = ac5ae06e0f6bff82f6256f0fc9fb943554752ba0c93f42ee6499b99c9e5c24a8 + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:6320652074726166666963 +Output = a8464234c7957b85460bf7abda8e20aa43b9e0944c02d76c1c28672619cf6978 + # Test that salt of arbitrary length works FIPSversion = >=3.4.0 KDF = TLS13-KDF diff --git a/test/recipes/30-test_evp_data/evpkdf_x942.txt b/test/recipes/30-test_evp_data/evpkdf_x942.txt index dd53d120f6bd..b1774592e928 100644 --- a/test/recipes/30-test_evp_data/evpkdf_x942.txt +++ b/test/recipes/30-test_evp_data/evpkdf_x942.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,7 @@ Output = 2c5c1f028c6d1fc9ba752e41fdb9edb2ea936f1b2449f214acd56d31 Title = X9.42 KDF tests (ACVP test vectors) +FIPSversion = <3.4.0 KDF = X942KDF-ASN1 Ctrl.digest = digest:SHA256 Ctrl.hexsecret = hexsecret:6B @@ -88,6 +89,7 @@ Output = C2E6A0978C24AF3932F478583ADBFB5F57D491822592EAD3C538875F46EB057A # Negative tests # Fail if both acvp and ukm values are specified. +FIPSversion = <3.4.0 KDF = X942KDF-ASN1 Ctrl.digest = digest:SHA256 Ctrl.hexsecret = hexsecret:6B @@ -97,3 +99,36 @@ Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F Ctrl.hexukm = hexukm:012345 Output = C2E6A0978C24AF3932F478583ADBFB5F57D491822592EAD3C538875F46EB057A Result = KDF_DERIVE_ERROR + +Availablein = fips +FIPSversion = <3.4.0 +KDF = X942KDF-ASN1 +Ctrl.digest = digest:SHAKE-128 +Ctrl.hexsecret = hexsecret:6B +Ctrl.use-keybits = use-keybits:0 +Ctrl.cekalg = cekalg:id-aes128-wrap +Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F308C762FBBAC6069A88BCa12080D49BFE5BE01C7D56489AB017663C22B8CBB34C3174D1D71F00CB7505AC759Aa2203C21A5EA5988562C007986E0503D039E7231D9F152FE72A231A1FD98C59BCA6Aa320FD47477542989B51E4A0845DFABD6EEAA465F69B3D75349B2520051782C7F3FC +Result = KDF_DERIVE_ERROR + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X942KDF-ASN1 +Ctrl.digest = digest:SHAKE-128 +Ctrl.hexsecret = hexsecret:6B +Ctrl.use-keybits = use-keybits:0 +Ctrl.cekalg = cekalg:id-aes128-wrap +Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F308C762FBBAC6069A88BCa12080D49BFE5BE01C7D56489AB017663C22B8CBB34C3174D1D71F00CB7505AC759Aa2203C21A5EA5988562C007986E0503D039E7231D9F152FE72A231A1FD98C59BCA6Aa320FD47477542989B51E4A0845DFABD6EEAA465F69B3D75349B2520051782C7F3FC +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X942KDF-ASN1 +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:6B +Ctrl.use-keybits = use-keybits:0 +Ctrl.cekalg = cekalg:id-aes128-wrap +Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F308C762FBBAC6069A88BCa12080D49BFE5BE01C7D56489AB017663C22B8CBB34C3174D1D71F00CB7505AC759Aa2203C21A5EA5988562C007986E0503D039E7231D9F152FE72A231A1FD98C59BCA6Aa320FD47477542989B51E4A0845DFABD6EEAA465F69B3D75349B2520051782C7F3FC +Output = C2E6A0978C24AF3932F478583ADBFB5F57D491822592EAD3C538875F46EB057A +Result = KDF_CTRL_ERROR +Reason = invalid key length diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt index 3791deb35479..b8f3cff3d3f5 100644 --- a/test/recipes/30-test_evp_data/evpkdf_x963.txt +++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,6 +17,7 @@ Title = X963 KDF tests (from NIST test vectors) +FIPSversion = <3.4.0 KDF = X963KDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 @@ -110,3 +111,76 @@ Ctrl.digest = digest:SHA512 Ctrl.hexsecret = hexsecret:0037cd001a0ad87f35ddf58ab355d6144ba2ed0749a7435dab548ba0bfbe723c047e2396b4eef99653412a92c8db74bb5c03063f2eb0525ae87356750ae3676faa86 Ctrl.hexinfo = hexinfo:eb17da8851c41c7ac6710b1c49f324f8 Output = 829a28b81f9e95b5f306604067499c07d5944ca034ed130d513951f7143e4e162bad8adb2833e53b8235c293cd2a809659ac7f7e392cba6a543660e5d95070c0c9e6a9cdc38123e22da61bb4cbb6ad6d1a58a069e934fc231bd9fe39a24afcbf322ccea385f0418f3b01c1edd6e7124593a1cefe3e48fcd95daaf72cfd973c59 + +# Test concat of multiple info (Uses existing test data, and just splits the info into separate fields) +FIPSversion = >=3.2.0 +KDF = X963KDF +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:0096172bf47d06d544ae98471490cf9e52ee59ea7a2208b33b26c52d4952bb8f41b2211d3f9ff32e77ca8cc906ba8d246ff266ddf1df8f53824ccb15b8fb39724703 +Ctrl.hexinfo = hexinfo:cf3a74ba86 +Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583 +Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7 + +# Test that unsupported XOF is rejected +Availablein = fips +FIPSversion = <3.4.0 +KDF = X963KDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 +Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 +Result = KDF_DERIVE_ERROR + +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X963KDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 +Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 +Result = KDF_CTRL_ERROR +Reason = xof digests not allowed + +Title = FIPS indicator tests + +# Test that the operation with unapproved digest function is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X963KDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 +Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 +Result = KDF_CTRL_ERROR +Reason = digest not allowed + +# Test that the operation with unapproved digest function is is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X963KDF +Unapproved = 1 +Ctrl.digest-check = digest-check:0 +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 +Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 +Output = 6e5fad865cb4a51c95209b16df0cc490bc2c9064405c5bccd4ee4832a531fbe7f10cb79e2eab6ab1149fbd5a23cfdabc41242269c9df22f628c4424333855b64e95e2d4fb8469c669f17176c07d103376b10b384ec5763d8b8c610409f19aca8eb31f9d85cc61a8d6d4a03d03e5a506b78d6847e93d295ee548c65afedd2efec + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X963KDF +Ctrl.digest = digest:SHA224 +Ctrl.hexsecret = hexsecret:0102030405060908090a0b +Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10 +Result = KDF_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +KDF = X963KDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA224 +Ctrl.hexsecret = hexsecret:0102030405060908090a0b +Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10 +Output = cdbb95eaacfd7df6bee013777ad8cd39129db2b61be91d20bb4a0130deccbd265e1f81c5a7112a7ac463204bd354b47eea04b63404ed4a1d8a991d3c9e17ab22c6f8a23686f3fea364a1a2b22cb6210e99ec0ed24f27779f028f68239f12fc572b23694d4dc6063f602b4496cec6f2698f69b24bbffba7127d8a1c9a49c96a83 diff --git a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt index cf42927e11d8..a11e5ffe54b0 100644 --- a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt +++ b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,15 +14,34 @@ Title = CMAC tests (from FIPS module) +FIPSversion = <3.4.0 MAC = CMAC Algorithm = DES-EDE3-CBC Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E Output = 8F49A1B7D6AA2258 +FIPSversion = <3.4.0 MAC = CMAC by EVP_PKEY Algorithm = DES-EDE3-CBC Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E Output = 8F49A1B7D6AA2258 +Availablein = fips +FIPSversion = >=3.4.0 +MAC = CMAC +Algorithm = DES-EDE3-CBC +Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 +Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E +Result = MAC_INIT_ERROR + +Availablein = fips +FIPSversion = >=3.4.0 +MAC = CMAC +Unapproved = 1 +Ctrl = encrypt-check:0 +Algorithm = DES-EDE3-CBC +Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 +Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E +Output = 8F49A1B7D6AA2258 diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt index a7300fd01767..831eecbac91b 100644 --- a/test/recipes/30-test_evp_data/evpmac_common.txt +++ b/test/recipes/30-test_evp_data/evpmac_common.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,29 @@ BlockSize = 64 Title = SHA2 +Availablein = default +MAC = HMAC +Algorithm = SHA256-192 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 48C07F4015447032622F0F1F368EBB02EE1424F3529739D6 +OutputSize = 24 +BlockSize = 64 + +Availablein = default +MAC = HMAC +Algorithm = SHA256-192 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B +Output = 6ECCAB0BE3F7657CAF65CAD9784C8177C9F83A685AB52F4C + +Availablein = default +MAC = HMAC +Algorithm = SHA256-192 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = 4FC15185394271A626627835B912A9CF641C9CD84F7909A4 + MAC = HMAC Algorithm = SHA224 Input = "Sample message for keylen=blocklen" @@ -239,6 +262,30 @@ Input = "Test that SHAKE128 fails" Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f Result = MAC_INIT_ERROR +Title = HMAC FIPS short key test + +# Test HMAC with key < 112 bits is not allowed +Availablein = fips +FIPSversion = >=3.4.0 +MAC = HMAC +Algorithm = SHA256 +Input = "Test Input" +Key = 0001020304 +Result = MAC_INIT_ERROR + +Title = HMAC FIPS short key indicator test + +# Test HMAC with key < 112 bits is unapproved +Availablein = fips +FIPSversion = >=3.4.0 +MAC = HMAC +Algorithm = SHA256 +Unapproved = 1 +Ctrl = key-check:0 +Input = "Test Input" +Key = 0001020304 +Output = db70da6176d87813b059879ccc27bc53e295c6eca74db8bdc4e77d7e951d894b + Title = CMAC tests (from FIPS module) MAC = CMAC @@ -259,6 +306,24 @@ Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1 Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F Output = F62C46329B41085625669BAF51DEA66A +# For AES - test only CBC mode is allowed +FIPSversion = >=3.1.0 +MAC = CMAC +Algorithm = AES-256-ECB +Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1 +Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F +Result = MAC_INIT_ERROR +Reason = invalid mode + +# Test CMAC with a small key is not allowed +# (Most ciphers have fixed length keys - so it fails due to this restriction). +MAC = CMAC +Algorithm = AES-128-CBC +Key = 77A77FAF290C1FA30C68 +Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13 +Result = MAC_INIT_ERROR +Reason = invalid key length + Title = GMAC Tests (from NIST) MAC = GMAC @@ -326,6 +391,13 @@ IV = 7AE8E2CA4EC500012E58495C Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Output = 00BDA1B7E87608BCBF470F12157F4C07 +MAC = GMAC +Algorithm = AES-256-CBC +Key = 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5 +IV = 7AE8E2CA4EC500012E58495C +Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 +Result = MAC_INIT_ERROR +Reason = invalid mode Title = KMAC Tests (From NIST) MAC = KMAC128 @@ -488,6 +560,7 @@ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::" Result = MAC_INIT_ERROR +Reason = invalid custom length Title = KMAC output is too large @@ -497,3 +570,83 @@ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 Custom = "My Tagged Application" Ctrl = size:2097152 Result = MAC_INIT_ERROR +Reason = invalid output length + +Title = KMAC output is too small in FIPS + +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 28c815 +Custom = "My Tagged Application" +Unapproved = 1 +Ctrl = size:3 +Ctrl = no-short-mac:0 + +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 28c815 +Custom = "My Tagged Application" +Ctrl = size:3 +Result = MAC_INIT_ERROR +Reason = invalid output length + +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 28c815 +Custom = "My Tagged Application" +Ctrl = size:3 +Ctrl = no-short-mac:1 +Result = MAC_INIT_ERROR +Reason = invalid output length + +# Old FIPS providers accept short output +FIPSversion = <3.4.0 +MAC = KMAC256 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 28c815 +Custom = "My Tagged Application" +Ctrl = size:3 + +# The default provider accepts short output +Availablein = default +MAC = KMAC256 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 28c815 +Custom = "My Tagged Application" +Ctrl = size:3 + +Title = KMAC FIPS short key test + +# Test KMAC with key < 112 bits is not allowed +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Key = 404142434445464748494A4B4C +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Custom = "" +Result = MAC_INIT_ERROR +Reason = invalid key length + +Title = KMAC FIPS short key indicator test + +# Test KMAC with key < 112 bits is unapproved +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Unapproved = 1 +Ctrl = key-check:0 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Custom = "" +Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 diff --git a/test/recipes/30-test_evp_data/evpmac_sm3.txt b/test/recipes/30-test_evp_data/evpmac_sm3.txt index fc4c41c09704..7456b8e7a772 100644 --- a/test/recipes/30-test_evp_data/evpmac_sm3.txt +++ b/test/recipes/30-test_evp_data/evpmac_sm3.txt @@ -1,5 +1,5 @@ # -# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpmd_blake.txt b/test/recipes/30-test_evp_data/evpmd_blake.txt index add7d4e3feae..e0907964085d 100644 --- a/test/recipes/30-test_evp_data/evpmd_blake.txt +++ b/test/recipes/30-test_evp_data/evpmd_blake.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ Title = BLAKE tests Digest = BLAKE2s256 -Input = +Input = Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9 Digest = BLAKE2s256 @@ -54,8 +54,23 @@ Digest = BLAKE2s256 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081 Output = C80ABEEBB669AD5DEEB5F5EC8EA6B7A05DDF7D31EC4C0A2EE20B0B98CAEC6746 +Digest = BLAKE2s256 +Input = +OutputSize = 16 +Output = 64550d6ffe2c0a01a14aba1eade0200c + +Digest = BLAKE2s256 +Input = 61 +OutputSize = 10 +Output = b60d322755eebca92b5e + +Digest = BLAKE2s256 +Input = 61 +OutputSize = 33 +Result = DIGESTINIT_ERROR + Digest = BLAKE2b512 -Input = +Input = Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce Digest = BLAKE2b512 @@ -89,3 +104,18 @@ Output = 2319E3789C47E2DAA5FE807F61BEC2A1A6537FA03F19FF32E87EECBFD64B7E0E8CCFF43 Digest = BLAKE2b512 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081 Output = DF0A9D0C212843A6A934E3902B2DD30D17FBA5F969D2030B12A546D8A6A45E80CF5635F071F0452E9C919275DA99BED51EB1173C1AF0518726B75B0EC3BAE2B5 + +Digest = BLAKE2b512 +Input = +OutputSize = 32 +Output = 0e5751c026e543b2e8ab2eb06099daa1d1e5df47778f7787faab45cdf12fe3a8 + +Digest = BLAKE2b512 +Input = 61 +OutputSize = 32 +Output = 8928aae63c84d87ea098564d1e03ad813f107add474e56aedd286349c0c03ea4 + +Digest = BLAKE2b512 +Input = 61 +OutputSize = 65 +Result = DIGESTINIT_ERROR diff --git a/test/recipes/30-test_evp_data/evpmd_ripemd.txt b/test/recipes/30-test_evp_data/evpmd_ripemd.txt index 19ed4bb8a0f2..09caebb3d7c2 100644 --- a/test/recipes/30-test_evp_data/evpmd_ripemd.txt +++ b/test/recipes/30-test_evp_data/evpmd_ripemd.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpmd_sha.txt b/test/recipes/30-test_evp_data/evpmd_sha.txt index 66ddf4590a19..b3b95ed76b56 100644 --- a/test/recipes/30-test_evp_data/evpmd_sha.txt +++ b/test/recipes/30-test_evp_data/evpmd_sha.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -58,6 +58,25 @@ Input = "a" Ncopy = 64 Output = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0 +Availablein = default +Digest = SHA256-192 +Input = "abc" +Output = ba7816bf8f01cfea414140de5dae2223b00361a396177a9c + +Availablein = default +Digest = SHA256-192 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167 + +Availablein = default +Digest = SHA256-192 +Input = "a" +Ncopy = 288 +Count = 3472 +Input = "a" +Ncopy = 64 +Output = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e + Digest = SHA384 Input = "abc" Output = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 @@ -281,6 +300,92 @@ Digest = SHAKE256 Input = 8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4 Output = 2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c + + +Title = KECCAK + +# Test vectors taken from https://keccak.team/archives.html. +# "Known-answer and Monte Carlo test results, as of round 3 +# of the SHA-3 competition": +# https://keccak.team/obsolete/KeccakKAT-3.zip + +# ShortMsgKAT_224.txt, Len = 0 +Availablein = default +Digest = KECCAK-224 +Input = "" +Output = F71837502BA8E10837BDD8D365ADB85591895602FC552B48B7390ABD + +# LongMsgKAT_224.txt, Len = 3560 +Availablein = default +Digest = KECCAK-224 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 34A58DDFC5C2222281FA73EB34BFB5E152272CC3AC7FE97AC58C08B0 + +# LongMsgKAT_224.txt, Len = 4064 +Availablein = default +Digest = KECCAK-224 +Input = 4FBDC596508D24A2A0010E140980B809FB9C6D55EC75125891DD985D37665BD80F9BEB6A50207588ABF3CEEE8C77CD8A5AD48A9E0AA074ED388738362496D2FB2C87543BB3349EA64997CE3E7B424EA92D122F57DBB0855A803058437FE08AFB0C8B5E7179B9044BBF4D81A7163B3139E30888B536B0F957EFF99A7162F4CA5AA756A4A982DFADBF31EF255083C4B5C6C1B99A107D7D3AFFFDB89147C2CC4C9A2643F478E5E2D393AEA37B4C7CB4B5E97DADCF16B6B50AAE0F3B549ECE47746DB6CE6F67DD4406CD4E75595D5103D13F9DFA79372924D328F8DD1FCBEB5A8E2E8BF4C76DE08E3FC46AA021F989C49329C7ACAC5A688556D7BCBCB2A5D4BE69D3284E9C40EC4838EE8592120CE20A0B635ECADAA84FD5690509F54F77E35A417C584648BC9839B974E07BFAB0038E90295D0B13902530A830D1C2BDD53F1F9C9FAED43CA4EED0A8DD761BC7EDBDDA28A287C60CD42AF5F9C758E5C7250231C09A582563689AFC65E2B79A7A2B68200667752E9101746F03184E2399E4ED8835CB8E9AE90E296AF220AE234259FE0BD0BCC60F7A4A5FF3F70C5ED4DE9C8C519A10E962F673C82C5E9351786A8A3BFD570031857BD4C87F4FCA31ED4D50E14F2107DA02CB5058700B74EA241A8B41D78461658F1B2B90BFD84A4C2C9D6543861AB3C56451757DCFB9BA60333488DBDD02D601B41AAE317CA7474EB6E6DD +Output = 0790649A6F6ECC4DCACAFAFB6AEFBF6C6F7EC883C72671DB211CD163 + + +# ShortMsgKAT_256.txt, Len = 0 +Availablein = default +Digest = KECCAK-256 +Input = "" +Output = C5D2460186F7233C927E7DB2DCC703C0E500B653CA82273B7BFAD8045D85A470 + +# LongMsgKAT_256.txt, Len = 3560 +Availablein = default +Digest = KECCAK-256 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 0EC8D9D20DDF0A7B0251E941A7261B557507FF6287B504362A8F1734C5A91012 + +# LongMsgKAT_256.txt, Len = 4064 +Availablein = default +Digest = KECCAK-256 +Input = 4FBDC596508D24A2A0010E140980B809FB9C6D55EC75125891DD985D37665BD80F9BEB6A50207588ABF3CEEE8C77CD8A5AD48A9E0AA074ED388738362496D2FB2C87543BB3349EA64997CE3E7B424EA92D122F57DBB0855A803058437FE08AFB0C8B5E7179B9044BBF4D81A7163B3139E30888B536B0F957EFF99A7162F4CA5AA756A4A982DFADBF31EF255083C4B5C6C1B99A107D7D3AFFFDB89147C2CC4C9A2643F478E5E2D393AEA37B4C7CB4B5E97DADCF16B6B50AAE0F3B549ECE47746DB6CE6F67DD4406CD4E75595D5103D13F9DFA79372924D328F8DD1FCBEB5A8E2E8BF4C76DE08E3FC46AA021F989C49329C7ACAC5A688556D7BCBCB2A5D4BE69D3284E9C40EC4838EE8592120CE20A0B635ECADAA84FD5690509F54F77E35A417C584648BC9839B974E07BFAB0038E90295D0B13902530A830D1C2BDD53F1F9C9FAED43CA4EED0A8DD761BC7EDBDDA28A287C60CD42AF5F9C758E5C7250231C09A582563689AFC65E2B79A7A2B68200667752E9101746F03184E2399E4ED8835CB8E9AE90E296AF220AE234259FE0BD0BCC60F7A4A5FF3F70C5ED4DE9C8C519A10E962F673C82C5E9351786A8A3BFD570031857BD4C87F4FCA31ED4D50E14F2107DA02CB5058700B74EA241A8B41D78461658F1B2B90BFD84A4C2C9D6543861AB3C56451757DCFB9BA60333488DBDD02D601B41AAE317CA7474EB6E6DD +Output = 0EA33E2E34F572440640244C7F1F5F04697CE97139BDA72A6558D8663C02B388 + + +# ShortMsgKAT_384.txt, Len = 0 +Availablein = default +Digest = KECCAK-384 +Input = "" +Output = 2C23146A63A29ACF99E73B88F8C24EAA7DC60AA771780CCC006AFBFA8FE2479B2DD2B21362337441AC12B515911957FF + +# LongMsgKAT_384.txt, Len = 3560 +Availablein = default +Digest = KECCAK-384 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 5975FA4BCEFC79FADC79CCF1254BBA9EAC252E24C7DEC7EB8972D265EFAD3F6CF648C49DFFF5453AD27D62FF867A2F03 + +# LongMsgKAT_384.txt, Len = 4064 +Availablein = default +Digest = KECCAK-384 +Input = 4FBDC596508D24A2A0010E140980B809FB9C6D55EC75125891DD985D37665BD80F9BEB6A50207588ABF3CEEE8C77CD8A5AD48A9E0AA074ED388738362496D2FB2C87543BB3349EA64997CE3E7B424EA92D122F57DBB0855A803058437FE08AFB0C8B5E7179B9044BBF4D81A7163B3139E30888B536B0F957EFF99A7162F4CA5AA756A4A982DFADBF31EF255083C4B5C6C1B99A107D7D3AFFFDB89147C2CC4C9A2643F478E5E2D393AEA37B4C7CB4B5E97DADCF16B6B50AAE0F3B549ECE47746DB6CE6F67DD4406CD4E75595D5103D13F9DFA79372924D328F8DD1FCBEB5A8E2E8BF4C76DE08E3FC46AA021F989C49329C7ACAC5A688556D7BCBCB2A5D4BE69D3284E9C40EC4838EE8592120CE20A0B635ECADAA84FD5690509F54F77E35A417C584648BC9839B974E07BFAB0038E90295D0B13902530A830D1C2BDD53F1F9C9FAED43CA4EED0A8DD761BC7EDBDDA28A287C60CD42AF5F9C758E5C7250231C09A582563689AFC65E2B79A7A2B68200667752E9101746F03184E2399E4ED8835CB8E9AE90E296AF220AE234259FE0BD0BCC60F7A4A5FF3F70C5ED4DE9C8C519A10E962F673C82C5E9351786A8A3BFD570031857BD4C87F4FCA31ED4D50E14F2107DA02CB5058700B74EA241A8B41D78461658F1B2B90BFD84A4C2C9D6543861AB3C56451757DCFB9BA60333488DBDD02D601B41AAE317CA7474EB6E6DD +Output = D8A18FDF0DBC4D9DC9A399EED833D258BDF4E06C50C12550B50297DDA05784AEE91F339766021B2CA6BE1577823D920B + + +# ShortMsgKAT_512.txt, Len = 0 +Availablein = default +Digest = KECCAK-512 +Input = "" +Output = 0EAB42DE4C3CEB9235FC91ACFFE746B29C29A8C366B7C60E4E67C466F36A4304C00FA9CAF9D87976BA469BCBE06713B435F091EF2769FB160CDAB33D3670680E + +# LongMsgKAT_512.txt, Len = 3560 +Availablein = default +Digest = KECCAK-512 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 116AE94C86F68F96B8AEF298A9F5852CC9913A2AD3C3C344F28DCC9B29292A716FAF51DD04A9433D8A12572E1DBC581A7CDC4E50BC1CA9051DDBC121F2E864E2 + +# LongMsgKAT_512.txt, Len = 4064 +Availablein = default +Digest = KECCAK-512 +Input = 4FBDC596508D24A2A0010E140980B809FB9C6D55EC75125891DD985D37665BD80F9BEB6A50207588ABF3CEEE8C77CD8A5AD48A9E0AA074ED388738362496D2FB2C87543BB3349EA64997CE3E7B424EA92D122F57DBB0855A803058437FE08AFB0C8B5E7179B9044BBF4D81A7163B3139E30888B536B0F957EFF99A7162F4CA5AA756A4A982DFADBF31EF255083C4B5C6C1B99A107D7D3AFFFDB89147C2CC4C9A2643F478E5E2D393AEA37B4C7CB4B5E97DADCF16B6B50AAE0F3B549ECE47746DB6CE6F67DD4406CD4E75595D5103D13F9DFA79372924D328F8DD1FCBEB5A8E2E8BF4C76DE08E3FC46AA021F989C49329C7ACAC5A688556D7BCBCB2A5D4BE69D3284E9C40EC4838EE8592120CE20A0B635ECADAA84FD5690509F54F77E35A417C584648BC9839B974E07BFAB0038E90295D0B13902530A830D1C2BDD53F1F9C9FAED43CA4EED0A8DD761BC7EDBDDA28A287C60CD42AF5F9C758E5C7250231C09A582563689AFC65E2B79A7A2B68200667752E9101746F03184E2399E4ED8835CB8E9AE90E296AF220AE234259FE0BD0BCC60F7A4A5FF3F70C5ED4DE9C8C519A10E962F673C82C5E9351786A8A3BFD570031857BD4C87F4FCA31ED4D50E14F2107DA02CB5058700B74EA241A8B41D78461658F1B2B90BFD84A4C2C9D6543861AB3C56451757DCFB9BA60333488DBDD02D601B41AAE317CA7474EB6E6DD +Output = DEA56BDABBC6D24183CF7BDE1E1F78631B2B0230C76FF2F43075F2FDE77CF052769276CAD98DA62394EC62D77730F5761489585E093EA7315F3592717C485C84 + + + Title = Case insensitive digest tests Digest = Sha3-256 diff --git a/test/recipes/30-test_evp_data/evppbe_pbkdf2.txt b/test/recipes/30-test_evp_data/evppbe_pbkdf2.txt index 3304179ecded..ecf1d25ae5a0 100644 --- a/test/recipes/30-test_evp_data/evppbe_pbkdf2.txt +++ b/test/recipes/30-test_evp_data/evppbe_pbkdf2.txt @@ -118,6 +118,34 @@ iter = 4096 MD = sha512 Key = 9d9e9c4cd21fe4be24d5b8244c759665 +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha3-224 +Key = 691292bc3683d7d41ea2910f5b3eed23 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha3-256 +Key = 778b6e237a0f49621549ff70d218d208 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha3-384 +Key = 9a5f1e45e8b83f1b259ba72d11c59087 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha3-512 +Key = 2bfaf2d5ceb6d10f5e262cd902488cfd + Title = PBKDF2 tests for empty and NULL inputs PBE = pbkdf2 diff --git a/test/recipes/30-test_evp_data/evppkey_dsa.txt b/test/recipes/30-test_evp_data/evppkey_dsa.txt index 39f9a01343bf..5e5315a5b946 100644 --- a/test/recipes/30-test_evp_data/evppkey_dsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_dsa.txt @@ -270,7 +270,6 @@ Title = FIPS Tests (using different key sizes and digests) # Test sign with a 2048 bit key with N == 160 is not allowed in fips mode Availablein = fips -FIPSversion = <3.4.0 DigestSign = SHA256 Key = DSA-2048-160 Input = "Hello" @@ -278,6 +277,7 @@ Output = 00 Result = DIGESTSIGNINIT_ERROR # Test sign with a 2048 bit key with N == 224 is allowed in fips mode +FIPSversion = <3.4.0 DigestSign = SHA256 Key = DSA-2048-224 Input = "Hello" @@ -285,18 +285,21 @@ Output = 00 Result = SIGNATURE_MISMATCH # Test sign with a 2048 bit key with N == 256 is allowed in fips mode +FIPSversion = <3.4.0 DigestSign = SHA256 Key = DSA-2048-256 Input = "Hello" Result = SIGNATURE_MISMATCH # Test sign with a 3072 bit key with N == 256 is allowed in fips mode +FIPSversion = <3.4.0 DigestSign = SHA256 Key = DSA-3072-256 Input = "Hello" Result = SIGNATURE_MISMATCH # Test sign with a 2048 bit SHA3 is allowed in fips mode +FIPSversion = <3.4.0 DigestSign = SHA3-224 Key = DSA-2048-256 Input = "Hello" @@ -325,7 +328,6 @@ Title = Fips Negative Tests (using different key sizes and digests) # Test sign with a 1024 bit key is not allowed in fips mode Availablein = fips -FIPSversion = <3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = DSA-1024-FIPS186-2 @@ -336,13 +338,12 @@ Result = DIGESTSIGNINIT_ERROR Availablein = fips DigestSign = SHA1 Securitycheck = 1 -Key = DSA-2048 +Key = DSA-2048-256 Input = "Hello" Result = DIGESTSIGNINIT_ERROR # Test sign with a 3072 bit key with N == 224 is not allowed in fips mode Availablein = fips -FIPSversion = <3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = DSA-3072-224 @@ -351,9 +352,136 @@ Result = DIGESTSIGNINIT_ERROR # Test sign with a 4096 bit key is not allowed in fips mode Availablein = fips -FIPSversion = <3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = DSA-4096-256 Input = "Hello" Result = DIGESTSIGNINIT_ERROR + +# Test sign is not allowed in fips mode +FIPSversion = >=3.4.0 +DigestSign = SHA256 +Securitycheck = 1 +Key = DSA-2048-256 +Input = "Hello" +Result = DIGESTSIGNINIT_ERROR + +Title = Fips Indicator Tests +# Check that the indicator callback is triggered + +# Test sign with a 1024 bit key is unapproved in fips mode if the sign and key +# checks are ignored. +FIPSversion = >=3.4.0 +DigestSign = SHA256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = key-check:0 +Key = DSA-1024-FIPS186-2 +Input = "Hello" +Result = SIGNATURE_MISMATCH + +# Test sign with a 1024 bit key is unapproved and fails the key check in +# fips mode if the sign check is ignored +FIPSversion = >=3.4.0 +DigestSign = SHA256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +Key = DSA-1024-FIPS186-2 +Input = "Hello" +Result = DIGESTSIGNINIT_ERROR + +# Test sign with a 3072 bit key with N == 224 is unapproved in fips mode if the +# sign and key checks are ignored +FIPSversion = >=3.4.0 +DigestSign = SHA256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = key-check:0 +Key = DSA-3072-224 +Input = "Hello" +Result = SIGNATURE_MISMATCH + +# Test sign with a 4096 bit key is unapproved in fips mode if the sign and key +# checks are ignored +FIPSversion = >=3.4.0 +DigestSign = SHA256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = key-check:0 +Key = DSA-4096-256 +Input = "Hello" +Result = SIGNATURE_MISMATCH + +# Test DSA sign with SHA1 is unapproved in fips mode if the sign and digest checks +# are ignored +FIPSversion = >=3.4.0 +DigestSign = SHA1 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = digest-check:0 +Key = DSA-2048-256 +Input = "Hello" +Result = SIGNATURE_MISMATCH + +# Test sign with SHA1 is unapproved in fips mode if DSA sign check is ignored +FIPSversion = >=3.4.0 +DigestSign = SHA1 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +Key = DSA-2048-256 +Input = "Hello" +Result = DIGESTSIGNINIT_ERROR + +Title = Test DSA keygen + +# Load DSA Params to use in the DSA keygen tests +ParamKey = DSA-2048-PARAMS +-----BEGIN DSA PARAMETERS----- +MIICKAKCAQEAgrJrFYjhhJ3NnIBSRNpVK5+gze+9fA4Ce0Yjbiz3KOU2TTtE1mbf +lGVsjuAEX2c/cBUWFEjg77EoGCFCpfbzSh6nd2DgCiFaw91ak3GuQ+yKs55SyeQV +ikUQaAILVm0SgIPhdCUtG5XdghJyNUTEHFowWXh3gaQDaRB6MqxbMj0a9LoRwYAw +Mo/9bug6Uh/ITEKjoBertznRW8SflHhATvc6eCL6NXi3qhkQIgYDdwxUGGz1SnfH +wUTYcvu2eogv+0WAnnxCJh51qv2gUynH4TLeL9g/jskcJfvYtejJ+k/G3Q6dsEn/ +an8pdKdH0MaplOZNB6nJSa1H0VZfg9V9VQIdALq9dtHaBpeXSal0qhn0P/nmR9ID +I1Yn4K1l33cCggEAAulOaqN0hBs9DXQyljrKesD8zTLgIsabgyEauuyFfsZp5ezU +762cnqDde20DPTHu1hbVmw68hvKDAWNpVzMMsopFPPWt8JwnEHSMZxwv08RxBET9 +HQXL4+YxA9hfAmtRkUK+QdZFRdXv4AjnxcLyNbIqT/uPm1c/+Dd7875rIzTcW3cc +IvhlS7VgfwIg0IUuGF2uXt/6P7zInftR+nan4/DbNWind5308I7l4jchRjUDRlsK +WbJpcH2m2K43Ue0MUKIki1dTlH07PiHUuY4wQ+jInWtnnRQlLGSw+LdrD7gwpFYY +w/lWdpSTr0aHbSvxD9vcrUzKljFY6iSQF32wcg== +-----END DSA PARAMETERS----- + +# FIPS Key generation tests + +# Test FIPS DSA keygen is not allowed +Availablein = fips +FIPSversion = >=3.4.0 +KeyGen = DSA +KeyParam = DSA-2048-PARAMS +KeyName = tmp1dsa +Result = KEYGEN_GENERATE_ERROR + +Title = Test DSA keygen FIPS indicator test + +# Test DSA keygen is not approved +Availablein = fips +FIPSversion = >=3.4.0 +KeyGen = DSA +KeyParam = DSA-2048-PARAMS +KeyName = tmp2dsa +Unapproved = 1 +Ctrl = sign-check:0 + +Title = XOF disallowed + +DigestVerify = SHAKE256 +Key = DSA-1024 +Input = "Hello " +Result = DIGESTVERIFYINIT_ERROR + diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt index 9ac1a4eb9eb0..e6a2c9eb5955 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecc.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -3594,10 +3594,33 @@ Derive=BOB_cf_prime192v1 Securitycheck = 1 PeerKey=ALICE_cf_prime192v1_PUB SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 -Result = DERIVE_SET_PEER_ERROR +Result = KEYOP_INIT_ERROR + +# Check the indicator callback is triggered +FIPSversion = >=3.4.0 +Derive=BOB_cf_prime192v1 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = key-check:0 +PeerKey=ALICE_cf_prime192v1_PUB +SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 Title=prime256v1 curve tests +PrivateKey=ALICE_naf_prime256v1 +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCCrgvdSKyu+zo6wERHP ++5gkQ5yoY1SIgHYyZXQXRr+O2A== +-----END PRIVATE KEY----- + +PublicKey=ALICE_naf_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5usNhOHMXYW1W8/E0TRbMhSvK4a0 +ipu5+xDoKbhz55WBgERHxLWAvZugiDpyoshYqVPseGubEPA4ZpGdieYajA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_naf_prime256v1:ALICE_naf_prime256v1_PUB + PrivateKey=ALICE_cf_prime256v1 -----BEGIN PRIVATE KEY----- MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDZE0NZiGAFJX6JQxumKTFRT+XFCQqJ @@ -3943,11 +3966,13 @@ ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect233k1 PeerKey=BOB_cf_sect233k1_PUB SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect233k1 PeerKey=ALICE_cf_sect233k1_PUB SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 @@ -4015,11 +4040,13 @@ TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect233r1 PeerKey=BOB_cf_sect233r1_PUB SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect233r1 PeerKey=ALICE_cf_sect233r1_PUB SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 @@ -4087,11 +4114,13 @@ QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect283k1 PeerKey=BOB_cf_sect283k1_PUB SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect283k1 PeerKey=ALICE_cf_sect283k1_PUB SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c @@ -4159,11 +4188,13 @@ PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect283r1 PeerKey=BOB_cf_sect283r1_PUB SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect283r1 PeerKey=ALICE_cf_sect283r1_PUB SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 @@ -4233,11 +4264,13 @@ vuu4aApQiWE3yQd9v/I= PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect409k1 PeerKey=BOB_cf_sect409k1_PUB SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect409k1 PeerKey=ALICE_cf_sect409k1_PUB SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 @@ -4308,11 +4341,13 @@ sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect409r1 PeerKey=BOB_cf_sect409r1_PUB SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect409r1 PeerKey=ALICE_cf_sect409r1_PUB SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 @@ -4383,11 +4418,13 @@ rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect571k1 PeerKey=BOB_cf_sect571k1_PUB SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect571k1 PeerKey=ALICE_cf_sect571k1_PUB SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c @@ -4458,11 +4495,13 @@ c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect571r1 PeerKey=BOB_cf_sect571r1_PUB SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect571r1 PeerKey=ALICE_cf_sect571r1_PUB SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 @@ -4499,3 +4538,26 @@ PeerKey=MALICE_cf_sect571r1_PUB Ctrl=ecdh_cofactor_mode:1 Result=DERIVE_ERROR Reason=point at infinity + +Title = Test EC keygen + +KeyGen = ec +KeyName = ec1 +Ctrl = group:P-256 + +# Test KeyGen with a curve with < 112 bits of security fails. +Availablein = fips +FIPSversion = >=3.4.0 +KeyGen = ec +KeyName = ec2 +Ctrl = group:P-192 +Result = KEYGEN_GENERATE_ERROR + +# Test KeyGen with a curve with < 112 bits of security is not approved +Availablein = fips +FIPSversion = >=3.4.0 +KeyGen = ec +KeyName = ec3 +Ctrl = group:P-192 +Unapproved = 1 +Ctrl = key-check:0 diff --git a/test/recipes/30-test_evp_data/evppkey_ecdh.txt b/test/recipes/30-test_evp_data/evppkey_ecdh.txt index d50b2d166eb7..44a560dca1f3 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdh.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdh.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2710,7 +2710,7 @@ Availablein = fips Derive=ALICE_prime192v1 Securitycheck = 1 PeerKey=BOB_prime192v1_PUB -Result = DERIVE_SET_PEER_ERROR +Result = KEYOP_INIT_ERROR # ECDH Bob with Alice peer @@ -2896,12 +2896,14 @@ PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect233k1 PeerKey=BOB_sect233k1_PUB SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect233k1 PeerKey=ALICE_sect233k1_PUB SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 @@ -2942,12 +2944,14 @@ PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect233r1 PeerKey=BOB_sect233r1_PUB SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect233r1 PeerKey=ALICE_sect233r1_PUB SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 @@ -2990,12 +2994,14 @@ PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect283k1 PeerKey=BOB_sect283k1_PUB SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect283k1 PeerKey=ALICE_sect283k1_PUB SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 @@ -3038,12 +3044,14 @@ PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect283r1 PeerKey=BOB_sect283r1_PUB SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect283r1 PeerKey=ALICE_sect283r1_PUB SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc @@ -3090,12 +3098,14 @@ PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect409k1 PeerKey=BOB_sect409k1_PUB SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect409k1 PeerKey=ALICE_sect409k1_PUB SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 @@ -3142,12 +3152,14 @@ PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect409r1 PeerKey=BOB_sect409r1_PUB SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect409r1 PeerKey=ALICE_sect409r1_PUB SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 @@ -3198,12 +3210,14 @@ PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect571k1 PeerKey=BOB_sect571k1_PUB SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect571k1 PeerKey=ALICE_sect571k1_PUB SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e @@ -3254,12 +3268,14 @@ PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect571r1 PeerKey=BOB_sect571r1_PUB SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect571r1 PeerKey=ALICE_sect571r1_PUB SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt index 1f9ce93cd166..54b143beada4 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -37,34 +37,34 @@ PrivPubKeyPair = P-256:P-256-PUBLIC Title = ECDSA tests -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 # Digest too long -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF12345" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 Result = VERIFY_ERROR # Digest too short -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF123" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 Result = VERIFY_ERROR # Digest invalid -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1235" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 Result = VERIFY_ERROR # Invalid signature -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 @@ -72,14 +72,14 @@ Result = VERIFY_ERROR # Garbage after signature Availablein = default -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800 Result = VERIFY_ERROR # BER signature -Verify = P-256 +Verify = P-256-PUBLIC Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 @@ -185,7 +185,6 @@ Title = FIPS Negative tests (using different curves and digests) # Test that a explicit curve is not allowed in fips mode Availablein = fips DigestVerify = SHA256 -Securitycheck = 1 Key = EC_EXPLICIT Input = "Hello World" Result = DIGESTVERIFYINIT_ERROR @@ -215,8 +214,7 @@ Input = "Hello World" Result = DIGESTSIGNINIT_ERROR # Test that SHA1 is not allowed in fips mode for signing -Availablein = fips -FIPSversion = <3.4.0 +FIPSversion = >=3.4.0 Sign = P-256 Securitycheck = 1 Ctrl = digest:SHA1 @@ -229,3 +227,43 @@ DigestVerify = MD5 Securitycheck = 1 Key = P-256-PUBLIC Result = DIGESTVERIFYINIT_ERROR + +Title = FIPS Indicator tests +# Check that the indicator callback is triggered +# We check for signature mismatch since the signature is unique + +FIPSversion = >=3.4.0 +DigestSign = SHA3-512 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = key-check:0 +Key = B-163 +Input = "Hello World" +Result = SIGNATURE_MISMATCH + +# Test that SHA1 is not allowed in fips mode for signing +FIPSversion = >=3.4.0 +DigestSign = SHA1 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = digest-check:0 +Key = P-256 +Input = "Hello World" +Result = SIGNATURE_MISMATCH + +# Test that SHA1 is not allowed in fips mode for signing +FIPSversion = >=3.4.0 +Sign = P-256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = digest-check:0 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Result = KEYOP_MISMATCH + +Title = XOF disallowed + +DigestVerify = SHAKE256 +Key = B-163 +Input = "Hello World" +Result = DIGESTVERIFYINIT_ERROR diff --git a/test/recipes/30-test_evp_data/evppkey_ecx.txt b/test/recipes/30-test_evp_data/evppkey_ecx.txt index e7f6c1a16f11..e40141c34feb 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecx.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecx.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ # Tests start with one of these keywords # Cipher Decrypt Derive Digest Encoding KDF MAC PBE # PrivPubKeyPair Sign Verify VerifyRecover +# OneShotDigestSign # and continue until a blank line. Lines starting with a pound sign are ignored. @@ -56,18 +57,30 @@ PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC PrivPubKeyPair = Bob-25519-Raw:Bob-25519-PUBLIC-Raw +Availablein = default Derive=Alice-25519 PeerKey=Bob-25519-PUBLIC SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +# Test that X25519 Key exchange is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +Derive=Alice-25519 +PeerKey=Bob-25519-PUBLIC +SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +Unapproved=1 + +Availablein = default Derive=Bob-25519 PeerKey=Alice-25519-PUBLIC SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +Availablein = default Derive=Alice-25519-Raw PeerKey=Bob-25519-PUBLIC-Raw SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +Availablein = default Derive=Bob-25519-Raw PeerKey=Alice-25519-PUBLIC-Raw SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 @@ -128,23 +141,36 @@ PrivPubKeyPair = Bob-448-Raw:Bob-448-PUBLIC-Raw PublicKeyRaw=Bob-448-PUBLIC-Raw-NonCanonical:X448:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +Availablein = default Derive=Alice-448 PeerKey=Bob-448-PUBLIC SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d +# Test that X448 Key exchange is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +Derive=Alice-448 +PeerKey=Bob-448-PUBLIC +SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d +Unapproved=1 + +Availablein = default Derive=Bob-448 PeerKey=Alice-448-PUBLIC SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d +Availablein = default Derive=Alice-448-Raw PeerKey=Bob-448-PUBLIC-Raw SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d +Availablein = default Derive=Bob-448-Raw PeerKey=Alice-448-PUBLIC-Raw SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d # Self-generated non-canonical +Availablein = default Derive=Alice-448-Raw PeerKey=Bob-448-PUBLIC-Raw-NonCanonical SharedSecret=66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee63660eabd54934f3382061d17607f581a90bdac917a064959fb @@ -535,6 +561,7 @@ PrivateKeyRaw = WychePRIVATE0:X25519:288796bc5aff4b81a37501757bc0753a3c21964790d PublicKeyRaw = WychePUBLIC0:X25519:f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f +Availablein = default Derive=WychePRIVATE0 PeerKey=WychePUBLIC0 SharedSecret=b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c @@ -543,6 +570,7 @@ PrivateKeyRaw = WychePRIVATE1:X25519:60887b3dc72443026ebedbbbb70665f42b87add1440 PublicKeyRaw = WychePUBLIC1:X25519:f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +Availablein = default Derive=WychePRIVATE1 PeerKey=WychePUBLIC1 SharedSecret=38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633 @@ -551,18 +579,21 @@ PrivateKeyRaw = WychePRIVATE2:X25519:a0a4f130b98a5be4b1cedb7cb85584a3520e142d474 PublicKeyRaw = WychePUBLIC2:X25519:0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36 +Availablein = default Derive=WychePRIVATE2 PeerKey=WychePUBLIC2 SharedSecret=0200000000000000000000000000000000000000000000000000000000000000 PublicKeyRaw = WychePUBLIC3:X25519:89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000 +Availablein = default Derive=WychePRIVATE2 PeerKey=WychePUBLIC3 SharedSecret=0900000000000000000000000000000000000000000000000000000000000000 PublicKeyRaw = WychePUBLIC4:X25519:2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d +Availablein = default Derive=WychePRIVATE2 PeerKey=WychePUBLIC4 SharedSecret=1000000000000000000000000000000000000000000000000000000000000000 @@ -580,3 +611,355 @@ Result = KEYPAIR_MISMATCH PrivPubKeyPair = Bob-448:Alice-448-PUBLIC Result = KEYPAIR_MISMATCH + +######## RFC 8032 test vectors + +# Test Vector 1 +# Ed25519 +PrivateKeyRaw = EDDSA-TV-1-Raw:ED25519:9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60 + +PublicKeyRaw = EDDSA-TV-1-PUBLIC-Raw:ED25519:d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a + +PrivPubKeyPair = EDDSA-TV-1-Raw:EDDSA-TV-1-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-1-Raw +Input = +Ctrl = instance:Ed25519 +Ctrl = hexcontext-string: +Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b + +# Test Vector 2 +# Ed25519 +PrivateKeyRaw = EDDSA-TV-2-Raw:ED25519:4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb + +PublicKeyRaw = EDDSA-TV-2-PUBLIC-Raw:ED25519:3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c + +PrivPubKeyPair = EDDSA-TV-2-Raw:EDDSA-TV-2-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-2-Raw +Input = 72 +Ctrl = instance:Ed25519 +Ctrl = hexcontext-string: +Output = 92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00 + +# Test Vector 3 +# Ed25519 +PrivateKeyRaw = EDDSA-TV-3-Raw:ED25519:c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7 + +PublicKeyRaw = EDDSA-TV-3-PUBLIC-Raw:ED25519:fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025 + +PrivPubKeyPair = EDDSA-TV-3-Raw:EDDSA-TV-3-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-3-Raw +Input = af82 +Ctrl = instance:Ed25519 +Ctrl = hexcontext-string: +Output = 6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a + +# Test Vector 4 +# Ed25519 +PrivateKeyRaw = EDDSA-TV-4-Raw:ED25519:f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5 + +PublicKeyRaw = EDDSA-TV-4-PUBLIC-Raw:ED25519:278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e + +PrivPubKeyPair = EDDSA-TV-4-Raw:EDDSA-TV-4-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-4-Raw +Input = 08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0 +Ctrl = instance:Ed25519 +Ctrl = hexcontext-string: +Output = 0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03 + +# Test Vector 5 +# Ed25519 +PrivateKeyRaw = EDDSA-TV-5-Raw:ED25519:833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42 + +PublicKeyRaw = EDDSA-TV-5-PUBLIC-Raw:ED25519:ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf + +PrivPubKeyPair = EDDSA-TV-5-Raw:EDDSA-TV-5-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-5-Raw +Input = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f +Ctrl = instance:Ed25519 +Ctrl = hexcontext-string: +Output = dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b58909351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704 + +# Test Vector 6 +# Ed25519ctx +PrivateKeyRaw = EDDSA-TV-6-Raw:ED25519:0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 + +PublicKeyRaw = EDDSA-TV-6-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 + +PrivPubKeyPair = EDDSA-TV-6-Raw:EDDSA-TV-6-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-6-Raw +Input = f726936d19c800494e3fdaff20b276a8 +Ctrl = instance:Ed25519ctx +Ctrl = hexcontext-string:666f6f +Output = 55a4cc2f70a54e04288c5f4cd1e45a7bb520b36292911876cada7323198dd87a8b36950b95130022907a7fb7c4e9b2d5f6cca685a587b4b21f4b888e4e7edb0d + +# Test Vector 7 +# Ed25519ctx +PrivateKeyRaw = EDDSA-TV-7-Raw:ED25519:0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 + +PublicKeyRaw = EDDSA-TV-7-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 + +PrivPubKeyPair = EDDSA-TV-7-Raw:EDDSA-TV-7-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-7-Raw +Input = f726936d19c800494e3fdaff20b276a8 +Ctrl = instance:Ed25519ctx +Ctrl = hexcontext-string:626172 +Output = fc60d5872fc46b3aa69f8b5b4351d5808f92bcc044606db097abab6dbcb1aee3216c48e8b3b66431b5b186d1d28f8ee15a5ca2df6668346291c2043d4eb3e90d + +# Test Vector 8 +# Ed25519ctx +PrivateKeyRaw = EDDSA-TV-8-Raw:ED25519:0305334e381af78f141cb666f6199f57bc3495335a256a95bd2a55bf546663f6 + +PublicKeyRaw = EDDSA-TV-8-PUBLIC-Raw:ED25519:dfc9425e4f968f7f0c29f0259cf5f9aed6851c2bb4ad8bfb860cfee0ab248292 + +PrivPubKeyPair = EDDSA-TV-8-Raw:EDDSA-TV-8-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-8-Raw +Input = 508e9e6882b979fea900f62adceaca35 +Ctrl = instance:Ed25519ctx +Ctrl = hexcontext-string:666f6f +Output = 8b70c1cc8310e1de20ac53ce28ae6e7207f33c3295e03bb5c0732a1d20dc64908922a8b052cf99b7c4fe107a5abb5b2c4085ae75890d02df26269d8945f84b0b + +# Test Vector 9 +# Ed25519ctx +PrivateKeyRaw = EDDSA-TV-9-Raw:ED25519:ab9c2853ce297ddab85c993b3ae14bcad39b2c682beabc27d6d4eb20711d6560 + +PublicKeyRaw = EDDSA-TV-9-PUBLIC-Raw:ED25519:0f1d1274943b91415889152e893d80e93275a1fc0b65fd71b4b0dda10ad7d772 + +PrivPubKeyPair = EDDSA-TV-9-Raw:EDDSA-TV-9-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-9-Raw +Input = f726936d19c800494e3fdaff20b276a8 +Ctrl = instance:Ed25519ctx +Ctrl = hexcontext-string:666f6f +Output = 21655b5f1aa965996b3f97b3c849eafba922a0a62992f73b3d1b73106a84ad85e9b86a7b6005ea868337ff2d20a7f5fbd4cd10b0be49a68da2b2e0dc0ad8960f + +# Test Vector 10 +# Ed25519ph +PrivateKeyRaw = EDDSA-TV-10-Raw:ED25519:833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42 + +PublicKeyRaw = EDDSA-TV-10-PUBLIC-Raw:ED25519:ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf + +PrivPubKeyPair = EDDSA-TV-10-Raw:EDDSA-TV-10-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-10-Raw +Input = 616263 +Ctrl = instance:Ed25519ph +Ctrl = hexcontext-string: +Output = 98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406 + +# Test Vector 11 +# Ed448 +PrivateKeyRaw = EDDSA-TV-11-Raw:ED448:6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b + +PublicKeyRaw = EDDSA-TV-11-PUBLIC-Raw:ED448:5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180 + +PrivPubKeyPair = EDDSA-TV-11-Raw:EDDSA-TV-11-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-11-Raw +Input = +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = 533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980ff0d2028d4b18a9df63e006c5d1c2d345b925d8dc00b4104852db99ac5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e652600 + +# Test Vector 12 +# Ed448 +PrivateKeyRaw = EDDSA-TV-12-Raw:ED448:c4eab05d357007c632f3dbb48489924d552b08fe0c353a0d4a1f00acda2c463afbea67c5e8d2877c5e3bc397a659949ef8021e954e0a12274e + +PublicKeyRaw = EDDSA-TV-12-PUBLIC-Raw:ED448:43ba28f430cdff456ae531545f7ecd0ac834a55d9358c0372bfa0c6c6798c0866aea01eb00742802b8438ea4cb82169c235160627b4c3a9480 + +PrivPubKeyPair = EDDSA-TV-12-Raw:EDDSA-TV-12-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-12-Raw +Input = 03 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = 26b8f91727bd62897af15e41eb43c377efb9c610d48f2335cb0bd0087810f4352541b143c4b981b7e18f62de8ccdf633fc1bf037ab7cd779805e0dbcc0aae1cbcee1afb2e027df36bc04dcecbf154336c19f0af7e0a6472905e799f1953d2a0ff3348ab21aa4adafd1d234441cf807c03a00 + +# Test Vector 13 +# Ed448 +PrivateKeyRaw = EDDSA-TV-13-Raw:ED448:c4eab05d357007c632f3dbb48489924d552b08fe0c353a0d4a1f00acda2c463afbea67c5e8d2877c5e3bc397a659949ef8021e954e0a12274e + +PublicKeyRaw = EDDSA-TV-13-PUBLIC-Raw:ED448:43ba28f430cdff456ae531545f7ecd0ac834a55d9358c0372bfa0c6c6798c0866aea01eb00742802b8438ea4cb82169c235160627b4c3a9480 + +PrivPubKeyPair = EDDSA-TV-13-Raw:EDDSA-TV-13-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-13-Raw +Input = 03 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string:666f6f +Output = d4f8f6131770dd46f40867d6fd5d5055de43541f8c5e35abbcd001b32a89f7d2151f7647f11d8ca2ae279fb842d607217fce6e042f6815ea000c85741de5c8da1144a6a1aba7f96de42505d7a7298524fda538fccbbb754f578c1cad10d54d0d5428407e85dcbc98a49155c13764e66c3c00 + +# Test Vector 14 +# Ed448 +PrivateKeyRaw = EDDSA-TV-14-Raw:ED448:cd23d24f714274e744343237b93290f511f6425f98e64459ff203e8985083ffdf60500553abc0e05cd02184bdb89c4ccd67e187951267eb328 + +PublicKeyRaw = EDDSA-TV-14-PUBLIC-Raw:ED448:dcea9e78f35a1bf3499a831b10b86c90aac01cd84b67a0109b55a36e9328b1e365fce161d71ce7131a543ea4cb5f7e9f1d8b00696447001400 + +PrivPubKeyPair = EDDSA-TV-14-Raw:EDDSA-TV-14-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-14-Raw +Input = 0c3e544074ec63b0265e0c +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = 1f0a8888ce25e8d458a21130879b840a9089d999aaba039eaf3e3afa090a09d389dba82c4ff2ae8ac5cdfb7c55e94d5d961a29fe0109941e00b8dbdeea6d3b051068df7254c0cdc129cbe62db2dc957dbb47b51fd3f213fb8698f064774250a5028961c9bf8ffd973fe5d5c206492b140e00 + +# Test Vector 15 +# Ed448 +PrivateKeyRaw = EDDSA-TV-15-Raw:ED448:258cdd4ada32ed9c9ff54e63756ae582fb8fab2ac721f2c8e676a72768513d939f63dddb55609133f29adf86ec9929dccb52c1c5fd2ff7e21b + +PublicKeyRaw = EDDSA-TV-15-PUBLIC-Raw:ED448:3ba16da0c6f2cc1f30187740756f5e798d6bc5fc015d7c63cc9510ee3fd44adc24d8e968b6e46e6f94d19b945361726bd75e149ef09817f580 + +PrivPubKeyPair = EDDSA-TV-15-Raw:EDDSA-TV-15-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-15-Raw +Input = 64a65f3cdedcdd66811e2915 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = 7eeeab7c4e50fb799b418ee5e3197ff6bf15d43a14c34389b59dd1a7b1b85b4ae90438aca634bea45e3a2695f1270f07fdcdf7c62b8efeaf00b45c2c96ba457eb1a8bf075a3db28e5c24f6b923ed4ad747c3c9e03c7079efb87cb110d3a99861e72003cbae6d6b8b827e4e6c143064ff3c00 + +# Test Vector 16 +# Ed448 +PrivateKeyRaw = EDDSA-TV-16-Raw:ED448:7ef4e84544236752fbb56b8f31a23a10e42814f5f55ca037cdcc11c64c9a3b2949c1bb60700314611732a6c2fea98eebc0266a11a93970100e + +PublicKeyRaw = EDDSA-TV-16-PUBLIC-Raw:ED448:b3da079b0aa493a5772029f0467baebee5a8112d9d3a22532361da294f7bb3815c5dc59e176b4d9f381ca0938e13c6c07b174be65dfa578e80 + +PrivPubKeyPair = EDDSA-TV-16-Raw:EDDSA-TV-16-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-16-Raw +Input = 64a65f3cdedcdd66811e2915e7 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = 6a12066f55331b6c22acd5d5bfc5d71228fbda80ae8dec26bdd306743c5027cb4890810c162c027468675ecf645a83176c0d7323a2ccde2d80efe5a1268e8aca1d6fbc194d3f77c44986eb4ab4177919ad8bec33eb47bbb5fc6e28196fd1caf56b4e7e0ba5519234d047155ac727a1053100 + +# Test Vector 17 +# Ed448 +PrivateKeyRaw = EDDSA-TV-17-Raw:ED448:d65df341ad13e008567688baedda8e9dcdc17dc024974ea5b4227b6530e339bff21f99e68ca6968f3cca6dfe0fb9f4fab4fa135d5542ea3f01 + +PublicKeyRaw = EDDSA-TV-17-PUBLIC-Raw:ED448:df9705f58edbab802c7f8363cfe5560ab1c6132c20a9f1dd163483a26f8ac53a39d6808bf4a1dfbd261b099bb03b3fb50906cb28bd8a081f00 + +PrivPubKeyPair = EDDSA-TV-17-Raw:EDDSA-TV-17-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-17-Raw +Input = bd0f6a3747cd561bdddf4640a332461a4a30a12a434cd0bf40d766d9c6d458e5512204a30c17d1f50b5079631f64eb3112182da3005835461113718d1a5ef944 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = 554bc2480860b49eab8532d2a533b7d578ef473eeb58c98bb2d0e1ce488a98b18dfde9b9b90775e67f47d4a1c3482058efc9f40d2ca033a0801b63d45b3b722ef552bad3b4ccb667da350192b61c508cf7b6b5adadc2c8d9a446ef003fb05cba5f30e88e36ec2703b349ca229c2670833900 + +# Test Vector 18 +# Ed448 +PrivateKeyRaw = EDDSA-TV-18-Raw:ED448:2ec5fe3c17045abdb136a5e6a913e32ab75ae68b53d2fc149b77e504132d37569b7e766ba74a19bd6162343a21c8590aa9cebca9014c636df5 + +PublicKeyRaw = EDDSA-TV-18-PUBLIC-Raw:ED448:79756f014dcfe2079f5dd9e718be4171e2ef2486a08f25186f6bff43a9936b9bfe12402b08ae65798a3d81e22e9ec80e7690862ef3d4ed3a00 + +PrivPubKeyPair = EDDSA-TV-18-Raw:EDDSA-TV-18-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-18-Raw +Input = 15777532b0bdd0d1389f636c5f6b9ba734c90af572877e2d272dd078aa1e567cfa80e12928bb542330e8409f3174504107ecd5efac61ae7504dabe2a602ede89e5cca6257a7c77e27a702b3ae39fc769fc54f2395ae6a1178cab4738e543072fc1c177fe71e92e25bf03e4ecb72f47b64d0465aaea4c7fad372536c8ba516a6039c3c2a39f0e4d832be432dfa9a706a6e5c7e19f397964ca4258002f7c0541b590316dbc5622b6b2a6fe7a4abffd96105eca76ea7b98816af0748c10df048ce012d901015a51f189f3888145c03650aa23ce894c3bd889e030d565071c59f409a9981b51878fd6fc110624dcbcde0bf7a69ccce38fabdf86f3bef6044819de11 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = c650ddbb0601c19ca11439e1640dd931f43c518ea5bea70d3dcde5f4191fe53f00cf966546b72bcc7d58be2b9badef28743954e3a44a23f880e8d4f1cfce2d7a61452d26da05896f0a50da66a239a8a188b6d825b3305ad77b73fbac0836ecc60987fd08527c1a8e80d5823e65cafe2a3d00 + +# Test Vector 19 +# Ed448 +PrivateKeyRaw = EDDSA-TV-19-Raw:ED448:872d093780f5d3730df7c212664b37b8a0f24f56810daa8382cd4fa3f77634ec44dc54f1c2ed9bea86fafb7632d8be199ea165f5ad55dd9ce8 + +PublicKeyRaw = EDDSA-TV-19-PUBLIC-Raw:ED448:a81b2e8a70a5ac94ffdbcc9badfc3feb0801f258578bb114ad44ece1ec0e799da08effb81c5d685c0c56f64eecaef8cdf11cc38737838cf400 + +PrivPubKeyPair = EDDSA-TV-19-Raw:EDDSA-TV-19-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-19-Raw +Input = 6ddf802e1aae4986935f7f981ba3f0351d6273c0a0c22c9c0e8339168e675412a3debfaf435ed651558007db4384b650fcc07e3b586a27a4f7a00ac8a6fec2cd86ae4bf1570c41e6a40c931db27b2faa15a8cedd52cff7362c4e6e23daec0fbc3a79b6806e316efcc7b68119bf46bc76a26067a53f296dafdbdc11c77f7777e972660cf4b6a9b369a6665f02e0cc9b6edfad136b4fabe723d2813db3136cfde9b6d044322fee2947952e031b73ab5c603349b307bdc27bc6cb8b8bbd7bd323219b8033a581b59eadebb09b3c4f3d2277d4f0343624acc817804728b25ab797172b4c5c21a22f9c7839d64300232eb66e53f31c723fa37fe387c7d3e50bdf9813a30e5bb12cf4cd930c40cfb4e1fc622592a49588794494d56d24ea4b40c89fc0596cc9ebb961c8cb10adde976a5d602b1c3f85b9b9a001ed3c6a4d3b1437f52096cd1956d042a597d561a596ecd3d1735a8d570ea0ec27225a2c4aaff26306d1526c1af3ca6d9cf5a2c98f47e1c46db9a33234cfd4d81f2c98538a09ebe76998d0d8fd25997c7d255c6d66ece6fa56f11144950f027795e653008f4bd7ca2dee85d8e90f3dc315130ce2a00375a318c7c3d97be2c8ce5b6db41a6254ff264fa6155baee3b0773c0f497c573f19bb4f4240281f0b1f4f7be857a4e59d416c06b4c50fa09e1810ddc6b1467baeac5a3668d11b6ecaa901440016f389f80acc4db977025e7f5924388c7e340a732e554440e76570f8dd71b7d640b3450d1fd5f0410a18f9a3494f707c717b79b4bf75c98400b096b21653b5d217cf3565c9597456f70703497a078763829bc01bb1cbc8fa04eadc9a6e3f6699587a9e75c94e5bab0036e0b2e711392cff0047d0d6b05bd2a588bc109718954259f1d86678a579a3120f19cfb2963f177aeb70f2d4844826262e51b80271272068ef5b3856fa8535aa2a88b2d41f2a0e2fda7624c2850272ac4a2f561f8f2f7a318bfd5caf9696149e4ac824ad3460538fdc25421beec2cc6818162d06bbed0c40a387192349db67a118bada6cd5ab0140ee273204f628aad1c135f770279a651e24d8c14d75a6059d76b96a6fd857def5e0b354b27ab937a5815d16b5fae407ff18222c6d1ed263be68c95f32d908bd895cd76207ae726487567f9a67dad79abec316f683b17f2d02bf07e0ac8b5bc6162cf94697b3c27cd1fea49b27f23ba2901871962506520c392da8b6ad0d99f7013fbc06c2c17a569500c8a7696481c1cd33e9b14e40b82e79a5f5db82571ba97bae3ad3e0479515bb0e2b0f3bfcd1fd33034efc6245eddd7ee2086ddae2600d8ca73e214e8c2b0bdb2b047c6a464a562ed77b73d2d841c4b34973551257713b753632efba348169abc90a68f42611a40126d7cb21b58695568186f7e569d2ff0f9e745d0487dd2eb997cafc5abf9dd102e62ff66cba87 +Ctrl = instance:Ed448 +Ctrl = hexcontext-string: +Output = e301345a41a39a4d72fff8df69c98075a0cc082b802fc9b2b6bc503f926b65bddf7f4c8f1cb49f6396afc8a70abe6d8aef0db478d4c6b2970076c6a0484fe76d76b3a97625d79f1ce240e7c576750d295528286f719b413de9ada3e8eb78ed573603ce30d8bb761785dc30dbc320869e1a00 + +# Test Vector 20 +# Ed448ph +PrivateKeyRaw = EDDSA-TV-20-Raw:ED448:833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42ef7822e0d5104127dc05d6dbefde69e3ab2cec7c867c6e2c49 + +PublicKeyRaw = EDDSA-TV-20-PUBLIC-Raw:ED448:259b71c19f83ef77a7abd26524cbdb3161b590a48f7d17de3ee0ba9c52beb743c09428a131d6b1b57303d90d8132c276d5ed3d5d01c0f53880 + +PrivPubKeyPair = EDDSA-TV-20-Raw:EDDSA-TV-20-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-20-Raw +Input = 616263 +Ctrl = instance:Ed448ph +Ctrl = hexcontext-string: +Output = 822f6901f7480f3d5f562c592994d9693602875614483256505600bbc281ae381f54d6bce2ea911574932f52a4e6cadd78769375ec3ffd1b801a0d9b3f4030cd433964b6457ea39476511214f97469b57dd32dbc560a9a94d00bff07620464a3ad203df7dc7ce360c3cd3696d9d9fab90f00 + +# Test Vector 21 +# Ed448ph +PrivateKeyRaw = EDDSA-TV-21-Raw:ED448:833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42ef7822e0d5104127dc05d6dbefde69e3ab2cec7c867c6e2c49 + +PublicKeyRaw = EDDSA-TV-21-PUBLIC-Raw:ED448:259b71c19f83ef77a7abd26524cbdb3161b590a48f7d17de3ee0ba9c52beb743c09428a131d6b1b57303d90d8132c276d5ed3d5d01c0f53880 + +PrivPubKeyPair = EDDSA-TV-21-Raw:EDDSA-TV-21-PUBLIC-Raw + +FIPSversion = >=3.2.0 +OneShotDigestSign = NULL +Key = EDDSA-TV-21-Raw +Input = 616263 +Ctrl = instance:Ed448ph +Ctrl = hexcontext-string:666f6f +Output = c32299d46ec8ff02b54540982814dce9a05812f81962b649d528095916a2aa481065b1580423ef927ecf0af5888f90da0f6a9a85ad5dc3f280d91224ba9911a3653d00e484e2ce232521481c8658df304bb7745a73514cdb9bf3e15784ab71284f8d0704a608c54a6b62d97beb511d132100 + +# Test that X25519 KeyGen is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +KeyGen = X25519 +KeyName = x25519_gen_key +Unapproved = 1 + +# Test that X448 KeyGen is not FIPS approved +Availablein = fips +FIPSversion = >=3.4.0 +KeyGen = X448 +KeyName = x448_gen_key +Unapproved = 1 diff --git a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt index b6b1a8e8a090..dd4dac63b673 100644 --- a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt +++ b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ Title = RFC7919 DH tests # Key generation test KeyGen = dhKeyAgreement -Ctrl = dh_param:ffdhe2048 +Ctrl = group:ffdhe2048 KeyName = tmpdh # ffdhe2048-1 and ffdhe2048-2 were randomly generated and have a shared secret @@ -98,10 +98,10 @@ SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD # The plain shared secret for these keys needs padding as seen above. Derive=ffdhe2048-1 PeerKey=ffdhe2048-2-pub -KDFType=X942KDF-ASN1 -KDFOutlen=32 -KDFDigest=SHA-256 -CEKAlg=id-aes128-wrap +Ctrl = kdf-type:X942KDF-ASN1 +Ctrl = kdf-outlen:32 +Ctrl = kdf-digest:SHA-256 +Ctrl = cekalg:AES-128-WRAP Ctrl = dh_pad:1 SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 @@ -109,10 +109,10 @@ SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 FIPSversion = >3.0.0 Derive=ffdhe2048-2 PeerKey=ffdhe2048-1-pub -KDFType=X942KDF-ASN1 -KDFOutlen=32 -KDFDigest=SHA-256 -CEKAlg=id-aes128-wrap +Ctrl = kdf-type:X942KDF-ASN1 +Ctrl = kdf-outlen:32 +Ctrl = kdf-digest:SHA-256 +Ctrl = cekalg:AES-128-WRAP Ctrl = dh_pad:0 SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 diff --git a/test/recipes/30-test_evp_data/evppkey_kas.txt b/test/recipes/30-test_evp_data/evppkey_kas.txt index ba1049628f94..169471f3c8cb 100644 --- a/test/recipes/30-test_evp_data/evppkey_kas.txt +++ b/test/recipes/30-test_evp_data/evppkey_kas.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -54,7 +54,7 @@ Availablein = fips Derive=KAS-ECC-CDH_P-192_C0 Securitycheck = 1 PeerKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC -Result = DERIVE_SET_PEER_ERROR +Result = KEYOP_INIT_ERROR PrivateKey=KAS-ECC-CDH_P-192_C1 -----BEGIN PRIVATE KEY----- @@ -11660,8 +11660,27 @@ aO8Bay1Nqsqca+2XayBk71Q1KliuNDZ4NaYhDhV4KRwd6NZ8ILw9b/piDIezCYor nzq7jSys1bLuK2g5nqxOj2XOvdZjAP0Em1s= -----END PUBLIC KEY----- - +# Test that using ECC CDH works for all providers (this uses the EC curves cofactor) Derive=KAS-ECC-CDH_B-571_C24 PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=02da266a269bdc8d8b2a0c6bb5762f102fc801c8d5394a9271539136bd81d4b69cfbb7525cd0a983fb7f7e9deec583b8f8e574c6184b2d79831ec770649e484dc006fa35b0bffd0b + +# Test that ECC DH is not approved in FIPS (this uses a cofactor of 1) +Availablein = fips +FIPSversion = >=3.4.0 +Derive=KAS-ECC-CDH_B-571_C24 +PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC +Ctrl=ecdh_cofactor_mode:-1 +Result = DERIVE_ERROR +Reason = cofactor required + +# Test the ECC DH FIPS indicator (this uses a cofactor of 1) +Availablein = fips +FIPSversion = >=3.4.0 +Derive = KAS-ECC-CDH_B-571_C24 +Unapproved = 1 +Ctrl = ecdh-cofactor-check:0 +Ctrl = ecdh_cofactor_mode:-1 +PeerKey = KAS-ECC-CDH_B-571_C24-Peer-PUBLIC +SharedSecret=0722353705ad168630247998cfea24e2528622a208d13530b02906f77ca88b6dc3a9d7d44dbe3bf1e0b070d828e1d04349b3bc546664df0849e8f1ddac1b628150f3e1ad36125d9f diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt index 1a0277594bc3..1fb24720012b 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,7 @@ Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb Ctrl.info = info: Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 +Availablein = default PKEYKDF = HKDF Ctrl.md = md:SHA1 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b @@ -84,6 +85,7 @@ Ctrl.salt = hexsalt:000102030405060708090a0b0c Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 +Availablein = default PKEYKDF = HKDF Ctrl.mode = mode:EXTRACT_ONLY Ctrl.md = md:SHA1 @@ -193,3 +195,39 @@ Ctrl.md = md:SHA1 Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c Ctrl.salt = salt: Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +# Test that the operation with XOF digest function is rejected +FIPSversion = >=3.4.0 +PKEYKDF = HKDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Result = PKEY_CTRL_ERROR +Reason = xof digests not allowed + +Title = FIPS indicator tests + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +PKEYKDF = HKDF +Ctrl.digest = digest:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Result = PKEY_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +PKEYKDF = HKDF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt index 17a8dab6f7d9..442c55abd7e5 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -69,3 +69,66 @@ Ctrl.Secret = hexsecret:01 Ctrl.Seed = hexseed:02 Output = 03 Result = KDF_DERIVE_ERROR + +# Test that unsupported XOF is rejected +KDF = TLS1-PRF +Ctrl.digest = digest:SHAKE-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR + +Title = FIPS indicator tests + +# Test that the operation with unapproved digest function is rejected +Availablein = fips +FIPSversion = >=3.4.0 +PKEYKDF = TLS1-PRF +Ctrl.digest = digest:SHA512-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_DERIVE_ERROR +Reason = digest not allowed + +# Test that the operation with unapproved digest function is is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +PKEYKDF = TLS1-PRF +Unapproved = 1 +Ctrl.digest-check = digest-check:0 +Ctrl.digest = digest:SHA512-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09 + +# Test that the key whose length is shorter than 112 bits is rejected +Availablein = fips +FIPSversion = >=3.4.0 +PKEYKDF = TLS1-PRF +Ctrl.digest = digest:SHA256 +Ctrl.Secret = hexsecret:0102030405060708090a0b +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR +Reason = invalid key length + +# Test that the key whose length is shorter than 112 bits is reported as +# unapproved +Availablein = fips +FIPSversion = >=3.4.0 +PKEYKDF = TLS1-PRF +Unapproved = 1 +Ctrl.key-check = key-check:0 +Ctrl.digest = digest:SHA256 +Ctrl.Secret = hexsecret:0102030405060708090a0b +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b diff --git a/test/recipes/30-test_evp_data/evppkey_mismatch.txt b/test/recipes/30-test_evp_data/evppkey_mismatch.txt index ebbd4d4b39d1..0859814860e3 100644 --- a/test/recipes/30-test_evp_data/evppkey_mismatch.txt +++ b/test/recipes/30-test_evp_data/evppkey_mismatch.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,17 +14,6 @@ # Public / Private keys from other tests used for keypair testing. -PrivateKey=Alice-25519 ------BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq ------END PRIVATE KEY----- - -PrivateKey=Alice-448 ------BEGIN PRIVATE KEY----- -MEYCAQAwBQYDK2VvBDoEOJqPSSXRUZ9Xdc9GsEtYANTunui66LxVZdSYwo3Zybr1 -dKlBl0SJc5EAY4Km8SerHZrC2MClmHJr ------END PRIVATE KEY----- - PublicKey=P-256-PUBLIC -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl @@ -69,17 +58,8 @@ fMkTd7GabVourqIZdgvu1Q== Title = Test keypair mismatches -PrivPubKeyPair = Alice-25519:P-256-PUBLIC -Result = KEYPAIR_TYPE_MISMATCH - -PrivPubKeyPair = Alice-448:P-256-PUBLIC -Result = KEYPAIR_TYPE_MISMATCH - PrivPubKeyPair = RSA-2048:P-256-PUBLIC Result = KEYPAIR_TYPE_MISMATCH PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC Result = KEYPAIR_TYPE_MISMATCH - -PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC -Result = KEYPAIR_TYPE_MISMATCH diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt index 08485eeadabf..f1dc5dd2a224 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -65,12 +65,14 @@ PrivPubKeyPair = RSA-2048:RSA-2048-PUBLIC Title = RSA tests +Availablein = default Sign = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad # Digest too long +Availablein = default Sign = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF12345" @@ -78,29 +80,34 @@ Output = 00 Result = KEYOP_ERROR # Digest too short +Availablein = default Sign = RSA-2048 Ctrl = digest:SHA1 Input = "0123456789ABCDEF12345" Output = 00 Result = KEYOP_ERROR +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:sha1 Input = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9 Result = KEYOP_ERROR # MD5/SHA-1 combination +Availablein = default Verify = RSA-2048 Ctrl = digest:MD5-SHA1 Input = "0123456789ABCDEF0123456789ABCDEF0123" Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:MD5-SHA1 Input = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d Output = "0123456789ABCDEF0123456789ABCDEF0123" # MD5/SHA-1 combination, digest mismatch +Availablein = default Verify = RSA-2048 Ctrl = digest:MD5-SHA1 Input = "000000000000000000000000000000000000" @@ -108,18 +115,21 @@ Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b Result = VERIFY_ERROR # MD5/SHA-1 combination, wrong signature digest length +Availablein = default Verify = RSA-2048 Ctrl = digest:MD5-SHA1 Input = "0123456789ABCDEF0123456789ABCDEF0123" Output = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4 Result = VERIFY_ERROR +Availablein = default VerifyRecover = RSA-2048 Ctrl = digest:MD5-SHA1 Input = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4 Result = KEYOP_ERROR # MD5/SHA-1 combination, wrong input digest length +Availablein = default Verify = RSA-2048 Ctrl = digest:MD5-SHA1 Input = "0123456789ABCDEF0123456789ABCDEF012" @@ -127,6 +137,7 @@ Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b Result = VERIFY_ERROR # MD5/SHA-1 combination, wrong input and signature digest length +Availablein = default Verify = RSA-2048 Ctrl = digest:MD5-SHA1 Input = "0123456789ABCDEF0123456789ABCDEF012" @@ -146,6 +157,13 @@ Ctrl = digest:MDC2 Input = 3a46e5e80635d3b5586187b44b08fd02ca0bd36a637a8afeb46a1c1eb18d05b3196e00edf85378109015bcd3d0cfcefc2919c5b8e3ac42884b360188b1395ed34df7d2749f36b91c320d290311d78b36f390481eff42ace0275385c05176d022e4b625cf0ed85082d4b25da9e8a86011f6ac1cb8d8b812cc2bbd6c240caa8445aa74f8e971c935dbf3447df0411eb9e5cdee0851d1e0fea7041916c77efc09dc54e8dd4b7ba8f8d85ef43d4f12abde99886f4ebd5f021fc1b476cc23dc6a94fbbe77c954eee496fb6b4b5c534daa4e819143ce8de511a8bcb65759750c17edaca6fb31ac271c1ca3a27705f780ae86c67009e76fcba9067dde3556ff59c44111 Output = "0123456789ABCDEF" +# Signing with MDC-2 uses an OCTET STRING of the input to produce a signature +Availablein = legacy +Sign = RSA-2048 +Ctrl = digest:MDC2 +Input = "0123456789ABCDEF" +Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c48cd372578fa37cedeef24c93286d6d64f438df051e625ab2e125a7d9974a76240873e43efc3acbcbdccc2ee63769cdbf983b334ccb982273315c222b3bbdc3e928ac8a141a7412f1f794cfcabcc069a2ae4975d7bb68bea145d789634c9e0b02d324b5efd599c9bf2b1d32d077aba59aa0ad4a82cbbb90eaa9214e4f57104cf049c4139e2ddecf6edf219cd986f4d79cf25128c58667562c9d22be0291430d6cc7dad977d56e08315fcec133ea95d8db550f89735b4d5f233eaff0c86fce2b99f3f508e920f882c31f3e13f8775a3c8fa585c4f4c69eca89f648b7e + # Legacy OCTET STRING MDC-2 signature Availablein = legacy Verify = RSA-2048 @@ -592,27 +610,35 @@ Ctrl = rsa_mgf1_md:sha1 Input=65033bc2f67d6aba7d526acb873b8d9241e5e4d9 Output=1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e - Title = RSA DigestSign and DigestVerify +Availablein = default DigestSign = SHA1 Key = RSA-2048 Input = "Hello World" Output = 3da3ca2bdd1b23a231b0e3c49d95d5959f9398c27a1e534c7e6baf1d2682304d3b6b229385b1edf483f5ef6f9b35bf10c519a302bb2f79c564e1a59ba71aa2fa36df96c942c43e8d9bd4702b5f61c12a078ae2b34d0de221fc8f9f936b79a67c89d11ba5da8c63a1370d0e824c6b661123e9b58b143ff533cf362cbdad70e65b419a6d45723bf22db3c76bb8f5337c5c5c93cb6f38b30d0c835b54c23405ca4217dd0b755f3712ebad285d9e0c02655f6ce5ce6fed78f3c81843de325f628055eef57f280dee0c3170050137ee599b9ab7f2b5d3c5f831777ea05a5eb097c70bad1a7214dadae12d7960bb9425390c7d25a79985e1e3c28ad422ff93c808f4b5 # Oneshot test +Availablein = default OneShotDigestSign = SHA1 Key = RSA-2048 Input = "Hello World" Output = 3da3ca2bdd1b23a231b0e3c49d95d5959f9398c27a1e534c7e6baf1d2682304d3b6b229385b1edf483f5ef6f9b35bf10c519a302bb2f79c564e1a59ba71aa2fa36df96c942c43e8d9bd4702b5f61c12a078ae2b34d0de221fc8f9f936b79a67c89d11ba5da8c63a1370d0e824c6b661123e9b58b143ff533cf362cbdad70e65b419a6d45723bf22db3c76bb8f5337c5c5c93cb6f38b30d0c835b54c23405ca4217dd0b755f3712ebad285d9e0c02655f6ce5ce6fed78f3c81843de325f628055eef57f280dee0c3170050137ee599b9ab7f2b5d3c5f831777ea05a5eb097c70bad1a7214dadae12d7960bb9425390c7d25a79985e1e3c28ad422ff93c808f4b5 - Title = Test RSA keygen # Key generation tests KeyGen = rsaEncryption -Ctrl = rsa_keygen_bits:128 +Ctrl = bits:128 KeyName = tmprsa Result = PKEY_CTRL_ERROR Reason = key size too small + +Title = XOF disallowed + +DigestSign = SHAKE128 +Key = RSA-2048 +Input = "Hello World" +Result = DIGESTSIGNINIT_ERROR + diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt index 5f3b396a6753..18e11bdaa958 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -253,19 +253,99 @@ Decrypt = RSA-2048 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 Output = "Hello World" +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# Note: disable the Bleichenbacher workaround to see if it passes +Decrypt = RSA-2048 +Ctrl = rsa_pkcs1_implicit_rejection:0 +Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 +Output = "Hello World" + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# Corrupted ciphertext +# Note: output is generated synthethically by the Bleichenbacher workaround +Decrypt = RSA-2048 +Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 +Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 # Corrupted ciphertext -FIPSversion = <3.2.0 +# Note: disable the Bleichenbacher workaround to see if it fails Decrypt = RSA-2048 +Ctrl = rsa_pkcs1_implicit_rejection:0 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 Output = "Hello World" Result = KEYOP_ERROR +# RSADP Ciphertext = 0 should fail +Availablein = fips +FIPSversion = >=3.4.0 +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:none +Input = 0000000000000000000000000000000000000000 +Result = KEYOP_ERROR + +# RSADP Ciphertext = 1 should fail +Availablein = fips +FIPSversion = >=3.4.0 +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:none +Input = 0000000000000000000000000000000000000001 +Result = KEYOP_ERROR + +# RSADP Ciphertext = 2 should pass +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:none +Input = 0000000000000000000000000000000000000002 +Output = 93d0bae8ad0d94de400eb078dd10edd7418ef1bf11b8e8b5d2b86b142e77d603e108fbcca2b976aa7b5326e5369db3bb73bf74f8d47c36a6318e913888c873502a561fc69329e7c24a0a016d81310449a52b29e49a6a41bdfe6c10a8d90072d64b4486756fd007c0071da2a8c7107a904621c11f0d81aa80b655a713c28170594ece28133dfbfddd61d4e4dad0d6781f6145a351a994054993fd57cd1330966ce97d7ac259b15616fd7235e2cac29fdc1c05f1612c61785614b80e7b650c03ef77d64163d75fa637cc2a9a7e570b3176fdcfb6ad6d25e8515f6ced02cfb3a441c87220044110fd27dcb53888f0377e1797bf297b7da27d3f033cd8b5d60ececc + +# RSADP Ciphertext = n-2 should pass +Availablein = fips +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:none +Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44d +Output = 392fc701ce1d4d0bc6c6ef0396c911e2087a6f9d1c92bf1064168579a4db68bf374c29e3730df30f1f24af8d255c0f97b6dbf96691ab9f55538776304b15367ba903548a83edf47ae6932e56fdb31b4e3dffb19b036e22e3c60a69bd95ccfee5cf686f71e1af4378523247f23ed3b2ca947750e1729239d2604f32a7cc4f165f3e5a4d786eb3944fe4d383d9b4fbc1aa59a56ad9bac521c7602dd5518d741e13428e71e8d8de3451b29505f889ad4ecd649736e864c9c0b6007aae02c4bb61a0099fb98097d48cf82c5130358cfb184287a7cff033c48931f483852484d4c4d19c1540cce1ad6a46330f4b5430c8450442d7799de9272cef72702b2871d2f583 + +# RSADP Ciphertext = n-1 should fail +Availablein = fips +FIPSversion = >=3.4.0 +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:none +Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44e +Result = KEYOP_ERROR + +# RSADP Ciphertext = n should fail +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:none +Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f +Result = KEYOP_ERROR + # OAEP padding Decrypt = RSA-2048 Ctrl = rsa_padding_mode:oaep Input = 458708DFBD42A1297CE7A9C86C7087AB80B1754810929B89C5107CA55368587686986FCE94D86CC1595B3FB736223A656EC0F34D18BA1CC5665593610F56C58E26B272D584F3D983A5C91085700755AEBD921FB280BBA3EDA7046EC07B43E7298E52D59EDC92BE4639A8CE08B2F85976ECF6D98CC469EEB9D5D8E2A32EA8A6626EDAFE1038B3DF455668A9F3C77CAD8B92FB872E00058C3D2A7EDE1A1F03FC5622084AE04D9D24F6BF0995C58D35B93B699B9763595E123F2AB0863CC9229EB290E2EDE7715C7A8F39E0B9A3E2E1B56EBB62F1CBFBB5986FB212EBD785B83D01D968B11D1756C7337F70C1F1A63BFF03608E24F3A2FD44E67F832A8701C5D5AF Output = "Hello World" +# Decrypt OAEP SHAKE MGF1 +Availablein = fips +FIPSversion = >=3.4.0 +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:oaep +Ctrl = rsa_mgf1_md:shake128 +Input = 5998271817ECB28F061CA7A036CF8B79FCFA69C5C5FD782EB6B76AAA137338E3FB4F09BC3E53002EDE3B279F7470071F22C088B56D06626992EB5A20CA596B2F61BF7691CC1F9AD18ACC1E4E8598000A7829F387024740C42DF89D83A9C5032BB891964405019D0144A251B13F9FC6A652B5FF07697541F5A616AC7D39BA8F47CC2D48BC327201C8A0A0E0543BC7ACB0A99545DB94C8EE94D928D813AD06E4B2790AF30B42BFB141516BA1D3285C0A46E2EC0ABD23A3BB19556A58E4EEBB35950464C8C961C9707C66AE580CBD64583482A6B88FE1B68CFFE5A0AE5797DFAB90D3F594C624917EC25ADBFDEEBF212C9C15C6AE4AFA35A4F3CF79FC4BD3F8A91A +Result = KEYOP_ERROR + +# Decrypt OAEP SHAKE MD +Availablein = fips +FIPSversion = >=3.4.0 +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:oaep +Ctrl = rsa_oaep_md:shake128 +Input = 9DA9DA65D80395D1BB6A410F08B5A6B7D911463BE5804894DCE78973995DB98654E873CEFE001C436E15091D3E95137B51B84099553C97E144A102CF4A3BC9EB48036827F1F77E9308A34BC335EBF2FC6A1F0C6DB910BE75222109F9D3D2A02683F680DDD5C08D2A3273A90607F34E6454D72FD39095128775906A6B3064F2E14122A5FB8BF874DAB27D65B637A38AF93C68609699F180EE0DE551D8B31A90B5934632AA2C770F667D3C59917CC4D32E0F964E9516728E87974B0D072598B4E027A4CA3D80E8979677C40A1F7391481C81EE3CB0A529138F1E1D41538E5A06D7CB08C49F01F601EED40784ABCFC3A9C4BB8BA557277DE6FAF9F08EF092446CE0 +Result = KEYOP_ERROR + # OAEP padding, corrupted ciphertext Decrypt = RSA-2048 Ctrl = rsa_padding_mode:oaep @@ -278,6 +358,474 @@ Derive = RSA-2048 Result = KEYOP_INIT_ERROR Reason = operation not supported for this keytype +# Test vectors for the Bleichenbacher workaround + +PrivateKey = RSA-2048-2 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyMyDlxQJjaVsqiNkD5PciZfBY3KWj8Gwxt9RE8HJTosh5IrS +KX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjOjRQclJBetK0wZjmkkgZTS25/JgdC +Ppff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7SSmBfVEWZkQKH6y3ogj16hZZEK3Y +o/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVOyHUipMApePlomYC/+/ZJwwfoGBm/ ++IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1a9PC6lRl3/oUWJKSqdiiStJr5+4F +EHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGnaQIDAQABAoIBABRVAQ4PLVh2Y6Zm +pv8czbvw7dgQBkbQKgI5IpCJksStOeVWWSlybvZQjDpxFY7wtv91HTnQdYC7LS8G +MhBELQYD/1DbvXs1/iybsZpHoa+FpMJJAeAsqLWLeRmyDt8yqs+/Ua20vEthubfp +aMqk1XD3DvGNgGMiiJPkfUOe/KeTJZvPLNEIo9hojN8HjnrHmZafIznSwfUiuWlo +RimpM7quwmgWJeq4T05W9ER+nYj7mhmc9xAj4OJXsURBszyE07xnyoAx0mEmGBA6 +egpAhEJi912IkM1hblH5A1SI/W4Jnej/bWWk/xGCVIB8n1jS+7qLoVHcjGi+NJyX +eiBOBMECgYEA+PWta6gokxvqRZuKP23AQdI0gkCcJXHpY/MfdIYColY3GziD7UWe +z5cFJkWe3RbgVSL1pF2UdRsuwtrycsf4gWpSwA0YCAFxY02omdeXMiL1G5N2MFSG +lqn32MJKWUl8HvzUVc+5fuhtK200lyszL9owPwSZm062tcwLsz53Yd0CgYEAznou +O0mpC5YzChLcaCvfvfuujdbcA7YUeu+9V1dD8PbaTYYjUGG3Gv2crS00Al5WrIaw +93Q+s14ay8ojeJVCRGW3Bu0iF15XGMjHC2cD6o9rUQ+UW+SOWja7PDyRcytYnfwF +1y2AkDGURSvaITSGR+xylD8RqEbmL66+jrU2sP0CgYB2/hXxiuI5zfHfa0RcpLxr +uWjXiMIZM6T13NKAAz1nEgYswIpt8gTB+9C+RjB0Q+bdSmRWN1Qp1OA4yiVvrxyb +3pHGsXt2+BmV+RxIy768e/DjSUwINZ5OjNalh9e5bWIh/X4PtcVXXwgu5XdpeYBx +sru0oyI4FRtHMUu2VHkDEQKBgQCZiEiwVUmaEAnLx9KUs2sf/fICDm5zZAU+lN4a +AA3JNAWH9+JydvaM32CNdTtjN3sDtvQITSwCfEs4lgpiM7qe2XOLdvEOp1vkVgeL +9wH2fMaz8/3BhuZDNsdrNy6AkQ7ICwrcwj0C+5rhBIaigkgHW06n5W3fzziC5FFW +FHGikQKBgGQ790ZCn32DZnoGUwITR++/wF5jUfghqd67YODszeUAWtnp7DHlWPfp +LCkyjnRWnXzvfHTKvCs1XtQBoaCRS048uwZITlgZYFEWntFMqi76bqBE4FTSYUTM +FinFUBBVigThM/RLfCRNrCW/kTxXuJDuSfVIJZzWNAT+9oWdz5da +-----END RSA PRIVATE KEY----- + +# corresponding public key +PublicKey = RSA-2048-2-PUBLIC +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMyDlxQJjaVsqiNkD5Pc +iZfBY3KWj8Gwxt9RE8HJTosh5IrSKX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjO +jRQclJBetK0wZjmkkgZTS25/JgdCPpff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7 +SSmBfVEWZkQKH6y3ogj16hZZEK3Yo/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVO +yHUipMApePlomYC/+/ZJwwfoGBm/+IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1 +a9PC6lRl3/oUWJKSqdiiStJr5+4FEHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGn +aQIDAQAB +-----END PUBLIC KEY----- + +PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC + +# RSA decrypt + +# a random positive test case +Decrypt = RSA-2048-2 +Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066 +Output = "lorem ipsum dolor sit amet" + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random negative test case decrypting to empty +Decrypt = RSA-2048-2 +Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7 +Output = + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# invalid decrypting to max length message +Decrypt = RSA-2048-2 +Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303 +Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# invalid decrypting to message with length specified by second to last value from PRF +Decrypt = RSA-2048-2 +Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354 +Output = 0f9b + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# invalid decrypting to message with length specified by third to last value from PRF +Decrypt = RSA-2048-2 +Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081 +Output = 4f02 + +# positive test with 11 byte long value +Decrypt = RSA-2048-2 +Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592 +Output = "lorem ipsum" + +# positive test with 11 byte long value and zero padded ciphertext +Decrypt = RSA-2048-2 +Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b +Output = "lorem ipsum" + +# positive test with 11 byte long value and zero truncated ciphertext +Decrypt = RSA-2048-2 +Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b +Output = "lorem ipsum" + +# positive test with 11 byte long value and double zero padded ciphertext +Decrypt = RSA-2048-2 +Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc +Output = "lorem ipsum" + +# positive test with 11 byte long value and double zero truncated ciphertext +Decrypt = RSA-2048-2 +Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc +Output = "lorem ipsum" + +# positive that generates a 0 byte long synthetic message internally +Decrypt = RSA-2048-2 +Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0 +Output = "lorem ipsum" + +# positive that generates a 245 byte long synthetic message internally +Decrypt = RSA-2048-2 +Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50 +Output = "lorem ipsum" + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random negative test that generates an 11 byte long message +Decrypt = RSA-2048-2 +Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2 +Output = af9ac70191c92413cb9f2d + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise correct plaintext, but with wrong first byte +# (0x01 instead of 0x00), generates a random 11 byte long plaintext +Decrypt = RSA-2048-2 +Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc3039906ff3aac904af32ec798fd65f3ad1afa2e69400e7c1de81f5728f3b3291f38263bc7a90a0563e43ce7a0d4ee9c0d8a716621ca5d3d081188769ce1b131af7d35b13dea99153579c86db31fe07d5a2c14d621b77854e48a8df41b5798563af489a291e417b6a334c63222627376118c02c53b6e86310f728734ffc86ef9d7c8bf56c0c841b24b82b59f51aee4526ba1c4268506d301e4ebc498c6aebb6fd5258c876bf900bac8ca4d309dd522f6a6343599a8bc3760f422c10c72d0ad527ce4af1874124ace3d99bb74db8d69d2528db22c3a37644640f95c05f +Output = a1f8c9255c35cfba403ccc + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise correct plaintext, but with wrong second byte +# (0x01 instead of 0x02), generates a random 11 byte long plaintext +Decrypt = RSA-2048-2 +Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d2bac96bf00d6592ea7cdc3341610c8fb07e527e5e2d20cfaf2c7f23e375431f45e998929a02f25fd95354c33838090bca838502259e92d86d568bc2cdb132fab2a399593ca60a015dc2bb1afcd64fef8a3834e17e5358d822980dc446e845b3ab4702b1ee41fe5db716d92348d5091c15d35a110555a35deb4650a5a1d2c98025d42d4544f8b32aa6a5e02dc02deaed9a7313b73b49b0d4772a3768b0ea0db5846ace6569cae677bf67fb0acf3c255dc01ec8400c963b6e49b1067728b4e563d7e1e1515664347b92ee64db7efb5452357a02fff7fcb7437abc2e579 +Output = e6d700309ca0ed62452254 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an invalid ciphertext, with a zero byte in first byte of +# ciphertext, decrypts to a random 11 byte long synthetic +# plaintext +Decrypt = RSA-2048-2 +Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 +Output = ba27b1842e7c21c0e7ef6a + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an invalid ciphertext, with a zero byte removed from first byte of +# ciphertext, decrypts to a random 11 byte long synthetic +# plaintext +Decrypt = RSA-2048-2 +Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576 +Output = ba27b1842e7c21c0e7ef6a + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an invalid ciphertext, with two zero bytes in first bytes of +# ciphertext, decrypts to a random 11 byte long synthetic +# plaintext +Decrypt = RSA-2048-2 +Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 +Output = d5cf555b1d6151029a429a + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an invalid ciphertext, with two zero bytes removed from first bytes of +# ciphertext, decrypts to a random 11 byte long synthetic +# plaintext +Decrypt = RSA-2048-2 +Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645 +Output = d5cf555b1d6151029a429a + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# and invalid ciphertext, otherwise valid but starting with 000002, decrypts +# to random 11 byte long synthetic plaintext +Decrypt = RSA-2048-2 +Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955 +Output = 3d4a054d9358209e9cbbb9 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# negative test with otherwise valid padding but a zero byte in first byte +# of padding +Decrypt = RSA-2048-2 +Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a940037ac516b0d6412ba44ec6b4f268a55ef1c5ffbf18a2f4e3522bb7b6ed89774b79bffa22f7d3102165565642de0d43a955e96a1f2e80e5430671d7266eb4f905dc8ff5e106dc5588e5b0289e49a4913940e392a97062616d2bda38155471b7d360cfb94681c702f60ed2d4de614ea72bf1c53160e63179f6c5b897b59492bee219108309f0b7b8cb2b136c346a5e98b8b4b8415fb1d713bae067911e3057f1c335b4b7e39101eafd5d28f0189037e4334f4fdb9038427b1d119a6702aa8233319cc97d496cc289ae8c956ddc84042659a2d43d6aa22f12b81ab884e +Output = 1f037dd717b07d3e7f7359 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# negative test with otherwise valid padding but a zero byte at the eighth +# byte of padding +Decrypt = RSA-2048-2 +Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a96460e745024436470ed85e94297b283537d52189c406a3f533cb405cc6a9dba46b482ce98b6e3dd52d8fce2237425617e38c11fbc46b61897ef200d01e4f25f5f6c4c5b38cd0de38ba11908b86595a8036a08a42a3d05b79600a97ac18ba368a08d6cf6ccb624f6e8002afc75599fba4de3d4f3ba7d208391ebe8d21f8282b18e2c10869eb2702e68f9176b42b0ddc9d763f0c86ba0ff92c957aaeab76d9ab8da52ea297ec11d92d770146faa1b300e0f91ef969b53e7d2907ffc984e9a9c9d11fb7d6cba91972059b46506b035efec6575c46d7114a6b935864858445f +Output = 63cb0bf65fc8255dd29e17 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# negative test with an otherwise valid plaintext but with missing separator +# byte +Decrypt = RSA-2048-2 +Input = 3d1b97e7aa34eaf1f4fc171ceb11dcfffd9a46a5b6961205b10b302818c1fcc9f4ec78bf18ea0cee7e9fa5b16fb4c611463b368b3312ac11cf9c06b7cf72b54e284848a508d3f02328c62c2999d0fb60929f81783c7a256891bc2ff4d91df2af96a24fc5701a1823af939ce6dbdc510608e3d41eec172ad2d51b9fc61b4217c923cadcf5bac321355ef8be5e5f090cdc2bd0c697d9058247db3ad613fdce87d2955a6d1c948a5160f93da21f731d74137f5d1f53a1923adb513d2e6e1589d44cc079f4c6ddd471d38ac82d20d8b1d21f8d65f3b6907086809f4123e08d86fb38729585de026a485d8f0e703fd4772f6668febf67df947b82195fa3867e3a3065 +Output = 6f09a0b62699337c497b0b + +# Test vectors for the Bleichenbacher workaround (2049 bit key size) + +PrivateKey = RSA-2049 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEBVfiJVWoXdfHHp3hqULGLwoyemG7eVmfKs5uEEk6Q66dcHbCD +rD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjIXeD+dX9uSbue1EfmAkMIANuwTOsi +5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePfYkZQCUYx8h6v0vtbyRX/BDeazRES +9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+UFVTQRwRnUFw89UHqCJffyfQAzssp +j/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/krw6A+qFdsQX8kAHteT3UBEFtUTen6 +3N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQlwIDAQABAoIBAQEZwrP1CnrWFSZ5 +1/9RCVisLYym8AKFkvMy1VoWc2F4qOZ/F+cFzjAOPodUclEAYBP5dNCj20nvNEyl +omo0wEUHBNDkIuDOI6aUJcFf77bybhBu7/ZMyLnXRC5NpOjIUAjq6zZYWaIpT6OT +e8Jr5WMy59geLBYO9jXMUoqnvlXmM6cj28Hha6KeUrKa7y+eVlT9wGZrsPwlSsvo +DmOHTw9fAgeC48nc/CUg0MnEp7Y05FA/u0k+Gq/us/iL16EzmHJdrm/jmed1zV1M +8J/IODR8TJjasaSIPM5iBRNhWvqhCmM2jm17ed9BZqsWJznvUVpEAu4eBgHFpVvH +HfDjDt+BAoGBAYj2k2DwHhjZot4pUlPSUsMeRHbOpf97+EE99/3jVlI83JdoBfhP +wN3sdw3wbO0GXIETSHVLNGrxaXVod/07PVaGgsh4fQsxTvasZ9ZegTM5i2Kgg8D4 +dlxa1A1agfm73OJSftfpUAjLECnLTKvR+em+38KGyWVSJV2n6rGSF473AoGBAN7H +zxHa3oOkxD0vgBl/If1dRv1XtDH0T+gaHeN/agkf/ARk7ZcdyFCINa3mzF9Wbzll +YTqLNnmMkubiP1LvkH6VZ+NBvrxTNxiWJfu+qx87ez+S/7JoHm71p4SowtePfC2J +qqok0s7b0GaBz+ZcNse/o8W6E1FiIi71wukUyYNhAoGAEgk/OnPK7dkPYKME5FQC ++HGrMsjJVbCa9GOjvkNw8tVYSpq7q2n9sDHqRPmEBl0EYehAqyGIhmAONxVUbIsL +ha0m04y0MI9S0H+ZRH2R8IfzndNAONsuk46XrQU6cfvtZ3Xh3IcY5U5sr35lRn2c +ut3H52XIWJ4smN/cJcpOyoECgYEAjM5hNHnPlgj392wkXPkbtJXWHp3mSISQVLTd +G0MW8/mBQg3AlXi/eRb+RpHPrppk5jQLhgMjRSPyXXe2amb8PuWTqfGN6l32PtX3 +3+udILpppb71Wf+w7JTbcl9v9uq7o9SVR8DKdPA+AeweSQ0TmqCnlHuNZizOSjwP +G16GF0ECgYEA+ZWbNMS8qM5IiHgbMbHptdit9dDT4+1UXoNn0/hUW6ZEMriHMDXv +iBwrzeANGAn5LEDYeDe1xPms9Is2uNxTpZVhpFZSNALR6Po68wDlTJG2PmzuBv5t +5mbzkpWCoD4fRU53ifsHgaTW+7Um74gWIf0erNIUZuTN2YrtEPTnb3k= +-----END RSA PRIVATE KEY----- + +# corresponding public key +PublicKey = RSA-2049-PUBLIC +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEBVfiJVWoXdfHHp3hqULGL +woyemG7eVmfKs5uEEk6Q66dcHbCDrD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjI +XeD+dX9uSbue1EfmAkMIANuwTOsi5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePf +YkZQCUYx8h6v0vtbyRX/BDeazRES9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+U +FVTQRwRnUFw89UHqCJffyfQAzsspj/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/kr +w6A+qFdsQX8kAHteT3UBEFtUTen63N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQ +lwIDAQAB +-----END PUBLIC KEY----- + +PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC + +# RSA decrypt + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# malformed that generates length specified by 3rd last value from PRF +Decrypt = RSA-2049 +Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894 +Output = 42 + +# simple positive test case +Decrypt = RSA-2049 +Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967 +Output = "lorem ipsum" + +# positive test case with null padded ciphertext +Decrypt = RSA-2049 +Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 +Output = "lorem ipsum" + +# positive test case with null truncated ciphertext +Decrypt = RSA-2049 +Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162 +Output = "lorem ipsum" + +# positive test case with double null padded ciphertext +Decrypt = RSA-2049 +Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 +Output = "lorem ipsum" + +# positive test case with double null truncated ciphertext +Decrypt = RSA-2049 +Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052 +Output = "lorem ipsum" + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random negative test case that generates an 11 byte long message +Decrypt = RSA-2049 +Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca +Output = 1189b6f5498fd6df532b00 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00) +Decrypt = RSA-2049 +Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff +Output = f6d0f5b78082fe61c04674 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02) +Decrypt = RSA-2049 +Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3 +Output = 1ab287fcef3ff17067914d + +# RSA decrypt with 3072 bit keys +PrivateKey = RSA-3072 +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAr9ccqtXp9bjGw2cHCkfxnX5mrt4YpbJ0H7PE0zQ0VgaSotkJ +72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjdvwDdu+OG0zuNDiKxtEk23EiYcbhS +N7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni5QyIPH16wQ7Wp02ayQ35EpkFoX1K +CHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3VxUosvFxargW1uygcnveqYBZMpcw64 +wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx7S/IPlcZnP5ZCLEAh+J/vZfSwkIU +YZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+vEN0V6VI3gMfVrlgJStUlqQY7TDP5 +XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/gaEJANFIIOuAGvTxpZbEuc6aUx/P +ilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDkooCElYcob01/JWzoXl61Z5sdrMH5 +CVZJty5foHKusAN5AgMBAAECggGAJRfqyzr+9L/65gOY35lXpdKhVKgzaNjhWEKy +9Z7gn3kZe9LvHprdr4eG9rQSdEdAXjBCsh8vULeqc3cWgMO7y2wiWl1f9rVsRxwY +gqCjOwrxZaPtbCSdx3g+a8dYrDfmVy0z/jJQeO2VJlDy65YEkC75mlEaERnRPE/J +pDoXXc37+xoUAP4XCTtpzTzbiV9lQy6iGV+QURxzNrWKaF2s/y2vTF6S5WWxZlrm +DlErqplluAjV/xGc63zWksv5IAZ6+s2An2a+cG2iaBCseQ2xVslI5v5YG8mEkVf0 +2kk/OmSwxuEZ4DGxB/hDbOKRYLRYuPnxCV/esZJjOE/1OHVXvE8QtANN6EFwO60s +HnacI4U+tjCjbRBh3UbipruvdDqX8LMsNvUMGjci3vOjlNkcLgeL8J15Xs3l5WuC +Avl0Am91/FbpoN1qiPLny3jvEpjMbGUgfKRb03GIgHtPzbHmDdjluFZI+376i2/d +RI85dBqNmAn+Fjrz3kW6wkpahByBAoHBAOSj2DDXPosxxoLidP/J/RKsMT0t0FE9 +UFcNt+tHYv6hk+e7VAuUqUpd3XQqz3P13rnK4xvSOsVguyeU/WgmH4ID9XGSgpBP +Rh6s7izn4KAJeqfI26vTPxvyaZEqB4JxT6k7SerENus95zSn1v/f2MLBQ16EP8cJ ++QSOVCoZfEhUK+srherQ9eZKpj0OwBUrP4VhLdymv96r8xddWX1AVj4OBi2RywKI +gAgv6fjwkb292jFu6x6FjKRNKwKK6c3jqQKBwQDE4c0Oz0KYYV4feJun3iL9UJSv +StGsKVDuljA4WiBAmigMZTii/u0DFEjibiLWcJOnH53HTr0avA6c6D1nCwJ2qxyF +rHNN2L+cdMx/7L1zLR11+InvRgpIGbpeGwHeIzJVUYG3b6llRJMZimBvAMr9ipM1 +bkVvIjt1G9W1ypeuKzm6d/t8F0yC7AIYZWDV4nvxiiY8whLZzGawHR2iZz8pfUwb +7URbTvxdsGE27Kq9gstU0PzEJpnU1goCJ7/gA1ECgcBA8w5B6ZM5xV0H5z6nPwDm +IgYmw/HucgV1hU8exfuoK8wxQvTACW4B0yJKkrK11T1899aGG7VYRn9D4j4OLO48 +Z9V8esseJXbc1fEezovvymGOci984xiFXtqAQzk44+lmQJJh33VeZApe2eLocvVH +ddEmc1kOuJWFpszf3LeCcG69cnKrXsrLrZ8Frz//g3aa9B0sFi5hGeWHWJxISVN2 +c1Nr9IN/57i/GqVTcztjdCAcdM7Tr8phDg7OvRlnxGkCgcEAuYhMFBuulyiSaTff +/3ZvJKYOJ45rPkEFGoD/2ercn+RlvyCYGcoAEjnIYVEGlWwrSH+b0NlbjVkQsD6O +to8CeE/RpgqX8hFCqC7NE/RFp8cpDyXy3j/zqnRMUyhCP1KNuScBBZs9V8gikxv6 +ukBWCk3PYbeTySHKRBbB8vmCrMfhM96jaBIQsQO1CcZnVceDo1/bnsAIwaREVMxr +Q8LmG7QOx/Z0x1MMsUFoqzilwccC09/JgxMZPh+h+Nv6jiCxAoHBAOEqQgFAfSdR +ya60LLH55q803NRFMamuKiPbVJLzwiKfbjOiiopmQOS/LxxqIzeMXlYV4OsSvxTo +G7mcTOFRtU5hKCK+t8qeQQpa/dsMpiHllwArnRyBjIVgL5lFKRpHUGLsavU/T1IH +mtgaxZo32dXvcAh1+ndCHVBwbHTOF4conA+g+Usp4bZSSWn5nU4oIizvSVpG7SGe +0GngdxH9Usdqbvzcip1EKeHRTZrHIEYmB+x0LaRIB3dwZNidK3TkKw== +-----END RSA PRIVATE KEY----- + +PublicKey = RSA-3072-PUBLIC +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr9ccqtXp9bjGw2cHCkfx +nX5mrt4YpbJ0H7PE0zQ0VgaSotkJ72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjd +vwDdu+OG0zuNDiKxtEk23EiYcbhSN7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni +5QyIPH16wQ7Wp02ayQ35EpkFoX1KCHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3Vx +UosvFxargW1uygcnveqYBZMpcw64wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx +7S/IPlcZnP5ZCLEAh+J/vZfSwkIUYZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+v +EN0V6VI3gMfVrlgJStUlqQY7TDP5XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/ +gaEJANFIIOuAGvTxpZbEuc6aUx/PilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDk +ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE= +-----END PUBLIC KEY----- + +PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random invalid ciphertext that generates an empty synthetic one +Decrypt = RSA-3072 +Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59 +Output = + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random invalid that has PRF output with a length one byte too long +# in the last value +Decrypt = RSA-3072 +Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa28b791188374b61916dbc11339bf14b06f5f3f68c206c5607380e13da3129bfb744157e1527dd6fdf6651248b028a496ae1b97702d44706043cdaa7a59c0f41367303f21f268968bf3bd2904db3ae5239b55f8b438d93d7db9d1666c071c0857e2ec37757463769c54e51f052b2a71b04c2869e9e7049a1037b8429206c99726f07289bac18363e7eb2a5b417f47c37a55090cda676517b3549c873f2fe95da9681752ec9864b069089a2ed2f340c8b04ee00079055a817a3355b46ac7dc00d17f4504ccfbcfcadb0c04cb6b22069e179385ae1eafabad5521bac2b8a8ee1dfff59a22eb3fdacfc87175d10d7894cfd869d056057dd9944b869c1784fcc27f731bc46171d39570fbffbadf082d33f6352ecf44aca8d9478e53f5a5b7c852b401e8f5f74da49da91e65bdc97765a9523b7a0885a6f8afe5759d58009fbfa837472a968e6ae92026a5e0202a395483095302d6c3985b5f5831c521a271 +Output = 56a3bea054e01338be9b7d7957539c + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random invalid that generates a synthetic of maximum size +Decrypt = RSA-3072 +Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6 +Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04 + +# a positive test case that decrypts to 9 byte long value +Decrypt = RSA-3072 +Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde +Output = "forty two" + +# a positive test case with null padded ciphertext +Decrypt = RSA-3072 +Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 +Output = "forty two" + +# a positive test case with null truncated ciphertext +Decrypt = RSA-3072 +Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727 +Output = "forty two" + +# a positive test case with double null padded ciphertext +Decrypt = RSA-3072 +Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 +Output = "forty two" + +# a positive test case with double null truncated ciphertext +Decrypt = RSA-3072 +Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0 +Output = "forty two" + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random negative test case that generates a 9 byte long message +Decrypt = RSA-3072 +Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56 +Output = 257906ca6de8307728 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random negative test case that generates a 9 byte long message based on +# second to last value from PRF +Decrypt = RSA-3072 +Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a03a2c10eb624a63322d854da195c017b76fea83e274fa371834dcd2f3b7accf433fc212ad76c0bac366e1ed32e25b279f94129be7c64d6e162adc08ccebc0cfe8e926f01c33ab9c065f0e0ac83ae5137a4cb66702615ad68a35707d8676d2740d7c1a954680c83980e19778ed11eed3a7c2dbdfc461a9bbef671c1bc00c882d361d29d5f80c42bdf5efec886c34138f83369c6933b2ac4e93e764265351b4a0083f040e14f511f09b22f96566138864e4e6ff24da4810095da98e0585410951538ced2f757a277ff8e17172f06572c9024eeae503f176fd46eb6c5cd9ba07af11cde31dccac12eb3a4249a7bfd3b19797ad1656984bfcbf6f74e8f99d8f1ac420811f3d166d87f935ef15ae858cf9e72c8e2b547bf16c3fb09a8c9bf88fd2e5d38bf24ed610896131a84df76b9f920fe76d71fff938e9199f3b8cd0c11fd0201f9139d7673a871a9e7d4adc3bbe360c8813617cd60a90128fbe34c9d5 +Output = 043383c929060374ed + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# a random negative test that generates message based on 3rd last value from +# PRF +Decrypt = RSA-3072 +Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf4868174a91d7601a82975d2255190d28b869141d7c395f0b8c4e2be2b2c1b4ffc12ce749a6f6803d4cfe7fba0a8d6949c04151f981c0d84592aa2ff25d1bd3ce5d10cb03daca6b496c6ad40d30bfa8acdfd02cdb9326c4bdd93b949c9dc46caa8f0e5f429785bce64136a429a3695ee674b647452bea1b0c6de9c5f1e8760d5ef6d5a9cfff40457b023d3c233c1dcb323e7808103e73963b2eafc928c9eeb0ee3294955415c1ddd9a1bb7e138fecd79a3cb89c57bd2305524624814aaf0fd1acbf379f7f5b39421f12f115ba488d380586095bb53f174fae424fa4c8e3b299709cd344b9f949b1ab57f1c645d7ed3c8f81d5594197355029fee8960970ff59710dc0e5eb50ea6f4c3938e3f89ed7933023a2c2ddffaba07be147f686828bd7d520f300507ed6e71bdaee05570b27bc92741108ac2eb433f028e138dd6d63067bc206ea2d826a7f41c0d613daed020f0f30f4e272e9618e0a8c39018a83 +Output = 70263fa6050534b9e0 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00) +Decrypt = RSA-3072 +Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62 +Output = 6d8d3a094ff3afff4c + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02) +Decrypt = RSA-3072 +Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936 +Output = c6ae80ffa80bc184b0 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise valid plaintext, but with zero byte in first byte of padding +Decrypt = RSA-3072 +Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0 +Output = a8a9301daa01bb25c7 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise valid plaintext, but with zero byte in eight byte of padding +Decrypt = RSA-3072 +Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571 +Output = 6c716fe01d44398018 + +# The old FIPS provider doesn't include the workaround (#13817) +FIPSversion = >=3.2.0 +# an otherwise valid plaintext, but with null separator missing +Decrypt = RSA-3072 +Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4 +Output = aa2de6cde4e2442884 + # RSA PSS key tests # PSS only key, no parameter restrictions @@ -371,6 +919,7 @@ Input="0123456789ABCDEF0123456789ABCDEF" Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A # Verify using salt length auto detect +FIPSversion = <3.4.0 Verify = RSA-2048-PUBLIC Ctrl = rsa_padding_mode:pss Ctrl = rsa_pss_saltlen:auto @@ -421,12 +970,14 @@ Input="0123456789ABCDEF0123" Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF # Verify using salt length larger than minimum +FIPSversion = <3.4.0 Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:30 Input="0123456789ABCDEF0123" Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B # Verify using maximum salt length +FIPSversion = <3.4.0 Verify = RSA-PSS-DEFAULT Ctrl = rsa_pss_saltlen:max Input="0123456789ABCDEF0123" @@ -459,6 +1010,43 @@ Verify = RSA-PSS-BAD2 Result = KEYOP_INIT_ERROR Reason = invalid salt length +# Test sign with MGF1 using shake fails +Sign = RSA-PSS +Ctrl = digest:sha256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:shake256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR + +# Test verify with MGF1 using shake fails +Verify = RSA-PSS +Ctrl = digest:sha256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:shake256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR + +# Test sign with digest using shake fails. Remove once FIPS 186-5 / +# RFC-8702 / RFC-8692 SHAKE digest implemented +Sign = RSA-PSS +Ctrl = digest:shake256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:sha256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR + +# Test sign with digest using shake fails. Remove once FIPS 186-5 / +# RFC-8702 / RFC-8692 SHAKE digest implemented +Verify = RSA-PSS +Ctrl = digest:shake256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:sha256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR # Additional RSA-PSS and RSA-OAEP tests converted from # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip @@ -1303,8 +1891,8 @@ Title = Test RSA keygen # RSA-PSS with restrictions, should succeed. KeyGen = RSASSA-PSS KeyName = tmppss -Ctrl = rsa_pss_keygen_md:sha256 -Ctrl = rsa_pss_keygen_mgf1_md:sha512 +Ctrl = digest:sha256 +Ctrl = mgf1-digest:sha512 # Check MGF1 restrictions DigestVerify = SHA256 @@ -1330,6 +1918,13 @@ Title = RSA FIPS tests # FIPS tests +# Decrypt with small RSA key is not permitted in FIPS mode +Availablein = fips +Decrypt = RSA-512 +Securitycheck = 1 +Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 +Result = KEYOP_INIT_ERROR + # Verifying with SHA1 is permitted in fips mode for older applications DigestVerify = SHA1 Key = RSA-2048 @@ -1344,33 +1939,253 @@ Output = 80382819f51b197c42f9fc02a85198683d918059afc013ae155992442563dd289700829 # Signing with SHA1 is not allowed in fips mode Availablein = fips -FIPSversion = <3.4.0 +FIPSversion = >=3.4.0 DigestSign = SHA1 Securitycheck = 1 Key = RSA-2048 Input = "Hello" Result = DIGESTSIGNINIT_ERROR +Reason = invalid digest # Signing with a 1024 bit key is not allowed in fips mode Availablein = fips +FIPSversion = >=3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = RSA-1024 Input = "Hello" Result = DIGESTSIGNINIT_ERROR +Reason = invalid key length # Verifying with a legacy digest in fips mode is not allowed Availablein = fips +FIPSversion = >=3.4.0 DigestVerify = MD5 Securitycheck = 1 Key = RSA-2048 Input = "Hello" Result = DIGESTVERIFYINIT_ERROR +Reason = unsupported # Verifying with a key smaller than 1024 bits in fips mode is not allowed Availablein = fips +FIPSversion = >=3.4.0 DigestVerify = SHA256 Securitycheck = 1 Key = RSA-512 Input = "Hello" Result = DIGESTVERIFYINIT_ERROR +Reason = invalid key length + +# RSA Signing with X931 is not approved in FIPS 140-3 +Availablein = fips +FIPSversion = >=3.4.0 +Sign = RSA-2048 +Ctrl = rsa_padding_mode:x931 +Input = "0123456789ABCDEF123456789ABC" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad +Result = PKEY_CTRL_ERROR +Reason = illegal or unsupported padding mode + +################################################## +# Check that the indicator callback is triggered + +Title = RSA FIPS Indicator tests + +# Decrypt with small RSA key is not permitted in FIPS mode +Availablein = fips +FIPSversion = >=3.4.0 +Decrypt = RSA-512 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = key-check:0 +Input = 550AF55A2904E7B9762352F8FB7FA235 +Result = KEYOP_MISMATCH + +# Signing with SHA1 is not allowed in fips mode +Availablein = fips +FIPSversion = >=3.4.0 +DigestSign = SHA1 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = digest-check:0 +Key = RSA-2048 +Input = "Hello" +Result = SIGNATURE_MISMATCH + +Availablein = fips +FIPSversion = >=3.4.0 +DigestSign = SHA256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = key-check:0 +Key = RSA-1024 +Input = "Hello" +Result = SIGNATURE_MISMATCH + +# Verifying with a key smaller than 1024 bits in fips mode is not allowed +Availablein = fips +FIPSversion = >=3.4.0 +DigestVerify = SHA256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = key-check:0 +Key = RSA-512 +Input = "Hello" +Result = VERIFY_ERROR + +# RSA Signing with X931 is not approved in FIPS 140-3 +Availablein = fips +FIPSversion = >=3.4.0 +Sign = RSA-2048 +Unapproved = 1 +CtrlInit = sign-x931-pad-check:0 +Ctrl = digest:SHA256 +Ctrl = rsa_padding_mode:x931 +Input = "0123456789ABCDEF123456789ABCDEFG" +Output = 4b75f521e2e6eeda3f2dcb84ebdacbadeab8ffc1ecdf06c7c4e38727e082a8f5e71be66cdee6d14da1d3a0f18ff20914f71b5308363c81e7471688f4f201e82603ea6a7f31da89cd846b30e2893fd956e76b3d23d40f733e0358e3883526158c74577ba43cc664eaeb909818e75b89fc764cf4575517f87251f8d3cf29b1532f33e6183d454bddd6f255d0ca4415d957eb90dbc55d047f48a01c6e68d5ab46327a158ff7a3383b5b0446b8cd4a91b8859abd3285020a1613ef17d3f8562147828bb36be65505eeec77e968d04e172e2851ff1d7ef523b4022deb72d5fbf78db6738d170098586b904d1c369cedb5e3fe1b909a8dd8ac3beb521af2510d044580 + +# RSA signing with PSS salt length >= digest length is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Sign = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:64 +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Result = KEYOP_ERROR +Reason = invalid salt length + +# RSA verifying with PSS salt length >= digest length is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:64 +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B433CA3B11E36D2844265C6B52CD7393FC62A7C6706747BD9454ADE78DE35417D6F6FCE32F1C1D8F40CEF5715BC981AE4B1C94BF8C11E30BC3F19C71BE0FBDED06ECA5FCAC372688A9E821785B9ABA9705D76A1F74A092ACFEF30B018387771031554C43D3C49317C289EC570C603A6356E2FC1FB824F0505029750BC9028B342C27CD8F01C811C0172EFA807218C4657ACA5AA81A2BB1B0C4D63BE32C08BEF11C6E19C565D03246EE021B9293AB3FE33A8946F8EAAAE353E66FA3BB170FDADB7431FFAD4C92623148395FC6F6601495D6FF83E67B20BDDAD082C149E8 +Result = VERIFY_ERROR +Reason = invalid salt length + +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Unapproved = 1 +CtrlInit = rsa-pss-saltlen-check:0 +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:64 +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B433CA3B11E36D2844265C6B52CD7393FC62A7C6706747BD9454ADE78DE35417D6F6FCE32F1C1D8F40CEF5715BC981AE4B1C94BF8C11E30BC3F19C71BE0FBDED06ECA5FCAC372688A9E821785B9ABA9705D76A1F74A092ACFEF30B018387771031554C43D3C49317C289EC570C603A6356E2FC1FB824F0505029750BC9028B342C27CD8F01C811C0172EFA807218C4657ACA5AA81A2BB1B0C4D63BE32C08BEF11C6E19C565D03246EE021B9293AB3FE33A8946F8EAAAE353E66FA3BB170FDADB7431FFAD4C92623148395FC6F6601495D6FF83E67B20BDDAD082C149E8 + +# RSA verifying with PSS salt length "digest" is approved +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:digest +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = C7280C47D9E2E7468157776CA84F52485F771D961674BF88B64FE3476A193494BCCD7139C204C557EA2FD69BC986EA2AA0416B7CA0C95C442EEAEA1AD5E8F8CE8B248AACDBEDAAA0FF2486F2B10F7F310D63969258BDC6E4D1EAEA5F45E5EB00A328BE70424DC2676EE3679D65F5AEA7A7057FDDE1EE24DFF2BEF63206466D9B6BB440C818683797EAF26D9273CC1A9CDCEDB9A90023BCB35A1DA66288741C5728EEFA681AA8384521B6067E9C7502A005814979BAA71074FAF7D08F61B38F2812B4F5DB889BE2CA19B9D9B32E3463544D35F36F5116527A573AE245878F42E3E7AACC99AA5B18A3E89002779DCD3CF15B5942D31D0E0FF2753C58D046F864F5 + +# RSA signing with PSS salt length "max" is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Sign = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:max +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Result = KEYOP_ERROR +Reason = invalid salt length + +# RSA verifying with PSS salt length "max" is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:max +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 8424963AB8323443EC617FCB698B583A831303EB97C24C35EFAD6800D32BF74E2E1ACDA367FAD902EE852B1408602A8903E6D90C08F841215C130421E634BCDC798DD12A3E444B4237DE9497D2DD43794D7D04727B4E11C48E6F6BDA03A0117893ABBF3B00EC954AED35904AECA4B6E6020F860C8AE40B17FBBA7E2AB7BFC62E04AC9FBD8CABB03EEA68A12EDB417F13F24084AA5440C206886B86EDA4ADD29CE5DA07701FCC53CE5D77F03E711C8B1DD38763414022A88887813F7F31BA733CCAB124CFA03455C4850514231C9294BC68AD04E917E0F7675B53457A30EC1793D3D117A94D3B9DD60346EEB7027F79BF93AE62A297C261F36969CE2F797BB9B9 +Result = VERIFY_ERROR +Reason = invalid salt length + +FIPSversion = >= 3.4.0 +Availablein = fips +Verify = RSA-PSS +Unapproved = 1 +CtrlInit = rsa-pss-saltlen-check:0 +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:max +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 8424963AB8323443EC617FCB698B583A831303EB97C24C35EFAD6800D32BF74E2E1ACDA367FAD902EE852B1408602A8903E6D90C08F841215C130421E634BCDC798DD12A3E444B4237DE9497D2DD43794D7D04727B4E11C48E6F6BDA03A0117893ABBF3B00EC954AED35904AECA4B6E6020F860C8AE40B17FBBA7E2AB7BFC62E04AC9FBD8CABB03EEA68A12EDB417F13F24084AA5440C206886B86EDA4ADD29CE5DA07701FCC53CE5D77F03E711C8B1DD38763414022A88887813F7F31BA733CCAB124CFA03455C4850514231C9294BC68AD04E917E0F7675B53457A30EC1793D3D117A94D3B9DD60346EEB7027F79BF93AE62A297C261F36969CE2F797BB9B9 + +# RSA signing with PSS salt length "auto" is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Sign = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Result = KEYOP_ERROR +Reason = invalid salt length + +# RSA verifying with PSS salt length "auto" is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 4B3602F5E515B82573F0A19E244E8D2B6ED6A7E3066891B65E13D1EDAE535ECD0E59830B190322D357D6199E29C94DB6FFF2EEDB3B8BA57E81062AF963C9C392DC17343873EE7D572C059BAD5B6E4AD09EE50FC69C6FFE22353B95EA80B420E5C85BA86423ECF610F61887D2F02839B28B271B3FA98420D8630EF94E36015A1383C45EB4CA2CA7FCDCDBCF7722DB84AA303F333DF38ED1C92466CB139F8C7D5D7D7B393574951F2DB071579F7170A72934F29AD3EFB403A57AC8A6449742E240DB32C3505293942CAAF1785F886B561075DACB546BBA76FC4C1D8DD8241BC452A3A8B2510D136A2563B242FBF15D7ED3BA08A2C3F45CDE795C94B891F98A8E4F +Result = VERIFY_ERROR +Reason = invalid salt length + +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Unapproved = 1 +CtrlInit = rsa-pss-saltlen-check:0 +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 4B3602F5E515B82573F0A19E244E8D2B6ED6A7E3066891B65E13D1EDAE535ECD0E59830B190322D357D6199E29C94DB6FFF2EEDB3B8BA57E81062AF963C9C392DC17343873EE7D572C059BAD5B6E4AD09EE50FC69C6FFE22353B95EA80B420E5C85BA86423ECF610F61887D2F02839B28B271B3FA98420D8630EF94E36015A1383C45EB4CA2CA7FCDCDBCF7722DB84AA303F333DF38ED1C92466CB139F8C7D5D7D7B393574951F2DB071579F7170A72934F29AD3EFB403A57AC8A6449742E240DB32C3505293942CAAF1785F886B561075DACB546BBA76FC4C1D8DD8241BC452A3A8B2510D136A2563B242FBF15D7ED3BA08A2C3F45CDE795C94B891F98A8E4F + +# RSA verifying with PSS salt length "auto-digestmax" and a signature whose salt length is compliant to FIPS standard is approved +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto-digestmax +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = A3D8F40E767B72EED6B9DEA1D717F6A2792001B6BFAD28B54989C668FD65010BD07C90CBFDE139AEE41731A58BF2E895754AA61D3BD9AEF3D6307316EE5792075C22E4DC1DF1377242C258557281C089DF6996148342F3D259DF67A7D67D47EE222F0D14AD6292A6C8D4461AB9E24D27D8BDD35CE9CCC755B7BBCD8D3BEE779C97745A577B6B5634DBCB68A573423089BA93407A96CA07A235C90DA233AC76B290B0475812999531A90BC08F6947F15894232125F1EA35070FADCAB94AF11B149A7B76B0D74C0799DABBA027069DFA8AB56BDC1247F25016C631A18322F9F2B071405991A3618B42EBB05CE215DF93ADC3C14DB87466ED9A6B61605B32686DBB + +# RSA verifying with PSS salt length "auto-digestmax" and a signature whose salt length is not compliant to FIPS standard is unapproved +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto-digestmax +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B433CA3B11E36D2844265C6B52CD7393FC62A7C6706747BD9454ADE78DE35417D6F6FCE32F1C1D8F40CEF5715BC981AE4B1C94BF8C11E30BC3F19C71BE0FBDED06ECA5FCAC372688A9E821785B9ABA9705D76A1F74A092ACFEF30B018387771031554C43D3C49317C289EC570C603A6356E2FC1FB824F0505029750BC9028B342C27CD8F01C811C0172EFA807218C4657ACA5AA81A2BB1B0C4D63BE32C08BEF11C6E19C565D03246EE021B9293AB3FE33A8946F8EAAAE353E66FA3BB170FDADB7431FFAD4C92623148395FC6F6601495D6FF83E67B20BDDAD082C149E8 +Result = VERIFY_ERROR +Reason = invalid salt length + +Availablein = fips +FIPSversion = >= 3.4.0 +Verify = RSA-PSS +Unapproved = 1 +CtrlInit = rsa-pss-saltlen-check:0 +Ctrl = digest:SHA384 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_pss_saltlen:auto-digestmax +Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" +Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B433CA3B11E36D2844265C6B52CD7393FC62A7C6706747BD9454ADE78DE35417D6F6FCE32F1C1D8F40CEF5715BC981AE4B1C94BF8C11E30BC3F19C71BE0FBDED06ECA5FCAC372688A9E821785B9ABA9705D76A1F74A092ACFEF30B018387771031554C43D3C49317C289EC570C603A6356E2FC1FB824F0505029750BC9028B342C27CD8F01C811C0172EFA807218C4657ACA5AA81A2BB1B0C4D63BE32C08BEF11C6E19C565D03246EE021B9293AB3FE33A8946F8EAAAE353E66FA3BB170FDADB7431FFAD4C92623148395FC6F6601495D6FF83E67B20BDDAD082C149E8 diff --git a/test/recipes/30-test_evp_data/evppkey_sm2.txt b/test/recipes/30-test_evp_data/evppkey_sm2.txt index 410be7abeef0..eab7606ca336 100644 --- a/test/recipes/30-test_evp_data/evppkey_sm2.txt +++ b/test/recipes/30-test_evp_data/evppkey_sm2.