summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libcrypto')
-rw-r--r--src/regress/lib/libcrypto/CA/Makefile21
-rwxr-xr-xsrc/regress/lib/libcrypto/CA/doit.sh116
-rw-r--r--src/regress/lib/libcrypto/CA/intermediate.cnf130
-rw-r--r--src/regress/lib/libcrypto/CA/root.cnf130
-rw-r--r--src/regress/lib/libcrypto/Makefile52
-rw-r--r--src/regress/lib/libcrypto/Makefile.inc3
-rw-r--r--src/regress/lib/libcrypto/aead/Makefile14
-rw-r--r--src/regress/lib/libcrypto/aead/aeadtest.c368
-rw-r--r--src/regress/lib/libcrypto/aead/aeadtests.txt77
-rw-r--r--src/regress/lib/libcrypto/aeswrap/Makefile9
-rw-r--r--src/regress/lib/libcrypto/aeswrap/aes_wrap.c185
-rw-r--r--src/regress/lib/libcrypto/asn1/Makefile23
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1evp.c145
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1time.c428
-rw-r--r--src/regress/lib/libcrypto/asn1/rfc5280time.c384
-rw-r--r--src/regress/lib/libcrypto/base64/Makefile9
-rw-r--r--src/regress/lib/libcrypto/base64/base64test.c385
-rw-r--r--src/regress/lib/libcrypto/bf/Makefile9
-rw-r--r--src/regress/lib/libcrypto/bf/bftest.c513
-rw-r--r--src/regress/lib/libcrypto/bio/Makefile9
-rw-r--r--src/regress/lib/libcrypto/bio/biotest.c155
-rw-r--r--src/regress/lib/libcrypto/bn/Makefile12
-rw-r--r--src/regress/lib/libcrypto/bn/addsub/Makefile11
-rw-r--r--src/regress/lib/libcrypto/bn/addsub/bnaddsub.c236
-rw-r--r--src/regress/lib/libcrypto/bn/general/Makefile11
-rw-r--r--src/regress/lib/libcrypto/bn/general/bntest.c2467
-rw-r--r--src/regress/lib/libcrypto/bn/mont/Makefile9
-rw-r--r--src/regress/lib/libcrypto/bn/mont/mont.c73
-rw-r--r--src/regress/lib/libcrypto/bn/rand/Makefile11
-rw-r--r--src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c113
-rw-r--r--src/regress/lib/libcrypto/cast/Makefile9
-rw-r--r--src/regress/lib/libcrypto/cast/casttest.c222
-rw-r--r--src/regress/lib/libcrypto/chacha/Makefile9
-rw-r--r--src/regress/lib/libcrypto/chacha/chachatest.c339
-rw-r--r--src/regress/lib/libcrypto/cts128/Makefile9
-rw-r--r--src/regress/lib/libcrypto/cts128/cts128test.c170
-rw-r--r--src/regress/lib/libcrypto/curve25519/Makefile9
-rw-r--r--src/regress/lib/libcrypto/curve25519/x25519test.c140
-rw-r--r--src/regress/lib/libcrypto/des/Makefile9
-rw-r--r--src/regress/lib/libcrypto/des/destest.c884
-rw-r--r--src/regress/lib/libcrypto/dh/Makefile9
-rw-r--r--src/regress/lib/libcrypto/dh/dhtest.c160
-rw-r--r--src/regress/lib/libcrypto/dsa/Makefile15
-rw-r--r--src/regress/lib/libcrypto/dsa/dsatest.c224
-rw-r--r--src/regress/lib/libcrypto/ec/Makefile9
-rw-r--r--src/regress/lib/libcrypto/ec/ectest.c1456
-rw-r--r--src/regress/lib/libcrypto/ecdh/Makefile9
-rw-r--r--src/regress/lib/libcrypto/ecdh/ecdhtest.c477
-rw-r--r--src/regress/lib/libcrypto/ecdsa/Makefile9
-rw-r--r--src/regress/lib/libcrypto/ecdsa/ecdsatest.c405
-rw-r--r--src/regress/lib/libcrypto/engine/Makefile9
-rw-r--r--src/regress/lib/libcrypto/engine/enginetest.c244
-rw-r--r--src/regress/lib/libcrypto/evp/Makefile14
-rw-r--r--src/regress/lib/libcrypto/evp/evptest.c436
-rw-r--r--src/regress/lib/libcrypto/evp/evptests.txt357
-rw-r--r--src/regress/lib/libcrypto/exp/Makefile9
-rw-r--r--src/regress/lib/libcrypto/exp/exptest.c353
-rw-r--r--src/regress/lib/libcrypto/free/Makefile29
-rw-r--r--src/regress/lib/libcrypto/free/freenull.awk60
-rw-r--r--src/regress/lib/libcrypto/free/freenull.c.head27
-rw-r--r--src/regress/lib/libcrypto/free/freenull.c.tail28
-rw-r--r--src/regress/lib/libcrypto/gcm128/Makefile9
-rw-r--r--src/regress/lib/libcrypto/gcm128/gcm128test.c926
-rw-r--r--src/regress/lib/libcrypto/gost/Makefile9
-rw-r--r--src/regress/lib/libcrypto/gost/gost2814789t.c1459
-rw-r--r--src/regress/lib/libcrypto/hkdf/Makefile9
-rw-r--r--src/regress/lib/libcrypto/hkdf/hkdf_test.c300
-rw-r--r--src/regress/lib/libcrypto/hmac/Makefile9
-rw-r--r--src/regress/lib/libcrypto/hmac/hmactest.c329
-rw-r--r--src/regress/lib/libcrypto/idea/Makefile9
-rw-r--r--src/regress/lib/libcrypto/idea/ideatest.c221
-rw-r--r--src/regress/lib/libcrypto/ige/Makefile9
-rw-r--r--src/regress/lib/libcrypto/ige/igetest.c370
-rw-r--r--src/regress/lib/libcrypto/init/Makefile14
-rw-r--r--src/regress/lib/libcrypto/init/init_pledge.c34
-rw-r--r--src/regress/lib/libcrypto/md4/Makefile9
-rw-r--r--src/regress/lib/libcrypto/md4/md4test.c125
-rw-r--r--src/regress/lib/libcrypto/md5/Makefile9
-rw-r--r--src/regress/lib/libcrypto/md5/md5test.c126
-rw-r--r--src/regress/lib/libcrypto/ocsp/Makefile16
-rw-r--r--src/regress/lib/libcrypto/ocsp/ocsp_test.c154
-rw-r--r--src/regress/lib/libcrypto/pbkdf2/Makefile9
-rw-r--r--src/regress/lib/libcrypto/pbkdf2/pbkdf2.c214
-rw-r--r--src/regress/lib/libcrypto/pkcs7/Makefile9
-rw-r--r--src/regress/lib/libcrypto/pkcs7/pkcs7test.c289
-rw-r--r--src/regress/lib/libcrypto/poly1305/Makefile9
-rw-r--r--src/regress/lib/libcrypto/poly1305/poly1305test.c169
-rw-r--r--src/regress/lib/libcrypto/rand/Makefile9
-rw-r--r--src/regress/lib/libcrypto/rand/randtest.c204
-rw-r--r--src/regress/lib/libcrypto/rc2/Makefile9
-rw-r--r--src/regress/lib/libcrypto/rc2/rc2test.c138
-rw-r--r--src/regress/lib/libcrypto/rc4/Makefile9
-rw-r--r--src/regress/lib/libcrypto/rc4/rc4test.c225
-rw-r--r--src/regress/lib/libcrypto/rmd/Makefile9
-rw-r--r--src/regress/lib/libcrypto/rmd/rmdtest.c128
-rw-r--r--src/regress/lib/libcrypto/rsa/Makefile15
-rw-r--r--src/regress/lib/libcrypto/rsa/rsa_test.c327
-rw-r--r--src/regress/lib/libcrypto/sha1/Makefile9
-rw-r--r--src/regress/lib/libcrypto/sha1/sha1test.c139
-rw-r--r--src/regress/lib/libcrypto/sha2/Makefile42
-rw-r--r--src/regress/lib/libcrypto/sha256/Makefile9
-rw-r--r--src/regress/lib/libcrypto/sha256/sha256test.c162
-rw-r--r--src/regress/lib/libcrypto/sha512/Makefile9
-rw-r--r--src/regress/lib/libcrypto/sha512/sha512test.c201
-rw-r--r--src/regress/lib/libcrypto/utf8/Makefile10
-rw-r--r--src/regress/lib/libcrypto/utf8/utf8test.c319
-rw-r--r--src/regress/lib/libcrypto/wycheproof/Makefile25
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof.go2211
-rw-r--r--src/regress/lib/libcrypto/x509/Makefile16
-rw-r--r--src/regress/lib/libcrypto/x509/x509name.c59
-rw-r--r--src/regress/lib/libcrypto/x509/x509name.expected3
111 files changed, 0 insertions, 21379 deletions
diff --git a/src/regress/lib/libcrypto/CA/Makefile b/src/regress/lib/libcrypto/CA/Makefile
deleted file mode 100644
index c31c99c946..0000000000
--- a/src/regress/lib/libcrypto/CA/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/01/25 10:29:34 beck Exp $
2
3TESTS = \
4 doit.sh
5
6REGRESS_TARGETS= all_tests
7
8CLEANFILES += \
91000.pem client.cert.pem intermediate.cert.pem root.cert.pem server.csr.pem \
101001.pem client.csr.pem intermediate.csr.pem root.key.pem server.key.pem \
11chain.pem client.key.pem intermediate.key.pem server.cert.pem \
12int.txt int.txt.attr int.txt.old int.txt.attr.old \
13root.txt root.txt.attr root.txt.old root.txt.attr.old \
14intserial rootserial intserial.old rootserial.old
15
16all_tests: ${TESTS}
17 @for test in $>; do \
18 ./$$test; \
19 done
20
21.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/CA/doit.sh b/src/regress/lib/libcrypto/CA/doit.sh
deleted file mode 100755
index 110d89d67f..0000000000
--- a/src/regress/lib/libcrypto/CA/doit.sh
+++ /dev/null
@@ -1,116 +0,0 @@
1#!/bin/sh
2# $OpenBSD: doit.sh,v 1.2 2018/07/17 17:06:49 tb Exp $
3
4rm -rf root intermediate certs
5echo 1000 > rootserial
6cat /dev/null > root.txt
7echo 1000 > intserial
8cat /dev/null > int.txt
9
10# Vanna Vanna make me a root cert
11openssl genrsa -out root.key.pem 4096
12if [ $? -ne 0 ]; then
13 echo "*** Fail; Can't generate root rsa 4096 key"
14 exit 1
15fi
16
17openssl req -batch -config root.cnf -key root.key.pem -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
18if [ $? -ne 0 ]; then
19 echo "*** Fail; Can't generate root req"
20 exit 1
21fi
22
23# Make intermediate
24openssl genrsa -out intermediate.key.pem 2048
25if [ $? -ne 0 ]; then
26 echo "*** Fail; Can't generate intermediate rsa 2048 key"
27 exit 1
28fi
29
30openssl req -batch -config intermediate.cnf -new -sha256 \
31 -key intermediate.key.pem \
32 -out intermediate.csr.pem
33if [ $? -ne 0 ]; then
34 echo "*** Fail; Can't generate intermediate req"
35 exit 1
36fi
37
38# Sign intermediate
39openssl ca -batch -config root.cnf -extensions v3_intermediate_ca -days 10 -notext -md sha256 -in intermediate.csr.pem -out intermediate.cert.pem
40if [ $? -ne 0 ]; then
41 echo "*** Fail; Can't sign intermediate"
42 exit 1
43fi
44
45# Verify Intermediate
46openssl verify -CAfile ca.cert.pem intermediate.cert.pem
47if [ $? -ne 0]; then
48 echo "*** Fail; Intermediate CA does not validate"
49 exit 1
50fi
51
52cat intermediate.cert.pem root.cert.pem > chain.pem
53
54# make a server certificate
55
56openssl genrsa -out server.key.pem 2048
57if [ $? -ne 0]; then
58 echo "*** Fail; genrsa server"
59 exit 1
60fi
61
62
63openssl req -batch -config intermediate.cnf \
64 -key server.key.pem \
65 -new -sha256 -out server.csr.pem \
66 -subj '/CN=server/O=OpenBSD/OU=So and Sos/C=CA'
67if [ $? -ne 0]; then
68 echo "*** Fail; server req"
69 exit 1
70fi
71
72# sign server key
73openssl ca -batch -config intermediate.cnf -extensions server_cert -days 5 -notext -md sha256 -in server.csr.pem -out server.cert.pem
74if [ $? -ne 0 ]; then
75 echo "*** Fail; server sign"
76 exit 1
77fi
78
79# make a client certificate
80
81openssl genrsa -out client.key.pem 2048
82if [ $? -ne 0]; then
83 echo "*** Fail; genrsa client"
84 exit 1
85fi
86
87openssl req -batch -config intermediate.cnf \
88 -key client.key.pem \
89 -new -sha256 -out client.csr.pem \
90 -subj '/CN=client/O=OpenBSD/OU=So and Sos/C=CA'
91if [ $? -ne 0]; then
92 echo "*** Fail; client req"
93 exit 1
94fi
95
96# sign client key
97openssl ca -batch -config intermediate.cnf -extensions usr_cert -days 5 -notext -md sha256 -in client.csr.pem -out client.cert.pem
98if [ $? -ne 0 ]; then
99 echo "*** Fail; client sign"
100 exit 1
101fi
102
103# Verify Intermediate
104openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
105if [ $? -ne 0 ]; then
106 echo "*** Fail; server cert does not validate"
107 exit 1
108fi
109
110# Verify Intermediate
111openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem
112if [ $? -ne 0 ]; then
113 echo "*** Fail; client cert does not validate"
114 exit 1
115fi
116
diff --git a/src/regress/lib/libcrypto/CA/intermediate.cnf b/src/regress/lib/libcrypto/CA/intermediate.cnf
deleted file mode 100644
index 9a95487c00..0000000000
--- a/src/regress/lib/libcrypto/CA/intermediate.cnf
+++ /dev/null
@@ -1,130 +0,0 @@
1# $OpenBSD: intermediate.cnf,v 1.2 2018/07/17 17:06:49 tb Exp $
2# For regression tests
3default_ca = CA_regress
4
5[ CA_regress ]
6# Directory and file locations.
7dir = .
8certs = $dir
9crl_dir = $dir
10database = $dir/int.txt
11serial = $dir/intserial
12new_certs_dir = $dir
13
14# The root key and root certificate.
15private_key = $dir/intermediate.key.pem
16certificate = $dir/intermediate.cert.pem
17
18# For certificate revocation lists.
19crlnumber = $dir/crlnumber
20crl = $dir/ca.crl.pem
21crl_extensions = crl_ext
22default_crl_days = 30
23
24# SHA-1 is deprecated, so use SHA-2 instead.
25default_md = sha256
26
27name_opt = ca_default
28cert_opt = ca_default
29default_days = 10
30preserve = no
31policy = policy_loose
32
33[ policy_strict ]
34# The root CA should only sign intermediate certificates that match.
35# See the POLICY FORMAT section of `man ca`.
36countryName = match
37stateOrProvinceName = match
38organizationName = match
39organizationalUnitName = optional
40commonName = supplied
41emailAddress = optional
42
43[ policy_loose ]
44# Allow the intermediate CA to sign a more diverse range of certificates.
45# See the POLICY FORMAT section of the `ca` man page.
46countryName = optional
47stateOrProvinceName = optional
48localityName = optional
49organizationName = optional
50organizationalUnitName = optional
51commonName = supplied
52emailAddress = optional
53
54[ req ]
55# Options for the `req` tool (`man req`).
56default_bits = 2048
57distinguished_name = req_distinguished_name
58string_mask = utf8only
59
60# SHA-1 is deprecated, so use SHA-2 instead.
61default_md = sha256
62
63# Extension to add when the -x509 option is used.
64x509_extensions = v3_ca
65
66[ req_distinguished_name ]
67# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
68countryName = Country Name (2 letter code)
69stateOrProvinceName = State or Province Name
70localityName = Locality Name
710.organizationName = Organization Name
72organizationalUnitName = Organizational Unit Name
73commonName = Common Name
74emailAddress = Email Address
75
76# Optionally, specify some defaults.
77countryName_default = CA
78stateOrProvinceName_default = Alberta
79localityName_default = Edmonton
800.organizationName_default = OpenBSD
81organizationalUnitName_default = So and Sos
82emailAddress_default = evilsoandsos@openbsd.org
83commonName_default = Regress Intermediate CA
84
85[ v3_ca ]
86# Extensions for a typical CA (`man x509v3_config`).
87subjectKeyIdentifier = hash
88authorityKeyIdentifier = keyid:always,issuer
89basicConstraints = critical, CA:true
90keyUsage = critical, digitalSignature, cRLSign, keyCertSign
91
92[ v3_intermediate_ca ]
93# Extensions for a typical intermediate CA (`man x509v3_config`).
94subjectKeyIdentifier = hash
95authorityKeyIdentifier = keyid:always,issuer
96basicConstraints = critical, CA:true, pathlen:0
97keyUsage = critical, digitalSignature, cRLSign, keyCertSign
98
99[ usr_cert ]
100# Extensions for client certificates (`man x509v3_config`).
101basicConstraints = CA:FALSE
102nsCertType = client, email
103nsComment = "OpenSSL Generated Client Certificate"
104subjectKeyIdentifier = hash
105authorityKeyIdentifier = keyid,issuer
106keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
107extendedKeyUsage = clientAuth, emailProtection
108
109[ server_cert ]
110# Extensions for server certificates (`man x509v3_config`).
111basicConstraints = CA:FALSE
112nsCertType = server
113nsComment = "OpenSSL Generated Server Certificate"
114subjectKeyIdentifier = hash
115authorityKeyIdentifier = keyid,issuer:always
116keyUsage = critical, digitalSignature, keyEncipherment
117extendedKeyUsage = serverAuth
118
119[ crl_ext ]
120# Extension for CRLs (`man x509v3_config`).
121authorityKeyIdentifier=keyid:always
122
123[ ocsp ]
124# Extension for OCSP signing certificates (`man ocsp`).
125basicConstraints = CA:FALSE
126subjectKeyIdentifier = hash
127authorityKeyIdentifier = keyid,issuer
128keyUsage = critical, digitalSignature
129extendedKeyUsage = critical, OCSPSigning
130
diff --git a/src/regress/lib/libcrypto/CA/root.cnf b/src/regress/lib/libcrypto/CA/root.cnf
deleted file mode 100644
index b22e161476..0000000000
--- a/src/regress/lib/libcrypto/CA/root.cnf
+++ /dev/null
@@ -1,130 +0,0 @@
1# $OpenBSD: root.cnf,v 1.2 2018/07/17 17:06:49 tb Exp $
2# For regression tests
3default_ca = CA_regress
4
5[ CA_regress ]
6# Directory and file locations.
7dir = .
8certs = $dir
9crl_dir = $dir
10database = $dir/root.txt
11serial = $dir/rootserial
12new_certs_dir = $dir
13
14# The root key and root certificate.
15private_key = $dir/root.key.pem
16certificate = $dir/root.cert.pem
17
18# For certificate revocation lists.
19crlnumber = $dir/crlnumber
20crl = $dir/ca.crl.pem
21crl_extensions = crl_ext
22default_crl_days = 30
23
24# SHA-1 is deprecated, so use SHA-2 instead.
25default_md = sha256
26
27name_opt = ca_default
28cert_opt = ca_default
29default_days = 375
30preserve = no
31policy = policy_strict
32
33[ policy_strict ]
34# The root CA should only sign intermediate certificates that match.
35# See the POLICY FORMAT section of `man ca`.
36countryName = match
37stateOrProvinceName = match
38organizationName = match
39organizationalUnitName = optional
40commonName = supplied
41emailAddress = optional
42
43[ policy_loose ]
44# Allow the intermediate CA to sign a more diverse range of certificates.
45# See the POLICY FORMAT section of the `ca` man page.
46countryName = optional
47stateOrProvinceName = optional
48localityName = optional
49organizationName = optional
50organizationalUnitName = optional
51commonName = supplied
52emailAddress = optional
53
54[ req ]
55# Options for the `req` tool (`man req`).
56default_bits = 2048
57distinguished_name = req_distinguished_name
58string_mask = utf8only
59
60# SHA-1 is deprecated, so use SHA-2 instead.
61default_md = sha256
62
63# Extension to add when the -x509 option is used.
64x509_extensions = v3_ca
65
66[ req_distinguished_name ]
67# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
68countryName = Country Name (2 letter code)
69stateOrProvinceName = State or Province Name
70localityName = Locality Name
710.organizationName = Organization Name
72organizationalUnitName = Organizational Unit Name
73commonName = Common Name
74emailAddress = Email Address
75
76# Optionally, specify some defaults.
77countryName_default = CA
78stateOrProvinceName_default = Alberta
79localityName_default = Edmonton
800.organizationName_default = OpenBSD
81organizationalUnitName_default = So and Sos
82emailAddress_default = evilsoandsos@openbsd.org
83commonName_default = Regress Root CA
84
85[ v3_ca ]
86# Extensions for a typical CA (`man x509v3_config`).
87subjectKeyIdentifier = hash
88authorityKeyIdentifier = keyid:always,issuer
89basicConstraints = critical, CA:true
90keyUsage = critical, digitalSignature, cRLSign, keyCertSign
91
92[ v3_intermediate_ca ]
93# Extensions for a typical intermediate CA (`man x509v3_config`).
94subjectKeyIdentifier = hash
95authorityKeyIdentifier = keyid:always,issuer
96basicConstraints = critical, CA:true, pathlen:0
97keyUsage = critical, digitalSignature, cRLSign, keyCertSign
98
99[ usr_cert ]
100# Extensions for client certificates (`man x509v3_config`).
101basicConstraints = CA:FALSE
102nsCertType = client, email
103nsComment = "OpenSSL Generated Client Certificate"
104subjectKeyIdentifier = hash
105authorityKeyIdentifier = keyid,issuer
106keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
107extendedKeyUsage = clientAuth, emailProtection
108
109[ server_cert ]
110# Extensions for server certificates (`man x509v3_config`).
111basicConstraints = CA:FALSE
112nsCertType = server
113nsComment = "OpenSSL Generated Server Certificate"
114subjectKeyIdentifier = hash
115authorityKeyIdentifier = keyid,issuer:always
116keyUsage = critical, digitalSignature, keyEncipherment
117extendedKeyUsage = serverAuth
118
119[ crl_ext ]
120# Extension for CRLs (`man x509v3_config`).
121authorityKeyIdentifier=keyid:always
122
123[ ocsp ]
124# Extension for OCSP signing certificates (`man ocsp`).
125basicConstraints = CA:FALSE
126subjectKeyIdentifier = hash
127authorityKeyIdentifier = keyid,issuer
128keyUsage = critical, digitalSignature
129extendedKeyUsage = critical, OCSPSigning
130
diff --git a/src/regress/lib/libcrypto/Makefile b/src/regress/lib/libcrypto/Makefile
deleted file mode 100644
index 38e3304eb4..0000000000
--- a/src/regress/lib/libcrypto/Makefile
+++ /dev/null
@@ -1,52 +0,0 @@
1# $OpenBSD: Makefile,v 1.32 2018/07/25 18:04:09 jsing Exp $
2
3SUBDIR= \
4 aead \
5 aeswrap \
6 asn1 \
7 base64 \
8 bf \
9 bio \
10 bn \
11 cast \
12 chacha \
13 cts128 \
14 curve25519 \
15 des \
16 dh \
17 dsa \
18 ec \
19 ecdh \
20 ecdsa \
21 engine \
22 evp \
23 exp \
24 free \
25 gcm128 \
26 gost \
27 hkdf \
28 hmac \
29 idea \
30 ige \
31 init \
32 md4 \
33 md5 \
34 pbkdf2 \
35 pkcs7 \
36 poly1305 \
37 rand \
38 rc2 \
39 rc4 \
40 rmd \
41 rsa \
42 sha1 \
43 sha2 \
44 sha256 \
45 sha512 \
46 utf8 \
47 wycheproof \
48 x509
49
50install:
51
52.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libcrypto/Makefile.inc b/src/regress/lib/libcrypto/Makefile.inc
deleted file mode 100644
index 88fe5aca41..0000000000
--- a/src/regress/lib/libcrypto/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
1# $OpenBSD: Makefile.inc,v 1.2 2018/07/17 17:06:49 tb Exp $
2# Use this variable when the test needs internal symbols from libcrypto
3CRYPTO_INT= -Wl,-Bstatic -lcrypto -Wl,-Bdynamic
diff --git a/src/regress/lib/libcrypto/aead/Makefile b/src/regress/lib/libcrypto/aead/Makefile
deleted file mode 100644
index 344bdcbbf1..0000000000
--- a/src/regress/lib/libcrypto/aead/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= aeadtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS=regress-aeadtest
10
11regress-aeadtest: ${PROG}
12 ./${PROG} ${.CURDIR}/aeadtests.txt
13
14.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/aead/aeadtest.c b/src/regress/lib/libcrypto/aead/aeadtest.c
deleted file mode 100644
index 4f0ab9fa3a..0000000000
--- a/src/regress/lib/libcrypto/aead/aeadtest.c
+++ /dev/null
@@ -1,368 +0,0 @@
1/* $OpenBSD: aeadtest.c,v 1.11 2018/07/17 17:06:49 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 */
50
51#include <stdio.h>
52#include <stdlib.h>
53#include <string.h>
54#include <stdint.h>
55
56#include <openssl/evp.h>
57
58/* This program tests an AEAD against a series of test vectors from a file. The
59 * test vector file consists of key-value lines where the key and value are
60 * separated by a colon and optional whitespace. The keys are listed in
61 * NAMES, below. The values are hex-encoded data.
62 *
63 * After a number of key-value lines, a blank line indicates the end of the
64 * test case.
65 *
66 * For example, here's a valid test case:
67 *
68 * AEAD: chacha20-poly1305
69 * KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5
70 * NONCE: 1e8b4c510f5ca083
71 * IN: 8c8419bc27
72 * AD: 34ab88c265
73 * CT: 1a7c2f33f5
74 * TAG: 2875c659d0f2808de3a40027feff91a4
75 */
76
77#define BUF_MAX 1024
78
79/* These are the different types of line that are found in the input file. */
80enum {
81 AEAD = 0, /* name of the AEAD algorithm. */
82 KEY, /* hex encoded key. */
83 NONCE, /* hex encoded nonce. */
84 IN, /* hex encoded plaintext. */
85 AD, /* hex encoded additional data. */
86 CT, /* hex encoded ciphertext (not including the
87 * authenticator, which is next. */
88 TAG, /* hex encoded authenticator. */
89 NUM_TYPES
90};
91
92static const char NAMES[NUM_TYPES][6] = {
93 "AEAD",
94 "KEY",
95 "NONCE",
96 "IN",
97 "AD",
98 "CT",
99 "TAG",
100};
101
102static unsigned char
103hex_digit(char h)
104{
105 if (h >= '0' && h <= '9')
106 return h - '0';
107 else if (h >= 'a' && h <= 'f')
108 return h - 'a' + 10;
109 else if (h >= 'A' && h <= 'F')
110 return h - 'A' + 10;
111 else
112 return 16;
113}
114
115static int
116aead_from_name(const EVP_AEAD **aead, const char *name)
117{
118 *aead = NULL;
119
120 if (strcmp(name, "aes-128-gcm") == 0) {
121#ifndef OPENSSL_NO_AES
122 *aead = EVP_aead_aes_128_gcm();
123#else
124 fprintf(stderr, "No AES support.\n");
125#endif
126 } else if (strcmp(name, "aes-256-gcm") == 0) {
127#ifndef OPENSSL_NO_AES
128 *aead = EVP_aead_aes_256_gcm();
129#else
130 fprintf(stderr, "No AES support.\n");
131#endif
132 } else if (strcmp(name, "chacha20-poly1305") == 0) {
133#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
134 *aead = EVP_aead_chacha20_poly1305();
135#else
136 fprintf(stderr, "No chacha20-poly1305 support.\n");
137#endif
138 } else {
139 fprintf(stderr, "Unknown AEAD: %s\n", name);
140 return -1;
141 }
142
143 if (*aead == NULL)
144 return 0;
145
146 return 1;
147}
148
149static int
150run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
151 const unsigned int lengths[NUM_TYPES], unsigned int line_no)
152{
153 EVP_AEAD_CTX ctx;
154 unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
155 size_t out_len, out_len2;
156
157 if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
158 lengths[TAG], NULL)) {
159 fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
160 return 0;
161 }
162
163 if (!EVP_AEAD_CTX_seal(&ctx, out, &out_len, sizeof(out), bufs[NONCE],
164 lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD])) {
165 fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
166 return 0;
167 }
168
169 if (out_len != lengths[CT] + lengths[TAG]) {
170 fprintf(stderr, "Bad output length on line %u: %zu vs %u\n",
171 line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG]));
172 return 0;
173 }
174
175 if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
176 fprintf(stderr, "Bad output on line %u\n", line_no);
177 return 0;
178 }
179
180 if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
181 fprintf(stderr, "Bad tag on line %u\n", line_no);
182 return 0;
183 }
184
185 if (!EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
186 lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
187 fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
188 return 0;
189 }
190
191 if (out_len2 != lengths[IN]) {
192 fprintf(stderr, "Bad decrypt on line %u: %zu\n",
193 line_no, out_len2);
194 return 0;
195 }
196
197 if (memcmp(out2, bufs[IN], out_len2) != 0) {
198 fprintf(stderr, "Plaintext mismatch on line %u\n", line_no);
199 return 0;
200 }
201
202 out[0] ^= 0x80;
203 if (EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
204 lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
205 fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
206 return 0;
207 }
208
209 EVP_AEAD_CTX_cleanup(&ctx);
210 return 1;
211}
212
213int
214main(int argc, char **argv)
215{
216 FILE *f;
217 const EVP_AEAD *aead = NULL;
218 unsigned int line_no = 0, num_tests = 0, j;
219
220 unsigned char bufs[NUM_TYPES][BUF_MAX];
221 unsigned int lengths[NUM_TYPES];
222
223 if (argc != 2) {
224 fprintf(stderr, "%s <test file.txt>\n", argv[0]);
225 return 1;
226 }
227
228 f = fopen(argv[1], "r");
229 if (f == NULL) {
230 perror("failed to open input");
231 return 1;
232 }
233
234 for (j = 0; j < NUM_TYPES; j++)
235 lengths[j] = 0;
236
237 for (;;) {
238 char line[4096];
239 unsigned int i, type_len = 0;
240
241 unsigned char *buf = NULL;
242 unsigned int *buf_len = NULL;
243
244 if (!fgets(line, sizeof(line), f))
245 break;
246
247 line_no++;
248 if (line[0] == '#')
249 continue;
250
251 if (line[0] == '\n' || line[0] == 0) {
252 /* Run a test, if possible. */
253 char any_values_set = 0;
254 for (j = 0; j < NUM_TYPES; j++) {
255 if (lengths[j] != 0) {
256 any_values_set = 1;
257 break;
258 }
259 }
260
261 if (!any_values_set)
262 continue;
263
264 switch (aead_from_name(&aead, bufs[AEAD])) {
265 case 0:
266 fprintf(stderr, "Skipping test...\n");
267 continue;
268 case -1:
269 fprintf(stderr, "Aborting...\n");
270 return 4;
271 }
272
273 if (!run_test_case(aead, bufs, lengths, line_no))
274 return 4;
275
276 for (j = 0; j < NUM_TYPES; j++)
277 lengths[j] = 0;
278
279 num_tests++;
280 continue;
281 }
282
283 /* Each line looks like:
284 * TYPE: 0123abc
285 * Where "TYPE" is the type of the data on the line,
286 * e.g. "KEY". */
287 for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
288 if (line[i] == ':') {
289 type_len = i;
290 break;
291 }
292 }
293 i++;
294
295 if (type_len == 0) {
296 fprintf(stderr, "Parse error on line %u\n", line_no);
297 return 3;
298 }
299
300 /* After the colon, there's optional whitespace. */
301 for (; line[i] != 0 && line[i] != '\n'; i++) {
302 if (line[i] != ' ' && line[i] != '\t')
303 break;
304 }
305
306 line[type_len] = 0;
307 for (j = 0; j < NUM_TYPES; j++) {
308 if (strcmp(line, NAMES[j]) != 0)
309 continue;
310 if (lengths[j] != 0) {
311 fprintf(stderr, "Duplicate value on line %u\n",
312 line_no);
313 return 3;
314 }
315 buf = bufs[j];
316 buf_len = &lengths[j];
317 break;
318 }
319
320 if (buf == NULL) {
321 fprintf(stderr, "Unknown line type on line %u\n",
322 line_no);
323 return 3;
324 }
325
326 if (j == AEAD) {
327 *buf_len = strlcpy(buf, line + i, BUF_MAX);
328 for (j = 0; j < BUF_MAX; j++) {
329 if (buf[j] == '\n')
330 buf[j] = '\0';
331 }
332 continue;
333 }
334
335 for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
336 unsigned char v, v2;
337 v = hex_digit(line[i++]);
338 if (line[i] == 0 || line[i] == '\n') {
339 fprintf(stderr, "Odd-length hex data on "
340 "line %u\n", line_no);
341 return 3;
342 }
343 v2 = hex_digit(line[i]);
344 if (v > 15 || v2 > 15) {
345 fprintf(stderr, "Invalid hex char on line %u\n",
346 line_no);
347 return 3;
348 }
349 v <<= 4;
350 v |= v2;
351
352 if (j == BUF_MAX) {
353 fprintf(stderr, "Too much hex data on line %u "
354 "(max is %u bytes)\n",
355 line_no, (unsigned) BUF_MAX);
356 return 3;
357 }
358 buf[j++] = v;
359 *buf_len = *buf_len + 1;
360 }
361 }
362
363 printf("Completed %u test cases\n", num_tests);
364 printf("PASS\n");
365 fclose(f);
366
367 return 0;
368}
diff --git a/src/regress/lib/libcrypto/aead/aeadtests.txt b/src/regress/lib/libcrypto/aead/aeadtests.txt
deleted file mode 100644
index 18cee7e579..0000000000
--- a/src/regress/lib/libcrypto/aead/aeadtests.txt
+++ /dev/null
@@ -1,77 +0,0 @@
1# $OpenBSD: aeadtests.txt,v 1.7 2018/07/17 17:06:49 tb Exp $
2#
3# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
4#
5
6# 2.5.1 65-byte Packet Authentication Using GCM-AES-128
7AEAD: aes-128-gcm
8KEY: 013FE00B5F11BE7F866D0CBBC55A7A90
9NONCE: 7CFDE9F9E33724C68932D612
10IN:
11AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
12CT:
13TAG: 217867E50C2DAD74C28C3B50ABDF695A
14
15# 2.5.2 65-byte Packet Authentication Using GCM-AES-256
16AEAD: aes-256-gcm
17KEY: 83C093B58DE7FFE1C0DA926AC43FB3609AC1C80FEE1B624497EF942E2F79A823
18NONCE: 7CFDE9F9E33724C68932D612
19IN:
20AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
21CT:
22TAG: 6EE160E8FAECA4B36C86B234920CA975
23
24# 2.8.1 75-byte Packet Encryption Using GCM-AES-128
25AEAD: aes-128-gcm
26KEY: 88EE087FD95DA9FBF6725AA9D757B0CD
27NONCE: 7AE8E2CA4EC500012E58495C
28IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
29AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
30CT: C31F53D99E5687F7365119B832D2AAE70741D593F1F9E2AB3455779B078EB8FEACDFEC1F8E3E5277F8180B43361F6512ADB16D2E38548A2C719DBA7228D840
31TAG: 88F8757ADB8AA788D8F65AD668BE70E7
32
33# 2.8.2 75-byte Packet Encryption Using GCM-AES-256
34AEAD: aes-256-gcm
35KEY: 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
36NONCE: 7AE8E2CA4EC500012E58495C
37IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
38AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
39CT: BA8AE31BC506486D6873E4FCE460E7DC57591FF00611F31C3834FE1C04AD80B66803AFCF5B27E6333FA67C99DA47C2F0CED68D531BD741A943CFF7A6713BD0
40TAG: 2611CD7DAA01D61C5C886DC1A8170107
41
42# Test vector from RFC7539 2.8.2
43AEAD: chacha20-poly1305
44KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
45NONCE: 070000004041424344454647
46IN: 4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e
47AD: 50515253c0c1c2c3c4c5c6c7
48CT: d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116
49TAG: 1ae10b594f09e26a7e902ecbd0600691
50
51# Test vector from RFC7539 Appendix A.5
52AEAD: chacha20-poly1305
53KEY: 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0
54NONCE: 000000000102030405060708
55IN: 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d
56AD: f33388860000000000004e91
57CT: 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b
58TAG: eead9d67890cbb22392336fea1851f38
59
60# Test vector from RFC7634 Appendix A
61AEAD: chacha20-poly1305
62KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
63NONCE: a0a1a2a31011121314151617
64IN: 45000054a6f200004001e778c6336405c000020508005b7a3a080000553bec100007362708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363701020204
65AD: 0102030400000005
66CT: 24039428b97f417e3c13753a4f05087b67c352e6a7fab1b982d466ef407ae5c614ee8099d52844eb61aa95dfab4c02f72aa71e7c4c4f64c9befe2facc638e8f3cbec163fac469b502773f6fb94e664da9165b82829f641e0
67TAG: 76aaa8266b7fb0f7b11b369907e1ad43
68
69# Test vector from RFC7634 Appendix B
70AEAD: chacha20-poly1305
71KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
72NONCE: a0a1a2a31011121314151617
73IN: 0000000c000040010000000a00
74AD: c0c1c2c3c4c5c6c7d0d1d2d3d4d5d6d72e202500000000090000004529000029
75CT: 610394701f8d017f7c12924889
76TAG: 6b71bfe25236efd7cdc67066906315b2
77
diff --git a/src/regress/lib/libcrypto/aeswrap/Makefile b/src/regress/lib/libcrypto/aeswrap/Makefile
deleted file mode 100644
index dbdf48d183..0000000000
--- a/src/regress/lib/libcrypto/aeswrap/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2014/07/08 15:53:52 jsing Exp $
2
3PROG= aes_wrap
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/aeswrap/aes_wrap.c b/src/regress/lib/libcrypto/aeswrap/aes_wrap.c
deleted file mode 100644
index b48c7ae6e0..0000000000
--- a/src/regress/lib/libcrypto/aeswrap/aes_wrap.c
+++ /dev/null
@@ -1,185 +0,0 @@
1/* $OpenBSD: aes_wrap.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <stdio.h>
55#include <stdlib.h>
56#include <string.h>
57
58#include <openssl/aes.h>
59
60int AES_wrap_unwrap_test(const unsigned char *, int, const unsigned char *,
61 const unsigned char *, const unsigned char *, int);
62
63int
64AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
65 const unsigned char *iv, const unsigned char *eout,
66 const unsigned char *key, int keylen)
67{
68 unsigned char *otmp = NULL, *ptmp = NULL;
69 int r, ret = 0;
70 AES_KEY wctx;
71
72 otmp = malloc(keylen + 8);
73 ptmp = malloc(keylen);
74 if (otmp == NULL || ptmp == NULL)
75 goto err;
76 if (AES_set_encrypt_key(kek, keybits, &wctx))
77 goto err;
78 r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
79 if (r <= 0)
80 goto err;
81
82 if (eout && memcmp(eout, otmp, keylen))
83 goto err;
84
85 if (AES_set_decrypt_key(kek, keybits, &wctx))
86 goto err;
87 r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
88
89 if (memcmp(key, ptmp, keylen))
90 goto err;
91
92 ret = 1;
93
94err:
95 free(otmp);
96 free(ptmp);
97
98 return ret;
99}
100
101int
102main(int argc, char **argv)
103{
104 static const unsigned char kek[] = {
105 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
106 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
107 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
108 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
109 };
110
111 static const unsigned char key[] = {
112 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
113 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
114 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
115 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
116 };
117
118 static const unsigned char e1[] = {
119 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
120 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
121 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
122 };
123
124 static const unsigned char e2[] = {
125 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
126 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
127 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
128 };
129
130 static const unsigned char e3[] = {
131 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
132 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
133 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
134 };
135
136 static const unsigned char e4[] = {
137 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
138 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
139 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
140 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
141 };
142
143 static const unsigned char e5[] = {
144 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
145 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
146 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
147 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
148 };
149
150 static const unsigned char e6[] = {
151 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
152 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
153 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
154 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