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -83,3 +83,11 @@ KeyName = SM2_genkey1 KeyGen = SM2 Ctrl = group:sm2 KeyName = SM2_genkey2 + +Title = XOF disallowed + +Availablein = default +Decrypt = SM2_key1 +Ctrl = digest:SHAKE128 +Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533 +Result = KEYOP_ERROR diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt index 8cb70247a0b4..9756859c0e80 100644 --- a/test/recipes/30-test_evp_data/evprand.txt +++ b/test/recipes/30-test_evp_data/evprand.txt @@ -1,5 +1,5 @@ # -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -7483,6 +7483,7 @@ AdditionalInputA.14 = fc54b5339b37eb6889cfd7c185070bd0 AdditionalInputB.14 = f6a783d6d42e5ad5abb0a996bddfa04c Output.14 = 683faa732c4551604c8865b5f777571c7d3cf1a60124c59b91283da0cda9b21761d1c17c81856958c6d590436c73594bb36f46c2f89237d8c7a7ddd2c58394c983f8f6c000d77566f2a1d89bac054bdb +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7533,6 +7534,7 @@ Entropy.14 = 08a325accfe119fa807a95e8cc2cd8ff041ccad8e2c4cf49 Nonce.14 = c85baec1c2d1f3f189eecad5 Output.14 = 2567712d6fd3b52364b508bb2e4ae18e34b155dbe99fef9acbe21346715d36c538dc380a5e5900e0ebde76c779006fabe2b3f171fa63fa0f5ba264748278549c9beb26db701c8fab7adfdf48eb63e48ca6f3be8f17131c5e9145f5dadb00fe666a651d2b1b9e785fd444b05d4efa8ccc +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7613,6 +7615,7 @@ AdditionalInputA.14 = ae701404440c584e27266a12318c1793b6a112d96e6a6749 AdditionalInputB.14 = 53861747c9627e9244679d58e2dc8cfd8a72d1bab611dfd1 Output.14 = 665481033912ca7d87caa56af2612338768b044953b02b9a50e0244bb805ca007648f71ccf923030e56baa13a88111fe211091a54744aa5d82abe97775878059dedc6272e7c7a5392d1fb443b770ee7f5dd05a3f2bba4cab1cf473d02648d4f8acce91ef167e3ac00c1c9324ca074486 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7678,6 +7681,7 @@ Nonce.14 = e41f19a969494a2293ad0542 PersonalisationString.14 = f67bda6553b5e4b89e309cb48a336b78460aff498846c2e9 Output.14 = 44d544ac910b7668ba9c5524e388957520fdbf11383808a5a8008d119aff7e1e2bbe63b4cbff19455f20f3dc79ab0a83dcf0e403728f2a2b2a9f3b98930d9f285641da3b6b9a9467b2701ce1ecac82bad8214bb618c40999f5023dc2d97dc1a53a0296d44f6fc9d49db00959c89e9f5e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7773,6 +7777,7 @@ AdditionalInputA.14 = 6a7418d4ffc40e11859f33189d5a8327042ec268b004ade8 AdditionalInputB.14 = 97beb8c47434a23efe536287d776edda7ed7cae84c0c7e35 Output.14 = 1fe94acb5f5cb7e4a8edf5be61673bdc066288538dbd0ac29ce2d43f7b890028e48131e6b3a7cfbb42772b63f2fac8c0472418653ee2ebcdfa5ec08683e7d4a9cb2c67cf7e22c2ddc779c6d9971b29347e6688113294c902a5d62c1fc35595e091cb10e5a895d7c3697056659ae457d1 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7823,6 +7828,7 @@ Entropy.14 = a71c303bf17e128c8e0aa07fb61ccc1f40fdb487a955fd95 Nonce.14 = d3ca16fb12ae4709d411e5c5 Output.14 = 61a51fe1eca4cf947bbf2a77d643e7963ca2c587e0eacc8f7fab3b3f0e166197a4d15184cec4f0858de2773d8becb339bbb18ab2c10c8b246ca66dce48e2a0938fe1ab122b4930d603b937491ddd3d10abac731957f2e1e030eef33f7f311ed782b06697914145e266d0b967914d638a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7903,6 +7909,7 @@ AdditionalInputA.14 = e098f0e076a3f40fd970f5d221944f0040ef4a18d88dbe6c AdditionalInputB.14 = d7eb01dfd7c13fece92d35133c3be71efba145d7353c6d69 Output.14 = f03074a219ef31d395451ebc8534e4f2cd2dbfebbd9257507979ecec79a5f76359f2d6b4653b31704ae5a49f884db91ac335ddc6d11768cac7850734e76734b63b71ff12f3f8d42cd404009e7f4b66bc0a639a9354ebd754c17f3cc65704e698d9bc0640919c386e96760f3c36d8789e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -7968,6 +7975,7 @@ Nonce.14 = 838d1c69d8408cf0134f54e1 PersonalisationString.14 = f08a964b386eeadc4bbe57164d3b3a0c7c0068c49c9bc5ad Output.14 = d8af077476875fca2ef9f04013976c3c278d30592361b923bab2f7e3c8af4affac5408c390b4989da254eeb97ccdabf32f5e246739d0e532a6ea317e7dda02bae5051ca97a445f5e0696a041e5f9f2c077b26e575d749cae344859864aa00f262c1c41b2964b78f72f9cb98abce103f9 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8063,6 +8071,7 @@ AdditionalInputA.14 = fa0823db6808a3de1a7dcc081c01cca840f68b005d473bfe AdditionalInputB.14 = d3054fa2bdec7c63dc009ecccf25c1116380ac25f82a9085 Output.14 = 556e90c95c1abcdde027fb2b88cf191f0686830ecf3fbf89de51c9bd735726131472a17f307263d57c03bd5ecd9ceba6cd5759b06594bf901418e2421fcef4b72678614079cdf4d25fa0b74985380552d2bbf478290445066e3f4a40a2e2b0792a685b769ffdb27721b1faa484e9c783 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8113,6 +8122,7 @@ Entropy.14 = 2a55ddbf673f4e12538e61cd2bfda6f0316277661f553c38 Nonce.14 = a0c71049f5c75c23cc11c7ca Output.14 = a88e6cc37617929bee1e14f74ee363d1e05fee618fc1eb1f8abaff42c571048032c84ef0ec7a6d8ad7e6c5a4a6e90d714d76643eca063287929032fe75a2b63fb1f83ab36a7fa12a12d7332459bba56b017654bc0fc29beae1897863a63276208f9d11a32780a627135b271efda4f4f0 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8193,6 +8203,7 @@ AdditionalInputA.14 = 65e70309f7386d1a0aaa53da65263d5263bc5eaff0d5f3d8 AdditionalInputB.14 = abb8cd0ce0560309d2424d2f3fdce7af085e6c14699b4799 Output.14 = 8188a498ef9e0fd52a77c3a44f1c7edccf9248590aebc52cb9ba7b5cddffe867b26309f032a78c0ab751741fdd9bd77d4bd17be90dd045f6f8b45826c9900028f68138cf1ca8e18b253b8eb73ae04f2e156d51a792abdc6524e4f45e4ed0b06ab3b0c94bc5e1ed58f917c17f72161d31 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8258,6 +8269,7 @@ Nonce.14 = 1ffb77244697c3d67a564d06 PersonalisationString.14 = 62865bf0f5af2146440d74e5ac8787cbedc544de16db24f1 Output.14 = 1a74f62cc6bb05ff956d1af526926b937a84352830a78c7ecd2ad9c39a796f29f640d188ded8bda0e66ba81c941fed5e82f3c78543d9fca14335459ad9d573362f6b5d69861cb94c0bb055723ba5416b1fe08e74f27f23cdec9db05b50b01a20f0337cafec896f5f7412e1dbe7307e0c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8353,6 +8365,7 @@ AdditionalInputA.14 = 1a6853817be281e26796430dc90f014f6fde64cbef16e58d AdditionalInputB.14 = bdfa703974a758cd4eb00661e0f4663f4e574cc7be6906e9 Output.14 = 23c9f591ec9abea9f9eb89ab8d705a1e570fd2888772db5d6fc6e418a34e32d78fe49be8d4d8288fa397b57afd49c07b715e276c68a2eb8f3e63f67de21d8ad23fbbdcfa03b201952fae49928ce4da66cb70638398bfdba4db7635c8c726a3cdac22c98ae776e881edd60b69f0b38e4c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8403,6 +8416,7 @@ Entropy.14 = 7c8a961f01c1888456ae6042caf338c3ab8b5be28b34d15b Nonce.14 = 61edc22b49e518eaa9e4e04d Output.14 = 9d2eb0a41f7b03ccae8e4e3c61628e6710f5999f3991f04ba90fb3007275d07ff169d325ab26f3446e585c2d454ff8f6cd4a520190afbc06f30ec9b49668b09de45a116b171c210f5f888cf3c273c803044b17a16b06b44bc39344f2b2acb2f21f4b0a7abafec8c8d406d26477db9b7b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8483,6 +8497,7 @@ AdditionalInputA.14 = 71b5b9e9b813b5f69e8fa9fa7f588217268581b7d135fd7b AdditionalInputB.14 = e5b06d8f12539d36c665cf129c1c42e3b7e88edce1650870 Output.14 = 64595391a02ff750b46418274b8366bbca0e9c52c95bbdfa65882b76395887a018faa276f3fd6c8dbccdb964755e36508897cdac977037d0978f2752d1dc68bde3ba1edc94787c1c8cfe42c2347052da30ba7f1e06b44c10805196e7bb048cf572fda62b4a28fc189702b1e575b008ef +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -8548,6 +8563,7 @@ Nonce.14 = a16783ada78fa029ca3fe31b PersonalisationString.14 = b20dae78f254b07fe3eeb7c793334f3f432930353fe7f221 Output.14 = 081803927779c7b2039681db542c965fe48dc3cfde712a361e77da9aaf9f21cf38e18b4e8e5ae5a365910ada327b05630abe87858163713fd8c2988975eca44ee3725370f1c68117e58c2164605524102f22f3ea55f21f7e8fccd9861c59973d71c0aaca574480be6ec8e1fb9a163680 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -9803,6 +9819,7 @@ AdditionalInputA.14 = 228522e58e65d50dfd176e8ff1749faa70fc2c82eda25b0748ddc5d41f AdditionalInputB.14 = 7af60c47b4cd146a39887c9b812a1dd814d74c398609bbbfb57e73da9caff57a Output.14 = 9528c88f0aea3fc03bb8a9061e159a06d78a2a654408808aa4d0e73ab1a51e5aa85e8bcae72d34784ff6f513193e183d556ddac5675314f2b5cfe392d1526056afe32d7c03e09ba2bdf3b10e228b0f600a61cccd9e7bf14dccf13b16a838e60909785307e6905d510d9888eaab169fa601558fc952aa8559d270ecd386d7fbd7 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -9853,6 +9870,7 @@ Entropy.14 = c0509068d88167921812103b67e734698d68718ecf42cd99e0f55836c162d450 Nonce.14 = 71a50d2db258ea35ba69b5716bf68a14 Output.14 = f66c05713ebe804b4273103997d260adbe8a7d0f6b2bb862b867ca59874ab9e0898102664af2a8db24a7ccb4637269ac67d5e834941303acab9076ebfa04cef64f73480afb6808f11e6ab1a9deae514f5db1c90c59ce988cc1d04012640a40173362de2689f88647268c665ca44f57534c9ad9b8316b9cd1d5a14942e94e90607acf6ad37a2398979e56e9c227c1803f90844d6140f10d0baf20dd789d808a647b4df54d2136d967461383dd4db9dc154dd89cd282a2766dd6086bf3825d095c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -9933,6 +9951,7 @@ AdditionalInputA.14 = 25d2ad9eecd3bb8bb60769942abd16edf0ba777f2541a4b0e80fdd70fc AdditionalInputB.14 = 608c5789b5a2a6c11c7df095be8c81968c0bdbc6296026ab65195bdc5a297366 Output.14 = e1c600294a86393b7067b6e77ca83e68d28a6b76f6f81007183be65a50fd2f1adf6eec5a64cc753c5bd0ebc12387bde8c6ec10e6ec7e603f09d4ae624cc5423b5bd53da4f0af064e14a7d176369f1726fdcf6468ee15ffd7db3be48d196601506c71e2f443a768e03ebc35245d254bb87a392508ab07c95bce84ba81058ca1545289c9d8142aa0858c9cd5ba54ee2bb75cebb5b74e0d099ee458752d11ed70122aed1254609a715ddf2720798c9194ae4a7424e2c518ce7a8277ec79da86263a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -9998,6 +10017,7 @@ Nonce.14 = aadd62dbd7b34bf2021ea74a2788b17b PersonalisationString.14 = cc3308e380672a955620fba59999ec4fcabf1b7f63089a124cc1f65d58b691e3 Output.14 = 6c39f49bb51765dbae1de8325e7a6f8f8aec031dbdd94b83d5c4e062848eb4e01e3912784f817ee16f9c2dd0129eacd3f7b8d5bb4cf9a4a2ef823b0505c2ac8e4a1ec30812e98564aebaec14ff710a77c1904ab1fa3fef3c3d09f2d55b047a8db860322fab6d939093385838ec6d11667ca843f69268ba1fb7edc462fcc285adc9b4b97f0f717c28ac1b6f371d90baa86e8728051dfe9b68f15dd31a6da35194253545a5d667df6a1322f6b73ba661c7407608fa42e1b894bd1b6e7641749977 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10093,6 +10113,7 @@ AdditionalInputA.14 = 0d81d8c5af9885d1b30d2174429bcc6979bdb2b82e6fd3ccdfe93f36fa AdditionalInputB.14 = c63866629ed771e53d2fe2d5c21e98ebde295c3fc3896fb67279427c61a89eb7 Output.14 = b369b226dd535dbdab45ff8f13735214f9abe6d11463a44804b838d2932112ce6799341505b7b5bab423a3794c37f383b06be1fe21f5c7da97b333a41fb67908dbeeb2450a3581ef71870c964c976f039ee856fa507e9de948c4c097a64070b23cfa09ab7506a8ec4fc38a38ce21fbee3f3c1ef3ab598f5da202f35b90f422af31688402509c38ac25359409d2b61958390d28ca2d8b5dea99ae26c90978f01d7a482c12e134a81de0bf6c9f39e32a8b597ec7b7a05a805ebc7ce260c381f189 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10143,6 +10164,7 @@ Entropy.14 = 5b50064163ae6238f462461472ad2ac9acc300316e140abd9cd6edb87b8ffa09 Nonce.14 = 581d145675384210801d9c75d4d19624 Output.14 = de0ace4f4a728c681a0b326298142fe79cbff2ce5230e6c1ca3e2808692d02e4845867763cb9e93acb983aa54659be6f9baf210048baf7ea4f062bd7e3d9a6d5e7dccf427422b9dd93d392ffc810dfe185bbee253c3208e22a83c9804501321c6cc0357d22859487a3eaba53444f4027843699d5a78214c431ea741bba73bd29550925443cfa5f494372bd0e482e3ab4eace1b60187b6db588c0d252c8da3e0d6dd3e475040817ca2c85b1149d8447a52c111f05d7c14a0f6b7b6ea4f60aed3e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10223,6 +10245,7 @@ AdditionalInputA.14 = 80bb70930ef2015949b53d787630f5de93d93f98c577ca4632266e1bb1 AdditionalInputB.14 = b6afd2c00be2eaed5c1991909e89029db0b04598115fae5118cc215298e0528b Output.14 = c20bd78d9c396fc8fb408361e1dd4827ed3231617a73cd8848e493927207ea23e6efecd4fae36aff74b5235067543c7eb44c290122f9167a0ec4c6a530ecb0936fd683fbd866b73afb712b2f20ccc981b3f70faec4f4fda62e956c7d04cf578b06259b0f3c044e6dc68baf91e6149efa70b2ad2b81c8e14d1a994887193e53bdb5986a23d0412e989c447689a71b283934e50c25e10bdef0b22ce7368840cf761e32aebc07d7b51da16dad4c332926a4cc9853ac8db36b4b01bb36746a28f527 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10288,6 +10311,7 @@ Nonce.14 = 3432a2e2263728e375ab973bb5842d40 PersonalisationString.14 = ccfee35071757d5141f55a481b7c44a584c5e537c636d4d0ba10dc3c88adf6a2 Output.14 = 72a77d1c5dea9d00c349d4e5a9e6dff63ef6cb80b7998ef62e7a1fdc2267057d07fafb993e8df868821c6cf76430f3b7ff24a527f7e41fda6d560a773d05bc003f7e1ed5085f6da3785dd999a4763894455febf7618750bad4e30d8f52f3a072af30d57df5afda08ae7cebdcb659e6cdeaff52b47d4dc571e28315ff0e38538baf436e02d157b64afc6d50e6a4c5842aff1e7573888c6ff9beaf4f91aed988f03032388940c4f54afda05bf55ef6fc8c673f01ab545838574f3bd4f22865cfd6 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10383,6 +10407,7 @@ AdditionalInputA.14 = 0facad642bc0004f946e3fdd149a4c0e52475c9e832c85b228bff6f2a4 AdditionalInputB.14 = 19d477a7dd45a0b733e6c301a4fd44ddf65d4fe0a0435b57e319e31de4797427 Output.14 = 2a48844f6919ed43a2b0b64a1d28707fd3265b418e0673190b49a606358062c1a54a6071c845adc6ad74193d746668f890423ebb971a63cedae3241005432c8f3fa3fe7f98d5912da34dabcfeb17c03ee8881de7b2ef04fa2147b78532eb0ce7d9244d717697138f116341c7b9e99f15728207f6a73c651b8940582f9f926253420a853ae18132093183a6073e3bc85633b75e1c6cec9323ed4142d0c8ca0dd5ab2ff2e6b304ab8cfe4aa98ac64951d836e074169d375ebeae8498f11bd02c05 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10433,6 +10458,7 @@ Entropy.14 = 3b6dde5f550d482d30eee2288bff802241ef20ec15696e614b7268f7c574eb1f Nonce.14 = b8d8984703ca7f942951fca97129135a Output.14 = 36d0cce70eb5aaccf9b172fccf68e01eb8ac8b1f2652cdd238f4b070c8f2d9a128418badb38d5d5fabe28b59d15cd432010716fa6a48071114b2168cd29028386171594291118e54fbf5b61ae3fbbf9a21ebe73a4aba482c7cdc5ea1a4f21a0f1b38812cefff9bae78c2b95f417dc0cda010079b637f825dcba059d154f5a53050db773250013a1f051de9f7882433d2054ef2adf9b7b57c67173c06ad16cac6bdf74a10bcc666f7d4a091a78131c5ed76fb733791278b6ee0f55302c4b122a4 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10513,6 +10539,7 @@ AdditionalInputA.14 = c6a3bc83220c7708eb7fff5787ecba27e48c894e15302e0ee7f4e5f09b AdditionalInputB.14 = 39b854a1c487e24e1ed58916d8012277fafd6e7b6175c4be43927cfac9958404 Output.14 = f7d2f39a513f6c4eab993fa440b769ce09a15476e06ceda47969be05f53ec7f8409de284749cdcfac07fe7df66b1b6bd39389401909f3a84538d041e1c038a289869e51bce8bac13a0f786cb091628f0a3a7f7f9a2f620c98889688d46a2a037fbc1b2a4fff40800eaccf98a0bc1452ff1f53f040daa94e17dcd6acef97192c74075d064be5a97205ad97f693257d96c04e78654a694e90b80a5234a25d1c7ceef360d53e768067335097c4aa8f126a31882eff8e55cee05eba4b4325c203f4b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10578,6 +10605,7 @@ Nonce.14 = a684932ea2337296cc3d150174a47ce0 PersonalisationString.14 = b2c0af9038c2ef79ca8263a047bb9293a44ecdb457fb45945996157dcd199cec Output.14 = 316fbc32ecc1dfa778b13921b1d624f9231c0ecca03e17fde750b1e31e76b1c330ea5bd62ca76150f231ac4aa96b06f845db2d03b65cdaba4c160b288a121eb144058f65a751e22151f91b90131e6756356e7f90d880ce754cf965f439189eb8bedf86c58e1fc2751e65637930c42552fdf81acfa1d4515ad49dc532b2a10b2b11209425ed1cf43c991b4a7c49bf6e701990fddc420608d74c3636829e4683c4e77a8151708d82ef8fb81b3655670fd4d242e357831bc091f30e6d139d5e5ba5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10673,6 +10701,7 @@ AdditionalInputA.14 = fa32817ad83c85b594976eafab28fe25c45aa74d0ab4750b33dbfd8836 AdditionalInputB.14 = 2e5cb3c7c9503e019b3383eb6264d6000160c3c99ee5700e7a92433da1c01f56 Output.14 = a7571c1afd3d1dc1d3b28dbab54fe3514a0ec74ccf999376a963a3820474cdd67b190551ad5b24f4376633b4964490f79a94059a55b967f8dbe58eb20d70f1fdac91565bd8daf5223abfa13b132a140acd33e36f29fe1b107f62e6c45a679247b80c0aa050f1c2d3195629baef7422b72fb3cfbb82a2e4dd1966b1cc27b8e6df1907fbd6320f25594e1eff912cd9685755473b908e06fd30c4359258be0580e6bb2f986b0450d53fdbfefc3bf06c0d80648800234100af755acec4f809c39f3e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10723,6 +10752,7 @@ Entropy.14 = 1e1cde834393e00a2136b8924be5600c8bf59dc2d8a9eeae467ede71ee7b75af Nonce.14 = b6035e96adcb7e8f2e17022e2e4f39ad Output.14 = 9dde9f29034b6e784be24fe600c39b091568afb4c40c8e05b8b7dc36ca74a1bed38ab15643ca8c6da2f5aa4b7a6a5d5c9920cc31129c84e2fc9b865b3f30b698a143189a3f3b692b3e5641499c949e53e3619cb112f42046a18d5d12dfb3c6932a6a829d07deb17b799519b81e961ff293c0b2d24b629fe906166e330135e4ffd00609462f0f9b89a110084945243972486a0e1aedb2eceec02d402696c89abbc950dcaa72d7b0e00ed8e65c3e9eb1af7535de2da728f901650633242b3368c6 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10803,6 +10833,7 @@ AdditionalInputA.14 = 7112823304b16377182ff9aba920c97ec4d4f23cd472fa9954ded16495 AdditionalInputB.14 = ba183a035635d9617bd71b59fccd561f1c78a7589c7fb3fedf41dc2e6d5015c9 Output.14 = 94e577e5c4f66be345c6be7038b02fcfb4070d5bf74f8004b59c279cce961dcf5bfdce2f01e007790cf770587a68d0d24ef0fcd1a148fca6920e707289e58b81fa4a58b5a018a358d336a20daef30b2881844838e51c56f11533b25c77b9c6c6bb2c0657350f011b24db6c60a84232dbcd218a816563737585c1ca6152ff13304ca86dff20f9f9596aaa21448f2c6e620eee58f69338e3b675d29b478f34f0e60dfe7f12f02e6181d19185f7dc945210d86d31e85eae03161e947fec0f0fc91d +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -10868,6 +10899,7 @@ Nonce.14 = 67f50628067bc401648926d7567711cb PersonalisationString.14 = 5f8cb19e3c86b179ffb8812db791e8bbe6b0caff958715dd9e3368a2d48f65d7 Output.14 = f178a20d27725759c839e7fabb63bd101c3352f582524ff088ccaf6f0546ecbd3d5165f1e3cacbb49ede115b8f6c8db3aa9720692efda124138d29eac17637b84977384fb88e81289ed5ec960e6e98fdc71d03ef0bbc05ac7682acdc62888b49fdbb442080687f902b5a313ac88d364b13871b20f684cf1acbfa229fa203607a0a37b4e1685d13a508da9f48dcd83f26751a2284044f93e18b2a206a1887d77c4b76e821952b376f19fcf53d83f704e3ec3b5c3cb4c390b213d57dbe4852914b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -12123,6 +12155,7 @@ AdditionalInputA.14 = 2cc9f137fcd8c2d526d70093fe11f90a0a36bc9764a4c5609072e181a2 AdditionalInputB.14 = e40361245b91880e308fb777c28bbfaea5982e45fecb7757bb1c9de2df9dc612 Output.14 = 66ad048b4d2d003223c64dd9827cc22ed3ec8fcb61209d199619177592e9b89226be30b1930bdd749f30ed09da52abaa2e599afaf91903e7a2b59ffb8fd470e6604485a27c200d375feff621118595a7a3057b7e31eadc0687b1008c3cb2c7435a5704b1a1a6a3487d60fd14793c31486af765ce2ce182de88112445dd5ff11b256cfda07018b95f97edbab4e4c39ca097c42f9dce80cd3f32677f3c224a86b315d02e377dca8f3785e9748ffdbe3fcaa3b0c6bf001b63b57426836358e9b315c6718e0b74fb82b9bf3df700a641ab9411d1b9fba42309a84bef67a14204f3160ed16a5497fe211aa1f5d3ae4b858b6d445f1d094543d0107ce04ef1d1ba33ab +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12173,6 +12206,7 @@ Entropy.14 = 42623115c0a43edeab391ee8ac84c2b3b1bebba8a6040cd1 Nonce.14 = b79f5c377be52381210c1c2c Output.14 = a59dcfa9585b1080cee51ee493fabc22394ccd0949e3a4d4e5b8d60e1137288d20f65e7f1ddc1345869e1af62562d6c11044bb65d11dc0071a04a2cd0eab76718ec9a67d4482acbc82ac27685b98c50064b41e120a35e5ca57ed1bed6963fdd03e26865ddd3217d67cdddbc990c5833c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12253,6 +12287,7 @@ AdditionalInputA.14 = 450a2109e7d83a3ab2e628ab35af4dce8ce7205de7c5f365 AdditionalInputB.14 = 60d0ce5e11413c321535d849da56c3d9bf6222a3d2cf77e9 Output.14 = 27397574a1ad91ef6f332c954c0d5802cb9c90926ab05c116586995bd795a2f1b4706487da86282e33d0b44dcb7a58c8c4a2874ed4646a1e963b7d26b62e0a5e0a5bb60ec6e07ea6b7b7fe1194c3ca4371736e595707ca7fb56bc924089e66b137c47f9dde74b5de3687aebc2f5c2a39 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12318,6 +12353,7 @@ Nonce.14 = f2435f70e075f8044d4235cb PersonalisationString.14 = 80fa0ec5a3a1b46cd639ae19c137239ba8113db33984c593 Output.14 = e547f6d8cd665204f8ebf6d64ecaa23fcc59c1682eab3190bc76ad4981d68810833f1212965def4868883529c0bae4a2345da6a0e6a7e766d16022c6f371db8ad089d9227e3a85168d080c3ff2bdd604e7f8404a16268bd66d70f5fb164cee60f1af97bdb6e1d72059d7028a13ec83f5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12413,6 +12449,7 @@ AdditionalInputA.14 = 81356bf7d3122bd65b5d96d2ca68875e1d77b36edb8e92b3 AdditionalInputB.14 = 1f185d4aeca1d95ba4c8e7867df64296525e00db7da61e88 Output.14 = 8032e92efc35ace508d8a10f36a6e7110cd0b087cf853409e83dbc554633380e9793b7657a23a931e34347fe0ba34c2abdef6a8505e44da62fee97a9543b9e6dd6538726ec2cc6f6d19382562a4a438a2b0756fa66b48628af292e2f53e49edfae3ccc48a95f24c940a90d1abfdd6d0b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12463,6 +12500,7 @@ Entropy.14 = 3879ca720aaebb2a29c99c0aa21d63308b44677f2bbe6056 Nonce.14 = 2642dd7030605b3608f4513e Output.14 = b7ddc2d0295a550e44103ffe7e6e1771cd488fa2ea32b091076085284edb870220e02ba6facdf27d8b34209048d0aa4cce4556c074fc7ec2c3691b95aac3f47c3b42bee3c2e35da17b040188d47b7effef8ac471a669f29e6c4b97ff6836cb9fd8954f57309a97e9a697e061010525a1 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12543,6 +12581,7 @@ AdditionalInputA.14 = 13998df6bfa51c2708775384f01cfe8f4755b6fe4b3c2fd8 AdditionalInputB.14 = 8d25383b6d04285fb699c644bfc9b7fc72de41c733f35b27 Output.14 = 3f408ca372917703ecb3449ea55de7a969a5ba184eee8f30fb19b99ae827c66b13f29d4d3a0236aefdaca63c28bb71595d3dc1fc20f1e7ba1b1c9bdb7c2122bd8e443b00b5339508c315ebbfc9bc3c7bebaaf83312325bae696a576b3c92931eef6b4eab6bd90c140295f47994ec6e34 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12608,6 +12647,7 @@ Nonce.14 = ddb5c0cd2b4b640898c2fd1a PersonalisationString.14 = a096d62f947314691cfb647cc2f331af834cbcdd5918f099 Output.14 = dc9175fb05854708739c3da005592ada29d408ed6162dd278ee457bd3304e4f7011355da2302df1d0d190ef846cadaccfa5325d3f71c407ab2434d65d815dafa6ca15f7e701a104225a839f2fa9874ad49bbdbee576b1bc71ace28c825095510890861c851bb79e2e2e922c3ac22fcde +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12703,6 +12743,7 @@ AdditionalInputA.14 = 2bc060710fe3d92760adc274b878de0df82804e840cd098d AdditionalInputB.14 = de879de9c03efe5a68a12da7a06003ffbbea0a9c53f5e0bb Output.14 = 4968c67d2f830b591531d620b6c40de4e9a15dc97c70b8b059023033bea376953cc5fb415d823d55d5b02b17c2ac60a1c8ee7473d25e94888fae15c6a7770b75565fe505a117c734d0c7d0386cff907a893da3a83d45f51bec9d95670374524b4f59e45a04c88d1756ed854fa9f65693 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12753,6 +12794,7 @@ Entropy.14 = 7ce7dd98c93953a8b60d395a68f03b8919931031e8f68bb9 Nonce.14 = 1c217188f9c7980b8b03b41b Output.14 = 58884a4316fe8104459bb339a4bac08d95461ad8e58f333eae5ceeecbf2d375e8fbb82eb1d29890ee0c56037bbbac8cd8e202d7ef05ed7126a15064699b9dfd4523782aabc6eaf21f1727d02c1311f5812c4b4294827a75f1cd6e6dcc73ba45ea8fc5f2647dff725f5fd9bc64d7b21ec +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12833,6 +12875,7 @@ AdditionalInputA.14 = e73890b772747a356ee1527501410eb5cddef015a8d6fbd7 AdditionalInputB.14 = 9145caf79d0b85bb7874c2dc82d52bcca68225a18de258cb Output.14 = 4ce4c45336ed4bdf4004f326a049c195c26ff11aadde90d7d035ce277a5b158577a7e9971063ee9c0b5063ab1f20c90f619137c2f4713831d18f2237e1a3d522af9a585e5f43f07d911b8b977f6c644784c9c02238b9fcd0f663c8bc1913f783c200b388b4ecf30246c7120adf3db79b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12898,6 +12941,7 @@ Nonce.14 = 2b884a75ff571f92ba1eb965 PersonalisationString.14 = 273f3885354c0a8296b0862e19157fbad69578ec121cecbb Output.14 = b60362ddfbb4fc41f4f5ef353fc0fd8f31e139876a3af0e69f9049aca46a5989ee3a1ebb6cf14f525c3d8a944f4e88e030e020ef6551289c93f5c6ca2f6bc495cdf49ac91bb86e4766ccbace5f7aba008390d2b6dfd416d63ebfe07f5d583b8f9916ebb54620953d0b73c136de06f520 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -12993,6 +13037,7 @@ AdditionalInputA.14 = 69720682d68b7043c331b889ce6d3d83aa3d33846e9ddc86 AdditionalInputB.14 = 350c63e7b01ecff4aa171f157c71f89a55637c2cac0253e8 Output.14 = 63fc9293971bc8dc151bcc2df20e4b5c7604138e4df49fed323c9f1cdeade3d5d1c8bc89e507e5da1f38c1f76d968ee45ba53a3da35e693e00afd683817ee7da5cd2b0a657ac6cf95913c859c6b4a15449fe9045a3af03cc198cf10b2deb67c5c3e9cf9a40b8251de19c6cf3114bfe22 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -13043,6 +13088,7 @@ Entropy.14 = e03af342db03da30e2b0e5b8ed76c2562194417fbf6be645 Nonce.14 = 6a9a5188dabd510894073f76 Output.14 = 7963276f1054db251369a0b91d854fabaa3dd5b2343ef4306cf897bf964fc8b885908c4ada163b929a19c948ac89c8480170eb59b9a8d7d2d30ddfd1248e2c1795c69da81fe72d6361d34754f88eeffca2c31859bc8940d6662abe2622fdfcc28a1764355aaf46a2e00e50606af2b6be +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -13123,6 +13169,7 @@ AdditionalInputA.14 = 9b6c491387a2394b94bfa8b077cd43bac49117e94afb9616 AdditionalInputB.14 = 7c04bea824d8aa7b19facfeb3a676eb51c31d7b92f0ca1ac Output.14 = 332b884c8edcb260c535a218001d421e190d8b9c6b856fbc5a4ab45f92149487f8563138312a42487969370440675f5bc9b21a75d2a8386867fdf861c8650e26af47c5efd81d9fc39cbcd44ab0f4cb10325fed6f5b7ce5d8111ff71e5d78c7d1f53410e5ba492b9f68ca55325ea8b318 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -13188,6 +13235,7 @@ Nonce.14 = 9dcc6c4317ff492d0d7dec5b PersonalisationString.14 = 7d30c5a4aa169c6dce156a8eaf000f9be0f8681e3282dbae Output.14 = 550a9ad9e45ba359d463c1e084777bfb2ee25ff791070a87f01adc04cd1a7e9e6ef334e477fb5cadd82381e0add8a39ffc222150f17b8bb0d3b1cd80948c0a5ee09a84ccfff6c9ac33e6831d1a84182edac6bcc25fe357a708f78db9a88daf553914cdf0bc7a9b0527597f73707fec8e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -13283,6 +13331,7 @@ AdditionalInputA.14 = 1b8725447ec539ea4a13c47b323f1d6f435ba7e624dcf5af AdditionalInputB.14 = 86d30af40a7a395764b8b69f2656954c7c3f1c30b2b703b0 Output.14 = 2fb2f24b2c38f217232dc22ecc7380b8240b05d2c7bc0e3dfdad268c8c10912a92595d70dd98e7ecdbdc6d7bce6c72cdebd7e121d75de8b6795b660be9096a1f24a97e9c5344c35f04451dbd8d9808c7a84c6fbafab6d060026490d492060f052fbf21a3bfa2a8e4a40db58672ca52ce +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13333,6 +13382,7 @@ Entropy.14 = 9021c403eada5eac222dc48e1437b6de48ca31b9e7e76fc5f60653a3d901308a Nonce.14 = 503b4bbc0ca538983285857a573f6166 Output.14 = bca7456257568a178877bca602d331161828a4ed0758d1ec3febcc21717cc4142e5481dc9756c56099cb043130345689156cb96e1664ad007c461ef8b5b0fa7d18508541f528a43fe8c719f3a269ff2821ca655980579dfc2c794da673b8c9234d561b833855efc91b4747ea5135a1a05017543f5780f2cde8b472787173ec50 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13413,6 +13463,7 @@ AdditionalInputA.14 = 439ba9ee252edb11b09fd765266b220077ab641cd7ed42b7cedc96b399 AdditionalInputB.14 = 18e1dab1f2af82b8912be6791b003d7b0d66ce76a78cc17b753055b7b48cd2e9 Output.14 = 5af9e042af202c9584bb69cb54738c0352ef2c9b9483d6fc8efd525ca38e62f535f2ed5658770e8cc5d53d9f1964b8a55d871c78250851491441c924701a52175410f52b162ebfe3991a72472d8842248402a666d726ea71437fc4a521543a323d501a6942ec4b7fb77ce462face53a2ab9b1b9fcccfe2346adf36027c48293e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13478,6 +13529,7 @@ Nonce.14 = ef68efad369ca5fe791ad438cf9dbbd2 PersonalisationString.14 = 012ff5b08fe14fad65ebad5f15d74fd72d8577115e5e91262043e85a13a3043b Output.14 = 1779c05411254dc5ff714eb56332cdf9a378a160bf0a20ca2da9e4c3b4e3c425d2f08dc969bd4924560c8caf9686b27720307af8246e6cef20fcbc00cb1f137b6efe9902f9944c1384bf917675a52b7b816795327afc4896182a78d4664b98196f89c466d5fe1e2a54122035863c8bd61461b2ef9e7b469492ff63364b013dfb +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13573,6 +13625,7 @@ AdditionalInputA.14 = 77d998ddfd7ab7577ca9f51d6cfbec955aaf9f88cbb3ae32db7f7c4609 AdditionalInputB.14 = 9ebaa09e7057ad7cfbf02e8f3143ef7b7c1dd6158f641815ecdf8e4a65c17f19 Output.14 = 161efdc30cdd124d4d6b3d43798dd79bac70f494c3ebaca111cfa3d9343bdb73ac0def00776486584f932cab74ee12a391cbf4890b10044f7de6c73f973e43837a43b7c47a1a9a36d7e62f9b7ce40064994a610b92d68c6d37aa5d9d92c3d858770ffb8fbd87324b49101bade3f2014bcae7deffc1e4f6a1a91ddfe7e6aa33cd +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13623,6 +13676,7 @@ Entropy.14 = 0653c409e957302f6eb62bbc4f42b30942ff7860e7c38dfb2fd26b164e83a713 Nonce.14 = 273f7eab3dc9bf11216d5216bd12478d Output.14 = 51dfe9851da8d7d5add3dae413d8bab8bc7d1fcecea00795ffadce047d5243ae36f29f3611fb8cb66e98717a98735384aa6a310696356cb48f4672b2ddccf86eb44777c1616338792629b6cc6ec2b66dbacc1a6b66bd9364914f1f43277f6f43e13145fcdb73a4aca6b784f9084d22c967033651da610e9a85b1eb7513683dc9 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13703,6 +13757,7 @@ AdditionalInputA.14 = ca73cf447f2fc3984a9de0290fd9a984a8460ac715cddd9e8ed99aafd6 AdditionalInputB.14 = 21dd9cb8e146954a9745fabe039f6f52ba8200f575e9bbe19c703b8864f34e93 Output.14 = f1b153ae274a380c28668f1ee2c8c3a91f5380d41bd611d974e4e419a37debe664d0b706722184fd3e805f2ff05554bde7219023d1f62a52970aedf4d77e7b4604cac2a804e7b9353c087752f7f185991b10910724d0fd06dc6526d6102c8d0ee8c32f6692c2786d3b715bf3860539689e3f415855ddc37bbb6750972f3a45ca +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13768,6 +13823,7 @@ Nonce.14 = 10818cc50b58ccb660d65ff705041a37 PersonalisationString.14 = 2756a89e79266d6d86bbd865708321f529b023d0cb5ee5d9888c37db33dd5164 Output.14 = 7b3d778ee1623b08875305d5761ce2cf44ef1bab87c7d0f29c862c40d3da31240e7450d827909b6b131a9b0e9ad68d5c02caebf4f3b0b7d7ac1cc58e353ba68e7ac9eefc3de1310cf9bf5f4b854ef3fc36e940d4fc50072845a83c38a7d4372c191b900d11d11a907a50607c348951ccfeba4efc30377e4a965056e4e84eeb02 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13863,6 +13919,7 @@ AdditionalInputA.14 = 764b81871036cf65802c4e9659e25b8039be84bad1b121b536d2ffc269 AdditionalInputB.14 = 28d46df3c254e5cc199e14b45bb1e2f85a5da03f49dd76b5a16b76723d5b9855 Output.14 = 94e1fa76f879eb9840cd50853565f43cd7b0545705bd9a35494668bef7d7e7085b48a455b38fcf10f145f28a599c58e2f88c2855f2437a17d7333d243a1c25b76bebc6a94f7abc3fabe4c78041d9b3eaf675c11970b14cfc6ff20c8b23852b2733ef8d8416a920617a9b271beeabdb0462e5d23fd68b56f58e3554e81493c5a5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13913,6 +13970,7 @@ Entropy.14 = 3bb1f6cabc56a02643eb767cc6e5bb3a5bd765555e4e27159ec905012f58de22 Nonce.14 = cc37cc9b20a2e4de0bdf8ccc3261eb90 Output.14 = 28f20b9a94340aaa6ca98174b5929ce3329d81bebd67faf5e30d12f775748c34c848bcda26cac8b4a9b34c7c92c9984a6f5a85269583358e985c2b372a887f9e3f0f3920dd512def27d818522ed1a49e96d00a5aeb41bafd152144a8b6f93426e73d6e8ef7a8a5381bc464b24061080af02aac51fdc52f404e1349b7d04daef8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -13993,6 +14051,7 @@ AdditionalInputA.14 = 2be009fb81ff22c5c2e15c988cdac8f21a6f17a4277fb1df773bbbcc39 AdditionalInputB.14 = 0c869f061049dbaea48af93272c5b321977659a79f8bf0a5c6d68b982ef44b88 Output.14 = cd9e8213591ed7e30743ba0dbae5f08a4021845d961040c5188093d518c3135048ea8ff052fd66fa83bf98c06d39c6cb522dbc938b6824f51488197159666369e7a9444e04b7ce5832bd6db1b3cebf8c0f7bf865bfc3cf60d2a2c0ef06abf7737590fba097c29fed234369cf9f064b142ca30e3941093904945021372c20d90e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -14058,6 +14117,7 @@ Nonce.14 = 704e8e29c7aac1d8cbe97bd7305f8cb3 PersonalisationString.14 = 631c5d0240b8d9800211ee6c97a5ae77405a354ac25705f22d405e17a52109cb Output.14 = 9ee855e661d4293fdd7353492c711b39625ead90849ae5808b1f67c55cabe17ae13f0f18c0954341d6a2d24b899785642c0b29bb1b81fe098a17f8701e8820cacf6c00a8dab2e96e7f8593e188aae48385ede7bb5ed5ffa3f19053663383d666d38eea377d121e0b55ee58ee8fbf1e49c42a4d3d48fb0c9247c6b94c6539f4cf +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -14153,6 +14213,7 @@ AdditionalInputA.14 = cf6884bb4cf7c08ea954cc2d2389eaaaaaa3bf9ab1dd74372c20bb3e12 AdditionalInputB.14 = 2b30cc597b280e704632ed1cd2bbbbba7a9953deaa809848eb937b6b1a44b91f Output.14 = 4de8e3c529bda0753a9ba237633be4c844308c233d6e58995c339cc006c7d4789b5f1a6314637b9749621fae3982c5a748d58c080e12118d4442bb55732da53daeca71d3d033b10a2a807848babb822a346524b4a41e9d85941730b21c0e80a9871c9d9aab0e6d0269258b57fcbf7d703794bd2e5f3d7b3da9d3cf2dc2073653 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -14203,6 +14264,7 @@ Entropy.14 = 043872fa9f0c4d97e2c6824b778a4fb0debae214d3358a5aa01c0092c9dab6a1 Nonce.14 = 0fc8d529a37083c2efe84aba8c8abbc0 Output.14 = 22e8eb6b4d11657a66cba93f89b519bcce87a9bfa5ee22cd3cfef6180cb8ca842e8d408257b8140fabbf1dd65085ae62fb8b1d2a679dc0bb0a82ecd3b8bbc05782a20a6345554a1f5467e9811e0fce41a786c805ce2882f8b4d972b9a37eedbf828a381d34bab95efc47233846f8b5c701563033253323eda41effad5fe37d3a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -14283,6 +14345,7 @@ AdditionalInputA.14 = 585a4b6736338ba663522b438ab9255782c39b36e6b253186e821ae969 AdditionalInputB.14 = 2581ca0314c9a224b09c0c2e677e1df1c215cae0760d3ba03d1053156e9c3155 Output.14 = e244109b937e9a71caa70d627ec8280210c86676b4ea842c6a4569e5da0b25c1ab3794ade3344e2185641c77df4d3011962e8312aa7c2013e4373204d861e27e88ede82873d5d45ae5700ddf0ae7d523e96df236a249ffc6e009e231b77d64f07f395e57b19a4d2961a6046c910d0b8ac3d882129ec3e337be4cf2d9ef041a8f +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -14348,6 +14411,7 @@ Nonce.14 = b2328815495d926dc8ff075d5834bc20 PersonalisationString.14 = 4c539b94823c6c7883b071ac395203bfb5117b6f9d5db7cf4063132e6a2a3cb8 Output.14 = 4f6035946d4305290485c7aea10bbceb99b841770dbf5529e31ad51b0ce138344ac0b193a5074234adab8887a51d9448a2cc637a543372ed93885975b8de342c6a12a1ca8f3d053ced1dd2c7d6a3fabf6ea7860071c035f0fd54ee5775ae3a5d457d4af9e034ed337d79e9fd52c2ad051388dda50aa78d37403f33d52d30f6be +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -15605,6 +15669,7 @@ AdditionalInputA.14 = c9a1481cd25c537ba57750d594afd25f AdditionalInputB.14 = 51e29804f9d079f3074ec398320b2a70 Output.14 = cb3cd4510de88f8081d8989c2679f76387b7d2cda286b75d659a3ab7c3b2ac77ea00366e7531c1c9f4f8e60c845c5d2a5e05fc999621d011deac3f28cb447a37c2ee815f7f5be3a571d153475d6497a3 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -15655,6 +15720,7 @@ Entropy.14 = 71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bc Nonce.14 = f49cb642b3d915cf03b90e65 Output.14 = 144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -15735,6 +15801,7 @@ AdditionalInputA.14 = 03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1 AdditionalInputB.14 = 5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6 Output.14 = 72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -15800,6 +15867,7 @@ Nonce.14 = e8c5220ae48b0ca1412e9c74 PersonalisationString.14 = a0a1d6d3887f7ff9f13c85d6ae5af2c840fd85989b7e50b3 Output.14 = 14f629aee43f71b61d467ccc37de8eb6110ccdc65fff57ddd2e66707bb768e5de5df5467ccd55002815d306adc7b7d6b5d87c20d2922bf5fd3790282608457b69720be7d7affcdfecd173a741c7fc99f5f30f981b1bc102977a61f1515b923ba53cd87a37faaac12e0af613ba0972a0c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -15895,6 +15963,7 @@ AdditionalInputA.14 = 875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe AdditionalInputB.14 = 4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595 Output.14 = 90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -15945,6 +16014,7 @@ Entropy.14 = 30efbec33ef98a928e9441af3caabb34cdad892669e88130 Nonce.14 = f77b7e0fcca6f8733e0bb0cc Output.14 = 85f5368cb9f44474af6c4a159477c5cdd05eb0c0a37847bbb07e9a9c8f633ef2c3727d017f1bbfa89dba056062202f5824b3a493ab53a2a5fcf796d944577f1393d35f2a284453b2cbd8eaf35b9bae7b87c156cdf9cd0a2fc94ddb0d4842e3ab4b6c97089cac0e32bdeb32dd8233fd6e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16025,6 +16095,7 @@ AdditionalInputA.14 = 5c15fa9dc77d6fec5f7a4a3e4a315c05de2b5e46efe54934 AdditionalInputB.14 = fb65ede490ee01a1c100ad5e23a20f91b45adf1ddc15c590 Output.14 = 98cb3191831dc79334e8e37d5246600f822aaa40964b91f345b9df90929db1b7bdea96dae9aeb88d05fade5ae6c29aa8eeec7fdc96e654c5ea41ea01e3104ca4d287bb03005feab0bd1f85e556bb6bc46a2227b14fd94f9e6cfd0341cfce951851feb967968d6cc818f364345b715bbf +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16090,6 +16161,7 @@ Nonce.14 = 46f8ee037b927ec766de0aba PersonalisationString.14 = e6299e0eb5826e498d873ac02892f01e02f6632101fcc090 Output.14 = d86bfd8f9d80eda3bd43850ea6edab2ba4f69ac8eea623fd6bbd5c0c920620f8cc136b0170f0310a156271981a9cf7629e1b8f0759de1e99e20a0930ce3bb7dd2d88bc9172a56108cdd736dc529a6b99862bed7d543bdceeebf450020762652d520105f5c5cc3c9a6ebb64af2a7e82b0 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16185,6 +16257,7 @@ AdditionalInputA.14 = 82f895626afb606f335f5f050f0fdf3b45275e0b451774f2 AdditionalInputB.14 = d423d43240cb6461402a7755f247573f24fab496e00b2e5d Output.14 = b32c753900d4a0a0650d35d0fc918b3aa5f253d4381598ed475147f32c8b002bc08678e45bed1b9b519cb9729972886f85e581c75d3c2c9fd6ced929be29aa3befcd1d3fabefec590ca55612c1a0409446a01398d0e4775a548d118a32f29b0dc29530329d2a7656e5d3ef66db2b9726 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16235,6 +16308,7 @@ Entropy.14 = c617061099a17392c3092d27728b35e59eb45814e9df9fa5 Nonce.14 = e1634c0d96cf91c53b063450 Output.14 = f08234ed8621f1f551cf49ea60140313a71341f6886c484a06e74e64aba6f8ffc2cf1edd34cd93e836ab033fb0893e52e01da9b3104fe49584a45447c136222b1c1f1d3cf406a80ed9d782d2ae277790eefc5c06f954e654f7f283ddea79d2160cca1f63d0ad00eae9e882de34ba4083 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16315,6 +16389,7 @@ AdditionalInputA.14 = 857ce19dd6e8a45be185875f1a98911062045553e8d28ac2 AdditionalInputB.14 = b5f1998f0fa38145edb86ae4d569ef4dc2e0aac0a815d3b1 Output.14 = 8f0d978b24bae2a0665beaddfa61e8896ed7976432bc4f7c444699e30b8da1ecbab8990bab9d0d72ef6f6b0b27ede12dc171a43a14092d57e3999cee71b1356da5f29b17fec227ca2a4887bd990fa33e1e01c8a9f900ffbeb300cc5ce9d7d2e25a44fafc07e34acd61d425e0d36fb0f4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16380,6 +16455,7 @@ Nonce.14 = fc382061e29c4047c6f05dde PersonalisationString.14 = 9b2eaa4c2a229cd2bc5de218aff95f6e5fbc7ef150bdb50a Output.14 = ad49119d6b4f25ba34050920fc503d3d0d331ac2535d916a58d781317fcc2b1117618e9105ce192651ea9e19fa6756975d207c662f2b464416d849cb67b9af52abeb84f80863943af99c7916e78317a091ba90714ec8620f661b41d648c15c06e822329cd7f145446c5c3630a4243281 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16475,6 +16551,7 @@ AdditionalInputA.14 = c9aac7bd9f15385facc344dedcfa754bc9f4f30277a3555a AdditionalInputB.14 = 42de701acf5622b30e7672bf7115043a9912c1758c1b316f Output.14 = 972ccd5aa60966bac39aa9c891c7c513244efbfe3446fde6806cee991851f1e4b3d4a4a0c04b57242deb4f53d27040879562fc5b32621b46a642f3c84063c5195faf9b78ed92145821ae554d58325b03d60e11461adaa8ac87876559e1cbe47f7b5c33a8311294b0e54a44c97d4d2c9d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16525,6 +16602,7 @@ Entropy.14 = 47f141d1d0142d53c10628d2d1dd77aafc11ffe45f29b126 Nonce.14 = a1e958e036afd40059ce9639 Output.14 = 2096935329ffd975154c38a2c22e30ef12b7acbacd39868032d6eb31a596e617fc7e05026b3dae231f256ea94dd4ea4f05734eaa7916be6f846b0304ff0de389f3390e51641103e7dedee99e56d9455c80a7e10edfd2147a50b3864b05443a1646fccde2197af1d1d72ae3c2d4594218 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16605,6 +16683,7 @@ AdditionalInputA.14 = 49a758a4e0a8ce69aa2e5f9b7940c6fbcbfc4fdc91165e4d AdditionalInputB.14 = 9c8ebc02c3d92d33112a15747b6367b8d6db3447cb9be2af Output.14 = 70cf10825dab6c1abcc1532a1b2bccd96f0638d02eedb40a7ebf97093f5d0295b6bc74d9e48290ab39260d684effcb401427a4ca62b971e5a31f06c14a9f8e3851c3e79dfe129ecf8a8e185ee58667e2b692474a0d5f0a39f9d794adf1cd71c1266563dde24dc944661acbf849fe69fa +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -16670,6 +16749,7 @@ Nonce.14 = 82dfae196513724ae269204e PersonalisationString.14 = 6e01d897ae919812b8408f82edffcfed8db6df2e2cbebd95 Output.14 = 6e9bebf2e54d8da4e8ede97ce463239245ff1b021acf4441312ddba96d1f3d750bf2b9583a8aee76e2ee36a56d8e2fd4e11377d15ba3ad0876fd467c375a744240de0a7b38974e0e7b27c3917ce4e22f2bc78861f6f8b1fb42edbb1b0cb869fe5169527064cf2f38c0154082af5457bd +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -17925,6 +18005,7 @@ AdditionalInputA.14 = 9ba9285889d50c27bdeb4a830a5b3120931a53980b30643557444718cb AdditionalInputB.14 = 0f8716df331067b8ccf0e5b90ff79dd0f962acc69fc5f89c593bbb84e3501ae2 Output.14 = 9d2c0053a0fd3f9be1fe33db214f6f2d54aca573e0642bd269f1b1ca23c42a1e85c73449830673cca14feab4d2686814edbd90c325e0fbcd5a2d7ca75334dbb113a13a0bb4e838f6724c74dddfca8c2bfb903c362d3ea82acd60d01749f6dc01fcd6708009a58ee9cc57a0d089095efae66aaea68ac247cf6aa8808d1038a109 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -17975,6 +18056,7 @@ Entropy.14 = fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad985 Nonce.14 = 91f9c02a1d205cdbcdf4d93054fde5f5 Output.14 = f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18055,6 +18137,7 @@ AdditionalInputA.14 = 809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56 AdditionalInputB.14 = 3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7 Output.14 = 4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18120,6 +18203,7 @@ Nonce.14 = afafaf2ad7e6449308e176be01edbc59 PersonalisationString.14 = ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad Output.14 = b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18215,6 +18299,7 @@ AdditionalInputA.14 = 9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544e AdditionalInputB.14 = c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4 Output.14 = b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18265,6 +18350,7 @@ Entropy.14 = 5f28c73baaabbc09e8260df3b3577c21f2f02be057bf49d2e73098ed5ff67f89 Nonce.14 = 8c2f85b546903d8d4c10fe4549c3f673 Output.14 = 1563c678f1b072813888970996af33c2a6b70b8dfd2e146c46df0616509382062fc9c72d223ebd555f4d8892aafd7b3b61619559fe3d3e7b5e83c07f422eeac912ca7d8858a2d25b966a8b34348b8ebcf44a4651edb9cf5a886e383b01423322ab3002edc8c936aef869d7638f38ca6688c308d2a17fea0ded21901d8e9f1ff8508762cb1dc7e700970938a0ece74c1c2d1801230ea785165d62a7ab0d6d59caf36b30be8e2e1f691210373b7a2866e32ba4b49b6a2f9cc9b80aa1340ef5c76f +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18345,6 +18431,7 @@ AdditionalInputA.14 = b5d9cb4b3709adf297462f1aa8875c9f84bc39e323b8fe1c0df269344e AdditionalInputB.14 = 5e47728cc468e0d2c6b6a90a20f83a9f0565716af54844552988f1d8c3a83eb7 Output.14 = 548c3496135ecfa1119098ea2d862d421af024a844c37a02142e2545e4ff1038f4b73c7f6b7d0fba8f92f292cf5ca8fd57dbe7ce129423e0ddeb1dffe89252dd6b50495c88f350bb77e08c8be409064f7e9cb751aeb779eae30b7c471dc41365f128d22474a7e90a9953e948642001f8e6ba8f91d250d8b4c6407892cd96b12e5d94e4d7608e6c11604357436c8d1cc07a21aeb58d396f413a31f72af1ac06864ba68c04e0c25971c1315f5a8c5c04fe252105fc822452d0cf66f86af13d613e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18410,6 +18497,7 @@ Nonce.14 = d28f752f6e466e3fd9595fd380fa14b6 PersonalisationString.14 = 232727310fdaac541b182497e5240dc2623a36b4efa7a912ab3ffaf9939c2336 Output.14 = 3bc26201261930bf3dc164d25287e41efb47c07c8c5c0adf3e86613435df202116331cfccd4e07c9ef008c62d4199d937221a17dc97be2043270ecc605d3d48c609cbce3aecba3557dddb304f440250b2c9fd78838483e2d5a2b22015b97869b891f9e42afe21df5fbb8dfc9061468c70c63a14b6dcad9ccdeced41d021dc0ff47821415e8793d34377258d9d6629b9e396b9d6b8bb7fc22e03ecfd4890d16912001cb7ed002e33a595052ddf7b991c5607ab93c220b2122783d51a8372a223d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18505,6 +18593,7 @@ AdditionalInputA.14 = 50ceb01860d60ed119f101d5c573b5db00402dbb03885a09e8d326156f AdditionalInputB.14 = 01e09092bc892916c29f7b515823f244d147d4b16976cebd6a76a37ef6e62998 Output.14 = 6f1379c44d8131924c9a78286e80ebb34604ad78b531e795cc30c4f0aee422e4052f201ba226bc0c2aa3ec341fcbb5a87e24b91c36be7dda62addba6960df1289372e9677ce030555a9bd1691f559b8ff787dafa35cff5dfd66a2abd83f81552a82ba6ca7d21c438483e60fd77f93bc109f5be802035412c2af2873f5cb186b77dc055c0e0b27b16b1ef37de0b81fe63c4074a7cc8c3d27f71a992b5468351ef8b84a7b3e8f12458ff670d1381d879feeb1cd3b93436580c86bc2c33f27448d4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18555,6 +18644,7 @@ Entropy.14 = 57050c5fe58b2a2a0eba0d3b9c08a9b285e1180d2a297e0a9ad20740c6fa9f00 Nonce.14 = fc309209936c569a1367d45b212a9a50 Output.14 = 288668476b39814edbce5ed91951cec398ba2dc3bad76048df5fb1a2a680519c217ec4d57adc0251e1f8892a866b142e0953353bc2dd207aa2703f81814d26a60daedfe94d97de6043ed5f3bd957b7516681827f7a36d1b2a87b692c67aba050bc38b5e84f65f07d70cc34549f01aa390c5fc8dd01304fee7378e62549738e3f710ee6a4e32db3f472e1c2ef1e803e57a8ea992f389f0823c922bcea8b00ab844e071579170baae90839ffd5e00844ec343b02db090847cd323f8a68f0dce64e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18635,6 +18725,7 @@ AdditionalInputA.14 = a633f5f05ed8b09b70683a9f9a8e998ebf843b68a039dc3aa40cf30a5f AdditionalInputB.14 = 9a57c6be8c1d992bcbd599952bd94a755d7ad686698991d189afd11cb88b9f53 Output.14 = ae0fd8a1bf6f2f53f9e81ecf6f40ff6a36fef58a3f157b6a435403e48da4e88cab7871bfe2233b92afd228bfe3117d7cff0798225a901663d51f0491109b9c631dd6d32c5bec2da321b8e64ebaced87a27f17f67082df944fa94acc6c557fa6816001642e38b7d776c631212b782f71aed6db760f90e0de8e81baaf4d419170362932e6c319dab948749b331aae41b4cb3267da37c9233c36d65d5482c8940387498453b226af485a37ea16bd9e4f938618f70aec97e8c1430a8d8b6aae396e9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18700,6 +18791,7 @@ Nonce.14 = e1609138b91637917ec170fa3c3fb278 PersonalisationString.14 = 230db2e57b87e910cbab26fbac7fa93a65c07c1ec004c74637e346c2db63288f Output.14 = fa58f2e96776b4aa079dbfb49d81d8abfcc30d459caeb45dec4f1766fdc3b234d52cdc5337ea770e71a28cc42c82cbefce896d1fecea5a5290300208aa79b5ff97d2091498d749b66a9e5b2da7b774567ae9f83b87a8417b1bd089935e575b16618ffe8ec04b91fc9315968dc395fa2bb8776133d3ede95aa89ae675881b26ca831fa5fe6cba800d2fed1d509353e8cba6f007cf3c5e0b9424cc034e1c817d5f7326764f5ed1d17ddf8900977a0172dfab50bf4819a67e4c1af4704f59eda3bc +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18795,6 +18887,7 @@ AdditionalInputA.14 = 32f618446311f03a0038dae07e85e19006a55b69501d764c241f683be5 AdditionalInputB.14 = d64a97650e2f25362fd711c7abb5635672e16a02a1dd5ed8a181762e86f4f5be Output.14 = 54ee53e6d18e974913ec235a37a706868f217af33b25e8e5369d90071be1d01035ca331b8514f3d6186a9ec62b1e7808b7fa22859eea21e4b8113ef770772561eff7f8b6ac22125d002f6ba9f53b235f7d85dd5b601787201ee1423de5d971b2e758b3955a048b50f118c01122a8e657f69a63843bea00a46c4fc2ebbae36adaebfe3e6c9b1c82e498d3fe48d332ac1bf31ab4c80830086c8ee4b1ea190f8e269f74cd760f5a29d244064d09c1bc30832482d5205e35604a388250a7a196ec74 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18845,6 +18938,7 @@ Entropy.14 = 9168436a8600415b83062125de0ce6a998090216dea7374af08e6d3becba054b Nonce.14 = 94206c91dcdf9c7c3f3571c703013419 Output.14 = ef12bd2b6dea20cd197ea9eabd98eec1a2943619cd2a96dd16a6c5485435e00c59570ff14d7d9fc09c99ade0e5ec12a84c0a8ccd5677fa9b92295eb2a620e8a0400bc9ad8a1ac1aa4969d8d04b77ad59b81d95cad75358698107dc8a2ff42adbd679ab29cc29cd6ea756f4c4e60c271c3134c48b5d5aedecf011e73c2663ad1cafe57120cc70137370760c350f4e9c0b8e9b01c9acaaeb56094434f4f87c67a5b5f674783204ab0d0598c06f0802a05ec97073c005f3c9f772fe0bb449c1cad0 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18925,6 +19019,7 @@ AdditionalInputA.14 = eb9e19bb6eb7b714dc4d56243897916364dae7bb3861a4697d7d3f2b14 AdditionalInputB.14 = 156d12c7a1d0af2cb9f2d0610cedd9ed3b982e77bf4a9dc1ef0f71284b751ca4 Output.14 = d3b0b0ac5150afdb3d9de12d2c8a7d45109436ed9c316aef1d1fc5bfba1cd37cd750841146dd08320539eb1678962e990f7b7662b44b918447e173672b873b8ab0348306cf6ae2bcc6756036870745436571763efde334dec5be7bb9920629a36cc5db66e8824695cabecb8bf092858e095a2a520eff140f483ec528131c850a8eaa48d8c997fbc810401ca378666d84020fd34af77fbe1152523e979560708fb15f3b7981e333ad4ee8c2fb6021a562f339616823cac5998cd919f82d43f41f +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -18990,6 +19085,7 @@ Nonce.14 = 733bf048e5b112426979a9879b6a0c10 PersonalisationString.14 = 58d91008875f51d541c6fbd626a49a798dc51d9cf2e8588808e74953392800e7 Output.14 = 1794335e21606d706dc89ace28c60a15c0c9f108f5ac882b103eb62e225de749285e5fb0be98a5bdc26e3c998ae418306380941d78acb7c81b91ef41cecab328332ac7404ace0ea858e7835534f778cab3e3e4eff043742e4f7d4d5725bcdca0b6be7ddbf79e57fcd1d5a4279f074a599abac2cd281ec6784e29d9399f5ffa8def3252acacc59844c0c24c20d029a89b4407e0b5cbe9a8d51241dd36bb82c400ec4571dd1baf831d58fed3dde4ac7f961be6ebc18af6bfa922a32b81ea11334a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -20245,6 +20341,7 @@ AdditionalInputA.14 = 06df99a38f4222b9e7e1e3f4a6f488c1dfeafe847129d54c93bccb1649 AdditionalInputB.14 = 3977a9671024bf0150752ba10c9f6432773bb71aaaa9d23d1ab72b90b7f0e088 Output.14 = cd4fa86fb559475f4cf4a60f111d3d0f71646d3d25111889332f2451eda96390c607a0178e1e79e8124c7626ecaa9822495e5341dc6f24818f97951bb29434c7c48d05838fcf3b43b8314827d3acc8fbe2c4ae2ab066626c25c32a760002cb1d980169f7691bee5e329ff1ff4938d3bdaae583f3561499563198a5eb69e73f6b963a5d072d23e07b0ce48cd04b31f9ea349c2cae355ba478e26a5fa33d8f03af84235fb1743d30910f5557194e3609494019bd705f8cdbf3d1b4dafaa09c9d8037d2e0ba0f96948d4302e981162c34c12c2fabe1a42da517b7e5a1f796980371420cb305d0a316bee56767ce1aca9260231839b92fa26fd75846d9304427da27 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20295,6 +20392,7 @@ Entropy.14 = 0cac1d970c06da6f224d49e5affec0fe338d0b375b66687b Nonce.14 = 1fb1df257951ce8fc0cf12a5 Output.14 = 7d6e2be5aa574b0edff39ea938e94143ed92b287262891dd2a6c9193b0237e8fbe10056e15785bd818e548452792a31c728acc14ce2bce9295d3776885018a57c8580a8e7df9a34ea960e0b39af4510711320528fa7a0badc6e25a0eead8cb091c404f626343c63d40044055ee9f9e35 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20375,6 +20473,7 @@ AdditionalInputA.14 = 38ead8a466e462f5c0617822c23294cdba07a80fd51dc241 AdditionalInputB.14 = cacc9efb209c71b123498182d25081aab8f0159bed1fc0c6 Output.14 = c200766d5caf72e64a77a7fcae1ae3d14681e33767ba2ba7faca26209fdcb59c7202c381b18adba07ef0ceef443d9e1c5888366bfd953d614bb184370b45ea2b44a251e381fd2bdb80bf4bb8dfe011e1b143032bae9ce82c2869537e70d36622bf23476163a2dace9ba863a5f0e3d303 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20440,6 +20539,7 @@ Nonce.14 = 7e2f3e4427d00de41ae92bf6 PersonalisationString.14 = 2e8bc8edcdb3dfdd451542fbc68481b30964fdf8a6ca77cb Output.14 = df949beb9b33d2c1522cf6fdb3206cb10b58411ba9e28a4096cda7662b69d23e0da2be9557b9a3b5a8d67db4d616ae9fda3a7e0a8516196568f7a81474c0264993b141f14066fbfc29da724e447f6e503385944e902510f0b3971f7bffc6a6a202ff88d8113bb222b104055f427fe770 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20535,6 +20635,7 @@ AdditionalInputA.14 = 23a781948449d82ee235d0495ca48d61aeb399d7e2ea68b8 AdditionalInputB.14 = b52421e5b0e5281920da6975ee18d74ceebdd5d5de05c018 Output.14 = c878a886e24e20a8b7e22e41ebb33a2b6e9a0168f4c72bebb78f0955c8449592e91c6a2f1ba5554c9459bf2702e67470c1df0b5125d651facc0a9339a2b7c921a51bc7203020f085c9231b3acd850ebfef0d0e13dc8bcfecf1f9853930ecd9b262cecaff0e2bed9e3b5b53343b733766 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20585,6 +20686,7 @@ Entropy.14 = 04c61e5cbd79804118267ee1c76db36b71b042bf60a1c891 Nonce.14 = b833be09092d4755ee6118f6 Output.14 = 0c4663313750b12daaeee80cb28f097cbe6f50df2022f9ff02a51fb373da42411c5856a136e9645e99e69aee273726d146e3ef4e546273eeca52b43c068887148b7197143f5b9a4c55d4b0544907ee9ad2f181d1b37742d1479d39e78e47505603550d2b28bc1d151a50bbac140988ec +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20665,6 +20767,7 @@ AdditionalInputA.14 = fa3bc697a6bd8ce341735365ad6e214d1e53e8d6d0a2c206 AdditionalInputB.14 = bea0650424d1f26e75a49ae2dc529f1fdc552e3a0aa50948 Output.14 = 4a718257296a3a99f199a5a24decf8f3e6209a4a7fb0b24913393c8309826ffcd6c47208ea6879921424ca55e63a7e5bc63a030cc48be7648da78fc9f314dacb2b8568635e5b14a94bb06a709a2f023a86a871dfd708204c911d94ef3690b3634e58de03fb20091d628bec834a760dd4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20730,6 +20833,7 @@ Nonce.14 = 4b729a67449bb5675a1f9d1f PersonalisationString.14 = 9160b7c96fd367dd7d378e82be11ad1827c7661d76bc1fb4 Output.14 = 1d7ab4500d99a18b8be2ffb8177c869059e25f1ffbddb36694fa8561da1d71f86a38accb1926339f6dff71ea8ed104c3518e62b00e520c51a096c1c62469e56b139e6384e982588e748a8074dccc51d558d944868e2b8e1dbd68bd83c663447590430ebe15c64aba4669d1a4a784d8c5 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20825,6 +20929,7 @@ AdditionalInputA.14 = c375af43c11115e995f47212f81cf3cdca5801d184d82235 AdditionalInputB.14 = d2eea45f69c6d82dc3a7bb3be69d595c86c5ea5b4aee6001 Output.14 = 907452bdf42eb168195313eefd090a2fe1be8b668b8ec7153a4ed4c07e6979244282e976decef02ffd4fd92b0d7b90bfc453cfd81a823dc162dde29dfa926f20e395d7432e0aea61c72e05c1673180bee3b47fa171cfba98864fc2bf83878e37c7dc019d465788aa1500ab3db8997d3c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20875,6 +20980,7 @@ Entropy.14 = b37ca70fd13538ef74c5a3c7ef00a78705919446954ec43f Nonce.14 = 3ecbdff8cf33b50788dba82f Output.14 = 1bcbccc535fbdc8617575d46ea5a9cef2622995dee19aa4b998325dd8d0935957170f6b18219354cd2759ba53c9c1f380586070db0c89979a581ce1e00ce38855e123dc3a2dc9ce74bc3b6e27c9603fb87c09a1d90bb540d267d456f5457daf0920a13119a2b805f9b97b154f80f4bbf +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -20955,6 +21061,7 @@ AdditionalInputA.14 = 9fcab4a8d0d1036a6210d56a894f861fbfacd4b20c081f38 AdditionalInputB.14 = e279bf650f812b8931662e59a0da7ab799c193da1f6eef1d Output.14 = b3ec81a3cc8dfa4e1ea17d33566a4444bae9969244e7a8970eab02afc8797b5fc85b6614ab009625b81fbe078bfa4db78ced2d8b3f1e3342b477a3fb42cec7d44546585621bb8310075808aaddef32ede3e668e626711fdfaf2569721bf645edeaf74a9826aadf0a9cea9893aab4fe3c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -21020,6 +21127,7 @@ Nonce.14 = 98ec3ae036755323042c08da PersonalisationString.14 = e6f24d96c8d11cc68e72f56ee7e345c5a0083509821fdf17 Output.14 = f5a9d375a58d1b337d245d29b7a9e352cbb0fc950276e042d075a71f4bc43b65b063bff299c670adfc46db39c4303adbbfebcea1df964c27d33cbfe4d46567475abff4f357252ff7d05ed4ac34e6ed14c33c192909426654d604736f3bb0ba01aa5e0454d60dfe8aa5b2df3a52df22d4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -21115,6 +21223,7 @@ AdditionalInputA.14 = ec35738bedab1835d07ec7a6d9a5e6e0bf8a3283541b3216 AdditionalInputB.14 = 689957f9c2c58f1ff34899bd0c295bbfacdd149ab378428a Output.14 = 6eebecbac4dd64b170cf6aa84788f643755ad5c6c731b63bbba3b2bdc2694f1fd42fb077b4309a0cb09b5ed1107fee2379272351ca9221069530762e4c8ac4c142c30167a32ac2b82b728d57bef95d620cd1b7a2ab5c1a6fac2cc90e0f6cd003ef526485c8bf0dbc9baa7c1f0d6f763c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -21165,6 +21274,7 @@ Entropy.14 = 2fe6d7ec78f76820cd88c41a5a958c399c7ad1619406caca Nonce.14 = 1ed975755cad5e4c475c5945 Output.14 = e34b31db083e58516cd60ead2e5b0d39e4a2bb47c2436531c0e700e484c27d3d233d10d1ea6c58148149751f24155fcd258f384d61000da88106a0205d693e4ddfbb5c35f101ff15e531e9ac4a988c16302a962146a3aba9af5c505697cf9aeb7bdb8c49c281458acc33ad4010122aa5 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -21245,6 +21355,7 @@ AdditionalInputA.14 = 17c87a351e940e261e8806e2548da44a751c550ff5f0257a AdditionalInputB.14 = 7e3bb28f266786ae38c24876087fe35c7e43222382270380 Output.14 = c943c9ff0cde86a62756465e6bf4fc9dc25447157537831c975782dad82f3e33e6e7790b41c158713b8978a6967bfadda9e15ef43922b3f93c8ccd0cfa834fbc6776f3c1b6369b4f25b1cd1189f8b8efc31be2dc151d3608eb2189a4f39c0f0a3deba00ffc97299c11c46885b424a7b2 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -21310,6 +21421,7 @@ Nonce.14 = 4fb71fac56d2aa35d7fa44d1 PersonalisationString.14 = ad66fd02b6f6e30ce521ae0d783236c75cd3699696475ac7 Output.14 = 4b2df98ad411407c1dff07b5c08e97ab501fc20ad191794dab73e9b4dce62470b3c70d75f07848f436f16a8c63ac31a75525bd928b5c76218099ec940e3ad193eecdbad834557e92602d7daa6e3eedcbccbc4d0829c8e1c7e59adb95ce928bb138870566eb27e4725191a9ebed50304c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -21405,6 +21517,7 @@ AdditionalInputA.14 = 30a66bba0f4d6c249e271de8927b6ba1e99fefbf3386934f AdditionalInputB.14 = 1ebe06fd88f8f914ea8f590483994fbf227613e7f49ff18a Output.14 = 38b4e2bf6aaf771df03b3bc37a959955dec83f07af4bcd995957a31991c5ee18b5bcb7754f3bf6293665dff2b4769d081d9be6393803e2c62a73ed8ce4adb17b36c1e0deb8ff6106308be9019cd179a92feeb184d93a9348d3b14a70bf13fd74d12cc427496803b7fc041f87c630756c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21455,6 +21568,7 @@ Entropy.14 = 7f422e735bdf349e4f51787571ffe061ec7e9181fa0b6a342e36611da25c1a15 Nonce.14 = b09d8dc6997bcb567cfd788d0e06483c Output.14 = b83bb6e99b0a5237242711e27779d05d2157402856f9653542f1ce52b1a7463e13d5c92309a06d8a78773ad70504b64ff070c2e6afa4ec3662f2729cb7552235b79c18e08354e334474f238ee74feb7e892d5701543f418cd7f2f5533437d9901dcc54687816f16eb7341b1707c6310a2085dbf387044a78fed850b42fe9d8b4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21535,6 +21649,7 @@ AdditionalInputA.14 = 5722b092a5a0195f14b5f236885538cc7a514e997876c06f634926c695 AdditionalInputB.14 = 6e4f341a0524dd1085aad0b6c956057893f737704ca2fd8eaae6231e9691688f Output.14 = a757af53227bd8555853ee2e643256074be9904d2fabb0ca86a645b0ed1905731cfbfdb7eefc83938fb576d7e5da8135300f8e934dca521637ed10e5e791e18e82c48085f511476452237ceb930e0307e228886d36aeb83d8e25ba23b38dce6dbc335de90b63db4021d6ebba5dfb6d8044a2bb7bb20aca679cde16406c8c4746 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21600,6 +21715,7 @@ Nonce.14 = 06b7b75d18365f4957489a09204b2672 PersonalisationString.14 = 9e32f001033eba3bede220d4f351ce110e6ee2eb0b099ce54f9606a21d80b1ea Output.14 = 508333114a0abd5fe10327daa0f1342c66569d912a64d8ae89227d0d8ed5b4052cf84f0c38927d88dc0d7c476e747965adc9579a4603a36566a1730f55ed7b100c1695f060674484781682ee629167f7adce89885ff04d722d960d0297d2abf79bd3338126c2d356a91bfa588f80db7ea365bf181fa5370c478a04d05a515b78 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21695,6 +21811,7 @@ AdditionalInputA.14 = 5b2d2bf0653e3c075c469de5e2a093193e700abff9792a9f3bc0d143fb AdditionalInputB.14 = 976c765df6b57f0eed8661587045826c329f4f1994020de30fdd835912f72fe0 Output.14 = d8275a104f1dad7412637d12fabf9dd1b06592850cd48a3f38304789911efe8f08970b8f90fa021b04039cd3d1ca573c1586e7ef586f4c623dfc559efc0f2c89e4136b59f0f5706a74679d1c95886a5ad05b9a850043cdb19d806d617b2f640f715351cff6920c47f96a42b872a512a7b2e99e4d0c2230861b16f3b38deb9b58 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21745,6 +21862,7 @@ Entropy.14 = df6edf960abe3aef5f50741907c0171906c0837ba3bfaa3a1044fcc4f19ed21f Nonce.14 = ff2558bec3e5377c12697c908d629952 Output.14 = 9d68c2674eac76f3ccabe1c6c0bad96d5fbdcb1629c939e397eefbcd2ec2f25803fbb9aa72db952f7fedcb290da99f34c0fdd637c37dde1446d475a61c38c3fc5c1ebf9541d136cb02a43b2646df7ee4bd0d9191157dac92a33f401f089ae15618624fc0baf707409aa2f80cd5d0676612c2667aa420acc6e016e6ba3f63c686 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21825,6 +21943,7 @@ AdditionalInputA.14 = 4bf2c816e2c3e9721d192a670153d620aded035ffa214cb0d7638432c3 AdditionalInputB.14 = 06f515395ad7c3d025af7df781b49b62f068ec9398f6dab31ead6f917c663de0 Output.14 = 1e70791e6a8ce753f959ab75d1225b44452ce7aed0fb53b56208b3f26419f004983c452d724c483b4f9b70d2d84734ce8ec0258d8edfac639b355204e14b5b7bc1d3aee6ddd9f5da54c6cb086d16ce381c2d5cefbceae3afd56c13441d80c7e6081aa68ff57f21d460370de9ae713c17ab14a81f0895e9e492af7c437d7a5799 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21890,6 +22009,7 @@ Nonce.14 = 2c4c4f3a953e551746f7e258821d24f6 PersonalisationString.14 = 676a9304a3f744c62c7f5048f2137982c89860577cfcaf0d855514436ff8eff2 Output.14 = 7bde8a5a34538655ab2ca26d0447eff3c6da298b3fa53ff0526eeeebaa4a876b60e47ca544ae30ccb00176ff84920bb4e4a4ebc3cf74b9cf8cd8ff9f7b11266a3c9bf918c458760bca6368ddfb3522edbc61ad14f2b638294e51d82e617d8c0c631aefbba50dbcd1a0a88963c3d63959909ce2cc669924d7163b01cac468c0d9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -21985,6 +22105,7 @@ AdditionalInputA.14 = c168776136197bc3877c824461994a4cb020b61ad1630bd8f38d0db211 AdditionalInputB.14 = 4f54082a1b9e6cdc8599e1639865c00fd758f403adba5cb74a37e2b20f29b654 Output.14 = b48984588cb54f78610e05c8a7ce12c630934f5ed2e4cee21e523fc65a7b8412189ac51823ecdf493844a859aa87f3e84645f22f0914245043f7b86287a85db97697bcc84684b072162c2fa636569df83fe85f1ae25204786bfdcf5eb85006d09a4d97b162248daa8ccbff9eca28b7bce9fdbddcb8679ba50b6648cb3bfe9af1 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22035,6 +22156,7 @@ Entropy.14 = abc502a99b7c3cf14262f6b036925a9904105b019592a2a6be26d71fc42c7444 Nonce.14 = 40a212f9e1a5aa54f2c7ed4ccf631c9a Output.14 = 0e747d83e2104367beca697db9b6bb994061d82aae7b1564f6a0911a1f599084a7ca7c94e232908d41df93a6b416e76146a53b490afb552124fc0c2087cc45de96390565b58f913b5dddbc55dcdd2617ea27858ae7c7748b31d832fec0fafe84594ad7b693cf972daa9521ad4134867339536ed5cdf02a758e40d5d96802f4fa +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22115,6 +22237,7 @@ AdditionalInputA.14 = 2a8cf10885a141125dae18c40f7bcb7e09c1b2726e22a7f776e4735279 AdditionalInputB.14 = 7c2db5278d2336764d274bf9624db7eecad2db11c6622831e47338ea3ef02ad7 Output.14 = 08ed2c3aa35812485ea8aa0b16149ee4f3207a0368be2035e202797939dd2a1c1db1ab244434edd783c7574bf48fc99f93827a1fee91cd1db1cad53512b6931d2d63018045b2a50a9b523a6ee212fbcb21ffa57ef998b4ce24e5f2f875a8ff3a45d8602cd56cfefd2f61f73d00dc33304a464f4fc1f7dd311b516a8da4e91151 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22180,6 +22303,7 @@ Nonce.14 = d5aa1d24b7c7564f6836f626bcc6d32b PersonalisationString.14 = 4ef1e00dcda9e893d066ce48cd291258a29e0a234796c30a6465079cbc3d3aa4 Output.14 = 43da46cb7b737ff7617715e3a8aa4c42d8cf1b62f32ea97d035514a10798f5bcaab550eab684cfbd5c8d3e1ce6d9fb026812e647ae6a50d3d8da8e9e2f1d5f7fe550e7e0b88e146925f2aa64690e1a5a5de152f6421837c15337efa80fdedb0a4754268bb83fcf0281b05b3885dc64b87f1da61b1ab219779ef44a1399b992ac +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22275,6 +22399,7 @@ AdditionalInputA.14 = f8dbd6a405435595b2520bec5026075514955a666e4ca34b7d0339b0a0 AdditionalInputB.14 = d9536bdf1c3944d4d239b6dd13750c16a2780d943d4cb5fbbe418189a7d65432 Output.14 = b5e12e5082c09fbdda81d1a2229ef9bd46db84e62ecbcd1a2c4e88557f8ed3b5af740fac2bddaaf441b66084ce2239adfc9d02f001cd23470535f13ee6ed73256adf902b359930093ffb293a7c007074582a356529ea3ed9a5ac0a1a3f62df5fe09d27f5a7ac6abdf1fbd5f5e5da70da5e3037fb062d0817b077b56457238108 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22325,6 +22450,7 @@ Entropy.14 = d233eed6e4a43436e4418ac071bf9ec00d463d0568cfaf7b4174f96c1f6b8564 Nonce.14 = ea8e646e88f7fd6c8e590155df15558d Output.14 = 314dca793ee1eb0dbe48bedc324b557966ac7a17b900bc4167ab4b65fe6b34ae625c200c4e21428ed258fe28b99c31cc4e8f9eb93a793c3e33fb0b75a2595a3201d939dddfa27911ad6f731894e16692343f25de291da89570a257a95cccb42f7d9820afa9b35d16664f95a2099ac929683b7480a4d1e34291853047ced3302a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22405,6 +22531,7 @@ AdditionalInputA.14 = 46cc09705223bd3c01fa037d9a19dd2465bc612f519e51d33fbc845742 AdditionalInputB.14 = a9f78f79d034d46086bbe5c8883dc2a34a1a17414aad2c767a3b3f23dfc9b637 Output.14 = 2674afd329d03ad3b1bb8157c3100a312e29bd72b55139c408afe7f2c9e6d53df2cb8b829b7351a80cca8f0b59d60f6454ba60b154f654a09aa82a63fb28ceab9435cb6022934a0599a4c3a005bccdaa8bdaf8246ca654692a6c038cc82fea477fabdf3d6a0975e952ce3feb7fe8c4510b8c5347b21da5431cfee69e9dd2d8c4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -22470,6 +22597,7 @@ Nonce.14 = 4788964160bb81d6f6c2675008b05410 PersonalisationString.14 = c56e284ac65798010eb7bd39ffdf49bc25fc2e663e90ff93f73c97e65ea82935 Output.14 = 683493fb3c6ba0ae0c42009beb39fc37a9d235fb3fa00648ce4d60b4d6bdecdbaa1e2ca0c0fc80c53f6f8ceab31c3c42764b8f23c4cda91743be33e0a77fe5a4297701bdec6b2a5712e76c64bb8b7e03a257c140cd8aafef046b049303679a7904f029444d92d673107bdbf769fc1130429ff64b527b0ce2420e2c70e8998ee8 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -32177,6 +32305,7 @@ AdditionalInputA.14 = fc54b5339b37eb6889cfd7c185070bd0 AdditionalInputB.14 = f6a783d6d42e5ad5abb0a996bddfa04c Output.14 = 683faa732c4551604c8865b5f777571c7d3cf1a60124c59b91283da0cda9b21761d1c17c81856958c6d590436c73594bb36f46c2f89237d8c7a7ddd2c58394c983f8f6c000d77566f2a1d89bac054bdb +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32227,6 +32356,7 @@ Entropy.14 = 08a325accfe119fa807a95e8cc2cd8ff041ccad8e2c4cf49 Nonce.14 = c85baec1c2d1f3f189eecad5 Output.14 = 2567712d6fd3b52364b508bb2e4ae18e34b155dbe99fef9acbe21346715d36c538dc380a5e5900e0ebde76c779006fabe2b3f171fa63fa0f5ba264748278549c9beb26db701c8fab7adfdf48eb63e48ca6f3be8f17131c5e9145f5dadb00fe666a651d2b1b9e785fd444b05d4efa8ccc +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32307,6 +32437,7 @@ AdditionalInputA.14 = ae701404440c584e27266a12318c1793b6a112d96e6a6749 AdditionalInputB.14 = 53861747c9627e9244679d58e2dc8cfd8a72d1bab611dfd1 Output.14 = 665481033912ca7d87caa56af2612338768b044953b02b9a50e0244bb805ca007648f71ccf923030e56baa13a88111fe211091a54744aa5d82abe97775878059dedc6272e7c7a5392d1fb443b770ee7f5dd05a3f2bba4cab1cf473d02648d4f8acce91ef167e3ac00c1c9324ca074486 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32372,6 +32503,7 @@ Nonce.14 = e41f19a969494a2293ad0542 PersonalisationString.14 = f67bda6553b5e4b89e309cb48a336b78460aff498846c2e9 Output.14 = 44d544ac910b7668ba9c5524e388957520fdbf11383808a5a8008d119aff7e1e2bbe63b4cbff19455f20f3dc79ab0a83dcf0e403728f2a2b2a9f3b98930d9f285641da3b6b9a9467b2701ce1ecac82bad8214bb618c40999f5023dc2d97dc1a53a0296d44f6fc9d49db00959c89e9f5e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32467,6 +32599,7 @@ AdditionalInputA.14 = 6a7418d4ffc40e11859f33189d5a8327042ec268b004ade8 AdditionalInputB.14 = 97beb8c47434a23efe536287d776edda7ed7cae84c0c7e35 Output.14 = 1fe94acb5f5cb7e4a8edf5be61673bdc066288538dbd0ac29ce2d43f7b890028e48131e6b3a7cfbb42772b63f2fac8c0472418653ee2ebcdfa5ec08683e7d4a9cb2c67cf7e22c2ddc779c6d9971b29347e6688113294c902a5d62c1fc35595e091cb10e5a895d7c3697056659ae457d1 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32517,6 +32650,7 @@ Entropy.14 = a71c303bf17e128c8e0aa07fb61ccc1f40fdb487a955fd95 Nonce.14 = d3ca16fb12ae4709d411e5c5 Output.14 = 61a51fe1eca4cf947bbf2a77d643e7963ca2c587e0eacc8f7fab3b3f0e166197a4d15184cec4f0858de2773d8becb339bbb18ab2c10c8b246ca66dce48e2a0938fe1ab122b4930d603b937491ddd3d10abac731957f2e1e030eef33f7f311ed782b06697914145e266d0b967914d638a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32597,6 +32731,7 @@ AdditionalInputA.14 = e098f0e076a3f40fd970f5d221944f0040ef4a18d88dbe6c AdditionalInputB.14 = d7eb01dfd7c13fece92d35133c3be71efba145d7353c6d69 Output.14 = f03074a219ef31d395451ebc8534e4f2cd2dbfebbd9257507979ecec79a5f76359f2d6b4653b31704ae5a49f884db91ac335ddc6d11768cac7850734e76734b63b71ff12f3f8d42cd404009e7f4b66bc0a639a9354ebd754c17f3cc65704e698d9bc0640919c386e96760f3c36d8789e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32662,6 +32797,7 @@ Nonce.14 = 838d1c69d8408cf0134f54e1 PersonalisationString.14 = f08a964b386eeadc4bbe57164d3b3a0c7c0068c49c9bc5ad Output.14 = d8af077476875fca2ef9f04013976c3c278d30592361b923bab2f7e3c8af4affac5408c390b4989da254eeb97ccdabf32f5e246739d0e532a6ea317e7dda02bae5051ca97a445f5e0696a041e5f9f2c077b26e575d749cae344859864aa00f262c1c41b2964b78f72f9cb98abce103f9 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32757,6 +32893,7 @@ AdditionalInputA.14 = fa0823db6808a3de1a7dcc081c01cca840f68b005d473bfe AdditionalInputB.14 = d3054fa2bdec7c63dc009ecccf25c1116380ac25f82a9085 Output.14 = 556e90c95c1abcdde027fb2b88cf191f0686830ecf3fbf89de51c9bd735726131472a17f307263d57c03bd5ecd9ceba6cd5759b06594bf901418e2421fcef4b72678614079cdf4d25fa0b74985380552d2bbf478290445066e3f4a40a2e2b0792a685b769ffdb27721b1faa484e9c783 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32807,6 +32944,7 @@ Entropy.14 = 2a55ddbf673f4e12538e61cd2bfda6f0316277661f553c38 Nonce.14 = a0c71049f5c75c23cc11c7ca Output.14 = a88e6cc37617929bee1e14f74ee363d1e05fee618fc1eb1f8abaff42c571048032c84ef0ec7a6d8ad7e6c5a4a6e90d714d76643eca063287929032fe75a2b63fb1f83ab36a7fa12a12d7332459bba56b017654bc0fc29beae1897863a63276208f9d11a32780a627135b271efda4f4f0 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32887,6 +33025,7 @@ AdditionalInputA.14 = 65e70309f7386d1a0aaa53da65263d5263bc5eaff0d5f3d8 AdditionalInputB.14 = abb8cd0ce0560309d2424d2f3fdce7af085e6c14699b4799 Output.14 = 8188a498ef9e0fd52a77c3a44f1c7edccf9248590aebc52cb9ba7b5cddffe867b26309f032a78c0ab751741fdd9bd77d4bd17be90dd045f6f8b45826c9900028f68138cf1ca8e18b253b8eb73ae04f2e156d51a792abdc6524e4f45e4ed0b06ab3b0c94bc5e1ed58f917c17f72161d31 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -32952,6 +33091,7 @@ Nonce.14 = 1ffb77244697c3d67a564d06 PersonalisationString.14 = 62865bf0f5af2146440d74e5ac8787cbedc544de16db24f1 Output.14 = 1a74f62cc6bb05ff956d1af526926b937a84352830a78c7ecd2ad9c39a796f29f640d188ded8bda0e66ba81c941fed5e82f3c78543d9fca14335459ad9d573362f6b5d69861cb94c0bb055723ba5416b1fe08e74f27f23cdec9db05b50b01a20f0337cafec896f5f7412e1dbe7307e0c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -33047,6 +33187,7 @@ AdditionalInputA.14 = 1a6853817be281e26796430dc90f014f6fde64cbef16e58d AdditionalInputB.14 = bdfa703974a758cd4eb00661e0f4663f4e574cc7be6906e9 Output.14 = 23c9f591ec9abea9f9eb89ab8d705a1e570fd2888772db5d6fc6e418a34e32d78fe49be8d4d8288fa397b57afd49c07b715e276c68a2eb8f3e63f67de21d8ad23fbbdcfa03b201952fae49928ce4da66cb70638398bfdba4db7635c8c726a3cdac22c98ae776e881edd60b69f0b38e4c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -33097,6 +33238,7 @@ Entropy.14 = 7c8a961f01c1888456ae6042caf338c3ab8b5be28b34d15b Nonce.14 = 61edc22b49e518eaa9e4e04d Output.14 = 9d2eb0a41f7b03ccae8e4e3c61628e6710f5999f3991f04ba90fb3007275d07ff169d325ab26f3446e585c2d454ff8f6cd4a520190afbc06f30ec9b49668b09de45a116b171c210f5f888cf3c273c803044b17a16b06b44bc39344f2b2acb2f21f4b0a7abafec8c8d406d26477db9b7b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -33177,6 +33319,7 @@ AdditionalInputA.14 = 71b5b9e9b813b5f69e8fa9fa7f588217268581b7d135fd7b AdditionalInputB.14 = e5b06d8f12539d36c665cf129c1c42e3b7e88edce1650870 Output.14 = 64595391a02ff750b46418274b8366bbca0e9c52c95bbdfa65882b76395887a018faa276f3fd6c8dbccdb964755e36508897cdac977037d0978f2752d1dc68bde3ba1edc94787c1c8cfe42c2347052da30ba7f1e06b44c10805196e7bb048cf572fda62b4a28fc189702b1e575b008ef +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -33242,6 +33385,7 @@ Nonce.14 = a16783ada78fa029ca3fe31b PersonalisationString.14 = b20dae78f254b07fe3eeb7c793334f3f432930353fe7f221 Output.14 = 081803927779c7b2039681db542c965fe48dc3cfde712a361e77da9aaf9f21cf38e18b4e8e5ae5a365910ada327b05630abe87858163713fd8c2988975eca44ee3725370f1c68117e58c2164605524102f22f3ea55f21f7e8fccd9861c59973d71c0aaca574480be6ec8e1fb9a163680 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -34497,6 +34641,7 @@ AdditionalInputA.14 = 228522e58e65d50dfd176e8ff1749faa70fc2c82eda25b0748ddc5d41f AdditionalInputB.14 = 7af60c47b4cd146a39887c9b812a1dd814d74c398609bbbfb57e73da9caff57a Output.14 = 9528c88f0aea3fc03bb8a9061e159a06d78a2a654408808aa4d0e73ab1a51e5aa85e8bcae72d34784ff6f513193e183d556ddac5675314f2b5cfe392d1526056afe32d7c03e09ba2bdf3b10e228b0f600a61cccd9e7bf14dccf13b16a838e60909785307e6905d510d9888eaab169fa601558fc952aa8559d270ecd386d7fbd7 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34547,6 +34692,7 @@ Entropy.14 = c0509068d88167921812103b67e734698d68718ecf42cd99e0f55836c162d450 Nonce.14 = 71a50d2db258ea35ba69b5716bf68a14 Output.14 = f66c05713ebe804b4273103997d260adbe8a7d0f6b2bb862b867ca59874ab9e0898102664af2a8db24a7ccb4637269ac67d5e834941303acab9076ebfa04cef64f73480afb6808f11e6ab1a9deae514f5db1c90c59ce988cc1d04012640a40173362de2689f88647268c665ca44f57534c9ad9b8316b9cd1d5a14942e94e90607acf6ad37a2398979e56e9c227c1803f90844d6140f10d0baf20dd789d808a647b4df54d2136d967461383dd4db9dc154dd89cd282a2766dd6086bf3825d095c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34627,6 +34773,7 @@ AdditionalInputA.14 = 25d2ad9eecd3bb8bb60769942abd16edf0ba777f2541a4b0e80fdd70fc AdditionalInputB.14 = 608c5789b5a2a6c11c7df095be8c81968c0bdbc6296026ab65195bdc5a297366 Output.14 = e1c600294a86393b7067b6e77ca83e68d28a6b76f6f81007183be65a50fd2f1adf6eec5a64cc753c5bd0ebc12387bde8c6ec10e6ec7e603f09d4ae624cc5423b5bd53da4f0af064e14a7d176369f1726fdcf6468ee15ffd7db3be48d196601506c71e2f443a768e03ebc35245d254bb87a392508ab07c95bce84ba81058ca1545289c9d8142aa0858c9cd5ba54ee2bb75cebb5b74e0d099ee458752d11ed70122aed1254609a715ddf2720798c9194ae4a7424e2c518ce7a8277ec79da86263a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34692,6 +34839,7 @@ Nonce.14 = aadd62dbd7b34bf2021ea74a2788b17b PersonalisationString.14 = cc3308e380672a955620fba59999ec4fcabf1b7f63089a124cc1f65d58b691e3 Output.14 = 6c39f49bb51765dbae1de8325e7a6f8f8aec031dbdd94b83d5c4e062848eb4e01e3912784f817ee16f9c2dd0129eacd3f7b8d5bb4cf9a4a2ef823b0505c2ac8e4a1ec30812e98564aebaec14ff710a77c1904ab1fa3fef3c3d09f2d55b047a8db860322fab6d939093385838ec6d11667ca843f69268ba1fb7edc462fcc285adc9b4b97f0f717c28ac1b6f371d90baa86e8728051dfe9b68f15dd31a6da35194253545a5d667df6a1322f6b73ba661c7407608fa42e1b894bd1b6e7641749977 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34787,6 +34935,7 @@ AdditionalInputA.14 = 0d81d8c5af9885d1b30d2174429bcc6979bdb2b82e6fd3ccdfe93f36fa AdditionalInputB.14 = c63866629ed771e53d2fe2d5c21e98ebde295c3fc3896fb67279427c61a89eb7 Output.14 = b369b226dd535dbdab45ff8f13735214f9abe6d11463a44804b838d2932112ce6799341505b7b5bab423a3794c37f383b06be1fe21f5c7da97b333a41fb67908dbeeb2450a3581ef71870c964c976f039ee856fa507e9de948c4c097a64070b23cfa09ab7506a8ec4fc38a38ce21fbee3f3c1ef3ab598f5da202f35b90f422af31688402509c38ac25359409d2b61958390d28ca2d8b5dea99ae26c90978f01d7a482c12e134a81de0bf6c9f39e32a8b597ec7b7a05a805ebc7ce260c381f189 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34837,6 +34986,7 @@ Entropy.14 = 5b50064163ae6238f462461472ad2ac9acc300316e140abd9cd6edb87b8ffa09 Nonce.14 = 581d145675384210801d9c75d4d19624 Output.14 = de0ace4f4a728c681a0b326298142fe79cbff2ce5230e6c1ca3e2808692d02e4845867763cb9e93acb983aa54659be6f9baf210048baf7ea4f062bd7e3d9a6d5e7dccf427422b9dd93d392ffc810dfe185bbee253c3208e22a83c9804501321c6cc0357d22859487a3eaba53444f4027843699d5a78214c431ea741bba73bd29550925443cfa5f494372bd0e482e3ab4eace1b60187b6db588c0d252c8da3e0d6dd3e475040817ca2c85b1149d8447a52c111f05d7c14a0f6b7b6ea4f60aed3e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34917,6 +35067,7 @@ AdditionalInputA.14 = 80bb70930ef2015949b53d787630f5de93d93f98c577ca4632266e1bb1 AdditionalInputB.14 = b6afd2c00be2eaed5c1991909e89029db0b04598115fae5118cc215298e0528b Output.14 = c20bd78d9c396fc8fb408361e1dd4827ed3231617a73cd8848e493927207ea23e6efecd4fae36aff74b5235067543c7eb44c290122f9167a0ec4c6a530ecb0936fd683fbd866b73afb712b2f20ccc981b3f70faec4f4fda62e956c7d04cf578b06259b0f3c044e6dc68baf91e6149efa70b2ad2b81c8e14d1a994887193e53bdb5986a23d0412e989c447689a71b283934e50c25e10bdef0b22ce7368840cf761e32aebc07d7b51da16dad4c332926a4cc9853ac8db36b4b01bb36746a28f527 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -34982,6 +35133,7 @@ Nonce.14 = 3432a2e2263728e375ab973bb5842d40 PersonalisationString.14 = ccfee35071757d5141f55a481b7c44a584c5e537c636d4d0ba10dc3c88adf6a2 Output.14 = 72a77d1c5dea9d00c349d4e5a9e6dff63ef6cb80b7998ef62e7a1fdc2267057d07fafb993e8df868821c6cf76430f3b7ff24a527f7e41fda6d560a773d05bc003f7e1ed5085f6da3785dd999a4763894455febf7618750bad4e30d8f52f3a072af30d57df5afda08ae7cebdcb659e6cdeaff52b47d4dc571e28315ff0e38538baf436e02d157b64afc6d50e6a4c5842aff1e7573888c6ff9beaf4f91aed988f03032388940c4f54afda05bf55ef6fc8c673f01ab545838574f3bd4f22865cfd6 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35077,6 +35229,7 @@ AdditionalInputA.14 = 0facad642bc0004f946e3fdd149a4c0e52475c9e832c85b228bff6f2a4 AdditionalInputB.14 = 19d477a7dd45a0b733e6c301a4fd44ddf65d4fe0a0435b57e319e31de4797427 Output.14 = 2a48844f6919ed43a2b0b64a1d28707fd3265b418e0673190b49a606358062c1a54a6071c845adc6ad74193d746668f890423ebb971a63cedae3241005432c8f3fa3fe7f98d5912da34dabcfeb17c03ee8881de7b2ef04fa2147b78532eb0ce7d9244d717697138f116341c7b9e99f15728207f6a73c651b8940582f9f926253420a853ae18132093183a6073e3bc85633b75e1c6cec9323ed4142d0c8ca0dd5ab2ff2e6b304ab8cfe4aa98ac64951d836e074169d375ebeae8498f11bd02c05 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35127,6 +35280,7 @@ Entropy.14 = 3b6dde5f550d482d30eee2288bff802241ef20ec15696e614b7268f7c574eb1f Nonce.14 = b8d8984703ca7f942951fca97129135a Output.14 = 36d0cce70eb5aaccf9b172fccf68e01eb8ac8b1f2652cdd238f4b070c8f2d9a128418badb38d5d5fabe28b59d15cd432010716fa6a48071114b2168cd29028386171594291118e54fbf5b61ae3fbbf9a21ebe73a4aba482c7cdc5ea1a4f21a0f1b38812cefff9bae78c2b95f417dc0cda010079b637f825dcba059d154f5a53050db773250013a1f051de9f7882433d2054ef2adf9b7b57c67173c06ad16cac6bdf74a10bcc666f7d4a091a78131c5ed76fb733791278b6ee0f55302c4b122a4 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35207,6 +35361,7 @@ AdditionalInputA.14 = c6a3bc83220c7708eb7fff5787ecba27e48c894e15302e0ee7f4e5f09b AdditionalInputB.14 = 39b854a1c487e24e1ed58916d8012277fafd6e7b6175c4be43927cfac9958404 Output.14 = f7d2f39a513f6c4eab993fa440b769ce09a15476e06ceda47969be05f53ec7f8409de284749cdcfac07fe7df66b1b6bd39389401909f3a84538d041e1c038a289869e51bce8bac13a0f786cb091628f0a3a7f7f9a2f620c98889688d46a2a037fbc1b2a4fff40800eaccf98a0bc1452ff1f53f040daa94e17dcd6acef97192c74075d064be5a97205ad97f693257d96c04e78654a694e90b80a5234a25d1c7ceef360d53e768067335097c4aa8f126a31882eff8e55cee05eba4b4325c203f4b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35272,6 +35427,7 @@ Nonce.14 = a684932ea2337296cc3d150174a47ce0 PersonalisationString.14 = b2c0af9038c2ef79ca8263a047bb9293a44ecdb457fb45945996157dcd199cec Output.14 = 316fbc32ecc1dfa778b13921b1d624f9231c0ecca03e17fde750b1e31e76b1c330ea5bd62ca76150f231ac4aa96b06f845db2d03b65cdaba4c160b288a121eb144058f65a751e22151f91b90131e6756356e7f90d880ce754cf965f439189eb8bedf86c58e1fc2751e65637930c42552fdf81acfa1d4515ad49dc532b2a10b2b11209425ed1cf43c991b4a7c49bf6e701990fddc420608d74c3636829e4683c4e77a8151708d82ef8fb81b3655670fd4d242e357831bc091f30e6d139d5e5ba5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35367,6 +35523,7 @@ AdditionalInputA.14 = fa32817ad83c85b594976eafab28fe25c45aa74d0ab4750b33dbfd8836 AdditionalInputB.14 = 2e5cb3c7c9503e019b3383eb6264d6000160c3c99ee5700e7a92433da1c01f56 Output.14 = a7571c1afd3d1dc1d3b28dbab54fe3514a0ec74ccf999376a963a3820474cdd67b190551ad5b24f4376633b4964490f79a94059a55b967f8dbe58eb20d70f1fdac91565bd8daf5223abfa13b132a140acd33e36f29fe1b107f62e6c45a679247b80c0aa050f1c2d3195629baef7422b72fb3cfbb82a2e4dd1966b1cc27b8e6df1907fbd6320f25594e1eff912cd9685755473b908e06fd30c4359258be0580e6bb2f986b0450d53fdbfefc3bf06c0d80648800234100af755acec4f809c39f3e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35417,6 +35574,7 @@ Entropy.14 = 1e1cde834393e00a2136b8924be5600c8bf59dc2d8a9eeae467ede71ee7b75af Nonce.14 = b6035e96adcb7e8f2e17022e2e4f39ad Output.14 = 9dde9f29034b6e784be24fe600c39b091568afb4c40c8e05b8b7dc36ca74a1bed38ab15643ca8c6da2f5aa4b7a6a5d5c9920cc31129c84e2fc9b865b3f30b698a143189a3f3b692b3e5641499c949e53e3619cb112f42046a18d5d12dfb3c6932a6a829d07deb17b799519b81e961ff293c0b2d24b629fe906166e330135e4ffd00609462f0f9b89a110084945243972486a0e1aedb2eceec02d402696c89abbc950dcaa72d7b0e00ed8e65c3e9eb1af7535de2da728f901650633242b3368c6 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35497,6 +35655,7 @@ AdditionalInputA.14 = 7112823304b16377182ff9aba920c97ec4d4f23cd472fa9954ded16495 AdditionalInputB.14 = ba183a035635d9617bd71b59fccd561f1c78a7589c7fb3fedf41dc2e6d5015c9 Output.14 = 94e577e5c4f66be345c6be7038b02fcfb4070d5bf74f8004b59c279cce961dcf5bfdce2f01e007790cf770587a68d0d24ef0fcd1a148fca6920e707289e58b81fa4a58b5a018a358d336a20daef30b2881844838e51c56f11533b25c77b9c6c6bb2c0657350f011b24db6c60a84232dbcd218a816563737585c1ca6152ff13304ca86dff20f9f9596aaa21448f2c6e620eee58f69338e3b675d29b478f34f0e60dfe7f12f02e6181d19185f7dc945210d86d31e85eae03161e947fec0f0fc91d +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -35562,6 +35721,7 @@ Nonce.14 = 67f50628067bc401648926d7567711cb PersonalisationString.14 = 5f8cb19e3c86b179ffb8812db791e8bbe6b0caff958715dd9e3368a2d48f65d7 Output.14 = f178a20d27725759c839e7fabb63bd101c3352f582524ff088ccaf6f0546ecbd3d5165f1e3cacbb49ede115b8f6c8db3aa9720692efda124138d29eac17637b84977384fb88e81289ed5ec960e6e98fdc71d03ef0bbc05ac7682acdc62888b49fdbb442080687f902b5a313ac88d364b13871b20f684cf1acbfa229fa203607a0a37b4e1685d13a508da9f48dcd83f26751a2284044f93e18b2a206a1887d77c4b76e821952b376f19fcf53d83f704e3ec3b5c3cb4c390b213d57dbe4852914b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -36817,6 +36977,7 @@ AdditionalInputA.14 = 2cc9f137fcd8c2d526d70093fe11f90a0a36bc9764a4c5609072e181a2 AdditionalInputB.14 = e40361245b91880e308fb777c28bbfaea5982e45fecb7757bb1c9de2df9dc612 Output.14 = 66ad048b4d2d003223c64dd9827cc22ed3ec8fcb61209d199619177592e9b89226be30b1930bdd749f30ed09da52abaa2e599afaf91903e7a2b59ffb8fd470e6604485a27c200d375feff621118595a7a3057b7e31eadc0687b1008c3cb2c7435a5704b1a1a6a3487d60fd14793c31486af765ce2ce182de88112445dd5ff11b256cfda07018b95f97edbab4e4c39ca097c42f9dce80cd3f32677f3c224a86b315d02e377dca8f3785e9748ffdbe3fcaa3b0c6bf001b63b57426836358e9b315c6718e0b74fb82b9bf3df700a641ab9411d1b9fba42309a84bef67a14204f3160ed16a5497fe211aa1f5d3ae4b858b6d445f1d094543d0107ce04ef1d1ba33ab +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -36867,6 +37028,7 @@ Entropy.14 = 42623115c0a43edeab391ee8ac84c2b3b1bebba8a6040cd1 Nonce.14 = b79f5c377be52381210c1c2c Output.14 = a59dcfa9585b1080cee51ee493fabc22394ccd0949e3a4d4e5b8d60e1137288d20f65e7f1ddc1345869e1af62562d6c11044bb65d11dc0071a04a2cd0eab76718ec9a67d4482acbc82ac27685b98c50064b41e120a35e5ca57ed1bed6963fdd03e26865ddd3217d67cdddbc990c5833c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -36947,6 +37109,7 @@ AdditionalInputA.14 = 450a2109e7d83a3ab2e628ab35af4dce8ce7205de7c5f365 AdditionalInputB.14 = 60d0ce5e11413c321535d849da56c3d9bf6222a3d2cf77e9 Output.14 = 27397574a1ad91ef6f332c954c0d5802cb9c90926ab05c116586995bd795a2f1b4706487da86282e33d0b44dcb7a58c8c4a2874ed4646a1e963b7d26b62e0a5e0a5bb60ec6e07ea6b7b7fe1194c3ca4371736e595707ca7fb56bc924089e66b137c47f9dde74b5de3687aebc2f5c2a39 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37012,6 +37175,7 @@ Nonce.14 = f2435f70e075f8044d4235cb PersonalisationString.14 = 80fa0ec5a3a1b46cd639ae19c137239ba8113db33984c593 Output.14 = e547f6d8cd665204f8ebf6d64ecaa23fcc59c1682eab3190bc76ad4981d68810833f1212965def4868883529c0bae4a2345da6a0e6a7e766d16022c6f371db8ad089d9227e3a85168d080c3ff2bdd604e7f8404a16268bd66d70f5fb164cee60f1af97bdb6e1d72059d7028a13ec83f5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37107,6 +37271,7 @@ AdditionalInputA.14 = 81356bf7d3122bd65b5d96d2ca68875e1d77b36edb8e92b3 AdditionalInputB.14 = 1f185d4aeca1d95ba4c8e7867df64296525e00db7da61e88 Output.14 = 8032e92efc35ace508d8a10f36a6e7110cd0b087cf853409e83dbc554633380e9793b7657a23a931e34347fe0ba34c2abdef6a8505e44da62fee97a9543b9e6dd6538726ec2cc6f6d19382562a4a438a2b0756fa66b48628af292e2f53e49edfae3ccc48a95f24c940a90d1abfdd6d0b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37157,6 +37322,7 @@ Entropy.14 = 3879ca720aaebb2a29c99c0aa21d63308b44677f2bbe6056 Nonce.14 = 2642dd7030605b3608f4513e Output.14 = b7ddc2d0295a550e44103ffe7e6e1771cd488fa2ea32b091076085284edb870220e02ba6facdf27d8b34209048d0aa4cce4556c074fc7ec2c3691b95aac3f47c3b42bee3c2e35da17b040188d47b7effef8ac471a669f29e6c4b97ff6836cb9fd8954f57309a97e9a697e061010525a1 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37237,6 +37403,7 @@ AdditionalInputA.14 = 13998df6bfa51c2708775384f01cfe8f4755b6fe4b3c2fd8 AdditionalInputB.14 = 8d25383b6d04285fb699c644bfc9b7fc72de41c733f35b27 Output.14 = 3f408ca372917703ecb3449ea55de7a969a5ba184eee8f30fb19b99ae827c66b13f29d4d3a0236aefdaca63c28bb71595d3dc1fc20f1e7ba1b1c9bdb7c2122bd8e443b00b5339508c315ebbfc9bc3c7bebaaf83312325bae696a576b3c92931eef6b4eab6bd90c140295f47994ec6e34 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37302,6 +37469,7 @@ Nonce.14 = ddb5c0cd2b4b640898c2fd1a PersonalisationString.14 = a096d62f947314691cfb647cc2f331af834cbcdd5918f099 Output.14 = dc9175fb05854708739c3da005592ada29d408ed6162dd278ee457bd3304e4f7011355da2302df1d0d190ef846cadaccfa5325d3f71c407ab2434d65d815dafa6ca15f7e701a104225a839f2fa9874ad49bbdbee576b1bc71ace28c825095510890861c851bb79e2e2e922c3ac22fcde +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37397,6 +37565,7 @@ AdditionalInputA.14 = 2bc060710fe3d92760adc274b878de0df82804e840cd098d AdditionalInputB.14 = de879de9c03efe5a68a12da7a06003ffbbea0a9c53f5e0bb Output.14 = 4968c67d2f830b591531d620b6c40de4e9a15dc97c70b8b059023033bea376953cc5fb415d823d55d5b02b17c2ac60a1c8ee7473d25e94888fae15c6a7770b75565fe505a117c734d0c7d0386cff907a893da3a83d45f51bec9d95670374524b4f59e45a04c88d1756ed854fa9f65693 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37447,6 +37616,7 @@ Entropy.14 = 7ce7dd98c93953a8b60d395a68f03b8919931031e8f68bb9 Nonce.14 = 1c217188f9c7980b8b03b41b Output.14 = 58884a4316fe8104459bb339a4bac08d95461ad8e58f333eae5ceeecbf2d375e8fbb82eb1d29890ee0c56037bbbac8cd8e202d7ef05ed7126a15064699b9dfd4523782aabc6eaf21f1727d02c1311f5812c4b4294827a75f1cd6e6dcc73ba45ea8fc5f2647dff725f5fd9bc64d7b21ec +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37527,6 +37697,7 @@ AdditionalInputA.14 = e73890b772747a356ee1527501410eb5cddef015a8d6fbd7 AdditionalInputB.14 = 9145caf79d0b85bb7874c2dc82d52bcca68225a18de258cb Output.14 = 4ce4c45336ed4bdf4004f326a049c195c26ff11aadde90d7d035ce277a5b158577a7e9971063ee9c0b5063ab1f20c90f619137c2f4713831d18f2237e1a3d522af9a585e5f43f07d911b8b977f6c644784c9c02238b9fcd0f663c8bc1913f783c200b388b4ecf30246c7120adf3db79b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37592,6 +37763,7 @@ Nonce.14 = 2b884a75ff571f92ba1eb965 PersonalisationString.14 = 273f3885354c0a8296b0862e19157fbad69578ec121cecbb Output.14 = b60362ddfbb4fc41f4f5ef353fc0fd8f31e139876a3af0e69f9049aca46a5989ee3a1ebb6cf14f525c3d8a944f4e88e030e020ef6551289c93f5c6ca2f6bc495cdf49ac91bb86e4766ccbace5f7aba008390d2b6dfd416d63ebfe07f5d583b8f9916ebb54620953d0b73c136de06f520 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37687,6 +37859,7 @@ AdditionalInputA.14 = 69720682d68b7043c331b889ce6d3d83aa3d33846e9ddc86 AdditionalInputB.14 = 350c63e7b01ecff4aa171f157c71f89a55637c2cac0253e8 Output.14 = 63fc9293971bc8dc151bcc2df20e4b5c7604138e4df49fed323c9f1cdeade3d5d1c8bc89e507e5da1f38c1f76d968ee45ba53a3da35e693e00afd683817ee7da5cd2b0a657ac6cf95913c859c6b4a15449fe9045a3af03cc198cf10b2deb67c5c3e9cf9a40b8251de19c6cf3114bfe22 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37737,6 +37910,7 @@ Entropy.14 = e03af342db03da30e2b0e5b8ed76c2562194417fbf6be645 Nonce.14 = 6a9a5188dabd510894073f76 Output.14 = 7963276f1054db251369a0b91d854fabaa3dd5b2343ef4306cf897bf964fc8b885908c4ada163b929a19c948ac89c8480170eb59b9a8d7d2d30ddfd1248e2c1795c69da81fe72d6361d34754f88eeffca2c31859bc8940d6662abe2622fdfcc28a1764355aaf46a2e00e50606af2b6be +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37817,6 +37991,7 @@ AdditionalInputA.14 = 9b6c491387a2394b94bfa8b077cd43bac49117e94afb9616 AdditionalInputB.14 = 7c04bea824d8aa7b19facfeb3a676eb51c31d7b92f0ca1ac Output.14 = 332b884c8edcb260c535a218001d421e190d8b9c6b856fbc5a4ab45f92149487f8563138312a42487969370440675f5bc9b21a75d2a8386867fdf861c8650e26af47c5efd81d9fc39cbcd44ab0f4cb10325fed6f5b7ce5d8111ff71e5d78c7d1f53410e5ba492b9f68ca55325ea8b318 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37882,6 +38057,7 @@ Nonce.14 = 9dcc6c4317ff492d0d7dec5b PersonalisationString.14 = 7d30c5a4aa169c6dce156a8eaf000f9be0f8681e3282dbae Output.14 = 550a9ad9e45ba359d463c1e084777bfb2ee25ff791070a87f01adc04cd1a7e9e6ef334e477fb5cadd82381e0add8a39ffc222150f17b8bb0d3b1cd80948c0a5ee09a84ccfff6c9ac33e6831d1a84182edac6bcc25fe357a708f78db9a88daf553914cdf0bc7a9b0527597f73707fec8e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -37977,6 +38153,7 @@ AdditionalInputA.14 = 1b8725447ec539ea4a13c47b323f1d6f435ba7e624dcf5af AdditionalInputB.14 = 86d30af40a7a395764b8b69f2656954c7c3f1c30b2b703b0 Output.14 = 2fb2f24b2c38f217232dc22ecc7380b8240b05d2c7bc0e3dfdad268c8c10912a92595d70dd98e7ecdbdc6d7bce6c72cdebd7e121d75de8b6795b660be9096a1f24a97e9c5344c35f04451dbd8d9808c7a84c6fbafab6d060026490d492060f052fbf21a3bfa2a8e4a40db58672ca52ce +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38027,6 +38204,7 @@ Entropy.14 = 9021c403eada5eac222dc48e1437b6de48ca31b9e7e76fc5f60653a3d901308a Nonce.14 = 503b4bbc0ca538983285857a573f6166 Output.14 = bca7456257568a178877bca602d331161828a4ed0758d1ec3febcc21717cc4142e5481dc9756c56099cb043130345689156cb96e1664ad007c461ef8b5b0fa7d18508541f528a43fe8c719f3a269ff2821ca655980579dfc2c794da673b8c9234d561b833855efc91b4747ea5135a1a05017543f5780f2cde8b472787173ec50 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38107,6 +38285,7 @@ AdditionalInputA.14 = 439ba9ee252edb11b09fd765266b220077ab641cd7ed42b7cedc96b399 AdditionalInputB.14 = 18e1dab1f2af82b8912be6791b003d7b0d66ce76a78cc17b753055b7b48cd2e9 Output.14 = 5af9e042af202c9584bb69cb54738c0352ef2c9b9483d6fc8efd525ca38e62f535f2ed5658770e8cc5d53d9f1964b8a55d871c78250851491441c924701a52175410f52b162ebfe3991a72472d8842248402a666d726ea71437fc4a521543a323d501a6942ec4b7fb77ce462face53a2ab9b1b9fcccfe2346adf36027c48293e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38172,6 +38351,7 @@ Nonce.14 = ef68efad369ca5fe791ad438cf9dbbd2 PersonalisationString.14 = 012ff5b08fe14fad65ebad5f15d74fd72d8577115e5e91262043e85a13a3043b Output.14 = 1779c05411254dc5ff714eb56332cdf9a378a160bf0a20ca2da9e4c3b4e3c425d2f08dc969bd4924560c8caf9686b27720307af8246e6cef20fcbc00cb1f137b6efe9902f9944c1384bf917675a52b7b816795327afc4896182a78d4664b98196f89c466d5fe1e2a54122035863c8bd61461b2ef9e7b469492ff63364b013dfb +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38267,6 +38447,7 @@ AdditionalInputA.14 = 77d998ddfd7ab7577ca9f51d6cfbec955aaf9f88cbb3ae32db7f7c4609 AdditionalInputB.14 = 9ebaa09e7057ad7cfbf02e8f3143ef7b7c1dd6158f641815ecdf8e4a65c17f19 Output.14 = 161efdc30cdd124d4d6b3d43798dd79bac70f494c3ebaca111cfa3d9343bdb73ac0def00776486584f932cab74ee12a391cbf4890b10044f7de6c73f973e43837a43b7c47a1a9a36d7e62f9b7ce40064994a610b92d68c6d37aa5d9d92c3d858770ffb8fbd87324b49101bade3f2014bcae7deffc1e4f6a1a91ddfe7e6aa33cd +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38317,6 +38498,7 @@ Entropy.14 = 0653c409e957302f6eb62bbc4f42b30942ff7860e7c38dfb2fd26b164e83a713 Nonce.14 = 273f7eab3dc9bf11216d5216bd12478d Output.14 = 51dfe9851da8d7d5add3dae413d8bab8bc7d1fcecea00795ffadce047d5243ae36f29f3611fb8cb66e98717a98735384aa6a310696356cb48f4672b2ddccf86eb44777c1616338792629b6cc6ec2b66dbacc1a6b66bd9364914f1f43277f6f43e13145fcdb73a4aca6b784f9084d22c967033651da610e9a85b1eb7513683dc9 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38397,6 +38579,7 @@ AdditionalInputA.14 = ca73cf447f2fc3984a9de0290fd9a984a8460ac715cddd9e8ed99aafd6 AdditionalInputB.14 = 21dd9cb8e146954a9745fabe039f6f52ba8200f575e9bbe19c703b8864f34e93 Output.14 = f1b153ae274a380c28668f1ee2c8c3a91f5380d41bd611d974e4e419a37debe664d0b706722184fd3e805f2ff05554bde7219023d1f62a52970aedf4d77e7b4604cac2a804e7b9353c087752f7f185991b10910724d0fd06dc6526d6102c8d0ee8c32f6692c2786d3b715bf3860539689e3f415855ddc37bbb6750972f3a45ca +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38462,6 +38645,7 @@ Nonce.14 = 10818cc50b58ccb660d65ff705041a37 PersonalisationString.14 = 2756a89e79266d6d86bbd865708321f529b023d0cb5ee5d9888c37db33dd5164 Output.14 = 7b3d778ee1623b08875305d5761ce2cf44ef1bab87c7d0f29c862c40d3da31240e7450d827909b6b131a9b0e9ad68d5c02caebf4f3b0b7d7ac1cc58e353ba68e7ac9eefc3de1310cf9bf5f4b854ef3fc36e940d4fc50072845a83c38a7d4372c191b900d11d11a907a50607c348951ccfeba4efc30377e4a965056e4e84eeb02 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38557,6 +38741,7 @@ AdditionalInputA.14 = 764b81871036cf65802c4e9659e25b8039be84bad1b121b536d2ffc269 AdditionalInputB.14 = 28d46df3c254e5cc199e14b45bb1e2f85a5da03f49dd76b5a16b76723d5b9855 Output.14 = 94e1fa76f879eb9840cd50853565f43cd7b0545705bd9a35494668bef7d7e7085b48a455b38fcf10f145f28a599c58e2f88c2855f2437a17d7333d243a1c25b76bebc6a94f7abc3fabe4c78041d9b3eaf675c11970b14cfc6ff20c8b23852b2733ef8d8416a920617a9b271beeabdb0462e5d23fd68b56f58e3554e81493c5a5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38607,6 +38792,7 @@ Entropy.14 = 3bb1f6cabc56a02643eb767cc6e5bb3a5bd765555e4e27159ec905012f58de22 Nonce.14 = cc37cc9b20a2e4de0bdf8ccc3261eb90 Output.14 = 28f20b9a94340aaa6ca98174b5929ce3329d81bebd67faf5e30d12f775748c34c848bcda26cac8b4a9b34c7c92c9984a6f5a85269583358e985c2b372a887f9e3f0f3920dd512def27d818522ed1a49e96d00a5aeb41bafd152144a8b6f93426e73d6e8ef7a8a5381bc464b24061080af02aac51fdc52f404e1349b7d04daef8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38687,6 +38873,7 @@ AdditionalInputA.14 = 2be009fb81ff22c5c2e15c988cdac8f21a6f17a4277fb1df773bbbcc39 AdditionalInputB.14 = 0c869f061049dbaea48af93272c5b321977659a79f8bf0a5c6d68b982ef44b88 Output.14 = cd9e8213591ed7e30743ba0dbae5f08a4021845d961040c5188093d518c3135048ea8ff052fd66fa83bf98c06d39c6cb522dbc938b6824f51488197159666369e7a9444e04b7ce5832bd6db1b3cebf8c0f7bf865bfc3cf60d2a2c0ef06abf7737590fba097c29fed234369cf9f064b142ca30e3941093904945021372c20d90e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38752,6 +38939,7 @@ Nonce.14 = 704e8e29c7aac1d8cbe97bd7305f8cb3 PersonalisationString.14 = 631c5d0240b8d9800211ee6c97a5ae77405a354ac25705f22d405e17a52109cb Output.14 = 9ee855e661d4293fdd7353492c711b39625ead90849ae5808b1f67c55cabe17ae13f0f18c0954341d6a2d24b899785642c0b29bb1b81fe098a17f8701e8820cacf6c00a8dab2e96e7f8593e188aae48385ede7bb5ed5ffa3f19053663383d666d38eea377d121e0b55ee58ee8fbf1e49c42a4d3d48fb0c9247c6b94c6539f4cf +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38847,6 +39035,7 @@ AdditionalInputA.14 = cf6884bb4cf7c08ea954cc2d2389eaaaaaa3bf9ab1dd74372c20bb3e12 AdditionalInputB.14 = 2b30cc597b280e704632ed1cd2bbbbba7a9953deaa809848eb937b6b1a44b91f Output.14 = 4de8e3c529bda0753a9ba237633be4c844308c233d6e58995c339cc006c7d4789b5f1a6314637b9749621fae3982c5a748d58c080e12118d4442bb55732da53daeca71d3d033b10a2a807848babb822a346524b4a41e9d85941730b21c0e80a9871c9d9aab0e6d0269258b57fcbf7d703794bd2e5f3d7b3da9d3cf2dc2073653 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38897,6 +39086,7 @@ Entropy.14 = 043872fa9f0c4d97e2c6824b778a4fb0debae214d3358a5aa01c0092c9dab6a1 Nonce.14 = 0fc8d529a37083c2efe84aba8c8abbc0 Output.14 = 22e8eb6b4d11657a66cba93f89b519bcce87a9bfa5ee22cd3cfef6180cb8ca842e8d408257b8140fabbf1dd65085ae62fb8b1d2a679dc0bb0a82ecd3b8bbc05782a20a6345554a1f5467e9811e0fce41a786c805ce2882f8b4d972b9a37eedbf828a381d34bab95efc47233846f8b5c701563033253323eda41effad5fe37d3a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -38977,6 +39167,7 @@ AdditionalInputA.14 = 585a4b6736338ba663522b438ab9255782c39b36e6b253186e821ae969 AdditionalInputB.14 = 2581ca0314c9a224b09c0c2e677e1df1c215cae0760d3ba03d1053156e9c3155 Output.14 = e244109b937e9a71caa70d627ec8280210c86676b4ea842c6a4569e5da0b25c1ab3794ade3344e2185641c77df4d3011962e8312aa7c2013e4373204d861e27e88ede82873d5d45ae5700ddf0ae7d523e96df236a249ffc6e009e231b77d64f07f395e57b19a4d2961a6046c910d0b8ac3d882129ec3e337be4cf2d9ef041a8f +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -39042,6 +39233,7 @@ Nonce.14 = b2328815495d926dc8ff075d5834bc20 PersonalisationString.14 = 4c539b94823c6c7883b071ac395203bfb5117b6f9d5db7cf4063132e6a2a3cb8 Output.14 = 4f6035946d4305290485c7aea10bbceb99b841770dbf5529e31ad51b0ce138344ac0b193a5074234adab8887a51d9448a2cc637a543372ed93885975b8de342c6a12a1ca8f3d053ced1dd2c7d6a3fabf6ea7860071c035f0fd54ee5775ae3a5d457d4af9e034ed337d79e9fd52c2ad051388dda50aa78d37403f33d52d30f6be +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -40299,6 +40491,7 @@ AdditionalInputA.14 = c9a1481cd25c537ba57750d594afd25f AdditionalInputB.14 = 51e29804f9d079f3074ec398320b2a70 Output.14 = cb3cd4510de88f8081d8989c2679f76387b7d2cda286b75d659a3ab7c3b2ac77ea00366e7531c1c9f4f8e60c845c5d2a5e05fc999621d011deac3f28cb447a37c2ee815f7f5be3a571d153475d6497a3 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40349,6 +40542,7 @@ Entropy.14 = 71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bc Nonce.14 = f49cb642b3d915cf03b90e65 Output.14 = 144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40429,6 +40623,7 @@ AdditionalInputA.14 = 03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1 AdditionalInputB.14 = 5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6 Output.14 = 72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40494,6 +40689,7 @@ Nonce.14 = e8c5220ae48b0ca1412e9c74 PersonalisationString.14 = a0a1d6d3887f7ff9f13c85d6ae5af2c840fd85989b7e50b3 Output.14 = 14f629aee43f71b61d467ccc37de8eb6110ccdc65fff57ddd2e66707bb768e5de5df5467ccd55002815d306adc7b7d6b5d87c20d2922bf5fd3790282608457b69720be7d7affcdfecd173a741c7fc99f5f30f981b1bc102977a61f1515b923ba53cd87a37faaac12e0af613ba0972a0c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40589,6 +40785,7 @@ AdditionalInputA.14 = 875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe AdditionalInputB.14 = 4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595 Output.14 = 90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40639,6 +40836,7 @@ Entropy.14 = 30efbec33ef98a928e9441af3caabb34cdad892669e88130 Nonce.14 = f77b7e0fcca6f8733e0bb0cc Output.14 = 85f5368cb9f44474af6c4a159477c5cdd05eb0c0a37847bbb07e9a9c8f633ef2c3727d017f1bbfa89dba056062202f5824b3a493ab53a2a5fcf796d944577f1393d35f2a284453b2cbd8eaf35b9bae7b87c156cdf9cd0a2fc94ddb0d4842e3ab4b6c97089cac0e32bdeb32dd8233fd6e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40719,6 +40917,7 @@ AdditionalInputA.14 = 5c15fa9dc77d6fec5f7a4a3e4a315c05de2b5e46efe54934 AdditionalInputB.14 = fb65ede490ee01a1c100ad5e23a20f91b45adf1ddc15c590 Output.14 = 98cb3191831dc79334e8e37d5246600f822aaa40964b91f345b9df90929db1b7bdea96dae9aeb88d05fade5ae6c29aa8eeec7fdc96e654c5ea41ea01e3104ca4d287bb03005feab0bd1f85e556bb6bc46a2227b14fd94f9e6cfd0341cfce951851feb967968d6cc818f364345b715bbf +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40784,6 +40983,7 @@ Nonce.14 = 46f8ee037b927ec766de0aba PersonalisationString.14 = e6299e0eb5826e498d873ac02892f01e02f6632101fcc090 Output.14 = d86bfd8f9d80eda3bd43850ea6edab2ba4f69ac8eea623fd6bbd5c0c920620f8cc136b0170f0310a156271981a9cf7629e1b8f0759de1e99e20a0930ce3bb7dd2d88bc9172a56108cdd736dc529a6b99862bed7d543bdceeebf450020762652d520105f5c5cc3c9a6ebb64af2a7e82b0 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40879,6 +41079,7 @@ AdditionalInputA.14 = 82f895626afb606f335f5f050f0fdf3b45275e0b451774f2 AdditionalInputB.14 = d423d43240cb6461402a7755f247573f24fab496e00b2e5d Output.14 = b32c753900d4a0a0650d35d0fc918b3aa5f253d4381598ed475147f32c8b002bc08678e45bed1b9b519cb9729972886f85e581c75d3c2c9fd6ced929be29aa3befcd1d3fabefec590ca55612c1a0409446a01398d0e4775a548d118a32f29b0dc29530329d2a7656e5d3ef66db2b9726 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -40929,6 +41130,7 @@ Entropy.14 = c617061099a17392c3092d27728b35e59eb45814e9df9fa5 Nonce.14 = e1634c0d96cf91c53b063450 Output.14 = f08234ed8621f1f551cf49ea60140313a71341f6886c484a06e74e64aba6f8ffc2cf1edd34cd93e836ab033fb0893e52e01da9b3104fe49584a45447c136222b1c1f1d3cf406a80ed9d782d2ae277790eefc5c06f954e654f7f283ddea79d2160cca1f63d0ad00eae9e882de34ba4083 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -41009,6 +41211,7 @@ AdditionalInputA.14 = 857ce19dd6e8a45be185875f1a98911062045553e8d28ac2 AdditionalInputB.14 = b5f1998f0fa38145edb86ae4d569ef4dc2e0aac0a815d3b1 Output.14 = 8f0d978b24bae2a0665beaddfa61e8896ed7976432bc4f7c444699e30b8da1ecbab8990bab9d0d72ef6f6b0b27ede12dc171a43a14092d57e3999cee71b1356da5f29b17fec227ca2a4887bd990fa33e1e01c8a9f900ffbeb300cc5ce9d7d2e25a44fafc07e34acd61d425e0d36fb0f4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -41074,6 +41277,7 @@ Nonce.14 = fc382061e29c4047c6f05dde PersonalisationString.14 = 9b2eaa4c2a229cd2bc5de218aff95f6e5fbc7ef150bdb50a Output.14 = ad49119d6b4f25ba34050920fc503d3d0d331ac2535d916a58d781317fcc2b1117618e9105ce192651ea9e19fa6756975d207c662f2b464416d849cb67b9af52abeb84f80863943af99c7916e78317a091ba90714ec8620f661b41d648c15c06e822329cd7f145446c5c3630a4243281 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -41169,6 +41373,7 @@ AdditionalInputA.14 = c9aac7bd9f15385facc344dedcfa754bc9f4f30277a3555a AdditionalInputB.14 = 42de701acf5622b30e7672bf7115043a9912c1758c1b316f Output.14 = 972ccd5aa60966bac39aa9c891c7c513244efbfe3446fde6806cee991851f1e4b3d4a4a0c04b57242deb4f53d27040879562fc5b32621b46a642f3c84063c5195faf9b78ed92145821ae554d58325b03d60e11461adaa8ac87876559e1cbe47f7b5c33a8311294b0e54a44c97d4d2c9d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -41219,6 +41424,7 @@ Entropy.14 = 47f141d1d0142d53c10628d2d1dd77aafc11ffe45f29b126 Nonce.14 = a1e958e036afd40059ce9639 Output.14 = 2096935329ffd975154c38a2c22e30ef12b7acbacd39868032d6eb31a596e617fc7e05026b3dae231f256ea94dd4ea4f05734eaa7916be6f846b0304ff0de389f3390e51641103e7dedee99e56d9455c80a7e10edfd2147a50b3864b05443a1646fccde2197af1d1d72ae3c2d4594218 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -41299,6 +41505,7 @@ AdditionalInputA.14 = 49a758a4e0a8ce69aa2e5f9b7940c6fbcbfc4fdc91165e4d AdditionalInputB.14 = 9c8ebc02c3d92d33112a15747b6367b8d6db3447cb9be2af Output.14 = 70cf10825dab6c1abcc1532a1b2bccd96f0638d02eedb40a7ebf97093f5d0295b6bc74d9e48290ab39260d684effcb401427a4ca62b971e5a31f06c14a9f8e3851c3e79dfe129ecf8a8e185ee58667e2b692474a0d5f0a39f9d794adf1cd71c1266563dde24dc944661acbf849fe69fa +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -41364,6 +41571,7 @@ Nonce.14 = 82dfae196513724ae269204e PersonalisationString.14 = 6e01d897ae919812b8408f82edffcfed8db6df2e2cbebd95 Output.14 = 6e9bebf2e54d8da4e8ede97ce463239245ff1b021acf4441312ddba96d1f3d750bf2b9583a8aee76e2ee36a56d8e2fd4e11377d15ba3ad0876fd467c375a744240de0a7b38974e0e7b27c3917ce4e22f2bc78861f6f8b1fb42edbb1b0cb869fe5169527064cf2f38c0154082af5457bd +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 0 @@ -42619,6 +42827,7 @@ AdditionalInputA.14 = 9ba9285889d50c27bdeb4a830a5b3120931a53980b30643557444718cb AdditionalInputB.14 = 0f8716df331067b8ccf0e5b90ff79dd0f962acc69fc5f89c593bbb84e3501ae2 Output.14 = 9d2c0053a0fd3f9be1fe33db214f6f2d54aca573e0642bd269f1b1ca23c42a1e85c73449830673cca14feab4d2686814edbd90c325e0fbcd5a2d7ca75334dbb113a13a0bb4e838f6724c74dddfca8c2bfb903c362d3ea82acd60d01749f6dc01fcd6708009a58ee9cc57a0d089095efae66aaea68ac247cf6aa8808d1038a109 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -42669,6 +42878,7 @@ Entropy.14 = fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad985 Nonce.14 = 91f9c02a1d205cdbcdf4d93054fde5f5 Output.14 = f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -42749,6 +42959,7 @@ AdditionalInputA.14 = 809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56 AdditionalInputB.14 = 3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7 Output.14 = 4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -42814,6 +43025,7 @@ Nonce.14 = afafaf2ad7e6449308e176be01edbc59 PersonalisationString.14 = ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad Output.14 = b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -42909,6 +43121,7 @@ AdditionalInputA.14 = 9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544e AdditionalInputB.14 = c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4 Output.14 = b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -42959,6 +43172,7 @@ Entropy.14 = 5f28c73baaabbc09e8260df3b3577c21f2f02be057bf49d2e73098ed5ff67f89 Nonce.14 = 8c2f85b546903d8d4c10fe4549c3f673 Output.14 = 1563c678f1b072813888970996af33c2a6b70b8dfd2e146c46df0616509382062fc9c72d223ebd555f4d8892aafd7b3b61619559fe3d3e7b5e83c07f422eeac912ca7d8858a2d25b966a8b34348b8ebcf44a4651edb9cf5a886e383b01423322ab3002edc8c936aef869d7638f38ca6688c308d2a17fea0ded21901d8e9f1ff8508762cb1dc7e700970938a0ece74c1c2d1801230ea785165d62a7ab0d6d59caf36b30be8e2e1f691210373b7a2866e32ba4b49b6a2f9cc9b80aa1340ef5c76f +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43039,6 +43253,7 @@ AdditionalInputA.14 = b5d9cb4b3709adf297462f1aa8875c9f84bc39e323b8fe1c0df269344e AdditionalInputB.14 = 5e47728cc468e0d2c6b6a90a20f83a9f0565716af54844552988f1d8c3a83eb7 Output.14 = 548c3496135ecfa1119098ea2d862d421af024a844c37a02142e2545e4ff1038f4b73c7f6b7d0fba8f92f292cf5ca8fd57dbe7ce129423e0ddeb1dffe89252dd6b50495c88f350bb77e08c8be409064f7e9cb751aeb779eae30b7c471dc41365f128d22474a7e90a9953e948642001f8e6ba8f91d250d8b4c6407892cd96b12e5d94e4d7608e6c11604357436c8d1cc07a21aeb58d396f413a31f72af1ac06864ba68c04e0c25971c1315f5a8c5c04fe252105fc822452d0cf66f86af13d613e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43104,6 +43319,7 @@ Nonce.14 = d28f752f6e466e3fd9595fd380fa14b6 PersonalisationString.14 = 232727310fdaac541b182497e5240dc2623a36b4efa7a912ab3ffaf9939c2336 Output.14 = 3bc26201261930bf3dc164d25287e41efb47c07c8c5c0adf3e86613435df202116331cfccd4e07c9ef008c62d4199d937221a17dc97be2043270ecc605d3d48c609cbce3aecba3557dddb304f440250b2c9fd78838483e2d5a2b22015b97869b891f9e42afe21df5fbb8dfc9061468c70c63a14b6dcad9ccdeced41d021dc0ff47821415e8793d34377258d9d6629b9e396b9d6b8bb7fc22e03ecfd4890d16912001cb7ed002e33a595052ddf7b991c5607ab93c220b2122783d51a8372a223d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43199,6 +43415,7 @@ AdditionalInputA.14 = 50ceb01860d60ed119f101d5c573b5db00402dbb03885a09e8d326156f AdditionalInputB.14 = 01e09092bc892916c29f7b515823f244d147d4b16976cebd6a76a37ef6e62998 Output.14 = 6f1379c44d8131924c9a78286e80ebb34604ad78b531e795cc30c4f0aee422e4052f201ba226bc0c2aa3ec341fcbb5a87e24b91c36be7dda62addba6960df1289372e9677ce030555a9bd1691f559b8ff787dafa35cff5dfd66a2abd83f81552a82ba6ca7d21c438483e60fd77f93bc109f5be802035412c2af2873f5cb186b77dc055c0e0b27b16b1ef37de0b81fe63c4074a7cc8c3d27f71a992b5468351ef8b84a7b3e8f12458ff670d1381d879feeb1cd3b93436580c86bc2c33f27448d4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43249,6 +43466,7 @@ Entropy.14 = 57050c5fe58b2a2a0eba0d3b9c08a9b285e1180d2a297e0a9ad20740c6fa9f00 Nonce.14 = fc309209936c569a1367d45b212a9a50 Output.14 = 288668476b39814edbce5ed91951cec398ba2dc3bad76048df5fb1a2a680519c217ec4d57adc0251e1f8892a866b142e0953353bc2dd207aa2703f81814d26a60daedfe94d97de6043ed5f3bd957b7516681827f7a36d1b2a87b692c67aba050bc38b5e84f65f07d70cc34549f01aa390c5fc8dd01304fee7378e62549738e3f710ee6a4e32db3f472e1c2ef1e803e57a8ea992f389f0823c922bcea8b00ab844e071579170baae90839ffd5e00844ec343b02db090847cd323f8a68f0dce64e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43329,6 +43547,7 @@ AdditionalInputA.14 = a633f5f05ed8b09b70683a9f9a8e998ebf843b68a039dc3aa40cf30a5f AdditionalInputB.14 = 9a57c6be8c1d992bcbd599952bd94a755d7ad686698991d189afd11cb88b9f53 Output.14 = ae0fd8a1bf6f2f53f9e81ecf6f40ff6a36fef58a3f157b6a435403e48da4e88cab7871bfe2233b92afd228bfe3117d7cff0798225a901663d51f0491109b9c631dd6d32c5bec2da321b8e64ebaced87a27f17f67082df944fa94acc6c557fa6816001642e38b7d776c631212b782f71aed6db760f90e0de8e81baaf4d419170362932e6c319dab948749b331aae41b4cb3267da37c9233c36d65d5482c8940387498453b226af485a37ea16bd9e4f938618f70aec97e8c1430a8d8b6aae396e9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43394,6 +43613,7 @@ Nonce.14 = e1609138b91637917ec170fa3c3fb278 PersonalisationString.14 = 230db2e57b87e910cbab26fbac7fa93a65c07c1ec004c74637e346c2db63288f Output.14 = fa58f2e96776b4aa079dbfb49d81d8abfcc30d459caeb45dec4f1766fdc3b234d52cdc5337ea770e71a28cc42c82cbefce896d1fecea5a5290300208aa79b5ff97d2091498d749b66a9e5b2da7b774567ae9f83b87a8417b1bd089935e575b16618ffe8ec04b91fc9315968dc395fa2bb8776133d3ede95aa89ae675881b26ca831fa5fe6cba800d2fed1d509353e8cba6f007cf3c5e0b9424cc034e1c817d5f7326764f5ed1d17ddf8900977a0172dfab50bf4819a67e4c1af4704f59eda3bc +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43489,6 +43709,7 @@ AdditionalInputA.14 = 32f618446311f03a0038dae07e85e19006a55b69501d764c241f683be5 AdditionalInputB.14 = d64a97650e2f25362fd711c7abb5635672e16a02a1dd5ed8a181762e86f4f5be Output.14 = 54ee53e6d18e974913ec235a37a706868f217af33b25e8e5369d90071be1d01035ca331b8514f3d6186a9ec62b1e7808b7fa22859eea21e4b8113ef770772561eff7f8b6ac22125d002f6ba9f53b235f7d85dd5b601787201ee1423de5d971b2e758b3955a048b50f118c01122a8e657f69a63843bea00a46c4fc2ebbae36adaebfe3e6c9b1c82e498d3fe48d332ac1bf31ab4c80830086c8ee4b1ea190f8e269f74cd760f5a29d244064d09c1bc30832482d5205e35604a388250a7a196ec74 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43539,6 +43760,7 @@ Entropy.14 = 9168436a8600415b83062125de0ce6a998090216dea7374af08e6d3becba054b Nonce.14 = 94206c91dcdf9c7c3f3571c703013419 Output.14 = ef12bd2b6dea20cd197ea9eabd98eec1a2943619cd2a96dd16a6c5485435e00c59570ff14d7d9fc09c99ade0e5ec12a84c0a8ccd5677fa9b92295eb2a620e8a0400bc9ad8a1ac1aa4969d8d04b77ad59b81d95cad75358698107dc8a2ff42adbd679ab29cc29cd6ea756f4c4e60c271c3134c48b5d5aedecf011e73c2663ad1cafe57120cc70137370760c350f4e9c0b8e9b01c9acaaeb56094434f4f87c67a5b5f674783204ab0d0598c06f0802a05ec97073c005f3c9f772fe0bb449c1cad0 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43619,6 +43841,7 @@ AdditionalInputA.14 = eb9e19bb6eb7b714dc4d56243897916364dae7bb3861a4697d7d3f2b14 AdditionalInputB.14 = 156d12c7a1d0af2cb9f2d0610cedd9ed3b982e77bf4a9dc1ef0f71284b751ca4 Output.14 = d3b0b0ac5150afdb3d9de12d2c8a7d45109436ed9c316aef1d1fc5bfba1cd37cd750841146dd08320539eb1678962e990f7b7662b44b918447e173672b873b8ab0348306cf6ae2bcc6756036870745436571763efde334dec5be7bb9920629a36cc5db66e8824695cabecb8bf092858e095a2a520eff140f483ec528131c850a8eaa48d8c997fbc810401ca378666d84020fd34af77fbe1152523e979560708fb15f3b7981e333ad4ee8c2fb6021a562f339616823cac5998cd919f82d43f41f +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -43684,6 +43907,7 @@ Nonce.14 = 733bf048e5b112426979a9879b6a0c10 PersonalisationString.14 = 58d91008875f51d541c6fbd626a49a798dc51d9cf2e8588808e74953392800e7 Output.14 = 1794335e21606d706dc89ace28c60a15c0c9f108f5ac882b103eb62e225de749285e5fb0be98a5bdc26e3c998ae418306380941d78acb7c81b91ef41cecab328332ac7404ace0ea858e7835534f778cab3e3e4eff043742e4f7d4d5725bcdca0b6be7ddbf79e57fcd1d5a4279f074a599abac2cd281ec6784e29d9399f5ffa8def3252acacc59844c0c24c20d029a89b4407e0b5cbe9a8d51241dd36bb82c400ec4571dd1baf831d58fed3dde4ac7f961be6ebc18af6bfa922a32b81ea11334a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 0 @@ -44939,6 +45163,7 @@ AdditionalInputA.14 = 06df99a38f4222b9e7e1e3f4a6f488c1dfeafe847129d54c93bccb1649 AdditionalInputB.14 = 3977a9671024bf0150752ba10c9f6432773bb71aaaa9d23d1ab72b90b7f0e088 Output.14 = cd4fa86fb559475f4cf4a60f111d3d0f71646d3d25111889332f2451eda96390c607a0178e1e79e8124c7626ecaa9822495e5341dc6f24818f97951bb29434c7c48d05838fcf3b43b8314827d3acc8fbe2c4ae2ab066626c25c32a760002cb1d980169f7691bee5e329ff1ff4938d3bdaae583f3561499563198a5eb69e73f6b963a5d072d23e07b0ce48cd04b31f9ea349c2cae355ba478e26a5fa33d8f03af84235fb1743d30910f5557194e3609494019bd705f8cdbf3d1b4dafaa09c9d8037d2e0ba0f96948d4302e981162c34c12c2fabe1a42da517b7e5a1f796980371420cb305d0a316bee56767ce1aca9260231839b92fa26fd75846d9304427da27 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -44989,6 +45214,7 @@ Entropy.14 = 0cac1d970c06da6f224d49e5affec0fe338d0b375b66687b Nonce.14 = 1fb1df257951ce8fc0cf12a5 Output.14 = 7d6e2be5aa574b0edff39ea938e94143ed92b287262891dd2a6c9193b0237e8fbe10056e15785bd818e548452792a31c728acc14ce2bce9295d3776885018a57c8580a8e7df9a34ea960e0b39af4510711320528fa7a0badc6e25a0eead8cb091c404f626343c63d40044055ee9f9e35 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45069,6 +45295,7 @@ AdditionalInputA.14 = 38ead8a466e462f5c0617822c23294cdba07a80fd51dc241 AdditionalInputB.14 = cacc9efb209c71b123498182d25081aab8f0159bed1fc0c6 Output.14 = c200766d5caf72e64a77a7fcae1ae3d14681e33767ba2ba7faca26209fdcb59c7202c381b18adba07ef0ceef443d9e1c5888366bfd953d614bb184370b45ea2b44a251e381fd2bdb80bf4bb8dfe011e1b143032bae9ce82c2869537e70d36622bf23476163a2dace9ba863a5f0e3d303 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45134,6 +45361,7 @@ Nonce.14 = 7e2f3e4427d00de41ae92bf6 PersonalisationString.14 = 2e8bc8edcdb3dfdd451542fbc68481b30964fdf8a6ca77cb Output.14 = df949beb9b33d2c1522cf6fdb3206cb10b58411ba9e28a4096cda7662b69d23e0da2be9557b9a3b5a8d67db4d616ae9fda3a7e0a8516196568f7a81474c0264993b141f14066fbfc29da724e447f6e503385944e902510f0b3971f7bffc6a6a202ff88d8113bb222b104055f427fe770 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45229,6 +45457,7 @@ AdditionalInputA.14 = 23a781948449d82ee235d0495ca48d61aeb399d7e2ea68b8 AdditionalInputB.14 = b52421e5b0e5281920da6975ee18d74ceebdd5d5de05c018 Output.14 = c878a886e24e20a8b7e22e41ebb33a2b6e9a0168f4c72bebb78f0955c8449592e91c6a2f1ba5554c9459bf2702e67470c1df0b5125d651facc0a9339a2b7c921a51bc7203020f085c9231b3acd850ebfef0d0e13dc8bcfecf1f9853930ecd9b262cecaff0e2bed9e3b5b53343b733766 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45279,6 +45508,7 @@ Entropy.14 = 04c61e5cbd79804118267ee1c76db36b71b042bf60a1c891 Nonce.14 = b833be09092d4755ee6118f6 Output.14 = 0c4663313750b12daaeee80cb28f097cbe6f50df2022f9ff02a51fb373da42411c5856a136e9645e99e69aee273726d146e3ef4e546273eeca52b43c068887148b7197143f5b9a4c55d4b0544907ee9ad2f181d1b37742d1479d39e78e47505603550d2b28bc1d151a50bbac140988ec +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45359,6 +45589,7 @@ AdditionalInputA.14 = fa3bc697a6bd8ce341735365ad6e214d1e53e8d6d0a2c206 AdditionalInputB.14 = bea0650424d1f26e75a49ae2dc529f1fdc552e3a0aa50948 Output.14 = 4a718257296a3a99f199a5a24decf8f3e6209a4a7fb0b24913393c8309826ffcd6c47208ea6879921424ca55e63a7e5bc63a030cc48be7648da78fc9f314dacb2b8568635e5b14a94bb06a709a2f023a86a871dfd708204c911d94ef3690b3634e58de03fb20091d628bec834a760dd4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45424,6 +45655,7 @@ Nonce.14 = 4b729a67449bb5675a1f9d1f PersonalisationString.14 = 9160b7c96fd367dd7d378e82be11ad1827c7661d76bc1fb4 Output.14 = 1d7ab4500d99a18b8be2ffb8177c869059e25f1ffbddb36694fa8561da1d71f86a38accb1926339f6dff71ea8ed104c3518e62b00e520c51a096c1c62469e56b139e6384e982588e748a8074dccc51d558d944868e2b8e1dbd68bd83c663447590430ebe15c64aba4669d1a4a784d8c5 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45519,6 +45751,7 @@ AdditionalInputA.14 = c375af43c11115e995f47212f81cf3cdca5801d184d82235 AdditionalInputB.14 = d2eea45f69c6d82dc3a7bb3be69d595c86c5ea5b4aee6001 Output.14 = 907452bdf42eb168195313eefd090a2fe1be8b668b8ec7153a4ed4c07e6979244282e976decef02ffd4fd92b0d7b90bfc453cfd81a823dc162dde29dfa926f20e395d7432e0aea61c72e05c1673180bee3b47fa171cfba98864fc2bf83878e37c7dc019d465788aa1500ab3db8997d3c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45569,6 +45802,7 @@ Entropy.14 = b37ca70fd13538ef74c5a3c7ef00a78705919446954ec43f Nonce.14 = 3ecbdff8cf33b50788dba82f Output.14 = 1bcbccc535fbdc8617575d46ea5a9cef2622995dee19aa4b998325dd8d0935957170f6b18219354cd2759ba53c9c1f380586070db0c89979a581ce1e00ce38855e123dc3a2dc9ce74bc3b6e27c9603fb87c09a1d90bb540d267d456f5457daf0920a13119a2b805f9b97b154f80f4bbf +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45649,6 +45883,7 @@ AdditionalInputA.14 = 9fcab4a8d0d1036a6210d56a894f861fbfacd4b20c081f38 AdditionalInputB.14 = e279bf650f812b8931662e59a0da7ab799c193da1f6eef1d Output.14 = b3ec81a3cc8dfa4e1ea17d33566a4444bae9969244e7a8970eab02afc8797b5fc85b6614ab009625b81fbe078bfa4db78ced2d8b3f1e3342b477a3fb42cec7d44546585621bb8310075808aaddef32ede3e668e626711fdfaf2569721bf645edeaf74a9826aadf0a9cea9893aab4fe3c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45714,6 +45949,7 @@ Nonce.14 = 98ec3ae036755323042c08da PersonalisationString.14 = e6f24d96c8d11cc68e72f56ee7e345c5a0083509821fdf17 Output.14 = f5a9d375a58d1b337d245d29b7a9e352cbb0fc950276e042d075a71f4bc43b65b063bff299c670adfc46db39c4303adbbfebcea1df964c27d33cbfe4d46567475abff4f357252ff7d05ed4ac34e6ed14c33c192909426654d604736f3bb0ba01aa5e0454d60dfe8aa5b2df3a52df22d4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45809,6 +46045,7 @@ AdditionalInputA.14 = ec35738bedab1835d07ec7a6d9a5e6e0bf8a3283541b3216 AdditionalInputB.14 = 689957f9c2c58f1ff34899bd0c295bbfacdd149ab378428a Output.14 = 6eebecbac4dd64b170cf6aa84788f643755ad5c6c731b63bbba3b2bdc2694f1fd42fb077b4309a0cb09b5ed1107fee2379272351ca9221069530762e4c8ac4c142c30167a32ac2b82b728d57bef95d620cd1b7a2ab5c1a6fac2cc90e0f6cd003ef526485c8bf0dbc9baa7c1f0d6f763c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45859,6 +46096,7 @@ Entropy.14 = 2fe6d7ec78f76820cd88c41a5a958c399c7ad1619406caca Nonce.14 = 1ed975755cad5e4c475c5945 Output.14 = e34b31db083e58516cd60ead2e5b0d39e4a2bb47c2436531c0e700e484c27d3d233d10d1ea6c58148149751f24155fcd258f384d61000da88106a0205d693e4ddfbb5c35f101ff15e531e9ac4a988c16302a962146a3aba9af5c505697cf9aeb7bdb8c49c281458acc33ad4010122aa5 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -45939,6 +46177,7 @@ AdditionalInputA.14 = 17c87a351e940e261e8806e2548da44a751c550ff5f0257a AdditionalInputB.14 = 7e3bb28f266786ae38c24876087fe35c7e43222382270380 Output.14 = c943c9ff0cde86a62756465e6bf4fc9dc25447157537831c975782dad82f3e33e6e7790b41c158713b8978a6967bfadda9e15ef43922b3f93c8ccd0cfa834fbc6776f3c1b6369b4f25b1cd1189f8b8efc31be2dc151d3608eb2189a4f39c0f0a3deba00ffc97299c11c46885b424a7b2 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -46004,6 +46243,7 @@ Nonce.14 = 4fb71fac56d2aa35d7fa44d1 PersonalisationString.14 = ad66fd02b6f6e30ce521ae0d783236c75cd3699696475ac7 Output.14 = 4b2df98ad411407c1dff07b5c08e97ab501fc20ad191794dab73e9b4dce62470b3c70d75f07848f436f16a8c63ac31a75525bd928b5c76218099ec940e3ad193eecdbad834557e92602d7daa6e3eedcbccbc4d0829c8e1c7e59adb95ce928bb138870566eb27e4725191a9ebed50304c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 0 @@ -46099,6 +46339,7 @@ AdditionalInputA.14 = 30a66bba0f4d6c249e271de8927b6ba1e99fefbf3386934f AdditionalInputB.14 = 1ebe06fd88f8f914ea8f590483994fbf227613e7f49ff18a Output.14 = 38b4e2bf6aaf771df03b3bc37a959955dec83f07af4bcd995957a31991c5ee18b5bcb7754f3bf6293665dff2b4769d081d9be6393803e2c62a73ed8ce4adb17b36c1e0deb8ff6106308be9019cd179a92feeb184d93a9348d3b14a70bf13fd74d12cc427496803b7fc041f87c630756c +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46149,6 +46390,7 @@ Entropy.14 = 7f422e735bdf349e4f51787571ffe061ec7e9181fa0b6a342e36611da25c1a15 Nonce.14 = b09d8dc6997bcb567cfd788d0e06483c Output.14 = b83bb6e99b0a5237242711e27779d05d2157402856f9653542f1ce52b1a7463e13d5c92309a06d8a78773ad70504b64ff070c2e6afa4ec3662f2729cb7552235b79c18e08354e334474f238ee74feb7e892d5701543f418cd7f2f5533437d9901dcc54687816f16eb7341b1707c6310a2085dbf387044a78fed850b42fe9d8b4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46229,6 +46471,7 @@ AdditionalInputA.14 = 5722b092a5a0195f14b5f236885538cc7a514e997876c06f634926c695 AdditionalInputB.14 = 6e4f341a0524dd1085aad0b6c956057893f737704ca2fd8eaae6231e9691688f Output.14 = a757af53227bd8555853ee2e643256074be9904d2fabb0ca86a645b0ed1905731cfbfdb7eefc83938fb576d7e5da8135300f8e934dca521637ed10e5e791e18e82c48085f511476452237ceb930e0307e228886d36aeb83d8e25ba23b38dce6dbc335de90b63db4021d6ebba5dfb6d8044a2bb7bb20aca679cde16406c8c4746 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46294,6 +46537,7 @@ Nonce.14 = 06b7b75d18365f4957489a09204b2672 PersonalisationString.14 = 9e32f001033eba3bede220d4f351ce110e6ee2eb0b099ce54f9606a21d80b1ea Output.14 = 508333114a0abd5fe10327daa0f1342c66569d912a64d8ae89227d0d8ed5b4052cf84f0c38927d88dc0d7c476e747965adc9579a4603a36566a1730f55ed7b100c1695f060674484781682ee629167f7adce89885ff04d722d960d0297d2abf79bd3338126c2d356a91bfa588f80db7ea365bf181fa5370c478a04d05a515b78 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46389,6 +46633,7 @@ AdditionalInputA.14 = 5b2d2bf0653e3c075c469de5e2a093193e700abff9792a9f3bc0d143fb AdditionalInputB.14 = 976c765df6b57f0eed8661587045826c329f4f1994020de30fdd835912f72fe0 Output.14 = d8275a104f1dad7412637d12fabf9dd1b06592850cd48a3f38304789911efe8f08970b8f90fa021b04039cd3d1ca573c1586e7ef586f4c623dfc559efc0f2c89e4136b59f0f5706a74679d1c95886a5ad05b9a850043cdb19d806d617b2f640f715351cff6920c47f96a42b872a512a7b2e99e4d0c2230861b16f3b38deb9b58 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46439,6 +46684,7 @@ Entropy.14 = df6edf960abe3aef5f50741907c0171906c0837ba3bfaa3a1044fcc4f19ed21f Nonce.14 = ff2558bec3e5377c12697c908d629952 Output.14 = 9d68c2674eac76f3ccabe1c6c0bad96d5fbdcb1629c939e397eefbcd2ec2f25803fbb9aa72db952f7fedcb290da99f34c0fdd637c37dde1446d475a61c38c3fc5c1ebf9541d136cb02a43b2646df7ee4bd0d9191157dac92a33f401f089ae15618624fc0baf707409aa2f80cd5d0676612c2667aa420acc6e016e6ba3f63c686 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46519,6 +46765,7 @@ AdditionalInputA.14 = 4bf2c816e2c3e9721d192a670153d620aded035ffa214cb0d7638432c3 AdditionalInputB.14 = 06f515395ad7c3d025af7df781b49b62f068ec9398f6dab31ead6f917c663de0 Output.14 = 1e70791e6a8ce753f959ab75d1225b44452ce7aed0fb53b56208b3f26419f004983c452d724c483b4f9b70d2d84734ce8ec0258d8edfac639b355204e14b5b7bc1d3aee6ddd9f5da54c6cb086d16ce381c2d5cefbceae3afd56c13441d80c7e6081aa68ff57f21d460370de9ae713c17ab14a81f0895e9e492af7c437d7a5799 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46584,6 +46831,7 @@ Nonce.14 = 2c4c4f3a953e551746f7e258821d24f6 PersonalisationString.14 = 676a9304a3f744c62c7f5048f2137982c89860577cfcaf0d855514436ff8eff2 Output.14 = 7bde8a5a34538655ab2ca26d0447eff3c6da298b3fa53ff0526eeeebaa4a876b60e47ca544ae30ccb00176ff84920bb4e4a4ebc3cf74b9cf8cd8ff9f7b11266a3c9bf918c458760bca6368ddfb3522edbc61ad14f2b638294e51d82e617d8c0c631aefbba50dbcd1a0a88963c3d63959909ce2cc669924d7163b01cac468c0d9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46679,6 +46927,7 @@ AdditionalInputA.14 = c168776136197bc3877c824461994a4cb020b61ad1630bd8f38d0db211 AdditionalInputB.14 = 4f54082a1b9e6cdc8599e1639865c00fd758f403adba5cb74a37e2b20f29b654 Output.14 = b48984588cb54f78610e05c8a7ce12c630934f5ed2e4cee21e523fc65a7b8412189ac51823ecdf493844a859aa87f3e84645f22f0914245043f7b86287a85db97697bcc84684b072162c2fa636569df83fe85f1ae25204786bfdcf5eb85006d09a4d97b162248daa8ccbff9eca28b7bce9fdbddcb8679ba50b6648cb3bfe9af1 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46729,6 +46978,7 @@ Entropy.14 = abc502a99b7c3cf14262f6b036925a9904105b019592a2a6be26d71fc42c7444 Nonce.14 = 40a212f9e1a5aa54f2c7ed4ccf631c9a Output.14 = 0e747d83e2104367beca697db9b6bb994061d82aae7b1564f6a0911a1f599084a7ca7c94e232908d41df93a6b416e76146a53b490afb552124fc0c2087cc45de96390565b58f913b5dddbc55dcdd2617ea27858ae7c7748b31d832fec0fafe84594ad7b693cf972daa9521ad4134867339536ed5cdf02a758e40d5d96802f4fa +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46809,6 +47059,7 @@ AdditionalInputA.14 = 2a8cf10885a141125dae18c40f7bcb7e09c1b2726e22a7f776e4735279 AdditionalInputB.14 = 7c2db5278d2336764d274bf9624db7eecad2db11c6622831e47338ea3ef02ad7 Output.14 = 08ed2c3aa35812485ea8aa0b16149ee4f3207a0368be2035e202797939dd2a1c1db1ab244434edd783c7574bf48fc99f93827a1fee91cd1db1cad53512b6931d2d63018045b2a50a9b523a6ee212fbcb21ffa57ef998b4ce24e5f2f875a8ff3a45d8602cd56cfefd2f61f73d00dc33304a464f4fc1f7dd311b516a8da4e91151 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46874,6 +47125,7 @@ Nonce.14 = d5aa1d24b7c7564f6836f626bcc6d32b PersonalisationString.14 = 4ef1e00dcda9e893d066ce48cd291258a29e0a234796c30a6465079cbc3d3aa4 Output.14 = 43da46cb7b737ff7617715e3a8aa4c42d8cf1b62f32ea97d035514a10798f5bcaab550eab684cfbd5c8d3e1ce6d9fb026812e647ae6a50d3d8da8e9e2f1d5f7fe550e7e0b88e146925f2aa64690e1a5a5de152f6421837c15337efa80fdedb0a4754268bb83fcf0281b05b3885dc64b87f1da61b1ab219779ef44a1399b992ac +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -46969,6 +47221,7 @@ AdditionalInputA.14 = f8dbd6a405435595b2520bec5026075514955a666e4ca34b7d0339b0a0 AdditionalInputB.14 = d9536bdf1c3944d4d239b6dd13750c16a2780d943d4cb5fbbe418189a7d65432 Output.14 = b5e12e5082c09fbdda81d1a2229ef9bd46db84e62ecbcd1a2c4e88557f8ed3b5af740fac2bddaaf441b66084ce2239adfc9d02f001cd23470535f13ee6ed73256adf902b359930093ffb293a7c007074582a356529ea3ed9a5ac0a1a3f62df5fe09d27f5a7ac6abdf1fbd5f5e5da70da5e3037fb062d0817b077b56457238108 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -47019,6 +47272,7 @@ Entropy.14 = d233eed6e4a43436e4418ac071bf9ec00d463d0568cfaf7b4174f96c1f6b8564 Nonce.14 = ea8e646e88f7fd6c8e590155df15558d Output.14 = 314dca793ee1eb0dbe48bedc324b557966ac7a17b900bc4167ab4b65fe6b34ae625c200c4e21428ed258fe28b99c31cc4e8f9eb93a793c3e33fb0b75a2595a3201d939dddfa27911ad6f731894e16692343f25de291da89570a257a95cccb42f7d9820afa9b35d16664f95a2099ac929683b7480a4d1e34291853047ced3302a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -47099,6 +47353,7 @@ AdditionalInputA.14 = 46cc09705223bd3c01fa037d9a19dd2465bc612f519e51d33fbc845742 AdditionalInputB.14 = a9f78f79d034d46086bbe5c8883dc2a34a1a17414aad2c767a3b3f23dfc9b637 Output.14 = 2674afd329d03ad3b1bb8157c3100a312e29bd72b55139c408afe7f2c9e6d53df2cb8b829b7351a80cca8f0b59d60f6454ba60b154f654a09aa82a63fb28ceab9435cb6022934a0599a4c3a005bccdaa8bdaf8246ca654692a6c038cc82fea477fabdf3d6a0975e952ce3feb7fe8c4510b8c5347b21da5431cfee69e9dd2d8c4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -47164,6 +47419,7 @@ Nonce.14 = 4788964160bb81d6f6c2675008b05410 PersonalisationString.14 = c56e284ac65798010eb7bd39ffdf49bc25fc2e663e90ff93f73c97e65ea82935 Output.14 = 683493fb3c6ba0ae0c42009beb39fc37a9d235fb3fa00648ce4d60b4d6bdecdbaa1e2ca0c0fc80c53f6f8ceab31c3c42764b8f23c4cda91743be33e0a77fe5a4297701bdec6b2a5712e76c64bb8b7e03a257c140cd8aafef046b049303679a7904f029444d92d673107bdbf769fc1130429ff64b527b0ce2420e2c70e8998ee8 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 0 @@ -58071,6 +58327,7 @@ AdditionalInputB.14 = b07198a49bc854cfc9d6d7466fe24948 EntropyPredictionResistanceB.14 = 7b558b48f3c891a77fed293881775118 Output.14 = 878d26fb57589d42497b869564a1dac5adf1b83615f9ab9fc30b5140f79e3b7f525f1eff2e68002801939aa0728432efad829b5b12491404fb50f2584a3bdea8785e79390501978704a667ec5d04da56 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58151,6 +58408,7 @@ EntropyPredictionResistanceA.14 = e734a035d71399a60be221b8c383044fc83506429a7eaf EntropyPredictionResistanceB.14 = 51325a5d10137cd3ef2c6cd2290593a73361b298b9fc0099 Output.14 = 12b008fd1ebb36ee67678a8b90ebd4ae333451aac2961d2ecf0d3fe2321fa520543452505e1e6216921ac380ddd88c51fc8b6b873b77b73b38558163845e2bf67661c05896da0efbd6c0faf0e363103abce11ab27da19c21564d8ec067802a0000e61fc33f43c12b854b85d6166a3a3a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58261,6 +58519,7 @@ AdditionalInputB.14 = dc30a416e609cd52562109d22960e1295e3fc6eb66709704 EntropyPredictionResistanceB.14 = 849864c63ae33d51a3b2e282325729df0d01b4b6efe4d2b0 Output.14 = f2206a4e8008a5b32a3a3e271e9673031f536eda568fc2cf7013b4b342af76bf4ebdf867e7f2e2e89fbf2f63cb6e096671d360eb72223e96d9bacdc2195138770870557b88e770b7a439094e2eba6b529e54a25c75237c4b4fcbd06efa77f6174ba64071d2c3caf13fc1fad0c0cf005a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58356,6 +58615,7 @@ EntropyPredictionResistanceA.14 = e0b1ad06619cc7e6b06fa369846d0718061e4ac707d1a7 EntropyPredictionResistanceB.14 = 2941e7b99738be35a340fbf29bb443547f3128e5435ae876 Output.14 = 07a627ee351cd794c19148459821ee504770bfdc07399fede63f1e22c3d76a57ae1da3c66403d789a8f2f4a0f071dec3fa102bcaf791222d2b0de7cc5b9d8f59b6b23d441b006eec851856c8abb152b84828a88f06e1f4cb257dbe00ce4d4868532782b06da28f923bf8e3f38d4ba50a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58481,6 +58741,7 @@ AdditionalInputB.14 = ae204b086225c6659bd8c2487b1b91310c3d65c6a18a8081 EntropyPredictionResistanceB.14 = f69f38c433c8f892d4aa3d1c7b97903711b6e0f5445ca61b Output.14 = e4b3c801cee482f2d70a92fa7d4d2b9b19a1827287ea50698de61f82a095246dbc3abf102510c3fd413d6a8a9b9c88b186a177c14e013672fe3056722ee69fc3a49679f9d1cc0707ebb29297472343884dd6637bf094af5dd40bd1be4a269cf4fa65c163347ecd0fb6935eda690402ac +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58561,6 +58822,7 @@ EntropyPredictionResistanceA.14 = babb7e1e29089815ef8d794611a3164b54617f8edcae51 EntropyPredictionResistanceB.14 = 06ab40819ac75f8609d7759fdecd3274d231781c939516ba Output.14 = 80abf3d122e8917731a3ad6c8cc0495aa302d521384a155707f1302fd2c14ff9b8d6a12027b05cfb050fc45baee976715aa9cc606b943c785001c0431175278ed18d3b4c99bb7380598db4e9462e472ed9ede95c2e357f37152d1a76a60fbef4f97751fd111d9b965645de5c823d64bb +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58671,6 +58933,7 @@ AdditionalInputB.14 = 32460d6c3eb7912389edb486462038fe90505f7bd5d8e46d EntropyPredictionResistanceB.14 = 31b1b8fd7753800a1d3c3849ccb22a7c28ea4cec21e71c91 Output.14 = 77e3b89a60d91cfbbdac8215a3fcc000ae61a86016cefd998de3561ff76e188eda8910c08e964fdac58e3bb30f4af464b92812e15178a97d3215699f21b9775d3d4b11fb16541eeda2956937e43bd4e928f3856bced91c2e9a3c741f89894912cdec7acdb0652542fd08acb6d6ce2c66 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58766,6 +59029,7 @@ EntropyPredictionResistanceA.14 = 7a40b0bd455f5eed4ea7fef036c5b044425ef2138b18f1 EntropyPredictionResistanceB.14 = 33bd20a02d78688da2b43f2222894d508f63851fa8217b6e Output.14 = 1d0bcbbddc32be27ad0408c93d49f328832dd15beafaf969fa8f991b18faf1cf4cd1ae7103cf94135c1fa9beaef66f75d825cd9c3a16697337d746069a94aa8881e9ca841fc61fadc3701fec3fe65f750240c7da05884828ac3cb87289567c4e491ddb3f1ca5cdc08b5fcd3d8f91136a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58891,6 +59155,7 @@ AdditionalInputB.14 = 528bc69e8fc2c45ad8006dc7a865ca73c31a679adbcb0656 EntropyPredictionResistanceB.14 = 97bbf5c91c830c627a1dfb629a0f40943655d70ef97fe922 Output.14 = d9cafae3bfbcfe622c82f137700f959f79ea11d07631abc26beb2d846e375a2b21165db0c568e1ae54d03c26f0ecdfa2564bf5c3c6c902abba3b2ff994ce191caba7e89b129c303e5169f4ec2e415a90523efc792e6aa2caf5ef583d286285f7d4900d79fce6afdd184d9993f85cd6d6 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -58971,6 +59236,7 @@ EntropyPredictionResistanceA.14 = 58e89c98a93710a6856da202b373749dcf3f60c16fe067 EntropyPredictionResistanceB.14 = bebbc0ee84a187340613ff138c5abc0aab2e86f57f337712 Output.14 = 13949feb41c811c6894809f16ab5b34be3fe3753416a8fceb0c6de131167d0bf60409b753385307b71e2622a46a42f1561b4793c6f0394fda66115c95dce20753a9caec5aa5263f6581db8195bb7de7e4b13761fd43eff13741849b8556247f08a58c9b180269f213eba0476c7fd3394 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -59081,6 +59347,7 @@ AdditionalInputB.14 = 15f279e7677894af10821b9cc0ddc9238b318dc9020b05e5 EntropyPredictionResistanceB.14 = 878d41b7c5951930acb26a23c06501b88d1474796e536225 Output.14 = 8f96cd7a4e6363be72a9b45bdf8253fb47d0b50ddb3c5dfc8825f2c44366106b1094cc65d60d86542c25830a3d0f247326fbb941053df81a1d0789318563b870a81f9e554d8349b669f528d6889247d23896186c620b93b239c1d18861cfde3c123c80b4e9d5e338bd83bc2e97135ee2 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -59176,6 +59443,7 @@ EntropyPredictionResistanceA.14 = 62b1fbffc1d23ec871ec6c85c76f1bae9ec7b7cf85eeff EntropyPredictionResistanceB.14 = ad80381072e85622e48978527ee673151fcc036c0096094e Output.14 = c5d7cf9f1f83f497ef8c48eb81898ad1616c00cf2788a32c5878c3ea868eb3848cfc2961c8095f9c65052ba063707ea69f9d6ad9c4ac9858fb2470543dc4d2d2fb3eab11994e6ce387809c3e7595ede565ae549b25070f7ffdc630ee0ef8ac9835dbcc5cb5c9570143006ac691265a89 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -59301,6 +59569,7 @@ AdditionalInputB.14 = 6abc274f05fc74ffe1a0bac13cffb199eb87d66b385fb675 EntropyPredictionResistanceB.14 = b3a9b4f5f51dc337d12d34dddf231ca21dd98f0775a53ae7 Output.14 = 86732afa068efb5fdadf94ac34ec595eba831694cae1dc892e9c028ca78f950afbe78191457a115f3c444e5735bdbc40d787294de99043c96ce49176fd17d721f5b467943219437f3e1bea373fcad275e64bd35cd4aacd1f3c126bcb59b50d905bf40966dcbd474978abe1899bf0c4a7 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -59381,6 +59650,7 @@ EntropyPredictionResistanceA.14 = 058a109cc72dd766556a142a2d59acbc036cc86d476fb9 EntropyPredictionResistanceB.14 = 97f27faad6528c42dcd97c1313c0e9043a043e0ab0b58395 Output.14 = 3f5095a28e5674becd4b895d8918a36ba3cbf44f09c8c80b155f217e9b783b4ba99bf3ef183371bc3c5a654e3dc2346b605463abe63313cbf0919693965712366574e175d910e263f5086ee862672bd9c59a461f2d66a9b397570c86a09e2e4eab77aa139133789424482e94b9ba63d4 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -59491,6 +59761,7 @@ AdditionalInputB.14 = 3d9654ec477ddb9d1928cf286f599736d51eb35af1eb3738 EntropyPredictionResistanceB.14 = b8de4fffb86a4c7af05d85f7855aec4c8b463676b9b9eca4 Output.14 = 33f691da4b3f351aa15acebafdc181da1a57883f0ded8b7223ab9c1b80e913644f850e3511e901175c7be68c96dc2b6175f69ea91218bf09dfd8b91a79e7499c8386746c260f29a22c6a000659e8aeee4c83f1484d5c09677f15d3bc045a2ddbf0b72c179dfe260e5054a75fd11c6867 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -59586,6 +59857,7 @@ EntropyPredictionResistanceA.14 = 4afd7a280d8eb867f842e2e84f2c84d78749aa25c1201e EntropyPredictionResistanceB.14 = 7d3e4a62634e7c6f74610ae4aacc62ca147fd1699c5b246e Output.14 = 5c89bce4759878a3fe7b510c1b0c5ebfb2b085f89c3c4fa8cf6755cb51ba16dcc516402783d7870296f848bc285a5100a548e51cab01cd60638ecf2ecdf63f6d1c793aec14c4b179880687022acb9c90907e53fcede69d26f68a53815a6746c5bb80ecb22bc7d134da3412ba7c31477b +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -61351,6 +61623,7 @@ AdditionalInputB.14 = ced31f7e0dae5bb5c043e246b29473e2fd39512ead4569eee3e3803314 EntropyPredictionResistanceB.14 = c73832534681ede37e03846d3c841767297d246c689241d2e775be7ec996293d Output.14 = 60c234cfafb468033bf195e578ce266e1465326a96a9e03f8b893670ef62754d5e80d553a1f84950208b9343079f2ef856e9c570618597b5dc82a2daeaa3fd9b2fd2a0d71bc62935ccb83da0679805a0e31efee4f0e513b08317faca935e382948d272db763e6df32510ff1b99fff8c60eb0dd292ebcbbc80a016ed3b00e4eab +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -61431,6 +61704,7 @@ EntropyPredictionResistanceA.14 = a835812aff799db76764365d3cfce7a70d168ca8a363e7 EntropyPredictionResistanceB.14 = 6cc406628d2fa0771f896079d052d057f60b334e620315f2cb3e658b1323e7ac Output.14 = 36c2e433e06280c1219c2f2992985e74117d35aafbeefb6468d9576fc4a23f97f131874c0c4c18b9cc6028f881eb42f0e011f2c19bb60db5f5eb65114365c659790a3f423f986eb5ccec70118e48e7ecb40e40c31a6c4b8752e8fc841df65ee68c6343579bf95e10ff99486d9793eb6a92471622b3d60297d9b0faa9e7d925d3ec9cc05bc9853c18930a5f64a8aa9e139baa625665aacd443f1469d11a6c24a3e079b952cc8b5f75ddc9fb7d96b8b14cf255c2fe7619212f281364bcd8958bd2 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -61541,6 +61815,7 @@ AdditionalInputB.14 = d8e5e99dd1498f4cbf4224e4c7ac40aa7e077521ff5abfb836d8483d6a EntropyPredictionResistanceB.14 = cc122d075bde2cb4ce5e48d72d5f6fb99529262118b01cca6639fff83adcb977 Output.14 = bbc4a9e2c9ee0e3f1e55e77cbb8d0ff902bf5d6853a5aed3fc0de3275da712b031a723ce201448e3d15360e5471f11bbd30029c6574db47d9d3275a8559294695b4ab832d656defecc9d6086a01895f74f67ad0643e77cccf92ff358440f3efdca3cb816687e940b7e30bf50795f111175a7a564333b21b32a0b9d26b093c396dcdcf3203e8ecd902c3de0ab0c82ac4c1d68f77da85383e60b3ac403b8ea339a97088539aa0004e3a7fb39a827aa0d27eb308d8ae29c07cb5b0495cedb839863 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -61636,6 +61911,7 @@ EntropyPredictionResistanceA.14 = 54ca39bb5d569901c657e36d0a8e103551e25f9a3a40a3 EntropyPredictionResistanceB.14 = 9c2962c0e03e96c94b9a616fdd52b1f04945597b372ed5c69469b29b3bfa71cc Output.14 = 96cd0e64c1dfbf51e067b2eafd896d30580f46e29ecc1e51cc662e0acecad5529d2bb177d60c02e7cf415777a85feece50113942eed54a5b328cbc007a72a0db1500f17e5fa1cbd1231a8608dc25f64e1e078d7e0b4c49ba34e4659b9642f79acd108de0c92e52af86a4a82f23df12826f8f44a88cd99f576897896d17d7ab19ad02be4660b8a5840552cc73b5e24e76705485c70ca57b07eac35765ccc51d0795abc229aadc0101a056e047d7514c9d9294ef9458d5f7f5328673defb3c5aac +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -61761,6 +62037,7 @@ AdditionalInputB.14 = 9d015ac36aa25905ab1ad61c4c5ced15620306935c548b63f6274d0e69 EntropyPredictionResistanceB.14 = 462b911da3ed588f1e57e952379c76f4c32b1db3f85fce3315904d38bdd5ca9d Output.14 = 1beaa2df060fcbb134e8af0f7e1c4e6073fa23deac0a774825978a42083b18c559de8ddd6652dc89abfd8006ba18d9bb9f579f611fe02984870f160e4f4516d6a708253e3c57896a0c9491b7c218e4131d29d31ff331c411c157ba071289a0004d3ee5fc6bc0e8aaf4bb934f48521c5c30aea79fc752720c3cdf67517abae2b936a75b669edd0f86d0d9d01bfb91033c431a4f8c2822f4f055c39a8451c3169dd63597ed1710915d5ed1fb8af25e2db01fe1cf60b8ed59ff0af91282db367afb +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -61841,6 +62118,7 @@ EntropyPredictionResistanceA.14 = 523aa2f18ed872566ae4fa9061a83dbe1e213fe141e84d EntropyPredictionResistanceB.14 = 101ca246a89f650b9f6e3282a908d51742e4f2b9a0fa987e9c8f8be89f3d7ce7 Output.14 = 2a34c78d5ebc24dfb34250a1a2601f044e15969ea37e791110261f86d1c7e8c60b60cb4515649cb277526d4cca4bc6d31f14b42dc4da15044deb36cd9040a73e5f32806270cd503af2c7a6af85d2c9b91480df5677d9c2da368621dc7dbab8ca1ec634246fd55120058a7c0e16dc934e69fbe890a16a2b759b9d10c23fb57a188d906585c87c26a70cfa69aa7609c3a4226494b9498e6bafe0632ce06a82ee60b7bf275edc4ac862e3a2bc7683cd2258663d1cf2d0fa95ca75ee9dd85bcd42a0 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -61951,6 +62229,7 @@ AdditionalInputB.14 = af0921fd29ae0315837039a4ecd285de2d6e04f97bd6b18a480ff31c3e EntropyPredictionResistanceB.14 = 028ae7d410cadffbb1a8dd1a26649c51abda3729d64ef24049157b8250c532fa Output.14 = c4552eee3b4b58c5ac306a607e3047bedb0fc06f921f28f859324ffae46d95b5a235d32dbf68b6093498a02270ac6988c13467481553996e6ad080b5b7dee800807e9e8776d0f338fd2dcfa74716a9663c3984fff72167afdc5a5292a85663d1b243b96e7ea070021fce1f269de1f5ccb60c8f3755a7b7c9f36dd5fa5894ccb3838d568507a9bcc418a82eed820b6c35ee66c40ad9bc718ef73fd7f8c956cbcbc173b9ac0d7f3f40ff37da2d4572a8901d84c216e1ef2b90bd531aa9238af339 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62046,6 +62325,7 @@ EntropyPredictionResistanceA.14 = 0ef1d45b978c565be7e64b9e455e02636ce9d2981bab7d EntropyPredictionResistanceB.14 = cfe1c350d349c38b6f4568e2f1ca53493be77597271ecedc5ed578abf1f94096 Output.14 = 49c4c52a81741d2eb583eb6038c1c686b84ec9e8a882d1ef509777a5bb431eb9ae711412afd5ceaeea212c2dbbb17652881b20b2517f1b720eb528274f937b4c41c4991730bbc7979d305859fd1fed523af128347f9fb3e3df22afc4be9f43ab6c5529f720b766cb519700ac83e83668083199f02c5ec80d29621d6c41394a927839bcccd802fc00839923a482ab82061bc96798046c20a11429f266195820862b8e242b083b12567c17e0423d01a7f77f5d4d035eb75c797019d798b54148ec +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62171,6 +62451,7 @@ AdditionalInputB.14 = 64d3689e23425f428b99b64736cc26c475f72fbc564f86f99ec4e22440 EntropyPredictionResistanceB.14 = 1dd8eded094fc0baea87df0317255fb06ca6e3470c9d1d52e5b238513ddf93ec Output.14 = e52e2c91e99f31080afc7398ed67f4b7ca0b48e9db242815524b192c7bec24b4aa2aaa3449ed5c49053273b8f30773784c27355c238c7c3c8b8085a5b2917a46862fb0d7cb0b52d62e630f7fb55be54977a15d3e82ba09a7d26e270384ed5b0a381920ea2c9c6a2da7a123f811a066c81eb3b8b92d7bfd62007a19a13725566d35b0c811b4f4a951f3fa83cc7809c623c9af5317054ee1567109d3772965eb3cf6e2c399d89e5fd59c5aa1391d149a09d002ff7e6d1efbad2624c71d01ec184d +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62251,6 +62532,7 @@ EntropyPredictionResistanceA.14 = 32822d7374b2a24cc00a9217ff5dd17c6962d40d9c739d EntropyPredictionResistanceB.14 = 98f2d35e46d162b562842886552bb854212fb652431058cc02e9963c07128406 Output.14 = 73f40fdf6550d37fd7c9f64221e7d0447cdf6911e5aeb7b80ea6307a3f97b7d4d6e42eff11e8c53d18504a6b8c735d9d89c6e1f0fff47f2dc3ad823229cd0bb811c50aca7f3f8b7890df6da7ea279e3f0582a580ac18c3a42b10e5be088c90d3aced0418c6183b0ce11957052c9e48a8e30f12e1e5deaf68d29e4809e7fed178b541c80930b6b3b782121b99c41ccb98046147a6e08294e2f8a9a215ff77b4f6729a0585a554014c60b36ba29db8de4cb11f3e20b4bb2406d03f7f1d4601ea23 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62361,6 +62643,7 @@ AdditionalInputB.14 = 4d60a3f6c5fad0b57ee38f5ccc9c83843344dcce4f5dc056d813eb9fca EntropyPredictionResistanceB.14 = 50915e1d171a23bb7328650449a6845c181ad304b5415e05e4bb8f6820a7adc9 Output.14 = 08071e75400f6f225a1801359983a0fb4d6fdd1bc74f8a78d9f54b1027df0b4167acfbced55ad735a99ece966bd1e79a71ffb62c4526b8afe1a276976d9b3b765b9533f50e750651596ca53a24af1606a2cf6aab27ab3026437b7a03a0507c1913e6ae1718d6d69c7e09f808cf97c73a6195550a0f4cb426df27362b0f005226bd54e0df9c5e5038c75da6f8f77bd5fa35b9a3324b0aea322f5e48c203ee228483ac0f56a67dedcd1d706b8f0a69fa7946f1177a313241066b5324249faa7cf8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62456,6 +62739,7 @@ EntropyPredictionResistanceA.14 = fd31acdbc71e112a4db2ceff387d4b6db1e7c714e89390 EntropyPredictionResistanceB.14 = 754a7e0ea6eb9e18483e0ed7045ae6f7ccc6cc626ddc1cc2b317ee78782c6e19 Output.14 = 978543a7389db3122a01947a9a8ede689a4fba9c0d72b74e1aec38ec6fda8e7b519e5ce91eee5c532c9df49c8a36a64818230c5535d262061e96cbdb9e7bef5d7330a2989c3d3012727a18d2c96931b66f48bb0bf6cefcf783c65b0e094e44b0227e3e898215aa3afa2a71dfd832c6e11b3522940cea0482b5f24a90d12e5aea53bad0d028abaa4c45c54828272a9ce543e8cd7ad10a3daf15055e3999e94a62a7281ddf1dff41ad3e30c19ab8c50c759607203ed67c153a33f52130670d1f1a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62581,6 +62865,7 @@ AdditionalInputB.14 = d56dffe6e68ff34c828ed6daa6957db8f8f1eb0683f6788ebc4d7ba42e EntropyPredictionResistanceB.14 = caaee38a60aa69e7fbf710f0d03ac18ed70bf50590dc7854e2ba78edf2f6a826 Output.14 = bd2334cb3356a211a759fbad57708e815889f3961b4c6a0f5475792d1f0db772af058bc44ab716d02f11e37bbc74f59ef046d01f99056eb4366435b23bcd92f5c761d22551e66ce180defd47fc43afc361bb2ec8a3c92727bd63329f1397bd5ac689709b529fafb7a8a70437790384213a3f1b27c6086fee25cbc3c0a2874c8a85dfe7022a5ca7365e9a715bd0904dfc999eba168466766316fd196a1fa139e37cfa30be486b0fa1ca03602becbbe97869535913b1f9e00b12f4f2085794c0d2 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62661,6 +62946,7 @@ EntropyPredictionResistanceA.14 = 957544da181d9451e52bad53ecc6e598e94e55434ba806 EntropyPredictionResistanceB.14 = c8c9ed877603789c92d8dbcccd10bf34e26fd34804178db31a6ec0486fdf44a8 Output.14 = 10e2ef2c3bf4836f072688eede8aad92da8ba7cc06bb2af2243fc2e7ccf9f9489a7ccfda36b2d91420df270ea9402b9716b95db186aa1859fa0e9a5cc389dbd7ad94490818fa34804a773d8dfe054cfa663267b8d21dd58cc199d7d3f7fa1abe54ef8d4cb2fb0f72a02537b0901c03b848c491784afd314d92b409b51a8ce88a3b7907e36170bcb1004a65c49785e9c14d6ad8871d6474d890b3f1599550d41c0b7a9b39c7e30a8932ce5a832137f77b97081088a8fce641e03875102e51b9da +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62771,6 +63057,7 @@ AdditionalInputB.14 = cb7cd7e4239a550b8f65366cbb39c50c551d83976a01ce82aba7517530 EntropyPredictionResistanceB.14 = 2ff81fd74a033d6333f732f4cefbf021a90b42c9daa6830c2ab2899b64a05320 Output.14 = 932fac5d00f0026d0c439912ea5714fbca4385d25e8a3dd42440087bc3114ae946f32c7d7a22a0a699ce8b840b6edf5975d70961cb91f8aacc3dd826dc6e88bc780eaff13c80abcc8461d6fbd53122fe8574295ee67a624108d4aba3cf333c58316ce811194c9db18b2c1d897f385a3d7732a86d867a361b9f7f502421f12f53e97f0ebed34e03039bc903c104025e2b0bfd76f1bc70597946f97c0815fd1b7043e007a3542d0c2a8250935d0e705e8854d4f2b991bd8e11b446e0bcbaa4d695 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -62866,6 +63153,7 @@ EntropyPredictionResistanceA.14 = 44d6b1c7d7e951ce59f1cd023717a4a06eb3b55e78e64f EntropyPredictionResistanceB.14 = 6ce1aaedda5818985583c96218d19d63c23aaf9ab6614556a5d3df0c3c5a3fcd Output.14 = a2a7bcb7752b27516c35c2a42c912462205c267120c0ae06e6413ec13a93563443a81f7f68694d8212237adfd474e765dd00c73a350d793202e6899492a135876d06eb30630527b2064c310bf65fe2f8bb0ecb53367658603775caf3c8fa9afbe38d09e67bfb73eee11f216e4619f2008c739d1637ecb046b459d5ce49defd273d0c238d0468742a023a00a50aaeab976b66abddca704ce7ccff7ed754cd0380c963b0e044b7477acb6bce83c4567638ae740e329c062bdfdfe5386a1958da8e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -64631,6 +64919,7 @@ AdditionalInputB.14 = cf2040e9046a69dd9638de941f0090b7535c51cfa9f1c7bb2a56a33232 EntropyPredictionResistanceB.14 = b871611f8fcb8c860a72c4fd406d4939335a031e0de9f2d436d4736b6b060c2d Output.14 = 2d990f0de43d3a4b2930542c27ad27458e8865ca6b8f27fd7a969cf4e2a0323e38fe6f505a2dba488ea6b04365209c6db786cbbf0a7c73b4fd56d24987719db0fdba1a3f07149521dcf5b7759c610da22d151057acefe70df1ccaeb67a975159b8996aca93d7a48096926db4381bbce481277d7ab27cbc0388f0b7cedbbfb8421cb1dc5f2a9c677f62acf96ab25e7e406ce82f5b96bcb471afbdf4b3f5a6fbcb8da45d2258e350e77d4633b0c1da691662dd869909dcfd7c8ed0f54ba7af0f9c038eb32d32b705e51b35bb3c2eeff010bb47ee326c2318b5bcda963c2dad419c5923e368d9b28f25b048a87bdba0a90d98c24c81b6dbde0f58054a41a8293a65 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -64711,6 +65000,7 @@ EntropyPredictionResistanceA.14 = c6e791bf03cb41dd67d8d0e6afc88cdb3243c6d8c99ec6 EntropyPredictionResistanceB.14 = 4b107f56ea9cf896bc58a6409dfab2fa65adf930488f634e Output.14 = 9c25b3a34af68768dc47e8521b70dd52bd3243c8c4ca911fc32b6a191e4abb7a56c2ae535ee17899ddd7d3011386c60d4dd1c7a0f3bbc27224e1471e061675d28d726a6463d45612b6b1913136be596255ee2f1cac4f24400bc50ed41a30e4c4dc1a32524617e51ce2fe41a829d164c4 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -64821,6 +65111,7 @@ AdditionalInputB.14 = 67333be1a1d8ccfeaf0bb6836abc101f9be86f6584168b71 EntropyPredictionResistanceB.14 = bc9be23eb198d7a9c821bf848dc659b6c5c7b001b388078f Output.14 = 9d45b149af6ddd8231aef5d6ac48dc80cea748f860edbb447c3e181be541c0cc384bd2b3d39a7dbda865cbae5da0e6e9e4230728a819e1dfb9b7ac9b6610ea5fc42554b357f4f4b2d48ece49fb86127d5669cb4d361be9fb22c658264a850bd927252ce83ad57e7373689acbb1b2c266 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -64916,6 +65207,7 @@ EntropyPredictionResistanceA.14 = 1faaa87f7d4767c15792faaeff52c850e7d1779819fbee EntropyPredictionResistanceB.14 = 79cf8e36b1ea35077793e4dfe4e4cc736fc8071c72ec9ee3 Output.14 = 356c2bc25223d3f536b075f7052d29e1f36c3dcef8b09811f3bcc18fcd78fb10115b6779bec0dfedf1563eb9024fd38e9083c1a7b748b05d61c99c14b7a57ebb121b5ca9a83e6bfbd4be01a24185de86a9baca5c9e8b1f59424bf77b9457e3829de9c44ab10c5966dc59ba5884493980 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65041,6 +65333,7 @@ AdditionalInputB.14 = 74b7046dee3b978038195a4ede2e8a0ffd3b8c490c4ea36f EntropyPredictionResistanceB.14 = 52f143079094332e20460b6bd1b5a5872348ddd626053d3a Output.14 = 58d2c19cd4ad3ebd48e3520d23395b4566e65981aebf6f143f46733d4fdf23e2fe0243674778fe5c5ad1fa4e9389305d3e7c1b99d7f7e163c9ef87a35d34732629ca8d87b7b8878ec95662dd9ccb43b0d2ccee2f4f3c4037925f264fa03b534da0751f45b2df1cb653c379cac512ee5d +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65121,6 +65414,7 @@ EntropyPredictionResistanceA.14 = 2520f0af49912e6973e81e5d3ea1b140664209e1050784 EntropyPredictionResistanceB.14 = da19f29b28f43ff72e579a4a21d979dbf399f0123695227e Output.14 = c79b9cb6955eaf7d0354ea81b1e54f3bb7855edea5040fa6ea2f18566210372f9f7b4d08208931c321ea09f44390dcb4939373e96fe3a417b2804b6af94aebc65fb31e7e9faa4113cb4bc1294fbfd19eb078eb300e599beb0a8afd05f10dcbbca84a27dc86a12a998a74d6f532f38e39 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65231,6 +65525,7 @@ AdditionalInputB.14 = 9b0214621496003a5e48ca25fb008bb7ac7cb9192ccabdd4 EntropyPredictionResistanceB.14 = 9764e49ef04c1c164bec335e2ecd98ff0f8b7959c4af9ef0 Output.14 = 8e4a6f42f812bcb71891f6abcb4c19f179f44d6d7ca0be8f84ea4de6227e31f60ba600c0dce0c0cdd6bba0deea6d860b3ee204be73421044cdeb59f3b42a5e4db94e2d06af91e1f2ccea73eeaea40262a5c74b7fe76979bf67510c86c4c5fc55569b6244fd15a49db2768c884102e106 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65326,6 +65621,7 @@ EntropyPredictionResistanceA.14 = 3e5b6735d467912273c38536f7a1be160b1edca1af6dc1 EntropyPredictionResistanceB.14 = 0dec0880ce8e6ef894b9396ef56fd678435ed5b6b39d4918 Output.14 = 5dbf5d3b2fe59054ab29bd747ac3dfc4026799f493b65a49a528bdd1dfe26ee50f7d8b4a69f96488095d09209f2657d98d2625adfb769188e5fcba1472d8364611e34dbce5160adb642bff5919b54e8ef3c6bf8de8fa0f651fed3878ecee371e312bf71688093a7a625239fb861cd8d8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65451,6 +65747,7 @@ AdditionalInputB.14 = c7c8c48d9ab3014e6f94a3ce3e8df9768b3c60f478a5edbf EntropyPredictionResistanceB.14 = 00b456fef04acd6dadb600fe9b2735a5d53dc58e9cd3f963 Output.14 = 6c1d21ef77388dae905c338b72894c8fa3a066d6255e7760eeb307d264948f979a343a25209a3a7d1b6944d013b05142c3fdc155d63ccdf626437298d0a9f0715d6dfd81acc7e45129b6a3b442e8c36527470466f74712b03d03ff1f4cadfa8e2c348639d82919cc9a3e288fc15751c9 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65531,6 +65828,7 @@ EntropyPredictionResistanceA.14 = f9902e3d878151db3849537f186a7b2fcbcd10576aab5e EntropyPredictionResistanceB.14 = 9787f601b4a6244569468fe586a67e2e7733ec0f1e2405ed Output.14 = 8338c7e93fc15595aa5828c90f064f37221439c1e6d9c51a0986fe9f3e9b719f0a05c9dda87f3f88543b2ec0005ec343b62a3929ef720fb269e8dd1cdec36a8a2b867876752b8aa23d6878d0e9f3a27b06a7782a58ce68fe80cbfe6b5795e7da0c34499dd153b202c5432e37e03638f8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65641,6 +65939,7 @@ AdditionalInputB.14 = 69b3ec5d555f1c338f45a72c56ba8f714894c069e47d329e EntropyPredictionResistanceB.14 = 9a0350c1885b5f69fdd13e8324b8730f27c92dd96c87916c Output.14 = b4a922cfedb084156cc73d5bacf1a78090935fb1a5368e02d1bfcd22ff497defc9784e16b14e19777c50f0db895c3a61fde6f97988315e427b4323c9c0ddee5eefe49677b37bbea5a6c9d43cd7c3279c7502154e8b551538e10c8bdd0cf35ac9379931f0bd7acfa82291702648612815 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65736,6 +66035,7 @@ EntropyPredictionResistanceA.14 = 80b2cc6b2d460340d5915e109e434d05ab4861378d65ea EntropyPredictionResistanceB.14 = 42a0f1f0e9a911d0e12948a235d1a125e9462d5bcb605b98 Output.14 = 38df6537e3bf2a8ce577da82336ccb234dcfa6fae8bec62c1ee38be0f9014f49695e4200389a55291a95b97ebd09ccb7c392320fda66797ab1979ed0ea56772456f36ee287bd683c190c438b1ee0c4c262ebc4b2e5d036b3f50f0630da695b271c3cf746162258a4920be29c25dcf201 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65861,6 +66161,7 @@ AdditionalInputB.14 = e201d55a78452ed3401d92c27247db4801b572b389b2fe61 EntropyPredictionResistanceB.14 = d50ec469c29891aff7289644413e0bae6954075854c1e475 Output.14 = 1bc3d11462d9e2ae029afa1b7db585d17c1de83fa1e7d7d9e9e7c015fd85a369edce029a3eb111dec4a2efda8e35bc5d412d31fe2d0d0a35f629609c2aaaaec7fba121a164f4ab20fd65b8bff2ca6f52f171ed2879f129b0bc2ba7dddb0c387a8748ddd2321681655cb2821523bb2510 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -65941,6 +66242,7 @@ EntropyPredictionResistanceA.14 = d6734f3b3b76bdd8715f1cbc24df30bc8062a0276d954d EntropyPredictionResistanceB.14 = c6947a5c4932e357cd296aa8153614ceab7a6c479ba1cf30 Output.14 = 19f1b2ab68854e65d92318b4e09c74a379c76c096ee460355a977ca08788a8ac83bbe817a8ae4eaaa795a09a49f572fdb471d8f5d2de060016b1b0422905af24018457acc9ded76b66d204ed5d1bb66d77270bc23ae5528a6a05aadd3eb1a194bfd42c88273def6fc24ef677d326c586 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -66051,6 +66353,7 @@ AdditionalInputB.14 = add443f0f3064aa799c6fcbc729416a494ace56d2a29eebd EntropyPredictionResistanceB.14 = 19b708e95dfcfe56f171ddcc411c63bc2e742cb45873a019 Output.14 = 29fcc98bb0b08c965dc5ec7de8dbf7a16d234eeaaa262f5ece8f2a1d843940bc663b4f892ca1481155573c4a6754f8b7b398fe12a81409ed7f6165bd16f2ac031d809e6535dcd3561586c038df4aa735c5efa36224b2235d05c12555151b1ddfc2121e806ddb484d19e9db631383e969 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -66146,6 +66449,7 @@ EntropyPredictionResistanceA.14 = d9b643ef8cb569c2eaeeacb3d8be9a0b2c93c60f8e1129 EntropyPredictionResistanceB.14 = 213994f4f3e9382b9b6c0247e74a930043a563d0dc67d05c Output.14 = 991659b877318d688fb40a862e4a089f74e60948f853ccc57588ca14a51c8a8af65c7c1e0a5fa1393a2f96d23cf0e6f829141cdbc4229c5576b07a915a59bcae554cc50e6f38264757e29117273792cd9ec6e89a82713db07af8562c24aa80e64f2723e8885ddf3435d96581881ccf9c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -66271,6 +66575,7 @@ AdditionalInputB.14 = a00aa12c4a26030b79897e04d0171bbce1cd7257e0cce379 EntropyPredictionResistanceB.14 = aa9b3dba7376b0a21d34ee6ac8939a625dbfec172a108c4c Output.14 = 54fb778fcfc5549e190271dc12389f42ea8128df55e6193e03073888b4be31e2d7a78845c47362c4e96b41fce503fb970f9176bdb9b5d664c386898a0e44ffe12f9480699b7d566d697a4f520268f62e460359a39d091f4c372ad33ef0eef58622f488c9348ab5fd693d4edece794b12 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66351,6 +66656,7 @@ EntropyPredictionResistanceA.14 = bc9fa0d6596cd2b1e020a0f23fadcdbd5ed8730e9187c5 EntropyPredictionResistanceB.14 = 671405ac5614d316a8f289b50eeff5467be8960feccc46b7eda7d3038f09321a Output.14 = c8784cdcf893010849f094a0de5d3325a69b425a8c7b788f96ed2d8209434f9731bec3c590e8982c22b46ab9f28d169933c1ca2c4e4b99a9bbbd74e2182097a7c0e29e84a63363eb3c0b7b9cd730cd0bde121006aa11542b968f4963e84830219c359771a3ab03298e5c0b8a207387668308e2158fd06add5309defc8cb2c0e8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66461,6 +66767,7 @@ AdditionalInputB.14 = 7a63a39a4db6161824113f32ca5c4588edaefccb08894b2ba52b6659e0 EntropyPredictionResistanceB.14 = c20c5ba1aea693d375097d19b3cfc2b06c9c876e980131387374899d4ab48385 Output.14 = 818ab1aeac3dd58e54ab686b04e3686a37a1202a19979a3620d1aea5e425472af381677a363ae190acfdbb0372c7ea2d5248cf27b18327e13b91507fc28b9d3e804ca0e618d867b3d892173a19c5918326e6fda277d5a3a34bba1425f4a6c9543f66dec79bc909b3d082c6067df73966d1b8f8a16d07005732e0cc00f9b212a8 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66556,6 +66863,7 @@ EntropyPredictionResistanceA.14 = a21a3a1e4a6e4ff4c646ee1b19ae20f956cd174001cac1 EntropyPredictionResistanceB.14 = 5f673e1dba2a9c526ebf62d4383da60fd194bee81d405dd719f0cdfd0624a79d Output.14 = 718c2bd08da84f897864d2c2a91cab5e6b66251ce71886969271b3b88885cce8f01e2e0bbddb0f5826c68445c8d56964c7f2b641b7f8498dbc293875a422b65bb7aec20b154064b336ebb06dc861fa7e69d683dba33d8a6f71c2b2c76e030db66fcacead182c0f316395c3dd4586a38d56157d8b4138f3039acfaa599df1a096 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66681,6 +66989,7 @@ AdditionalInputB.14 = 4a5a23362f631c0b155fb802990f855d684a1d3f54073c7bef2515ee3c EntropyPredictionResistanceB.14 = 73189d6afce0d5724c50cbe257a1494c7e78dd5b3d7509c5509d795d6abea851 Output.14 = 8c64782c4b34cb5e2ac304ad773adc7a76ff2fe1f43202b01e28aed52ff96b651765d642d5313146f322f3cb067cc274918babc2b35255f048ee74b4c87a4e1c465e3e1098b1053747343123ae5ecb652520d0fb20db17379388249a2d92cabcea7140162f2d9cc17daf718eaaeb8e8a69197689ab206f68fc468982c8f89e73 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66761,6 +67070,7 @@ EntropyPredictionResistanceA.14 = e0975b46c5421742148647c5ea8ca534bf23b9cad38fdb EntropyPredictionResistanceB.14 = 92632b542fbe20c00c8071037c15a2434cc23b3b6ba800dc9e419e105c1a4c4c Output.14 = b457c370a8bd4451f4185f7c925b90365ecdf0cf1a4e809967ca9218fc7350447c32d25bb3ac36d8d0de69e2f8d6e7f0276cde6d9a615d5644654be11ccae2a556d331310494ecdb961468ed6283dfd9342be478f0e3d5bbcfcbfbfab86625a3fab5c43296bfe1fd9218ec5cac2da563adef29084fb7906a7284da44872a957a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66871,6 +67181,7 @@ AdditionalInputB.14 = 0eb21b9dd429b7ccf6183587400ff57ccb84e13513a553c83bd18695eb EntropyPredictionResistanceB.14 = e65beb2bb257e5b9770af1404e58743540ce7d6338089906464de3350c481f59 Output.14 = 30ad11bfc18d3fa9c7ca2adf01bca76f8f2513c2aab3e830b1ec8892cd6544ad9e25f2c8369a034a25962634fe86e833aa32baa24ea608c91818994601be78ab1fa772cd80b6eb3006c4c2d4b0b1268f7d8759b7e0193e15a69f7e13def2e4af35536d92c1b8dfe3b7ac72104543a8e99585bad53728899fc5cd4ffa509b4b79 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -66966,6 +67277,7 @@ EntropyPredictionResistanceA.14 = ca849cd2397ed598a1f4a5fe1ac34d9bd72ba79cf44b89 EntropyPredictionResistanceB.14 = bf75a707fe7d86993dfa00386ce07f94898f484a9f936d47e4923bd6bd8e2121 Output.14 = 63fd0934c1c510ed19955471552a645ebc7ffcb90ec904994fcbe89ad938ca0b6ac3c0bf958d453af8ef7b4cdfa1bf20a5e79a68d1801a91dbe63ca254d8088d7d508971d203fd9dd4fb4fdcd9e8f1f25e899912dee3f59ee1815efe0959c7e4ae06453ae9031a8cc94ae38d7d634fc46233ed8d11ea8e20e326841d3cb40680 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67091,6 +67403,7 @@ AdditionalInputB.14 = ca63db9ef242fc5132d291600fbfe99b72649a2c51080bf46501286c27 EntropyPredictionResistanceB.14 = aa1d3e08e011aecbeb852bd054066d44b5f66a71682427d9a49deb6fd43ac6a3 Output.14 = c44e0709fe70b56c0d612f354f796e33f6008e8dd9346ce75894e3a09186fe54b4a7988060e48488a329387bf1bbde11de1525f14caa0af8d6e4d4b32b5dce06d71b368d5cf181535557accfbd9ae55d4b844479a8c959fd0ef0739f1fcccfa2d4e053194b90b8ab9fa4135db408018c3d4895c44cfefc05951d1cffb8da24e5 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67171,6 +67484,7 @@ EntropyPredictionResistanceA.14 = 3b12c8af1e7f747f5307c4a0e7af0efa7a34039b4f2c5f EntropyPredictionResistanceB.14 = 90e07e1b5ea4915b23d18d52dd1a5d79ed0feaaf4c3b9176ae92c85f28c5ef0a Output.14 = 6c2ad7e3738c856374ab4b7a56ef4b3e1aea65f69fd6fffdc0fc06c585eeca2761fda70234b844b37ee8fdd43f8f58b5f73accc0943b8da2544f3a7ea7e7107786d9de4f457519fc80782d0ce64e5b33c82b6935f80d0e1e241ed1c119621d43ce1d18fc016b136ca1eb7907c6fdc14f77d807cd0ff1a1ffef73f6eab009b02c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67281,6 +67595,7 @@ AdditionalInputB.14 = 5138951ad6b555496eb1005bc403f5937dae4e05f1254d7ae2406a3f81 EntropyPredictionResistanceB.14 = 9eaeba16579b23aa55adb7f2b33430e5f9006c6247944b16cca7f36ce6eb0cb2 Output.14 = 60cb8d3a0d921d6895033f75330a82de2121abcc7f0ca1391687a510ee79c7e99154483f20ceee8cd85c6be7dabf93ca5c535b42980dbca8b308375f44ea3c1682d0edb7391e468898eca762b39b2ca5beeba498881e116e45429b49ae3936e1d11baace14b11c64aaa17f4c830ed62df0d66ccf0093c73f705e32067904ce8a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67376,6 +67691,7 @@ EntropyPredictionResistanceA.14 = 5dd6463be2b566208350dd70f0d7132cf2249ff1069c97 EntropyPredictionResistanceB.14 = b59a5c1e855d888a76aef8a2bdc0e6701eb7cf7d6d0da08c9e9764ac31311d3b Output.14 = 69fd03a37b267d6f2a9f338ba844a69f700089f3348c7dce12497ed6637e294b9b958ab36f85d986b1f311400d2e58bf5251cfda4c6e173e0a0eb0c25b529057e458951e8a9ca233f578ede226fcbc16fc95b9421f4db1b939e77110d1e7ba0d486aad8d62f0e417ef3a5f39145d05423113d8901493b866c3dff2a213ab8dff +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67501,6 +67817,7 @@ AdditionalInputB.14 = cba2a6a01cc09238e9a8e9fe56663a8eb4ebc186f4927042f7f19bc8e8 EntropyPredictionResistanceB.14 = 4c691865c160d187f5c3654e3fa2eca8e818b2f6ead070dc69b2585d5d4589cf Output.14 = 004e5ce98e6f7a64a98ae577c3c702b8aa489148edb61e57cbb980c2383723918bc380e07944049631a8f88044a7954570086cb972c6653ebfa49a5c174f8fbb788005aeb7bbfba2039eb495cad2c23836f94bb6029f3ae3dc2dd8525aef77614d3bf5ad62c48ac56c1cf1155653243d4d10da4c4ad9e8fde33802d46026212a +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67581,6 +67898,7 @@ EntropyPredictionResistanceA.14 = e67d0f28c142a83bab1572b0b44c83f0fd9ff3ccc2efbf EntropyPredictionResistanceB.14 = 5b7ae1170e439d0f9b8d5279fb29da66fe280483e0dbfb6e289d63b80c0e9662 Output.14 = 4168445948f0108eee7c346820bde513375c403736ac22b6b51a0237ce84c9f6ec3f85be5e5af9f1a23123692794704825c4e1935ccf790413725fc44ff64c457a58a700265c04dfd9674ecf952af9105b0b62e9f2867aa15cc18077063f1be603a4fdb0060a272aae224bacd1f45d172c8fe03ae1b4dc4616bb47be9ca6fb3c +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67691,6 +68009,7 @@ AdditionalInputB.14 = e5cbbe21f36bdb46d389a479bc23ed7162ccc9fd07e3c15b2af38da548 EntropyPredictionResistanceB.14 = 524506ce82bc8e9813b12258b87eef1021c3df39de0b377529c3614a88a5ef9b Output.14 = 942432679f040520258501966ea68fb5044cb44c4d02b0eee3041d3e43e3c283e76d4bab79305d16888b42581ee087dde5e2b0e2c3bfc7d1122c2fc450729343a45331df3cbf7b9a4253a5f8550d37672a73a75b3cc8abd68f98803643b6eb69ec95cf55c2cfa037b69523afdd045c740708f1f7403621c8074d497e0efe689e +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -67786,6 +68105,7 @@ EntropyPredictionResistanceA.14 = 711415888490d7ff523e9883f6bf0226dc6d446901fb41 EntropyPredictionResistanceB.14 = e15d421f53c1c843c847b2abace780caad977a337d81469d973ddae6aecdd1a2 Output.14 = 79071920bd431dc5156b6f03932ae2aa4dfa06a61994bd07ed65cea1ec8c08416c7ee5c045f0fc63b4ca237e85d29d8987b65f3e9ad22a984aad16676a9a0b50af959f19b57863c43fd316516cc7d8516bd4705193be20d3ffa42f843905ad64a5288c875f55a8996ecb239700136b6a57a43f2c6dcb11af5e8fba3597fd8870 +FIPSversion = <=3.1.0 RAND = HASH-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -69553,6 +69873,7 @@ AdditionalInputB.14 = a0ee5a3a9a8c5eccb62b9e7ed45d04d8 EntropyPredictionResistanceB.14 = c588bc21bfe29ac749639bcce28f17fb Output.14 = b519ee28f38bcc0305ac49eeaaf9f27eb6af797ac95e13431d1f5611e89930bb2c362a9abbf4fb8d89605e5db756fadaea2f36e953751006361b94f89c893e2505b77e41ba27eb9d56d9124111e7c12d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -69633,6 +69954,7 @@ EntropyPredictionResistanceA.14 = cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a EntropyPredictionResistanceB.14 = 5c820ea46bb9091054d75a892a83c3850da0a31c15e0d021 Output.14 = e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -69743,6 +70065,7 @@ AdditionalInputB.14 = 4505c0664e59bb4388020470838bb098c4ae1338c268adf2 EntropyPredictionResistanceB.14 = fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a Output.14 = 4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -69838,6 +70161,7 @@ EntropyPredictionResistanceA.14 = 90e391a33dc21281372589e2a667cdbbe4267710d5244f EntropyPredictionResistanceB.14 = 42c959b7272b39e5cdf67701d47665b61782541e94aa224f Output.14 = 4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -69963,6 +70287,7 @@ AdditionalInputB.14 = 764705681b7781573af811fa7751dbc27d667af7a1e59dce EntropyPredictionResistanceB.14 = 76a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7 Output.14 = ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70043,6 +70368,7 @@ EntropyPredictionResistanceA.14 = 85ef26b185a0aa99aa8761981cf02a634b62f47baccf27 EntropyPredictionResistanceB.14 = 2e9d56a2fb6ca0bef9a286d23e7d38457790f97f2b7ea5fc Output.14 = 5c7bb6bedc97cd38837beb0d963d76a953d4c53827e24ffeb278acce8350c43fa6e289672fe6452b769b921937ea8059cac8326332966d3490f57b8fa89aa86deeb3edcdc108d1899eaaa2d568d78e26b8ed674282ce16a0cc03f3c3b1da6d5c73afe8f392b32151e938d99c94bf8152 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70153,6 +70479,7 @@ AdditionalInputB.14 = a05a3af78f164652504f38cbb262a93f5fbe72c55e28aa55 EntropyPredictionResistanceB.14 = 0dedd1d3b74beb9c3ed9a6af24ba4a8fab11aed95d829a11 Output.14 = 4e6dc09aabcb0fdfded4f1d6ac2339add1b5d7528c3676203b09341a1cf70f0e838301f7a78dfe6960daa674517162f4819a37027845c260186325846604db350969ca2abbabf713159669260b80de6e42bc33a64c796280402da8b3c3bf6e8255a11b82b046f1b3800cad132c2c0cc6 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70248,6 +70575,7 @@ EntropyPredictionResistanceA.14 = e5f524fde813bd2478fee8dbbb6284f3863b43a8cdb2f8 EntropyPredictionResistanceB.14 = 178f885705e506129a137c64daab8870149344d82990e454 Output.14 = cc687b9fc638af68d71c2e12ff8727f2cb2eef42a888216af09167ee23f5b432ba896ccd508afae8670dac9fae348eff0f8db63c3fe86f6a1e2d97f9b11813a56ddc1d5c99cdf79afb5d281fd1682dfada3c608ac1cd8ed28e70e21d3ecf7c13c410e8e657d7d0714aabef78795e46d1 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70373,6 +70701,7 @@ AdditionalInputB.14 = 29729358e5e488ac8924536a8806d242952da8ade0d4e4ab EntropyPredictionResistanceB.14 = 0a0148aa002eb800291d3bb5fedcc8a6b80897ce459710f5 Output.14 = c97f446cd3d9c96f63782925178e879b3fdf0d46a2e67d2489a39c55ded3330d70a7be34128f3e8ea442989ba7ad90ccf7f66bfe1f7c1b17585cfb5786d764a44e39bc021e06a193254ec26b7b93e33fb883408756e651176a098a4b75b3ca48ffc4b66f0f5519592d529500dfb30287 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70453,6 +70782,7 @@ EntropyPredictionResistanceA.14 = 3ef188e76f0d26d790b51c9eea46b0a9d15fd631f044dc EntropyPredictionResistanceB.14 = b2d0c40fc7c3e6fa3fa030d54f4548cc664ad604eb9ebf7a Output.14 = 966790327a7fd7dad98fbfc5c86d8d678d28dccab766dbe0a10bf917b59e85cfafc1a948b0abcd89fe6cbd30352e8c672a849b2b6b598b495719303d17b22f879361078e1dfc13052879e7fb8613a0d5fe764377e98e8c4d41faf8aac94ebd299caea002a93f5e56b6a78e6869190c33 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70563,6 +70893,7 @@ AdditionalInputB.14 = b4c6dec979f2875bd6ab575c884b9c82a7f87b0e8536fc63 EntropyPredictionResistanceB.14 = 812de24e2801b83b5938cf87ccd697d29e1e47dbb773e8ae Output.14 = 42e656b2bd89c6b87eeeb4cbc88da7b7ea63f2d0e34ccfda69f1306982727b65248742030974bc2013af0fc0e04792ac57a6b33f7a0e1c106b4877abcc43649ea67c7706c2c6a32341ab03f35ef5429b634c546ad46e9f4ed65835246047ec510de96d544dcf5cfd5cf38b1191844699 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70658,6 +70989,7 @@ EntropyPredictionResistanceA.14 = f3519a57f18c23306e613cd6701a63b476750bc86a2c3e EntropyPredictionResistanceB.14 = 970a0425e52d2ec2cfdaf196d46e132483021785e3be083d Output.14 = 92e7614f08b0bd0356849559567fcc18f467f7ef0d31801c9d38d48adfb1a49d464abca4764e5a9da227d20dea34e9d05535de6daba95db7ae42ad94155f795c06ba3241e897ffdcdb1c0cb1ed2767bc8b1259359e70739b52f87c947fc0ed293990fc1a9d452c18afaf5586a7a4e828 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70783,6 +71115,7 @@ AdditionalInputB.14 = f7bd5c7a7e998407efc71f4bc2a6c811edf1687b019ceb9e EntropyPredictionResistanceB.14 = 84f15292035fcbd61337c733fed157b3e7db3097c2a3bd9c Output.14 = d59bde2388f07c18be829b8fd08376a93af24145700238175859ee3f89a7dba009c628d749c9ad72abfa3609dd0a5d38ef1abf261225b988db1d3d3183b5c5ffcc19303f4eea88df2df4b65df1ad28796e9ef1340731ad6c3bef33043c90880e3ed5b8b336d5d125b89df17028983f4d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70863,6 +71196,7 @@ EntropyPredictionResistanceA.14 = d16361e926630ea7eab852d3fbaacd4ed8bcd4437311da EntropyPredictionResistanceB.14 = 15d2ef5b010ae9f49d738919580a99985fa6e749f4f25e4b Output.14 = a34007c66a63071fd9b88fcac4e0438961458595c5fa9d39453af1a8260a5810461f55cc8bc9135b24713c82d9a8f7caa720ece42a7a94ba9142c7f25120f2cb57265a83e2a40129357234dff36f320935a2e88559a334e33044d6e6694a9485ffc243fde57a28958975d40342d17c0e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -70973,6 +71307,7 @@ AdditionalInputB.14 = 6a59ff9e4710c11794930434f5084196353fb44fd07b2e25 EntropyPredictionResistanceB.14 = 7b9f7f89a03e06aaf45b165d68c6275db97352d04c8fc977 Output.14 = 7f72c56664a786385db6206c39a8fcc6d2ad278abb7270961c79f17f3123b62ac1118a814fc8d22d2f2c0219cf12879bc688056f39d79849c6eb4f3bf2d48939372313d46c6f816205e71a162c8ac3373f39905c19b1003183a14f1a993851a2f9a961bcf3fdeb656d7190c7ed5348ba +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -71068,6 +71403,7 @@ EntropyPredictionResistanceA.14 = 40da9bf2a3adce3bed58d5ca64411ace999f0dd1be0849 EntropyPredictionResistanceB.14 = caa117803af0fe7ded86e010dd37e4945fb8b32256663cfa Output.14 = e1468e54df5d693ae5094982e155a74033e4079dd1086d45a91ee213b3ab4486640dac0342e6aa82f76569ae9d395f5161d82d27a7c6a8573e3f42e7c57ae6bed8a45a177dd35a999e322a3538a9b8cec51df28eac49ca8a7022200963aa0d4d66868c1cb8dd90a1564cbbf8bf26778f +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-224 PredictionResistance = 1 @@ -72833,6 +73169,7 @@ AdditionalInputB.14 = 666ab44b022bd295bb6b516390e14c1a7e746acb6437e33b203779116f EntropyPredictionResistanceB.14 = fb25b91fb031adb53b1d175a68a9202abdd6b3da5d658b7d3d5e815e62d440a5 Output.14 = b02cd3e20a39877aa2b5288236990b77e0e9e21987583fbabd6ddd9ae2c5316fa51602d06ae57a55a784dcb163504014a21a1ac2290b6232e8e97d186e6f6a8508f7eb6958a0ffff454f91e1c0b2831a594d31445918c92268b380c017f9911e81c82ae23449976252add67ea901463848696eb31453189fa88d2c999b6d9d81 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -72913,6 +73250,7 @@ EntropyPredictionResistanceA.14 = c5650c33f68b5d33502b1f55e06fe2c1169fb34688a092 EntropyPredictionResistanceB.14 = 25be4cf15692e3e6ad0ab6ffb22cf3f77b00333517ecb2239c9b81e59a72d087 Output.14 = 41f335cf727ffec9ebfe7cb348d11cdb4e5e49a9a047d8342a6656e5d235219a5d80715166698cc1f16e34f743811b820e6ea55c2bdd0db1b97ea2269fbf60c739feed818282f447bfe2bd0b9a7c479144f0016703aff450abbd87a50e5e5af0d2d9469175542737bd116de2a73acbb74d9f0077a227704f271fe0696f071914dcb9c0f0191fee35eb66248eb17991b538649457d5d5f9d4bb9cd81c33a14d2becce003c143c9cfe39ccac51048ef169f6a22143eca721d04f6e147749a44a75 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73023,6 +73361,7 @@ AdditionalInputB.14 = 301f91c659f73b618cb46a4343772f1eee9fb4949ec6328109823749bd EntropyPredictionResistanceB.14 = 24a71d39e627d5efaa1e8f3e5f70114bb03b71ce54e4f8d34e838106b2467cca Output.14 = 34c532082926e6d530b3a58282eb4666ac7374e8befaa4999dfc9f409e40ff966652295d2940db97061800583bc7d47b053553ad29c89ee61803c1089d30592270d2927031353592d4aa71f59a4bf3f2147cb406322367544c38fa5a3c8ccb534bd884355b06145db62161260162091c795874a2e99e01292a2e39e107738818a211750f858edbe0c2ea4734ad14f1c45bcc9f733f027616926558587f7332be55044dfd6fcdb628ff7d7d581820a217bc64aa092e450722686e0cb291eca45b +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73118,6 +73457,7 @@ EntropyPredictionResistanceA.14 = fd947b0a21e580e6c2dbfbd44d01f5fb4a51dcd2199df9 EntropyPredictionResistanceB.14 = 815302e016aad33254d308c5457f368965c15b6204e191c2a252e4fe88dfb978 Output.14 = 34f550231d31c1b3a3db331d341ada3b987120d94e431831eea67e8d208f9cf1800549d445fc7befbdcc2488cc7f4340560d574fcd2396e9ecc9a232f1015cfb26db451623fe47ec8bacee1756573e74e519adc62b23ce86fc191ea5e13da9c7a14496426c6c53dfa7c7ccdb67d6164dbe88cbbe7f48d4971993003ab24f3eff18bd52c2661992e8f8da93bfdd28f01fc32edb439ad130352463084041e9871c431ba26c676ecd7812991833113cbbe687651e93aeb22a6a44cffc7a3fb214b2 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73243,6 +73583,7 @@ AdditionalInputB.14 = 5a7434648de82a3552e12aff800093776ca3e86565b29c0b3ad6c0bc31 EntropyPredictionResistanceB.14 = 2d6b77ff7e612c7c40cd5231eece4018c5b3c0d8181ab44703f7a04c0a1c7c5e Output.14 = cfc79a89a0a55dc9c6c6eccdfab5a9935335e806b73bab7f5eff5f9fea6aa3f47bf31f06d987a94e2bc2a4a6144ebe94d6f5aa8fcaabbf86a37c8d412207864322d3057b89fef358740c5962cf9e7c37072847fcaa6db693a5238ef270e8414e2b29448bbcc37dceaa75479c2ac5fee2d6fe9ed68516f6dbd90135ddcae8a12d1c1595e0edc34ea2bf00bee7ae773c240c2bc1ed828b7ff91a676891173eec1dabeecb2184df9186c3bd833e349351481655bda91bc0f4e419fb78e426de6b39 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73323,6 +73664,7 @@ EntropyPredictionResistanceA.14 = 6cc5f9e579d80eb1e93876513892307c462383f1b5e591 EntropyPredictionResistanceB.14 = 2672d3be2c1b741a8a60662e24e2bd6a674def98b16994189c08d7972d275f6b Output.14 = e7f7f113778234b68dbef00b74b656a52eed3cf3aadab8e5d96d1daa5c253f5ffdcbddbc8dac0acf43a7e2a18303a6ca389db0bd0c5118a869e7e06115df5315ab9962a782281c5c46823d1067a8a5cef28c7ab7aaa70c069841875f02f294e557158da3adfc6c11407d5dc3c783332b4d3e25001b5b1e48dbb45a5ec0c8fbc0343f8d73963b7928e501f5dae8716746a835e121ac748243c90d3d3ba22e11cffd76f53a6e372546e0fd333e46df1056197e5a44a8b69e5b923637212635e6d4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73433,6 +73775,7 @@ AdditionalInputB.14 = c81910a207597a0657cb06cb89897f9ca67aaa5e3289159fab1f36cb2f EntropyPredictionResistanceB.14 = 0fe27d8d5ab415f1332cf42f7a6eb23033a9c5eed085b3646ac3fd288de95b63 Output.14 = 080c95ae4f89185591db9f06e68ec25774ebb1fe9e5cf9acb4a6190341d40c78c1b92dfcfc142bd8719da2d09d879875e5eae3a0f7e4030a61904e45dc5f059e550e85f4f2e081f2b7ff22c47eff29944d5f17396cd1712070a2e1c565253a032e15432489c093561ff61b2729ad785e7d3da276a860d40ffec5f766997260ca2f0bfac1a3d20da5602357d9b8c92c97f8830fc1c93ecc68ad2edf2a559a7f52325ee7c7f9c85205016af24e0833fbd54bac2f6bf42266d3b90c0431783b8a75 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73528,6 +73871,7 @@ EntropyPredictionResistanceA.14 = 0877707fdad56cc9c9de7e9fdb0c0314316ebd529920e9 EntropyPredictionResistanceB.14 = 208e73cb7f1d5cedab1c8b3b53e0e8677e3ef4664cab9a305fec6dc0246256bd Output.14 = 97d899881e4f6bd01a6030d211643b3c4d27dd7df30956495497b8748998c7bfd74373293f1c992ca303f0d59e46ca98f97acb101113bf97682ff75de95fcbd9c511f798ff76d7a17ded50948aa2ffa15013e1d486de1368c5ff009a2c0ad062fb9045f89d8867aaf8799089bc9b7eebd5a9069690076538a589483c7af29c48b6726982ccecce027b87b1ded6875015195c60604d2e564ee3014d9114f5a2d900829d449a69ae4dc23e5df063c103260163509bfc38690f8d274c620b53feba +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73653,6 +73997,7 @@ AdditionalInputB.14 = 30dd5a23a1cc9acb87060b151274df28882f3d442d1b9ee6ca58dc118f EntropyPredictionResistanceB.14 = d980c14049c6d9e9bfa9340c92ba188091416e7eab2849f347f72840d79f9f59 Output.14 = 97db825c1019bdd33f0f67b32adb6490a8f38e96fa34658f93edaf6d000ca806bbf7fe6af0b5b17c9e850a6dc41f8899355849f04e58ba0f75872021cfa7cc4410160324312fe8a7b6e9d8f42778a1b8496d9f0bb40eb336039ea3f762147fdef0d53603591b0fdb9f4d0b345c8f1cdbaecca96e5411a960933f52ba9b3457a0058ac464cb30118ce65f027e8a7584cf9eba11754ad3d26d3600a3af3bbaa9caff6ad4a28a8a76abff9c5d710530270cbd9972b90bc767ad7e76eca03dd13549 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73733,6 +74078,7 @@ EntropyPredictionResistanceA.14 = bd108a354d8b8448d8add8059b0c40ce026bbd85209c87 EntropyPredictionResistanceB.14 = baddefae7c08ddd069296022aaedf0eb70e44df7a1aa04a030bca6cf9ad89211 Output.14 = 8360787a7febcd2965a605f03a76a46bc3b842097936c0df13fb778feeeb3f7c12af610fc1d845ef71d5b4b834f1659004834c107e084de52e2303fd81930eec8aea7fa86893e58ae764f1894965b04bd8bb65a308e4f38d390ab11d93dc77c69e86650bdc20e7a3fc616a996f4a4bd5668d31c6155644867ad93e31f8d78f512a99b6b368350c53adc5de36fc13052e600dffeeaefd06b2a4b969782c046087ac07a4e02aa5302e499ac11e26116186f32d4169454eec4eb29f2e75e544a0e9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73843,6 +74189,7 @@ AdditionalInputB.14 = 8316fb114ead33f4d6cf236cc711432f42a699c1c8207865428de36375 EntropyPredictionResistanceB.14 = e4e9129ee1cc84738d8eb8db7404da8c0f9f16a5dfe1b2cd99ed2b08bfe635ad Output.14 = 18daf46771e8acd38c2cb82aa837a239a145c48c303dc26feef47d5cd74b01cd53546fe54e300bd3212e1c13c1bf3a9d17165c89399539c07e30816ab1c7bd1b598e1b07cfd4ad0785cf6f6a5b835d8f212c825a4ed2d7821bb29255428c468c84ec2e609cfe23f79468f60b236ed228b5252a95bd4c0bfef62f2b640c7823e32d72e5f1bddd56835e0b8428ceafada24efe0de582678545de63cbdeee77d6b3929d83d9b5db2134349444926c6fdf2422c786a67e017a8f98659b9c80ce95ef +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -73938,6 +74285,7 @@ EntropyPredictionResistanceA.14 = 7a7721ea04f0e15f08ac5bc6f52ba3cc2c9f62f0bd8adb EntropyPredictionResistanceB.14 = b38c8a67366b0aa435d71cb0050039a98447b1a40a0eeec63b33eb6b37e2edda Output.14 = f5fd860edbe302d1448ff77d56b368c4eb156490aaf07a640a87a7036201fb816bf24066b7caa9cdd709da7234882939e717298193f9dcd634c8975dd95ab56c38e8407db56dd8713b0c85842f85516640d3faa7b5e12a390ddf0d4d80c96a407b9a2a4767fdcf9c37d504134dfe0a90c8b10ec9bbcdbc56e54180022461c69379c7aed3f5732e1e56d03d078bd8b6e7c621f518a631f0eb493d5b747877a9cfcd06e61674a2f5295a91830b5dae43e30c1e72fc8c91528acd13566b723acd6d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -74063,6 +74411,7 @@ AdditionalInputB.14 = 9fd99df9cba9f0cd2445ad2d4b2c6d34c112d882b7c364b1d52f47d880 EntropyPredictionResistanceB.14 = 3c2b67fcb3929cbfe60ea272a0295c1a59c631ba2f9619c0c93337646731a8df Output.14 = cb3c238037a3165f17d416dc04fa07a41eeb7041afb26f5d02de1ae45a9ddf37eef688c9c29ac05fa9dfc35947123cb3db0125f5bd5453f4e48a3b2cb027465ca74f9952456d3bb0efdbc047f96a201e78d813ee37e213240eac293479444723d63148333d93dd7cf81b2e19a7c6feb217c32b25a4cd184a8bf7c2aaac149744cc53134d38eb4a2bcdec0d69950171847fa97d0766a19c3f96e9076520d25b1741a9c4fa31bcfd6b3ad8e4aad6f0c33751d128b9bdf4975e0819985c3b00dcb0 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -74143,6 +74492,7 @@ EntropyPredictionResistanceA.14 = d5029f8d6b538542043669856f1f443d1b0cba26f5a075 EntropyPredictionResistanceB.14 = e184b0afcf6bc3bf9c121b0df5aeb8f8fb94eeab939de04b5deea470ab94de15 Output.14 = 86c8cd6a92b103b0d88e54be7d4c1a9f8e2ebfebeb66cd812298fcfef3a7eb84dd84d0683a12497716c4325e8105b39c9841dca2d60da1dc875b904839b18d1681805d058faa0ae897bdcea8528b8e99bc6899f96ce635f3176a645224d668afedaef3d65336b91c78cbb7f0a5090e95938e15f0e43d827bc22a4cc714aac95d69b90553b06a9f3a76cdc0e04d0f6e24a91ef5468bee2f77b631d5a5bd95d74eb91be516027c86a17240611746aa99c6c84003aad7b809c0ae72f221c564c8ca +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -74253,6 +74603,7 @@ AdditionalInputB.14 = 1161d440c1db4c8bbef4967dbb70d8054c1713dac5c1bf62866e1f0327 EntropyPredictionResistanceB.14 = 5cf03ac2109ac324991b13b84b25d44bf6edd86f634a2358c3eccc9e3f477ee9 Output.14 = e0793def2fb3674f7401517bc0645973b7f97091c3b96b3bdcebd96b882ed393ed38f7b7f5a6e381dad287f642c99e9cc6b6eb090092e468c96d743b20c7c71371a1c64637256d041211300213a9aa330c05e80db3456de1d55e6d7e3aa3d7a501450ec24c74da213b7184f4ee481c416f6b7e0877d947393921b72a6636d642c8d33b9e57a35efa2490d37f8fe584644e0c19a54941248fbbd2fa31310a4592926db7092f5e8b3ad1111454e04705f79e46f4f6e4d109f4c0fc67a253550bb4 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -74348,6 +74699,7 @@ EntropyPredictionResistanceA.14 = b35a6d3ba1b4b3d62389ff2dfe1a8a9ff527d4fd3b2cba EntropyPredictionResistanceB.14 = 325043f919f312cac2102d97cdc26a58637120c01c09448be861dd97751e8672 Output.14 = 32ccfedd45cd80172e146ce0982f6046a96735237e6df0033eb5d61d134383efe454da37a8ff31689613a808ef649f5eada3214ea50ff21b673bd407662006c157f98a36418bfe72493134f6d8e2b5276610d6626977cb725d43a526ab523ddb97ce76e6802c60da568402ed854bb9e1af9cc74f123493b19b765aed7dca28bfed8bfaa58601c1f2d1e1b782b83337cd42c0c304e7415da0ddffc9078d42fe6b59e5454dfcd71d59cdd453303018c28015d88c914b62d8c3fcb94eaf5654b02d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-384 PredictionResistance = 1 @@ -76113,6 +76465,7 @@ AdditionalInputB.14 = b969d2503e5dea21ce90fe8ce89cf9e6e9165313fbf44286ca91a689b4 EntropyPredictionResistanceB.14 = 0735d5d8322df6f7568e2bb29a8d63461d8b28ed9af5f7323ab96292c31cb59f Output.14 = 7ecd4eef593d3c8c2ad90851d17501e666cf22ade15471b3739882cfbf0b03acdb6b83288f22f4a6246fccb608c98cb906a5e9a42fdfbefa52e968e903d175b90f51369d21bd8f408a723768d6de02606a15f37e9a16469146de7340d8c6e58d293a2fce0de7217f7a16e9bb7000f54f35b5b58ab24c0dea43508f52a718eeb46be9618461afcbfc2ea4ad3a38ccb180db88a0fcdfb2d883f82e27fc119a249e668ced1e33dd66ba23ddd0ecef668e91d17654ba13dccb5f8b858f44171f4629ad4a91459b6c257eb20cfeb814e289518947d94f9827514aaad7036bc19cb0b73857b1d9ca3ef069d2d20eb5ada8505fcf404052d9889138cf51e137e70468f1 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76193,6 +76546,7 @@ EntropyPredictionResistanceA.14 = f80eee174bd5b1b8abdcbec30c62b3aa85ade4d9a43e2a EntropyPredictionResistanceB.14 = a150d5528a5f79914074a783738af08eae5c95b49f407929 Output.14 = 88ff82264427067d717027de8edc886c01c782379ccb937cd6434703d4f0ab13acb4142149372fffc793813733ebdc9058c85d900f4e442a2369c16057e4dec1a75f5c5858d2fd1d69a48227b293a953b24fe38adda48f080a9cc5666e299ce301d2f230ad5581fb05aa78a00dd35a9d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76303,6 +76657,7 @@ AdditionalInputB.14 = ee19a759562c231ecfc777c588087e790d5e170956b11c08 EntropyPredictionResistanceB.14 = 4a004a5c4a0ec328a0ff26ac0aca82ce35ee9064add86094 Output.14 = ae21ee878e4664c73f22e88ec4a646c0192b5c52a7bebb7b17a94a7c4630568b81da000983bf0d1a96e96432175a214ce7bc9332bb7e99f2a81e588ee4c1120c1eb22cc6b24a386ac5a11c4d63de4f20bfc8d9e4094613730f900ad7b54498954040a1fe7b53cd2a0989b3bf8946aa1e +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76398,6 +76753,7 @@ EntropyPredictionResistanceA.14 = 4f0d9e7c269ab360dbdf47e9ea7d655c204dce80082451 EntropyPredictionResistanceB.14 = 8290ade448d2d83445b96ac682366659b228f952faa1f9a3 Output.14 = 0d6bd0196ae2b3af4a750e4ea529b353979b30ab1bd05e96bf3c6f0c40b527ad07d90db5a1f392fef1d33bac5cc2a47cf4d9f20b8388a922d869f073e65ce6340cf30d45645a03a951dadbe81cffdcd145a32519658d0efe9f28175871b45cd6ca16e4efbd37802a1b88682819e5800a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76523,6 +76879,7 @@ AdditionalInputB.14 = 4e29e32346671af3b726d7030ccf470f72ca369687b489dc EntropyPredictionResistanceB.14 = 21d5eebf3f54780f046fe2cffb2cc9b52eed850d1b44d675 Output.14 = abc8ffaebfda52cf3a9bc037b965f9e97ba7aafbe1575efe8fa7182229d58a2d1282776225af0ea87dd79de7b210f654388c718f8dfe22aedbb4cfe92a964664904b960f2577f43f6c48783a8423788de7aa693ed859c8269e3c8b8b59eca1659c0473aae8b0a444d4aaff23991709cb +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76603,6 +76960,7 @@ EntropyPredictionResistanceA.14 = 02496883d50bc28e037a370890edab9be1a69e003e70a7 EntropyPredictionResistanceB.14 = db072d2518f7b6b73292f7e167bec9cf5fcbeb265c316ae5 Output.14 = cc01e951f15bdcfe94288a0de84ce187bad281683773f1b8341efecba656d62528ba91ca864c440b085be142dc565c1b7a326dfc9ac47a84623c2cff20b6c047d2f39e3db0b02fab4c1ac82e63bcc06b032c16f6e9ddd8c60f03f5b55cc40acb3b5e2de6ae3938f0e2fe21d72134346d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76713,6 +77071,7 @@ AdditionalInputB.14 = cad366cc562a45f74fda0bf6fd3eafc0f3dd59c666b33881 EntropyPredictionResistanceB.14 = acbf8dcb97c61718c9cc8adeca8873e31b794086d7b84cc3 Output.14 = a6ddaf00876c5bf50d7a2f5b986a770685f64ef54e2273c51ec1e594378fcd08f16316d1589f1c5948f524b3fd57d40b4ad732ae06f3bfb5359e6282105bc70fdddc9d1920c5092cabcf0c8ec14642d50be19de439ffafdedf3ec9e0672eb7754814eeea09430d65ba181525c616c31d +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76808,6 +77167,7 @@ EntropyPredictionResistanceA.14 = d1c3175c4853102ed4b306eea013cc448d325938c52940 EntropyPredictionResistanceB.14 = c0139e13d5d7c5bbf9c2394973d00487d49d4241ae7e90cc Output.14 = df70ba5809a640b8fa1ab712d6ea7048f8609944d63bf4fa958556ae020d95a9011ddf0041a75b708a372a486e9ca8e0d2c361e4f75171710ab42d49ba3c0b6dfc4b3614b3577ddca5adbfb2d096acc4a72bdf1c6113cf6f0bfb5e8f1d69ef0a4a4edae75ccafd614ae1e718f60e3196 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -76933,6 +77293,7 @@ AdditionalInputB.14 = a3c2f11654592e478c8ac1a1fce2224627ca37bd0efb44ab EntropyPredictionResistanceB.14 = f986d7f33aad227e98d9087fe30c34f1c18b42f85d56b72c Output.14 = b1fad8f7950787c949b41dbc5581069f0920058614c3ea7bf1edf3812027a4c989d8b029e08c4ee77c76c4457aaa3d89dc775c6c60bb125dfb969729fe669152a173256b4d2181e84bbc63bcad8ae645f4371682a39ae65d00f004e344ddff5374b257d8881f63d4ab960017258815c1 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77013,6 +77374,7 @@ EntropyPredictionResistanceA.14 = 42d19ff5c985c31c955a0aed5ed02581ffbf2a0ae62d78 EntropyPredictionResistanceB.14 = 7f9af6a606c9b315c04faf5ce3c0412092edb19f9463784c Output.14 = 219072e8b6d939f75ab90edc91ade50b8e40f2c1fae68aa5fb5bb297506ebc5f18d20492b55fd73ec118e6d74e4796c1dd28d50f903dca70960ba66b33b0a6c3d06e2ba79eada96b613324914b19224f0c710af7793722687f9d464093fc651a5d613b03c6d71bcad9bf2c74a4844718 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77123,6 +77485,7 @@ AdditionalInputB.14 = ecced4ace2d11cb2e02c253d81d15ecfaf555a51189d2051 EntropyPredictionResistanceB.14 = cff57ef512d7da05e7ea7d197c797962099c64ad89f52a24 Output.14 = 40f8480b22c24bde9c66f91761b1ecf25a6486024315b58028ddb8a88088f7deffc671a9465671c370f7877527e72c4259669890abc4efbdbb09550a84fa2f60a41d74c9d7960d5fa05e9f66ecd5ac344970aacc23ab1361d364eb697abfd6cd621773f4ea7ec2dc7795cc533abe664a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77218,6 +77581,7 @@ EntropyPredictionResistanceA.14 = 4de293b3ea5c26925d39d5376ed5fd43b9b775b80c6cac EntropyPredictionResistanceB.14 = 4e7f27a772fb8de77031b24cc514c06086de59989856694c Output.14 = c1ec91ec7585ffc05d765d0a9e30f62bcdc115426af9947eab68b6c9a88e6a11890704b623eb7acaec77bc6988da9246e10aa3eaf65380f3083bbecd4a41ccb09879ed9c46669a78102b7822b157d0d2a3bf09b452300ccac217db03b455382d8990e3bdd9a2a6461b19dfdfbad5910a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77343,6 +77707,7 @@ AdditionalInputB.14 = b87bf3d164ac955913ae4a780ac654d9a67c37c8df1f79c7 EntropyPredictionResistanceB.14 = e2b5224119118410592ae0b238dfd75ad576b3eaa1848313 Output.14 = cbf31760cbefcebf50289b9ad8e9443cde14fd6beee80c0bae83cdf77deb6e9c77ddcd0316667373b28b9431857e6e7cdccd8b6906927f66b362452325339a035b23baca8ce1697663e4879cc2084fceed28e9bbb2dbb91f868ba7626f6b7e5ea87eaa48ca50f9b76ac2c74b39bc9a86 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77423,6 +77788,7 @@ EntropyPredictionResistanceA.14 = d931a0cbda3985a34b0a2eac42e9bc5ead10520de4e7d1 EntropyPredictionResistanceB.14 = 518e2480b742f9c30098a6d543d1669678084b3208b5375b Output.14 = ef57d91db4d94aef743f1528e0c27b69654e3a854fb7479d25a8796b06c85884f328db9a09deb9be55cdeb9cca2a5a00ba56e28d2fa0057ef1ccb00b22a0a747bf15e7b303b990bf2fc3903f96cc55e69d8808c9da93231e5e859f7ec9edc9961dfc9b30b30ce0f43a3d65da93a82377 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77533,6 +77899,7 @@ AdditionalInputB.14 = 51f6a64ad57705cbae6b92cdeb622a0701f5500e6ad7eb0a EntropyPredictionResistanceB.14 = d5f8c2ba94bd849bd1434ff9d0b72517a7e6d381f13387a0 Output.14 = 15d882c8ec0a8ff1544813ba2a6cebe81281117628fc4e79371b7e84027d0d9322a76e42c733c73ba90c4b204bbe329a4ff344c3fd8204e0c220154ca9cd04c80457cebc33f9466c33358fe1c05d49bf83d174f8abf530b46b701c0ba24b081dda46ae38f58815a996fe878fa6884845 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77628,6 +77995,7 @@ EntropyPredictionResistanceA.14 = 7ac8115615a29c535ce9b45d3e57d6f9ab0e6d4a021fe9 EntropyPredictionResistanceB.14 = f6ab8840edeb3c20d7bddf7fdaa5c980c58bfd116551d1ae Output.14 = a85a3ede0e85ce593be2a2a2c650d49a740e9b8f07c24348d2bd968c917d442ed8de8a0d8ec8ff09ff86e6f279159001382cdb92f4625d12365443881df226c9a3833ba051a92f29fb55b788ab4b2d01958b9c067b43bb86c4e547b24e609e0d86aa3b75ea8d73e2c90092a50bcc6ce9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/224 PredictionResistance = 1 @@ -77753,6 +78121,7 @@ AdditionalInputB.14 = f0431c9d8925aaaf8f28d112773e5f5fed7feff633c9b056 EntropyPredictionResistanceB.14 = 5e27635c34a1b793b2b1f23c9a72eb3e58c6ad63ac752dda Output.14 = 20a84f074794921d7c1ba7463c4cd5f165ef6ff003555a69a71d529ea8177b3b4845898f031428b320b9dc59b16260d80baab34e7cc6daba5463cb496e4a6588ca5f3547412e63d36d560d9549f87a3ca346968f4dfdda3d0cf9b82384b3e830a8368c659c5aea26b03c4bbb8bbd3878 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -77833,6 +78202,7 @@ EntropyPredictionResistanceA.14 = 33fd3300d120786b2f756459b222b72728c1b2c53d09aa EntropyPredictionResistanceB.14 = 96aa233b407f0cb14d6ecf2a243efcd7c1b7ed3fede97dfeb269cf8331189412 Output.14 = 6a34b428c4ff416d3ae907318928663ac8683ef6328d37b19bd2c179aeb7e56a73c6ed096ebfeb85a263f2c868fb4a2d977d5d41fe12b135b1c9017555b36a9f6775a43c42be37a78eb067f520f091ccd94b38c62fa7d48c494b05b072fee34ba262a4fe1a70c98fea2fae40513723a52d6ea44f5fa168f4c03ae2c73d793ef0 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -77943,6 +78313,7 @@ AdditionalInputB.14 = 2563ad078ad8eda919ed40a81b634073064c22f2b21926bbd9cc1d7c2a EntropyPredictionResistanceB.14 = 45ddc44189bbcd60713c40e811d6b2acdd1659c670f715703f5b80eb4152311f Output.14 = c2554fc1931b72acd98e4949707802ab471c4f2eb62813f87f137e698cf89a13fa7366a97b49587d9a0c4d42a62eb0bce27e2ce0e67324739c49eb180216beb51fc82d45b7900fa1c2d3db3a0c781ef93ee57f6a186a61e0f0fd25a8d8d2d9170bd18714cfc1a6e7fb6dc992579cfb0306de5b67c01522b3ea3955d63a775cce +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78038,6 +78409,7 @@ EntropyPredictionResistanceA.14 = e43ba5b540971c4f02f0212bbc0ba521f3e64a627c1d0a EntropyPredictionResistanceB.14 = 3ca4a33a72e7aed850e64984c28407327d94e6858a65d42b16f985d010b783bd Output.14 = 2567b74d4d1eeceb6321817f5ada210954643e1212b766bf2eb84d2ce6231c58e346ed57824c409f3c73de40395608a7d3c52708f07ee7e721b7c42ccce5b0baae67364e1cffb7fb0e363eadf3415c99bdc7b730b8c66201da1f8a2290cbd6165912484def03a96b237b793b76b76043cf9fadcd5e66ea94e6110c4b2b025232 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78163,6 +78535,7 @@ AdditionalInputB.14 = 7978071c7a648cf7f02c9cdf544d6ff9dbe3c5636f73fe50deb7e89695 EntropyPredictionResistanceB.14 = aaf9320ee7c103d51512232305aab44b946a73ddb13270f42903a37f84c9da01 Output.14 = cf5ed4b6208a0db15373d472e240dee04a34e630000f9751cf8d3f15dd6a4fa3a4602ec539dbb1811978493f920e84b2e3ac78bcfd619b6c4e7e0072381a7bc150a91b31a0280dd843ca1c4332ba0757d6f6f0f2f830a623cb78011dec8c4d844f71427b09be4e9fdff4bc1cf3a72a773e06121cd8792232d387170a66ca384b +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78243,6 +78616,7 @@ EntropyPredictionResistanceA.14 = f124c88bad32cf4ff49ccc4271c7f4046f277c0b1fc73c EntropyPredictionResistanceB.14 = c32b11359b7ed121c87b85716c2ce83aebdd46cd4c19168ad3930be351ea1ff9 Output.14 = 9f382e0382f2e6b3ba85ace2cec7301ea6f7d0d3b0895937033df9f710471e468b8162492d18ab45ca809e8aa2f37c15ec599d4b2774947b90c269bc2f8553e639f21e1c371f7a49edb4cb4e51bd1e9fd7d66e3b313ce227373dd2548870378206b4b5fd0d22c48ce03a72003be53ec378d9eab25bc432c7a8bd0eed89adf941 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78353,6 +78727,7 @@ AdditionalInputB.14 = df48314d76c0d698923dabd3d23024ac2aa5fd236ad3c6e3b4cf2244a8 EntropyPredictionResistanceB.14 = 3387fb65c8c1dd5e3d4f64bebb45da1a7e288a22e16f2fbb882dc2f9534717e5 Output.14 = 31998e0784579bc7aaf5130b747eb295a089a12c1844406aa18c06f19607a2e497adf5352e10c145b3cd2a2532389f771af3028042605f0abe705f8540561c4e376d405c6f2dc23b3d3fe0c14790beea99705e69fac2518154613680012c5a140d45fba7e381f55c61ec7f3850dc586bb1f3cf928685a9d60e06fd93eb1fd8cb +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78448,6 +78823,7 @@ EntropyPredictionResistanceA.14 = bf2e966737aaa8abbccaa45ac5371db4c4dd0bf2b3c9f1 EntropyPredictionResistanceB.14 = f316f2613b068f607c2fb5218e037c5ab1d80b7d75fda419a7e0caedcfd7ce1a Output.14 = 36e385da783dd146364fead3dc2dc71bdaa6d30c6ab5f94e007b1ced51b2f45947c57652e305204a0cad2ba7b43056461aed10132d89aea8f9ec7ccf0e7487aa2d97fc40f65b399df732b03f8e6834903c60e2e5d6f5ab1b3a034b3eaaa73936770324ea02bd2830e6b26e00d7b49022ce0454afcecbfb912511cd13090d9693 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78573,6 +78949,7 @@ AdditionalInputB.14 = b395f988467a2a5f4f3ddef792f16f2461886caf9d6f12c4d643d20775 EntropyPredictionResistanceB.14 = 22f2693142e42848bf4c00f65337ec2405cd22bc06c6d035a5acec0a5b7d5d9a Output.14 = 3edeba227da675e1b9e684317e54c4537691f9a412102a21e32e699ff0c6e95655d3342e94daf37dd08114d16b45328795e24d7381195711792226769975167ccdd10df89410e485c880865676a081ce6a61641fc805d6d06cb4aebbc731de0a7df69ed1107da07821d64e9f8bc124f094bb799fe50a001914a47221a45ca2c9 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78653,6 +79030,7 @@ EntropyPredictionResistanceA.14 = dac0795c36fd9cb6eff0cd7137190d573dde7148fc19c2 EntropyPredictionResistanceB.14 = 1a29a4fb16a73c2c187c6d1b5a1a1394b63b6878abcfffeb94aab5dcd593037b Output.14 = 835efa36b1ff38ed845f3c2e8f5ec0f89a60f7def6d36f8577192625fb89cb634be535a791e28b1c27320e40f594b1705e712e43856a1a5aba0e98b987fd1b5e6ca78458c98b3f8de449f4f23d0dbfe374e8241a2f12b6cdaeaa896b9953c32d756fc2b70e1edcde45aaab0df6e816fe0d04b2cec88ea159dadbae9b1eed3125 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78763,6 +79141,7 @@ AdditionalInputB.14 = a908058d07b69a7e7f53869d81128e47303fffa4f0400b3bee7acc4e45 EntropyPredictionResistanceB.14 = 040c9859c26e54e9d5f92485888bb67acc5092ce679e6a54730ffebaa0fac226 Output.14 = 3caf4baa5fab5bed4d50b0b4ace9c2ec8c21a1e952d81ebcf23a6cfbd177f53168a876f7e5b7d2c63cd7bba4a1b61b3ef59e1cf87b353ff64c7f798fb0c5d6e375fc1e8653f8d22be965abcc87f178e4023d1ef85baa278faa1eb205e4c05219222f543c5b9ac6a86b00071e34a7b2b9c6983f8ab6f187295f5095b801466a76 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78858,6 +79237,7 @@ EntropyPredictionResistanceA.14 = c689be45ecddc94daaf823c6ddd6491b028ace5c25c407 EntropyPredictionResistanceB.14 = 2f81e665f02331531ca37635b8664ba5641b8a200031677aba00253f8f1fe035 Output.14 = 9bfdeef565b0979be0f88e3b9e283433bd1fa2333662445302aa84332aa601a61a5b3d449eb5fe33db385254571eedff49b8d2f49ade41c12133263d447e7edf49998f5c05582504775f5b18bc7a0c075c6bfa4596178d95a019402937712afe69f3ad534fd44259312c63f1970b3d8bd404e758c9e884b19330350020896b37 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -78983,6 +79363,7 @@ AdditionalInputB.14 = a63bd3ef8cfeca1e2552bc111786a992526802e51cd30f0e9e7b7a398a EntropyPredictionResistanceB.14 = defd0a8320a31b94998e74e0e5e40422e80735b281b9901e9fd1c8ecc50ff2b3 Output.14 = ffc830d5029f42c1c9aa10d6d90d94abf3bc39269bf4fc4a4ed14435a985cb14da64d79ad4d8951e582b0b793836ef3380dff4d063682a4e8ac8796ca74e74d3933e5111bb92d219b72b28f4198b23446e422aaa7f33ade182801506aec4293fd69c3fc86cf39297867d16b98738740f1b7465043e0eaf7480d1c328ce2b4cfc +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -79063,6 +79444,7 @@ EntropyPredictionResistanceA.14 = 29fa15be2259b4b164b3d232809cd7eeb3c5c24aec81c7 EntropyPredictionResistanceB.14 = babf7813c6a24d4e68e09025a0d3b0242e9a98779ecdcaa64baf1ef82e8d4a77 Output.14 = e6528c03849f1535b6f443e30817d3deccc7ea4699fc88ec9d6f3e28e72cc4b199afa5db7ba2da1ffd1a1ce7aa1a15be4892d0d98e27332f6d45ed63a2636073d12b8a99089ac5b55c93aecdb5e584e32ec75e44390016421822158d3596daaca561245bf1b8740d1f3c885be5149505f9591b0679f9b88df45741b767f423ec +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -79173,6 +79555,7 @@ AdditionalInputB.14 = 711bf57411337724960392a9319e580c226abff909e28d4696fcf5f0e7 EntropyPredictionResistanceB.14 = 9fac27583fbf9335c2a8d7f1edfb99b18ee5f8e58e537749fb674bcb46ef537a Output.14 = ab08f911c4c87135c3f9de33cda823f91a1a8cdfd10f59b81f77dd2158890634f7c5373bc40e158a7881f62a18b0b553d3f075fb96112a04e39ad6918fb2f139ae6fe11856e6a0f17a2e1c0cf88ac49563c08ba5c9c48ad6a7a99825148132ccf3a9a46b92597d0a971f33e43c5a3746c0d8564e19d1681173f24e22fa54521a +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -79268,6 +79651,7 @@ EntropyPredictionResistanceA.14 = ed3bd1e78d7f3cadcf45170dcbb605913140f68bdf4e36 EntropyPredictionResistanceB.14 = 214b7501096bf1d7605e9082a9238334ca15522cf2eed77bce6dd3872106dab3 Output.14 = bdd8721d12e9cafb73070a13d70db1020e95cac5f93037716ae10045007f5ecb8ea90c529e9aa8b0f312a2f81a5086713509e7909bd7081d0c25a33971904e3b90b486c71e185c752311dfa309b53c8cccd9cde63868bced00af0113eeaa77395c717792373ea708973a2f084dfa050cfdd0e73a8c51cc25651cdf8b6b8b3a02 +FIPSversion = <=3.1.0 RAND = HMAC-DRBG Digest = SHA-512/256 PredictionResistance = 1 @@ -79392,3 +79776,69 @@ EntropyPredictionResistanceA.14 = d7842e7ad0cbac6b9404e8e942fabb77974b353a7f9633 AdditionalInputB.14 = 0155dc73a36c160d9e13c023e732798b4fba3a9fd849c0edf899765c5ff7349f EntropyPredictionResistanceB.14 = 96a30d8593cce5febd4f034ff97479eb8808e81bd7b8f7b44ae945fbbf503572 Output.14 = ee191dc6bef025e36302bb8ce0e6a949f7b0d2944b246fc52d68a20c3b2b787595ca9d4bae2f55a13924fabbef8f700abc09d7dac1c1eb3a63c040867519e6724faeb532d01cd38922e4e0973566fc23f5fbc067f496cb97fe3ce97564f0010d6cd2b5d81a3e79fcb85f010191a76b4d796ea8c85b119dd24210f64725c09689 + +Title = Test truncated Digests are not allowed in FIPS + +Availablein = fips +FIPSversion = >=3.1.0 +RAND = HASH-DRBG +Digest = SHA2-224 +GenerateBits = 16 +Result = EVP_RAND_CTX_set_params + +Availablein = fips +FIPSversion = >=3.1.0 +RAND = HMAC-DRBG +Digest = SHA2-384 +GenerateBits = 16 +Result = EVP_RAND_CTX_set_params + +Title = Test FIPS indicator callbacks for truncated digests + +Availablein = fips +FIPSversion = >=3.4.0 +RAND = HASH-DRBG +Digest = SHA2-224 +PredictionResistance = 0 +GenerateBits = 16 +Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 +Nonce.0 = 15e32abbae6b7433 +Output.0 = 5af6 +Result = EVP_RAND_CTX_set_params +Reason = digest not allowed + +Availablein = fips +FIPSversion = >=3.4.0 +RAND = HASH-DRBG +Unapproved = 1 +CtrlInit = digest-check:0 +Digest = SHA2-224 +PredictionResistance = 0 +GenerateBits = 16 +Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 +Nonce.0 = 15e32abbae6b7433 +Output.0 = 5af6 + +Availablein = fips +FIPSversion = >=3.4.0 +RAND = HMAC-DRBG +Digest = SHA2-384 +PredictionResistance = 0 +GenerateBits = 16 +Entropy.0 = 32c1ca125223de8de569697f92a37c6732c1ca125223de8de569697f92a37c67 +Nonce.0 = 15e32abbae6b7433 +Output.0 = ee9f +Result = EVP_RAND_CTX_set_params +Reason = digest not allowed + +Availablein = fips +FIPSversion = >=3.4.0 +RAND = HMAC-DRBG +Unapproved = 1 +CtrlInit = digest-check:0 +Digest = SHA2-384 +PredictionResistance = 0 +GenerateBits = 16 +Entropy.0 = 32c1ca125223de8de569697f92a37c6732c1ca125223de8de569697f92a37c67 +Nonce.0 = 15e32abbae6b7433 +Output.0 = ee9f diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t index 25c2509ed88b..ad4bdc21f294 100644 --- a/test/recipes/30-test_evp_extra.t +++ b/test/recipes/30-test_evp_extra.t @@ -10,14 +10,24 @@ use strict; use warnings; -use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test qw/:DEFAULT bldtop_dir srctop_file/; +use OpenSSL::Test::Utils; setup("test_evp_extra"); -plan tests => 3; +my $no_conf_autoload = disabled('autoload-config'); + +plan tests => $no_conf_autoload ? 3 : 4; ok(run(test(["evp_extra_test"])), "running evp_extra_test"); +unless ($no_conf_autoload) { + local $ENV{OPENSSL_CONF} = srctop_file("test","default-for-evptest.cnf"); + ok(run(test(["evp_extra_test", "-config", srctop_file("test","default-for-evptest.cnf")])), + "running evp_extra_test to test evp properties set in config"); + delete local $ENV{OPENSSL_CONF}; +} + # Run tests with a non-default library context ok(run(test(["evp_extra_test", "-context"])), "running evp_extra_test with a non-default library context"); diff --git a/test/recipes/30-test_provider_status.t b/test/recipes/30-test_provider_status.t index 2b2e242a5fa7..d1df061d096b 100644 --- a/test/recipes/30-test_provider_status.t +++ b/test/recipes/30-test_provider_status.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ setup("test_provider_status"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $no_fips = disabled('fips') || disabled('fips-post') || ($ENV{NO_FIPS} // 0); plan tests => 5; diff --git a/test/recipes/65-test_cmp_ctx.t b/test/recipes/65-test_cmp_ctx.t index d3476736408b..780e025151b4 100644 --- a/test/recipes/65-test_cmp_ctx.t +++ b/test/recipes/65-test_cmp_ctx.t @@ -21,4 +21,4 @@ plan skip_all => "This test is not supported in a no-cmp build" plan tests => 1; -ok(run(test(["cmp_ctx_test", srctop_file("test", "certs", "ee-cert.pem")]))); +ok(run(test(["cmp_ctx_test"]))); diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t index 631603df7cf8..92c91d8b88ac 100644 --- a/test/recipes/65-test_cmp_protect.t +++ b/test/recipes/65-test_cmp_protect.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # @@ -30,8 +30,10 @@ plan skip_all => "This test is not supported in a shared library build on Window plan tests => 2 + ($no_fips ? 0 : 1); #fips test my @basic_cmd = ("cmp_protect_test", - data_file("server.pem"), - data_file("IR_protected.der"), + data_file("prot_RSA.pem"), + data_file("IR_protected.der"), # signed using prot_RSA.pem + data_file("prot_Ed.pem"), # test/certs/root-ed25519.privkey.pem + data_file("GENM_protected_Ed.der"), # signed using prot_Ed.pem data_file("IR_unprotected.der"), data_file("IP_PBM.der"), data_file("server.crt"), diff --git a/test/recipes/65-test_cmp_protect_data/IR_protected.der b/test/recipes/65-test_cmp_protect_data/IR_protected.der Binary files differindex ce0a7a46dcf2..2912c6b8106a 100644 --- a/test/recipes/65-test_cmp_protect_data/IR_protected.der +++ b/test/recipes/65-test_cmp_protect_data/IR_protected.der diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t index 0ccbc8ef5605..61130bd9b497 100644 --- a/test/recipes/70-test_clienthello.t +++ b/test/recipes/70-test_clienthello.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,5 +21,5 @@ plan skip_all => "No EC with TLSv1.3 is not supported by this test" plan tests => 1; -ok(run(test(["clienthellotest", srctop_file("test", "session.pem")])), +ok(run(test(["clienthellotest"])), "running clienthellotest"); diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index eeee29ac5c0a..b2cb7b0bd7fc 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,14 +27,57 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - +# The injected compression field. use constant { - MULTIPLE_COMPRESSIONS => 0, - NON_NULL_COMPRESSION => 1 + MULTIPLE_COMPRESSIONS => 0, # Includes NULL, OK for >=TLS1.2 + NON_NULL_COMPRESSION => 1, # Alert for all TLS versions + MULTIPLE_NO_NULL => 2, # Alert for all TLS versions + NO_COMPRESSION => 3, # Alert for all TLS versions + NULL_COMPRESSION => 4, # OK for all TLS versions }; +my %test_type_message = ( + MULTIPLE_COMPRESSIONS, "multiple, including null compression", + NON_NULL_COMPRESSION, "one, not null compression", + MULTIPLE_NO_NULL, "multiple, no null compression", + NO_COMPRESSION, "no compression", + NULL_COMPRESSION, "one, null compression", +); +my %compression_field_for_test = ( + # [null, unknown] + MULTIPLE_COMPRESSIONS, [0x00, 0xff], + # [unknown] + NON_NULL_COMPRESSION, [0xff], + # [unknown, unknown, unknown] + MULTIPLE_NO_NULL, [0xfd, 0xfe, 0xff], + # [] + NO_COMPRESSION, [], + # [null] + NULL_COMPRESSION, [0x00], +); my $testtype; +# The tested TLS version +use constant { + TEST_TLS_1_2 => 0, # Test TLSv1.2 and older + TEST_TLS_1_3 => 1, # Test TLSv1.3 and newer +}; +my %test_tls_message = ( + TEST_TLS_1_2, "TLS version 1.2 or older", + TEST_TLS_1_3, "TLS version 1.3 or newer", +); + +# The expected result from a test +use constant { + EXPECT_SUCCESS => 0, + EXPECT_DECODE_ERROR => 1, + EXPECT_ILLEGAL_PARAMETER => 2, +}; +my %expect_message = ( + EXPECT_SUCCESS, "Expected success", + EXPECT_DECODE_ERROR, "Expected decode error", + EXPECT_ILLEGAL_PARAMETER, "Expected illegal parameter alert", +); + my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -43,49 +86,102 @@ my $proxy = TLSProxy::Proxy->new( ); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 4; +plan tests => 10; SKIP: { - skip "TLSv1.2 disabled", 2 if disabled("tls1_2"); - #Test 1: Check that sending multiple compression methods in a TLSv1.2 - # ClientHello succeeds - $proxy->clear(); - $proxy->filter(\&add_comp_filter); - $proxy->clientflags("-no_tls1_3"); - $testtype = MULTIPLE_COMPRESSIONS; - $proxy->start(); - ok(TLSProxy::Message->success(), "Non null compression"); + skip "TLSv1.2 disabled", 5 if disabled("tls1_2"); - #Test 2: NULL compression method must be present in TLSv1.2 - $proxy->clear(); - $proxy->clientflags("-no_tls1_3"); - $testtype = NON_NULL_COMPRESSION; - $proxy->start(); - ok(TLSProxy::Message->fail(), "NULL compression missing"); + # Test 1: Check that sending multiple compression methods in a TLSv1.2 + # ClientHello succeeds + do_test(TEST_TLS_1_2, MULTIPLE_COMPRESSIONS, EXPECT_SUCCESS); + + # Test 2: Check that sending a non-null compression method in a TLSv1.2 + # ClientHello results in an illegal parameter alert + do_test(TEST_TLS_1_2, NON_NULL_COMPRESSION, EXPECT_ILLEGAL_PARAMETER); + + # Test 3: Check that sending multiple compression methods without null in + # a TLSv1.2 ClientHello results in an illegal parameter alert + do_test(TEST_TLS_1_2, MULTIPLE_NO_NULL, EXPECT_ILLEGAL_PARAMETER); + + # Test 4: Check that sending no compression methods in a TLSv1.2 + # ClientHello results in a decode error + do_test(TEST_TLS_1_2, NO_COMPRESSION, EXPECT_DECODE_ERROR); + + # Test 5: Check that sending only null compression in a TLSv1.2 + # ClientHello succeeds + do_test(TEST_TLS_1_2, NULL_COMPRESSION, EXPECT_SUCCESS); } SKIP: { - skip "TLSv1.3 disabled", 2 + skip "TLSv1.3 disabled", 5 if disabled("tls1_3") || (disabled("ec") && disabled("dh")); - #Test 3: Check that sending multiple compression methods in a TLSv1.3 - # ClientHello fails + + # Test 6: Check that sending multiple compression methods in a TLSv1.3 + # ClientHello results in an illegal parameter alert + do_test(TEST_TLS_1_3, MULTIPLE_COMPRESSIONS, EXPECT_ILLEGAL_PARAMETER); + + # Test 7: Check that sending a non-null compression method in a TLSv1.3 + # ClientHello results in an illegal parameter alert + do_test(TEST_TLS_1_3, NON_NULL_COMPRESSION, EXPECT_ILLEGAL_PARAMETER); + + # Test 8: Check that sending multiple compression methods without null in + # a TLSv1.3 ClientHello results in an illegal parameter alert + do_test(TEST_TLS_1_3, MULTIPLE_NO_NULL, EXPECT_ILLEGAL_PARAMETER); + + # Test 9: Check that sending no compression methods in a TLSv1.3 + # ClientHello results in a decode error + do_test(TEST_TLS_1_3, NO_COMPRESSION, EXPECT_DECODE_ERROR); + + # Test 10: Check that sending only null compression in a TLSv1.3 + # ClientHello succeeds + do_test(TEST_TLS_1_3, NULL_COMPRESSION, EXPECT_SUCCESS); +} + +sub do_test +{ + my $tls = shift; # The tested TLS version. + my $type = shift; # The test type to perform. + my $expect = shift; # The expected result. + $proxy->clear(); $proxy->filter(\&add_comp_filter); - $testtype = MULTIPLE_COMPRESSIONS; + if ($tls == TEST_TLS_1_2) { + $proxy->clientflags("-no_tls1_3"); + } else { + $proxy->clientflags("-min_protocol TLSv1.3"); + } + $testtype = $type; $proxy->start(); - ok(TLSProxy::Message->fail(), "Non null compression (TLSv1.3)"); + print $expect, $tls, $type , "\n"; + my $failure_message = $expect_message{$expect} . " for " . + $test_tls_message{$tls} . " with " . + $test_type_message{$type}; + if ($expect == EXPECT_SUCCESS) { + ok(TLSProxy::Message->success(), $failure_message); + } elsif ($expect == EXPECT_DECODE_ERROR) { + ok(is_alert_message(TLSProxy::Message::AL_DESC_DECODE_ERROR), + $failure_message); + } elsif ($expect == EXPECT_ILLEGAL_PARAMETER) { + ok(is_alert_message(TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER), + $failure_message); + } else { + die "Unexpected test expectation: $expect"; + } +} - #Test 4: NULL compression method must be present in TLSv1.3 - $proxy->clear(); - $testtype = NON_NULL_COMPRESSION; - $proxy->start(); - ok(TLSProxy::Message->fail(), "NULL compression missing (TLSv1.3)"); +# Test if the last message was a failure and matches the expected type. +sub is_alert_message +{ + my $alert_type = shift; + return 0 unless TLSProxy::Message->fail(); + return 1 if TLSProxy::Message->alert->description() == $alert_type; + return 0; } +# Filter to insert the selected compression method into the hello message. sub add_comp_filter { my $proxy = shift; - my $flight; my $message; my @comp; @@ -97,13 +193,7 @@ sub add_comp_filter return if (!defined $message || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); - if ($testtype == MULTIPLE_COMPRESSIONS) { - @comp = ( - 0x00, #Null compression method - 0xff); #Unknown compression - } elsif ($testtype == NON_NULL_COMPRESSION) { - @comp = (0xff); #Unknown compression - } + @comp = @{$compression_field_for_test{$testtype}}; $message->comp_meths(\@comp); $message->comp_meth_len(scalar @comp); $message->repack(); diff --git a/test/recipes/70-test_key_share.t b/test/recipes/70-test_key_share.t index 91ca8a4ff997..998ae5d830d3 100644 --- a/test/recipes/70-test_key_share.t +++ b/test/recipes/70-test_key_share.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -64,8 +64,6 @@ plan skip_all => "$test_name needs TLS1.3 enabled" plan skip_all => "$test_name needs EC or DH enabled" if disabled("ec") && disabled("dh"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -83,7 +81,7 @@ $proxy->filter(\&modify_key_shares_filter); if (disabled("ec")) { $proxy->serverflags("-groups ffdhe3072"); } else { - $proxy->serverflags("-groups P-256"); + $proxy->serverflags("-groups P-384"); } $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 23; @@ -191,7 +189,7 @@ $selectedgroupid = 0; if (disabled("ec")) { $proxy->clientflags("-groups ffdhe3072:ffdhe2048"); } else { - $proxy->clientflags("-groups P-256:X25519"); + $proxy->clientflags("-groups P-256:P-384"); } $proxy->start(); if (disabled("ec")) { @@ -204,13 +202,13 @@ if (disabled("ec")) { #Test 14: Multiple acceptable key_shares - we choose the first one (part 2) $proxy->clear(); -if (disabled("ec")) { +if (disabled("ecx")) { $proxy->clientflags("-curves ffdhe2048:ffdhe3072"); } else { $proxy->clientflags("-curves X25519:P-256"); } $proxy->start(); -if (disabled("ec")) { +if (disabled("ecx")) { ok(TLSProxy::Message->success() && ($selectedgroupid == FFDHE2048), "Multiple acceptable key_shares (part 2)"); } else { @@ -221,7 +219,7 @@ if (disabled("ec")) { #Test 15: Server sends key_share that wasn't offered should fail $proxy->clear(); $testtype = SELECT_X25519; -if (disabled("ec")) { +if (disabled("ecx")) { $proxy->clientflags("-groups ffdhe3072"); } else { $proxy->clientflags("-groups P-256"); @@ -283,7 +281,7 @@ SKIP: { $proxy->clear(); $direction = SERVER_TO_CLIENT; $testtype = NO_KEY_SHARES_IN_HRR; -if (disabled("ec")) { +if (disabled("ecx")) { $proxy->serverflags("-groups ffdhe2048"); } else { $proxy->serverflags("-groups X25519"); @@ -296,7 +294,11 @@ SKIP: { #Test 23: Trailing data on key_share in ServerHello should fail $proxy->clear(); $direction = CLIENT_TO_SERVER; - $proxy->clientflags("-groups secp192r1:P-256:X25519"); + if (disabled("ecx")) { + $proxy->clientflags("-groups brainpoolP256r1:P-256:P-384"); + } else { + $proxy->clientflags("-groups brainpoolP256r1:P-256:X25519"); + } $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); $testtype = NON_TLS1_3_KEY_SHARE; $proxy->start(); @@ -326,16 +328,31 @@ sub modify_key_shares_filter if ($testtype != NON_TLS1_3_KEY_SHARE) { #Setup supported groups to include some unrecognised groups - $suppgroups = pack "C8", - 0x00, 0x06, #List Length - 0xff, 0xfe, #Non existing group 1 - 0xff, 0xff, #Non existing group 2 - 0x00, 0x1d; #x25519 + if (disabled("ecx")) { + $suppgroups = pack "C8", + 0x00, 0x06, #List Length + 0xff, 0xfe, #Non existing group 1 + 0xff, 0xff, #Non existing group 2 + 0x00, 0x17; #P-256 + } else { + $suppgroups = pack "C8", + 0x00, 0x06, #List Length + 0xff, 0xfe, #Non existing group 1 + 0xff, 0xff, #Non existing group 2 + 0x00, 0x1d; #X25519 + } } else { - $suppgroups = pack "C6", - 0x00, 0x04, #List Length - 0x00, 0x13, - 0x00, 0x1d; #x25519 + if (disabled("ecx")) { + $suppgroups = pack "C6", + 0x00, 0x04, #List Length + 0x00, 0x13, + 0x00, 0x18; #P-384 + } else { + $suppgroups = pack "C6", + 0x00, 0x04, #List Length + 0x00, 0x13, + 0x00, 0x1d; #X25519 + } } if ($testtype == EMPTY_EXTENSION) { @@ -349,14 +366,25 @@ sub modify_key_shares_filter 0xff, 0xff, #Non existing group 2 0x00, 0x01, 0xff; #key_exchange data } elsif ($testtype == ACCEPTABLE_AT_END) { - $ext = pack "C11H64", - 0x00, 0x29, #List Length - 0xff, 0xfe, #Non existing group 1 - 0x00, 0x01, 0xff, #key_exchange data - 0x00, 0x1d, #x25519 - 0x00, 0x20, #key_exchange data length - "155155B95269ED5C87EAA99C2EF5A593". - "EDF83495E80380089F831B94D14B1421"; #key_exchange data + if (disabled("ecx")) { + $ext = pack "C11H130", + 0x00, 0x4A, #List Length + 0xff, 0xfe, #Non existing group 1 + 0x00, 0x01, 0xff, #key_exchange data + 0x00, 0x17, #P-256 + 0x00, 0x41, #key_exchange data length + "04A798ACF80B2991A0A53D084F4F649A46BE49D061EB5B8CFF9C8EC6AE792507B6". + "F77FE6E446AF3645FD86BB7CFFD2644E45CC00183343C5CEAD67BB017B082007"; #key_exchange data + } else { + $ext = pack "C11H64", + 0x00, 0x29, #List Length + 0xff, 0xfe, #Non existing group 1 + 0x00, 0x01, 0xff, #key_exchange data + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421"; #key_exchange data + } } elsif ($testtype == NOT_IN_SUPPORTED_GROUPS) { $suppgroups = pack "C4", 0x00, 0x02, #List Length diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t index b7bc9c025aea..6faf6a727d5f 100644 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ # https://www.openssl.org/source/license.html use strict; +use List::Util 'first'; use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; @@ -26,9 +27,8 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS <= 1.2 enabled" if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); -plan tests => 5; +plan tests => 9; -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -43,9 +43,10 @@ $proxy->reneg(1); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; ok(TLSProxy::Message->success(), "Basic renegotiation"); -#Test 2: Client does not send the Reneg SCSV. Reneg should fail +#Test 2: Seclevel 0 client does not send the Reneg SCSV. Reneg should fail $proxy->clear(); -$proxy->filter(\&reneg_filter); +$proxy->filter(\&reneg_scsv_filter); +$proxy->cipherc("DEFAULT:\@SECLEVEL=0"); $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-client_renegotiation"); $proxy->reneg(1); @@ -53,9 +54,25 @@ $proxy->start(); ok(TLSProxy::Message->fail(), "No client SCSV"); SKIP: { + skip "TLSv1.2 disabled", 1 + if disabled("tls1_2"); + + #Test 3: TLS 1.2 client does not send the Reneg extension. Reneg should fail + + $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); + $proxy->filter(\&reneg_ext_filter); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-client_renegotiation"); + $proxy->reneg(1); + $proxy->start(); + ok(TLSProxy::Message->fail(), "No client extension"); +} + +SKIP: { skip "TLSv1.2 or TLSv1.1 disabled", 1 if disabled("tls1_2") || disabled("tls1_1"); - #Test 3: Check that the ClientHello version remains the same in the reneg + #Test 4: Check that the ClientHello version remains the same in the reneg # handshake $proxy->clear(); $proxy->filter(undef); @@ -85,7 +102,7 @@ SKIP: { skip "TLSv1.2 disabled", 1 if disabled("tls1_2"); - #Test 4: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in + #Test 5: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in # resumption ClientHello $proxy->clear(); $proxy->filter(\&sigalgs_filter); @@ -99,7 +116,7 @@ SKIP: { SKIP: { skip "TLSv1.2 and TLSv1.1 disabled", 1 if disabled("tls1_2") && disabled("tls1_1"); - #Test 5: Client fails to do renegotiation + #Test 6: Client fails to do renegotiation $proxy->clear(); $proxy->filter(undef); $proxy->serverflags("-no_tls1_3"); @@ -110,7 +127,60 @@ SKIP: { "Check client renegotiation failed"); } -sub reneg_filter +SKIP: { + skip "TLSv1 disabled", 1 + if disabled("tls1"); + + #Test 7: Check that SECLEVEL 0 sends SCSV not RI extension + $proxy->clear(); + $proxy->filter(undef); + $proxy->cipherc("DEFAULT:\@SECLEVEL=0"); + $proxy->start(); + + my $clientHello = first { $_->mt == TLSProxy::Message::MT_CLIENT_HELLO } @{$proxy->message_list}; + my $has_scsv = 255 ~~ @{$clientHello->ciphersuites}; + my $has_ri_extension = exists $clientHello->extension_data()->{TLSProxy::Message::EXT_RENEGOTIATE}; + + ok($has_scsv && !$has_ri_extension, "SECLEVEL=0 should use SCSV not RI extension by default"); +} + +SKIP: { + skip "TLSv1.2 disabled", 1 + if disabled("tls1_2"); + + #Test 8: Check that SECLEVEL0 + TLS 1.2 sends RI extension not SCSV + $proxy->clear(); + $proxy->filter(undef); + $proxy->cipherc("DEFAULT:\@SECLEVEL=0"); + $proxy->clientflags("-tls1_2"); + $proxy->start(); + + my $clientHello = first { $_->mt == TLSProxy::Message::MT_CLIENT_HELLO } @{$proxy->message_list}; + my $has_scsv = 255 ~~ @{$clientHello->ciphersuites}; + my $has_ri_extension = exists $clientHello->extension_data()->{TLSProxy::Message::EXT_RENEGOTIATE}; + + ok(!$has_scsv && $has_ri_extension, "TLS1.2 should use RI extension despite SECLEVEL=0"); +} + + +SKIP: { + skip "TLSv1.3 disabled", 1 + if disabled("tls1_3"); + + #Test 9: Check that TLS 1.3 sends neither RI extension nor SCSV + $proxy->clear(); + $proxy->filter(undef); + $proxy->clientflags("-tls1_3"); + $proxy->start(); + + my $clientHello = first { $_->mt == TLSProxy::Message::MT_CLIENT_HELLO } @{$proxy->message_list}; + my $has_scsv = 255 ~~ @{$clientHello->ciphersuites}; + my $has_ri_extension = exists $clientHello->extension_data()->{TLSProxy::Message::EXT_RENEGOTIATE}; + + ok(!$has_scsv && !$has_ri_extension, "TLS1.3 should not use RI extension or SCSV"); +} + +sub reneg_scsv_filter { my $proxy = shift; @@ -130,6 +200,23 @@ sub reneg_filter } } +sub reneg_ext_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello message + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $message->delete_extension(TLSProxy::Message::EXT_RENEGOTIATE); + $message->repack(); + } + } +} + sub sigalgs_filter { my $proxy = shift; diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t index 7a1b3ba995a5..662819261800 100644 --- a/test/recipes/70-test_sslcbcpadding.t +++ b/test/recipes/70-test_sslcbcpadding.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.2 enabled" if disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&add_maximal_padding_filter, cmdstr(app(["openssl"]), display => 1), @@ -128,6 +127,6 @@ sub add_maximal_padding_filter } elsif ($sent_corrupted_payload) { # Check for bad_record_mac from client my $last_record = @{$proxy->record_list}[-1]; - $fatal_alert = 1 if $last_record->is_fatal_alert(0) == 20; + $fatal_alert = 1 if $last_record->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_BAD_RECORD_MAC; } } diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t index 41c112ae6d57..44b3839b9565 100644 --- a/test/recipes/70-test_sslcertstatus.t +++ b/test/recipes/70-test_sslcertstatus.t @@ -30,7 +30,6 @@ plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")) || (!disabled("tls1_3") && disabled("tls1_2")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&certstatus_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t index c1893b8f06e7..07cef05b2166 100644 --- a/test/recipes/70-test_sslextension.t +++ b/test/recipes/70-test_sslextension.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,6 @@ use constant { my $testtype; my $fatal_alert = 0; # set by filter on fatal alert -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&inject_duplicate_extension_clienthello, cmdstr(app(["openssl"]), display => 1), @@ -207,6 +206,7 @@ SKIP: { #Test 3: Sending a zero length extension block should pass $proxy->clear(); $proxy->filter(\&extension_filter); + $proxy->cipherc("DEFAULT:\@SECLEVEL=0"); $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); $proxy->clientflags("-no_tls1_3"); $proxy->start(); diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index abb0f5aff905..ac984351a63e 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -29,8 +29,6 @@ plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")) || (!disabled("tls1_3") && disabled("tls1_2")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -130,7 +128,7 @@ my $proxy = TLSProxy::Proxy->new( checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, TLSProxy::Message::CLIENT, - checkhandshake::RENEGOTIATE_CLI_EXTENSION], + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN, TLSProxy::Message::CLIENT, checkhandshake::NPN_CLI_EXTENSION], @@ -174,6 +172,7 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: Check we get all the right messages for a default handshake (undef, my $session) = tempfile(); $proxy->serverconnects(2); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 21; @@ -183,6 +182,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 2: Resumption handshake $proxy->clearClient(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->clientstart(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, @@ -197,6 +197,7 @@ SKIP: { #Test 3: A status_request handshake (client request only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -status"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -206,6 +207,7 @@ SKIP: { #Test 4: A status_request handshake (server support only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-status_file " .srctop_file("test", "recipes", "ocsp-response.der")); @@ -216,6 +218,7 @@ SKIP: { #Test 5: A status_request handshake (client and server) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -status"); $proxy->serverflags("-status_file " .srctop_file("test", "recipes", "ocsp-response.der")); @@ -229,6 +232,7 @@ SKIP: { #Test 6: A client auth handshake $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem")); $proxy->serverflags("-Verify 5"); $proxy->start(); @@ -238,6 +242,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, #Test 7: A handshake with a renegotiation $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-client_renegotiation"); $proxy->reneg(1); @@ -248,6 +253,7 @@ checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE, #Test 8: Server name handshake (no client request) $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -noservername"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -257,6 +263,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 9: Server name handshake (server support only) $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -noservername"); $proxy->serverflags("-servername testhost"); $proxy->start(); @@ -267,6 +274,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 10: Server name handshake (client and server) $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -servername testhost"); $proxy->serverflags("-servername testhost"); $proxy->start(); @@ -277,6 +285,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 11: ALPN handshake (client request only) $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -alpn test"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -286,6 +295,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 12: ALPN handshake (server support only) $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-alpn test"); $proxy->start(); @@ -295,6 +305,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 13: ALPN handshake (client and server) $proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -alpn test"); $proxy->serverflags("-alpn test"); $proxy->start(); @@ -310,6 +321,7 @@ SKIP: { #Test 14: SCT handshake (client request only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); #Note: -ct also sends status_request $proxy->clientflags("-no_tls1_3 -ct"); $proxy->serverflags("-status_file " @@ -329,6 +341,7 @@ SKIP: { #Test 15: SCT handshake (server support only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); #Note: -ct also sends status_request $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-status_file " @@ -347,6 +360,7 @@ SKIP: { #There is no built-in server side support for this so we are actually also #testing custom extensions here $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); #Note: -ct also sends status_request $proxy->clientflags("-no_tls1_3 -ct"); $proxy->serverflags("-status_file " @@ -369,6 +383,7 @@ SKIP: { #Test 17: NPN handshake (client request only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -378,6 +393,7 @@ SKIP: { #Test 18: NPN handshake (server support only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-nextprotoneg test"); $proxy->start(); @@ -387,6 +403,7 @@ SKIP: { #Test 19: NPN handshake (client and server) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); $proxy->serverflags("-nextprotoneg test"); $proxy->start(); @@ -407,6 +424,7 @@ SKIP: { #SRP extension gets added on the client side. There is no SRP extension #generated on the server side anyway. $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3 -srpuser user -srppass pass:pass"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -419,6 +437,7 @@ SKIP: { SKIP: { skip "No EC support in this OpenSSL build", 1 if disabled("ec"); $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); $proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-no_tls1_3"); $proxy->ciphers("ECDHE-RSA-AES128-SHA"); diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 318c9235b0c9..691db13b8a8e 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ use feature 'state'; use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; +use TLSProxy::Message; my $test_name = "test_sslrecords"; setup($test_name); @@ -25,255 +26,360 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); -plan skip_all => "$test_name needs TLSv1.2 enabled" - if disabled("tls1_2"); +my $inject_recs_num = undef; +my $content_type = undef; +my $boundary_test_type = undef; +my $fatal_alert = undef; # set by filters at expected fatal alerts +my $sslv2testtype = undef; +my $proxy_start_success = 0; -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -my $proxy = TLSProxy::Proxy->new( - \&add_empty_recs_filter, - cmdstr(app(["openssl"]), display => 1), - srctop_file("apps", "server.pem"), - (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) -); +plan tests => 42; -my $boundary_test_type; -my $fatal_alert = 0; # set by filters at expected fatal alerts - -#Test 1: Injecting out of context empty records should fail -my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; -my $inject_recs_num = 1; -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 20; -ok($fatal_alert, "Out of context empty records test"); +SKIP: { + skip "TLS 1.2 is disabled", 21 if disabled("tls1_2"); + # Run tests with TLS + run_tests(0); +} -#Test 2: Injecting in context empty records should succeed -$proxy->clear(); -$content_type = TLSProxy::Record::RT_HANDSHAKE; -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->start(); -ok(TLSProxy::Message->success(), "In context empty records test"); +SKIP: { + skip "DTLS 1.2 is disabled", 21 if disabled("dtls1_2"); + skip "DTLSProxy does not work on Windows", 21 if $^O =~ /^(MSWin32)$/; + run_tests(1); +} -#Test 3: Injecting too many in context empty records should fail -$fatal_alert = 0; -$proxy->clear(); -#We allow 32 consecutive in context empty records -$inject_recs_num = 33; -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->start(); -ok($fatal_alert, "Too many in context empty records test"); +sub run_tests +{ + my $run_test_as_dtls = shift; -#Test 4: Injecting a fragmented fatal alert should fail. We expect the server to -# send back an alert of its own because it cannot handle fragmented -# alerts -$fatal_alert = 0; -$proxy->clear(); -$proxy->filter(\&add_frag_alert_filter); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->start(); -ok($fatal_alert, "Fragmented alert records test"); + my $proxy; + if ($run_test_as_dtls == 1) { + $proxy = TLSProxy::Proxy->new_dtls( + \&add_empty_recs_filter, + cmdstr(app([ "openssl" ]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) + ); + } else { + $proxy = TLSProxy::Proxy->new( + \&add_empty_recs_filter, + cmdstr(app([ "openssl" ]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) + ); + } -#Run some SSLv2 ClientHello tests + $fatal_alert = 0; # set by filters at expected fatal alerts + SKIP: { + skip "Record tests not intended for dtls", 1 if $run_test_as_dtls == 1; + #Test 1: Injecting out of context empty records should fail + $proxy->clear(); + $content_type = TLSProxy::Record::RT_APPLICATION_DATA; + $inject_recs_num = 1; + $fatal_alert = 0; + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy_start_success = $proxy->start(); + ok($fatal_alert, "Out of context empty records test"); + } -use constant { - TLSV1_2_IN_SSLV2 => 0, - SSLV2_IN_SSLV2 => 1, - FRAGMENTED_IN_TLSV1_2 => 2, - FRAGMENTED_IN_SSLV2 => 3, - ALERT_BEFORE_SSLV2 => 4 -}; + skip "TLSProxy did not start correctly", 21 if $proxy_start_success == 0 + && $run_test_as_dtls == 0; -# The TLSv1.2 in SSLv2 ClientHello need to run at security level 0 -# because in a SSLv2 ClientHello we can't send extentions to indicate -# which signature algorithm we want to use, and the default is SHA1. + #Test 2: Injecting in context empty records should succeed + $proxy->clear(); + $content_type = TLSProxy::Record::RT_HANDSHAKE; + if ($run_test_as_dtls == 1) { + $proxy->serverflags("-min_protocol DTLSv1.2 -max_protocol DTLSv1.2"); + $proxy->clientflags("-max_protocol DTLSv1.2"); + } else { + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + } + $proxy_start_success = $proxy->start(); -#Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello -my $sslv2testtype = TLSV1_2_IN_SSLV2; -$proxy->clear(); -$proxy->filter(\&add_sslv2_filter); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3 -legacy_renegotiation"); -$proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); -$proxy->start(); -ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); + skip "TLSProxy did not start correctly", 20 if $proxy_start_success == 0 + && $run_test_as_dtls == 1; -#Test 6: Inject an SSLv2 style record format for an SSLv2 ClientHello. We don't -# support this so it should fail. We actually treat it as an unknown -# protocol so we don't even send an alert in this case. -$sslv2testtype = SSLV2_IN_SSLV2; -$proxy->clear(); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); -$proxy->start(); -ok(TLSProxy::Message->fail(), "SSLv2 in SSLv2 ClientHello test"); + ok($proxy_start_success && TLSProxy::Message->success(), + "In context empty records test".($run_test_as_dtls == 1) ? " for DTLS" : " for TLS"); -#Test 7: Sanity check ClientHello fragmentation. This isn't really an SSLv2 test -# at all, but it gives us confidence that Test 8 fails for the right -# reasons -$sslv2testtype = FRAGMENTED_IN_TLSV1_2; -$proxy->clear(); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); -$proxy->start(); -ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); + SKIP: { + skip "Record tests not intended for dtls", 7 if $run_test_as_dtls == 1; + #Test 3: Injecting too many in context empty records should fail + $fatal_alert = 0; + $proxy->clear(); + #We allow 32 consecutive in context empty records + $inject_recs_num = 33; + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + ok($fatal_alert, "Too many in context empty records test"); -#Test 8: Fragment a TLSv1.2 ClientHello across a TLS1.2 record; an SSLv2 -# record; and another TLS1.2 record. This isn't allowed so should fail -$sslv2testtype = FRAGMENTED_IN_SSLV2; -$proxy->clear(); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); -$proxy->start(); -ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); + #Test 4: Injecting a fragmented fatal alert should fail. We expect the server to + # send back an alert of its own because it cannot handle fragmented + # alerts + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&add_frag_alert_filter); + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + ok($fatal_alert, "Fragmented alert records test"); -#Test 9: Send a TLS warning alert before an SSLv2 ClientHello. This should -# fail because an SSLv2 ClientHello must be the first record. -$sslv2testtype = ALERT_BEFORE_SSLV2; -$proxy->clear(); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); -$proxy->start(); -ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + #Run some SSLv2 ClientHello tests -#Unrecognised record type tests + use constant { + TLSV1_2_IN_SSLV2 => 0, + SSLV2_IN_SSLV2 => 1, + FRAGMENTED_IN_TLSV1_2 => 2, + FRAGMENTED_IN_SSLV2 => 3, + ALERT_BEFORE_SSLV2 => 4 + }; -#Test 10: Sending an unrecognised record type in TLS1.2 should fail -$fatal_alert = 0; -$proxy->clear(); -$proxy->serverflags("-tls1_2"); -$proxy->clientflags("-no_tls1_3"); -$proxy->filter(\&add_unknown_record_type); -$proxy->start(); -ok($fatal_alert, "Unrecognised record type in TLS1.2"); + # The TLSv1.2 in SSLv2 ClientHello need to run at security level 0 + # because in a SSLv2 ClientHello we can't send extensions to indicate + # which signature algorithm we want to use, and the default is SHA1. -SKIP: { - skip "TLSv1.1 disabled", 1 if disabled("tls1_1"); + #Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello + $sslv2testtype = TLSV1_2_IN_SSLV2; + $proxy->clear(); + $proxy->filter(\&add_sslv2_filter); + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3 -legacy_renegotiation"); + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy->start(); + ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); - #Test 11: Sending an unrecognised record type in TLS1.1 should fail - $fatal_alert = 0; - $proxy->clear(); - $proxy->clientflags("-tls1_1 -cipher DEFAULT:\@SECLEVEL=0"); - $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); - $proxy->start(); - ok($fatal_alert, "Unrecognised record type in TLS1.1"); -} + #Test 6: Inject an SSLv2 style record format for an SSLv2 ClientHello. We don't + # support this so it should fail. We actually treat it as an unknown + # protocol so we don't even send an alert in this case. + $sslv2testtype = SSLV2_IN_SSLV2; + $proxy->clear(); + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy->start(); + ok(TLSProxy::Message->fail(), "SSLv2 in SSLv2 ClientHello test"); -#Test 12: Sending a different record version in TLS1.2 should fail -$fatal_alert = 0; -$proxy->clear(); -$proxy->clientflags("-tls1_2"); -$proxy->filter(\&change_version); -$proxy->start(); -ok($fatal_alert, "Changed record version in TLS1.2"); + #Test 7: Sanity check ClientHello fragmentation. This isn't really an SSLv2 test + # at all, but it gives us confidence that Test 8 fails for the right + # reasons + $sslv2testtype = FRAGMENTED_IN_TLSV1_2; + $proxy->clear(); + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy->start(); + ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); -#TLS1.3 specific tests -SKIP: { - skip "TLSv1.3 disabled", 8 - if disabled("tls1_3") || (disabled("ec") && disabled("dh")); + #Test 8: Fragment a TLSv1.2 ClientHello across a TLS1.2 record; an SSLv2 + # record; and another TLS1.2 record. This isn't allowed so should fail + $sslv2testtype = FRAGMENTED_IN_SSLV2; + $proxy->clear(); + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); - #Test 13: Sending a different record version in TLS1.3 should fail - $proxy->clear(); - $proxy->filter(\&change_version); - $proxy->start(); - ok(TLSProxy::Message->fail(), "Changed record version in TLS1.3"); + #Test 9: Send a TLS warning alert before an SSLv2 ClientHello. This should + # fail because an SSLv2 ClientHello must be the first record. + $sslv2testtype = ALERT_BEFORE_SSLV2; + $proxy->clear(); + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + } + #Unrecognised record type tests - #Test 14: Sending an unrecognised record type in TLS1.3 should fail + #Test 10: Sending an unrecognised record type in TLS1.2 should fail $fatal_alert = 0; $proxy->clear(); + if ($run_test_as_dtls == 1) { + $proxy->serverflags("-min_protocol DTLSv1.2 -max_protocol DTLSv1.2"); + $proxy->clientflags("-max_protocol DTLSv1.2"); + } else { + $proxy->serverflags("-tls1_2"); + $proxy->clientflags("-no_tls1_3"); + } $proxy->filter(\&add_unknown_record_type); - $proxy->start(); - ok($fatal_alert, "Unrecognised record type in TLS1.3"); + $proxy_start_success = $proxy->start(); - #Test 15: Sending an outer record type other than app data once encrypted - #should fail - $fatal_alert = 0; - $proxy->clear(); - $proxy->filter(\&change_outer_record_type); - $proxy->start(); - ok($fatal_alert, "Wrong outer record type in TLS1.3"); + if ($run_test_as_dtls == 1) { + ok($proxy_start_success == 0, "Unrecognised record type in DTLS1.2"); + } else { + ok($fatal_alert, "Unrecognised record type in TLS1.2"); + } - use constant { - DATA_AFTER_SERVER_HELLO => 0, - DATA_AFTER_FINISHED => 1, - DATA_AFTER_KEY_UPDATE => 2, - DATA_BETWEEN_KEY_UPDATE => 3, - NO_DATA_BETWEEN_KEY_UPDATE => 4, - }; + SKIP: { + skip "TLSv1.1 or DTLSv1 disabled", 1 if ($run_test_as_dtls == 0 && disabled("tls1_1")) + || ($run_test_as_dtls == 1 && disabled("dtls1")); - #Test 16: Sending a ServerHello which doesn't end on a record boundary - # should fail - $fatal_alert = 0; - $proxy->clear(); - $boundary_test_type = DATA_AFTER_SERVER_HELLO; - $proxy->filter(\¬_on_record_boundary); - $proxy->start(); - ok($fatal_alert, "Record not on boundary in TLS1.3 (ServerHello)"); + #Test 11: Sending an unrecognised record type in TLS1.1 should fail + $fatal_alert = 0; + $proxy->clear(); + if ($run_test_as_dtls == 1) { + $proxy->clientflags("-min_protocol DTLSv1 -max_protocol DTLSv1 -cipher DEFAULT:\@SECLEVEL=0"); + } else { + $proxy->clientflags("-tls1_1 -cipher DEFAULT:\@SECLEVEL=0"); + } + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy_start_success = $proxy->start(); + if ($run_test_as_dtls == 1) { + ok($proxy_start_success == 0, "Unrecognised record type in DTLSv1"); + } else { + ok($fatal_alert, "Unrecognised record type in TLSv1.1"); + } + } - #Test 17: Sending a Finished which doesn't end on a record boundary - # should fail - $fatal_alert = 0; - $proxy->clear(); - $boundary_test_type = DATA_AFTER_FINISHED; - $proxy->start(); - ok($fatal_alert, "Record not on boundary in TLS1.3 (Finished)"); + SKIP: { + skip "Record tests not intended for dtls", 10 if $run_test_as_dtls == 1; + #Test 12: Sending a different record version in TLS1.2 should fail + $fatal_alert = 0; + $proxy->clear(); + $proxy->clientflags("-tls1_2"); + $proxy->filter(\&change_version); + $proxy->start(); + ok($fatal_alert, "Changed record version in TLS1.2"); - #Test 18: Sending a KeyUpdate which doesn't end on a record boundary - # should fail - $fatal_alert = 0; - $proxy->clear(); - $boundary_test_type = DATA_AFTER_KEY_UPDATE; - $proxy->start(); - ok($fatal_alert, "Record not on boundary in TLS1.3 (KeyUpdate)"); + #TLS1.3 specific tests + SKIP: { + skip "TLSv1.3 disabled", 9 + if disabled("tls1_3") || (disabled("ec") && disabled("dh")); - #Test 19: Sending application data in the middle of a fragmented KeyUpdate - # should fail. Strictly speaking this is not a record boundary test - # but we use the same filter. - $fatal_alert = 0; - $proxy->clear(); - $boundary_test_type = DATA_BETWEEN_KEY_UPDATE; - $proxy->start(); - ok($fatal_alert, "Data between KeyUpdate"); + #Test 13: Sending a different record version in TLS1.3 should fail + $proxy->clear(); + $proxy->filter(\&change_version); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Changed record version in TLS1.3"); - #Test 20: Fragmented KeyUpdate. This should succeed. Strictly speaking this - # is not a record boundary test but we use the same filter. - $proxy->clear(); - $boundary_test_type = NO_DATA_BETWEEN_KEY_UPDATE; - $proxy->start(); - ok(TLSProxy::Message->success(), "No data between KeyUpdate"); - } + #Test 14: Sending an unrecognised record type in TLS1.3 should fail + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&add_unknown_record_type); + $proxy->start(); + ok($fatal_alert, "Unrecognised record type in TLS1.3"); + + #Test 15: Sending an outer record type other than app data once encrypted + #should fail + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&change_outer_record_type); + $proxy->start(); + ok($fatal_alert, "Wrong outer record type in TLS1.3"); + + use constant { + DATA_AFTER_SERVER_HELLO => 0, + DATA_AFTER_FINISHED => 1, + DATA_AFTER_KEY_UPDATE => 2, + DATA_BETWEEN_KEY_UPDATE => 3, + NO_DATA_BETWEEN_KEY_UPDATE => 4, + }; + + #Test 16: Sending a ServerHello which doesn't end on a record boundary + # should fail + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_AFTER_SERVER_HELLO; + $proxy->filter(\¬_on_record_boundary); + $proxy->start(); + ok($fatal_alert, "Record not on boundary in TLS1.3 (ServerHello)"); + + #Test 17: Sending a Finished which doesn't end on a record boundary + # should fail + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_AFTER_FINISHED; + $proxy->start(); + ok($fatal_alert, "Record not on boundary in TLS1.3 (Finished)"); + + #Test 18: Sending a KeyUpdate which doesn't end on a record boundary + # should fail + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_AFTER_KEY_UPDATE; + $proxy->start(); + ok($fatal_alert, "Record not on boundary in TLS1.3 (KeyUpdate)"); + + #Test 19: Sending application data in the middle of a fragmented KeyUpdate + # should fail. Strictly speaking this is not a record boundary test + # but we use the same filter. + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_BETWEEN_KEY_UPDATE; + $proxy->start(); + ok($fatal_alert, "Data between KeyUpdate"); + + #Test 20: Fragmented KeyUpdate. This should succeed. Strictly speaking this + # is not a record boundary test but we use the same filter. + $proxy->clear(); + $boundary_test_type = NO_DATA_BETWEEN_KEY_UPDATE; + $proxy->start(); + ok(TLSProxy::Message->success(), "No data between KeyUpdate"); + + SKIP: { + skip "EC disabled", 1 if disabled("ec"); + + #Test 21: Force an HRR and change the "real" ServerHello to have a protocol + # record version of 0x0301 (TLSv1.0). At this point we have already + # decided that we are doing TLSv1.3 but are still using plaintext + # records. The server should be sending a record version of 0x303 + # (TLSv1.2), but the RFC requires us to ignore this field so we + # should tolerate the incorrect version. + $proxy->clear(); + $proxy->filter(\&change_server_hello_version); + $proxy->serverflags("-groups P-256"); # Force an HRR + $proxy->start(); + ok(TLSProxy::Message->success(), "Bad ServerHello record version after HRR"); + } + } + } +} sub add_empty_recs_filter { my $proxy = shift; my $records = $proxy->record_list; + my $isdtls = $proxy->isdtls(); # We're only interested in the initial ClientHello if ($proxy->flight != 0) { - $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == 10; + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE; return; } for (my $i = 0; $i < $inject_recs_num; $i++) { - my $record = TLSProxy::Record->new( - 0, - $content_type, - TLSProxy::Record::VERS_TLS_1_2, - 0, - 0, - 0, - 0, - "", - "" - ); + my $record; + if ($isdtls == 1) { + $record = TLSProxy::Record->new_dtls( + 0, + $content_type, + TLSProxy::Record::VERS_DTLS_1_2, + 0, + 0, + 0, + 0, + 0, + 0, + "", + "" + ); + } else { + $record = TLSProxy::Record->new( + 0, + $content_type, + TLSProxy::Record::VERS_TLS_1_2, + 0, + 0, + 0, + 0, + "", + "" + ); + } push @{$records}, $record; } } @@ -286,7 +392,7 @@ sub add_frag_alert_filter # We're only interested in the initial ClientHello if ($proxy->flight != 0) { - $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == 10; + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE; return; } @@ -485,6 +591,7 @@ sub add_unknown_record_type { my $proxy = shift; my $records = $proxy->record_list; + my $isdtls = $proxy->isdtls; state $added_record; # We'll change a record after the initial version neg has taken place @@ -492,21 +599,39 @@ sub add_unknown_record_type $added_record = 0; return; } elsif ($proxy->flight != 1 || $added_record) { - $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE; return; } - my $record = TLSProxy::Record->new( - 1, - TLSProxy::Record::RT_UNKNOWN, - @{$records}[-1]->version(), - 1, - 0, - 1, - 1, - "X", - "X" - ); + my $record; + + if ($isdtls) { + $record = TLSProxy::Record->new_dtls( + 1, + TLSProxy::Record::RT_UNKNOWN, + @{$records}[-1]->version(), + @{$records}[-1]->epoch(), + @{$records}[-1]->seq() +1, + 1, + 0, + 1, + 1, + "X", + "X" + ); + } else { + $record = TLSProxy::Record->new( + 1, + TLSProxy::Record::RT_UNKNOWN, + @{$records}[-1]->version(), + 1, + 0, + 1, + 1, + "X", + "X" + ); + } #Find ServerHello record and insert after that my $i; @@ -526,7 +651,7 @@ sub change_version # We'll change a version after the initial version neg has taken place if ($proxy->flight != 1) { - $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 70; + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_PROTOCOL_VERSION; return; } @@ -536,6 +661,26 @@ sub change_version } } +sub change_server_hello_version +{ + my $proxy = shift; + my $records = $proxy->record_list; + + # We're only interested in changing the ServerHello after an HRR + if ($proxy->flight != 3) { + return; + } + + # The ServerHello has index 5 + # 0 - ClientHello + # 1 - HRR + # 2 - CCS + # 3 - ClientHello(2) + # 4 - CCS + # 5 - ServerHello + @{$records}[5]->version(TLSProxy::Record::VERS_TLS_1_0); +} + sub change_outer_record_type { my $proxy = shift; @@ -543,7 +688,7 @@ sub change_outer_record_type # We'll change a record after the initial version neg has taken place if ($proxy->flight != 1) { - $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE; return; } @@ -566,7 +711,7 @@ sub not_on_record_boundary #Find server's first flight if ($proxy->flight != 1) { - $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE; return; } diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index ad145774704e..10ebe8cf3395 100644 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled" if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - sub checkmessages($$$$$$); sub clearclient(); sub clearall(); diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index 48b9e43c3b39..10e7cd1479f9 100644 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled" if disabled("tls1_2") && disabled("tls1_3"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -49,6 +48,18 @@ use constant { UNRECOGNIZED_SIGALG => 11 }; +srand(70); +sub randcase { + my ($names) = @_; + my @ret; + foreach my $name (split(/:/, $names)) { + my ($alg, $rest) = split(/(?=[+])/, $name, 2); + $alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg; + push @ret, $alg . ($rest // ""); + } + return join(":", @ret); +} + #Note: Throughout this test we override the default ciphersuites where TLSv1.2 # is expected to ensure that a ServerKeyExchange message is sent that uses # the sigalgs @@ -115,7 +126,7 @@ SKIP: { #Test 8: Sending a valid sig algs list but not including a sig type that # matches the certificate should fail in TLSv1.3. $proxy->clear(); - $proxy->clientflags("-sigalgs ECDSA+SHA256"); + $proxy->clientflags("-sigalgs ".randcase("ECDSA+SHA256")); $proxy->filter(undef); $proxy->start(); ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs"); @@ -208,7 +219,7 @@ SKIP: { # when we have an API capable of configuring the TLSv1.3 sig algs $proxy->clear(); $testtype = PSS_ONLY_SIG_ALGS; - $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); + $proxy->clientflags("-no_tls1_3 -sigalgs ".randcase("RSA+SHA256")); $proxy->ciphers("ECDHE-RSA-AES128-SHA"); $proxy->start(); ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); @@ -216,7 +227,7 @@ SKIP: { #Test 18: Sending a valid sig algs list but not including a sig type that # matches the certificate should fail in TLSv1.2 $proxy->clear(); - $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); + $proxy->clientflags("-no_tls1_3 -sigalgs ".randcase("ECDSA+SHA256")); $proxy->ciphers("ECDHE-RSA-AES128-SHA"); $proxy->filter(undef); $proxy->start(); diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t index a9a77d5b8f1c..d27685bbec6e 100644 --- a/test/recipes/70-test_sslsignature.t +++ b/test/recipes/70-test_sslsignature.t @@ -26,7 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t index 9d2442fa1233..c53925dcdd7c 100644 --- a/test/recipes/70-test_sslskewith0p.t +++ b/test/recipes/70-test_sslskewith0p.t @@ -29,7 +29,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&ske_0_p_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index 2123860d9cb4..66b5606db5a2 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -42,8 +42,6 @@ plan skip_all => "$test_name needs TLS1.3, TLS1.2 and TLS1.1 enabled" || disabled("tls1_2") || disabled("tls1_1"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t index d41085c9eced..073df9ad84b6 100644 --- a/test/recipes/70-test_sslvertol.t +++ b/test/recipes/70-test_sslvertol.t @@ -26,7 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&vers_tolerance_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tls13alerts.t b/test/recipes/70-test_tls13alerts.t index 44d026c20224..152e6cc130db 100644 --- a/test/recipes/70-test_tls13alerts.t +++ b/test/recipes/70-test_tls13alerts.t @@ -26,8 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -41,7 +39,7 @@ $proxy->filter(\&alert_filter); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 1; my $alert = TLSProxy::Message->alert(); -ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unecrypted alert"); +ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unencrypted alert"); sub alert_filter { diff --git a/test/recipes/70-test_tls13cookie.t b/test/recipes/70-test_tls13cookie.t index a4b2a6222b10..5790b869e8df 100644 --- a/test/recipes/70-test_tls13cookie.t +++ b/test/recipes/70-test_tls13cookie.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -26,8 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - use constant { COOKIE_ONLY => 0, COOKIE_AND_KEY_SHARE => 1 @@ -44,32 +42,32 @@ my $cookieseen = 0; my $testtype; #Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello -$testtype = COOKIE_ONLY; -$proxy->filter(\&cookie_filter); -$proxy->serverflags("-curves X25519") if !disabled("ec"); -$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; -SKIP: { - skip "EC disabled", 1, if disabled("ec"); - ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); -} - - - -#Test 2: Same as test 1 but should also work where a new key_share is also -# required +# (when a key share is required) $testtype = COOKIE_AND_KEY_SHARE; -$proxy->clear(); -if (disabled("ec")) { +$proxy->filter(\&cookie_filter); +if (disabled("ecx")) { $proxy->clientflags("-curves ffdhe3072:ffdhe2048"); $proxy->serverflags("-curves ffdhe2048"); } else { $proxy->clientflags("-curves P-256:X25519"); $proxy->serverflags("-curves X25519"); } -$proxy->start(); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 2; ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); +#Test 2: Inserting a cookie into an HRR should see it echoed in the ClientHello +# (without a key share required) +SKIP: { + skip "ECX disabled", 1, if (disabled("ecx")); + $testtype = COOKIE_ONLY; + $proxy->clear(); + $proxy->serverflags("-curves X25519"); + $proxy->clientflags("-curves X25519:secp256r1"); + $proxy->start(); + ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); +} + sub cookie_filter { my $proxy = shift; diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t index 9e10a9c9c4ca..999a79e62a84 100644 --- a/test/recipes/70-test_tls13downgrade.t +++ b/test/recipes/70-test_tls13downgrade.t @@ -28,8 +28,6 @@ plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled" || (disabled("ec") && disabled("dh")) || disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t index 9d0694c3d6ec..4e146bcadfe7 100644 --- a/test/recipes/70-test_tls13hrr.t +++ b/test/recipes/70-test_tls13hrr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ use strict; use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; +use TLSProxy::Message; my $test_name = "test_tls13hrr"; setup($test_name); @@ -26,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -39,7 +38,8 @@ use constant { CHANGE_HRR_CIPHERSUITE => 0, CHANGE_CH1_CIPHERSUITE => 1, DUPLICATE_HRR => 2, - INVALID_GROUP => 3 + INVALID_GROUP => 3, + NO_SUPPORTED_VERSIONS => 4 }; #Test 1: A client should fail if the server changes the ciphersuite between the @@ -52,7 +52,7 @@ if (disabled("ec")) { } my $testtype = CHANGE_HRR_CIPHERSUITE; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 4; +plan tests => 5; ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); #Test 2: It is an error if the client changes the offered ciphersuites so that @@ -61,7 +61,7 @@ $proxy->clear(); if (disabled("ec")) { $proxy->serverflags("-curves ffdhe3072"); } else { - $proxy->serverflags("-curves P-256"); + $proxy->serverflags("-curves P-384"); } $proxy->ciphersuitess("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"); $testtype = CHANGE_CH1_CIPHERSUITE; @@ -75,7 +75,7 @@ $proxy->clear(); if (disabled("ec")) { $proxy->serverflags("-curves ffdhe3072"); } else { - $proxy->serverflags("-curves P-256"); + $proxy->serverflags("-curves P-384"); } $testtype = DUPLICATE_HRR; $proxy->start(); @@ -85,20 +85,33 @@ ok($fatal_alert, "Server duplicated HRR"); # otherwise not valid (e.g. not suitable for TLSv1.3) we should reject it # and not consider it when sending the HRR. We send brainpoolP512r1 in # the ClientHello, which is acceptable to the server but is not valid in -# TLSv1.3. We expect the server to select X25519 in the HRR and the +# TLSv1.3. We expect the server to select P-521 in the HRR and the # handshake to complete successfully SKIP: { skip "EC/TLSv1.2 is disabled in this build", 1 if disabled("ec") || disabled("tls1_2"); $proxy->clear(); - $proxy->clientflags("-groups P-256:brainpoolP512r1:X25519"); - $proxy->serverflags("-groups brainpoolP512r1:X25519"); + $proxy->clientflags("-groups P-256:brainpoolP512r1:P-521"); + $proxy->serverflags("-groups brainpoolP512r1:P-521"); $testtype = INVALID_GROUP; $proxy->start(); ok(TLSProxy::Message->success(), "Invalid group with HRR"); } +#Test 5: A failure should occur if an HRR is sent without the supported_versions +# extension +$fatal_alert = 0; +$proxy->clear(); +if (disabled("ec")) { + $proxy->serverflags("-curves ffdhe3072"); +} else { + $proxy->serverflags("-curves P-384"); +} +$testtype = NO_SUPPORTED_VERSIONS; +$proxy->start(); +ok($fatal_alert, "supported_versions missing from HRR"); + sub hrr_filter { my $proxy = shift; @@ -119,12 +132,31 @@ sub hrr_filter return; } + if ($testtype == NO_SUPPORTED_VERSIONS) { + # Check if we have the expected fatal alert + if ($proxy->flight == 2) { + $fatal_alert = 1 + if @{$proxy->record_list}[-1]->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_MISSING_EXTENSION; + return; + } + + # Otherwise we're only interested in the HRR + if ($proxy->flight != 1) { + return; + } + + my $hrr = ${$proxy->message_list}[1]; + $hrr->delete_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS); + $hrr->repack(); + return; + } + if ($testtype == DUPLICATE_HRR) { # We're only interested in the HRR # and the unexpected_message alert from client if ($proxy->flight == 4) { $fatal_alert = 1 - if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10; + if @{$proxy->record_list}[-1]->is_fatal_alert(0) == TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE; return; } if ($proxy->flight != 3) { diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 6385885057d8..b4ef6d1b191f 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -31,9 +31,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" plan skip_all => "$test_name needs EC enabled" if disabled("ec"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, checkhandshake::ALL_HANDSHAKES], @@ -105,6 +102,9 @@ $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::CLIENT, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, TLSProxy::Message::SERVER, @@ -155,6 +155,9 @@ $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::CLIENT, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, TLSProxy::Message::SERVER, @@ -190,17 +193,19 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: First get a session (undef, my $session) = tempfile(); -$proxy->clientflags("-sess_out ".$session); -$proxy->serverflags("-servername localhost"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_out ".$session); +$proxy->serverflags("-no_rx_cert_comp -servername localhost"); $proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 11; +plan tests => 13; ok(TLSProxy::Message->success(), "Initial connection"); #Test 2: Attempt a resume with no kex modes extension. Should fail (server # MUST abort handshake with pre_shared key and no psk_kex_modes) $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); my $testtype = DELETE_EXTENSION; $proxy->filter(\&modify_kex_modes_filter); $proxy->start(); @@ -209,7 +214,8 @@ ok(TLSProxy::Message->fail(), "Resume with no kex modes"); #Test 3: Attempt a resume with empty kex modes extension. Should fail (empty # extension is invalid) $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); $testtype = EMPTY_EXTENSION; $proxy->start(); ok(TLSProxy::Message->fail(), "Resume with empty kex modes"); @@ -217,8 +223,9 @@ ok(TLSProxy::Message->fail(), "Resume with empty kex modes"); #Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a # key_share $proxy->clear(); -$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session); -$proxy->serverflags("-allow_no_dhe_kex"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); +$proxy->serverflags("-no_rx_cert_comp -allow_no_dhe_kex"); $testtype = NON_DHE_KEX_MODE_ONLY; $proxy->start(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, @@ -230,7 +237,8 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, #Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); $testtype = DHE_KEX_MODE_ONLY; $proxy->start(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, @@ -244,7 +252,8 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, #Test 6: Attempt a resume with only unrecognised kex modes. Should not resume # but rather fall back to full handshake $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); $testtype = UNKNOWN_KEX_MODES; $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -254,10 +263,12 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::PSK_CLI_EXTENSION, "Resume with unrecognized kex mode"); -#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with -# a key_share +#Test 7: Attempt a resume with both, non-dhe and dhe kex mode. Should resume with +# a key_share, even though non-dhe is allowed, but not explicitly preferred. $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); +$proxy->serverflags("-allow_no_dhe_kex"); $testtype = BOTH_KEX_MODES; $proxy->start(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, @@ -266,13 +277,45 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, | checkhandshake::KEY_SHARE_SRV_EXTENSION | checkhandshake::PSK_CLI_EXTENSION | checkhandshake::PSK_SRV_EXTENSION, - "Resume with non-dhe kex mode"); + "Resume with both kex modes"); + +#Test 8: Attempt a resume with both, non-dhe and dhe kex mode, but with server-side +# preference for non-dhe. Should resume without a key_share. +$proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); +$proxy->serverflags("-allow_no_dhe_kex -prefer_no_dhe_kex"); +$testtype = BOTH_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with both kex modes, preference for non-dhe"); + +#Test 9: Attempt a resume with both, non-dhe and dhe kex mode, with server-side +# preference for non-dhe, but non-dhe not allowed. Should resume with a key_share. +$proxy->clear(); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); +$proxy->serverflags("-prefer_no_dhe_kex"); +$testtype = BOTH_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with both kex modes, preference for but disabled non-dhe"); -#Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable +#Test 10: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable # initial key_share. Should resume with a key_share following an HRR $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); -$proxy->serverflags("-curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); +$proxy->serverflags("-no_rx_cert_comp -curves P-384"); $testtype = BOTH_KEX_MODES; $proxy->start(); checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, @@ -284,11 +327,12 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, | checkhandshake::PSK_SRV_EXTENSION, "Resume with both kex modes and HRR"); -#Test 9: Attempt a resume with dhe kex mode only and an unacceptable initial +#Test 11: Attempt a resume with dhe kex mode only and an unacceptable initial # key_share. Should resume with a key_share following an HRR $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); -$proxy->serverflags("-curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); +$proxy->serverflags("-no_rx_cert_comp -curves P-384"); $testtype = DHE_KEX_MODE_ONLY; $proxy->start(); checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, @@ -300,12 +344,13 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, | checkhandshake::PSK_SRV_EXTENSION, "Resume with dhe kex mode and HRR"); -#Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable +#Test 12: Attempt a resume with both non-dhe and dhe kex mode, unacceptable # initial key_share and no overlapping groups. Should resume without a # key_share $proxy->clear(); -$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session); -$proxy->serverflags("-allow_no_dhe_kex -curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -curves P-384 -sess_in ".