155 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
156 };
157
158 int ret, nfailures = 0;
159 ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
160 if (ret == 0)
161 nfailures++;
162 fprintf(stderr, "Key test result %d\n", ret);
163 ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
164 if (ret == 0)
165 nfailures++;
166 fprintf(stderr, "Key test result %d\n", ret);
167 ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
168 if (ret == 0)
169 nfailures++;
170 fprintf(stderr, "Key test result %d\n", ret);
171 ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
172 if (ret == 0)
173 nfailures++;
174 fprintf(stderr, "Key test result %d\n", ret);
175 ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
176 if (ret == 0)
177 nfailures++;
178 fprintf(stderr, "Key test result %d\n", ret);
179 ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
180 if (ret == 0)
181 nfailures++;
182 fprintf(stderr, "Key test result %d\n", ret);
183
184 return nfailures;
185}
diff --git a/src/regress/lib/libcrypto/asn1/Makefile b/src/regress/lib/libcrypto/asn1/Makefile
deleted file mode 100644
index 2dae70e9e5..0000000000
--- a/src/regress/lib/libcrypto/asn1/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2018/08/31 17:35:21 tb Exp $
2
3TESTS = \
4 asn1evp \
5 asn1time \
6 rfc5280time
7
8PROGS = ${TESTS}
9
10REGRESS_TARGETS= all_tests
11
12LDADD= -lcrypto
13DPADD= ${LIBCRYPTO} ${LIBSSL}
14WARNINGS= Yes
15LDFLAGS+= -lcrypto
16CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
17
18all_tests: ${TESTS}
19 @for test in $>; do \
20 ./$$test; \
21 done
22
23.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/asn1/asn1evp.c b/src/regress/lib/libcrypto/asn1/asn1evp.c
deleted file mode 100644
index d1870f9acc..0000000000
--- a/src/regress/lib/libcrypto/asn1/asn1evp.c
+++ /dev/null
@@ -1,145 +0,0 @@
1/* $OpenBSD: asn1evp.c,v 1.2 2017/12/09 14:34:09 jsing Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <limits.h>
19#include <stdio.h>
20#include <string.h>
21
22#include <openssl/asn1.h>
23
24#define TEST_NUM 0x7fffffffL
25
26unsigned char asn1_atios[] = {
27 0x30, 0x10, 0x02, 0x04, 0x7f, 0xff, 0xff, 0xff,
28 0x04, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
29 0x06, 0x07,
30};
31
32unsigned char test_octetstring[] = {
33 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
34};
35
36static void
37hexdump(const unsigned char *buf, size_t len)
38{
39 size_t i;
40
41 for (i = 1; i <= len; i++)
42 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
43
44 fprintf(stderr, "\n");
45}
46
47static int
48compare_data(const char *label, const unsigned char *d1, size_t d1_len,
49 const unsigned char *d2, size_t d2_len)
50{
51 if (d1_len != d2_len) {
52 fprintf(stderr, "FAIL: got %s with length %zu, want %zu\n",
53 label, d1_len, d2_len);
54 return -1;
55 }
56 if (memcmp(d1, d2, d1_len) != 0) {
57 fprintf(stderr, "FAIL: %s differs\n", label);
58 fprintf(stderr, "got:\n");
59 hexdump(d1, d1_len);
60 fprintf(stderr, "want:\n");
61 hexdump(d2, d2_len);
62 return -1;
63 }
64 return 0;
65}
66
67int
68main(int argc, char **argv)
69{
70 unsigned char data[16];
71 long num = TEST_NUM;
72 int failed = 1;
73 ASN1_TYPE at;
74 int len;
75
76 memset(&at, 0, sizeof(at));
77
78 if (!ASN1_TYPE_set_int_octetstring(&at, num, test_octetstring,
79 sizeof(test_octetstring))) {
80 fprintf(stderr, "FAIL: ASN1_TYPE_set_int_octetstring failed\n");
81 goto done;
82 }
83 if (at.type != V_ASN1_SEQUENCE) {
84 fprintf(stderr, "FAIL: not a V_ASN1_SEQUENCE (%i != %i)\n",
85 at.type, V_ASN1_SEQUENCE);
86 goto done;
87 }
88 if (at.value.sequence->type != V_ASN1_OCTET_STRING) {
89 fprintf(stderr, "FAIL: not a V_ASN1_OCTET_STRING (%i != %i)\n",
90 at.type, V_ASN1_OCTET_STRING);
91 goto done;
92 }
93 if (compare_data("sequence", at.value.sequence->data,
94 at.value.sequence->length, asn1_atios, sizeof(asn1_atios)) == -1)
95 goto done;
96
97 memset(&data, 0, sizeof(data));
98 num = 0;
99
100 if ((len = ASN1_TYPE_get_int_octetstring(&at, &num, data,
101 sizeof(data))) < 0) {
102 fprintf(stderr, "FAIL: ASN1_TYPE_get_int_octetstring failed\n");
103 goto done;
104 }
105 if (num != TEST_NUM) {
106 fprintf(stderr, "FAIL: got num %li, want %li\n", num, TEST_NUM);
107 goto done;
108 }
109 if (compare_data("octet string", data, len,
110 test_octetstring, sizeof(test_octetstring)) == -1)
111 goto done;
112 if (data[len] != 0) {
113 fprintf(stderr, "FAIL: octet string overflowed buffer\n");
114 goto done;
115 }
116
117 memset(&data, 0, sizeof(data));
118 num = 0;
119
120 /* With a limit buffer, the output should be truncated... */
121 if ((len = ASN1_TYPE_get_int_octetstring(&at, &num, data, 4)) < 0) {
122 fprintf(stderr, "FAIL: ASN1_TYPE_get_int_octetstring failed\n");
123 goto done;
124 }
125 if (num != TEST_NUM) {
126 fprintf(stderr, "FAIL: got num %li, want %li\n", num, TEST_NUM);
127 goto done;
128 }
129 if (len != sizeof(test_octetstring)) {
130 fprintf(stderr, "FAIL: got length mismatch (%i != %zu)\n",
131 len, sizeof(test_octetstring));
132 goto done;
133 }
134 if (compare_data("octet string", data, 4, test_octetstring, 4) == -1)
135 goto done;
136 if (data[4] != 0) {
137 fprintf(stderr, "FAIL: octet string overflowed buffer\n");
138 goto done;
139 }
140
141 failed = 0;
142
143 done:
144 return failed;
145}
diff --git a/src/regress/lib/libcrypto/asn1/asn1time.c b/src/regress/lib/libcrypto/asn1/asn1time.c
deleted file mode 100644
index 6a3921bd9c..0000000000
--- a/src/regress/lib/libcrypto/asn1/asn1time.c
+++ /dev/null
@@ -1,428 +0,0 @@
1/* $OpenBSD: asn1time.c,v 1.8 2015/12/28 14:18:38 bcook Exp $ */
2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/asn1.h>
19
20#include <err.h>
21#include <stdio.h>
22#include <string.h>
23
24struct asn1_time_test {
25 const char *str;
26 const char *data;
27 const unsigned char der[32];
28 time_t time;
29};
30
31struct asn1_time_test asn1_invtime_tests[] = {
32 {
33 .str = "",
34 },
35 {
36 .str = "2015",
37 },
38 {
39 .str = "201509",
40 },
41 {
42 .str = "20150923",
43 },
44 {
45 .str = "20150923032700",
46 },
47 {
48 .str = "20150923032700.Z",
49 },
50 {
51 .str = "20150923032700.123",
52 },
53 {
54 .str = "20150923032700+1.09",
55 },
56 {
57 .str = "20150923032700+1100Z",
58 },
59 {
60 .str = "20150923032700-11001",
61 },
62 {
63 /* UTC time cannot have fractional seconds. */
64 .str = "150923032700.123Z",
65 },
66 {
67 .str = "aaaaaaaaaaaaaaZ",
68 },
69};
70
71struct asn1_time_test asn1_gentime_tests[] = {
72 {
73 .str = "19700101000000Z",
74 .data = "19700101000000Z",
75 .time = 0,
76 .der = {
77 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31,
78 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
79 0x5a,
80 },
81 },
82 {
83 .str = "20150923032700Z",
84 .data = "20150923032700Z",
85 .time = 1442978820,
86 .der = {
87 0x18, 0x0f, 0x32, 0x30, 0x31, 0x35, 0x30, 0x39,
88 0x32, 0x33, 0x30, 0x33, 0x32, 0x37, 0x30, 0x30,
89 0x5a,
90 },
91 },
92};
93
94struct asn1_time_test asn1_utctime_tests[] = {
95 {
96 .str = "700101000000Z",
97 .data = "700101000000Z",
98 .time = 0,
99 .der = {
100 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x31,
101 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
102 },
103 },
104 {
105 .str = "150923032700Z",
106 .data = "150923032700Z",
107 .time = 1442978820,
108 .der = {
109 0x17, 0x0d, 0x31, 0x35, 0x30, 0x39, 0x32, 0x33,
110 0x30, 0x33, 0x32, 0x37, 0x30, 0x30, 0x5a,
111 },
112 },
113 {
114 .str = "140524144512Z",
115 .data = "140524144512Z",
116 .time = 1400942712,
117 .der = {
118 0x17, 0x0d, 0x31, 0x34, 0x30, 0x35, 0x32, 0x34,
119 0x31, 0x34, 0x34, 0x35, 0x31, 0x32, 0x5a,
120 },
121 },
122 {
123 .str = "240401144512Z",
124 .data = "240401144512Z",
125 .time = 1711982712,
126 .der = {
127 0x17, 0x0d, 0x32, 0x34, 0x30, 0x34, 0x30, 0x31,
128 0x31, 0x34, 0x34, 0x35, 0x31, 0x32, 0x5a
129 },
130 },
131};
132
133#define N_INVTIME_TESTS \
134 (sizeof(asn1_invtime_tests) / sizeof(*asn1_invtime_tests))
135#define N_GENTIME_TESTS \
136 (sizeof(asn1_gentime_tests) / sizeof(*asn1_gentime_tests))
137#define N_UTCTIME_TESTS \
138 (sizeof(asn1_utctime_tests) / sizeof(*asn1_utctime_tests))
139
140static void
141hexdump(const unsigned char *buf, size_t len)
142{
143 size_t i;
144
145 for (i = 1; i <= len; i++)
146 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
147
148 fprintf(stderr, "\n");
149}
150
151static int
152asn1_compare_bytes(int test_no, const unsigned char *d1,
153 const unsigned char *d2, int len1, int len2)
154{
155 if (len1 != len2) {
156 fprintf(stderr, "FAIL: test %i - byte lengths differ "
157 "(%i != %i)\n", test_no, len1, len2);
158 return (1);
159 }
160 if (memcmp(d1, d2, len1) != 0) {
161 fprintf(stderr, "FAIL: test %i - bytes differ\n", test_no);
162 fprintf(stderr, "Got:\n");
163 hexdump(d1, len1);
164 fprintf(stderr, "Want:\n");
165 hexdump(d2, len2);
166 }
167 return (0);
168}
169
170static int
171asn1_compare_str(int test_no, struct asn1_string_st *asn1str, const char *str)
172{
173 int length = strlen(str);
174
175 if (asn1str->length != length) {
176 fprintf(stderr, "FAIL: test %i - string lengths differ "
177 "(%i != %i)\n", test_no, asn1str->length, length);
178 return (1);
179 }
180 if (strncmp(asn1str->data, str, length) != 0) {
181 fprintf(stderr, "FAIL: test %i - strings differ "
182 "('%s' != '%s')\n", test_no, asn1str->data, str);
183 return (1);
184 }
185
186 return (0);
187}
188
189static int
190asn1_invtime_test(int test_no, struct asn1_time_test *att)
191{
192 ASN1_GENERALIZEDTIME *gt = NULL;
193 ASN1_UTCTIME *ut = NULL;
194 ASN1_TIME *t = NULL;
195 int failure = 1;
196
197 if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
198 goto done;
199 if ((ut = ASN1_UTCTIME_new()) == NULL)
200 goto done;
201 if ((t = ASN1_TIME_new()) == NULL)
202 goto done;
203
204 if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 0) {
205 fprintf(stderr, "FAIL: test %i - successfully set "
206 "GENERALIZEDTIME string '%s'\n", test_no, att->str);
207 goto done;
208 }
209 if (ASN1_UTCTIME_set_string(ut, att->str) != 0) {
210 fprintf(stderr, "FAIL: test %i - successfully set UTCTIME "
211 "string '%s'\n", test_no, att->str);
212 goto done;
213 }
214 if (ASN1_TIME_set_string(t, att->str) != 0) {
215 fprintf(stderr, "FAIL: test %i - successfully set TIME "
216 "string '%s'\n", test_no, att->str);
217 goto done;
218 }
219
220 failure = 0;
221
222 done:
223 ASN1_GENERALIZEDTIME_free(gt);
224 ASN1_UTCTIME_free(ut);
225 ASN1_TIME_free(t);
226
227 return (failure);
228}
229
230static int
231asn1_gentime_test(int test_no, struct asn1_time_test *att)
232{
233 const unsigned char *der;
234 unsigned char *p = NULL;
235 ASN1_GENERALIZEDTIME *gt = NULL;
236 int failure = 1;
237 int len;
238
239 if (ASN1_GENERALIZEDTIME_set_string(NULL, att->str) != 1) {
240 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
241 test_no, att->str);
242 goto done;
243 }
244
245 if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
246 goto done;
247
248 if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 1) {
249 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
250 test_no, att->str);
251 goto done;
252 }
253 if (asn1_compare_str(test_no, gt, att->str) != 0)
254 goto done;
255
256 if ((len = i2d_ASN1_GENERALIZEDTIME(gt, &p)) <= 0) {
257 fprintf(stderr, "FAIL: test %i - i2d_ASN1_GENERALIZEDTIME "
258 "failed\n", test_no);
259 goto done;
260 }
261 der = att->der;
262 if (asn1_compare_bytes(test_no, p, der, len, strlen(der)) != 0)
263 goto done;
264
265 len = strlen(att->der);
266 if (d2i_ASN1_GENERALIZEDTIME(&gt, &der, len) == NULL) {
267 fprintf(stderr, "FAIL: test %i - d2i_ASN1_GENERALIZEDTIME "
268 "failed\n", test_no);
269 goto done;
270 }
271 if (asn1_compare_str(test_no, gt, att->str) != 0)
272 goto done;
273
274 ASN1_GENERALIZEDTIME_free(gt);
275
276 if ((gt = ASN1_GENERALIZEDTIME_set(NULL, att->time)) == NULL) {
277 fprintf(stderr, "FAIL: test %i - failed to set time %lli\n",
278 test_no, (long long)att->time);
279 goto done;
280 }
281 if (asn1_compare_str(test_no, gt, att->data) != 0)
282 goto done;
283
284 failure = 0;
285
286 done:
287 ASN1_GENERALIZEDTIME_free(gt);
288 free(p);
289
290 return (failure);
291}
292
293static int
294asn1_utctime_test(int test_no, struct asn1_time_test *att)
295{
296 const unsigned char *der;
297 unsigned char *p = NULL;
298 ASN1_UTCTIME *ut = NULL;
299 int failure = 1;
300 int len;
301
302 if (ASN1_UTCTIME_set_string(NULL, att->str) != 1) {
303 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
304 test_no, att->str);
305 goto done;
306 }
307
308 if ((ut = ASN1_UTCTIME_new()) == NULL)
309 goto done;
310
311 if (ASN1_UTCTIME_set_string(ut, att->str) != 1) {
312 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
313 test_no, att->str);
314 goto done;
315 }
316 if (asn1_compare_str(test_no, ut, att->str) != 0)
317 goto done;
318
319 if ((len = i2d_ASN1_UTCTIME(ut, &p)) <= 0) {
320 fprintf(stderr, "FAIL: test %i - i2d_ASN1_UTCTIME failed\n",
321 test_no);
322 goto done;
323 }
324 der = att->der;
325 if (asn1_compare_bytes(test_no, p, der, len, strlen(der)) != 0)
326 goto done;
327
328 len = strlen(att->der);
329 if (d2i_ASN1_UTCTIME(&ut, &der, len) == NULL) {
330 fprintf(stderr, "FAIL: test %i - d2i_ASN1_UTCTIME failed\n",
331 test_no);
332 goto done;
333 }
334 if (asn1_compare_str(test_no, ut, att->str) != 0)
335 goto done;
336
337 ASN1_UTCTIME_free(ut);
338
339 if ((ut = ASN1_UTCTIME_set(NULL, att->time)) == NULL) {
340 fprintf(stderr, "FAIL: test %i - failed to set time %lli\n",
341 test_no, (long long)att->time);
342 goto done;
343 }
344 if (asn1_compare_str(test_no, ut, att->data) != 0)
345 goto done;
346
347 failure = 0;
348
349 done:
350 ASN1_UTCTIME_free(ut);
351 free(p);
352
353 return (failure);
354}
355
356static int
357asn1_time_test(int test_no, struct asn1_time_test *att, int type)
358{
359 ASN1_TIME *t = NULL;
360 int failure = 1;
361
362 if (ASN1_TIME_set_string(NULL, att->str) != 1) {
363 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
364 test_no, att->str);
365 goto done;
366 }
367
368 if ((t = ASN1_TIME_new()) == NULL)
369 goto done;
370
371 if (ASN1_TIME_set_string(t, att->str) != 1) {
372 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
373 test_no, att->str);
374 goto done;
375 }
376
377 if (t->type != type) {
378 fprintf(stderr, "FAIL: test %i - got type %i, want %i\n",
379 test_no, t->type, type);
380 goto done;
381 }
382
383 failure = 0;
384
385 done:
386
387 ASN1_TIME_free(t);
388
389 return (failure);
390}
391
392int
393main(int argc, char **argv)
394{
395 struct asn1_time_test *att;
396 int failed = 0;
397 size_t i;
398
399 fprintf(stderr, "Invalid time tests...\n");
400 for (i = 0; i < N_INVTIME_TESTS; i++) {
401 att = &asn1_invtime_tests[i];
402 failed |= asn1_invtime_test(i, att);
403 }
404
405 fprintf(stderr, "GENERALIZEDTIME tests...\n");
406 for (i = 0; i < N_GENTIME_TESTS; i++) {
407 att = &asn1_gentime_tests[i];
408 failed |= asn1_gentime_test(i, att);
409 }
410
411 fprintf(stderr, "UTCTIME tests...\n");
412 for (i = 0; i < N_UTCTIME_TESTS; i++) {
413 att = &asn1_utctime_tests[i];
414 failed |= asn1_utctime_test(i, att);
415 }
416
417 fprintf(stderr, "TIME tests...\n");
418 for (i = 0; i < N_UTCTIME_TESTS; i++) {
419 att = &asn1_utctime_tests[i];
420 failed |= asn1_time_test(i, att, V_ASN1_UTCTIME);
421 }
422 for (i = 0; i < N_GENTIME_TESTS; i++) {
423 att = &asn1_gentime_tests[i];
424 failed |= asn1_time_test(i, att, V_ASN1_GENERALIZEDTIME);
425 }
426
427 return (failed);
428}
diff --git a/src/regress/lib/libcrypto/asn1/rfc5280time.c b/src/regress/lib/libcrypto/asn1/rfc5280time.c
deleted file mode 100644
index 34e40439dc..0000000000
--- a/src/regress/lib/libcrypto/asn1/rfc5280time.c
+++ /dev/null
@@ -1,384 +0,0 @@
1/* $OpenBSD: rfc5280time.c,v 1.4 2015/10/30 15:52:55 miod Exp $ */
2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <openssl/asn1.h>
20#include <openssl/x509.h>
21
22#include <err.h>
23#include <stdio.h>
24#include <string.h>
25
26struct rfc5280_time_test {
27 const char *str;
28 const char *data;
29 time_t time;
30};
31
32struct rfc5280_time_test rfc5280_invtime_tests[] = {
33 {
34 .str = "",
35 },
36 {
37 .str = "2015",
38 },
39 {
40 .str = "201509",
41 },
42 {
43 .str = "20150923",
44 },
45 {
46 .str = "20150923032700",
47 },
48 {
49 /* UTC time must have seconds */
50 .str = "7001010000Z",
51 },
52 {
53 .str = "201509230327Z",
54 },
55 {
56 .str = "20150923032700.Z",
57 },
58 {
59 .str = "20150923032700.123",
60 },
61 {
62 .str = "20150923032700+1100Z",
63 },
64 {
65 .str = "20150923032700-11001",
66 },
67 {
68 /* UTC time cannot have fractional seconds. */
69 .str = "150923032700.123Z",
70 },
71 {
72 /* Gen time cannot have +- TZ. */
73 .str = "20150923032712+1115",
74 },
75 {
76 /* Gen time cannot have fractional seconds */
77 .str = "20150923032712.123Z",
78 },
79 {
80 .str = "aaaaaaaaaaaaaaZ",
81 },
82 {
83 /* Must be a UTC time per RFC 5280 */
84 .str = "19700101000000Z",
85 .data = "19700101000000Z",
86 .time = 0,
87 },
88 {
89 /* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
90 .str = "20150923032700Z",
91 .data = "20150923032700Z",
92 .time = 1442978820,
93 },
94 {
95 /* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
96 .str = "00000101000000Z",
97 .data = "00000101000000Z",
98 .time = -62167219200LL,
99 },
100 {
101 /* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
102 .str = "20491231235959Z",
103 .data = "20491231235959Z",
104 .time = 2524607999LL,
105 },
106 {
107 /* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
108 .str = "19500101000000Z",
109 .data = "19500101000000Z",
110 .time = -631152000LL,
111 },
112};
113
114struct rfc5280_time_test rfc5280_gentime_tests[] = {
115 {
116 /* Biggest RFC 5280 time */
117 .str = "99991231235959Z",
118 .data = "99991231235959Z",
119 .time = 253402300799LL,
120 },
121 {
122 .str = "21600218104000Z",
123 .data = "21600218104000Z",
124 .time = 6000000000LL,
125 },
126 {
127 /* Smallest RFC 5280 gen time */
128 .str = "20500101000000Z",
129 .data = "20500101000000Z",
130 .time = 2524608000LL,
131 },
132};
133struct rfc5280_time_test rfc5280_utctime_tests[] = {
134 {
135 .str = "500101000000Z",
136 .data = "500101000000Z",
137 .time = -631152000,
138 },
139 {
140 .str = "540226230640Z",
141 .data = "540226230640Z",
142 .time = -500000000,
143 },
144 {
145 .str = "491231235959Z",
146 .data = "491231235959Z",
147 .time = 2524607999LL,
148 },
149 {
150 .str = "700101000000Z",
151 .data = "700101000000Z",
152 .time = 0,
153 },
154 {
155 .str = "150923032700Z",
156 .data = "150923032700Z",
157 .time = 1442978820,
158 },
159 {
160 .str = "150923102700Z",
161 .data = "150923102700Z",
162 .time = 1443004020,
163 },
164 {
165 .str = "150922162712Z",
166 .data = "150922162712Z",
167 .time = 1442939232,
168 },
169 {
170 .str = "140524144512Z",
171 .data = "140524144512Z",
172 .time = 1400942712,
173 },
174 {
175 .str = "240401144512Z",
176 .data = "240401144512Z",
177 .time = 1711982712,
178 },
179};
180
181#define N_INVTIME_TESTS \
182 (sizeof(rfc5280_invtime_tests) / sizeof(*rfc5280_invtime_tests))
183#define N_GENTIME_TESTS \
184 (sizeof(rfc5280_gentime_tests) / sizeof(*rfc5280_gentime_tests))
185#define N_UTCTIME_TESTS \
186 (sizeof(rfc5280_utctime_tests) / sizeof(*rfc5280_utctime_tests))
187
188static int
189asn1_compare_str(int test_no, struct asn1_string_st *asn1str, const char *str)
190{
191 int length = strlen(str);
192
193 if (asn1str->length != length) {
194 fprintf(stderr, "FAIL: test %i - string lengths differ "
195 "(%i != %i)\n", test_no, asn1str->length, length);
196 return (1);
197 }
198 if (strncmp(asn1str->data, str, length) != 0) {
199 fprintf(stderr, "FAIL: test %i - strings differ "
200 "('%s' != '%s')\n", test_no, asn1str->data, str);
201 return (1);
202 }
203
204 return (0);
205}
206
207static int
208rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att)
209{
210 ASN1_GENERALIZEDTIME *gt = NULL;
211 ASN1_UTCTIME *ut = NULL;
212 ASN1_TIME *t = NULL;
213 int failure = 1;
214 time_t now = time(NULL);
215
216 if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
217 goto done;
218 if ((ut = ASN1_UTCTIME_new()) == NULL)
219 goto done;
220 if ((t = ASN1_TIME_new()) == NULL)
221 goto done;
222
223 if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 0) {
224 if (X509_cmp_time(gt, &now) != 0) {
225 fprintf(stderr, "FAIL: test %i - successfully parsed as GENTIME "
226 "string '%s'\n", test_no, att->str);
227 goto done;
228 }
229 }
230 if (ASN1_UTCTIME_set_string(ut, att->str) != 0) {
231 if (X509_cmp_time(ut, &now) != 0) {
232 fprintf(stderr, "FAIL: test %i - successfully parsed as UTCTIME "
233 "string '%s'\n", test_no, att->str);
234 goto done;
235 }
236 }
237 if (ASN1_TIME_set_string(t, att->str) != 0) {
238 if (X509_cmp_time(t, &now) != 0) {
239 fprintf(stderr, "FAIL: test %i - successfully parsed as UTCTIME "
240 "string '%s'\n", test_no, att->str);
241 goto done;
242 }
243 }
244
245 failure = 0;
246
247 done:
248 ASN1_GENERALIZEDTIME_free(gt);
249 ASN1_UTCTIME_free(ut);
250 ASN1_TIME_free(t);
251
252 return (failure);
253}
254
255static int
256rfc5280_gentime_test(int test_no, struct rfc5280_time_test *att)
257{
258 unsigned char *p = NULL;
259 ASN1_GENERALIZEDTIME *gt;
260 int failure = 1;
261 int i;
262
263 if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
264 goto done;
265
266 if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 1) {
267 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
268 test_no, att->str);
269 goto done;
270 }
271 if (asn1_compare_str(test_no, gt, att->str) != 0)
272 goto done;
273
274 if ((i = X509_cmp_time(gt, &att->time)) != -1) {
275 fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
276 test_no, i, att->time);
277 goto done;
278 }
279
280 att->time--;
281 if ((i = X509_cmp_time(gt, &att->time)) != 1) {
282 fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
283 test_no, i, att->time);
284 goto done;
285 }
286 att->time++;
287
288 ASN1_GENERALIZEDTIME_free(gt);
289
290 if ((gt = ASN1_GENERALIZEDTIME_set(NULL, att->time)) == NULL) {
291 fprintf(stderr, "FAIL: test %i - failed to set time %lli\n",
292 test_no, (long long)att->time);
293 goto done;
294 }
295 if (asn1_compare_str(test_no, gt, att->data) != 0)
296 goto done;
297
298 failure = 0;
299
300 done:
301 ASN1_GENERALIZEDTIME_free(gt);
302 free(p);
303
304 return (failure);
305}
306
307static int
308rfc5280_utctime_test(int test_no, struct rfc5280_time_test *att)
309{
310 unsigned char *p = NULL;
311 ASN1_UTCTIME *ut;
312 int failure = 1;
313 int i;
314
315 if ((ut = ASN1_UTCTIME_new()) == NULL)
316 goto done;
317
318 if (ASN1_UTCTIME_set_string(ut, att->str) != 1) {
319 fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
320 test_no, att->str);
321 goto done;
322 }
323 if (asn1_compare_str(test_no, ut, att->str) != 0)
324 goto done;
325
326 if ((i = X509_cmp_time(ut, &att->time)) != -1) {
327 fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
328 test_no, i, att->time);
329 goto done;
330 }
331
332 att->time--;
333 if ((i = X509_cmp_time(ut, &att->time)) != 1) {
334 fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
335 test_no, i, att->time);
336 goto done;
337 }
338 att->time++;
339
340 ASN1_UTCTIME_free(ut);
341
342 if ((ut = ASN1_UTCTIME_set(NULL, att->time)) == NULL) {
343 fprintf(stderr, "FAIL: test %i - failed to set time %lli\n",
344 test_no, (long long)att->time);
345 goto done;
346 }
347 if (asn1_compare_str(test_no, ut, att->data) != 0)
348 goto done;
349
350 failure = 0;
351
352 done:
353 ASN1_UTCTIME_free(ut);
354 free(p);
355
356 return (failure);
357}
358
359int
360main(int argc, char **argv)
361{
362 struct rfc5280_time_test *att;
363 int failed = 0;
364 size_t i;
365
366 fprintf(stderr, "RFC5280 Invalid time tests...\n");
367 for (i = 0; i < N_INVTIME_TESTS; i++) {
368 att = &rfc5280_invtime_tests[i];
369 failed |= rfc5280_invtime_test(i, att);
370 }
371
372 fprintf(stderr, "RFC5280 GENERALIZEDTIME tests...\n");
373 for (i = 0; i < N_GENTIME_TESTS; i++) {
374 att = &rfc5280_gentime_tests[i];
375 failed |= rfc5280_gentime_test(i, att);
376 }
377
378 fprintf(stderr, "RFC5280 UTCTIME tests...\n");
379 for (i = 0; i < N_UTCTIME_TESTS; i++) {
380 att = &rfc5280_utctime_tests[i];
381 failed |= rfc5280_utctime_test(i, att);
382 }
383 return (failed);
384}
diff --git a/src/regress/lib/libcrypto/base64/Makefile b/src/regress/lib/libcrypto/base64/Makefile
deleted file mode 100644
index 2cc004c530..0000000000
--- a/src/regress/lib/libcrypto/base64/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= base64test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/base64/base64test.c b/src/regress/lib/libcrypto/base64/base64test.c
deleted file mode 100644
index d6874d41f8..0000000000
--- a/src/regress/lib/libcrypto/base64/base64test.c
+++ /dev/null
@@ -1,385 +0,0 @@
1/* $OpenBSD: base64test.c,v 1.5 2018/07/17 17:06:49 tb Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/bio.h>
19#include <openssl/evp.h>
20
21#include <err.h>
22#include <stdio.h>
23#include <string.h>
24#include <sys/types.h>
25
26#define BUF_SIZE 128
27
28struct base64_test {
29 const unsigned char in[BUF_SIZE];
30 const ssize_t in_len;
31 const unsigned char out[BUF_SIZE];
32 const ssize_t out_len;
33 const ssize_t valid_len;
34};
35
36/*
37 * Many of these tests are based on those found in Go's encoding/base64 tests.
38 */
39struct base64_test base64_tests[] = {
40
41 /* RFC3548 examples. */
42 { "\x14\xfb\x9c\x03\xd9\x7e", 6, "FPucA9l+", 8, 6, },
43 { "\x14\xfb\x9c\x03\xd9", 5, "FPucA9k=", 8, 5, },
44 { "\x14\xfb\x9c\x03", 4, "FPucAw==", 8, 4, },
45
46 /* RFC4648 examples. */
47 { "", 0, "", 0, 0, },
48 { "f", 1, "Zg==", 4, 1, },
49 { "fo", 2, "Zm8=", 4, 2, },
50 { "foo", 3, "Zm9v", 4, 3, },
51 { "foob", 4, "Zm9vYg==", 8, 4, },
52 { "fooba", 5, "Zm9vYmE=", 8, 5, },
53 { "foobar", 6, "Zm9vYmFy", 8, 6, },
54
55 /* Wikipedia examples. */
56 { "sure.", 5, "c3VyZS4=", 8, 5, },
57 { "sure", 4, "c3VyZQ==", 8, 4, },
58 { "sur", 3, "c3Vy", 4, 3, },
59 { "su", 2, "c3U=", 4, 2, },
60 { "leasure.", 8, "bGVhc3VyZS4=", 12, 8, },
61 { "easure.", 7, "ZWFzdXJlLg==", 12, 7, },
62 { "asure.", 6, "YXN1cmUu", 8, 6, },
63
64 { "abcd", 4, "YWJjZA==", 8, 4, },
65
66 {
67 "Twas brillig, and the slithy toves",
68 34,
69 "VHdhcyBicmlsbGlnLCBhbmQgdGhlIHNsaXRoeSB0b3Zlcw==",
70 48,
71 34,
72 },
73};
74
75#define N_TESTS (sizeof(base64_tests) / sizeof(*base64_tests))
76
77struct base64_test base64_nl_tests[] = {
78
79 /* Corrupt/invalid encodings. */
80 { "", -1, "", 0, 0, },
81 { "", -1, "!!!!", 4, 0, },
82 { "", -1, "====", 4, 0, },
83 { "", -1, "x===", 4, 0, },
84 { "", -1, "=AAA", 4, 0, },
85 { "", -1, "A=AA", 4, 0, },
86 { "", -1, "AA=A", 4, 0, },
87 { "", -1, "AA==A", 5, 0, },
88 { "", -1, "AAA=AAAA", 8, 0, },
89 { "", -1, "AAAAA", 5, 0, },
90 { "", -1, "AAAAAA", 6, 0, },
91 { "", -1, "A=", 2, 0, },
92 { "", -1, "A==", 3, 0, },
93 { "", -1, "AA=", 3, 0, },
94 { "", -1, "AA==", 4, 1, }, /* XXX - output ix 0x0. */
95 { "", -1, "AAA=", 4, 2, }, /* XXX - output ix 2x 0x0. */
96 { "", -1, "AAAA", 4, 3, }, /* XXX - output ix 3x 0x0. */
97 { "", -1, "AAAAAA=", 7, 0, },
98 { "", -1, "YWJjZA=====", 11, 0, },
99
100
101 /* Encodings with embedded CR/LF. */
102 { "sure", 4, "c3VyZQ==", 8, 4, },
103 { "sure", 4, "c3VyZQ==\r", 9, 4, },
104 { "sure", 4, "c3VyZQ==\n", 9, 4, },
105 { "sure", 4, "c3VyZQ==\r\n", 10, 4, },
106 { "sure", 4, "c3VyZ\r\nQ==", 10, 4, },
107 { "sure", 4, "c3V\ryZ\nQ==", 10, 4, },
108 { "sure", 4, "c3V\nyZ\rQ==", 10, 4, },
109 { "sure", 4, "c3VyZ\nQ==", 9, 4, },
110 { "sure", 4, "c3VyZQ\n==", 9, 4, },
111 { "sure", 4, "c3VyZQ=\n=", 9, 4, },
112 { "sure", 4, "c3VyZQ=\r\n\r\n=", 12, 4, },
113
114 {
115 "",
116 -1,
117 "YWJjZA======================================================"
118 "============",
119 74,
120 0,
121 },
122};
123
124#define N_NL_TESTS (sizeof(base64_nl_tests) / sizeof(*base64_nl_tests))
125
126struct base64_test base64_no_nl_tests[] = {
127
128 /*
129 * In non-newline mode, the output resulting from corrupt/invalid
130 * encodings is completely crazy. A number of zero bytes is returned
131 * rather than nothing.
132 */
133
134 /* Corrupt/invalid encodings. */
135 { "", -1, "", 0, 0, },
136 { "", -1, "!!!!", 4, 0, },
137 { "", -1, "====", 4, 1, },
138 { "", -1, "x===", 4, 1, },
139 { "", -1, "=AAA", 4, 3, },
140 { "", -1, "A=AA", 4, 3, },
141 { "", -1, "AA=A", 4, 3, },
142 { "", -1, "AA==A", 5, 1, },
143 { "", -1, "AAA=AAAA", 8, 6, },
144 { "", -1, "AAAAA", 5, 3, },
145 { "", -1, "AAAAAA", 6, 3, },
146 { "", -1, "A=", 2, 0, },
147 { "", -1, "A==", 3, 0, },
148 { "", -1, "AA=", 3, 0, },
149 { "", -1, "AA==", 4, 1, },
150 { "", -1, "AAA=", 4, 2, },
151 { "", -1, "AAAA", 4, 3, },
152 { "", -1, "AAAAAA=", 7, 3, },
153 { "", -1, "YWJjZA=====", 11, 4, },
154
155 /* Encodings with embedded CR/LF. */
156 { "sure", 4, "c3VyZQ==", 8, 4, },
157 { "sure", 4, "c3VyZQ==\r", 9, 4, },
158 { "sure", 4, "c3VyZQ==\n", 9, 4, },
159 { "sure", 4, "c3VyZQ==\r\n", 10, 4, },
160 { "sure", -1, "c3VyZ\r\nQ==", 10, 0, },
161 { "sure", -1, "c3V\ryZ\nQ==", 10, 0, },
162 { "sure", -1, "c3V\nyZ\rQ==", 10, 0, },
163 { "sure", -1, "c3VyZ\nQ==", 9, 0, },
164 { "sure", -1, "c3VyZQ\n==", 9, 0, },
165 { "sure", -1, "c3VyZQ=\n=", 9, 0, },
166 { "sure", -1, "c3VyZQ=\r\n\r\n=", 12, 0, },
167
168 /*
169 * This is invalid, yet results in 'abcd' followed by a stream of
170 * zero value bytes.
171 */
172 {
173 "",
174 -1,
175 "YWJjZA======================================================"
176 "============",
177 74,
178 52,
179 },
180};
181
182#define N_NO_NL_TESTS (sizeof(base64_no_nl_tests) / sizeof(*base64_no_nl_tests))
183
184static int
185base64_encoding_test(int test_no, struct base64_test *bt, int test_nl)
186{
187 BIO *bio_b64, *bio_mem;
188 unsigned char *buf, *out;
189 ssize_t i, len, b64len;
190 int failure = 0;
191
192 buf = malloc(BUF_SIZE);
193 if (buf == NULL)
194 errx(1, "malloc");
195
196 bio_b64 = BIO_new(BIO_f_base64());
197 if (bio_b64 == NULL)
198 errx(1, "BIO_new failed for BIO_f_base64");
199
200 bio_mem = BIO_new(BIO_s_mem());
201 if (bio_mem == NULL)
202 errx(1, "BIO_new failed for BIO_s_mem");
203
204 bio_mem = BIO_push(bio_b64, bio_mem);
205
206 if (!test_nl)
207 BIO_set_flags(bio_b64, BIO_FLAGS_BASE64_NO_NL);
208
209 len = BIO_write(bio_mem, bt->in, bt->in_len);
210 if (len != bt->in_len) {
211 fprintf(stderr, "FAIL: test %i - only wrote %zi out of %zi "
212 "characters\n", test_no, len, bt->in_len);
213 failure = 1;
214 goto done;
215 }
216 if (BIO_flush(bio_mem) < 0) {
217 fprintf(stderr, "FAIL: test %i - flush failed\n", test_no);
218 failure = 1;
219 goto done;
220 }
221
222 b64len = 0;
223 for (i = 0; i < bt->out_len; i++) {
224 if (bt->out[i] == '\r' || bt->out[i] == '\n')
225 continue;
226 buf[b64len++] = bt->out[i];
227 }
228 if (test_nl)
229 buf[b64len++] = '\n';
230
231 len = BIO_get_mem_data(bio_mem, &out);
232
233 /* An empty string with NL results in no output, rather than '\n'. */
234 if (test_nl && b64len == 1 && len == 0)
235 goto done;
236
237 if (len != b64len) {
238 fprintf(stderr, "FAIL: test %i - encoding resulted in %zi "
239 "characters instead of %zi\n", test_no, len, b64len);
240 failure = 1;
241 goto done;
242 }
243
244 if (memcmp(buf, out, b64len) != 0) {
245 fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no);
246 fprintf(stderr, " encoding: ");
247 for (i = 0; i < len; i++)
248 fprintf(stderr, "%c", out[i]);
249 fprintf(stderr, "\n");
250 fprintf(stderr, " test data: ");
251 for (i = 0; i < bt->out_len; i++)
252 fprintf(stderr, "%c", buf[i]);
253 fprintf(stderr, "\n");
254 failure = 1;
255 }
256
257done:
258 BIO_free_all(bio_mem);
259 free(buf);
260
261 return failure;
262}
263
264static int
265base64_decoding_test(int test_no, struct base64_test *bt, int test_nl)
266{
267 BIO *bio_b64, *bio_mem;
268 char *buf, *input;
269 ssize_t i, inlen, len;
270 int failure = 0;
271
272 buf = malloc(BUF_SIZE);
273 if (buf == NULL)
274 errx(1, "malloc");
275
276 input = (char *)bt->out;
277 inlen = bt->out_len;
278
279 if (test_nl)
280 inlen = asprintf(&input, "%s\r\n", bt->out);
281
282 bio_mem = BIO_new_mem_buf(input, inlen);
283 if (bio_mem == NULL)
284 errx(1, "BIO_new_mem_buf failed");
285
286 bio_b64 = BIO_new(BIO_f_base64());
287 if (bio_b64 == NULL)
288 errx(1, "BIO_new failed for BIO_f_base64");
289
290 if (!test_nl)
291 BIO_set_flags(bio_b64, BIO_FLAGS_BASE64_NO_NL);
292
293 bio_mem = BIO_push(bio_b64, bio_mem);
294
295 /*
296 * If we wrote zero characters then a BIO_read will result in a return
297 * value of -1, hence we need to handle this case.
298 */
299 len = BIO_read(bio_mem, buf, BUF_SIZE);
300 if (len != bt->valid_len && (bt->in_len != 0 || len != -1)) {
301 fprintf(stderr, "FAIL: test %i - decoding resulted in %zi "
302 "characters instead of %zi\n", test_no, len, bt->valid_len);
303 fprintf(stderr, " input: ");
304 for (i = 0; i < inlen; i++)
305 fprintf(stderr, "%c", input[i]);
306 fprintf(stderr, "\n");
307 fprintf(stderr, " decoding: ");
308 for (i = 0; i < len; i++)
309 fprintf(stderr, "0x%x ", buf[i]);
310 fprintf(stderr, "\n");
311 failure = 1;
312 goto done;
313 }
314
315 /* See if we expect this to fail decoding. */
316 if (bt->in_len == -1)
317 goto done;
318
319 if (memcmp(bt->in, buf, bt->in_len) != 0) {
320 fprintf(stderr, "FAIL: test %i - decoding differs:\n", test_no);
321 fprintf(stderr, " decoding: ");
322 for (i = 0; i < len; i++)
323 fprintf(stderr, "0x%x ", buf[i]);
324 fprintf(stderr, "\n");
325 fprintf(stderr, " test data: ");
326 for (i = 0; i < inlen; i++)
327 fprintf(stderr, "0x%x ", input[i]);
328 fprintf(stderr, "\n");
329 failure = 1;
330 }
331
332done:
333 BIO_free_all(bio_mem);
334 free(buf);
335 if (test_nl)
336 free(input);
337
338 return failure;
339}
340
341int
342main(int argc, char **argv)
343{
344 struct base64_test *bt;
345 int failed = 0;
346 size_t i;
347
348 fprintf(stderr, "Starting combined tests...\n");
349
350 for (i = 0; i < N_TESTS; i++) {
351 bt = &base64_tests[i];
352 if (bt->in_len != -1)
353 failed += base64_encoding_test(i, bt, 0);
354 if (bt->out_len != -1)
355 failed += base64_decoding_test(i, bt, 0);
356 if (bt->in_len != -1)
357 failed += base64_encoding_test(i, bt, 1);
358 if (bt->out_len != -1)
359 failed += base64_decoding_test(i, bt, 1);
360 }
361
362 fprintf(stderr, "Starting NL tests...\n");
363
364 for (i = 0; i < N_NL_TESTS; i++) {
365 bt = &base64_nl_tests[i];
366
367 if (bt->in_len != -1)
368 failed += base64_encoding_test(i, bt, 1);
369 if (bt->out_len != -1)
370 failed += base64_decoding_test(i, bt, 1);
371 }
372
373 fprintf(stderr, "Starting NO NL tests...\n");
374
375 for (i = 0; i < N_NO_NL_TESTS; i++) {
376 bt = &base64_no_nl_tests[i];
377
378 if (bt->in_len != -1)
379 failed += base64_encoding_test(i, bt, 0);
380 if (bt->out_len != -1)
381 failed += base64_decoding_test(i, bt, 0);
382 }
383
384 return failed;
385}
diff --git a/src/regress/lib/libcrypto/bf/Makefile b/src/regress/lib/libcrypto/bf/Makefile
deleted file mode 100644
index 989b3bb8f4..0000000000
--- a/src/regress/lib/libcrypto/bf/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= bftest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bf/bftest.c b/src/regress/lib/libcrypto/bf/bftest.c
deleted file mode 100644
index 5239ffb250..0000000000
--- a/src/regress/lib/libcrypto/bf/bftest.c
+++ /dev/null
@@ -1,513 +0,0 @@
1/* $OpenBSD: bftest.c,v 1.3 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
60 * RC2 modes, more of the code will be uncommented. */
61
62#include <stdio.h>
63#include <string.h>
64#include <stdlib.h>
65
66#include <openssl/blowfish.h>
67
68static char *bf_key[2]={
69 "abcdefghijklmnopqrstuvwxyz",
70 "Who is John Galt?"