$session); +$proxy->serverflags("-no_rx_cert_comp -allow_no_dhe_kex -curves P-256"); $testtype = BOTH_KEX_MODES; $proxy->start(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, @@ -315,11 +360,12 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, | checkhandshake::PSK_SRV_EXTENSION, "Resume with both kex modes, no overlapping groups"); -#Test 11: Attempt a resume with dhe kex mode only, unacceptable +#Test 13: Attempt a resume with dhe kex mode only, unacceptable # initial key_share and no overlapping groups. Should fail $proxy->clear(); -$proxy->clientflags("-curves P-384 -sess_in ".$session); -$proxy->serverflags("-curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -curves P-384 -sess_in ".$session); +$proxy->serverflags("-no_rx_cert_comp -curves P-256"); $testtype = DHE_KEX_MODE_ONLY; $proxy->start(); ok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups"); @@ -354,7 +400,7 @@ sub modify_kex_modes_filter 0xfe, #unknown 0xff; #unknown } elsif ($testtype == BOTH_KEX_MODES) { - #We deliberately list psk_ke first...should still use psk_dhe_ke + #We deliberately list psk_ke first...should still use psk_dhe_ke, except if the server is configured otherwise. $ext = pack "C3", 0x02, #List length 0x00, #psk_ke diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 3113294f0631..d02d2df2a5a8 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -31,8 +31,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" plan skip_all => "$test_name needs EC enabled" if disabled("ec"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, checkhandshake::ALL_HANDSHAKES], @@ -107,6 +105,9 @@ $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, TLSProxy::Message::CLIENT, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::CLIENT, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, TLSProxy::Message::SERVER, @@ -160,6 +161,9 @@ $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, TLSProxy::Message::CLIENT, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::CLIENT, + checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, TLSProxy::Message::SERVER, @@ -205,7 +209,8 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: Check we get all the right messages for a default handshake (undef, my $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_out ".$session); $proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 17; @@ -215,7 +220,8 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 2: Resumption handshake $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); $proxy->clientstart(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, (checkhandshake::DEFAULT_EXTENSIONS @@ -228,7 +234,8 @@ SKIP: { if disabled("ct") || disabled("ec") || disabled("ocsp"); #Test 3: A status_request handshake (client request only) $proxy->clear(); - $proxy->clientflags("-status"); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); + $proxy->clientflags("-no_rx_cert_comp -status"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -237,7 +244,9 @@ SKIP: { #Test 4: A status_request handshake (server support only) $proxy->clear(); - $proxy->serverflags("-status_file " + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); + $proxy->clientflags("-no_rx_cert_comp"); + $proxy->serverflags("-no_rx_cert_comp -status_file " .srctop_file("test", "recipes", "ocsp-response.der")); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -246,8 +255,9 @@ SKIP: { #Test 5: A status_request handshake (client and server) $proxy->clear(); - $proxy->clientflags("-status"); - $proxy->serverflags("-status_file " + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); + $proxy->clientflags("-no_rx_cert_comp -status"); + $proxy->serverflags("-no_rx_cert_comp -status_file " .srctop_file("test", "recipes", "ocsp-response.der")); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, @@ -258,9 +268,10 @@ SKIP: { #Test 6: A status_request handshake (client and server) with client auth $proxy->clear(); - $proxy->clientflags("-status -enable_pha -cert " + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); + $proxy->clientflags("-no_rx_cert_comp -status -enable_pha -cert " .srctop_file("apps", "server.pem")); - $proxy->serverflags("-Verify 5 -status_file " + $proxy->serverflags("-no_rx_cert_comp -Verify 5 -status_file " .srctop_file("test", "recipes", "ocsp-response.der")); $proxy->start(); checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, @@ -273,8 +284,9 @@ SKIP: { #Test 7: A client auth handshake $proxy->clear(); -$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem")); -$proxy->serverflags("-Verify 5"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -enable_pha -cert ".srctop_file("apps", "server.pem")); +$proxy->serverflags("-no_rx_cert_comp -Verify 5"); $proxy->start(); checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS | @@ -283,7 +295,8 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, #Test 8: Server name handshake (no client request) $proxy->clear(); -$proxy->clientflags("-noservername"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -noservername"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -292,8 +305,9 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 9: Server name handshake (server support only) $proxy->clear(); -$proxy->clientflags("-noservername"); -$proxy->serverflags("-servername testhost"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -noservername"); +$proxy->serverflags("-no_rx_cert_comp -servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -302,8 +316,9 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 10: Server name handshake (client and server) $proxy->clear(); -$proxy->clientflags("-servername testhost"); -$proxy->serverflags("-servername testhost"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -servername testhost"); +$proxy->serverflags("-no_rx_cert_comp -servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -312,7 +327,8 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 11: ALPN handshake (client request only) $proxy->clear(); -$proxy->clientflags("-alpn test"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -alpn test"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -321,7 +337,9 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 12: ALPN handshake (server support only) $proxy->clear(); -$proxy->serverflags("-alpn test"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp"); +$proxy->serverflags("-no_rx_cert_comp -alpn test"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, @@ -329,8 +347,9 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, #Test 13: ALPN handshake (client and server) $proxy->clear(); -$proxy->clientflags("-alpn test"); -$proxy->serverflags("-alpn test"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -alpn test"); +$proxy->serverflags("-no_rx_cert_comp -alpn test"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -344,9 +363,10 @@ SKIP: { #Test 14: SCT handshake (client request only) $proxy->clear(); + $proxy->cipherc("DEFAULT:\@SECLEVEL=2"); #Note: -ct also sends status_request - $proxy->clientflags("-ct"); - $proxy->serverflags("-status_file " + $proxy->clientflags("-no_rx_cert_comp -ct"); + $proxy->serverflags("-no_rx_cert_comp -status_file " .srctop_file("test", "recipes", "ocsp-response.der") ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); $proxy->start(); @@ -361,7 +381,9 @@ SKIP: { #Test 15: HRR Handshake $proxy->clear(); -$proxy->serverflags("-curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp"); +$proxy->serverflags("-no_rx_cert_comp -curves P-384"); $proxy->start(); checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS @@ -370,8 +392,9 @@ checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, #Test 16: Resumption handshake with HRR $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); -$proxy->serverflags("-curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); +$proxy->serverflags("-no_rx_cert_comp -curves P-384"); $proxy->start(); checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, (checkhandshake::DEFAULT_EXTENSIONS @@ -382,7 +405,8 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, #Test 17: Acceptable but non preferred key_share $proxy->clear(); -$proxy->clientflags("-curves P-256"); +$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); +$proxy->clientflags("-no_rx_cert_comp -curves P-384"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index d24d52e35c9a..5607dd604ca8 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), @@ -68,7 +66,7 @@ $proxy->clientflags("-sess_in ".$session); if (disabled("ec")) { $proxy->serverflags("-curves ffdhe3072"); } else { - $proxy->serverflags("-curves P-256"); + $proxy->serverflags("-curves P-384"); } $proxy->filter(undef); $proxy->start(); @@ -87,7 +85,7 @@ $proxy->filter(\&modify_psk_filter); if (disabled("ec")) { $proxy->serverflags("-curves ffdhe3072"); } else { - $proxy->serverflags("-curves P-256"); + $proxy->serverflags("-curves P-384"); } $proxy->ciphersuitesc("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"); $proxy->ciphersuitess("TLS_AES_256_GCM_SHA384"); diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t index 20f980648d1b..a8b18c5f200e 100644 --- a/test/recipes/70-test_tlsextms.t +++ b/test/recipes/70-test_tlsextms.t @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled" if disabled("tls1") && disabled("tls1_1") && disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - sub checkmessages($$$$$); sub setrmextms($$); sub clearall(); diff --git a/test/recipes/79-test_http.t b/test/recipes/79-test_http.t index b3ac70fdebb2..236120071790 100644 --- a/test/recipes/79-test_http.t +++ b/test/recipes/79-test_http.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,16 @@ use OpenSSL::Test::Utils; setup("test_http"); +plan skip_all => "HTTP protocol is not supported by this OpenSSL build" + if disabled('http'); +plan skip_all => "not supported by no-sock build" if disabled('sock'); + plan tests => 2; SKIP: { skip "sockets disabled", 1 if disabled("sock"); skip "OCSP disabled", 1 if disabled("ocsp"); + skip "HTTP disabled", 1 if disabled("http"); my $cmd = [qw{openssl ocsp -index any -port 0}]; my @output = run(app($cmd), capture => 1); $output[0] =~ s/\r\n/\n/g; diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index eb025f4d591f..916f952a0c3e 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,18 +25,25 @@ my $std_openssl_cnf = '"' . srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf") . '"'; +sub src_file { + return srctop_file("test", "certs", shift); +} + rmtree("demoCA", { safe => 0 }); -plan tests => 15; +plan tests => 20; + +require_ok(srctop_file("test", "recipes", "tconversion.pl")); + SKIP: { - my $cakey = srctop_file("test", "certs", "ca-key.pem"); + my $cakey = src_file("ca-key.pem"); $ENV{OPENSSL_CONFIG} = qq(-config "$cnf"); skip "failed creating CA structure", 4 if !ok(run(perlapp(["CA.pl","-newca", "-extra-req", "-key $cakey"], stdin => undef)), 'creating CA structure'); - my $eekey = srctop_file("test", "certs", "ee-key.pem"); + my $eekey = src_file("ee-key.pem"); $ENV{OPENSSL_CONFIG} = qq(-config "$cnf"); skip "failed creating new certificate request", 3 if !ok(run(perlapp(["CA.pl","-newreq", @@ -53,7 +60,7 @@ plan tests => 15; skip "CT not configured, can't use -precert", 1 if disabled("ct"); - my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem"); + my $eekey2 = src_file("ee-key-3072.pem"); $ENV{OPENSSL_CONFIG} = qq(-config "$cnf"); ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)), 'creating new pre-certificate'); @@ -65,17 +72,25 @@ SKIP: { is(yes(cmdstr(app(["openssl", "ca", "-config", $cnf, - "-in", srctop_file("test", "certs", "sm2-csr.pem"), + "-in", src_file("sm2-csr.pem"), "-out", "sm2-test.crt", "-sigopt", "distid:1234567812345678", "-vfyopt", "distid:1234567812345678", "-md", "sm3", - "-cert", srctop_file("test", "certs", "sm2-root.crt"), - "-keyfile", srctop_file("test", "certs", "sm2-root.key")]))), + "-cert", src_file("sm2-root.crt"), + "-keyfile", src_file("sm2-root.key")]))), 0, "Signing SM2 certificate request"); } +my $v3_cert = "v3-test.crt"; +ok(run(app(["openssl", "ca", "-batch", "-config", $cnf, "-extensions", "empty", + "-in", src_file("x509-check.csr"), "-out", $v3_cert]))); +# although no explicit extensions given: +has_version($v3_cert, 3); +has_SKID($v3_cert, 1); +has_AKID($v3_cert, 1); + test_revoke('notimes', { should_succeed => 1, }); diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index c704cc758e91..63b25259f585 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -26,10 +26,14 @@ plan skip_all => "These tests are not supported in a fuzz build" plan skip_all => "These tests are not supported in a no-cmp build" if disabled("cmp"); -plan skip_all => "These tests are not supported in a no-ec build" - if disabled("ec"); +plan skip_all => "These tests are not supported in a no-ecx build" + if disabled("ecx"); # EC and EDDSA test certs, e.g., in Mock/newWithNew.pem plan skip_all => "These tests are not supported in a no-sock build" if disabled("sock"); +plan skip_all => "These tests are not supported in a no-http build" + if disabled("http"); +plan skip_all => "These tests are not supported in a no-cms build" + if disabled("cms"); # central key pair generation plan skip_all => "Tests involving local HTTP server not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32|msys)$/; @@ -49,10 +53,10 @@ my $no_proxy = $ENV{no_proxy} // $ENV{NO_PROXY}; my @app = qw(openssl cmp); -# the CMP server configuration consists of: +# the server-dependent client configuration consists of: my $ca_dn; # The CA's Distinguished Name my $server_dn; # The server's Distinguished Name -my $server_host;# The server's host name or IP address +my $server_host;# The server's hostname or IP address my $server_port;# The server's port my $server_tls; # The server's TLS port, if any, or 0 my $server_path;# The server's CMP alias @@ -63,10 +67,20 @@ my $pbm_ref; # The reference for PBM my $pbm_secret; # The secret for PBM my $column; # The column number of the expected result my $sleep = 0; # The time to sleep between two requests + +# the dynamic server info: my $server_fh; # Server file handle -# The local $server_name variables below are among others taken as the name of a -# sub-directory with server-specific certs etc. and CA-specific config section. +sub subst_env { + my $val = shift; + return '""""' if $val eq ""; + return $ENV{$1} if $val =~ /^\$\{ENV::(\w+)}$/; + return $val; +} + +# The local $server_name variables in the subroutines below are used +# both as the name of a sub-directory with server-specific credentials +# and as the name of a server-dependent client config section. sub load_config { my $server_name = shift; @@ -80,23 +94,24 @@ sub load_config { } elsif (m/\[\s*.*?\s*\]/) { $active = 0; } elsif ($active) { - $ca_dn = $1 eq "" ? '""""' : $1 if m/^\s*ca_dn\s*=\s*(.*)?\s*$/; - $server_dn = $1 eq "" ? '""""' : $1 if m/^\s*server_dn\s*=\s*(.*)?\s*$/; - $server_host = $1 eq "" ? '""""' : $1 if m/^\s*server_host\s*=\s*(\S*)?\s*(\#.*)?$/; - $server_port = $1 eq "" ? '""""' : $1 if m/^\s*server_port\s*=\s*(.*)?\s*$/; - $server_tls = $1 eq "" ? '""""' : $1 if m/^\s*server_tls\s*=\s*(.*)?\s*$/; - $server_path = $1 eq "" ? '""""' : $1 if m/^\s*server_path\s*=\s*(.*)?\s*$/; - $server_cert = $1 eq "" ? '""""' : $1 if m/^\s*server_cert\s*=\s*(.*)?\s*$/; - $kur_port = $1 eq "" ? '""""' : $1 if m/^\s*kur_port\s*=\s*(.*)?\s*$/; - $pbm_port = $1 eq "" ? '""""' : $1 if m/^\s*pbm_port\s*=\s*(.*)?\s*$/; - $pbm_ref = $1 eq "" ? '""""' : $1 if m/^\s*pbm_ref\s*=\s*(.*)?\s*$/; - $pbm_secret = $1 eq "" ? '""""' : $1 if m/^\s*pbm_secret\s*=\s*(.*)?\s*$/; - $column = $1 eq "" ? '""""' : $1 if m/^\s*column\s*=\s*(.*)?\s*$/; - $sleep = $1 eq "" ? '""""' : $1 if m/^\s*sleep\s*=\s*(.*)?\s*$/; + # if there are multiple entries with same key, the last one prevails + $ca_dn = subst_env($1) if m/^\s*ca_dn\s*=\s*(.*)?\s*$/; + $server_dn = subst_env($1) if m/^\s*server_dn\s*=\s*(.*)?\s*$/; + $server_host = subst_env($1) if m/^\s*server_host\s*=\s*(\S*)?\s*(\#.*)?$/; + $server_port = subst_env($1) if m/^\s*server_port\s*=\s*(\S*)?\s*(\#.*)?$/; + $server_tls = subst_env($1) if m/^\s*server_tls\s*=\s*(.*)?\s*$/; + $server_path = subst_env($1) if m/^\s*server_path\s*=\s*(.*)?\s*$/; + $server_cert = subst_env($1) if m/^\s*server_cert\s*=\s*(.*)?\s*$/; + $kur_port = subst_env($1) if m/^\s*kur_port\s*=\s*(.*)?\s*$/; + $pbm_port = subst_env($1) if m/^\s*pbm_port\s*=\s*(.*)?\s*$/; + $pbm_ref = subst_env($1) if m/^\s*pbm_ref\s*=\s*(.*)?\s*$/; + $pbm_secret = subst_env($1) if m/^\s*pbm_secret\s*=\s*(.*)?\s*$/; + $column = subst_env($1) if m/^\s*column\s*=\s*(.*)?\s*$/; + $sleep = subst_env($1) if m/^\s*sleep\s*=\s*(.*)?\s*$/; } } close CH; - die "Cannot find all CMP server config values in $test_config section [$section]\n" + die "Cannot find all server-dependent config values in $test_config section [$section]\n" if !defined $ca_dn || !defined $server_dn || !defined $server_host || !defined $server_port || !defined $server_tls @@ -104,6 +119,8 @@ sub load_config { || !defined $kur_port || !defined $pbm_port || !defined $pbm_ref || !defined $pbm_secret || !defined $column || !defined $sleep; + die "Invalid server_port number in $test_config section [$section]: $server_port" + unless $server_port =~ m/^\d+$/; $server_dn = $server_dn // $ca_dn; } @@ -115,11 +132,10 @@ my @all_aspects = ("connection", "verification", "credentials", "commands", "enr @all_aspects = split /\s+/, $ENV{OPENSSL_CMP_ASPECTS} if $ENV{OPENSSL_CMP_ASPECTS}; # set env variable, e.g., OPENSSL_CMP_ASPECTS="commands enrollment" to select specific aspects +my $Mock_serverlog; my $faillog; -my $file = $ENV{HARNESS_FAILLOG}; # pathname relative to result_dir -if ($file) { - open($faillog, ">", $file) or die "Cannot open $file for writing: $!"; -} +my $faillog_file = $ENV{HARNESS_FAILLOG} // "failed_client_invocations.txt"; # pathname relative to result_dir +open($faillog, ">", $faillog_file) or die "Cannot open '$faillog_file' for writing: $!"; sub test_cmp_http { my $server_name = shift; @@ -129,8 +145,8 @@ sub test_cmp_http { my $title = shift; my $params = shift; my $expected_result = shift; - $params = [ '-server', "127.0.0.1:$server_port", @$params ] - unless grep { $_ eq '-server' } @$params; + $params = [ '-server', "$server_host:$server_port", @$params ] + if ($server_name eq "Mock" && !(grep { $_ eq '-server' } @$params)); my $cmd = app([@app, @$params]); unless (is(my $actual_result = run($cmd), $expected_result, $title)) { @@ -138,9 +154,12 @@ sub test_cmp_http { my $quote_spc_empty = sub { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ }; my $invocation = cmdstr($cmd, display => 1); print $faillog "$server_name $aspect \"$title\" ($i/$n)". - " expected=$expected_result actual=$actual_result\n"; + " expected=$expected_result (". + ($expected_result ? "success" : "failure").")". + " actual=$actual_result\n"; print $faillog "$invocation\n\n"; } + sleep($sleep) if $expected_result == 1; } } @@ -154,14 +173,24 @@ sub test_cmp_http_aspect { my $i = 1; foreach (@$tests) { test_cmp_http($server_name, $aspect, $n, $i++, $$_[0], $$_[1], $$_[2]); - sleep($sleep); } }; - # not unlinking test.certout*.pem, test.cacerts.pem, and test.extracerts.pem + # not unlinking test.cert.pem, test.cacerts.pem, and test.extracerts.pem +} + +sub print_file_prefixed { + my ($file, $desc) = @_; + print "$desc (each line prefixed by \"# \"):\n"; + if (open F, $file) { + while (<F>) { + print "# $_"; + } + close F; + } } # The input files for the tests done here dynamically depend on the test server -# selected (where the Mock server used by default is just one possibility). +# selected (where the mock server used by default is just one possibility). # On the other hand the main test configuration file test.cnf, which references # several server-dependent input files by relative file names, is static. # Moreover the tests use much greater variety of input files than output files. @@ -182,27 +211,44 @@ indir data_dir() => sub { my $pid; if ($server_name eq "Mock") { indir "Mock" => sub { - $pid = start_mock_server(""); - die "Cannot start or find the started CMP mock server" unless $pid; + $pid = start_server($server_name, ""); + next unless $pid; } } foreach my $aspect (@all_aspects) { $aspect = chop_dblquot($aspect); - next if $server_name eq "Mock" && $aspect eq "certstatus"; + if ($server_name eq "Mock" && $aspect eq "certstatus") { + print "Skipping certstatus check as not supported by $server_name server\n"; + next; + } load_config($server_name, $aspect); # update with any aspect-specific settings indir $server_name => sub { my $tests = load_tests($server_name, $aspect); test_cmp_http_aspect($server_name, $aspect, $tests); }; }; - stop_mock_server($pid) if $pid; - ok(1, "killing mock server"); + + if ($server_name eq "Mock") { + stop_server($server_name, $pid) if $pid; + ok(1, "$server_name server has terminated"); + + if (-s $faillog) { + indir "Mock" => sub { + print_file_prefixed($Mock_serverlog, "$server_name server STDERR output is"); + } + } + } } } }; }; close($faillog) if $faillog; +if (-s $faillog_file) { + print "# ------------------------------------------------------------------------------\n"; + print_file_prefixed($faillog_file, "Failed client invocations are"); + print "# ------------------------------------------------------------------------------\n"; +} sub load_tests { my $server_name = shift; @@ -212,7 +258,7 @@ sub load_tests { my $result_dir = result_dir(); my @result; - open(my $data, '<', $file) || die "Cannot open $file for reading: $!"; + open(my $data, '<', $file) || die "Cannot open '$file' for reading: $!"; LOOP: while (my $line = <$data>) { chomp $line; @@ -232,18 +278,20 @@ sub load_tests { next LOOP if $server_tls == 0 && $line =~ m/,\s*-tls_used\s*,/; my $noproxy = $no_proxy; + my $server_plain = $server_host =~ m/^\[(.*)\]$/ ? $1 : $server_host; if ($line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/) { $noproxy = $1; - } elsif ($server_host eq "127.0.0.1") { - # do connections to localhost (e.g., Mock server) without proxy - $line =~ s{-section,,}{-section,,-no_proxy,127.0.0.1,} ; + } elsif ($server_plain eq "127.0.0.1" || $server_plain eq "::1") { + # do connections to localhost (e.g., mock server) without proxy + $line =~ s{-section,,}{-section,,-no_proxy,$server_plain,} ; } if ($line =~ m/,\s*-proxy\s*,/) { - next LOOP if $no_proxy && ($noproxy =~ $server_host); + next LOOP if $no_proxy && ($noproxy =~ $server_plain); } else { $line =~ s{-section,,}{-section,,-proxy,$proxy,}; } - $line =~ s{-section,,}{-section,,-certout,$result_dir/test.cert.pem,}; + $line =~ s{-section,,}{-section,,-certout,$result_dir/test.cert.pem,} + if $aspect ne "commands" || $line =~ m/,\s*-cmd\s*,\s*(ir|cr|p10cr|kur)\s*,/; $line =~ s{-section,,}{-config,../$test_config,-section,$server_name $aspect,}; my @fields = grep /\S/, split ",", $line; @@ -256,6 +304,7 @@ sub load_tests { my $title = $fields[$description]; next LOOP if (!defined($expected_result) || ($expected_result ne 0 && $expected_result ne 1)); + next LOOP if ($line =~ m/-server,\[.*:.*\]/ && !have_IPv6()); @fields = grep {$_ ne 'BLANK'} @fields[$description + 1 .. @fields - 1]; push @result, [$title, \@fields, $expected_result]; } @@ -263,36 +312,60 @@ sub load_tests { return \@result; } -sub start_mock_server { - my $args = $_[0]; # optional further CLI arguments +sub start_server { + my $server_name = shift; + my $args = shift; # optional further CLI arguments my $cmd = cmdstr(app([@app, '-config', 'server.cnf', $args ? $args : ()]), display => 1); print "Current directory is ".getcwd()."\n"; - print "Launching mock server: $cmd\n"; - die "Invalid port: $server_port" unless $server_port =~ m/^\d+$/; - my $pid = open($server_fh, "$cmd 2>".result_dir()."/error.txt |") or die "Trying to $cmd"; - print "Pid is: $pid\n"; - if ($server_port == 0) { - # Find out the actual server port + print "Launching $server_name server: $cmd\n"; + $Mock_serverlog = result_dir()."/Mock_server_STDERR.txt"; + my $pid = open($server_fh, "$cmd 2>$Mock_serverlog |"); + unless ($pid) { + print "Error launching $cmd, cannot obtain $server_name server PID"; + return 0; + } + print "$server_name server PID=$pid\n"; + + if ($server_host eq '*' || $server_port == 0) { + # Find out the actual server host and port and possibly different PID + my ($host, $port); + my $pid0 = $pid; while (<$server_fh>) { - print "Server output: $_"; + print "$server_name server output: $_"; next if m/using section/; s/\R$//; # Better chomp - ($server_port, $pid) = ($1, $2) if /^ACCEPT\s.*:(\d+) PID=(\d+)$/; + ($host, $port, $pid) = ($1, $2, $3) + if /^ACCEPT\s(.*?):(\d+) PID=(\d+)$/; last; # Do not loop further to prevent hangs on server misbehavior } + if ($server_host eq '*' && defined $host) { + $server_host = "[::1]" if $host eq "[::]"; + $server_host = "127.0.0.1" if $host eq "0.0.0.0"; + } + $server_port = $port if $server_port == 0 && defined $port; + if ($pid0 != $pid) { + # kill the shell process + kill('KILL', $pid0); + waitpid($pid0, 0); + } } - unless ($server_port > 0) { - stop_mock_server($pid); + if ($server_host eq '*' || $server_port == 0) { + stop_server($server_name, $pid) if $pid; + print "Cannot get expected output from the $server_name server\n"; return 0; } - $server_tls = $kur_port = $pbm_port = $server_port; + $kur_port = $server_port if $kur_port eq "\$server_port"; + $pbm_port = $server_port if $pbm_port eq "\$server_port"; + $server_tls = $server_port if $server_tls; return $pid; + } -sub stop_mock_server { - my $pid = $_[0]; - print "Killing mock server with pid=$pid\n"; +sub stop_server { + my $server_name = shift; + my $pid = shift; + print "Killing $server_name server with PID=$pid\n"; kill('KILL', $pid); waitpid($pid, 0); } diff --git a/test/recipes/80-test_cmp_http_data/Mock/issuing.crt b/test/recipes/80-test_cmp_http_data/Mock/issuing.crt index 1ec7377481ae..7329f852bc83 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/issuing.crt +++ b/test/recipes/80-test_cmp_http_data/Mock/issuing.crt @@ -1,3 +1,25 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = interCA +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA -----BEGIN CERTIFICATE----- MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV diff --git a/test/recipes/80-test_cmp_http_data/Mock/server.cnf b/test/recipes/80-test_cmp_http_data/Mock/server.cnf index 774b34a7f513..e2a47ff62edf 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/server.cnf +++ b/test/recipes/80-test_cmp_http_data/Mock/server.cnf @@ -8,9 +8,17 @@ srv_secret = pass:test # not needed: accept_unprotected = 1 no_check_time = 1 srv_trusted = signer_root.crt +no_cache_extracerts = 1 +ref_cert = signer_only.crt rsp_cert = signer_only.crt -rsp_capubs = signer_root.crt +rsp_key = new.key +rsp_crl = newcrl.pem +rsp_capubs = trusted.crt rsp_extracerts = signer_issuing.crt +rsp_newwithnew = newWithNew.pem +rsp_newwithold = newWithOld.pem +rsp_oldwithnew = oldWithNew.pem + verbosity = 7 diff --git a/test/recipes/80-test_cmp_http_data/Mock/server.crt b/test/recipes/80-test_cmp_http_data/Mock/server.crt index 07eab2e63b8e..d49b846995f2 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/server.crt +++ b/test/recipes/80-test_cmp_http_data/Mock/server.crt @@ -1,24 +1,25 @@ Issuer: CN=Root CA Validity - Not Before: Jan 14 22:29:46 2016 GMT - Not After : Jan 15 22:29:46 2116 GMT + Not Before: Aug 8 13:28:36 2024 GMT + Not After : Apr 11 13:28:36 2127 GMT Subject: CN=server.example -----BEGIN CERTIFICATE----- -MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 -IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD -DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 -o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV -3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ -8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 -rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 -cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS -T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud -EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 -YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI -RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk -iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK -8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi -X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q -YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +MIIDVDCCAjygAwIBAgIUMoDahWpYk1B1WIjOwkom4s27V/EwDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAgFw0yNDA4MDgxMzI4MzZaGA8yMTI3MDQx +MTEzMjgzNlowGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDVXWBq3/xh7kiqjBFIQ6VttlJdqphJsWGSNbH8 +OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRHEUJepoLQYcF/3RNG5gmFBw7y +1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNdigUc8dzhRL/F1+J3GVdclwt1 +7ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp4dBVMG8X5JHqrfgowkNvomSp ++52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/WlKeq/XAftCHQ9uFBwcPfTh6 +/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p8KFllZONAgMBAAGjgZgwgZUw +CQYDVR0TBAIwADAdBgNVHQ4EFgQUwOeEv+hZJzMQsFJPUVIvBtbAes0wHwYDVR0j +BBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDIDAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhh +bXBsZTANBgkqhkiG9w0BAQsFAAOCAQEAPRQ87zMFGrcQau8h8wDULU2PPgo1nifQ +1Vs+4WD7bPzk5GHl3M3OE2ZwhzYfO+ACcJa29Ahu7GRC660lXKlwONnQYuTTLqPD +KylY9ZJQUyP+CA5oZsDtnOcfrTy837jKq18NQ3ZxbRDpoVIATNHf9J2qe9yIkxYe +9p+aXGdvfDsNrhkz/m76V+KmioventOEKsRg64FfGKEZP8EfoBiNJipBdmN1I+GE +VTW91jjpgBTdCmyncmVn/CaV1d5S4ed4oQMLlLc+KsqDe97bF2TssFxcMmnyxgqb +bKDZOfzPI1HTs22tj6eLcZTIkcAuFET+uxcmFQcDsjYEf0G+iZLGWw== -----END CERTIFICATE----- diff --git a/test/recipes/80-test_cmp_http_data/Mock/signer_issuing.crt b/test/recipes/80-test_cmp_http_data/Mock/signer_issuing.crt index ebecbb79cd17..7734439f8c47 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/signer_issuing.crt +++ b/test/recipes/80-test_cmp_http_data/Mock/signer_issuing.crt @@ -1,3 +1,23 @@ + Subject: O = openssl_cmp + Issuer: O = openssl_cmp +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- + Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA -----BEGIN CERTIFICATE----- MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf index c68095661384..3276001fec2f 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf +++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf @@ -1,6 +1,7 @@ [default] batch = 1 # do not use stdin -total_timeout = 8 # prevent, e.g., infinite polling due to error +total_timeout = 120 # is used to prevent, e.g., infinite polling due to error; +# should now really be enough to cover delays caused by the underlying system trusted = trusted.crt newkey = new.key newkeypass = @@ -12,16 +13,15 @@ policies = certificatePolicies #policy_oids_critical = 1 #verbosity = 7 -############################# server configurations +############################# server-dependent configurations [Mock] # the built-in OpenSSL CMP mock server # no_check_time = 1 -server_host = 127.0.0.1 # localhost -# server_port = 0 means that the port is determined by the server -server_port = 0 +server_host = * # to be determined by server: 127.0.0.1 or ::1 (localhost) +server_port = 0 # 0 means that the port is determined by the server server_tls = $server_port server_cert = server.crt -server = $server_host:$server_port +# server = $server_host:$server_port server_path = pkix/ path = $server_path ca_dn = /CN=Root CA @@ -45,7 +45,6 @@ sleep = 0 ############################# aspects [connection] -msg_timeout = 5 total_timeout = # reset any TLS options to default: tls_used = @@ -84,6 +83,7 @@ extracertsout = [commands] cmd = +certout = cacertsout = infotype = oldcert = diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv index 1e574b2f7114..cbb806a9c6c8 100644 --- a/test/recipes/80-test_cmp_http_data/test_commands.csv +++ b/test/recipes/80-test_cmp_http_data/test_commands.csv @@ -1,5 +1,5 @@ -expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infotype,val,, -oldcert,val, -revreason,int, -geninfo,val -,,,,,Generic,message options:,,,,,,,,Misc,request options:,, +expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infotype,val,val2, -oldcert,val, -revreason,int, -geninfo,val, +,,,,Generic,message options:,,,,,,,,,,,,,,Misc,request options:,, ,,,,,,,,,,,,,,,,, 1,minimum options, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,, @@ -9,7 +9,8 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty 0,cmd incomplete, -section,, -cmd,i,,BLANK,,,BLANK,,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,, 1,no cacertsout, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK, -1,cacertsout given, -section,, -cmd,ir,, -cacertsout,_RESULT_DIR/test.cacerts.pem,,BLANK,,,BLANK,,BLANK, +1,cacertsout given, -section,, -cmd,ir,, -cacertsout,_RESULT_DIR/test.cacerts1.pem,,BLANK,,,BLANK,,BLANK, +1,use cacerts, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK, -trusted,_RESULT_DIR/test.cacerts1.pem 0,cacertsout missing arg, -section,, -cmd,ir,, -cacertsout,,,BLANK,,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,, 1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, @@ -33,7 +34,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty 1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, 1,revreason AACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,10 1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, -1, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, -revreason,0, -csr,csr.pem +1, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,0,,, -csr,csr.pem 1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, 0,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, 0,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK, @@ -42,23 +43,109 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty 0,revreason 11 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,11 0,revreason string, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,abc 0,revreason out of integer range, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,010000000000000000000 +1,use csr for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,0, -csr,csr.pem +1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +1,use issuer and serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""",-issuer,/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA,-serial,0xA44DB0329A714A8D +1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,use issuer but no serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""",-issuer,/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA,BLANK, +0,use serial but no issuer for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, """", -serial, 0xA44DB0329A714A8D +0,wrong issuer for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=wrongCA, -serial, 0xA44DB0329A714A8D +0,bad issuer DN for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, "'XYZ'", -serial, 0xA44DB0329A714A8D +0,wrong serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA, -serial, 0xA44DB0329A714A00 +0,bad serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA, -serial, xyz +0,rr without oldcert/csr/issuer/serial, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,rr with oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK, +0,rr with empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK, +0,rr where oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0 ,,,,,,,,,,,,,,,,, 1,ir + infotype, -section,, -cmd,ir,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK, +1,genm without -infotype, -section,, -cmd,genm,,BLANK,,, BLANK,,,BLANK,,BLANK, 0,genm with missing infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,,,BLANK,,BLANK, 0,genm with invalid infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,asdf,,BLANK,,BLANK, +1,genm with infotype signKeyPairTypes, -section,, -cmd,genm,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +1,genm caCerts , -section,, -cmd,genm,, -cacertsout,_RESULT_DIR/test.cacerts.pem,, -infotype,caCerts,,BLANK,,BLANK, +0,genm caCerts missing cacertsout option , -section,, -cmd,genm,, BLANK , ,, -infotype,caCerts,,BLANK,,BLANK, +0,genm caCerts missing cacertsout arg , -section,, -cmd,genm,, -cacertsout,BLANK ,, -infotype,caCerts,,BLANK,,BLANK, + + +0,genm caCerts extra cacertsout arg , -section,, -cmd,genm,, -cacertsout,_RESULT_DIR/test.cacerts.pem,_RESULT_DIR/test.cacerts.pem, -infotype,caCerts,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +1,genm rootCaCert with oldwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew0.pem +1,genm rootCaCert without oldwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, BLANK , , -newwithnew, _RESULT_DIR/test.newwithnew.pem +0,genm rootCaCert oldwithold missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, , -newwithnew, _RESULT_DIR/test.newwithnew.pem +0,genm rootCaCert oldwithold empty file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, empty.txt , -newwithnew, _RESULT_DIR/test.newwithnew.pem +0,genm rootCaCert oldwithold random file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, random.bin , -newwithnew, _RESULT_DIR/test.newwithnew.pem +0,genm rootCaCert oldwithold nonexistent , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, idontexist , -newwithnew, _RESULT_DIR/test.newwithnew.pem +1,genm rootCaCert oldwithold different , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem +0,genm rootCaCert missing newwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, BLANK ,, +0,genm rootCaCert newwithnew missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew,, +1,genm rootCaCert with oldwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew1.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew1.pem +0,genm rootCaCert oldwithnew missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew.pem, -oldwithnew,, +1,genm rootCaCert newwithnew oldwithnew newwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew2.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew2.pem, -newwithold, _RESULT_DIR/test.newwithold1.pem +0,genm rootCaCert newwithold missig arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew.pem, -newwithold,, +1,genm rootCaCert newwithnew newwithold , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew3.pem, -newwithold, _RESULT_DIR/test.newwithold2.pem ,,,,,,,,,,,,,,,,,,,,,, -1,geninfo, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int:987,BLANK,,BLANK, -0,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,,,,, -0,geninfo bad syntax: leading '.', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,.1.2.3:int:987,BLANK,,BLANK, -0,geninfo bad syntax: missing ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int987,,,, -0,geninfo bad syntax: double ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int::987,,,, -0,geninfo bad syntax: missing ':int', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3,,,, +1,genm crlStatusList with crlcert , -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -crlcert, signer_only.crt,,,,, -crlout, _RESULT_DIR/test.crlout1.pem +1,genm crlStatusList with old crl , -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -oldcrl, oldcrl.pem,,,,, -crlout, _RESULT_DIR/test.crlout2.pem +1,genm crlStatusList with crlcert and old crl , -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -crlcert, signer_only.crt, -oldcrl, oldcrl.pem,,, -crlout, _RESULT_DIR/test.crlout3.pem +1,genm crlStatusList with latest crl , -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -oldcrl, _RESULT_DIR/test.crlout3.pem,,,,, -crlout, _RESULT_DIR/test.crlout4.pem +0,genm crlStatusList with -oldcrl referring to nonexisting file due to empty CRL response message in previous test case, -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -oldcrl, _RESULT_DIR/test.crlout4.pem,,,,, -crlout, _RESULT_DIR/test.crlout5.pem +0,genm crlStatusList with -crlcert nonexistent, -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -crlcert, idontexist,,,,, -crlout, _RESULT_DIR/test.crlout.pem +0,genm crlStatusList with wrong issuer, -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -crlcert, server.crt,,,,, -crlout, _RESULT_DIR/test.crlout.pem +0,genm crlStatusList missing -crlcert & -oldcrl, -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,,,,,,,, -crlout, _RESULT_DIR/test.crlout.pem +0,genm crlStatusList with wrong cert and correct crl, -section,, -cmd,genm,, BLANK,,, -infotype,crlStatusList,, -crlcert, server.crt, -oldcrl, oldcrl.pem,,, -crlout, _RESULT_DIR/test.crlout.pem +,,,,,,,,,,,,,,,,,,,,,, +1,genm certReqTemplate, -section,, -cmd,genm,, -template,_RESULT_DIR/test.template.der, -keyspec,_RESULT_DIR/test.keyspec.der, -infotype,certReqTemplate,,BLANK,,BLANK,,BLANK,,, -expect_sender, """" +0,genm certReqTemplate missing template option, -section,, -cmd,genm,, -template,"""", -keyspec,_RESULT_DIR/test.keyspec.der, -infotype,certReqTemplate,,BLANK,,BLANK, +1,genm certReqTemplate without optional keyspec option, -section,, -cmd,genm,, -template,_RESULT_DIR/test.template.der, -keyspec,"""",, -infotype,certReqTemplate,,BLANK,,BLANK, +0,genm certReqTemplate missing template arg , -section,, -cmd,genm,, -template,BLANK, -keyspec,_RESULT_DIR/test.keyspec.der, -infotype,certReqTemplate,,BLANK,,BLANK, +0,genm certReqTemplate template extra arg , -section,, -cmd,genm,, -template,_RESULT_DIR/test.template.der,_RESULT_DIR/test.template.der, -infotype,certReqTemplate,,BLANK,,BLANK, +0,genm certReqTemplate template arg non-ex dir, -section,, -cmd,genm,, -template,idontexist/idontexist,, -infotype,certReqTemplate,,BLANK,,BLANK, +0,genm certReqTemplate keyspec arg non-ex dir, -section,, -cmd,genm,, -template,_RESULT_DIR/test.template.der, -keyspec,idontexist/idontexist,, -infotype,certReqTemplate,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +1,profile, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -profile,profile1,BLANK,,BLANK, +0,profile wrong value, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -profile,profile2,BLANK,,BLANK, +0,profile missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -profile,,,,, +0,profile extra argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -profile,profile1,profile2,,, +,,,,,,,,,,,,,,,,,,,,,, +1,geninfo int, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.3:int:987 +1,geninfo str, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,id-kp:str:name +1,geninfo empty str, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,id-kp:str: +1,geninfo str and int, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo, 'id-kp:str:name, 1.3:int:987' +0,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,,,,, +0,geninfo bad OID num: leading '.', -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,.1.2.3:int:987 +0,geninfo invalid OID number string, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.333:int:987 +1,geninfo unknown OID number string, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.33:int:987 +0,geninfo bad OID name: trailing '_', -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,id-kp_:int:987 +0,geninfo bad syntax: missing ':int', -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.2.3,,,, +0,geninfo bad type tag, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:xyz:987,,,, +0,geninfo bad syntax: missing ':', -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int987,,,, +0,geninfo bad int syntax: double ':', -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int::987,,,, +0,geninfo bad int syntax: extra char, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int:987@,,,, ,,,,,,,,,,,,,,,,,,, 1,reqout ir+certConf rspout ip+pkiConf, -section,, -cmd,ir,,-reqout,_RESULT_DIR/ir.der _RESULT_DIR/certConf.der,,-rspout,_RESULT_DIR/ip.der _RESULT_DIR/pkiConf.der,,BLANK,,BLANK, 1,reqout cr rspout cp, -section,, -cmd,cr,,-reqout,_RESULT_DIR/cr.der,,-rspout,_RESULT_DIR/cp.der,,BLANK,,BLANK, 1,reqin old tid, -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir.der _RESULT_DIR/certConf.der,,BLANK,,,BLANK,,BLANK,BLANK 1,reqin new tid, -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir.der _RESULT_DIR/certConf.der,,BLANK,,,BLANK,,BLANK,-reqin_new_tid 0,reqin wrong req, -section,, -cmd,ir,,-reqin,_RESULT_DIR/cr.der _RESULT_DIR/certConf.der,,BLANK,,,BLANK,,BLANK,BLANK -1,rspin, -section,, -cmd,ir,,BLANK,,,-rspin,_RESULT_DIR/ip.der _RESULT_DIR/pkiConf.der,,BLANK,,BLANK, +1,rspin, -section,, -cmd,ir,,BLANK,,,-rspin,_RESULT_DIR/ip.der _RESULT_DIR/pkiConf.der,,BLANK,,BLANK 0,rspin too few files - server must reject, -section,, -cmd,ir,,BLANK,,,-rspin,_RESULT_DIR/ip.der,,BLANK,,BLANK,-secret,_PBM_SECRET -0,rspin too few files - no server, -section,, -cmd,ir,,BLANK,,,-rspin,_RESULT_DIR/ip.der,,BLANK,,BLANK, -server, """" +0,rspin too few files - no server, -section,, -cmd,ir,,BLANK,,,-rspin,_RESULT_DIR/ip.der,,BLANK,,BLANK, -server,"""" +1,reqout_only ir - no server, -section,, -cmd,ir,,-reqout_only,_RESULT_DIR/ir2.der,,BLANK,,BLANK, -server,"""" +0,reqout_only non-existing directory and file, -section,, -cmd,ir,,-reqout_only,idontexist/idontexist,,BLANK,,BLANK, -server,"""" +0,reqin ir - no newkey, -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir2.der,,-newkey,"""",-newkey,"""",-key,"""",-cert,"""",-secret,_PBM_SECRET +1,reqin ir and rspout - using no newkey and -popo 0 as workaround, -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir2.der,,-rspout,_RESULT_DIR/ip2.der,-newkey,"""", -popo,0 +1,reqin ip and rspin - using no newkey and -popo 0 as workaround, -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir2.der,,-rspin,_RESULT_DIR/ip2.der,,-newkey,"""",-server,"""",-disable_confirm, -popo,0 +1,reqout_only ir - no server with -popo -1 (same as -centralkeygen), -section,, -cmd,ir,,-reqout_only,_RESULT_DIR/ir3.der,,BLANK,,BLANK, -server,"""", -popo,-1, -newkeyout,_RESULT_DIR/dummyout.pem +1,reqin ir and rspout - using no newkey and -popo -1 (same as -centralkeygen), -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir3.der,,-rspout,_RESULT_DIR/ip3.der,-newkey,"""", -popo,-1, -newkeyout,_RESULT_DIR/newkeyout.pem +1,reqin ip and rspin - using no newkey and -popo -1 (same as -centralkeygen), -section,, -cmd,ir,,-reqin,_RESULT_DIR/ir3.der,,-rspin,_RESULT_DIR/ip3.der,,-newkey,"""",-server,"""",-disable_confirm, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout.pem +,,,,,,,,,,,,,,,,,,, +1,central key generation, -section,, -cmd,cr,, -centralkeygen, -newkeyout,_RESULT_DIR/newkeyout1.pem +0,central key generation missing newkeyout, -section,, -cmd,cr,, -centralkeygen,,BLANK,,BLANK,,BLANK,,BLANK, +0,using popo 1 with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,1, -newkeyout,_RESULT_DIR/newkeyout.pem +1, using popo -1 redundantly with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout2.pem +1, using popo -1 alternatively to -centralkeygen, -section,, -cmd,cr,, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout3.pem, -newkeypass,pass:12345, -certout,_RESULT_DIR/test.cert3.pem +1, using centrally generated key (and cert) , -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345 +0, using centrally generated key with wrong password, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:wrong +0, using popo -1 (instead of -centralkeygen) without -newkeyout, -section,, -cmd,cr,, -popo,-1,,BLANK,,BLANK,,BLANK,,BLANK diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv index cc012411ea5f..27932275ccdc 100644 --- a/test/recipes/80-test_cmp_http_data/test_connection.csv +++ b/test/recipes/80-test_cmp_http_data/test_connection.csv @@ -2,8 +2,7 @@ expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls ,Message transfer options:,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,, 1,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, -1,disabled as not supported by some host IP configurations: server domain name, -section,, -server,localhost:_SERVER_PORT,,,,,,,,,,,,,, -1,disabled as not supported by some host IP configurations: server IPv6 address, -section,, -server,[::1]:_SERVER_PORT,,,,,,,,,,,,,, +disabled as not supported by some host IP configurations,server domain name, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,, 0,wrong server, -section,, -server,xn--rksmrgs-5wao1o.example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK, 0,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK, @@ -13,7 +12,7 @@ expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls 0,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 0,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 0,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, -0,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, +0,server port bad syntax: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 0,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK, TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,,,, @@ -22,6 +21,8 @@ TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,, 0,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK, 0,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,, -no_proxy,nonmatch.com,BLANK,,,,BLANK,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,,,, +0,tls_used, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,-tls_used,,,,-msg_timeout,1,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,, 1,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK, 1,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK, 1,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,,,,BLANK,, -path,"""",BLANK,,BLANK,,BLANK, @@ -46,4 +47,5 @@ TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,, 1,keep_alive 0, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,0 1,keep_alive 1, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,1 1,keep_alive 2, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,2 -0,keep_alive 3, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,3 +0,keep_alive too large, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,3 +0,keep_alive extremely large, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,999999999999999999999999999 diff --git a/test/recipes/80-test_cmp_http_data/test_credentials.csv b/test/recipes/80-test_cmp_http_data/test_credentials.csv index ce508a101db6..c7a977f2bfd9 100644 --- a/test/recipes/80-test_cmp_http_data/test_credentials.csv +++ b/test/recipes/80-test_cmp_http_data/test_credentials.csv @@ -1,9 +1,9 @@ -expected,description, -section,val, -ref,val, -secret,val, -cert,val, -key,val, -keypass,val, -extracerts,val, BLANK, BLANK, -digest,val, -unprotected_requests,noarg +expected,description, -section,val, -ref,val, -secret,val, -cert,val, -key,val, -keypass,val, -extracerts,val, BLANK, BLANK, -digest,val, -unprotected_requests,noarg, -opt1,arg1, -opt2,arg2 ,,,,,,,,,,,,,,,,,,,,,, -1,valid secret - wrong cert/key ignored, -section,, -ref,_PBM_REF, -secret,_PBM_SECRET, -cert,root.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,"""" +1,valid secret - wrong cert/key ignored, -section,, -ref,_PBM_REF, -secret,_PBM_SECRET, -cert,root.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,"""" 0,secret missing arg, -section,,BLANK,, -secret,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, 0,wrong secret without ref, -section,,BLANK,, -secret,pass:wrong,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, -0,wrong secret - correct cert, -section,,BLANK,, -secret,pass:wrong, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,"""" +0,wrong secret - correct cert, -section,,BLANK,, -secret,pass:wrong, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,"""" ,,,,,,,,,,,,,,,,,,,,,, 0,ref missing arg, -section,, -ref,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, 1,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv index 83b8ecda37ad..a66afdc837e1 100644 --- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv +++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv @@ -1,11 +1,14 @@ -expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, -subject,val, -issuer,val, -days,int, -reqexts,val, -sans,spec, -san_nodefault,noarg, -popo,int, -implicit_confirm,noarg, -disable_confirm,noarg, -certout,val,val2, -out_trusted,val,val2, -oldcert,val, -csr,val, -revreason,val -,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Misc,request options:,,,, +expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, -subject,val, -issuer,val, -days,int, -reqexts,val, -sans,spec, -san_nodefault,noarg, -popo,int, -implicit_confirm,noarg, -disable_confirm,noarg, -certout,val,val2, -out_trusted,val,val2, -oldcert,val, -csr,val, -revreason,val, -opt1,arg1, -opt2,arg2, -opt3,arg3, -opt4,arg4, -opt5,arg5 +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Misc,request options:,,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +1,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-chainout,_RESULT_DIR/test.chainout.pem +1,use chainout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,signer_only.crt,-untrusted,_RESULT_DIR/test.chainout.pem +0,missing chain, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,signer_only.crt,-untrusted,"""",reqout,t.der ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -1,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,newkey missing arg, -section,, -cmd,ir, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,newkey is directory, -section,, -cmd,ir, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkey is non-existing directory and file, -section,, -cmd,ir, -newkey,idontexist/idontexist,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,newkey too many parameters, -section,, -cmd,ir, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,newkey is an RSA key, -section,, -cmd,ir, -newkey,test.RSA2048.pem,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkey is an RSA key, -section,, -cmd,ir, -newkey,new.RSA2048.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1,newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,read newkeypass from file, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:12345.txt,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_file.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, @@ -63,14 +66,18 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, 1,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,_RESULT_DIR/test.certout_disable.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,_RESULT_DIR/test.certout_disable1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +1,use certout (and chainout) , -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,_RESULT_DIR/test.certout_newkey.pem,-untrusted,_RESULT_DIR/test.chainout.pem +1,certout and chainout sent to same file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-certout,_RESULT_DIR/test.certout_chainout.pem,,-chainout,_RESULT_DIR/test.certout_chainout.pem +1,use certout and chainout from same file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,_RESULT_DIR/test.certout_chainout.pem,-untrusted,"""" 0,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,"""",, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,certout is non-existing directory and file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,idontexist/idontexist,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,certout too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,abc,def, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted.pem,,BLANK,,,BLANK,,BLANK,,, 1,out_trusted bigcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted_big.pem,, -out_trusted,big_root.crt,,BLANK,,BLANK,,, 0,out_trusted missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted1.pem,, -out_trusted,,,BLANK,,BLANK,,, -0,out_trusted is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted2.pem,, -out_trusted,dir/,,BLANK,,BLANK,,, +0,out_trusted is non-existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted2.pem,, -out_trusted,idontexist,,BLANK,,BLANK,,, 0,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted3.pem,, -out_trusted,abc,def,BLANK,,BLANK,,, 0,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted4.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,, 1,out_trusted accept issuing ca cert even with CRL check enabled by default, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted5.pem,, -out_trusted,issuing.crt,,BLANK,,BLANK,,,-partial_chain,-crl_check,-srvcert,server.crt @@ -102,13 +109,14 @@ TODO,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1,cr, -section,, -cmd,cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_cr.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -1,kur explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt -1,kur minimal options, -section,, -cmd,kur,BLANK,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur_minimal.pem,,BLANK,,, -oldcert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt, -secret,"""" -0,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur1.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur2.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur wrong oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,root.crt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt +1,kur minimal options, -section,, -cmd,kur,BLANK,,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur_minimal.pem,,BLANK,,, -oldcert,"""",BLANK,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt, -secret,"""" +0,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur1.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur newkey is non-existing directory and file, -section,, -cmd,kur, -newkey,idontexist/idontexist,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur2.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur wrong oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,root.crt,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +0,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur certout overwriting oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,-server,_SERVER_HOST:_KUR_PORT diff --git a/test/recipes/80-test_cmp_http_data/test_verification.csv b/test/recipes/80-test_cmp_http_data/test_verification.csv index ad28108be25c..39a649a61802 100644 --- a/test/recipes/80-test_cmp_http_data/test_verification.csv +++ b/test/recipes/80-test_cmp_http_data/test_verification.csv @@ -1,5 +1,5 @@ -expected,description, -section,val, -recipient,val, -expect_sender,val, -srvcert,val, -trusted,val, -untrusted,val, -ignore_keyusage, -unprotected_errors, -extracertsout,val,val2, -opt1,arg1, -opt2,arg2, -opt3,arg3 -,,,,,Recipient,options:,,,,,,,,,,,,,,,,,,, +expected,description, -section,val, -recipient,val, -expect_sender,val, -srvcert,val, -trusted,val, -untrusted,val, -ignore_keyusage, -unprotected_errors, -extracertsout,val,val2, -srvcertout,val, -opt1,arg1, -opt2,arg2, -opt3,arg3, -opt4,arg4 +,,,,Recipient,options:,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, 1,default test, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, @@ -21,30 +21,37 @@ expected,description, -section,val, -recipient,val, -expect_sender,val, -srvcert 0,bad syntax in expected sender name: missing '=', -section,, -recipient,_CA_DN, -expect_sender,/C=DE/CN=ECC Issuing CA v10/OU=For test purpose only/OCMPforOpenSSL,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,expected sender empty attributes, -section,, -recipient,_CA_DN, -expect_sender,/CN=/OU=/O=/C=,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, -1,explicit srvcert, -section,,,,BLANK,, -srvcert,_SERVER_CERT, -trusted,"""",BLANK,,,, -unprotected_errors,BLANK,,,,,,,, +1,explicit srvcert, -section,,,,BLANK,, -srvcert,_SERVER_CERT, -trusted,"""",BLANK,,, -unprotected_errors, -extracertsout,_RESULT_DIR/test.extracerts.pem,, -srvcertout,_RESULT_DIR/test.srvcertout.pem,,,, +1,reuse last srvcert, -section,,,,BLANK,, -srvcert,_RESULT_DIR/test.srvcertout.pem, -trusted,"""",BLANK,,, -unprotected_errors,BLANK,,,,,,,, +1,reuse last extracerts, -section,,,,BLANK,, -srvcert,_RESULT_DIR/test.extracerts.pem, -trusted,"""",BLANK,,, -unprotected_errors,BLANK,,,,,,,, +1,output no srvcert empty extracerts, -section,,,,BLANK,, -secret,_PBM_SECRET, -ref,_PBM_REF,BLANK,,, -unprotected_errors,-extracertsout,_RESULT_DIR/test.extracerts_empty.pem,, -srvcertout,_RESULT_DIR/test.srvcertout.pem,-cmd,genm, -infotype,signKeyPairTypes +0,cannot reuse last srvcert, -section,,,,BLANK,, -srvcert,_RESULT_DIR/test.srvcertout.pem, -trusted,"""",BLANK,,, -unprotected_errors,BLANK,,,,,,,, +0,cannot reuse last extracerts, -section,,,,BLANK,, -srvcert,_RESULT_DIR/test.extracerts_empty.pem, -trusted,"""",BLANK,,, -unprotected_errors,BLANK,,,,,,,, 0,srvcert missing arg, -section,, -recipient,"""",BLANK,, -srvcert,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, -0,wrong srvcert, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +0,wrong srvcert and -trusted ignored, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt,-trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,srvcert is empty file, -section,, -recipient,"""",BLANK,, -srvcert,empty.txt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,srvcert random content, -section,, -recipient,"""",BLANK,, -srvcert,random.bin, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, 1,no -trusted but srvcert, -section,, -recipient,_CA_DN,BLANK,, -srvcert,_SERVER_CERT,BLANK,,BLANK,,, -unprotected_errors,BLANK,,,,,,,, +0,no -trusted and no -srvcert, -section,, -recipient,_CA_DN,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,trusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, -0,wrong trusted cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK, -secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345 +0,wrong trusted cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,, -secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345 0,trusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,empty.txt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,trusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,random.bin,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,trusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,idontexist,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, 0,untrusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,untrusted not matching cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,root.crt,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,untrusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,empty.txt,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,untrusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,random.bin,BLANK, -unprotected_errors,BLANK,,,,,,,, 0,untrusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,idontexist,BLANK, -unprotected_errors,BLANK,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, 1,ignore key usage, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,, -ignore_keyusage, -unprotected_errors,BLANK,,,,,,,, -0,ignorekeyusage with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,, -unprotected_errors,BLANK, -ignore_keyusage,1,,,,,, +0,ignorekeyusage with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,, -ignore_keyusage,1,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, 1,no unprotected errors - no errors, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,,,,,,, -0,unprotected_errors with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,, -unprotected_errors,123,,,, +0,unprotected_errors with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,123,,,, ,,,,,,,,,,,,,,,,,,,,,,,,, -1,extracertsout, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,_RESULT_DIR/test.extracerts.pem,,,,,,, +1,extracertsout, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,_RESULT_DIR/test.extracerts.pem,, -srvcertout,_RESULT_DIR/test.srvcertout.pem,,,,, 0,extracertsout no parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,,,,,,,, 0,extracertsout multiple arguments, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,abc,def,,,,,, diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 0e8b0259f1c2..5c967c581835 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -41,6 +41,8 @@ my @defaultprov = ("-provider-path", $provpath, my @config = ( ); my $provname = 'default'; +my $dsaallow = '1'; +my $no_pqc = 0; my $datadir = srctop_dir("test", "recipes", "80-test_cms_data"); my $smdir = srctop_dir("test", "smime-certs"); @@ -51,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) $no_rc2 = 1 if disabled("legacy"); -plan tests => 20; +plan tests => 30; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -61,7 +63,11 @@ unless ($no_fips) { $provname = 'fips'; run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]), - capture => 1, statusvar => $old_fips); + capture => 1, statusvar => \$dsaallow); + $no_dsa = 1 if $dsaallow == '0'; + $old_fips = 1 if $dsaallow != '0'; + run(test(["fips_version_test", "-config", $provconf, "<3.5.0"]), + capture => 1, statusvar => \$no_pqc); } $ENV{OPENSSL_TEST_LIBCTX} = "1"; @@ -240,19 +246,23 @@ my @smime_pkcs7_tests = ( \&final_compare ], - [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "{output}.cms", - $smrsa1, - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "{cmd2}", @prov, "-decrypt", "-recip", $smrsa1, - "-in", "{output}.cms", "-out", "{output}.txt" ], - \&final_compare - ], - ); +if ($no_fips || $old_fips) { + push(@smime_pkcs7_tests, + [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + $smrsa1, + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", @prov, "-decrypt", "-recip", $smrsa1, + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ] + ); +} + my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", @@ -347,6 +357,16 @@ my @smime_cms_tests = ( \&final_compare ], + [ "enveloped content test streaming PEM format, AES-128-CBC cipher, password", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-pwri_password", "test" ], + [ "{cmd2}", @prov, "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-pwri_password", "test" ], + \&final_compare + ], + [ "data content test streaming PEM format", [ "{cmd1}", @prov, "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", "-stream", "-out", "{output}.cms" ], @@ -379,7 +399,7 @@ my @smime_cms_tests = ( ], [ "encrypted content test streaming PEM format, triple DES key", - [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + [ "{cmd1}", @defaultprov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", "-stream", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms", @@ -466,10 +486,10 @@ my @smime_cms_cades_tests = ( my @smime_cms_cades_ko_tests = ( [ "sign content DER format, RSA key, not CAdES-BES compatible", [ @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], + "-certfile", $smroot, "-signer", $smrsa1, "-out", "cades-ko.cms" ], "fail to verify token since requiring CAdES-BES compatibility", - [ @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", $smroot, "-out", "{output}.txt" ], + [ @prov, "-verify", "-cades", "-in", "cades-ko.cms", "-inform", "DER", + "-CAfile", $smroot, "-out", "cades-ko.txt" ], \&final_compare ] ); @@ -509,12 +529,12 @@ my @smime_cms_param_tests = ( ], [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max", - [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-signer", $smrsa1, "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max", "-out", "{output}.cms" ], sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 222; }, - [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", + [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM", "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], @@ -612,18 +632,18 @@ my @smime_cms_param_tests = ( ], [ "enveloped content test streaming S/MIME format, ECDH, AES-128-CBC, SHA256 KDF", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], sub { my %opts = @_; smimeType_matches("$opts{output}.cms", "enveloped-data"); }, - [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smec1.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, AES-128-GCM cipher, SHA256 KDF", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec1.pem"), "-aes-128-gcm", "-keyopt", "ecdh_kdf_md:sha256" ], sub { my %opts = @_; smimeType_matches("$opts{output}.cms", "authEnveloped-data"); }, @@ -633,11 +653,11 @@ my @smime_cms_param_tests = ( ], [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec2.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], - [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"), + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ] @@ -646,17 +666,46 @@ my @smime_cms_param_tests = ( if ($no_fips || $old_fips) { # Only SHA1 supported in dh_cms_encrypt() push(@smime_cms_param_tests, - [ "enveloped content test streaming S/MIME format, X9.42 DH", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-stream", "-out", "{output}.cms", - "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], - [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), - "-in", "{output}.cms", "-out", "{output}.txt" ], - \&final_compare - ] + + [ "enveloped content test streaming S/MIME format, X9.42 DH", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], + [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ] ); } +my @smime_cms_param_tests_autodigestmax = ( + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize < maximum salt length", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, "-md", "sha256", + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:auto-digestmax", + "-out", "{output}.cms" ], + # digest is SHA-256, which produces 32, bytes of output + sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 32; }, + [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize > maximum salt length", + [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1024, "-md", "sha512", + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:auto-digestmax", + "-out", "{output}.cms" ], + # digest is SHA-512, which produces 64, bytes of output, but an RSA-PSS + # signature with a 1024 bit RSA key can only accommodate 62 + sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 62; }, + [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ] +); + + my @contenttype_cms_test = ( [ "signed content test - check that content type is added to additional signerinfo, RSA keys", [ "{cmd1}", @prov, "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, @@ -754,7 +803,21 @@ subtest "CMS <=> CMS consistency tests\n" => sub { subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { plan tests => - (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); + (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests) + + (scalar @smime_cms_param_tests_autodigestmax) + 1; + + ok(run(app(["openssl", "cms", @prov, + "-sign", "-in", $smcont, + "-outform", "PEM", + "-nodetach", + "-signer", $smrsa1, + "-keyopt", "rsa_padding_mode:pss", + "-keyopt", "rsa_pss_saltlen:auto-digestmax", + "-out", "digestmaxtest.cms"]))); + # Providers that do not support rsa_pss_saltlen:auto-digestmax will parse + # it as 0 + my $no_autodigestmax = rsapssSaltlen("digestmaxtest.cms") == 0; + 1 while unlink "digestmaxtest.cms"; runner_loop(prefix => 'cms2cms-mod', cmd1 => 'cms', cmd2 => 'cms', tests => [ @smime_cms_param_tests ]); @@ -766,6 +829,15 @@ subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { runner_loop(prefix => 'cms2cms-comp', cmd1 => 'cms', cmd2 => 'cms', tests => [ @smime_cms_comp_tests ]); } + + SKIP: { + skip("rsa_pss_saltlen:auto-digestmax not supported", + scalar @smime_cms_param_tests_autodigestmax) + if $no_autodigestmax; + + runner_loop(prefix => 'cms2cms-comp', 'cmd1' => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_param_tests_autodigestmax ]); + } }; # Returns the number of matches of a Content Type Attribute in a binary file. @@ -937,6 +1009,7 @@ subtest "CAdES ko tests\n" => sub { SKIP: { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; + 1 while unlink "cades-ko.txt"; ok(run(app(["openssl", "cms", @{$$_[1]}])), $$_[0]); ok(!run(app(["openssl", "cms", @{$$_[3]}])), $$_[2]); @@ -984,6 +1057,179 @@ subtest "CMS binary input tests\n" => sub { "verify binary input with -binary missing -crlfeol"); }; +subtest "CMS signed digest, DER format" => sub { + plan tests => 2; + + # Pre-computed SHA256 digest of $smcont in hexadecimal form + my $digest = "ff236ef61b396355f75a4cc6e1c306d4c309084ae271a9e2ad6888f10a101b32"; + + my $sig_file = "signature.der"; + ok(run(app(["openssl", "cms", @prov, "-sign", "-digest", $digest, + "-outform", "DER", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), + "-out", $sig_file])), + "CMS sign pre-computed digest, DER format"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), + "-content", $smcont])), + "Verify CMS signed digest, DER format"); +}; + +subtest "CMS signed digest, DER format, no signing time" => sub { + # This test also enables CAdES mode and disables S/MIME capabilities + # to approximate the kind of signature required for a PAdES-compliant + # PDF signature. + plan tests => 4; + + # Pre-computed SHA256 digest of $smcont in hexadecimal form + my $digest = "ff236ef61b396355f75a4cc6e1c306d4c309084ae271a9e2ad6888f10a101b32"; + + my $sig_file = "signature.der"; + ok(run(app(["openssl", "cms", @prov, "-sign", "-digest", $digest, + "-outform", "DER", + "-no_signing_time", + "-nosmimecap", + "-cades", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), + "-out", $sig_file])), + "CMS sign pre-computed digest, DER format, no signing time"); + + my $exit = 0; + my $dump = join "\n", + run(app(["openssl", "cms", @prov, "-cmsout", "-noout", "-print", + "-in", $sig_file, + "-inform", "DER"]), + capture => 1, + statusvar => $exit); + + is($exit, 0, "Parse CMS signed digest, DER format, no signing time"); + is(index($dump, 'signingTime'), -1, + "Check that CMS signed digest does not contain signing time"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), + "-content", $smcont])), + "Verify CMS signed digest, DER format, no signing time"); +}; + + +subtest "CMS signed digest, S/MIME format" => sub { + plan tests => 2; + + # Pre-computed SHA256 digest of $smcont in hexadecimal form + my $digest = "ff236ef61b396355f75a4cc6e1c306d4c309084ae271a9e2ad6888f10a101b32"; + + my $sig_file = "signature.smime"; + ok(run(app(["openssl", "cms", @prov, "-sign", "-digest", $digest, + "-outform", "SMIME", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), + "-out", $sig_file])), + "CMS sign pre-computed digest, S/MIME format"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-inform", "SMIME", + "-CAfile", catfile($smdir, "smroot.pem"), + "-content", $smcont])), + "Verify CMS signed digest, S/MIME format"); +}; + +sub path_tests { + our $app = shift; + our @path = qw(test certs); + our $key = srctop_file(@path, "ee-key.pem"); + our $ee = srctop_file(@path, "ee-cert.pem"); + our $ca = srctop_file(@path, "ca-cert.pem"); + our $root = srctop_file(@path, "root-cert.pem"); + our $sig_file = "signature.p7s"; + + sub sign { + my $inter = shift; + my @inter = $inter ? ("-certfile", $inter) : (); + my $msg = shift; + ok(run(app(["openssl", $app, @prov, "-sign", "-in", $smcont, + "-inkey", $key, "-signer", $ee, @inter, + "-out", $sig_file], + "accept $app sign with EE $msg". + " intermediate CA certificates"))); + } + sub verify { + my $inter = shift; + my @inter = $inter ? ("-certfile", $inter) : (); + my $msg = shift; + my $res = shift; + ok($res == run(app(["openssl", $app, @prov, "-verify", "-in", $sig_file, + "-purpose", "sslserver", "-CAfile", $root, @inter, + "-content", $smcont], + "accept $app verify with EE ". + "$msg intermediate CA certificates"))); + } + sign($ca, "and"); + verify(0, "with included", 1); + sign(0, "without"); + verify(0, "without", 0); + verify($ca, "with added", 1); +}; +subtest "CMS sign+verify cert path tests" => sub { + plan tests => 5; + + path_tests("cms"); +}; +subtest "PKCS7 sign+verify cert path tests" => sub { + plan tests => 5; + + path_tests("smime"); +}; + +subtest "CMS code signing test" => sub { + plan tests => 7; + my $sig_file = "signature.p7s"; + ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont, + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), + "-out", $sig_file])), + "accept perform CMS signature with smime certificate"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-CAfile", catfile($smdir, "smroot.pem"), + "-content", $smcont])), + "accept verify CMS signature with smime certificate"); + + ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-CAfile", catfile($smdir, "smroot.pem"), + "-purpose", "codesign", + "-content", $smcont])), + "fail verify CMS signature with smime certificate for purpose code signing"); + + ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-CAfile", catfile($smdir, "smroot.pem"), + "-purpose", "football", + "-content", $smcont])), + "fail verify CMS signature with invalid purpose argument"); + + ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont, + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "csrsa1.pem"), + "-out", $sig_file])), + "accept perform CMS signature with code signing certificate"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-CAfile", catfile($smdir, "smroot.pem"), + "-purpose", "codesign", + "-content", $smcont])), + "accept verify CMS signature with code signing certificate for purpose code signing"); + + ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file, + "-CAfile", catfile($smdir, "smroot.pem"), + "-content", $smcont])), + "fail verify CMS signature with code signing certificate for purpose smime_sign"); +}; + # Test case for missing MD algorithm (must not segfault) with({ exit_checker => sub { return shift == 4; } }, @@ -992,7 +1238,15 @@ with({ exit_checker => sub { return shift == 4; } }, '-inform', 'PEM', '-in', data_file("pkcs7-md4.pem"), ])), - "Check failure of EVP_DigestInit is handled correctly"); + "Check failure of EVP_DigestInit in PKCS7 signed is handled"); + + ok(run(app(['openssl', 'smime', '-decrypt', + '-inform', 'PEM', + '-in', data_file("pkcs7-md4-encrypted.pem"), + '-recip', srctop_file("test", "certs", "ee-cert.pem"), + '-inkey', srctop_file("test", "certs", "ee-key.pem") + ])), + "Check failure of EVP_DigestInit in PKCS7 signedAndEnveloped is handled"); }); sub check_availability { @@ -1126,3 +1380,86 @@ subtest "encrypt to three recipients with RSA-OAEP, key only decrypt" => sub { "decrypt with key only"); is(compare($pt, $ptpt), 0, "compare original message with decrypted ciphertext"); }; + +subtest "EdDSA tests for CMS" => sub { + plan tests => 2; + + SKIP: { + skip "ECX (EdDSA) is not supported in this build", 2 + if disabled("ecx"); + + my $crt1 = srctop_file("test", "certs", "root-ed25519.pem"); + my $key1 = srctop_file("test", "certs", "root-ed25519.privkey.pem"); + my $sig1 = "sig1.cms"; + + ok(run(app(["openssl", "cms", @prov, "-sign", "-md", "sha512", "-in", $smcont, + "-signer", $crt1, "-inkey", $key1, "-out", $sig1])), + "accept CMS signature with Ed25519"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig1, + "-CAfile", $crt1, "-content", $smcont])), + "accept CMS verify with Ed25519"); + } +}; + +subtest "ML-DSA tests for CMS" => sub { + plan tests => 2; + + SKIP: { + skip "ML-DSA is not supported in this build", 2 + if disabled("ml-dsa") || $no_pqc; + + my $sig1 = "sig1.cms"; + + # draft-ietf-lamps-cms-ml-dsa: use SHA512 with ML-DSA + ok(run(app(["openssl", "cms", @prov, "-sign", "-md", "sha512", "-in", $smcont, + "-certfile", $smroot, "-signer", catfile($smdir, "sm_mldsa44.pem"), + "-out", $sig1])), + "accept CMS signature with ML-DSA-44"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig1, + "-CAfile", $smroot, "-content", $smcont])), + "accept CMS verify with ML-DSA-44"); + } +}; + +subtest "SLH-DSA tests for CMS" => sub { + plan tests => 6; + + SKIP: { + skip "SLH-DSA is not supported in this build", 6 + if disabled("slh-dsa") || $no_pqc; + + my $sig1 = "sig1.cms"; + + # draft-ietf-lamps-cms-sphincs-plus: use SHA512 with SLH-DSA-SHA2 + ok(run(app(["openssl", "cms", @prov, "-sign", "-md", "sha512", "-in", $smcont, + "-certfile", $smroot, "-signer", catfile($smdir, "sm_slhdsa_sha2_128s.pem"), + "-out", $sig1])), + "accept CMS signature with SLH-DSA-SHA2-128s"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig1, + "-CAfile", $smroot, "-content", $smcont])), + "accept CMS verify with SLH-DSA-SHA2-128s"); + + # draft-ietf-lamps-cms-sphincs-plus: use SHAKE128 with SLH-DSA-SHAKE-128* + ok(run(app(["openssl", "cms", @prov, "-sign", "-md", "shake128", "-in", $smcont, + "-certfile", $smroot, "-signer", catfile($smdir, "sm_slhdsa_shake_128s.pem"), + "-out", $sig1])), + "accept CMS signature with SLH-DSA-SHAKE-128s"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig1, + "-CAfile", $smroot, "-content", $smcont])), + "accept CMS verify with SLH-DSA-SHAKE-128s"); + + # draft-ietf-lamps-cms-sphincs-plus: use SHAKE256 with SLH-DSA-SHAKE-256* + ok(run(app(["openssl", "cms", @prov, "-sign", "-md", "shake256", "-in", $smcont, + "-certfile", $smroot, "-signer", catfile($smdir, "sm_slhdsa_shake_256s.pem"), + "-out", $sig1])), + "accept CMS signature with SLH-DSA-SHAKE-256s"); + + ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig1, + "-CAfile", $smroot, "-content", $smcont])), + "accept CMS verify with SLH-DSA-SHAKE-256s"); + } +}; diff --git a/test/recipes/80-test_dane.t b/test/recipes/80-test_dane.t index 3191f964dc16..6f8df8e990d0 100644 --- a/test/recipes/80-test_dane.t +++ b/test/recipes/80-test_dane.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t index c2299962523a..0539c79d5613 100644 --- a/test/recipes/80-test_ocsp.t +++ b/test/recipes/80-test_ocsp.t @@ -14,6 +14,7 @@ use POSIX; use File::Spec::Functions qw/devnull catfile/; use File::Basename; use File::Copy; +use File::Compare qw/compare/; use OpenSSL::Test qw/:DEFAULT with pipe srctop_dir data_file/; use OpenSSL::Test::Utils; @@ -51,7 +52,7 @@ sub test_ocsp { $title); }); } -plan tests => 11; +plan tests => 12; subtest "=== VALID OCSP RESPONSES ===" => sub { plan tests => 7; @@ -220,9 +221,29 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0); }; +my $cert = data_file("cert.pem"); +my $key = data_file("key.pem"); subtest "=== OCSP API TESTS===" => sub { plan tests => 1; - ok(run(test(["ocspapitest", data_file("cert.pem"), data_file("key.pem")])), + ok(run(test(["ocspapitest", $cert, $key])), "running ocspapitest"); -} +}; + +subtest "=== OCSP handling of identical input and output files ===" => sub { + plan tests => 5; + + my $inout1 = "req.der"; + my $backup1 = "backup.der"; + ok(run(app(['openssl', 'ocsp', '-issuer', $cert, '-cert', $cert, + '-reqout', $inout1])), "produce dummy request input"); + copy($inout1, $backup1); + ok(run(app(['openssl', 'ocsp', '-reqin', $inout1, '-reqout', $inout1]))); + ok(!compare($inout1, $backup1), "copied request $inout1 did not change"); + + my $inout2 = "ND1.dat"; + my $backup2 = "backup.dat"; + copy($inout2, $backup2); + ok(run(app(['openssl', 'ocsp', '-respin', $inout2, '-respout', $inout2, '-noverify']))); + ok(!compare($inout2, $backup2), "copied response $inout2 did not change"); +}; diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index de26cbdca4dc..06fa85af0f3e 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -9,7 +9,7 @@ use strict; use warnings; -use OpenSSL::Test qw/:DEFAULT srctop_file with/; +use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir with/; use OpenSSL::Test::Utils; use Encode; @@ -54,7 +54,9 @@ if (eval { require Win32::API; 1; }) { } $ENV{OPENSSL_WIN32_UTF8}=1; -plan tests => 20; +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +plan tests => $no_fips ? 47 : 53; # Test different PKCS#12 formats ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); @@ -80,6 +82,8 @@ my $outfile2 = "out2.p12"; my $outfile3 = "out3.p12"; my $outfile4 = "out4.p12"; my $outfile5 = "out5.p12"; +my $outfile6 = "out6.p12"; +my $outfile7 = "out7.p12"; # Test the -chain option with -untrusted ok(run(app(["openssl", "pkcs12", "-export", "-chain", @@ -143,11 +147,114 @@ my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5, "-passin", "pass:"]), capture => 1); # Test that with one input certificate, we get one output certificate -ok(grep(/subject=CN = server.example/, @pkcs12info) == 1, +ok(grep(/subject=CN\s*=\s*server.example/, @pkcs12info) == 1, "test one cert in output"); + # Test that the expected friendly name is present in the output ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output"); +# Test there's no Oracle Trusted Key Usage bag attribute +ok(grep(/Trusted key usage (Oracle)/, @pkcs12info) == 0, + "test no oracle trusted key usage"); + +# Test export of PEM file with both cert and key, without password. +# -nomac necessary to avoid legacy provider requirement +{ + ok(run(app(["openssl", "pkcs12", "-export", + "-inkey", srctop_file(@path, "cert-key-cert.pem"), + "-in", srctop_file(@path, "cert-key-cert.pem"), + "-passout", "pass:", + "-nomac", "-out", $outfile6], stderr => "outerr6.txt")), + "test_export_pkcs12_cert_key_cert_no_pass"); + open DATA, "outerr6.txt"; + my @match = grep /:error:/, <DATA>; + close DATA; + ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr6_empty"); +} + +my %pbmac1_tests = ( + pbmac1_defaults => {args => [], lookup => "hmacWithSHA256"}, + pbmac1_nondefaults => {args => ["-pbmac1_pbkdf2_md", "sha512", "-macalg", "sha384"], lookup => "hmacWithSHA512"}, +); + +for my $instance (sort keys %pbmac1_tests) { + my $extra_args = $pbmac1_tests{$instance}{args}; + my $lookup = $pbmac1_tests{$instance}{lookup}; + # Test export of PEM file with both cert and key, with password. + { + my $pbmac1_id = $instance; + ok(run(app(["openssl", "pkcs12", "-export", "-pbmac1_pbkdf2", + "-inkey", srctop_file(@path, "cert-key-cert.pem"), + "-in", srctop_file(@path, "cert-key-cert.pem"), + "-passout", "pass:1234", + @$extra_args, + "-out", "$pbmac1_id.p12"], stderr => "${pbmac1_id}_err.txt")), + "test_export_pkcs12_${pbmac1_id}"); + open DATA, "${pbmac1_id}_err.txt"; + my @match = grep /:error:/, <DATA>; + close DATA; + ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_${pbmac1_id}_err.empty"); + + ok(run(app(["openssl", "pkcs12", "-in", "$pbmac1_id.p12", "-info", "-noout", + "-passin", "pass:1234"], stderr => "${pbmac1_id}_info.txt")), + "test_export_pkcs12_${pbmac1_id}_info"); + open DATA, "${pbmac1_id}_info.txt"; + my @match = grep /$lookup/, <DATA>; + close DATA; + ok(scalar @match > 0 ? 1 : 0, "test_export_pkcs12_${pbmac1_id}_info"); + } +} + +# Test pbmac1 pkcs12 good files, RFC 9579 +for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12") +{ + my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); + ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), + "test pbmac1 pkcs12 file $file"); +} + + +unless ($no_fips) { + my $provpath = bldtop_dir("providers"); + my $provconf = srctop_file("test", "fips-and-base.cnf"); + my $provname = 'fips'; + my @prov = ("-provider-path", $provpath, + "-provider", $provname); + local $ENV{OPENSSL_CONF} = $provconf; + +# Test pbmac1 pkcs12 good files, RFC 9579 + for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12") + { + my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); + ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-password", "pass:1234", "-noenc"])), + "test pbmac1 pkcs12 file $file"); + + ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-info", "-noout", + "-passin", "pass:1234"], stderr => "${file}_info.txt")), + "test_export_pkcs12_${file}_info"); + } +} + +# Test pbmac1 pkcs12 bad files, RFC 9579 +for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12") +{ + my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); + with({ exit_checker => sub { return shift == 1; } }, + sub { + ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), + "test pbmac1 pkcs12 bad file $file"); + } + ); +} + +# Test pbmac1 pkcs12 file with absent PBKDF2 PRF, usually omitted when selecting sha1 +{ + my $file = "pbmac1_sha1_hmac_and_prf.p12"; + my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); + ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])), + "test pbmac1 pkcs12 file $file"); +} + # Test some bad pkcs12 files my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12"); my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12"); @@ -181,4 +288,73 @@ with({ exit_checker => sub { return shift == 1; } }, "test bad pkcs12 file 3 (info)"); }); +# Test that mac verification doesn't fail when mac is absent in the file +{ + my $nomac = srctop_file("test", "recipes", "80-test_pkcs12_data", "nomac_parse.p12"); + ok(run(app(["openssl", "pkcs12", "-in", $nomac, "-passin", "pass:testpassword"])), + "test pkcs12 file without MAC"); +} + +# Test with Oracle Trusted Key Usage specified in openssl.cnf +{ + ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile7, + "-jdktrust", "anyExtendedKeyUsage", "-in", srctop_file(@path, "ee-cert.pem"), + "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])), + "test nokeys single cert"); + + my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile7, + "-passin", "pass:"]), capture => 1); + ok(grep(/Trusted key usage \(Oracle\): Any Extended Key Usage \(2.5.29.37.0\)/, @pkcs12info) == 1, + "test oracle trusted key usage is set"); + + delete $ENV{OPENSSL_CONF} +} + +# Tests for pkcs12_parse +ok(run(test(["pkcs12_api_test", + "-in", $outfile1, + "-has-ca", 1, + ])), "Test pkcs12_parse()"); + +SKIP: { + skip "Skipping PKCS#12 parse test because DES is disabled in this build", 1 + if disabled("des"); + ok(run(test(["pkcs12_api_test", + "-in", $outfile2, + "-pass", "v3-certs", + "-has-ca", 1, + ])), "Test pkcs12_parse()"); +} + +SKIP: { + skip "Skipping PKCS#12 parse test because the required algorithms are disabled", 1 + if disabled("des") || disabled("rc2") || disabled("legacy"); + ok(run(test(["pkcs12_api_test", + "-in", $outfile3, + "-pass", "v3-certs", + "-has-ca", 1, + ])), "Test pkcs12_parse()"); +} + +ok(run(test(["pkcs12_api_test", + "-in", $outfile4, + "-pass", "v3-certs", + "-has-ca", 1, + "-has-key", 1, + "-has-cert", 1, + ])), "Test pkcs12_parse()"); + +ok(run(test(["pkcs12_api_test", + "-in", $outfile5, + "-has-ca", 1, + ])), "Test pkcs12_parse()"); + +ok(run(test(["pkcs12_api_test", + "-in", $outfile6, + "-pass", "", + "-has-ca", 1, + "-has-key", 1, + "-has-cert", 1, + ])), "Test pkcs12_parse()"); + SetConsoleOutputCP($savedcp) if (defined($savedcp)); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index fe03607419a1..44c674e46753 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -31,15 +31,23 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); +my @conf_srcs = (); +if (defined $ENV{SSL_TESTS}) { + my @conf_list = split(' ', $ENV{SSL_TESTS}); + foreach my $conf_file (@conf_list) { + push (@conf_srcs, glob(srctop_file("test", "ssl-tests", $conf_file))); + } + plan tests => scalar @conf_srcs; +} else { + @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); + # We hard-code the number of tests to double-check that the globbing above + # finds all files as expected. + plan tests => 31; +} map { s/;.*// } @conf_srcs if $^O eq "VMS"; my @conf_files = map { basename($_, ".in") } @conf_srcs; map { s/\^// } @conf_files if $^O eq "VMS"; -# We hard-code the number of tests to double-check that the globbing above -# finds all files as expected. -plan tests => 30; - # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && @@ -59,10 +67,12 @@ my $no_dtls = alldisabled(available_protocols("dtls")); my $no_npn = disabled("nextprotoneg"); my $no_ct = disabled("ct"); my $no_ec = disabled("ec"); +my $no_ecx = disabled("ecx"); my $no_dh = disabled("dh"); my $no_dsa = disabled("dsa"); my $no_ec2m = disabled("ec2m"); my $no_ocsp = disabled("ocsp"); +my $no_ml_dsa = disabled("ml-dsa"); # Add your test here if the test conf.in generates test cases and/or # expectations dynamically based on the OpenSSL compile-time config. @@ -74,16 +84,18 @@ my %conf_dependent_tests = ( "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"), "10-resumption.cnf" => !$is_default_tls || $no_ec, "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"), + "14-curves.cnf" => disabled("tls-deprecated-ec"), "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"), "17-renegotiate.cnf" => disabled("tls1_2"), "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"), "19-mac-then-encrypt.cnf" => !$is_default_tls, - "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa, + "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa || $no_ml_dsa, "22-compression.cnf" => !$is_default_tls, "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"), "27-ticket-appdata.cnf" => !$is_default_tls, - "28-seclevel.cnf" => disabled("tls1_2") || $no_ec, + "28-seclevel.cnf" => disabled("tls1_2") || $no_ecx, "30-extended-master-secret.cnf" => disabled("tls1_2"), + "32-compressed-certificate.cnf" => disabled("comp") || disabled("tls1_3"), ); # Add your test here if it should be skipped for some compile-time @@ -103,13 +115,13 @@ my %skip = ( # TODO(TLS 1.3): We should review this once we have TLS 1.3. "13-fragmentation.cnf" => disabled("tls1_2"), "14-curves.cnf" => disabled("tls1_2") || disabled("tls1_3") - || $no_ec || $no_ec2m, + || $no_ec2m || $no_ecx || $no_dh, "15-certstatus.cnf" => $no_tls || $no_ocsp, "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp, "17-renegotiate.cnf" => $no_tls_below1_3, "18-dtls-renegotiate.cnf" => $no_dtls, "19-mac-then-encrypt.cnf" => $no_pre_tls1_3, - "20-cert-select.cnf" => disabled("tls1_2") || $no_ec, + "20-cert-select.cnf" => disabled("tls1_2") || $no_ecx, "21-key-update.cnf" => disabled("tls1_3") || ($no_ec && $no_dh), "22-compression.cnf" => disabled("zlib") || $no_tls, "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1") @@ -118,6 +130,7 @@ my %skip = ( "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"), "26-tls13_client_auth.cnf" => disabled("tls1_3") || ($no_ec && $no_dh), "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"), + "32-compressed-certificate.cnf" => disabled("comp") || disabled("tls1_3"), ); foreach my $conf (@conf_files) { diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 8c52b637fc82..f7be2e187262 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ use warnings; use POSIX; use File::Basename; use File::Copy; -use OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr data_file/; +use OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr data_file result_dir result_file/; use OpenSSL::Test::Utils; BEGIN { @@ -38,6 +38,7 @@ my $no_anydtls = alldisabled(available_protocols("dtls")); plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build" if $no_anytls && $no_anydtls; +my $dsaallow = '1'; my $digest = "-sha1"; my @reqcmd = ("openssl", "req"); my @x509cmd = ("openssl", "x509", $digest); @@ -78,9 +79,10 @@ my $client_sess="client.ss"; # If you're adding tests here, you probably want to convert them to the # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. plan tests => - ($no_fips ? 0 : 5) # testssl with fips provider + ($no_fips ? 0 : 7) # testssl with fips provider + 1 # For testss + 5 # For the testssl with default provider + + 1 # For security level 0 failure tests ; subtest 'test_ss' => sub { @@ -103,8 +105,69 @@ if (disabled("legacy")) { testssl($Ukey, $Ucert, $CAcert, "default", $configfile); unless ($no_fips) { - testssl($Ukey, $Ucert, $CAcert, "fips", - srctop_file("test","fips-and-base.cnf")); + # Read in a text $infile and replace the regular expression in $srch with the + # value in $repl and output to a new file $outfile. + sub replace_line_file_internal { + + my ($infile, $srch, $repl, $outfile) = @_; + my $msg; + + open(my $in, "<", $infile) or return 0; + read($in, $msg, 1024); + close $in; + + $msg =~ s/$srch/$repl/; + + open(my $fh, ">", $outfile) or return 0; + print $fh $msg; + close $fh; + return 1; + } + + # Read in the text input file $infile + # and replace a single Key = Value line with a new value in $value. + # OR remove the Key = Value line if the passed in $value is empty. + # and then output a new file $outfile. + # $key is the Key to find + sub replace_kv_file { + my ($infile, $key, $value, $outfile) = @_; + my $srch = qr/$key\s*=\s*\S*\n/; + my $rep; + if ($value eq "") { + $rep = ""; + } else { + $rep = "$key = $value\n"; + } + return replace_line_file_internal($infile, $srch, $rep, $outfile); + } + + # Read in the text $input file + # and search for the $key and replace with $newkey + # and then output a new file $outfile. + sub replace_line_file { + my ($infile, $key, $newkey, $outfile) = @_; + my $srch = qr/$key/; + my $rep = "$newkey"; + return replace_line_file_internal($infile, + $srch, $rep, $outfile); + } + + # Rewrite the module configuration to all PKCS#1 v1.5 padding + my $fipsmodcfg_filename = "fipsmodule.cnf"; + my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); + my $provconf = srctop_file("test", "fips-and-base.cnf"); + my $provconfnew = result_file("fips-and-base-temp.cnf"); + my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; + my $fipsmodcfgnew = result_file($fipsmodcfgnew_filename); + $ENV{OPENSSL_CONF_INCLUDE} = result_dir(); + ok(replace_kv_file($fipsmodcfg, + 'rsa-pkcs15-pad-disabled', '0', + $fipsmodcfgnew) + && replace_line_file($provconf, + $fipsmodcfg_filename, $fipsmodcfgnew_filename, + $provconfnew)); + + testssl($Ukey, $Ucert, $CAcert, "fips", $provconfnew); } # ----------- @@ -330,6 +393,12 @@ sub testssl { push @providerflags, "-provider", "legacy"; } + $dsaallow = '1'; + if ($provider eq "fips") { + run(test(["fips_version_test", "-config", $configfile, "<3.4.0"]), + capture => 1, statusvar => \$dsaallow); + } + my @ssltest = ("ssl_old_test", "-s_key", $key, "-s_cert", $cert, "-c_key", $key, "-c_cert", $cert, @@ -345,7 +414,6 @@ sub testssl { $dsa_cert = 1; } - subtest 'standard SSL tests' => sub { ###################################################################### plan tests => 19; @@ -436,7 +504,7 @@ sub testssl { my @exkeys = (); my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; - if (!$no_dsa) { + if (!$no_dsa && $dsaallow == '1') { push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; } @@ -494,7 +562,11 @@ sub testssl { my $flag = $protocol eq "-tls1_3" ? "" : $protocol; my $ciphersuites = ""; foreach my $cipher (@{$ciphersuites{$protocol}}) { - if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + if ($dsaallow == '0' && index($cipher, "DSS") != -1) { + # DSA is not allowed in FIPS 140-3 + note "*****SKIPPING $protocol $cipher"; + ok(1); + } elsif ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { note "*****SKIPPING $protocol $cipher"; ok(1); } else { @@ -527,6 +599,44 @@ sub testssl { } }; + subtest 'SSL security level failure tests' => sub { + ###################################################################### + plan tests => 3; + + SKIP: { + skip "SSLv3 is not supported by this OpenSSL build", 1 + if disabled("ssl3"); + + skip "SSLv3 is not supported by the FIPS provider", 1 + if $provider eq "fips"; + + is(run(test([@ssltest, "-bio_pair", "-ssl3", "-cipher", '@SECLEVEL=1'])), + 0, "test sslv3 fails at security level 1, expecting failure"); + } + + SKIP: { + skip "TLSv1.0 is not supported by this OpenSSL build", 1 + if $no_tls1; + + skip "TLSv1.0 is not supported by the FIPS provider", 1 + if $provider eq "fips"; + + is(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", '@SECLEVEL=1'])), + 0, 'test tls1 fails at security level 1, expecting failure'); + } + + SKIP: { + skip "TLSv1.1 is not supported by this OpenSSL build", 1 + if $no_tls1_1; + + skip "TLSv1.1 is not supported by the FIPS provider", 1 + if $provider eq "fips"; + + is(run(test([@ssltest, "-bio_pair", "-tls1_1", "-cipher", '@SECLEVEL=1'])), + 0, 'test tls1.1 fails at security level 1, expecting failure'); + } + }; + subtest 'RSA/(EC)DHE/PSK tests' => sub { ###################################################################### @@ -579,14 +689,14 @@ sub testssl { } SKIP: { - skip "TLSv1.1 is not supported by this OpenSSL build", 4 - if $no_tls1_1; + skip "TLSv1.2 is not supported by this OpenSSL build", 4 + if $no_tls1_2; SKIP: { skip "skipping auto DHE PSK test at SECLEVEL 3", 1 if ($no_dh || $no_psk); - ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), + ok(run(test(['ssl_old_test', '-tls1_2', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), 'test auto DHE PSK meets security strength'); } @@ -594,7 +704,7 @@ sub testssl { skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 if ($no_ec || $no_psk); - ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), + ok(run(test(['ssl_old_test', '-tls1_2', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), 'test auto ECDHE PSK meets security strength'); } @@ -602,7 +712,7 @@ sub testssl { skip "skipping no RSA PSK at SECLEVEL 3 test", 1 if ($no_rsa || $no_psk); - ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), + ok(!run(test(['ssl_old_test', '-tls1_2', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); } @@ -610,7 +720,7 @@ sub testssl { skip "skipping no PSK at SECLEVEL 3 test", 1 if ($no_psk); - ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), + ok(!run(test(['ssl_old_test', '-tls1_2', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), 'test auto PSK does not meet security level 3 requirements (PFS)'); } } diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t index b931d4ec4a0a..5ff61910c570 100644 --- a/test/recipes/90-test_includes.t +++ b/test/recipes/90-test_includes.t @@ -2,8 +2,9 @@ use strict; use warnings; -use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test qw/:DEFAULT bldtop_dir data_file/; use OpenSSL::Test::Utils; +use Cwd qw(abs_path); setup("test_includes"); @@ -13,9 +14,11 @@ plan skip_all => "test_includes doesn't work without posix-io" delete $ENV{OPENSSL_CONF_INCLUDE}; plan tests => # The number of tests being performed - 6 + 7 + ($^O eq "VMS" ? 2 : 0); +$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers")); + ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes"); ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test file includes"); ok(run(test(["conf_include_test", data_file("includes-eq.cnf")])), "test includes with equal character"); @@ -28,3 +31,10 @@ if ($^O eq "VMS") { } ok(run(test(["conf_include_test", "-f", data_file("includes-broken.cnf")])), "test broken includes"); ok(run(test(["conf_include_test", "-f", data_file("incdir.cnf")])), "test includedir"); + +SKIP: { + skip "Skipping legacy test", 1 + if disabled("legacy"); + ok(run(test(["conf_include_test", "-providers", data_file("includes-prov-dir.cnf")])), + "test directory includes with provider configs"); +} diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 70fa7e50e2d2..650e0d1ffb16 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -1,31 +1,40 @@ #! /usr/bin/env perl -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file result_dir result_file/; use File::Temp qw(tempfile); BEGIN { setup("test_sslapi"); } -use lib srctop_dir('Configurations'); -use lib bldtop_dir('.'); - my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $fipsmodcfg_filename = "fipsmodule.cnf"; +my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); + +my $provconf = srctop_file("test", "fips-and-base.cnf"); + +# A modified copy of "fipsmodule.cnf" +my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; +my $fipsmodcfgnew = result_file($fipsmodcfgnew_filename); + +# An interum modified copy of "fipsmodule.cnf" +my $fipsmodcfgtmp_filename = "fipsmodule_tmp.cnf"; +my $fipsmodcfgtmp = result_file($fipsmodcfgtmp_filename); + +# A modified copy of "fips-and-base.cnf" +my $provconfnew = result_file("fips-and-base-temp.cnf"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); -plan tests => - ($no_fips ? 0 : 1) # sslapitest with fips - + 1; # sslapitest with default provider +plan tests => 4; (undef, my $tmpfilename) = tempfile(); @@ -39,16 +48,102 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"), "dhparams.pem")])), "running sslapitest"); -unless ($no_fips) { +SKIP: { + skip "Skipping FIPS tests", 2 + if $no_fips; + + # NOTE that because by default we setup fips provider in pedantic mode, + # with >= 3.1.0 this just runs test_no_ems() to check that the connection + # fails if ems is not used and the fips check is enabled. ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "fips", - srctop_file("test", "fips-and-base.cnf"), + $provconf, srctop_file("test", "recipes", "90-test_sslapi_data", "dhparams.pem")])), - "running sslapitest"); + "running sslapitest with default fips config"); + + run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), + capture => 1, statusvar => \my $exit); + + skip "FIPS provider version is too old for TLS_PRF EMS option test", 1 + if !$exit; + + # Read in a text $infile and replace the regular expression in $srch with the + # value in $repl and output to a new file $outfile. + sub replace_line_file_internal { + + my ($infile, $srch, $repl, $outfile) = @_; + my $msg; + + open(my $in, "<", $infile) or return 0; + read($in, $msg, 1024); + close $in; + + $msg =~ s/$srch/$repl/; + + open(my $fh, ">", $outfile) or return 0; + print $fh $msg; + close $fh; + return 1; + } + + # Read in the text input file $infile + # and replace a single Key = Value line with a new value in $value. + # OR remove the Key = Value line if the passed in $value is empty. + # and then output a new file $outfile. + # $key is the Key to find + sub replace_kv_file { + my ($infile, $key, $value, $outfile) = @_; + my $srch = qr/$key\s*=\s*\S*\n/; + my $rep; + if ($value eq "") { + $rep = ""; + } else { + $rep = "$key = $value\n"; + } + return replace_line_file_internal($infile, $srch, $rep, $outfile); + } + + # Read in the text $input file + # and search for the $key and replace with $newkey + # and then output a new file $outfile. + sub replace_line_file { + my ($infile, $key, $newkey, $outfile) = @_; + my $srch = qr/$key/; + my $rep = "$newkey"; + return replace_line_file_internal($infile, + $srch, $rep, $outfile); + } + + # The default fipsmodule.cnf in tests is set with -pedantic. + # In order to enable the tls1-prf-ems-check=0 in a fips config file + # copy the existing fipsmodule.cnf and modify it. + # Then copy fips-and-base.cfg to make a file that includes the changed file + $ENV{OPENSSL_CONF_INCLUDE} = result_dir(); + ok(replace_kv_file($fipsmodcfg, + 'tls1-prf-ems-check', '0', + $fipsmodcfgtmp) + && replace_kv_file($fipsmodcfgtmp, + 'rsa-pkcs15-pad-disabled', '0', + $fipsmodcfgnew) + && replace_line_file($provconf, + $fipsmodcfg_filename, $fipsmodcfgnew_filename, + $provconfnew) + && run(test(["sslapitest", srctop_dir("test", "certs"), + srctop_file("test", "recipes", "90-test_sslapi_data", + "passwd.txt"), + $tmpfilename, "fips", + $provconfnew, + srctop_file("test", + "recipes", + "90-test_sslapi_data", + "dhparams.pem")])), + "running sslapitest with modified fips config"); } +ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test"); + unlink $tmpfilename; diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 12a8a32d9846..f0f9e4d94b1d 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,8 @@ use OpenSSL::Test::Utils; my $test_name = "test_store"; setup($test_name); +require(srctop_file("test", "recipes", "tconversion.pl")); # for test_file_contains() + my $use_md5 = !disabled("md5"); my $use_des = !(disabled("des") || disabled("legacy")); # also affects 3des and pkcs12 app my $use_dsa = !disabled("dsa"); @@ -106,7 +108,7 @@ push @methods, [ @prov_method ]; push @methods, [qw(-engine loader_attic)] unless disabled('loadereng'); -my $n = scalar @methods +my $n = 4 + scalar @methods * ( (3 * scalar @noexist_files) + (6 * scalar @src_files) + (2 * scalar @data_files) @@ -131,6 +133,14 @@ plan skip_all => "No plan" if $n == 0; plan tests => $n; +my $test_x509 = srctop_file('test', 'testx509.pem'); + +ok(run(app(["openssl", "storeutl", "-crls", $test_x509])), + "storeutil with -crls option"); + +ok(!run(app(["openssl", "storeutl", $test_x509, "-crls"])), + "storeutil with extra parameter (at end) should fail"); + indir "store_$$" => sub { if ($do_test_ossltest_store) { # ossltest loads PEM files, with names prefixed with 'ot:'. @@ -164,6 +174,11 @@ indir "store_$$" => sub { my $rehash = init_rehash(); + ok(run(app(["openssl", "storeutl", "-out", "cacert.pem", "cacert.pem"])), + "identical infile and outfile"); + test_file_contains("storeutl output on same input", + "cacert.pem", "Total found: 1"); + foreach my $method (@methods) { my @storeutl = ( qw(openssl storeutl), @$method ); @@ -402,7 +417,7 @@ sub init { }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files)) # *-cert.pem (intermediary for the .p12 inits) && run(app(["openssl", "req", "-x509", @std_args, - "-config", $cnf, "-noenc", + "-config", $cnf, "-reqexts", "v3_ca", "-noenc", "-key", $cakey, "-out", "cacert.pem"])) && runall(sub { my $srckey = shift; diff --git a/test/recipes/90-test_sysdefault.t b/test/recipes/90-test_sysdefault.t index 308a592abac9..921f1cf6a917 100644 --- a/test/recipes/90-test_sysdefault.t +++ b/test/recipes/90-test_sysdefault.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT data_file/; my $test_name = "test_sysdefault"; setup($test_name); @@ -16,8 +16,16 @@ setup($test_name); plan skip_all => "$test_name is not supported in this build" if disabled("tls1_2") || disabled("rsa"); -plan tests => 1; +plan tests => 3; -$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf"); +$ENV{OPENSSL_CONF} = data_file("sysdefault.cnf"); + +ok(run(test(["sysdefaulttest"])), "sysdefaulttest"); + +$ENV{OPENSSL_CONF} = data_file("sysdefault-bad.cnf"); + +ok(run(test(["sysdefaulttest", "-f"])), "sysdefaulttest"); + +$ENV{OPENSSL_CONF} = data_file("sysdefault-ignore.cnf"); ok(run(test(["sysdefaulttest"])), "sysdefaulttest"); diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t index d373fcbd166f..8033ad10c649 100644 --- a/test/recipes/90-test_threads.t +++ b/test/recipes/90-test_threads.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $config_path = abs_path(srctop_file("test", $no_fips ? "default.cnf" : "default-and-fips.cnf")); -plan tests => 2; +plan tests => 3; if ($no_fips) { ok(run(test(["threadstest", "-config", $config_path, data_dir()])), @@ -33,8 +33,10 @@ if ($no_fips) { "running test_threads with FIPS"); } +ok(run(test(["threadpool_test"])), "running threadpool_test"); + # Merge the configuration files into one filtering the contents so the failure -# condition is reproducable. A working FIPS configuration without the install +# condition is reproducible. A working FIPS configuration without the install # status is required. open CFGBASE, '<', $config_path; @@ -53,4 +55,4 @@ close CFGINC; close CFGOUT; $ENV{OPENSSL_CONF} = 'thread.cnf'; -ok(run(test(["threadstest_fips"])), "running test_threads_fips"); +ok(run(test(["threadstest_fips"])), "running threadstest_fips"); diff --git a/test/recipes/90-test_traceapi.t b/test/recipes/90-test_traceapi.t deleted file mode 100644 index a63bcf9984b4..000000000000 --- a/test/recipes/90-test_traceapi.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_traceapi", "trace_api_test"); diff --git a/test/recipes/95-test_external_pyca_data/cryptography.sh b/test/recipes/95-test_external_pyca_data/cryptography.sh index b33af504d01d..18d93f539442 100755 --- a/test/recipes/95-test_external_pyca_data/cryptography.sh +++ b/test/recipes/95-test_external_pyca_data/cryptography.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/recipes/tconversion.pl b/test/recipes/tconversion.pl index 78be03178c32..fa496bcf3122 100644 --- a/test/recipes/tconversion.pl +++ b/test/recipes/tconversion.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,8 @@ use warnings; use File::Compare qw/compare_text/; use File::Copy; use OpenSSL::Test qw/:DEFAULT/; +use Time::Piece; +use POSIX qw(strftime); my %conversionforms = ( # Default conversion forms. Other series may be added with @@ -111,26 +113,44 @@ sub cmp_text { } sub file_contains { - $_ = shift @_; - my $pattern = shift @_; - open(DATA, $_) or return 0; + my ($file, $pattern) = @_; + open(DATA, $file) or return 0; $_= join('', <DATA>); close(DATA); + s/\s+/ /g; # take multiple whitespace (including newline) as single space return m/$pattern/ ? 1 : 0; } +sub test_file_contains { + my ($desc, $file, $pattern, $expected) = @_; + $expected //= 1; + return is(file_contains($file, $pattern), $expected, + "$desc should ".($expected ? "" : "not ")."contain '$pattern'"); +} + sub cert_contains { - my $cert = shift @_; - my $pattern = shift @_; - my $expected = shift @_; - my $name = shift @_; + my ($cert, $pattern, $expected, $name) = @_; my $out = "cert_contains.out"; run(app(["openssl", "x509", "-noout", "-text", "-in", $cert, "-out", $out])); - is(file_contains($out, $pattern), $expected, ($name ? "$name: " : ""). - "$cert should ".($expected ? "" : "not ")."contain $pattern"); + return test_file_contains(($name ? "$name: " : "").$cert, $out, $pattern, $expected); # not unlinking $out } +sub has_version { + my ($cert, $expect) = @_; + cert_contains($cert, "Version: $expect", 1); +} + +sub has_SKID { + my ($cert, $expect) = @_; + cert_contains($cert, "Subject Key Identifier", $expect); +} + +sub has_AKID { + my ($cert, $expect) = @_; + cert_contains($cert, "Authority Key Identifier", $expect); +} + sub uniq (@) { my %seen = (); grep { not $seen{$_}++ } @_; @@ -145,10 +165,7 @@ sub file_n_different_lines { } sub cert_ext_has_n_different_lines { - my $cert = shift @_; - my $expected = shift @_; - my $exts = shift @_; - my $name = shift @_; + my ($cert, $expected, $exts, $name) = @_; my $out = "cert_n_different_exts.out"; run(app(["openssl", "x509", "-noout", "-ext", $exts, "-in", $cert, "-out", $out])); @@ -157,4 +174,44 @@ sub cert_ext_has_n_different_lines { # not unlinking $out } +# extracts string value of certificate field from a -text formatted-output +sub get_field { + my ($f, $field) = @_; + my $string = ""; + open my $fh, $f or die; + while (my $line = <$fh>) { + if ($line =~ /$field:\s+(.*)/) { + $string = $1; + } + } + close $fh; + return $string; +} + +sub get_issuer { + return get_field(@_, "Issuer"); +} + +sub get_not_before { + return get_field(@_, "Not Before"); +} + +# Date as yyyy-mm-dd +sub get_not_before_date { + return Time::Piece->strptime( + get_not_before(@_), + "%b %d %T %Y %Z")->date; +} + +sub get_not_after { + return get_field(@_, "Not After "); +} + +# Date as yyyy-mm-dd +sub get_not_after_date { + return Time::Piece->strptime( + get_not_after(@_), + "%b %d %T %Y %Z")->date; +} + 1; diff --git a/test/recordlentest.c b/test/recordlentest.c index 2cc52ed232ab..c7fb27408f46 100644 --- a/test/recordlentest.c +++ b/test/recordlentest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ static char *privkey = NULL; #define TOTAL_RECORD_OVERFLOW_TESTS 6 -static int write_record(BIO *b, size_t len, int rectype, int recversion) +static int write_record(BIO *b, size_t len, uint8_t rectype, int recversion) { unsigned char header[SSL3_RT_HEADER_LENGTH]; size_t written; diff --git a/test/rsa_complex.c b/test/rsa_complex.c index c86d912340a1..7c77980f5435 100644 --- a/test/rsa_complex.c +++ b/test/rsa_complex.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/rsa_mp_test.c b/test/rsa_mp_test.c index 5405df342422..cc9e282b1409 100644 --- a/test/rsa_mp_test.c +++ b/test/rsa_mp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 BaishanCloud. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -289,8 +289,41 @@ err: return ret; } +static int test_rsa_mp_gen_bad_input(void) +{ + int ret = 0; + RSA *rsa = NULL; + BIGNUM *ebn = NULL; + + if (!TEST_ptr(rsa = RSA_new())) + goto err; + + if (!TEST_ptr(ebn = BN_new())) + goto err; + if (!TEST_true(BN_set_word(ebn, 65537))) + goto err; + + /* Test that a NULL exponent fails and does not segfault */ + if (!TEST_int_eq(RSA_generate_multi_prime_key(rsa, 1024, 2, NULL, NULL), 0)) + goto err; + + /* Test invalid bitsize fails */ + if (!TEST_int_eq(RSA_generate_multi_prime_key(rsa, 500, 2, ebn, NULL), 0)) + goto err; + + /* Test invalid prime count fails */ + if (!TEST_int_eq(RSA_generate_multi_prime_key(rsa, 1024, 1, ebn, NULL), 0)) + goto err; + ret = 1; +err: + BN_free(ebn); + RSA_free(rsa); + return ret; +} + int setup_tests(void) { + ADD_TEST(test_rsa_mp_gen_bad_input); ADD_ALL_TESTS(test_rsa_mp, 2); return 1; } diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c index b17dafe399f2..f009bf61724e 100644 --- a/test/rsa_sp800_56b_test.c +++ b/test/rsa_sp800_56b_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -300,7 +300,8 @@ static int test_check_crt_components(void) BN_free(q); goto end; } - ret = TEST_true(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx)) + + ret = TEST_int_eq(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx), 1) && TEST_BN_eq_word(key->n, N) && TEST_BN_eq_word(key->dmp1, DP) && TEST_BN_eq_word(key->dmq1, DQ) @@ -345,6 +346,43 @@ end: return ret; } +static const struct derive_from_pq_test { + int p, q, e; +} derive_from_pq_tests[] = { + { 15, 17, 6 }, /* Mod_inverse failure */ + { 0, 17, 5 }, /* d is too small */ +}; + +static int test_derive_params_from_pq_fail(int tst) +{ + int ret = 0; + RSA *key = NULL; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *q = NULL, *e = NULL; + + ret = TEST_ptr(key = RSA_new()) + && TEST_ptr(ctx = BN_CTX_new()) + && TEST_ptr(p = BN_new()) + && TEST_ptr(q = BN_new()) + && TEST_ptr(e = BN_new()) + && TEST_true(BN_set_word(p, derive_from_pq_tests[tst].p)) + && TEST_true(BN_set_word(q, derive_from_pq_tests[tst].q)) + && TEST_true(BN_set_word(e, derive_from_pq_tests[tst].e)) + && TEST_true(RSA_set0_factors(key, p, q)); + if (!ret) { + BN_free(p); + BN_free(q); + goto end; + } + + ret = TEST_int_le(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx), 0); +end: + BN_free(e); + RSA_free(key); + BN_CTX_free(ctx); + return ret; +} + static int test_pq_diff(void) { int ret = 0; @@ -420,6 +458,10 @@ static int test_invalid_keypair(void) && TEST_true(BN_add_word(n, 1)) && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) && TEST_true(BN_sub_word(n, 1)) + /* check that validation fails if len(n) is not even */ + && TEST_true(BN_lshift1(n, n)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2049)) + && TEST_true(BN_rshift1(n, n)) /* check p */ && TEST_true(BN_sub_word(p, 2)) && TEST_true(BN_mul(n, p, q, ctx)) @@ -438,8 +480,7 @@ end: return ret; } -static int keygen_size[] = -{ +static int keygen_size[] = { 2048, 3072 }; @@ -539,6 +580,7 @@ int setup_tests(void) ADD_TEST(test_check_prime_factor); ADD_TEST(test_check_private_exponent); ADD_TEST(test_check_crt_components); + ADD_ALL_TESTS(test_derive_params_from_pq_fail, (int)OSSL_NELEM(derive_from_pq_tests)); ADD_TEST(test_check_private_key); ADD_TEST(test_check_public_key); ADD_TEST(test_invalid_keypair); diff --git a/test/rsa_test.c b/test/rsa_test.c index 18345b431a7c..2d9f6aa3a3f8 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -506,11 +506,215 @@ static int test_EVP_rsa_legacy_key(void) return ret; } +static RSA *load_key(int priv) +{ + RSA *rsa = NULL; + BIGNUM *pn = NULL, *pe = NULL, *pd= NULL; + + /* RSA key extracted using > openssl genpkey -algorithm RSA -text */ + static const unsigned char n[] = { + 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97, + 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17, + 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa, + 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f, + 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf, + 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77, + 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4, + 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f, + 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30, + 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21, + 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8, + 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28, + 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19, + 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91, + 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11, + 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62, + 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70, + 0x53, 0x31 + }; + static const unsigned char e[] = { + 0x01, 0x00, 0x01 + }; + static const unsigned char d[] = { + 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21, + 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8, + 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9, + 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64, + 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f, + 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d, + 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19, + 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76, + 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a, + 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88, + 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9, + 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57, + 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc, + 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23, + 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5, + 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37, + 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32, + 0x21 + }; + + if (!TEST_ptr(rsa = RSA_new())) + return NULL; + pn = BN_bin2bn(n, sizeof(n), NULL); + pe = BN_bin2bn(e, sizeof(e), NULL); + if (priv) + pd = BN_bin2bn(d, sizeof(d), NULL); + if (!TEST_false(pn == NULL + || pe == NULL + || (priv && pd == NULL) + || !RSA_set0_key(rsa, pn, pe, pd))) { + BN_free(pn); + BN_free(pe); + BN_free(pd); + RSA_free(rsa); + rsa = NULL; + } + return rsa; +} + +static int test_rsa_saos(void) +{ + int ret = 0; + unsigned int siglen = 0; + RSA *rsa_priv = NULL, *rsa_pub = NULL; + static const unsigned char in[256] = { 0 }; + unsigned char sig[256]; + /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */ + unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3; + + /* A generated signature when in[inlen]= { 1 }. */ + static const unsigned char sig_mismatch[256] = { + 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91, + 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75, + 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60, + 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38, + 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb, + 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57, + 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc, + 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3, + 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f, + 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1, + 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb, + 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9, + 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73, + 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74, + 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae, + 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f, + 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d, + 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4, + 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01, + 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7, + 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd, + 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59, + 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac, + 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7, + 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed, + 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc, + 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9, + 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1, + 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b, + 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd, + 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95, + 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86 + }; + /* The signature generated by RSA_private_encrypt of in[inlen] */ + static const unsigned char no_octet_sig[256] = { + 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19, + 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81, + 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31, + 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e, + 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2, + 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84, + 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc, + 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f, + 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63, + 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52, + 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd, + 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0, + 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2, + 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0, + 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20, + 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc, + 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6, + 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46, + 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21, + 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59, + 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1, + 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3, + 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75, + 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd, + 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33, + 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf, + 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f, + 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4, + 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5, + 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc, + 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad, + 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16 + }; + + if (!TEST_ptr(rsa_priv = load_key(1))) + goto err; + if (!TEST_ptr(rsa_pub = load_key(0))) + goto err; + if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv))) + goto err; + + /* Test that a generated signature can be verified */ + if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, + rsa_priv))) + goto err; + if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) + goto err; + + /* Test sign fails if the input is too large */ + if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen, + rsa_priv))) + goto err; + + /* Fail if there is no private signing key */ + if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, + rsa_pub))) + goto err; + + /* Fail if the signature is the wrong size */ + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub))) + goto err; + + /* Fail if the encrypted input is not octet encoded */ + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig, + (unsigned int)sizeof(no_octet_sig), + rsa_pub))) + goto err; + + /* Fail if the signature does not match the input */ + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch, + (unsigned int)sizeof(sig_mismatch), + rsa_pub))) + goto err; + + /* Fail if the signature is corrupt */ + sig[0]++; + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) + goto err; + sig[0]--; + + ret = 1; +err: + RSA_free(rsa_priv); + RSA_free(rsa_pub); + return ret; +} + int setup_tests(void) { ADD_ALL_TESTS(test_rsa_pkcs1, 3); ADD_ALL_TESTS(test_rsa_oaep, 3); ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); + ADD_TEST(test_rsa_saos); ADD_TEST(test_EVP_rsa_legacy_key); return 1; } diff --git a/test/run_tests.pl b/test/run_tests.pl index 4384ebe28e0d..89d7fafb7256 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -39,6 +39,11 @@ $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); $ENV{CTLOG_FILE} = rel2abs(catfile($srctop, "test", "ct", "log_list.cnf")); +# On platforms that support this, this will ensure malloc returns data that is +# set to a non-zero value. Can be helpful for detecting uninitialized reads in +# some situations. +$ENV{'MALLOC_PERTURB_'} = '128' if !defined $ENV{'MALLOC_PERTURB_'}; + my %tapargs = ( verbosity => $ENV{HARNESS_VERBOSE} ? 1 : 0, lib => [ $libdir ], @@ -170,6 +175,7 @@ $eres = eval { my $failure_verbosity = $openssl_args{failure_verbosity}; my @plans = (); # initial level, no plan yet my $output_buffer = ""; + my $in_indirect = 0; # We rely heavily on perl closures to make failure verbosity work # We need to do so, because there's no way to safely pass extra @@ -206,7 +212,28 @@ $eres = eval { $output_buffer = ""; # ignore comments etc. until plan } elsif ($is_test) { # result of a test pop @plans if @plans && --($plans[-1]) <= 0; - print $output_buffer if !$is_ok; + if ($output_buffer =~ /.*Indirect leak of.*/ == 1) { + my @asan_array = split("\n", $output_buffer); + foreach (@asan_array) { + if ($_ =~ /.*Indirect leak of.*/ == 1) { + if ($in_indirect != 1) { + print "::group::Indirect Leaks\n"; + } + $in_indirect = 1; + } + print "$_\n"; + if ($_ =~ /.*Indirect leak of.*/ != 1) { + if ($_ =~ /^ #.*/ == 0) { + if ($in_indirect != 0) { + print "\n::endgroup::\n"; + } + $in_indirect = 0; + } + } + } + } else { + print $output_buffer if !$is_ok; + } print "\n".$self->as_string if !$is_ok || $failure_verbosity == 2; print "\n# ------------------------------------------------------------------------------" if !$is_ok; diff --git a/test/sanitytest.c b/test/sanitytest.c index aba9149231f3..dd19bfbc71da 100644 --- a/test/sanitytest.c +++ b/test/sanitytest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include <openssl/types.h> #include "testutil.h" #include "internal/numbers.h" +#include "internal/time.h" static int test_sanity_null_zero(void) { @@ -129,6 +130,25 @@ static int test_sanity_memcmp(void) return CRYPTO_memcmp("ab", "cd", 2); } +static int test_sanity_sleep(void) +{ + OSSL_TIME start = ossl_time_now(); + uint64_t seconds; + + /* + * On any reasonable system this must sleep at least one second + * but not more than 20. + * Assuming there is no interruption. + */ + OSSL_sleep(1000); + + seconds = ossl_time2seconds(ossl_time_subtract(ossl_time_now(), start)); + + if (!TEST_uint64_t_ge(seconds, 1) || !TEST_uint64_t_le(seconds, 20)) + return 0; + return 1; +} + int setup_tests(void) { ADD_TEST(test_sanity_null_zero); @@ -138,6 +158,6 @@ int setup_tests(void) ADD_TEST(test_sanity_unsigned_conversion); ADD_TEST(test_sanity_range); ADD_TEST(test_sanity_memcmp); + ADD_TEST(test_sanity_sleep); return 1; } - diff --git a/test/secmemtest.c b/test/secmemtest.c index d0f9ba2e9901..588f31ae676a 100644 --- a/test/secmemtest.c +++ b/test/secmemtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include <openssl/crypto.h> #include "testutil.h" -#include "../e_os.h" +#include "internal/e_os.h" static int test_sec_mem(void) { diff --git a/test/session.pem b/test/session.pem deleted file mode 100644 index ea0b0bcec238..000000000000 --- a/test/session.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN SSL SESSION PARAMETERS----- -MIIFSgIBAQICAwQEAhMCBCAUv8MKab5ruWM6I8xtEH++u+bb2B1OznYnDrRcpLll -6AQwzwJoGXOQ3uCa7bCy07owBiH4Bf13MiDtwaHSnNTEyfLEZBy3SgCE06wa5TJk -Fx8aoQYCBFsWdRqiBAICHCCjggPrMIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0G -CSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdy -b3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQD -DBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoX -DTIxMTAxNjE0MDE0OFowZDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wg -R3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNV -BAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF -9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5T -S5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnG -kwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZ -xrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQ -jeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAO -BgNVHQ8BAf8EBAMCBeAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk -IENlcnRpZmljYXRlMB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNV -HSMEGDAWgBQ2w2yI55X+sL3szj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEA -qb1NV0B0/pbpK9Z4/bNjzPQLTRLKWnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpq -Wz9qoeoFZax+QBpIZYjROU3TS3fpyLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCp -W2Uoy8sAA4JjN9OtsZY7dvUXFgJ7vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZ -J1z1cbbwGDDzfvGFPzJ+Sq+zEPdsxoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxz -A7mNGv73JoZJA6nFgj+ADSlJsY/tJBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+Al -tvHTANdAq0t/K3o+pplMVKQCBAClAwIBFakEAgIcIKqB0wSB0EMQ5938LY/ASVsV -0kStjTVOps9p3VT071bTjD3RR211+gLzBwGCk8gWNH1glJXjLAenh9E2ivDK1tYQ -3ODRdB3V46t9E78r0uAmSG/WMJ9OvkFlXyIhseYwvWW0P1cAYPI/j3Evgcyu9GIs -HSDVEKbBy9CJYCkW/SrT+2A3ouqp+wSW0XgDLFFB+mBte2Hg7wv2uILrYZ4Y0fNe -CUcTq8B+0EFEiq7p0KRGXwpSKYxNw7qZgg/Us3W85BYMnzYjfDzN0KHf+BI28VRT -Rjxuud2uBwIFANHVD/k= ------END SSL SESSION PARAMETERS----- diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index bd0bf0efa74d..1623098fc6ff 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -373,6 +373,7 @@ static int test_sm2_sign(const EC_GROUP *group, static int sm2_sig_test(void) { int testresult = 0; + EC_GROUP *gm_group = NULL; /* From draft-shen-sm2-ecdsa-02 */ EC_GROUP *test_group = create_EC_group @@ -398,9 +399,41 @@ static int sm2_sig_test(void) "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7", 0))) goto done; + /* From Annex A in both GM/T0003.5-2012 and GB/T 32918.5-2016.*/ + gm_group = create_EC_group( + "fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff", + "fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc", + "28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93", + "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", + "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", + "fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123", + "1"); + + if (!TEST_ptr(gm_group)) + goto done; + + if (!TEST_true(test_sm2_sign( + gm_group, + /* the default ID specified in GM/T 0009-2012 (Sec. 10).*/ + SM2_DEFAULT_USERID, + /* privkey */ + "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8", + /* plaintext message */ + "message digest", + /* ephemeral nonce k */ + "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", + /* expected signature, the field values are from GM/T 0003.5-2012, + Annex A. */ + /* signature R, 0x20 bytes */ + "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", + /* signature S, 0x20 bytes */ + "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA", 0))) + goto done; + + /* Make sure we fail if we omit the public portion of the key */ if (!TEST_false(test_sm2_sign( - test_group, + gm_group, /* the default ID specified in GM/T 0009-2012 (Sec. 10).*/ SM2_DEFAULT_USERID, /* privkey */ @@ -409,7 +442,8 @@ static int sm2_sig_test(void) "message digest", /* ephemeral nonce k */ "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", - /* expected signature, */ + /* expected signature, the field values are from GM/T 0003.5-2012, + Annex A. */ /* signature R, 0x20 bytes */ "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", /* signature S, 0x20 bytes */ @@ -420,6 +454,7 @@ static int sm2_sig_test(void) done: EC_GROUP_free(test_group); + EC_GROUP_free(gm_group); return testresult; } diff --git a/test/smime-certs/ca.cnf b/test/smime-certs/ca.cnf index 31bddea1fa03..1bdffadf672d 100644 --- a/test/smime-certs/ca.cnf +++ b/test/smime-certs/ca.cnf @@ -12,14 +12,15 @@ CN = "Not Defined" default_ca = ca #################################################################### + [ req ] default_bits = 2048 default_keyfile = privkey.pem # Don't prompt for fields: use those in section directly prompt = no distinguished_name = req_distinguished_name -x509_extensions = v3_ca # The extensions to add to the self signed cert -string_mask = utf8only +x509_extensions = v3_ca # The extensions to add to the self signed cert +string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request @@ -30,39 +31,46 @@ organizationName = OpenSSL Group # Take CN from environment so it can come from a script. commonName = $ENV::CN -[ usr_cert ] +[ usr_rsa_cert ] + +# These extensions are added when 'ca' signs a request for a normal end-entity +# certificate with key usage restrictions compatible with RSA keys + +basicConstraints = CA:FALSE +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment + +# Following SKID and AKID settings are meanwhile by default in all certificates. +# See doc/man5/x509v3_config.pod for details. -# These extensions are added when 'ca' signs a request for an end entity -# certificate +# subjectKeyIdentifier = hash +# authorityKeyIdentifier = keyid, issuer -basicConstraints=critical, CA:FALSE -keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment +[ signer_cert ] -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid +basicConstraints = CA:FALSE +keyUsage = critical, digitalSignature [ dh_cert ] -# These extensions are added when 'ca' signs a request for an end entity -# DH certificate +# These extensions are added when 'ca' signs a request for an end-entity +# DH certificate, for which only key agreement makes sense -basicConstraints=critical, CA:FALSE -keyUsage=critical, keyAgreement +basicConstraints = CA:FALSE +keyUsage = critical, keyAgreement -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid +[ codesign_cert ] -[ v3_ca ] +# These extensions are added when 'ca' signs a request for a code-signing +# end-entity certificate compatible with RSA and ECC keys +basicConstraints = CA:FALSE +keyUsage = critical, digitalSignature +extendedKeyUsage = codeSigning -# Extensions for a typical CA +[ v3_ca ] -# PKIX recommendation. +# Extensions for a typical CA as required by RFC 5280 etc. +# SKID and AKID are by default set according to PKIX recommendation. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always -basicConstraints = critical,CA:true +basicConstraints = critical, CA:true keyUsage = critical, cRLSign, keyCertSign - diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh index 76766a763d0e..d989683faae0 100644..100755 --- a/test/smime-certs/mksmime-certs.sh +++ b/test/smime-certs/mksmime-certs.sh @@ -1,85 +1,82 @@ #!/bin/sh -# Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - -# Utility to recreate S/MIME certificates +# Utility to recreate S/MIME certificates in this directory. +# Invoke when changes are need from within this directory. OPENSSL=../../apps/openssl -OPENSSL_CONF=./ca.cnf -export OPENSSL_CONF +CONF=ca.cnf +export OPENSSL_CONF=./$CONF + +gen() { + $OPENSSL x509 -CA smroot.pem -new -days 36524 -force_pubkey $1 -subj "$2" \ + -extfile $CONF -extensions $3 +} # Root CA: create certificate directly CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ - -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501 - -# EE RSA certificates: create request first -CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smrsa1.pem -out req.pem -newkey rsa:2048 -# Sign request: end entity extensions -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem - -CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \ - -keyout smrsa2.pem -out req.pem -newkey rsa:2048 -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem + -keyout smroot.pem -out smroot.pem -key ../certs/ca-key.pem -days 36524 -CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \ - -keyout smrsa3.pem -out req.pem -newkey rsa:2048 -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem +# EE RSA certificates with respective extensions +cp ../certs/ee-key.pem smrsa1.pem +gen smrsa1.pem "/CN=Test SMIME EE RSA #1" usr_rsa_cert >>smrsa1.pem +cp ../certs/ee-key-3072.pem smrsa2.pem +gen smrsa2.pem "/CN=Test SMIME EE RSA #2" usr_rsa_cert >>smrsa2.pem +cp ../certs/ee-key-4096.pem smrsa3.pem +gen smrsa3.pem "/CN=Test SMIME EE RSA #3" usr_rsa_cert >>smrsa3.pem -# Create DSA parameters +$OPENSSL x509 -in smrsa3.pem > smrsa3-cert.pem +$OPENSSL pkey -in smrsa3.pem > smrsa3-key.pem -$OPENSSL dsaparam -out dsap.pem 2048 +# Create DSA certificates with respective extensions -CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem -CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \ - -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem -CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \ - -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem +cp ../certs/server-dsa-key.pem smdsa1.pem +gen smdsa1.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa1.pem +cp ../certs/server-dsa-key.pem smdsa2.pem +gen smdsa2.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa2.pem +cp ../certs/server-dsa-key.pem smdsa3.pem +gen smdsa3.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa3.pem -# Create EC parameters +# Create EC certificates with respective extensions -$OPENSSL ecparam -out ecp.pem -name P-256 -$OPENSSL ecparam -out ecp2.pem -name K-283 +cp ../certs/ee-ecdsa-key.pem smec1.pem +gen smec1.pem "/CN=Test SMIME EE EC #1" signer_cert >>smec1.pem +cp ../certs/server-ecdsa-key.pem smec2.pem +gen smec2.pem "/CN=Test SMIME EE EC #2" signer_cert >>smec2.pem -CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smec1.pem -out req.pem -newkey ec:ecp.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem -CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \ - -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem # Do not renew this cert as it is used for legacy data decrypt test +#$OPENSSL ecparam -out ecp.pem -name P-256 #CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ # -keyout smec3.pem -out req.pem -newkey ec:ecp.pem -#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem -# Create X9.42 DH parameters. +#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36524 \ +# -extfile ca.cnf -extensions signer_cert -CAcreateserial >>smec3.pem +#rm ecp.pem req.pem + +# Create X9.42 DH parameters and key. $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem -# Generate X9.42 DH key. $OPENSSL genpkey -paramfile dhp.pem -out smdh.pem -$OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem -# Generate dummy request. -CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smtmp.pem -out req.pem -newkey rsa:2048 -# Sign request but force public key to DH -$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -force_pubkey dhpub.pem \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem -# Remove temp files. -rm -f req.pem ecp.pem ecp2.pem dsap.pem dhp.pem dhpub.pem smtmp.pem smroot.srl +rm dhp.pem +# Create X9.42 DH certificate with respective extensions +gen smdh.pem "/CN=Test SMIME EE DH" dh_cert >>smdh.pem + +# EE RSA code signing end entity certificate with respective extensions +cp ../certs/ee-key.pem csrsa1.pem +gen csrsa1.pem "/CN=Test CodeSign EE RSA" codesign_cert >>csrsa1.pem + +# Create PQ certificates with respective extensions +$OPENSSL genpkey -algorithm ML-DSA-44 -out sm_mldsa44.pem +gen sm_mldsa44.pem "/CN=Test SMIME EE ML-DSA-44" signer_cert >>sm_mldsa44.pem +$OPENSSL genpkey -algorithm SLH-DSA-SHA2-128s -out sm_slhdsa_sha2_128s.pem +gen sm_slhdsa_sha2_128s.pem "/CN=Test SMIME EE SLH-DSA-SHA2-128s" \ + signer_cert >>sm_slhdsa_sha2_128s.pem +$OPENSSL genpkey -algorithm SLH-DSA-SHAKE-128s -out sm_slhdsa_shake_128s.pem +gen sm_slhdsa_shake_128s.pem "/CN=Test SMIME EE SLH-DSA-SHAKE-128s" \ + signer_cert >>sm_slhdsa_shake_128s.pem +$OPENSSL genpkey -algorithm SLH-DSA-SHAKE-256s -out sm_slhdsa_shake_256s.pem +gen sm_slhdsa_shake_256s.pem "/CN=Test SMIME EE SLH-DSA-SHAKE-256s" \ + signer_cert >>sm_slhdsa_shake_256s.pem diff --git a/test/ssl-tests/01-simple.cnf b/test/ssl-tests/01-simple.cnf index dfdd3ee3378d..626892a39092 100644 --- a/test/ssl-tests/01-simple.cnf +++ b/test/ssl-tests/01-simple.cnf @@ -41,12 +41,12 @@ client = 1-Server signature algorithms bug-client [1-Server signature algorithms bug-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512 +ClientSignatureAlgorithms = PSs+SHA512:RsA+SHA512 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-Server signature algorithms bug-client] CipherString = DEFAULT -SignatureAlgorithms = PSS+SHA256:RSA+SHA256 +SignatureAlgorithms = Pss+SHA256:RSa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/01-simple.cnf.in b/test/ssl-tests/01-simple.cnf.in index bcd41e3065be..0c15a5d714fe 100644 --- a/test/ssl-tests/01-simple.cnf.in +++ b/test/ssl-tests/01-simple.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,18 @@ package ssltests; +srand(1); +sub randcase { + my ($names) = @_; + my @ret; + foreach my $name (split(/:/, $names)) { + my ($alg, $rest) = split(/(?=[+])/, $name, 2); + $alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg; + push @ret, $alg . ($rest // ""); + } + return join(":", @ret); +} + our @tests = ( { name => "default", @@ -22,8 +34,8 @@ our @tests = ( { name => "Server signature algorithms bug", # Should have no effect as we aren't doing client auth - server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" }, - client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" }, + server => { "ClientSignatureAlgorithms" => randcase("PSS+SHA512:RSA+SHA512") }, + client => { "SignatureAlgorithms" => randcase("PSS+SHA256:RSA+SHA256") }, test => { "ExpectedResult" => "Success" }, }, diff --git a/test/ssl-tests/04-client_auth.cnf b/test/ssl-tests/04-client_auth.cnf index 46e61cd882d3..782e36c38c9c 100644 --- a/test/ssl-tests/04-client_auth.cnf +++ b/test/ssl-tests/04-client_auth.cnf @@ -1,43 +1,47 @@ # Generated with generate_ssl_tests.pl -num_tests = 36 +num_tests = 40 test-0 = 0-server-auth-flex test-1 = 1-client-auth-flex-request test-2 = 2-client-auth-flex-require-fail test-3 = 3-client-auth-flex-require -test-4 = 4-client-auth-flex-require-non-empty-names -test-5 = 5-client-auth-flex-noroot -test-6 = 6-server-auth-TLSv1 -test-7 = 7-client-auth-TLSv1-request -test-8 = 8-client-auth-TLSv1-require-fail -test-9 = 9-client-auth-TLSv1-require -test-10 = 10-client-auth-TLSv1-require-non-empty-names -test-11 = 11-client-auth-TLSv1-noroot -test-12 = 12-server-auth-TLSv1.1 -test-13 = 13-client-auth-TLSv1.1-request -test-14 = 14-client-auth-TLSv1.1-require-fail -test-15 = 15-client-auth-TLSv1.1-require -test-16 = 16-client-auth-TLSv1.1-require-non-empty-names -test-17 = 17-client-auth-TLSv1.1-noroot -test-18 = 18-server-auth-TLSv1.2 -test-19 = 19-client-auth-TLSv1.2-request -test-20 = 20-client-auth-TLSv1.2-require-fail -test-21 = 21-client-auth-TLSv1.2-require -test-22 = 22-client-auth-TLSv1.2-require-non-empty-names -test-23 = 23-client-auth-TLSv1.2-noroot -test-24 = 24-server-auth-DTLSv1 -test-25 = 25-client-auth-DTLSv1-request -test-26 = 26-client-auth-DTLSv1-require-fail -test-27 = 27-client-auth-DTLSv1-require -test-28 = 28-client-auth-DTLSv1-require-non-empty-names -test-29 = 29-client-auth-DTLSv1-noroot -test-30 = 30-server-auth-DTLSv1.2 -test-31 = 31-client-auth-DTLSv1.2-request -test-32 = 32-client-auth-DTLSv1.2-require-fail -test-33 = 33-client-auth-DTLSv1.2-require -test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names -test-35 = 35-client-auth-DTLSv1.2-noroot +test-4 = 4-client-auth-flex-rsa-pss +test-5 = 5-client-auth-flex-rsa-pss-bad +test-6 = 6-client-auth-flex-require-non-empty-names +test-7 = 7-client-auth-flex-noroot +test-8 = 8-server-auth-TLSv1 +test-9 = 9-client-auth-TLSv1-request +test-10 = 10-client-auth-TLSv1-require-fail +test-11 = 11-client-auth-TLSv1-require +test-12 = 12-client-auth-TLSv1-require-non-empty-names +test-13 = 13-client-auth-TLSv1-noroot +test-14 = 14-server-auth-TLSv1.1 +test-15 = 15-client-auth-TLSv1.1-request +test-16 = 16-client-auth-TLSv1.1-require-fail +test-17 = 17-client-auth-TLSv1.1-require +test-18 = 18-client-auth-TLSv1.1-require-non-empty-names +test-19 = 19-client-auth-TLSv1.1-noroot +test-20 = 20-server-auth-TLSv1.2 +test-21 = 21-client-auth-TLSv1.2-request +test-22 = 22-client-auth-TLSv1.2-require-fail +test-23 = 23-client-auth-TLSv1.2-require +test-24 = 24-client-auth-TLSv1.2-rsa-pss +test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad +test-26 = 26-client-auth-TLSv1.2-require-non-empty-names +test-27 = 27-client-auth-TLSv1.2-noroot +test-28 = 28-server-auth-DTLSv1 +test-29 = 29-client-auth-DTLSv1-request +test-30 = 30-client-auth-DTLSv1-require-fail +test-31 = 31-client-auth-DTLSv1-require +test-32 = 32-client-auth-DTLSv1-require-non-empty-names +test-33 = 33-client-auth-DTLSv1-noroot +test-34 = 34-server-auth-DTLSv1.2 +test-35 = 35-client-auth-DTLSv1.2-request +test-36 = 36-client-auth-DTLSv1.2-require-fail +test-37 = 37-client-auth-DTLSv1.2-require +test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names +test-39 = 39-client-auth-DTLSv1.2-noroot # =========================================================== [0-server-auth-flex] @@ -142,14 +146,75 @@ ExpectedResult = Success # =========================================================== -[4-client-auth-flex-require-non-empty-names] -ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl +[4-client-auth-flex-rsa-pss] +ssl_conf = 4-client-auth-flex-rsa-pss-ssl -[4-client-auth-flex-require-non-empty-names-ssl] -server = 4-client-auth-flex-require-non-empty-names-server -client = 4-client-auth-flex-require-non-empty-names-client +[4-client-auth-flex-rsa-pss-ssl] +server = 4-client-auth-flex-rsa-pss-server +client = 4-client-auth-flex-rsa-pss-client -[4-client-auth-flex-require-non-empty-names-server] +[4-client-auth-flex-rsa-pss-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Require + +[4-client-auth-flex-rsa-pss-client] +Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem +CipherString = DEFAULT:@SECLEVEL=0 +Options = StrictCertCheck +PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem +ExpectedClientCertType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-flex-rsa-pss-bad] +ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl + +[5-client-auth-flex-rsa-pss-bad-ssl] +server = 5-client-auth-flex-rsa-pss-bad-server +client = 5-client-auth-flex-rsa-pss-bad-client + +[5-client-auth-flex-rsa-pss-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem +VerifyMode = Require + +[5-client-auth-flex-rsa-pss-bad-client] +Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem +CipherString = DEFAULT:@SECLEVEL=0 +Options = StrictCertCheck +PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[6-client-auth-flex-require-non-empty-names] +ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl + +[6-client-auth-flex-require-non-empty-names-ssl] +server = 6-client-auth-flex-require-non-empty-names-server +client = 6-client-auth-flex-require-non-empty-names-client + +[6-client-auth-flex-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -157,14 +222,14 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[4-client-auth-flex-require-non-empty-names-client] +[6-client-auth-flex-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-4] +[test-6] ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem ExpectedClientCertType = RSA ExpectedResult = Success @@ -172,68 +237,68 @@ ExpectedResult = Success # =========================================================== -[5-client-auth-flex-noroot] -ssl_conf = 5-client-auth-flex-noroot-ssl +[7-client-auth-flex-noroot] +ssl_conf = 7-client-auth-flex-noroot-ssl -[5-client-auth-flex-noroot-ssl] -server = 5-client-auth-flex-noroot-server -client = 5-client-auth-flex-noroot-client +[7-client-auth-flex-noroot-ssl] +server = 7-client-auth-flex-noroot-server +client = 7-client-auth-flex-noroot-client -[5-client-auth-flex-noroot-server] +[7-client-auth-flex-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[5-client-auth-flex-noroot-client] +[7-client-auth-flex-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-7] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[6-server-auth-TLSv1] -ssl_conf = 6-server-auth-TLSv1-ssl +[8-server-auth-TLSv1] +ssl_conf = 8-server-auth-TLSv1-ssl -[6-server-auth-TLSv1-ssl] -server = 6-server-auth-TLSv1-server -client = 6-server-auth-TLSv1-client +[8-server-auth-TLSv1-ssl] +server = 8-server-auth-TLSv1-server +client = 8-server-auth-TLSv1-client -[6-server-auth-TLSv1-server] +[8-server-auth-TLSv1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-server-auth-TLSv1-client] +[8-server-auth-TLSv1-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-8] ExpectedResult = Success # =========================================================== -[7-client-auth-TLSv1-request] -ssl_conf = 7-client-auth-TLSv1-request-ssl +[9-client-auth-TLSv1-request] +ssl_conf = 9-client-auth-TLSv1-request-ssl -[7-client-auth-TLSv1-request-ssl] -server = 7-client-auth-TLSv1-request-server -client = 7-client-auth-TLSv1-request-client +[9-client-auth-TLSv1-request-ssl] +server = 9-client-auth-TLSv1-request-server +client = 9-client-auth-TLSv1-request-client -[7-client-auth-TLSv1-request-server] +[9-client-auth-TLSv1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -241,27 +306,27 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[7-client-auth-TLSv1-request-client] +[9-client-auth-TLSv1-request-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-9] ExpectedResult = Success # =========================================================== -[8-client-auth-TLSv1-require-fail] -ssl_conf = 8-client-auth-TLSv1-require-fail-ssl +[10-client-auth-TLSv1-require-fail] +ssl_conf = 10-client-auth-TLSv1-require-fail-ssl -[8-client-auth-TLSv1-require-fail-ssl] -server = 8-client-auth-TLSv1-require-fail-server -client = 8-client-auth-TLSv1-require-fail-client +[10-client-auth-TLSv1-require-fail-ssl] +server = 10-client-auth-TLSv1-require-fail-server +client = 10-client-auth-TLSv1-require-fail-client -[8-client-auth-TLSv1-require-fail-server] +[10-client-auth-TLSv1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -270,28 +335,28 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[8-client-auth-TLSv1-require-fail-client] +[10-client-auth-TLSv1-require-fail-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-10] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure # =========================================================== -[9-client-auth-TLSv1-require] -ssl_conf = 9-client-auth-TLSv1-require-ssl +[11-client-auth-TLSv1-require] +ssl_conf = 11-client-auth-TLSv1-require-ssl -[9-client-auth-TLSv1-require-ssl] -server = 9-client-auth-TLSv1-require-server -client = 9-client-auth-TLSv1-require-client +[11-client-auth-TLSv1-require-ssl] +server = 11-client-auth-TLSv1-require-server +client = 11-client-auth-TLSv1-require-client -[9-client-auth-TLSv1-require-server] +[11-client-auth-TLSv1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -300,7 +365,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[9-client-auth-TLSv1-require-client] +[11-client-auth-TLSv1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -309,7 +374,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-11] ExpectedClientCANames = empty ExpectedClientCertType = RSA ExpectedResult = Success @@ -317,14 +382,14 @@ ExpectedResult = Success # =========================================================== -[10-client-auth-TLSv1-require-non-empty-names] -ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl +[12-client-auth-TLSv1-require-non-empty-names] +ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl -[10-client-auth-TLSv1-require-non-empty-names-ssl] -server = 10-client-auth-TLSv1-require-non-empty-names-server -client = 10-client-auth-TLSv1-require-non-empty-names-client +[12-client-auth-TLSv1-require-non-empty-names-ssl] +server = 12-client-auth-TLSv1-require-non-empty-names-server +client = 12-client-auth-TLSv1-require-non-empty-names-client -[10-client-auth-TLSv1-require-non-empty-names-server] +[12-client-auth-TLSv1-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -334,7 +399,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[10-client-auth-TLSv1-require-non-empty-names-client] +[12-client-auth-TLSv1-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -343,7 +408,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-12] ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem ExpectedClientCertType = RSA ExpectedResult = Success @@ -351,14 +416,14 @@ ExpectedResult = Success # =========================================================== -[11-client-auth-TLSv1-noroot] -ssl_conf = 11-client-auth-TLSv1-noroot-ssl +[13-client-auth-TLSv1-noroot] +ssl_conf = 13-client-auth-TLSv1-noroot-ssl -[11-client-auth-TLSv1-noroot-ssl] -server = 11-client-auth-TLSv1-noroot-server -client = 11-client-auth-TLSv1-noroot-client +[13-client-auth-TLSv1-noroot-ssl] +server = 13-client-auth-TLSv1-noroot-server +client = 13-client-auth-TLSv1-noroot-client -[11-client-auth-TLSv1-noroot-server] +[13-client-auth-TLSv1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -366,7 +431,7 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[11-client-auth-TLSv1-noroot-client] +[13-client-auth-TLSv1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 @@ -375,48 +440,48 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-13] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[12-server-auth-TLSv1.1] -ssl_conf = 12-server-auth-TLSv1.1-ssl +[14-server-auth-TLSv1.1] +ssl_conf = 14-server-auth-TLSv1.1-ssl -[12-server-auth-TLSv1.1-ssl] -server = 12-server-auth-TLSv1.1-server -client = 12-server-auth-TLSv1.1-client +[14-server-auth-TLSv1.1-ssl] +server = 14-server-auth-TLSv1.1-server +client = 14-server-auth-TLSv1.1-client -[12-server-auth-TLSv1.1-server] +[14-server-auth-TLSv1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-server-auth-TLSv1.1-client] +[14-server-auth-TLSv1.1-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-14] ExpectedResult = Success # =========================================================== -[13-client-auth-TLSv1.1-request] -ssl_conf = 13-client-auth-TLSv1.1-request-ssl +[15-client-auth-TLSv1.1-request] +ssl_conf = 15-client-auth-TLSv1.1-request-ssl -[13-client-auth-TLSv1.1-request-ssl] -server = 13-client-auth-TLSv1.1-request-server -client = 13-client-auth-TLSv1.1-request-client +[15-client-auth-TLSv1.1-request-ssl] +server = 15-client-auth-TLSv1.1-request-server +client = 15-client-auth-TLSv1.1-request-client -[13-client-auth-TLSv1.1-request-server] +[15-client-auth-TLSv1.1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -424,27 +489,27 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[13-client-auth-TLSv1.1-request-client] +[15-client-auth-TLSv1.1-request-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-15] ExpectedResult = Success # =========================================================== -[14-client-auth-TLSv1.1-require-fail] -ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl +[16-client-auth-TLSv1.1-require-fail] +ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl -[14-client-auth-TLSv1.1-require-fail-ssl] -server = 14-client-auth-TLSv1.1-require-fail-server -client = 14-client-auth-TLSv1.1-require-fail-client +[16-client-auth-TLSv1.1-require-fail-ssl] +server = 16-client-auth-TLSv1.1-require-fail-server +client = 16-client-auth-TLSv1.1-require-fail-client -[14-client-auth-TLSv1.1-require-fail-server] +[16-client-auth-TLSv1.1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -453,28 +518,28 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[14-client-auth-TLSv1.1-require-fail-client] +[16-client-auth-TLSv1.1-require-fail-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-16] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure # =========================================================== -[15-client-auth-TLSv1.1-require] -ssl_conf = 15-client-auth-TLSv1.1-require-ssl +[17-client-auth-TLSv1.1-require] +ssl_conf = 17-client-auth-TLSv1.1-require-ssl -[15-client-auth-TLSv1.1-require-ssl] -server = 15-client-auth-TLSv1.1-require-server -client = 15-client-auth-TLSv1.1-require-client +[17-client-auth-TLSv1.1-require-ssl] +server = 17-client-auth-TLSv1.1-require-server +client = 17-client-auth-TLSv1.1-require-client -[15-client-auth-TLSv1.1-require-server] +[17-client-auth-TLSv1.1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -483,7 +548,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[15-client-auth-TLSv1.1-require-client] +[17-client-auth-TLSv1.1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -492,7 +557,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-17] ExpectedClientCANames = empty ExpectedClientCertType = RSA ExpectedResult = Success @@ -500,14 +565,14 @@ ExpectedResult = Success # =========================================================== -[16-client-auth-TLSv1.1-require-non-empty-names] -ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl +[18-client-auth-TLSv1.1-require-non-empty-names] +ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl -[16-client-auth-TLSv1.1-require-non-empty-names-ssl] -server = 16-client-auth-TLSv1.1-require-non-empty-names-server -client = 16-client-auth-TLSv1.1-require-non-empty-names-client +[18-client-auth-TLSv1.1-require-non-empty-names-ssl] +server = 18-client-auth-TLSv1.1-require-non-empty-names-server +client = 18-client-auth-TLSv1.1-require-non-empty-names-client -[16-client-auth-TLSv1.1-require-non-empty-names-server] +[18-client-auth-TLSv1.1-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -517,7 +582,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[16-client-auth-TLSv1.1-require-non-empty-names-client] +[18-client-auth-TLSv1.1-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -526,7 +591,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-18] ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem ExpectedClientCertType = RSA ExpectedResult = Success @@ -534,14 +599,14 @@ ExpectedResult = Success # =========================================================== -[17-client-auth-TLSv1.1-noroot] -ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl +[19-client-auth-TLSv1.1-noroot] +ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl -[17-client-auth-TLSv1.1-noroot-ssl] -server = 17-client-auth-TLSv1.1-noroot-server -client = 17-client-auth-TLSv1.1-noroot-client +[19-client-auth-TLSv1.1-noroot-ssl] +server = 19-client-auth-TLSv1.1-noroot-server +client = 19-client-auth-TLSv1.1-noroot-client -[17-client-auth-TLSv1.1-noroot-server] +[19-client-auth-TLSv1.1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -549,7 +614,7 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[17-client-auth-TLSv1.1-noroot-client] +[19-client-auth-TLSv1.1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 @@ -558,48 +623,48 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-17] +[test-19] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[18-server-auth-TLSv1.2] -ssl_conf = 18-server-auth-TLSv1.2-ssl +[20-server-auth-TLSv1.2] +ssl_conf = 20-server-auth-TLSv1.2-ssl -[18-server-auth-TLSv1.2-ssl] -server = 18-server-auth-TLSv1.2-server -client = 18-server-auth-TLSv1.2-client +[20-server-auth-TLSv1.2-ssl] +server = 20-server-auth-TLSv1.2-server +client = 20-server-auth-TLSv1.2-client -[18-server-auth-TLSv1.2-server] +[20-server-auth-TLSv1.2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-server-auth-TLSv1.2-client] +[20-server-auth-TLSv1.2-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-20] ExpectedResult = Success # =========================================================== -[19-client-auth-TLSv1.2-request] -ssl_conf = 19-client-auth-TLSv1.2-request-ssl +[21-client-auth-TLSv1.2-request] +ssl_conf = 21-client-auth-TLSv1.2-request-ssl -[19-client-auth-TLSv1.2-request-ssl] -server = 19-client-auth-TLSv1.2-request-server -client = 19-client-auth-TLSv1.2-request-client +[21-client-auth-TLSv1.2-request-ssl] +server = 21-client-auth-TLSv1.2-request-server +client = 21-client-auth-TLSv1.2-request-client -[19-client-auth-TLSv1.2-request-server] +[21-client-auth-TLSv1.2-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 @@ -607,27 +672,27 @@ MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[19-client-auth-TLSv1.2-request-client] +[21-client-auth-TLSv1.2-request-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-21] ExpectedResult = Success # =========================================================== -[20-client-auth-TLSv1.2-require-fail] -ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl +[22-client-auth-TLSv1.2-require-fail] +ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl -[20-client-auth-TLSv1.2-require-fail-ssl] -server = 20-client-auth-TLSv1.2-require-fail-server -client = 20-client-auth-TLSv1.2-require-fail-client +[22-client-auth-TLSv1.2-require-fail-ssl] +server = 22-client-auth-TLSv1.2-require-fail-server +client = 22-client-auth-TLSv1.2-require-fail-client -[20-client-auth-TLSv1.2-require-fail-server] +[22-client-auth-TLSv1.2-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 @@ -636,38 +701,38 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[20-client-auth-TLSv1.2-require-fail-client] +[22-client-auth-TLSv1.2-require-fail-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-22] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure # =========================================================== -[21-client-auth-TLSv1.2-require] -ssl_conf = 21-client-auth-TLSv1.2-require-ssl +[23-client-auth-TLSv1.2-require] +ssl_conf = 23-client-auth-TLSv1.2-require-ssl -[21-client-auth-TLSv1.2-require-ssl] -server = 21-client-auth-TLSv1.2-require-server -client = 21-client-auth-TLSv1.2-require-client +[23-client-auth-TLSv1.2-require-ssl] +server = 23-client-auth-TLSv1.2-require-server +client = 23-client-auth-TLSv1.2-require-client -[21-client-auth-TLSv1.2-require-server] +[23-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -ClientSignatureAlgorithms = SHA256+RSA +ClientSignatureAlgorithms = SHA256+rsA MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[21-client-auth-TLSv1.2-require-client] +[23-client-auth-TLSv1.2-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 @@ -676,7 +741,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-23] ExpectedClientCANames = empty ExpectedClientCertType = RSA ExpectedClientSignHash = SHA256 @@ -686,25 +751,94 @@ ExpectedResult = Success # =========================================================== -[22-client-auth-TLSv1.2-require-non-empty-names] -ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl +[24-client-auth-TLSv1.2-rsa-pss] +ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl + +[24-client-auth-TLSv1.2-rsa-pss-ssl] +server = 24-client-auth-TLSv1.2-rsa-pss-server +client = 24-client-auth-TLSv1.2-rsa-pss-client + +[24-client-auth-TLSv1.2-rsa-pss-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Require + +[24-client-auth-TLSv1.2-rsa-pss-client] +Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem +CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = StrictCertCheck +PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem +ExpectedClientCertType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[25-client-auth-TLSv1.2-rsa-pss-bad] +ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl + +[25-client-auth-TLSv1.2-rsa-pss-bad-ssl] +server = 25-client-auth-TLSv1.2-rsa-pss-bad-server +client = 25-client-auth-TLSv1.2-rsa-pss-bad-client + +[25-client-auth-TLSv1.2-rsa-pss-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem +VerifyMode = Require + +[25-client-auth-TLSv1.2-rsa-pss-bad-client] +Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem +CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = StrictCertCheck +PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[26-client-auth-TLSv1.2-require-non-empty-names] +ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl -[22-client-auth-TLSv1.2-require-non-empty-names-ssl] -server = 22-client-auth-TLSv1.2-require-non-empty-names-server -client = 22-client-auth-TLSv1.2-require-non-empty-names-client +[26-client-auth-TLSv1.2-require-non-empty-names-ssl] +server = 26-client-auth-TLSv1.2-require-non-empty-names-server +client = 26-client-auth-TLSv1.2-require-non-empty-names-client -[22-client-auth-TLSv1.2-require-non-empty-names-server] +[26-client-auth-TLSv1.2-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ClientSignatureAlgorithms = SHA256+RSA +ClientSignatureAlgorithms = SHA256+rsA MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[22-client-auth-TLSv1.2-require-non-empty-names-client] +[26-client-auth-TLSv1.2-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 @@ -713,7 +847,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-26] ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem ExpectedClientCertType = RSA ExpectedClientSignHash = SHA256 @@ -723,14 +857,14 @@ ExpectedResult = Success # =========================================================== -[23-client-auth-TLSv1.2-noroot] -ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl +[27-client-auth-TLSv1.2-noroot] +ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl -[23-client-auth-TLSv1.2-noroot-ssl] -server = 23-client-auth-TLSv1.2-noroot-server -client = 23-client-auth-TLSv1.2-noroot-client +[27-client-auth-TLSv1.2-noroot-ssl] +server = 27-client-auth-TLSv1.2-noroot-server +client = 27-client-auth-TLSv1.2-noroot-client -[23-client-auth-TLSv1.2-noroot-server] +[27-client-auth-TLSv1.2-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 @@ -738,7 +872,7 @@ MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[23-client-auth-TLSv1.2-noroot-client] +[27-client-auth-TLSv1.2-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 @@ -747,49 +881,49 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-23] +[test-27] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[24-server-auth-DTLSv1] -ssl_conf = 24-server-auth-DTLSv1-ssl +[28-server-auth-DTLSv1] +ssl_conf = 28-server-auth-DTLSv1-ssl -[24-server-auth-DTLSv1-ssl] -server = 24-server-auth-DTLSv1-server -client = 24-server-auth-DTLSv1-client +[28-server-auth-DTLSv1-ssl] +server = 28-server-auth-DTLSv1-server +client = 28-server-auth-DTLSv1-client -[24-server-auth-DTLSv1-server] +[28-server-auth-DTLSv1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 MinProtocol = DTLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-server-auth-DTLSv1-client] +[28-server-auth-DTLSv1-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 MinProtocol = DTLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-24] +[test-28] ExpectedResult = Success Method = DTLS # =========================================================== -[25-client-auth-DTLSv1-request] -ssl_conf = 25-client-auth-DTLSv1-request-ssl +[29-client-auth-DTLSv1-request] +ssl_conf = 29-client-auth-DTLSv1-request-ssl -[25-client-auth-DTLSv1-request-ssl] -server = 25-client-auth-DTLSv1-request-server -client = 25-client-auth-DTLSv1-request-client +[29-client-auth-DTLSv1-request-ssl] +server = 29-client-auth-DTLSv1-request-server +client = 29-client-auth-DTLSv1-request-client -[25-client-auth-DTLSv1-request-server] +[29-client-auth-DTLSv1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -797,28 +931,28 @@ MinProtocol = DTLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[25-client-auth-DTLSv1-request-client] +[29-client-auth-DTLSv1-request-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 MinProtocol = DTLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-25] +[test-29] ExpectedResult = Success Method = DTLS # =========================================================== -[26-client-auth-DTLSv1-require-fail] -ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl +[30-client-auth-DTLSv1-require-fail] +ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl -[26-client-auth-DTLSv1-require-fail-ssl] -server = 26-client-auth-DTLSv1-require-fail-server -client = 26-client-auth-DTLSv1-require-fail-client +[30-client-auth-DTLSv1-require-fail-ssl] +server = 30-client-auth-DTLSv1-require-fail-server +client = 30-client-auth-DTLSv1-require-fail-client -[26-client-auth-DTLSv1-require-fail-server] +[30-client-auth-DTLSv1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -827,14 +961,14 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[26-client-auth-DTLSv1-require-fail-client] +[30-client-auth-DTLSv1-require-fail-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 MinProtocol = DTLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-26] +[test-30] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure Method = DTLS @@ -842,14 +976,14 @@ Method = DTLS # =========================================================== -[27-client-auth-DTLSv1-require] -ssl_conf = 27-client-auth-DTLSv1-require-ssl +[31-client-auth-DTLSv1-require] +ssl_conf = 31-client-auth-DTLSv1-require-ssl -[27-client-auth-DTLSv1-require-ssl] -server = 27-client-auth-DTLSv1-require-server -client = 27-client-auth-DTLSv1-require-client +[31-client-auth-DTLSv1-require-ssl] +server = 31-client-auth-DTLSv1-require-server +client = 31-client-auth-DTLSv1-require-client -[27-client-auth-DTLSv1-require-server] +[31-client-auth-DTLSv1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -858,7 +992,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[27-client-auth-DTLSv1-require-client] +[31-client-auth-DTLSv1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -867,7 +1001,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-27] +[test-31] ExpectedClientCANames = empty ExpectedClientCertType = RSA ExpectedResult = Success @@ -876,14 +1010,14 @@ Method = DTLS # =========================================================== -[28-client-auth-DTLSv1-require-non-empty-names] -ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl +[32-client-auth-DTLSv1-require-non-empty-names] +ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl -[28-client-auth-DTLSv1-require-non-empty-names-ssl] -server = 28-client-auth-DTLSv1-require-non-empty-names-server -client = 28-client-auth-DTLSv1-require-non-empty-names-client +[32-client-auth-DTLSv1-require-non-empty-names-ssl] +server = 32-client-auth-DTLSv1-require-non-empty-names-server +client = 32-client-auth-DTLSv1-require-non-empty-names-client -[28-client-auth-DTLSv1-require-non-empty-names-server] +[32-client-auth-DTLSv1-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -893,7 +1027,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[28-client-auth-DTLSv1-require-non-empty-names-client] +[32-client-auth-DTLSv1-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -902,7 +1036,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-28] +[test-32] ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem ExpectedClientCertType = RSA ExpectedResult = Success @@ -911,14 +1045,14 @@ Method = DTLS # =========================================================== -[29-client-auth-DTLSv1-noroot] -ssl_conf = 29-client-auth-DTLSv1-noroot-ssl +[33-client-auth-DTLSv1-noroot] +ssl_conf = 33-client-auth-DTLSv1-noroot-ssl -[29-client-auth-DTLSv1-noroot-ssl] -server = 29-client-auth-DTLSv1-noroot-server -client = 29-client-auth-DTLSv1-noroot-client +[33-client-auth-DTLSv1-noroot-ssl] +server = 33-client-auth-DTLSv1-noroot-server +client = 33-client-auth-DTLSv1-noroot-client -[29-client-auth-DTLSv1-noroot-server] +[33-client-auth-DTLSv1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -926,7 +1060,7 @@ MinProtocol = DTLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[29-client-auth-DTLSv1-noroot-client] +[33-client-auth-DTLSv1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1 @@ -935,7 +1069,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-29] +[test-33] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA Method = DTLS @@ -943,42 +1077,42 @@ Method = DTLS # =========================================================== -[30-server-auth-DTLSv1.2] -ssl_conf = 30-server-auth-DTLSv1.2-ssl +[34-server-auth-DTLSv1.2] +ssl_conf = 34-server-auth-DTLSv1.2-ssl -[30-server-auth-DTLSv1.2-ssl] -server = 30-server-auth-DTLSv1.2-server -client = 30-server-auth-DTLSv1.2-client +[34-server-auth-DTLSv1.2-ssl] +server = 34-server-auth-DTLSv1.2-server +client = 34-server-auth-DTLSv1.2-client -[30-server-auth-DTLSv1.2-server] +[34-server-auth-DTLSv1.2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 MinProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-server-auth-DTLSv1.2-client] +[34-server-auth-DTLSv1.2-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 MinProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-30] +[test-34] ExpectedResult = Success Method = DTLS # =========================================================== -[31-client-auth-DTLSv1.2-request] -ssl_conf = 31-client-auth-DTLSv1.2-request-ssl +[35-client-auth-DTLSv1.2-request] +ssl_conf = 35-client-auth-DTLSv1.2-request-ssl -[31-client-auth-DTLSv1.2-request-ssl] -server = 31-client-auth-DTLSv1.2-request-server -client = 31-client-auth-DTLSv1.2-request-client +[35-client-auth-DTLSv1.2-request-ssl] +server = 35-client-auth-DTLSv1.2-request-server +client = 35-client-auth-DTLSv1.2-request-client -[31-client-auth-DTLSv1.2-request-server] +[35-client-auth-DTLSv1.2-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -986,28 +1120,28 @@ MinProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[31-client-auth-DTLSv1.2-request-client] +[35-client-auth-DTLSv1.2-request-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 MinProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-31] +[test-35] ExpectedResult = Success Method = DTLS # =========================================================== -[32-client-auth-DTLSv1.2-require-fail] -ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl +[36-client-auth-DTLSv1.2-require-fail] +ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl -[32-client-auth-DTLSv1.2-require-fail-ssl] -server = 32-client-auth-DTLSv1.2-require-fail-server -client = 32-client-auth-DTLSv1.2-require-fail-client +[36-client-auth-DTLSv1.2-require-fail-ssl] +server = 36-client-auth-DTLSv1.2-require-fail-server +client = 36-client-auth-DTLSv1.2-require-fail-client -[32-client-auth-DTLSv1.2-require-fail-server] +[36-client-auth-DTLSv1.2-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -1016,14 +1150,14 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[32-client-auth-DTLSv1.2-require-fail-client] +[36-client-auth-DTLSv1.2-require-fail-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 MinProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-32] +[test-36] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure Method = DTLS @@ -1031,14 +1165,14 @@ Method = DTLS # =========================================================== -[33-client-auth-DTLSv1.2-require] -ssl_conf = 33-client-auth-DTLSv1.2-require-ssl +[37-client-auth-DTLSv1.2-require] +ssl_conf = 37-client-auth-DTLSv1.2-require-ssl -[33-client-auth-DTLSv1.2-require-ssl] -server = 33-client-auth-DTLSv1.2-require-server -client = 33-client-auth-DTLSv1.2-require-client +[37-client-auth-DTLSv1.2-require-ssl] +server = 37-client-auth-DTLSv1.2-require-server +client = 37-client-auth-DTLSv1.2-require-client -[33-client-auth-DTLSv1.2-require-server] +[37-client-auth-DTLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -1047,7 +1181,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[33-client-auth-DTLSv1.2-require-client] +[37-client-auth-DTLSv1.2-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -1056,7 +1190,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-33] +[test-37] ExpectedClientCANames = empty ExpectedClientCertType = RSA ExpectedResult = Success @@ -1065,14 +1199,14 @@ Method = DTLS # =========================================================== -[34-client-auth-DTLSv1.2-require-non-empty-names] -ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl +[38-client-auth-DTLSv1.2-require-non-empty-names] +ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl -[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] -server = 34-client-auth-DTLSv1.2-require-non-empty-names-server -client = 34-client-auth-DTLSv1.2-require-non-empty-names-client +[38-client-auth-DTLSv1.2-require-non-empty-names-ssl] +server = 38-client-auth-DTLSv1.2-require-non-empty-names-server +client = 38-client-auth-DTLSv1.2-require-non-empty-names-client -[34-client-auth-DTLSv1.2-require-non-empty-names-server] +[38-client-auth-DTLSv1.2-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -1082,7 +1216,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[34-client-auth-DTLSv1.2-require-non-empty-names-client] +[38-client-auth-DTLSv1.2-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -1091,7 +1225,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-34] +[test-38] ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem ExpectedClientCertType = RSA ExpectedResult = Success @@ -1100,14 +1234,14 @@ Method = DTLS # =========================================================== -[35-client-auth-DTLSv1.2-noroot] -ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl +[39-client-auth-DTLSv1.2-noroot] +ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl -[35-client-auth-DTLSv1.2-noroot-ssl] -server = 35-client-auth-DTLSv1.2-noroot-server -client = 35-client-auth-DTLSv1.2-noroot-client +[39-client-auth-DTLSv1.2-noroot-ssl] +server = 39-client-auth-DTLSv1.2-noroot-server +client = 39-client-auth-DTLSv1.2-noroot-client -[35-client-auth-DTLSv1.2-noroot-server] +[39-client-auth-DTLSv1.2-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -1115,7 +1249,7 @@ MinProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[35-client-auth-DTLSv1.2-noroot-client] +[39-client-auth-DTLSv1.2-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = DTLSv1.2 @@ -1124,7 +1258,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-35] +[test-39] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA Method = DTLS diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in index d908ad1c7df6..ba170bbfb817 100644 --- a/test/ssl-tests/04-client_auth.cnf.in +++ b/test/ssl-tests/04-client_auth.cnf.in @@ -27,6 +27,18 @@ if ($fips_mode) { our @tests = (); +srand(4); +sub randcase { + my ($names) = @_; + my @ret; + foreach my $name (split(/:/, $names)) { + my ($alg, $rest) = split(/(?=[+])/, $name, 2); + $alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg; + push @ret, $alg . ($rest // ""); + } + return join(":", @ret); +} + sub generate_tests() { foreach (0..$#protocols) { my $protocol = $protocols[$_]; @@ -51,7 +63,7 @@ sub generate_tests() { if ($protocol_name eq "TLSv1.2") { $clihash = "SHA256"; $clisigtype = "RSA"; - $clisigalgs = "SHA256+RSA"; + $clisigalgs = "SHA256+".randcase("RSA"); } for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) { # Sanity-check simple handshake. @@ -155,6 +167,65 @@ sub generate_tests() { }; $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + # Successful handshake with client RSA-PSS cert, StrictCertCheck + push @tests, { + name => "client-auth-${protocol_name}-rsa-pss" + .($sctp ? "-sctp" : ""), + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientCAFile" => test_pem("rootcert.pem"), + "VerifyCAFile" => test_pem("rootcert.pem"), + "VerifyMode" => "Require", + }, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("client-pss-restrict-cert.pem"), + "PrivateKey" => test_pem("client-pss-restrict-key.pem"), + "Options" => "StrictCertCheck", + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA-PSS", + "ExpectedClientCANames" => test_pem("rootcert.pem"), + "Method" => $method, + }, + } if $protocol_name eq "TLSv1.2" || $protocol_name eq "flex"; + + # Failed handshake with client RSA-PSS cert, StrictCertCheck, bad CA + push @tests, { + name => "client-auth-${protocol_name}-rsa-pss-bad" + .($sctp ? "-sctp" : ""), + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientCAFile" => test_pem("rootCA.pem"), + "VerifyCAFile" => test_pem("rootCA.pem"), + "VerifyMode" => "Require", + }, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("client-pss-restrict-cert.pem"), + "PrivateKey" => test_pem("client-pss-restrict-key.pem"), + "Options" => "StrictCertCheck", + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => + ($protocol_name eq "flex" + && !disabled("tls1_3") + && (!disabled("ec") || !disabled("dh"))) + ? "CertificateRequired" : "HandshakeFailure", + "Method" => $method, + }, + } if $protocol_name eq "TLSv1.2" || $protocol_name eq "flex"; + # Successful handshake with client authentication non-empty names push @tests, { name => "client-auth-${protocol_name}-require-non-empty-names" diff --git a/test/ssl-tests/13-fragmentation.cnf b/test/ssl-tests/13-fragmentation.cnf index 649387c7b739..e3b532215b8c 100644 --- a/test/ssl-tests/13-fragmentation.cnf +++ b/test/ssl-tests/13-fragmentation.cnf @@ -12,18 +12,18 @@ test-6 = 6-medium-plus-app-data test-7 = 7-large-app-data test-8 = 8-large-app-data-large-fragment-size test-9 = 9-large-app-data-odd-fragment-size -test-10 = 10-large-app-data-aes-sha1-multibuffer -test-11 = 11-large-app-data-aes-sha2-multibuffer -test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment -test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment -test-14 = 14-small-app-data-aes-sha1-multibuffer -test-15 = 15-small-app-data-aes-sha2-multibuffer -test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled -test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048 -test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024 -test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024 -test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048 -test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024 +test-10 = 10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled +test-11 = 11-Maximum Fragment Len extension equal FragmentSize to 2048 +test-12 = 12-Maximum Fragment Len extension 512 lower than FragmentSize 1024 +test-13 = 13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024 +test-14 = 14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048 +test-15 = 15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024 +test-16 = 16-large-app-data-aes-sha1-multibuffer +test-17 = 17-large-app-data-aes-sha2-multibuffer +test-18 = 18-large-app-data-aes-sha1-multibuffer-odd-fragment +test-19 = 19-large-app-data-aes-sha2-multibuffer-odd-fragment +test-20 = 20-small-app-data-aes-sha1-multibuffer +test-21 = 21-small-app-data-aes-sha2-multibuffer # =========================================================== [0-one-fragment-minus-app-data] @@ -259,319 +259,319 @@ MaxFragmentSize = 5115 # =========================================================== -[10-large-app-data-aes-sha1-multibuffer] -ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl +[10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled] +ssl_conf = 10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl -[10-large-app-data-aes-sha1-multibuffer-ssl] -server = 10-large-app-data-aes-sha1-multibuffer-server -client = 10-large-app-data-aes-sha1-multibuffer-client +[10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl] +server = 10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server +client = 10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client -[10-large-app-data-aes-sha1-multibuffer-server] +[10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-large-app-data-aes-sha1-multibuffer-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 +[10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client] +CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ApplicationData = 1048576 -MaxFragmentSize = 4096 +ApplicationData = 3072 +MaxFragmentSize = 16384 +client = 10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra + +[10-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra] +MaxFragmentLenExt = 1024 # =========================================================== -[11-large-app-data-aes-sha2-multibuffer] -ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl +[11-Maximum Fragment Len extension equal FragmentSize to 2048] +ssl_conf = 11-Maximum Fragment Len extension equal FragmentSize to 2048-ssl -[11-large-app-data-aes-sha2-multibuffer-ssl] -server = 11-large-app-data-aes-sha2-multibuffer-server -client = 11-large-app-data-aes-sha2-multibuffer-client +[11-Maximum Fragment Len extension equal FragmentSize to 2048-ssl] +server = 11-Maximum Fragment Len extension equal FragmentSize to 2048-server +client = 11-Maximum Fragment Len extension equal FragmentSize to 2048-client -[11-large-app-data-aes-sha2-multibuffer-server] +[11-Maximum Fragment Len extension equal FragmentSize to 2048-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-large-app-data-aes-sha2-multibuffer-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 +[11-Maximum Fragment Len extension equal FragmentSize to 2048-client] +CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ApplicationData = 1048576 -MaxFragmentSize = 4096 +ApplicationData = 3072 +MaxFragmentSize = 2048 +client = 11-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra + +[11-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra] +MaxFragmentLenExt = 2048 # =========================================================== -[12-large-app-data-aes-sha1-multibuffer-odd-fragment] -ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl +[12-Maximum Fragment Len extension 512 lower than FragmentSize 1024] +ssl_conf = 12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl -[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] -server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server -client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client +[12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl] +server = 12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server +client = 12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client -[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server] +[12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 +[12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client] +CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ApplicationData = 1048579 -MaxFragmentSize = 5115 +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra + +[12-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 512 # =========================================================== -[13-large-app-data-aes-sha2-multibuffer-odd-fragment] -ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl +[13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024] +ssl_conf = 13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl -[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] -server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server -client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client +[13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl] +server = 13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server +client = 13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client -[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server] +[13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 +[13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client] +CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ApplicationData = 1048573 -MaxFragmentSize = 5125 +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra + +[13-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 # =========================================================== -[14-small-app-data-aes-sha1-multibuffer] -ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl +[14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048] +ssl_conf = 14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl -[14-small-app-data-aes-sha1-multibuffer-ssl] -server = 14-small-app-data-aes-sha1-multibuffer-server -client = 14-small-app-data-aes-sha1-multibuffer-client +[14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl] +server = 14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server +client = 14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client -[14-small-app-data-aes-sha1-multibuffer-server] +[14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-small-app-data-aes-sha1-multibuffer-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 +[14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client] +CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ApplicationData = 4096 -MaxFragmentSize = 4096 +ApplicationData = 8196 +MaxFragmentSize = 2048 +client = 14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra + +[14-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra] +MaxFragmentLenExt = 4096 # =========================================================== -[15-small-app-data-aes-sha2-multibuffer] -ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl +[15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024] +ssl_conf = 15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl -[15-small-app-data-aes-sha2-multibuffer-ssl] -server = 15-small-app-data-aes-sha2-multibuffer-server -client = 15-small-app-data-aes-sha2-multibuffer-client +[15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl] +server = 15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server +client = 15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client -[15-small-app-data-aes-sha2-multibuffer-server] +[15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-small-app-data-aes-sha2-multibuffer-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 +[15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client] +CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ApplicationData = 4096 -MaxFragmentSize = 4096 +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra + +[15-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 # =========================================================== -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled] -ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl +[16-large-app-data-aes-sha1-multibuffer] +ssl_conf = 16-large-app-data-aes-sha1-multibuffer-ssl -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl] -server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server -client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client +[16-large-app-data-aes-sha1-multibuffer-ssl] +server = 16-large-app-data-aes-sha1-multibuffer-server +client = 16-large-app-data-aes-sha1-multibuffer-client -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server] +[16-large-app-data-aes-sha1-multibuffer-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client] -CipherString = DEFAULT +[16-large-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ApplicationData = 3072 -MaxFragmentSize = 16384 -client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra - -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra] -MaxFragmentLenExt = 1024 +ApplicationData = 1048576 +MaxFragmentSize = 4096 # =========================================================== -[17-Maximum Fragment Len extension equal FragmentSize to 2048] -ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl +[17-large-app-data-aes-sha2-multibuffer] +ssl_conf = 17-large-app-data-aes-sha2-multibuffer-ssl -[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl] -server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server -client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client +[17-large-app-data-aes-sha2-multibuffer-ssl] +server = 17-large-app-data-aes-sha2-multibuffer-server +client = 17-large-app-data-aes-sha2-multibuffer-client -[17-Maximum Fragment Len extension equal FragmentSize to 2048-server] +[17-large-app-data-aes-sha2-multibuffer-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-Maximum Fragment Len extension equal FragmentSize to 2048-client] -CipherString = DEFAULT +[17-large-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ApplicationData = 3072 -MaxFragmentSize = 2048 -client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra - -[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra] -MaxFragmentLenExt = 2048 +ApplicationData = 1048576 +MaxFragmentSize = 4096 # =========================================================== -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024] -ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl +[18-large-app-data-aes-sha1-multibuffer-odd-fragment] +ssl_conf = 18-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl] -server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server -client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client +[18-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] +server = 18-large-app-data-aes-sha1-multibuffer-odd-fragment-server +client = 18-large-app-data-aes-sha1-multibuffer-odd-fragment-client -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server] +[18-large-app-data-aes-sha1-multibuffer-odd-fragment-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client] -CipherString = DEFAULT +[18-large-app-data-aes-sha1-multibuffer-odd-fragment-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ApplicationData = 3072 -MaxFragmentSize = 1024 -client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra - -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra] -MaxFragmentLenExt = 512 +ApplicationData = 1048579 +MaxFragmentSize = 5115 # =========================================================== -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024] -ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl +[19-large-app-data-aes-sha2-multibuffer-odd-fragment] +ssl_conf = 19-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl] -server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server -client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client +[19-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] +server = 19-large-app-data-aes-sha2-multibuffer-odd-fragment-server +client = 19-large-app-data-aes-sha2-multibuffer-odd-fragment-client -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server] +[19-large-app-data-aes-sha2-multibuffer-odd-fragment-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client] -CipherString = DEFAULT +[19-large-app-data-aes-sha2-multibuffer-odd-fragment-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ApplicationData = 3072 -MaxFragmentSize = 1024 -client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra - -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra] -MaxFragmentLenExt = 2048 +ApplicationData = 1048573 +MaxFragmentSize = 5125 # =========================================================== -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048] -ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl +[20-small-app-data-aes-sha1-multibuffer] +ssl_conf = 20-small-app-data-aes-sha1-multibuffer-ssl -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl] -server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server -client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client +[20-small-app-data-aes-sha1-multibuffer-ssl] +server = 20-small-app-data-aes-sha1-multibuffer-server +client = 20-small-app-data-aes-sha1-multibuffer-client -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server] +[20-small-app-data-aes-sha1-multibuffer-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client] -CipherString = DEFAULT +[20-small-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ApplicationData = 8196 -MaxFragmentSize = 2048 -client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra - -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra] -MaxFragmentLenExt = 4096 +ApplicationData = 4096 +MaxFragmentSize = 4096 # =========================================================== -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024] -ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl +[21-small-app-data-aes-sha2-multibuffer] +ssl_conf = 21-small-app-data-aes-sha2-multibuffer-ssl -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl] -server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server -client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client +[21-small-app-data-aes-sha2-multibuffer-ssl] +server = 21-small-app-data-aes-sha2-multibuffer-server +client = 21-small-app-data-aes-sha2-multibuffer-client -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server] +[21-small-app-data-aes-sha2-multibuffer-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client] -CipherString = DEFAULT +[21-small-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ApplicationData = 3072 -MaxFragmentSize = 1024 -client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra - -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra] -MaxFragmentLenExt = 2048 +ApplicationData = 4096 +MaxFragmentSize = 4096 diff --git a/test/ssl-tests/13-fragmentation.cnf.in b/test/ssl-tests/13-fragmentation.cnf.in index 5e3b0c6633d2..318fd6596069 100644 --- a/test/ssl-tests/13-fragmentation.cnf.in +++ b/test/ssl-tests/13-fragmentation.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ use warnings; package ssltests; +our $fips_3_4; our @tests = ( # Default fragment size is 512. @@ -101,6 +102,91 @@ our @tests = ( MaxFragmentSize => 5 * 1024 - 5, } }, + ############################################ + # Default (Max) Fragment Size is 512. + # Default Application data size is 256. + { + name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 1024, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 16384, + } + }, + { + name => "Maximum Fragment Len extension equal FragmentSize to 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 512, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 4096, + }, + }, + test => { + ApplicationData => 8196, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, +); + +# Tests using RSA key exchange +my @tests_rsa = ( # When the buffer / fragment size ratio is sufficiently large, # multi-buffer code kicks in on some platforms for AES-SHA. The # exact minimum ratio depends on the platform, and is usually @@ -183,86 +269,8 @@ our @tests = ( ApplicationData => 4 * 1024, MaxFragmentSize => 4 * 1024, } - }, - ############################################ - # Default (Max) Fragment Size is 512. - # Default Application data size is 256. - { - name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 1024, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 16384, - } - }, - { - name => "Maximum Fragment Len extension equal FragmentSize to 2048", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 2048, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 2048, - } - }, - { - name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 512, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 1024, - } - }, - { - name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 2048, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 1024, - } - }, - { - name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 4096, - }, - }, - test => { - ApplicationData => 8196, - MaxFragmentSize => 2048, - } - }, - { - name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 2048, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 1024, - } - }, + } ); + +push @tests, @tests_rsa + unless $fips_3_4; diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index 75635d29bd0f..e075a3794381 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 95 +num_tests = 104 test-0 = 0-curve-prime256v1 test-1 = 1-curve-secp384r1 @@ -12,91 +12,100 @@ test-6 = 6-curve-ffdhe3072 test-7 = 7-curve-ffdhe4096 test-8 = 8-curve-ffdhe6144 test-9 = 9-curve-ffdhe8192 -test-10 = 10-curve-sect233k1 -test-11 = 11-curve-sect233r1 -test-12 = 12-curve-sect283k1 -test-13 = 13-curve-sect283r1 -test-14 = 14-curve-sect409k1 -test-15 = 15-curve-sect409r1 -test-16 = 16-curve-sect571k1 -test-17 = 17-curve-sect571r1 -test-18 = 18-curve-secp224r1 -test-19 = 19-curve-sect163k1 -test-20 = 20-curve-sect163r2 -test-21 = 21-curve-prime192v1 -test-22 = 22-curve-sect163r1 -test-23 = 23-curve-sect193r1 -test-24 = 24-curve-sect193r2 -test-25 = 25-curve-sect239k1 -test-26 = 26-curve-secp160k1 -test-27 = 27-curve-secp160r1 -test-28 = 28-curve-secp160r2 -test-29 = 29-curve-secp192k1 -test-30 = 30-curve-secp224k1 -test-31 = 31-curve-secp256k1 -test-32 = 32-curve-brainpoolP256r1 -test-33 = 33-curve-brainpoolP384r1 -test-34 = 34-curve-brainpoolP512r1 -test-35 = 35-curve-sect233k1-tls12-in-tls13 -test-36 = 36-curve-sect233r1-tls12-in-tls13 -test-37 = 37-curve-sect283k1-tls12-in-tls13 -test-38 = 38-curve-sect283r1-tls12-in-tls13 -test-39 = 39-curve-sect409k1-tls12-in-tls13 -test-40 = 40-curve-sect409r1-tls12-in-tls13 -test-41 = 41-curve-sect571k1-tls12-in-tls13 -test-42 = 42-curve-sect571r1-tls12-in-tls13 -test-43 = 43-curve-secp224r1-tls12-in-tls13 -test-44 = 44-curve-sect163k1-tls12-in-tls13 -test-45 = 45-curve-sect163r2-tls12-in-tls13 -test-46 = 46-curve-prime192v1-tls12-in-tls13 -test-47 = 47-curve-sect163r1-tls12-in-tls13 -test-48 = 48-curve-sect193r1-tls12-in-tls13 -test-49 = 49-curve-sect193r2-tls12-in-tls13 -test-50 = 50-curve-sect239k1-tls12-in-tls13 -test-51 = 51-curve-secp160k1-tls12-in-tls13 -test-52 = 52-curve-secp160r1-tls12-in-tls13 -test-53 = 53-curve-secp160r2-tls12-in-tls13 -test-54 = 54-curve-secp192k1-tls12-in-tls13 -test-55 = 55-curve-secp224k1-tls12-in-tls13 -test-56 = 56-curve-secp256k1-tls12-in-tls13 -test-57 = 57-curve-brainpoolP256r1-tls12-in-tls13 -test-58 = 58-curve-brainpoolP384r1-tls12-in-tls13 -test-59 = 59-curve-brainpoolP512r1-tls12-in-tls13 -test-60 = 60-curve-sect233k1-tls13 -test-61 = 61-curve-sect233r1-tls13 -test-62 = 62-curve-sect283k1-tls13 -test-63 = 63-curve-sect283r1-tls13 -test-64 = 64-curve-sect409k1-tls13 -test-65 = 65-curve-sect409r1-tls13 -test-66 = 66-curve-sect571k1-tls13 -test-67 = 67-curve-sect571r1-tls13 -test-68 = 68-curve-secp224r1-tls13 -test-69 = 69-curve-sect163k1-tls13 -test-70 = 70-curve-sect163r2-tls13 -test-71 = 71-curve-prime192v1-tls13 -test-72 = 72-curve-sect163r1-tls13 -test-73 = 73-curve-sect193r1-tls13 -test-74 = 74-curve-sect193r2-tls13 -test-75 = 75-curve-sect239k1-tls13 -test-76 = 76-curve-secp160k1-tls13 -test-77 = 77-curve-secp160r1-tls13 -test-78 = 78-curve-secp160r2-tls13 -test-79 = 79-curve-secp192k1-tls13 -test-80 = 80-curve-secp224k1-tls13 -test-81 = 81-curve-secp256k1-tls13 -test-82 = 82-curve-brainpoolP256r1-tls13 -test-83 = 83-curve-brainpoolP384r1-tls13 -test-84 = 84-curve-brainpoolP512r1-tls13 -test-85 = 85-curve-ffdhe2048-tls13-in-tls12 -test-86 = 86-curve-ffdhe2048-tls13-in-tls12-2 -test-87 = 87-curve-ffdhe3072-tls13-in-tls12 -test-88 = 88-curve-ffdhe3072-tls13-in-tls12-2 -test-89 = 89-curve-ffdhe4096-tls13-in-tls12 -test-90 = 90-curve-ffdhe4096-tls13-in-tls12-2 -test-91 = 91-curve-ffdhe6144-tls13-in-tls12 -test-92 = 92-curve-ffdhe6144-tls13-in-tls12-2 -test-93 = 93-curve-ffdhe8192-tls13-in-tls12 -test-94 = 94-curve-ffdhe8192-tls13-in-tls12-2 +test-10 = 10-curve-brainpoolP256r1tls13 +test-11 = 11-curve-brainpoolP384r1tls13 +test-12 = 12-curve-brainpoolP512r1tls13 +test-13 = 13-curve-sect233k1 +test-14 = 14-curve-sect233r1 +test-15 = 15-curve-sect283k1 +test-16 = 16-curve-sect283r1 +test-17 = 17-curve-sect409k1 +test-18 = 18-curve-sect409r1 +test-19 = 19-curve-sect571k1 +test-20 = 20-curve-sect571r1 +test-21 = 21-curve-secp224r1 +test-22 = 22-curve-sect163k1 +test-23 = 23-curve-sect163r2 +test-24 = 24-curve-prime192v1 +test-25 = 25-curve-sect163r1 +test-26 = 26-curve-sect193r1 +test-27 = 27-curve-sect193r2 +test-28 = 28-curve-sect239k1 +test-29 = 29-curve-secp160k1 +test-30 = 30-curve-secp160r1 +test-31 = 31-curve-secp160r2 +test-32 = 32-curve-secp192k1 +test-33 = 33-curve-secp224k1 +test-34 = 34-curve-secp256k1 +test-35 = 35-curve-brainpoolP256r1 +test-36 = 36-curve-brainpoolP384r1 +test-37 = 37-curve-brainpoolP512r1 +test-38 = 38-curve-sect233k1-tls12-in-tls13 +test-39 = 39-curve-sect233r1-tls12-in-tls13 +test-40 = 40-curve-sect283k1-tls12-in-tls13 +test-41 = 41-curve-sect283r1-tls12-in-tls13 +test-42 = 42-curve-sect409k1-tls12-in-tls13 +test-43 = 43-curve-sect409r1-tls12-in-tls13 +test-44 = 44-curve-sect571k1-tls12-in-tls13 +test-45 = 45-curve-sect571r1-tls12-in-tls13 +test-46 = 46-curve-secp224r1-tls12-in-tls13 +test-47 = 47-curve-sect163k1-tls12-in-tls13 +test-48 = 48-curve-sect163r2-tls12-in-tls13 +test-49 = 49-curve-prime192v1-tls12-in-tls13 +test-50 = 50-curve-sect163r1-tls12-in-tls13 +test-51 = 51-curve-sect193r1-tls12-in-tls13 +test-52 = 52-curve-sect193r2-tls12-in-tls13 +test-53 = 53-curve-sect239k1-tls12-in-tls13 +test-54 = 54-curve-secp160k1-tls12-in-tls13 +test-55 = 55-curve-secp160r1-tls12-in-tls13 +test-56 = 56-curve-secp160r2-tls12-in-tls13 +test-57 = 57-curve-secp192k1-tls12-in-tls13 +test-58 = 58-curve-secp224k1-tls12-in-tls13 +test-59 = 59-curve-secp256k1-tls12-in-tls13 +test-60 = 60-curve-brainpoolP256r1-tls12-in-tls13 +test-61 = 61-curve-brainpoolP384r1-tls12-in-tls13 +test-62 = 62-curve-brainpoolP512r1-tls12-in-tls13 +test-63 = 63-curve-sect233k1-tls13 +test-64 = 64-curve-sect233r1-tls13 +test-65 = 65-curve-sect283k1-tls13 +test-66 = 66-curve-sect283r1-tls13 +test-67 = 67-curve-sect409k1-tls13 +test-68 = 68-curve-sect409r1-tls13 +test-69 = 69-curve-sect571k1-tls13 +test-70 = 70-curve-sect571r1-tls13 +test-71 = 71-curve-secp224r1-tls13 +test-72 = 72-curve-sect163k1-tls13 +test-73 = 73-curve-sect163r2-tls13 +test-74 = 74-curve-prime192v1-tls13 +test-75 = 75-curve-sect163r1-tls13 +test-76 = 76-curve-sect193r1-tls13 +test-77 = 77-curve-sect193r2-tls13 +test-78 = 78-curve-sect239k1-tls13 +test-79 = 79-curve-secp160k1-tls13 +test-80 = 80-curve-secp160r1-tls13 +test-81 = 81-curve-secp160r2-tls13 +test-82 = 82-curve-secp192k1-tls13 +test-83 = 83-curve-secp224k1-tls13 +test-84 = 84-curve-secp256k1-tls13 +test-85 = 85-curve-brainpoolP256r1-tls13 +test-86 = 86-curve-brainpoolP384r1-tls13 +test-87 = 87-curve-brainpoolP512r1-tls13 +test-88 = 88-curve-ffdhe2048-tls13-in-tls12 +test-89 = 89-curve-ffdhe2048-tls13-in-tls12-2 +test-90 = 90-curve-ffdhe3072-tls13-in-tls12 +test-91 = 91-curve-ffdhe3072-tls13-in-tls12-2 +test-92 = 92-curve-ffdhe4096-tls13-in-tls12 +test-93 = 93-curve-ffdhe4096-tls13-in-tls12-2 +test-94 = 94-curve-ffdhe6144-tls13-in-tls12 +test-95 = 95-curve-ffdhe6144-tls13-in-tls12-2 +test-96 = 96-curve-ffdhe8192-tls13-in-tls12 +test-97 = 97-curve-ffdhe8192-tls13-in-tls12-2 +test-98 = 98-curve-brainpoolP256r1tls13-tls13-in-tls12 +test-99 = 99-curve-brainpoolP256r1tls13-tls13-in-tls12-2 +test-100 = 100-curve-brainpoolP384r1tls13-tls13-in-tls12 +test-101 = 101-curve-brainpoolP384r1tls13-tls13-in-tls12-2 +test-102 = 102-curve-brainpoolP512r1tls13-tls13-in-tls12 +test-103 = 103-curve-brainpoolP512r1tls13-tls13-in-tls12-2 # =========================================================== [0-curve-prime256v1] @@ -108,13 +117,13 @@ client = 0-curve-prime256v1-client [0-curve-prime256v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime256v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-curve-prime256v1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime256v1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -137,13 +146,13 @@ client = 1-curve-secp384r1-client [1-curve-secp384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-curve-secp384r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp384r1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -166,13 +175,13 @@ client = 2-curve-secp521r1-client [2-curve-secp521r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp521r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-curve-secp521r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp521r1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -195,13 +204,13 @@ client = 3-curve-X25519-client [3-curve-X25519-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = X25519 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-curve-X25519-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = X25519 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -224,13 +233,13 @@ client = 4-curve-X448-client [4-curve-X448-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = X448 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-curve-X448-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = X448 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -253,13 +262,13 @@ client = 5-curve-ffdhe2048-client [5-curve-ffdhe2048-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-curve-ffdhe2048-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -282,13 +291,13 @@ client = 6-curve-ffdhe3072-client [6-curve-ffdhe3072-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-curve-ffdhe3072-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -311,13 +320,13 @@ client = 7-curve-ffdhe4096-client [7-curve-ffdhe4096-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-curve-ffdhe4096-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -340,13 +349,13 @@ client = 8-curve-ffdhe6144-client [8-curve-ffdhe6144-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-curve-ffdhe6144-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -369,13 +378,13 @@ client = 9-curve-ffdhe8192-client [9-curve-ffdhe8192-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-curve-ffdhe8192-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -389,28 +398,115 @@ ExpectedTmpKeyType = dhKeyAgreement # =========================================================== -[10-curve-sect233k1] -ssl_conf = 10-curve-sect233k1-ssl +[10-curve-brainpoolP256r1tls13] +ssl_conf = 10-curve-brainpoolP256r1tls13-ssl + +[10-curve-brainpoolP256r1tls13-ssl] +server = 10-curve-brainpoolP256r1tls13-server +client = 10-curve-brainpoolP256r1tls13-client + +[10-curve-brainpoolP256r1tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-curve-brainpoolP256r1tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP256r1tls13 + + +# =========================================================== + +[11-curve-brainpoolP384r1tls13] +ssl_conf = 11-curve-brainpoolP384r1tls13-ssl + +[11-curve-brainpoolP384r1tls13-ssl] +server = 11-curve-brainpoolP384r1tls13-server +client = 11-curve-brainpoolP384r1tls13-client + +[11-curve-brainpoolP384r1tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-curve-brainpoolP384r1tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP384r1tls13 + + +# =========================================================== + +[12-curve-brainpoolP512r1tls13] +ssl_conf = 12-curve-brainpoolP512r1tls13-ssl + +[12-curve-brainpoolP512r1tls13-ssl] +server = 12-curve-brainpoolP512r1tls13-server +client = 12-curve-brainpoolP512r1tls13-client + +[12-curve-brainpoolP512r1tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-curve-brainpoolP512r1tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP512r1tls13 + + +# =========================================================== + +[13-curve-sect233k1] +ssl_conf = 13-curve-sect233k1-ssl -[10-curve-sect233k1-ssl] -server = 10-curve-sect233k1-server -client = 10-curve-sect233k1-client +[13-curve-sect233k1-ssl] +server = 13-curve-sect233k1-server +client = 13-curve-sect233k1-client -[10-curve-sect233k1-server] +[13-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-curve-sect233k1-client] -CipherString = ECDHE +[13-curve-sect233k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-13] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect233k1 @@ -418,28 +514,28 @@ ExpectedTmpKeyType = sect233k1 # =========================================================== -[11-curve-sect233r1] -ssl_conf = 11-curve-sect233r1-ssl +[14-curve-sect233r1] +ssl_conf = 14-curve-sect233r1-ssl -[11-curve-sect233r1-ssl] -server = 11-curve-sect233r1-server -client = 11-curve-sect233r1-client +[14-curve-sect233r1-ssl] +server = 14-curve-sect233r1-server +client = 14-curve-sect233r1-client -[11-curve-sect233r1-server] +[14-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-curve-sect233r1-client] -CipherString = ECDHE +[14-curve-sect233r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-14] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect233r1 @@ -447,28 +543,28 @@ ExpectedTmpKeyType = sect233r1 # =========================================================== -[12-curve-sect283k1] -ssl_conf = 12-curve-sect283k1-ssl +[15-curve-sect283k1] +ssl_conf = 15-curve-sect283k1-ssl -[12-curve-sect283k1-ssl] -server = 12-curve-sect283k1-server -client = 12-curve-sect283k1-client +[15-curve-sect283k1-ssl] +server = 15-curve-sect283k1-server +client = 15-curve-sect283k1-client -[12-curve-sect283k1-server] +[15-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-curve-sect283k1-client] -CipherString = ECDHE +[15-curve-sect283k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-15] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect283k1 @@ -476,28 +572,28 @@ ExpectedTmpKeyType = sect283k1 # =========================================================== -[13-curve-sect283r1] -ssl_conf = 13-curve-sect283r1-ssl +[16-curve-sect283r1] +ssl_conf = 16-curve-sect283r1-ssl -[13-curve-sect283r1-ssl] -server = 13-curve-sect283r1-server -client = 13-curve-sect283r1-client +[16-curve-sect283r1-ssl] +server = 16-curve-sect283r1-server +client = 16-curve-sect283r1-client -[13-curve-sect283r1-server] +[16-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-curve-sect283r1-client] -CipherString = ECDHE +[16-curve-sect283r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-16] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect283r1 @@ -505,28 +601,28 @@ ExpectedTmpKeyType = sect283r1 # =========================================================== -[14-curve-sect409k1] -ssl_conf = 14-curve-sect409k1-ssl +[17-curve-sect409k1] +ssl_conf = 17-curve-sect409k1-ssl -[14-curve-sect409k1-ssl] -server = 14-curve-sect409k1-server -client = 14-curve-sect409k1-client +[17-curve-sect409k1-ssl] +server = 17-curve-sect409k1-server +client = 17-curve-sect409k1-client -[14-curve-sect409k1-server] +[17-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-curve-sect409k1-client] -CipherString = ECDHE +[17-curve-sect409k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-17] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect409k1 @@ -534,28 +630,28 @@ ExpectedTmpKeyType = sect409k1 # =========================================================== -[15-curve-sect409r1] -ssl_conf = 15-curve-sect409r1-ssl +[18-curve-sect409r1] +ssl_conf = 18-curve-sect409r1-ssl -[15-curve-sect409r1-ssl] -server = 15-curve-sect409r1-server -client = 15-curve-sect409r1-client +[18-curve-sect409r1-ssl] +server = 18-curve-sect409r1-server +client = 18-curve-sect409r1-client -[15-curve-sect409r1-server] +[18-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-curve-sect409r1-client] -CipherString = ECDHE +[18-curve-sect409r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-18] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect409r1 @@ -563,28 +659,28 @@ ExpectedTmpKeyType = sect409r1 # =========================================================== -[16-curve-sect571k1] -ssl_conf = 16-curve-sect571k1-ssl +[19-curve-sect571k1] +ssl_conf = 19-curve-sect571k1-ssl -[16-curve-sect571k1-ssl] -server = 16-curve-sect571k1-server -client = 16-curve-sect571k1-client +[19-curve-sect571k1-ssl] +server = 19-curve-sect571k1-server +client = 19-curve-sect571k1-client -[16-curve-sect571k1-server] +[19-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-curve-sect571k1-client] -CipherString = ECDHE +[19-curve-sect571k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-19] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect571k1 @@ -592,28 +688,28 @@ ExpectedTmpKeyType = sect571k1 # =========================================================== -[17-curve-sect571r1] -ssl_conf = 17-curve-sect571r1-ssl +[20-curve-sect571r1] +ssl_conf = 20-curve-sect571r1-ssl -[17-curve-sect571r1-ssl] -server = 17-curve-sect571r1-server -client = 17-curve-sect571r1-client +[20-curve-sect571r1-ssl] +server = 20-curve-sect571r1-server +client = 20-curve-sect571r1-client -[17-curve-sect571r1-server] +[20-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-curve-sect571r1-client] -CipherString = ECDHE +[20-curve-sect571r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-17] +[test-20] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect571r1 @@ -621,28 +717,28 @@ ExpectedTmpKeyType = sect571r1 # =========================================================== -[18-curve-secp224r1] -ssl_conf = 18-curve-secp224r1-ssl +[21-curve-secp224r1] +ssl_conf = 21-curve-secp224r1-ssl -[18-curve-secp224r1-ssl] -server = 18-curve-secp224r1-server -client = 18-curve-secp224r1-client +[21-curve-secp224r1-ssl] +server = 21-curve-secp224r1-server +client = 21-curve-secp224r1-client -[18-curve-secp224r1-server] +[21-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-curve-secp224r1-client] -CipherString = ECDHE +[21-curve-secp224r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-21] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224r1 @@ -650,28 +746,28 @@ ExpectedTmpKeyType = secp224r1 # =========================================================== -[19-curve-sect163k1] -ssl_conf = 19-curve-sect163k1-ssl +[22-curve-sect163k1] +ssl_conf = 22-curve-sect163k1-ssl -[19-curve-sect163k1-ssl] -server = 19-curve-sect163k1-server -client = 19-curve-sect163k1-client +[22-curve-sect163k1-ssl] +server = 22-curve-sect163k1-server +client = 22-curve-sect163k1-client -[19-curve-sect163k1-server] +[22-curve-sect163k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-curve-sect163k1-client] -CipherString = ECDHE +[22-curve-sect163k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-22] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163k1 @@ -679,28 +775,28 @@ ExpectedTmpKeyType = sect163k1 # =========================================================== -[20-curve-sect163r2] -ssl_conf = 20-curve-sect163r2-ssl +[23-curve-sect163r2] +ssl_conf = 23-curve-sect163r2-ssl -[20-curve-sect163r2-ssl] -server = 20-curve-sect163r2-server -client = 20-curve-sect163r2-client +[23-curve-sect163r2-ssl] +server = 23-curve-sect163r2-server +client = 23-curve-sect163r2-client -[20-curve-sect163r2-server] +[23-curve-sect163r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-curve-sect163r2-client] -CipherString = ECDHE +[23-curve-sect163r2-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-23] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r2 @@ -708,28 +804,28 @@ ExpectedTmpKeyType = sect163r2 # =========================================================== -[21-curve-prime192v1] -ssl_conf = 21-curve-prime192v1-ssl +[24-curve-prime192v1] +ssl_conf = 24-curve-prime192v1-ssl -[21-curve-prime192v1-ssl] -server = 21-curve-prime192v1-server -client = 21-curve-prime192v1-client +[24-curve-prime192v1-ssl] +server = 24-curve-prime192v1-server +client = 24-curve-prime192v1-client -[21-curve-prime192v1-server] +[24-curve-prime192v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-curve-prime192v1-client] -CipherString = ECDHE +[24-curve-prime192v1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-24] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = prime192v1 @@ -737,28 +833,28 @@ ExpectedTmpKeyType = prime192v1 # =========================================================== -[22-curve-sect163r1] -ssl_conf = 22-curve-sect163r1-ssl +[25-curve-sect163r1] +ssl_conf = 25-curve-sect163r1-ssl -[22-curve-sect163r1-ssl] -server = 22-curve-sect163r1-server -client = 22-curve-sect163r1-client +[25-curve-sect163r1-ssl] +server = 25-curve-sect163r1-server +client = 25-curve-sect163r1-client -[22-curve-sect163r1-server] +[25-curve-sect163r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-curve-sect163r1-client] -CipherString = ECDHE +[25-curve-sect163r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-25] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r1 @@ -766,28 +862,28 @@ ExpectedTmpKeyType = sect163r1 # =========================================================== -[23-curve-sect193r1] -ssl_conf = 23-curve-sect193r1-ssl +[26-curve-sect193r1] +ssl_conf = 26-curve-sect193r1-ssl -[23-curve-sect193r1-ssl] -server = 23-curve-sect193r1-server -client = 23-curve-sect193r1-client +[26-curve-sect193r1-ssl] +server = 26-curve-sect193r1-server +client = 26-curve-sect193r1-client -[23-curve-sect193r1-server] +[26-curve-sect193r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-curve-sect193r1-client] -CipherString = ECDHE +[26-curve-sect193r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-23] +[test-26] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r1 @@ -795,28 +891,28 @@ ExpectedTmpKeyType = sect193r1 # =========================================================== -[24-curve-sect193r2] -ssl_conf = 24-curve-sect193r2-ssl +[27-curve-sect193r2] +ssl_conf = 27-curve-sect193r2-ssl -[24-curve-sect193r2-ssl] -server = 24-curve-sect193r2-server -client = 24-curve-sect193r2-client +[27-curve-sect193r2-ssl] +server = 27-curve-sect193r2-server +client = 27-curve-sect193r2-client -[24-curve-sect193r2-server] +[27-curve-sect193r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-curve-sect193r2-client] -CipherString = ECDHE +[27-curve-sect193r2-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-24] +[test-27] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r2 @@ -824,28 +920,28 @@ ExpectedTmpKeyType = sect193r2 # =========================================================== -[25-curve-sect239k1] -ssl_conf = 25-curve-sect239k1-ssl +[28-curve-sect239k1] +ssl_conf = 28-curve-sect239k1-ssl -[25-curve-sect239k1-ssl] -server = 25-curve-sect239k1-server -client = 25-curve-sect239k1-client +[28-curve-sect239k1-ssl] +server = 28-curve-sect239k1-server +client = 28-curve-sect239k1-client -[25-curve-sect239k1-server] +[28-curve-sect239k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-curve-sect239k1-client] -CipherString = ECDHE +[28-curve-sect239k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-25] +[test-28] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect239k1 @@ -853,28 +949,28 @@ ExpectedTmpKeyType = sect239k1 # =========================================================== -[26-curve-secp160k1] -ssl_conf = 26-curve-secp160k1-ssl +[29-curve-secp160k1] +ssl_conf = 29-curve-secp160k1-ssl -[26-curve-secp160k1-ssl] -server = 26-curve-secp160k1-server -client = 26-curve-secp160k1-client +[29-curve-secp160k1-ssl] +server = 29-curve-secp160k1-server +client = 29-curve-secp160k1-client -[26-curve-secp160k1-server] +[29-curve-secp160k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-curve-secp160k1-client] -CipherString = ECDHE +[29-curve-secp160k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-26] +[test-29] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160k1 @@ -882,28 +978,28 @@ ExpectedTmpKeyType = secp160k1 # =========================================================== -[27-curve-secp160r1] -ssl_conf = 27-curve-secp160r1-ssl +[30-curve-secp160r1] +ssl_conf = 30-curve-secp160r1-ssl -[27-curve-secp160r1-ssl] -server = 27-curve-secp160r1-server -client = 27-curve-secp160r1-client +[30-curve-secp160r1-ssl] +server = 30-curve-secp160r1-server +client = 30-curve-secp160r1-client -[27-curve-secp160r1-server] +[30-curve-secp160r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-curve-secp160r1-client] -CipherString = ECDHE +[30-curve-secp160r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-27] +[test-30] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r1 @@ -911,28 +1007,28 @@ ExpectedTmpKeyType = secp160r1 # =========================================================== -[28-curve-secp160r2] -ssl_conf = 28-curve-secp160r2-ssl +[31-curve-secp160r2] +ssl_conf = 31-curve-secp160r2-ssl -[28-curve-secp160r2-ssl] -server = 28-curve-secp160r2-server -client = 28-curve-secp160r2-client +[31-curve-secp160r2-ssl] +server = 31-curve-secp160r2-server +client = 31-curve-secp160r2-client -[28-curve-secp160r2-server] +[31-curve-secp160r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-curve-secp160r2-client] -CipherString = ECDHE +[31-curve-secp160r2-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-28] +[test-31] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r2 @@ -940,28 +1036,28 @@ ExpectedTmpKeyType = secp160r2 # =========================================================== -[29-curve-secp192k1] -ssl_conf = 29-curve-secp192k1-ssl +[32-curve-secp192k1] +ssl_conf = 32-curve-secp192k1-ssl -[29-curve-secp192k1-ssl] -server = 29-curve-secp192k1-server -client = 29-curve-secp192k1-client +[32-curve-secp192k1-ssl] +server = 32-curve-secp192k1-server +client = 32-curve-secp192k1-client -[29-curve-secp192k1-server] +[32-curve-secp192k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-curve-secp192k1-client] -CipherString = ECDHE +[32-curve-secp192k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-29] +[test-32] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp192k1 @@ -969,28 +1065,28 @@ ExpectedTmpKeyType = secp192k1 # =========================================================== -[30-curve-secp224k1] -ssl_conf = 30-curve-secp224k1-ssl +[33-curve-secp224k1] +ssl_conf = 33-curve-secp224k1-ssl -[30-curve-secp224k1-ssl] -server = 30-curve-secp224k1-server -client = 30-curve-secp224k1-client +[33-curve-secp224k1-ssl] +server = 33-curve-secp224k1-server +client = 33-curve-secp224k1-client -[30-curve-secp224k1-server] +[33-curve-secp224k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-curve-secp224k1-client] -CipherString = ECDHE +[33-curve-secp224k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-30] +[test-33] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224k1 @@ -998,28 +1094,28 @@ ExpectedTmpKeyType = secp224k1 # =========================================================== -[31-curve-secp256k1] -ssl_conf = 31-curve-secp256k1-ssl +[34-curve-secp256k1] +ssl_conf = 34-curve-secp256k1-ssl -[31-curve-secp256k1-ssl] -server = 31-curve-secp256k1-server -client = 31-curve-secp256k1-client +[34-curve-secp256k1-ssl] +server = 34-curve-secp256k1-server +client = 34-curve-secp256k1-client -[31-curve-secp256k1-server] +[34-curve-secp256k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-curve-secp256k1-client] -CipherString = ECDHE +[34-curve-secp256k1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-31] +[test-34] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp256k1 @@ -1027,28 +1123,28 @@ ExpectedTmpKeyType = secp256k1 # =========================================================== -[32-curve-brainpoolP256r1] -ssl_conf = 32-curve-brainpoolP256r1-ssl +[35-curve-brainpoolP256r1] +ssl_conf = 35-curve-brainpoolP256r1-ssl -[32-curve-brainpoolP256r1-ssl] -server = 32-curve-brainpoolP256r1-server -client = 32-curve-brainpoolP256r1-client +[35-curve-brainpoolP256r1-ssl] +server = 35-curve-brainpoolP256r1-server +client = 35-curve-brainpoolP256r1-client -[32-curve-brainpoolP256r1-server] +[35-curve-brainpoolP256r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[32-curve-brainpoolP256r1-client] -CipherString = ECDHE +[35-curve-brainpoolP256r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-32] +[test-35] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP256r1 @@ -1056,28 +1152,28 @@ ExpectedTmpKeyType = brainpoolP256r1 # =========================================================== -[33-curve-brainpoolP384r1] -ssl_conf = 33-curve-brainpoolP384r1-ssl +[36-curve-brainpoolP384r1] +ssl_conf = 36-curve-brainpoolP384r1-ssl -[33-curve-brainpoolP384r1-ssl] -server = 33-curve-brainpoolP384r1-server -client = 33-curve-brainpoolP384r1-client +[36-curve-brainpoolP384r1-ssl] +server = 36-curve-brainpoolP384r1-server +client = 36-curve-brainpoolP384r1-client -[33-curve-brainpoolP384r1-server] +[36-curve-brainpoolP384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[33-curve-brainpoolP384r1-client] -CipherString = ECDHE +[36-curve-brainpoolP384r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-33] +[test-36] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP384r1 @@ -1085,28 +1181,28 @@ ExpectedTmpKeyType = brainpoolP384r1 # =========================================================== -[34-curve-brainpoolP512r1] -ssl_conf = 34-curve-brainpoolP512r1-ssl +[37-curve-brainpoolP512r1] +ssl_conf = 37-curve-brainpoolP512r1-ssl -[34-curve-brainpoolP512r1-ssl] -server = 34-curve-brainpoolP512r1-server -client = 34-curve-brainpoolP512r1-client +[37-curve-brainpoolP512r1-ssl] +server = 37-curve-brainpoolP512r1-server +client = 37-curve-brainpoolP512r1-client -[34-curve-brainpoolP512r1-server] +[37-curve-brainpoolP512r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[34-curve-brainpoolP512r1-client] -CipherString = ECDHE +[37-curve-brainpoolP512r1-client] +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-34] +[test-37] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP512r1 @@ -1114,21 +1210,21 @@ ExpectedTmpKeyType = brainpoolP512r1 # =========================================================== -[35-curve-sect233k1-tls12-in-tls13] -ssl_conf = 35-curve-sect233k1-tls12-in-tls13-ssl +[38-curve-sect233k1-tls12-in-tls13] +ssl_conf = 38-curve-sect233k1-tls12-in-tls13-ssl -[35-curve-sect233k1-tls12-in-tls13-ssl] -server = 35-curve-sect233k1-tls12-in-tls13-server -client = 35-curve-sect233k1-tls12-in-tls13-client +[38-curve-sect233k1-tls12-in-tls13-ssl] +server = 38-curve-sect233k1-tls12-in-tls13-server +client = 38-curve-sect233k1-tls12-in-tls13-client -[35-curve-sect233k1-tls12-in-tls13-server] +[38-curve-sect233k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[35-curve-sect233k1-tls12-in-tls13-client] +[38-curve-sect233k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1:P-256 MaxProtocol = TLSv1.3 @@ -1136,7 +1232,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-35] +[test-38] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1144,21 +1240,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[36-curve-sect233r1-tls12-in-tls13] -ssl_conf = 36-curve-sect233r1-tls12-in-tls13-ssl +[39-curve-sect233r1-tls12-in-tls13] +ssl_conf = 39-curve-sect233r1-tls12-in-tls13-ssl -[36-curve-sect233r1-tls12-in-tls13-ssl] -server = 36-curve-sect233r1-tls12-in-tls13-server -client = 36-curve-sect233r1-tls12-in-tls13-client +[39-curve-sect233r1-tls12-in-tls13-ssl] +server = 39-curve-sect233r1-tls12-in-tls13-server +client = 39-curve-sect233r1-tls12-in-tls13-client -[36-curve-sect233r1-tls12-in-tls13-server] +[39-curve-sect233r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[36-curve-sect233r1-tls12-in-tls13-client] +[39-curve-sect233r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1:P-256 MaxProtocol = TLSv1.3 @@ -1166,7 +1262,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-36] +[test-39] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1174,21 +1270,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[37-curve-sect283k1-tls12-in-tls13] -ssl_conf = 37-curve-sect283k1-tls12-in-tls13-ssl +[40-curve-sect283k1-tls12-in-tls13] +ssl_conf = 40-curve-sect283k1-tls12-in-tls13-ssl -[37-curve-sect283k1-tls12-in-tls13-ssl] -server = 37-curve-sect283k1-tls12-in-tls13-server -client = 37-curve-sect283k1-tls12-in-tls13-client +[40-curve-sect283k1-tls12-in-tls13-ssl] +server = 40-curve-sect283k1-tls12-in-tls13-server +client = 40-curve-sect283k1-tls12-in-tls13-client -[37-curve-sect283k1-tls12-in-tls13-server] +[40-curve-sect283k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[37-curve-sect283k1-tls12-in-tls13-client] +[40-curve-sect283k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1:P-256 MaxProtocol = TLSv1.3 @@ -1196,7 +1292,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-37] +[test-40] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1204,21 +1300,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[38-curve-sect283r1-tls12-in-tls13] -ssl_conf = 38-curve-sect283r1-tls12-in-tls13-ssl +[41-curve-sect283r1-tls12-in-tls13] +ssl_conf = 41-curve-sect283r1-tls12-in-tls13-ssl -[38-curve-sect283r1-tls12-in-tls13-ssl] -server = 38-curve-sect283r1-tls12-in-tls13-server -client = 38-curve-sect283r1-tls12-in-tls13-client +[41-curve-sect283r1-tls12-in-tls13-ssl] +server = 41-curve-sect283r1-tls12-in-tls13-server +client = 41-curve-sect283r1-tls12-in-tls13-client -[38-curve-sect283r1-tls12-in-tls13-server] +[41-curve-sect283r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[38-curve-sect283r1-tls12-in-tls13-client] +[41-curve-sect283r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1:P-256 MaxProtocol = TLSv1.3 @@ -1226,7 +1322,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-38] +[test-41] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1234,21 +1330,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[39-curve-sect409k1-tls12-in-tls13] -ssl_conf = 39-curve-sect409k1-tls12-in-tls13-ssl +[42-curve-sect409k1-tls12-in-tls13] +ssl_conf = 42-curve-sect409k1-tls12-in-tls13-ssl -[39-curve-sect409k1-tls12-in-tls13-ssl] -server = 39-curve-sect409k1-tls12-in-tls13-server -client = 39-curve-sect409k1-tls12-in-tls13-client +[42-curve-sect409k1-tls12-in-tls13-ssl] +server = 42-curve-sect409k1-tls12-in-tls13-server +client = 42-curve-sect409k1-tls12-in-tls13-client -[39-curve-sect409k1-tls12-in-tls13-server] +[42-curve-sect409k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[39-curve-sect409k1-tls12-in-tls13-client] +[42-curve-sect409k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1:P-256 MaxProtocol = TLSv1.3 @@ -1256,7 +1352,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-39] +[test-42] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1264,21 +1360,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[40-curve-sect409r1-tls12-in-tls13] -ssl_conf = 40-curve-sect409r1-tls12-in-tls13-ssl +[43-curve-sect409r1-tls12-in-tls13] +ssl_conf = 43-curve-sect409r1-tls12-in-tls13-ssl -[40-curve-sect409r1-tls12-in-tls13-ssl] -server = 40-curve-sect409r1-tls12-in-tls13-server -client = 40-curve-sect409r1-tls12-in-tls13-client +[43-curve-sect409r1-tls12-in-tls13-ssl] +server = 43-curve-sect409r1-tls12-in-tls13-server +client = 43-curve-sect409r1-tls12-in-tls13-client -[40-curve-sect409r1-tls12-in-tls13-server] +[43-curve-sect409r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[40-curve-sect409r1-tls12-in-tls13-client] +[43-curve-sect409r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1:P-256 MaxProtocol = TLSv1.3 @@ -1286,7 +1382,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-40] +[test-43] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1294,21 +1390,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[41-curve-sect571k1-tls12-in-tls13] -ssl_conf = 41-curve-sect571k1-tls12-in-tls13-ssl +[44-curve-sect571k1-tls12-in-tls13] +ssl_conf = 44-curve-sect571k1-tls12-in-tls13-ssl -[41-curve-sect571k1-tls12-in-tls13-ssl] -server = 41-curve-sect571k1-tls12-in-tls13-server -client = 41-curve-sect571k1-tls12-in-tls13-client +[44-curve-sect571k1-tls12-in-tls13-ssl] +server = 44-curve-sect571k1-tls12-in-tls13-server +client = 44-curve-sect571k1-tls12-in-tls13-client -[41-curve-sect571k1-tls12-in-tls13-server] +[44-curve-sect571k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[41-curve-sect571k1-tls12-in-tls13-client] +[44-curve-sect571k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1:P-256 MaxProtocol = TLSv1.3 @@ -1316,7 +1412,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-41] +[test-44] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1324,21 +1420,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[42-curve-sect571r1-tls12-in-tls13] -ssl_conf = 42-curve-sect571r1-tls12-in-tls13-ssl +[45-curve-sect571r1-tls12-in-tls13] +ssl_conf = 45-curve-sect571r1-tls12-in-tls13-ssl -[42-curve-sect571r1-tls12-in-tls13-ssl] -server = 42-curve-sect571r1-tls12-in-tls13-server -client = 42-curve-sect571r1-tls12-in-tls13-client +[45-curve-sect571r1-tls12-in-tls13-ssl] +server = 45-curve-sect571r1-tls12-in-tls13-server +client = 45-curve-sect571r1-tls12-in-tls13-client -[42-curve-sect571r1-tls12-in-tls13-server] +[45-curve-sect571r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[42-curve-sect571r1-tls12-in-tls13-client] +[45-curve-sect571r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1:P-256 MaxProtocol = TLSv1.3 @@ -1346,7 +1442,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-42] +[test-45] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1354,21 +1450,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[43-curve-secp224r1-tls12-in-tls13] -ssl_conf = 43-curve-secp224r1-tls12-in-tls13-ssl +[46-curve-secp224r1-tls12-in-tls13] +ssl_conf = 46-curve-secp224r1-tls12-in-tls13-ssl -[43-curve-secp224r1-tls12-in-tls13-ssl] -server = 43-curve-secp224r1-tls12-in-tls13-server -client = 43-curve-secp224r1-tls12-in-tls13-client +[46-curve-secp224r1-tls12-in-tls13-ssl] +server = 46-curve-secp224r1-tls12-in-tls13-server +client = 46-curve-secp224r1-tls12-in-tls13-client -[43-curve-secp224r1-tls12-in-tls13-server] +[46-curve-secp224r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[43-curve-secp224r1-tls12-in-tls13-client] +[46-curve-secp224r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1:P-256 MaxProtocol = TLSv1.3 @@ -1376,7 +1472,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-43] +[test-46] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1384,21 +1480,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[44-curve-sect163k1-tls12-in-tls13] -ssl_conf = 44-curve-sect163k1-tls12-in-tls13-ssl +[47-curve-sect163k1-tls12-in-tls13] +ssl_conf = 47-curve-sect163k1-tls12-in-tls13-ssl -[44-curve-sect163k1-tls12-in-tls13-ssl] -server = 44-curve-sect163k1-tls12-in-tls13-server -client = 44-curve-sect163k1-tls12-in-tls13-client +[47-curve-sect163k1-tls12-in-tls13-ssl] +server = 47-curve-sect163k1-tls12-in-tls13-server +client = 47-curve-sect163k1-tls12-in-tls13-client -[44-curve-sect163k1-tls12-in-tls13-server] +[47-curve-sect163k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[44-curve-sect163k1-tls12-in-tls13-client] +[47-curve-sect163k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1:P-256 MaxProtocol = TLSv1.3 @@ -1406,7 +1502,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-44] +[test-47] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1414,21 +1510,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[45-curve-sect163r2-tls12-in-tls13] -ssl_conf = 45-curve-sect163r2-tls12-in-tls13-ssl +[48-curve-sect163r2-tls12-in-tls13] +ssl_conf = 48-curve-sect163r2-tls12-in-tls13-ssl -[45-curve-sect163r2-tls12-in-tls13-ssl] -server = 45-curve-sect163r2-tls12-in-tls13-server -client = 45-curve-sect163r2-tls12-in-tls13-client +[48-curve-sect163r2-tls12-in-tls13-ssl] +server = 48-curve-sect163r2-tls12-in-tls13-server +client = 48-curve-sect163r2-tls12-in-tls13-client -[45-curve-sect163r2-tls12-in-tls13-server] +[48-curve-sect163r2-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[45-curve-sect163r2-tls12-in-tls13-client] +[48-curve-sect163r2-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2:P-256 MaxProtocol = TLSv1.3 @@ -1436,7 +1532,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-45] +[test-48] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1444,21 +1540,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[46-curve-prime192v1-tls12-in-tls13] -ssl_conf = 46-curve-prime192v1-tls12-in-tls13-ssl +[49-curve-prime192v1-tls12-in-tls13] +ssl_conf = 49-curve-prime192v1-tls12-in-tls13-ssl -[46-curve-prime192v1-tls12-in-tls13-ssl] -server = 46-curve-prime192v1-tls12-in-tls13-server -client = 46-curve-prime192v1-tls12-in-tls13-client +[49-curve-prime192v1-tls12-in-tls13-ssl] +server = 49-curve-prime192v1-tls12-in-tls13-server +client = 49-curve-prime192v1-tls12-in-tls13-client -[46-curve-prime192v1-tls12-in-tls13-server] +[49-curve-prime192v1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[46-curve-prime192v1-tls12-in-tls13-client] +[49-curve-prime192v1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1:P-256 MaxProtocol = TLSv1.3 @@ -1466,7 +1562,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-46] +[test-49] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1474,21 +1570,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[47-curve-sect163r1-tls12-in-tls13] -ssl_conf = 47-curve-sect163r1-tls12-in-tls13-ssl +[50-curve-sect163r1-tls12-in-tls13] +ssl_conf = 50-curve-sect163r1-tls12-in-tls13-ssl -[47-curve-sect163r1-tls12-in-tls13-ssl] -server = 47-curve-sect163r1-tls12-in-tls13-server -client = 47-curve-sect163r1-tls12-in-tls13-client +[50-curve-sect163r1-tls12-in-tls13-ssl] +server = 50-curve-sect163r1-tls12-in-tls13-server +client = 50-curve-sect163r1-tls12-in-tls13-client -[47-curve-sect163r1-tls12-in-tls13-server] +[50-curve-sect163r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[47-curve-sect163r1-tls12-in-tls13-client] +[50-curve-sect163r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1:P-256 MaxProtocol = TLSv1.3 @@ -1496,7 +1592,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-47] +[test-50] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1504,21 +1600,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[48-curve-sect193r1-tls12-in-tls13] -ssl_conf = 48-curve-sect193r1-tls12-in-tls13-ssl +[51-curve-sect193r1-tls12-in-tls13] +ssl_conf = 51-curve-sect193r1-tls12-in-tls13-ssl -[48-curve-sect193r1-tls12-in-tls13-ssl] -server = 48-curve-sect193r1-tls12-in-tls13-server -client = 48-curve-sect193r1-tls12-in-tls13-client +[51-curve-sect193r1-tls12-in-tls13-ssl] +server = 51-curve-sect193r1-tls12-in-tls13-server +client = 51-curve-sect193r1-tls12-in-tls13-client -[48-curve-sect193r1-tls12-in-tls13-server] +[51-curve-sect193r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[48-curve-sect193r1-tls12-in-tls13-client] +[51-curve-sect193r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1:P-256 MaxProtocol = TLSv1.3 @@ -1526,7 +1622,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-48] +[test-51] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1534,21 +1630,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[49-curve-sect193r2-tls12-in-tls13] -ssl_conf = 49-curve-sect193r2-tls12-in-tls13-ssl +[52-curve-sect193r2-tls12-in-tls13] +ssl_conf = 52-curve-sect193r2-tls12-in-tls13-ssl -[49-curve-sect193r2-tls12-in-tls13-ssl] -server = 49-curve-sect193r2-tls12-in-tls13-server -client = 49-curve-sect193r2-tls12-in-tls13-client +[52-curve-sect193r2-tls12-in-tls13-ssl] +server = 52-curve-sect193r2-tls12-in-tls13-server +client = 52-curve-sect193r2-tls12-in-tls13-client -[49-curve-sect193r2-tls12-in-tls13-server] +[52-curve-sect193r2-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[49-curve-sect193r2-tls12-in-tls13-client] +[52-curve-sect193r2-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2:P-256 