71 };
72
73/* big endian */
74static BF_LONG bf_plain[2][2]={
75 {0x424c4f57L,0x46495348L},
76 {0xfedcba98L,0x76543210L}
77 };
78
79static BF_LONG bf_cipher[2][2]={
80 {0x324ed0feL,0xf413a203L},
81 {0xcc91732bL,0x8022f684L}
82 };
83/************/
84
85/* Lets use the DES test vectors :-) */
86#define NUM_TESTS 34
87static unsigned char ecb_data[NUM_TESTS][8]={
88 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
89 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
90 {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
91 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
92 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
93 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
94 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
95 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
96 {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
97 {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
98 {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
99 {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
100 {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
101 {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
102 {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
103 {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
104 {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
105 {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
106 {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
107 {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
108 {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
109 {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
110 {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
111 {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
112 {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
113 {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
114 {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
115 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
116 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
117 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
118 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
119 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
120 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
121 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
122
123static unsigned char plain_data[NUM_TESTS][8]={
124 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
125 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
126 {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
127 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
128 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
129 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
130 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
131 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
132 {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
133 {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
134 {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
135 {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
136 {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
137 {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
138 {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
139 {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
140 {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
141 {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
142 {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
143 {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
144 {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
145 {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
146 {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
147 {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
148 {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
149 {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
150 {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
151 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
152 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
153 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
154 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
155 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
156 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
157 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
158
159static unsigned char cipher_data[NUM_TESTS][8]={
160 {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
161 {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
162 {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
163 {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
164 {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
165 {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
166 {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
167 {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
168 {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
169 {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
170 {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
171 {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
172 {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
173 {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
174 {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
175 {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
176 {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
177 {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
178 {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
179 {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
180 {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
181 {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
182 {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
183 {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
184 {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
185 {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
186 {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
187 {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
188 {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
189 {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
190 {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
191 {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
192 {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
193 {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
194 };
195
196static unsigned char cbc_key [16]={
197 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
198 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
199static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
200static char cbc_data[40]="7654321 Now is the time for ";
201static unsigned char cbc_ok[32]={
202 0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
203 0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
204 0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
205 0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
206
207static unsigned char cfb64_ok[]={
208 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
209 0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
210 0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
211 0x51,0x9D,0x57,0xA6,0xC3};
212
213static unsigned char ofb64_ok[]={
214 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
215 0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
216 0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
217 0x63,0xC2,0xCF,0x80,0xDA};
218
219#define KEY_TEST_NUM 25
220static unsigned char key_test[KEY_TEST_NUM]={
221 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
222 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
223 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
224 0x88};
225
226static unsigned char key_data[8]=
227 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
228
229static unsigned char key_out[KEY_TEST_NUM][8]={
230 {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
231 {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
232 {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
233 {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
234 {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
235 {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
236 {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
237 {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
238 {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
239 {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
240 {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
241 {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
242 {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
243 {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
244 {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
245 {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
246 {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
247 {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
248 {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
249 {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
250 {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
251 {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
252 {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
253 {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
254 };
255
256static int test(void );
257static int print_test_data(void );
258int main(int argc, char *argv[])
259 {
260 int ret;
261
262 if (argc > 1)
263 ret=print_test_data();
264 else
265 ret=test();
266
267 return ret;
268 }
269
270static int print_test_data(void)
271 {
272 unsigned int i,j;
273
274 printf("ecb test data\n");
275 printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
276 for (i=0; i<NUM_TESTS; i++)
277 {
278 for (j=0; j<8; j++)
279 printf("%02X",ecb_data[i][j]);
280 printf("\t");
281 for (j=0; j<8; j++)
282 printf("%02X",plain_data[i][j]);
283 printf("\t");
284 for (j=0; j<8; j++)
285 printf("%02X",cipher_data[i][j]);
286 printf("\n");
287 }
288
289 printf("set_key test data\n");
290 printf("data[8]= ");
291 for (j=0; j<8; j++)
292 printf("%02X",key_data[j]);
293 printf("\n");
294 for (i=0; i<KEY_TEST_NUM-1; i++)
295 {
296 printf("c=");
297 for (j=0; j<8; j++)
298 printf("%02X",key_out[i][j]);
299 printf(" k[%2u]=",i+1);
300 for (j=0; j<i+1; j++)
301 printf("%02X",key_test[j]);
302 printf("\n");
303 }
304
305 printf("\nchaining mode test data\n");
306 printf("key[16] = ");
307 for (j=0; j<16; j++)
308 printf("%02X",cbc_key[j]);
309 printf("\niv[8] = ");
310 for (j=0; j<8; j++)
311 printf("%02X",cbc_iv[j]);
312 printf("\ndata[%d] = '%s'",(int)strlen(cbc_data)+1,cbc_data);
313 printf("\ndata[%d] = ",(int)strlen(cbc_data)+1);
314 for (j=0; j<strlen(cbc_data)+1; j++)
315 printf("%02X",cbc_data[j]);
316 printf("\n");
317 printf("cbc cipher text\n");
318 printf("cipher[%d]= ",32);
319 for (j=0; j<32; j++)
320 printf("%02X",cbc_ok[j]);
321 printf("\n");
322
323 printf("cfb64 cipher text\n");
324 printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
325 for (j=0; j<strlen(cbc_data)+1; j++)
326 printf("%02X",cfb64_ok[j]);
327 printf("\n");
328
329 printf("ofb64 cipher text\n");
330 printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
331 for (j=0; j<strlen(cbc_data)+1; j++)
332 printf("%02X",ofb64_ok[j]);
333 printf("\n");
334 return(0);
335 }
336
337static int test(void)
338 {
339 unsigned char cbc_in[40],cbc_out[40],iv[8];
340 int i,n,err=0;
341 BF_KEY key;
342 BF_LONG data[2];
343 unsigned char out[8];
344 BF_LONG len;
345
346 printf("testing blowfish in raw ecb mode\n");
347 for (n=0; n<2; n++)
348 {
349 BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
350
351 data[0]=bf_plain[n][0];
352 data[1]=bf_plain[n][1];
353 BF_encrypt(data,&key);
354 if (memcmp(&(bf_cipher[n][0]),&(data[0]), sizeof data) != 0)
355 {
356 printf("BF_encrypt error encrypting\n");
357 printf("got :");
358 for (i=0; i<2; i++)
359 printf("%08lX ",(unsigned long)data[i]);
360 printf("\n");
361 printf("expected:");
362 for (i=0; i<2; i++)
363 printf("%08lX ",(unsigned long)bf_cipher[n][i]);
364 err=1;
365 printf("\n");
366 }
367
368 BF_decrypt(&(data[0]),&key);
369 if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
370 {
371 printf("BF_encrypt error decrypting\n");
372 printf("got :");
373 for (i=0; i<2; i++)
374 printf("%08lX ",(unsigned long)data[i]);
375 printf("\n");
376 printf("expected:");
377 for (i=0; i<2; i++)
378 printf("%08lX ",(unsigned long)bf_plain[n][i]);
379 printf("\n");
380 err=1;
381 }
382 }
383
384 printf("testing blowfish in ecb mode\n");
385
386 for (n=0; n<NUM_TESTS; n++)
387 {
388 BF_set_key(&key,8,ecb_data[n]);
389
390 BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
391 if (memcmp(&(cipher_data[n][0]),out,8) != 0)
392 {
393 printf("BF_ecb_encrypt blowfish error encrypting\n");
394 printf("got :");
395 for (i=0; i<8; i++)
396 printf("%02X ",out[i]);
397 printf("\n");
398 printf("expected:");
399 for (i=0; i<8; i++)
400 printf("%02X ",cipher_data[n][i]);
401 err=1;
402 printf("\n");
403 }
404
405 BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
406 if (memcmp(&(plain_data[n][0]),out,8) != 0)
407 {
408 printf("BF_ecb_encrypt error decrypting\n");
409 printf("got :");
410 for (i=0; i<8; i++)
411 printf("%02X ",out[i]);
412 printf("\n");
413 printf("expected:");
414 for (i=0; i<8; i++)
415 printf("%02X ",plain_data[n][i]);
416 printf("\n");
417 err=1;
418 }
419 }
420
421 printf("testing blowfish set_key\n");
422 for (n=1; n<KEY_TEST_NUM; n++)
423 {
424 BF_set_key(&key,n,key_test);
425 BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
426 if (memcmp(out,&(key_out[n-1][0]),8) != 0)
427 {
428 printf("blowfish setkey error\n");
429 err=1;
430 }
431 }
432
433 printf("testing blowfish in cbc mode\n");
434 len=strlen(cbc_data)+1;
435
436 BF_set_key(&key,16,cbc_key);
437 memset(cbc_in,0,sizeof cbc_in);
438 memset(cbc_out,0,sizeof cbc_out);
439 memcpy(iv,cbc_iv,sizeof iv);
440 BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
441 &key,iv,BF_ENCRYPT);
442 if (memcmp(cbc_out,cbc_ok,32) != 0)
443 {
444 err=1;
445 printf("BF_cbc_encrypt encrypt error\n");
446 for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
447 }
448 memcpy(iv,cbc_iv,8);
449 BF_cbc_encrypt(cbc_out,cbc_in,len,
450 &key,iv,BF_DECRYPT);
451 if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
452 {
453 printf("BF_cbc_encrypt decrypt error\n");
454 err=1;
455 }
456
457 printf("testing blowfish in cfb64 mode\n");
458
459 BF_set_key(&key,16,cbc_key);
460 memset(cbc_in,0,40);
461 memset(cbc_out,0,40);
462 memcpy(iv,cbc_iv,8);
463 n=0;
464 BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
465 &key,iv,&n,BF_ENCRYPT);
466 BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
467 &key,iv,&n,BF_ENCRYPT);
468 if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
469 {
470 err=1;
471 printf("BF_cfb64_encrypt encrypt error\n");
472 for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
473 }
474 n=0;
475 memcpy(iv,cbc_iv,8);
476 BF_cfb64_encrypt(cbc_out,cbc_in,17,
477 &key,iv,&n,BF_DECRYPT);
478 BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
479 &key,iv,&n,BF_DECRYPT);
480 if (memcmp(cbc_in,cbc_data,(int)len) != 0)
481 {
482 printf("BF_cfb64_encrypt decrypt error\n");
483 err=1;
484 }
485
486 printf("testing blowfish in ofb64\n");
487
488 BF_set_key(&key,16,cbc_key);
489 memset(cbc_in,0,40);
490 memset(cbc_out,0,40);
491 memcpy(iv,cbc_iv,8);
492 n=0;
493 BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
494 BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
495 &(cbc_out[13]),len-13,&key,iv,&n);
496 if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
497 {
498 err=1;
499 printf("BF_ofb64_encrypt encrypt error\n");
500 for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
501 }
502 n=0;
503 memcpy(iv,cbc_iv,8);
504 BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
505 BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
506 if (memcmp(cbc_in,cbc_data,(int)len) != 0)
507 {
508 printf("BF_ofb64_encrypt decrypt error\n");
509 err=1;
510 }
511
512 return(err);
513 }
diff --git a/src/regress/lib/libcrypto/bio/Makefile b/src/regress/lib/libcrypto/bio/Makefile
deleted file mode 100644
index fab7d44d50..0000000000
--- a/src/regress/lib/libcrypto/bio/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2014/07/08 15:53:52 jsing Exp $
2
3PROG= biotest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bio/biotest.c b/src/regress/lib/libcrypto/bio/biotest.c
deleted file mode 100644
index 867305a904..0000000000
--- a/src/regress/lib/libcrypto/bio/biotest.c
+++ /dev/null
@@ -1,155 +0,0 @@
1/* $OpenBSD: biotest.c,v 1.6 2017/04/30 17:46:27 beck Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19
20#include <stdint.h>
21#include <stdlib.h>
22#include <string.h>
23
24#include <netinet/in.h>
25
26#include <openssl/bio.h>
27#include <openssl/err.h>
28
29struct bio_get_host_ip_test {
30 char *input;
31 uint32_t ip;
32 int ret;
33};
34
35struct bio_get_host_ip_test bio_get_host_ip_tests[] = {
36 {"", 0, 0},
37 {".", 0, 0},
38 {"1", 0, 0},
39 {"1.2", 0, 0},
40 {"1.2.3", 0, 0},
41 {"1.2.3.", 0, 0},
42 {"1.2.3.4", 0x01020304, 1},
43 {"1.2.3.256", 0, 0},
44 {"1:2:3::4", 0, 0},
45 {"0.0.0.0", INADDR_ANY, 1},
46 {"127.0.0.1", INADDR_LOOPBACK, 1},
47 {"localhost", INADDR_LOOPBACK, 1},
48 {"255.255.255.255", INADDR_BROADCAST, 1},
49 {"0xff.0xff.0xff.0xff", 0, 0},
50};
51
52#define N_BIO_GET_IP_TESTS \
53 (sizeof(bio_get_host_ip_tests) / sizeof(*bio_get_host_ip_tests))
54
55struct bio_get_port_test {
56 char *input;
57 unsigned short port;
58 int ret;
59};
60
61struct bio_get_port_test bio_get_port_tests[] = {
62 {NULL, 0, 0},
63 {"", 0, 0},
64 {"-1", 0, 0},
65 {"0", 0, 1},
66 {"1", 1, 1},
67 {"12345", 12345, 1},
68 {"65535", 65535, 1},
69 {"65536", 0, 0},
70 {"999999999999", 0, 0},
71 {"xyzzy", 0, 0},
72 {"https", 443, 1},
73 {"imaps", 993, 1},
74 {"telnet", 23, 1},
75};
76
77#define N_BIO_GET_PORT_TESTS \
78 (sizeof(bio_get_port_tests) / sizeof(*bio_get_port_tests))
79
80static int
81do_bio_get_host_ip_tests(void)
82{
83 struct bio_get_host_ip_test *bgit;
84 union {
85 unsigned char c[4];
86 uint32_t i;
87 } ip;
88 int failed = 0;
89 size_t i;
90 int ret;
91
92 for (i = 0; i < N_BIO_GET_IP_TESTS; i++) {
93 bgit = &bio_get_host_ip_tests[i];
94 memset(&ip, 0, sizeof(ip));
95
96 ret = BIO_get_host_ip(bgit->input, ip.c);
97 if (ret != bgit->ret) {
98 fprintf(stderr, "FAIL: test %zi (\"%s\") %s, want %s\n",
99 i, bgit->input, ret ? "success" : "failure",
100 bgit->ret ? "success" : "failure");
101 failed = 1;
102 continue;
103 }
104 if (ret && ntohl(ip.i) != bgit->ip) {
105 fprintf(stderr, "FAIL: test %zi (\"%s\") returned ip "
106 "%x != %x\n", i, bgit->input,
107 ntohl(ip.i), bgit->ip);
108 failed = 1;
109 }
110 }
111
112 return failed;
113}
114
115static int
116do_bio_get_port_tests(void)
117{
118 struct bio_get_port_test *bgpt;
119 unsigned short port;
120 int failed = 0;
121 size_t i;
122 int ret;
123
124 for (i = 0; i < N_BIO_GET_PORT_TESTS; i++) {
125 bgpt = &bio_get_port_tests[i];
126 port = 0;
127
128 ret = BIO_get_port(bgpt->input, &port);
129 if (ret != bgpt->ret) {
130 fprintf(stderr, "FAIL: test %zi (\"%s\") %s, want %s\n",
131 i, bgpt->input, ret ? "success" : "failure",
132 bgpt->ret ? "success" : "failure");
133 failed = 1;
134 continue;
135 }
136 if (ret && port != bgpt->port) {
137 fprintf(stderr, "FAIL: test %zi (\"%s\") returned port "
138 "%u != %u\n", i, bgpt->input, port, bgpt->port);
139 failed = 1;
140 }
141 }
142
143 return failed;
144}
145
146int
147main(int argc, char **argv)
148{
149 int ret = 0;
150
151 ret |= do_bio_get_host_ip_tests();
152 ret |= do_bio_get_port_tests();
153
154 return (ret);
155}
diff --git a/src/regress/lib/libcrypto/bn/Makefile b/src/regress/lib/libcrypto/bn/Makefile
deleted file mode 100644
index ed9298575b..0000000000
--- a/src/regress/lib/libcrypto/bn/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2018/11/06 06:56:17 tb Exp $
2
3SUBDIR= \
4 addsub \
5 general \
6 mont \
7 rand
8
9
10install:
11
12.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libcrypto/bn/addsub/Makefile b/src/regress/lib/libcrypto/bn/addsub/Makefile
deleted file mode 100644
index c35182db4f..0000000000
--- a/src/regress/lib/libcrypto/bn/addsub/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/07/10 16:57:50 tb Exp $
2
3.include "../../Makefile.inc"
4
5PROG= bnaddsub
6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes
9CFLAGS+= -Werror
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/addsub/bnaddsub.c b/src/regress/lib/libcrypto/bn/addsub/bnaddsub.c
deleted file mode 100644
index e23821ed2b..0000000000
--- a/src/regress/lib/libcrypto/bn/addsub/bnaddsub.c
+++ /dev/null
@@ -1,236 +0,0 @@
1/* $OpenBSD: bnaddsub.c,v 1.3 2018/07/23 17:15:21 tb Exp $ */
2/*
3 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* Test basic functionality of BN_add(), BN_sub(), BN_uadd() and BN_usub() */
19
20#include <err.h>
21#include <stdio.h>
22
23#include <openssl/bio.h>
24#include <openssl/bn.h>
25#include <openssl/err.h>
26
27#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
28
29BIO *bio_err;
30
31struct hexinput_st {
32 const char *a_hex;
33 const char *b_hex;
34 const char *e_hex; /* expected result */
35 const char ret; /* check return value */
36 int compare; /* use BN_cmp() to verify results */
37};
38
39int bn_op_test(int (*)(BIGNUM *, const BIGNUM *, const BIGNUM *),
40 struct hexinput_st[], unsigned int, const char *);
41void print_failure_case(BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, int,
42 const char *);
43
44struct hexinput_st test_bn_add[] = {
45 {
46 "F",
47 "F",
48 "1E",
49 1,
50 1,
51 },
52 {
53 "FFFFFFFFFFFFFFFFFFF",
54 "1",
55 "10000000000000000000",
56 1,
57 1,
58 },
59 {
60 "7878787878787878",
61 "1010101010101010",
62 "8888888888888888",
63 1,
64 1,
65 },
66 {
67 "FFFFFFFFFFFFFFFF0000000000000000",
68 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
69 "1FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
70 1,
71 1,
72 },
73 {
74 "F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0",
75 "10101010101010101010101010101010",
76 "101010101010101010101010101010100",
77 1,
78 1,
79 },
80};
81
82struct hexinput_st test_bn_sub[] = {
83 {
84 "10",
85 "1",
86 "F",
87 1,
88 1,
89 },
90 {
91 "10",
92 "1",
93 "E",
94 1,
95 0,
96 },
97 {
98 "100000000001000000000",
99 "11100000001",
100 "FFFFFFFFFEFEFFFFFFFF",
101 1,
102 1,
103 },
104 {
105 "-FFFFFFFFFFFFFFFFFFFF",
106 "1",
107 "-100000000000000000000",
108 1,
109 1,
110 },
111};
112
113struct hexinput_st test_bn_usub[] = {
114 {
115 "10",
116 "1",
117 "F",
118 1,
119 1,
120 },
121 {
122 "10",
123 "1",
124 "E",
125 1,
126 0,
127 },
128 {
129 "100000000001000000000",
130 "11100000001",
131 "FFFFFFFFFEFEFFFFFFFF",
132 1,
133 1,
134 },
135 {
136 "100000000000000000000",
137 "1",
138 "FFFFFFFFFFFFFFFFFFFF",
139 1,
140 1,
141 },
142 {
143 "0",
144 "1",
145 "0",
146 0,
147 0,
148 },
149};
150
151void
152print_failure_case(BIGNUM *a, BIGNUM *b, BIGNUM *e, BIGNUM *r, int i,
153 const char *testname)
154{
155 BIO_printf(bio_err, "%s #%d failed:", testname, i);
156 BIO_printf(bio_err, "\na = ");
157 BN_print(bio_err, a);
158 BIO_printf(bio_err, "\nb = ");
159 BN_print(bio_err, b);
160 BIO_printf(bio_err, "\nexpected: e = ");
161 BN_print(bio_err, e);
162 BIO_printf(bio_err, "\nobtained: r = ");
163 BN_print(bio_err, r);
164 BIO_printf(bio_err, "\n");
165}
166
167int
168bn_op_test(int (*bn_op)(BIGNUM *, const BIGNUM *, const BIGNUM *),
169 struct hexinput_st tests[], unsigned int ntests, const char *testname)
170{
171 BIGNUM *a = NULL, *b = NULL, *e = NULL, *r = NULL;
172 unsigned int i;
173 int failed = 0;
174
175 if (((a = BN_new()) == NULL) ||
176 ((b = BN_new()) == NULL) ||
177 ((e = BN_new()) == NULL) ||
178 ((r = BN_new()) == NULL)) {
179 failed = 1;
180 ERR_print_errors(bio_err);
181 goto err;
182 }
183
184 for (i = 0; i < ntests; i++) {
185 int print = 0;
186
187 if (!BN_hex2bn(&a, tests[i].a_hex) ||
188 !BN_hex2bn(&b, tests[i].b_hex) ||
189 !BN_hex2bn(&e, tests[i].e_hex)) {
190 print = 1;
191 ERR_print_errors(bio_err);
192 }
193
194 if (tests[i].ret != bn_op(r, a, b))
195 print = 1;
196 if (tests[i].compare == 1 && BN_cmp(e, r) != 0)
197 print = 1;
198 if (print) {
199 failed = 1;
200 print_failure_case(a, b, e, r, i, testname);
201 }
202 }
203
204 err:
205 BN_free(a);
206 BN_free(b);
207 BN_free(e);
208 BN_free(r);
209 return failed;
210}
211
212int
213main(int argc, char *argv[])
214{
215 int failed = 0;
216
217 if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL) {
218 fprintf(stderr, "bnaddsub: failed to initialize bio_err");
219 return 1;
220 }
221
222 if (bn_op_test(BN_add, test_bn_add, nitems(test_bn_add),
223 "BN_add with test_bn_add[]"))
224 failed = 1;
225 if (bn_op_test(BN_uadd, test_bn_add, nitems(test_bn_add),
226 "BN_uadd with test_bn_add[]"))
227 failed = 1;
228 if (bn_op_test(BN_sub, test_bn_sub, nitems(test_bn_sub),
229 "BN_sub with test_bn_sub[]"))
230 failed = 1;
231 if (bn_op_test(BN_usub, test_bn_usub, nitems(test_bn_usub),
232 "BN_usub with test_bn_usub[]"))
233 failed = 1;
234
235 return failed;
236}
diff --git a/src/regress/lib/libcrypto/bn/general/Makefile b/src/regress/lib/libcrypto/bn/general/Makefile
deleted file mode 100644
index d578d0fe12..0000000000
--- a/src/regress/lib/libcrypto/bn/general/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
2
3.include "../../Makefile.inc"
4
5PROG= bntest
6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes
9CFLAGS+= -Werror
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c
deleted file mode 100644
index cff776068b..0000000000
--- a/src/regress/lib/libcrypto/bn/general/bntest.c
+++ /dev/null
@@ -1,2467 +0,0 @@
1/* $OpenBSD: bntest.c,v 1.20 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
66 *
67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72/* Until the key-gen callbacks are modified to use newer prototypes, we allow
73 * deprecated functions for openssl-internal code */
74#ifdef OPENSSL_NO_DEPRECATED
75#undef OPENSSL_NO_DEPRECATED
76#endif
77
78#include <stdio.h>
79#include <stdlib.h>
80#include <string.h>
81
82#include <openssl/bio.h>
83#include <openssl/bn.h>
84#include <openssl/x509.h>
85#include <openssl/err.h>
86
87int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *m, BN_CTX *ctx);
89int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
90 const BIGNUM *m, BN_CTX *ctx);
91int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
93int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95
96int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
97
98const int num0 = 100; /* number of tests */
99const int num1 = 50; /* additional tests for some functions */
100const int num2 = 5; /* number of tests for slow functions */
101
102int test_add(BIO *bp);
103int test_sub(BIO *bp);
104int test_lshift1(BIO *bp);
105int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
106int test_rshift1(BIO *bp);
107int test_rshift(BIO *bp, BN_CTX *ctx);
108int test_div(BIO *bp, BN_CTX *ctx);
109int test_div_word(BIO *bp);
110int test_div_recp(BIO *bp, BN_CTX *ctx);
111int test_mul(BIO *bp);
112int test_sqr(BIO *bp, BN_CTX *ctx);
113int test_mont(BIO *bp, BN_CTX *ctx);
114int test_mod(BIO *bp, BN_CTX *ctx);
115int test_mod_mul(BIO *bp, BN_CTX *ctx);
116int test_mod_exp(BIO *bp, BN_CTX *ctx);
117int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
118int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
119int test_mod_exp_sizes(BIO *bp, BN_CTX *ctx);
120int test_exp(BIO *bp, BN_CTX *ctx);
121int test_gf2m_add(BIO *bp);
122int test_gf2m_mod(BIO *bp);
123int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
124int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
125int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
126int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
127int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
128int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
129int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
130int test_kron(BIO *bp, BN_CTX *ctx);
131int test_sqrt(BIO *bp, BN_CTX *ctx);
132int rand_neg(void);
133static int results = 0;
134
135static unsigned char lst[] =
136 "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
137 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
138
139#define PRINT_ERROR printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
140 __LINE__)
141
142#define CHECK_GOTO(a) do { \
143 if (!(a)) { \
144 PRINT_ERROR; \
145 rc = 0; \
146 goto err; \
147 } \
148} while (0)
149
150static void
151message(BIO *out, char *m)
152{
153 fprintf(stderr, "test %s\n", m);
154 BIO_puts(out, "print \"test ");
155 BIO_puts(out, m);
156 BIO_puts(out, "\\n\"\n");
157}
158
159int
160main(int argc, char *argv[])
161{
162 BN_CTX *ctx;
163 BIO *out;
164 char *outfile = NULL;
165
166 results = 0;
167
168 argc--;
169 argv++;
170 while (argc >= 1) {
171 if (strcmp(*argv, "-results") == 0)
172 results = 1;
173 else if (strcmp(*argv, "-out") == 0) {
174 if (--argc < 1)
175 break;
176 outfile= *(++argv);
177 }
178 argc--;
179 argv++;
180 }
181
182
183 ctx = BN_CTX_new();
184 if (ctx == NULL)
185 exit(1);
186
187 out = BIO_new(BIO_s_file());
188 if (out == NULL)
189 exit(1);
190 if (outfile == NULL) {
191 BIO_set_fp(out, stdout, BIO_NOCLOSE);
192 } else {
193 if (!BIO_write_filename(out, outfile)) {
194 perror(outfile);
195 exit(1);
196 }
197 }
198
199 if (!results)
200 BIO_puts(out, "obase=16\nibase=16\n");
201
202 message(out, "BN_add");
203 if (!test_add(out))
204 goto err;
205 (void)BIO_flush(out);
206
207 message(out, "BN_sub");
208 if (!test_sub(out))
209 goto err;
210 (void)BIO_flush(out);
211
212 message(out, "BN_lshift1");
213 if (!test_lshift1(out))
214 goto err;
215 (void)BIO_flush(out);
216
217 message(out, "BN_lshift (fixed)");
218 if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
219 goto err;
220 (void)BIO_flush(out);
221
222 message(out, "BN_lshift");
223 if (!test_lshift(out, ctx, NULL))
224 goto err;
225 (void)BIO_flush(out);
226
227 message(out, "BN_rshift1");
228 if (!test_rshift1(out))
229 goto err;
230 (void)BIO_flush(out);
231
232 message(out, "BN_rshift");
233 if (!test_rshift(out, ctx))
234 goto err;
235 (void)BIO_flush(out);
236
237 message(out, "BN_sqr");
238 if (!test_sqr(out, ctx))
239 goto err;
240 (void)BIO_flush(out);
241
242 message(out, "BN_mul");
243 if (!test_mul(out))
244 goto err;
245 (void)BIO_flush(out);
246
247 message(out, "BN_div");
248 if (!test_div(out, ctx))
249 goto err;
250 (void)BIO_flush(out);
251
252 message(out, "BN_div_word");
253 if (!test_div_word(out))
254 goto err;
255 (void)BIO_flush(out);
256
257 message(out, "BN_div_recp");
258 if (!test_div_recp(out, ctx))
259 goto err;
260 (void)BIO_flush(out);
261
262 message(out, "BN_mod");
263 if (!test_mod(out, ctx))
264 goto err;
265 (void)BIO_flush(out);
266
267 message(out, "BN_mod_mul");
268 if (!test_mod_mul(out, ctx))
269 goto err;
270 (void)BIO_flush(out);
271
272 message(out, "BN_mont");
273 if (!test_mont(out, ctx))
274 goto err;
275 (void)BIO_flush(out);
276
277 message(out, "BN_mod_exp");
278 if (!test_mod_exp(out, ctx))
279 goto err;
280 (void)BIO_flush(out);
281
282 message(out, "BN_mod_exp_mont_consttime");
283 if (!test_mod_exp_mont_consttime(out, ctx))
284 goto err;
285 (void)BIO_flush(out);
286
287 message(out, "BN_mod_exp_mont5");
288 if (!test_mod_exp_mont5(out, ctx))
289 goto err;
290 (void)BIO_flush(out);
291
292 message(out, "BN_exp");
293 if (!test_exp(out, ctx))
294 goto err;
295 (void)BIO_flush(out);
296
297 message(out, "BN_kronecker");
298 if (!test_kron(out, ctx))
299 goto err;
300 (void)BIO_flush(out);
301
302 message(out, "BN_mod_sqrt");
303 if (!test_sqrt(out, ctx))
304 goto err;
305 (void)BIO_flush(out);
306
307 message(out, "Modexp with different sizes");
308 if (!test_mod_exp_sizes(out, ctx))
309 goto err;
310 (void)BIO_flush(out);
311
312#ifndef OPENSSL_NO_EC2M
313 message(out, "BN_GF2m_add");
314 if (!test_gf2m_add(out))
315 goto err;
316 (void)BIO_flush(out);
317
318 message(out, "BN_GF2m_mod");
319 if (!test_gf2m_mod(out))
320 goto err;
321 (void)BIO_flush(out);
322
323 message(out, "BN_GF2m_mod_mul");
324 if (!test_gf2m_mod_mul(out, ctx))
325 goto err;
326 (void)BIO_flush(out);
327
328 message(out, "BN_GF2m_mod_sqr");
329 if (!test_gf2m_mod_sqr(out, ctx))
330 goto err;
331 (void)BIO_flush(out);
332
333 message(out, "BN_GF2m_mod_inv");
334 if (!test_gf2m_mod_inv(out, ctx))
335 goto err;
336 (void)BIO_flush(out);
337
338 message(out, "BN_GF2m_mod_div");
339 if (!test_gf2m_mod_div(out, ctx))
340 goto err;
341 (void)BIO_flush(out);
342
343 message(out, "BN_GF2m_mod_exp");
344 if (!test_gf2m_mod_exp(out, ctx))
345 goto err;
346 (void)BIO_flush(out);
347
348 message(out, "BN_GF2m_mod_sqrt");
349 if (!test_gf2m_mod_sqrt(out, ctx))
350 goto err;
351 (void)BIO_flush(out);
352
353 message(out, "BN_GF2m_mod_solve_quad");
354 if (!test_gf2m_mod_solve_quad(out, ctx))
355 goto err;
356 (void)BIO_flush(out);
357#endif
358 BN_CTX_free(ctx);
359 BIO_free(out);
360
361 exit(0);
362err:
363 BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc notices
364 * the failure, see test_bn in test/Makefile.ssl*/
365
366 (void)BIO_flush(out);
367 ERR_load_crypto_strings();
368 ERR_print_errors_fp(stderr);
369 exit(1);
370}
371
372int
373test_add(BIO *bp)
374{
375 BIGNUM a, b, c;
376 int i;
377 int rc = 1;
378
379 BN_init(&a);
380 BN_init(&b);
381 BN_init(&c);
382
383 CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0));
384 for (i = 0; i < num0; i++) {
385 CHECK_GOTO(BN_bntest_rand(&b, 450 + i, 0, 0));
386 a.neg = rand_neg();
387 b.neg = rand_neg();
388 CHECK_GOTO(BN_add(&c, &a, &b));
389 if (bp != NULL) {
390 if (!results) {
391 CHECK_GOTO(BN_print(bp, &a));
392 BIO_puts(bp, " + ");
393 CHECK_GOTO(BN_print(bp, &b));
394 BIO_puts(bp, " - ");
395 }
396 CHECK_GOTO(BN_print(bp, &c));
397 BIO_puts(bp, "\n");
398 }
399 a.neg = !a.neg;
400 b.neg = !b.neg;
401 CHECK_GOTO(BN_add(&c, &c, &b));
402 CHECK_GOTO(BN_add(&c, &c, &a));
403 if (!BN_is_zero(&c)) {
404 fprintf(stderr, "Add test failed!\n");
405 rc = 0;
406 break;
407 }
408 }
409err:
410 BN_free(&a);
411 BN_free(&b);
412 BN_free(&c);
413 return (rc);
414}
415
416int
417test_sub(BIO *bp)
418{
419 BIGNUM a, b, c;
420 int i;
421 int rc = 1;
422
423 BN_init(&a);
424 BN_init(&b);
425 BN_init(&c);
426
427 for (i = 0; i < num0 + num1; i++) {
428 if (i < num1) {
429 CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0));
430 CHECK_GOTO(BN_copy(&b, &a));
431 if (BN_set_bit(&a, i) == 0) {
432 rc = 0;
433 break;
434 }
435 CHECK_GOTO(BN_add_word(&b, i));
436 } else {
437 CHECK_GOTO(BN_bntest_rand(&b, 400 + i - num1, 0, 0));
438 a.neg = rand_neg();
439 b.neg = rand_neg();
440 }
441 CHECK_GOTO(BN_sub(&c, &a, &b));
442 if (bp != NULL) {
443 if (!results) {
444 CHECK_GOTO(BN_print(bp, &a));
445 BIO_puts(bp, " - ");
446 CHECK_GOTO(BN_print(bp, &b));
447 BIO_puts(bp, " - ");
448 }
449 CHECK_GOTO(BN_print(bp, &c));
450 BIO_puts(bp, "\n");
451 }
452 CHECK_GOTO(BN_add(&c, &c, &b));
453 CHECK_GOTO(BN_sub(&c, &c, &a));
454 if (!BN_is_zero(&c)) {
455 fprintf(stderr, "Subtract test failed!\n");
456 rc = 0;
457 break;
458 }
459 }
460err:
461 BN_free(&a);
462 BN_free(&b);
463 BN_free(&c);
464 return (rc);
465}
466
467int
468test_div(BIO *bp, BN_CTX *ctx)
469{
470 BIGNUM a, b, c, d, e;
471 int i;
472 int rc = 1;
473
474 BN_init(&a);
475 BN_init(&b);
476 BN_init(&c);
477 BN_init(&d);
478 BN_init(&e);
479
480 CHECK_GOTO(BN_one(&a));
481 CHECK_GOTO(BN_zero(&b));
482
483 if (BN_div(&d, &c, &a, &b, ctx)) {
484 fprintf(stderr, "Division by zero succeeded!\n");
485 return (0);
486 }
487
488 for (i = 0; i < num0 + num1; i++) {
489 if (i < num1) {
490 CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0));
491 CHECK_GOTO(BN_copy(&b, &a));
492 CHECK_GOTO(BN_lshift(&a, &a, i));
493 CHECK_GOTO(BN_add_word(&a, i));
494 } else
495 CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0));
496 a.neg = rand_neg();
497 b.neg = rand_neg();
498 CHECK_GOTO(BN_div(&d, &c, &a, &b, ctx));
499 if (bp != NULL) {
500 if (!results) {
501 CHECK_GOTO(BN_print(bp, &a));
502 BIO_puts(bp, " / ");
503 CHECK_GOTO(BN_print(bp, &b));
504 BIO_puts(bp, " - ");
505 }
506 CHECK_GOTO(BN_print(bp, &d));
507 BIO_puts(bp, "\n");
508
509 if (!results) {
510 CHECK_GOTO(BN_print(bp, &a));
511 BIO_puts(bp, " % ");
512 CHECK_GOTO(BN_print(bp, &b));
513 BIO_puts(bp, " - ");
514 }
515 CHECK_GOTO(BN_print(bp, &c));
516 BIO_puts(bp, "\n");
517 }
518 CHECK_GOTO(BN_mul(&e, &d, &b, ctx));
519 CHECK_GOTO(BN_add(&d, &e, &c));
520 CHECK_GOTO(BN_sub(&d, &d, &a));
521 if (!BN_is_zero(&d)) {
522 fprintf(stderr, "Division test failed!\n");
523 rc = 0;
524 break;
525 }
526 }
527err:
528 BN_free(&a);
529 BN_free(&b);
530 BN_free(&c);
531 BN_free(&d);
532 BN_free(&e);
533 return (rc);
534}
535
536static void
537print_word(BIO *bp, BN_ULONG w)
538{
539#ifdef SIXTY_FOUR_BIT
540 if (sizeof(w) > sizeof(unsigned long)) {
541 unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
542
543 if (h)
544 BIO_printf(bp, "%lX%08lX", h, l);
545 else
546 BIO_printf(bp, "%lX", l);
547 return;
548 }
549#endif
550 BIO_printf(bp, BN_HEX_FMT1, w);
551}
552
553int
554test_div_word(BIO *bp)
555{
556 BIGNUM a, b;
557 BN_ULONG r, rmod, s = 0;
558 int i;
559 int rc = 1;
560
561 BN_init(&a);
562 BN_init(&b);
563
564 for (i = 0; i < num0; i++) {
565 do {
566 if (!BN_bntest_rand(&a, 512, -1, 0) ||
567 !BN_bntest_rand(&b, BN_BITS2, -1, 0)) {
568 rc = 0;
569 break;
570 }
571 s = b.d[0];
572 } while (!s);
573
574 if (!BN_copy(&b, &a)) {
575 rc = 0;
576 break;
577 }
578
579 rmod = BN_mod_word(&b, s);
580 r = BN_div_word(&b, s);
581
582 if (r == (BN_ULONG)-1 || rmod == (BN_ULONG)-1) {
583 rc = 0;
584 break;
585 }
586
587 if (rmod != r) {
588 fprintf(stderr, "Mod (word) test failed!\n");
589 rc = 0;
590 break;
591 }
592
593 if (bp != NULL) {
594 if (!results) {
595 CHECK_GOTO(BN_print(bp, &a));
596 BIO_puts(bp, " / ");
597 print_word(bp, s);
598 BIO_puts(bp, " - ");
599 }
600 CHECK_GOTO(BN_print(bp, &b));
601 BIO_puts(bp, "\n");
602
603 if (!results) {
604 CHECK_GOTO(BN_print(bp, &a));
605 BIO_puts(bp, " % ");
606 print_word(bp, s);
607 BIO_puts(bp, " - ");
608 }
609 print_word(bp, r);
610 BIO_puts(bp, "\n");
611 }
612 CHECK_GOTO(BN_mul_word(&b, s));
613 CHECK_GOTO(BN_add_word(&b, r));
614 CHECK_GOTO(BN_sub(&b, &a, &b));
615 if (!BN_is_zero(&b)) {
616 fprintf(stderr, "Division (word) test failed!\n");
617 rc = 0;
618 break;
619 }
620 }
621err:
622 BN_free(&a);
623 BN_free(&b);
624 return (rc);
625}
626
627int
628test_div_recp(BIO *bp, BN_CTX *ctx)
629{
630 BIGNUM a, b, c, d, e;
631 BN_RECP_CTX recp;
632 int i;
633 int rc = 1;
634
635 BN_RECP_CTX_init(&recp);
636 BN_init(&a);
637 BN_init(&b);
638 BN_init(&c);
639 BN_init(&d);
640 BN_init(&e);
641
642 for (i = 0; i < num0 + num1; i++) {
643 if (i < num1) {
644 CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0));
645 CHECK_GOTO(BN_copy(&b, &a));
646 CHECK_GOTO(BN_lshift(&a, &a, i));
647 CHECK_GOTO(BN_add_word(&a, i));
648 } else
649 CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0));
650 a.neg = rand_neg();
651 b.neg = rand_neg();
652 CHECK_GOTO(BN_RECP_CTX_set(&recp, &b, ctx));
653 CHECK_GOTO(BN_div_recp(&d, &c, &a, &recp, ctx));
654 if (bp != NULL) {
655 if (!results) {
656 CHECK_GOTO(BN_print(bp, &a));
657 BIO_puts(bp, " / ");
658 CHECK_GOTO(BN_print(bp, &b));
659 BIO_puts(bp, " - ");
660 }
661 CHECK_GOTO(BN_print(bp, &d));
662 BIO_puts(bp, "\n");
663
664 if (!results) {
665 CHECK_GOTO(BN_print(bp, &a));
666 BIO_puts(bp, " % ");
667 CHECK_GOTO(BN_print(bp, &b));
668 BIO_puts(bp, " - ");
669 }
670 CHECK_GOTO(BN_print(bp, &c));
671 BIO_puts(bp, "\n");
672 }
673 CHECK_GOTO(BN_mul(&e, &d, &b, ctx));
674 CHECK_GOTO(BN_add(&d, &e, &c));
675 CHECK_GOTO(BN_sub(&d, &d, &a));
676 if (!BN_is_zero(&d)) {
677 fprintf(stderr, "Reciprocal division test failed!\n");
678 fprintf(stderr, "a=");
679 CHECK_GOTO(BN_print_fp(stderr, &a));
680 fprintf(stderr, "\nb=");
681 CHECK_GOTO(BN_print_fp(stderr, &b));
682 fprintf(stderr, "\n");
683 rc = 0;
684 break;
685 }
686 }
687err:
688 BN_free(&a);
689 BN_free(&b);
690 BN_free(&c);
691 BN_free(&d);
692 BN_free(&e);
693 BN_RECP_CTX_free(&recp);
694 return (rc);
695}
696
697int
698test_mul(BIO *bp)
699{
700 BIGNUM a, b, c, d, e;
701 int i;
702 int rc = 1;
703 BN_CTX *ctx;
704
705 ctx = BN_CTX_new();
706 if (ctx == NULL)
707 exit(1);
708
709 BN_init(&a);
710 BN_init(&b);
711 BN_init(&c);
712 BN_init(&d);
713 BN_init(&e);
714
715 for (i = 0; i < num0 + num1; i++) {
716 if (i <= num1) {
717 CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0));
718 CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0));
719 } else
720 CHECK_GOTO(BN_bntest_rand(&b, i - num1, 0, 0));
721 a.neg = rand_neg();
722 b.neg = rand_neg();
723 CHECK_GOTO(BN_mul(&c, &a, &b, ctx));
724 if (bp != NULL) {
725 if (!results) {
726 CHECK_GOTO(BN_print(bp, &a));
727 BIO_puts(bp, " * ");
728 CHECK_GOTO(BN_print(bp, &b));
729 BIO_puts(bp, " - ");
730 }
731 CHECK_GOTO(BN_print(bp, &c));
732 BIO_puts(bp, "\n");
733 }
734 CHECK_GOTO(BN_div(&d, &e, &c, &a, ctx));
735 CHECK_GOTO(BN_sub(&d, &d, &b));
736 if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
737 fprintf(stderr, "Multiplication test failed!\n");
738 rc = 0;
739 break;
740 }
741 }
742err:
743 BN_free(&a);
744 BN_free(&b);
745 BN_free(&c);
746 BN_free(&d);
747 BN_free(&e);
748 BN_CTX_free(ctx);
749 return (rc);
750}
751
752int
753test_sqr(BIO *bp, BN_CTX *ctx)
754{
755 BIGNUM *a, *c, *d, *e;
756 int i, rc = 0;
757
758 a = BN_new();
759 c = BN_new();
760 d = BN_new();
761 e = BN_new();
762
763 for (i = 0; i < num0; i++) {
764 CHECK_GOTO(BN_bntest_rand(a, 40 + i * 10, 0, 0));
765 a->neg = rand_neg();
766 CHECK_GOTO(BN_sqr(c, a, ctx));
767 if (bp != NULL) {
768 if (!results) {
769 CHECK_GOTO(BN_print(bp, a));
770 BIO_puts(bp, " * ");
771 CHECK_GOTO(BN_print(bp, a));
772 BIO_puts(bp, " - ");
773 }
774 CHECK_GOTO(BN_print(bp, c));
775 BIO_puts(bp, "\n");
776 }
777 CHECK_GOTO(BN_div(d, e, c, a, ctx));
778 CHECK_GOTO(BN_sub(d, d, a));
779 if (!BN_is_zero(d) || !BN_is_zero(e)) {
780 fprintf(stderr, "Square test failed!\n");
781 goto err;
782 }
783 }
784
785 /* Regression test for a BN_sqr overflow bug. */
786 if (!BN_hex2bn(&a, "80000000000000008000000000000001"
787 "FFFFFFFFFFFFFFFE0000000000000000")) {
788 fprintf(stderr, "BN_hex2bn failed\n");
789 goto err;
790 }
791 CHECK_GOTO(BN_sqr(c, a, ctx));
792 if (bp != NULL) {
793 if (!results) {
794 CHECK_GOTO(BN_print(bp, a));
795 BIO_puts(bp, " * ");
796 CHECK_GOTO(BN_print(bp, a));
797 BIO_puts(bp, " - ");
798 }
799 CHECK_GOTO(BN_print(bp, c));
800 BIO_puts(bp, "\n");
801 }
802 CHECK_GOTO(BN_mul(d, a, a, ctx));
803 if (BN_cmp(c, d)) {
804 fprintf(stderr,
805 "Square test failed: BN_sqr and BN_mul produce "
806 "different results!\n");
807 goto err;
808 }
809
810 /* Regression test for a BN_sqr overflow bug. */
811 if (!BN_hex2bn(&a, "80000000000000000000000080000001"
812 "FFFFFFFE000000000000000000000000")) {
813 fprintf(stderr, "BN_hex2bn failed\n");
814 goto err;
815 }
816 CHECK_GOTO(BN_sqr(c, a, ctx));
817 if (bp != NULL) {
818 if (!results) {
819 CHECK_GOTO(BN_print(bp, a));
820 BIO_puts(bp, " * ");
821 CHECK_GOTO(BN_print(bp, a));
822 BIO_puts(bp, " - ");
823 }
824 CHECK_GOTO(BN_print(bp, c));
825 BIO_puts(bp, "\n");
826 }
827 CHECK_GOTO(BN_mul(d, a, a, ctx));
828 if (BN_cmp(c, d)) {
829 fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
830 "different results!\n");
831 goto err;
832 }
833 rc = 1;
834err:
835 BN_free(a);
836 BN_free(c);
837 BN_free(d);
838 BN_free(e);
839 return rc;
840}
841
842int
843test_mont(BIO *bp, BN_CTX *ctx)
844{
845 BIGNUM a, b, c, d, A, B;
846 BIGNUM n;
847 int i;
848 int rc = 1;
849 BN_MONT_CTX *mont;
850
851 mont = BN_MONT_CTX_new();
852 if (mont == NULL)
853 return 0;
854
855 BN_init(&a);
856 BN_init(&b);
857 BN_init(&c);
858 BN_init(&d);
859 BN_init(&A);
860 BN_init(&B);
861 BN_init(&n);
862
863 CHECK_GOTO(BN_zero(&n));
864 if (BN_MONT_CTX_set(mont, &n, ctx)) {
865 fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
866 return (0);
867 }
868
869 CHECK_GOTO(BN_set_word(&n, 16));
870 if (BN_MONT_CTX_set(mont, &n, ctx)) {
871 fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
872 return (0);
873 }
874
875 CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0));
876 CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0));
877 for (i = 0; i < num2; i++) {
878 int bits = (200 * (i + 1)) / num2;
879
880 if (bits == 0)
881 continue;
882 CHECK_GOTO(BN_bntest_rand(&n, bits, 0, 1));
883 CHECK_GOTO(BN_MONT_CTX_set(mont, &n, ctx));
884
885 CHECK_GOTO(BN_nnmod(&a, &a, &n, ctx));
886 CHECK_GOTO(BN_nnmod(&b, &b, &n, ctx));
887
888 CHECK_GOTO(BN_to_montgomery(&A, &a, mont, ctx));
889 CHECK_GOTO(BN_to_montgomery(&B, &b, mont, ctx));
890
891 CHECK_GOTO(BN_mod_mul_montgomery(&c, &A, &B, mont, ctx));
892 CHECK_GOTO(BN_from_montgomery(&A, &c, mont, ctx));
893 if (bp != NULL) {
894 if (!results) {
895 CHECK_GOTO(BN_print(bp, &a));
896 BIO_puts(bp, " * ");
897 CHECK_GOTO(BN_print(bp, &b));
898 BIO_puts(bp, " % ");
899 CHECK_GOTO(BN_print(bp, &(mont->N)));
900 BIO_puts(bp, " - ");
901 }
902 CHECK_GOTO(BN_print(bp, &A));
903 BIO_puts(bp, "\n");
904 }
905 CHECK_GOTO(BN_mod_mul(&d, &a, &b, &n, ctx));
906 CHECK_GOTO(BN_sub(&d, &d, &A));
907 if (!BN_is_zero(&d)) {
908 fprintf(stderr, "Montgomery multiplication test failed!\n");
909 rc = 0;
910 break;
911 }
912 }
913err:
914 BN_MONT_CTX_free(mont);
915 BN_free(&a);
916 BN_free(&b);
917 BN_free(&c);
918 BN_free(&d);
919 BN_free(&A);
920 BN_free(&B);
921 BN_free(&n);
922 return (rc);
923}
924
925int
926test_mod(BIO *bp, BN_CTX *ctx)
927{
928 BIGNUM *a, *b, *c, *d, *e;
929 int i;
930 int rc = 1;
931
932 a = BN_new();
933 b = BN_new();
934 c = BN_new();
935 d = BN_new();
936 e = BN_new();
937
938 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
939 for (i = 0; i < num0; i++) {
940 CHECK_GOTO(BN_bntest_rand(b, 450 + i * 10, 0, 0));
941 a->neg = rand_neg();
942 b->neg = rand_neg();
943 CHECK_GOTO(BN_mod(c, a, b, ctx));
944 if (bp != NULL) {
945 if (!results) {
946 CHECK_GOTO(BN_print(bp, a));
947 BIO_puts(bp, " % ");
948 CHECK_GOTO(BN_print(bp, b));
949 BIO_puts(bp, " - ");
950 }
951 CHECK_GOTO(BN_print(bp, c));
952 BIO_puts(bp, "\n");
953 }
954 CHECK_GOTO(BN_div(d, e, a, b, ctx));
955 CHECK_GOTO(BN_sub(e, e, c));
956 if (!BN_is_zero(e)) {
957 fprintf(stderr, "Modulo test failed!\n");
958 rc = 0;
959 break;
960 }
961 }
962err:
963 BN_free(a);
964 BN_free(b);
965 BN_free(c);
966 BN_free(d);
967 BN_free(e);
968 return (rc);
969}
970
971int
972test_mod_mul(BIO *bp, BN_CTX *ctx)
973{
974 BIGNUM *a, *b, *c, *d, *e;
975 int i, j;
976 int rc = 1;
977
978 a = BN_new();
979 b = BN_new();
980 c = BN_new();
981 d = BN_new();
982 e = BN_new();
983
984 CHECK_GOTO(BN_one(a));
985 CHECK_GOTO(BN_one(b));
986 CHECK_GOTO(BN_zero(c));
987 if (BN_mod_mul(e, a, b, c, ctx)) {
988 fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
989 return (0);
990 }
991
992 for (j = 0; j < 3; j++) {
993 CHECK_GOTO(BN_bntest_rand(c, 1024, 0, 0));
994 for (i = 0; i < num0; i++) {
995 CHECK_GOTO(BN_bntest_rand(a, 475 + i * 10, 0, 0));
996 CHECK_GOTO(BN_bntest_rand(b, 425 + i * 11, 0, 0));
997 a->neg = rand_neg();
998 b->neg = rand_neg();
999 if (!BN_mod_mul(e, a, b, c, ctx)) {
1000 unsigned long l;
1001
1002 while ((l = ERR_get_error()))
1003 fprintf(stderr, "ERROR:%s\n",
1004 ERR_error_string(l, NULL));
1005 exit(1);
1006 }
1007 if (bp != NULL) {
1008 if (!results) {
1009 CHECK_GOTO(BN_print(bp, a));
1010 BIO_puts(bp, " * ");
1011 CHECK_GOTO(BN_print(bp, b));
1012 BIO_puts(bp, " % ");
1013 CHECK_GOTO(BN_print(bp, c));
1014 if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
1015 /* If (a*b) % c is negative, c must be added
1016 * in order to obtain the normalized remainder
1017 * (new with OpenSSL 0.9.7, previous versions of
1018 * BN_mod_mul could generate negative results)
1019 */
1020 BIO_puts(bp, " + ");
1021 CHECK_GOTO(BN_print(bp, c));
1022 }
1023 BIO_puts(bp, " - ");
1024 }
1025 CHECK_GOTO(BN_print(bp, e));
1026 BIO_puts(bp, "\n");
1027 }
1028 CHECK_GOTO(BN_mul(d, a, b, ctx));
1029 CHECK_GOTO(BN_sub(d, d, e));
1030 CHECK_GOTO(BN_div(a, b, d, c, ctx));
1031 if (!BN_is_zero(b)) {
1032 fprintf(stderr, "Modulo multiply test failed!\n");
1033 ERR_print_errors_fp(stderr);
1034 rc = 0;
1035 goto err;
1036 }
1037 }
1038 }
1039err:
1040 BN_free(a);
1041 BN_free(b);
1042 BN_free(c);
1043 BN_free(d);
1044 BN_free(e);
1045 return (rc);
1046}
1047
1048int
1049test_mod_exp(BIO *bp, BN_CTX *ctx)
1050{
1051 BIGNUM *a, *b, *c, *d, *e;
1052 int i;
1053 int rc = 1;
1054
1055 a = BN_new();
1056 b = BN_new();
1057 c = BN_new();
1058 d = BN_new();
1059 e = BN_new();
1060
1061 CHECK_GOTO(BN_one(a));
1062 CHECK_GOTO(BN_one(b));
1063 CHECK_GOTO(BN_zero(c));
1064 if (BN_mod_exp(d, a, b, c, ctx)) {
1065 fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
1066 rc = 0;
1067 goto err;
1068 }
1069 if (BN_mod_exp_ct(d, a, b, c, ctx)) {
1070 fprintf(stderr, "BN_mod_exp_ct with zero modulus succeeded!\n");
1071 rc = 0;
1072 goto err;
1073 }
1074 if (BN_mod_exp_nonct(d, a, b, c, ctx)) {
1075 fprintf(stderr, "BN_mod_exp_nonct with zero modulus succeeded!\n");
1076 rc = 0;
1077 goto err;
1078 }
1079
1080 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1081 for (i = 0; i < num2; i++) {
1082 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1083 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1084
1085 if (!BN_mod_exp(d, a, b, c, ctx)) {
1086 rc = 0;
1087 break;
1088 }
1089
1090 if (bp != NULL) {
1091 if (!results) {
1092 CHECK_GOTO(BN_print(bp, a));
1093 BIO_puts(bp, " ^ ");
1094 CHECK_GOTO(BN_print(bp, b));
1095 BIO_puts(bp, " % ");
1096 CHECK_GOTO(BN_print(bp, c));
1097 BIO_puts(bp, " - ");
1098 }
1099 CHECK_GOTO(BN_print(bp, d));
1100 BIO_puts(bp, "\n");
1101 }
1102 CHECK_GOTO(BN_exp(e, a, b, ctx));
1103 CHECK_GOTO(BN_sub(e, e, d));
1104 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1105 if (!BN_is_zero(b)) {
1106 fprintf(stderr, "Modulo exponentiation test failed!\n");
1107 rc = 0;
1108 break;
1109 }
1110 }
1111
1112 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1113 for (i = 0; i < num2; i++) {
1114 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1115 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1116
1117 if (!BN_mod_exp_ct(d, a, b, c, ctx)) {
1118 rc = 0;
1119 break;
1120 }
1121
1122 if (bp != NULL) {
1123 if (!results) {
1124 CHECK_GOTO(BN_print(bp, a));
1125 BIO_puts(bp, " ^ ");
1126 CHECK_GOTO(BN_print(bp, b));
1127 BIO_puts(bp, " % ");
1128 CHECK_GOTO(BN_print(bp, c));
1129 BIO_puts(bp, " - ");
1130 }
1131 CHECK_GOTO(BN_print(bp, d));
1132 BIO_puts(bp, "\n");
1133 }
1134 CHECK_GOTO(BN_exp(e, a, b, ctx));
1135 CHECK_GOTO(BN_sub(e, e, d));
1136 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1137 if (!BN_is_zero(b)) {
1138 fprintf(stderr, "Modulo exponentiation test failed!\n");
1139 rc = 0;
1140 break;
1141 }
1142 }
1143
1144 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1145 for (i = 0; i < num2; i++) {
1146 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1147 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1148
1149 if (!BN_mod_exp_nonct(d, a, b, c, ctx)) {
1150 rc = 0;
1151 break;
1152 }
1153
1154 if (bp != NULL) {
1155 if (!results) {
1156 CHECK_GOTO(BN_print(bp, a));
1157 BIO_puts(bp, " ^ ");
1158 CHECK_GOTO(BN_print(bp, b));
1159 BIO_puts(bp, " % ");
1160 CHECK_GOTO(BN_print(bp, c));
1161 BIO_puts(bp, " - ");
1162 }
1163 CHECK_GOTO(BN_print(bp, d));
1164 BIO_puts(bp, "\n");
1165 }
1166 CHECK_GOTO(BN_exp(e, a, b, ctx));
1167 CHECK_GOTO(BN_sub(e, e, d));
1168 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1169 if (!BN_is_zero(b)) {
1170 fprintf(stderr, "Modulo exponentiation test failed!\n");
1171 rc = 0;
1172 break;
1173 }
1174 }
1175err:
1176 BN_free(a);
1177 BN_free(b);
1178 BN_free(c);
1179 BN_free(d);
1180 BN_free(e);
1181 return (rc);
1182}
1183
1184int
1185test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
1186{
1187 BIGNUM *a, *b, *c, *d, *e;
1188 int i;
1189 int rc = 1;
1190
1191 a = BN_new();
1192 b = BN_new();
1193 c = BN_new();
1194 d = BN_new();
1195 e = BN_new();
1196
1197 CHECK_GOTO(BN_one(a));
1198 CHECK_GOTO(BN_one(b));
1199 CHECK_GOTO(BN_zero(c));
1200 if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
1201 fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
1202 "succeeded\n");
1203 rc = 0;
1204 goto err;
1205 }
1206
1207 CHECK_GOTO(BN_set_word(c, 16));
1208 if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
1209 fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
1210 "succeeded\n");
1211 rc = 0;
1212 goto err;
1213 }
1214
1215 CHECK_GOTO(BN_bntest_rand(c, 30, 0, 1)); /* must be odd for montgomery */
1216 for (i = 0; i < num2; i++) {
1217 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1218 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1219
1220 if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
1221 rc = 0;
1222 break;
1223 }
1224
1225 if (bp != NULL) {
1226 if (!results) {
1227 CHECK_GOTO(BN_print(bp, a));
1228 BIO_puts(bp, " ^ ");
1229 CHECK_GOTO(BN_print(bp, b));
1230 BIO_puts(bp, " % ");
1231 CHECK_GOTO(BN_print(bp, c));
1232 BIO_puts(bp, " - ");
1233 }
1234 CHECK_GOTO(BN_print(bp, d));
1235 BIO_puts(bp, "\n");
1236 }
1237 CHECK_GOTO(BN_exp(e, a, b, ctx));
1238 CHECK_GOTO(BN_sub(e, e, d));
1239 CHECK_GOTO(BN_div(a, b, e, c, ctx));
1240 if (!BN_is_zero(b)) {
1241 fprintf(stderr, "Modulo exponentiation test failed!\n");
1242 rc = 0;
1243 break;
1244 }
1245 }
1246err:
1247 BN_free(a);
1248 BN_free(b);
1249 BN_free(c);
1250 BN_free(d);
1251 BN_free(e);
1252 return (rc);
1253}
1254
1255/*
1256 * Test constant-time modular exponentiation with 1024-bit inputs, which on
1257 * x86_64 cause a different code branch to be taken.