MaxProtocol = TLSv1.3 @@ -1556,7 +1652,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-49] +[test-52] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1564,21 +1660,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[50-curve-sect239k1-tls12-in-tls13] -ssl_conf = 50-curve-sect239k1-tls12-in-tls13-ssl +[53-curve-sect239k1-tls12-in-tls13] +ssl_conf = 53-curve-sect239k1-tls12-in-tls13-ssl -[50-curve-sect239k1-tls12-in-tls13-ssl] -server = 50-curve-sect239k1-tls12-in-tls13-server -client = 50-curve-sect239k1-tls12-in-tls13-client +[53-curve-sect239k1-tls12-in-tls13-ssl] +server = 53-curve-sect239k1-tls12-in-tls13-server +client = 53-curve-sect239k1-tls12-in-tls13-client -[50-curve-sect239k1-tls12-in-tls13-server] +[53-curve-sect239k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[50-curve-sect239k1-tls12-in-tls13-client] +[53-curve-sect239k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1:P-256 MaxProtocol = TLSv1.3 @@ -1586,7 +1682,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-50] +[test-53] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1594,21 +1690,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[51-curve-secp160k1-tls12-in-tls13] -ssl_conf = 51-curve-secp160k1-tls12-in-tls13-ssl +[54-curve-secp160k1-tls12-in-tls13] +ssl_conf = 54-curve-secp160k1-tls12-in-tls13-ssl -[51-curve-secp160k1-tls12-in-tls13-ssl] -server = 51-curve-secp160k1-tls12-in-tls13-server -client = 51-curve-secp160k1-tls12-in-tls13-client +[54-curve-secp160k1-tls12-in-tls13-ssl] +server = 54-curve-secp160k1-tls12-in-tls13-server +client = 54-curve-secp160k1-tls12-in-tls13-client -[51-curve-secp160k1-tls12-in-tls13-server] +[54-curve-secp160k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[51-curve-secp160k1-tls12-in-tls13-client] +[54-curve-secp160k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1:P-256 MaxProtocol = TLSv1.3 @@ -1616,7 +1712,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-51] +[test-54] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1624,21 +1720,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[52-curve-secp160r1-tls12-in-tls13] -ssl_conf = 52-curve-secp160r1-tls12-in-tls13-ssl +[55-curve-secp160r1-tls12-in-tls13] +ssl_conf = 55-curve-secp160r1-tls12-in-tls13-ssl -[52-curve-secp160r1-tls12-in-tls13-ssl] -server = 52-curve-secp160r1-tls12-in-tls13-server -client = 52-curve-secp160r1-tls12-in-tls13-client +[55-curve-secp160r1-tls12-in-tls13-ssl] +server = 55-curve-secp160r1-tls12-in-tls13-server +client = 55-curve-secp160r1-tls12-in-tls13-client -[52-curve-secp160r1-tls12-in-tls13-server] +[55-curve-secp160r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[52-curve-secp160r1-tls12-in-tls13-client] +[55-curve-secp160r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1:P-256 MaxProtocol = TLSv1.3 @@ -1646,7 +1742,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-52] +[test-55] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1654,21 +1750,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[53-curve-secp160r2-tls12-in-tls13] -ssl_conf = 53-curve-secp160r2-tls12-in-tls13-ssl +[56-curve-secp160r2-tls12-in-tls13] +ssl_conf = 56-curve-secp160r2-tls12-in-tls13-ssl -[53-curve-secp160r2-tls12-in-tls13-ssl] -server = 53-curve-secp160r2-tls12-in-tls13-server -client = 53-curve-secp160r2-tls12-in-tls13-client +[56-curve-secp160r2-tls12-in-tls13-ssl] +server = 56-curve-secp160r2-tls12-in-tls13-server +client = 56-curve-secp160r2-tls12-in-tls13-client -[53-curve-secp160r2-tls12-in-tls13-server] +[56-curve-secp160r2-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[53-curve-secp160r2-tls12-in-tls13-client] +[56-curve-secp160r2-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2:P-256 MaxProtocol = TLSv1.3 @@ -1676,7 +1772,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-53] +[test-56] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1684,21 +1780,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[54-curve-secp192k1-tls12-in-tls13] -ssl_conf = 54-curve-secp192k1-tls12-in-tls13-ssl +[57-curve-secp192k1-tls12-in-tls13] +ssl_conf = 57-curve-secp192k1-tls12-in-tls13-ssl -[54-curve-secp192k1-tls12-in-tls13-ssl] -server = 54-curve-secp192k1-tls12-in-tls13-server -client = 54-curve-secp192k1-tls12-in-tls13-client +[57-curve-secp192k1-tls12-in-tls13-ssl] +server = 57-curve-secp192k1-tls12-in-tls13-server +client = 57-curve-secp192k1-tls12-in-tls13-client -[54-curve-secp192k1-tls12-in-tls13-server] +[57-curve-secp192k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[54-curve-secp192k1-tls12-in-tls13-client] +[57-curve-secp192k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1:P-256 MaxProtocol = TLSv1.3 @@ -1706,7 +1802,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-54] +[test-57] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1714,21 +1810,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[55-curve-secp224k1-tls12-in-tls13] -ssl_conf = 55-curve-secp224k1-tls12-in-tls13-ssl +[58-curve-secp224k1-tls12-in-tls13] +ssl_conf = 58-curve-secp224k1-tls12-in-tls13-ssl -[55-curve-secp224k1-tls12-in-tls13-ssl] -server = 55-curve-secp224k1-tls12-in-tls13-server -client = 55-curve-secp224k1-tls12-in-tls13-client +[58-curve-secp224k1-tls12-in-tls13-ssl] +server = 58-curve-secp224k1-tls12-in-tls13-server +client = 58-curve-secp224k1-tls12-in-tls13-client -[55-curve-secp224k1-tls12-in-tls13-server] +[58-curve-secp224k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[55-curve-secp224k1-tls12-in-tls13-client] +[58-curve-secp224k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1:P-256 MaxProtocol = TLSv1.3 @@ -1736,7 +1832,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-55] +[test-58] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1744,21 +1840,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[56-curve-secp256k1-tls12-in-tls13] -ssl_conf = 56-curve-secp256k1-tls12-in-tls13-ssl +[59-curve-secp256k1-tls12-in-tls13] +ssl_conf = 59-curve-secp256k1-tls12-in-tls13-ssl -[56-curve-secp256k1-tls12-in-tls13-ssl] -server = 56-curve-secp256k1-tls12-in-tls13-server -client = 56-curve-secp256k1-tls12-in-tls13-client +[59-curve-secp256k1-tls12-in-tls13-ssl] +server = 59-curve-secp256k1-tls12-in-tls13-server +client = 59-curve-secp256k1-tls12-in-tls13-client -[56-curve-secp256k1-tls12-in-tls13-server] +[59-curve-secp256k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[56-curve-secp256k1-tls12-in-tls13-client] +[59-curve-secp256k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1:P-256 MaxProtocol = TLSv1.3 @@ -1766,7 +1862,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-56] +[test-59] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1774,21 +1870,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[57-curve-brainpoolP256r1-tls12-in-tls13] -ssl_conf = 57-curve-brainpoolP256r1-tls12-in-tls13-ssl +[60-curve-brainpoolP256r1-tls12-in-tls13] +ssl_conf = 60-curve-brainpoolP256r1-tls12-in-tls13-ssl -[57-curve-brainpoolP256r1-tls12-in-tls13-ssl] -server = 57-curve-brainpoolP256r1-tls12-in-tls13-server -client = 57-curve-brainpoolP256r1-tls12-in-tls13-client +[60-curve-brainpoolP256r1-tls12-in-tls13-ssl] +server = 60-curve-brainpoolP256r1-tls12-in-tls13-server +client = 60-curve-brainpoolP256r1-tls12-in-tls13-client -[57-curve-brainpoolP256r1-tls12-in-tls13-server] +[60-curve-brainpoolP256r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[57-curve-brainpoolP256r1-tls12-in-tls13-client] +[60-curve-brainpoolP256r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1:P-256 MaxProtocol = TLSv1.3 @@ -1796,7 +1892,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-57] +[test-60] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1804,21 +1900,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[58-curve-brainpoolP384r1-tls12-in-tls13] -ssl_conf = 58-curve-brainpoolP384r1-tls12-in-tls13-ssl +[61-curve-brainpoolP384r1-tls12-in-tls13] +ssl_conf = 61-curve-brainpoolP384r1-tls12-in-tls13-ssl -[58-curve-brainpoolP384r1-tls12-in-tls13-ssl] -server = 58-curve-brainpoolP384r1-tls12-in-tls13-server -client = 58-curve-brainpoolP384r1-tls12-in-tls13-client +[61-curve-brainpoolP384r1-tls12-in-tls13-ssl] +server = 61-curve-brainpoolP384r1-tls12-in-tls13-server +client = 61-curve-brainpoolP384r1-tls12-in-tls13-client -[58-curve-brainpoolP384r1-tls12-in-tls13-server] +[61-curve-brainpoolP384r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[58-curve-brainpoolP384r1-tls12-in-tls13-client] +[61-curve-brainpoolP384r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1:P-256 MaxProtocol = TLSv1.3 @@ -1826,7 +1922,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-58] +[test-61] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1834,21 +1930,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[59-curve-brainpoolP512r1-tls12-in-tls13] -ssl_conf = 59-curve-brainpoolP512r1-tls12-in-tls13-ssl +[62-curve-brainpoolP512r1-tls12-in-tls13] +ssl_conf = 62-curve-brainpoolP512r1-tls12-in-tls13-ssl -[59-curve-brainpoolP512r1-tls12-in-tls13-ssl] -server = 59-curve-brainpoolP512r1-tls12-in-tls13-server -client = 59-curve-brainpoolP512r1-tls12-in-tls13-client +[62-curve-brainpoolP512r1-tls12-in-tls13-ssl] +server = 62-curve-brainpoolP512r1-tls12-in-tls13-server +client = 62-curve-brainpoolP512r1-tls12-in-tls13-client -[59-curve-brainpoolP512r1-tls12-in-tls13-server] +[62-curve-brainpoolP512r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[59-curve-brainpoolP512r1-tls12-in-tls13-client] +[62-curve-brainpoolP512r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1:P-256 MaxProtocol = TLSv1.3 @@ -1856,7 +1952,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-59] +[test-62] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1864,946 +1960,1108 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[60-curve-sect233k1-tls13] -ssl_conf = 60-curve-sect233k1-tls13-ssl +[63-curve-sect233k1-tls13] +ssl_conf = 63-curve-sect233k1-tls13-ssl -[60-curve-sect233k1-tls13-ssl] -server = 60-curve-sect233k1-tls13-server -client = 60-curve-sect233k1-tls13-client +[63-curve-sect233k1-tls13-ssl] +server = 63-curve-sect233k1-tls13-server +client = 63-curve-sect233k1-tls13-client -[60-curve-sect233k1-tls13-server] +[63-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[60-curve-sect233k1-tls13-client] -CipherString = ECDHE +[63-curve-sect233k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-60] +[test-63] ExpectedResult = ClientFail # =========================================================== -[61-curve-sect233r1-tls13] -ssl_conf = 61-curve-sect233r1-tls13-ssl +[64-curve-sect233r1-tls13] +ssl_conf = 64-curve-sect233r1-tls13-ssl -[61-curve-sect233r1-tls13-ssl] -server = 61-curve-sect233r1-tls13-server -client = 61-curve-sect233r1-tls13-client +[64-curve-sect233r1-tls13-ssl] +server = 64-curve-sect233r1-tls13-server +client = 64-curve-sect233r1-tls13-client -[61-curve-sect233r1-tls13-server] +[64-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[61-curve-sect233r1-tls13-client] -CipherString = ECDHE +[64-curve-sect233r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-61] +[test-64] ExpectedResult = ClientFail # =========================================================== -[62-curve-sect283k1-tls13] -ssl_conf = 62-curve-sect283k1-tls13-ssl +[65-curve-sect283k1-tls13] +ssl_conf = 65-curve-sect283k1-tls13-ssl -[62-curve-sect283k1-tls13-ssl] -server = 62-curve-sect283k1-tls13-server -client = 62-curve-sect283k1-tls13-client +[65-curve-sect283k1-tls13-ssl] +server = 65-curve-sect283k1-tls13-server +client = 65-curve-sect283k1-tls13-client -[62-curve-sect283k1-tls13-server] +[65-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[62-curve-sect283k1-tls13-client] -CipherString = ECDHE +[65-curve-sect283k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-62] +[test-65] ExpectedResult = ClientFail # =========================================================== -[63-curve-sect283r1-tls13] -ssl_conf = 63-curve-sect283r1-tls13-ssl +[66-curve-sect283r1-tls13] +ssl_conf = 66-curve-sect283r1-tls13-ssl -[63-curve-sect283r1-tls13-ssl] -server = 63-curve-sect283r1-tls13-server -client = 63-curve-sect283r1-tls13-client +[66-curve-sect283r1-tls13-ssl] +server = 66-curve-sect283r1-tls13-server +client = 66-curve-sect283r1-tls13-client -[63-curve-sect283r1-tls13-server] +[66-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[63-curve-sect283r1-tls13-client] -CipherString = ECDHE +[66-curve-sect283r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-63] +[test-66] ExpectedResult = ClientFail # =========================================================== -[64-curve-sect409k1-tls13] -ssl_conf = 64-curve-sect409k1-tls13-ssl +[67-curve-sect409k1-tls13] +ssl_conf = 67-curve-sect409k1-tls13-ssl -[64-curve-sect409k1-tls13-ssl] -server = 64-curve-sect409k1-tls13-server -client = 64-curve-sect409k1-tls13-client +[67-curve-sect409k1-tls13-ssl] +server = 67-curve-sect409k1-tls13-server +client = 67-curve-sect409k1-tls13-client -[64-curve-sect409k1-tls13-server] +[67-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[64-curve-sect409k1-tls13-client] -CipherString = ECDHE +[67-curve-sect409k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-64] +[test-67] ExpectedResult = ClientFail # =========================================================== -[65-curve-sect409r1-tls13] -ssl_conf = 65-curve-sect409r1-tls13-ssl +[68-curve-sect409r1-tls13] +ssl_conf = 68-curve-sect409r1-tls13-ssl -[65-curve-sect409r1-tls13-ssl] -server = 65-curve-sect409r1-tls13-server -client = 65-curve-sect409r1-tls13-client +[68-curve-sect409r1-tls13-ssl] +server = 68-curve-sect409r1-tls13-server +client = 68-curve-sect409r1-tls13-client -[65-curve-sect409r1-tls13-server] +[68-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[65-curve-sect409r1-tls13-client] -CipherString = ECDHE +[68-curve-sect409r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-65] +[test-68] ExpectedResult = ClientFail # =========================================================== -[66-curve-sect571k1-tls13] -ssl_conf = 66-curve-sect571k1-tls13-ssl +[69-curve-sect571k1-tls13] +ssl_conf = 69-curve-sect571k1-tls13-ssl -[66-curve-sect571k1-tls13-ssl] -server = 66-curve-sect571k1-tls13-server -client = 66-curve-sect571k1-tls13-client +[69-curve-sect571k1-tls13-ssl] +server = 69-curve-sect571k1-tls13-server +client = 69-curve-sect571k1-tls13-client -[66-curve-sect571k1-tls13-server] +[69-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[66-curve-sect571k1-tls13-client] -CipherString = ECDHE +[69-curve-sect571k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-66] +[test-69] ExpectedResult = ClientFail # =========================================================== -[67-curve-sect571r1-tls13] -ssl_conf = 67-curve-sect571r1-tls13-ssl +[70-curve-sect571r1-tls13] +ssl_conf = 70-curve-sect571r1-tls13-ssl -[67-curve-sect571r1-tls13-ssl] -server = 67-curve-sect571r1-tls13-server -client = 67-curve-sect571r1-tls13-client +[70-curve-sect571r1-tls13-ssl] +server = 70-curve-sect571r1-tls13-server +client = 70-curve-sect571r1-tls13-client -[67-curve-sect571r1-tls13-server] +[70-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[67-curve-sect571r1-tls13-client] -CipherString = ECDHE +[70-curve-sect571r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-67] +[test-70] ExpectedResult = ClientFail # =========================================================== -[68-curve-secp224r1-tls13] -ssl_conf = 68-curve-secp224r1-tls13-ssl +[71-curve-secp224r1-tls13] +ssl_conf = 71-curve-secp224r1-tls13-ssl -[68-curve-secp224r1-tls13-ssl] -server = 68-curve-secp224r1-tls13-server -client = 68-curve-secp224r1-tls13-client +[71-curve-secp224r1-tls13-ssl] +server = 71-curve-secp224r1-tls13-server +client = 71-curve-secp224r1-tls13-client -[68-curve-secp224r1-tls13-server] +[71-curve-secp224r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[68-curve-secp224r1-tls13-client] -CipherString = ECDHE +[71-curve-secp224r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-68] +[test-71] ExpectedResult = ClientFail # =========================================================== -[69-curve-sect163k1-tls13] -ssl_conf = 69-curve-sect163k1-tls13-ssl +[72-curve-sect163k1-tls13] +ssl_conf = 72-curve-sect163k1-tls13-ssl -[69-curve-sect163k1-tls13-ssl] -server = 69-curve-sect163k1-tls13-server -client = 69-curve-sect163k1-tls13-client +[72-curve-sect163k1-tls13-ssl] +server = 72-curve-sect163k1-tls13-server +client = 72-curve-sect163k1-tls13-client -[69-curve-sect163k1-tls13-server] +[72-curve-sect163k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[69-curve-sect163k1-tls13-client] -CipherString = ECDHE +[72-curve-sect163k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-69] +[test-72] ExpectedResult = ClientFail # =========================================================== -[70-curve-sect163r2-tls13] -ssl_conf = 70-curve-sect163r2-tls13-ssl +[73-curve-sect163r2-tls13] +ssl_conf = 73-curve-sect163r2-tls13-ssl -[70-curve-sect163r2-tls13-ssl] -server = 70-curve-sect163r2-tls13-server -client = 70-curve-sect163r2-tls13-client +[73-curve-sect163r2-tls13-ssl] +server = 73-curve-sect163r2-tls13-server +client = 73-curve-sect163r2-tls13-client -[70-curve-sect163r2-tls13-server] +[73-curve-sect163r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[70-curve-sect163r2-tls13-client] -CipherString = ECDHE +[73-curve-sect163r2-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-70] +[test-73] ExpectedResult = ClientFail # =========================================================== -[71-curve-prime192v1-tls13] -ssl_conf = 71-curve-prime192v1-tls13-ssl +[74-curve-prime192v1-tls13] +ssl_conf = 74-curve-prime192v1-tls13-ssl -[71-curve-prime192v1-tls13-ssl] -server = 71-curve-prime192v1-tls13-server -client = 71-curve-prime192v1-tls13-client +[74-curve-prime192v1-tls13-ssl] +server = 74-curve-prime192v1-tls13-server +client = 74-curve-prime192v1-tls13-client -[71-curve-prime192v1-tls13-server] +[74-curve-prime192v1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[71-curve-prime192v1-tls13-client] -CipherString = ECDHE +[74-curve-prime192v1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-71] +[test-74] ExpectedResult = ClientFail # =========================================================== -[72-curve-sect163r1-tls13] -ssl_conf = 72-curve-sect163r1-tls13-ssl +[75-curve-sect163r1-tls13] +ssl_conf = 75-curve-sect163r1-tls13-ssl -[72-curve-sect163r1-tls13-ssl] -server = 72-curve-sect163r1-tls13-server -client = 72-curve-sect163r1-tls13-client +[75-curve-sect163r1-tls13-ssl] +server = 75-curve-sect163r1-tls13-server +client = 75-curve-sect163r1-tls13-client -[72-curve-sect163r1-tls13-server] +[75-curve-sect163r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[72-curve-sect163r1-tls13-client] -CipherString = ECDHE +[75-curve-sect163r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-72] +[test-75] ExpectedResult = ClientFail # =========================================================== -[73-curve-sect193r1-tls13] -ssl_conf = 73-curve-sect193r1-tls13-ssl +[76-curve-sect193r1-tls13] +ssl_conf = 76-curve-sect193r1-tls13-ssl -[73-curve-sect193r1-tls13-ssl] -server = 73-curve-sect193r1-tls13-server -client = 73-curve-sect193r1-tls13-client +[76-curve-sect193r1-tls13-ssl] +server = 76-curve-sect193r1-tls13-server +client = 76-curve-sect193r1-tls13-client -[73-curve-sect193r1-tls13-server] +[76-curve-sect193r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[73-curve-sect193r1-tls13-client] -CipherString = ECDHE +[76-curve-sect193r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-73] +[test-76] ExpectedResult = ClientFail # =========================================================== -[74-curve-sect193r2-tls13] -ssl_conf = 74-curve-sect193r2-tls13-ssl +[77-curve-sect193r2-tls13] +ssl_conf = 77-curve-sect193r2-tls13-ssl -[74-curve-sect193r2-tls13-ssl] -server = 74-curve-sect193r2-tls13-server -client = 74-curve-sect193r2-tls13-client +[77-curve-sect193r2-tls13-ssl] +server = 77-curve-sect193r2-tls13-server +client = 77-curve-sect193r2-tls13-client -[74-curve-sect193r2-tls13-server] +[77-curve-sect193r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[74-curve-sect193r2-tls13-client] -CipherString = ECDHE +[77-curve-sect193r2-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-74] +[test-77] ExpectedResult = ClientFail # =========================================================== -[75-curve-sect239k1-tls13] -ssl_conf = 75-curve-sect239k1-tls13-ssl +[78-curve-sect239k1-tls13] +ssl_conf = 78-curve-sect239k1-tls13-ssl -[75-curve-sect239k1-tls13-ssl] -server = 75-curve-sect239k1-tls13-server -client = 75-curve-sect239k1-tls13-client +[78-curve-sect239k1-tls13-ssl] +server = 78-curve-sect239k1-tls13-server +client = 78-curve-sect239k1-tls13-client -[75-curve-sect239k1-tls13-server] +[78-curve-sect239k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[75-curve-sect239k1-tls13-client] -CipherString = ECDHE +[78-curve-sect239k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-75] +[test-78] ExpectedResult = ClientFail # =========================================================== -[76-curve-secp160k1-tls13] -ssl_conf = 76-curve-secp160k1-tls13-ssl +[79-curve-secp160k1-tls13] +ssl_conf = 79-curve-secp160k1-tls13-ssl -[76-curve-secp160k1-tls13-ssl] -server = 76-curve-secp160k1-tls13-server -client = 76-curve-secp160k1-tls13-client +[79-curve-secp160k1-tls13-ssl] +server = 79-curve-secp160k1-tls13-server +client = 79-curve-secp160k1-tls13-client -[76-curve-secp160k1-tls13-server] +[79-curve-secp160k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[76-curve-secp160k1-tls13-client] -CipherString = ECDHE +[79-curve-secp160k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-76] +[test-79] ExpectedResult = ClientFail # =========================================================== -[77-curve-secp160r1-tls13] -ssl_conf = 77-curve-secp160r1-tls13-ssl +[80-curve-secp160r1-tls13] +ssl_conf = 80-curve-secp160r1-tls13-ssl -[77-curve-secp160r1-tls13-ssl] -server = 77-curve-secp160r1-tls13-server -client = 77-curve-secp160r1-tls13-client +[80-curve-secp160r1-tls13-ssl] +server = 80-curve-secp160r1-tls13-server +client = 80-curve-secp160r1-tls13-client -[77-curve-secp160r1-tls13-server] +[80-curve-secp160r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[77-curve-secp160r1-tls13-client] -CipherString = ECDHE +[80-curve-secp160r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-77] +[test-80] ExpectedResult = ClientFail # =========================================================== -[78-curve-secp160r2-tls13] -ssl_conf = 78-curve-secp160r2-tls13-ssl +[81-curve-secp160r2-tls13] +ssl_conf = 81-curve-secp160r2-tls13-ssl -[78-curve-secp160r2-tls13-ssl] -server = 78-curve-secp160r2-tls13-server -client = 78-curve-secp160r2-tls13-client +[81-curve-secp160r2-tls13-ssl] +server = 81-curve-secp160r2-tls13-server +client = 81-curve-secp160r2-tls13-client -[78-curve-secp160r2-tls13-server] +[81-curve-secp160r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[78-curve-secp160r2-tls13-client] -CipherString = ECDHE +[81-curve-secp160r2-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-78] +[test-81] ExpectedResult = ClientFail # =========================================================== -[79-curve-secp192k1-tls13] -ssl_conf = 79-curve-secp192k1-tls13-ssl +[82-curve-secp192k1-tls13] +ssl_conf = 82-curve-secp192k1-tls13-ssl -[79-curve-secp192k1-tls13-ssl] -server = 79-curve-secp192k1-tls13-server -client = 79-curve-secp192k1-tls13-client +[82-curve-secp192k1-tls13-ssl] +server = 82-curve-secp192k1-tls13-server +client = 82-curve-secp192k1-tls13-client -[79-curve-secp192k1-tls13-server] +[82-curve-secp192k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[79-curve-secp192k1-tls13-client] -CipherString = ECDHE +[82-curve-secp192k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-79] +[test-82] ExpectedResult = ClientFail # =========================================================== -[80-curve-secp224k1-tls13] -ssl_conf = 80-curve-secp224k1-tls13-ssl +[83-curve-secp224k1-tls13] +ssl_conf = 83-curve-secp224k1-tls13-ssl -[80-curve-secp224k1-tls13-ssl] -server = 80-curve-secp224k1-tls13-server -client = 80-curve-secp224k1-tls13-client +[83-curve-secp224k1-tls13-ssl] +server = 83-curve-secp224k1-tls13-server +client = 83-curve-secp224k1-tls13-client -[80-curve-secp224k1-tls13-server] +[83-curve-secp224k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[80-curve-secp224k1-tls13-client] -CipherString = ECDHE +[83-curve-secp224k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-80] +[test-83] ExpectedResult = ClientFail # =========================================================== -[81-curve-secp256k1-tls13] -ssl_conf = 81-curve-secp256k1-tls13-ssl +[84-curve-secp256k1-tls13] +ssl_conf = 84-curve-secp256k1-tls13-ssl -[81-curve-secp256k1-tls13-ssl] -server = 81-curve-secp256k1-tls13-server -client = 81-curve-secp256k1-tls13-client +[84-curve-secp256k1-tls13-ssl] +server = 84-curve-secp256k1-tls13-server +client = 84-curve-secp256k1-tls13-client -[81-curve-secp256k1-tls13-server] +[84-curve-secp256k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[81-curve-secp256k1-tls13-client] -CipherString = ECDHE +[84-curve-secp256k1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-81] +[test-84] ExpectedResult = ClientFail # =========================================================== -[82-curve-brainpoolP256r1-tls13] -ssl_conf = 82-curve-brainpoolP256r1-tls13-ssl +[85-curve-brainpoolP256r1-tls13] +ssl_conf = 85-curve-brainpoolP256r1-tls13-ssl -[82-curve-brainpoolP256r1-tls13-ssl] -server = 82-curve-brainpoolP256r1-tls13-server -client = 82-curve-brainpoolP256r1-tls13-client +[85-curve-brainpoolP256r1-tls13-ssl] +server = 85-curve-brainpoolP256r1-tls13-server +client = 85-curve-brainpoolP256r1-tls13-client -[82-curve-brainpoolP256r1-tls13-server] +[85-curve-brainpoolP256r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[82-curve-brainpoolP256r1-tls13-client] -CipherString = ECDHE +[85-curve-brainpoolP256r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-82] +[test-85] ExpectedResult = ClientFail # =========================================================== -[83-curve-brainpoolP384r1-tls13] -ssl_conf = 83-curve-brainpoolP384r1-tls13-ssl +[86-curve-brainpoolP384r1-tls13] +ssl_conf = 86-curve-brainpoolP384r1-tls13-ssl -[83-curve-brainpoolP384r1-tls13-ssl] -server = 83-curve-brainpoolP384r1-tls13-server -client = 83-curve-brainpoolP384r1-tls13-client +[86-curve-brainpoolP384r1-tls13-ssl] +server = 86-curve-brainpoolP384r1-tls13-server +client = 86-curve-brainpoolP384r1-tls13-client -[83-curve-brainpoolP384r1-tls13-server] +[86-curve-brainpoolP384r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[83-curve-brainpoolP384r1-tls13-client] -CipherString = ECDHE +[86-curve-brainpoolP384r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-83] +[test-86] ExpectedResult = ClientFail # =========================================================== -[84-curve-brainpoolP512r1-tls13] -ssl_conf = 84-curve-brainpoolP512r1-tls13-ssl +[87-curve-brainpoolP512r1-tls13] +ssl_conf = 87-curve-brainpoolP512r1-tls13-ssl -[84-curve-brainpoolP512r1-tls13-ssl] -server = 84-curve-brainpoolP512r1-tls13-server -client = 84-curve-brainpoolP512r1-tls13-client +[87-curve-brainpoolP512r1-tls13-ssl] +server = 87-curve-brainpoolP512r1-tls13-server +client = 87-curve-brainpoolP512r1-tls13-client -[84-curve-brainpoolP512r1-tls13-server] +[87-curve-brainpoolP512r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[84-curve-brainpoolP512r1-tls13-client] -CipherString = ECDHE +[87-curve-brainpoolP512r1-tls13-client] +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-84] +[test-87] ExpectedResult = ClientFail # =========================================================== -[85-curve-ffdhe2048-tls13-in-tls12] -ssl_conf = 85-curve-ffdhe2048-tls13-in-tls12-ssl +[88-curve-ffdhe2048-tls13-in-tls12] +ssl_conf = 88-curve-ffdhe2048-tls13-in-tls12-ssl -[85-curve-ffdhe2048-tls13-in-tls12-ssl] -server = 85-curve-ffdhe2048-tls13-in-tls12-server -client = 85-curve-ffdhe2048-tls13-in-tls12-client +[88-curve-ffdhe2048-tls13-in-tls12-ssl] +server = 88-curve-ffdhe2048-tls13-in-tls12-server +client = 88-curve-ffdhe2048-tls13-in-tls12-client -[85-curve-ffdhe2048-tls13-in-tls12-server] +[88-curve-ffdhe2048-tls13-in-tls12-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[85-curve-ffdhe2048-tls13-in-tls12-client] +[88-curve-ffdhe2048-tls13-in-tls12-client] CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-85] +[test-88] ExpectedResult = ServerFail # =========================================================== -[86-curve-ffdhe2048-tls13-in-tls12-2] -ssl_conf = 86-curve-ffdhe2048-tls13-in-tls12-2-ssl +[89-curve-ffdhe2048-tls13-in-tls12-2] +ssl_conf = 89-curve-ffdhe2048-tls13-in-tls12-2-ssl -[86-curve-ffdhe2048-tls13-in-tls12-2-ssl] -server = 86-curve-ffdhe2048-tls13-in-tls12-2-server -client = 86-curve-ffdhe2048-tls13-in-tls12-2-client +[89-curve-ffdhe2048-tls13-in-tls12-2-ssl] +server = 89-curve-ffdhe2048-tls13-in-tls12-2-server +client = 89-curve-ffdhe2048-tls13-in-tls12-2-client -[86-curve-ffdhe2048-tls13-in-tls12-2-server] +[89-curve-ffdhe2048-tls13-in-tls12-2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[86-curve-ffdhe2048-tls13-in-tls12-2-client] +[89-curve-ffdhe2048-tls13-in-tls12-2-client] CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-86] +[test-89] ExpectedResult = Success # =========================================================== -[87-curve-ffdhe3072-tls13-in-tls12] -ssl_conf = 87-curve-ffdhe3072-tls13-in-tls12-ssl +[90-curve-ffdhe3072-tls13-in-tls12] +ssl_conf = 90-curve-ffdhe3072-tls13-in-tls12-ssl -[87-curve-ffdhe3072-tls13-in-tls12-ssl] -server = 87-curve-ffdhe3072-tls13-in-tls12-server -client = 87-curve-ffdhe3072-tls13-in-tls12-client +[90-curve-ffdhe3072-tls13-in-tls12-ssl] +server = 90-curve-ffdhe3072-tls13-in-tls12-server +client = 90-curve-ffdhe3072-tls13-in-tls12-client -[87-curve-ffdhe3072-tls13-in-tls12-server] +[90-curve-ffdhe3072-tls13-in-tls12-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[87-curve-ffdhe3072-tls13-in-tls12-client] +[90-curve-ffdhe3072-tls13-in-tls12-client] CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-87] +[test-90] ExpectedResult = ServerFail # =========================================================== -[88-curve-ffdhe3072-tls13-in-tls12-2] -ssl_conf = 88-curve-ffdhe3072-tls13-in-tls12-2-ssl +[91-curve-ffdhe3072-tls13-in-tls12-2] +ssl_conf = 91-curve-ffdhe3072-tls13-in-tls12-2-ssl -[88-curve-ffdhe3072-tls13-in-tls12-2-ssl] -server = 88-curve-ffdhe3072-tls13-in-tls12-2-server -client = 88-curve-ffdhe3072-tls13-in-tls12-2-client +[91-curve-ffdhe3072-tls13-in-tls12-2-ssl] +server = 91-curve-ffdhe3072-tls13-in-tls12-2-server +client = 91-curve-ffdhe3072-tls13-in-tls12-2-client -[88-curve-ffdhe3072-tls13-in-tls12-2-server] +[91-curve-ffdhe3072-tls13-in-tls12-2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[88-curve-ffdhe3072-tls13-in-tls12-2-client] +[91-curve-ffdhe3072-tls13-in-tls12-2-client] CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-88] +[test-91] ExpectedResult = Success # =========================================================== -[89-curve-ffdhe4096-tls13-in-tls12] -ssl_conf = 89-curve-ffdhe4096-tls13-in-tls12-ssl +[92-curve-ffdhe4096-tls13-in-tls12] +ssl_conf = 92-curve-ffdhe4096-tls13-in-tls12-ssl -[89-curve-ffdhe4096-tls13-in-tls12-ssl] -server = 89-curve-ffdhe4096-tls13-in-tls12-server -client = 89-curve-ffdhe4096-tls13-in-tls12-client +[92-curve-ffdhe4096-tls13-in-tls12-ssl] +server = 92-curve-ffdhe4096-tls13-in-tls12-server +client = 92-curve-ffdhe4096-tls13-in-tls12-client -[89-curve-ffdhe4096-tls13-in-tls12-server] +[92-curve-ffdhe4096-tls13-in-tls12-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[89-curve-ffdhe4096-tls13-in-tls12-client] +[92-curve-ffdhe4096-tls13-in-tls12-client] CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-89] +[test-92] ExpectedResult = ServerFail # =========================================================== -[90-curve-ffdhe4096-tls13-in-tls12-2] -ssl_conf = 90-curve-ffdhe4096-tls13-in-tls12-2-ssl +[93-curve-ffdhe4096-tls13-in-tls12-2] +ssl_conf = 93-curve-ffdhe4096-tls13-in-tls12-2-ssl -[90-curve-ffdhe4096-tls13-in-tls12-2-ssl] -server = 90-curve-ffdhe4096-tls13-in-tls12-2-server -client = 90-curve-ffdhe4096-tls13-in-tls12-2-client +[93-curve-ffdhe4096-tls13-in-tls12-2-ssl] +server = 93-curve-ffdhe4096-tls13-in-tls12-2-server +client = 93-curve-ffdhe4096-tls13-in-tls12-2-client -[90-curve-ffdhe4096-tls13-in-tls12-2-server] +[93-curve-ffdhe4096-tls13-in-tls12-2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[90-curve-ffdhe4096-tls13-in-tls12-2-client] +[93-curve-ffdhe4096-tls13-in-tls12-2-client] CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-90] +[test-93] ExpectedResult = Success # =========================================================== -[91-curve-ffdhe6144-tls13-in-tls12] -ssl_conf = 91-curve-ffdhe6144-tls13-in-tls12-ssl +[94-curve-ffdhe6144-tls13-in-tls12] +ssl_conf = 94-curve-ffdhe6144-tls13-in-tls12-ssl -[91-curve-ffdhe6144-tls13-in-tls12-ssl] -server = 91-curve-ffdhe6144-tls13-in-tls12-server -client = 91-curve-ffdhe6144-tls13-in-tls12-client +[94-curve-ffdhe6144-tls13-in-tls12-ssl] +server = 94-curve-ffdhe6144-tls13-in-tls12-server +client = 94-curve-ffdhe6144-tls13-in-tls12-client -[91-curve-ffdhe6144-tls13-in-tls12-server] +[94-curve-ffdhe6144-tls13-in-tls12-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[91-curve-ffdhe6144-tls13-in-tls12-client] +[94-curve-ffdhe6144-tls13-in-tls12-client] CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-91] +[test-94] ExpectedResult = ServerFail # =========================================================== -[92-curve-ffdhe6144-tls13-in-tls12-2] -ssl_conf = 92-curve-ffdhe6144-tls13-in-tls12-2-ssl +[95-curve-ffdhe6144-tls13-in-tls12-2] +ssl_conf = 95-curve-ffdhe6144-tls13-in-tls12-2-ssl -[92-curve-ffdhe6144-tls13-in-tls12-2-ssl] -server = 92-curve-ffdhe6144-tls13-in-tls12-2-server -client = 92-curve-ffdhe6144-tls13-in-tls12-2-client +[95-curve-ffdhe6144-tls13-in-tls12-2-ssl] +server = 95-curve-ffdhe6144-tls13-in-tls12-2-server +client = 95-curve-ffdhe6144-tls13-in-tls12-2-client -[92-curve-ffdhe6144-tls13-in-tls12-2-server] +[95-curve-ffdhe6144-tls13-in-tls12-2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[92-curve-ffdhe6144-tls13-in-tls12-2-client] +[95-curve-ffdhe6144-tls13-in-tls12-2-client] CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-92] +[test-95] ExpectedResult = Success # =========================================================== -[93-curve-ffdhe8192-tls13-in-tls12] -ssl_conf = 93-curve-ffdhe8192-tls13-in-tls12-ssl +[96-curve-ffdhe8192-tls13-in-tls12] +ssl_conf = 96-curve-ffdhe8192-tls13-in-tls12-ssl -[93-curve-ffdhe8192-tls13-in-tls12-ssl] -server = 93-curve-ffdhe8192-tls13-in-tls12-server -client = 93-curve-ffdhe8192-tls13-in-tls12-client +[96-curve-ffdhe8192-tls13-in-tls12-ssl] +server = 96-curve-ffdhe8192-tls13-in-tls12-server +client = 96-curve-ffdhe8192-tls13-in-tls12-client -[93-curve-ffdhe8192-tls13-in-tls12-server] +[96-curve-ffdhe8192-tls13-in-tls12-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[93-curve-ffdhe8192-tls13-in-tls12-client] +[96-curve-ffdhe8192-tls13-in-tls12-client] CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-93] +[test-96] ExpectedResult = ServerFail # =========================================================== -[94-curve-ffdhe8192-tls13-in-tls12-2] -ssl_conf = 94-curve-ffdhe8192-tls13-in-tls12-2-ssl +[97-curve-ffdhe8192-tls13-in-tls12-2] +ssl_conf = 97-curve-ffdhe8192-tls13-in-tls12-2-ssl -[94-curve-ffdhe8192-tls13-in-tls12-2-ssl] -server = 94-curve-ffdhe8192-tls13-in-tls12-2-server -client = 94-curve-ffdhe8192-tls13-in-tls12-2-client +[97-curve-ffdhe8192-tls13-in-tls12-2-ssl] +server = 97-curve-ffdhe8192-tls13-in-tls12-2-server +client = 97-curve-ffdhe8192-tls13-in-tls12-2-client -[94-curve-ffdhe8192-tls13-in-tls12-2-server] +[97-curve-ffdhe8192-tls13-in-tls12-2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[94-curve-ffdhe8192-tls13-in-tls12-2-client] +[97-curve-ffdhe8192-tls13-in-tls12-2-client] CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-94] +[test-97] +ExpectedResult = Success + + +# =========================================================== + +[98-curve-brainpoolP256r1tls13-tls13-in-tls12] +ssl_conf = 98-curve-brainpoolP256r1tls13-tls13-in-tls12-ssl + +[98-curve-brainpoolP256r1tls13-tls13-in-tls12-ssl] +server = 98-curve-brainpoolP256r1tls13-tls13-in-tls12-server +client = 98-curve-brainpoolP256r1tls13-tls13-in-tls12-client + +[98-curve-brainpoolP256r1tls13-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[98-curve-brainpoolP256r1tls13-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-98] +ExpectedResult = ServerFail + + +# =========================================================== + +[99-curve-brainpoolP256r1tls13-tls13-in-tls12-2] +ssl_conf = 99-curve-brainpoolP256r1tls13-tls13-in-tls12-2-ssl + +[99-curve-brainpoolP256r1tls13-tls13-in-tls12-2-ssl] +server = 99-curve-brainpoolP256r1tls13-tls13-in-tls12-2-server +client = 99-curve-brainpoolP256r1tls13-tls13-in-tls12-2-client + +[99-curve-brainpoolP256r1tls13-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[99-curve-brainpoolP256r1tls13-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-99] +ExpectedResult = Success + + +# =========================================================== + +[100-curve-brainpoolP384r1tls13-tls13-in-tls12] +ssl_conf = 100-curve-brainpoolP384r1tls13-tls13-in-tls12-ssl + +[100-curve-brainpoolP384r1tls13-tls13-in-tls12-ssl] +server = 100-curve-brainpoolP384r1tls13-tls13-in-tls12-server +client = 100-curve-brainpoolP384r1tls13-tls13-in-tls12-client + +[100-curve-brainpoolP384r1tls13-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[100-curve-brainpoolP384r1tls13-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-100] +ExpectedResult = ServerFail + + +# =========================================================== + +[101-curve-brainpoolP384r1tls13-tls13-in-tls12-2] +ssl_conf = 101-curve-brainpoolP384r1tls13-tls13-in-tls12-2-ssl + +[101-curve-brainpoolP384r1tls13-tls13-in-tls12-2-ssl] +server = 101-curve-brainpoolP384r1tls13-tls13-in-tls12-2-server +client = 101-curve-brainpoolP384r1tls13-tls13-in-tls12-2-client + +[101-curve-brainpoolP384r1tls13-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[101-curve-brainpoolP384r1tls13-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-101] +ExpectedResult = Success + + +# =========================================================== + +[102-curve-brainpoolP512r1tls13-tls13-in-tls12] +ssl_conf = 102-curve-brainpoolP512r1tls13-tls13-in-tls12-ssl + +[102-curve-brainpoolP512r1tls13-tls13-in-tls12-ssl] +server = 102-curve-brainpoolP512r1tls13-tls13-in-tls12-server +client = 102-curve-brainpoolP512r1tls13-tls13-in-tls12-client + +[102-curve-brainpoolP512r1tls13-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[102-curve-brainpoolP512r1tls13-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-102] +ExpectedResult = ServerFail + + +# =========================================================== + +[103-curve-brainpoolP512r1tls13-tls13-in-tls12-2] +ssl_conf = 103-curve-brainpoolP512r1tls13-tls13-in-tls12-2-ssl + +[103-curve-brainpoolP512r1tls13-tls13-in-tls12-2-ssl] +server = 103-curve-brainpoolP512r1tls13-tls13-in-tls12-2-server +client = 103-curve-brainpoolP512r1tls13-tls13-in-tls12-2-client + +[103-curve-brainpoolP512r1tls13-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[103-curve-brainpoolP512r1tls13-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-103] ExpectedResult = Success diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in index 33201df281f7..e50421d501dc 100644 --- a/test/ssl-tests/14-curves.cnf.in +++ b/test/ssl-tests/14-curves.cnf.in @@ -8,9 +8,10 @@ use strict; use warnings; use OpenSSL::Test; -use OpenSSL::Test::Utils qw(anydisabled); +use OpenSSL::Test::Utils; our $fips_mode; +our $fips_3_4; my @curves = ("prime256v1", "secp384r1", "secp521r1"); @@ -21,18 +22,26 @@ push @curves, @curves_no_fips if !$fips_mode; #Curves *only* suitable for use in TLSv1.3 my @curves_tls_1_3 = ("ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192"); +my @curves_tls_1_3_no_fips = ("brainpoolP256r1tls13", "brainpoolP384r1tls13", + "brainpoolP512r1tls13"); +push @curves_tls_1_3, @curves_tls_1_3_no_fips if !$fips_mode; push @curves, @curves_tls_1_3; -my @curves_tls_1_2 = ("sect233k1", "sect233r1", - "sect283k1", "sect283r1", "sect409k1", "sect409r1", - "sect571k1", "sect571r1", "secp224r1"); +my @curves_tls_1_2 = (); +push @curves_tls_1_2, + "sect233k1", "sect233r1", "sect283k1", "sect283r1", "sect409k1", + "sect409r1", "sect571k1", "sect571r1", "secp224r1" + unless ($fips_3_4 || disabled("tls-deprecated-ec")); -my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1", - "sect163r1", "sect193r1", "sect193r2", "sect239k1", - "secp160k1", "secp160r1", "secp160r2", "secp192k1", - "secp224k1", "secp256k1", "brainpoolP256r1", - "brainpoolP384r1", "brainpoolP512r1"); +my @curves_non_fips = (); +push @curves_non_fips, + "sect163k1", "sect163r2", "prime192v1", "sect163r1", "sect193r1", + "sect193r2", "sect239k1", "secp160k1", "secp160r1", "secp160r2", + "secp192k1", "secp224k1", "secp256k1" + unless disabled("tls-deprecated-ec"); +push @curves_non_fips, + "brainpoolP256r1", "brainpoolP384r1", "brainpoolP512r1"; push @curves_tls_1_2, @curves_non_fips if !$fips_mode; @@ -58,10 +67,11 @@ sub generate_tests() { name => "curve-${curve}", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MaxProtocol" => "TLSv1.3", "Curves" => $curve }, @@ -78,10 +88,11 @@ sub generate_tests() { name => "curve-${curve}", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MaxProtocol" => "TLSv1.2", "Curves" => $curve }, @@ -122,10 +133,11 @@ sub generate_tests() { name => "curve-${curve}-tls13", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MinProtocol" => "TLSv1.3", "Curves" => $curve }, @@ -134,7 +146,8 @@ sub generate_tests() { }, }; } - foreach (0..$#curves_tls_1_3) { + if (!$fips_3_4) { + foreach (0..$#curves_tls_1_3) { my $curve = $curves_tls_1_3[$_]; push @tests, { name => "curve-${curve}-tls13-in-tls12", @@ -156,24 +169,25 @@ sub generate_tests() { }, }; push @tests, { - name => "curve-${curve}-tls13-in-tls12-2", - server => { - "Curves" => $curve, - "CipherString" => 'DEFAULT@SECLEVEL=1', - "MaxProtocol" => "TLSv1.2" - }, - client => { - "CipherString" => 'DEFAULT@SECLEVEL=1', - "MaxProtocol" => "TLSv1.3", - "Curves" => $curve - }, - test => { - #These curves are only suitable for TLSv1.3. We expect TLSv1.2 - #negotiation to succeed because we fall back to some other - #ciphersuite - "ExpectedResult" => "Success" - }, - }; + name => "curve-${curve}-tls13-in-tls12-2", + server => { + "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3", + "Curves" => $curve + }, + test => { + #These curves are only suitable for TLSv1.3. We expect TLSv1.2 + #negotiation to succeed because we fall back to some other + #ciphersuite + "ExpectedResult" => "Success" + }, + }; + } } } diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in index 73e3b4914c0a..2812e4c38b31 100644 --- a/test/ssl-tests/17-renegotiate.cnf.in +++ b/test/ssl-tests/17-renegotiate.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,8 @@ use warnings; package ssltests; use OpenSSL::Test::Utils; +our $fips_3_4; + our @tests = ( { name => "renegotiate-client-no-resume", @@ -126,7 +128,7 @@ our @tests = ( } }, ); -our @tests_tls1_2 = ( +our @tests_tls1_2_rsa = ( { name => "renegotiate-aead-to-non-aead", server => { @@ -202,7 +204,10 @@ our @tests_tls1_2 = ( "ResumptionExpected" => "No", "ExpectedResult" => "Success" } - }, + } +); + +our @tests_tls1_2 = ( { name => "no-renegotiation-server-by-client", server => { @@ -313,4 +318,5 @@ our @tests_tls1_2 = ( } ); +push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_3_4; push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf b/test/ssl-tests/18-dtls-renegotiate.cnf index 0f3d1eae239e..da9579332728 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf +++ b/test/ssl-tests/18-dtls-renegotiate.cnf @@ -23,6 +23,7 @@ client = 0-renegotiate-client-no-resume-client [0-renegotiate-client-no-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -51,6 +52,7 @@ client = 1-renegotiate-client-resume-client [1-renegotiate-client-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-renegotiate-client-resume-client] @@ -78,6 +80,7 @@ client = 2-renegotiate-server-resume-client [2-renegotiate-server-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-renegotiate-server-resume-client] @@ -105,6 +108,7 @@ client = 3-renegotiate-client-auth-require-client [3-renegotiate-client-auth-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require @@ -136,6 +140,7 @@ client = 4-renegotiate-client-auth-once-client [4-renegotiate-client-auth-once-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Once @@ -172,6 +177,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-renegotiate-aead-to-non-aead-client] CipherString = AES128-GCM-SHA256 +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -204,6 +210,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-renegotiate-non-aead-to-aead-client] CipherString = AES128-SHA +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -236,6 +243,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-renegotiate-non-aead-to-non-aead-client] CipherString = AES128-SHA +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -268,6 +276,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-renegotiate-aead-to-aead-client] CipherString = AES128-GCM-SHA256 +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in index dbac249f47f6..8996849a2c72 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf.in +++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ package ssltests; use OpenSSL::Test::Utils; our $fips_mode; +our $fips_3_4; our @tests = (); @@ -29,6 +30,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-no-resume".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => 'DEFAULT:@SECLEVEL=0', "Options" => "NoResumptionOnRenegotiation" }, @@ -46,6 +48,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-resume".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => 'DEFAULT:@SECLEVEL=0' }, client => { @@ -71,6 +74,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-server-resume".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => 'DEFAULT:@SECLEVEL=0' }, client => { @@ -87,6 +91,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-auth-require".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Require", "CipherString" => 'DEFAULT:@SECLEVEL=0' @@ -107,6 +112,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-auth-once".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Once", "CipherString" => 'DEFAULT:@SECLEVEL=0' @@ -127,7 +133,7 @@ foreach my $sctp ("No", "Yes") ); push @tests, @tests_basic; - next if disabled("dtls1_2"); + next if disabled("dtls1_2") || $fips_3_4; our @tests_dtls1_2 = ( { name => "renegotiate-aead-to-non-aead".$suffix, @@ -135,6 +141,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-GCM-SHA256", extra => { "RenegotiateCiphers" => "AES128-SHA" @@ -154,6 +161,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-SHA", extra => { "RenegotiateCiphers" => "AES128-GCM-SHA256" @@ -173,6 +181,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-SHA", extra => { "RenegotiateCiphers" => "AES256-SHA" @@ -192,6 +201,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-GCM-SHA256", extra => { "RenegotiateCiphers" => "AES256-GCM-SHA384" diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in index 074b1d1380a9..32bcec4be425 100644 --- a/test/ssl-tests/19-mac-then-encrypt.cnf.in +++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,10 @@ package ssltests; use OpenSSL::Test::Utils; our $fips_mode; +our $fips_3_4; + +# Nothing to test with newer fips providers +return if $fips_3_4; our @tests = ( { diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 6888d538ba35..d43a44282c5b 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 57 +num_tests = 58 test-0 = 0-ECDSA CipherString Selection test-1 = 1-ECDSA CipherString Selection @@ -59,6 +59,7 @@ test-53 = 53-TLS 1.3 ECDSA with brainpool test-54 = 54-TLS 1.2 DSA Certificate Test test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms test-56 = 56-TLS 1.3 DSA Certificate Test +test-57 = 57-TLS 1.3 ML-DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -214,7 +215,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-P-256 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed25519 +SignatureAlgorithms = ecdSA+SHA256:eD25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -273,7 +274,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-ECDSA Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 +SignatureAlgorithms = eCDsa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -307,7 +308,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-ECDSA Signature Algorithm Selection SHA384-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA384 +SignatureAlgorithms = eCdSa+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -337,7 +338,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 +SignatureAlgorithms = EcDsA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -365,7 +366,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 +SignatureAlgorithms = eCdsA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -396,7 +397,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-RSA Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = RSA+SHA256 +SignatureAlgorithms = rsA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -430,7 +431,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-RSA-PSS Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = RSA-PSS+SHA256 +SignatureAlgorithms = RSA-pss+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -487,7 +488,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-Suite B P-256 Hash Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 +SignatureAlgorithms = eCdsA+SHA384:ECdSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer @@ -517,7 +518,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-Suite B P-384 Hash Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 +SignatureAlgorithms = EcdSA+SHA256:ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer @@ -553,7 +554,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem CipherString = aECDSA MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -SignatureAlgorithms = ed25519:ECDSA+SHA256 +SignatureAlgorithms = eD25519:eCdsa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -589,7 +590,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem CipherString = aECDSA MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -SignatureAlgorithms = ed448:ECDSA+SHA256 +SignatureAlgorithms = Ed448:ECdSa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer @@ -685,7 +686,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-ECDSA Signature Algorithm Selection SHA1-client] CipherString = DEFAULT:@SECLEVEL=0 -SignatureAlgorithms = ECDSA+SHA1 +SignatureAlgorithms = ECdSa+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -751,7 +752,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem CipherString = aECDSA Curves = X25519 MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed25519 +SignatureAlgorithms = ecDSA+SHA256:Ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -786,7 +787,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem CipherString = aECDSA Curves = X448 MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed448 +SignatureAlgorithms = ECDSa+SHA256:ED448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer @@ -856,7 +857,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = RSA-PSS+SHA256 +SignatureAlgorithms = rSA-pSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -892,7 +893,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-RSA-PSS Certificate Unified Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha256 +SignatureAlgorithms = rsA_PsS_PsS_sHa256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -945,7 +946,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem [27-Only RSA-PSS Certificate Valid Signature Algorithms-client] CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha512 +SignatureAlgorithms = rsa_psS_psS_sHa512 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -972,7 +973,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem [28-RSA-PSS Certificate, no PSS signature algorithms-client] CipherString = DEFAULT -SignatureAlgorithms = RSA+SHA256 +SignatureAlgorithms = rsa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1022,7 +1023,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 +SignatureAlgorithms = RSa_pSS_pSs_sHA256:rsa_PsS_PSs_sHA512 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1049,7 +1050,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 +SignatureAlgorithms = rsA_pss_psS_sha512:rsA_pSS_PSs_ShA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1076,7 +1077,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha512 +SignatureAlgorithms = rSa_PSS_pSS_sHa512 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1119,11 +1120,11 @@ client = 34-Only RSA-PSS Certificate, TLS v1.1-client [34-Only RSA-PSS Certificate, TLS v1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem [34-Only RSA-PSS Certificate, TLS v1.1-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1156,7 +1157,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-TLS 1.3 ECDSA Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 +SignatureAlgorithms = ECDsa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1188,7 +1189,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 +SignatureAlgorithms = ecDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1224,7 +1225,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] CipherString = DEFAULT:@SECLEVEL=0 -SignatureAlgorithms = ECDSA+SHA1 +SignatureAlgorithms = eCDSa+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1257,7 +1258,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] CipherString = DEFAULT RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 +SignatureAlgorithms = eCdsA+SHA256:rsA-pSs+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1293,7 +1294,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 +SignatureAlgorithms = ECdsA+SHA384:RSa-psS+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1322,7 +1323,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 +SignatureAlgorithms = eCDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1386,7 +1387,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = RSA-PSS+SHA256 +SignatureAlgorithms = Rsa-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1445,7 +1446,7 @@ client = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA N [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 +ClientSignatureAlgorithms = Pss+SHA256 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -1482,7 +1483,7 @@ client = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = ECDSA+SHA256 +ClientSignatureAlgorithms = ECDsA+SHA256 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require @@ -1529,7 +1530,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [46-TLS 1.3 Ed25519 Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = ed25519 +SignatureAlgorithms = eD25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1563,7 +1564,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [47-TLS 1.3 Ed448 Signature Algorithm Selection-client] CipherString = DEFAULT -SignatureAlgorithms = ed448 +SignatureAlgorithms = eD448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer @@ -1598,7 +1599,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [48-TLS 1.3 Ed25519 CipherString and Groups Selection-client] CipherString = DEFAULT Groups = X25519 -SignatureAlgorithms = ECDSA+SHA256:ed25519 +SignatureAlgorithms = EcdSA+SHA256:eD25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1633,7 +1634,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [49-TLS 1.3 Ed448 CipherString and Groups Selection-client] CipherString = DEFAULT Groups = X448 -SignatureAlgorithms = ECDSA+SHA256:ed448 +SignatureAlgorithms = eCDSa+SHA256:ED448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1754,7 +1755,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] -ExpectedResult = ServerFail +ExpectedResult = Success # =========================================================== @@ -1778,7 +1779,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [54-TLS 1.2 DSA Certificate Test-client] CipherString = ALL -SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +SignatureAlgorithms = DSA+SHA256:DSa+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1798,7 +1799,7 @@ client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 +ClientSignatureAlgorithms = ecDSA+SHA1:DsA+SHA256:rsA+SHA256 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request @@ -1832,7 +1833,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [56-TLS 1.3 DSA Certificate Test-client] CipherString = ALL -SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 +SignatureAlgorithms = dSA+SHA1:DSA+SHA256:ecDsa+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1840,3 +1841,32 @@ VerifyMode = Peer ExpectedResult = ServerFail +# =========================================================== + +[57-TLS 1.3 ML-DSA Certificate Test] +ssl_conf = 57-TLS 1.3 ML-DSA Certificate Test-ssl + +[57-TLS 1.3 ML-DSA Certificate Test-ssl] +server = 57-TLS 1.3 ML-DSA Certificate Test-server +client = 57-TLS 1.3 ML-DSA Certificate Test-client + +[57-TLS 1.3 ML-DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ml-dsa-44-cert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ml-dsa-44-key.pem +SignatureAlgorithms = mlDsA44 + +[57-TLS 1.3 ML-DSA Certificate Test-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +SignatureAlgorithms = mlDSa44 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ml-dsa-44-cert.pem +VerifyMode = Peer + +[test-57] +ExpectedResult = Success + + diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index 435932c4c181..af47842fd863 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -10,8 +10,22 @@ package ssltests; use OpenSSL::Test::Utils; our $fips_mode; +our $fips_3_4; +our $fips_3_5; our $no_deflt_libctx; +srand(20); +sub randcase { + my ($names) = @_; + my @ret; + foreach my $name (split(/:/, $names)) { + my ($alg, $rest) = split(/(?=[+])/, $name, 2); + $alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg; + push @ret, $alg . ($rest // ""); + } + return join(":", @ret); +} + my $server = { "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), @@ -140,7 +154,7 @@ our @tests = ( client => { "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + "SignatureAlgorithms" => randcase("ECDSA+SHA256:ed25519"), }, test => { "ExpectedServerCertType" => "P-256", @@ -166,7 +180,7 @@ our @tests = ( name => "ECDSA Signature Algorithm Selection", server => $server, client => { - "SignatureAlgorithms" => "ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256"), }, test => { "ExpectedServerCertType" => "P-256", @@ -179,7 +193,7 @@ our @tests = ( name => "ECDSA Signature Algorithm Selection SHA384", server => $server, client => { - "SignatureAlgorithms" => "ECDSA+SHA384", + "SignatureAlgorithms" => randcase("ECDSA+SHA384"), }, test => { "ExpectedServerCertType" => "P-256", @@ -196,7 +210,7 @@ our @tests = ( "MaxProtocol" => "TLSv1.2" }, client => { - "SignatureAlgorithms" => "ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256"), }, test => { "ExpectedServerCertType" => "P-256", @@ -211,7 +225,7 @@ our @tests = ( "MaxProtocol" => "TLSv1.2" }, client => { - "SignatureAlgorithms" => "ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256"), }, test => { "ExpectedResult" => "ServerFail" @@ -221,7 +235,7 @@ our @tests = ( name => "RSA Signature Algorithm Selection", server => $server, client => { - "SignatureAlgorithms" => "RSA+SHA256", + "SignatureAlgorithms" => randcase("RSA+SHA256"), }, test => { "ExpectedServerCertType" => "RSA", @@ -234,7 +248,7 @@ our @tests = ( name => "RSA-PSS Signature Algorithm Selection", server => $server, client => { - "SignatureAlgorithms" => "RSA-PSS+SHA256", + "SignatureAlgorithms" => randcase("RSA-PSS+SHA256"), }, test => { "ExpectedServerCertType" => "RSA", @@ -252,7 +266,7 @@ our @tests = ( }, test => { "ExpectedServerCertType" =>, "RSA", - "ExpectedResult" => "Success" + "ExpectedResult" => $fips_3_4 ? "ClientFail" : "Success" }, }, { @@ -265,7 +279,7 @@ our @tests = ( }, client => { "VerifyCAFile" => test_pem("p384-root.pem"), - "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256" + "SignatureAlgorithms" => randcase("ECDSA+SHA384:ECDSA+SHA256") }, test => { "ExpectedServerCertType" => "P-256", @@ -284,7 +298,7 @@ our @tests = ( }, client => { "VerifyCAFile" => test_pem("p384-root.pem"), - "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384" + "SignatureAlgorithms" => randcase("ECDSA+SHA256:ECDSA+SHA384") }, test => { "ExpectedServerCertType" => "P-384", @@ -299,7 +313,7 @@ our @tests = ( client => { "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ed25519:ECDSA+SHA256"), "RequestCAFile" => test_pem("root-cert.pem"), }, test => { @@ -316,7 +330,7 @@ our @tests = ( client => { "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ed448:ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ed448:ECDSA+SHA256"), "RequestCAFile" => test_pem("root-ed448-cert.pem"), "VerifyCAFile" => test_pem("root-ed448-cert.pem"), }, @@ -381,7 +395,7 @@ my @tests_non_fips = ( }, client => { "CipherString" => "DEFAULT:\@SECLEVEL=0", - "SignatureAlgorithms" => "ECDSA+SHA1", + "SignatureAlgorithms" => randcase("ECDSA+SHA1"), }, test => { "ExpectedServerCertType" => "P-256", @@ -417,7 +431,7 @@ my @tests_non_fips = ( client => { "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + "SignatureAlgorithms" => randcase("ECDSA+SHA256:ed25519"), # Excluding P-256 from the supported curves list means server # certificate should be Ed25519 and not P-256 "Curves" => "X25519" @@ -434,7 +448,7 @@ my @tests_non_fips = ( client => { "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + "SignatureAlgorithms" => randcase("ECDSA+SHA256:ed448"), "VerifyCAFile" => test_pem("root-ed448-cert.pem"), # Excluding P-256 from the supported curves list means server # certificate should be Ed25519 and not P-256 @@ -466,7 +480,7 @@ my @tests_pss = ( name => "RSA-PSS Certificate Legacy Signature Algorithm Selection", server => $server_pss, client => { - "SignatureAlgorithms" => "RSA-PSS+SHA256", + "SignatureAlgorithms" => randcase("RSA-PSS+SHA256"), }, test => { "ExpectedServerCertType" => "RSA", @@ -479,7 +493,7 @@ my @tests_pss = ( name => "RSA-PSS Certificate Unified Signature Algorithm Selection", server => $server_pss, client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha256", + "SignatureAlgorithms" => randcase("rsa_pss_pss_sha256"), }, test => { "ExpectedServerCertType" => "RSA-PSS", @@ -503,7 +517,7 @@ my @tests_pss = ( name => "Only RSA-PSS Certificate Valid Signature Algorithms", server => $server_pss_only, client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha512", + "SignatureAlgorithms" => randcase("rsa_pss_pss_sha512"), }, test => { "ExpectedServerCertType" => "RSA-PSS", @@ -516,7 +530,7 @@ my @tests_pss = ( name => "RSA-PSS Certificate, no PSS signature algorithms", server => $server_pss_only, client => { - "SignatureAlgorithms" => "RSA+SHA256", + "SignatureAlgorithms" => randcase("RSA+SHA256"), }, test => { "ExpectedResult" => "ServerFail" @@ -537,7 +551,7 @@ my @tests_pss = ( name => "RSA-PSS Restricted Certificate Valid Signature Algorithms", server => $server_pss_restrict_only, client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512", + "SignatureAlgorithms" => randcase("rsa_pss_pss_sha256:rsa_pss_pss_sha512"), }, test => { "ExpectedServerCertType" => "RSA-PSS", @@ -550,7 +564,7 @@ my @tests_pss = ( name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm", server => $server_pss_restrict_only, client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256", + "SignatureAlgorithms" => randcase("rsa_pss_pss_sha512:rsa_pss_pss_sha256"), }, test => { "ExpectedServerCertType" => "RSA-PSS", @@ -563,7 +577,7 @@ my @tests_pss = ( name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms", server => $server_pss_restrict_only, client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha512", + "SignatureAlgorithms" => randcase("rsa_pss_pss_sha512"), }, test => { "ExpectedResult" => "ServerFail" @@ -585,9 +599,14 @@ my @tests_pss = ( my @tests_tls_1_1 = ( { name => "Only RSA-PSS Certificate, TLS v1.1", - server => $server_pss_only, + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "Certificate" => test_pem("server-pss-cert.pem"), + "PrivateKey" => test_pem("server-pss-key.pem"), + }, client => { "MaxProtocol" => "TLSv1.1", + "CipherString" => "DEFAULT:\@SECLEVEL=0", }, test => { "ExpectedResult" => "ServerFail" @@ -635,7 +654,7 @@ my @tests_tls_1_3 = ( name => "TLS 1.3 ECDSA Signature Algorithm Selection", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256"), }, test => { "ExpectedServerCertType" => "P-256", @@ -654,7 +673,7 @@ my @tests_tls_1_3 = ( "MaxProtocol" => "TLSv1.3" }, client => { - "SignatureAlgorithms" => "ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256"), }, test => { "ExpectedServerCertType" => "P-256", @@ -679,7 +698,7 @@ my @tests_tls_1_3 = ( }, client => { "CipherString" => "DEFAULT:\@SECLEVEL=0", - "SignatureAlgorithms" => "ECDSA+SHA1", + "SignatureAlgorithms" => randcase("ECDSA+SHA1"), }, test => { "ExpectedResult" => "ServerFail" @@ -689,7 +708,7 @@ my @tests_tls_1_3 = ( name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256:RSA-PSS+SHA256"), "RequestCAFile" => test_pem("root-cert.pem"), }, test => { @@ -704,7 +723,7 @@ my @tests_tls_1_3 = ( name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384", + "SignatureAlgorithms" => randcase("ECDSA+SHA384:RSA-PSS+SHA384"), }, test => { "ExpectedServerCertType" => "RSA", @@ -720,7 +739,7 @@ my @tests_tls_1_3 = ( "MaxProtocol" => "TLSv1.3" }, client => { - "SignatureAlgorithms" => "ECDSA+SHA256", + "SignatureAlgorithms" => randcase("ECDSA+SHA256"), }, test => { "ExpectedResult" => "ServerFail" @@ -730,7 +749,7 @@ my @tests_tls_1_3 = ( name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "RSA+SHA256", + "SignatureAlgorithms" => randcase("RSA+SHA256"), }, test => { "ExpectedResult" => "ServerFail" @@ -740,7 +759,7 @@ my @tests_tls_1_3 = ( name => "TLS 1.3 RSA-PSS Signature Algorithm Selection", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "RSA-PSS+SHA256", + "SignatureAlgorithms" => randcase("RSA-PSS+SHA256"), }, test => { "ExpectedServerCertType" => "RSA", @@ -752,7 +771,7 @@ my @tests_tls_1_3 = ( { name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", server => { - "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientSignatureAlgorithms" => randcase("PSS+SHA256"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Require" }, @@ -768,7 +787,7 @@ my @tests_tls_1_3 = ( { name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names", server => { - "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientSignatureAlgorithms" => randcase("PSS+SHA256"), "VerifyCAFile" => test_pem("root-cert.pem"), "RequestCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Require" @@ -785,7 +804,7 @@ my @tests_tls_1_3 = ( { name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection", server => { - "ClientSignatureAlgorithms" => "ECDSA+SHA256", + "ClientSignatureAlgorithms" => randcase("ECDSA+SHA256"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Require" }, @@ -804,7 +823,7 @@ my @tests_tls_1_3_non_fips = ( name => "TLS 1.3 Ed25519 Signature Algorithm Selection", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ed25519", + "SignatureAlgorithms" => randcase("ed25519"), }, test => { "ExpectedServerCertType" => "Ed25519", @@ -816,7 +835,7 @@ my @tests_tls_1_3_non_fips = ( name => "TLS 1.3 Ed448 Signature Algorithm Selection", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ed448", + "SignatureAlgorithms" => randcase("ed448"), "VerifyCAFile" => test_pem("root-ed448-cert.pem"), }, test => { @@ -829,7 +848,7 @@ my @tests_tls_1_3_non_fips = ( name => "TLS 1.3 Ed25519 CipherString and Groups Selection", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + "SignatureAlgorithms" => randcase("ECDSA+SHA256:ed25519"), # Excluding P-256 from the supported groups list should # mean server still uses a P-256 certificate because supported # groups is not used in signature selection for TLS 1.3 @@ -845,7 +864,7 @@ my @tests_tls_1_3_non_fips = ( name => "TLS 1.3 Ed448 CipherString and Groups Selection", server => $server_tls_1_3, client => { - "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + "SignatureAlgorithms" => randcase("ECDSA+SHA256:ed448"), # Excluding P-256 from the supported groups list should # mean server still uses a P-256 certificate because supported # groups is not used in signature selection for TLS 1.3 @@ -924,7 +943,7 @@ my @tests_tls_1_3_non_fips = ( "MaxProtocol" => "TLSv1.3" }, test => { - "ExpectedResult" => "ServerFail" + "ExpectedResult" => "Success" }, }, ); @@ -944,7 +963,7 @@ my @tests_dsa_tls_1_2 = ( "CipherString" => "ALL", }, client => { - "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1", + "SignatureAlgorithms" => randcase("DSA+SHA256:DSA+SHA1"), "CipherString" => "ALL", }, test => { @@ -957,7 +976,7 @@ my @tests_dsa_tls_1_3 = ( { name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", server => { - "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256", + "ClientSignatureAlgorithms" => randcase("ECDSA+SHA1:DSA+SHA256:RSA+SHA256"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Request" }, @@ -976,7 +995,7 @@ my @tests_dsa_tls_1_3 = ( "CipherString" => "ALL", }, client => { - "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256", + "SignatureAlgorithms" => randcase("DSA+SHA1:DSA+SHA256:ECDSA+SHA256"), "CipherString" => "ALL", }, test => { @@ -986,6 +1005,33 @@ my @tests_dsa_tls_1_3 = ( ); if (!disabled("dsa")) { - push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); + push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_3_4; push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); } + +my @tests_mldsa_tls_1_3 = ( + { + name => "TLS 1.3 ML-DSA Certificate Test", + server => { + "Certificate" => test_pem("server-ml-dsa-44-cert.pem"), + "PrivateKey" => test_pem("server-ml-dsa-44-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "SignatureAlgorithms" => randcase("mldsa44"), + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "SignatureAlgorithms" => randcase("mldsa44"), + "VerifyCAFile" => test_pem("root-ml-dsa-44-cert.pem"), + "VerifyMode" => "Peer", + }, + test => { + "ExpectedResult" => "Success" + }, + }, +); + +if (!disabled("ml-dsa") && (!$fips_mode || $fips_3_5)) { + push @tests, @tests_mldsa_tls_1_3 unless disabled("tls1_3"); +} diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf index c85d3129abbb..a70f01b7af96 100644 --- a/test/ssl-tests/22-compression.cnf +++ b/test/ssl-tests/22-compression.cnf @@ -21,12 +21,12 @@ client = 0-tlsv1_3-both-compress-client [0-tlsv1_3-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-tlsv1_3-both-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -47,11 +47,11 @@ client = 1-tlsv1_3-client-compress-client [1-tlsv1_3-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-tlsv1_3-client-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -72,12 +72,12 @@ client = 2-tlsv1_3-server-compress-client [2-tlsv1_3-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-tlsv1_3-server-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -97,11 +97,11 @@ client = 3-tlsv1_3-neither-compress-client [3-tlsv1_3-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-tlsv1_3-neither-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -121,12 +121,12 @@ client = 4-tlsv1_2-both-compress-client [4-tlsv1_2-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-tlsv1_2-both-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -148,11 +148,11 @@ client = 5-tlsv1_2-client-compress-client [5-tlsv1_2-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-tlsv1_2-client-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -174,12 +174,12 @@ client = 6-tlsv1_2-server-compress-client [6-tlsv1_2-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-tlsv1_2-server-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -200,11 +200,11 @@ client = 7-tlsv1_2-neither-compress-client [7-tlsv1_2-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-tlsv1_2-neither-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in index 69a2e7f80101..0b8f010b76c0 100644 --- a/test/ssl-tests/22-compression.cnf.in +++ b/test/ssl-tests/22-compression.cnf.in @@ -21,9 +21,11 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-both-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, test => { @@ -34,8 +36,10 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-client-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, test => { @@ -46,9 +50,11 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-server-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, test => { "CompressionExpected" => "No", @@ -58,8 +64,10 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-neither-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, test => { "CompressionExpected" => "No", @@ -71,9 +79,11 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-both-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression", "MaxProtocol" => "TLSv1.2" }, @@ -85,8 +95,10 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-client-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression", "MaxProtocol" => "TLSv1.2" }, @@ -98,9 +110,11 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-server-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.2" }, test => { @@ -111,8 +125,10 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-neither-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.2" }, test => { diff --git a/test/ssl-tests/26-tls13_client_auth.cnf b/test/ssl-tests/26-tls13_client_auth.cnf index 9c42391906a7..184c3704d00f 100644 --- a/test/ssl-tests/26-tls13_client_auth.cnf +++ b/test/ssl-tests/26-tls13_client_auth.cnf @@ -113,7 +113,7 @@ client = 3-client-auth-TLSv1.3-require-client [3-client-auth-TLSv1.3-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 +ClientSignatureAlgorithms = pSS+SHA256 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -150,7 +150,7 @@ client = 4-client-auth-TLSv1.3-require-non-empty-names-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ClientSignatureAlgorithms = PSS+SHA256 +ClientSignatureAlgorithms = pSS+SHA256 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -276,7 +276,7 @@ client = 8-client-auth-TLSv1.3-require-post-handshake-client [8-client-auth-TLSv1.3-require-post-handshake-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 +ClientSignatureAlgorithms = pss+SHA256 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -318,7 +318,7 @@ client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ClientSignatureAlgorithms = PSS+SHA256 +ClientSignatureAlgorithms = psS+SHA256 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem diff --git a/test/ssl-tests/26-tls13_client_auth.cnf.in b/test/ssl-tests/26-tls13_client_auth.cnf.in index c1e70b7f3da7..7731aa14be7a 100644 --- a/test/ssl-tests/26-tls13_client_auth.cnf.in +++ b/test/ssl-tests/26-tls13_client_auth.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,6 +17,18 @@ use warnings; package ssltests; use OpenSSL::Test::Utils; +srand(26); +sub randcase { + my ($names) = @_; + my @ret; + foreach my $name (split(/:/, $names)) { + my ($alg, $rest) = split(/(?=[+])/, $name, 2); + $alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg; + push @ret, $alg . ($rest // ""); + } + return join(":", @ret); +} + our @tests = ( { name => "server-auth-TLSv1.3", @@ -69,7 +81,7 @@ our @tests = ( server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientSignatureAlgorithms" => randcase("PSS+SHA256"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Request", }, @@ -92,7 +104,7 @@ our @tests = ( server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientSignatureAlgorithms" => randcase("PSS+SHA256"), "ClientCAFile" => test_pem("root-cert.pem"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Request", @@ -167,7 +179,7 @@ our @tests = ( server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientSignatureAlgorithms" => randcase("PSS+SHA256"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "RequestPostHandshake", }, @@ -194,7 +206,7 @@ our @tests = ( server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientSignatureAlgorithms" => randcase("PSS+SHA256"), "ClientCAFile" => test_pem("root-cert.pem"), "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "RequestPostHandshake", diff --git a/test/ssl-tests/28-seclevel.cnf b/test/ssl-tests/28-seclevel.cnf index 99fa8109c367..d75a7b1ef9ab 100644 --- a/test/ssl-tests/28-seclevel.cnf +++ b/test/ssl-tests/28-seclevel.cnf @@ -43,10 +43,12 @@ client = 1-SECLEVEL 4 with ED448 key-client [1-SECLEVEL 4 with ED448 key-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem CipherString = DEFAULT:@SECLEVEL=4 +Groups = ?X448:?secp521r1 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem [1-SECLEVEL 4 with ED448 key-client] CipherString = DEFAULT:@SECLEVEL=4 +Groups = ?X448:?secp521r1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer @@ -66,10 +68,12 @@ client = 2-SECLEVEL 5 server with ED448 key-client [2-SECLEVEL 5 server with ED448 key-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem CipherString = DEFAULT:@SECLEVEL=5 +Groups = ?X448:?secp521r1 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem [2-SECLEVEL 5 server with ED448 key-client] CipherString = DEFAULT:@SECLEVEL=4 +Groups = ?X448:?secp521r1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer @@ -89,10 +93,12 @@ client = 3-SECLEVEL 5 client with ED448 key-client [3-SECLEVEL 5 client with ED448 key-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem CipherString = DEFAULT:@SECLEVEL=4 +Groups = ?X448:?secp521r1 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem [3-SECLEVEL 5 client with ED448 key-client] CipherString = DEFAULT:@SECLEVEL=5 +Groups = ?X448:?secp521r1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in index 3b97ac68eb3a..d0a48f01f274 100644 --- a/test/ssl-tests/28-seclevel.cnf.in +++ b/test/ssl-tests/28-seclevel.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,33 +27,39 @@ our @tests_ec = ( { name => "SECLEVEL 4 with ED448 key", server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Groups" => "?X448:?secp521r1", "Certificate" => test_pem("server-ed448-cert.pem"), "PrivateKey" => test_pem("server-ed448-key.pem") }, client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Groups" => "?X448:?secp521r1", "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, test => { "ExpectedResult" => "Success" }, }, { # The Ed448 signature algorithm will not be enabled. # Because of the config order, the certificate is first loaded, and - # then the security level is chaged. If you try this with s_server + # then the security level is changed. If you try this with s_server # the order will be reversed and it will instead fail to load the key. name => "SECLEVEL 5 server with ED448 key", server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", + "Groups" => "?X448:?secp521r1", "Certificate" => test_pem("server-ed448-cert.pem"), "PrivateKey" => test_pem("server-ed448-key.pem") }, client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Groups" => "?X448:?secp521r1", "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, test => { "ExpectedResult" => "ServerFail" }, }, { # The client will not sent the Ed448 signature algorithm, so the server - # doesn't have a useable signature algorithm for the certificate. + # doesn't have a usable signature algorithm for the certificate. name => "SECLEVEL 5 client with ED448 key", server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Groups" => "?X448:?secp521r1", "Certificate" => test_pem("server-ed448-cert.pem"), "PrivateKey" => test_pem("server-ed448-key.pem") }, client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", + "Groups" => "?X448:?secp521r1", "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, test => { "ExpectedResult" => "ServerFail" }, } @@ -85,5 +91,5 @@ our @tests_tls1_2 = ( ); push @tests_ec, @tests_ec_non_fips unless $fips_mode; -push @tests, @tests_ec unless disabled("ec"); -push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); +push @tests, @tests_ec unless disabled("ecx"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ecx"); diff --git a/test/ssl-tests/30-extended-master-secret.cnf b/test/ssl-tests/30-extended-master-secret.cnf index 9dae431d21f5..6c118a54ca81 100644 --- a/test/ssl-tests/30-extended-master-secret.cnf +++ b/test/ssl-tests/30-extended-master-secret.cnf @@ -32,6 +32,7 @@ VerifyMode = Peer [test-0] ExpectedResult = Success +FIPSversion = <=3.1.0 # =========================================================== @@ -57,6 +58,7 @@ VerifyMode = Peer [test-1] ExpectedResult = Success +FIPSversion = <=3.1.0 # =========================================================== @@ -83,6 +85,7 @@ VerifyMode = Peer [test-2] ExpectedResult = Success +FIPSversion = <=3.1.0 # =========================================================== @@ -122,6 +125,7 @@ VerifyMode = Peer [test-3] ExpectedResult = Success +FIPSversion = <=3.1.0 HandshakeMode = Resume @@ -148,6 +152,7 @@ VerifyMode = Peer [test-4] ExpectedResult = Success +FIPSversion = <=3.1.0 # =========================================================== @@ -173,6 +178,7 @@ VerifyMode = Peer [test-5] ExpectedResult = Success +FIPSversion = <=3.1.0 # =========================================================== @@ -199,5 +205,6 @@ VerifyMode = Peer [test-6] ExpectedResult = Success +FIPSversion = <=3.1.0 diff --git a/test/ssl-tests/30-extended-master-secret.cnf.in b/test/ssl-tests/30-extended-master-secret.cnf.in index 281718e6b550..9401026e20af 100644 --- a/test/ssl-tests/30-extended-master-secret.cnf.in +++ b/test/ssl-tests/30-extended-master-secret.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,6 +27,7 @@ my @tests_tls1_2 = ( }, test => { "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, { @@ -40,6 +41,7 @@ my @tests_tls1_2 = ( }, test => { "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, { @@ -54,6 +56,7 @@ my @tests_tls1_2 = ( }, test => { "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, { @@ -75,6 +78,7 @@ my @tests_tls1_2 = ( test => { "HandshakeMode" => "Resume", "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, { @@ -88,6 +92,7 @@ my @tests_tls1_2 = ( }, test => { "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, { @@ -101,6 +106,7 @@ my @tests_tls1_2 = ( }, test => { "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, { @@ -115,6 +121,7 @@ my @tests_tls1_2 = ( }, test => { "ExpectedResult" => "Success", + "FIPSversion" => "<=3.1.0", }, }, ); diff --git a/test/ssl-tests/ssltests_base.pm b/test/ssl-tests/ssltests_base.pm index 995ec98bd20b..c4c65d6f9729 100644 --- a/test/ssl-tests/ssltests_base.pm +++ b/test/ssl-tests/ssltests_base.pm @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,8 @@ sub test_pem our $fips_mode = 0; our $no_deflt_libctx = 0; +our $fips_3_4 = 0; +our $fips_3_5 = 0; our %base_server = ( "Certificate" => test_pem("servercert.pem"), diff --git a/test/ssl_cert_table_internal_test.c b/test/ssl_cert_table_internal_test.c index 1dc09c013ccf..397834a8f1a3 100644 --- a/test/ssl_cert_table_internal_test.c +++ b/test/ssl_cert_table_internal_test.c @@ -35,7 +35,8 @@ static int do_test_cert_table(int nid, uint32_t amask, size_t idx, TEST_note("Expected %s, got %s\n", OBJ_nid2sn(nid), OBJ_nid2sn(clu->nid)); if (clu->amask != amask) - TEST_note("Expected auth mask 0x%x, got 0x%x\n", amask, clu->amask); + TEST_note("Expected auth mask 0x%x, got 0x%x\n", + (unsigned int)amask, (unsigned int)clu->amask); return 0; } diff --git a/test/ssl_ctx_test.c b/test/ssl_ctx_test.c index e461d7259590..ea3c8146a430 100644 --- a/test/ssl_ctx_test.c +++ b/test/ssl_ctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include <openssl/ssl.h> typedef struct { + int proto; int min_version; int max_version; int min_ok; @@ -19,13 +20,54 @@ typedef struct { int expected_max; } version_test; +#define PROTO_TLS 0 +#define PROTO_DTLS 1 +#define PROTO_QUIC 2 + +/* + * If a version is valid for *any* protocol then setting the min/max protocol is + * expected to return success, even if that version is not valid for *this* + * protocol. However it only has an effect if it is valid for *this* protocol - + * otherwise it is ignored. + */ static const version_test version_testdata[] = { - /* min max ok expected min expected max */ - {0, 0, 1, 1, 0, 0}, - {TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION}, - {TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION}, - {TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION}, - {7, 42, 0, 0, 0, 0}, + /* proto min max ok expected min expected max */ + {PROTO_TLS, 0, 0, 1, 1, 0, 0}, + {PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION, 1, 1, SSL3_VERSION, TLS1_3_VERSION}, + {PROTO_TLS, TLS1_VERSION, TLS1_3_VERSION, 1, 1, TLS1_VERSION, TLS1_3_VERSION}, + {PROTO_TLS, TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION}, + {PROTO_TLS, TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION}, + {PROTO_TLS, TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION}, + {PROTO_TLS, SSL3_VERSION - 1, TLS1_3_VERSION, 0, 1, 0, TLS1_3_VERSION}, + {PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION + 1, 1, 0, SSL3_VERSION, 0}, +#ifndef OPENSSL_NO_DTLS + {PROTO_TLS, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, 0, 0}, +#endif + {PROTO_TLS, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION, 0, 0, 0, 0}, + {PROTO_TLS, 7, 42, 0, 0, 0, 0}, + {PROTO_DTLS, 0, 0, 1, 1, 0, 0}, + {PROTO_DTLS, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, DTLS1_VERSION, DTLS1_2_VERSION}, +#ifndef OPENSSL_NO_DTLS1_2 + {PROTO_DTLS, DTLS1_2_VERSION, DTLS1_2_VERSION, 1, 1, DTLS1_2_VERSION, DTLS1_2_VERSION}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {PROTO_DTLS, DTLS1_VERSION, DTLS1_VERSION, 1, 1, DTLS1_VERSION, DTLS1_VERSION}, +#endif +#if !defined(OPENSSL_NO_DTLS1) && !defined(OPENSSL_NO_DTLS1_2) + {PROTO_DTLS, DTLS1_2_VERSION, DTLS1_VERSION, 1, 1, DTLS1_2_VERSION, DTLS1_VERSION}, +#endif + {PROTO_DTLS, DTLS1_VERSION + 1, DTLS1_2_VERSION, 0, 1, 0, DTLS1_2_VERSION}, + {PROTO_DTLS, DTLS1_VERSION, DTLS1_2_VERSION - 1, 1, 0, DTLS1_VERSION, 0}, + {PROTO_DTLS, TLS1_VERSION, TLS1_3_VERSION, 1, 1, 0, 0}, + {PROTO_DTLS, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION, 0, 0, 0, 0}, + /* These functions never have an effect when called on a QUIC object */ + {PROTO_QUIC, 0, 0, 1, 1, 0, 0}, + {PROTO_QUIC, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION, 0, 0, 0, 0}, + {PROTO_QUIC, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION + 1, 0, 0, 0, 0}, + {PROTO_QUIC, TLS1_VERSION, TLS1_3_VERSION, 1, 1, 0, 0}, +#ifndef OPENSSL_NO_DTLS + {PROTO_QUIC, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, 0, 0}, +#endif }; static int test_set_min_max_version(int idx_tst) @@ -34,8 +76,30 @@ static int test_set_min_max_version(int idx_tst) SSL *ssl = NULL; int testresult = 0; version_test t = version_testdata[idx_tst]; + const SSL_METHOD *meth = NULL; + + switch (t.proto) { + case PROTO_TLS: + meth = TLS_client_method(); + break; + +#ifndef OPENSSL_NO_DTLS + case PROTO_DTLS: + meth = DTLS_client_method(); + break; +#endif + +#ifndef OPENSSL_NO_QUIC + case PROTO_QUIC: + meth = OSSL_QUIC_client_method(); + break; +#endif + } + + if (meth == NULL) + return TEST_skip("Protocol not supported"); - ctx = SSL_CTX_new(TLS_server_method()); + ctx = SSL_CTX_new(meth); if (ctx == NULL) goto end; @@ -63,7 +127,7 @@ static int test_set_min_max_version(int idx_tst) testresult = 1; - end: + end: SSL_free(ssl); SSL_CTX_free(ctx); return testresult; diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 9830c35c9eb5..8c26f3ed2f09 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -9,7 +9,7 @@ * https://www.openssl.org/source/license.html */ -#include "e_os.h" +#include "internal/e_os.h" /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #ifndef _BSD_SOURCE @@ -56,6 +56,7 @@ #endif #include <openssl/provider.h> #include "testutil.h" +#include "testutil/output.h" /* * Or gethostname won't be declared properly @@ -332,6 +333,18 @@ static int verify_alpn(SSL *client, SSL *server) OPENSSL_free(alpn_selected); alpn_selected = NULL; + if (client_proto == NULL && client_proto_len != 0) { + BIO_printf(bio_stdout, + "Inconsistent SSL_get0_alpn_selected() for client!\n"); + goto err; + } + + if (server_proto == NULL && server_proto_len != 0) { + BIO_printf(bio_stdout, + "Inconsistent SSL_get0_alpn_selected() for server!\n"); + goto err; + } + if (client_proto_len != server_proto_len) { BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); goto err; @@ -890,8 +903,7 @@ int main(int argc, char *argv[]) int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; - struct app_verify_arg app_verify_arg = - { APP_CALLBACK_STRING, 0 }; + struct app_verify_arg app_verify_arg = { APP_CALLBACK_STRING, 0 }; SSL_CTX *c_ctx = NULL; const SSL_METHOD *meth = NULL; SSL *c_ssl = NULL; @@ -933,7 +945,8 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + test_open_streams(); + bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -978,7 +991,8 @@ int main(int argc, char *argv[]) if (strcmp(*argv, "-F") == 0) { fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n"); - EXIT(0); + ret = EXIT_SUCCESS; + goto end; } else if (strcmp(*argv, "-server_auth") == 0) server_auth = 1; else if (strcmp(*argv, "-client_auth") == 0) @@ -1030,7 +1044,7 @@ int main(int argc, char *argv[]) dtls12 = 1; } else if (strcmp(*argv, "-dtls") == 0) { dtls = 1; - } else if (strncmp(*argv, "-num", 4) == 0) { + } else if (HAS_PREFIX(*argv, "-num")) { if (--argc < 1) goto bad; number = atoi(*(++argv)); @@ -1245,7 +1259,7 @@ int main(int argc, char *argv[]) if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); - EXIT(1); + goto end; } #ifdef OPENSSL_NO_SSL3 @@ -1298,7 +1312,7 @@ int main(int argc, char *argv[]) "the test anyway (and\n-d to see what happens), " "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); - EXIT(1); + goto end; } if (print_time) { @@ -1315,17 +1329,15 @@ int main(int argc, char *argv[]) if (comp == COMP_ZLIB) cm = COMP_zlib(); if (cm != NULL) { - if (COMP_get_type(cm) != NID_undef) { - if (SSL_COMP_add_compression_method(comp, cm) != 0) { - fprintf(stderr, "Failed to add compression method\n"); - ERR_print_errors_fp(stderr); - } - } else { - fprintf(stderr, - "Warning: %s compression not supported\n", - comp == COMP_ZLIB ? "zlib" : "unknown"); + if (SSL_COMP_add_compression_method(comp, cm) != 0) { + fprintf(stderr, "Failed to add compression method\n"); ERR_print_errors_fp(stderr); } + } else { + fprintf(stderr, + "Warning: %s compression not supported\n", + comp == COMP_ZLIB ? "zlib" : "unknown"); + ERR_print_errors_fp(stderr); } ssl_comp_methods = SSL_COMP_get_compression_methods(); n = sk_SSL_COMP_num(ssl_comp_methods); @@ -1333,7 +1345,7 @@ int main(int argc, char *argv[]) int j; printf("Available compression methods:"); for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); + const SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c)); } printf("\n"); @@ -1912,7 +1924,8 @@ int main(int argc, char *argv[]) OSSL_PROVIDER_unload(thisprov); OSSL_LIB_CTX_free(libctx); - BIO_free(bio_err); + test_close_streams(); + EXIT(ret); } @@ -1952,7 +1965,7 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, { int st_connect = 0, st_accept = 0; - while(!st_connect || !st_accept) { + while (!st_connect || !st_accept) { if (!st_connect) { if (BIO_do_connect(client) <= 0) { if (!BIO_should_retry(client)) diff --git a/test/ssl_test.c b/test/ssl_test.c index 4c2553ce27c1..841d2294abaa 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -406,6 +406,13 @@ static int test_handshake(int idx) if (!TEST_ptr(test_ctx)) goto err; + /* Verify that the FIPS provider supports this test */ + if (test_ctx->fips_version != NULL + && !fips_provider_version_match(libctx, test_ctx->fips_version)) { + ret = TEST_skip("FIPS provider unable to run this test"); + goto err; + } + #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()); @@ -502,14 +509,18 @@ static int test_handshake(int idx) goto err; if (!SSL_CTX_config(server_ctx, "server") + || !SSL_CTX_set_dh_auto(server_ctx, 1) || !SSL_CTX_config(client_ctx, "client")) { goto err; } - if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2")) + if (server2_ctx != NULL + && (!SSL_CTX_config(server2_ctx, "server2") + || !SSL_CTX_set_dh_auto(server2_ctx, 1))) goto err; if (resume_server_ctx != NULL - && !SSL_CTX_config(resume_server_ctx, "resume-server")) + && (!SSL_CTX_config(resume_server_ctx, "resume-server") + || !SSL_CTX_set_dh_auto(resume_server_ctx, 1))) goto err; if (resume_client_ctx != NULL && !SSL_CTX_config(resume_client_ctx, "resume-client")) diff --git a/test/sslapitest.c b/test/sslapitest.c index 368b15f22b72..38d58e938743 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -39,8 +39,11 @@ #include "testutil.h" #include "testutil/output.h" #include "internal/nelem.h" +#include "internal/tlsgroups.h" #include "internal/ktls.h" +#include "internal/ssl_unwrap.h" #include "../ssl/ssl_local.h" +#include "../ssl/record/methods/recmethod_local.h" #include "filterprov.h" #undef OSSL_NO_USABLE_TLS1_3 @@ -76,8 +79,7 @@ static int find_session_cb(SSL *ssl, const unsigned char *identity, static int use_session_cb_cnt = 0; static int find_session_cb_cnt = 0; - -static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize); +static int end_of_early_data = 0; #endif static char *certsdir = NULL; @@ -98,6 +100,7 @@ static char *tmpfilename = NULL; static char *dhfile = NULL; static int is_fips = 0; +static int fips_ems_check = 0; #define LOG_BUFFER_SIZE 2048 static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; @@ -115,7 +118,6 @@ static int cdummyarg = 1; static X509 *ocspcert = NULL; #endif -#define NUM_EXTRA_CERTS 40 #define CLIENT_VERSION_LEN 2 /* @@ -713,14 +715,14 @@ static int full_client_hello_callback(SSL *s, int *al, void *arg) int *ctr = arg; const unsigned char *p; int *exts; - /* We only configure two ciphers, but the SCSV is added automatically. */ #ifdef OPENSSL_NO_EC - const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff}; + const unsigned char expected_ciphers[] = {0x00, 0x9d}; #else const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0, - 0x2c, 0x00, 0xff}; + 0x2c}; #endif const int expected_extensions[] = { + 65281, #ifndef OPENSSL_NO_EC 11, 10, #endif @@ -763,7 +765,8 @@ static int test_client_hello_cb(void) /* The gimpy cipher list we configure can't do TLS 1.3. */ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); - + /* Avoid problems where the default seclevel has been changed */ + SSL_CTX_set_security_level(cctx, 2); if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, @@ -795,7 +798,7 @@ static int test_no_ems(void) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; + int testresult = 0, status; if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, TLS1_2_VERSION, @@ -811,19 +814,25 @@ static int test_no_ems(void) goto end; } - if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { - printf("Creating SSL connection failed\n"); - goto end; - } - - if (SSL_get_extms_support(serverssl)) { - printf("Server reports Extended Master Secret support\n"); - goto end; - } - - if (SSL_get_extms_support(clientssl)) { - printf("Client reports Extended Master Secret support\n"); - goto end; + status = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); + if (fips_ems_check) { + if (status == 1) { + printf("When FIPS uses the EMS check a connection that doesn't use EMS should fail\n"); + goto end; + } + } else { + if (!status) { + printf("Creating SSL connection failed\n"); + goto end; + } + if (SSL_get_extms_support(serverssl)) { + printf("Server reports Extended Master Secret support\n"); + goto end; + } + if (SSL_get_extms_support(clientssl)) { + printf("Client reports Extended Master Secret support\n"); + goto end; + } } testresult = 1; @@ -853,7 +862,7 @@ static int test_ccs_change_cipher(void) size_t readbytes; /* - * Create a conection so we can resume and potentially (but not) use + * Create a connection so we can resume and potentially (but not) use * a different cipher in the second connection. */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), @@ -948,51 +957,6 @@ end: } #endif -static int add_large_cert_chain(SSL_CTX *sctx) -{ - BIO *certbio = NULL; - X509 *chaincert = NULL; - int certlen; - int ret = 0; - int i; - - if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))) - goto end; - - if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL))) - goto end; - - if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL) - goto end; - BIO_free(certbio); - certbio = NULL; - - /* - * We assume the supplied certificate is big enough so that if we add - * NUM_EXTRA_CERTS it will make the overall message large enough. The - * default buffer size is requested to be 16k, but due to the way BUF_MEM - * works, it ends up allocating a little over 21k (16 * 4/3). So, in this - * test we need to have a message larger than that. - */ - certlen = i2d_X509(chaincert, NULL); - OPENSSL_assert(certlen * NUM_EXTRA_CERTS > - (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); - for (i = 0; i < NUM_EXTRA_CERTS; i++) { - if (!X509_up_ref(chaincert)) - goto end; - if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { - X509_free(chaincert); - goto end; - } - } - - ret = 1; - end: - BIO_free(certbio); - X509_free(chaincert); - return ret; -} - static int execute_test_large_message(const SSL_METHOD *smeth, const SSL_METHOD *cmeth, int min_version, int max_version, @@ -1028,7 +992,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth, SSL_CTX_set_read_ahead(cctx, 1); } - if (!add_large_cert_chain(sctx)) + if (!ssl_ctx_add_large_cert_chain(libctx, sctx, cert)) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, @@ -1078,12 +1042,17 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) char srec_wseq_after[SEQ_NUM_SIZE]; char srec_rseq_before[SEQ_NUM_SIZE]; char srec_rseq_after[SEQ_NUM_SIZE]; + SSL_CONNECTION *clientsc, *serversc; + + if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl)) + || !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; cbuf[0] = count++; - memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); - memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); + memcpy(crec_wseq_before, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_wseq_before, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE); if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) goto end; @@ -1103,10 +1072,10 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) } } - memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); - memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); + memcpy(crec_wseq_after, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_wseq_after, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE); /* verify the payload */ if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) @@ -1116,7 +1085,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) * If ktls is used then kernel sequences are used instead of * OpenSSL sequences */ - if (!BIO_get_ktls_send(clientssl->wbio)) { + if (!BIO_get_ktls_send(clientsc->wbio)) { if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE, crec_wseq_after, SEQ_NUM_SIZE)) goto end; @@ -1126,7 +1095,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) goto end; } - if (!BIO_get_ktls_send(serverssl->wbio)) { + if (!BIO_get_ktls_send(serversc->wbio)) { if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE, srec_wseq_after, SEQ_NUM_SIZE)) goto end; @@ -1136,7 +1105,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) goto end; } - if (!BIO_get_ktls_recv(clientssl->wbio)) { + if (!BIO_get_ktls_recv(clientsc->wbio)) { if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE, crec_rseq_after, SEQ_NUM_SIZE)) goto end; @@ -1146,7 +1115,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) goto end; } - if (!BIO_get_ktls_recv(serverssl->wbio)) { + if (!BIO_get_ktls_recv(serversc->wbio)) { if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE, srec_rseq_after, SEQ_NUM_SIZE)) goto end; @@ -1169,8 +1138,13 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, int ktls_used = 0, testresult = 0; int cfd = -1, sfd = -1; int rx_supported; + SSL_CONNECTION *clientsc, *serversc; + unsigned char *buf = NULL; + const size_t bufsz = SSL3_RT_MAX_PLAIN_LENGTH + 16; + int ret; + size_t offset = 0, i; - if (!TEST_true(create_test_sockets(&cfd, &sfd))) + if (!TEST_true(create_test_sockets(&cfd, &sfd, SOCK_STREAM, NULL))) goto end; /* Skip this test if the platform does not support ktls */ @@ -1205,6 +1179,10 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, &clientssl, sfd, cfd))) goto end; + if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl)) + || !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + if (cis_ktls) { if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS))) goto end; @@ -1224,39 +1202,39 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, * isn't enabled. */ if (!cis_ktls) { - if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) + if (!TEST_false(BIO_get_ktls_send(clientsc->wbio))) goto end; } else { - if (BIO_get_ktls_send(clientssl->wbio)) + if (BIO_get_ktls_send(clientsc->wbio)) ktls_used = 1; } if (!sis_ktls) { - if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) + if (!TEST_false(BIO_get_ktls_send(serversc->wbio))) goto end; } else { - if (BIO_get_ktls_send(serverssl->wbio)) + if (BIO_get_ktls_send(serversc->wbio)) ktls_used = 1; } #if defined(OPENSSL_NO_KTLS_RX) rx_supported = 0; #else - rx_supported = (tls_version != TLS1_3_VERSION); + rx_supported = 1; #endif if (!cis_ktls || !rx_supported) { - if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) + if (!TEST_false(BIO_get_ktls_recv(clientsc->rbio))) goto end; } else { - if (BIO_get_ktls_send(clientssl->rbio)) + if (BIO_get_ktls_send(clientsc->rbio)) ktls_used = 1; } if (!sis_ktls || !rx_supported) { - if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) + if (!TEST_false(BIO_get_ktls_recv(serversc->rbio))) goto end; } else { - if (BIO_get_ktls_send(serverssl->rbio)) + if (BIO_get_ktls_send(serversc->rbio)) ktls_used = 1; } @@ -1270,8 +1248,39 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, if (!TEST_true(ping_pong_query(clientssl, serverssl))) goto end; + buf = OPENSSL_zalloc(bufsz); + if (!TEST_ptr(buf)) + goto end; + + /* + * Write some data that exceeds the maximum record length. KTLS may choose + * to coalesce this data into a single buffer when we read it again. + */ + while ((ret = SSL_write(clientssl, buf, bufsz)) != (int)bufsz) { + if (!TEST_true(SSL_get_error(clientssl, ret) == SSL_ERROR_WANT_WRITE)) + goto end; + } + + /* Now check that we can read all the data we wrote */ + do { + ret = SSL_read(serverssl, buf + offset, bufsz - offset); + if (ret <= 0) { + if (!TEST_true(SSL_get_error(serverssl, ret) == SSL_ERROR_WANT_READ)) + goto end; + } else { + offset += ret; + } + } while (offset < bufsz); + + if (!TEST_true(offset == bufsz)) + goto end; + for (i = 0; i < bufsz; i++) + if (!TEST_true(buf[i] == 0)) + goto end; + testresult = 1; end: + OPENSSL_free(buf); if (clientssl) { SSL_shutdown(clientssl); SSL_free(clientssl); @@ -1294,7 +1303,8 @@ end: #define SENDFILE_CHUNK (4 * 4096) #define min(a,b) ((a) > (b) ? (b) : (a)) -static int execute_test_ktls_sendfile(int tls_version, const char *cipher) +static int execute_test_ktls_sendfile(int tls_version, const char *cipher, + int zerocopy) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -1305,11 +1315,12 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) off_t chunk_off = 0; int testresult = 0; FILE *ffdp; + SSL_CONNECTION *serversc; buf = OPENSSL_zalloc(SENDFILE_SZ); buf_dst = OPENSSL_zalloc(SENDFILE_SZ); if (!TEST_ptr(buf) || !TEST_ptr(buf_dst) - || !TEST_true(create_test_sockets(&cfd, &sfd))) + || !TEST_true(create_test_sockets(&cfd, &sfd, SOCK_STREAM, NULL))) goto end; /* Skip this test if the platform does not support ktls */ @@ -1344,14 +1355,23 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) &clientssl, sfd, cfd))) goto end; + if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS))) goto end; + if (zerocopy) { + if (!TEST_true(SSL_set_options(serverssl, + SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE))) + goto end; + } + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; - if (!BIO_get_ktls_send(serverssl->wbio)) { + if (!BIO_get_ktls_send(serversc->wbio)) { testresult = TEST_skip("Failed to enable KTLS for %s cipher %s", tls_version == TLS1_3_VERSION ? "TLS 1.3" : "TLS 1.2", cipher); @@ -1461,8 +1481,7 @@ static struct ktls_test_cipher { # endif }; -#define NUM_KTLS_TEST_CIPHERS \ - (sizeof(ktls_test_ciphers) / sizeof(ktls_test_ciphers[0])) +#define NUM_KTLS_TEST_CIPHERS OSSL_NELEM(ktls_test_ciphers) static int test_ktls(int test) { @@ -1479,14 +1498,16 @@ static int test_ktls(int test) cipher->cipher); } -static int test_ktls_sendfile(int tst) +static int test_ktls_sendfile(int test) { struct ktls_test_cipher *cipher; + int tst = test >> 1; OPENSSL_assert(tst < (int)NUM_KTLS_TEST_CIPHERS); cipher = &ktls_test_ciphers[tst]; - return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher); + return execute_test_ktls_sendfile(cipher->tls_version, cipher->cipher, + test & 1); } #endif @@ -1544,7 +1565,7 @@ static int test_large_app_data(int tst) prot = TLS1_3_VERSION; break; #else - return 1; + return TEST_skip("TLS 1.3 not supported"); #endif case 1: @@ -1552,7 +1573,7 @@ static int test_large_app_data(int tst) prot = TLS1_2_VERSION; break; #else - return 1; + return TEST_skip("TLS 1.2 not supported"); #endif case 2: @@ -1560,7 +1581,7 @@ static int test_large_app_data(int tst) prot = TLS1_1_VERSION; break; #else - return 1; + return TEST_skip("TLS 1.1 not supported"); #endif case 3: @@ -1568,7 +1589,7 @@ static int test_large_app_data(int tst) prot = TLS1_VERSION; break; #else - return 1; + return TEST_skip("TLS 1 not supported"); #endif case 4: @@ -1576,7 +1597,7 @@ static int test_large_app_data(int tst) prot = SSL3_VERSION; break; #else - return 1; + return TEST_skip("SSL 3 not supported"); #endif case 5: @@ -1586,17 +1607,19 @@ static int test_large_app_data(int tst) cmeth = DTLS_client_method(); break; #else - return 1; + return TEST_skip("DTLS 1.2 not supported"); #endif case 6: #ifndef OPENSSL_NO_DTLS1 + if (is_fips) + return TEST_skip("DTLS 1 not supported by FIPS provider"); prot = DTLS1_VERSION; smeth = DTLS_server_method(); cmeth = DTLS_client_method(); break; #else - return 1; + return TEST_skip("DTLS 1 not supported"); #endif default: @@ -1604,8 +1627,8 @@ static int test_large_app_data(int tst) return 0; } - if ((prot < TLS1_2_VERSION || prot == DTLS1_VERSION) && is_fips) - return 1; + if (is_fips && prot < TLS1_2_VERSION) + return TEST_skip("TLS versions < 1.2 not supported by FIPS provider"); /* Maximal sized message of zeros */ msg = OPENSSL_zalloc(SSL3_RT_MAX_PLAIN_LENGTH); @@ -1691,8 +1714,9 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - SSL3_RECORD *rr; - void *zbuf; + const unsigned char *zbuf; + SSL_CONNECTION *serversc; + TLS_RECORD *rr; static unsigned char cbuf[16000]; static unsigned char sbuf[16000]; @@ -1751,7 +1775,10 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, * layer is a plaintext record. We can gather the pointer to check * for zeroization after SSL_read(). */ - rr = serverssl->rlayer.rrec; + if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + rr = serversc->rlayer.tlsrecs; + zbuf = &rr->data[rr->off]; if (!TEST_int_eq(rr->length, sizeof(cbuf))) goto end; @@ -1889,6 +1916,8 @@ static int test_tlsext_status_type(void) /* First just do various checks getting and setting tlsext_status_type */ clientssl = SSL_new(cctx); + if (!TEST_ptr(clientssl)) + goto end; if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1) || !TEST_true(SSL_set_tlsext_status_type(clientssl, TLSEXT_STATUSTYPE_ocsp)) @@ -1904,6 +1933,8 @@ static int test_tlsext_status_type(void) goto end; clientssl = SSL_new(cctx); + if (!TEST_ptr(clientssl)) + goto end; if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) goto end; SSL_free(clientssl); @@ -2307,9 +2338,9 @@ static int execute_test_session(int maxprot, int use_int_cache, */ /* Make sess1 expire before sess2 */ - if (!TEST_long_gt(SSL_SESSION_set_time(sess1, 1000), 0) + if (!TEST_time_t_gt(SSL_SESSION_set_time_ex(sess1, 1000), 0) || !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0) - || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0) + || !TEST_time_t_gt(SSL_SESSION_set_time_ex(sess2, 2000), 0) || !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0)) goto end; @@ -2663,9 +2694,8 @@ static int test_psk_tickets(void) NULL, NULL))) goto end; clientpsk = serverpsk = create_a_psk(clientssl, SHA384_DIGEST_LENGTH); - if (!TEST_ptr(clientpsk)) + if (!TEST_ptr(clientpsk) || !TEST_true(SSL_SESSION_up_ref(clientpsk))) goto end; - SSL_SESSION_up_ref(clientpsk); if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) @@ -2975,10 +3005,12 @@ static int test_ssl_set_bio(int idx) * each BIO that will have ownership transferred in the SSL_set_bio() * call */ - if (irbio != NULL) - BIO_up_ref(irbio); - if (iwbio != NULL && iwbio != irbio) - BIO_up_ref(iwbio); + if (irbio != NULL && !BIO_up_ref(irbio)) + goto end; + if (iwbio != NULL && iwbio != irbio && !BIO_up_ref(iwbio)) { + BIO_free(irbio); + goto end; + } } if (conntype != CONNTYPE_NO_CONNECTION @@ -2998,11 +3030,17 @@ static int test_ssl_set_bio(int idx) if (nrbio != NULL && nrbio != irbio && (nwbio != iwbio || nrbio != nwbio)) - BIO_up_ref(nrbio); + if (!TEST_true(BIO_up_ref(nrbio))) + goto end; if (nwbio != NULL && nwbio != nrbio && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) - BIO_up_ref(nwbio); + if (!TEST_true(BIO_up_ref(nwbio))) { + if (nrbio != irbio + && (nwbio != iwbio || nrbio != nwbio)) + BIO_free(nrbio); + goto end; + } SSL_set_bio(clientssl, nrbio, nwbio); @@ -3124,6 +3162,7 @@ static const sigalgs_list testsigalgs[] = { {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, # endif {NULL, 0, "RSA+SHA256", 1, 1}, + {NULL, 0, "RSA+SHA256:?Invalid", 1, 1}, # ifndef OPENSSL_NO_EC {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, {NULL, 0, "ECDSA+SHA512", 1, 0}, @@ -3246,8 +3285,8 @@ static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, return 0; } - if (clientpsk != NULL) - SSL_SESSION_up_ref(clientpsk); + if (clientpsk != NULL && !SSL_SESSION_up_ref(clientpsk)) + return 0; *sess = clientpsk; *id = (const unsigned char *)pskid; @@ -3306,7 +3345,9 @@ static int find_session_cb(SSL *ssl, const unsigned char *identity, return 1; } - SSL_SESSION_up_ref(serverpsk); + if (!SSL_SESSION_up_ref(serverpsk)) + return 0; + *sess = serverpsk; return 1; @@ -3349,49 +3390,34 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, #define MSG6 "test" #define MSG7 "message." -#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") -#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03") -#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04") -#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") +static int artificial_ticket_time = 0; + +static int sub_session_time(SSL_SESSION *sess) +{ + OSSL_TIME tick_time; + tick_time = ossl_time_from_time_t(SSL_SESSION_get_time_ex(sess)); + tick_time = ossl_time_subtract(tick_time, ossl_seconds2time(10)); + + return SSL_SESSION_set_time_ex(sess, ossl_time_to_time_t(tick_time)) != 0; +} -static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize) +static int ed_gen_cb(SSL *s, void *arg) { - const SSL_CIPHER *cipher = NULL; - const unsigned char key[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, - 0x2c, 0x2d, 0x2e, 0x2f /* SHA384_DIGEST_LENGTH bytes */ - }; - SSL_SESSION *sess = NULL; + SSL_SESSION *sess = SSL_get0_session(s); - if (mdsize == SHA384_DIGEST_LENGTH) { - cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); - } else if (mdsize == SHA256_DIGEST_LENGTH) { - /* - * Any ciphersuite using SHA256 will do - it will be compatible with - * the actual ciphersuite selected as long as it too is based on SHA256 - */ - cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); - } else { - /* Should not happen */ - return NULL; - } - sess = SSL_SESSION_new(); - if (!TEST_ptr(sess) - || !TEST_ptr(cipher) - || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize)) - || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) - || !TEST_true( - SSL_SESSION_set_protocol_version(sess, - TLS1_3_VERSION))) { - SSL_SESSION_free(sess); - return NULL; - } - return sess; + if (sess == NULL) + return 0; + + /* + * Artificially give the ticket some age. Just do it for the number of + * tickets we've been told to do. + */ + if (artificial_ticket_time == 0) + return 1; + artificial_ticket_time--; + + return sub_session_time(sess); } /* @@ -3402,6 +3428,8 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, SSL **serverssl, SSL_SESSION **sess, int idx, size_t mdsize) { + int artificial = (artificial_ticket_time > 0); + if (*sctx == NULL && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), @@ -3409,6 +3437,9 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, sctx, cctx, cert, privkey))) return 0; + if (artificial) + SSL_CTX_set_session_ticket_cb(*sctx, ed_gen_cb, NULL, NULL); + if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH))) return 0; @@ -3481,6 +3512,14 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, SSL_free(*clientssl); *serverssl = *clientssl = NULL; + /* + * Artificially give the ticket some age to match the artificial age we + * gave it on the server side + */ + if (artificial + && !TEST_true(sub_session_time(*sess))) + return 0; + if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl, NULL, NULL)) || !TEST_true(SSL_set_session(*clientssl, *sess))) @@ -3489,7 +3528,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, return 1; } -static int check_early_data_timeout(time_t timer) +static int check_early_data_timeout(OSSL_TIME timer) { int res = 0; @@ -3501,8 +3540,8 @@ static int check_early_data_timeout(time_t timer) * test if it has taken too long. We assume anything over 7 seconds is too * long */ - timer = time(NULL) - timer; - if (timer >= 7) + timer = ossl_time_subtract(ossl_time_now(), timer); + if (ossl_time_compare(timer, ossl_seconds2time(7)) >= 0) res = TEST_skip("Test took too long, ignoring result"); return res; @@ -3517,15 +3556,21 @@ static int test_early_data_read_write(int idx) unsigned char buf[20], data[1024]; size_t readbytes, written, eoedlen, rawread, rawwritten; BIO *rbio; - time_t timer; + OSSL_TIME timer; + /* Artificially give the next 2 tickets some age for non PSK sessions */ + if (idx != 2) + artificial_ticket_time = 2; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, &sess, idx, - SHA384_DIGEST_LENGTH))) + SHA384_DIGEST_LENGTH))) { + artificial_ticket_time = 0; goto end; + } + artificial_ticket_time = 0; /* Write and read some early data */ - timer = time(NULL); + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) || !TEST_size_t_eq(written, strlen(MSG1))) @@ -3755,7 +3800,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) SSL_SESSION *sess = NULL; size_t readbytes, written; unsigned char buf[20]; - time_t timer; + OSSL_TIME timer; allow_ed_cb_called = 0; @@ -3810,7 +3855,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) goto end; /* Write and read some early data */ - timer = time(NULL); + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) || !TEST_size_t_eq(written, strlen(MSG1))) @@ -3887,7 +3932,13 @@ static const char *ciphersuites[] = { "TLS_AES_256_GCM_SHA384", "TLS_AES_128_CCM_SHA256", #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - "TLS_CHACHA20_POLY1305_SHA256" + "TLS_CHACHA20_POLY1305_SHA256", +#else + NULL, +#endif +#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + "TLS_SHA256_SHA256", + "TLS_SHA384_SHA384" #endif }; @@ -3908,16 +3959,19 @@ static int early_data_skip_helper(int testtype, int cipher, int idx) unsigned char buf[20]; size_t readbytes, written; - if (is_fips && cipher == 4) + if (is_fips && cipher >= 4) return 1; + if (ciphersuites[cipher] == NULL) + return TEST_skip("Cipher not supported"); + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, cert, privkey))) goto end; - if (cipher == 0) { + if (cipher == 0 || cipher == 5 || cipher == 6) { SSL_CTX_set_security_level(sctx, 0); SSL_CTX_set_security_level(cctx, 0); } @@ -3928,8 +3982,9 @@ static int early_data_skip_helper(int testtype, int cipher, int idx) if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, &sess, idx, - cipher == 2 ? SHA384_DIGEST_LENGTH - : SHA256_DIGEST_LENGTH))) + (cipher == 2 || cipher == 6) + ? SHA384_DIGEST_LENGTH + : SHA256_DIGEST_LENGTH))) goto end; if (testtype == 1 || testtype == 2) { @@ -3953,7 +4008,7 @@ static int early_data_skip_helper(int testtype, int cipher, int idx) * time. It could be any value as long as it is not within tolerance. * This should mean the ticket is rejected. */ - if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20)))) + if (!TEST_true(SSL_SESSION_set_time_ex(sess, time(NULL) - 20))) goto end; } @@ -4018,7 +4073,7 @@ static int early_data_skip_helper(int testtype, int cipher, int idx) sizeof(bad_early_data), &written))) goto end; } - /* fallthrough */ + /* FALLTHROUGH */ case 3: /* @@ -4352,7 +4407,7 @@ static int test_early_data_psk(int idx) || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) goto end; } else { - time_t timer = time(NULL); + OSSL_TIME timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written))) @@ -4386,12 +4441,14 @@ static int test_early_data_psk(int idx) } /* - * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites + * Test TLSv1.3 PSK can be used to send early_data with all 7 ciphersuites * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256 * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384 * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256, * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256 * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256 + * idx == 5: Test with TLS1_3_RFC_SHA256_SHA256 + * idx == 6: Test with TLS1_3_RFC_SHA384_SHA384 */ static int test_early_data_psk_with_all_ciphers(int idx) { @@ -4402,7 +4459,7 @@ static int test_early_data_psk_with_all_ciphers(int idx) unsigned char buf[20]; size_t readbytes, written; const SSL_CIPHER *cipher; - time_t timer; + OSSL_TIME timer; const char *cipher_str[] = { TLS1_3_RFC_AES_128_GCM_SHA256, TLS1_3_RFC_AES_256_GCM_SHA384, @@ -4412,7 +4469,14 @@ static int test_early_data_psk_with_all_ciphers(int idx) NULL, # endif TLS1_3_RFC_AES_128_CCM_SHA256, - TLS1_3_RFC_AES_128_CCM_8_SHA256 + TLS1_3_RFC_AES_128_CCM_8_SHA256, +# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + TLS1_3_RFC_SHA256_SHA256, + TLS1_3_RFC_SHA384_SHA384 +#else + NULL, + NULL +#endif }; const unsigned char *cipher_bytes[] = { TLS13_AES_128_GCM_SHA256_BYTES, @@ -4423,13 +4487,23 @@ static int test_early_data_psk_with_all_ciphers(int idx) NULL, # endif TLS13_AES_128_CCM_SHA256_BYTES, - TLS13_AES_128_CCM_8_SHA256_BYTES + TLS13_AES_128_CCM_8_SHA256_BYTES, +# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + TLS13_SHA256_SHA256_BYTES, + TLS13_SHA384_SHA384_BYTES +#else + NULL, + NULL +#endif }; if (cipher_str[idx] == NULL) return 1; - /* Skip ChaCha20Poly1305 as currently FIPS module does not support it */ - if (idx == 2 && is_fips == 1) + /* + * Skip ChaCha20Poly1305 and TLS_SHA{256,384}_SHA{256,384} ciphers + * as currently FIPS module does not support them. + */ + if ((idx == 2 || idx == 5 || idx == 6) && is_fips == 1) return 1; /* We always set this up with a final parameter of "2" for PSK */ @@ -4438,6 +4512,15 @@ static int test_early_data_psk_with_all_ciphers(int idx) SHA384_DIGEST_LENGTH))) goto end; + if (idx == 4 || idx == 5 || idx == 6) { + /* + * CCM8 ciphers are considered low security due to their short tag. + * Integrity-only cipher do not provide any confidentiality. + */ + SSL_set_security_level(clientssl, 0); + SSL_set_security_level(serverssl, 0); + } + if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx])) || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx]))) goto end; @@ -4454,7 +4537,7 @@ static int test_early_data_psk_with_all_ciphers(int idx) goto end; SSL_set_connect_state(clientssl); - timer = time(NULL); + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written))) goto end; @@ -4732,9 +4815,11 @@ static int test_ciphersuite_change(void) "TLS_AES_256_GCM_SHA384:" "TLS_AES_128_CCM_SHA256")) || !TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_GCM_SHA256")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) + "TLS_AES_128_GCM_SHA256"))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; @@ -4860,12 +4945,24 @@ static int test_ciphersuite_change(void) * Test 9 = Test NID_ffdhe4096 with TLSv1.3 client and server * Test 10 = Test NID_ffdhe6144 with TLSv1.3 client and server * Test 11 = Test NID_ffdhe8192 with TLSv1.3 client and server - * Test 12 = Test all ECDHE with TLSv1.2 client and server - * Test 13 = Test all FFDHE with TLSv1.2 client and server + * Test 12 = Test all ML-KEM with TLSv1.3 client and server + * Test 13 = Test MLKEM512 + * Test 14 = Test MLKEM768 + * Test 15 = Test MLKEM1024 + * Test 16 = Test X25519MLKEM768 + * Test 17 = Test SecP256r1MLKEM768 + * Test 18 = Test SecP384r1MLKEM1024 + * Test 19 = Test all ML-KEM with TLSv1.2 client and server + * Test 20 = Test all FFDHE with TLSv1.2 client and server + * Test 21 = Test all ECDHE with TLSv1.2 client and server */ # ifndef OPENSSL_NO_EC static int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, - NID_secp521r1, NID_X25519, NID_X448}; + NID_secp521r1, +# ifndef OPENSSL_NO_ECX + NID_X25519, NID_X448 +# endif + }; # endif # ifndef OPENSSL_NO_DH static int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, @@ -4876,16 +4973,18 @@ static int test_key_exchange(int idx) SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; int testresult = 0; - int kexch_alg; + int kexch_alg = NID_undef; int *kexch_groups = &kexch_alg; int kexch_groups_size = 1; int max_version = TLS1_3_VERSION; char *kexch_name0 = NULL; + const char *kexch_names = NULL; + int shared_group0; switch (idx) { # ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_TLS1_2 - case 12: + case 21: max_version = TLS1_2_VERSION; # endif /* Fall through */ @@ -4906,6 +5005,7 @@ static int test_key_exchange(int idx) kexch_alg = NID_secp521r1; kexch_name0 = "secp521r1"; break; +# ifndef OPENSSL_NO_ECX case 4: if (is_fips) return TEST_skip("X25519 might not be supported by fips provider."); @@ -4918,10 +5018,11 @@ static int test_key_exchange(int idx) kexch_alg = NID_X448; kexch_name0 = "x448"; break; +# endif # endif # ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_TLS1_2 - case 13: + case 20: max_version = TLS1_2_VERSION; kexch_name0 = "ffdhe2048"; # endif @@ -4952,11 +5053,71 @@ static int test_key_exchange(int idx) kexch_name0 = "ffdhe8192"; break; # endif +# ifndef OPENSSL_NO_ML_KEM +# if !defined(OPENSSL_NO_TLS1_2) + case 19: + max_version = TLS1_2_VERSION; +# if !defined(OPENSSL_NO_EC) + /* Set at least one EC group so the handshake completes */ + kexch_names = "MLKEM512:MLKEM768:MLKEM1024:secp256r1"; +# elif !defined(OPENSSL_NO_DH) + kexch_names = "MLKEM512:MLKEM768:MLKEM1024"; +# else + /* With neither EC nor DH TLS 1.2 can't happen */ + return 1; +# endif +# endif + /* Fall through */ + case 12: + kexch_groups = NULL; + if (kexch_names == NULL) + kexch_names = "MLKEM512:MLKEM768:MLKEM1024"; + kexch_name0 = "MLKEM512"; + break; + case 13: + kexch_groups = NULL; + kexch_name0 = "MLKEM512"; + kexch_names = kexch_name0; + break; + case 14: + kexch_groups = NULL; + kexch_name0 = "MLKEM768"; + kexch_names = kexch_name0; + break; + case 15: + kexch_groups = NULL; + kexch_name0 = "MLKEM1024"; + kexch_names = kexch_name0; + break; +# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX + case 16: + kexch_groups = NULL; + kexch_name0 = "X25519MLKEM768"; + kexch_names = kexch_name0; + break; +# endif + case 17: + kexch_groups = NULL; + kexch_name0 = "SecP256r1MLKEM768"; + kexch_names = kexch_name0; + break; + case 18: + kexch_groups = NULL; + kexch_name0 = "SecP384r1MLKEM1024"; + kexch_names = kexch_name0; + break; +# endif +# endif default: /* We're skipping this test */ return 1; } + if (is_fips && fips_provider_version_lt(libctx, 3, 5, 0) + && idx >= 12 && idx <= 19) + return TEST_skip("ML-KEM not supported in this version of fips provider"); + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, max_version, &sctx, &cctx, cert, @@ -4992,32 +5153,54 @@ static int test_key_exchange(int idx) NULL, NULL))) goto end; - if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, kexch_groups_size)) - || !TEST_true(SSL_set1_groups(clientssl, kexch_groups, kexch_groups_size))) - goto end; + if (kexch_groups != NULL) { + if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, kexch_groups_size)) + || !TEST_true(SSL_set1_groups(clientssl, kexch_groups, kexch_groups_size))) + goto end; + } else { + if (!TEST_true(SSL_set1_groups_list(serverssl, kexch_names)) + || !TEST_true(SSL_set1_groups_list(clientssl, kexch_names))) + goto end; + } if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; /* - * If Handshake succeeds the negotiated kexch alg should be the first one in - * configured, except in the case of FFDHE groups (idx 13), which are - * TLSv1.3 only so we expect no shared group to exist. + * If the handshake succeeds the negotiated kexch alg should be the first + * one in configured, except in the case of "all" FFDHE and "all" ML-KEM + * groups (idx == 19, 20), which are TLSv1.3 only so we expect no shared + * group to exist. */ - if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0), - idx == 13 ? 0 : kexch_groups[0])) - goto end; - - if (!TEST_str_eq(SSL_group_to_name(serverssl, kexch_groups[0]), - kexch_name0)) - goto end; - - /* We don't implement RFC 7919 named groups for TLS 1.2. */ - if (idx != 13) { - if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0])) + shared_group0 = SSL_get_shared_group(serverssl, 0); + switch (idx) { + case 19: +# if !defined(OPENSSL_NO_EC) + /* MLKEM + TLS 1.2 and no DH => "secp526r1" */ + if (!TEST_int_eq(shared_group0, NID_X9_62_prime256v1)) + goto end; + break; +# endif + /* Fall through */ + case 20: + if (!TEST_int_eq(shared_group0, 0)) + goto end; + break; + default: + if (kexch_groups != NULL + && !TEST_int_eq(shared_group0, kexch_groups[0])) + goto end; + if (!TEST_str_eq(SSL_group_to_name(serverssl, shared_group0), + kexch_name0)) goto end; - if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), kexch_groups[0])) + if (!TEST_str_eq(SSL_get0_group_name(serverssl), kexch_name0) + || !TEST_str_eq(SSL_get0_group_name(clientssl), kexch_name0)) goto end; + if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), shared_group0)) + goto end; + if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), shared_group0)) + goto end; + break; } testresult = 1; @@ -5268,16 +5451,24 @@ static int test_tls13_ciphersuite(int idx) static const struct { const char *ciphername; int fipscapable; + int low_security; } t13_ciphers[] = { - { TLS1_3_RFC_AES_128_GCM_SHA256, 1 }, - { TLS1_3_RFC_AES_256_GCM_SHA384, 1 }, - { TLS1_3_RFC_AES_128_CCM_SHA256, 1 }, + { TLS1_3_RFC_AES_128_GCM_SHA256, 1, 0 }, + { TLS1_3_RFC_AES_256_GCM_SHA384, 1, 0 }, + { TLS1_3_RFC_AES_128_CCM_SHA256, 1, 0 }, # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - { TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 }, + { TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0, 0 }, { TLS1_3_RFC_AES_256_GCM_SHA384 - ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 }, + ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0, 0 }, +# endif + /* CCM8 ciphers are considered low security due to their short tag */ + { TLS1_3_RFC_AES_128_CCM_8_SHA256 + ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 }, +# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) + /* Integrity-only cipher do not provide any confidentiality */ + { TLS1_3_RFC_SHA256_SHA256, 0, 1 }, + { TLS1_3_RFC_SHA384_SHA384, 0, 1 } # endif - { TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1 } }; const char *t13_cipher = NULL; const char *t12_cipher = NULL; @@ -5321,6 +5512,11 @@ static int test_tls13_ciphersuite(int idx) &sctx, &cctx, cert, privkey))) goto end; + if (t13_ciphers[i].low_security) { + SSL_CTX_set_security_level(sctx, 0); + SSL_CTX_set_security_level(cctx, 0); + } + if (set_at_ctx) { if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, t13_cipher)) || !TEST_true(SSL_CTX_set_ciphersuites(cctx, t13_cipher))) @@ -5633,6 +5829,119 @@ static int test_tls13_psk(int idx) return testresult; } +#ifndef OSSL_NO_USABLE_TLS1_3 +/* + * Test TLS1.3 connection establishment succeeds with various configurations of + * the options `SSL_OP_ALLOW_NO_DHE_KEX` and `SSL_OP_PREFER_NO_DHE_KEX`. + * The verification of whether the right KEX mode is chosen is not covered by + * this test but by `test_tls13kexmodes`. + * + * Tests (idx & 1): Server has `SSL_OP_ALLOW_NO_DHE_KEX` set. + * Tests (idx & 2): Server has `SSL_OP_PREFER_NO_DHE_KEX` set. + * Tests (idx & 4): Client has `SSL_OP_ALLOW_NO_DHE_KEX` set. + */ +static int test_tls13_no_dhe_kex(const int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + size_t j; + SSL_SESSION *saved_session; + + int server_allow_no_dhe = (idx & 1) != 0; + int server_prefer_no_dhe = (idx & 2) != 0; + int client_allow_no_dhe = (idx & 4) != 0; + + uint64_t server_options = 0 + | (server_allow_no_dhe ? SSL_OP_ALLOW_NO_DHE_KEX : 0) + | (server_prefer_no_dhe ? SSL_OP_PREFER_NO_DHE_KEX : 0); + + uint64_t client_options = 0 + | (client_allow_no_dhe ? SSL_OP_ALLOW_NO_DHE_KEX : 0); + + new_called = 0; + do_cache = 1; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_3_VERSION, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + + SSL_CTX_set_options(sctx, server_options); + SSL_CTX_set_options(cctx, client_options); + + SSL_CTX_sess_set_new_cb(cctx, new_cachesession_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(2, new_called)) + goto end; + + /* We'll reuse the last ticket. */ + saved_session = sesscache[new_called - 1]; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(cctx); + clientssl = serverssl = NULL; + cctx = NULL; + + /* + * Now we resume with the last ticket we created. + */ + + /* The server context already exists, so we only create the client. */ + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_3_VERSION, 0, + NULL, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_options(cctx, client_options); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, saved_session))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * Make sure, the session was resumed. + */ + if (!TEST_true(SSL_session_reused(clientssl))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + for (j = 0; j < OSSL_NELEM(sesscache); j++) { + SSL_SESSION_free(sesscache[j]); + sesscache[j] = NULL; + } + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif /* OSSL_NO_USABLE_TLS1_3 */ + static unsigned char cookie_magic_value[] = "cookie magic"; static int generate_cookie_callback(SSL *ssl, unsigned char *cookie, @@ -6261,8 +6570,10 @@ static int test_export_key_mat(int tst) const char label[LONG_LABEL_LEN + 1] = "test label"; const unsigned char context[] = "context"; const unsigned char *emptycontext = NULL; - unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80]; - unsigned char skeymat1[80], skeymat2[80], skeymat3[80]; + unsigned char longcontext[1280]; + int test_longcontext = fips_provider_version_ge(libctx, 3, 3, 0); + unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80], ckeymat4[80]; + unsigned char skeymat1[80], skeymat2[80], skeymat3[80], skeymat4[80]; size_t labellen; const int protocols[] = { TLS1_VERSION, @@ -6340,6 +6651,8 @@ static int test_export_key_mat(int tst) labellen = SMALL_LABEL_LEN; } + memset(longcontext, 1, sizeof(longcontext)); + if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1, sizeof(ckeymat1), label, labellen, context, @@ -6353,6 +6666,14 @@ static int test_export_key_mat(int tst) sizeof(ckeymat3), label, labellen, NULL, 0, 0), 1) + || (test_longcontext + && !TEST_int_eq(SSL_export_keying_material(clientssl, + ckeymat4, + sizeof(ckeymat4), label, + labellen, + longcontext, + sizeof(longcontext), 1), + 1)) || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1, sizeof(skeymat1), label, labellen, @@ -6368,6 +6689,13 @@ static int test_export_key_mat(int tst) sizeof(skeymat3), label, labellen, NULL, 0, 0), 1) + || (test_longcontext + && !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat4, + sizeof(skeymat4), label, + labellen, + longcontext, + sizeof(longcontext), 1), + 1)) /* * Check that both sides created the same key material with the * same context. @@ -6386,6 +6714,13 @@ static int test_export_key_mat(int tst) */ || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3, sizeof(skeymat3)) + /* + * Check that both sides created the same key material with a + * long context. + */ + || (test_longcontext + && !TEST_mem_eq(ckeymat4, sizeof(ckeymat4), skeymat4, + sizeof(skeymat4))) /* Different contexts should produce different results */ || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, sizeof(ckeymat2))) @@ -6595,7 +6930,9 @@ static int test_key_update_peer_in_write(int tst) /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) - || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)) + || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE) + || !TEST_true(SSL_want_write(peerwrite)) + || !TEST_true(SSL_net_write_desired(peerwrite))) goto end; /* Reinstate the original writing endpoint's write BIO */ @@ -6604,7 +6941,9 @@ static int test_key_update_peer_in_write(int tst) /* Now read some data - we will read the key update */ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) - || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)) + || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ) + || !TEST_true(SSL_want_read(peerwrite)) + || !TEST_true(SSL_net_read_desired(peerwrite))) goto end; /* @@ -6620,6 +6959,11 @@ static int test_key_update_peer_in_write(int tst) || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) goto end; + if (!TEST_false(SSL_net_read_desired(peerwrite)) + || !TEST_false(SSL_net_write_desired(peerwrite)) + || !TEST_int_eq(SSL_want(peerwrite), SSL_NOTHING)) + goto end; + testresult = 1; end: @@ -6892,22 +7236,45 @@ static int test_key_update_local_in_read(int tst) } #endif /* OSSL_NO_USABLE_TLS1_3 */ +/* + * Test clearing a connection via SSL_clear(), or resetting it via + * SSL_set_connect_state()/SSL_set_accept_state() + * Test 0: SSL_set_connect_state, TLSv1.3 + * Test 1: SSL_set_connect_state, TLSv1.2 + * Test 2: SSL_set_accept_state, TLSv1.3 + * Test 3: SSL_set_accept_state, TLSv1.2 + * Test 4: SSL_clear (client), TLSv1.3 + * Test 5: SSL_clear (client), TLSv1.2 + * Test 6: SSL_clear (server), TLSv1.3 + * Test 7: SSL_clear (server), TLSv1.2 + */ static int test_ssl_clear(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; + SSL *writer, *reader; int testresult = 0; + int tls12test, servertest, cleartest; + size_t written, readbytes; + const char *msg = "Hello World"; + unsigned char buf[5]; + + tls12test = idx & 1; + idx >>= 1; + servertest = idx & 1; + idx >>= 1; + cleartest = idx & 1; #ifdef OPENSSL_NO_TLS1_2 - if (idx == 1) - return 1; + if (tls12test == 1) + return TEST_skip("No TLSv1.2 in this build"); #endif /* Create an initial connection */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, cert, privkey)) - || (idx == 1 + || (tls12test && !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))) || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, @@ -6916,20 +7283,68 @@ static int test_ssl_clear(int idx) SSL_ERROR_NONE))) goto end; + if (servertest) { + writer = clientssl; + reader = serverssl; + } else { + writer = serverssl; + reader = clientssl; + } + + /* Write some data */ + if (!TEST_true(SSL_write_ex(writer, msg, strlen(msg), &written)) + || written != strlen(msg)) + goto end; + + /* + * Read a partial record. The remaining buffered data should be cleared by + * the subsequent clear/reset + */ + if (!TEST_true(SSL_read_ex(reader, buf, sizeof(buf), &readbytes)) + || readbytes != sizeof(buf)) + goto end; + SSL_shutdown(clientssl); SSL_shutdown(serverssl); - SSL_free(serverssl); - serverssl = NULL; - /* Clear clientssl - we're going to reuse the object */ - if (!TEST_true(SSL_clear(clientssl))) - goto end; + /* Reset/clear one SSL object in order to reuse it. We free the other one */ + if (servertest) { + if (cleartest) { + if (!TEST_true(SSL_clear(serverssl))) + goto end; + } else { + SSL_set_accept_state(serverssl); + } + /* + * A peculiarity of SSL_clear() is that it does not clear the session. + * This is intended behaviour so that a client can create a new + * connection and reuse the session. But this doesn't make much sense + * on the server side - and causes incorrect behaviour due to the + * handshake failing (even though the documentation does say SSL_clear() + * is supposed to work on the server side). We clear the session + * explicitly - although note that the documentation for + * SSL_set_session() says that its only useful for clients! + */ + if (!TEST_true(SSL_set_session(serverssl, NULL))) + goto end; + SSL_free(clientssl); + clientssl = NULL; + } else { + if (cleartest) { + if (!TEST_true(SSL_clear(clientssl))) + goto end; + } else { + SSL_set_connect_state(clientssl); + } + SSL_free(serverssl); + serverssl = NULL; + } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + || !TEST_true(servertest || SSL_session_reused(clientssl))) goto end; SSL_shutdown(clientssl); @@ -6954,7 +7369,7 @@ static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code) PACKET pkt, pkt2, pkt3; unsigned int MFL_code = 0, type = 0; - if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) ) + if (!TEST_uint_gt(len = BIO_get_mem_data(bio, (char **) &data), 0)) goto end; memset(&pkt, 0, sizeof(pkt)); @@ -6962,7 +7377,7 @@ static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code) memset(&pkt3, 0, sizeof(pkt3)); if (!TEST_long_gt(len, 0) - || !TEST_true( PACKET_buf_init( &pkt, data, len ) ) + || !TEST_true(PACKET_buf_init(&pkt, data, len)) /* Skip the record header */ || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) /* Skip the handshake message header */ @@ -7426,6 +7841,38 @@ static struct info_cb_states_st { {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, }, { + /* TLSv1.3 server, certificate compression, followed by resumption */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSCC"}, + {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + /* TLSv1.3 client, certificate compression, followed by resumption */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, + {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSCC"}, + {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, + {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, + {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, + {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, + {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { {0, NULL}, } }; @@ -7482,6 +7929,8 @@ static void sslapi_info_callback(const SSL *s, int where, int ret) * Test 3: TLSv1.3, client * Test 4: TLSv1.3, server, early_data * Test 5: TLSv1.3, client, early_data + * Test 6: TLSv1.3, server, compressed certificate + * Test 7: TLSv1.3, client, compressed certificate */ static int test_info_callback(int tst) { @@ -7513,11 +7962,11 @@ static int test_info_callback(int tst) info_cb_offset = tst; #ifndef OSSL_NO_USABLE_TLS1_3 - if (tst >= 4) { + if (tst >= 4 && tst < 6) { SSL_SESSION *sess = NULL; size_t written, readbytes; unsigned char buf[80]; - time_t timer; + OSSL_TIME timer; /* early_data tests */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, @@ -7532,7 +7981,7 @@ static int test_info_callback(int tst) sslapi_info_callback); /* Write and read some early data and then complete the connection */ - timer = time(NULL); + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) || !TEST_size_t_eq(written, strlen(MSG1))) @@ -7573,6 +8022,10 @@ static int test_info_callback(int tst) */ SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx, sslapi_info_callback); + if (tst >= 6) { + if (!SSL_CTX_compress_certs(sctx, 0)) + goto end; + } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) @@ -8034,7 +8487,7 @@ static int test_ticket_callbacks(int tst) gen_tick_called = dec_tick_called = tick_key_cb_called = 0; /* Which tests the ticket key callback should request renewal for */ - + if (tst == 10 || tst == 11 || tst == 16 || tst == 17) tick_key_renew = 1; else if (tst == 12 || tst == 13 || tst == 18 || tst == 19) @@ -8266,7 +8719,7 @@ static int test_shutdown(int tst) if (tst == 3) { if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE, 1)) + SSL_ERROR_NONE, 1, 0)) || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) || !TEST_false(SSL_SESSION_is_resumable(sess))) goto end; @@ -8379,17 +8832,126 @@ static int test_shutdown(int tst) return testresult; } +/* + * Test that sending close_notify alerts works correctly in the case of a + * retryable write failure. + */ +static int test_async_shutdown(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + BIO *bretry = BIO_new(bio_s_always_retry()), *tmp = NULL; + + if (!TEST_ptr(bretry)) + goto end; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + 0, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* Close write side of clientssl */ + if (!TEST_int_eq(SSL_shutdown(clientssl), 0)) + goto end; + + tmp = SSL_get_wbio(serverssl); + if (!TEST_true(BIO_up_ref(tmp))) { + tmp = NULL; + goto end; + } + SSL_set0_wbio(serverssl, bretry); + bretry = NULL; + + /* First server shutdown should fail because of a retrable write failure */ + if (!TEST_int_eq(SSL_shutdown(serverssl), -1) + || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE)) + goto end; + + /* Second server shutdown should fail for the same reason */ + if (!TEST_int_eq(SSL_shutdown(serverssl), -1) + || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE)) + goto end; + + SSL_set0_wbio(serverssl, tmp); + tmp = NULL; + + /* Third server shutdown should send close_notify */ + if (!TEST_int_eq(SSL_shutdown(serverssl), 0)) + goto end; + + /* Fourth server shutdown should read close_notify from client and finish */ + if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) + goto end; + + /* Client should also successfully fully shutdown */ + if (!TEST_int_eq(SSL_shutdown(clientssl), 1)) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + BIO_free(bretry); + BIO_free(tmp); + + return testresult; +} + #if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) static int cert_cb_cnt; +static int load_chain(const char *file, EVP_PKEY **pkey, X509 **x509, + STACK_OF(X509) *chain) +{ + char *path = test_mk_file_path(certsdir, file); + BIO *in = NULL; + X509 *x = NULL; + int ok = 0; + + if (path == NULL) + return 0; + if ((in = BIO_new(BIO_s_file())) == NULL + || BIO_read_filename(in, path) <= 0) + goto out; + if (pkey == NULL) { + if ((x = X509_new_ex(libctx, NULL)) == NULL + || PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) + goto out; + if (chain == NULL) + *x509 = x; + else if (!sk_X509_push(chain, x)) + goto out; + } else if (PEM_read_bio_PrivateKey_ex(in, pkey, NULL, NULL, + libctx, NULL) == NULL) { + goto out; + } + + x = NULL; + ok = 1; + out: + X509_free(x); + BIO_free(in); + OPENSSL_free(path); + return ok; +} + static int cert_cb(SSL *s, void *arg) { SSL_CTX *ctx = (SSL_CTX *)arg; - BIO *in = NULL; EVP_PKEY *pkey = NULL; - X509 *x509 = NULL, *rootx = NULL; + X509 *x509 = NULL, *x = NULL; STACK_OF(X509) *chain = NULL; - char *rootfile = NULL, *ecdsacert = NULL, *ecdsakey = NULL; int ret = 0; if (cert_cb_cnt == 0) { @@ -8414,33 +8976,14 @@ static int cert_cb(SSL *s, void *arg) } else if (cert_cb_cnt == 3) { int rv; - rootfile = test_mk_file_path(certsdir, "rootcert.pem"); - ecdsacert = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); - ecdsakey = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); - if (!TEST_ptr(rootfile) || !TEST_ptr(ecdsacert) || !TEST_ptr(ecdsakey)) - goto out; chain = sk_X509_new_null(); - if (!TEST_ptr(chain)) - goto out; - if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_gt(BIO_read_filename(in, rootfile), 0) - || !TEST_ptr(rootx = X509_new_ex(libctx, NULL)) - || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL)) - || !TEST_true(sk_X509_push(chain, rootx))) - goto out; - rootx = NULL; - BIO_free(in); - if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_gt(BIO_read_filename(in, ecdsacert), 0) - || !TEST_ptr(x509 = X509_new_ex(libctx, NULL)) - || !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL))) - goto out; - BIO_free(in); - if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_gt(BIO_read_filename(in, ecdsakey), 0) - || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - NULL, NULL, - libctx, NULL))) + if (!TEST_ptr(chain) + || !TEST_true(load_chain("ca-cert.pem", NULL, NULL, chain)) + || !TEST_true(load_chain("root-cert.pem", NULL, NULL, chain)) + || !TEST_true(load_chain("p256-ee-rsa-ca-cert.pem", NULL, + &x509, NULL)) + || !TEST_true(load_chain("p256-ee-rsa-ca-key.pem", &pkey, + NULL, NULL))) goto out; rv = SSL_check_chain(s, x509, pkey, chain); /* @@ -8460,14 +9003,10 @@ static int cert_cb(SSL *s, void *arg) /* Abort the handshake */ out: - OPENSSL_free(ecdsacert); - OPENSSL_free(ecdsakey); - OPENSSL_free(rootfile); - BIO_free(in); EVP_PKEY_free(pkey); X509_free(x509); - X509_free(rootx); - sk_X509_pop_free(chain, X509_free); + X509_free(x); + OSSL_STACK_OF_X509_free(chain); return ret; } @@ -8495,7 +9034,7 @@ static int test_cert_cb_int(int prot, int tst) if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), - TLS1_VERSION, + prot, prot, &sctx, &cctx, NULL, NULL))) goto end; @@ -8895,14 +9434,14 @@ static int test_session_timeout(int test) * Test session ordering and timeout * Can't explicitly test performance of the new code, * but can test to see if the ordering of the sessions - * are correct, and they they are removed as expected + * are correct, and they are removed as expected */ SSL_SESSION *early = NULL; SSL_SESSION *middle = NULL; SSL_SESSION *late = NULL; SSL_CTX *ctx; int testresult = 0; - long now = (long)time(NULL); + time_t now = time(NULL); #define TIMEOUT 10 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method())) @@ -8930,9 +9469,9 @@ static int test_session_timeout(int test) || !TEST_ptr(late->prev)) goto end; - if (!TEST_int_ne(SSL_SESSION_set_time(early, now - 10), 0) - || !TEST_int_ne(SSL_SESSION_set_time(middle, now), 0) - || !TEST_int_ne(SSL_SESSION_set_time(late, now + 10), 0)) + if (!TEST_time_t_ne(SSL_SESSION_set_time_ex(early, now - 10), 0) + || !TEST_time_t_ne(SSL_SESSION_set_time_ex(middle, now), 0) + || !TEST_time_t_ne(SSL_SESSION_set_time_ex(late, now + 10), 0)) goto end; if (!TEST_int_ne(SSL_SESSION_set_timeout(early, TIMEOUT), 0) @@ -8954,21 +9493,21 @@ static int test_session_timeout(int test) goto end; /* This should remove "early" */ - SSL_CTX_flush_sessions(ctx, now + TIMEOUT - 1); + SSL_CTX_flush_sessions_ex(ctx, now + TIMEOUT - 1); if (!TEST_ptr_null(early->prev) || !TEST_ptr(middle->prev) || !TEST_ptr(late->prev)) goto end; /* This should remove "middle" */ - SSL_CTX_flush_sessions(ctx, now + TIMEOUT + 1); + SSL_CTX_flush_sessions_ex(ctx, now + TIMEOUT + 1); if (!TEST_ptr_null(early->prev) || !TEST_ptr_null(middle->prev) || !TEST_ptr(late->prev)) goto end; /* This should remove "late" */ - SSL_CTX_flush_sessions(ctx, now + TIMEOUT + 11); + SSL_CTX_flush_sessions_ex(ctx, now + TIMEOUT + 11); if (!TEST_ptr_null(early->prev) || !TEST_ptr_null(middle->prev) || !TEST_ptr_null(late->prev)) @@ -8987,7 +9526,7 @@ static int test_session_timeout(int test) goto end; /* This should remove all of them */ - SSL_CTX_flush_sessions(ctx, 0); + SSL_CTX_flush_sessions_ex(ctx, 0); if (!TEST_ptr_null(early->prev) || !TEST_ptr_null(middle->prev) || !TEST_ptr_null(late->prev)) @@ -8998,9 +9537,9 @@ static int test_session_timeout(int test) /* make sure |now| is NOT equal to the current time */ now -= 10; - if (!TEST_int_ne(SSL_SESSION_set_time(early, now), 0) + if (!TEST_time_t_ne(SSL_SESSION_set_time_ex(early, now), 0) || !TEST_int_eq(SSL_CTX_add_session(ctx, early), 1) - || !TEST_long_ne(SSL_SESSION_get_time(early), now)) + || !TEST_time_t_ne(SSL_SESSION_get_time_ex(early), now)) goto end; testresult = 1; @@ -9067,7 +9606,7 @@ static int test_session_cache_overflow(int idx) * Cause this session to have a longer timeout than the next session to * be added. */ - if (!TEST_true(SSL_SESSION_set_timeout(sess, LONG_MAX / 2))) { + if (!TEST_true(SSL_SESSION_set_timeout(sess, LONG_MAX))) { sess = NULL; goto end; } @@ -9286,6 +9825,105 @@ static int test_servername(int tst) return testresult; } +static int test_unknown_sigalgs_groups(void) +{ + int ret = 0; + SSL_CTX *ctx = NULL; + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx, + "RSA+SHA256:?nonexistent:?RSA+SHA512"), + 0)) + goto end; + if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2) + || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) + || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx, + "RSA+SHA256:?nonexistent:?RSA+SHA512"), + 0)) + goto end; + if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2) + || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) + || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) + goto end; + + if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, + "nonexistent"), + 0)) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, + "?nonexistent1:?nonexistent2:?nonexistent3"), + 0)) + goto end; + +#ifndef OPENSSL_NO_EC + if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, + "P-256:nonexistent"), + 0)) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, + "P-384:?nonexistent:?P-521"), + 0)) + goto end; + if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2) + || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1) + || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1)) + goto end; +#endif + + ret = 1; + end: + SSL_CTX_free(ctx); + return ret; +} + +#if (!defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)) || !defined(OPENSSL_NO_ML_KEM) +static int test_configuration_of_groups(void) +{ + int ret = 0; + SSL_CTX *ctx = NULL; + size_t groups_len; + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + groups_len = ctx->ext.supportedgroups_len; + + if (!TEST_size_t_gt(groups_len, 0) + || !TEST_int_gt(SSL_CTX_set1_groups_list(ctx, "DEFAULT"), 0) + || !TEST_size_t_eq(ctx->ext.supportedgroups_len, groups_len)) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, "DEFAULT:-?P-256"), 0) +# if !defined(OPENSSL_NO_EC) + || !TEST_size_t_eq(ctx->ext.supportedgroups_len, groups_len - 1) +# else + || !TEST_size_t_eq(ctx->ext.supportedgroups_len, groups_len) +# endif + ) + goto end; + +# if !defined(OPENSSL_NO_EC) + if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, "?P-256:?P-521:-?P-256"), 0) + || !TEST_size_t_eq(ctx->ext.supportedgroups_len, 1) + || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp521r1) + ) + goto end; +# endif + + ret = 1; + +end: + SSL_CTX_free(ctx); + return ret; +} +#endif + #if !defined(OPENSSL_NO_EC) \ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) /* @@ -9306,7 +9944,8 @@ static int test_sigalgs_available(int idx) OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); OSSL_LIB_CTX *clientctx = libctx, *serverctx = libctx; OSSL_PROVIDER *filterprov = NULL; - int sig, hash; + int sig, hash, numshared, numshared_expected, hash_expected, sig_expected; + const char *sigalg_name, *signame_expected; if (!TEST_ptr(tmpctx)) goto end; @@ -9333,8 +9972,13 @@ static int test_sigalgs_available(int idx) } else { if (!TEST_true(filter_provider_set_filter(OSSL_OP_SIGNATURE, "ECDSA")) +# ifdef OPENSSL_NO_ECX + || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT, "EC")) +# else || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT, - "EC:X25519:X448"))) + "EC:X25519:X448")) +# endif + ) goto end; } @@ -9349,7 +9993,15 @@ static int test_sigalgs_available(int idx) if (!TEST_ptr(cctx) || !TEST_ptr(sctx)) goto end; + /* Avoid MLKEM groups that depend on possibly filtered-out digests */ + if (!TEST_true(SSL_CTX_set1_groups_list(cctx, + "?X25519:?secp256r1:?ffdhe2048:?ffdhe3072")) + || !TEST_true(SSL_CTX_set1_groups_list(sctx, + "?X25519:?secp256r1:?ffdhe2048:?ffdhe3072"))) + goto end; + if (idx != 5) { + /* RSA first server key */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, @@ -9357,6 +10009,7 @@ static int test_sigalgs_available(int idx) &sctx, &cctx, cert, privkey))) goto end; } else { + /* ECDSA P-256 first server key */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), TLS1_VERSION, @@ -9391,6 +10044,7 @@ static int test_sigalgs_available(int idx) goto end; } + /* ECDSA P-256 second server key, unless already first */ if (idx != 5 && (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2, SSL_FILETYPE_PEM), 1) @@ -9408,16 +10062,32 @@ static int test_sigalgs_available(int idx) goto end; /* For tests 0 and 3 we expect 2 shared sigalgs, otherwise exactly 1 */ - if (!TEST_int_eq(SSL_get_shared_sigalgs(serverssl, 0, &sig, &hash, NULL, - NULL, NULL), - (idx == 0 || idx == 3) ? 2 : 1)) - goto end; - - if (!TEST_int_eq(hash, idx == 0 ? NID_sha384 : NID_sha256)) - goto end; - - if (!TEST_int_eq(sig, (idx == 4 || idx == 5) ? EVP_PKEY_EC - : NID_rsassaPss)) + numshared = SSL_get_shared_sigalgs(serverssl, 0, &sig, &hash, + NULL, NULL, NULL); + numshared_expected = 1; + hash_expected = NID_sha256; + sig_expected = NID_rsassaPss; + signame_expected = "rsa_pss_rsae_sha256"; + switch (idx) { + case 0: + hash_expected = NID_sha384; + signame_expected = "rsa_pss_rsae_sha384"; + /* FALLTHROUGH */ + case 3: + numshared_expected = 2; + break; + case 4: + case 5: + sig_expected = EVP_PKEY_EC; + signame_expected = "ecdsa_secp256r1_sha256"; + break; + } + if (!TEST_int_eq(numshared, numshared_expected) + || !TEST_int_eq(hash, hash_expected) + || !TEST_int_eq(sig, sig_expected) + || !TEST_true(SSL_get0_peer_signature_name(clientssl, &sigalg_name)) + || !TEST_ptr(sigalg_name) + || !TEST_str_eq(sigalg_name, signame_expected)) goto end; testresult = filter_provider_check_clean_finish(); @@ -9474,6 +10144,10 @@ static int test_pluggable_group(int idx) SSL_group_to_name(serverssl, SSL_get_shared_group(serverssl, 0)))) goto end; + if (!TEST_str_eq(group_name, SSL_get0_group_name(serverssl)) + || !TEST_str_eq(group_name, SSL_get0_group_name(clientssl))) + goto end; + testresult = 1; end: @@ -9486,6 +10160,173 @@ static int test_pluggable_group(int idx) return testresult; } + +/* + * This function triggers encode, decode and sign functions + * of the artificial "xorhmacsig" algorithm implemented in tls-provider + * creating private key and certificate files for use in TLS testing. + */ +static int create_cert_key(int idx, char *certfilename, char *privkeyfilename) +{ + EVP_PKEY_CTX *evpctx = EVP_PKEY_CTX_new_from_name(libctx, + (idx == 0) ? "xorhmacsig" : "xorhmacsha2sig", NULL); + EVP_PKEY *pkey = NULL; + X509 *x509 = X509_new(); + X509_NAME *name = NULL; + BIO *keybio = NULL, *certbio = NULL; + int ret = 1; + + if (!TEST_ptr(evpctx) + || !TEST_int_gt(EVP_PKEY_keygen_init(evpctx), 0) + || !TEST_true(EVP_PKEY_generate(evpctx, &pkey)) + || !TEST_ptr(pkey) + || !TEST_ptr(x509) + || !TEST_true(ASN1_INTEGER_set(X509_get_serialNumber(x509), 1)) + || !TEST_true(X509_gmtime_adj(X509_getm_notBefore(x509), 0)) + || !TEST_true(X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L)) + || !TEST_true(X509_set_pubkey(x509, pkey)) + || !TEST_ptr(name = X509_get_subject_name(x509)) + || !TEST_true(X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, + (unsigned char *)"CH", -1, -1, 0)) + || !TEST_true(X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, + (unsigned char *)"test.org", -1, -1, 0)) + || !TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, + (unsigned char *)"localhost", -1, -1, 0)) + || !TEST_true(X509_set_issuer_name(x509, name)) + || !TEST_true(X509_sign(x509, pkey, EVP_sha1())) + || !TEST_ptr(keybio = BIO_new_file(privkeyfilename, "wb")) + || !TEST_true(PEM_write_bio_PrivateKey(keybio, pkey, NULL, NULL, 0, NULL, NULL)) + || !TEST_ptr(certbio = BIO_new_file(certfilename, "wb")) + || !TEST_true(PEM_write_bio_X509(certbio, x509))) + ret = 0; + + EVP_PKEY_free(pkey); + X509_free(x509); + EVP_PKEY_CTX_free(evpctx); + BIO_free(keybio); + BIO_free(certbio); + return ret; +} + +/* + * Test that signature algorithms loaded via the provider interface can + * correctly establish a TLS (1.3) connection. + * Test 0: Signature algorithm with built-in hashing functionality: "xorhmacsig" + * Test 1: Signature algorithm using external SHA2 hashing: "xorhmacsha2sig" + * Test 2: Signature algorithm with built-in hashing configured via SSL_CONF_cmd + * Test 3: Test 0 using RPK + * Test 4: Test 1 using RPK + * Test 5: Test 2 using RPK + */ +static int test_pluggable_signature(int idx) +{ + static const unsigned char cert_type_rpk[] = { TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 }; + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider"); + OSSL_PROVIDER *defaultprov = OSSL_PROVIDER_load(libctx, "default"); + char *certfilename = "tls-prov-cert.pem"; + char *privkeyfilename = "tls-prov-key.pem"; + const char *sigalg_name = NULL, *expected_sigalg_name; + int sigidx = idx % 3; + int rpkidx = idx / 3; + int do_conf_cmd = 0; + + if (sigidx == 2) { + sigidx = 0; + do_conf_cmd = 1; + } + + /* See create_cert_key() above */ + expected_sigalg_name = (sigidx == 0) ? "xorhmacsig" : "xorhmacsha2sig"; + + /* create key and certificate for the different algorithm types */ + if (!TEST_ptr(tlsprov) + || !TEST_true(create_cert_key(sigidx, certfilename, privkeyfilename))) + goto end; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + TLS1_3_VERSION, + &sctx, &cctx, NULL, NULL))) + goto end; + + if (do_conf_cmd) { + SSL_CONF_CTX *confctx = SSL_CONF_CTX_new(); + + if (!TEST_ptr(confctx)) + goto end; + SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE + | SSL_CONF_FLAG_SERVER + | SSL_CONF_FLAG_CERTIFICATE + | SSL_CONF_FLAG_REQUIRE_PRIVATE + | SSL_CONF_FLAG_SHOW_ERRORS); + SSL_CONF_CTX_set_ssl_ctx(confctx, sctx); + if (!TEST_int_gt(SSL_CONF_cmd(confctx, "Certificate", certfilename), 0) + || !TEST_int_gt(SSL_CONF_cmd(confctx, "PrivateKey", privkeyfilename), 0) + || !TEST_true(SSL_CONF_CTX_finish(confctx))) { + SSL_CONF_CTX_free(confctx); + goto end; + } + SSL_CONF_CTX_free(confctx); + } else { + if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, certfilename, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, + privkeyfilename, + SSL_FILETYPE_PEM), 1)) + goto end; + } + if (!TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* Enable RPK for server cert */ + if (rpkidx) { + if (!TEST_true(SSL_set1_server_cert_type(serverssl, cert_type_rpk, sizeof(cert_type_rpk))) + || !TEST_true(SSL_set1_server_cert_type(clientssl, cert_type_rpk, sizeof(cert_type_rpk)))) + goto end; + } + + /* This is necessary to pass minimal setup w/o other groups configured */ + if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup")) + || !TEST_true(SSL_set1_groups_list(clientssl, "xorgroup"))) + goto end; + + /* + * If this connection gets established, it must have been completed + * via the tls-provider-implemented "hmacsig" algorithm, testing + * both sign and verify functions during handshake. + */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* If using RPK, make sure we got one */ + if (rpkidx && !TEST_long_eq(SSL_get_verify_result(clientssl), X509_V_ERR_RPK_UNTRUSTED)) + goto end; + + if (!TEST_true(SSL_get0_peer_signature_name(clientssl, &sigalg_name)) + || !TEST_str_eq(sigalg_name, expected_sigalg_name) + || !TEST_ptr(sigalg_name)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + OSSL_PROVIDER_unload(tlsprov); + OSSL_PROVIDER_unload(defaultprov); + + return testresult; +} #endif #ifndef OPENSSL_NO_TLS1_2 @@ -9556,6 +10397,94 @@ static int test_ssl_dup(void) return testresult; } +static int secret_cb(SSL *s, void *secretin, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg) +{ + int i; + unsigned char *secret = secretin; + + /* Just use a fixed master secret */ + for (i = 0; i < *secret_len; i++) + secret[i] = 0xff; + + /* We don't set a preferred cipher */ + + return 1; +} + +/* + * Test the session_secret_cb which is designed for use with EAP-FAST + */ +static int test_session_secret_cb(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *secret_sess = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) + goto end; + + /* Create an initial connection and save the session */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* session_secret_cb does not support TLSv1.3 */ + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_ptr(secret_sess = SSL_get1_session(clientssl))) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + + /* Resume the earlier session */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* + * No session ids for EAP-FAST - otherwise the state machine gets very + * confused. + */ + if (!TEST_true(SSL_SESSION_set1_id(secret_sess, NULL, 0))) + goto end; + + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_session_secret_cb(serverssl, secret_cb, + NULL)) + || !TEST_true(SSL_set_session_secret_cb(clientssl, secret_cb, + NULL)) + || !TEST_true(SSL_set_session(clientssl, secret_sess))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(secret_sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + # ifndef OPENSSL_NO_DH static EVP_PKEY *tmp_dh_params = NULL; @@ -9762,7 +10691,8 @@ static int test_set_tmp_dh(int idx) */ static int test_dh_auto(int idx) { - SSL_CTX *cctx = NULL, *sctx = NULL; + SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); + SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; EVP_PKEY *tmpkey = NULL; @@ -9770,14 +10700,21 @@ static int test_dh_auto(int idx) size_t expdhsize = 0; const char *ciphersuite = "DHE-RSA-AES128-SHA"; + if (!TEST_ptr(sctx) || !TEST_ptr(cctx)) + goto end; + switch (idx) { case 0: /* The FIPS provider doesn't support this DH size - so we ignore it */ - if (is_fips) - return 1; + if (is_fips) { + testresult = 1; + goto end; + } thiscert = cert1024; thiskey = privkey1024; expdhsize = 1024; + SSL_CTX_set_security_level(sctx, 1); + SSL_CTX_set_security_level(cctx, 1); break; case 1: /* 2048 bit prime */ @@ -9803,8 +10740,10 @@ static int test_dh_auto(int idx) /* No certificate cases */ case 5: /* The FIPS provider doesn't support this DH size - so we ignore it */ - if (is_fips) - return 1; + if (is_fips) { + testresult = 1; + goto end; + } ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; expdhsize = 1024; break; @@ -9817,8 +10756,8 @@ static int test_dh_auto(int idx) goto end; } - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), + if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, + NULL, 0, 0, &sctx, &cctx, thiscert, thiskey))) @@ -10298,6 +11237,209 @@ end: #endif } +#ifndef OSSL_NO_USABLE_TLS1_3 +/* Test that read_ahead works across a key change */ +static int test_read_ahead_key_change(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char *msg = "Hello World"; + size_t written, readbytes; + char buf[80]; + int i; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_3_VERSION, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_read_ahead(sctx, 1); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* Write some data, send a key update, write more data */ + if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written)) + || !TEST_size_t_eq(written, strlen(msg))) + goto end; + + if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED))) + goto end; + + if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written)) + || !TEST_size_t_eq(written, strlen(msg))) + goto end; + + /* + * Since read_ahead is on the first read below should read the record with + * the first app data, the second record with the key update message, and + * the third record with the app data all in one go. We should be able to + * still process the read_ahead data correctly even though it crosses + * epochs + */ + for (i = 0; i < 2; i++) { + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1, + &readbytes))) + goto end; + + buf[readbytes] = '\0'; + if (!TEST_str_eq(buf, msg)) + goto end; + } + + testresult = 1; + +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +static size_t record_pad_cb(SSL *s, int type, size_t len, void *arg) +{ + int *called = arg; + + switch ((*called)++) { + case 0: + /* Add some padding to first record */ + return 512; + case 1: + /* Maximally pad the second record */ + return SSL3_RT_MAX_PLAIN_LENGTH - len; + case 2: + /* + * Exceeding the maximum padding should be fine. It should just pad to + * the maximum anyway + */ + return SSL3_RT_MAX_PLAIN_LENGTH + 1 - len; + case 3: + /* + * Very large padding should also be ok. Should just pad to the maximum + * allowed + */ + return SIZE_MAX; + default: + return 0; + } +} + +/* + * Test that setting record padding in TLSv1.3 works as expected + * Test 0: Record padding callback on the SSL_CTX + * Test 1: Record padding callback on the SSL + * Test 2: Record block padding on the SSL_CTX + * Test 3: Record block padding on the SSL + * Test 4: Extended record block padding on the SSL_CTX + * Test 5: Extended record block padding on the SSL + */ +static int test_tls13_record_padding(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char *msg = "Hello World"; + size_t written, readbytes; + char buf[80]; + int i; + int called = 0; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_3_VERSION, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (idx == 0) { + SSL_CTX_set_record_padding_callback(cctx, record_pad_cb); + SSL_CTX_set_record_padding_callback_arg(cctx, &called); + if (!TEST_ptr_eq(SSL_CTX_get_record_padding_callback_arg(cctx), &called)) + goto end; + } else if (idx == 2) { + /* Exceeding the max plain length should fail */ + if (!TEST_false(SSL_CTX_set_block_padding(cctx, + SSL3_RT_MAX_PLAIN_LENGTH + 1))) + goto end; + if (!TEST_true(SSL_CTX_set_block_padding(cctx, 512))) + goto end; + } else if (idx == 4) { + /* pad only handshake/alert messages */ + if (!TEST_true(SSL_CTX_set_block_padding_ex(cctx, 0, 512))) + goto end; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (idx == 1) { + SSL_set_record_padding_callback(clientssl, record_pad_cb); + SSL_set_record_padding_callback_arg(clientssl, &called); + if (!TEST_ptr_eq(SSL_get_record_padding_callback_arg(clientssl), &called)) + goto end; + } else if (idx == 3) { + /* Exceeding the max plain length should fail */ + if (!TEST_false(SSL_set_block_padding(clientssl, + SSL3_RT_MAX_PLAIN_LENGTH + 1))) + goto end; + if (!TEST_true(SSL_set_block_padding(clientssl, 512))) + goto end; + } else if (idx == 5) { + /* Exceeding the max plain length should fail */ + if (!TEST_false(SSL_set_block_padding_ex(clientssl, 0, + SSL3_RT_MAX_PLAIN_LENGTH + 1))) + goto end; + /* pad server and client handshake only */ + if (!TEST_true(SSL_set_block_padding_ex(clientssl, 0, 512))) + goto end; + if (!TEST_true(SSL_set_block_padding_ex(serverssl, 0, 512))) + goto end; + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + called = 0; + /* + * Write some data, then check we can read it. Do this four times to check + * we can continue to write and read padded data after the initial record + * padding has been added. We don't actually check that the padding has + * been applied to the record - just that we can continue to communicate + * normally and that the callback has been called (if appropriate). + */ + for (i = 0; i < 4; i++) { + if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written)) + || !TEST_size_t_eq(written, strlen(msg))) + goto end; + + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1, + &readbytes)) + || !TEST_size_t_eq(written, readbytes)) + goto end; + + buf[readbytes] = '\0'; + if (!TEST_str_eq(buf, msg)) + goto end; + } + + if ((idx == 0 || idx == 1) && !TEST_int_eq(called, 4)) + goto end; + + testresult = 1; +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} +#endif /* OSSL_NO_USABLE_TLS1_3 */ + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) /* * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not @@ -10497,6 +11639,225 @@ end: } #endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */ +static int check_version_string(SSL *s, int version) +{ + const char *verstr = NULL; + + switch (version) { + case SSL3_VERSION: + verstr = "SSLv3"; + break; + case TLS1_VERSION: + verstr = "TLSv1"; + break; + case TLS1_1_VERSION: + verstr = "TLSv1.1"; + break; + case TLS1_2_VERSION: + verstr = "TLSv1.2"; + break; + case TLS1_3_VERSION: + verstr = "TLSv1.3"; + break; + case DTLS1_VERSION: + verstr = "DTLSv1"; + break; + case DTLS1_2_VERSION: + verstr = "DTLSv1.2"; + } + + return TEST_str_eq(verstr, SSL_get_version(s)); +} + +/* + * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and + * SSL_is_dtls return the expected results for a (D)TLS connection. Compare with + * test_version() in quicapitest.c which does the same thing for QUIC + * connections. + */ +static int test_version(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0, version; + const SSL_METHOD *servmeth = TLS_server_method(); + const SSL_METHOD *clientmeth = TLS_client_method(); + + switch (idx) { +#if !defined(OPENSSL_NO_SSL3) + case 0: + version = SSL3_VERSION; + break; +#endif +#if !defined(OPENSSL_NO_TLS1) + case 1: + version = TLS1_VERSION; + break; +#endif +#if !defined(OPENSSL_NO_TLS1_2) + case 2: + version = TLS1_2_VERSION; + break; +#endif +#if !defined(OSSL_NO_USABLE_TLS1_3) + case 3: + version = TLS1_3_VERSION; + break; +#endif +#if !defined(OPENSSL_NO_DTLS1) + case 4: + version = DTLS1_VERSION; + break; +#endif +#if !defined(OPENSSL_NO_DTLS1_2) + case 5: + version = DTLS1_2_VERSION; + break; +#endif + /* + * NB we do not support QUIC in this test. That is covered by quicapitest.c + * We also don't support DTLS1_BAD_VER since we have no server support for + * that. + */ + default: + TEST_skip("Unsupported protocol version"); + return 1; + } + + if (is_fips + && (version == SSL3_VERSION + || version == TLS1_VERSION + || version == DTLS1_VERSION)) { + TEST_skip("Protocol version not supported with FIPS"); + return 1; + } + +#if !defined(OPENSSL_NO_DTLS) + if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) { + servmeth = DTLS_server_method(); + clientmeth = DTLS_client_method(); + } +#endif + + if (!TEST_true(create_ssl_ctx_pair(libctx, servmeth, clientmeth, version, + version, &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "DEFAULT:@SECLEVEL=0"))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_int_eq(SSL_version(serverssl), version) + || !TEST_int_eq(SSL_version(clientssl), version) + || !TEST_true(check_version_string(serverssl, version)) + || !TEST_true(check_version_string(clientssl, version))) + goto end; + + if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) { + if (!TEST_true(SSL_is_dtls(serverssl)) + || !TEST_true(SSL_is_dtls(clientssl)) + || !TEST_false(SSL_is_tls(serverssl)) + || !TEST_false(SSL_is_tls(clientssl)) + || !TEST_false(SSL_is_quic(serverssl)) + || !TEST_false(SSL_is_quic(clientssl))) + goto end; + } else { + if (!TEST_true(SSL_is_tls(serverssl)) + || !TEST_true(SSL_is_tls(clientssl)) + || !TEST_false(SSL_is_dtls(serverssl)) + || !TEST_false(SSL_is_dtls(clientssl)) + || !TEST_false(SSL_is_quic(serverssl)) + || !TEST_false(SSL_is_quic(clientssl))) + goto end; + } + + testresult = 1; +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* + * Test that the SSL_rstate_string*() APIs return sane results + */ +static int test_rstate_string(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0, version; + const SSL_METHOD *servmeth = TLS_server_method(); + const SSL_METHOD *clientmeth = TLS_client_method(); + size_t written, readbytes; + unsigned char buf[2]; + unsigned char dummyheader[SSL3_RT_HEADER_LENGTH] = { + SSL3_RT_APPLICATION_DATA, + TLS1_2_VERSION_MAJOR, + 0, /* To be filled in later */ + 0, + 1 + }; + + if (!TEST_true(create_ssl_ctx_pair(libctx, servmeth, clientmeth, 0, + 0, &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (!TEST_str_eq(SSL_rstate_string(serverssl), "RH") + || !TEST_str_eq(SSL_rstate_string_long(serverssl), "read header")) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_str_eq(SSL_rstate_string(serverssl), "RH") + || !TEST_str_eq(SSL_rstate_string_long(serverssl), "read header")) + goto end; + + /* Fill in the correct version for the record header */ + version = SSL_version(serverssl); + if (version == TLS1_3_VERSION) + version = TLS1_2_VERSION; + dummyheader[2] = version & 0xff; + + /* + * Send a dummy header. If we continued to read the body as well this + * would fail with a bad record mac, but we're not going to go that far. + */ + if (!TEST_true(BIO_write_ex(SSL_get_rbio(serverssl), dummyheader, + sizeof(dummyheader), &written)) + || !TEST_size_t_eq(written, SSL3_RT_HEADER_LENGTH)) + goto end; + + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))) + goto end; + + if (!TEST_str_eq(SSL_rstate_string(serverssl), "RB") + || !TEST_str_eq(SSL_rstate_string_long(serverssl), "read body")) + goto end; + + testresult = 1; +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + /* * Force a write retry during handshaking. We test various combinations of * scenarios. We test a large certificate message which will fill the buffering @@ -10542,7 +11903,7 @@ static int test_handshake_retry(int idx) * Add a large amount of data to fill the buffering BIO used by the SSL * object */ - if ((idx & 1) == 1 && !add_large_cert_chain(sctx)) + if ((idx & 1) == 1 && !ssl_ctx_add_large_cert_chain(libctx, sctx, cert)) goto end; /* @@ -10593,6 +11954,102 @@ end: return testresult; } +/* + * Test that receiving retries when writing application data works as expected + */ +static int test_data_retry(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + unsigned char inbuf[1200], outbuf[1200]; + size_t i; + BIO *tmp = NULL; + BIO *bretry = BIO_new(bio_s_maybe_retry()); + size_t written, readbytes, totread = 0; + + if (!TEST_ptr(bretry)) + goto end; + + for (i = 0; i < sizeof(inbuf); i++) + inbuf[i] = (unsigned char)(0xff & i); + memset(outbuf, 0, sizeof(outbuf)); + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), 0, 0, &sctx, &cctx, + cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* Smallest possible max send fragment is 512 */ + if (!TEST_true(SSL_set_max_send_fragment(clientssl, 512))) + goto end; + + tmp = SSL_get_wbio(clientssl); + if (!TEST_ptr(tmp)) + goto end; + if (!TEST_true(BIO_up_ref(tmp))) + goto end; + BIO_push(bretry, tmp); + tmp = NULL; + SSL_set0_wbio(clientssl, bretry); + if (!BIO_up_ref(bretry)) { + bretry = NULL; + goto end; + } + + for (i = 0; i < 3; i++) { + /* We expect this call to make no progress and indicate retry */ + if (!TEST_false(SSL_write_ex(clientssl, inbuf, sizeof(inbuf), &written))) + goto end; + if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_WRITE)) + goto end; + + /* Allow one write to progress, but the next one to signal retry */ + if (!TEST_true(BIO_ctrl(bretry, MAYBE_RETRY_CTRL_SET_RETRY_AFTER_CNT, 1, + NULL))) + goto end; + + if (i == 2) + break; + + /* + * This call will hopefully make progress but will still indicate retry + * because there is more data than will fit into a single record. + */ + if (!TEST_false(SSL_write_ex(clientssl, inbuf, sizeof(inbuf), &written))) + goto end; + if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_WRITE)) + goto end; + } + + /* The final call should write the last chunk of data and succeed */ + if (!TEST_true(SSL_write_ex(clientssl, inbuf, sizeof(inbuf), &written))) + goto end; + /* Read all the data available */ + while (SSL_read_ex(serverssl, outbuf + totread, sizeof(outbuf) - totread, + &readbytes)) + totread += readbytes; + if (!TEST_mem_eq(inbuf, sizeof(inbuf), outbuf, totread)) + goto end; + + testresult = 1; +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + BIO_free_all(bretry); + BIO_free(tmp); + return testresult; +} + struct resume_servername_cb_data { int i; SSL_CTX *cctx; @@ -10642,7 +12099,6 @@ static int resume_servername_cb(SSL *s, int *ad, void *arg) cbdata->recurse = 0; return ret; } - /* * Test multiple resumptions and cache size handling * Test 0: TLSv1.3 (max_early_data set) @@ -11127,6 +12583,467 @@ static int test_alpn(int idx) return testresult; } +#if !defined(OSSL_NO_USABLE_TLS1_3) +struct quic_tls_test_data { + struct quic_tls_test_data *peer; + uint32_t renc_level; + uint32_t wenc_level; + unsigned char rcd_data[4][2048]; + size_t rcd_data_len[4]; + unsigned char rsecret[3][48]; + size_t rsecret_len[3]; + unsigned char wsecret[3][48]; + size_t wsecret_len[3]; + unsigned char params[3]; + size_t params_len; + int alert; + int err; + int forcefail; +}; + +static int clientquicdata = 0xff, serverquicdata = 0xfe; + +static int check_app_data(SSL *s) +{ + int *data, *comparedata; + + /* Check app data works */ + data = (int *)SSL_get_app_data(s); + comparedata = SSL_is_server(s) ? &serverquicdata : &clientquicdata; + + if (!TEST_true(comparedata == data)) + return 0; + + return 1; +} + +static int crypto_send_cb(SSL *s, const unsigned char *buf, size_t buf_len, + size_t *consumed, void *arg) +{ + struct quic_tls_test_data *data = (struct quic_tls_test_data *)arg; + struct quic_tls_test_data *peer = data->peer; + size_t max_len = sizeof(peer->rcd_data[data->wenc_level]) + - peer->rcd_data_len[data->wenc_level]; + + if (!check_app_data(s)) { + data->err = 1; + return 0; + } + + if (buf_len > max_len) + buf_len = max_len; + + if (buf_len == 0) { + *consumed = 0; + return 1; + } + + memcpy(peer->rcd_data[data->wenc_level] + + peer->rcd_data_len[data->wenc_level], buf, buf_len); + peer->rcd_data_len[data->wenc_level] += buf_len; + + *consumed = buf_len; + return 1; +} +static int crypto_recv_rcd_cb(SSL *s, const unsigned char **buf, + size_t *bytes_read, void *arg) +{ + struct quic_tls_test_data *data = (struct quic_tls_test_data *)arg; + + if (!check_app_data(s)) { + data->err = 1; + return 0; + } + + *bytes_read = data->rcd_data_len[data->renc_level]; + *buf = data->rcd_data[data->renc_level]; + return 1; +} + +static int crypto_release_rcd_cb(SSL *s, size_t bytes_read, void *arg) +{ + struct quic_tls_test_data *data = (struct quic_tls_test_data *)arg; + + if (!check_app_data(s)) { + data->err = 1; + return 0; + } + + /* See if we need to force a failure in this callback */ + if (data->forcefail) { + data->forcefail = 0; + data->err = 1; + return 0; + } + + if (!TEST_size_t_eq(bytes_read, data->rcd_data_len[data->renc_level]) + || !TEST_size_t_gt(bytes_read, 0)) { + data->err = 1; + return 0; + } + data->rcd_data_len[data->renc_level] = 0; + + return 1; +} + +static int yield_secret_cb(SSL *s, uint32_t prot_level, int direction, + const unsigned char *secret, size_t secret_len, + void *arg) +{ + struct quic_tls_test_data *data = (struct quic_tls_test_data *)arg; + + if (!check_app_data(s)) + goto err; + + if (prot_level < OSSL_RECORD_PROTECTION_LEVEL_EARLY + || prot_level > OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + goto err; + + switch (direction) { + case 0: /* read */ + if (!TEST_size_t_le(secret_len, sizeof(data->rsecret))) + goto err; + data->renc_level = prot_level; + memcpy(data->rsecret[prot_level - 1], secret, secret_len); + data->rsecret_len[prot_level - 1] = secret_len; + break; + + case 1: /* write */ + if (!TEST_size_t_le(secret_len, sizeof(data->wsecret))) + goto err; + data->wenc_level = prot_level; + memcpy(data->wsecret[prot_level - 1], secret, secret_len); + data->wsecret_len[prot_level - 1] = secret_len; + break; + + default: + goto err; + } + + return 1; + err: + data->err = 1; + return 0; +} + +static int got_transport_params_cb(SSL *s, const unsigned char *params, + size_t params_len, + void *arg) +{ + struct quic_tls_test_data *data = (struct quic_tls_test_data *)arg; + + if (!check_app_data(s)) { + data->err = 1; + return 0; + } + + if (!TEST_size_t_le(params_len, sizeof(data->params))) { + data->err = 1; + return 0; + } + + memcpy(data->params, params, params_len); + data->params_len = params_len; + + return 1; +} + +static int alert_cb(SSL *s, unsigned char alert_code, void *arg) +{ + struct quic_tls_test_data *data = (struct quic_tls_test_data *)arg; + + if (!check_app_data(s)) { + data->err = 1; + return 0; + } + + data->alert = 1; + return 1; +} + +/* + * Test the QUIC TLS API + * Test 0: Normal run + * Test 1: Force a failure + * Test 3: Use a CCM based ciphersuite + */ +static int test_quic_tls(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + const OSSL_DISPATCH qtdis[] = { + {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND, (void (*)(void))crypto_send_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD, + (void (*)(void))crypto_recv_rcd_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD, + (void (*)(void))crypto_release_rcd_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET, + (void (*)(void))yield_secret_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS, + (void (*)(void))got_transport_params_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_ALERT, (void (*)(void))alert_cb}, + {0, NULL} + }; + struct quic_tls_test_data sdata, cdata; + const unsigned char cparams[] = { + 0xff, 0x01, 0x00 + }; + const unsigned char sparams[] = { + 0xfe, 0x01, 0x00 + }; + int i; + + memset(&sdata, 0, sizeof(sdata)); + memset(&cdata, 0, sizeof(cdata)); + sdata.peer = &cdata; + cdata.peer = &sdata; + if (idx == 1) + sdata.forcefail = 1; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_3_VERSION, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + /* Reset the BIOs we set in create_ssl_objects. We should not need them */ + SSL_set_bio(serverssl, NULL, NULL); + SSL_set_bio(clientssl, NULL, NULL); + + if (idx == 2) { + if (!TEST_true(SSL_set_ciphersuites(serverssl, "TLS_AES_128_CCM_SHA256")) + || !TEST_true(SSL_set_ciphersuites(clientssl, "TLS_AES_128_CCM_SHA256"))) + goto end; + } + + if (!TEST_true(SSL_set_app_data(clientssl, &clientquicdata)) + || !TEST_true(SSL_set_app_data(serverssl, &serverquicdata))) + goto end; + + if (!TEST_true(SSL_set_quic_tls_cbs(clientssl, qtdis, &cdata)) + || !TEST_true(SSL_set_quic_tls_cbs(serverssl, qtdis, &sdata)) + || !TEST_true(SSL_set_quic_tls_transport_params(clientssl, cparams, + sizeof(cparams))) + || !TEST_true(SSL_set_quic_tls_transport_params(serverssl, sparams, + sizeof(sparams)))) + goto end; + + if (idx != 1) { + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + } else { + /* We expect this connection to fail */ + if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + testresult = 1; + sdata.err = 0; + goto end; + } + + /* Check no problems during the handshake */ + if (!TEST_false(sdata.alert) + || !TEST_false(cdata.alert) + || !TEST_false(sdata.err) + || !TEST_false(cdata.err)) + goto end; + + /* Check the secrets all match */ + for (i = OSSL_RECORD_PROTECTION_LEVEL_EARLY - 1; + i < OSSL_RECORD_PROTECTION_LEVEL_APPLICATION; + i++) { + if (!TEST_mem_eq(sdata.wsecret[i], sdata.wsecret_len[i], + cdata.rsecret[i], cdata.rsecret_len[i])) + goto end; + } + + /* Check the transport params */ + if (!TEST_mem_eq(sdata.params, sdata.params_len, cparams, sizeof(cparams)) + || !TEST_mem_eq(cdata.params, cdata.params_len, sparams, + sizeof(sparams))) + goto end; + + /* Check the encryption levels are what we expect them to be */ + if (!TEST_true(sdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(cdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + /* Check that we didn't suddenly hit an unexpected failure during cleanup */ + if (!TEST_false(sdata.err) || !TEST_false(cdata.err)) + testresult = 0; + + return testresult; +} + +static void assert_no_end_of_early_data(int write_p, int version, int content_type, + const void *buf, size_t msglen, SSL *ssl, void *arg) +{ + const unsigned char *msg = buf; + + if (content_type == SSL3_RT_HANDSHAKE && msg[0] == SSL3_MT_END_OF_EARLY_DATA) + end_of_early_data = 1; +} + +static int test_quic_tls_early_data(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + const OSSL_DISPATCH qtdis[] = { + {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND, (void (*)(void))crypto_send_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD, + (void (*)(void))crypto_recv_rcd_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD, + (void (*)(void))crypto_release_rcd_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET, + (void (*)(void))yield_secret_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS, + (void (*)(void))got_transport_params_cb}, + {OSSL_FUNC_SSL_QUIC_TLS_ALERT, (void (*)(void))alert_cb}, + {0, NULL} + }; + struct quic_tls_test_data sdata, cdata; + const unsigned char cparams[] = { + 0xff, 0x01, 0x00 + }; + const unsigned char sparams[] = { + 0xfe, 0x01, 0x00 + }; + int i; + + memset(&sdata, 0, sizeof(sdata)); + memset(&cdata, 0, sizeof(cdata)); + sdata.peer = &cdata; + cdata.peer = &sdata; + end_of_early_data = 0; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_3_VERSION, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_max_early_data(sctx, 0xffffffff); + SSL_CTX_set_max_early_data(cctx, 0xffffffff); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + sess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) + goto end; + + /* Reset the BIOs we set in create_ssl_objects. We should not need them */ + SSL_set_bio(serverssl, NULL, NULL); + SSL_set_bio(clientssl, NULL, NULL); + + if (!TEST_true(SSL_set_app_data(clientssl, &clientquicdata)) + || !TEST_true(SSL_set_app_data(serverssl, &serverquicdata))) + goto end; + + if (!TEST_true(SSL_set_quic_tls_cbs(clientssl, qtdis, &cdata)) + || !TEST_true(SSL_set_quic_tls_cbs(serverssl, qtdis, &sdata)) + || !TEST_true(SSL_set_quic_tls_transport_params(clientssl, cparams, + sizeof(cparams))) + || !TEST_true(SSL_set_quic_tls_transport_params(serverssl, sparams, + sizeof(sparams)))) + goto end; + + SSL_set_quic_tls_early_data_enabled(serverssl, 1); + SSL_set_quic_tls_early_data_enabled(clientssl, 1); + + SSL_set_msg_callback(serverssl, assert_no_end_of_early_data); + SSL_set_msg_callback(clientssl, assert_no_end_of_early_data); + + if (!TEST_int_eq(SSL_connect(clientssl), -1) + || !TEST_int_eq(SSL_accept(serverssl), -1) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED) + || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ) + || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_WANT_READ)) + goto end; + + /* Check the encryption levels are what we expect them to be */ + if (!TEST_true(sdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE) + || !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(cdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_NONE) + || !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_EARLY)) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* Check no problems during the handshake */ + if (!TEST_false(sdata.alert) + || !TEST_false(cdata.alert) + || !TEST_false(sdata.err) + || !TEST_false(cdata.err)) + goto end; + + /* Check the secrets all match */ + for (i = OSSL_RECORD_PROTECTION_LEVEL_EARLY - 1; + i < OSSL_RECORD_PROTECTION_LEVEL_APPLICATION; + i++) { + if (!TEST_mem_eq(sdata.wsecret[i], sdata.wsecret_len[i], + cdata.rsecret[i], cdata.rsecret_len[i])) + goto end; + } + + /* Check the transport params */ + if (!TEST_mem_eq(sdata.params, sdata.params_len, cparams, sizeof(cparams)) + || !TEST_mem_eq(cdata.params, cdata.params_len, sparams, + sizeof(sparams))) + goto end; + + /* Check the encryption levels are what we expect them to be */ + if (!TEST_true(sdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(sdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(cdata.renc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) + || !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)) + goto end; + + /* Check there is no EndOfEearlyData in handshake */ + if (!TEST_int_eq(end_of_early_data, 0)) + goto end; + + testresult = 1; + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif /* !defined(OSSL_NO_USABLE_TLS1_3) */ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") int setup_tests(void) @@ -11173,9 +13090,24 @@ int setup_tests(void) && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) return 0; - if (strcmp(modulename, "fips") == 0) + if (strcmp(modulename, "fips") == 0) { + OSSL_PROVIDER *prov = NULL; + OSSL_PARAM params[2]; + is_fips = 1; + prov = OSSL_PROVIDER_load(libctx, "fips"); + if (prov != NULL) { + /* Query the fips provider to check if the check ems option is enabled */ + params[0] = + OSSL_PARAM_construct_int(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, + &fips_ems_check); + params[1] = OSSL_PARAM_construct_end(); + OSSL_PROVIDER_get_params(prov, params); + OSSL_PROVIDER_unload(prov); + } + } + /* * We add, but don't load the test "tls-provider". We'll load it when we * need it. @@ -11249,10 +13181,16 @@ int setup_tests(void) if (privkey8192 == NULL) goto err; + if (fips_ems_check) { +#ifndef OPENSSL_NO_TLS1_2 + ADD_TEST(test_no_ems); +#endif + return 1; + } #if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) # if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_ktls, NUM_KTLS_TEST_CIPHERS * 4); - ADD_ALL_TESTS(test_ktls_sendfile, NUM_KTLS_TEST_CIPHERS); + ADD_ALL_TESTS(test_ktls_sendfile, NUM_KTLS_TEST_CIPHERS * 2); # endif #endif ADD_TEST(test_large_message_tls); @@ -11308,7 +13246,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_skip_abort, OSSL_NELEM(ciphersuites) * 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); - ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); + ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 7); ADD_ALL_TESTS(test_early_data_not_expected, 3); # ifndef OPENSSL_NO_TLS1_2 ADD_ALL_TESTS(test_early_data_tls1_2, 3); @@ -11323,9 +13261,12 @@ int setup_tests(void) # else ADD_ALL_TESTS(test_tls13_psk, 4); # endif /* OPENSSL_NO_PSK */ +#ifndef OSSL_NO_USABLE_TLS1_3 + ADD_ALL_TESTS(test_tls13_no_dhe_kex, 8); +#endif /* OSSL_NO_USABLE_TLS1_3 */ # ifndef OPENSSL_NO_TLS1_2 /* Test with both TLSv1.3 and 1.2 versions */ - ADD_ALL_TESTS(test_key_exchange, 14); + ADD_ALL_TESTS(test_key_exchange, 21); # if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) ADD_ALL_TESTS(test_negotiated_group, 4 * (OSSL_NELEM(ecdhe_kexch_groups) @@ -11333,7 +13274,7 @@ int setup_tests(void) # endif # else /* Test with only TLSv1.3 versions */ - ADD_ALL_TESTS(test_key_exchange, 12); + ADD_ALL_TESTS(test_key_exchange, 18); # endif ADD_ALL_TESTS(test_custom_exts, 6); ADD_TEST(test_stateless); @@ -11350,16 +13291,22 @@ int setup_tests(void) ADD_ALL_TESTS(test_key_update_local_in_write, 2); ADD_ALL_TESTS(test_key_update_local_in_read, 2); #endif - ADD_ALL_TESTS(test_ssl_clear, 2); + ADD_ALL_TESTS(test_ssl_clear, 8); ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); #if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) ADD_ALL_TESTS(test_srp, 6); #endif +#if !defined(OPENSSL_NO_COMP_ALG) + /* Add compression case */ + ADD_ALL_TESTS(test_info_callback, 8); +#else ADD_ALL_TESTS(test_info_callback, 6); +#endif ADD_ALL_TESTS(test_ssl_pending, 2); ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 20); ADD_ALL_TESTS(test_shutdown, 7); + ADD_TEST(test_async_shutdown); ADD_ALL_TESTS(test_incorrect_shutdown, 2); ADD_ALL_TESTS(test_cert_cb, 6); ADD_ALL_TESTS(test_client_cert_cb, 2); @@ -11368,15 +13315,21 @@ int setup_tests(void) ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data)); #endif ADD_ALL_TESTS(test_servername, 10); + ADD_TEST(test_unknown_sigalgs_groups); +#if (!defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)) || !defined(OPENSSL_NO_ML_KEM) + ADD_TEST(test_configuration_of_groups); +#endif #if !defined(OPENSSL_NO_EC) \ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) ADD_ALL_TESTS(test_sigalgs_available, 6); #endif #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_pluggable_group, 2); + ADD_ALL_TESTS(test_pluggable_signature, 6); #endif #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_ssl_dup); + ADD_TEST(test_session_secret_cb); # ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_set_tmp_dh, 11); ADD_ALL_TESTS(test_dh_auto, 7); @@ -11395,19 +13348,30 @@ int setup_tests(void) ADD_ALL_TESTS(test_session_cache_overflow, 4); #endif ADD_TEST(test_load_dhfile); +#ifndef OSSL_NO_USABLE_TLS1_3 + ADD_TEST(test_read_ahead_key_change); + ADD_ALL_TESTS(test_tls13_record_padding, 6); +#endif #if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_serverinfo_custom, 4); #endif #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) ADD_ALL_TESTS(test_pipelining, 7); #endif + ADD_ALL_TESTS(test_version, 6); + ADD_TEST(test_rstate_string); ADD_ALL_TESTS(test_handshake_retry, 16); + ADD_TEST(test_data_retry); ADD_ALL_TESTS(test_multi_resume, 5); ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) ADD_ALL_TESTS(test_npn, 5); #endif ADD_ALL_TESTS(test_alpn, 4); +#if !defined(OSSL_NO_USABLE_TLS1_3) + ADD_ALL_TESTS(test_quic_tls, 3); + ADD_TEST(test_quic_tls_early_data); +#endif return 1; err: @@ -11437,6 +13401,7 @@ void cleanup_tests(void) OPENSSL_free(privkey8192); bio_s_mempacket_test_free(); bio_s_always_retry_free(); + bio_s_maybe_retry_free(); OSSL_PROVIDER_unload(defctxnull); OSSL_LIB_CTX_free(libctx); } diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index f313151f686f..1ec179b59c51 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +22,18 @@ #include <openssl/err.h> #include <openssl/engine.h> +#ifndef OPENSSL_NO_QUIC +/* This test does not link libssl so avoid pulling in QUIC unwrappers. */ +# define OPENSSL_NO_QUIC +#endif + +/* We include internal headers so we can check if the buffers are allocated */ +#include "../ssl/ssl_local.h" +#include "../ssl/record/record_local.h" +#include "internal/recordmethod.h" +#include "../ssl/record/methods/recmethod_local.h" +#include "internal/ssl_unwrap.h" + #include "internal/packet.h" #include "helpers/ssltestlib.h" @@ -37,6 +49,17 @@ static SSL_CTX *clientctx = NULL; #define MAX_ATTEMPTS 100 +static int checkbuffers(SSL *s, int isalloced) +{ + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + OSSL_RECORD_LAYER *rrl = sc->rlayer.rrl; + OSSL_RECORD_LAYER *wrl = sc->rlayer.wrl; + + if (isalloced) + return rrl->rbuf.buf != NULL && wrl->wbuf[0].buf != NULL; + + return rrl->rbuf.buf == NULL && wrl->wbuf[0].buf == NULL; +} /* * There are 9 passes in the tests @@ -87,14 +110,18 @@ static int test_func(int test) for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2; i++) { /* test == 0 mean to free/allocate = control */ - if (test >= 1 && !TEST_true(SSL_free_buffers(clientssl))) + if (test >= 1 && (!TEST_true(SSL_free_buffers(clientssl)) + || !TEST_true(checkbuffers(clientssl, 0)))) goto end; - if (test >= 2 && !TEST_true(SSL_alloc_buffers(clientssl))) + if (test >= 2 && (!TEST_true(SSL_alloc_buffers(clientssl)) + || !TEST_true(checkbuffers(clientssl, 1)))) goto end; /* allocate a second time */ - if (test >= 3 && !TEST_true(SSL_alloc_buffers(clientssl))) + if (test >= 3 && (!TEST_true(SSL_alloc_buffers(clientssl)) + || !TEST_true(checkbuffers(clientssl, 1)))) goto end; - if (test >= 4 && !TEST_true(SSL_free_buffers(clientssl))) + if (test >= 4 && (!TEST_true(SSL_free_buffers(clientssl)) + || !TEST_true(checkbuffers(clientssl, 0)))) goto end; ret = SSL_write(clientssl, testdata + len, @@ -119,16 +146,19 @@ static int test_func(int test) * bytes from the record header/padding etc. */ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && - i < MAX_ATTEMPTS; i++) - { - if (test >= 5 && !TEST_true(SSL_free_buffers(serverssl))) + i < MAX_ATTEMPTS; i++) { + if (test >= 5 && (!TEST_true(SSL_free_buffers(serverssl)) + || !TEST_true(checkbuffers(serverssl, 0)))) goto end; /* free a second time */ - if (test >= 6 && !TEST_true(SSL_free_buffers(serverssl))) + if (test >= 6 && (!TEST_true(SSL_free_buffers(serverssl)) + || !TEST_true(checkbuffers(serverssl, 0)))) goto end; - if (test >= 7 && !TEST_true(SSL_alloc_buffers(serverssl))) + if (test >= 7 && (!TEST_true(SSL_alloc_buffers(serverssl)) + || !TEST_true(checkbuffers(serverssl, 1)))) goto end; - if (test >= 8 && !TEST_true(SSL_free_buffers(serverssl))) + if (test >= 8 && (!TEST_true(SSL_free_buffers(serverssl)) + || !TEST_true(checkbuffers(serverssl, 0)))) goto end; ret = SSL_read(serverssl, buf + len, sizeof(buf) - len); diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index deb2a2c31c4f..50c3bf7eebae 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -110,7 +110,7 @@ static const BIO_METHOD *bio_f_tls_corrupt_filter(void) if (method_tls_corrupt == NULL) { method_tls_corrupt = BIO_meth_new(BIO_TYPE_CUSTOM_FILTER, "TLS corrupt filter"); - if ( method_tls_corrupt == NULL + if (method_tls_corrupt == NULL || !BIO_meth_set_write(method_tls_corrupt, tls_corrupt_write) || !BIO_meth_set_read(method_tls_corrupt, tls_corrupt_read) || !BIO_meth_set_puts(method_tls_corrupt, tls_corrupt_puts) diff --git a/test/stack_test.c b/test/stack_test.c index 3d60ef654e19..d44e6fc93a30 100644 --- a/test/stack_test.c +++ b/test/stack_test.c @@ -150,7 +150,7 @@ static int test_int_stack(int reserve) goto end; } for (i = 0; i < n_exfinds; i++) - if (!TEST_int_eq(sk_sint_find_ex(s, &exfinds[i].value), exfinds[i].ex)){ + if (!TEST_int_eq(sk_sint_find_ex(s, &exfinds[i].value), exfinds[i].ex)) { TEST_info("int sorted find_ex absent %d", i); goto end; } diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf deleted file mode 100644 index 1c8915074a78..000000000000 --- a/test/sysdefault.cnf +++ /dev/null @@ -1,23 +0,0 @@ -# Configuration file to test system default SSL configuration - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -openssl_conf = default_conf - -[ default_conf ] - -ssl_conf = ssl_sect -oid_section = oid_sect - -[oid_sect] -new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1 - -[ssl_sect] - -system_default = ssl_default_sect - -[ssl_default_sect] -SignatureAlgorithms = RSA+SHA256:nonex -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 diff --git a/test/sysdefaulttest.c b/test/sysdefaulttest.c index 350867cdcd5a..cc756fd13947 100644 --- a/test/sysdefaulttest.c +++ b/test/sysdefaulttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,16 +16,30 @@ #include <openssl/tls1.h> #include "testutil.h" -static SSL_CTX *ctx; +static int expect_failure = 0; static int test_func(void) { - if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION) - && !TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION)) { - TEST_info("min/max version setting incorrect"); - return 0; + int ret = 0; + SSL_CTX *ctx; + + ctx = SSL_CTX_new(TLS_method()); + if (expect_failure) { + if (!TEST_ptr_null(ctx)) + goto err; + } else { + if (!TEST_ptr(ctx)) + return 0; + if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION) + && !TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION)) { + TEST_info("min/max version setting incorrect"); + goto err; + } } - return 1; + ret = 1; + err: + SSL_CTX_free(ctx); + return ret; } int global_init(void) @@ -36,15 +50,39 @@ int global_init(void) return 1; } -int setup_tests(void) +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_FAIL, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) { - if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))) - return 0; - ADD_TEST(test_func); - return 1; + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "f", OPT_FAIL, '-', "A failure is expected" }, + { NULL } + }; + return test_options; } -void cleanup_tests(void) +int setup_tests(void) { - SSL_CTX_free(ctx); + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_FAIL: + expect_failure = 1; + break; + case OPT_TEST_CASES: + break; + default: + return 0; + } + } + + ADD_TEST(test_func); + return 1; } diff --git a/test/test.cnf b/test/test.cnf index 8f68982a9fa1..3d1a823a7a4f 100644 --- a/test/test.cnf +++ b/test/test.cnf @@ -50,7 +50,6 @@ emailAddress = optional #################################################################### [ req ] distinguished_name = req_distinguished_name -encrypt_rsa_key = no # Make altreq be identical to req [ altreq ] @@ -78,3 +77,6 @@ C = UK O = My Organization OU = My Unit CN = My Name + +[ reqexts ] +keyUsage = critical,digitalSignature,keyEncipherment diff --git a/test/test_test.c b/test/test_test.c index 868d9bcb9ce3..b31f5eb432e6 100644 --- a/test/test_test.c +++ b/test/test_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/testutil.h b/test/testutil.h index 443d01d7fb2a..f02dcdfba6f9 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ # define OSSL_TESTUTIL_H # include <stdarg.h> +# include "internal/common.h" /* for HAS_PREFIX */ # include <openssl/provider.h> # include <openssl/err.h> @@ -319,6 +320,8 @@ DECLARE_COMPARISONS(char, char) DECLARE_COMPARISONS(unsigned char, uchar) DECLARE_COMPARISONS(long, long) DECLARE_COMPARISONS(unsigned long, ulong) +DECLARE_COMPARISONS(int64_t, int64_t) +DECLARE_COMPARISONS(uint64_t, uint64_t) DECLARE_COMPARISONS(double, double) DECLARE_COMPARISONS(time_t, time_t) @@ -468,6 +471,20 @@ void test_perror(const char *s); # define TEST_ulong_gt(a, b) test_ulong_gt(__FILE__, __LINE__, #a, #b, a, b) # define TEST_ulong_ge(a, b) test_ulong_ge(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int64_t_eq(a, b) test_int64_t_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int64_t_ne(a, b) test_int64_t_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int64_t_lt(a, b) test_int64_t_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int64_t_le(a, b) test_int64_t_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int64_t_gt(a, b) test_int64_t_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int64_t_ge(a, b) test_int64_t_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_uint64_t_eq(a, b) test_uint64_t_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint64_t_ne(a, b) test_uint64_t_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint64_t_lt(a, b) test_uint64_t_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint64_t_le(a, b) test_uint64_t_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint64_t_gt(a, b) test_uint64_t_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint64_t_ge(a, b) test_uint64_t_ge(__FILE__, __LINE__, #a, #b, a, b) + # define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b) # define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b) # define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b) @@ -545,6 +562,10 @@ void test_perror(const char *s); extern BIO *bio_out; extern BIO *bio_err; +/* Thread local BIO overrides. */ +int set_override_bio_out(BIO *bio); +int set_override_bio_err(BIO *bio); + /* * Formatted output for strings, memory and bignums. */ @@ -574,7 +595,6 @@ typedef struct stanza_st { int numpairs; PAIR pairs[TESTMAXPAIRS]; BIO *key; /* temp memory BIO for reading in keys */ - char buff[4096]; /* Input buffer for a single key/value */ } STANZA; /* @@ -631,5 +651,5 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx); X509 *load_cert_der(const unsigned char *bytes, int len); STACK_OF(X509) *load_certs_pem(const char *file); X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx); - +time_t test_asn1_string_to_time_t(const char *asn1_string); #endif /* OSSL_TESTUTIL_H */ diff --git a/test/testutil/basic_output.c b/test/testutil/basic_output.c index 92f3de9300cc..110cc252d4e8 100644 --- a/test/testutil/basic_output.c +++ b/test/testutil/basic_output.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,8 +22,118 @@ BIO *bio_err = NULL; static BIO *tap_out = NULL; static BIO *tap_err = NULL; +typedef struct local_test_data_st { + BIO *override_bio_out, *override_bio_err; +} LOCAL_TEST_DATA; + +#if defined(OPENSSL_THREADS) +static CRYPTO_THREAD_LOCAL local_test_data; /* (LOCAL_TEST_DATA *) */ + +static CRYPTO_RWLOCK *io_lock = NULL; +#endif + +#if defined(OPENSSL_THREADS) +static void cleanup_test_data(void *p) +{ + OPENSSL_free(p); +} +#endif + +static int init_local_test_data(void) +{ +#if defined(OPENSSL_THREADS) + if (!CRYPTO_THREAD_init_local(&local_test_data, cleanup_test_data)) + return 0; +#endif + + return 1; +} + +static LOCAL_TEST_DATA *get_local_test_data(void) +{ +#if defined(OPENSSL_THREADS) + LOCAL_TEST_DATA *p; + + p = CRYPTO_THREAD_get_local(&local_test_data); + if (p != NULL) + return p; + + if ((p = OPENSSL_zalloc(sizeof(*p))) == NULL) + return NULL; + + if (!CRYPTO_THREAD_set_local(&local_test_data, p)) { + OPENSSL_free(p); + return NULL; + } + + return p; +#else + return NULL; +#endif +} + +static void cleanup_local_test_data(void) +{ +#if defined(OPENSSL_THREADS) + LOCAL_TEST_DATA *p; + + p = CRYPTO_THREAD_get_local(&local_test_data); + if (p == NULL) + return; + + CRYPTO_THREAD_set_local(&local_test_data, NULL); + OPENSSL_free(p); +#endif +} + +int set_override_bio_out(BIO *bio) +{ + LOCAL_TEST_DATA *data = get_local_test_data(); + + if (data == NULL) + return 0; + + data->override_bio_out = bio; + return 1; +} + +int set_override_bio_err(BIO *bio) +{ + LOCAL_TEST_DATA *data = get_local_test_data(); + + if (data == NULL) + return 0; + + data->override_bio_err = bio; + return 1; +} + +static BIO *get_bio_out(void) +{ + LOCAL_TEST_DATA *data = get_local_test_data(); + + if (data != NULL && data->override_bio_out != NULL) + return data->override_bio_out; + + return bio_out; +} + +static BIO *get_bio_err(void) +{ + LOCAL_TEST_DATA *data = get_local_test_data(); + + if (data != NULL && data->override_bio_err != NULL) + return data->override_bio_err; + + return bio_err; +} + void test_open_streams(void) { + int ok; + + ok = init_local_test_data(); + tap_out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); tap_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); #ifdef __VMS @@ -38,8 +148,16 @@ void test_open_streams(void) BIO_set_prefix(bio_out, "# "); BIO_set_prefix(bio_err, "# "); +#if defined(OPENSSL_THREADS) + io_lock = CRYPTO_THREAD_lock_new(); +#endif + + OPENSSL_assert(ok); OPENSSL_assert(bio_out != NULL); OPENSSL_assert(bio_err != NULL); +#if defined(OPENSSL_THREADS) + OPENSSL_assert(io_lock != NULL); +#endif } void test_adjust_streams_tap_level(int level) @@ -59,44 +177,112 @@ void test_close_streams(void) BIO_free_all(tap_out); BIO_free_all(tap_err); + + cleanup_local_test_data(); + +#if defined(OPENSSL_THREADS) + CRYPTO_THREAD_lock_free(io_lock); +#endif +} + +static ossl_inline void test_io_lock(void) +{ +#if defined(OPENSSL_THREADS) + OPENSSL_assert(CRYPTO_THREAD_write_lock(io_lock) > 0); +#endif +} + +static ossl_inline void test_io_unlock(void) +{ +#if defined(OPENSSL_THREADS) + CRYPTO_THREAD_unlock(io_lock); +#endif } int test_vprintf_stdout(const char *fmt, va_list ap) { - return BIO_vprintf(bio_out, fmt, ap); + int r; + + test_io_lock(); + r = BIO_vprintf(get_bio_out(), fmt, ap); + test_io_unlock(); + + return r; } int test_vprintf_stderr(const char *fmt, va_list ap) { - return BIO_vprintf(bio_err, fmt, ap); + int r; + + test_io_lock(); + r = BIO_vprintf(get_bio_err(), fmt, ap); + test_io_unlock(); + + return r; } int test_flush_stdout(void) { - return BIO_flush(bio_out); + int r; + + test_io_lock(); + r = BIO_flush(get_bio_out()); + test_io_unlock(); + + return r; } int test_flush_stderr(void) { - return BIO_flush(bio_err); + int r; + + test_io_lock(); + r = BIO_flush(get_bio_err()); + test_io_unlock(); + + return r; } int test_vprintf_tapout(const char *fmt, va_list ap) { - return BIO_vprintf(tap_out, fmt, ap); + int r; + + test_io_lock(); + r = BIO_vprintf(tap_out, fmt, ap); + test_io_unlock(); + + return r; } int test_vprintf_taperr(const char *fmt, va_list ap) { - return BIO_vprintf(tap_err, fmt, ap); + int r; + + test_io_lock(); + r = BIO_vprintf(tap_err, fmt, ap); + test_io_unlock(); + + return r; } int test_flush_tapout(void) { - return BIO_flush(tap_out); + int r; + + test_io_lock(); + r = BIO_flush(tap_out); + test_io_unlock(); + + return r; } int test_flush_taperr(void) { - return BIO_flush(tap_err); + int r; + + test_io_lock(); + r = BIO_flush(tap_err); + test_io_unlock(); + + return r; } diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 9a4b762f4169..346092b0046d 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -102,15 +102,18 @@ static void set_seed(int s) int setup_test_framework(int argc, char *argv[]) { - char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER"); + char *test_rand_order = getenv("OPENSSL_TEST_RAND_ORDER"); + char *test_rand_seed = getenv("OPENSSL_TEST_RAND_SEED"); char *TAP_levels = getenv("HARNESS_OSSL_LEVEL"); if (TAP_levels != NULL) level = 4 * atoi(TAP_levels); test_adjust_streams_tap_level(level); - if (test_seed != NULL) { + if (test_rand_order != NULL) { rand_order = 1; - set_seed(atoi(test_seed)); + set_seed(atoi(test_rand_order)); + } else if (test_rand_seed != NULL) { + set_seed(atoi(test_rand_seed)); } else { set_seed(0); } @@ -264,8 +267,12 @@ PRINTF_FORMAT(2, 3) static void test_verdict(int verdict, test_flush_stdout(); test_flush_stderr(); - if (verdict == 0 && seed != 0) - test_printf_tapout("# OPENSSL_TEST_RAND_ORDER=%d\n", seed); + if (verdict == 0) { + if (rand_order) + test_printf_tapout("# OPENSSL_TEST_RAND_ORDER=%d\n", seed); + else + test_printf_tapout("# OPENSSL_TEST_RAND_SEED=%d\n", seed); + } test_printf_tapout("%s ", verdict != 0 ? "ok" : "not ok"); va_start(ap, description); test_vprintf_tapout(description, ap); diff --git a/test/testutil/fake_random.c b/test/testutil/fake_random.c index f2f0e2793f76..b211f48625c2 100644 --- a/test/testutil/fake_random.c +++ b/test/testutil/fake_random.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -134,7 +134,7 @@ static const OSSL_DISPATCH fake_rand_functions[] = { { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, (void(*)(void))fake_rand_gettable_ctx_params }, { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fake_rand_get_ctx_params }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM fake_rand_rand[] = { @@ -158,7 +158,7 @@ static const OSSL_ALGORITHM *fake_rand_query(void *provctx, static const OSSL_DISPATCH fake_rand_method[] = { { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fake_rand_query }, - { 0, NULL } + OSSL_DISPATCH_END }; static int fake_rand_provider_init(const OSSL_CORE_HANDLE *handle, diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c index e101a7ecefb1..8e84e1a6b6a6 100644 --- a/test/testutil/format_output.c +++ b/test/testutil/format_output.c @@ -13,7 +13,6 @@ #include <string.h> #include <ctype.h> -#include "internal/nelem.h" /* The size of memory buffers to display on failure */ #define MEM_BUFFER_SIZE (2000) diff --git a/test/testutil/load.c b/test/testutil/load.c index d776a7f167cf..982e0a39a9b2 100644 --- a/test/testutil/load.c +++ b/test/testutil/load.c @@ -49,7 +49,7 @@ STACK_OF(X509) *load_certs_pem(const char *file) do { x = PEM_read_bio_X509(bio, NULL, 0, NULL); if (x != NULL && !sk_X509_push(certs, x)) { - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); BIO_free(bio); return NULL; } else if (x == NULL) { diff --git a/test/testutil/output.h b/test/testutil/output.h index 6fbad6f5bd0a..0e4de09704f8 100644 --- a/test/testutil/output.h +++ b/test/testutil/output.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/testutil/stanza.c b/test/testutil/stanza.c index ba62f84517f3..f1ddfde028cc 100644 --- a/test/testutil/stanza.c +++ b/test/testutil/stanza.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,7 +54,7 @@ static int read_key(STANZA *s) s->curr++; if (!TEST_int_gt(BIO_puts(s->key, tmpbuf), 0)) return 0; - if (strncmp(tmpbuf, "-----END", 8) == 0) + if (HAS_PREFIX(tmpbuf, "-----END")) return 1; } TEST_error("Can't find key end"); @@ -88,30 +88,31 @@ int test_readstanza(STANZA *s) PAIR *pp = s->pairs; char *p, *equals, *key; const char *value; + static char buff[131072]; - for (s->numpairs = 0; BIO_gets(s->fp, s->buff, sizeof(s->buff)); ) { + for (s->numpairs = 0; BIO_gets(s->fp, buff, sizeof(buff)); ) { s->curr++; - if (!TEST_ptr(p = strchr(s->buff, '\n'))) { + if (!TEST_ptr(p = strchr(buff, '\n'))) { TEST_info("Line %d too long", s->curr); return 0; } *p = '\0'; /* Blank line marks end of tests. */ - if (s->buff[0] == '\0') + if (buff[0] == '\0') break; /* Lines starting with a pound sign are ignored. */ - if (s->buff[0] == '#') + if (buff[0] == '#') continue; /* Parse into key=value */ - if (!TEST_ptr(equals = strchr(s->buff, '='))) { + if (!TEST_ptr(equals = strchr(buff, '='))) { TEST_info("Missing = at line %d\n", s->curr); return 0; } *equals++ = '\0'; - if (!TEST_ptr(key = strip_spaces(s->buff))) { + if (!TEST_ptr(key = strip_spaces(buff))) { TEST_info("Empty field at line %d\n", s->curr); return 0; } @@ -126,11 +127,9 @@ int test_readstanza(STANZA *s) if (s->numpairs == 0) s->start = s->curr; - if (strcmp(key, "PrivateKey") == 0) { - if (!read_key(s)) - return 0; - } - if (strcmp(key, "PublicKey") == 0) { + if (strcmp(key, "PrivateKey") == 0 + || strcmp(key, "PublicKey") == 0 + || strcmp(key, "ParamKey") == 0) { if (!read_key(s)) return 0; } diff --git a/test/testutil/tests.c b/test/testutil/tests.c index 05526870acd3..42a3b855c0ce 100644 --- a/test/testutil/tests.c +++ b/test/testutil/tests.c @@ -14,12 +14,11 @@ #include <errno.h> #include <string.h> #include <ctype.h> -#include "internal/nelem.h" #include <openssl/asn1.h> /* * Output a failed test first line. - * All items are optional are generally not preinted if passed as NULL. + * All items are optional are generally not printed if passed as NULL. * The special cases are for prefix where "ERROR" is assumed and for left * and right where a non-failure message is produced if either is NULL. */ @@ -209,7 +208,7 @@ void test_openssl_errors(void) * The desc argument is a printf format string followed by its arguments and * this is included in the output if the condition being tested for is false. */ -#define DEFINE_COMPARISON(type, name, opname, op, fmt) \ +#define DEFINE_COMPARISON(type, name, opname, op, fmt, cast) \ int test_ ## name ## _ ## opname(const char *file, int line, \ const char *s1, const char *s2, \ const type t1, const type t2) \ @@ -218,29 +217,31 @@ void test_openssl_errors(void) return 1; \ test_fail_message(NULL, file, line, #type, s1, s2, #op, \ "[" fmt "] compared to [" fmt "]", \ - t1, t2); \ + (cast)t1, (cast)t2); \ return 0; \ } -#define DEFINE_COMPARISONS(type, name, fmt) \ - DEFINE_COMPARISON(type, name, eq, ==, fmt) \ - DEFINE_COMPARISON(type, name, ne, !=, fmt) \ - DEFINE_COMPARISON(type, name, lt, <, fmt) \ - DEFINE_COMPARISON(type, name, le, <=, fmt) \ - DEFINE_COMPARISON(type, name, gt, >, fmt) \ - DEFINE_COMPARISON(type, name, ge, >=, fmt) +#define DEFINE_COMPARISONS(type, name, fmt, cast) \ + DEFINE_COMPARISON(type, name, eq, ==, fmt, cast) \ + DEFINE_COMPARISON(type, name, ne, !=, fmt, cast) \ + DEFINE_COMPARISON(type, name, lt, <, fmt, cast) \ + DEFINE_COMPARISON(type, name, le, <=, fmt, cast) \ + DEFINE_COMPARISON(type, name, gt, >, fmt, cast) \ + DEFINE_COMPARISON(type, name, ge, >=, fmt, cast) -DEFINE_COMPARISONS(int, int, "%d") -DEFINE_COMPARISONS(unsigned int, uint, "%u") -DEFINE_COMPARISONS(char, char, "%c") -DEFINE_COMPARISONS(unsigned char, uchar, "%u") -DEFINE_COMPARISONS(long, long, "%ld") -DEFINE_COMPARISONS(unsigned long, ulong, "%lu") -DEFINE_COMPARISONS(size_t, size_t, "%zu") -DEFINE_COMPARISONS(double, double, "%g") +DEFINE_COMPARISONS(int, int, "%d", int) +DEFINE_COMPARISONS(unsigned int, uint, "%u", unsigned int) +DEFINE_COMPARISONS(char, char, "%c", char) +DEFINE_COMPARISONS(unsigned char, uchar, "%u", unsigned char) +DEFINE_COMPARISONS(long, long, "%ld", long) +DEFINE_COMPARISONS(unsigned long, ulong, "%lu", unsigned long) +DEFINE_COMPARISONS(int64_t, int64_t, "%lld", long long) +DEFINE_COMPARISONS(uint64_t, uint64_t, "%llu", unsigned long long) +DEFINE_COMPARISONS(size_t, size_t, "%zu", size_t) +DEFINE_COMPARISONS(double, double, "%g", double) -DEFINE_COMPARISON(void *, ptr, eq, ==, "%p") -DEFINE_COMPARISON(void *, ptr, ne, !=, "%p") +DEFINE_COMPARISON(void *, ptr, eq, ==, "%p", void *) +DEFINE_COMPARISON(void *, ptr, ne, !=, "%p", void *) int test_ptr_null(const char *file, int line, const char *s, const void *p) { diff --git a/test/testutil/testutil_init.c b/test/testutil/testutil_init.c index 87013694c29e..3301551ab2f7 100644 --- a/test/testutil/testutil_init.c +++ b/test/testutil/testutil_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/threadstest.c b/test/threadstest.c index 046a9eb80239..e30a3e817d8c 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,13 @@ * https://www.openssl.org/source/license.html */ -/* test_multi below tests the thread safety of a deprecated function */ -#define OPENSSL_SUPPRESS_DEPRECATED +/* + * The test_multi_downgrade_shared_pkey function tests the thread safety of a + * deprecated function. + */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_SUPPRESS_DEPRECATED +#endif #if defined(_WIN32) # include <windows.h> @@ -18,10 +23,24 @@ #include <openssl/crypto.h> #include <openssl/rsa.h> #include <openssl/aes.h> -#include <openssl/rsa.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/pem.h> +#include <openssl/evp.h> +#include "internal/tsan_assist.h" +#include "internal/nelem.h" +#include "internal/time.h" +#include "internal/rcu.h" #include "testutil.h" #include "threadstest.h" +#ifdef __SANITIZE_THREAD__ +#include <sanitizer/tsan_interface.h> +#define TSAN_ACQUIRE(s) __tsan_acquire(s) +#else +#define TSAN_ACQUIRE(s) +#endif + /* Limit the maximum number of threads */ #define MAXIMUM_THREADS 10 @@ -32,13 +51,48 @@ static int do_fips = 0; static char *privkey; static char *config_file = NULL; static int multidefault_run = 0; + static const char *default_provider[] = { "default", NULL }; +static const char *fips_provider[] = { "fips", NULL }; +static const char *fips_and_default_providers[] = { "default", "fips", NULL }; + +static CRYPTO_RWLOCK *global_lock; + +#ifdef TSAN_REQUIRES_LOCKING +static CRYPTO_RWLOCK *tsan_lock; +#endif + +/* Grab a globally unique integer value, return 0 on failure */ +static int get_new_uid(void) +{ + /* + * Start with a nice large number to avoid potential conflicts when + * we generate a new OID. + */ + static TSAN_QUALIFIER int current_uid = 1 << (sizeof(int) * 8 - 2); +#ifdef TSAN_REQUIRES_LOCKING + int r; + + if (!TEST_true(CRYPTO_THREAD_write_lock(tsan_lock))) + return 0; + r = ++current_uid; + if (!TEST_true(CRYPTO_THREAD_unlock(tsan_lock))) + return 0; + return r; + +#else + return tsan_counter(¤t_uid); +#endif +} static int test_lock(void) { CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new(); int res; + if (!TEST_ptr(lock)) + return 0; + res = TEST_true(CRYPTO_THREAD_read_lock(lock)) && TEST_true(CRYPTO_THREAD_unlock(lock)) && TEST_true(CRYPTO_THREAD_write_lock(lock)) @@ -49,6 +103,402 @@ static int test_lock(void) return res; } +#if defined(OPENSSL_THREADS) +static int contention = 0; +static int rwwriter1_done = 0; +static int rwwriter2_done = 0; +static int rwreader1_iterations = 0; +static int rwreader2_iterations = 0; +static int rwwriter1_iterations = 0; +static int rwwriter2_iterations = 0; +static int *rwwriter_ptr = NULL; +static int rw_torture_result = 1; +static CRYPTO_RWLOCK *rwtorturelock = NULL; +static CRYPTO_RWLOCK *atomiclock = NULL; + +static void rwwriter_fn(int id, int *iterations) +{ + int count; + int *old, *new; + OSSL_TIME t1, t2; + t1 = ossl_time_now(); + + for (count = 0; ; count++) { + new = CRYPTO_zalloc(sizeof (int), NULL, 0); + if (contention == 0) + OSSL_sleep(1000); + if (!CRYPTO_THREAD_write_lock(rwtorturelock)) + abort(); + if (rwwriter_ptr != NULL) { + *new = *rwwriter_ptr + 1; + } else { + *new = 0; + } + old = rwwriter_ptr; + rwwriter_ptr = new; + if (!CRYPTO_THREAD_unlock(rwtorturelock)) + abort(); + if (old != NULL) + CRYPTO_free(old, __FILE__, __LINE__); + t2 = ossl_time_now(); + if ((ossl_time2seconds(t2) - ossl_time2seconds(t1)) >= 4) + break; + } + *iterations = count; + return; +} + +static void rwwriter1_fn(void) +{ + int local; + + TEST_info("Starting writer1"); + rwwriter_fn(1, &rwwriter1_iterations); + CRYPTO_atomic_add(&rwwriter1_done, 1, &local, atomiclock); +} + +static void rwwriter2_fn(void) +{ + int local; + + TEST_info("Starting writer 2"); + rwwriter_fn(2, &rwwriter2_iterations); + CRYPTO_atomic_add(&rwwriter2_done, 1, &local, atomiclock); +} + +static void rwreader_fn(int *iterations) +{ + unsigned int count = 0; + + int old = 0; + int lw1 = 0; + int lw2 = 0; + + if (CRYPTO_THREAD_read_lock(rwtorturelock) == 0) + abort(); + + while (lw1 != 1 || lw2 != 1) { + CRYPTO_atomic_add(&rwwriter1_done, 0, &lw1, atomiclock); + CRYPTO_atomic_add(&rwwriter2_done, 0, &lw2, atomiclock); + + count++; + if (rwwriter_ptr != NULL && old > *rwwriter_ptr) { + TEST_info("rwwriter pointer went backwards\n"); + rw_torture_result = 0; + } + if (CRYPTO_THREAD_unlock(rwtorturelock) == 0) + abort(); + *iterations = count; + if (rw_torture_result == 0) { + *iterations = count; + return; + } + if (CRYPTO_THREAD_read_lock(rwtorturelock) == 0) + abort(); + } + *iterations = count; + if (CRYPTO_THREAD_unlock(rwtorturelock) == 0) + abort(); +} + +static void rwreader1_fn(void) +{ + TEST_info("Starting reader 1"); + rwreader_fn(&rwreader1_iterations); +} + +static void rwreader2_fn(void) +{ + TEST_info("Starting reader 2"); + rwreader_fn(&rwreader2_iterations); +} + +static thread_t rwwriter1; +static thread_t rwwriter2; +static thread_t rwreader1; +static thread_t rwreader2; + +static int _torture_rw(void) +{ + double tottime = 0; + int ret = 0; + double avr, avw; + OSSL_TIME t1, t2; + struct timeval dtime; + + rwtorturelock = CRYPTO_THREAD_lock_new(); + atomiclock = CRYPTO_THREAD_lock_new(); + if (!TEST_ptr(rwtorturelock) || !TEST_ptr(atomiclock)) + goto out; + + rwwriter1_iterations = 0; + rwwriter2_iterations = 0; + rwreader1_iterations = 0; + rwreader2_iterations = 0; + rwwriter1_done = 0; + rwwriter2_done = 0; + rw_torture_result = 1; + + memset(&rwwriter1, 0, sizeof(thread_t)); + memset(&rwwriter2, 0, sizeof(thread_t)); + memset(&rwreader1, 0, sizeof(thread_t)); + memset(&rwreader2, 0, sizeof(thread_t)); + + TEST_info("Staring rw torture"); + t1 = ossl_time_now(); + if (!TEST_true(run_thread(&rwreader1, rwreader1_fn)) + || !TEST_true(run_thread(&rwreader2, rwreader2_fn)) + || !TEST_true(run_thread(&rwwriter1, rwwriter1_fn)) + || !TEST_true(run_thread(&rwwriter2, rwwriter2_fn)) + || !TEST_true(wait_for_thread(rwwriter1)) + || !TEST_true(wait_for_thread(rwwriter2)) + || !TEST_true(wait_for_thread(rwreader1)) + || !TEST_true(wait_for_thread(rwreader2))) + goto out; + + t2 = ossl_time_now(); + dtime = ossl_time_to_timeval(ossl_time_subtract(t2, t1)); + tottime = dtime.tv_sec + (dtime.tv_usec / 1e6); + TEST_info("rw_torture_result is %d\n", rw_torture_result); + TEST_info("performed %d reads and %d writes over 2 read and 2 write threads in %e seconds", + rwreader1_iterations + rwreader2_iterations, + rwwriter1_iterations + rwwriter2_iterations, tottime); + if ((rwreader1_iterations + rwreader2_iterations == 0) + || (rwwriter1_iterations + rwwriter2_iterations == 0)) { + TEST_info("Threads did not iterate\n"); + goto out; + } + avr = tottime / (rwreader1_iterations + rwreader2_iterations); + avw = (tottime / (rwwriter1_iterations + rwwriter2_iterations)); + TEST_info("Average read time %e/read", avr); + TEST_info("Averate write time %e/write", avw); + + if (TEST_int_eq(rw_torture_result, 1)) + ret = 1; +out: + CRYPTO_THREAD_lock_free(rwtorturelock); + CRYPTO_THREAD_lock_free(atomiclock); + rwtorturelock = NULL; + return ret; +} + +static int torture_rw_low(void) +{ + contention = 0; + return _torture_rw(); +} + +static int torture_rw_high(void) +{ + contention = 1; + return _torture_rw(); +} + + +static CRYPTO_RCU_LOCK *rcu_lock = NULL; + +static int writer1_done = 0; +static int writer2_done = 0; +static int reader1_iterations = 0; +static int reader2_iterations = 0; +static int writer1_iterations = 0; +static int writer2_iterations = 0; +static uint64_t *writer_ptr = NULL; +static uint64_t global_ctr = 0; +static int rcu_torture_result = 1; +static void free_old_rcu_data(void *data) +{ + CRYPTO_free(data, NULL, 0); +} + +static void writer_fn(int id, int *iterations) +{ + int count; + OSSL_TIME t1, t2; + uint64_t *old, *new; + + t1 = ossl_time_now(); + + for (count = 0; ; count++) { + new = CRYPTO_zalloc(sizeof(uint64_t), NULL, 0); + if (contention == 0) + OSSL_sleep(1000); + ossl_rcu_write_lock(rcu_lock); + old = ossl_rcu_deref(&writer_ptr); + TSAN_ACQUIRE(&writer_ptr); + *new = global_ctr++; + ossl_rcu_assign_ptr(&writer_ptr, &new); + if (contention == 0) + ossl_rcu_call(rcu_lock, free_old_rcu_data, old); + ossl_rcu_write_unlock(rcu_lock); + if (contention != 0) { + ossl_synchronize_rcu(rcu_lock); + CRYPTO_free(old, NULL, 0); + } + t2 = ossl_time_now(); + if ((ossl_time2seconds(t2) - ossl_time2seconds(t1)) >= 4) + break; + } + *iterations = count; + return; +} + +static void writer1_fn(void) +{ + int local; + + TEST_info("Starting writer1"); + writer_fn(1, &writer1_iterations); + CRYPTO_atomic_add(&writer1_done, 1, &local, atomiclock); +} + +static void writer2_fn(void) +{ + int local; + + TEST_info("Starting writer2"); + writer_fn(2, &writer2_iterations); + CRYPTO_atomic_add(&writer2_done, 1, &local, atomiclock); +} + +static void reader_fn(int *iterations) +{ + unsigned int count = 0; + uint64_t *valp; + uint64_t val; + uint64_t oldval = 0; + int lw1 = 0; + int lw2 = 0; + + while (lw1 != 1 || lw2 != 1) { + CRYPTO_atomic_add(&writer1_done, 0, &lw1, atomiclock); + CRYPTO_atomic_add(&writer2_done, 0, &lw2, atomiclock); + count++; + ossl_rcu_read_lock(rcu_lock); + valp = ossl_rcu_deref(&writer_ptr); + val = (valp == NULL) ? 0 : *valp; + + if (oldval > val) { + TEST_info("rcu torture value went backwards! %llu : %llu", (unsigned long long)oldval, (unsigned long long)val); + rcu_torture_result = 0; + } + oldval = val; /* just try to deref the pointer */ + ossl_rcu_read_unlock(rcu_lock); + if (rcu_torture_result == 0) { + *iterations = count; + return; + } + } + *iterations = count; +} + +static void reader1_fn(void) +{ + TEST_info("Starting reader 1"); + reader_fn(&reader1_iterations); +} + +static void reader2_fn(void) +{ + TEST_info("Starting reader 2"); + reader_fn(&reader2_iterations); +} + +static thread_t writer1; +static thread_t writer2; +static thread_t reader1; +static thread_t reader2; + +static int _torture_rcu(void) +{ + OSSL_TIME t1, t2; + struct timeval dtime; + double tottime; + double avr, avw; + int rc = 0; + + atomiclock = CRYPTO_THREAD_lock_new(); + if (!TEST_ptr(atomiclock)) + goto out; + + memset(&writer1, 0, sizeof(thread_t)); + memset(&writer2, 0, sizeof(thread_t)); + memset(&reader1, 0, sizeof(thread_t)); + memset(&reader2, 0, sizeof(thread_t)); + + writer1_iterations = 0; + writer2_iterations = 0; + reader1_iterations = 0; + reader2_iterations = 0; + writer1_done = 0; + writer2_done = 0; + rcu_torture_result = 1; + + rcu_lock = ossl_rcu_lock_new(contention == 2 ? 4 : 1, NULL); + if (rcu_lock == NULL) + goto out; + + TEST_info("Staring rcu torture"); + t1 = ossl_time_now(); + if (!TEST_true(run_thread(&reader1, reader1_fn)) + || !TEST_true(run_thread(&reader2, reader2_fn)) + || !TEST_true(run_thread(&writer1, writer1_fn)) + || !TEST_true(run_thread(&writer2, writer2_fn)) + || !TEST_true(wait_for_thread(writer1)) + || !TEST_true(wait_for_thread(writer2)) + || !TEST_true(wait_for_thread(reader1)) + || !TEST_true(wait_for_thread(reader2))) + goto out; + + t2 = ossl_time_now(); + dtime = ossl_time_to_timeval(ossl_time_subtract(t2, t1)); + tottime = dtime.tv_sec + (dtime.tv_usec / 1e6); + TEST_info("rcu_torture_result is %d\n", rcu_torture_result); + TEST_info("performed %d reads and %d writes over 2 read and 2 write threads in %e seconds", + reader1_iterations + reader2_iterations, + writer1_iterations + writer2_iterations, tottime); + if ((reader1_iterations + reader2_iterations == 0) + || (writer1_iterations + writer2_iterations == 0)) { + TEST_info("Threads did not iterate\n"); + goto out; + } + avr = tottime / (reader1_iterations + reader2_iterations); + avw = tottime / (writer1_iterations + writer2_iterations); + TEST_info("Average read time %e/read", avr); + TEST_info("Average write time %e/write", avw); + + if (!TEST_int_eq(rcu_torture_result, 1)) + goto out; + + rc = 1; +out: + ossl_rcu_lock_free(rcu_lock); + CRYPTO_THREAD_lock_free(atomiclock); + if (!TEST_int_eq(rcu_torture_result, 1)) + return 0; + + return rc; +} + +static int torture_rcu_low(void) +{ + contention = 0; + return _torture_rcu(); +} + +static int torture_rcu_high(void) +{ + contention = 1; + return _torture_rcu(); +} + +static int torture_rcu_high2(void) +{ + contention = 2; + return _torture_rcu(); +} +#endif + static CRYPTO_ONCE once_run = CRYPTO_ONCE_STATIC_INIT; static unsigned once_run_count = 0; @@ -208,6 +658,52 @@ static int test_atomic(void) || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) goto err; + ret64 = 0; + + if (CRYPTO_atomic_and(&val64, 5, &ret64, NULL)) { + /* This succeeds therefore we're on a platform with lockless atomics */ + if (!TEST_uint_eq((unsigned int)val64, 1) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + goto err; + } else { + /* This failed therefore we're on a platform without lockless atomics */ + if (!TEST_uint_eq((unsigned int)val64, 3) + || !TEST_int_eq((unsigned int)ret64, 0)) + goto err; + } + val64 = 3; + ret64 = 0; + + if (!TEST_true(CRYPTO_atomic_and(&val64, 5, &ret64, lock))) + goto err; + + if (!TEST_uint_eq((unsigned int)val64, 1) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + goto err; + + ret64 = 0; + + if (CRYPTO_atomic_add64(&val64, 2, &ret64, NULL)) { + /* This succeeds therefore we're on a platform with lockless atomics */ + if (!TEST_uint_eq((unsigned int)val64, 3) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + goto err; + } else { + /* This failed therefore we're on a platform without lockless atomics */ + if (!TEST_uint_eq((unsigned int)val64, 1) + || !TEST_int_eq((unsigned int)ret64, 0)) + goto err; + } + val64 = 1; + ret64 = 0; + + if (!TEST_true(CRYPTO_atomic_add64(&val64, 2, &ret64, lock))) + goto err; + + if (!TEST_uint_eq((unsigned int)val64, 3) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + goto err; + testresult = 1; err: CRYPTO_THREAD_lock_free(lock); @@ -229,6 +725,19 @@ static void multi_intialise(void) memset(multi_provider, 0, sizeof(multi_provider)); } +static void multi_set_success(int ok) +{ + if (CRYPTO_THREAD_write_lock(global_lock) == 0) { + /* not synchronized, but better than not reporting failure */ + multi_success = ok; + return; + } + + multi_success = ok; + + CRYPTO_THREAD_unlock(global_lock); +} + static void thead_teardown_libctx(void) { OSSL_PROVIDER **p; @@ -370,7 +879,7 @@ static void thread_general_worker(void) EVP_CIPHER_free(ciph); EVP_PKEY_free(pkey); if (!testresult) - multi_success = 0; + multi_set_success(0); } static void thread_multi_simple_fetch(void) @@ -380,7 +889,7 @@ static void thread_multi_simple_fetch(void) if (md != NULL) EVP_MD_free(md); else - multi_success = 0; + multi_set_success(0); } static EVP_PKEY *shared_evp_pkey = NULL; @@ -429,136 +938,152 @@ static void thread_shared_evp_pkey(void) err: EVP_PKEY_CTX_free(ctx); if (!success) - multi_success = 0; + multi_set_success(0); } -static void thread_downgrade_shared_evp_pkey(void) +static void thread_provider_load_unload(void) +{ + OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(multi_libctx, "default"); + + if (!TEST_ptr(deflt) + || !TEST_true(OSSL_PROVIDER_available(multi_libctx, "default"))) + multi_set_success(0); + + OSSL_PROVIDER_unload(deflt); +} + +static int test_multi_general_worker_default_provider(void) +{ + return thread_run_test(&thread_general_worker, 2, &thread_general_worker, + 1, default_provider); +} + +static int test_multi_general_worker_fips_provider(void) +{ + if (!do_fips) + return TEST_skip("FIPS not supported"); + return thread_run_test(&thread_general_worker, 2, &thread_general_worker, + 1, fips_provider); +} + +static int test_multi_fetch_worker(void) { + return thread_run_test(&thread_multi_simple_fetch, + 2, &thread_multi_simple_fetch, 1, default_provider); +} + +static int test_multi_shared_pkey_common(void (*worker)(void)) +{ + int testresult = 0; + + multi_intialise(); + if (!thread_setup_libctx(1, do_fips ? fips_and_default_providers + : default_provider) + || !TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx)) + || !start_threads(1, &thread_shared_evp_pkey) + || !start_threads(1, worker)) + goto err; + + thread_shared_evp_pkey(); + + if (!teardown_threads() + || !TEST_true(multi_success)) + goto err; + testresult = 1; + err: + EVP_PKEY_free(shared_evp_pkey); + thead_teardown_libctx(); + return testresult; +} + #ifndef OPENSSL_NO_DEPRECATED_3_0 +static void thread_downgrade_shared_evp_pkey(void) +{ /* * This test is only relevant for deprecated functions that perform * downgrading */ if (EVP_PKEY_get0_RSA(shared_evp_pkey) == NULL) - multi_success = 0; -#else - /* Shouldn't ever get here */ - multi_success = 0; -#endif + multi_set_success(0); } -static void thread_provider_load_unload(void) +static int test_multi_downgrade_shared_pkey(void) { - OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(multi_libctx, "default"); + return test_multi_shared_pkey_common(&thread_downgrade_shared_evp_pkey); +} +#endif - if (!TEST_ptr(deflt) - || !TEST_true(OSSL_PROVIDER_available(multi_libctx, "default"))) - multi_success = 0; +static int test_multi_shared_pkey(void) +{ + return test_multi_shared_pkey_common(&thread_shared_evp_pkey); +} - OSSL_PROVIDER_unload(deflt); +static void thread_release_shared_pkey(void) +{ + OSSL_sleep(0); + EVP_PKEY_free(shared_evp_pkey); } -/* - * Do work in multiple worker threads at the same time. - * Test 0: General worker, using the default provider - * Test 1: General worker, using the fips provider - * Test 2: Simple fetch worker - * Test 3: Worker downgrading a shared EVP_PKEY - * Test 4: Worker using a shared EVP_PKEY - * Test 5: Worker loading and unloading a provider - */ -static int test_multi(int idx) +static int test_multi_shared_pkey_release(void) { - thread_t thread1, thread2; int testresult = 0; - OSSL_PROVIDER *prov = NULL, *prov2 = NULL; - void (*worker)(void) = NULL; - void (*worker2)(void) = NULL; - EVP_MD *sha256 = NULL; - - if (idx == 1 && !do_fips) - return TEST_skip("FIPS not supported"); + size_t i = 1; -#ifdef OPENSSL_NO_DEPRECATED_3_0 - if (idx == 3) - return TEST_skip("Skipping tests for deprected functions"); -#endif - - multi_success = 1; - if (!TEST_true(test_get_libctx(&multi_libctx, NULL, config_file, - NULL, NULL))) - return 0; + multi_intialise(); + shared_evp_pkey = NULL; + if (!thread_setup_libctx(1, do_fips ? fips_and_default_providers + : default_provider) + || !TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx))) + goto err; + for (; i < 10; ++i) { + if (!TEST_true(EVP_PKEY_up_ref(shared_evp_pkey))) + goto err; + } - prov = OSSL_PROVIDER_load(multi_libctx, (idx == 1) ? "fips" : "default"); - if (!TEST_ptr(prov)) + if (!start_threads(10, &thread_release_shared_pkey)) goto err; + i = 0; - switch (idx) { - case 0: - case 1: - worker = thread_general_worker; - break; - case 2: - worker = thread_multi_simple_fetch; - break; - case 3: - worker2 = thread_downgrade_shared_evp_pkey; - /* fall through */ - case 4: - /* - * If available we have both the default and fips providers for this - * test - */ - if (do_fips - && !TEST_ptr(prov2 = OSSL_PROVIDER_load(multi_libctx, "fips"))) - goto err; - if (!TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx))) - goto err; - worker = thread_shared_evp_pkey; - break; - case 5: - /* - * We ensure we get an md from the default provider, and then unload the - * provider. This ensures the provider remains around but in a - * deactivated state. - */ - sha256 = EVP_MD_fetch(multi_libctx, "SHA2-256", NULL); - OSSL_PROVIDER_unload(prov); - prov = NULL; - worker = thread_provider_load_unload; - break; - default: - TEST_error("Invalid test index"); + if (!teardown_threads() + || !TEST_true(multi_success)) goto err; + testresult = 1; + err: + while (i > 0) { + EVP_PKEY_free(shared_evp_pkey); + --i; } - if (worker2 == NULL) - worker2 = worker; + thead_teardown_libctx(); + return testresult; +} - if (!TEST_true(run_thread(&thread1, worker)) - || !TEST_true(run_thread(&thread2, worker2))) +static int test_multi_load_unload_provider(void) +{ + EVP_MD *sha256 = NULL; + OSSL_PROVIDER *prov = NULL; + int testresult = 0; + + multi_intialise(); + if (!thread_setup_libctx(1, NULL) + || !TEST_ptr(prov = OSSL_PROVIDER_load(multi_libctx, "default")) + || !TEST_ptr(sha256 = EVP_MD_fetch(multi_libctx, "SHA2-256", NULL)) + || !TEST_true(OSSL_PROVIDER_unload(prov))) goto err; + prov = NULL; - worker(); + if (!start_threads(2, &thread_provider_load_unload)) + goto err; - testresult = 1; - /* - * Don't combine these into one if statement; must wait for both threads. - */ - if (!TEST_true(wait_for_thread(thread1))) - testresult = 0; - if (!TEST_true(wait_for_thread(thread2))) - testresult = 0; - if (!TEST_true(multi_success)) - testresult = 0; + thread_provider_load_unload(); + if (!teardown_threads() + || !TEST_true(multi_success)) + goto err; + testresult = 1; err: - EVP_MD_free(sha256); OSSL_PROVIDER_unload(prov); - OSSL_PROVIDER_unload(prov2); - OSSL_LIB_CTX_free(multi_libctx); - EVP_PKEY_free(shared_evp_pkey); - shared_evp_pkey = NULL; - multi_libctx = NULL; + EVP_MD_free(sha256); + thead_teardown_libctx(); return testresult; } @@ -568,22 +1093,17 @@ static char *multi_load_provider = "legacy"; * run with a thread sanitizer, should crash if the core provider code * doesn't synchronize well enough. */ -#define MULTI_LOAD_THREADS 10 static void test_multi_load_worker(void) { OSSL_PROVIDER *prov; - if (!TEST_ptr(prov = OSSL_PROVIDER_load(NULL, multi_load_provider)) + if (!TEST_ptr(prov = OSSL_PROVIDER_load(multi_libctx, multi_load_provider)) || !TEST_true(OSSL_PROVIDER_unload(prov))) - multi_success = 0; + multi_set_success(0); } static int test_multi_default(void) { - thread_t thread1, thread2; - int testresult = 0; - OSSL_PROVIDER *prov = NULL; - /* Avoid running this test twice */ if (multidefault_run) { TEST_skip("multi default test already run"); @@ -591,34 +1111,13 @@ static int test_multi_default(void) } multidefault_run = 1; - multi_success = 1; - multi_libctx = NULL; - prov = OSSL_PROVIDER_load(multi_libctx, "default"); - if (!TEST_ptr(prov)) - goto err; - - if (!TEST_true(run_thread(&thread1, thread_multi_simple_fetch)) - || !TEST_true(run_thread(&thread2, thread_multi_simple_fetch))) - goto err; - - thread_multi_simple_fetch(); - - if (!TEST_true(wait_for_thread(thread1)) - || !TEST_true(wait_for_thread(thread2)) - || !TEST_true(multi_success)) - goto err; - - testresult = 1; - - err: - OSSL_PROVIDER_unload(prov); - return testresult; + return thread_run_test(&thread_multi_simple_fetch, + 2, &thread_multi_simple_fetch, 0, default_provider); } static int test_multi_load(void) { - thread_t threads[MULTI_LOAD_THREADS]; - int i, res = 1; + int res = 1; OSSL_PROVIDER *prov; /* The multidefault test must run prior to this test */ @@ -640,27 +1139,137 @@ static int test_multi_load(void) } OSSL_PROVIDER_unload(prov); - multi_success = 1; - for (i = 0; i < MULTI_LOAD_THREADS; i++) - (void)TEST_true(run_thread(&threads[i], test_multi_load_worker)); + return thread_run_test(NULL, MAXIMUM_THREADS, &test_multi_load_worker, 0, + NULL) && res; +} - for (i = 0; i < MULTI_LOAD_THREADS; i++) - (void)TEST_true(wait_for_thread(threads[i])); +static void test_obj_create_one(void) +{ + char tids[12], oid[40], sn[30], ln[30]; + int id = get_new_uid(); - return res && multi_success; + BIO_snprintf(tids, sizeof(tids), "%d", id); + BIO_snprintf(oid, sizeof(oid), "1.3.6.1.4.1.16604.%s", tids); + BIO_snprintf(sn, sizeof(sn), "short-name-%s", tids); + BIO_snprintf(ln, sizeof(ln), "long-name-%s", tids); + if (!TEST_int_ne(id, 0) + || !TEST_true(id = OBJ_create(oid, sn, ln)) + || !TEST_true(OBJ_add_sigid(id, NID_sha3_256, NID_rsa))) + multi_set_success(0); } -static void test_lib_ctx_load_config_worker(void) +static int test_obj_add(void) { - if (!TEST_int_eq(OSSL_LIB_CTX_load_config(multi_libctx, config_file), 1)) - multi_success = 0; + return thread_run_test(&test_obj_create_one, + MAXIMUM_THREADS, &test_obj_create_one, + 1, default_provider); } -static int test_lib_ctx_load_config(void) +#if !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK) +static BIO *multi_bio1, *multi_bio2; + +static void test_bio_dgram_pair_worker(void) { - return thread_run_test(&test_lib_ctx_load_config_worker, - MAXIMUM_THREADS, &test_lib_ctx_load_config_worker, - 1, default_provider); + ossl_unused int r; + int ok = 0; + uint8_t ch = 0; + uint8_t scratch[64]; + BIO_MSG msg = {0}; + size_t num_processed = 0; + + if (!TEST_int_eq(RAND_bytes_ex(multi_libctx, &ch, 1, 64), 1)) + goto err; + + msg.data = scratch; + msg.data_len = sizeof(scratch); + + /* + * We do not test for failure here as recvmmsg may fail if no sendmmsg + * has been called yet. The purpose of this code is to exercise tsan. + */ + if (ch & 2) + r = BIO_sendmmsg(ch & 1 ? multi_bio2 : multi_bio1, &msg, + sizeof(BIO_MSG), 1, 0, &num_processed); + else + r = BIO_recvmmsg(ch & 1 ? multi_bio2 : multi_bio1, &msg, + sizeof(BIO_MSG), 1, 0, &num_processed); + + ok = 1; +err: + if (ok == 0) + multi_set_success(0); +} + +static int test_bio_dgram_pair(void) +{ + int r; + BIO *bio1 = NULL, *bio2 = NULL; + + r = BIO_new_bio_dgram_pair(&bio1, 0, &bio2, 0); + if (!TEST_int_eq(r, 1)) + goto err; + + multi_bio1 = bio1; + multi_bio2 = bio2; + + r = thread_run_test(&test_bio_dgram_pair_worker, + MAXIMUM_THREADS, &test_bio_dgram_pair_worker, + 1, default_provider); + +err: + BIO_free(bio1); + BIO_free(bio2); + return r; +} +#endif + +static const char *pemdataraw[] = { + "-----BEGIN RSA PRIVATE KEY-----\n", + "MIIBOgIBAAJBAMFcGsaxxdgiuuGmCkVImy4h99CqT7jwY3pexPGcnUFtR2Fh36Bp\n", + "oncwtkZ4cAgtvd4Qs8PkxUdp6p/DlUmObdkCAwEAAQJAUR44xX6zB3eaeyvTRzms\n", + "kHADrPCmPWnr8dxsNwiDGHzrMKLN+i/HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZ\n", + "AQIhAOHPCLxbtQFVxlnhSyxYeb7O323c3QulPNn3bhOipElpAiEA2zZpBE8ZXVnL\n", + "74QjG4zINlDfH+EOEtjJJ3RtaYDugvECIBtsQDxXytChsRgDQ1TcXdStXPcDppie\n", + "dZhm8yhRTTBZAiAZjE/U9rsIDC0ebxIAZfn3iplWh84yGB3pgUI3J5WkoQIhAInE\n", + "HTUY5WRj5riZtkyGnbm3DvF+1eMtO2lYV+OuLcfE\n", + "-----END RSA PRIVATE KEY-----\n", + NULL +}; + +static void test_pem_read_one(void) +{ + EVP_PKEY *key = NULL; + BIO *pem = NULL; + char *pemdata; + size_t len; + + pemdata = glue_strings(pemdataraw, &len); + if (pemdata == NULL) { + multi_set_success(0); + goto err; + } + + pem = BIO_new_mem_buf(pemdata, len); + if (pem == NULL) { + multi_set_success(0); + goto err; + } + + key = PEM_read_bio_PrivateKey(pem, NULL, NULL, NULL); + if (key == NULL) + multi_set_success(0); + + err: + EVP_PKEY_free(key); + BIO_free(pem); + OPENSSL_free(pemdata); +} + +/* Test reading PEM files in multiple threads */ +static int test_pem_read(void) +{ + return thread_run_test(&test_pem_read_one, MAXIMUM_THREADS, + &test_pem_read_one, 1, default_provider); } typedef enum OPTION_choice { @@ -709,20 +1318,51 @@ int setup_tests(void) if (!TEST_ptr(privkey)) return 0; + if (!TEST_ptr(global_lock = CRYPTO_THREAD_lock_new())) + return 0; + +#ifdef TSAN_REQUIRES_LOCKING + if (!TEST_ptr(tsan_lock = CRYPTO_THREAD_lock_new())) + return 0; +#endif + /* Keep first to validate auto creation of default library context */ ADD_TEST(test_multi_default); ADD_TEST(test_lock); +#if defined(OPENSSL_THREADS) + ADD_TEST(torture_rw_low); + ADD_TEST(torture_rw_high); + ADD_TEST(torture_rcu_low); + ADD_TEST(torture_rcu_high); + ADD_TEST(torture_rcu_high2); +#endif ADD_TEST(test_once); ADD_TEST(test_thread_local); ADD_TEST(test_atomic); ADD_TEST(test_multi_load); - ADD_ALL_TESTS(test_multi, 6); - ADD_TEST(test_lib_ctx_load_config); + ADD_TEST(test_multi_general_worker_default_provider); + ADD_TEST(test_multi_general_worker_fips_provider); + ADD_TEST(test_multi_fetch_worker); + ADD_TEST(test_multi_shared_pkey); +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ADD_TEST(test_multi_downgrade_shared_pkey); +#endif + ADD_TEST(test_multi_shared_pkey_release); + ADD_TEST(test_multi_load_unload_provider); + ADD_TEST(test_obj_add); +#if !defined(OPENSSL_NO_DGRAM) && !defined(OPENSSL_NO_SOCK) + ADD_TEST(test_bio_dgram_pair); +#endif + ADD_TEST(test_pem_read); return 1; } void cleanup_tests(void) { OPENSSL_free(privkey); +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_lock_free(tsan_lock); +#endif + CRYPTO_THREAD_lock_free(global_lock); } diff --git a/test/threadstest.h b/test/threadstest.h index 8bdedd7052ac..f8e6589e0c31 100644 --- a/test/threadstest.h +++ b/test/threadstest.