1258 */
1259int
1260test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
1261{
1262 BIGNUM *a, *p, *m, *d, *e, *b, *n, *c;
1263 int len, rc = 1;
1264 BN_MONT_CTX *mont;
1265
1266 a = BN_new();
1267 p = BN_new();
1268 m = BN_new();
1269 d = BN_new();
1270 e = BN_new();
1271 b = BN_new();
1272 n = BN_new();
1273 c = BN_new();
1274
1275 CHECK_GOTO(mont = BN_MONT_CTX_new());
1276
1277 CHECK_GOTO(BN_bntest_rand(m, 1024, 0, 1)); /* must be odd for montgomery */
1278 /* Zero exponent */
1279 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1280 CHECK_GOTO(BN_zero(p));
1281 if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
1282 rc = 0;
1283 goto err;
1284 }
1285 if (!BN_is_one(d)) {
1286 fprintf(stderr, "Modular exponentiation test failed!\n");
1287 rc = 0;
1288 goto err;
1289 }
1290 /* Regression test for carry bug in mulx4x_mont */
1291 len = BN_hex2bn(&a,
1292 "7878787878787878787878787878787878787878787878787878787878787878"
1293 "7878787878787878787878787878787878787878787878787878787878787878"
1294 "7878787878787878787878787878787878787878787878787878787878787878"
1295 "7878787878787878787878787878787878787878787878787878787878787878");
1296 CHECK_GOTO(len);
1297 len = BN_hex2bn(&b,
1298 "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
1299 "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
1300 "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
1301 "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
1302 CHECK_GOTO(len);
1303 len = BN_hex2bn(&n,
1304 "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
1305 "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
1306 "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
1307 "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
1308 CHECK_GOTO(len);
1309 CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx));
1310 CHECK_GOTO(BN_mod_mul_montgomery(c, a, b, mont, ctx));
1311 CHECK_GOTO(BN_mod_mul_montgomery(d, b, a, mont, ctx));
1312 if (BN_cmp(c, d)) {
1313 fprintf(stderr, "Montgomery multiplication test failed:"
1314 " a*b != b*a.\n");
1315 rc = 0;
1316 goto err;
1317 }
1318 /* Regression test for carry bug in sqr[x]8x_mont */
1319 len = BN_hex2bn(&n,
1320 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1321 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1322 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1323 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1324 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1325 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1326 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1327 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF00"
1328 "0000000000000000000000000000000000000000000000000000000000000000"
1329 "0000000000000000000000000000000000000000000000000000000000000000"
1330 "0000000000000000000000000000000000000000000000000000000000000000"
1331 "0000000000000000000000000000000000000000000000000000000000000000"
1332 "0000000000000000000000000000000000000000000000000000000000000000"
1333 "0000000000000000000000000000000000000000000000000000000000000000"
1334 "0000000000000000000000000000000000000000000000000000000000000000"
1335 "00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFF");
1336 CHECK_GOTO(len);
1337 len = BN_hex2bn(&a,
1338 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1339 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1340 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1341 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1342 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1343 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1344 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
1345 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF0000000000"
1346 "0000000000000000000000000000000000000000000000000000000000000000"
1347 "0000000000000000000000000000000000000000000000000000000000000000"
1348 "0000000000000000000000000000000000000000000000000000000000000000"
1349 "0000000000000000000000000000000000000000000000000000000000000000"
1350 "0000000000000000000000000000000000000000000000000000000000000000"
1351 "0000000000000000000000000000000000000000000000000000000000000000"
1352 "0000000000000000000000000000000000000000000000000000000000000000"
1353 "000000000000000000000000000000000000000000FFFFFFFFFFFFFF00000000");
1354 CHECK_GOTO(len);
1355 BN_free(b);
1356 CHECK_GOTO(b = BN_dup(a));
1357 CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx));
1358 CHECK_GOTO(BN_mod_mul_montgomery(c, a, a, mont, ctx));
1359 CHECK_GOTO(BN_mod_mul_montgomery(d, a, b, mont, ctx));
1360 if (BN_cmp(c, d)) {
1361 fprintf(stderr, "Montgomery multiplication test failed:"
1362 " a**2 != a*a.\n");
1363 rc = 0;
1364 goto err;
1365 }
1366 /* Zero input */
1367 CHECK_GOTO(BN_bntest_rand(p, 1024, 0, 0));
1368 CHECK_GOTO(BN_zero(a));
1369 if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
1370 rc = 0;
1371 goto err;
1372 }
1373 if (!BN_is_zero(d)) {
1374 fprintf(stderr, "Modular exponentiation test failed!\n");
1375 rc = 0;
1376 goto err;
1377 }
1378 /*
1379 * Craft an input whose Montgomery representation is 1, i.e., shorter
1380 * than the modulus m, in order to test the const time precomputation
1381 * scattering/gathering.
1382 */
1383 CHECK_GOTO(BN_one(a));
1384 CHECK_GOTO(BN_MONT_CTX_set(mont, m, ctx));
1385 if (!BN_from_montgomery(e, a, mont, ctx)) {
1386 rc = 0;
1387 goto err;
1388 }
1389 if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) {
1390 rc = 0;
1391 goto err;
1392 }
1393 if (!BN_mod_exp_simple(a, e, p, m, ctx)) {
1394 rc = 0;
1395 goto err;
1396 }
1397 if (BN_cmp(a, d) != 0) {
1398 fprintf(stderr, "Modular exponentiation test failed!\n");
1399 rc = 0;
1400 goto err;
1401 }
1402 /* Finally, some regular test vectors. */
1403 CHECK_GOTO(BN_bntest_rand(e, 1024, 0, 0));
1404 if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) {
1405 rc = 0;
1406 goto err;
1407 }
1408 if (!BN_mod_exp_simple(a, e, p, m, ctx)) {
1409 rc = 0;
1410 goto err;
1411 }
1412 if (BN_cmp(a, d) != 0) {
1413 fprintf(stderr, "Modular exponentiation test failed!\n");
1414 rc = 0;
1415 goto err;
1416 }
1417err:
1418 BN_free(a);
1419 BN_free(p);
1420 BN_free(m);
1421 BN_free(d);
1422 BN_free(e);
1423 BN_free(b);
1424 BN_free(n);
1425 BN_free(c);
1426 BN_MONT_CTX_free(mont);
1427 return (rc);
1428}
1429
1430int
1431test_exp(BIO *bp, BN_CTX *ctx)
1432{
1433 BIGNUM *a, *b, *d, *e, *one;
1434 int i;
1435 int rc = 1;
1436
1437 a = BN_new();
1438 b = BN_new();
1439 d = BN_new();
1440 e = BN_new();
1441 one = BN_new();
1442 CHECK_GOTO(BN_one(one));
1443
1444 for (i = 0; i < num2; i++) {
1445 CHECK_GOTO(BN_bntest_rand(a, 20 + i * 5, 0, 0));
1446 CHECK_GOTO(BN_bntest_rand(b, 2 + i, 0, 0));
1447
1448 if (BN_exp(d, a, b, ctx) <= 0) {
1449 rc = 0;
1450 break;
1451 }
1452
1453 if (bp != NULL) {
1454 if (!results) {
1455 CHECK_GOTO(BN_print(bp, a));
1456 BIO_puts(bp, " ^ ");
1457 CHECK_GOTO(BN_print(bp, b));
1458 BIO_puts(bp, " - ");
1459 }
1460 CHECK_GOTO(BN_print(bp, d));
1461 BIO_puts(bp, "\n");
1462 }
1463 CHECK_GOTO(BN_one(e));
1464 for (; !BN_is_zero(b); BN_sub(b, b, one))
1465 CHECK_GOTO(BN_mul(e, e, a, ctx));
1466 CHECK_GOTO(BN_sub(e, e, d));
1467 if (!BN_is_zero(e)) {
1468 fprintf(stderr, "Exponentiation test failed!\n");
1469 rc = 0;
1470 break;
1471 }
1472 }
1473err:
1474 BN_free(a);
1475 BN_free(b);
1476 BN_free(d);
1477 BN_free(e);
1478 BN_free(one);
1479 return (rc);
1480}
1481
1482#ifndef OPENSSL_NO_EC2M
1483int
1484test_gf2m_add(BIO *bp)
1485{
1486 BIGNUM a, b, c;
1487 int i, rc = 0;
1488
1489 BN_init(&a);
1490 BN_init(&b);
1491 BN_init(&c);
1492
1493 for (i = 0; i < num0; i++) {
1494 CHECK_GOTO(BN_rand(&a, 512, 0, 0));
1495 CHECK_GOTO(BN_copy(&b, BN_value_one()));
1496 a.neg = rand_neg();
1497 b.neg = rand_neg();
1498 CHECK_GOTO(BN_GF2m_add(&c, &a, &b));
1499#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1500 if (bp != NULL) {
1501 if (!results) {
1502 CHECK_GOTO(BN_print(bp, &a));
1503 BIO_puts(bp, " ^ ");
1504 CHECK_GOTO(BN_print(bp, &b));
1505 BIO_puts(bp, " = ");
1506 }
1507 CHECK_GOTO(BN_print(bp, &c));
1508 BIO_puts(bp, "\n");
1509 }
1510#endif
1511 /* Test that two added values have the correct parity. */
1512 if ((BN_is_odd(&a) && BN_is_odd(&c))
1513 || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
1514 fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
1515 goto err;
1516 }
1517 CHECK_GOTO(BN_GF2m_add(&c, &c, &c));
1518 /* Test that c + c = 0. */
1519 if (!BN_is_zero(&c)) {
1520 fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
1521 goto err;
1522 }
1523 }
1524 rc = 1;
1525err:
1526 BN_free(&a);
1527 BN_free(&b);
1528 BN_free(&c);
1529 return rc;
1530}
1531
1532int
1533test_gf2m_mod(BIO *bp)
1534{
1535 BIGNUM *a, *b[2], *c, *d, *e;
1536 int i, j, rc = 0;
1537 int p0[] = { 163, 7, 6, 3, 0, -1 };
1538 int p1[] = { 193, 15, 0, -1 };
1539
1540 a = BN_new();
1541 b[0] = BN_new();
1542 b[1] = BN_new();
1543 c = BN_new();
1544 d = BN_new();
1545 e = BN_new();
1546
1547 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1548 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1549
1550 for (i = 0; i < num0; i++) {
1551 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1552 for (j = 0; j < 2; j++) {
1553 CHECK_GOTO(BN_GF2m_mod(c, a, b[j]));
1554#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1555 if (bp != NULL) {
1556 if (!results) {
1557 CHECK_GOTO(BN_print(bp, a));
1558 BIO_puts(bp, " % ");
1559 CHECK_GOTO(BN_print(bp, b[j]));
1560 BIO_puts(bp, " - ");
1561 CHECK_GOTO(BN_print(bp, c));
1562 BIO_puts(bp, "\n");
1563 }
1564 }
1565#endif
1566 CHECK_GOTO(BN_GF2m_add(d, a, c));
1567 CHECK_GOTO(BN_GF2m_mod(e, d, b[j]));
1568 /* Test that a + (a mod p) mod p == 0. */
1569 if (!BN_is_zero(e)) {
1570 fprintf(stderr, "GF(2^m) modulo test failed!\n");
1571 goto err;
1572 }
1573 }
1574 }
1575 rc = 1;
1576err:
1577 BN_free(a);
1578 BN_free(b[0]);
1579 BN_free(b[1]);
1580 BN_free(c);
1581 BN_free(d);
1582 BN_free(e);
1583 return rc;
1584}
1585
1586int
1587test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
1588{
1589 BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
1590 int i, j, rc = 0;
1591 int p0[] = { 163, 7, 6, 3, 0, -1 };
1592 int p1[] = { 193, 15, 0, -1 };
1593
1594 a = BN_new();
1595 b[0] = BN_new();
1596 b[1] = BN_new();
1597 c = BN_new();
1598 d = BN_new();
1599 e = BN_new();
1600 f = BN_new();
1601 g = BN_new();
1602 h = BN_new();
1603
1604 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1605 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1606
1607 for (i = 0; i < num0; i++) {
1608 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1609 CHECK_GOTO(BN_bntest_rand(c, 1024, 0, 0));
1610 CHECK_GOTO(BN_bntest_rand(d, 1024, 0, 0));
1611 for (j = 0; j < 2; j++) {
1612 CHECK_GOTO(BN_GF2m_mod_mul(e, a, c, b[j], ctx));
1613#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1614 if (bp != NULL) {
1615 if (!results) {
1616 CHECK_GOTO(BN_print(bp, a));
1617 BIO_puts(bp, " * ");
1618 CHECK_GOTO(BN_print(bp, c));
1619 BIO_puts(bp, " % ");
1620 CHECK_GOTO(BN_print(bp, b[j]));
1621 BIO_puts(bp, " - ");
1622 CHECK_GOTO(BN_print(bp, e));
1623 BIO_puts(bp, "\n");
1624 }
1625 }
1626#endif
1627 CHECK_GOTO(BN_GF2m_add(f, a, d));
1628 CHECK_GOTO(BN_GF2m_mod_mul(g, f, c, b[j], ctx));
1629 CHECK_GOTO(BN_GF2m_mod_mul(h, d, c, b[j], ctx));
1630 CHECK_GOTO(BN_GF2m_add(f, e, g));
1631 CHECK_GOTO(BN_GF2m_add(f, f, h));
1632 /* Test that (a+d)*c = a*c + d*c. */
1633 if (!BN_is_zero(f)) {
1634 fprintf(stderr, "GF(2^m) modular multiplication test failed!\n");
1635 goto err;
1636 }
1637 }
1638 }
1639 rc = 1;
1640err:
1641 BN_free(a);
1642 BN_free(b[0]);
1643 BN_free(b[1]);
1644 BN_free(c);
1645 BN_free(d);
1646 BN_free(e);
1647 BN_free(f);
1648 BN_free(g);
1649 BN_free(h);
1650 return rc;
1651}
1652
1653int
1654test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
1655{
1656 BIGNUM *a, *b[2], *c, *d;
1657 int i, j, rc = 0;
1658 int p0[] = { 163, 7, 6, 3, 0, -1 };
1659 int p1[] = { 193, 15, 0, -1 };
1660
1661 a = BN_new();
1662 b[0] = BN_new();
1663 b[1] = BN_new();
1664 c = BN_new();
1665 d = BN_new();
1666
1667 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1668 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1669
1670 for (i = 0; i < num0; i++) {
1671 CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0));
1672 for (j = 0; j < 2; j++) {
1673 CHECK_GOTO(BN_GF2m_mod_sqr(c, a, b[j], ctx));
1674 CHECK_GOTO(BN_copy(d, a));
1675 CHECK_GOTO(BN_GF2m_mod_mul(d, a, d, b[j], ctx));
1676#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1677 if (bp != NULL) {
1678 if (!results) {
1679 CHECK_GOTO(BN_print(bp, a));
1680 BIO_puts(bp, " ^ 2 % ");
1681 CHECK_GOTO(BN_print(bp, b[j]));
1682 BIO_puts(bp, " = ");
1683 CHECK_GOTO(BN_print(bp, c));
1684 BIO_puts(bp, "; a * a = ");
1685 CHECK_GOTO(BN_print(bp, d));
1686 BIO_puts(bp, "\n");
1687 }
1688 }
1689#endif
1690 CHECK_GOTO(BN_GF2m_add(d, c, d));
1691 /* Test that a*a = a^2. */
1692 if (!BN_is_zero(d)) {
1693 fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
1694 goto err;
1695 }
1696 }
1697 }
1698 rc = 1;
1699err:
1700 BN_free(a);
1701 BN_free(b[0]);
1702 BN_free(b[1]);
1703 BN_free(c);
1704 BN_free(d);
1705 return rc;
1706}
1707
1708int
1709test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
1710{
1711 BIGNUM *a, *b[2], *c, *d;
1712 int i, j, rc = 0;
1713 int p0[] = { 163, 7, 6, 3, 0, -1 };
1714 int p1[] = { 193, 15, 0, -1 };
1715
1716 a = BN_new();
1717 b[0] = BN_new();
1718 b[1] = BN_new();
1719 c = BN_new();
1720 d = BN_new();
1721
1722 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1723 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1724
1725 for (i = 0; i < num0; i++) {
1726 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1727 for (j = 0; j < 2; j++) {
1728 CHECK_GOTO(BN_GF2m_mod_inv(c, a, b[j], ctx));
1729 CHECK_GOTO(BN_GF2m_mod_mul(d, a, c, b[j], ctx));
1730#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1731 if (bp != NULL) {
1732 if (!results) {
1733 CHECK_GOTO(BN_print(bp, a));
1734 BIO_puts(bp, " * ");
1735 CHECK_GOTO(BN_print(bp, c));
1736 BIO_puts(bp, " - 1 % ");
1737 CHECK_GOTO(BN_print(bp, b[j]));
1738 BIO_puts(bp, "\n");
1739 }
1740 }
1741#endif
1742 /* Test that ((1/a)*a) = 1. */
1743 if (!BN_is_one(d)) {
1744 fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
1745 goto err;
1746 }
1747 }
1748 }
1749 rc = 1;
1750err:
1751 BN_free(a);
1752 BN_free(b[0]);
1753 BN_free(b[1]);
1754 BN_free(c);
1755 BN_free(d);
1756 return rc;
1757}
1758
1759int
1760test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
1761{
1762 BIGNUM *a, *b[2], *c, *d, *e, *f;
1763 int i, j, rc = 0;
1764 int p0[] = { 163, 7, 6, 3, 0, -1 };
1765 int p1[] = { 193, 15, 0, -1 };
1766
1767 a = BN_new();
1768 b[0] = BN_new();
1769 b[1] = BN_new();
1770 c = BN_new();
1771 d = BN_new();
1772 e = BN_new();
1773 f = BN_new();
1774
1775 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1776 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1777
1778 for (i = 0; i < num0; i++) {
1779 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1780 CHECK_GOTO(BN_bntest_rand(c, 512, 0, 0));
1781 for (j = 0; j < 2; j++) {
1782 CHECK_GOTO(BN_GF2m_mod_div(d, a, c, b[j], ctx));
1783 CHECK_GOTO(BN_GF2m_mod_mul(e, d, c, b[j], ctx));
1784 CHECK_GOTO(BN_GF2m_mod_div(f, a, e, b[j], ctx));
1785#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1786 if (bp != NULL) {
1787 if (!results) {
1788 CHECK_GOTO(BN_print(bp, a));
1789 BIO_puts(bp, " = ");
1790 CHECK_GOTO(BN_print(bp, c));
1791 BIO_puts(bp, " * ");
1792 CHECK_GOTO(BN_print(bp, d));
1793 BIO_puts(bp, " % ");
1794 CHECK_GOTO(BN_print(bp, b[j]));
1795 BIO_puts(bp, "\n");
1796 }
1797 }
1798#endif
1799 /* Test that ((a/c)*c)/a = 1. */
1800 if (!BN_is_one(f)) {
1801 fprintf(stderr, "GF(2^m) modular division test failed!\n");
1802 goto err;
1803 }
1804 }
1805 }
1806 rc = 1;
1807err:
1808 BN_free(a);
1809 BN_free(b[0]);
1810 BN_free(b[1]);
1811 BN_free(c);
1812 BN_free(d);
1813 BN_free(e);
1814 BN_free(f);
1815 return rc;
1816}
1817
1818int
1819test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
1820{
1821 BIGNUM *a, *b[2], *c, *d, *e, *f;
1822 int i, j, rc = 0;
1823 int p0[] = { 163, 7, 6, 3, 0, -1 };
1824 int p1[] = { 193, 15, 0, -1 };
1825
1826 a = BN_new();
1827 b[0] = BN_new();
1828 b[1] = BN_new();
1829 c = BN_new();
1830 d = BN_new();
1831 e = BN_new();
1832 f = BN_new();
1833
1834 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1835 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1836
1837 for (i = 0; i < num0; i++) {
1838 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1839 CHECK_GOTO(BN_bntest_rand(c, 512, 0, 0));
1840 CHECK_GOTO(BN_bntest_rand(d, 512, 0, 0));
1841 for (j = 0; j < 2; j++) {
1842 CHECK_GOTO(BN_GF2m_mod_exp(e, a, c, b[j], ctx));
1843 CHECK_GOTO(BN_GF2m_mod_exp(f, a, d, b[j], ctx));
1844 CHECK_GOTO(BN_GF2m_mod_mul(e, e, f, b[j], ctx));
1845 CHECK_GOTO(BN_add(f, c, d));
1846 CHECK_GOTO(BN_GF2m_mod_exp(f, a, f, b[j], ctx));
1847#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1848 if (bp != NULL) {
1849 if (!results) {
1850 CHECK_GOTO(BN_print(bp, a));
1851 BIO_puts(bp, " ^ (");
1852 CHECK_GOTO(BN_print(bp, c));
1853 BIO_puts(bp, " + ");
1854 CHECK_GOTO(BN_print(bp, d));
1855 BIO_puts(bp, ") = ");
1856 CHECK_GOTO(BN_print(bp, e));
1857 BIO_puts(bp, "; - ");
1858 CHECK_GOTO(BN_print(bp, f));
1859 BIO_puts(bp, " % ");
1860 CHECK_GOTO(BN_print(bp, b[j]));
1861 BIO_puts(bp, "\n");
1862 }
1863 }
1864#endif
1865 CHECK_GOTO(BN_GF2m_add(f, e, f));
1866 /* Test that a^(c+d)=a^c*a^d. */
1867 if (!BN_is_zero(f)) {
1868 fprintf(stderr, "GF(2^m) modular exponentiation test failed!\n");
1869 goto err;
1870 }
1871 }
1872 }
1873 rc = 1;
1874err:
1875 BN_free(a);
1876 BN_free(b[0]);
1877 BN_free(b[1]);
1878 BN_free(c);
1879 BN_free(d);
1880 BN_free(e);
1881 BN_free(f);
1882 return rc;
1883}
1884
1885int
1886test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
1887{
1888 BIGNUM *a, *b[2], *c, *d, *e, *f;
1889 int i, j, rc = 0;
1890 int p0[] = { 163, 7, 6, 3, 0, -1 };
1891 int p1[] = { 193, 15, 0, -1 };
1892
1893 a = BN_new();
1894 b[0] = BN_new();
1895 b[1] = BN_new();
1896 c = BN_new();
1897 d = BN_new();
1898 e = BN_new();
1899 f = BN_new();
1900
1901 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1902 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1903
1904 for (i = 0; i < num0; i++) {
1905 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1906 for (j = 0; j < 2; j++) {
1907 CHECK_GOTO(BN_GF2m_mod(c, a, b[j]));
1908 CHECK_GOTO(BN_GF2m_mod_sqrt(d, a, b[j], ctx));
1909 CHECK_GOTO(BN_GF2m_mod_sqr(e, d, b[j], ctx));
1910#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1911 if (bp != NULL) {
1912 if (!results) {
1913 CHECK_GOTO(BN_print(bp, d));
1914 BIO_puts(bp, " ^ 2 - ");
1915 CHECK_GOTO(BN_print(bp, a));
1916 BIO_puts(bp, "\n");
1917 }
1918 }
1919#endif
1920 CHECK_GOTO(BN_GF2m_add(f, c, e));
1921 /* Test that d^2 = a, where d = sqrt(a). */
1922 if (!BN_is_zero(f)) {
1923 fprintf(stderr, "GF(2^m) modular square root test failed!\n");
1924 goto err;
1925 }
1926 }
1927 }
1928 rc = 1;
1929err:
1930 BN_free(a);
1931 BN_free(b[0]);
1932 BN_free(b[1]);
1933 BN_free(c);
1934 BN_free(d);
1935 BN_free(e);
1936 BN_free(f);
1937 return rc;
1938}
1939
1940int
1941test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
1942{
1943 BIGNUM *a, *b[2], *c, *d, *e;
1944 int i, j, s = 0, t, rc = 0;
1945 int p0[] = { 163, 7, 6, 3, 0, -1 };
1946 int p1[] = { 193, 15, 0, -1 };
1947
1948 a = BN_new();
1949 b[0] = BN_new();
1950 b[1] = BN_new();
1951 c = BN_new();
1952 d = BN_new();
1953 e = BN_new();
1954
1955 CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0]));
1956 CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1]));
1957
1958 for (i = 0; i < num0; i++) {
1959 CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0));
1960 for (j = 0; j < 2; j++) {
1961 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1962 if (t) {
1963 s++;
1964 CHECK_GOTO(BN_GF2m_mod_sqr(d, c, b[j], ctx));
1965 CHECK_GOTO(BN_GF2m_add(d, c, d));
1966 CHECK_GOTO(BN_GF2m_mod(e, a, b[j]));
1967#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1968 if (bp != NULL) {
1969 if (!results) {
1970 CHECK_GOTO(BN_print(bp, c));
1971 BIO_puts(bp, " is root of z^2 + z = ");
1972 CHECK_GOTO(BN_print(bp, a));
1973 BIO_puts(bp, " % ");
1974 CHECK_GOTO(BN_print(bp, b[j]));
1975 BIO_puts(bp, "\n");
1976 }
1977 }
1978#endif
1979 CHECK_GOTO(BN_GF2m_add(e, e, d));
1980 /* Test that solution of quadratic c satisfies c^2 + c = a. */
1981 if (!BN_is_zero(e)) {
1982 fprintf(stderr, "GF(2^m) modular solve quadratic test failed!\n");
1983 goto err;
1984 }
1985
1986 } else {
1987#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1988 if (bp != NULL) {
1989 if (!results) {
1990 BIO_puts(bp, "There are no roots of z^2 + z = ");
1991 CHECK_GOTO(BN_print(bp, a));
1992 BIO_puts(bp, " % ");
1993 CHECK_GOTO(BN_print(bp, b[j]));
1994 BIO_puts(bp, "\n");
1995 }
1996 }
1997#endif
1998 }
1999 }
2000 }
2001 if (s == 0) {
2002 fprintf(stderr, "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
2003 fprintf(stderr, "this is very unlikely and probably indicates an error.\n");
2004 goto err;
2005 }
2006 rc = 1;
2007err:
2008 BN_free(a);
2009 BN_free(b[0]);
2010 BN_free(b[1]);
2011 BN_free(c);
2012 BN_free(d);
2013 BN_free(e);
2014 return rc;
2015}
2016#endif
2017static int
2018genprime_cb(int p, int n, BN_GENCB *arg)
2019{
2020 char c = '*';
2021
2022 if (p == 0)
2023 c = '.';
2024 if (p == 1)
2025 c = '+';
2026 if (p == 2)
2027 c = '*';
2028 if (p == 3)
2029 c = '\n';
2030 putc(c, stderr);
2031 fflush(stderr);
2032 return (1);
2033}
2034
2035int
2036test_kron(BIO *bp, BN_CTX *ctx)
2037{
2038 BN_GENCB cb;
2039 BIGNUM *a, *b, *r, *t;
2040 int i;
2041 int legendre, kronecker;
2042 int rc = 0;
2043
2044 a = BN_new();
2045 b = BN_new();
2046 r = BN_new();
2047 t = BN_new();
2048 if (a == NULL || b == NULL || r == NULL || t == NULL)
2049 goto err;
2050
2051 BN_GENCB_set(&cb, genprime_cb, NULL);
2052
2053 /*
2054 * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
2055 * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
2056 * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
2057 * generate a random prime b and compare these values for a number of
2058 * random a's. (That is, we run the Solovay-Strassen primality test to
2059 * confirm that b is prime, except that we don't want to test whether b
2060 * is prime but whether BN_kronecker works.)
2061 */
2062
2063 if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
2064 goto err;
2065 b->neg = rand_neg();
2066 putc('\n', stderr);
2067
2068 for (i = 0; i < num0; i++) {
2069 if (!BN_bntest_rand(a, 512, 0, 0))
2070 goto err;
2071 a->neg = rand_neg();
2072
2073 /* t := (|b|-1)/2 (note that b is odd) */
2074 if (!BN_copy(t, b))
2075 goto err;
2076 t->neg = 0;
2077 if (!BN_sub_word(t, 1))
2078 goto err;
2079 if (!BN_rshift1(t, t))
2080 goto err;
2081 /* r := a^t mod b */
2082 b->neg = 0;
2083
2084 if (!BN_mod_exp_recp(r, a, t, b, ctx))
2085 goto err;
2086 b->neg = 1;
2087
2088 if (BN_is_word(r, 1))
2089 legendre = 1;
2090 else if (BN_is_zero(r))
2091 legendre = 0;
2092 else {
2093 if (!BN_add_word(r, 1))
2094 goto err;
2095 if (0 != BN_ucmp(r, b)) {
2096 fprintf(stderr, "Legendre symbol computation failed\n");
2097 goto err;
2098 }
2099 legendre = -1;
2100 }
2101
2102 kronecker = BN_kronecker(a, b, ctx);
2103 if (kronecker < -1)
2104 goto err;
2105 /* we actually need BN_kronecker(a, |b|) */
2106 if (a->neg && b->neg)
2107 kronecker = -kronecker;
2108
2109 if (legendre != kronecker) {
2110 fprintf(stderr, "legendre != kronecker; a = ");
2111 CHECK_GOTO(BN_print_fp(stderr, a));
2112 fprintf(stderr, ", b = ");
2113 CHECK_GOTO(BN_print_fp(stderr, b));
2114 fprintf(stderr, "\n");
2115 goto err;
2116 }
2117
2118 putc('.', stderr);
2119 fflush(stderr);
2120 }
2121
2122 putc('\n', stderr);
2123 fflush(stderr);
2124 rc = 1;
2125err:
2126 BN_free(a);
2127 BN_free(b);
2128 BN_free(r);
2129 BN_free(t);
2130 return rc;
2131}
2132
2133int
2134test_sqrt(BIO *bp, BN_CTX *ctx)
2135{
2136 BN_GENCB cb;
2137 BIGNUM *a, *p, *r;
2138 int i, j;
2139 int rc = 0;
2140
2141 a = BN_new();
2142 p = BN_new();
2143 r = BN_new();
2144 if (a == NULL || p == NULL || r == NULL)
2145 goto err;
2146
2147 BN_GENCB_set(&cb, genprime_cb, NULL);
2148
2149 for (i = 0; i < 16; i++) {
2150 if (i < 8) {
2151 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
2152
2153 if (!BN_set_word(p, primes[i]))
2154 goto err;
2155 } else {
2156 if (!BN_set_word(a, 32))
2157 goto err;
2158 if (!BN_set_word(r, 2 * i + 1))
2159 goto err;
2160
2161 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
2162 goto err;
2163 putc('\n', stderr);
2164 }
2165 p->neg = rand_neg();
2166
2167 for (j = 0; j < num2; j++) {
2168 /*
2169 * construct 'a' such that it is a square modulo p, but in
2170 * general not a proper square and not reduced modulo p
2171 */
2172 if (!BN_bntest_rand(r, 256, 0, 3))
2173 goto err;
2174 if (!BN_nnmod(r, r, p, ctx))
2175 goto err;
2176 if (!BN_mod_sqr(r, r, p, ctx))
2177 goto err;
2178 if (!BN_bntest_rand(a, 256, 0, 3))
2179 goto err;
2180 if (!BN_nnmod(a, a, p, ctx))
2181 goto err;
2182 if (!BN_mod_sqr(a, a, p, ctx))
2183 goto err;
2184 if (!BN_mul(a, a, r, ctx))
2185 goto err;
2186 if (rand_neg())
2187 if (!BN_sub(a, a, p))
2188 goto err;
2189
2190 if (!BN_mod_sqrt(r, a, p, ctx))
2191 goto err;
2192 if (!BN_mod_sqr(r, r, p, ctx))
2193 goto err;
2194
2195 if (!BN_nnmod(a, a, p, ctx))
2196 goto err;
2197
2198 if (BN_cmp(a, r) != 0) {
2199 fprintf(stderr, "BN_mod_sqrt failed: a = ");
2200 CHECK_GOTO(BN_print_fp(stderr, a));
2201 fprintf(stderr, ", r = ");
2202 CHECK_GOTO(BN_print_fp(stderr, r));
2203 fprintf(stderr, ", p = ");
2204 CHECK_GOTO(BN_print_fp(stderr, p));
2205 fprintf(stderr, "\n");
2206 goto err;
2207 }
2208
2209 putc('.', stderr);
2210 fflush(stderr);
2211 }
2212
2213 putc('\n', stderr);
2214 fflush(stderr);
2215 }
2216 rc = 1;
2217err:
2218 BN_free(a);
2219 BN_free(p);
2220 BN_free(r);
2221 return rc;
2222}
2223
2224int
2225test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
2226{
2227 BIGNUM *a = NULL, *b, *c, *d;
2228 int i;
2229 int rc = 1;
2230
2231 b = BN_new();
2232 c = BN_new();
2233 d = BN_new();
2234 CHECK_GOTO(BN_one(c));
2235
2236 if (a_)
2237 a = a_;
2238 else {
2239 a = BN_new();
2240 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2241 a->neg = rand_neg();
2242 }
2243 for (i = 0; i < num0; i++) {
2244 CHECK_GOTO(BN_lshift(b, a, i + 1));
2245 CHECK_GOTO(BN_add(c, c, c));
2246 if (bp != NULL) {
2247 if (!results) {
2248 CHECK_GOTO(BN_print(bp, a));
2249 BIO_puts(bp, " * ");
2250 CHECK_GOTO(BN_print(bp, c));
2251 BIO_puts(bp, " - ");
2252 }
2253 CHECK_GOTO(BN_print(bp, b));
2254 BIO_puts(bp, "\n");
2255 }
2256 CHECK_GOTO(BN_mul(d, a, c, ctx));
2257 CHECK_GOTO(BN_sub(d, d, b));
2258 if (!BN_is_zero(d)) {
2259 fprintf(stderr, "Left shift test failed!\n");
2260 fprintf(stderr, "a=");
2261 CHECK_GOTO(BN_print_fp(stderr, a));
2262 fprintf(stderr, "\nb=");
2263 CHECK_GOTO(BN_print_fp(stderr, b));
2264 fprintf(stderr, "\nc=");
2265 CHECK_GOTO(BN_print_fp(stderr, c));
2266 fprintf(stderr, "\nd=");
2267 CHECK_GOTO(BN_print_fp(stderr, d));
2268 fprintf(stderr, "\n");
2269 rc = 0;
2270 break;
2271 }
2272 }
2273err:
2274 BN_free(a);
2275 BN_free(b);
2276 BN_free(c);
2277 BN_free(d);
2278 return (rc);
2279}
2280
2281int
2282test_lshift1(BIO *bp)
2283{
2284 BIGNUM *a, *b, *c;
2285 int i;
2286 int rc = 1;
2287
2288 a = BN_new();
2289 b = BN_new();
2290 c = BN_new();
2291
2292 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2293 a->neg = rand_neg();
2294 for (i = 0; i < num0; i++) {
2295 CHECK_GOTO(BN_lshift1(b, a));
2296 if (bp != NULL) {
2297 if (!results) {
2298 CHECK_GOTO(BN_print(bp, a));
2299 BIO_puts(bp, " * 2");
2300 BIO_puts(bp, " - ");
2301 }
2302 CHECK_GOTO(BN_print(bp, b));
2303 BIO_puts(bp, "\n");
2304 }
2305 CHECK_GOTO(BN_add(c, a, a));
2306 CHECK_GOTO(BN_sub(a, b, c));
2307 if (!BN_is_zero(a)) {
2308 fprintf(stderr, "Left shift one test failed!\n");
2309 rc = 0;
2310 break;
2311 }
2312
2313 CHECK_GOTO(BN_copy(a, b));
2314 }
2315err:
2316 BN_free(a);
2317 BN_free(b);
2318 BN_free(c);
2319 return (rc);
2320}
2321
2322int
2323test_rshift(BIO *bp, BN_CTX *ctx)
2324{
2325 BIGNUM *a, *b, *c, *d, *e;
2326 int i;
2327 int rc = 1;
2328
2329 a = BN_new();
2330 b = BN_new();
2331 c = BN_new();
2332 d = BN_new();
2333 e = BN_new();
2334 CHECK_GOTO(BN_one(c));
2335
2336 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2337 a->neg = rand_neg();
2338 for (i = 0; i < num0; i++) {
2339 CHECK_GOTO(BN_rshift(b, a, i + 1));
2340 CHECK_GOTO(BN_add(c, c, c));
2341 if (bp != NULL) {
2342 if (!results) {
2343 CHECK_GOTO(BN_print(bp, a));
2344 BIO_puts(bp, " / ");
2345 CHECK_GOTO(BN_print(bp, c));
2346 BIO_puts(bp, " - ");
2347 }
2348 CHECK_GOTO(BN_print(bp, b));
2349 BIO_puts(bp, "\n");
2350 }
2351 CHECK_GOTO(BN_div(d, e, a, c, ctx));
2352 CHECK_GOTO(BN_sub(d, d, b));
2353 if (!BN_is_zero(d)) {
2354 fprintf(stderr, "Right shift test failed!\n");
2355 rc = 0;
2356 break;
2357 }
2358 }
2359err:
2360 BN_free(a);
2361 BN_free(b);
2362 BN_free(c);
2363 BN_free(d);
2364 BN_free(e);
2365 return (rc);
2366}
2367
2368int
2369test_rshift1(BIO *bp)
2370{
2371 BIGNUM *a, *b, *c;
2372 int i;
2373 int rc = 1;
2374
2375 a = BN_new();
2376 b = BN_new();
2377 c = BN_new();
2378
2379 CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0));
2380 a->neg = rand_neg();
2381 for (i = 0; i < num0; i++) {
2382 CHECK_GOTO(BN_rshift1(b, a));
2383 if (bp != NULL) {
2384 if (!results) {
2385 CHECK_GOTO(BN_print(bp, a));
2386 BIO_puts(bp, " / 2");
2387 BIO_puts(bp, " - ");
2388 }
2389 CHECK_GOTO(BN_print(bp, b));
2390 BIO_puts(bp, "\n");
2391 }
2392 CHECK_GOTO(BN_sub(c, a, b));
2393 CHECK_GOTO(BN_sub(c, c, b));
2394 if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
2395 fprintf(stderr, "Right shift one test failed!\n");
2396 rc = 0;
2397 break;
2398 }
2399 CHECK_GOTO(BN_copy(a, b));
2400 }
2401err:
2402 BN_free(a);
2403 BN_free(b);
2404 BN_free(c);
2405 return (rc);
2406}
2407
2408int
2409rand_neg(void)
2410{
2411 static unsigned int neg = 0;
2412 static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
2413
2414 return (sign[(neg++) % 8]);
2415}
2416
2417int
2418test_mod_exp_sizes(BIO *bp, BN_CTX *ctx)
2419{
2420 BN_MONT_CTX *mont_ctx = NULL;
2421 BIGNUM *p, *x, *y, *r, *r2;
2422 int size;
2423 int rc = 0;
2424
2425 BN_CTX_start(ctx);
2426 CHECK_GOTO(p = BN_CTX_get(ctx));
2427 CHECK_GOTO(x = BN_CTX_get(ctx));
2428 CHECK_GOTO(y = BN_CTX_get(ctx));
2429 CHECK_GOTO(r = BN_CTX_get(ctx));
2430 CHECK_GOTO(r2 = BN_CTX_get(ctx));
2431 mont_ctx = BN_MONT_CTX_new();
2432
2433 if (r2 == NULL || mont_ctx == NULL)
2434 goto err;
2435
2436 if (!BN_generate_prime_ex(p, 32, 0, NULL, NULL, NULL) ||
2437 !BN_MONT_CTX_set(mont_ctx, p, ctx))
2438 goto err;
2439
2440 for (size = 32; size < 1024; size += 8) {
2441 if (!BN_rand(x, size, -1, 0) ||
2442 !BN_rand(y, size, -1, 0) ||
2443 !BN_mod_exp_mont_consttime(r, x, y, p, ctx, mont_ctx) ||
2444 !BN_mod_exp(r2, x, y, p, ctx))
2445 goto err;
2446
2447 if (BN_cmp(r, r2) != 0) {
2448 char *r_str = NULL;
2449 char *r2_str = NULL;
2450 CHECK_GOTO(r_str = BN_bn2hex(r));
2451 CHECK_GOTO(r2_str = BN_bn2hex(r2));
2452
2453 printf("Incorrect answer at size %d: %s vs %s\n",
2454 size, r_str, r2_str);
2455 free(r_str);
2456 free(r2_str);
2457 goto err;
2458 }
2459 }
2460
2461 rc = 1;
2462
2463err:
2464 BN_MONT_CTX_free(mont_ctx);
2465 BN_CTX_end(ctx);
2466 return rc;
2467}
diff --git a/src/regress/lib/libcrypto/bn/mont/Makefile b/src/regress/lib/libcrypto/bn/mont/Makefile
deleted file mode 100644
index 55c48220d4..0000000000
--- a/src/regress/lib/libcrypto/bn/mont/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2017/01/21 09:38:58 beck Exp $
2
3PROG= mont
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/mont/mont.c b/src/regress/lib/libcrypto/bn/mont/mont.c
deleted file mode 100644
index 30d5317b64..0000000000
--- a/src/regress/lib/libcrypto/bn/mont/mont.c
+++ /dev/null
@@ -1,73 +0,0 @@
1/* $OpenBSD: mont.c,v 1.2 2014/10/22 13:23:05 jsing Exp $ */
2
3/*
4 * Copyright (c) 2014 Miodrag Vallat.
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22#include <err.h>
23
24#include <openssl/bn.h>
25#include <openssl/crypto.h>
26#include <openssl/dh.h>
27#include <openssl/err.h>
28
29/*
30 * Test for proper bn_mul_mont behaviour when operands are of vastly different
31 * sizes.
32 */
33
34int
35main(int argc, char *argv[])
36{
37 DH *dh;
38 unsigned char *key, r[32 + 16 * 8];
39 size_t privsz;
40
41 arc4random_buf(r, sizeof(r));
42
43 for (privsz = 32; privsz <= sizeof(r); privsz += 8) {
44 dh = DH_new();
45 if (dh == NULL)
46 goto err;
47 if (DH_generate_parameters_ex(dh, 32, DH_GENERATOR_2,
48 NULL) == 0)
49 goto err;
50
51 /* force private key to be much larger than public one */
52 dh->priv_key = BN_bin2bn(r, privsz, NULL);
53 if (dh->priv_key == NULL)
54 goto err;
55
56 if (DH_generate_key(dh) == 0)
57 goto err;
58 key = malloc(DH_size(dh));
59 if (key == NULL)
60 err(1, "malloc");
61 if (DH_compute_key(key, dh->pub_key, dh) == -1)
62 goto err;
63
64 free(key);
65 DH_free(dh);
66 }
67
68 return 0;
69
70err:
71 ERR_print_errors_fp(stderr);
72 return 1;
73}
diff --git a/src/regress/lib/libcrypto/bn/rand/Makefile b/src/regress/lib/libcrypto/bn/rand/Makefile
deleted file mode 100644
index 52d0835df4..0000000000
--- a/src/regress/lib/libcrypto/bn/rand/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/11/06 06:55:27 tb Exp $
2
3.include "../../Makefile.inc"
4
5PROG= bn_rand_interval
6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes
9CFLAGS+= -Werror
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c b/src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c
deleted file mode 100644
index 09b1a34eea..0000000000
--- a/src/regress/lib/libcrypto/bn/rand/bn_rand_interval.c
+++ /dev/null
@@ -1,113 +0,0 @@
1/* $OpenBSD: bn_rand_interval.c,v 1.2 2018/11/06 13:17:42 tb Exp $ */
2/*
3 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include <openssl/bn.h>
22
23#define NUM_TESTS 1000000
24
25int bn_rand_interval(BIGNUM *rnd, const BIGNUM *lower_incl,
26 const BIGNUM *upper_excl);
27void print_triple(BIGNUM *a, BIGNUM *b, BIGNUM *x);
28
29void
30print_triple(BIGNUM *a, BIGNUM *b, BIGNUM *x) {
31 if (a != NULL) {
32 printf("a = ");
33 BN_print_fp(stdout, a);
34 printf("\n");
35 }
36
37 if (b != NULL) {
38 printf("b = ");
39 BN_print_fp(stdout, b);
40 printf("\n");
41 }
42
43 if (x != NULL) {
44 printf("x = ");
45 BN_print_fp(stdout, x);
46 printf("\n");
47 }
48}
49
50int
51main(int argc, char *argv[])
52{
53 BIGNUM *a, *b, *x;
54 int i, success = 1;
55
56 if ((a = BN_new()) == NULL)
57 err(1, "BN_hex2bn");
58 if ((b = BN_new()) == NULL)
59 err(1, "BN_hex2bn");
60 if ((x = BN_new()) == NULL)
61 err(1, "BN_new()");
62
63 for (i = 0; i < NUM_TESTS; i++) {
64 if (!BN_rand(a, 256, 0, 0))
65 err(1, "BN_rand(a)");
66
67 if (bn_rand_interval(x, a, a) != 0) {
68 success = 0;
69
70 printf("bn_rand_interval(a == a) succeeded\n");
71 print_triple(a, NULL, x);
72 }
73
74 if (!BN_rand(b, 256, 0, 0))
75 err(1, "BN_rand(b)");
76
77 switch(BN_cmp(a, b)) {
78 case 0: /* a == b */
79 continue;
80
81 case 1: /* a > b */
82 BN_swap(a, b);
83 break;
84
85 default: /* a < b */
86 break;
87 }
88
89 if (!bn_rand_interval(x, a, b))
90 err(1, "bn_rand_interval() failed");
91
92 if (BN_cmp(x, a) < 0 || BN_cmp(x, b) >= 0) {
93 success = 0;
94
95 printf("generated number x not inside [a,b)\n");
96 print_triple(a, b, x);
97 }
98
99 if (bn_rand_interval(x, b, a) != 0) {
100 success = 0;
101
102 printf("bn_rand_interval(x, b, a) succeeded\n");
103 print_triple(a, b, x);
104 }
105 }
106
107 if (success == 1)
108 printf("success\n");
109 else
110 printf("FAIL");
111
112 return 1 - success;
113}
diff --git a/src/regress/lib/libcrypto/cast/Makefile b/src/regress/lib/libcrypto/cast/Makefile
deleted file mode 100644
index cdb7da5312..0000000000
--- a/src/regress/lib/libcrypto/cast/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= casttest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/cast/casttest.c b/src/regress/lib/libcrypto/cast/casttest.c
deleted file mode 100644
index 81b878ee7f..0000000000
--- a/src/regress/lib/libcrypto/cast/casttest.c
+++ /dev/null
@@ -1,222 +0,0 @@
1/* $OpenBSD: casttest.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
63
64#include <openssl/cast.h>
65
66#define FULL_TEST
67
68static unsigned char k[16]={
69 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
70 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
71 };
72
73static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
74
75static int k_len[3]={16,10,5};
76static unsigned char c[3][8]={
77 {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
78 {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
79 {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
80 };
81static unsigned char out[80];
82
83static unsigned char in_a[16]={
84 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
85 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
86static unsigned char in_b[16]={
87 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
88 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
89
90static unsigned char c_a[16]={
91 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
92 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
93static unsigned char c_b[16]={
94 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
95 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
96
97#if 0
98char *text="Hello to all people out there";
99
100static unsigned char cfb_key[16]={
101 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
102 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
103 };
104static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
105static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
106#define CFB_TEST_SIZE 24
107static unsigned char plain[CFB_TEST_SIZE]=
108 {
109 0x4e,0x6f,0x77,0x20,0x69,0x73,
110 0x20,0x74,0x68,0x65,0x20,0x74,
111 0x69,0x6d,0x65,0x20,0x66,0x6f,
112 0x72,0x20,0x61,0x6c,0x6c,0x20
113 };
114static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
115 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
116 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
117 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
118
119/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
120 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
121 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
122 };
123#endif
124
125int main(int argc, char *argv[])
126 {
127#ifdef FULL_TEST
128 long l;
129 CAST_KEY key_b;
130#endif
131 int i,z,err=0;
132 CAST_KEY key;
133
134 for (z=0; z<3; z++)
135 {
136 CAST_set_key(&key,k_len[z],k);
137
138 CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
139 if (memcmp(out,&(c[z][0]),8) != 0)
140 {
141 printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
142 printf("got :");
143 for (i=0; i<8; i++)
144 printf("%02X ",out[i]);
145 printf("\n");
146 printf("expected:");
147 for (i=0; i<8; i++)
148 printf("%02X ",c[z][i]);
149 err=20;
150 printf("\n");
151 }
152
153 CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
154 if (memcmp(out,in,8) != 0)
155 {
156 printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
157 printf("got :");
158 for (i=0; i<8; i++)
159 printf("%02X ",out[i]);
160 printf("\n");
161 printf("expected:");
162 for (i=0; i<8; i++)
163 printf("%02X ",in[i]);
164 printf("\n");
165 err=3;
166 }
167 }
168 if (err == 0)
169 printf("ecb cast5 ok\n");
170
171#ifdef FULL_TEST
172 {
173 unsigned char out_a[16],out_b[16];
174 static char *hex="0123456789ABCDEF";
175
176 printf("This test will take some time....");
177 fflush(stdout);
178 memcpy(out_a,in_a,sizeof(in_a));
179 memcpy(out_b,in_b,sizeof(in_b));
180 i=1;
181
182 for (l=0; l<1000000L; l++)
183 {
184 CAST_set_key(&key_b,16,out_b);
185 CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
186 CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
187 CAST_set_key(&key,16,out_a);
188 CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
189 CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
190 if ((l & 0xffff) == 0xffff)
191 {
192 printf("%c",hex[i&0x0f]);
193 fflush(stdout);
194 i++;
195 }
196 }
197
198 if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
199 (memcmp(out_b,c_b,sizeof(c_b)) != 0))
200 {
201 printf("\n");
202 printf("Error\n");
203
204 printf("A out =");
205 for (i=0; i<16; i++) printf("%02X ",out_a[i]);
206 printf("\nactual=");
207 for (i=0; i<16; i++) printf("%02X ",c_a[i]);
208 printf("\n");
209
210 printf("B out =");
211 for (i=0; i<16; i++) printf("%02X ",out_b[i]);
212 printf("\nactual=");
213 for (i=0; i<16; i++) printf("%02X ",c_b[i]);
214 printf("\n");
215 }
216 else
217 printf(" ok\n");
218 }
219#endif
220
221 exit(err);
222 }
diff --git a/src/regress/lib/libcrypto/chacha/Makefile b/src/regress/lib/libcrypto/chacha/Makefile
deleted file mode 100644
index 685cbdbab1..0000000000
--- a/src/regress/lib/libcrypto/chacha/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= chachatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/chacha/chachatest.c b/src/regress/lib/libcrypto/chacha/chachatest.c
deleted file mode 100644
index fe4cc40952..0000000000
--- a/src/regress/lib/libcrypto/chacha/chachatest.c
+++ /dev/null
@@ -1,339 +0,0 @@
1/* $OpenBSD: chachatest.c,v 1.5 2018/07/17 17:06:49 tb Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22
23#include <openssl/chacha.h>
24
25struct chacha_tv {
26 const char *desc;
27 const unsigned char key[32];
28 const unsigned char iv[8];
29 const size_t len;
30 const unsigned char out[512];
31};
32
33/*
34 * Test vectors from:
35 * http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors-01
36 */
37struct chacha_tv chacha_test_vectors[] = {
38 {
39 "TC1: All zero key and IV",
40 {
41 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
42 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
43 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
44 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
45 },
46 {
47 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
48 },
49 64,
50 {
51 0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
52 0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
53 0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a,
54 0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7,
55 0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d,
56 0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37,
57 0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c,
58 0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86,
59 },
60 },
61 {
62 "TC2: Single bit in key set, all zero IV",
63 {
64 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
65 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
66 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
67 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68 },
69 {
70 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71 },
72 64,
73 {
74 0xc5, 0xd3, 0x0a, 0x7c, 0xe1, 0xec, 0x11, 0x93,
75 0x78, 0xc8, 0x4f, 0x48, 0x7d, 0x77, 0x5a, 0x85,
76 0x42, 0xf1, 0x3e, 0xce, 0x23, 0x8a, 0x94, 0x55,
77 0xe8, 0x22, 0x9e, 0x88, 0x8d, 0xe8, 0x5b, 0xbd,
78 0x29, 0xeb, 0x63, 0xd0, 0xa1, 0x7a, 0x5b, 0x99,
79 0x9b, 0x52, 0xda, 0x22, 0xbe, 0x40, 0x23, 0xeb,
80 0x07, 0x62, 0x0a, 0x54, 0xf6, 0xfa, 0x6a, 0xd8,
81 0x73, 0x7b, 0x71, 0xeb, 0x04, 0x64, 0xda, 0xc0,
82 },
83 },
84 {
85 "TC3: Single bit in IV set, all zero key",
86 {
87 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
89 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
91 },
92 {
93 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 },
95 64,
96 {
97 0xef, 0x3f, 0xdf, 0xd6, 0xc6, 0x15, 0x78, 0xfb,
98 0xf5, 0xcf, 0x35, 0xbd, 0x3d, 0xd3, 0x3b, 0x80,
99 0x09, 0x63, 0x16, 0x34, 0xd2, 0x1e, 0x42, 0xac,
100 0x33, 0x96, 0x0b, 0xd1, 0x38, 0xe5, 0x0d, 0x32,
101 0x11, 0x1e, 0x4c, 0xaf, 0x23, 0x7e, 0xe5, 0x3c,
102 0xa8, 0xad, 0x64, 0x26, 0x19, 0x4a, 0x88, 0x54,
103 0x5d, 0xdc, 0x49, 0x7a, 0x0b, 0x46, 0x6e, 0x7d,
104 0x6b, 0xbd, 0xb0, 0x04, 0x1b, 0x2f, 0x58, 0x6b
105 },
106 },
107 {
108 "TC4: All bits in key and IV are set",
109 {
110 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
111 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
112 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
113 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
114 },
115 {
116 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
117 },
118 64,
119 {
120 0xd9, 0xbf, 0x3f, 0x6b, 0xce, 0x6e, 0xd0, 0xb5,
121 0x42, 0x54, 0x55, 0x77, 0x67, 0xfb, 0x57, 0x44,
122 0x3d, 0xd4, 0x77, 0x89, 0x11, 0xb6, 0x06, 0x05,
123 0x5c, 0x39, 0xcc, 0x25, 0xe6, 0x74, 0xb8, 0x36,
124 0x3f, 0xea, 0xbc, 0x57, 0xfd, 0xe5, 0x4f, 0x79,
125 0x0c, 0x52, 0xc8, 0xae, 0x43, 0x24, 0x0b, 0x79,
126 0xd4, 0x90, 0x42, 0xb7, 0x77, 0xbf, 0xd6, 0xcb,
127 0x80, 0xe9, 0x31, 0x27, 0x0b, 0x7f, 0x50, 0xeb,
128 },
129 },
130 {
131 "TC5: Every even bit set in key and IV",
132 {
133 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
134 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
135 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
136 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
137 },
138 {
139 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
140 },
141 64,
142 {
143 0xbe, 0xa9, 0x41, 0x1a, 0xa4, 0x53, 0xc5, 0x43,
144 0x4a, 0x5a, 0xe8, 0xc9, 0x28, 0x62, 0xf5, 0x64,
145 0x39, 0x68, 0x55, 0xa9, 0xea, 0x6e, 0x22, 0xd6,
146 0xd3, 0xb5, 0x0a, 0xe1, 0xb3, 0x66, 0x33, 0x11,
147 0xa4, 0xa3, 0x60, 0x6c, 0x67, 0x1d, 0x60, 0x5c,
148 0xe1, 0x6c, 0x3a, 0xec, 0xe8, 0xe6, 0x1e, 0xa1,
149 0x45, 0xc5, 0x97, 0x75, 0x01, 0x7b, 0xee, 0x2f,
150 0xa6, 0xf8, 0x8a, 0xfc, 0x75, 0x80, 0x69, 0xf7,
151 },
152 },
153 {
154 "TC6: Every odd bit set in key and IV",
155 {
156 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
157 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
158 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
159 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
160 },
161 {
162 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
163 },
164 64,
165 {
166 0x9a, 0xa2, 0xa9, 0xf6, 0x56, 0xef, 0xde, 0x5a,
167 0xa7, 0x59, 0x1c, 0x5f, 0xed, 0x4b, 0x35, 0xae,
168 0xa2, 0x89, 0x5d, 0xec, 0x7c, 0xb4, 0x54, 0x3b,
169 0x9e, 0x9f, 0x21, 0xf5, 0xe7, 0xbc, 0xbc, 0xf3,
170 0xc4, 0x3c, 0x74, 0x8a, 0x97, 0x08, 0x88, 0xf8,
171 0x24, 0x83, 0x93, 0xa0, 0x9d, 0x43, 0xe0, 0xb7,
172 0xe1, 0x64, 0xbc, 0x4d, 0x0b, 0x0f, 0xb2, 0x40,
173 0xa2, 0xd7, 0x21, 0x15, 0xc4, 0x80, 0x89, 0x06,
174 },
175 },
176 {
177 "TC7: Sequence patterns in key and IV",
178 {
179 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
180 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
181 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
182 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
183 },
184 {
185 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78,
186 },
187 64,
188 {
189 0x9f, 0xad, 0xf4, 0x09, 0xc0, 0x08, 0x11, 0xd0,
190 0x04, 0x31, 0xd6, 0x7e, 0xfb, 0xd8, 0x8f, 0xba,
191 0x59, 0x21, 0x8d, 0x5d, 0x67, 0x08, 0xb1, 0xd6,
192 0x85, 0x86, 0x3f, 0xab, 0xbb, 0x0e, 0x96, 0x1e,
193 0xea, 0x48, 0x0f, 0xd6, 0xfb, 0x53, 0x2b, 0xfd,
194 0x49, 0x4b, 0x21, 0x51, 0x01, 0x50, 0x57, 0x42,
195 0x3a, 0xb6, 0x0a, 0x63, 0xfe, 0x4f, 0x55, 0xf7,
196 0xa2, 0x12, 0xe2, 0x16, 0x7c, 0xca, 0xb9, 0x31,
197 },
198 },
199 {
200 "TC8: key: 'All your base are belong to us!, IV: 'IETF2013'",
201 {
202 0xc4, 0x6e, 0xc1, 0xb1, 0x8c, 0xe8, 0xa8, 0x78,
203 0x72, 0x5a, 0x37, 0xe7, 0x80, 0xdf, 0xb7, 0x35,
204 0x1f, 0x68, 0xed, 0x2e, 0x19, 0x4c, 0x79, 0xfb,
205 0xc6, 0xae, 0xbe, 0xe1, 0xa6, 0x67, 0x97, 0x5d,
206 },
207 {
208 0x1a, 0xda, 0x31, 0xd5, 0xcf, 0x68, 0x82, 0x21,
209 },
210 64,
211 {
212 0xf6, 0x3a, 0x89, 0xb7, 0x5c, 0x22, 0x71, 0xf9,
213 0x36, 0x88, 0x16, 0x54, 0x2b, 0xa5, 0x2f, 0x06,
214 0xed, 0x49, 0x24, 0x17, 0x92, 0x30, 0x2b, 0x00,
215 0xb5, 0xe8, 0xf8, 0x0a, 0xe9, 0xa4, 0x73, 0xaf,
216 0xc2, 0x5b, 0x21, 0x8f, 0x51, 0x9a, 0xf0, 0xfd,
217 0xd4, 0x06, 0x36, 0x2e, 0x8d, 0x69, 0xde, 0x7f,
218 0x54, 0xc6, 0x04, 0xa6, 0xe0, 0x0f, 0x35, 0x3f,
219 0x11, 0x0f, 0x77, 0x1b, 0xdc, 0xa8, 0xab, 0x92,
220 },
221 },
222};
223
224#define N_VECTORS (sizeof(chacha_test_vectors) / sizeof(*chacha_test_vectors))
225
226/* Single-shot ChaCha20 using CRYPTO_chacha_20 interface. */
227static void
228crypto_chacha_20_test(struct chacha_tv *tv, unsigned char *out,
229 unsigned char *in)
230{
231 CRYPTO_chacha_20(out, in, tv->len, tv->key, tv->iv, 0);
232}
233
234/* Single-shot ChaCha20 using the ChaCha interface. */
235static void
236chacha_ctx_full_test(struct chacha_tv *tv, unsigned char *out,
237 unsigned char *in)
238{
239 ChaCha_ctx ctx;
240
241 ChaCha_set_key(&ctx, tv->key, 256);
242 ChaCha_set_iv(&ctx, tv->iv, NULL);
243 ChaCha(&ctx, out, in, tv->len);
244}
245
246/* ChaCha20 with partial writes using the Chacha interface. */
247static void
248chacha_ctx_partial_test(struct chacha_tv *tv, unsigned char *out,
249 unsigned char *in)
250{
251 ChaCha_ctx ctx;
252 int len, size = 0;
253
254 ChaCha_set_key(&ctx, tv->key, 256);
255 ChaCha_set_iv(&ctx, tv->iv, NULL);
256 len = tv->len - 1;
257 while (len > 1) {
258 size = len / 2;
259 ChaCha(&ctx, out, in, size);
260 in += size;
261 out += size;
262 len -= size;
263 }
264 ChaCha(&ctx, out, in, len + 1);
265}
266
267/* ChaCha20 with single byte writes using the Chacha interface. */
268static void
269chacha_ctx_single_test(struct chacha_tv *tv, unsigned char *out,
270 unsigned char *in)
271{
272 ChaCha_ctx ctx;
273 size_t i;
274
275 ChaCha_set_key(&ctx, tv->key, 256);
276 ChaCha_set_iv(&ctx, tv->iv, NULL);
277 for (i = 0; i < tv->len; i++)
278 ChaCha(&ctx, out + i, in + i, 1);
279}
280
281struct chacha_test_function {
282 char *name;
283 void (*func)(struct chacha_tv *, unsigned char *, unsigned char *);
284};
285
286struct chacha_test_function chacha_test_functions[] = {
287 {"crypto_chacha_20_test", crypto_chacha_20_test},
288 {"chacha_ctx_full_test", chacha_ctx_full_test},
289 {"chacha_ctx_partial_test", chacha_ctx_partial_test},
290 {"chacha_ctx_single_test", chacha_ctx_single_test},
291};
292
293#define N_FUNCS (sizeof(chacha_test_functions) / sizeof(*chacha_test_functions))
294
295int
296main(int argc, char **argv)
297{
298 struct chacha_tv *tv;
299 unsigned char *in, *out;
300 size_t i, j, k;
301 int failed = 0;
302
303 for (i = 0; i < N_VECTORS; i++) {
304 tv = &chacha_test_vectors[i];
305
306 for (j = 0; j < N_FUNCS; j++) {
307 in = calloc(1, tv->len);
308 if (in == NULL)
309 errx(1, "calloc in");
310 out = calloc(1, tv->len);
311 if (out == NULL)
312 errx(1, "calloc out");
313
314 chacha_test_functions[j].func(tv, out, in);
315
316 if (memcmp(out, tv->out, tv->len) != 0) {
317 printf("ChaCha %s failed for \"%s\"!\n",
318 chacha_test_functions[j].name, tv->desc);
319
320 printf("Got:\t");
321 for (k = 0; k < tv->len; k++)
322 printf("%2.2x", out[k]);
323 printf("\n");
324
325 printf("Want:\t");
326 for (k = 0; k < tv->len; k++)
327 printf("%2.2x", tv->out[k]);
328 printf("\n");
329
330 failed = 1;
331 }
332
333 free(in);
334 free(out);
335 }
336 }
337
338 return failed;
339}
diff --git a/src/regress/lib/libcrypto/cts128/Makefile b/src/regress/lib/libcrypto/cts128/Makefile
deleted file mode 100644
index 801d1d7182..0000000000
--- a/src/regress/lib/libcrypto/cts128/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= cts128test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/cts128/cts128test.c b/src/regress/lib/libcrypto/cts128/cts128test.c
deleted file mode 100644
index ca60808718..0000000000
--- a/src/regress/lib/libcrypto/cts128/cts128test.c
+++ /dev/null
@@ -1,170 +0,0 @@
1/* $OpenBSD: cts128test.c,v 1.3 2018/07/17 17:06:49 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
4 *
5 * Rights for redistribution and usage in source and binary
6 * forms are granted according to the OpenSSL license.
7 */
8
9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
12
13#include <openssl/aes.h>
14#include <openssl/modes.h>
15
16void test_vector(const unsigned char *vector,size_t len);
17void test_nistvector(const unsigned char *vector,size_t len);
18
19/* test vectors from RFC 3962 */
20static const unsigned char test_key[16] = "chicken teriyaki";
21static const unsigned char test_input[64] =
22 "I would like the" " General Gau's C"
23 "hicken, please, " "and wonton soup.";
24static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
25
26static const unsigned char vector_17[17] =
27{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f,
28 0x97};
29static const unsigned char vector_31[31] =
30{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22,
31 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5};
32static const unsigned char vector_32[32] =
33{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
34 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84};
35static const unsigned char vector_47[47] =
36{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
37 0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e,
38 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5};
39static const unsigned char vector_48[48] =
40{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
41 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8,
42 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8};
43static const unsigned char vector_64[64] =
44{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
45 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
46 0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40,
47 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8};
48
49static AES_KEY encks, decks;
50
51void
52test_vector(const unsigned char *vector,size_t len)
53{
54 unsigned char iv[sizeof(test_iv)];
55 unsigned char cleartext[64],ciphertext[64];
56 size_t tail;
57
58 printf("vector_%zu\n",len);
59 fflush(stdout);
60
61 if ((tail=len%16) == 0) tail = 16;
62 tail += 16;
63
64 /* test block-based encryption */
65 memcpy(iv,test_iv,sizeof(test_iv));
66 CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt);
67 if (memcmp(ciphertext,vector,len))
68 fprintf(stderr,"output_%zu mismatch\n",len), exit(1);
69 if (memcmp(iv,vector+len-tail,sizeof(iv)))
70 fprintf(stderr,"iv_%zu mismatch\n",len), exit(1);
71
72 /* test block-based decryption */
73 memcpy(iv,test_iv,sizeof(test_iv));
74 CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt);
75 if (memcmp(cleartext,test_input,len))
76 fprintf(stderr,"input_%zu mismatch\n",len), exit(2);
77 if (memcmp(iv,vector+len-tail,sizeof(iv)))
78 fprintf(stderr,"iv_%zu mismatch\n",len), exit(2);
79
80 /* test streamed encryption */
81 memcpy(iv,test_iv,sizeof(test_iv));
82 CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt);
83 if (memcmp(ciphertext,vector,len))
84 fprintf(stderr,"output_%zu mismatch\n",len), exit(3);
85 if (memcmp(iv,vector+len-tail,sizeof(iv)))
86 fprintf(stderr,"iv_%zu mismatch\n",len), exit(3);
87
88 /* test streamed decryption */
89 memcpy(iv,test_iv,sizeof(test_iv));
90 CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt);
91 if (memcmp(cleartext,test_input,len))
92 fprintf(stderr,"input_%zu mismatch\n",len), exit(4);
93 if (memcmp(iv,vector+len-tail,sizeof(iv)))
94 fprintf(stderr,"iv_%zu mismatch\n",len), exit(4);
95}
96
97void
98test_nistvector(const unsigned char *vector,size_t len)
99{
100 unsigned char iv[sizeof(test_iv)];
101 unsigned char cleartext[64],ciphertext[64],nistvector[64];
102 size_t tail;
103
104 printf("nistvector_%zu\n",len); fflush(stdout);
105
106 if ((tail=len%16) == 0) tail = 16;
107
108 len -= 16 + tail;
109 memcpy(nistvector,vector,len);
110 /* flip two last blocks */
111 memcpy(nistvector+len,vector+len+16,tail);
112 memcpy(nistvector+len+tail,vector+len,16);
113 len += 16 + tail;
114 tail = 16;
115
116 /* test block-based encryption */
117 memcpy(iv,test_iv,sizeof(test_iv));
118 CRYPTO_nistcts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt);
119 if (memcmp(ciphertext,nistvector,len))
120 fprintf(stderr,"output_%zu mismatch\n",len), exit(1);
121 if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
122 fprintf(stderr,"iv_%zu mismatch\n",len), exit(1);
123
124 /* test block-based decryption */
125 memcpy(iv,test_iv,sizeof(test_iv));
126 CRYPTO_nistcts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt);
127 if (memcmp(cleartext,test_input,len))
128 fprintf(stderr,"input_%zu mismatch\n",len), exit(2);
129 if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
130 fprintf(stderr,"iv_%zu mismatch\n",len), exit(2);
131
132 /* test streamed encryption */
133 memcpy(iv,test_iv,sizeof(test_iv));
134 CRYPTO_nistcts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt);
135 if (memcmp(ciphertext,nistvector,len))
136 fprintf(stderr,"output_%zu mismatch\n",len), exit(3);
137 if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
138 fprintf(stderr,"iv_%zu mismatch\n",len), exit(3);
139
140 /* test streamed decryption */
141 memcpy(iv,test_iv,sizeof(test_iv));
142 CRYPTO_nistcts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt);
143 if (memcmp(cleartext,test_input,len))
144 fprintf(stderr,"input_%zu mismatch\n",len), exit(4);
145 if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
146 fprintf(stderr,"iv_%zu mismatch\n",len), exit(4);
147}
148
149int
150main(int argc, char *argv[])
151{
152 AES_set_encrypt_key(test_key,128,&encks);
153 AES_set_decrypt_key(test_key,128,&decks);
154
155 test_vector(vector_17,sizeof(vector_17));
156 test_vector(vector_31,sizeof(vector_31));
157 test_vector(vector_32,sizeof(vector_32));
158 test_vector(vector_47,sizeof(vector_47));
159 test_vector(vector_48,sizeof(vector_48));
160 test_vector(vector_64,sizeof(vector_64));
161
162 test_nistvector(vector_17,sizeof(vector_17));
163 test_nistvector(vector_31,sizeof(vector_31));
164 test_nistvector(vector_32,sizeof(vector_32));
165 test_nistvector(vector_47,sizeof(vector_47));
166 test_nistvector(vector_48,sizeof(vector_48));
167 test_nistvector(vector_64,sizeof(vector_64));
168
169 return 0;
170}
diff --git a/src/regress/lib/libcrypto/curve25519/Makefile b/src/regress/lib/libcrypto/curve25519/Makefile
deleted file mode 100644
index 1bc4965670..0000000000
--- a/src/regress/lib/libcrypto/curve25519/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2016/11/05 15:09:02 jsing Exp $
2
3PROG= x25519test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/curve25519/x25519test.c b/src/regress/lib/libcrypto/curve25519/x25519test.c
deleted file mode 100644
index 02da807bd9..0000000000
--- a/src/regress/lib/libcrypto/curve25519/x25519test.c
+++ /dev/null
@@ -1,140 +0,0 @@
1/* $OpenBSD: x25519test.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/*
3 * Copyright (c) 2015, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdint.h>
19#include <stdio.h>
20#include <string.h>
21
22#include <openssl/curve25519.h>
23
24static int
25x25519_test(void)
26{
27 /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
28 static const uint8_t kScalar1[32] = {
29 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
30 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
31 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
32 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4,
33 };
34 static const uint8_t kPoint1[32] = {
35 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
36 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
37 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
38 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c,
39 };
40 static const uint8_t kExpected1[32] = {
41 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
42 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
43 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
44 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52,
45 };
46 static const uint8_t kScalar2[32] = {
47 0x4b, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c,
48 0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5,
49 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4,
50 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x0d,
51 };
52 static const uint8_t kPoint2[32] = {
53 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3,
54 0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c,
55 0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e,
56 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x93,
57 };
58 static const uint8_t kExpected2[32] = {
59 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d,
60 0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8,
61 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52,
62 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57,
63 };
64
65 uint8_t out[32];
66
67 X25519(out, kScalar1, kPoint1);
68 if (memcmp(kExpected1, out, sizeof(out)) != 0) {
69 fprintf(stderr, "X25519 test one failed.\n");
70 return 0;
71 }
72
73 X25519(out, kScalar2, kPoint2);
74 if (memcmp(kExpected2, out, sizeof(out)) != 0) {
75 fprintf(stderr, "X25519 test two failed.\n");
76 return 0;
77 }
78
79 return 1;
80}
81
82static int
83x25519_iterated_test(void)
84{
85 /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
86 static const uint8_t kExpected[32] = {
87 0x68, 0x4c, 0xf5, 0x9b, 0xa8, 0x33, 0x09, 0x55,
88 0x28, 0x00, 0xef, 0x56, 0x6f, 0x2f, 0x4d, 0x3c,
89 0x1c, 0x38, 0x87, 0xc4, 0x93, 0x60, 0xe3, 0x87,
90 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51,
91 };
92
93 uint8_t scalar[32] = {9}, point[32] = {9}, out[32];
94 unsigned i;
95
96 for (i = 0; i < 1000; i++) {
97 X25519(out, scalar, point);
98 memcpy(point, scalar, sizeof(point));
99 memcpy(scalar, out, sizeof(scalar));
100 }
101
102 if (memcmp(kExpected, scalar, sizeof(kExpected)) != 0) {
103 fprintf(stderr, "Iterated X25519 test failed\n");
104 return 0;
105 }
106
107 return 1;
108}
109
110static int
111x25519_small_order_test(void)
112{
113 static const uint8_t kSmallOrderPoint[32] = {
114 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae,
115 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a,
116 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd,
117 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00,
118 };
119
120 uint8_t out[32], private_key[32];
121
122 memset(private_key, 0x11, sizeof(private_key));
123 if (X25519(out, private_key, kSmallOrderPoint)) {
124 fprintf(stderr, "X25519 returned success with a small-order input.\n");
125 return 0;
126 }
127
128 return 1;
129}
130
131int
132main(int argc, char **argv) {
133 if (!x25519_test() ||
134 !x25519_iterated_test() ||
135 !x25519_small_order_test())
136 return 1;
137
138 printf("PASS\n");
139 return 0;
140}
diff --git a/src/regress/lib/libcrypto/des/Makefile b/src/regress/lib/libcrypto/des/Makefile
deleted file mode 100644
index 356346730a..0000000000
--- a/src/regress/lib/libcrypto/des/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= destest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/des/destest.c b/src/regress/lib/libcrypto/des/destest.c
deleted file mode 100644
index ebc67f3107..0000000000
--- a/src/regress/lib/libcrypto/des/destest.c
+++ /dev/null
@@ -1,884 +0,0 @@
1/* $OpenBSD: destest.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include <unistd.h>
63#include <string.h>
64
65#include <openssl/des.h>
66
67#define crypt(c,s) (DES_crypt((c),(s)))
68
69/* tisk tisk - the test keys don't all have odd parity :-( */
70/* test data */
71#define NUM_TESTS 34
72static unsigned char key_data[NUM_TESTS][8]={
73 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
74 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
75 {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
76 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
77 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
78 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
79 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
80 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
81 {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
82 {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
83 {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
84 {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
85 {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
86 {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
87 {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
88 {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
89 {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
90 {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
91 {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
92 {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
93 {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
94 {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
95 {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
96 {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
97 {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
98 {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
99 {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
100 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
101 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
102 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
103 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
104 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
105 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
106 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
107
108static unsigned char plain_data[NUM_TESTS][8]={
109 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
110 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
111 {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
112 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
113 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
114 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
115 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
116 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
117 {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
118 {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
119 {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
120 {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
121 {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
122 {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
123 {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
124 {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
125 {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
126 {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
127 {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
128 {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
129 {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
130 {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
131 {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
132 {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
133 {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
134 {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
135 {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
136 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
137 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
138 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
139 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
140 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
141 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
142 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
143
144static unsigned char cipher_data[NUM_TESTS][8]={
145 {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
146 {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
147 {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
148 {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
149 {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
150 {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
151 {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
152 {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
153 {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
154 {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
155 {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
156 {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
157 {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
158 {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
159 {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
160 {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
161 {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
162 {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
163 {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
164 {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
165 {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
166 {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
167 {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
168 {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
169 {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
170 {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
171 {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
172 {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
173 {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
174 {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
175 {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
176 {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
177 {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
178 {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
179
180static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
181 {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
182 {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
183 {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
184 {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
185 {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
186 {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
187 {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
188 {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
189 {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
190 {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
191 {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
192 {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
193 {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
194 {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
195 {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
196 {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
197 {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
198 {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
199 {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
200 {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
201 {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
202 {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
203 {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
204 {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
205 {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
206 {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
207 {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
208 {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
209 {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
210 {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
211 {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
212 {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
213 {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
214
215static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
216static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
217static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
218static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
219/* Changed the following text constant to binary so it will work on ebcdic
220 * machines :-) */
221/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
222static unsigned char cbc_data[40]={
223 0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
224 0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
225 0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
226 0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
227 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
228 };
229
230static unsigned char cbc_ok[32]={
231 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
232 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
233 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
234 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
235
236#ifdef SCREW_THE_PARITY
237#error "SCREW_THE_PARITY is not ment to be defined."
238#error "Original vectors are preserved for reference only."
239static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
240static unsigned char xcbc_ok[32]={
241 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
242 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
243 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
244 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
245 };
246#else
247static unsigned char xcbc_ok[32]={
248 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
249 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
250 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
251 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
252 };
253#endif
254
255static unsigned char cbc3_ok[32]={
256 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
257 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
258 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
259 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
260
261static unsigned char pcbc_ok[32]={
262 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
263 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
264 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
265 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
266
267static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
268static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
269static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
270static unsigned char plain[24]=
271 {
272 0x4e,0x6f,0x77,0x20,0x69,0x73,
273 0x20,0x74,0x68,0x65,0x20,0x74,
274 0x69,0x6d,0x65,0x20,0x66,0x6f,
275 0x72,0x20,0x61,0x6c,0x6c,0x20
276 };
277static unsigned char cfb_cipher8[24]= {
278 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
279 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
280static unsigned char cfb_cipher16[24]={
281 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
282 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
283static unsigned char cfb_cipher32[24]={
284 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
285 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
286static unsigned char cfb_cipher48[24]={
287 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
288 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
289static unsigned char cfb_cipher64[24]={
290 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
291 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
292
293static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
294static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
295static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
296static unsigned char ofb_cipher[24]=
297 {
298 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
299 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
300 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
301 };
302
303#if 0
304static DES_LONG cbc_cksum_ret=0xB462FEF7L;
305#else
306static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
307#endif
308static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
309
310static char *pt(unsigned char *p);
311static int cfb_test(int bits, unsigned char *cfb_cipher);
312static int cfb64_test(unsigned char *cfb_cipher);
313static int ede_cfb64_test(unsigned char *cfb_cipher);
314int main(int argc, char *argv[])
315 {
316 int j,err=0;
317 unsigned int i;
318 DES_cblock in,out,outin,iv3,iv2;
319 DES_key_schedule ks,ks2,ks3;
320 unsigned char cbc_in[40];
321 unsigned char cbc_out[40];
322 DES_LONG cs;
323 unsigned char cret[8];
324 DES_LONG lqret[4];
325 int num;
326 char *str;
327
328#ifndef OPENSSL_NO_DESCBCM
329 printf("Doing cbcm\n");
330 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
331 {
332 printf("Key error %d\n",j);
333 err=1;
334 }
335 if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
336 {
337 printf("Key error %d\n",j);
338 err=1;
339 }
340 if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
341 {
342 printf("Key error %d\n",j);
343 err=1;
344 }
345 memset(cbc_out,0,40);
346 memset(cbc_in,0,40);
347 i=strlen((char *)cbc_data)+1;
348 /* i=((i+7)/8)*8; */
349 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
350 memset(iv2,'\0',sizeof iv2);
351
352 DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
353 DES_ENCRYPT);
354 DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
355 &iv3,&iv2,DES_ENCRYPT);
356 /* if (memcmp(cbc_out,cbc3_ok,
357 (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
358 {
359 printf("des_ede3_cbc_encrypt encrypt error\n");
360 err=1;
361 }
362 */
363 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
364 memset(iv2,'\0',sizeof iv2);
365 DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
366 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
367 {
368 unsigned int n;
369
370 printf("des_ede3_cbcm_encrypt decrypt error\n");
371 for(n=0 ; n < i ; ++n)
372 printf(" %02x",cbc_data[n]);
373 printf("\n");
374 for(n=0 ; n < i ; ++n)
375 printf(" %02x",cbc_in[n]);
376 printf("\n");
377 err=1;
378 }
379#endif
380
381 printf("Doing ecb\n");
382 for (i=0; i<NUM_TESTS; i++)
383 {
384 DES_set_key_unchecked(&key_data[i],&ks);
385 memcpy(in,plain_data[i],8);
386 memset(out,0,8);
387 memset(outin,0,8);
388 DES_ecb_encrypt(&in,&out,&ks,DES_ENCRYPT);
389 DES_ecb_encrypt(&out,&outin,&ks,DES_DECRYPT);
390
391 if (memcmp(out,cipher_data[i],8) != 0)
392 {
393 printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
394 i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
395 pt(out));
396 err=1;
397 }
398 if (memcmp(in,outin,8) != 0)
399 {
400 printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
401 i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
402 err=1;
403 }
404 }
405
406 printf("Doing ede ecb\n");
407 for (i=0; i<(NUM_TESTS-2); i++)
408 {
409 DES_set_key_unchecked(&key_data[i],&ks);
410 DES_set_key_unchecked(&key_data[i+1],&ks2);
411 DES_set_key_unchecked(&key_data[i+2],&ks3);
412 memcpy(in,plain_data[i],8);
413 memset(out,0,8);
414 memset(outin,0,8);
415 DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT);
416 DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT);
417
418 if (memcmp(out,cipher_ecb2[i],8) != 0)
419 {
420 printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
421 i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
422 pt(out));
423 err=1;
424 }
425 if (memcmp(in,outin,8) != 0)
426 {
427 printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
428 i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
429 err=1;
430 }
431 }
432
433 printf("Doing cbc\n");
434 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
435 {
436 printf("Key error %d\n",j);
437 err=1;
438 }
439 memset(cbc_out,0,40);
440 memset(cbc_in,0,40);
441 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
442 DES_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks,
443 &iv3,DES_ENCRYPT);
444 if (memcmp(cbc_out,cbc_ok,32) != 0)
445 {
446 printf("cbc_encrypt encrypt error\n");
447 err=1;
448 }
449
450 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
451 DES_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,
452 &iv3,DES_DECRYPT);
453 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
454 {
455 printf("cbc_encrypt decrypt error\n");
456 err=1;
457 }
458
459 printf("Doing desx cbc\n");
460 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
461 {
462 printf("Key error %d\n",j);
463 err=1;
464 }
465 memset(cbc_out,0,40);
466 memset(cbc_in,0,40);
467 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
468 DES_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks,
469 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
470 if (memcmp(cbc_out,xcbc_ok,32) != 0)
471 {
472 printf("des_xcbc_encrypt encrypt error\n");
473 err=1;
474 }
475 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
476 DES_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,
477 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
478 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
479 {
480 printf("des_xcbc_encrypt decrypt error\n");
481 err=1;
482 }
483
484 printf("Doing ede cbc\n");
485 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
486 {
487 printf("Key error %d\n",j);
488 err=1;
489 }
490 if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
491 {
492 printf("Key error %d\n",j);
493 err=1;
494 }
495 if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
496 {
497 printf("Key error %d\n",j);
498 err=1;
499 }
500 memset(cbc_out,0,40);
501 memset(cbc_in,0,40);
502 i=strlen((char *)cbc_data)+1;
503 /* i=((i+7)/8)*8; */
504 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
505
506 DES_ede3_cbc_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,
507 DES_ENCRYPT);
508 DES_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,&ks,&ks2,&ks3,
509 &iv3,DES_ENCRYPT);
510 if (memcmp(cbc_out,cbc3_ok,
511 (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
512 {
513 unsigned int n;
514
515 printf("des_ede3_cbc_encrypt encrypt error\n");
516 for(n=0 ; n < i ; ++n)
517 printf(" %02x",cbc_out[n]);
518 printf("\n");
519 for(n=0 ; n < i ; ++n)
520 printf(" %02x",cbc3_ok[n]);
521 printf("\n");
522 err=1;
523 }
524
525 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
526 DES_ede3_cbc_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,DES_DECRYPT);
527 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
528 {
529 unsigned int n;
530
531 printf("des_ede3_cbc_encrypt decrypt error\n");
532 for(n=0 ; n < i ; ++n)
533 printf(" %02x",cbc_data[n]);
534 printf("\n");
535 for(n=0 ; n < i ; ++n)
536 printf(" %02x",cbc_in[n]);
537 printf("\n");
538 err=1;
539 }
540
541 printf("Doing pcbc\n");
542 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
543 {
544 printf("Key error %d\n",j);
545 err=1;
546 }
547 memset(cbc_out,0,40);
548 memset(cbc_in,0,40);
549 DES_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks,
550 &cbc_iv,DES_ENCRYPT);
551 if (memcmp(cbc_out,pcbc_ok,32) != 0)
552 {
553 printf("pcbc_encrypt encrypt error\n");
554 err=1;
555 }
556 DES_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,&cbc_iv,
557 DES_DECRYPT);
558 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
559 {
560 printf("pcbc_encrypt decrypt error\n");
561 err=1;
562 }
563
564 printf("Doing ");
565 printf("cfb8 ");
566 err+=cfb_test(8,cfb_cipher8);
567 printf("cfb16 ");
568 err+=cfb_test(16,cfb_cipher16);
569 printf("cfb32 ");
570 err+=cfb_test(32,cfb_cipher32);
571 printf("cfb48 ");
572 err+=cfb_test(48,cfb_cipher48);
573 printf("cfb64 ");
574 err+=cfb_test(64,cfb_cipher64);
575
576 printf("cfb64() ");
577 err+=cfb64_test(cfb_cipher64);
578
579 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
580 for (i=0; i<sizeof(plain); i++)
581 DES_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
582 8,1,&ks,&cfb_tmp,DES_ENCRYPT);
583 if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
584 {
585 printf("cfb_encrypt small encrypt error\n");
586 err=1;
587 }
588
589 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
590 for (i=0; i<sizeof(plain); i++)
591 DES_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
592 8,1,&ks,&cfb_tmp,DES_DECRYPT);
593 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
594 {
595 printf("cfb_encrypt small decrypt error\n");
596 err=1;
597 }
598
599 printf("ede_cfb64() ");
600 err+=ede_cfb64_test(cfb_cipher64);
601
602 printf("done\n");
603
604 printf("Doing ofb\n");
605 DES_set_key_checked(&ofb_key,&ks);
606 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
607 DES_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,&ks,&ofb_tmp);
608 if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
609 {
610 printf("ofb_encrypt encrypt error\n");
611printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
612ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
613ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
614printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
615ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
616ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
617 err=1;
618 }
619 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
620 DES_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,&ks,&ofb_tmp);
621 if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
622 {
623 printf("ofb_encrypt decrypt error\n");
624printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
625ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
626ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
627printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
628plain[8+0], plain[8+1], plain[8+2], plain[8+3],
629plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
630 err=1;
631 }
632
633 printf("Doing ofb64\n");
634 DES_set_key_checked(&ofb_key,&ks);
635 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
636 memset(ofb_buf1,0,sizeof(ofb_buf1));
637 memset(ofb_buf2,0,sizeof(ofb_buf1));
638 num=0;
639 for (i=0; i<sizeof(plain); i++)
640 {
641 DES_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,&ks,&ofb_tmp,
642 &num);
643 }
644 if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
645 {
646 printf("ofb64_encrypt encrypt error\n");
647 err=1;
648 }
649 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
650 num=0;
651 DES_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),&ks,&ofb_tmp,
652 &num);
653 if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
654 {
655 printf("ofb64_encrypt decrypt error\n");
656 err=1;
657 }
658
659 printf("Doing ede_ofb64\n");
660 DES_set_key_checked(&ofb_key,&ks);
661 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
662 memset(ofb_buf1,0,sizeof(ofb_buf1));
663 memset(ofb_buf2,0,sizeof(ofb_buf1));
664 num=0;
665 for (i=0; i<sizeof(plain); i++)
666 {
667 DES_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,&ks,&ks,
668 &ks,&ofb_tmp,&num);
669 }
670 if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
671 {
672 printf("ede_ofb64_encrypt encrypt error\n");
673 err=1;
674 }
675 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
676 num=0;
677 DES_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),&ks,&ks,&ks,
678 &ofb_tmp,&num);
679 if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
680 {
681 printf("ede_ofb64_encrypt decrypt error\n");
682 err=1;
683 }
684
685 printf("Doing cbc_cksum\n");
686 DES_set_key_checked(&cbc_key,&ks);
687 cs=DES_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),&ks,&cbc_iv);
688 if (cs != cbc_cksum_ret)
689 {
690 printf("bad return value (%08lX), should be %08lX\n",
691 (unsigned long)cs,(unsigned long)cbc_cksum_ret);
692 err=1;
693 }
694 if (memcmp(cret,cbc_cksum_data,8) != 0)
695 {
696 printf("bad cbc_cksum block returned\n");
697 err=1;
698 }
699
700 printf("Doing quad_cksum\n");
701 cs=DES_quad_cksum(cbc_data,(DES_cblock *)lqret,
702 (long)strlen((char *)cbc_data),2,(DES_cblock *)cbc_iv);
703 if (cs != 0x70d7a63aL)
704 {
705 printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
706 (unsigned long)cs);
707 err=1;
708 }
709 if (lqret[0] != 0x327eba8dL)
710 {
711 printf("quad_cksum error, out[0] %08lx is not %08lx\n",
712 (unsigned long)lqret[0],0x327eba8dUL);
713 err=1;
714 }
715 if (lqret[1] != 0x201a49ccL)
716 {
717 printf("quad_cksum error, out[1] %08lx is not %08lx\n",
718 (unsigned long)lqret[1],0x201a49ccUL);
719 err=1;
720 }
721 if (lqret[2] != 0x70d7a63aL)
722 {
723 printf("quad_cksum error, out[2] %08lx is not %08lx\n",
724 (unsigned long)lqret[2],0x70d7a63aUL);
725 err=1;
726 }
727 if (lqret[3] != 0x501c2c26L)
728 {
729 printf("quad_cksum error, out[3] %08lx is not %08lx\n",
730 (unsigned long)lqret[3],0x501c2c26UL);
731 err=1;
732 }
733
734 printf("input word alignment test");
735 for (i=0; i<4; i++)
736 {
737 printf(" %u",i);
738 DES_ncbc_encrypt(&(cbc_out[i]),cbc_in,
739 strlen((char *)cbc_data)+1,&ks,
740 &cbc_iv,DES_ENCRYPT);
741 }
742 printf("\noutput word alignment test");
743 for (i=0; i<4; i++)
744 {
745 printf(" %u",i);
746 DES_ncbc_encrypt(cbc_out,&(cbc_in[i]),
747 strlen((char *)cbc_data)+1,&ks,
748 &cbc_iv,DES_ENCRYPT);
749 }
750 printf("\n");
751 printf("fast crypt test ");
752 str=crypt("testing","ef");
753 if (strcmp("efGnQx2725bI2",str) != 0)
754 {
755 printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
756 err=1;
757 }
758 str=crypt("bca76;23","yA");
759 if (strcmp("yA1Rp/1hZXIJk",str) != 0)
760 {
761 printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
762 err=1;
763 }
764 printf("\n");
765 return(err);
766 }
767
768static char *pt(unsigned char *p)
769 {
770 static char bufs[10][20];
771 static int bnum=0;
772 char *ret;
773 int i;
774 static char *f="0123456789ABCDEF";
775
776 ret= &(bufs[bnum++][0]);
777 bnum%=10;
778 for (i=0; i<8; i++)
779 {
780 ret[i*2]=f[(p[i]>>4)&0xf];
781 ret[i*2+1]=f[p[i]&0xf];
782 }
783 ret[16]='\0';
784 return(ret);
785 }
786
787static int cfb_test(int bits, unsigned char *cfb_cipher)
788 {
789 DES_key_schedule ks;
790 int i,err=0;
791
792 DES_set_key_checked(&cfb_key,&ks);
793 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
794 DES_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),&ks,&cfb_tmp,
795 DES_ENCRYPT);
796 if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
797 {
798 err=1;
799 printf("cfb_encrypt encrypt error\n");
800 for (i=0; i<24; i+=8)
801 printf("%s\n",pt(&(cfb_buf1[i])));
802 }
803 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
804 DES_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),&ks,&cfb_tmp,
805 DES_DECRYPT);
806 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
807 {
808 err=1;
809 printf("cfb_encrypt decrypt error\n");
810 for (i=0; i<24; i+=8)
811 printf("%s\n",pt(&(cfb_buf1[i])));
812 }
813 return(err);
814 }
815
816static int cfb64_test(unsigned char *cfb_cipher)
817 {
818 DES_key_schedule ks;
819 int err=0,i,n;
820
821 DES_set_key_checked(&cfb_key,&ks);
822 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
823 n=0;
824 DES_cfb64_encrypt(plain,cfb_buf1,12,&ks,&cfb_tmp,&n,DES_ENCRYPT);
825 DES_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,&ks,
826 &cfb_tmp,&n,DES_ENCRYPT);
827 if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
828 {
829 err=1;
830 printf("cfb_encrypt encrypt error\n");
831 for (i=0; i<24; i+=8)
832 printf("%s\n",pt(&(cfb_buf1[i])));
833 }
834 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
835 n=0;
836 DES_cfb64_encrypt(cfb_buf1,cfb_buf2,17,&ks,&cfb_tmp,&n,DES_DECRYPT);
837 DES_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
838 sizeof(plain)-17,&ks,&cfb_tmp,&n,DES_DECRYPT);
839 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
840 {
841 err=1;
842 printf("cfb_encrypt decrypt error\n");
843 for (i=0; i<24; i+=8)
844 printf("%s\n",pt(&(cfb_buf2[i])));
845 }
846 return(err);
847 }
848
849static int ede_cfb64_test(unsigned char *cfb_cipher)
850 {
851 DES_key_schedule ks;
852 int err=0,i,n;
853
854 DES_set_key_checked(&cfb_key,&ks);
855 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
856 n=0;
857 DES_ede3_cfb64_encrypt(plain,cfb_buf1,12,&ks,&ks,&ks,&cfb_tmp,&n,
858 DES_ENCRYPT);
859 DES_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
860 sizeof(plain)-12,&ks,&ks,&ks,
861 &cfb_tmp,&n,DES_ENCRYPT);
862 if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
863 {
864 err=1;
865 printf("ede_cfb_encrypt encrypt error\n");
866 for (i=0; i<24; i+=8)
867 printf("%s\n",pt(&(cfb_buf1[i])));
868 }
869 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
870 n=0;
871 DES_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&ks,&ks,&ks,
872 &cfb_tmp,&n,DES_DECRYPT);
873 DES_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
874 sizeof(plain)-17,&ks,&ks,&ks,
875 &cfb_tmp,&n,DES_DECRYPT);
876 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
877 {
878 err=1;
879 printf("ede_cfb_encrypt decrypt error\n");
880 for (i=0; i<24; i+=8)
881 printf("%s\n",pt(&(cfb_buf2[i])));
882 }
883 return(err);
884 }
diff --git a/src/regress/lib/libcrypto/dh/Makefile b/src/regress/lib/libcrypto/dh/Makefile
deleted file mode 100644
index 3eaacc4296..0000000000
--- a/src/regress/lib/libcrypto/dh/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= dhtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/dh/dhtest.c b/src/regress/lib/libcrypto/dh/dhtest.c
deleted file mode 100644
index 599c51d5ed..0000000000
--- a/src/regress/lib/libcrypto/dh/dhtest.c
+++ /dev/null
@@ -1,160 +0,0 @@
1/* $OpenBSD: dhtest.c,v 1.5 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68
69#include <openssl/crypto.h>
70#include <openssl/bio.h>
71#include <openssl/bn.h>
72#include <openssl/err.h>
73
74#include <openssl/dh.h>
75
76static int cb(int p, int n, BN_GENCB *arg)
77{
78 char c='*';
79
80 if (p == 0)
81 c='.';
82 if (p == 1)
83 c='+';
84 if (p == 2)
85 c='*';
86 if (p == 3)
87 c='\n';
88 BIO_write(arg->arg,&c,1);
89 (void)BIO_flush(arg->arg);
90 return 1;
91}
92
93int main(int argc, char *argv[])
94{
95 BN_GENCB _cb;
96 DH *a;
97 char buf[12];
98 unsigned char *abuf=NULL;
99 int i,alen,aout,ret=1;
100 BIO *out;
101
102 out=BIO_new(BIO_s_file());
103 if (out == NULL) exit(1);
104 BIO_set_fp(out,stdout,BIO_NOCLOSE);
105
106 BN_GENCB_set(&_cb, &cb, out);
107 if (((a = DH_new()) == NULL) ||
108 !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb))
109 goto err;
110
111 if (!DH_check(a, &i))
112 goto err;
113 if (i & DH_CHECK_P_NOT_PRIME)
114 BIO_puts(out, "p value is not prime\n");
115 if (i & DH_CHECK_P_NOT_SAFE_PRIME)
116 BIO_puts(out, "p value is not a safe prime\n");
117 if (i & DH_UNABLE_TO_CHECK_GENERATOR)
118 BIO_puts(out, "unable to check the generator value\n");
119 if (i & DH_NOT_SUITABLE_GENERATOR)
120 BIO_puts(out, "the g value is not a generator\n");
121
122 BIO_puts(out,"\np =");
123 BN_print(out,a->p);
124 BIO_puts(out,"\ng =");
125 BN_print(out,a->g);
126 BIO_puts(out,"\n");
127
128 if (!DH_generate_key(a))
129 goto err;
130 BIO_puts(out,"pri 1=");
131 BN_print(out,a->priv_key);
132 BIO_puts(out,"\npub 1=");
133 BN_print(out,a->pub_key);
134 BIO_puts(out,"\n");
135
136 alen=DH_size(a);
137 abuf=malloc(alen);
138 aout=DH_compute_key(abuf,a->pub_key,a);
139
140 BIO_puts(out,"key1 =");
141 for (i=0; i<aout; i++) {
142 snprintf(buf,sizeof buf,"%02X",abuf[i]);
143 BIO_puts(out,buf);
144 }
145 BIO_puts(out,"\n");
146
147 if (aout < 4) {
148 fprintf(stderr,"Error in DH routines\n");
149 ret=1;
150 } else
151 ret=0;
152err:
153 ERR_print_errors_fp(stderr);
154
155 free(abuf);
156 if (a != NULL)
157 DH_free(a);
158 BIO_free(out);
159 exit(ret);
160}
diff --git a/src/regress/lib/libcrypto/dsa/Makefile b/src/regress/lib/libcrypto/dsa/Makefile
deleted file mode 100644
index 0574c6e282..0000000000
--- a/src/regress/lib/libcrypto/dsa/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= dsatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS=regress-dsatest
10
11regress-dsatest: ${PROG}
12 ./${PROG}
13 ./${PROG} -app2_1
14
15.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/dsa/dsatest.c b/src/regress/lib/libcrypto/dsa/dsatest.c
deleted file mode 100644
index dd3e3166f7..0000000000
--- a/src/regress/lib/libcrypto/dsa/dsatest.c
+++ /dev/null
@@ -1,224 +0,0 @@
1/* $OpenBSD: dsatest.c,v 1.5 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68#include <sys/types.h>
69#include <sys/stat.h>
70
71#include <openssl/crypto.h>
72#include <openssl/bio.h>
73#include <openssl/err.h>
74#include <openssl/bn.h>
75
76#include <openssl/dsa.h>
77
78static int dsa_cb(int p, int n, BN_GENCB *arg);
79
80/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
81 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
82static unsigned char seed[20]={
83 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
84 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
85 };
86
87static unsigned char out_p[]={
88 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
89 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
90 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
91 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
92 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
93 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
94 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
95 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
96 };
97
98static unsigned char out_q[]={
99 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
100 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
101 0xda,0xce,0x91,0x5f,
102 };
103
104static unsigned char out_g[]={
105 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
106 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
107 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
108 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
109 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
110 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
111 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
112 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
113 };
114
115static const unsigned char str1[]="12345678901234567890";
116
117static BIO *bio_err=NULL;
118
119int main(int argc, char **argv)
120 {
121 BN_GENCB cb;
122 DSA *dsa=NULL;
123 int counter,ret=0,i,j;
124 unsigned char buf[256];
125 unsigned long h;
126 unsigned char sig[256];
127 unsigned int siglen;
128
129 if (bio_err == NULL)
130 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
131
132 ERR_load_crypto_strings();
133
134 BIO_printf(bio_err,"test generation of DSA parameters\n");
135
136 BN_GENCB_set(&cb, dsa_cb, bio_err);
137 if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
138 seed, 20, &counter, &h, &cb))
139 goto end;
140
141 BIO_printf(bio_err,"seed\n");
142 for (i=0; i<20; i+=4)
143 {
144 BIO_printf(bio_err,"%02X%02X%02X%02X ",
145 seed[i],seed[i+1],seed[i+2],seed[i+3]);
146 }
147 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
148
149 DSA_print(bio_err,dsa,0);
150 if (counter != 105)
151 {
152 BIO_printf(bio_err,"counter should be 105\n");
153 goto end;
154 }
155 if (h != 2)
156 {
157 BIO_printf(bio_err,"h should be 2\n");
158 goto end;
159 }
160
161 i=BN_bn2bin(dsa->q,buf);
162 j=sizeof(out_q);
163 if ((i != j) || (memcmp(buf,out_q,i) != 0))
164 {
165 BIO_printf(bio_err,"q value is wrong\n");
166 goto end;
167 }
168
169 i=BN_bn2bin(dsa->p,buf);
170 j=sizeof(out_p);
171 if ((i != j) || (memcmp(buf,out_p,i) != 0))
172 {
173 BIO_printf(bio_err,"p value is wrong\n");
174 goto end;
175 }
176
177 i=BN_bn2bin(dsa->g,buf);
178 j=sizeof(out_g);
179 if ((i != j) || (memcmp(buf,out_g,i) != 0))
180 {
181 BIO_printf(bio_err,"g value is wrong\n");
182 goto end;
183 }
184
185 DSA_generate_key(dsa);
186 DSA_sign(0, str1, 20, sig, &siglen, dsa);
187 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
188 ret=1;
189
190end:
191 if (!ret)
192 ERR_print_errors(bio_err);
193 if (dsa != NULL) DSA_free(dsa);
194 CRYPTO_cleanup_all_ex_data();
195 ERR_remove_thread_state(NULL);
196 ERR_free_strings();
197 CRYPTO_mem_leaks(bio_err);
198 if (bio_err != NULL)
199 {
200 BIO_free(bio_err);
201 bio_err = NULL;
202 }
203 exit(!ret);
204 }
205
206static int dsa_cb(int p, int n, BN_GENCB *arg)
207 {
208 char c='*';
209 static int ok=0,num=0;
210
211 if (p == 0) { c='.'; num++; };
212 if (p == 1) c='+';
213 if (p == 2) { c='*'; ok++; }
214 if (p == 3) c='\n';
215 BIO_write(arg->arg,&c,1);
216 (void)BIO_flush(arg->arg);
217
218 if (!ok && (p == 0) && (num > 1))
219 {
220 BIO_printf((BIO *)arg,"error in dsatest\n");
221 return 0;
222 }
223 return 1;
224 }
diff --git a/src/regress/lib/libcrypto/ec/Makefile b/src/regress/lib/libcrypto/ec/Makefile
deleted file mode 100644
index c3e7975415..0000000000
--- a/src/regress/lib/libcrypto/ec/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= ectest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
deleted file mode 100644
index 401c013a6c..0000000000
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ /dev/null
@@ -1,1456 +0,0 @@
1/* $OpenBSD: ectest.c,v 1.8 2018/07/15 18:22:57 tb Exp $ */
2/* crypto/ec/ectest.c */
3/*
4 * Originally written by Bodo Moeller for the OpenSSL project.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* ====================================================================
60 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
61 *
62 * Portions of the attached software ("Contribution") are developed by
63 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
64 *
65 * The Contribution is licensed pursuant to the OpenSSL open source
66 * license provided above.