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,6 +65,7 @@ static void *thread_run(void *arg) *(void **) (&f) = arg; f(); + OPENSSL_thread_stop(); return NULL; } diff --git a/test/tls-provider.c b/test/tls-provider.c index 7375792c3125..4d3bbfe10102 100644 --- a/test/tls-provider.c +++ b/test/tls-provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,14 +12,45 @@ #include <openssl/core_dispatch.h> #include <openssl/rand.h> #include <openssl/params.h> +#include <openssl/err.h> +#include <openssl/proverr.h> +#include <openssl/pkcs12.h> +#include <openssl/provider.h> +#include <assert.h> +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/core_object.h> +#include "internal/asn1.h" /* For TLS1_3_VERSION */ #include <openssl/ssl.h> #include "internal/nelem.h" +#include "internal/refcount.h" + +/* error codes */ + +/* xorprovider error codes */ +#define XORPROV_R_INVALID_DIGEST 1 +#define XORPROV_R_INVALID_SIZE 2 +#define XORPROV_R_INVALID_KEY 3 +#define XORPROV_R_UNSUPPORTED 4 +#define XORPROV_R_MISSING_OID 5 +#define XORPROV_R_OBJ_CREATE_ERR 6 +#define XORPROV_R_INVALID_ENCODING 7 +#define XORPROV_R_SIGN_ERROR 8 +#define XORPROV_R_LIB_CREATE_ERR 9 +#define XORPROV_R_NO_PRIVATE_KEY 10 +#define XORPROV_R_BUFFER_LENGTH_WRONG 11 +#define XORPROV_R_SIGNING_FAILED 12 +#define XORPROV_R_WRONG_PARAMETERS 13 +#define XORPROV_R_VERIFY_ERROR 14 +#define XORPROV_R_EVPINFO_MISSING 15 static OSSL_FUNC_keymgmt_import_fn xor_import; static OSSL_FUNC_keymgmt_import_types_fn xor_import_types; +static OSSL_FUNC_keymgmt_import_types_ex_fn xor_import_types_ex; static OSSL_FUNC_keymgmt_export_fn xor_export; static OSSL_FUNC_keymgmt_export_types_fn xor_export_types; +static OSSL_FUNC_keymgmt_export_types_ex_fn xor_export_types_ex; int tls_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, @@ -31,7 +62,7 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle, /* * Top secret. This algorithm only works if no one knows what this number is. * Please don't tell anyone what it is. - * + * * This algorithm is for testing only - don't really use it! */ static const unsigned char private_constant[XOR_KEY_SIZE] = { @@ -45,13 +76,14 @@ typedef struct xorkey_st { unsigned char pubkey[XOR_KEY_SIZE]; int hasprivkey; int haspubkey; + char *tls_name; + CRYPTO_REF_COUNT references; } XORKEY; +/* Key Management for the dummy XOR KEX, KEM and signature algorithms */ -/* Key Management for the dummy XOR KEX and KEM algorithms */ - -static OSSL_FUNC_keymgmt_new_fn xor_newdata; -static OSSL_FUNC_keymgmt_free_fn xor_freedata; +static OSSL_FUNC_keymgmt_new_fn xor_newkey; +static OSSL_FUNC_keymgmt_free_fn xor_freekey; static OSSL_FUNC_keymgmt_has_fn xor_has; static OSSL_FUNC_keymgmt_dup_fn xor_dup; static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init; @@ -59,6 +91,7 @@ static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params; static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params; static OSSL_FUNC_keymgmt_gen_fn xor_gen; static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup; +static OSSL_FUNC_keymgmt_load_fn xor_load; static OSSL_FUNC_keymgmt_get_params_fn xor_get_params; static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params; static OSSL_FUNC_keymgmt_set_params_fn xor_set_params; @@ -69,7 +102,7 @@ static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params; * together. Don't use this! */ -static OSSL_FUNC_keyexch_newctx_fn xor_newctx; +static OSSL_FUNC_keyexch_newctx_fn xor_newkemkexctx; static OSSL_FUNC_keyexch_init_fn xor_init; static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer; static OSSL_FUNC_keyexch_derive_fn xor_derive; @@ -81,7 +114,7 @@ static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx; * Don't use this! */ -static OSSL_FUNC_kem_newctx_fn xor_newctx; +static OSSL_FUNC_kem_newctx_fn xor_newkemkexctx; static OSSL_FUNC_kem_freectx_fn xor_freectx; static OSSL_FUNC_kem_dupctx_fn xor_dupctx; static OSSL_FUNC_kem_encapsulate_init_fn xor_init; @@ -89,6 +122,79 @@ static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate; static OSSL_FUNC_kem_decapsulate_init_fn xor_init; static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate; +/* + * Common key management table access functions + */ +static OSSL_FUNC_keymgmt_new_fn * +xor_prov_get_keymgmt_new(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW) + return OSSL_FUNC_keymgmt_new(fns); + + return NULL; +} + +static OSSL_FUNC_keymgmt_free_fn * +xor_prov_get_keymgmt_free(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE) + return OSSL_FUNC_keymgmt_free(fns); + + return NULL; +} + +static OSSL_FUNC_keymgmt_import_fn * +xor_prov_get_keymgmt_import(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT) + return OSSL_FUNC_keymgmt_import(fns); + + return NULL; +} + +static OSSL_FUNC_keymgmt_export_fn * +xor_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) + return OSSL_FUNC_keymgmt_export(fns); + + return NULL; +} + +static void *xor_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, + int selection, const OSSL_PARAM params[]) +{ + OSSL_FUNC_keymgmt_new_fn *kmgmt_new = xor_prov_get_keymgmt_new(fns); + OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns); + OSSL_FUNC_keymgmt_import_fn *kmgmt_import = + xor_prov_get_keymgmt_import(fns); + void *key = NULL; + + if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) { + if ((key = kmgmt_new(provctx)) == NULL + || !kmgmt_import(key, selection, params)) { + kmgmt_free(key); + key = NULL; + } + } + return key; +} + +static void xor_prov_free_key(const OSSL_DISPATCH *fns, void *key) +{ + OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns); + + if (kmgmt_free != NULL) + kmgmt_free(key); +} /* * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test @@ -107,7 +213,7 @@ struct tls_group_st { #define XORGROUP_NAME "xorgroup" #define XORGROUP_NAME_INTERNAL "xorgroup-int" static struct tls_group_st xor_group = { - 0, /* group_id, set by randomize_tls_group_id() */ + 0, /* group_id, set by randomize_tls_alg_id() */ 128, /* secbits */ TLS1_3_VERSION, /* mintls */ 0, /* maxtls */ @@ -119,7 +225,7 @@ static struct tls_group_st xor_group = { #define XORKEMGROUP_NAME "xorkemgroup" #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int" static struct tls_group_st xor_kemgroup = { - 0, /* group_id, set by randomize_tls_group_id() */ + 0, /* group_id, set by randomize_tls_alg_id() */ 128, /* secbits */ TLS1_3_VERSION, /* mintls */ 0, /* maxtls */ @@ -171,71 +277,194 @@ static const OSSL_PARAM xor_kemgroup_params[] = { #define NUM_DUMMY_GROUPS 50 static char *dummy_group_names[NUM_DUMMY_GROUPS]; +/* + * We define a dummy TLS sigalg called for test purposes + */ +struct tls_sigalg_st { + unsigned int code_point; /* for "tls-sigalg-alg", see provider-base(7) */ + unsigned int secbits; + unsigned int mintls; + unsigned int maxtls; +}; + +#define XORSIGALG_NAME "xorhmacsig" +#define XORSIGALG_OID "1.3.6.1.4.1.16604.998888.1" +#define XORSIGALG_HASH_NAME "xorhmacsha2sig" +#define XORSIGALG_HASH "SHA256" +#define XORSIGALG_HASH_OID "1.3.6.1.4.1.16604.998888.2" +#define XORSIGALG12_NAME "xorhmacsig12" +#define XORSIGALG12_OID "1.3.6.1.4.1.16604.998888.3" + +static struct tls_sigalg_st xor_sigalg = { + 0, /* alg id, set by randomize_tls_alg_id() */ + 128, /* secbits */ + TLS1_3_VERSION, /* mintls */ + 0, /* maxtls */ +}; + +static struct tls_sigalg_st xor_sigalg_hash = { + 0, /* alg id, set by randomize_tls_alg_id() */ + 128, /* secbits */ + TLS1_3_VERSION, /* mintls */ + 0, /* maxtls */ +}; + +static struct tls_sigalg_st xor_sigalg12 = { + 0, /* alg id, set by randomize_tls_alg_id() */ + 128, /* secbits */ + TLS1_2_VERSION, /* mintls */ + TLS1_2_VERSION, /* maxtls */ +}; + +static const OSSL_PARAM xor_sig_nohash_params[] = { + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, + XORSIGALG_NAME, sizeof(XORSIGALG_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, + XORSIGALG_NAME, + sizeof(XORSIGALG_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, + XORSIGALG_OID, sizeof(XORSIGALG_OID)), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, + &xor_sigalg.code_point), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, + &xor_sigalg.secbits), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, + &xor_sigalg.mintls), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, + &xor_sigalg.maxtls), + OSSL_PARAM_END +}; + +static const OSSL_PARAM xor_sig_hash_params[] = { + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, + XORSIGALG_HASH_NAME, sizeof(XORSIGALG_HASH_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, + XORSIGALG_HASH_NAME, + sizeof(XORSIGALG_HASH_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME, + XORSIGALG_HASH, sizeof(XORSIGALG_HASH)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, + XORSIGALG_HASH_OID, sizeof(XORSIGALG_HASH_OID)), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, + &xor_sigalg_hash.code_point), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, + &xor_sigalg_hash.secbits), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, + &xor_sigalg_hash.mintls), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, + &xor_sigalg_hash.maxtls), + OSSL_PARAM_END +}; + +static const OSSL_PARAM xor_sig_12_params[] = { + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, + XORSIGALG12_NAME, sizeof(XORSIGALG12_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, + XORSIGALG12_NAME, + sizeof(XORSIGALG12_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, + XORSIGALG12_OID, sizeof(XORSIGALG12_OID)), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, + &xor_sigalg12.code_point), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, + &xor_sigalg12.secbits), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, + &xor_sigalg12.mintls), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, + &xor_sigalg12.maxtls), + OSSL_PARAM_END +}; + static int tls_prov_get_capabilities(void *provctx, const char *capability, OSSL_CALLBACK *cb, void *arg) { - int ret; + int ret = 0; int i; const char *dummy_base = "dummy"; const size_t dummy_name_max_size = strlen(dummy_base) + 3; - if (strcmp(capability, "TLS-GROUP") != 0) { - /* We don't support this capability */ - return 0; - } - - /* Register our 2 groups */ - OPENSSL_assert(xor_group.group_id >= 65024 - && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); - ret = cb(xor_group_params, arg); - ret &= cb(xor_kemgroup_params, arg); + if (strcmp(capability, "TLS-GROUP") == 0) { + /* Register our 2 groups */ + OPENSSL_assert(xor_group.group_id >= 65024 + && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); + ret = cb(xor_group_params, arg); + ret &= cb(xor_kemgroup_params, arg); - /* - * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined - * in ssl/t1_lib.c, to make sure we exercise the code paths for registering - * large numbers of groups. - */ + /* + * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined + * in ssl/t1_lib.c, to make sure we exercise the code paths for registering + * large numbers of groups. + */ - for (i = 0; i < NUM_DUMMY_GROUPS; i++) { - OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)]; - unsigned int dummygroup_id; + for (i = 0; i < NUM_DUMMY_GROUPS; i++) { + OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)]; + unsigned int dummygroup_id; - memcpy(dummygroup, xor_group_params, sizeof(xor_group_params)); + memcpy(dummygroup, xor_group_params, sizeof(xor_group_params)); - /* Give the dummy group a unique name */ - if (dummy_group_names[i] == NULL) { - dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size); - if (dummy_group_names[i] == NULL) - return 0; - BIO_snprintf(dummy_group_names[i], + /* Give the dummy group a unique name */ + if (dummy_group_names[i] == NULL) { + dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size); + if (dummy_group_names[i] == NULL) + return 0; + BIO_snprintf(dummy_group_names[i], dummy_name_max_size, "%s%d", dummy_base, i); + } + dummygroup[0].data = dummy_group_names[i]; + dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; + /* assign unique group IDs also to dummy groups for registration */ + dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; + dummygroup[3].data = (unsigned char*)&dummygroup_id; + ret &= cb(dummygroup, arg); } - dummygroup[0].data = dummy_group_names[i]; - dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; - /* assign unique group IDs also to dummy groups for registration */ - dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; - dummygroup[3].data = (unsigned char*)&dummygroup_id; - ret &= cb(dummygroup, arg); } + if (strcmp(capability, "TLS-SIGALG") == 0) { + ret = cb(xor_sig_nohash_params, arg); + ret &= cb(xor_sig_hash_params, arg); + ret &= cb(xor_sig_12_params, arg); + } return ret; } +typedef struct { + OSSL_LIB_CTX *libctx; +} PROV_XOR_CTX; + +static PROV_XOR_CTX *xor_newprovctx(OSSL_LIB_CTX *libctx) +{ + PROV_XOR_CTX* prov_ctx = OPENSSL_malloc(sizeof(PROV_XOR_CTX)); + + if (prov_ctx == NULL) + return NULL; + + if (libctx == NULL) { + OPENSSL_free(prov_ctx); + return NULL; + } + prov_ctx->libctx = libctx; + return prov_ctx; +} + + + +#define PROV_XOR_LIBCTX_OF(provctx) (((PROV_XOR_CTX *)provctx)->libctx) + /* - * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys - * together. Don't use this! + * Dummy "XOR" Key Exchange and signature algorithm. We just xor the + * private and public keys together. Don't use this! */ typedef struct { XORKEY *key; XORKEY *peerkey; void *provctx; -} PROV_XOR_CTX; +} PROV_XORKEMKEX_CTX; -static void *xor_newctx(void *provctx) +static void *xor_newkemkexctx(void *provctx) { - PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX)); + PROV_XORKEMKEX_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XORKEMKEX_CTX)); if (pxorctx == NULL) return NULL; @@ -248,7 +477,7 @@ static void *xor_newctx(void *provctx) static int xor_init(void *vpxorctx, void *vkey, ossl_unused const OSSL_PARAM params[]) { - PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; + PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; if (pxorctx == NULL || vkey == NULL) return 0; @@ -258,7 +487,7 @@ static int xor_init(void *vpxorctx, void *vkey, static int xor_set_peer(void *vpxorctx, void *vpeerkey) { - PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; + PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; if (pxorctx == NULL || vpeerkey == NULL) return 0; @@ -269,7 +498,7 @@ static int xor_set_peer(void *vpxorctx, void *vpeerkey) static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen, size_t outlen) { - PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; + PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; int i; if (pxorctx->key == NULL || pxorctx->peerkey == NULL) @@ -295,8 +524,8 @@ static void xor_freectx(void *pxorctx) static void *xor_dupctx(void *vpxorctx) { - PROV_XOR_CTX *srcctx = (PROV_XOR_CTX *)vpxorctx; - PROV_XOR_CTX *dstctx; + PROV_XORKEMKEX_CTX *srcctx = (PROV_XORKEMKEX_CTX *)vpxorctx; + PROV_XORKEMKEX_CTX *dstctx; dstctx = OPENSSL_zalloc(sizeof(*srcctx)); if (dstctx == NULL) @@ -308,18 +537,18 @@ static void *xor_dupctx(void *vpxorctx) } static const OSSL_DISPATCH xor_keyexch_functions[] = { - { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx }, + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newkemkexctx }, { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init }, { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive }, { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer }, { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx }, { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM tls_prov_keyexch[] = { /* - * Obviously this is not FIPS approved, but in order to test in conjuction + * Obviously this is not FIPS approved, but in order to test in conjunction * with the FIPS provider we pretend that it is. */ { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions }, @@ -346,7 +575,7 @@ static int xor_encapsulate(void *vpxorctx, int rv = 0; void *genctx = NULL, *derivectx = NULL; XORKEY *ourkey = NULL; - PROV_XOR_CTX *pxorctx = vpxorctx; + PROV_XORKEMKEX_CTX *pxorctx = vpxorctx; if (ct == NULL || ss == NULL) { /* Just return sizes */ @@ -373,7 +602,7 @@ static int xor_encapsulate(void *vpxorctx, *ctlen = XOR_KEY_SIZE; /* 3. Derive ss via KEX */ - derivectx = xor_newctx(pxorctx->provctx); + derivectx = xor_newkemkexctx(pxorctx->provctx); if (derivectx == NULL || !xor_init(derivectx, ourkey, NULL) || !xor_set_peer(derivectx, pxorctx->key) @@ -384,7 +613,7 @@ static int xor_encapsulate(void *vpxorctx, end: xor_gen_cleanup(genctx); - xor_freedata(ourkey); + xor_freekey(ourkey); xor_freectx(derivectx); return rv; } @@ -402,7 +631,7 @@ static int xor_decapsulate(void *vpxorctx, int rv = 0; void *derivectx = NULL; XORKEY *peerkey = NULL; - PROV_XOR_CTX *pxorctx = vpxorctx; + PROV_XORKEMKEX_CTX *pxorctx = vpxorctx; if (ss == NULL) { /* Just return size */ @@ -414,13 +643,13 @@ static int xor_decapsulate(void *vpxorctx, if (ctlen != XOR_KEY_SIZE) return 0; - peerkey = xor_newdata(pxorctx->provctx); + peerkey = xor_newkey(pxorctx->provctx); if (peerkey == NULL) goto end; memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE); /* Derive ss via KEX */ - derivectx = xor_newctx(pxorctx->provctx); + derivectx = xor_newkemkexctx(pxorctx->provctx); if (derivectx == NULL || !xor_init(derivectx, pxorctx->key, NULL) || !xor_set_peer(derivectx, peerkey) @@ -430,25 +659,25 @@ static int xor_decapsulate(void *vpxorctx, rv = 1; end: - xor_freedata(peerkey); + xor_freekey(peerkey); xor_freectx(derivectx); return rv; } static const OSSL_DISPATCH xor_kem_functions[] = { - { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newctx }, + { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newkemkexctx }, { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx }, { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx }, { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init }, { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate }, { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init }, { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM tls_prov_kem[] = { /* - * Obviously this is not FIPS approved, but in order to test in conjuction + * Obviously this is not FIPS approved, but in order to test in conjunction * with the FIPS provider we pretend that it is. */ { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions }, @@ -457,14 +686,53 @@ static const OSSL_ALGORITHM tls_prov_kem[] = { /* Key Management for the dummy XOR key exchange algorithm */ -static void *xor_newdata(void *provctx) +static void *xor_newkey(void *provctx) { - return OPENSSL_zalloc(sizeof(XORKEY)); + XORKEY *ret = OPENSSL_zalloc(sizeof(XORKEY)); + + if (ret == NULL) + return NULL; + + if (!CRYPTO_NEW_REF(&ret->references, 1)) { + OPENSSL_free(ret); + return NULL; + } + + return ret; } -static void xor_freedata(void *keydata) +static void xor_freekey(void *keydata) { - OPENSSL_free(keydata); + XORKEY* key = (XORKEY *)keydata; + int refcnt; + + if (key == NULL) + return; + + if (CRYPTO_DOWN_REF(&key->references, &refcnt) <= 0) + return; + + if (refcnt > 0) + return; + assert(refcnt == 0); + + if (key != NULL) { + OPENSSL_free(key->tls_name); + key->tls_name = NULL; + } + CRYPTO_FREE_REF(&key->references); + OPENSSL_free(key); +} + +static int xor_key_up_ref(XORKEY *key) +{ + int refcnt; + + if (CRYPTO_UP_REF(&key->references, &refcnt) <= 0) + return 0; + + assert(refcnt > 1); + return (refcnt > 1); } static int xor_has(const void *vkey, int selection) @@ -485,7 +753,7 @@ static int xor_has(const void *vkey, int selection) static void *xor_dup(const void *vfromkey, int selection) { - XORKEY *tokey = xor_newdata(NULL); + XORKEY *tokey = xor_newkey(NULL); const XORKEY *fromkey = vfromkey; int ok = 0; @@ -508,9 +776,11 @@ static void *xor_dup(const void *vfromkey, int selection) tokey->hasprivkey = 0; } } + if (fromkey->tls_name != NULL) + tokey->tls_name = OPENSSL_strdup(fromkey->tls_name); } if (!ok) { - xor_freedata(tokey); + xor_freekey(tokey); tokey = NULL; } return tokey; @@ -575,6 +845,72 @@ static const OSSL_PARAM xor_known_settable_params[] = { OSSL_PARAM_END }; +static void *xor_load(const void *reference, size_t reference_sz) +{ + XORKEY *key = NULL; + + if (reference_sz == sizeof(key)) { + /* The contents of the reference is the address to our object */ + key = *(XORKEY **)reference; + /* We grabbed, so we detach it */ + *(XORKEY **)reference = NULL; + return key; + } + return NULL; +} + +/* check one key is the "XOR complement" of the other */ +static int xor_recreate(const unsigned char *kd1, const unsigned char *kd2) { + int i; + + for (i = 0; i < XOR_KEY_SIZE; i++) { + if ((kd1[i] & 0xff) != ((kd2[i] ^ private_constant[i]) & 0xff)) + return 0; + } + return 1; +} + +static int xor_match(const void *keydata1, const void *keydata2, int selection) +{ + const XORKEY *key1 = keydata1; + const XORKEY *key2 = keydata2; + int ok = 1; + + if (key1->tls_name != NULL && key2->tls_name != NULL) + ok = ok & (strcmp(key1->tls_name, key2->tls_name) == 0); + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if (key1->hasprivkey) { + if (key2->hasprivkey) + ok = ok & (CRYPTO_memcmp(key1->privkey, key2->privkey, + XOR_KEY_SIZE) == 0); + else + ok = ok & xor_recreate(key1->privkey, key2->pubkey); + } else { + if (key2->hasprivkey) + ok = ok & xor_recreate(key2->privkey, key1->pubkey); + else + ok = 0; + } + } + + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if (key1->haspubkey) { + if (key2->haspubkey) + ok = ok & (CRYPTO_memcmp(key1->pubkey, key2->pubkey, XOR_KEY_SIZE) == 0); + else + ok = ok & xor_recreate(key1->pubkey, key2->privkey); + } else { + if (key2->haspubkey) + ok = ok & xor_recreate(key2->pubkey, key1->privkey); + else + ok = 0; + } + } + + return ok; +} + static const OSSL_PARAM *xor_settable_params(void *provctx) { return xor_known_settable_params; @@ -594,11 +930,11 @@ static void *xor_gen_init(void *provctx, int selection, | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) return NULL; - if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) - gctx->selection = selection; + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL) + return NULL; - /* Our provctx is really just an OSSL_LIB_CTX */ - gctx->libctx = (OSSL_LIB_CTX *)provctx; + gctx->selection = selection; + gctx->libctx = PROV_XOR_LIBCTX_OF(provctx); if (!xor_gen_set_params(gctx, params)) { OPENSSL_free(gctx); @@ -639,7 +975,7 @@ static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx, static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { struct xor_gen_ctx *gctx = genctx; - XORKEY *key = OPENSSL_zalloc(sizeof(*key)); + XORKEY *key = xor_newkey(NULL); size_t i; if (key == NULL) @@ -730,18 +1066,34 @@ static const OSSL_PARAM *xor_import_types(int select) return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL; } +static const OSSL_PARAM *xor_import_types_ex(void *provctx, int select) +{ + if (provctx == NULL) + return NULL; + + return xor_import_types(select); +} + static const OSSL_PARAM *xor_export_types(int select) { return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL; } +static const OSSL_PARAM *xor_export_types_ex(void *provctx, int select) +{ + if (provctx == NULL) + return NULL; + + return xor_export_types(select); +} + static void xor_gen_cleanup(void *genctx) { OPENSSL_free(genctx); } static const OSSL_DISPATCH xor_keymgmt_functions[] = { - { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata }, + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, @@ -754,23 +1106,2036 @@ static const OSSL_DISPATCH xor_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, - { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata }, + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX, (void (*)(void))xor_import_types_ex }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, - { 0, NULL } + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX, (void (*)(void))xor_export_types_ex }, + OSSL_DISPATCH_END }; +/* We're reusing most XOR keymgmt functions also for signature operations: */ +static void *xor_xorhmacsig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +{ + XORKEY *k = xor_gen(genctx, osslcb, cbarg); + + if (k == NULL) + return NULL; + k->tls_name = OPENSSL_strdup(XORSIGALG_NAME); + if (k->tls_name == NULL) { + xor_freekey(k); + return NULL; + } + return k; +} + +static void *xor_xorhmacsha2sig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +{ + XORKEY* k = xor_gen(genctx, osslcb, cbarg); + + if (k == NULL) + return NULL; + k->tls_name = OPENSSL_strdup(XORSIGALG_HASH_NAME); + if (k->tls_name == NULL) { + xor_freekey(k); + return NULL; + } + return k; +} + + +static const OSSL_DISPATCH xor_xorhmacsig_keymgmt_functions[] = { + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))xor_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsig_gen }, + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, + { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load }, + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match }, + OSSL_DISPATCH_END +}; + +static const OSSL_DISPATCH xor_xorhmacsha2sig_keymgmt_functions[] = { + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))xor_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsha2sig_gen }, + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, + { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load }, + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match }, + OSSL_DISPATCH_END +}; + +typedef enum { + KEY_OP_PUBLIC, + KEY_OP_PRIVATE, + KEY_OP_KEYGEN +} xor_key_op_t; + +/* Re-create XORKEY from encoding(s): Same end-state as after key-gen */ +static XORKEY *xor_key_op(const X509_ALGOR *palg, + const unsigned char *p, int plen, + xor_key_op_t op, + OSSL_LIB_CTX *libctx, const char *propq) +{ + XORKEY *key = NULL; + int nid = NID_undef; + + if (palg != NULL) { + int ptype; + + /* Algorithm parameters must be absent */ + X509_ALGOR_get0(NULL, &ptype, NULL, palg); + if (ptype != V_ASN1_UNDEF || palg->algorithm == NULL) { + ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); + return 0; + } + nid = OBJ_obj2nid(palg->algorithm); + } + + if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) { + ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); + return 0; + } + + key = xor_newkey(NULL); + if (key == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (XOR_KEY_SIZE != plen) { + ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); + goto err; + } + + if (op == KEY_OP_PUBLIC) { + memcpy(key->pubkey, p, plen); + key->haspubkey = 1; + } else { + memcpy(key->privkey, p, plen); + key->hasprivkey = 1; + } + + key->tls_name = OPENSSL_strdup(OBJ_nid2sn(nid)); + if (key->tls_name == NULL) + goto err; + return key; + + err: + xor_freekey(key); + return NULL; +} + +static XORKEY *xor_key_from_x509pubkey(const X509_PUBKEY *xpk, + OSSL_LIB_CTX *libctx, const char *propq) +{ + const unsigned char *p; + int plen; + X509_ALGOR *palg; + + if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { + return NULL; + } + return xor_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); +} + +static XORKEY *xor_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq) +{ + XORKEY *xork = NULL; + const unsigned char *p; + int plen; + ASN1_OCTET_STRING *oct = NULL; + const X509_ALGOR *palg; + + if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) + return 0; + + oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); + if (oct == NULL) { + p = NULL; + plen = 0; + } else { + p = ASN1_STRING_get0_data(oct); + plen = ASN1_STRING_length(oct); + } + + xork = xor_key_op(palg, p, plen, KEY_OP_PRIVATE, + libctx, propq); + ASN1_OCTET_STRING_free(oct); + return xork; +} + static const OSSL_ALGORITHM tls_prov_keymgmt[] = { /* - * Obviously this is not FIPS approved, but in order to test in conjuction + * Obviously this is not FIPS approved, but in order to test in conjunction * with the FIPS provider we pretend that it is. */ - { "XOR", "provider=tls-provider,fips=yes", xor_keymgmt_functions }, + { "XOR", "provider=tls-provider,fips=yes", + xor_keymgmt_functions }, + { XORSIGALG_NAME, "provider=tls-provider,fips=yes", + xor_xorhmacsig_keymgmt_functions }, + { XORSIGALG_HASH_NAME, + "provider=tls-provider,fips=yes", + xor_xorhmacsha2sig_keymgmt_functions }, { NULL, NULL, NULL } }; +struct key2any_ctx_st { + PROV_XOR_CTX *provctx; + + /* Set to 0 if parameters should not be saved (dsa only) */ + int save_parameters; + + /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ + int cipher_intent; + + EVP_CIPHER *cipher; + + OSSL_PASSPHRASE_CALLBACK *pwcb; + void *pwcbarg; +}; + +typedef int check_key_type_fn(const void *key, int nid); +typedef int key_to_paramstring_fn(const void *key, int nid, int save, + void **str, int *strtype); +typedef int key_to_der_fn(BIO *out, const void *key, + int key_nid, const char *pemname, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx); +typedef int write_bio_of_void_fn(BIO *bp, const void *x); + + +/* Free the blob allocated during key_to_paramstring_fn */ +static void free_asn1_data(int type, void *data) +{ + switch(type) { + case V_ASN1_OBJECT: + ASN1_OBJECT_free(data); + break; + case V_ASN1_SEQUENCE: + ASN1_STRING_free(data); + break; + } +} + +static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, + void *params, int params_type, + i2d_of_void *k2d) +{ + /* der, derlen store the key DER output and its length */ + unsigned char *der = NULL; + int derlen; + /* The final PKCS#8 info */ + PKCS8_PRIV_KEY_INFO *p8info = NULL; + + if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL + || (derlen = k2d(key, &der)) <= 0 + || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, + V_ASN1_UNDEF, NULL, + der, derlen)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free(p8info); + OPENSSL_free(der); + p8info = NULL; + } + + return p8info; +} + +static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, + struct key2any_ctx_st *ctx) +{ + X509_SIG *p8 = NULL; + char kstr[PEM_BUFSIZE]; + size_t klen = 0; + OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx); + + if (ctx->cipher == NULL || ctx->pwcb == NULL) + return NULL; + + if (!ctx->pwcb(kstr, PEM_BUFSIZE, &klen, NULL, ctx->pwcbarg)) { + ERR_raise(ERR_LIB_USER, PROV_R_UNABLE_TO_GET_PASSPHRASE); + return NULL; + } + /* First argument == -1 means "standard" */ + p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); + OPENSSL_cleanse(kstr, klen); + return p8; +} + +static X509_SIG *key_to_encp8(const void *key, int key_nid, + void *params, int params_type, + i2d_of_void *k2d, struct key2any_ctx_st *ctx) +{ + PKCS8_PRIV_KEY_INFO *p8info = + key_to_p8info(key, key_nid, params, params_type, k2d); + X509_SIG *p8 = NULL; + + if (p8info == NULL) { + free_asn1_data(params_type, params); + } else { + p8 = p8info_to_encp8(p8info, ctx); + PKCS8_PRIV_KEY_INFO_free(p8info); + } + return p8; +} + +static X509_PUBKEY *xorx_key_to_pubkey(const void *key, int key_nid, + void *params, int params_type, + i2d_of_void k2d) +{ + /* der, derlen store the key DER output and its length */ + unsigned char *der = NULL; + int derlen; + /* The final X509_PUBKEY */ + X509_PUBKEY *xpk = NULL; + + if ((xpk = X509_PUBKEY_new()) == NULL + || (derlen = k2d(key, &der)) <= 0 + || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), + V_ASN1_UNDEF, NULL, + der, derlen)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + X509_PUBKEY_free(xpk); + OPENSSL_free(der); + xpk = NULL; + } + + return xpk; +} + +/* + * key_to_epki_* produce encoded output with the private key data in a + * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require + * that there's an intent to encrypt, anything else is an error. + * + * key_to_pki_* primarily produce encoded output with the private key data + * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if + * there is an intent to encrypt the data, the corresponding key_to_epki_* + * function is used instead. + * + * key_to_spki_* produce encoded output with the public key data in an + * X.509 SubjectPublicKeyInfo. + * + * Key parameters don't have any defined envelopment of this kind, but are + * included in some manner in the output from the functions described above, + * either in the AlgorithmIdentifier's parameter field, or as part of the + * key data itself. + */ + +static int key_to_epki_der_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + X509_SIG *p8; + + if (!ctx->cipher_intent) + return 0; + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + if (p8 != NULL) + ret = i2d_PKCS8_bio(out, p8); + + X509_SIG_free(p8); + + return ret; +} + +static int key_to_epki_pem_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + X509_SIG *p8; + + if (!ctx->cipher_intent) + return 0; + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + if (p8 != NULL) + ret = PEM_write_bio_PKCS8(out, p8); + + X509_SIG_free(p8); + + return ret; +} + +static int key_to_pki_der_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + PKCS8_PRIV_KEY_INFO *p8info; + + if (ctx->cipher_intent) + return key_to_epki_der_priv_bio(out, key, key_nid, pemname, + p2s, k2d, ctx); + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + p8info = key_to_p8info(key, key_nid, str, strtype, k2d); + + if (p8info != NULL) + ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); + else + free_asn1_data(strtype, str); + + PKCS8_PRIV_KEY_INFO_free(p8info); + + return ret; +} + +static int key_to_pki_pem_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + PKCS8_PRIV_KEY_INFO *p8info; + + if (ctx->cipher_intent) + return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, + p2s, k2d, ctx); + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + p8info = key_to_p8info(key, key_nid, str, strtype, k2d); + + if (p8info != NULL) + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); + else + free_asn1_data(strtype, str); + + PKCS8_PRIV_KEY_INFO_free(p8info); + + return ret; +} + +static int key_to_spki_der_pub_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + X509_PUBKEY *xpk = NULL; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d); + + if (xpk != NULL) + ret = i2d_X509_PUBKEY_bio(out, xpk); + + X509_PUBKEY_free(xpk); + return ret; +} + +static int key_to_spki_pem_pub_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + X509_PUBKEY *xpk = NULL; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d); + + if (xpk != NULL) + ret = PEM_write_bio_X509_PUBKEY(out, xpk); + else + free_asn1_data(strtype, str); + + /* Also frees |str| */ + X509_PUBKEY_free(xpk); + return ret; +} + +/* ---------------------------------------------------------------------- */ + +static int prepare_xorx_params(const void *xorxkey, int nid, int save, + void **pstr, int *pstrtype) +{ + ASN1_OBJECT *params = NULL; + XORKEY *k = (XORKEY*)xorxkey; + + if (k->tls_name && OBJ_sn2nid(k->tls_name) != nid) { + ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY); + return 0; + } + + if (nid == NID_undef) { + ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID); + return 0; + } + + params = OBJ_nid2obj(nid); + + if (params == NULL || OBJ_length(params) == 0) { + /* unexpected error */ + ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID); + ASN1_OBJECT_free(params); + return 0; + } + *pstr = params; + *pstrtype = V_ASN1_OBJECT; + return 1; +} + +static int xorx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) +{ + const XORKEY *xorxkey = vecxkey; + unsigned char *keyblob; + int retlen; + + if (xorxkey == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + keyblob = OPENSSL_memdup(xorxkey->pubkey, retlen = XOR_KEY_SIZE); + if (keyblob == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return 0; + } + + *pder = keyblob; + return retlen; +} + +static int xorx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) +{ + XORKEY *xorxkey = (XORKEY *)vecxkey; + unsigned char* buf = NULL; + ASN1_OCTET_STRING oct; + int keybloblen; + + if (xorxkey == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + buf = OPENSSL_secure_malloc(XOR_KEY_SIZE); + memcpy(buf, xorxkey->privkey, XOR_KEY_SIZE); + + oct.data = buf; + oct.length = XOR_KEY_SIZE; + oct.flags = 0; + + keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; + } + + OPENSSL_secure_clear_free(buf, XOR_KEY_SIZE); + return keybloblen; +} + +# define xorx_epki_priv_to_der xorx_pki_priv_to_der + +/* + * XORX only has PKCS#8 / SubjectPublicKeyInfo + * representation, so we don't define xorx_type_specific_[priv,pub,params]_to_der. + */ + +# define xorx_check_key_type NULL + +# define xorhmacsig_evp_type 0 +# define xorhmacsig_input_type XORSIGALG_NAME +# define xorhmacsig_pem_type XORSIGALG_NAME +# define xorhmacsha2sig_evp_type 0 +# define xorhmacsha2sig_input_type XORSIGALG_HASH_NAME +# define xorhmacsha2sig_pem_type XORSIGALG_HASH_NAME + +/* ---------------------------------------------------------------------- */ + +static OSSL_FUNC_decoder_newctx_fn key2any_newctx; +static OSSL_FUNC_decoder_freectx_fn key2any_freectx; + +static void *key2any_newctx(void *provctx) +{ + struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) { + ctx->provctx = provctx; + ctx->save_parameters = 1; + } + + return ctx; +} + +static void key2any_freectx(void *vctx) +{ + struct key2any_ctx_st *ctx = vctx; + + EVP_CIPHER_free(ctx->cipher); + OPENSSL_free(ctx); +} + +static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END, + }; + + return settables; +} + +static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct key2any_ctx_st *ctx = vctx; + OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx); + const OSSL_PARAM *cipherp = + OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); + const OSSL_PARAM *propsp = + OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); + const OSSL_PARAM *save_paramsp = + OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); + + if (cipherp != NULL) { + const char *ciphername = NULL; + const char *props = NULL; + + if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) + return 0; + if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) + return 0; + + EVP_CIPHER_free(ctx->cipher); + ctx->cipher = NULL; + ctx->cipher_intent = ciphername != NULL; + if (ciphername != NULL + && ((ctx->cipher = + EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) { + return 0; + } + } + + if (save_paramsp != NULL) { + if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) { + return 0; + } + } + return 1; +} + +static int key2any_check_selection(int selection, int selection_mask) +{ + /* + * The selections are kinda sorta "levels", i.e. each selection given + * here is assumed to include those following. + */ + int checks[] = { + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS + }; + size_t i; + + /* The decoder implementations made here support guessing */ + if (selection == 0) + return 1; + + for (i = 0; i < OSSL_NELEM(checks); i++) { + int check1 = (selection & checks[i]) != 0; + int check2 = (selection_mask & checks[i]) != 0; + + /* + * If the caller asked for the currently checked bit(s), return + * whether the decoder description says it's supported. + */ + if (check1) + return check2; + } + + /* This should be dead code, but just to be safe... */ + return 0; +} + +static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, + const void *key, const char* typestr, const char *pemname, + key_to_der_fn *writer, + OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, + key_to_paramstring_fn *key2paramstring, + i2d_of_void *key2der) +{ + int ret = 0; + int type = OBJ_sn2nid(typestr); + + if (key == NULL || type <= 0) { + ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); + } else if (writer != NULL) { + BIO *out = BIO_new_from_core_bio(ctx->provctx->libctx, cout); + + if (out != NULL) { + ctx->pwcb = pwcb; + ctx->pwcbarg = pwcbarg; + + ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx); + } + + BIO_free(out); + } else { + ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); + } + return ret; +} + +#define DO_ENC_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY +#define DO_ENC_PRIVATE_KEY(impl, type, kind, output) \ + if ((selection & DO_ENC_PRIVATE_KEY_selection_mask) != 0) \ + return key2any_encode(ctx, cout, key, impl##_pem_type, \ + impl##_pem_type " PRIVATE KEY", \ + key_to_##kind##_##output##_priv_bio, \ + cb, cbarg, prepare_##type##_params, \ + type##_##kind##_priv_to_der); + +#define DO_ENC_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY +#define DO_ENC_PUBLIC_KEY(impl, type, kind, output) \ + if ((selection & DO_ENC_PUBLIC_KEY_selection_mask) != 0) \ + return key2any_encode(ctx, cout, key, impl##_pem_type, \ + impl##_pem_type " PUBLIC KEY", \ + key_to_##kind##_##output##_pub_bio, \ + cb, cbarg, prepare_##type##_params, \ + type##_##kind##_pub_to_der); + +#define DO_ENC_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS +#define DO_ENC_PARAMETERS(impl, type, kind, output) \ + if ((selection & DO_ENC_PARAMETERS_selection_mask) != 0) \ + return key2any_encode(ctx, cout, key, impl##_pem_type, \ + impl##_pem_type " PARAMETERS", \ + key_to_##kind##_##output##_param_bio, \ + NULL, NULL, NULL, \ + type##_##kind##_params_to_der); + +/*- + * Implement the kinds of output structure that can be produced. They are + * referred to by name, and for each name, the following macros are defined + * (braces not included): + * + * DO_{kind}_selection_mask + * + * A mask of selection bits that must not be zero. This is used as a + * selection criterion for each implementation. + * This mask must never be zero. + * + * DO_{kind} + * + * The performing macro. It must use the DO_ macros defined above, + * always in this order: + * + * - DO_PRIVATE_KEY + * - DO_PUBLIC_KEY + * - DO_PARAMETERS + * + * Any of those may be omitted, but the relative order must still be + * the same. + */ + +/* + * PKCS#8 defines two structures for private keys only: + * - PrivateKeyInfo (raw unencrypted form) + * - EncryptedPrivateKeyInfo (encrypted wrapping) + * + * To allow a certain amount of flexibility, we allow the routines + * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a + * passphrase callback has been passed to them. + */ +#define DO_ENC_PrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask +#define DO_ENC_PrivateKeyInfo(impl, type, output) \ + DO_ENC_PRIVATE_KEY(impl, type, pki, output) + +#define DO_ENC_EncryptedPrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask +#define DO_ENC_EncryptedPrivateKeyInfo(impl, type, output) \ + DO_ENC_PRIVATE_KEY(impl, type, epki, output) + +/* SubjectPublicKeyInfo is a structure for public keys only */ +#define DO_ENC_SubjectPublicKeyInfo_selection_mask DO_ENC_PUBLIC_KEY_selection_mask +#define DO_ENC_SubjectPublicKeyInfo(impl, type, output) \ + DO_ENC_PUBLIC_KEY(impl, type, spki, output) + +/* + * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. + * It takes the following arguments: + * + * impl This is the key type name that's being implemented. + * type This is the type name for the set of functions that implement + * the key type. For example, ed25519, ed448, x25519 and x448 + * are all implemented with the exact same set of functions. + * kind What kind of support to implement. These translate into + * the DO_##kind macros above. + * output The output type to implement. may be der or pem. + * + * The resulting OSSL_DISPATCH array gets the following name (expressed in + * C preprocessor terms) from those arguments: + * + * xor_##impl##_to_##kind##_##output##_encoder_functions + */ +#define MAKE_ENCODER(impl, type, kind, output) \ + static OSSL_FUNC_encoder_import_object_fn \ + impl##_to_##kind##_##output##_import_object; \ + static OSSL_FUNC_encoder_free_object_fn \ + impl##_to_##kind##_##output##_free_object; \ + static OSSL_FUNC_encoder_encode_fn \ + impl##_to_##kind##_##output##_encode; \ + \ + static void * \ + impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ + const OSSL_PARAM params[]) \ + { \ + struct key2any_ctx_st *ctx = vctx; \ + \ + return xor_prov_import_key(xor_##impl##_keymgmt_functions, \ + ctx->provctx, selection, params); \ + } \ + static void impl##_to_##kind##_##output##_free_object(void *key) \ + { \ + xor_prov_free_key(xor_##impl##_keymgmt_functions, key); \ + } \ + static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ + int selection) \ + { \ + return key2any_check_selection(selection, \ + DO_ENC_##kind##_selection_mask); \ + } \ + static int \ + impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ + const void *key, \ + const OSSL_PARAM key_abstract[], \ + int selection, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + /* We don't deal with abstract objects */ \ + if (key_abstract != NULL) { \ + ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + DO_ENC_##kind(impl, type, output) \ + \ + ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + static const OSSL_DISPATCH \ + xor_##impl##_to_##kind##_##output##_encoder_functions[] = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2any_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2any_freectx }, \ + { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))key2any_settable_ctx_params }, \ + { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ + (void (*)(void))key2any_set_ctx_params }, \ + { OSSL_FUNC_ENCODER_DOES_SELECTION, \ + (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ + { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ + (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ + { OSSL_FUNC_ENCODER_FREE_OBJECT, \ + (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ + { OSSL_FUNC_ENCODER_ENCODE, \ + (void (*)(void))impl##_to_##kind##_##output##_encode }, \ + OSSL_DISPATCH_END \ + } + +/* + * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, + * i2d_{TYPE}params, as they exist. + */ + +/* + * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the + * implementations specified above, but are more specific. + * The SubjectPublicKeyInfo implementations also replace the + * PEM_write_bio_{TYPE}_PUBKEY functions. + * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), + * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). + */ + +MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, der); +MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, pem); +MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, der); +MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, pem); +MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, pem); + +static const OSSL_ALGORITHM tls_prov_encoder[] = { +#define ENCODER_PROVIDER "tls-provider" +#ifndef ENCODER_PROVIDER +# error Macro ENCODER_PROVIDER undefined +#endif + +#define ENCODER_STRUCTURE_PKCS8 "pkcs8" +#define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" +#define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" +#define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo" +#define ENCODER_STRUCTURE_PKCS1 "pkcs1" +#define ENCODER_STRUCTURE_PKCS3 "pkcs3" + +/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ +/* + * Obviously this is not FIPS approved, but in order to test in conjunction + * with the FIPS provider we pretend that it is. + */ +#define ENCODER_TEXT(_name, _sym) \ + { _name, \ + "provider=" ENCODER_PROVIDER ",fips=yes,output=text", \ + (xor_##_sym##_to_text_encoder_functions) } +#define ENCODER(_name, _sym, _fips, _output) \ + { _name, \ + "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output, \ + (xor_##_sym##_to_##_output##_encoder_functions) } + +#define ENCODER_w_structure(_name, _sym, _output, _structure) \ + { _name, \ + "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output \ + ",structure=" ENCODER_STRUCTURE_##_structure, \ + (xor_##_sym##_to_##_structure##_##_output##_encoder_functions) } + +/* + * Entries for human text "encoders" + */ + +/* + * Entries for PKCS#8 and SubjectPublicKeyInfo. + * The "der" ones are added convenience for any user that wants to use + * OSSL_ENCODER directly. + * The "pem" ones also support PEM_write_bio_PrivateKey() and + * PEM_write_bio_PUBKEY(). + */ + +ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, PrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, PrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, SubjectPublicKeyInfo), +ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, SubjectPublicKeyInfo), +ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, + der, PrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, + pem, PrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, + der, EncryptedPrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, + pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, + der, SubjectPublicKeyInfo), +ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, + pem, SubjectPublicKeyInfo), +#undef ENCODER_PROVIDER + { NULL, NULL, NULL } +}; + +struct der2key_ctx_st; /* Forward declaration */ +typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void free_key_fn(void *); +typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, + struct der2key_ctx_st *); +struct keytype_desc_st { + const char *keytype_name; + const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ + + /* The input structure name */ + const char *structure_name; + + /* + * The EVP_PKEY_xxx type macro. Should be zero for type specific + * structures, non-zero when the outermost structure is PKCS#8 or + * SubjectPublicKeyInfo. This determines which of the function + * pointers below will be used. + */ + int evp_type; + + /* The selection mask for OSSL_FUNC_decoder_does_selection() */ + int selection_mask; + + /* For type specific decoders, we use the corresponding d2i */ + d2i_of_void *d2i_private_key; /* From type-specific DER */ + d2i_of_void *d2i_public_key; /* From type-specific DER */ + d2i_of_void *d2i_key_params; /* From type-specific DER */ + d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ + d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ + + /* + * For any key, we may need to check that the key meets expectations. + * This is useful when the same functions can decode several variants + * of a key. + */ + check_key_fn *check_key; + + /* + * For any key, we may need to make provider specific adjustments, such + * as ensure the key carries the correct library context. + */ + adjust_key_fn *adjust_key; + /* {type}_free() */ + free_key_fn *free_key; +}; + +/* + * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL + * as per https://github.com/openssl/openssl/issues/16697 (TBD) + * Code from openssl/crypto/x509/x_pubkey.c as + * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public + */ +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + + EVP_PKEY *pkey; + + /* extra data for the callback, used by d2i_PUBKEY_ex */ + OSSL_LIB_CTX *libctx; + char *propq; +}; + +ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { + ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), + ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) +} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) + +static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, + long len, OSSL_LIB_CTX *libctx) +{ + X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); + + if (xpub == NULL) + return NULL; + return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), + libctx, NULL); +} +/* end steal https://github.com/openssl/openssl/issues/16697 */ + +/* + * Context used for DER to key decoding. + */ +struct der2key_ctx_st { + PROV_XOR_CTX *provctx; + struct keytype_desc_st *desc; + /* The selection that is passed to xor_der2key_decode() */ + int selection; + /* Flag used to signal that a failure is fatal */ + unsigned int flag_fatal : 1; +}; + +static int xor_read_der(PROV_XOR_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = BIO_new_from_core_bio(provctx->libctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); +static void *xor_der2key_decode_p8(const unsigned char **input_der, + long input_der_len, struct der2key_ctx_st *ctx, + key_from_pkcs8_t *key_from_pkcs8) +{ + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + const X509_ALGOR *alg = NULL; + void *key = NULL; + + if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL + && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) + && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) + key = key_from_pkcs8(p8inf, PROV_XOR_LIBCTX_OF(ctx->provctx), NULL); + PKCS8_PRIV_KEY_INFO_free(p8inf); + + return key; +} + +static XORKEY *xor_d2i_PUBKEY(XORKEY **a, + const unsigned char **pp, long length) +{ + XORKEY *key = NULL; + X509_PUBKEY *xpk; + + xpk = xorx_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL); + + key = xor_key_from_x509pubkey(xpk, NULL, NULL); + + if (key == NULL) + goto err_exit; + + if (a != NULL) { + xor_freekey(*a); + *a = key; + } + + err_exit: + X509_PUBKEY_free(xpk); + return key; +} + + +/* ---------------------------------------------------------------------- */ + +static OSSL_FUNC_decoder_freectx_fn der2key_freectx; +static OSSL_FUNC_decoder_decode_fn xor_der2key_decode; +static OSSL_FUNC_decoder_export_object_fn der2key_export_object; + +static struct der2key_ctx_st * +der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char* tls_name) +{ + struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) { + ctx->provctx = provctx; + ctx->desc = desc; + if (desc->evp_type == 0) { + ctx->desc->evp_type = OBJ_sn2nid(tls_name); + } + } + return ctx; +} + +static void der2key_freectx(void *vctx) +{ + struct der2key_ctx_st *ctx = vctx; + + OPENSSL_free(ctx); +} + +static int der2key_check_selection(int selection, + const struct keytype_desc_st *desc) +{ + /* + * The selections are kinda sorta "levels", i.e. each selection given + * here is assumed to include those following. + */ + int checks[] = { + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS + }; + size_t i; + + /* The decoder implementations made here support guessing */ + if (selection == 0) + return 1; + + for (i = 0; i < OSSL_NELEM(checks); i++) { + int check1 = (selection & checks[i]) != 0; + int check2 = (desc->selection_mask & checks[i]) != 0; + + /* + * If the caller asked for the currently checked bit(s), return + * whether the decoder description says it's supported. + */ + if (check1) + return check2; + } + + /* This should be dead code, but just to be safe... */ + return 0; +} + +static int xor_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + unsigned char *der = NULL; + const unsigned char *derp; + long der_len = 0; + void *key = NULL; + int ok = 0; + + ctx->selection = selection; + /* + * The caller is allowed to specify 0 as a selection mark, to have the + * structure and key type guessed. For type-specific structures, this + * is not recommended, as some structures are very similar. + * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter + * signifies a private key structure, where everything else is assumed + * to be present as well. + */ + if (selection == 0) + selection = ctx->desc->selection_mask; + if ((selection & ctx->desc->selection_mask) == 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + ok = xor_read_der(ctx->provctx, cin, &der, &der_len); + if (!ok) + goto next; + + ok = 0; /* Assume that we fail */ + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PKCS8 != NULL) { + key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); + if (ctx->flag_fatal) + goto end; + } else if (ctx->desc->d2i_private_key != NULL) { + key = ctx->desc->d2i_private_key(NULL, &derp, der_len); + } + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PUBKEY != NULL) + key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); + else + key = ctx->desc->d2i_public_key(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { + derp = der; + if (ctx->desc->d2i_key_params != NULL) + key = ctx->desc->d2i_key_params(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + + /* + * Last minute check to see if this was the correct type of key. This + * should never lead to a fatal error, i.e. the decoding itself was + * correct, it was just an unexpected key type. This is generally for + * classes of key types that have subtle variants, like RSA-PSS keys as + * opposed to plain RSA keys. + */ + if (key != NULL + && ctx->desc->check_key != NULL + && !ctx->desc->check_key(key, ctx)) { + ctx->desc->free_key(key); + key = NULL; + } + + if (key != NULL && ctx->desc->adjust_key != NULL) + ctx->desc->adjust_key(key, ctx); + + next: + /* + * Indicated that we successfully decoded something, or not at all. + * Ending up "empty handed" is not an error. + */ + ok = 1; + + /* + * We free memory here so it's not held up during the callback, because + * we know the process is recursive and the allocated chunks of memory + * add up. + */ + OPENSSL_free(der); + der = NULL; + + if (key != NULL) { + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; + + params[0] = + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->keytype_name, + 0); + /* The address of the key becomes the octet string */ + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); + params[3] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + + end: + ctx->desc->free_key(key); + OPENSSL_free(der); + + return ok; +} + +static int der2key_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + OSSL_FUNC_keymgmt_export_fn *export = + xor_prov_get_keymgmt_export(ctx->desc->fns); + void *keydata; + + if (reference_sz == sizeof(keydata) && export != NULL) { + /* The contents of the reference is the address to our object */ + keydata = *(void **)reference; + + return export(keydata, ctx->selection, export_cb, export_cbarg); + } + return 0; +} + +/* ---------------------------------------------------------------------- */ + +static void *xorx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, + struct der2key_ctx_st *ctx) +{ + return xor_der2key_decode_p8(der, der_len, ctx, + (key_from_pkcs8_t *)xor_key_from_pkcs8); +} + +static void xorx_key_adjust(void *key, struct der2key_ctx_st *ctx) +{ +} + +/* ---------------------------------------------------------------------- */ + +#define DO_PrivateKeyInfo(keytype) \ + "PrivateKeyInfo", 0, \ + ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ + NULL, \ + NULL, \ + NULL, \ + xorx_d2i_PKCS8, \ + NULL, \ + NULL, \ + xorx_key_adjust, \ + (free_key_fn *)xor_freekey + +#define DO_SubjectPublicKeyInfo(keytype) \ + "SubjectPublicKeyInfo", 0, \ + ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ + NULL, \ + NULL, \ + NULL, \ + NULL, \ + (d2i_of_void *)xor_d2i_PUBKEY, \ + NULL, \ + xorx_key_adjust, \ + (free_key_fn *)xor_freekey + +/* + * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. + * It takes the following arguments: + * + * keytype_name The implementation key type as a string. + * keytype The implementation key type. This must correspond exactly + * to our existing keymgmt keytype names... in other words, + * there must exist an ossl_##keytype##_keymgmt_functions. + * type The type name for the set of functions that implement the + * decoder for the key type. This isn't necessarily the same + * as keytype. For example, the key types ed25519, ed448, + * x25519 and x448 are all handled by the same functions with + * the common type name ecx. + * kind The kind of support to implement. This translates into + * the DO_##kind macros above, to populate the keytype_desc_st + * structure. + */ +#define MAKE_DECODER(keytype_name, keytype, type, kind) \ + static struct keytype_desc_st kind##_##keytype##_desc = \ + { keytype_name, xor_##keytype##_keymgmt_functions, \ + DO_##kind(keytype) }; \ + \ + static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ + \ + static void *kind##_der2##keytype##_newctx(void *provctx) \ + { \ + return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name );\ + } \ + static int kind##_der2##keytype##_does_selection(void *provctx, \ + int selection) \ + { \ + return der2key_check_selection(selection, \ + &kind##_##keytype##_desc); \ + } \ + static const OSSL_DISPATCH \ + xor_##kind##_der_to_##keytype##_decoder_functions[] = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))kind##_der2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))der2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))kind##_der2##keytype##_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))xor_der2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))der2key_export_object }, \ + OSSL_DISPATCH_END \ + } + +MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, PrivateKeyInfo); +MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, SubjectPublicKeyInfo); +MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, PrivateKeyInfo); +MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, SubjectPublicKeyInfo); + +static const OSSL_ALGORITHM tls_prov_decoder[] = { +#define DECODER_PROVIDER "tls-provider" +#define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" +#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" + +/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ +/* + * Obviously this is not FIPS approved, but in order to test in conjunction + * with the FIPS provider we pretend that it is. + */ + +#define DECODER(_name, _input, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \ + (xor_##_input##_to_##_output##_decoder_functions) } +#define DECODER_w_structure(_name, _input, _structure, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \ + ",structure=" DECODER_STRUCTURE_##_structure, \ + (xor_##_structure##_##_input##_to_##_output##_decoder_functions) } + +DECODER_w_structure(XORSIGALG_NAME, der, PrivateKeyInfo, xorhmacsig), +DECODER_w_structure(XORSIGALG_NAME, der, SubjectPublicKeyInfo, xorhmacsig), +DECODER_w_structure(XORSIGALG_HASH_NAME, der, PrivateKeyInfo, xorhmacsha2sig), +DECODER_w_structure(XORSIGALG_HASH_NAME, der, SubjectPublicKeyInfo, xorhmacsha2sig), +#undef DECODER_PROVIDER + { NULL, NULL, NULL } +}; + +#define OSSL_MAX_NAME_SIZE 50 +#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ + +static OSSL_FUNC_signature_newctx_fn xor_sig_newctx; +static OSSL_FUNC_signature_sign_init_fn xor_sig_sign_init; +static OSSL_FUNC_signature_verify_init_fn xor_sig_verify_init; +static OSSL_FUNC_signature_sign_fn xor_sig_sign; +static OSSL_FUNC_signature_verify_fn xor_sig_verify; +static OSSL_FUNC_signature_digest_sign_init_fn xor_sig_digest_sign_init; +static OSSL_FUNC_signature_digest_sign_update_fn xor_sig_digest_signverify_update; +static OSSL_FUNC_signature_digest_sign_final_fn xor_sig_digest_sign_final; +static OSSL_FUNC_signature_digest_verify_init_fn xor_sig_digest_verify_init; +static OSSL_FUNC_signature_digest_verify_update_fn xor_sig_digest_signverify_update; +static OSSL_FUNC_signature_digest_verify_final_fn xor_sig_digest_verify_final; +static OSSL_FUNC_signature_freectx_fn xor_sig_freectx; +static OSSL_FUNC_signature_dupctx_fn xor_sig_dupctx; +static OSSL_FUNC_signature_get_ctx_params_fn xor_sig_get_ctx_params; +static OSSL_FUNC_signature_gettable_ctx_params_fn xor_sig_gettable_ctx_params; +static OSSL_FUNC_signature_set_ctx_params_fn xor_sig_set_ctx_params; +static OSSL_FUNC_signature_settable_ctx_params_fn xor_sig_settable_ctx_params; +static OSSL_FUNC_signature_get_ctx_md_params_fn xor_sig_get_ctx_md_params; +static OSSL_FUNC_signature_gettable_ctx_md_params_fn xor_sig_gettable_ctx_md_params; +static OSSL_FUNC_signature_set_ctx_md_params_fn xor_sig_set_ctx_md_params; +static OSSL_FUNC_signature_settable_ctx_md_params_fn xor_sig_settable_ctx_md_params; + +static int xor_get_aid(unsigned char** oidbuf, const char *tls_name) { + X509_ALGOR *algor = X509_ALGOR_new(); + int aidlen = 0; + + X509_ALGOR_set0(algor, OBJ_txt2obj(tls_name, 0), V_ASN1_UNDEF, NULL); + + aidlen = i2d_X509_ALGOR(algor, oidbuf); + X509_ALGOR_free(algor); + return(aidlen); +} + +/* + * What's passed as an actual key is defined by the KEYMGMT interface. + */ +typedef struct { + OSSL_LIB_CTX *libctx; + char *propq; + XORKEY *sig; + + /* + * Flag to determine if the hash function can be changed (1) or not (0) + * Because it's dangerous to change during a DigestSign or DigestVerify + * operation, this flag is cleared by their Init function, and set again + * by their Final function. + */ + unsigned int flag_allow_md : 1; + + char mdname[OSSL_MAX_NAME_SIZE]; + + /* The Algorithm Identifier of the combined signature algorithm */ + unsigned char *aid; + size_t aid_len; + + /* main digest */ + EVP_MD *md; + EVP_MD_CTX *mdctx; + int operation; +} PROV_XORSIG_CTX; + +static void *xor_sig_newctx(void *provctx, const char *propq) +{ + PROV_XORSIG_CTX *pxor_sigctx; + + pxor_sigctx = OPENSSL_zalloc(sizeof(PROV_XORSIG_CTX)); + if (pxor_sigctx == NULL) + return NULL; + + pxor_sigctx->libctx = ((PROV_XOR_CTX*)provctx)->libctx; + pxor_sigctx->flag_allow_md = 0; + if (propq != NULL && (pxor_sigctx->propq = OPENSSL_strdup(propq)) == NULL) { + OPENSSL_free(pxor_sigctx); + pxor_sigctx = NULL; + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + } + return pxor_sigctx; +} + +static int xor_sig_setup_md(PROV_XORSIG_CTX *ctx, + const char *mdname, const char *mdprops) +{ + EVP_MD *md; + + if (mdprops == NULL) + mdprops = ctx->propq; + + md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + + if ((md == NULL) || (EVP_MD_nid(md)==NID_undef)) { + if (md == NULL) + ERR_raise_data(ERR_LIB_USER, XORPROV_R_INVALID_DIGEST, + "%s could not be fetched", mdname); + EVP_MD_free(md); + return 0; + } + + EVP_MD_CTX_free(ctx->mdctx); + ctx->mdctx = NULL; + EVP_MD_free(ctx->md); + ctx->md = NULL; + + OPENSSL_free(ctx->aid); + ctx->aid = NULL; + ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name); + if (ctx->aid_len <= 0) { + EVP_MD_free(md); + return 0; + } + + ctx->mdctx = NULL; + ctx->md = md; + OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); + return 1; +} + +static int xor_sig_signverify_init(void *vpxor_sigctx, void *vxorsig, + int operation) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + if (pxor_sigctx == NULL || vxorsig == NULL) + return 0; + xor_freekey(pxor_sigctx->sig); + if (!xor_key_up_ref(vxorsig)) + return 0; + pxor_sigctx->sig = vxorsig; + pxor_sigctx->operation = operation; + if ((operation==EVP_PKEY_OP_SIGN && pxor_sigctx->sig == NULL) + || (operation==EVP_PKEY_OP_VERIFY && pxor_sigctx->sig == NULL)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY); + return 0; + } + return 1; +} + +static int xor_sig_sign_init(void *vpxor_sigctx, void *vxorsig, + const OSSL_PARAM params[]) +{ + return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_SIGN); +} + +static int xor_sig_verify_init(void *vpxor_sigctx, void *vxorsig, + const OSSL_PARAM params[]) +{ + return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_VERIFY); +} + +static int xor_sig_sign(void *vpxor_sigctx, unsigned char *sig, size_t *siglen, + size_t sigsize, const unsigned char *tbs, size_t tbslen) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + XORKEY *xorkey = pxor_sigctx->sig; + + size_t max_sig_len = EVP_MAX_MD_SIZE; + size_t xor_sig_len = 0; + int rv = 0; + + if (xorkey == NULL || !xorkey->hasprivkey) { + ERR_raise(ERR_LIB_USER, XORPROV_R_NO_PRIVATE_KEY); + return rv; + } + + if (sig == NULL) { + *siglen = max_sig_len; + return 1; + } + if (*siglen < max_sig_len) { + ERR_raise(ERR_LIB_USER, XORPROV_R_BUFFER_LENGTH_WRONG); + return rv; + } + + /* + * create HMAC using XORKEY as key and hash as data: + * No real crypto, just for test, don't do this at home! + */ + if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL, + xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen, + &sig[0], EVP_MAX_MD_SIZE, &xor_sig_len)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_SIGNING_FAILED); + goto endsign; + } + + *siglen = xor_sig_len; + rv = 1; /* success */ + + endsign: + return rv; +} + +static int xor_sig_verify(void *vpxor_sigctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + XORKEY *xorkey = pxor_sigctx->sig; + unsigned char resignature[EVP_MAX_MD_SIZE]; + size_t resiglen; + int i; + + if (xorkey == NULL || sig == NULL || tbs == NULL) { + ERR_raise(ERR_LIB_USER, XORPROV_R_WRONG_PARAMETERS); + return 0; + } + + /* + * This is no real verify: just re-sign and compare: + * Don't do this at home! Not fit for real use! + */ + /* First re-create private key from public key: */ + for (i = 0; i < XOR_KEY_SIZE; i++) + xorkey->privkey[i] = xorkey->pubkey[i] ^ private_constant[i]; + + /* Now re-create signature */ + if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL, + xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen, + &resignature[0], EVP_MAX_MD_SIZE, &resiglen)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR); + return 0; + } + + /* Now compare with signature passed */ + if (siglen != resiglen || memcmp(resignature, sig, siglen) != 0) { + ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR); + return 0; + } + return 1; +} + +static int xor_sig_digest_signverify_init(void *vpxor_sigctx, const char *mdname, + void *vxorsig, int operation) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + char *rmdname = (char *)mdname; + + if (rmdname == NULL) + rmdname = "sha256"; + + pxor_sigctx->flag_allow_md = 0; + if (!xor_sig_signverify_init(vpxor_sigctx, vxorsig, operation)) + return 0; + + if (!xor_sig_setup_md(pxor_sigctx, rmdname, NULL)) + return 0; + + pxor_sigctx->mdctx = EVP_MD_CTX_new(); + if (pxor_sigctx->mdctx == NULL) + goto error; + + if (!EVP_DigestInit_ex(pxor_sigctx->mdctx, pxor_sigctx->md, NULL)) + goto error; + + return 1; + + error: + EVP_MD_CTX_free(pxor_sigctx->mdctx); + EVP_MD_free(pxor_sigctx->md); + pxor_sigctx->mdctx = NULL; + pxor_sigctx->md = NULL; + return 0; +} + +static int xor_sig_digest_sign_init(void *vpxor_sigctx, const char *mdname, + void *vxorsig, const OSSL_PARAM params[]) +{ + return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, vxorsig, + EVP_PKEY_OP_SIGN); +} + +static int xor_sig_digest_verify_init(void *vpxor_sigctx, const char *mdname, void *vxorsig, const OSSL_PARAM params[]) +{ + return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, + vxorsig, EVP_PKEY_OP_VERIFY); +} + +int xor_sig_digest_signverify_update(void *vpxor_sigctx, + const unsigned char *data, + size_t datalen) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) + return 0; + + return EVP_DigestUpdate(pxor_sigctx->mdctx, data, datalen); +} + +int xor_sig_digest_sign_final(void *vpxor_sigctx, + unsigned char *sig, size_t *siglen, + size_t sigsize) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (sig != NULL) { + if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) + return 0; + + if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen)) + return 0; + + pxor_sigctx->flag_allow_md = 1; + } + + return xor_sig_sign(vpxor_sigctx, sig, siglen, sigsize, digest, (size_t)dlen); + +} + +int xor_sig_digest_verify_final(void *vpxor_sigctx, const unsigned char *sig, + size_t siglen) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) + return 0; + + if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen)) + return 0; + + pxor_sigctx->flag_allow_md = 1; + + return xor_sig_verify(vpxor_sigctx, sig, siglen, digest, (size_t)dlen); +} + +static void xor_sig_freectx(void *vpxor_sigctx) +{ + PROV_XORSIG_CTX *ctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + OPENSSL_free(ctx->propq); + EVP_MD_CTX_free(ctx->mdctx); + EVP_MD_free(ctx->md); + ctx->propq = NULL; + ctx->mdctx = NULL; + ctx->md = NULL; + xor_freekey(ctx->sig); + ctx->sig = NULL; + OPENSSL_free(ctx->aid); + OPENSSL_free(ctx); +} + +static void *xor_sig_dupctx(void *vpxor_sigctx) +{ + PROV_XORSIG_CTX *srcctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + PROV_XORSIG_CTX *dstctx; + + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; + + *dstctx = *srcctx; + dstctx->sig = NULL; + dstctx->md = NULL; + dstctx->mdctx = NULL; + dstctx->aid = NULL; + + if ((srcctx->sig != NULL) && !xor_key_up_ref(srcctx->sig)) + goto err; + dstctx->sig = srcctx->sig; + + if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) + goto err; + dstctx->md = srcctx->md; + + if (srcctx->mdctx != NULL) { + dstctx->mdctx = EVP_MD_CTX_new(); + if (dstctx->mdctx == NULL + || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) + goto err; + } + + return dstctx; + err: + xor_sig_freectx(dstctx); + return NULL; +} + +static int xor_sig_get_ctx_params(void *vpxor_sigctx, OSSL_PARAM *params) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + OSSL_PARAM *p; + + if (pxor_sigctx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); + + if (pxor_sigctx->aid == NULL) + pxor_sigctx->aid_len = xor_get_aid(&(pxor_sigctx->aid), pxor_sigctx->sig->tls_name); + + if (p != NULL + && !OSSL_PARAM_set_octet_string(p, pxor_sigctx->aid, pxor_sigctx->aid_len)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pxor_sigctx->mdname)) + return 0; + + return 1; +} + +static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *xor_sig_gettable_ctx_params(ossl_unused void *vpxor_sigctx, ossl_unused void *vctx) +{ + return known_gettable_ctx_params; +} + +static int xor_sig_set_ctx_params(void *vpxor_sigctx, const OSSL_PARAM params[]) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + const OSSL_PARAM *p; + + if (pxor_sigctx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); + /* Not allowed during certain operations */ + if (p != NULL && !pxor_sigctx->flag_allow_md) + return 0; + if (p != NULL) { + char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; + char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; + const OSSL_PARAM *propsp = + OSSL_PARAM_locate_const(params, + OSSL_SIGNATURE_PARAM_PROPERTIES); + + if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) + return 0; + if (propsp != NULL + && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + return 0; + if (!xor_sig_setup_md(pxor_sigctx, mdname, mdprops)) + return 0; + } + + return 1; +} + +static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *xor_sig_settable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) +{ + return known_settable_ctx_params; +} + +static int xor_sig_get_ctx_md_params(void *vpxor_sigctx, OSSL_PARAM *params) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + if (pxor_sigctx->mdctx == NULL) + return 0; + + return EVP_MD_CTX_get_params(pxor_sigctx->mdctx, params); +} + +static const OSSL_PARAM *xor_sig_gettable_ctx_md_params(void *vpxor_sigctx) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + if (pxor_sigctx->md == NULL) + return 0; + + return EVP_MD_gettable_ctx_params(pxor_sigctx->md); +} + +static int xor_sig_set_ctx_md_params(void *vpxor_sigctx, const OSSL_PARAM params[]) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + if (pxor_sigctx->mdctx == NULL) + return 0; + + return EVP_MD_CTX_set_params(pxor_sigctx->mdctx, params); +} + +static const OSSL_PARAM *xor_sig_settable_ctx_md_params(void *vpxor_sigctx) +{ + PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; + + if (pxor_sigctx->md == NULL) + return 0; + + return EVP_MD_settable_ctx_params(pxor_sigctx->md); +} + +static const OSSL_DISPATCH xor_signature_functions[] = { + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))xor_sig_newctx }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))xor_sig_sign_init }, + { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))xor_sig_sign }, + { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))xor_sig_verify_init }, + { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))xor_sig_verify }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, + (void (*)(void))xor_sig_digest_sign_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, + (void (*)(void))xor_sig_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, + (void (*)(void))xor_sig_digest_sign_final }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, + (void (*)(void))xor_sig_digest_verify_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, + (void (*)(void))xor_sig_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, + (void (*)(void))xor_sig_digest_verify_final }, + { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))xor_sig_freectx }, + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))xor_sig_dupctx }, + { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))xor_sig_get_ctx_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, + (void (*)(void))xor_sig_gettable_ctx_params }, + { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))xor_sig_set_ctx_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, + (void (*)(void))xor_sig_settable_ctx_params }, + { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, + (void (*)(void))xor_sig_get_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, + (void (*)(void))xor_sig_gettable_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, + (void (*)(void))xor_sig_set_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, + (void (*)(void))xor_sig_settable_ctx_md_params }, + OSSL_DISPATCH_END +}; + +static const OSSL_ALGORITHM tls_prov_signature[] = { + /* + * Obviously this is not FIPS approved, but in order to test in conjunction + * with the FIPS provider we pretend that it is. + */ + { XORSIGALG_NAME, "provider=tls-provider,fips=yes", + xor_signature_functions }, + { XORSIGALG_HASH_NAME, "provider=tls-provider,fips=yes", + xor_signature_functions }, + { XORSIGALG12_NAME, "provider=tls-provider,fips=yes", + xor_signature_functions }, + { NULL, NULL, NULL } +}; + + static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, int *no_cache) { @@ -782,6 +3147,12 @@ static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, return tls_prov_keyexch; case OSSL_OP_KEM: return tls_prov_kem; + case OSSL_OP_ENCODER: + return tls_prov_encoder; + case OSSL_OP_DECODER: + return tls_prov_decoder; + case OSSL_OP_SIGNATURE: + return tls_prov_signature; } return NULL; } @@ -789,13 +3160,15 @@ static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, static void tls_prov_teardown(void *provctx) { int i; + PROV_XOR_CTX *pctx = (PROV_XOR_CTX*)provctx; - OSSL_LIB_CTX_free(provctx); + OSSL_LIB_CTX_free(pctx->libctx); for (i = 0; i < NUM_DUMMY_GROUPS; i++) { OPENSSL_free(dummy_group_names[i]); dummy_group_names[i] = NULL; } + OPENSSL_free(pctx); } /* Functions we provide to the core */ @@ -803,41 +3176,41 @@ static const OSSL_DISPATCH tls_prov_dispatch_table[] = { { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))tls_prov_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query }, { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities }, - { 0, NULL } + OSSL_DISPATCH_END }; static -unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx) +unsigned int randomize_tls_alg_id(OSSL_LIB_CTX *libctx) { /* - * Randomise the group_id we're going to use to ensure we don't interoperate + * Randomise the id we're going to use to ensure we don't interoperate * with anything but ourselves. */ - unsigned int group_id; + unsigned int id; static unsigned int mem[10] = { 0 }; static int in_mem = 0; int i; retry: - if (RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id), 0) <= 0) + if (RAND_bytes_ex(libctx, (unsigned char *)&id, sizeof(id), 0) <= 0) return 0; /* - * Ensure group_id is within the IANA Reserved for private use range + * Ensure id is within the IANA Reserved for private use range * (65024-65279). * Carve out NUM_DUMMY_GROUPS ids for properly registering those. */ - group_id %= 65279 - NUM_DUMMY_GROUPS - 65024; - group_id += 65024; + id %= 65279 - NUM_DUMMY_GROUPS - 65024; + id += 65024; - /* Ensure we did not already issue this group_id */ + /* Ensure we did not already issue this id */ for (i = 0; i < in_mem; i++) - if (mem[i] == group_id) + if (mem[i] == id) goto retry; - /* Add this group_id to the list of ids issued by this function */ - mem[in_mem++] = group_id; + /* Add this id to the list of ids issued by this function */ + mem[in_mem++] = id; - return group_id; + return id; } int tls_provider_init(const OSSL_CORE_HANDLE *handle, @@ -845,20 +3218,70 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH **out, void **provctx) { - OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); + OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in); + OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL; + OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL; + PROV_XOR_CTX *xor_prov_ctx = xor_newprovctx(libctx); - if (libctx == NULL) - return 0; + if (libctx == NULL || xor_prov_ctx == NULL) + goto err; - *provctx = libctx; + *provctx = xor_prov_ctx; /* - * Randomise the group_id we're going to use to ensure we don't interoperate - * with anything but ourselves. + * Randomise the group_id and code_points we're going to use to ensure we + * don't interoperate with anything but ourselves. */ - xor_group.group_id = randomize_tls_group_id(libctx); - xor_kemgroup.group_id = randomize_tls_group_id(libctx); + xor_group.group_id = randomize_tls_alg_id(libctx); + xor_kemgroup.group_id = randomize_tls_alg_id(libctx); + xor_sigalg.code_point = randomize_tls_alg_id(libctx); + xor_sigalg_hash.code_point = randomize_tls_alg_id(libctx); + + /* Retrieve registration functions */ + for (; in->function_id != 0; in++) { + switch (in->function_id) { + case OSSL_FUNC_CORE_OBJ_CREATE: + c_obj_create = OSSL_FUNC_core_obj_create(in); + break; + case OSSL_FUNC_CORE_OBJ_ADD_SIGID: + c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in); + break; + /* Just ignore anything we don't understand */ + default: + break; + } + } + + /* + * Register algorithms manually as add_provider_sigalgs is + * only called during session establishment -- too late for + * key & cert generation... + */ + if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); + goto err; + } + + if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); + goto err; + } + if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); + goto err; + } + + if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) { + ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); + goto err; + } *out = tls_prov_dispatch_table; return 1; + +err: + OPENSSL_free(xor_prov_ctx); + *provctx = NULL; + OSSL_LIB_CTX_free(libctx); + return 0; } diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c index 3a3fa8c22a26..6e1b7d978ce8 100644 --- a/test/tls13ccstest.c +++ b/test/tls13ccstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ static const BIO_METHOD *bio_f_watchccs_filter(void) if (method_watchccs == NULL) { method_watchccs = BIO_meth_new(BIO_TYPE_WATCHCCS_FILTER, "Watch CCS filter"); - if ( method_watchccs == NULL + if (method_watchccs == NULL || !BIO_meth_set_write(method_watchccs, watchccs_write) || !BIO_meth_set_read(method_watchccs, watchccs_read) || !BIO_meth_set_puts(method_watchccs, watchccs_puts) @@ -193,7 +193,7 @@ static int watchccs_write(BIO *bio, const char *in, int inl) } else { badccs = 1; } - } else if(rectype == SSL3_RT_APPLICATION_DATA) { + } else if (rectype == SSL3_RT_APPLICATION_DATA) { if (bio == s_to_c_fbio) sappdataseen = 1; else @@ -321,7 +321,7 @@ static int test_tls13ccs(int tst) goto err; # endif #else - if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "P-256"))) + if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "P-384"))) goto err; #endif } @@ -471,10 +471,6 @@ static int test_tls13ccs(int tst) || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; - - default: - TEST_error("Invalid test value"); - goto err; } ret = 1; diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index d2df29e6fda4..f1e6490f9f90 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,8 @@ #include <openssl/evp.h> #include "../ssl/ssl_local.h" #include "../ssl/record/record_local.h" +#include "internal/recordmethod.h" +#include "../ssl/record/methods/recmethod_local.h" #include "internal/nelem.h" #include "testutil.h" @@ -236,8 +238,9 @@ static unsigned char *multihexstr2buf(const char *str[3], size_t *len) return outbuf; } -static int load_record(SSL3_RECORD *rec, RECORD_DATA *recd, unsigned char **key, - unsigned char *iv, size_t ivlen, unsigned char *seq) +static int load_record(TLS_RL_RECORD *rec, RECORD_DATA *recd, + unsigned char **key, unsigned char *iv, size_t ivlen, + unsigned char *seq) { unsigned char *pt = NULL, *sq = NULL, *ivtmp = NULL; size_t ptlen; @@ -273,7 +276,7 @@ static int load_record(SSL3_RECORD *rec, RECORD_DATA *recd, unsigned char **key, return 0; } -static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) +static int test_record(TLS_RL_RECORD *rec, RECORD_DATA *recd, int enc) { int ret = 0; unsigned char *refd; @@ -303,13 +306,14 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) static int test_tls13_encryption(void) { - SSL_CTX *ctx = NULL; - SSL *s = NULL; - SSL3_RECORD rec; - unsigned char *key = NULL, *iv = NULL, *seq = NULL; + TLS_RL_RECORD rec; + unsigned char *key = NULL; const EVP_CIPHER *ciph = EVP_aes_128_gcm(); int ret = 0; size_t ivlen, ctr; + unsigned char seqbuf[SEQ_NUM_SIZE]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + OSSL_RECORD_LAYER *rrl = NULL, *wrl = NULL; /* * Encrypted TLSv1.3 records always have an outer content type of @@ -319,94 +323,77 @@ static int test_tls13_encryption(void) rec.type = SSL3_RT_APPLICATION_DATA; rec.rec_version = TLS1_2_VERSION; - ctx = SSL_CTX_new(TLS_method()); - if (!TEST_ptr(ctx)) { - TEST_info("Failed creating SSL_CTX"); - goto err; - } - - s = SSL_new(ctx); - if (!TEST_ptr(s)) { - TEST_info("Failed creating SSL"); - goto err; - } - - s->enc_read_ctx = EVP_CIPHER_CTX_new(); - if (!TEST_ptr(s->enc_read_ctx)) - goto err; - - s->enc_write_ctx = EVP_CIPHER_CTX_new(); - if (!TEST_ptr(s->enc_write_ctx)) - goto err; - - s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); - if (!TEST_ptr(s->s3.tmp.new_cipher)) { - TEST_info("Failed to find cipher"); - goto err; - } - for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { /* Load the record */ ivlen = EVP_CIPHER_get_iv_length(ciph); - if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen, - RECORD_LAYER_get_read_sequence(&s->rlayer))) { + if (!load_record(&rec, &refdata[ctr], &key, iv, ivlen, seqbuf)) { TEST_error("Failed loading key into EVP_CIPHER_CTX"); goto err; } - /* Set up the read/write sequences */ - memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), - RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE); - memcpy(s->write_iv, s->read_iv, ivlen); - - /* Load the key into the EVP_CIPHER_CTXs */ - if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0 - || EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0) - <= 0) { - TEST_error("Failed loading key into EVP_CIPHER_CTX\n"); + /* Set up the write record layer */ + if (!TEST_true(ossl_tls_record_method.new_record_layer( + NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER, + OSSL_RECORD_DIRECTION_WRITE, + OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, NULL, 0, + key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(), + EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + &wrl))) goto err; - } + memcpy(wrl->sequence, seqbuf, sizeof(seqbuf)); /* Encrypt it */ - if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1, NULL, 0), 1)) { + if (!TEST_size_t_eq(wrl->funcs->cipher(wrl, &rec, 1, 1, NULL, 0), 1)) { TEST_info("Failed to encrypt record %zu", ctr); goto err; } + if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) { TEST_info("Record %zu encryption test failed", ctr); goto err; } + /* Set up the read record layer */ + if (!TEST_true(ossl_tls_record_method.new_record_layer( + NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER, + OSSL_RECORD_DIRECTION_READ, + OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, NULL, 0, + key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(), + EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + &rrl))) + goto err; + memcpy(rrl->sequence, seqbuf, sizeof(seqbuf)); + /* Decrypt it */ - if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0, NULL, 0), 1)) { + if (!TEST_int_eq(rrl->funcs->cipher(rrl, &rec, 1, 0, NULL, 0), 1)) { TEST_info("Failed to decrypt record %zu", ctr); goto err; } + if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) { TEST_info("Record %zu decryption test failed", ctr); goto err; } + ossl_tls_record_method.free(rrl); + ossl_tls_record_method.free(wrl); + rrl = wrl = NULL; OPENSSL_free(rec.data); OPENSSL_free(key); - OPENSSL_free(iv); - OPENSSL_free(seq); rec.data = NULL; key = NULL; - iv = NULL; - seq = NULL; } TEST_note("PASS: %zu records tested", ctr); ret = 1; err: + ossl_tls_record_method.free(rrl); + ossl_tls_record_method.free(wrl); OPENSSL_free(rec.data); OPENSSL_free(key); - OPENSSL_free(iv); - OPENSSL_free(seq); - SSL_free(s); - SSL_CTX_free(ctx); return ret; } diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index bf214d3d5ba7..0b2c057a69f8 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include <openssl/evp.h> #include "../ssl/ssl_local.h" +#include "internal/ssl_unwrap.h" #include "testutil.h" #define IVLEN 12 @@ -126,7 +127,7 @@ static unsigned char server_ats_iv[] = { }; /* Mocked out implementations of various functions */ -int ssl3_digest_cached_records(SSL *s, int keep) +int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) { return 1; } @@ -134,7 +135,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) static int full_hash = 0; /* Give a hash of the currently set handshake */ -int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, +int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen, size_t *hashlen) { if (sizeof(hs_start_hash) > outlen @@ -152,21 +153,20 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, return 1; } -const EVP_MD *ssl_handshake_md(SSL *s) +const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s) { return EVP_sha256(); } -void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl) -{ -} - -void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) +int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, + const EVP_CIPHER **enc) { + return 0; } -int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, - const EVP_CIPHER **enc) +int ssl_cipher_get_evp_md_mac(SSL_CTX *ctx, const SSL_CIPHER *sslc, + const EVP_MD **md, + int *mac_pkey_type, size_t *mac_secret_size) { return 0; } @@ -185,7 +185,7 @@ int tls1_alert_code(int code) return code; } -int ssl_log_secret(SSL *ssl, +int ssl_log_secret(SSL_CONNECTION *sc, const char *label, const uint8_t *secret, size_t secret_len) @@ -198,20 +198,21 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx) return EVP_sha256(); } -void ossl_statem_send_fatal(SSL *s, int al) +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) { } -void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...) { } -int ossl_statem_export_allowed(SSL *s) +int ossl_statem_export_allowed(SSL_CONNECTION *s) { return 1; } -int ossl_statem_export_early_allowed(SSL *s) +int ossl_statem_export_early_allowed(SSL_CONNECTION *s) { return 1; } @@ -224,9 +225,21 @@ void ssl_evp_md_free(const EVP_MD *md) { } +int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction, + int level, unsigned char *secret, size_t secretlen, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen, + unsigned char *mackey, size_t mackeylen, + const EVP_CIPHER *ciph, size_t taglen, + int mactype, const EVP_MD *md, + const SSL_COMP *comp, const EVP_MD *kdfdigest) +{ + return 0; +} + /* End of mocked out code */ -static int test_secret(SSL *s, unsigned char *prk, +static int test_secret(SSL_CONNECTION *s, unsigned char *prk, const unsigned char *label, size_t labellen, const unsigned char *ref_secret, const unsigned char *ref_key, const unsigned char *ref_iv) @@ -274,7 +287,8 @@ static int test_secret(SSL *s, unsigned char *prk, static int test_handshake_secrets(void) { SSL_CTX *ctx = NULL; - SSL *s = NULL; + SSL *ssl = NULL; + SSL_CONNECTION *s; int ret = 0; size_t hashsize; unsigned char out_master_secret[EVP_MAX_MD_SIZE]; @@ -284,8 +298,8 @@ static int test_handshake_secrets(void) if (!TEST_ptr(ctx)) goto err; - s = SSL_new(ctx); - if (!TEST_ptr(s )) + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) goto err; s->session = SSL_SESSION_new(); @@ -396,7 +410,7 @@ static int test_handshake_secrets(void) ret = 1; err: - SSL_free(s); + SSL_free(ssl); SSL_CTX_free(ctx); return ret; } diff --git a/test/trace_api_test.c b/test/trace_api_test.c index e6c4fdc28c71..0effee421ab0 100644 --- a/test/trace_api_test.c +++ b/test/trace_api_test.c @@ -17,65 +17,112 @@ static int test_trace_categories(void) for (cat_num = -1; cat_num <= OSSL_TRACE_CATEGORY_NUM + 1; ++cat_num) { const char *cat_name = OSSL_trace_get_category_name(cat_num); - int is_cat_name_eq = 0; + const char *expected_cat_name = NULL; int ret_cat_num; - int expected_ret; +#define SET_EXPECTED_CAT_NAME(name) expected_cat_name = #name; break switch (cat_num) { -#define CASE(name) \ - case OSSL_TRACE_CATEGORY_##name: \ - is_cat_name_eq = TEST_str_eq(cat_name, #name); \ - break - - CASE(ALL); - CASE(TRACE); - CASE(INIT); - CASE(TLS); - CASE(TLS_CIPHER); - CASE(CONF); - CASE(ENGINE_TABLE); - CASE(ENGINE_REF_COUNT); - CASE(PKCS5V2); - CASE(PKCS12_KEYGEN); - CASE(PKCS12_DECRYPT); - CASE(X509V3_POLICY); - CASE(BN_CTX); - CASE(CMP); - CASE(STORE); - CASE(DECODER); - CASE(ENCODER); - CASE(REF_COUNT); -#undef CASE + case OSSL_TRACE_CATEGORY_ALL: + SET_EXPECTED_CAT_NAME(ALL); + case OSSL_TRACE_CATEGORY_TRACE: + SET_EXPECTED_CAT_NAME(TRACE); + case OSSL_TRACE_CATEGORY_INIT: + SET_EXPECTED_CAT_NAME(INIT); + case OSSL_TRACE_CATEGORY_TLS: + SET_EXPECTED_CAT_NAME(TLS); + case OSSL_TRACE_CATEGORY_TLS_CIPHER: + SET_EXPECTED_CAT_NAME(TLS_CIPHER); + case OSSL_TRACE_CATEGORY_CONF: + SET_EXPECTED_CAT_NAME(CONF); + case OSSL_TRACE_CATEGORY_ENGINE_TABLE: + SET_EXPECTED_CAT_NAME(ENGINE_TABLE); + case OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT: + SET_EXPECTED_CAT_NAME(ENGINE_REF_COUNT); + case OSSL_TRACE_CATEGORY_PKCS5V2: + SET_EXPECTED_CAT_NAME(PKCS5V2); + case OSSL_TRACE_CATEGORY_PKCS12_KEYGEN: + SET_EXPECTED_CAT_NAME(PKCS12_KEYGEN); + case OSSL_TRACE_CATEGORY_PKCS12_DECRYPT: + SET_EXPECTED_CAT_NAME(PKCS12_DECRYPT); + case OSSL_TRACE_CATEGORY_X509V3_POLICY: + SET_EXPECTED_CAT_NAME(X509V3_POLICY); + case OSSL_TRACE_CATEGORY_BN_CTX: + SET_EXPECTED_CAT_NAME(BN_CTX); + case OSSL_TRACE_CATEGORY_CMP: + SET_EXPECTED_CAT_NAME(CMP); + case OSSL_TRACE_CATEGORY_STORE: + SET_EXPECTED_CAT_NAME(STORE); + case OSSL_TRACE_CATEGORY_DECODER: + SET_EXPECTED_CAT_NAME(DECODER); + case OSSL_TRACE_CATEGORY_ENCODER: + SET_EXPECTED_CAT_NAME(ENCODER); + case OSSL_TRACE_CATEGORY_REF_COUNT: + SET_EXPECTED_CAT_NAME(REF_COUNT); + case OSSL_TRACE_CATEGORY_HTTP: + SET_EXPECTED_CAT_NAME(HTTP); + case OSSL_TRACE_CATEGORY_PROVIDER: + SET_EXPECTED_CAT_NAME(PROVIDER); + case OSSL_TRACE_CATEGORY_QUERY: + SET_EXPECTED_CAT_NAME(QUERY); default: - is_cat_name_eq = TEST_ptr_null(cat_name); + if (cat_num == -1 || cat_num >= OSSL_TRACE_CATEGORY_NUM) + expected_cat_name = NULL; break; } +#undef SET_EXPECTED_CAT_NAME - if (!TEST_true(is_cat_name_eq)) + if (!TEST_str_eq(cat_name, expected_cat_name)) return 0; ret_cat_num = OSSL_trace_get_category_num(cat_name); - expected_ret = cat_name != NULL ? cat_num : -1; - if (!TEST_int_eq(expected_ret, ret_cat_num)) - return 0; + if (cat_num < OSSL_TRACE_CATEGORY_NUM) + if (!TEST_int_eq(cat_num, ret_cat_num)) + return 0; } return 1; } #ifndef OPENSSL_NO_TRACE -static void put_trace_output(void) + +# define OSSL_START "xyz-" +# define OSSL_HELLO "Hello World\n" +/* OSSL_STR80 must have length OSSL_TRACE_STRING_MAX */ +# define OSSL_STR80 "1234567890123456789012345678901234567890123456789012345678901234567890123456789\n" +# define OSSL_STR81 (OSSL_STR80"x") +# define OSSL_CTRL "A\xfe\nB" +# define OSSL_MASKED "A \nB" +# define OSSL_BYE "Good Bye Universe\n" +# define OSSL_END "-abc" + +# define trace_string(text, full, str) \ + OSSL_trace_string(trc_out, text, full, (unsigned char *)(str), strlen(str)) + +static int put_trace_output(void) { - OSSL_TRACE_BEGIN(REF_COUNT) { - BIO_printf(trc_out, "Hello World\n"); - BIO_printf(trc_out, "Good Bye Universe\n"); - } OSSL_TRACE_END(REF_COUNT); + int res = 1; + + OSSL_TRACE_BEGIN(HTTP) { + res = TEST_int_eq(BIO_printf(trc_out, OSSL_HELLO), strlen(OSSL_HELLO)); + res += TEST_int_eq(trace_string(0, 0, OSSL_STR80), strlen(OSSL_STR80)); + res += TEST_int_eq(trace_string(0, 0, OSSL_STR81), strlen(OSSL_STR80)); + res += TEST_int_eq(trace_string(1, 1, OSSL_CTRL), strlen(OSSL_CTRL)); + res += TEST_int_eq(trace_string(0, 1, OSSL_MASKED), strlen(OSSL_MASKED) + + 1); /* newline added */ + res += TEST_int_eq(BIO_printf(trc_out, OSSL_BYE), strlen(OSSL_BYE)); + res = res == 6; + /* not using '&&' but '+' to catch potentially multiple test failures */ + } OSSL_TRACE_END(HTTP); + return res; } static int test_trace_channel(void) { - static const char expected[] = "xyz-\nHello World\nGood Bye Universe\n-abc\n"; - static const char expected_len = sizeof(expected) - 1; + static const char expected[] = + OSSL_START"\n" OSSL_HELLO + OSSL_STR80 "[len 81 limited to 80]: "OSSL_STR80 + OSSL_CTRL OSSL_MASKED"\n" OSSL_BYE OSSL_END"\n"; + static const size_t expected_len = sizeof(expected) - 1; BIO *bio = NULL; char *p_buf = NULL; long len = 0; @@ -85,28 +132,29 @@ static int test_trace_channel(void) if (!TEST_ptr(bio)) goto end; - if (!TEST_int_eq(OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_REF_COUNT, bio), 1)) + if (!TEST_int_eq(OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_HTTP, bio), 1)) { + BIO_free(bio); goto end; + } - if (!TEST_true(OSSL_trace_enabled(OSSL_TRACE_CATEGORY_REF_COUNT))) + if (!TEST_true(OSSL_trace_enabled(OSSL_TRACE_CATEGORY_HTTP))) goto end; - if (!TEST_int_eq(OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_REF_COUNT, "xyz-"), 1)) + if (!TEST_int_eq(OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_HTTP, + OSSL_START), 1)) goto end; - if (!TEST_int_eq(OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_REF_COUNT, "-abc"), 1)) + if (!TEST_int_eq(OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_HTTP, + OSSL_END), 1)) goto end; - put_trace_output(); + ret = put_trace_output(); len = BIO_get_mem_data(bio, &p_buf); if (!TEST_strn2_eq(p_buf, len, expected, expected_len)) - goto end; - if (!TEST_int_eq(OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_REF_COUNT, NULL), 1)) - goto end; - bio = NULL; + ret = 0; + ret = TEST_int_eq(OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_HTTP, NULL), 1) + && ret; - ret = 1; end: - BIO_free(bio); return ret; } diff --git a/test/uitest.c b/test/uitest.c index 9bddfaebf372..82c8c59204f4 100644 --- a/test/uitest.c +++ b/test/uitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,7 +37,7 @@ static int test_old(void) int ok = 0; if (!TEST_ptr(ui_method = - UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0)) + UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) || !TEST_ptr(ui = UI_new_method(ui_method))) goto err; diff --git a/test/upcallstest.c b/test/upcallstest.c index 76899fee3de0..d2c89b5202ee 100644 --- a/test/upcallstest.c +++ b/test/upcallstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,12 +21,13 @@ static const OSSL_ALGORITHM *obj_query(void *provctx, int operation_id, static const OSSL_DISPATCH obj_dispatch_table[] = { { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))obj_query }, - { 0, NULL } + OSSL_DISPATCH_END }; static OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid = NULL; static OSSL_FUNC_core_obj_create_fn *c_obj_create = NULL; +/* test signature ids requiring digest */ #define SIG_OID "1.3.6.1.4.1.16604.998877.1" #define SIG_SN "my-sig" #define SIG_LN "my-sig-long" @@ -37,6 +38,14 @@ static OSSL_FUNC_core_obj_create_fn *c_obj_create = NULL; #define SIGALG_SN "my-sigalg" #define SIGALG_LN "my-sigalg-long" +/* test signature ids requiring no digest */ +#define NODIG_SIG_OID "1.3.6.1.4.1.16604.998877.4" +#define NODIG_SIG_SN "my-nodig-sig" +#define NODIG_SIG_LN "my-nodig-sig-long" +#define NODIG_SIGALG_OID "1.3.6.1.4.1.16604.998877.5" +#define NODIG_SIGALG_SN "my-nodig-sigalg" +#define NODIG_SIGALG_LN "my-nodig-sigalg-long" + static int obj_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, @@ -45,7 +54,7 @@ static int obj_provider_init(const OSSL_CORE_HANDLE *handle, *provctx = (void *)handle; *out = obj_dispatch_table; - for (; in->function_id != 0; in++) { + for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_OBJ_ADD_SIGID: c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in); @@ -65,16 +74,18 @@ static int obj_provider_init(const OSSL_CORE_HANDLE *handle, || !c_obj_create(handle, SIGALG_OID, SIGALG_SN, SIGALG_LN)) return 0; + if (!c_obj_create(handle, NODIG_SIG_OID, NODIG_SIG_SN, NODIG_SIG_LN) + || !c_obj_create(handle, NODIG_SIGALG_OID, NODIG_SIGALG_SN, NODIG_SIGALG_LN)) + return 0; + if (!c_obj_add_sigid(handle, SIGALG_OID, DIGEST_SN, SIG_LN)) return 0; /* additional tests checking empty digest algs are accepted, too */ - if (!c_obj_add_sigid(handle, SIGALG_OID, "", SIG_LN)) - return 0; - if (!c_obj_add_sigid(handle, SIGALG_OID, NULL, SIG_LN)) + if (!c_obj_add_sigid(handle, NODIG_SIGALG_OID, "", NODIG_SIG_LN)) return 0; /* checking wrong digest alg name is rejected: */ - if (c_obj_add_sigid(handle, SIGALG_OID, "NonsenseAlg", SIG_LN)) + if (c_obj_add_sigid(handle, NODIG_SIGALG_OID, "NonsenseAlg", NODIG_SIG_LN)) return 0; return 1; @@ -84,7 +95,7 @@ static int obj_create_test(void) { OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); OSSL_PROVIDER *objprov = NULL; - int sigalgnid, digestnid, signid; + int sigalgnid, digestnid, signid, foundsid; int testresult = 0; if (!TEST_ptr(libctx)) @@ -105,6 +116,40 @@ static int obj_create_test(void) || !TEST_int_eq(signid, OBJ_ln2nid(SIG_LN))) goto err; + /* Check empty digest alg storage capability */ + sigalgnid = OBJ_txt2nid(NODIG_SIGALG_OID); + if (!TEST_int_ne(sigalgnid, NID_undef) + || !TEST_true(OBJ_find_sigid_algs(sigalgnid, &digestnid, &signid)) + || !TEST_int_eq(digestnid, NID_undef) + || !TEST_int_ne(signid, NID_undef)) + goto err; + + /* Testing OBJ_find_sigid_by_algs */ + /* First check exact sig/digest recall: */ + sigalgnid = OBJ_sn2nid(SIGALG_SN); + digestnid = OBJ_sn2nid(DIGEST_SN); + signid = OBJ_ln2nid(SIG_LN); + if ((!OBJ_find_sigid_by_algs(&foundsid, digestnid, signid)) || + (foundsid != sigalgnid)) + return 0; + /* Check wrong signature/digest combination is rejected */ + if ((OBJ_find_sigid_by_algs(&foundsid, OBJ_sn2nid("SHA512"), signid)) && + (foundsid == sigalgnid)) + return 0; + /* Now also check signature not needing digest is found */ + /* a) when some digest is given */ + sigalgnid = OBJ_sn2nid(NODIG_SIGALG_SN); + digestnid = OBJ_sn2nid("SHA512"); + signid = OBJ_ln2nid(NODIG_SIG_LN); + if ((!OBJ_find_sigid_by_algs(&foundsid, digestnid, signid)) || + (foundsid != sigalgnid)) + return 0; + /* b) when NID_undef is passed */ + digestnid = NID_undef; + if ((!OBJ_find_sigid_by_algs(&foundsid, digestnid, signid)) || + (foundsid != sigalgnid)) + return 0; + testresult = 1; err: OSSL_PROVIDER_unload(objprov); diff --git a/test/user_property_test.c b/test/user_property_test.c index 7b7ab62832f9..73ae149ad08d 100644 --- a/test/user_property_test.c +++ b/test/user_property_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ static int tmpmd_digest(void *provctx, const unsigned char *in, size_t inl, static const OSSL_DISPATCH testprovmd_functions[] = { { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))tmpmd_get_params }, { OSSL_FUNC_DIGEST_DIGEST, (void (*)(void))tmpmd_digest }, - { 0, NULL } + OSSL_DISPATCH_END }; static const OSSL_ALGORITHM testprov_digests[] = { @@ -63,7 +63,7 @@ static const OSSL_ALGORITHM *testprov_query(void *provctx, static const OSSL_DISPATCH testprov_dispatch_table[] = { { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))testprov_query }, - { 0, NULL } + OSSL_DISPATCH_END }; static int testprov_provider_init(const OSSL_CORE_HANDLE *handle, diff --git a/test/v3ext.c b/test/v3ext.c index 9305a3010bf8..710e5252447e 100644 --- a/test/v3ext.c +++ b/test/v3ext.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -311,7 +311,7 @@ static int test_addr_fam_len(void) goto end; testresult = 1; - end: + end: /* Free stack and any memory owned by detached element */ IPAddressFamily_free(f1); sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); diff --git a/test/v3nametest.c b/test/v3nametest.c index 3609eba04552..152da1a1ddce 100644 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -157,7 +157,8 @@ static int set_altname(X509 *crt, ...) default: abort(); } - sk_GENERAL_NAME_push(gens, gen); + if (!sk_GENERAL_NAME_push(gens, gen)) + goto out; gen = NULL; } if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0)) diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 5f664f531bd8..57f761f078e5 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -75,7 +75,7 @@ static int test_alt_chains_cert_forgery(void) lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto err; - if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM)) + if (X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM) <= 0) goto err; untrusted = load_certs_pem(untrusted_f); @@ -99,7 +99,7 @@ static int test_alt_chains_cert_forgery(void) err: X509_STORE_CTX_free(sctx); X509_free(x); - sk_X509_pop_free(untrusted, X509_free); + OSSL_STACK_OF_X509_free(untrusted); X509_STORE_free(store); return ret; } @@ -266,8 +266,8 @@ static int do_test_purpose(int purpose, int expected) testresult = 1; err: - sk_X509_pop_free(trusted, X509_free); - sk_X509_pop_free(untrusted, X509_free); + OSSL_STACK_OF_X509_free(trusted); + OSSL_STACK_OF_X509_free(untrusted); X509_STORE_CTX_free(ctx); X509_free(eecert); X509_free(untrcert); diff --git a/test/wpackettest.c b/test/wpackettest.c index da8b52612084..bd696e007407 100644 --- a/test/wpackettest.c +++ b/test/wpackettest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include <string.h> #include <openssl/buffer.h> #include <openssl/rand.h> -#include "internal/packet.h" +#include "internal/packet_quic.h" #include "testutil.h" static const unsigned char simple1[] = { 0xff }; @@ -26,6 +26,34 @@ static const unsigned char simpleder[] = { 0xfc, 0x04, 0x00, 0x01, 0x02, 0x03, 0xff, 0xfe, 0xfd }; +#ifndef OPENSSL_NO_QUIC + +/* QUIC sub-packet with 4-byte length prefix, containing a 1-byte vlint */ +static const unsigned char quic1[] = { 0x80, 0x00, 0x00, 0x01, 0x09 }; +/* QUIC sub-packet with 1-byte length prefix, containing a 1-byte vlint */ +static const unsigned char quic2[] = { 0x01, 0x09 }; +/* QUIC sub-packet with 2-byte length prefix, containing a 2-byte vlint */ +static const unsigned char quic3[] = { 0x40, 0x02, 0x40, 0x41 }; +/* QUIC sub-packet with 8-byte length prefix, containing a 4-byte vlint */ +static const unsigned char quic4[] = { + 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x80, 0x01, 0x3c, 0x6a +}; +/* QUIC sub-packet with 8-byte length prefix, containing a 8-byte vlint */ +static const unsigned char quic5[] = { + 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0xef, 0x77, 0x21, 0x3f, 0x3f, 0x50, 0x5b, 0xa5 +}; +/* QUIC sub-packet, length known up-front */ +static const unsigned char quic6[] = { 0x03, 0x55, 0x66, 0x77 }; +/* Nested and sequential sub-packets with length prefixes */ +static const unsigned char quic7[] = { + 0x07, 0x80, 0x00, 0x00, 0x08, 0x65, 0x14, 0x40, 0x01, 0x05, + 0x40, 0x01, 0x11, 0x40, 0x01, 0x12, 0x40, 0x01, 0x13 +}; + +#endif + static BUF_MEM *buf; static int cleanup(WPACKET *pkt) @@ -398,7 +426,7 @@ static int test_WPACKET_init_der(void) if (i == 0) { if (!TEST_true(WPACKET_init_null_der(&pkt))) return 0; - } else { + } else { if (!TEST_true(WPACKET_init_der(&pkt, sbuf, sizeof(sbuf)))) return 0; } @@ -424,6 +452,183 @@ static int test_WPACKET_init_der(void) return 1; } +#ifndef OPENSSL_NO_QUIC + +static int test_WPACKET_quic(void) +{ + WPACKET pkt; + size_t written, len; + unsigned char *bytes; + + /* QUIC sub-packet with 4-byte length prefix, containing a 1-byte vlint */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_start_quic_sub_packet(&pkt)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x09)) + /* Can't finish because we have a sub packet */ + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_close(&pkt)) + /* Sub packet is closed so can't close again */ + || !TEST_false(WPACKET_close(&pkt)) + /* Now a top level so finish should succeed */ + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic1, sizeof(quic1))) + return cleanup(&pkt); + + /* QUIC sub-packet with 1-byte length prefix, containing a 1-byte vlint */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_1B_MAX)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x09)) + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_false(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic2, sizeof(quic2))) + return cleanup(&pkt); + + /* QUIC sub-packet with 2-byte length prefix, containing a 2-byte vlint */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_2B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x41)) + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_false(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic3, sizeof(quic3))) + return cleanup(&pkt); + + /* QUIC sub-packet with 8-byte length prefix, containing a 4-byte vlint */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_8B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x13c6a)) + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_false(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic4, sizeof(quic4))) + return cleanup(&pkt); + + /* QUIC sub-packet with 8-byte length prefix, containing a 8-byte vlint */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_8B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x2f77213f3f505ba5ULL)) + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_false(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic5, sizeof(quic5))) + return cleanup(&pkt); + + /* QUIC sub-packet, length known up-front */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_quic_sub_allocate_bytes(&pkt, 3, &bytes))) + return cleanup(&pkt); + + bytes[0] = 0x55; + bytes[1] = 0x66; + bytes[2] = 0x77; + + if (!TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic6, sizeof(quic6))) + return cleanup(&pkt); + + /* Nested and sequential sub-packets with length prefixes */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x07)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 1) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_4B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x2514)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 2) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_2B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x05)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 1) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_2B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x11)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 8) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_2B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x12)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_start_quic_sub_packet_bound(&pkt, OSSL_QUIC_VLINT_2B_MIN)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, 0x13)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, quic7, sizeof(quic7))) + return cleanup(&pkt); + + /* Trying to encode a value above OSSL_QUIC_VLINT_MAX should fail */ + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_false(WPACKET_quic_write_vlint(&pkt, OSSL_QUIC_VLINT_MAX+1)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, OSSL_QUIC_VLINT_MAX))) + return cleanup(&pkt); + + WPACKET_cleanup(&pkt); + return 1; +} + +static int test_WPACKET_quic_vlint_random(void) +{ + size_t i, written; + uint64_t expected, actual = 0; + unsigned char rand_data[9]; + WPACKET pkt; + PACKET read_pkt = {0}; + + for (i = 0; i < 10000; ++i) { + if (!TEST_int_gt(RAND_bytes(rand_data, sizeof(rand_data)), 0)) + return cleanup(&pkt); + + memcpy(&expected, rand_data, sizeof(expected)); + + /* + * Ensure that all size classes get tested with equal probability. + */ + switch (rand_data[8] & 3) { + case 0: + expected &= OSSL_QUIC_VLINT_1B_MAX; + break; + case 1: + expected &= OSSL_QUIC_VLINT_2B_MAX; + break; + case 2: + expected &= OSSL_QUIC_VLINT_4B_MAX; + break; + case 3: + expected &= OSSL_QUIC_VLINT_8B_MAX; + break; + } + + if (!TEST_true(WPACKET_init(&pkt, buf)) + || !TEST_true(WPACKET_quic_write_vlint(&pkt, expected)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written))) + return cleanup(&pkt); + + if (!TEST_true(PACKET_buf_init(&read_pkt, (unsigned char *)buf->data, written)) + || !TEST_true(PACKET_get_quic_vlint(&read_pkt, &actual)) + || !TEST_uint64_t_eq(expected, actual)) + return cleanup(&pkt); + + WPACKET_cleanup(&pkt); + } + + WPACKET_cleanup(&pkt); + return 1; +} + +#endif + int setup_tests(void) { if (!TEST_ptr(buf = BUF_MEM_new())) @@ -436,6 +641,10 @@ int setup_tests(void) ADD_TEST(test_WPACKET_allocate_bytes); ADD_TEST(test_WPACKET_memcpy); ADD_TEST(test_WPACKET_init_der); +#ifndef OPENSSL_NO_QUIC + ADD_TEST(test_WPACKET_quic); + ADD_TEST(test_WPACKET_quic_vlint_random); +#endif return 1; } diff --git a/test/x509_check_cert_pkey_test.c b/test/x509_check_cert_pkey_test.c index c53f566d5155..52c4ea40e081 100644 --- a/test/x509_check_cert_pkey_test.c +++ b/test/x509_check_cert_pkey_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -107,7 +107,7 @@ failed: } static const char *file; /* path of a cert/CRL/key file in PEM format */ -static const char *num; /* expected number of certs/CRLs/keys included */ +static int expected; /* expected number of certs/CRLs/keys included */ static int test_PEM_X509_INFO_read_bio(void) { @@ -115,13 +115,11 @@ static int test_PEM_X509_INFO_read_bio(void) STACK_OF(X509_INFO) *sk; X509_INFO *it; int i, count = 0; - int expected = 0; if (!TEST_ptr((in = BIO_new_file(file, "r")))) return 0; sk = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); - sscanf(num, "%d", &expected); for (i = 0; i < sk_X509_INFO_num(sk); i++) { it = sk_X509_INFO_value(sk, i); if (it->x509 != NULL) @@ -160,9 +158,13 @@ int setup_tests(void) } if (test_get_argument_count() == 2) { + const char *num; /* expected number of certs/CRLs/keys included */ + if (!TEST_ptr(file = test_get_argument(0)) || !TEST_ptr(num = test_get_argument(1))) return 0; + if (!TEST_int_eq(sscanf(num, "%d", &expected), 1)) + return 0; ADD_TEST(test_PEM_X509_INFO_read_bio); return 1; } diff --git a/test/x509_dup_cert_test.c b/test/x509_dup_cert_test.c index af35afbe0c98..b09de70a8a56 100644 --- a/test/x509_dup_cert_test.c +++ b/test/x509_dup_cert_test.c @@ -17,7 +17,6 @@ static int test_509_dup_cert(int n) { int ret = 0; - X509_STORE_CTX *sctx = NULL; X509_STORE *store = NULL; X509_LOOKUP *lookup = NULL; const char *cert_f = test_get_argument(n); @@ -28,7 +27,6 @@ static int test_509_dup_cert(int n) && TEST_true(X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM))) ret = 1; - X509_STORE_CTX_free(sctx); X509_STORE_free(store); return ret; } diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index be43537329bb..7cd04d84f6a4 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,22 +58,92 @@ static IP_TESTDATA a2i_ipaddress_tests[] = { {"127.0.0.1", "\x7f\x00\x00\x01", 4}, {"1.2.3.4", "\x01\x02\x03\x04", 4}, {"1.2.3.255", "\x01\x02\x03\xff", 4}, - {"1.2.3", NULL, 0}, - {"1.2.3 .4", NULL, 0}, + {"255.255.255.255", "\xff\xff\xff\xff", 4}, + {"::", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16}, {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, + {"::01", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, + {"::0001", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, + {"ffff::", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16}, + {"ffff::1", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, + {"1::2", "\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02", 16}, {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16}, {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16}, + {"::1.2.3.4", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04", 16}, + {"ffff:ffff:ffff:ffff:ffff:ffff:1.2.3.4", "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x02\x03\x04", 16}, + {"1:1:1:1:1:1:1:1.test", NULL, 0}, {":::1", NULL, 0}, {"2001::123g", NULL, 0}, - {"example.test", NULL, 0}, - {"", NULL, 0}, + /* Too few IPv4 components. */ + {"1", NULL, 0 }, + {"1.", NULL, 0 }, + {"1.2", NULL, 0 }, + {"1.2.", NULL, 0 }, + {"1.2.3", NULL, 0 }, + {"1.2.3.", NULL, 0 }, + + /* Invalid embedded IPv4 address. */ + {"::1.2.3", NULL, 0 }, + + /* IPv4 literals take the place of two IPv6 components. */ + {"1:2:3:4:5:6:7:1.2.3.4", NULL, 0 }, + + /* '::' should have fewer than 16 components or it is redundant. */ + {"1:2:3:4:5:6:7::8", NULL, 0 }, + + /* Embedded IPv4 addresses must be at the end. */ + {"::1.2.3.4:1", NULL, 0 }, + + /* Too many components. */ + {"1.2.3.4.5", NULL, 0 }, + {"1:2:3:4:5:6:7:8:9", NULL, 0 }, + {"1:2:3:4:5::6:7:8:9", NULL, 0 }, - {"1.2.3.4 ", "\x01\x02\x03\x04", 4}, - {" 1.2.3.4", "\x01\x02\x03\x04", 4}, - {" 1.2.3.4 ", "\x01\x02\x03\x04", 4}, + /* Stray whitespace or other invalid characters. */ + {"1.2.3.4 ", NULL, 0 }, + {"1.2.3 .4", NULL, 0 }, + {"1.2.3. 4", NULL, 0 }, + {" 1.2.3.4", NULL, 0 }, + {"1.2.3.4.", NULL, 0 }, + {"1.2.3.+4", NULL, 0 }, + {"1.2.3.-4", NULL, 0 }, + {"1.2.3.4.example.test", NULL, 0 }, + {"::1 ", NULL, 0 }, + {" ::1", NULL, 0 }, + {":: 1", NULL, 0 }, + {": :1", NULL, 0 }, + {"1.2.3.nope", NULL, 0 }, + {"::nope", NULL, 0 }, + + /* Components too large. */ + {"1.2.3.256", NULL, 0}, /* Overflows when adding */ + {"1.2.3.260", NULL, 0}, /* Overflows when multiplying by 10 */ + {"1.2.3.999999999999999999999999999999999999999999", NULL, 0 }, + {"::fffff", NULL, 0 }, + + /* Although not an overflow, more than four hex digits is an error. */ + {"::00000", NULL, 0 }, + + /* Too many colons. */ + {":::", NULL, 0 }, + {"1:::", NULL, 0 }, + {":::2", NULL, 0 }, + {"1:::2", NULL, 0 }, + + /* Only one group of zeros may be elided. */ + {"1::2::3", NULL, 0 }, + + /* We only support decimal. */ + {"1.2.3.01", NULL, 0 }, + {"1.2.3.0x1", NULL, 0 }, + + /* Random garbage. */ + {"example.test", NULL, 0 }, + {"", NULL, 0}, + {" 1.2.3.4", NULL, 0}, + {" 1.2.3.4 ", NULL, 0}, {"1.2.3.4.example.test", NULL, 0}, }; @@ -102,9 +172,59 @@ static int test_a2i_ipaddress(int idx) return good; } +static int ck_purp(ossl_unused const X509_PURPOSE *purpose, + ossl_unused const X509 *x, int ca) +{ + return 1; +} + +static int tests_X509_PURPOSE(void) +{ + OSSL_LIB_CTX *libctx = NULL; + int id, idx, *p; + X509_PURPOSE *xp; + +#undef LN +#define LN "LN_test" +#undef SN +#define SN "SN_test" +#undef ARGS +#define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL + return TEST_int_gt((id = X509_PURPOSE_get_unused_id(libctx)), X509_PURPOSE_MAX) + && TEST_int_eq(X509_PURPOSE_get_count() + 1, id) + && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1) + && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1) + + /* add new entry with fresh id and fresh sname: */ + && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN)), 1) + && TEST_int_ne((idx = X509_PURPOSE_get_by_sname(SN)), -1) + && TEST_int_eq(X509_PURPOSE_get_by_id(id), idx) + + /* overwrite same entry, should be idempotent: */ + && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN)), 1) + && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), idx) + && TEST_int_eq(X509_PURPOSE_get_by_id(id), idx) + + /* fail adding entry with same sname but existing conflicting id: */ + && TEST_int_eq(X509_PURPOSE_add(ARGS(X509_PURPOSE_MAX, SN)), 0) + /* fail adding entry with same existing id but conflicting sname: */ + && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN"_different")), 0) + + && TEST_ptr((xp = X509_PURPOSE_get0(idx))) + && TEST_int_eq(X509_PURPOSE_get_id(xp), id) + && TEST_str_eq(X509_PURPOSE_get0_name(xp), LN) + && TEST_str_eq(X509_PURPOSE_get0_sname(xp), SN) + && TEST_int_eq(X509_PURPOSE_get_trust(xp), X509_TRUST_MAX) + + && TEST_int_eq(*(p = &xp->purpose), id) + && TEST_int_eq(X509_PURPOSE_set(p, X509_PURPOSE_DEFAULT_ANY), 1) + && TEST_int_eq(X509_PURPOSE_get_id(xp), X509_PURPOSE_DEFAULT_ANY); +} + int setup_tests(void) { ADD_TEST(test_standard_exts); ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests)); + ADD_TEST(tests_X509_PURPOSE); return 1; } diff --git a/test/x509_time_test.c b/test/x509_time_test.c index 711dfcb5b6da..262f9ed7ce9e 100644 --- a/test/x509_time_test.c +++ b/test/x509_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,7 +72,7 @@ static TESTDATA_FORMAT x509_format_tests[] = { "20170217180105.001Z", 0, 0, -1, NULL, }, { - /* time zone, check only */ + /* timezone, check only */ "20170217180105+0800", 0, 0, -1, NULL, }, { @@ -84,7 +84,7 @@ static TESTDATA_FORMAT x509_format_tests[] = { "20170217180105.001Z", 1, 0, -1, NULL, }, { - /* time zone, set string */ + /* timezone, set string */ "20170217180105+0800", 1, 0, -1, NULL, }, { @@ -113,7 +113,7 @@ static TESTDATA_FORMAT x509_format_tests[] = { "040229180101Z", 0, 1, -1, NULL, }, { - /* time zone, check only */ + /* timezone, check only */ "170217180154+0800", 0, 0, -1, NULL, }, { @@ -121,7 +121,7 @@ static TESTDATA_FORMAT x509_format_tests[] = { "1702171801Z", 1, 0, -1, NULL, }, { - /* time zone, set string */ + /* timezone, set string */ "170217180154+0800", 1, 0, -1, NULL, }, { @@ -490,7 +490,7 @@ static const struct { "Jul 31 22:20:50 2017 GMT"), /* Generalized Time, no seconds */ construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME, - "Jul 31 22:20:00 2017 GMT"), + "Bad time value"), /* Generalized Time, fractional seconds (3 digits) */ construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME, "Jul 31 22:20:50.123 2017 GMT"), @@ -505,7 +505,7 @@ static const struct { "Jul 31 22:20:50 2017 GMT"), /* UTC Time, no seconds */ construct_asn1_time("1707312220Z", V_ASN1_UTCTIME, - "Jul 31 22:20:00 2017 GMT"), + "Bad time value"), }; static const struct { @@ -517,7 +517,7 @@ static const struct { "2017-07-31 22:20:50Z"), /* Generalized Time, no seconds */ construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME, - "2017-07-31 22:20:00Z"), + "Bad time value"), /* Generalized Time, fractional seconds (3 digits) */ construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME, "2017-07-31 22:20:50.123Z"), @@ -532,7 +532,7 @@ static const struct { "2017-07-31 22:20:50Z"), /* UTC Time, no seconds */ construct_asn1_time("1707312220Z", V_ASN1_UTCTIME, - "2017-07-31 22:20:00Z"), + "Bad time value"), }; static int test_x509_time_print_rfc_822(int idx) diff --git a/test/x509aux.c b/test/x509aux.c index bb3523dde592..7335e04771b3 100644 --- a/test/x509aux.c +++ b/test/x509aux.c @@ -16,7 +16,6 @@ #include <openssl/pem.h> #include <openssl/conf.h> #include <openssl/err.h> -#include "internal/nelem.h" #include "testutil.h" static int test_certs(int num) |