67 *
68 * The elliptic curve binary polynomial software is originally written by
69 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
70 *
71 */
72
73#include <stdio.h>
74#include <stdlib.h>
75#include <string.h>
76#include <time.h>
77
78#include <openssl/ec.h>
79#ifndef OPENSSL_NO_ENGINE
80#include <openssl/engine.h>
81#endif
82#include <openssl/err.h>
83#include <openssl/obj_mac.h>
84#include <openssl/objects.h>
85#include <openssl/bn.h>
86#include <openssl/opensslconf.h>
87
88#define ABORT do { \
89 fflush(stdout); \
90 fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
91 ERR_print_errors_fp(stderr); \
92 exit(1); \
93} while (0)
94
95#define TIMING_BASE_PT 0
96#define TIMING_RAND_PT 1
97#define TIMING_SIMUL 2
98
99/* test multiplication with group order, long and negative scalars */
100static void
101group_order_tests(EC_GROUP *group)
102{
103 BIGNUM *n1, *n2, *order;
104 EC_POINT *P = EC_POINT_new(group);
105 EC_POINT *Q = EC_POINT_new(group);
106 BN_CTX *ctx = BN_CTX_new();
107
108 n1 = BN_new();
109 n2 = BN_new();
110 order = BN_new();
111 fprintf(stdout, "verify group order ...");
112 fflush(stdout);
113 if (!EC_GROUP_get_order(group, order, ctx))
114 ABORT;
115 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
116 ABORT;
117 if (!EC_POINT_is_at_infinity(group, Q))
118 ABORT;
119 fprintf(stdout, ".");
120 fflush(stdout);
121 if (!EC_GROUP_precompute_mult(group, ctx))
122 ABORT;
123 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
124 ABORT;
125 if (!EC_POINT_is_at_infinity(group, Q))
126 ABORT;
127 fprintf(stdout, " ok\n");
128 fprintf(stdout, "long/negative scalar tests ... ");
129 if (!BN_one(n1))
130 ABORT;
131 /* n1 = 1 - order */
132 if (!BN_sub(n1, n1, order))
133 ABORT;
134 if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
135 ABORT;
136 if (0 != EC_POINT_cmp(group, Q, P, ctx))
137 ABORT;
138 /* n2 = 1 + order */
139 if (!BN_add(n2, order, BN_value_one()))
140 ABORT;
141 if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
142 ABORT;
143 if (0 != EC_POINT_cmp(group, Q, P, ctx))
144 ABORT;
145 /* n2 = (1 - order) * (1 + order) */
146 if (!BN_mul(n2, n1, n2, ctx))
147 ABORT;
148 if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
149 ABORT;
150 if (0 != EC_POINT_cmp(group, Q, P, ctx))
151 ABORT;
152 fprintf(stdout, "ok\n");
153 EC_POINT_free(P);
154 EC_POINT_free(Q);
155 BN_free(n1);
156 BN_free(n2);
157 BN_free(order);
158 BN_CTX_free(ctx);
159}
160
161static void
162prime_field_tests(void)
163{
164 BN_CTX *ctx = NULL;
165 BIGNUM *p, *a, *b;
166 EC_GROUP *group;
167 EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
168 EC_POINT *P, *Q, *R;
169 BIGNUM *x, *y, *z;
170 unsigned char buf[100];
171 size_t i, len;
172 int k;
173
174#if 1 /* optional */
175 ctx = BN_CTX_new();
176 if (!ctx)
177 ABORT;
178#endif
179
180 p = BN_new();
181 a = BN_new();
182 b = BN_new();
183 if (!p || !a || !b)
184 ABORT;
185
186 if (!BN_hex2bn(&p, "17"))
187 ABORT;
188 if (!BN_hex2bn(&a, "1"))
189 ABORT;
190 if (!BN_hex2bn(&b, "1"))
191 ABORT;
192
193 group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
194 * so that the library gets to choose the EC_METHOD */
195 if (!group)
196 ABORT;
197
198 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
199 ABORT;
200
201 {
202 EC_GROUP *tmp;
203 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
204 if (!tmp)
205 ABORT;
206 if (!EC_GROUP_copy(tmp, group))
207 ABORT;
208 EC_GROUP_free(group);
209 group = tmp;
210 }
211
212 if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
213 ABORT;
214
215 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
216 BN_print_fp(stdout, p);
217 fprintf(stdout, ")\n a = 0x");
218 BN_print_fp(stdout, a);
219 fprintf(stdout, "\n b = 0x");
220 BN_print_fp(stdout, b);
221 fprintf(stdout, "\n");
222
223 P = EC_POINT_new(group);
224 Q = EC_POINT_new(group);
225 R = EC_POINT_new(group);
226 if (!P || !Q || !R)
227 ABORT;
228
229 if (!EC_POINT_set_to_infinity(group, P))
230 ABORT;
231 if (!EC_POINT_is_at_infinity(group, P))
232 ABORT;
233
234 buf[0] = 0;
235 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
236 ABORT;
237
238 if (!EC_POINT_add(group, P, P, Q, ctx))
239 ABORT;
240 if (!EC_POINT_is_at_infinity(group, P))
241 ABORT;
242
243 x = BN_new();
244 y = BN_new();
245 z = BN_new();
246 if (!x || !y || !z)
247 ABORT;
248
249 if (!BN_hex2bn(&x, "D"))
250 ABORT;
251 if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
252 ABORT;
253 if (!EC_POINT_is_on_curve(group, Q, ctx)) {
254 if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
255 ABORT;
256 fprintf(stderr, "Point is not on curve: x = 0x");
257 BN_print_fp(stderr, x);
258 fprintf(stderr, ", y = 0x");
259 BN_print_fp(stderr, y);
260 fprintf(stderr, "\n");
261 ABORT;
262 }
263
264 fprintf(stdout, "A cyclic subgroup:\n");
265 k = 100;
266 do
267 {
268 if (k-- == 0)
269 ABORT;
270
271 if (EC_POINT_is_at_infinity(group, P))
272 fprintf(stdout, " point at infinity\n");
273 else {
274 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
275 ABORT;
276
277 fprintf(stdout, " x = 0x");
278 BN_print_fp(stdout, x);
279 fprintf(stdout, ", y = 0x");
280 BN_print_fp(stdout, y);
281 fprintf(stdout, "\n");
282 }
283
284 if (!EC_POINT_copy(R, P))
285 ABORT;
286 if (!EC_POINT_add(group, P, P, Q, ctx))
287 ABORT;
288
289#if 0 /* optional */
290 {
291 EC_POINT *points[3];
292
293 points[0] = R;
294 points[1] = Q;
295 points[2] = P;
296 if (!EC_POINTs_make_affine(group, 2, points, ctx))
297 ABORT;
298 }
299#endif
300
301 }
302 while (!EC_POINT_is_at_infinity(group, P));
303
304 if (!EC_POINT_add(group, P, Q, R, ctx))
305 ABORT;
306 if (!EC_POINT_is_at_infinity(group, P))
307 ABORT;
308
309 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
310 if (len == 0)
311 ABORT;
312 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
313 ABORT;
314 if (0 != EC_POINT_cmp(group, P, Q, ctx))
315 ABORT;
316 fprintf(stdout, "Generator as octet string, compressed form:\n ");
317 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
318
319 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
320 if (len == 0)
321 ABORT;
322 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
323 ABORT;
324 if (0 != EC_POINT_cmp(group, P, Q, ctx))
325 ABORT;
326 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
327 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
328
329 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
330 if (len == 0)
331 ABORT;
332 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
333 ABORT;
334 if (0 != EC_POINT_cmp(group, P, Q, ctx))
335 ABORT;
336 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
337 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
338
339 if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
340 ABORT;
341 fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
342 BN_print_fp(stdout, x);
343 fprintf(stdout, ", Y = 0x");
344 BN_print_fp(stdout, y);
345 fprintf(stdout, ", Z = 0x");
346 BN_print_fp(stdout, z);
347 fprintf(stdout, "\n");
348
349 if (!EC_POINT_invert(group, P, ctx))
350 ABORT;
351 if (0 != EC_POINT_cmp(group, P, R, ctx))
352 ABORT;
353
354
355 /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
356 * -- not a NIST curve, but commonly used */
357
358 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
359 ABORT;
360 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
361 ABORT;
362 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
363 ABORT;
364 if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
365 ABORT;
366 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
367 ABORT;
368
369 if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
370 ABORT;
371 if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
372 ABORT;
373 if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
374 ABORT;
375 if (!EC_POINT_is_on_curve(group, P, ctx))
376 ABORT;
377 if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
378 ABORT;
379 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
380 ABORT;
381
382 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
383 ABORT;
384 fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
385 BN_print_fp(stdout, x);
386 fprintf(stdout, "\n y = 0x");
387 BN_print_fp(stdout, y);
388 fprintf(stdout, "\n");
389 /* G_y value taken from the standard: */
390 if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
391 ABORT;
392 if (0 != BN_cmp(y, z))
393 ABORT;
394
395 fprintf(stdout, "verify degree ...");
396 if (EC_GROUP_get_degree(group) != 160)
397 ABORT;
398 fprintf(stdout, " ok\n");
399
400 group_order_tests(group);
401
402 if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
403 ABORT;
404 if (!EC_GROUP_copy(P_160, group))
405 ABORT;
406
407
408 /* Curve P-192 (FIPS PUB 186-2, App. 6) */
409
410 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
411 ABORT;
412 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
413 ABORT;
414 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
415 ABORT;
416 if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
417 ABORT;
418 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
419 ABORT;
420
421 if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
422 ABORT;
423 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
424 ABORT;
425 if (!EC_POINT_is_on_curve(group, P, ctx))
426 ABORT;
427 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
428 ABORT;
429 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
430 ABORT;
431
432 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
433 ABORT;
434 fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x");
435 BN_print_fp(stdout, x);
436 fprintf(stdout, "\n y = 0x");
437 BN_print_fp(stdout, y);
438 fprintf(stdout, "\n");
439 /* G_y value taken from the standard: */
440 if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
441 ABORT;
442 if (0 != BN_cmp(y, z))
443 ABORT;
444
445 fprintf(stdout, "verify degree ...");
446 if (EC_GROUP_get_degree(group) != 192)
447 ABORT;
448 fprintf(stdout, " ok\n");
449
450 group_order_tests(group);
451
452 if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
453 ABORT;
454 if (!EC_GROUP_copy(P_192, group))
455 ABORT;
456
457
458 /* Curve P-224 (FIPS PUB 186-2, App. 6) */
459
460 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
461 ABORT;
462 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
463 ABORT;
464 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
465 ABORT;
466 if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
467 ABORT;
468 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
469 ABORT;
470
471 if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
472 ABORT;
473 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
474 ABORT;
475 if (!EC_POINT_is_on_curve(group, P, ctx))
476 ABORT;
477 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
478 ABORT;
479 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
480 ABORT;
481
482 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
483 ABORT;
484 fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x");
485 BN_print_fp(stdout, x);
486 fprintf(stdout, "\n y = 0x");
487 BN_print_fp(stdout, y);
488 fprintf(stdout, "\n");
489 /* G_y value taken from the standard: */
490 if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
491 ABORT;
492 if (0 != BN_cmp(y, z))
493 ABORT;
494
495 fprintf(stdout, "verify degree ...");
496 if (EC_GROUP_get_degree(group) != 224)
497 ABORT;
498 fprintf(stdout, " ok\n");
499
500 group_order_tests(group);
501
502 if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
503 ABORT;
504 if (!EC_GROUP_copy(P_224, group))
505 ABORT;
506
507
508 /* Curve P-256 (FIPS PUB 186-2, App. 6) */
509
510 if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
511 ABORT;
512 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
513 ABORT;
514 if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
515 ABORT;
516 if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
517 ABORT;
518 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
519 ABORT;
520
521 if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
522 ABORT;
523 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
524 ABORT;
525 if (!EC_POINT_is_on_curve(group, P, ctx))
526 ABORT;
527 if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
528 "84F3B9CAC2FC632551")) ABORT;
529 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
530 ABORT;
531
532 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
533 ABORT;
534 fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
535 BN_print_fp(stdout, x);
536 fprintf(stdout, "\n y = 0x");
537 BN_print_fp(stdout, y);
538 fprintf(stdout, "\n");
539 /* G_y value taken from the standard: */
540 if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
541 ABORT;
542 if (0 != BN_cmp(y, z))
543 ABORT;
544
545 fprintf(stdout, "verify degree ...");
546 if (EC_GROUP_get_degree(group) != 256)
547 ABORT;
548 fprintf(stdout, " ok\n");
549
550 group_order_tests(group);
551
552 if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
553 ABORT;
554 if (!EC_GROUP_copy(P_256, group))
555 ABORT;
556
557
558 /* Curve P-384 (FIPS PUB 186-2, App. 6) */
559
560 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
561 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
562 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
563 ABORT;
564 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
565 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
566 if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
567 "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
568 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
569 ABORT;
570
571 if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
572 "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
573 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
574 ABORT;
575 if (!EC_POINT_is_on_curve(group, P, ctx))
576 ABORT;
577 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
578 "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
579 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
580 ABORT;
581
582 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
583 ABORT;
584 fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
585 BN_print_fp(stdout, x);
586 fprintf(stdout, "\n y = 0x");
587 BN_print_fp(stdout, y);
588 fprintf(stdout, "\n");
589 /* G_y value taken from the standard: */
590 if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
591 "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
592 if (0 != BN_cmp(y, z))
593 ABORT;
594
595 fprintf(stdout, "verify degree ...");
596 if (EC_GROUP_get_degree(group) != 384)
597 ABORT;
598 fprintf(stdout, " ok\n");
599
600 group_order_tests(group);
601
602 if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
603 ABORT;
604 if (!EC_GROUP_copy(P_384, group))
605 ABORT;
606
607
608 /* Curve P-521 (FIPS PUB 186-2, App. 6) */
609
610 if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
611 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
612 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
613 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
614 ABORT;
615 if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
616 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
617 "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
618 if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
619 "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
620 "DF883D2C34F1EF451FD46B503F00")) ABORT;
621 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
622 ABORT;
623
624 if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
625 "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
626 "3C1856A429BF97E7E31C2E5BD66")) ABORT;
627 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
628 ABORT;
629 if (!EC_POINT_is_on_curve(group, P, ctx))
630 ABORT;
631 if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
632 "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
633 "C9B8899C47AEBB6FB71E91386409")) ABORT;
634 if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
635 ABORT;
636
637 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
638 ABORT;
639 fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
640 BN_print_fp(stdout, x);
641 fprintf(stdout, "\n y = 0x");
642 BN_print_fp(stdout, y);
643 fprintf(stdout, "\n");
644 /* G_y value taken from the standard: */
645 if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
646 "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
647 "7086A272C24088BE94769FD16650")) ABORT;
648 if (0 != BN_cmp(y, z))
649 ABORT;
650
651 fprintf(stdout, "verify degree ...");
652 if (EC_GROUP_get_degree(group) != 521)
653 ABORT;
654 fprintf(stdout, " ok\n");
655
656 group_order_tests(group);
657
658 if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
659 ABORT;
660 if (!EC_GROUP_copy(P_521, group))
661 ABORT;
662
663
664 /* more tests using the last curve */
665 fprintf(stdout, "infinity tests ...");
666 fflush(stdout);
667 if (!EC_POINT_copy(Q, P))
668 ABORT;
669 if (EC_POINT_is_at_infinity(group, Q))
670 ABORT;
671 /* P := 2P */
672 if (!EC_POINT_dbl(group, P, P, ctx))
673 ABORT;
674 if (!EC_POINT_is_on_curve(group, P, ctx))
675 ABORT;
676 /* Q := -P */
677 if (!EC_POINT_invert(group, Q, ctx))
678 ABORT;
679 /* R := 2P - P = P */
680 if (!EC_POINT_add(group, R, P, Q, ctx))
681 ABORT;
682 /* R := R + Q = P - P = infty */
683 if (!EC_POINT_add(group, R, R, Q, ctx))
684 ABORT;
685 if (!EC_POINT_is_at_infinity(group, R))
686 ABORT;
687 fprintf(stdout, " ok\n\n");
688
689 if (ctx)
690 BN_CTX_free(ctx);
691 BN_free(p);
692 BN_free(a);
693 BN_free(b);
694 EC_GROUP_free(group);
695 EC_POINT_free(P);
696 EC_POINT_free(Q);
697 EC_POINT_free(R);
698 BN_free(x);
699 BN_free(y);
700 BN_free(z);
701
702 if (P_160)
703 EC_GROUP_free(P_160);
704 if (P_192)
705 EC_GROUP_free(P_192);
706 if (P_224)
707 EC_GROUP_free(P_224);
708 if (P_256)
709 EC_GROUP_free(P_256);
710 if (P_384)
711 EC_GROUP_free(P_384);
712 if (P_521)
713 EC_GROUP_free(P_521);
714
715}
716
717/* Change test based on whether binary point compression is enabled or not. */
718#ifdef OPENSSL_EC_BIN_PT_COMP
719#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
720 if (!BN_hex2bn(&x, _x)) ABORT; \
721 if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
722 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
723 if (!BN_hex2bn(&z, _order)) ABORT; \
724 if (!BN_hex2bn(&cof, _cof)) ABORT; \
725 if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
726 if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
727 fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
728 BN_print_fp(stdout, x); \
729 fprintf(stdout, "\n y = 0x"); \
730 BN_print_fp(stdout, y); \
731 fprintf(stdout, "\n"); \
732 /* G_y value taken from the standard: */ \
733 if (!BN_hex2bn(&z, _y)) ABORT; \
734 if (0 != BN_cmp(y, z)) ABORT;
735#else
736#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
737 if (!BN_hex2bn(&x, _x)) ABORT; \
738 if (!BN_hex2bn(&y, _y)) ABORT; \
739 if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
740 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
741 if (!BN_hex2bn(&z, _order)) ABORT; \
742 if (!BN_hex2bn(&cof, _cof)) ABORT; \
743 if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
744 fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
745 BN_print_fp(stdout, x); \
746 fprintf(stdout, "\n y = 0x"); \
747 BN_print_fp(stdout, y); \
748 fprintf(stdout, "\n");
749#endif
750
751#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
752 if (!BN_hex2bn(&p, _p)) ABORT; \
753 if (!BN_hex2bn(&a, _a)) ABORT; \
754 if (!BN_hex2bn(&b, _b)) ABORT; \
755 if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
756 CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
757 fprintf(stdout, "verify degree ..."); \
758 if (EC_GROUP_get_degree(group) != _degree) ABORT; \
759 fprintf(stdout, " ok\n"); \
760 group_order_tests(group); \
761 if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
762 if (!EC_GROUP_copy(_variable, group)) ABORT; \
763
764#ifndef OPENSSL_NO_EC2M
765
766 static void char2_field_tests(void)
767{
768 BN_CTX *ctx = NULL;
769 BIGNUM *p, *a, *b;
770 EC_GROUP *group;
771 EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
772 EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
773 EC_POINT *P, *Q, *R;
774 BIGNUM *x, *y, *z, *cof;
775 unsigned char buf[100];
776 size_t i, len;
777 int k;
778
779#if 1 /* optional */
780 ctx = BN_CTX_new();
781 if (!ctx)
782 ABORT;
783#endif
784
785 p = BN_new();
786 a = BN_new();
787 b = BN_new();
788 if (!p || !a || !b)
789 ABORT;
790
791 if (!BN_hex2bn(&p, "13"))
792 ABORT;
793 if (!BN_hex2bn(&a, "3"))
794 ABORT;
795 if (!BN_hex2bn(&b, "1"))
796 ABORT;
797
798 group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
799 * so that the library gets to choose the EC_METHOD */
800 if (!group)
801 ABORT;
802 if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
803 ABORT;
804
805 {
806 EC_GROUP *tmp;
807 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
808 if (!tmp)
809 ABORT;
810 if (!EC_GROUP_copy(tmp, group))
811 ABORT;
812 EC_GROUP_free(group);
813 group = tmp;
814 }
815
816 if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
817 ABORT;
818
819 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x");
820 BN_print_fp(stdout, p);
821 fprintf(stdout, ")\n a = 0x");
822 BN_print_fp(stdout, a);
823 fprintf(stdout, "\n b = 0x");
824 BN_print_fp(stdout, b);
825 fprintf(stdout, "\n(0x... means binary polynomial)\n");
826
827 P = EC_POINT_new(group);
828 Q = EC_POINT_new(group);
829 R = EC_POINT_new(group);
830 if (!P || !Q || !R)
831 ABORT;
832
833 if (!EC_POINT_set_to_infinity(group, P))
834 ABORT;
835 if (!EC_POINT_is_at_infinity(group, P))
836 ABORT;
837
838 buf[0] = 0;
839 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
840 ABORT;
841
842 if (!EC_POINT_add(group, P, P, Q, ctx))
843 ABORT;
844 if (!EC_POINT_is_at_infinity(group, P))
845 ABORT;
846
847 x = BN_new();
848 y = BN_new();
849 z = BN_new();
850 cof = BN_new();
851 if (!x || !y || !z || !cof)
852 ABORT;
853
854 if (!BN_hex2bn(&x, "6"))
855 ABORT;
856/* Change test based on whether binary point compression is enabled or not. */
857#ifdef OPENSSL_EC_BIN_PT_COMP
858 if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
859 ABORT;
860#else
861 if (!BN_hex2bn(&y, "8"))
862 ABORT;
863 if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
864 ABORT;
865#endif
866 if (!EC_POINT_is_on_curve(group, Q, ctx)) {
867/* Change test based on whether binary point compression is enabled or not. */
868#ifdef OPENSSL_EC_BIN_PT_COMP
869 if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
870 ABORT;
871#endif
872 fprintf(stderr, "Point is not on curve: x = 0x");
873 BN_print_fp(stderr, x);
874 fprintf(stderr, ", y = 0x");
875 BN_print_fp(stderr, y);
876 fprintf(stderr, "\n");
877 ABORT;
878 }
879
880 fprintf(stdout, "A cyclic subgroup:\n");
881 k = 100;
882 do
883 {
884 if (k-- == 0)
885 ABORT;
886
887 if (EC_POINT_is_at_infinity(group, P))
888 fprintf(stdout, " point at infinity\n");
889 else {
890 if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
891 ABORT;
892
893 fprintf(stdout, " x = 0x");
894 BN_print_fp(stdout, x);
895 fprintf(stdout, ", y = 0x");
896 BN_print_fp(stdout, y);
897 fprintf(stdout, "\n");
898 }
899
900 if (!EC_POINT_copy(R, P))
901 ABORT;
902 if (!EC_POINT_add(group, P, P, Q, ctx))
903 ABORT;
904 }
905 while (!EC_POINT_is_at_infinity(group, P));
906
907 if (!EC_POINT_add(group, P, Q, R, ctx))
908 ABORT;
909 if (!EC_POINT_is_at_infinity(group, P))
910 ABORT;
911
912/* Change test based on whether binary point compression is enabled or not. */
913#ifdef OPENSSL_EC_BIN_PT_COMP
914 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
915 if (len == 0)
916 ABORT;
917 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
918 ABORT;
919 if (0 != EC_POINT_cmp(group, P, Q, ctx))
920 ABORT;
921 fprintf(stdout, "Generator as octet string, compressed form:\n ");
922 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
923#endif
924
925 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
926 if (len == 0)
927 ABORT;
928 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
929 ABORT;
930 if (0 != EC_POINT_cmp(group, P, Q, ctx))
931 ABORT;
932 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
933 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
934
935/* Change test based on whether binary point compression is enabled or not. */
936#ifdef OPENSSL_EC_BIN_PT_COMP
937 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
938 if (len == 0)
939 ABORT;
940 if (!EC_POINT_oct2point(group, P, buf, len, ctx))
941 ABORT;
942 if (0 != EC_POINT_cmp(group, P, Q, ctx))
943 ABORT;
944 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
945 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
946#endif
947
948 fprintf(stdout, "\n");
949
950 if (!EC_POINT_invert(group, P, ctx))
951 ABORT;
952 if (0 != EC_POINT_cmp(group, P, R, ctx))
953 ABORT;
954
955
956 /* Curve K-163 (FIPS PUB 186-2, App. 6) */
957 CHAR2_CURVE_TEST
958 (
959 "NIST curve K-163",
960 "0800000000000000000000000000000000000000C9",
961 "1",
962 "1",
963 "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
964 "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
965 1,
966 "04000000000000000000020108A2E0CC0D99F8A5EF",
967 "2",
968 163,
969 C2_K163
970 );
971
972 /* Curve B-163 (FIPS PUB 186-2, App. 6) */
973 CHAR2_CURVE_TEST
974 (
975 "NIST curve B-163",
976 "0800000000000000000000000000000000000000C9",
977 "1",
978 "020A601907B8C953CA1481EB10512F78744A3205FD",
979 "03F0EBA16286A2D57EA0991168D4994637E8343E36",
980 "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
981 1,
982 "040000000000000000000292FE77E70C12A4234C33",
983 "2",
984 163,
985 C2_B163
986 );
987
988 /* Curve K-233 (FIPS PUB 186-2, App. 6) */
989 CHAR2_CURVE_TEST
990 (
991 "NIST curve K-233",
992 "020000000000000000000000000000000000000004000000000000000001",
993 "0",
994 "1",
995 "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
996 "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
997 0,
998 "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
999 "4",
1000 233,
1001 C2_K233
1002 );
1003
1004 /* Curve B-233 (FIPS PUB 186-2, App. 6) */
1005 CHAR2_CURVE_TEST
1006 (
1007 "NIST curve B-233",
1008 "020000000000000000000000000000000000000004000000000000000001",
1009 "000000000000000000000000000000000000000000000000000000000001",
1010 "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
1011 "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
1012 "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
1013 1,
1014 "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
1015 "2",
1016 233,
1017 C2_B233
1018 );
1019
1020 /* Curve K-283 (FIPS PUB 186-2, App. 6) */
1021 CHAR2_CURVE_TEST
1022 (
1023 "NIST curve K-283",
1024 "0800000000000000000000000000000000000000000000000000000000000000000010A1",
1025 "0",
1026 "1",
1027 "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
1028 "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
1029 0,
1030 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
1031 "4",
1032 283,
1033 C2_K283
1034 );
1035
1036 /* Curve B-283 (FIPS PUB 186-2, App. 6) */
1037 CHAR2_CURVE_TEST
1038 (
1039 "NIST curve B-283",
1040 "0800000000000000000000000000000000000000000000000000000000000000000010A1",
1041 "000000000000000000000000000000000000000000000000000000000000000000000001",
1042 "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
1043 "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
1044 "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
1045 1,
1046 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
1047 "2",
1048 283,
1049 C2_B283
1050 );
1051
1052 /* Curve K-409 (FIPS PUB 186-2, App. 6) */
1053 CHAR2_CURVE_TEST
1054 (
1055 "NIST curve K-409",
1056 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
1057 "0",
1058 "1",
1059 "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
1060 "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
1061 1,
1062 "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
1063 "4",
1064 409,
1065 C2_K409
1066 );
1067
1068 /* Curve B-409 (FIPS PUB 186-2, App. 6) */
1069 CHAR2_CURVE_TEST
1070 (
1071 "NIST curve B-409",
1072 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
1073 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
1074 "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
1075 "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
1076 "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
1077 1,
1078 "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
1079 "2",
1080 409,
1081 C2_B409
1082 );
1083
1084 /* Curve K-571 (FIPS PUB 186-2, App. 6) */
1085 CHAR2_CURVE_TEST
1086 (
1087 "NIST curve K-571",
1088 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
1089 "0",
1090 "1",
1091 "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
1092 "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
1093 0,
1094 "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
1095 "4",
1096 571,
1097 C2_K571
1098 );
1099
1100 /* Curve B-571 (FIPS PUB 186-2, App. 6) */
1101 CHAR2_CURVE_TEST
1102 (
1103 "NIST curve B-571",
1104 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
1105 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
1106 "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
1107 "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
1108 "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
1109 1,
1110 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
1111 "2",
1112 571,
1113 C2_B571
1114 );
1115
1116 /* more tests using the last curve */
1117 fprintf(stdout, "infinity tests ...");
1118 fflush(stdout);
1119 if (!EC_POINT_copy(Q, P))
1120 ABORT;
1121 if (EC_POINT_is_at_infinity(group, Q))
1122 ABORT;
1123 /* P := 2P */
1124 if (!EC_POINT_dbl(group, P, P, ctx))
1125 ABORT;
1126 if (!EC_POINT_is_on_curve(group, P, ctx))
1127 ABORT;
1128 /* Q := -P */
1129 if (!EC_POINT_invert(group, Q, ctx))
1130 ABORT;
1131 /* R := 2P - P = P */
1132 if (!EC_POINT_add(group, R, P, Q, ctx))
1133 ABORT;
1134 /* R := R + Q = P - P = infty */
1135 if (!EC_POINT_add(group, R, R, Q, ctx))
1136 ABORT;
1137 if (!EC_POINT_is_at_infinity(group, R))
1138 ABORT;
1139 fprintf(stdout, " ok\n\n");
1140
1141 if (ctx)
1142 BN_CTX_free(ctx);
1143 BN_free(p);
1144 BN_free(a);
1145 BN_free(b);
1146 EC_GROUP_free(group);
1147 EC_POINT_free(P);
1148 EC_POINT_free(Q);
1149 EC_POINT_free(R);
1150 BN_free(x);
1151 BN_free(y);
1152 BN_free(z);
1153 BN_free(cof);
1154
1155 if (C2_K163)
1156 EC_GROUP_free(C2_K163);
1157 if (C2_B163)
1158 EC_GROUP_free(C2_B163);
1159 if (C2_K233)
1160 EC_GROUP_free(C2_K233);
1161 if (C2_B233)
1162 EC_GROUP_free(C2_B233);
1163 if (C2_K283)
1164 EC_GROUP_free(C2_K283);
1165 if (C2_B283)
1166 EC_GROUP_free(C2_B283);
1167 if (C2_K409)
1168 EC_GROUP_free(C2_K409);
1169 if (C2_B409)
1170 EC_GROUP_free(C2_B409);
1171 if (C2_K571)
1172 EC_GROUP_free(C2_K571);
1173 if (C2_B571)
1174 EC_GROUP_free(C2_B571);
1175
1176}
1177#endif
1178
1179static void
1180internal_curve_test(void)
1181{
1182 EC_builtin_curve *curves = NULL;
1183 size_t crv_len = 0, n = 0;
1184 int ok = 1;
1185
1186 crv_len = EC_get_builtin_curves(NULL, 0);
1187
1188 curves = reallocarray(NULL, sizeof(EC_builtin_curve), crv_len);
1189
1190 if (curves == NULL)
1191 return;
1192
1193 if (!EC_get_builtin_curves(curves, crv_len)) {
1194 free(curves);
1195 return;
1196 }
1197
1198 fprintf(stdout, "testing internal curves: ");
1199
1200 for (n = 0; n < crv_len; n++) {
1201 EC_GROUP *group = NULL;
1202 int nid = curves[n].nid;
1203 if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
1204 ok = 0;
1205 fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
1206 " curve %s\n", OBJ_nid2sn(nid));
1207 /* try next curve */
1208 continue;
1209 }
1210 if (!EC_GROUP_check(group, NULL)) {
1211 ok = 0;
1212 fprintf(stdout, "\nEC_GROUP_check() failed with"
1213 " curve %s\n", OBJ_nid2sn(nid));
1214 EC_GROUP_free(group);
1215 /* try the next curve */
1216 continue;
1217 }
1218 fprintf(stdout, ".");
1219 fflush(stdout);
1220 EC_GROUP_free(group);
1221 }
1222 if (ok)
1223 fprintf(stdout, " ok\n\n");
1224 else {
1225 fprintf(stdout, " failed\n\n");
1226 ABORT;
1227 }
1228 free(curves);
1229 return;
1230}
1231
1232#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
1233/* nistp_test_params contains magic numbers for testing our optimized
1234 * implementations of several NIST curves with characteristic > 3. */
1235struct nistp_test_params {
1236 const EC_METHOD* (*meth) ();
1237 int degree;
1238 /* Qx, Qy and D are taken from
1239 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
1240 * Otherwise, values are standard curve parameters from FIPS 180-3 */
1241 const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
1242};
1243
1244static const struct nistp_test_params nistp_tests_params[] = { {
1245 /* P-224 */
1246 EC_GFp_nistp224_method,
1247 224,
1248 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
1249 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
1250 "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
1251 "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */
1252 "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */
1253 "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */
1254 "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
1255 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
1256 "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
1257 },
1258 {
1259 /* P-256 */
1260 EC_GFp_nistp256_method,
1261 256,
1262 "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
1263 "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
1264 "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
1265 "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
1266 "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
1267 "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
1268 "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
1269 "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
1270 "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
1271 },
1272 {
1273 /* P-521 */
1274 EC_GFp_nistp521_method,
1275 521,
1276 "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
1277 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
1278 "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
1279 "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */
1280 "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */
1281 "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */
1282 "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
1283 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
1284 "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
1285 },
1286};
1287
1288void
1289nistp_single_test(const struct nistp_test_params *test)
1290{
1291 BN_CTX *ctx;
1292 BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
1293 EC_GROUP *NISTP;
1294 EC_POINT *G, *P, *Q, *Q_CHECK;
1295
1296 fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
1297 ctx = BN_CTX_new();
1298 p = BN_new();
1299 a = BN_new();
1300 b = BN_new();
1301 x = BN_new();
1302 y = BN_new();
1303 m = BN_new();
1304 n = BN_new();
1305 order = BN_new();
1306
1307 NISTP = EC_GROUP_new(test->meth());
1308 if (!NISTP)
1309 ABORT;
1310 if (!BN_hex2bn(&p, test->p))
1311 ABORT;
1312 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
1313 ABORT;
1314 if (!BN_hex2bn(&a, test->a))
1315 ABORT;
1316 if (!BN_hex2bn(&b, test->b))
1317 ABORT;
1318 if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
1319 ABORT;
1320 G = EC_POINT_new(NISTP);
1321 P = EC_POINT_new(NISTP);
1322 Q = EC_POINT_new(NISTP);
1323 Q_CHECK = EC_POINT_new(NISTP);
1324 if (!BN_hex2bn(&x, test->Qx))
1325 ABORT;
1326 if (!BN_hex2bn(&y, test->Qy))
1327 ABORT;
1328 if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
1329 ABORT;
1330 if (!BN_hex2bn(&x, test->Gx))
1331 ABORT;
1332 if (!BN_hex2bn(&y, test->Gy))
1333 ABORT;
1334 if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
1335 ABORT;
1336 if (!BN_hex2bn(&order, test->order))
1337 ABORT;
1338 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
1339 ABORT;
1340
1341 fprintf(stdout, "verify degree ... ");
1342 if (EC_GROUP_get_degree(NISTP) != test->degree)
1343 ABORT;
1344 fprintf(stdout, "ok\n");
1345
1346 fprintf(stdout, "NIST test vectors ... ");
1347 if (!BN_hex2bn(&n, test->d))
1348 ABORT;
1349 /* fixed point multiplication */
1350 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
1351 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1352 ABORT;
1353 /* random point multiplication */
1354 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
1355 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1356 ABORT;
1357
1358 /* set generator to P = 2*G, where G is the standard generator */
1359 if (!EC_POINT_dbl(NISTP, P, G, ctx))
1360 ABORT;
1361 if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
1362 ABORT;
1363 /* set the scalar to m=n/2, where n is the NIST test scalar */
1364 if (!BN_rshift(m, n, 1))
1365 ABORT;
1366
1367 /* test the non-standard generator */
1368 /* fixed point multiplication */
1369 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
1370 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1371 ABORT;
1372 /* random point multiplication */
1373 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
1374 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1375 ABORT;
1376
1377 /* now repeat all tests with precomputation */
1378 if (!EC_GROUP_precompute_mult(NISTP, ctx))
1379 ABORT;
1380
1381 /* fixed point multiplication */
1382 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
1383 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1384 ABORT;
1385 /* random point multiplication */
1386 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
1387 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1388 ABORT;
1389
1390 /* reset generator */
1391 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
1392 ABORT;
1393 /* fixed point multiplication */
1394 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
1395 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1396 ABORT;
1397 /* random point multiplication */
1398 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
1399 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
1400 ABORT;
1401
1402 fprintf(stdout, "ok\n");
1403 group_order_tests(NISTP);
1404 EC_GROUP_free(NISTP);
1405 EC_POINT_free(G);
1406 EC_POINT_free(P);
1407 EC_POINT_free(Q);
1408 EC_POINT_free(Q_CHECK);
1409 BN_free(n);
1410 BN_free(m);
1411 BN_free(p);
1412 BN_free(a);
1413 BN_free(b);
1414 BN_free(x);
1415 BN_free(y);
1416 BN_free(order);
1417 BN_CTX_free(ctx);
1418}
1419
1420void
1421nistp_tests()
1422{
1423 unsigned i;
1424
1425 for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++) {
1426 nistp_single_test(&nistp_tests_params[i]);
1427 }
1428}
1429#endif
1430
1431int
1432main(int argc, char *argv[])
1433{
1434 ERR_load_crypto_strings();
1435
1436 prime_field_tests();
1437 puts("");
1438#ifndef OPENSSL_NO_EC2M
1439 char2_field_tests();
1440#endif
1441#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
1442 nistp_tests();
1443#endif
1444 /* test the internal curves */
1445 internal_curve_test();
1446
1447#ifndef OPENSSL_NO_ENGINE
1448 ENGINE_cleanup();
1449#endif
1450 CRYPTO_cleanup_all_ex_data();
1451 ERR_free_strings();
1452 ERR_remove_thread_state(NULL);
1453 CRYPTO_mem_leaks_fp(stderr);
1454
1455 return 0;
1456}
diff --git a/src/regress/lib/libcrypto/ecdh/Makefile b/src/regress/lib/libcrypto/ecdh/Makefile
deleted file mode 100644
index b645771f7b..0000000000
--- a/src/regress/lib/libcrypto/ecdh/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= ecdhtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ecdh/ecdhtest.c b/src/regress/lib/libcrypto/ecdh/ecdhtest.c
deleted file mode 100644
index faf519e07a..0000000000
--- a/src/regress/lib/libcrypto/ecdh/ecdhtest.c
+++ /dev/null
@@ -1,477 +0,0 @@
1/* $OpenBSD: ecdhtest.c,v 1.10 2018/07/17 17:06:49 tb Exp $ */
2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 *
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
7 * to the OpenSSL project.
8 *
9 * The ECC Code is licensed pursuant to the OpenSSL open source
10 * license provided below.
11 *
12 * The ECDH software is originally written by Douglas Stebila of
13 * Sun Microsystems Laboratories.
14 *
15 */
16/* ====================================================================
17 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 *
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 *
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in
28 * the documentation and/or other materials provided with the
29 * distribution.
30 *
31 * 3. All advertising materials mentioning features or use of this
32 * software must display the following acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
35 *
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
37 * endorse or promote products derived from this software without
38 * prior written permission. For written permission, please contact
39 * openssl-core@openssl.org.
40 *
41 * 5. Products derived from this software may not be called "OpenSSL"
42 * nor may "OpenSSL" appear in their names without prior written
43 * permission of the OpenSSL Project.
44 *
45 * 6. Redistributions of any form whatsoever must retain the following
46 * acknowledgment:
47 * "This product includes software developed by the OpenSSL Project
48 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
61 * OF THE POSSIBILITY OF SUCH DAMAGE.
62 * ====================================================================
63 *
64 * This product includes cryptographic software written by Eric Young
65 * (eay@cryptsoft.com). This product includes software written by Tim
66 * Hudson (tjh@cryptsoft.com).
67 *
68 */
69
70#include <stdio.h>
71#include <stdlib.h>
72#include <string.h>
73
74#include <openssl/crypto.h>
75#include <openssl/bio.h>
76#include <openssl/bn.h>
77#include <openssl/objects.h>
78#include <openssl/sha.h>
79#include <openssl/err.h>
80
81#include <openssl/ec.h>
82#include <openssl/ecdh.h>
83
84static const int KDF1_SHA1_len = 20;
85static void *
86KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
87{
88#ifndef OPENSSL_NO_SHA
89 if (*outlen < SHA_DIGEST_LENGTH)
90 return NULL;
91 else
92 *outlen = SHA_DIGEST_LENGTH;
93 return SHA1(in, inlen, out);
94#else
95 return NULL;
96#endif
97}
98
99
100static int
101test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
102{
103 BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;
104 EC_KEY *a = NULL, *b = NULL;
105 const EC_GROUP *group;
106 unsigned char *abuf = NULL, *bbuf = NULL;
107 int i, alen, blen, aout, bout, ret = 0;
108 char buf[12];
109
110 a = EC_KEY_new_by_curve_name(nid);
111 b = EC_KEY_new_by_curve_name(nid);
112 if (a == NULL || b == NULL)
113 goto err;
114
115 group = EC_KEY_get0_group(a);
116
117 if ((x_a = BN_new()) == NULL)
118 goto err;
119 if ((y_a = BN_new()) == NULL)
120 goto err;
121 if ((x_b = BN_new()) == NULL)
122 goto err;
123 if ((y_b = BN_new()) == NULL)
124 goto err;
125
126 BIO_puts(out, "Testing key generation with ");
127 BIO_puts(out, text);
128 (void)BIO_flush(out);
129
130 if (!EC_KEY_generate_key(a))
131 goto err;
132
133 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
134 NID_X9_62_prime_field) {
135 if (!EC_POINT_get_affine_coordinates_GFp(group,
136 EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
137 }
138#ifndef OPENSSL_NO_EC2M
139 else {
140 if (!EC_POINT_get_affine_coordinates_GF2m(group,
141 EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
142 }
143#endif
144 BIO_printf(out, " .");
145 (void)BIO_flush(out);
146
147 if (!EC_KEY_generate_key(b))
148 goto err;
149
150 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
151 NID_X9_62_prime_field) {
152 if (!EC_POINT_get_affine_coordinates_GFp(group,
153 EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
154 }
155#ifndef OPENSSL_NO_EC2M
156 else {
157 if (!EC_POINT_get_affine_coordinates_GF2m(group,
158 EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
159 }
160#endif
161
162 BIO_printf(out, ".");
163 (void)BIO_flush(out);
164
165 alen = KDF1_SHA1_len;
166 abuf = malloc(alen);
167 aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b),
168 a, KDF1_SHA1);
169
170 BIO_printf(out, ".");
171 (void)BIO_flush(out);
172
173 blen = KDF1_SHA1_len;
174 bbuf = malloc(blen);
175 bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a),
176 b, KDF1_SHA1);
177
178 BIO_printf(out, ".");
179 (void)BIO_flush(out);
180
181 if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
182 BIO_printf(out, " failed\n\n");
183 BIO_printf(out, "key a:\n");
184 BIO_printf(out, "private key: ");
185 BN_print(out, EC_KEY_get0_private_key(a));
186 BIO_printf(out, "\n");
187 BIO_printf(out, "public key (x,y): ");
188 BN_print(out, x_a);
189 BIO_printf(out, ",");
190 BN_print(out, y_a);
191 BIO_printf(out, "\nkey b:\n");
192 BIO_printf(out, "private key: ");
193 BN_print(out, EC_KEY_get0_private_key(b));
194 BIO_printf(out, "\n");
195 BIO_printf(out, "public key (x,y): ");
196 BN_print(out, x_b);
197 BIO_printf(out, ",");
198 BN_print(out, y_b);
199 BIO_printf(out, "\n");
200 BIO_printf(out, "generated key a: ");
201 for (i = 0; i < bout; i++) {
202 snprintf(buf, sizeof buf, "%02X", bbuf[i]);
203 BIO_puts(out, buf);
204 }
205 BIO_printf(out, "\n");
206 BIO_printf(out, "generated key b: ");
207 for (i = 0; i < aout; i++) {
208 snprintf(buf, sizeof buf, "%02X", abuf[i]);
209 BIO_puts(out, buf);
210 }
211 BIO_printf(out, "\n");
212 fprintf(stderr, "Error in ECDH routines\n");
213 ret = 0;
214 } else {
215 BIO_printf(out, " ok\n");
216 ret = 1;
217 }
218
219err:
220 ERR_print_errors_fp(stderr);
221
222 free(abuf);
223 free(bbuf);
224 BN_free(x_a);
225 BN_free(y_a);
226 BN_free(x_b);
227 BN_free(y_b);
228 EC_KEY_free(b);
229 EC_KEY_free(a);
230
231 return (ret);
232}
233
234/* Keys and shared secrets from RFC 7027 */
235
236static const unsigned char bp256_da[] = {
237 0x81, 0xDB, 0x1E, 0xE1, 0x00, 0x15, 0x0F, 0xF2, 0xEA, 0x33, 0x8D, 0x70,
238 0x82, 0x71, 0xBE, 0x38, 0x30, 0x0C, 0xB5, 0x42, 0x41, 0xD7, 0x99, 0x50,
239 0xF7, 0x7B, 0x06, 0x30, 0x39, 0x80, 0x4F, 0x1D
240};
241
242static const unsigned char bp256_db[] = {
243 0x55, 0xE4, 0x0B, 0xC4, 0x1E, 0x37, 0xE3, 0xE2, 0xAD, 0x25, 0xC3, 0xC6,
244 0x65, 0x45, 0x11, 0xFF, 0xA8, 0x47, 0x4A, 0x91, 0xA0, 0x03, 0x20, 0x87,
245 0x59, 0x38, 0x52, 0xD3, 0xE7, 0xD7, 0x6B, 0xD3
246};
247
248static const unsigned char bp256_Z[] = {
249 0x89, 0xAF, 0xC3, 0x9D, 0x41, 0xD3, 0xB3, 0x27, 0x81, 0x4B, 0x80, 0x94,
250 0x0B, 0x04, 0x25, 0x90, 0xF9, 0x65, 0x56, 0xEC, 0x91, 0xE6, 0xAE, 0x79,
251 0x39, 0xBC, 0xE3, 0x1F, 0x3A, 0x18, 0xBF, 0x2B
252};
253
254static const unsigned char bp384_da[] = {
255 0x1E, 0x20, 0xF5, 0xE0, 0x48, 0xA5, 0x88, 0x6F, 0x1F, 0x15, 0x7C, 0x74,
256 0xE9, 0x1B, 0xDE, 0x2B, 0x98, 0xC8, 0xB5, 0x2D, 0x58, 0xE5, 0x00, 0x3D,
257 0x57, 0x05, 0x3F, 0xC4, 0xB0, 0xBD, 0x65, 0xD6, 0xF1, 0x5E, 0xB5, 0xD1,
258 0xEE, 0x16, 0x10, 0xDF, 0x87, 0x07, 0x95, 0x14, 0x36, 0x27, 0xD0, 0x42
259};
260
261static const unsigned char bp384_db[] = {
262 0x03, 0x26, 0x40, 0xBC, 0x60, 0x03, 0xC5, 0x92, 0x60, 0xF7, 0x25, 0x0C,
263 0x3D, 0xB5, 0x8C, 0xE6, 0x47, 0xF9, 0x8E, 0x12, 0x60, 0xAC, 0xCE, 0x4A,
264 0xCD, 0xA3, 0xDD, 0x86, 0x9F, 0x74, 0xE0, 0x1F, 0x8B, 0xA5, 0xE0, 0x32,
265 0x43, 0x09, 0xDB, 0x6A, 0x98, 0x31, 0x49, 0x7A, 0xBA, 0xC9, 0x66, 0x70
266};
267
268static const unsigned char bp384_Z[] = {
269 0x0B, 0xD9, 0xD3, 0xA7, 0xEA, 0x0B, 0x3D, 0x51, 0x9D, 0x09, 0xD8, 0xE4,
270 0x8D, 0x07, 0x85, 0xFB, 0x74, 0x4A, 0x6B, 0x35, 0x5E, 0x63, 0x04, 0xBC,
271 0x51, 0xC2, 0x29, 0xFB, 0xBC, 0xE2, 0x39, 0xBB, 0xAD, 0xF6, 0x40, 0x37,
272 0x15, 0xC3, 0x5D, 0x4F, 0xB2, 0xA5, 0x44, 0x4F, 0x57, 0x5D, 0x4F, 0x42
273};
274
275static const unsigned char bp512_da[] = {
276 0x16, 0x30, 0x2F, 0xF0, 0xDB, 0xBB, 0x5A, 0x8D, 0x73, 0x3D, 0xAB, 0x71,
277 0x41, 0xC1, 0xB4, 0x5A, 0xCB, 0xC8, 0x71, 0x59, 0x39, 0x67, 0x7F, 0x6A,
278 0x56, 0x85, 0x0A, 0x38, 0xBD, 0x87, 0xBD, 0x59, 0xB0, 0x9E, 0x80, 0x27,
279 0x96, 0x09, 0xFF, 0x33, 0x3E, 0xB9, 0xD4, 0xC0, 0x61, 0x23, 0x1F, 0xB2,
280 0x6F, 0x92, 0xEE, 0xB0, 0x49, 0x82, 0xA5, 0xF1, 0xD1, 0x76, 0x4C, 0xAD,
281 0x57, 0x66, 0x54, 0x22
282};
283
284static const unsigned char bp512_db[] = {
285 0x23, 0x0E, 0x18, 0xE1, 0xBC, 0xC8, 0x8A, 0x36, 0x2F, 0xA5, 0x4E, 0x4E,
286 0xA3, 0x90, 0x20, 0x09, 0x29, 0x2F, 0x7F, 0x80, 0x33, 0x62, 0x4F, 0xD4,
287 0x71, 0xB5, 0xD8, 0xAC, 0xE4, 0x9D, 0x12, 0xCF, 0xAB, 0xBC, 0x19, 0x96,
288 0x3D, 0xAB, 0x8E, 0x2F, 0x1E, 0xBA, 0x00, 0xBF, 0xFB, 0x29, 0xE4, 0xD7,
289 0x2D, 0x13, 0xF2, 0x22, 0x45, 0x62, 0xF4, 0x05, 0xCB, 0x80, 0x50, 0x36,
290 0x66, 0xB2, 0x54, 0x29
291};
292
293
294static const unsigned char bp512_Z[] = {
295 0xA7, 0x92, 0x70, 0x98, 0x65, 0x5F, 0x1F, 0x99, 0x76, 0xFA, 0x50, 0xA9,
296 0xD5, 0x66, 0x86, 0x5D, 0xC5, 0x30, 0x33, 0x18, 0x46, 0x38, 0x1C, 0x87,
297 0x25, 0x6B, 0xAF, 0x32, 0x26, 0x24, 0x4B, 0x76, 0xD3, 0x64, 0x03, 0xC0,
298 0x24, 0xD7, 0xBB, 0xF0, 0xAA, 0x08, 0x03, 0xEA, 0xFF, 0x40, 0x5D, 0x3D,
299 0x24, 0xF1, 0x1A, 0x9B, 0x5C, 0x0B, 0xEF, 0x67, 0x9F, 0xE1, 0x45, 0x4B,
300 0x21, 0xC4, 0xCD, 0x1F
301};
302
303/* Given private value and NID, create EC_KEY structure */
304
305static EC_KEY *
306mk_eckey(int nid, const unsigned char *p, size_t plen)
307{
308 EC_KEY *k = NULL;
309 BIGNUM *priv = NULL;
310 EC_POINT *pub = NULL;
311 const EC_GROUP *grp;
312 int ok = 0;
313
314 k = EC_KEY_new_by_curve_name(nid);
315 if (!k)
316 goto err;
317 priv = BN_bin2bn(p, plen, NULL);
318 if (!priv)
319 goto err;
320 if (!EC_KEY_set_private_key(k, priv))
321 goto err;
322 grp = EC_KEY_get0_group(k);
323 pub = EC_POINT_new(grp);
324 if (!pub)
325 goto err;
326 if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
327 goto err;
328 if (!EC_KEY_set_public_key(k, pub))
329 goto err;
330 ok = 1;
331err:
332 BN_clear_free(priv);
333 EC_POINT_free(pub);
334 if (!ok) {
335 EC_KEY_free(k);
336 k = NULL;
337 }
338 return (k);
339}
340
341/* Known answer test: compute shared secret and check it matches
342 * expected value.
343 */
344
345static int
346ecdh_kat(BIO *out, const char *cname, int nid,
347 const unsigned char *k1, size_t k1_len,
348 const unsigned char *k2, size_t k2_len,
349 const unsigned char *Z, size_t Zlen)
350{
351 int rv = 0;
352 EC_KEY *key1 = NULL, *key2 = NULL;
353 unsigned char *Ztmp = NULL;
354 size_t Ztmplen;
355 BIO_puts(out, "Testing ECDH shared secret with ");
356 BIO_puts(out, cname);
357 key1 = mk_eckey(nid, k1, k1_len);
358 key2 = mk_eckey(nid, k2, k2_len);
359 if (!key1 || !key2)
360 goto err;
361 Ztmplen = ECDH_size(key1);
362 if (Ztmplen != Zlen)
363 goto err;
364 Ztmp = malloc(Ztmplen);
365 if (!ECDH_compute_key(Ztmp, Ztmplen,
366 EC_KEY_get0_public_key(key2), key1, 0))
367 goto err;
368 if (memcmp(Ztmp, Z, Zlen))
369 goto err;
370 memset(Ztmp, 0, Zlen);
371 if (!ECDH_compute_key(Ztmp, Ztmplen,
372 EC_KEY_get0_public_key(key1), key2, 0))
373 goto err;
374 if (memcmp(Ztmp, Z, Zlen))
375 goto err;
376 rv = 1;
377
378err:
379 if (rv)
380 BIO_puts(out, " ok\n");
381 else {
382 fprintf(stderr, "Error in ECDH routines\n");
383 ERR_print_errors_fp(stderr);
384 }
385
386 EC_KEY_free(key1);
387 EC_KEY_free(key2);
388 free(Ztmp);
389
390 return rv;
391}
392
393#define test_ecdh_kat(bio, curve, bits) \
394 ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \
395 bp##bits##_da, sizeof(bp##bits##_da), \
396 bp##bits##_db, sizeof(bp##bits##_db), \
397 bp##bits##_Z, sizeof(bp##bits##_Z))
398
399int
400main(int argc, char *argv[])
401{
402 BN_CTX *ctx = NULL;
403 int ret = 1;
404 BIO *out;
405
406 out = BIO_new(BIO_s_file());
407 if (out == NULL)
408 exit(1);
409 BIO_set_fp(out, stdout, BIO_NOCLOSE);
410
411 if ((ctx = BN_CTX_new()) == NULL)
412 goto err;
413
414 /* NIST PRIME CURVES TESTS */
415 if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192",
416 ctx, out))
417 goto err;
418 if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
419 goto err;
420 if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256",
421 ctx, out))
422 goto err;
423 if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out))
424 goto err;
425 if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out))
426 goto err;
427#ifndef OPENSSL_NO_EC2M
428 /* NIST BINARY CURVES TESTS */
429 if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163",
430 ctx, out))
431 goto err;
432 if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163",
433 ctx, out))
434 goto err;
435 if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233",
436 ctx, out))
437 goto err;
438 if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233",
439 ctx, out))
440 goto err;
441 if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283",
442 ctx, out))
443 goto err;
444 if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283",
445 ctx, out))
446 goto err;
447 if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409",
448 ctx, out))
449 goto err;
450 if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409",
451 ctx, out))
452 goto err;
453 if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571",
454 ctx, out))
455 goto err;
456 if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571",
457 ctx, out))
458 goto err;
459#endif
460 if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
461 goto err;
462 if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
463 goto err;
464 if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
465 goto err;
466
467 ret = 0;
468
469err:
470 ERR_print_errors_fp(stderr);
471 BN_CTX_free(ctx);
472 BIO_free(out);
473 CRYPTO_cleanup_all_ex_data();
474 ERR_remove_thread_state(NULL);
475 CRYPTO_mem_leaks_fp(stderr);
476 exit(ret);
477}
diff --git a/src/regress/lib/libcrypto/ecdsa/Makefile b/src/regress/lib/libcrypto/ecdsa/Makefile
deleted file mode 100644
index 0c2e26a85e..0000000000
--- a/src/regress/lib/libcrypto/ecdsa/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= ecdsatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
deleted file mode 100644
index 097768d11e..0000000000
--- a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
+++ /dev/null
@@ -1,405 +0,0 @@
1/* $OpenBSD: ecdsatest.c,v 1.6 2018/07/17 17:10:04 tb Exp $ */
2/*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72#include <stdio.h>
73#include <stdlib.h>
74#include <string.h>
75
76#include <openssl/crypto.h>
77#include <openssl/bio.h>
78#include <openssl/evp.h>
79#include <openssl/bn.h>
80#include <openssl/ecdsa.h>
81#ifndef OPENSSL_NO_ENGINE
82#include <openssl/engine.h>
83#endif
84#include <openssl/err.h>
85
86/* declaration of the test functions */
87int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
88int test_builtin(BIO *);
89
90/* some tests from the X9.62 draft */
91int
92x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
93{
94 int ret = 0;
95 const char message[] = "abc";
96 unsigned char digest[20];
97 unsigned int dgst_len = 0;
98 EVP_MD_CTX md_ctx;
99 EC_KEY *key = NULL;
100 ECDSA_SIG *signature = NULL;
101 BIGNUM *r = NULL, *s = NULL;
102
103 EVP_MD_CTX_init(&md_ctx);
104 /* get the message digest */
105 EVP_DigestInit(&md_ctx, EVP_ecdsa());
106 EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
107 EVP_DigestFinal(&md_ctx, digest, &dgst_len);
108
109 BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
110 /* create the key */
111 if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
112 goto x962_int_err;
113 if (!EC_KEY_generate_key(key))
114 goto x962_int_err;
115 BIO_printf(out, ".");
116 (void)BIO_flush(out);
117 /* create the signature */
118 signature = ECDSA_do_sign(digest, 20, key);
119 if (signature == NULL)
120 goto x962_int_err;
121 BIO_printf(out, ".");
122 (void)BIO_flush(out);
123 /* compare the created signature with the expected signature */
124 if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
125 goto x962_int_err;
126 if (!BN_dec2bn(&r, r_in) ||
127 !BN_dec2bn(&s, s_in))
128 goto x962_int_err;
129 if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
130 goto x962_int_err;
131 BIO_printf(out, ".");
132 (void)BIO_flush(out);
133 /* verify the signature */
134 if (ECDSA_do_verify(digest, 20, signature, key) != 1)
135 goto x962_int_err;
136 BIO_printf(out, ".");
137 (void)BIO_flush(out);
138
139 BIO_printf(out, " ok\n");
140 ret = 1;
141 x962_int_err:
142 if (!ret)
143 BIO_printf(out, " failed\n");
144 if (key)
145 EC_KEY_free(key);
146 if (signature)
147 ECDSA_SIG_free(signature);
148 if (r)
149 BN_free(r);
150 if (s)
151 BN_free(s);
152 EVP_MD_CTX_cleanup(&md_ctx);
153 return ret;
154}
155
156int
157test_builtin(BIO *out)
158{
159 EC_builtin_curve *curves = NULL;
160 size_t num_curves = 0, n = 0;
161 EC_KEY *eckey = NULL, *wrong_eckey = NULL;
162 EC_GROUP *group;
163 ECDSA_SIG *ecdsa_sig = NULL;
164 unsigned char digest[20], wrong_digest[20];
165 unsigned char *signature = NULL;
166 const unsigned char *sig_ptr;
167 unsigned char *sig_ptr2;
168 unsigned char *raw_buf = NULL;
169 unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
170 int nid, ret = 0;
171
172 /* fill digest values with some random data */
173 arc4random_buf(digest, 20);
174 arc4random_buf(wrong_digest, 20);
175
176 /* create and verify a ecdsa signature with every available curve */
177 BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
178 "with some internal curves:\n");
179
180 /* get a list of all internal curves */
181 num_curves = EC_get_builtin_curves(NULL, 0);
182
183 curves = reallocarray(NULL, sizeof(EC_builtin_curve), num_curves);
184
185 if (curves == NULL) {
186 BIO_printf(out, "reallocarray error\n");
187 goto builtin_err;
188 }
189
190 if (!EC_get_builtin_curves(curves, num_curves)) {
191 BIO_printf(out, "unable to get internal curves\n");
192 goto builtin_err;
193 }
194
195 /* now create and verify a signature for every curve */
196 for (n = 0; n < num_curves; n++) {
197 unsigned char dirt, offset;
198
199 nid = curves[n].nid;
200 if (nid == NID_ipsec4)
201 continue;
202 /* create new ecdsa key (== EC_KEY) */
203 if ((eckey = EC_KEY_new()) == NULL)
204 goto builtin_err;
205 group = EC_GROUP_new_by_curve_name(nid);
206 if (group == NULL)
207 goto builtin_err;
208 if (EC_KEY_set_group(eckey, group) == 0)
209 goto builtin_err;
210 EC_GROUP_free(group);
211 degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
212 if (degree < 160) {
213 /* drop the curve */
214 EC_KEY_free(eckey);
215 eckey = NULL;
216 continue;
217 }
218 BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
219 /* create key */
220 if (!EC_KEY_generate_key(eckey)) {
221 BIO_printf(out, " failed\n");
222 goto builtin_err;
223 }
224 /* create second key */
225 if ((wrong_eckey = EC_KEY_new()) == NULL)
226 goto builtin_err;
227 group = EC_GROUP_new_by_curve_name(nid);
228 if (group == NULL)
229 goto builtin_err;
230 if (EC_KEY_set_group(wrong_eckey, group) == 0)
231 goto builtin_err;
232 EC_GROUP_free(group);
233 if (!EC_KEY_generate_key(wrong_eckey)) {
234 BIO_printf(out, " failed\n");
235 goto builtin_err;
236 }
237
238 BIO_printf(out, ".");
239 (void)BIO_flush(out);
240 /* check key */
241 if (!EC_KEY_check_key(eckey)) {
242 BIO_printf(out, " failed\n");
243 goto builtin_err;
244 }
245 BIO_printf(out, ".");
246 (void)BIO_flush(out);
247 /* create signature */
248 sig_len = ECDSA_size(eckey);
249 if ((signature = malloc(sig_len)) == NULL)
250 goto builtin_err;
251 if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
252 BIO_printf(out, " failed\n");
253 goto builtin_err;
254 }
255 BIO_printf(out, ".");
256 (void)BIO_flush(out);
257 /* verify signature */
258 if (ECDSA_verify(0, digest, 20, signature, sig_len,
259 eckey) != 1) {
260 BIO_printf(out, " failed\n");
261 goto builtin_err;
262 }
263 BIO_printf(out, ".");
264 (void)BIO_flush(out);
265 /* verify signature with the wrong key */
266 if (ECDSA_verify(0, digest, 20, signature, sig_len,
267 wrong_eckey) == 1) {
268 BIO_printf(out, " failed\n");
269 goto builtin_err;
270 }
271 BIO_printf(out, ".");
272 (void)BIO_flush(out);
273 /* wrong digest */
274 if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
275 eckey) == 1) {
276 BIO_printf(out, " failed\n");
277 goto builtin_err;
278 }
279 BIO_printf(out, ".");
280 (void)BIO_flush(out);
281 /* wrong length */
282 if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
283 eckey) == 1) {
284 BIO_printf(out, " failed\n");
285 goto builtin_err;
286 }
287 BIO_printf(out, ".");
288 (void)BIO_flush(out);
289
290 /*
291 * Modify a single byte of the signature: to ensure we don't
292 * garble the ASN1 structure, we read the raw signature and
293 * modify a byte in one of the bignums directly.
294 */
295 sig_ptr = signature;
296 if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr,
297 sig_len)) == NULL) {
298 BIO_printf(out, " failed\n");
299 goto builtin_err;
300 }
301
302 /* Store the two BIGNUMs in raw_buf. */
303 r_len = BN_num_bytes(ecdsa_sig->r);
304 s_len = BN_num_bytes(ecdsa_sig->s);
305 bn_len = (degree + 7) / 8;
306 if ((r_len > bn_len) || (s_len > bn_len)) {
307 BIO_printf(out, " failed\n");
308 goto builtin_err;
309 }
310 buf_len = 2 * bn_len;
311 if ((raw_buf = calloc(1, buf_len)) == NULL)
312 goto builtin_err;
313 BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
314 BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
315
316 /* Modify a single byte in the buffer. */
317 offset = raw_buf[10] % buf_len;
318 dirt = raw_buf[11] ? raw_buf[11] : 1;
319 raw_buf[offset] ^= dirt;
320 /* Now read the BIGNUMs back in from raw_buf. */
321 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
322 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
323 goto builtin_err;
324
325 sig_ptr2 = signature;
326 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
327 if (ECDSA_verify(0, digest, 20, signature, sig_len,
328 eckey) == 1) {
329 BIO_printf(out, " failed\n");
330 goto builtin_err;
331 }
332 /* Sanity check: undo the modification and verify signature. */
333 raw_buf[offset] ^= dirt;
334 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
335 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
336 goto builtin_err;
337
338 sig_ptr2 = signature;
339 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
340 if (ECDSA_verify(0, digest, 20, signature, sig_len,
341 eckey) != 1) {
342 BIO_printf(out, " failed\n");
343 goto builtin_err;
344 }
345 BIO_printf(out, ".");
346 (void)BIO_flush(out);
347
348 BIO_printf(out, " ok\n");
349 /* cleanup */
350 /* clean bogus errors */
351 ERR_clear_error();
352 free(signature);
353 signature = NULL;
354 EC_KEY_free(eckey);
355 eckey = NULL;
356 EC_KEY_free(wrong_eckey);
357 wrong_eckey = NULL;
358 ECDSA_SIG_free(ecdsa_sig);
359 ecdsa_sig = NULL;
360 free(raw_buf);
361 raw_buf = NULL;
362 }
363
364 ret = 1;
365 builtin_err:
366 EC_KEY_free(eckey);
367 EC_KEY_free(wrong_eckey);
368 ECDSA_SIG_free(ecdsa_sig);
369 free(signature);
370 free(raw_buf);
371 free(curves);
372
373 return ret;
374}
375
376int
377main(void)
378{
379 int ret = 1;
380 BIO *out;
381
382 out = BIO_new_fp(stdout, BIO_NOCLOSE);
383
384 ERR_load_crypto_strings();
385
386 /* the tests */
387 if (!test_builtin(out))
388 goto err;
389
390 ret = 0;
391 err:
392 if (ret)
393 BIO_printf(out, "\nECDSA test failed\n");
394 else
395 BIO_printf(out, "\nECDSA test passed\n");
396 if (ret)
397 ERR_print_errors(out);
398 CRYPTO_cleanup_all_ex_data();
399 ERR_remove_thread_state(NULL);
400 ERR_free_strings();
401 CRYPTO_mem_leaks(out);
402 if (out != NULL)
403 BIO_free(out);
404 return ret;
405}
diff --git a/src/regress/lib/libcrypto/engine/Makefile b/src/regress/lib/libcrypto/engine/Makefile
deleted file mode 100644
index 7f11b0d382..0000000000
--- a/src/regress/lib/libcrypto/engine/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= enginetest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/engine/enginetest.c b/src/regress/lib/libcrypto/engine/enginetest.c
deleted file mode 100644
index 123866259b..0000000000
--- a/src/regress/lib/libcrypto/engine/enginetest.c
+++ /dev/null
@@ -1,244 +0,0 @@
1/* $OpenBSD: enginetest.c,v 1.8 2018/07/17 17:06:49 tb Exp $ */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/buffer.h>
63#include <openssl/crypto.h>
64#include <openssl/engine.h>
65#include <openssl/err.h>
66
67static void display_engine_list(void)
68{
69 ENGINE *h;
70 int loop;
71
72 h = ENGINE_get_first();
73 loop = 0;
74 printf("listing available engine types\n");
75 while (h) {
76 printf("engine %i, id = \"%s\", name = \"%s\"\n",
77 loop++, ENGINE_get_id(h), ENGINE_get_name(h));
78 h = ENGINE_get_next(h);
79 }
80
81 printf("end of list\n");
82 /*
83 * ENGINE_get_first() increases the struct_ref counter, so we must call
84 * ENGINE_free() to decrease it again
85 */
86 ENGINE_free(h);
87}
88
89int main(int argc, char *argv[])
90{
91 ENGINE *block[512];
92 char *id, *name;
93 ENGINE *ptr;
94 int loop;
95 int to_return = 1;
96 ENGINE *new_h1 = NULL;
97 ENGINE *new_h2 = NULL;
98 ENGINE *new_h3 = NULL;
99 ENGINE *new_h4 = NULL;
100
101 ERR_load_crypto_strings();
102
103 memset(block, 0, 512 * sizeof(ENGINE *));
104 if (((new_h1 = ENGINE_new()) == NULL) ||
105 !ENGINE_set_id(new_h1, "test_id0") ||
106 !ENGINE_set_name(new_h1, "First test item") ||
107 ((new_h2 = ENGINE_new()) == NULL) ||
108 !ENGINE_set_id(new_h2, "test_id1") ||
109 !ENGINE_set_name(new_h2, "Second test item") ||
110 ((new_h3 = ENGINE_new()) == NULL) ||
111 !ENGINE_set_id(new_h3, "test_id2") ||
112 !ENGINE_set_name(new_h3, "Third test item") ||
113 ((new_h4 = ENGINE_new()) == NULL) ||
114 !ENGINE_set_id(new_h4, "test_id3") ||
115 !ENGINE_set_name(new_h4, "Fourth test item")) {
116 printf("Couldn't set up test ENGINE structures\n");
117 goto end;
118 }
119
120 printf("\nenginetest beginning\n\n");
121 display_engine_list();
122 if (!ENGINE_add(new_h1)) {
123 printf("Add failed!\n");
124 goto end;
125 }
126 display_engine_list();
127 ptr = ENGINE_get_first();
128 if (!ENGINE_remove(ptr)) {
129 printf("Remove failed!\n");
130 goto end;
131 }
132 ENGINE_free(ptr);
133 display_engine_list();
134 if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
135 printf("Add failed!\n");
136 goto end;
137 }
138 display_engine_list();
139 if (!ENGINE_remove(new_h2)) {
140 printf("Remove failed!\n");
141 goto end;
142 }
143 display_engine_list();
144 if (!ENGINE_add(new_h4)) {
145 printf("Add failed!\n");
146 goto end;
147 }
148 display_engine_list();
149 if (ENGINE_add(new_h3)) {
150 printf("Add *should* have failed but didn't!\n");
151 goto end;
152 } else
153 printf("Add that should fail did.\n");
154 ERR_clear_error();
155 if (ENGINE_remove(new_h2)) {
156 printf("Remove *should* have failed but didn't!\n");
157 goto end;
158 } else
159 printf("Remove that should fail did.\n");
160 ERR_clear_error();
161 if (!ENGINE_remove(new_h3)) {
162 printf("Remove failed!\n");
163 goto end;
164 }
165 display_engine_list();
166 if (!ENGINE_remove(new_h4)) {
167 printf("Remove failed!\n");
168 goto end;
169 }
170 display_engine_list();
171 /*
172 * Depending on whether there's any hardware support compiled
173 * in, this remove may be destined to fail.
174 */
175 ptr = ENGINE_get_first();
176 if (ptr)
177 if (!ENGINE_remove(ptr))
178 printf("Remove failed!i - probably no hardware "
179 "support present.\n");
180 ENGINE_free(ptr);
181 display_engine_list();
182
183 if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
184 printf("Couldn't add and remove to an empty list!\n");
185 goto end;
186 } else
187 printf("Successfully added and removed to an empty list!\n");
188
189 printf("About to beef up the engine-type list\n");
190 for (loop = 0; loop < 512; loop++) {
191 if (asprintf(&id, "id%i", loop) == -1)
192 goto end;
193 if (asprintf(&name, "Fake engine type %i", loop) == -1)
194 goto end;
195
196 if (((block[loop] = ENGINE_new()) == NULL) ||
197 !id || !ENGINE_set_id(block[loop], id) ||
198 !name || !ENGINE_set_name(block[loop], name)) {
199 printf("Couldn't create block of ENGINE structures.\n");
200 goto end;
201 }
202 }
203
204 for (loop = 0; loop < 512; loop++) {
205 if (!ENGINE_add(block[loop])) {
206 printf("\nAdding stopped at %i, (%s,%s)\n",
207 loop, ENGINE_get_id(block[loop]),
208 ENGINE_get_name(block[loop]));
209 break;
210 }
211 printf(".");
212 fflush(stdout);
213 }
214 printf("\nAbout to empty the engine-type list\n");
215 while ((ptr = ENGINE_get_first()) != NULL) {
216 if (!ENGINE_remove(ptr)) {
217 printf("\nRemove failed!\n");
218 goto end;
219 }
220 ENGINE_free(ptr);
221 printf("."); fflush(stdout);
222 }
223 for (loop = 0; loop < 512; loop++) {
224 free((void *)ENGINE_get_id(block[loop]));
225 free((void *)ENGINE_get_name(block[loop]));
226 }
227 printf("\nTests completed happily\n");
228 to_return = 0;
229end:
230 if (to_return)
231 ERR_print_errors_fp(stderr);
232 ENGINE_free(new_h1);
233 ENGINE_free(new_h2);
234 ENGINE_free(new_h3);
235 ENGINE_free(new_h4);
236 for (loop = 0; loop < 512; loop++)
237 ENGINE_free(block[loop]);
238 ENGINE_cleanup();
239 CRYPTO_cleanup_all_ex_data();
240 ERR_free_strings();
241 ERR_remove_thread_state(NULL);
242 CRYPTO_mem_leaks_fp(stderr);
243 return to_return;
244}
diff --git a/src/regress/lib/libcrypto/evp/Makefile b/src/regress/lib/libcrypto/evp/Makefile
deleted file mode 100644
index 33c77fc1dd..0000000000
--- a/src/regress/lib/libcrypto/evp/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= evptest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS=regress-evptest
10
11regress-evptest: ${PROG}
12 ./${PROG} ${.CURDIR}/evptests.txt
13
14.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/evp/evptest.c b/src/regress/lib/libcrypto/evp/evptest.c
deleted file mode 100644
index 1aa11d7b1e..0000000000
--- a/src/regress/lib/libcrypto/evp/evptest.c
+++ /dev/null
@@ -1,436 +0,0 @@
1/* $OpenBSD: evptest.c,v 1.7 2018/07/17 17:06:49 tb Exp $ */
2/* Written by Ben Laurie, 2001 */
3/*
4 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 */
50
51#include <stdio.h>
52#include <string.h>
53
54#include <openssl/opensslconf.h>
55#include <openssl/evp.h>
56#ifndef OPENSSL_NO_ENGINE
57#include <openssl/engine.h>
58#endif
59#include <openssl/err.h>
60#include <openssl/conf.h>
61
62static void
63hexdump(FILE *f, const char *title, const unsigned char *s, int l)
64{
65 int n = 0;
66
67 fprintf(f, "%s",title);
68 for (; n < l; ++n) {
69 if ((n % 16) == 0)
70 fprintf(f, "\n%04x",n);
71 fprintf(f, " %02x",s[n]);
72 }
73 fprintf(f, "\n");
74}
75
76static int
77convert(unsigned char *s)
78{
79 unsigned char *d;
80
81 for (d = s; *s; s += 2,++d) {
82 unsigned int n;
83
84 if (!s[1]) {
85 fprintf(stderr, "Odd number of hex digits!\n");
86 exit(4);
87 }
88 if (sscanf((char *)s, "%2x", &n) != 1) {
89 fprintf(stderr, "Invalid hex value at %s\n", s);
90 exit(4);
91 }
92
93 *d = (unsigned char)n;
94 }
95 return s - d;
96}
97
98static char *
99sstrsep(char **string, const char *delim)
100{
101 char isdelim[256];
102 char *token = *string;
103
104 if (**string == 0)
105 return NULL;
106
107 memset(isdelim, 0, 256);
108 isdelim[0] = 1;
109
110 while (*delim) {
111 isdelim[(unsigned char)(*delim)] = 1;
112 delim++;
113 }
114
115 while (!isdelim[(unsigned char)(**string)]) {
116 (*string)++;
117 }
118
119 if (**string) {
120 **string = 0;
121 (*string)++;
122 }
123
124 return token;
125}
126
127static unsigned char *
128ustrsep(char **p, const char *sep)
129{
130 return (unsigned char *)sstrsep(p, sep);
131}
132
133static int
134test1_exit(int ec)
135{
136 exit(ec);
137 return(0); /* To keep some compilers quiet */
138}
139
140static void
141test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
142 const unsigned char *iv, int in, const unsigned char *plaintext, int pn,
143 const unsigned char *ciphertext, int cn, int encdec)
144{
145 EVP_CIPHER_CTX ctx;
146 unsigned char out[4096];
147 int outl, outl2;
148
149 printf("Testing cipher %s%s\n", EVP_CIPHER_name(c),
150 (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
151 hexdump(stdout, "Key",key,kn);
152 if (in)
153 hexdump(stdout, "IV",iv,in);
154 hexdump(stdout, "Plaintext",plaintext,pn);
155 hexdump(stdout, "Ciphertext",ciphertext,cn);
156
157 if (kn != c->key_len) {
158 fprintf(stderr, "Key length doesn't match, got %d expected %lu\n",kn,
159 (unsigned long)c->key_len);
160 test1_exit(5);
161 }
162 EVP_CIPHER_CTX_init(&ctx);
163 if (encdec != 0) {
164 if (!EVP_EncryptInit_ex(&ctx, c,NULL, key, iv)) {
165 fprintf(stderr, "EncryptInit failed\n");
166 ERR_print_errors_fp(stderr);
167 test1_exit(10);
168 }
169 EVP_CIPHER_CTX_set_padding(&ctx, 0);
170
171 if (!EVP_EncryptUpdate(&ctx, out, &outl, plaintext, pn)) {
172 fprintf(stderr, "Encrypt failed\n");
173 ERR_print_errors_fp(stderr);
174 test1_exit(6);
175 }
176 if (!EVP_EncryptFinal_ex(&ctx, out + outl, &outl2)) {
177 fprintf(stderr, "EncryptFinal failed\n");
178 ERR_print_errors_fp(stderr);
179 test1_exit(7);
180 }
181
182 if (outl + outl2 != cn) {
183 fprintf(stderr, "Ciphertext length mismatch got %d expected %d\n",
184 outl + outl2, cn);
185 test1_exit(8);
186 }
187
188 if (memcmp(out, ciphertext, cn)) {
189 fprintf(stderr, "Ciphertext mismatch\n");
190 hexdump(stderr, "Got",out,cn);
191 hexdump(stderr, "Expected",ciphertext,cn);
192 test1_exit(9);
193 }
194 }
195
196 if (encdec <= 0) {
197 if (!EVP_DecryptInit_ex(&ctx, c,NULL, key, iv)) {
198 fprintf(stderr, "DecryptInit failed\n");
199 ERR_print_errors_fp(stderr);
200 test1_exit(11);
201 }
202 EVP_CIPHER_CTX_set_padding(&ctx, 0);
203
204 if (!EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, cn)) {
205 fprintf(stderr, "Decrypt failed\n");
206 ERR_print_errors_fp(stderr);
207 test1_exit(6);
208 }
209 if (!EVP_DecryptFinal_ex(&ctx, out + outl, &outl2)) {
210 fprintf(stderr, "DecryptFinal failed\n");
211 ERR_print_errors_fp(stderr);
212 test1_exit(7);
213 }
214
215 if (outl + outl2 != pn) {
216 fprintf(stderr, "Plaintext length mismatch got %d expected %d\n",
217 outl + outl2, pn);
218 test1_exit(8);
219 }
220
221 if (memcmp(out, plaintext, pn)) {
222 fprintf(stderr, "Plaintext mismatch\n");
223 hexdump(stderr, "Got",out,pn);
224 hexdump(stderr, "Expected",plaintext,pn);
225 test1_exit(9);
226 }
227 }
228
229 EVP_CIPHER_CTX_cleanup(&ctx);
230
231 printf("\n");
232}
233
234static int
235test_cipher(const char *cipher, const unsigned char *key, int kn,
236 const unsigned char *iv, int in, const unsigned char *plaintext, int pn,
237 const unsigned char *ciphertext, int cn, int encdec)
238{
239 const EVP_CIPHER *c;
240
241 c = EVP_get_cipherbyname(cipher);
242 if (!c)
243 return 0;
244
245 test1(c, key, kn, iv, in, plaintext, pn, ciphertext, cn, encdec);
246
247 return 1;
248}
249
250static int
251test_digest(const char *digest, const unsigned char *plaintext, int pn,
252 const unsigned char *ciphertext, unsigned int cn)
253{
254 const EVP_MD *d;
255 EVP_MD_CTX ctx;
256 unsigned char md[EVP_MAX_MD_SIZE];
257 unsigned int mdn;
258
259 d = EVP_get_digestbyname(digest);
260 if (!d)
261 return 0;
262
263 printf("Testing digest %s\n",EVP_MD_name(d));
264 hexdump(stdout, "Plaintext",plaintext,pn);
265 hexdump(stdout, "Digest",ciphertext,cn);
266
267 EVP_MD_CTX_init(&ctx);
268 if (!EVP_DigestInit_ex(&ctx, d, NULL)) {
269 fprintf(stderr, "DigestInit failed\n");
270 ERR_print_errors_fp(stderr);
271 exit(100);
272 }
273 if (!EVP_DigestUpdate(&ctx, plaintext, pn)) {
274 fprintf(stderr, "DigestUpdate failed\n");
275 ERR_print_errors_fp(stderr);
276 exit(101);
277 }
278 if (!EVP_DigestFinal_ex(&ctx, md, &mdn)) {
279 fprintf(stderr, "DigestFinal failed\n");
280 ERR_print_errors_fp(stderr);
281 exit(101);
282 }
283 EVP_MD_CTX_cleanup(&ctx);
284
285 if (mdn != cn) {
286 fprintf(stderr, "Digest length mismatch, got %d expected %d\n",mdn,cn);
287 exit(102);
288 }
289
290 if (memcmp(md, ciphertext, cn)) {
291 fprintf(stderr, "Digest mismatch\n");
292 hexdump(stderr, "Got",md,cn);
293 hexdump(stderr, "Expected",ciphertext,cn);
294 exit(103);
295 }
296
297 printf("\n");
298
299 EVP_MD_CTX_cleanup(&ctx);
300
301 return 1;
302}
303
304int
305main(int argc, char **argv)
306{
307 const char *szTestFile;
308 FILE *f;
309
310 if (argc != 2) {
311 fprintf(stderr, "%s <test file>\n",argv[0]);
312 exit(1);
313 }
314
315 szTestFile = argv[1];
316
317 f=fopen(szTestFile, "r");
318 if (!f) {
319 perror(szTestFile);
320 exit(2);
321 }
322
323 /* Load up the software EVP_CIPHER and EVP_MD definitions */
324 OpenSSL_add_all_ciphers();
325 OpenSSL_add_all_digests();
326#ifndef OPENSSL_NO_ENGINE
327 /* Load all compiled-in ENGINEs */
328 ENGINE_load_builtin_engines();
329#endif
330#if 0
331 OPENSSL_config();
332#endif
333#ifndef OPENSSL_NO_ENGINE
334 /* Register all available ENGINE implementations of ciphers and digests.
335 * This could perhaps be changed to "ENGINE_register_all_complete()"? */
336 ENGINE_register_all_ciphers();
337 ENGINE_register_all_digests();
338 /* If we add command-line options, this statement should be switchable.
339 * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
340 * they weren't already initialised. */
341 /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
342#endif
343
344 for (;;) {
345 char line[4096];
346 char *p;
347 char *cipher;
348 unsigned char *iv, *key, *plaintext, *ciphertext;
349 int encdec;
350 int kn, in, pn, cn;
351
352 if (!fgets((char *)line, sizeof line, f))
353 break;
354 if (line[0] == '#' || line[0] == '\n')
355 continue;
356 p = line;
357 cipher=sstrsep(&p, ":");
358 key=ustrsep(&p, ":");
359 iv=ustrsep(&p, ":");
360 plaintext=ustrsep(&p, ":");
361 ciphertext=ustrsep(&p, ":");
362 if (p[-1] == '\n') {
363 p[-1] = '\0';
364 encdec = -1;
365 } else {
366 encdec = atoi(sstrsep(&p, "\n"));
367 }
368
369
370 kn = convert(key);
371 in = convert(iv);
372 pn = convert(plaintext);
373 cn = convert(ciphertext);
374
375 if (!test_cipher(cipher, key, kn, iv, in, plaintext, pn, ciphertext, cn, encdec) &&
376 !test_digest(cipher, plaintext, pn, ciphertext, cn)) {
377#ifdef OPENSSL_NO_AES
378 if (strstr(cipher, "AES") == cipher) {
379 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
380 continue;
381 }
382#endif
383#ifdef OPENSSL_NO_DES
384 if (strstr(cipher, "DES") == cipher) {
385 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
386 continue;
387 }
388#endif
389#ifdef OPENSSL_NO_RC4
390 if (strstr(cipher, "RC4") == cipher) {
391 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
392 continue;
393 }
394#endif
395#ifdef OPENSSL_NO_CAMELLIA
396 if (strstr(cipher, "CAMELLIA") == cipher) {
397 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
398 continue;
399 }
400#endif
401#ifdef OPENSSL_NO_SEED
402 if (strstr(cipher, "SEED") == cipher) {
403 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
404 continue;
405 }
406#endif
407#ifdef OPENSSL_NO_CHACHA
408 if (strstr(cipher, "ChaCha") == cipher) {
409 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
410 continue;
411 }
412#endif
413#ifdef OPENSSL_NO_GOST
414 if (strstr(cipher, "md_gost") == cipher ||
415 strstr(cipher, "streebog") == cipher) {
416 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
417 continue;
418 }
419#endif
420 fprintf(stderr, "Can't find %s\n",cipher);
421 exit(3);
422 }
423 }
424 fclose(f);
425
426#ifndef OPENSSL_NO_ENGINE
427 ENGINE_cleanup();
428#endif
429 EVP_cleanup();
430 CRYPTO_cleanup_all_ex_data();
431 ERR_remove_thread_state(NULL);
432 ERR_free_strings();
433 CRYPTO_mem_leaks_fp(stderr);
434
435 return 0;
436}
diff --git a/src/regress/lib/libcrypto/evp/evptests.txt b/src/regress/lib/libcrypto/evp/evptests.txt
deleted file mode 100644
index fd2c6cdfd1..0000000000
--- a/src/regress/lib/libcrypto/evp/evptests.txt
+++ /dev/null
@@ -1,357 +0,0 @@
1# $OpenBSD: evptests.txt,v 1.5 2018/07/17 17:06:49 tb Exp $
2#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
3#digest:::input:output
4
5# SHA(1) tests (from shatest.c)
6SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
7
8# MD5 tests (from md5test.c)
9MD5::::d41d8cd98f00b204e9800998ecf8427e
10MD5:::61:0cc175b9c0f1b6a831c399e269772661
11MD5:::616263:900150983cd24fb0d6963f7d28e17f72
12MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
13MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
14MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
15MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
16
17# MD5+SHA1 tests
18MD5-SHA1:::616263:900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d
19
20# GOST R 34.11 tests
21md_gost94::::981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0
22streebog512::::8e945da209aa869f0455928529bcae4679e9873ab707b55315f56ceb98bef0a7362f715528356ee83cda5f2aac4c6ad2ba3a715c1bcd81cb8e9f90bf4c1c1a8a
23streebog256::::3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
24streebog512:::303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132:1b54d01a4af5b9d5cc3d86d68d285462b19abc2475222f35c085122be4ba1ffa00ad30f8767b3a82384c6574f024c311e2a481332b08ef7f41797891c1646f48
25streebog256:::303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132:9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
26streebog512:::d1e520e2e5f2f0e82c20d1f2f0e8e1eee6e820e2edf3f6e82c20e2e5fef2fa20f120eceef0ff20f1f2f0e5ebe0ece820ede020f5f0e0e1f0fbff20efebfaeafb20c8e3eef0e5e2fb:1e88e62226bfca6f9994f1f2d51569e0daf8475a3b0fe61a5300eee46d961376035fe83549ada2b8620fcd7c496ce5b33f0cb9dddc2b6460143b03dabac9fb28
27streebog256:::d1e520e2e5f2f0e82c20d1f2f0e8e1eee6e820e2edf3f6e82c20e2e5fef2fa20f120eceef0ff20f1f2f0e5ebe0ece820ede020f5f0e0e1f0fbff20efebfaeafb20c8e3eef0e5e2fb:9dd2fe4e90409e5da87f53976d7405b0c0cac628fc669a741d50063c557e8f50
28
29# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
30
31AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
32
33# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
34
35AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
36
37# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
38
39AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
40
41# AES 128 ECB tests (from NIST test vectors, encrypt)
42
43#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
44
45# AES 128 ECB tests (from NIST test vectors, decrypt)
46
47#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
48
49# AES 192 ECB tests (from NIST test vectors, decrypt)
50
51#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
52
53# AES 256 ECB tests (from NIST test vectors, decrypt)
54
55#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
56
57# AES 128 CBC tests (from NIST test vectors, encrypt)
58
59#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
60
61# AES 192 CBC tests (from NIST test vectors, encrypt)
62
63#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
64
65# AES 256 CBC tests (from NIST test vectors, encrypt)
66
67#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
68
69# AES 128 CBC tests (from NIST test vectors, decrypt)
70
71#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
72
73# AES tests from NIST document SP800-38A
74# For all ECB encrypts and decrypts, the transformed sequence is
75# AES-bits-ECB:key::plaintext:ciphertext:encdec
76# ECB-AES128.Encrypt and ECB-AES128.Decrypt
77AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
78AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
79AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
80AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
81# ECB-AES192.Encrypt and ECB-AES192.Decrypt
82AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
83AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
84AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
85AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
86# ECB-AES256.Encrypt and ECB-AES256.Decrypt
87AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
88AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
89AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
90AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
91# For all CBC encrypts and decrypts, the transformed sequence is
92# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
93# CBC-AES128.Encrypt and CBC-AES128.Decrypt
94AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
95AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
96AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
97AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
98# CBC-AES192.Encrypt and CBC-AES192.Decrypt
99AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
100AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
101AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
102AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
103# CBC-AES256.Encrypt and CBC-AES256.Decrypt
104AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
105AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
106AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
107AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
108# We don't support CFB{1,8}-AESxxx.{En,De}crypt
109# For all CFB128 encrypts and decrypts, the transformed sequence is
110# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
111# CFB128-AES128.Encrypt
112AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
113AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
114AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
115AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
116# CFB128-AES128.Decrypt
117AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
118AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
119AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
120AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
121# CFB128-AES192.Encrypt
122AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
123AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
124AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
125AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
126# CFB128-AES192.Decrypt
127AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
128AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
129AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
130AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
131# CFB128-AES256.Encrypt
132AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
133AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
134AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
135AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
136# CFB128-AES256.Decrypt
137AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
138AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
139AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
140AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
141# For all OFB encrypts and decrypts, the transformed sequence is
142# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
143# OFB-AES128.Encrypt
144AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
145AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1
146AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1
147AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1
148# OFB-AES128.Decrypt
149AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
150AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
151AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
152AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
153# OFB-AES192.Encrypt
154AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
155AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1
156AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1
157AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1
158# OFB-AES192.Decrypt
159AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
160AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0
161AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0
162AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0
163# OFB-AES256.Encrypt
164AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
165AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
166AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
167AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
168# OFB-AES256.Decrypt
169AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
170AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
171AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
172AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
173
174# AES Counter test vectors from RFC3686
175aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
176aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
177aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
178
179aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
180aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
181aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
182
183aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
184aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
185aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
186
187# DES ECB tests (from destest)
188
189DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
190DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
191DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
192DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
193DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
194DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
195DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
196
197# DESX-CBC tests (from destest)
198DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
199
200# DES EDE3 CBC tests (from destest)
201DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
202
203# RC4 tests (from rc4test)
204RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
205RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
206RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
207RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
208RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
209RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
210
211
212# Camellia tests from RFC3713
213# For all ECB encrypts and decrypts, the transformed sequence is
214# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
215CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
216CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
217CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
218
219# ECB-CAMELLIA128.Encrypt
220CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
221CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
222CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
223
224# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
225CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
226CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
227CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
228CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
229
230# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
231CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
232CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
233CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
234CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
235
236# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
237CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
238CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
239CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
240CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
241
242# For all CBC encrypts and decrypts, the transformed sequence is
243# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
244# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
245CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
246CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
247CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
248CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
249
250# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
251CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
252CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
253CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
254CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
255
256# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
257CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
258CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
259CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
260CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
261
262# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
263# For all CFB128 encrypts and decrypts, the transformed sequence is
264# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
265# CFB128-CAMELLIA128.Encrypt
266CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
267CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
268CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
269CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
270
271# CFB128-CAMELLIA128.Decrypt
272CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
273CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
274CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
275CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
276
277# CFB128-CAMELLIA192.Encrypt
278CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
279CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
280CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
281CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
282
283# CFB128-CAMELLIA192.Decrypt
284CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
285CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
286CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
287CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
288
289# CFB128-CAMELLIA256.Encrypt
290CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
291CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
292CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
293CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
294
295# CFB128-CAMELLIA256.Decrypt
296CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
297CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
298CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
299CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
300
301# For all OFB encrypts and decrypts, the transformed sequence is
302# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
303# OFB-CAMELLIA128.Encrypt
304CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
305CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
306CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
307CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
308
309# OFB-CAMELLIA128.Decrypt
310CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
311CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
312CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
313CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
314
315# OFB-CAMELLIA192.Encrypt
316CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
317CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
318CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
319CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
320
321# OFB-CAMELLIA192.Decrypt
322CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
323CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
324CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
325CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
326
327# OFB-CAMELLIA256.Encrypt
328CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
329CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
330CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
331CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
332
333# OFB-CAMELLIA256.Decrypt
334CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
335CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
336CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
337CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
338
339# SEED test vectors from RFC4269
340SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0
341SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0
342SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0
343SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0
344SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1
345SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
346SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
347SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1
348
349# ChaCha test vectors
350ChaCha:0000000000000000000000000000000000000000000000000000000000000000:0000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586:1
351ChaCha:0100000000000000000000000000000000000000000000000000000000000000:0000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:c5d30a7ce1ec119378c84f487d775a8542f13ece238a9455e8229e888de85bbd29eb63d0a17a5b999b52da22be4023eb07620a54f6fa6ad8737b71eb0464dac0:1
352ChaCha:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff:ffffffffffffffff:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:d9bf3f6bce6ed0b54254557767fb57443dd4778911b606055c39cc25e674b8363feabc57fde54f790c52c8ae43240b79d49042b777bfd6cb80e931270b7f50eb:1
353ChaCha:5555555555555555555555555555555555555555555555555555555555555555:aaaaaaaaaaaaaaaa:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:aff7418293f3a553894b1e7484bd1e8ede196eced5a1d6814de37091e07e076e34bbba8107a686c982850f0a7353940d40db1ab0b5765b78b4cf473d9485a3dd:1
354ChaCha:5555555555555555555555555555555555555555555555555555555555555555:5555555555555555:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:bea9411aa453c5434a5ae8c92862f564396855a9ea6e22d6d3b50ae1b3663311a4a3606c671d605ce16c3aece8e61ea145c59775017bee2fa6f88afc758069f7:1
355ChaCha:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:aaaaaaaaaaaaaaaa:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:9aa2a9f656efde5aa7591c5fed4b35aea2895dec7cb4543b9e9f21f5e7bcbcf3c43c748a970888f8248393a09d43e0b7e164bc4d0b0fb240a2d72115c4808906:1
356ChaCha:00112233445566778899aabbccddeeffffeeddccbbaa99887766554433221100:0f1e2d3c4b5a6978:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:9fadf409c00811d00431d67efbd88fba59218d5d6708b1d685863fabbb0e961eea480fd6fb532bfd494b2151015057423ab60a63fe4f55f7a212e2167ccab931:1
357ChaCha:c46ec1b18ce8a878725a37e780dfb7351f68ed2e194c79fbc6aebee1a667975d:1ada31d5cf688221:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f63a89b75c2271f9368816542ba52f06ed49241792302b00b5e8f80ae9a473afc25b218f519af0fdd406362e8d69de7f54c604a6e00f353f110f771bdca8ab92:1
diff --git a/src/regress/lib/libcrypto/exp/Makefile b/src/regress/lib/libcrypto/exp/Makefile
deleted file mode 100644
index 890b38e9fe..0000000000
--- a/src/regress/lib/libcrypto/exp/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
2
3PROG= exptest
4LDADD= ${CRYPTO_INT}
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c
deleted file mode 100644
index 9c683464f6..0000000000
--- a/src/regress/lib/libcrypto/exp/exptest.c
+++ /dev/null
@@ -1,353 +0,0 @@
1/* $OpenBSD: exptest.c,v 1.5 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/bio.h>
64#include <openssl/bn.h>
65#include <openssl/err.h>
66
67int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
68 const BIGNUM *m, BN_CTX *ctx);
69int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
70 const BIGNUM *m, BN_CTX *ctx);
71int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
72 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
73int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
74 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
75
76#define NUM_BITS (BN_BITS*2)
77
78/*
79 * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
80 * returns zero and prints debug output otherwise.
81 */
82static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
83 const BIGNUM *a) {
84 if (!BN_is_zero(r)) {
85 fprintf(stderr, "%s failed:\n", method);
86 fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
87 fprintf(stderr, "a = ");
88 BN_print_fp(stderr, a);
89 fprintf(stderr, "\nr = ");
90 BN_print_fp(stderr, r);
91 fprintf(stderr, "\n");
92 return 0;
93 }
94 return 1;
95}
96
97/*
98 * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
99 */
100static int test_exp_mod_zero(void)
101{
102 BIGNUM a, p, m;
103 BIGNUM r;
104 BN_ULONG one_word = 1;
105 BN_CTX *ctx = BN_CTX_new();
106 int ret = 1, failed = 0;
107
108 BN_init(&m);
109 BN_one(&m);
110
111 BN_init(&a);
112 BN_one(&a);
113
114 BN_init(&p);
115 BN_zero(&p);
116
117 BN_init(&r);
118
119 if (!BN_rand(&a, 1024, 0, 0))
120 goto err;
121
122 if (!BN_mod_exp(&r, &a, &p, &m, ctx))
123 goto err;
124
125 if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
126 failed = 1;
127
128 if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx))
129 goto err;
130
131 if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a))
132 failed = 1;
133
134 if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx))
135 goto err;
136
137 if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a))
138 failed = 1;
139
140 if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
141 goto err;
142
143 if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
144 failed = 1;
145
146 if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
147 goto err;
148
149 if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
150 failed = 1;
151
152 if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
153 goto err;
154
155 if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
156 failed = 1;
157
158 if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL))
159 goto err;
160
161 if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a))
162 failed = 1;
163
164 if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL))
165 goto err;
166
167 if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a))
168 failed = 1;
169
170 if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
171 goto err;
172 }
173
174 if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
175 failed = 1;
176
177 /*
178 * A different codepath exists for single word multiplication
179 * in non-constant-time only.
180 */
181 if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
182 goto err;
183
184 if (!BN_is_zero(&r)) {
185 fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
186 fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
187 fprintf(stderr, "r = ");
188 BN_print_fp(stderr, &r);
189 fprintf(stderr, "\n");
190 return 0;
191 }
192
193 ret = failed;
194
195 err:
196 BN_free(&r);
197 BN_free(&a);
198 BN_free(&p);
199 BN_free(&m);
200 BN_CTX_free(ctx);
201
202 return ret;
203}
204
205int main(int argc, char *argv[])
206{
207 BN_CTX *ctx;
208 BIO *out = NULL;
209 int i, ret;
210 unsigned char c;
211 BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple,
212 *r_mont_ct, *r_mont_nonct, *a, *b, *m;
213
214 ERR_load_BN_strings();
215
216 ctx = BN_CTX_new();
217 if (ctx == NULL)
218 exit(1);
219 r_mont = BN_new();
220 r_mont_const = BN_new();
221 r_mont_ct = BN_new();
222 r_mont_nonct = BN_new();
223 r_recp = BN_new();
224 r_simple = BN_new();
225 a = BN_new();
226 b = BN_new();
227 m = BN_new();
228 if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
229 goto err;
230
231 out = BIO_new(BIO_s_file());
232
233 if (out == NULL)
234 exit(1);
235 BIO_set_fp(out, stdout, BIO_NOCLOSE);
236
237 for (i = 0; i < 200; i++) {
238 arc4random_buf(&c, 1);
239 c = (c % BN_BITS) - BN_BITS2;
240 BN_rand(a, NUM_BITS + c, 0, 0);
241
242 arc4random_buf(&c, 1);
243 c = (c % BN_BITS) - BN_BITS2;
244 BN_rand(b, NUM_BITS + c, 0, 0);
245
246 arc4random_buf(&c, 1);
247 c = (c % BN_BITS) - BN_BITS2;
248 BN_rand(m, NUM_BITS + c, 0, 1);
249
250 BN_mod(a, a, m, ctx);
251 BN_mod(b, b, m, ctx);
252
253 ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
254 if (ret <= 0) {
255 printf("BN_mod_exp_mont() problems\n");
256 ERR_print_errors(out);
257 exit(1);
258 }
259
260 ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
261 if (ret <= 0) {
262 printf("BN_mod_exp_mont_ct() problems\n");
263 ERR_print_errors(out);
264 exit(1);
265 }
266
267 ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
268 if (ret <= 0) {
269 printf("BN_mod_exp_mont_nonct() problems\n");
270 ERR_print_errors(out);
271 exit(1);
272 }
273
274 ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
275 if (ret <= 0) {
276 printf("BN_mod_exp_recp() problems\n");
277 ERR_print_errors(out);
278 exit(1);
279 }
280
281 ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
282 if (ret <= 0) {
283 printf("BN_mod_exp_simple() problems\n");
284 ERR_print_errors(out);
285 exit(1);
286 }
287
288 ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
289 if (ret <= 0) {
290 printf("BN_mod_exp_mont_consttime() problems\n");
291 ERR_print_errors(out);
292 exit(1);
293 }
294
295 if (BN_cmp(r_simple, r_mont) == 0
296 && BN_cmp(r_simple, r_recp) == 0
297 && BN_cmp(r_simple, r_mont_const) == 0) {
298 printf(".");
299 fflush(stdout);
300 } else {
301 if (BN_cmp(r_simple, r_mont) != 0)
302 printf("\nsimple and mont results differ\n");
303 if (BN_cmp(r_simple, r_mont_const) != 0)
304 printf("\nsimple and mont const time results differ\n");
305 if (BN_cmp(r_simple, r_recp) != 0)
306 printf("\nsimple and recp results differ\n");
307 if (BN_cmp(r_mont, r_mont_ct) != 0)
308 printf("\nmont_ct and mont results differ\n");
309 if (BN_cmp(r_mont_ct, r_mont_nonct) != 0)
310 printf("\nmont_ct and mont_nonct results differ\n");
311
312 printf("a (%3d) = ", BN_num_bits(a));
313 BN_print(out, a);
314 printf("\nb (%3d) = ", BN_num_bits(b));
315 BN_print(out, b);
316 printf("\nm (%3d) = ", BN_num_bits(m));
317 BN_print(out, m);
318 printf("\nsimple =");
319 BN_print(out, r_simple);
320 printf("\nrecp =");
321 BN_print(out, r_recp);
322 printf("\nmont =");
323 BN_print(out, r_mont);
324 printf("\nmont_ct =");
325 BN_print(out, r_mont_const);
326 printf("\n");
327 exit(1);
328 }
329 }
330 BN_free(r_mont);
331 BN_free(r_mont_const);
332 BN_free(r_recp);
333 BN_free(r_simple);
334 BN_free(a);
335 BN_free(b);
336 BN_free(m);
337 BN_CTX_free(ctx);
338 ERR_remove_thread_state(NULL);
339 CRYPTO_mem_leaks(out);
340 BIO_free(out);
341 printf("\n");
342
343 if (test_exp_mod_zero() != 0)
344 goto err;
345
346 printf("done\n");
347
348 return (0);
349 err:
350 ERR_load_crypto_strings();
351 ERR_print_errors(out);
352 return (1);
353}
diff --git a/src/regress/lib/libcrypto/free/Makefile b/src/regress/lib/libcrypto/free/Makefile
deleted file mode 100644
index 4e8a7ed38d..0000000000
--- a/src/regress/lib/libcrypto/free/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2018/08/31 17:35:21 tb Exp $
2
3TESTS = \
4 freenull
5
6PROG = ${TESTS}
7
8REGRESS_TARGETS= all_tests
9
10LDADD= -lcrypto
11DPADD= ${LIBCRYPTO} ${LIBSSL}
12LDFLAGS+= -lcrypto
13CFLAGS+= -DLIBRESSL_INTERNAL
14
15CLEANFILES+= freenull.c freenull.c.body freenull.c.tmp
16
17freenull.c: freenull.awk ../../../../lib/libcrypto/Symbols.list
18 awk -f ${.CURDIR}/freenull.awk \
19 < ${BSDSRCDIR}/lib/libcrypto/Symbols.list > freenull.c.body
20 cat ${.CURDIR}/freenull.c.head freenull.c.body \
21 ${.CURDIR}/freenull.c.tail > freenull.c.tmp
22 mv freenull.c.tmp freenull.c
23
24all_tests: ${TESTS}
25 @for test in $>; do \
26 ./$$test; \
27 done
28
29.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/free/freenull.awk b/src/regress/lib/libcrypto/free/freenull.awk
deleted file mode 100644
index 95719da956..0000000000
--- a/src/regress/lib/libcrypto/free/freenull.awk
+++ /dev/null
@@ -1,60 +0,0 @@
1# $OpenBSD: freenull.awk,v 1.1 2018/07/10 20:53:30 tb Exp $
2# Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
3#
4# Permission to use, copy, modify, and distribute this software for any
5# purpose with or without fee is hereby granted, provided that the above
6# copyright notice and this permission notice appear in all copies.
7#
8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
16# usage: awk -f freenull.awk < Symbols.list > freenull.c.body
17
18# Skip this function because it calls abort(3).
19/^CRYPTO_dbg_free/ {
20 next
21}
22
23# Skip *_free functions that take more than one or no argument.
24/^ASN1_item_ex_free$/ ||
25/^ASN1_item_free$/ ||
26/^ASN1_primitive_free$/ ||
27/^ASN1_template_free$/ ||
28/^CONF_modules_free$/ ||
29/^EVP_PKEY_asn1_set_free$/ ||
30/^OBJ_sigid_free$/ ||
31/^X509V3_section_free$/ ||
32/^X509V3_string_free$/ ||
33/^asn1_enc_free$/ ||
34/^sk_pop_free$/ {
35 next
36}
37
38# Skip functions that are prototyped in a .c file.
39/^BIO_CONNECT_free$/ ||
40/^CRYPTO_free$/ ||
41/^EC_PRIVATEKEY_free$/ ||
42/^ECPARAMETERS_free$/ ||
43/^ECPKPARAMETERS_free$/ ||
44/^NETSCAPE_ENCRYPTED_PKEY_free$/ ||
45/^NETSCAPE_PKEY_free$/ ||
46/^X9_62_CHARACTERISTIC_TWO_free$/ ||
47/^X9_62_PENTANOMIAL_free$/ {
48 next
49}
50
51/^ENGINE_free$/ {
52 printf("#ifndef OPENSSL_NO_ENGINE\n")
53 printf("\tENGINE_free(NULL);\n")
54 printf("#endif\n")
55 next
56}
57
58/_free$/ {
59 printf("\t%s(NULL);\n", $0)
60}
diff --git a/src/regress/lib/libcrypto/free/freenull.c.head b/src/regress/lib/libcrypto/free/freenull.c.head
deleted file mode 100644
index f7e2c31595..0000000000
--- a/src/regress/lib/libcrypto/free/freenull.c.head
+++ /dev/null
@@ -1,27 +0,0 @@
1/* $OpenBSD: freenull.c.head,v 1.2 2018/07/10 20:55:57 tb Exp $ */
2
3#include <openssl/asn1.h>
4#include <openssl/cmac.h>
5#include <openssl/comp.h>
6#include <openssl/conf_api.h>
7#include <openssl/dso.h>
8#ifndef OPENSSL_NO_ENGINE
9#include <openssl/engine.h>
10#endif
11#include <openssl/gost.h>
12#include <openssl/hmac.h>
13#include <openssl/ocsp.h>
14#include <openssl/pkcs12.h>
15#include <openssl/ts.h>
16#include <openssl/ui.h>
17#include <openssl/txt_db.h>
18#include <openssl/x509.h>
19#include <openssl/x509v3.h>
20
21#include <err.h>
22#include <stdio.h>
23#include <string.h>
24
25int
26main(int argc, char **argv)
27{
diff --git a/src/regress/lib/libcrypto/free/freenull.c.tail b/src/regress/lib/libcrypto/free/freenull.c.tail
deleted file mode 100644
index e83e9e4aa2..0000000000
--- a/src/regress/lib/libcrypto/free/freenull.c.tail
+++ /dev/null
@@ -1,28 +0,0 @@
1/* $OpenBSD: freenull.c.tail,v 1.2 2018/07/10 20:55:57 tb Exp $ */
2
3 BIO_free_all(NULL);
4 NCONF_free_data(NULL);
5 _CONF_free_data(NULL);
6
7 lh_FUNCTION_free(NULL);
8
9 sk_ASN1_OBJECT_pop_free(NULL, NULL);
10 sk_CONF_VALUE_pop_free(NULL, NULL);
11 sk_GENERAL_NAME_pop_free(NULL, NULL);
12 sk_OCSP_CERTID_free(NULL);
13 sk_OPENSSL_STRING_free(NULL);
14 sk_PKCS12_SAFEBAG_pop_free(NULL, NULL);
15 sk_PKCS7_pop_free(NULL, NULL);
16 sk_X509_ATTRIBUTE_free(NULL);
17 sk_X509_CRL_pop_free(NULL, NULL);
18 sk_X509_EXTENSION_pop_free(NULL, NULL);
19 sk_X509_INFO_free(NULL);
20 sk_X509_INFO_pop_free(NULL, NULL);
21 sk_X509_NAME_ENTRY_pop_free(NULL, NULL);
22 sk_X509_free(NULL);
23 sk_X509_pop_free(NULL, NULL);
24
25 printf("PASS\n");
26
27 return 0;
28}
diff --git a/src/regress/lib/libcrypto/gcm128/Makefile b/src/regress/lib/libcrypto/gcm128/Makefile
deleted file mode 100644
index c981203e3e..0000000000
--- a/src/regress/lib/libcrypto/gcm128/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2014/07/09 11:43:01 jsing Exp $
2
3PROG= gcm128test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/gcm128/gcm128test.c b/src/regress/lib/libcrypto/gcm128/gcm128test.c
deleted file mode 100644
index 07c6128c0f..0000000000
--- a/src/regress/lib/libcrypto/gcm128/gcm128test.c
+++ /dev/null
@@ -1,926 +0,0 @@
1/* $OpenBSD: gcm128test.c,v 1.6 2018/07/17 17:06:49 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 */
50
51#include <err.h>
52#include <stdio.h>
53#include <stdint.h>
54#include <stdlib.h>
55#include <string.h>
56
57#include <openssl/aes.h>
58#include <openssl/modes.h>
59
60/* XXX - something like this should be in the public headers. */
61struct gcm128_context {
62 uint64_t opaque[64];
63};
64
65struct gcm128_test {
66 const uint8_t K[128];
67 size_t K_len;
68 const uint8_t IV[128];
69 size_t IV_len;
70 const uint8_t P[512];
71 size_t P_len;
72 const uint8_t A[128];
73 size_t A_len;
74 const uint8_t C[512];
75 size_t C_len;
76 const uint8_t T[16];
77};
78
79struct gcm128_test gcm128_tests[] = {
80 {
81 /* Test Case 1. */
82 .K = {0},
83 .K_len = 16,
84 .IV = {0},
85 .IV_len = 12,
86 .P = {0},
87 .P_len = 0,
88 .A = {0},
89 .A_len = 0,
90 .C = {0},
91 .C_len = 0,
92 .T = {
93 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
94 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a,
95 },
96 },
97 {
98 /* Test Case 2. */
99 .K = {0},
100 .K_len = 16,
101 .IV = {0},
102 .IV_len = 12,
103 .P = {0},
104 .P_len = 16,
105 .A = {0},
106 .A_len = 0,
107 .C = {
108 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
109 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78,
110 },
111 .C_len = 16,
112 .T = {
113 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
114 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf,
115 },
116 },
117 {
118 /* Test Case 3. */
119 .K = {
120 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
121 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
122 },
123 .K_len = 16,
124 .IV = {
125 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
126 0xde, 0xca, 0xf8, 0x88,
127 },
128 .IV_len = 12,
129 .P = {
130 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
131 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
132 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
133 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
134 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
135 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
136 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
137 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
138 },
139 .P_len = 64,
140 .A = {0},
141 .A_len = 0,
142 .C = {
143 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
144 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
145 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
146 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
147 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
148 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
149 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
150 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85,
151 },
152 .C_len = 64,
153 .T = {
154 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
155 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4,
156 }
157 },
158 {
159 /* Test Case 4. */
160 .K = {
161 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
162 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
163 },
164 .K_len = 16,
165 .IV = {
166 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
167 0xde, 0xca, 0xf8, 0x88,
168 },
169 .IV_len = 12,
170 .P = {
171 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
172 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
173 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
174 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
175 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
176 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
177 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
178 0xba, 0x63, 0x7b, 0x39,
179 },
180 .P_len = 60,
181 .A = {
182 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
183 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
184 0xab, 0xad, 0xda, 0xd2,
185 },
186 .A_len = 20,
187 .C = {
188 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
189 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
190 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
191 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
192 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
193 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
194 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
195 0x3d, 0x58, 0xe0, 0x91,
196 },
197 .C_len = 60,
198 .T = {
199 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
200 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
201 },
202 },
203 {
204 /* Test Case 5. */
205 /* K, P, A are the same as TC4. */
206 .K = {
207 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
208 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
209 },
210 .K_len = 16,
211 .IV = {
212 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
213 },
214 .IV_len = 8,
215 .P = {
216 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
217 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
218 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
219 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
220 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
221 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
222 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
223 0xba, 0x63, 0x7b, 0x39,
224 },
225 .P_len = 60,
226 .A = {
227 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
228 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
229 0xab, 0xad, 0xda, 0xd2,
230 },
231 .A_len = 20,
232 .C = {
233 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
234 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
235 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
236 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
237 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
238 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
239 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
240 0xc2, 0x3f, 0x45, 0x98,
241 },
242 .C_len = 60,
243 .T = {
244 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
245 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb,
246 },
247 },
248 {
249 /* Test Case 6. */
250 /* K, P, A are the same as TC4. */
251 .K = {
252 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
253 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
254 },
255 .K_len = 16,
256 .IV = {
257 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
258 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
259 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
260 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
261 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
262 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
263 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
264 0xa6, 0x37, 0xb3, 0x9b,
265 },
266 .IV_len = 60,
267 .P = {
268 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
269 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
270 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
271 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
272 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
273 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
274 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
275 0xba, 0x63, 0x7b, 0x39,
276 },
277 .P_len = 60,
278 .A = {
279 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
280 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
281 0xab, 0xad, 0xda, 0xd2,
282 },
283 .A_len = 20,
284 .C = {
285 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
286 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
287 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
288 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
289 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
290 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
291 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
292 0x4c, 0x34, 0xae, 0xe5,
293 },
294 .C_len = 60,
295 .T = {
296 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
297 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50,
298 },
299 },
300 {
301 /* Test Case 7. */
302 .K = {0},
303 .K_len = 24,
304 .IV = {0},
305 .IV_len = 12,
306 .P = {0},
307 .P_len = 0,
308 .A = {0},
309 .A_len = 0,
310 .C = {0},
311 .C_len = 0,
312 .T = {
313 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
314 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35,
315 },
316 },
317 {
318 /* Test Case 8. */
319 .K = {0},
320 .K_len = 24,
321 .IV = {0},
322 .IV_len = 12,
323 .P = {0},
324 .P_len = 16,
325 .A = {0},
326 .A_len = 0,
327 .C = {
328 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
329 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00,
330 },
331 .C_len = 16,
332 .T = {
333 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
334 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb,
335 },
336 },
337 {
338 /* Test Case 9. */
339 .K = {
340 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
341 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
342 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
343 },
344 .K_len = 24,
345 .IV = {
346 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
347 0xde, 0xca, 0xf8, 0x88,
348 },
349 .IV_len = 12,
350 .P = {
351 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
352 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
353 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
354 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
355 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
356 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
357 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
358 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
359 },
360 .P_len = 64,
361 .A = {0},
362 .A_len = 0,
363 .C = {
364 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
365 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
366 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
367 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
368 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
369 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
370 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
371 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56,
372 },
373 .C_len = 64,
374 .T = {
375 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
376 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14,
377 },
378 },
379 {
380 /* Test Case 10. */
381 /* K and IV are the same as TC9. */
382 .K = {
383 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
384 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
385 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
386 },
387 .K_len = 24,
388 .IV = {
389 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
390 0xde, 0xca, 0xf8, 0x88,
391 },
392 .IV_len = 12,
393 .P = {
394 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
395 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
396 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
397 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
398 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
399 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
400 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
401 0xba, 0x63, 0x7b, 0x39,
402 },
403 .P_len = 60,
404 .A = {
405 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
406 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
407 0xab, 0xad, 0xda, 0xd2,
408 },
409 .A_len = 20,
410 .C = {
411 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
412 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
413 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
414 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
415 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
416 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
417 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
418 0xcc, 0xda, 0x27, 0x10,
419 },
420 .C_len = 60,
421 .T = {
422 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
423 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c,
424 },
425 },
426 {
427 /* Test Case 11. */
428 /* K is the same as TC9, P and A are the same as TC10. */
429 .K = {
430 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
431 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
432 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
433 },
434 .K_len = 24,
435 .IV = {
436 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
437 },
438 .IV_len = 8,
439 .P = {
440 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
441 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
442 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
443 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
444 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
445 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
446 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
447 0xba, 0x63, 0x7b, 0x39,
448 },
449 .P_len = 60,
450 .A = {
451 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
452 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
453 0xab, 0xad, 0xda, 0xd2,
454 },
455 .A_len = 20,
456 .C = {
457 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
458 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
459 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
460 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
461 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
462 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
463 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
464 0xa0, 0xf0, 0x62, 0xf7
465 },
466 .C_len = 60,
467 .T = {
468 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
469 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8,
470 },
471 },
472 {
473 /* Test Case 12. */
474 /* K is the same as TC9, P and A are the same as TC10. */
475 .K = {
476 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
477 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
478 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
479 },
480 .K_len = 24,
481 .IV = {
482 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
483 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
484 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
485 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
486 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
487 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
488 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
489 0xa6, 0x37, 0xb3, 0x9b,
490 },
491 .IV_len = 60,
492 .P = {
493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
494 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
495 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
496 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
497 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
498 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
499 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
500 0xba, 0x63, 0x7b, 0x39,
501 },
502 .P_len = 60,
503 .A = {
504 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
505 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
506 0xab, 0xad, 0xda, 0xd2,
507 },
508 .A_len = 20,
509 .C = {
510 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
511 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
512 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
513 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
514 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
515 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
516 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
517 0xe9, 0xb7, 0x37, 0x3b,
518 },
519 .C_len = 60,
520 .T = {
521 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
522 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9,
523 },
524 },
525 {
526 /* Test Case 13. */
527 .K = {0},
528 .K_len = 32,
529 .IV = {0},
530 .IV_len = 12,
531 .P = {0},
532 .P_len = 0,
533 .A = {0},
534 .A_len = 0,
535 .C = {0},
536 .C_len = 0,
537 .T = {
538 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
539 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b,
540 },
541 },
542 {
543 /* Test Case 14. */
544 .K = {0},
545 .K_len = 32,
546 .IV = {0},
547 .IV_len = 12,
548 .P = {0},
549 .P_len = 16,
550 .A = {0},
551 .A_len = 0,
552 .C = {
553 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
554 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18,
555 },
556 .C_len = 16,
557 .T = {
558 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
559 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19,
560 },
561 },
562 {
563 /* Test Case 15. */
564 .K = {
565 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
566 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
567 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
568 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
569 },
570 .K_len = 32,
571 .IV = {
572 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
573 0xde, 0xca, 0xf8, 0x88,
574 },
575 .IV_len = 12,
576 .P = {
577 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
578 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
579 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
580 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
581 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
582 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
583 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
584 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
585 },
586 .P_len = 64,
587 .A = {0},
588 .A_len = 0,
589 .C = {
590 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
591 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
592 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
593 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
594 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
595 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
596 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
597 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad,
598 },
599 .C_len = 64,
600 .T = {
601 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
602 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c,
603 },
604 },
605 {
606 /* Test Case 16. */
607 /* K and IV are the same as TC15. */
608 .K = {
609 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
610 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
611 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
612 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
613 },
614 .K_len = 32,
615 .IV = {
616 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
617 0xde, 0xca, 0xf8, 0x88,
618 },
619 .IV_len = 12,
620 .P = {
621 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
622 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
623 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
624 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
625 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
626 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
627 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
628 0xba, 0x63, 0x7b, 0x39,
629 },
630 .P_len = 60,
631 .A = {
632 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
633 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
634 0xab, 0xad, 0xda, 0xd2,
635 },
636 .A_len = 20,
637 .C = {
638 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
639 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
640 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
641 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
642 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
643 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
644 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
645 0xbc, 0xc9, 0xf6, 0x62,
646 },
647 .C_len = 60,
648 .T = {
649 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
650 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b,
651 },
652 },
653 {
654 /* Test Case 17. */
655 /* K is the same as TC15, P and A are the same as TC 16. */
656 .K = {
657 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
658 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
659 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
660 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
661 },
662 .K_len = 32,
663 .IV = {
664 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
665 },
666 .IV_len = 8,
667 .P = {
668 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
669 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
670 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
671 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
672 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
673 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
674 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
675 0xba, 0x63, 0x7b, 0x39,
676 },
677 .P_len = 60,
678 .A = {
679 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
680 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
681 0xab, 0xad, 0xda, 0xd2,
682 },
683 .A_len = 20,
684 .C = {
685 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
686 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
687 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
688 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
689 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
690 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
691 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
692 0xf4, 0x7c, 0x9b, 0x1f,
693 },
694 .C_len = 60,
695 .T = {
696 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
697 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2,
698 },
699 },
700 {
701 /* Test Case 18. */
702 /* K is the same as TC15, P and A are the same as TC 16. */
703 .K = {
704 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
705 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
706 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
707 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
708 },
709 .K_len = 32,
710 .IV = {
711 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
712 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
713 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
714 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
715 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
716 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
717 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
718 0xa6, 0x37, 0xb3, 0x9b,
719 },
720 .IV_len = 60,
721 .P = {
722 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
723 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
724 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
725 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
726 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
727 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
728 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
729 0xba, 0x63, 0x7b, 0x39,
730 },
731 .P_len = 60,
732 .A = {
733 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
734 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
735 0xab, 0xad, 0xda, 0xd2,
736 },
737 .A_len = 20,
738 .C = {
739 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
740 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
741 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
742 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
743 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
744 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
745 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
746 0x44, 0xae, 0x7e, 0x3f,
747 },
748 .C_len = 60,
749 .T = {
750 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
751 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a,
752 },
753 },
754 {
755 /* Test Case 19. */
756 .K = {0},
757 .K_len = 16,
758 .IV = {0},
759 .IV_len = 12,
760 .P = {0},
761 .P_len = 0,
762 .A = {
763 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
764 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
765 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
766 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
767 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
768 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
769 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
770 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
771 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
772 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
773 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
774 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
775 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
776 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
777 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
778 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad,
779 },
780 .A_len = 128,
781 .C = {0},
782 .C_len = 0,
783 .T = {
784 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
785 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92,
786 },
787 },
788 {
789 /* Test Case 20. */
790 .K = {0},
791 .K_len = 16,
792 .IV = {
793 /* This results in 0xff in counter LSB. */
794 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
795 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
796 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
797 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
798 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
799 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
800 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
801 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
802 },
803 .IV_len = 64,
804 .P = {0},
805 .P_len = 288,
806 .A = {0},
807 .A_len = 0,
808 .C = {
809 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
810 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
811 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
812 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
813 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
814 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
815 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
816 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
817 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
818 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
819 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
820 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
821 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
822 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
823 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
824 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
825 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
826 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
827 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
828 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
829 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
830 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
831 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
832 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
833 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
834 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
835 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
836 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
837 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
838 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
839 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
840 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
841 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
842 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
843 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
844 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c,
845 },
846 .C_len = 288,
847 .T = {
848 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
849 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f,
850 },
851 },
852};
853
854#define N_TESTS (sizeof(gcm128_tests) / sizeof(*gcm128_tests))
855
856static int
857do_gcm128_test(int test_no, struct gcm128_test *tv)
858{
859 GCM128_CONTEXT ctx;
860 AES_KEY key;
861 uint8_t *out = NULL;
862 size_t out_len;
863 int ret = 1;
864
865 out_len = tv->P_len;
866 if (out_len != 0) {
867 out = malloc(out_len);
868 if (out == NULL)
869 err(1, "malloc");
870 }
871
872 AES_set_encrypt_key(tv->K, tv->K_len * 8, &key);
873
874 if (out_len != 0)
875 memset(out, 0, out_len);
876 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
877 CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len);
878 if (tv->A_len > 0)
879 CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len);
880 if (tv->P_len > 0)
881 CRYPTO_gcm128_encrypt(&ctx, tv->P, out, out_len);
882 if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) {
883 fprintf(stderr, "TEST %i: CRYPTO_gcm128_finish failed\n",
884 test_no);
885 goto fail;
886 }
887 if (tv->C_len > 0 && memcmp(out, tv->C, out_len)) {
888 fprintf(stderr, "TEST %i: encrypt failed\n", test_no);
889 goto fail;
890 }
891
892 if (out_len != 0)
893 memset(out, 0, out_len);
894 CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len);
895 if (tv->A_len > 0)
896 CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len);
897 if (tv->C_len > 0)
898 CRYPTO_gcm128_decrypt(&ctx, tv->C, out, out_len);
899 if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) {
900 fprintf(stderr, "TEST %i: CRYPTO_gcm128_finish failed\n",
901 test_no);
902 goto fail;
903 }
904 if (tv->P_len > 0 && memcmp(out, tv->P, out_len)) {
905 fprintf(stderr, "TEST %i: decrypt failed\n", test_no);
906 goto fail;
907 }
908
909 ret = 0;
910
911fail:
912 free(out);
913 return (ret);
914}
915
916int
917main(int argc, char **argv)
918{
919 int ret = 0;
920 size_t i;
921
922 for (i = 0; i < N_TESTS; i++)
923 ret |= do_gcm128_test(i + 1, &gcm128_tests[i]);
924
925 return ret;
926}
diff --git a/src/regress/lib/libcrypto/gost/Makefile b/src/regress/lib/libcrypto/gost/Makefile
deleted file mode 100644
index 14b0f9b824..0000000000
--- a/src/regress/lib/libcrypto/gost/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2014/11/09 19:45:26 miod Exp $
2
3PROG= gost2814789t
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/gost/gost2814789t.c b/src/regress/lib/libcrypto/gost/gost2814789t.c
deleted file mode 100644
index 30aaead34e..0000000000
--- a/src/regress/lib/libcrypto/gost/gost2814789t.c
+++ /dev/null
@@ -1,1459 +0,0 @@
1/* $OpenBSD: gost2814789t.c,v 1.2 2014/12/15 06:03:15 miod Exp $ */
2/* vim: set fileencoding=ascii : Charset: ASCII */
3/* test/gostr2814789t.c */
4/* ====================================================================
5 * Copyright (c) 2012 Crypto-Pro, Ltd., Serguei E. Leontiev,
6 * lse@cryptopro.ru
7 *
8 * This file is distributed under the same license as OpenSSL
9 * ====================================================================
10 */
11#include <stdio.h>
12
13#if defined(OPENSSL_NO_GOST)
14int main(int argc, char *argv[])
15{
16 printf("No GOST 28147-89 support\n");
17 return 0;
18}
19#else
20
21#include <stdint.h>
22#include <stdlib.h>
23#include <string.h>
24#include <inttypes.h>
25#include <openssl/conf.h>
26#include <openssl/crypto.h>
27#include <openssl/engine.h>
28#include <openssl/err.h>
29#include <openssl/evp.h>
30#include <openssl/hmac.h>
31#include <openssl/obj_mac.h>
32
33#define G89_MAX_TC_LEN (2048)
34#define G89_BLOCK_LEN (8)
35
36#undef U64
37#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
38#define U64(C) C##UI64
39#elif defined(_LP64) || defined(__arch64__)
40#define U64(C) C##UL
41#else
42#define U64(C) C##ULL
43#endif
44
45typedef enum g89_mode_ {
46 G89_ECB,
47 G89_CFB,
48 G89_CNT,
49 G89_IMIT
50} g89_mode;
51
52typedef struct g89_tc_ {
53 uint64_t ullLen; /* ullLen > G89_MAX_TC_LEN */
54 /* Clear text ullLen */
55 /* of zero unsigned chars */
56 const unsigned char bIn[G89_MAX_TC_LEN]; /* Clear text, when */
57 /* ullLen <= G89_MAX_TC_LEN */
58 const char *szParamSet; /* S-Box ID */
59 const char *szDerive; /* String for derive bRawKey */
60 const unsigned char bRawKey[EVP_MAX_KEY_LENGTH];
61 g89_mode gMode; /* Mode of encryption or MAC */
62 const unsigned char bIV[EVP_MAX_IV_LENGTH]; /* IV for CFB or CNT mode */
63 const unsigned char bOut[G89_MAX_TC_LEN]; /* Cipher text for ECB/CFB/CNT */
64 /* mode, when ullLen <= G89_MAX_TC_LEN;
65 * Last 16 unsigned char of cipher text for
66 * ECB/CFB/CNT, when ullLen >
67 * G89_MAX_TC_LEN;
68 * 4 unsigned char MAC for imitovstavka */
69} g89_tc;
70
71const g89_tc tcs[] = {
72 /*
73 * GOST R 34.11-94 Test cases
74 */
75 { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */
76 /* <http://tools.ietf.org/html/rfc5831#section-7.3.1> */
77 /* Iteration 1, K[1], see Errata for RFC 5831 */
78 8,
79 {
80 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
81 },
82 "id-GostR3411-94-TestParamSet",
83 NULL,
84 {
85 0x54, 0x6d, 0x20, 0x33, 0x68, 0x65, 0x6c, 0x32,
86 0x69, 0x73, 0x65, 0x20, 0x73, 0x73, 0x6e, 0x62,
87 0x20, 0x61, 0x67, 0x79, 0x69, 0x67, 0x74, 0x74,
88 0x73, 0x65, 0x68, 0x65, 0x20, 0x2c, 0x3d, 0x73
89 },
90 G89_ECB,
91 { 0 },
92 {
93 0x1b, 0x0b, 0xbc, 0x32, 0xce, 0xbc, 0xab, 0x42
94 }
95 },
96 { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */
97 /* <http://tools.ietf.org/html/rfc5831#section-7.3.1> */
98 /* Iteration 1, K[4] */
99 8,
100 {
101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
102 },
103 "id-GostR3411-94-TestParamSet",
104 NULL,
105 {
106 0xec, 0x0a, 0x8b, 0xa1, 0x5e, 0xc0, 0x04, 0xa8,
107 0xba, 0xc5, 0x0c, 0xac, 0x0c, 0x62, 0x1d, 0xee,
108 0xe1, 0xc7, 0xb8, 0xe7, 0x00, 0x7a, 0xe2, 0xec,
109 0xf2, 0x73, 0x1b, 0xff, 0x4e, 0x80, 0xe2, 0xa0
110 },
111 G89_ECB,
112 { 0 },
113 {
114 0x2d, 0x56, 0x2a, 0x0d, 0x19, 0x04, 0x86, 0xe7
115 }
116 },
117 { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */
118 /* <http://tools.ietf.org/html/rfc5831#section-7.3.1> */
119 /* Iteration 2, K[1] */
120 8,
121 {
122 0x34, 0xc0, 0x15, 0x33, 0xe3, 0x7d, 0x1c, 0x56
123 },
124 "id-GostR3411-94-TestParamSet",
125 NULL,
126 {
127 0x34, 0x87, 0x24, 0xa4, 0xc1, 0xa6, 0x76, 0x67,
128 0x15, 0x3d, 0xde, 0x59, 0x33, 0x88, 0x42, 0x50,
129 0xe3, 0x24, 0x8c, 0x65, 0x7d, 0x41, 0x3b, 0x8c,
130 0x1c, 0x9c, 0xa0, 0x9a, 0x56, 0xd9, 0x68, 0xcf
131 },
132 G89_ECB,
133 { 0 },
134 {
135 0x86, 0x3e, 0x78, 0xdd, 0x2d, 0x60, 0xd1, 0x3c
136 }
137 },
138 /*
139 * id-Gost28147-89-CryptoPro-A-ParamSet (1.2.643.2.2.31.1)
140 * Test cases
141 */
142 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
143 16,
144 {
145 0x74, 0x3d, 0x76, 0xf9, 0x1b, 0xee, 0x35, 0x3c,
146 0xa2, 0x5c, 0x3b, 0x10, 0xeb, 0x64, 0xcf, 0xf5
147 },
148 "id-Gost28147-89-CryptoPro-A-ParamSet",
149 "testecb1",
150 {
151 0xbb, 0xf1, 0xed, 0xd3, 0x20, 0xaf, 0x8a, 0x62,
152 0x8e, 0x11, 0xc8, 0xa9, 0x51, 0xcc, 0xbe, 0x81,
153 0x47, 0x7b, 0x41, 0xa1, 0x6a, 0xf6, 0x7f, 0x05,
154 0xe8, 0x51, 0x2f, 0x9e, 0x01, 0xf8, 0xcf, 0x49
155 },
156 G89_ECB,
157 { 0 },
158 {
159 0xc3, 0x73, 0x90, 0x95, 0x35, 0x58, 0x08, 0x63,
160 0xcb, 0x68, 0x85, 0x96, 0x77, 0xe8, 0xfb, 0xa9
161 }
162 },
163 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
164 16,
165 {
166 0xd2, 0xfd, 0xf8, 0x3a, 0xc1, 0xb4, 0x39, 0x23,
167 0x2e, 0xaa, 0xcc, 0x98, 0x0a, 0x02, 0xda, 0x33
168 },
169 "id-Gost28147-89-CryptoPro-A-ParamSet",
170 "testcfb1",
171 {
172 0x8d, 0x5a, 0x2c, 0x83, 0xa7, 0xc7, 0x0a, 0x61,
173 0xd6, 0x1b, 0x34, 0xb5, 0x1f, 0xdf, 0x42, 0x68,
174 0x66, 0x71, 0xa3, 0x5d, 0x87, 0x4c, 0xfd, 0x84,
175 0x99, 0x36, 0x63, 0xb6, 0x1e, 0xd6, 0x0d, 0xad
176 },
177 G89_CFB,
178 {
179 0x46, 0x60, 0x6f, 0x0d, 0x88, 0x34, 0x23, 0x5a
180 },
181 {
182 0x88, 0xb7, 0x75, 0x16, 0x74, 0xa5, 0xee, 0x2d,
183 0x14, 0xfe, 0x91, 0x67, 0xd0, 0x5c, 0xcc, 0x40
184 }
185 },
186 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
187 16,
188 {
189 0x90, 0xa2, 0x39, 0x66, 0xae, 0x01, 0xb9, 0xa3,
190 0x52, 0x4e, 0xc8, 0xed, 0x6c, 0xdd, 0x88, 0x30
191 },
192 "id-Gost28147-89-CryptoPro-A-ParamSet",
193 "testcnt1",
194 {
195 0x59, 0x9f, 0x84, 0xba, 0xc3, 0xf3, 0xd2, 0xf1,
196 0x60, 0xe1, 0xe3, 0xf2, 0x6a, 0x96, 0x1a, 0xf9,
197 0x9c, 0x48, 0xb2, 0x4e, 0xbc, 0xbb, 0xbf, 0x7c,
198 0xd8, 0xf3, 0xac, 0xcd, 0x96, 0x8d, 0x28, 0x6a
199 },
200 G89_CNT,
201 {
202 0x8d, 0xaf, 0xa8, 0xd1, 0x58, 0xed, 0x05, 0x8d
203 },
204 {
205 0x6e, 0x72, 0x62, 0xcc, 0xe3, 0x59, 0x36, 0x90,
206 0x83, 0x3a, 0xfe, 0xa9, 0x1b, 0xc9, 0xbe, 0xce
207 }
208 },
209 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
210 16,
211 {
212 0xb5, 0xa1, 0xf0, 0xe3, 0xce, 0x2f, 0x02, 0x1d,
213 0x67, 0x61, 0x94, 0x34, 0x5c, 0x41, 0xe3, 0x6e
214 },
215 "id-Gost28147-89-CryptoPro-A-ParamSet",
216 "testimit1",
217 {
218 0x9d, 0x05, 0xb7, 0x9e, 0x90, 0xca, 0xd0, 0x0a,
219 0x2c, 0xda, 0xd2, 0x2e, 0xf4, 0xe8, 0x6f, 0x5c,
220 0xf5, 0xdc, 0x37, 0x68, 0x19, 0x85, 0xb3, 0xbf,
221 0xaa, 0x18, 0xc1, 0xc3, 0x05, 0x0a, 0x91, 0xa2
222 },
223 G89_IMIT,
224 { 0 },
225 {
226 0xf8, 0x1f, 0x08, 0xa3
227 }
228 },
229 /*
230 * Other paramsets and key meshing test cases.
231 */
232 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
233 1039,
234 {
235 0x8c, 0x9c, 0x44, 0x35, 0xfb, 0xe9, 0xa5, 0xa3,
236 0xa0, 0xae, 0x28, 0x56, 0x91, 0x10, 0x8e, 0x1e ,
237 0xd2, 0xbb, 0x18, 0x53, 0x81, 0x27, 0x0d, 0xa6,
238 0x68, 0x59, 0x36, 0xc5, 0x81, 0x62, 0x9a, 0x8e,
239 0x7d, 0x50, 0xf1, 0x6f, 0x97, 0x62, 0x29, 0xec,
240 0x80, 0x51, 0xe3, 0x7d, 0x6c, 0xc4, 0x07, 0x95,
241 0x28, 0x63, 0xdc, 0xb4, 0xb9, 0x2d, 0xb8, 0x13,
242 0xb1, 0x05, 0xb5, 0xf9, 0xeb, 0x75, 0x37, 0x4e,
243 0xf7, 0xbf, 0x51, 0xf1, 0x98, 0x86, 0x43, 0xc4,
244 0xe4, 0x3d, 0x3e, 0xa7, 0x62, 0xec, 0x41, 0x59,
245 0xe0, 0xbd, 0xfb, 0xb6, 0xfd, 0xec, 0xe0, 0x77,
246 0x13, 0xd2, 0x59, 0x90, 0xa1, 0xb8, 0x97, 0x6b,
247 0x3d, 0x8b, 0x7d, 0xfc, 0x9d, 0xca, 0x82, 0x73,
248 0x32, 0x70, 0x0a, 0x74, 0x03, 0xc6, 0x0c, 0x26,
249 0x7f, 0x56, 0xf0, 0x9d, 0xb2, 0xeb, 0x71, 0x40,
250 0xd7, 0xc3, 0xb1, 0xa7, 0xc5, 0x1e, 0x20, 0x17,
251 0xb3, 0x50, 0x1d, 0x8a, 0x6e, 0x19, 0xcb, 0xbe,
252 0x20, 0x86, 0x2b, 0xd6, 0x1c, 0xfd, 0xb4, 0xb7,
253 0x5d, 0x9a, 0xb3, 0xe3, 0x7d, 0x15, 0x7a, 0x35,
254 0x01, 0x9f, 0x5d, 0x65, 0x89, 0x4b, 0x34, 0xc6,
255 0xf4, 0x81, 0x3f, 0x78, 0x30, 0xcf, 0xe9, 0x15,
256 0x90, 0x9a, 0xf9, 0xde, 0xba, 0x63, 0xd0, 0x19,
257 0x14, 0x66, 0x3c, 0xb9, 0xa4, 0xb2, 0x84, 0x94,
258 0x02, 0xcf, 0xce, 0x20, 0xcf, 0x76, 0xe7, 0xc5,
259 0x48, 0xf7, 0x69, 0x3a, 0x5d, 0xec, 0xaf, 0x41,
260 0xa7, 0x12, 0x64, 0x83, 0xf5, 0x99, 0x1e, 0x9e,
261 0xb2, 0xab, 0x86, 0x16, 0x00, 0x23, 0x8e, 0xe6,
262 0xd9, 0x80, 0x0b, 0x6d, 0xc5, 0x93, 0xe2, 0x5c,
263 0x8c, 0xd8, 0x5e, 0x5a, 0xae, 0x4a, 0x85, 0xfd,
264 0x76, 0x01, 0xea, 0x30, 0xf3, 0x78, 0x34, 0x10,
265 0x72, 0x51, 0xbc, 0x9f, 0x76, 0xce, 0x1f, 0xd4,
266 0x8f, 0x33, 0x50, 0x34, 0xc7, 0x4d, 0x7b, 0xcf,
267 0x91, 0x63, 0x7d, 0x82, 0x9e, 0xa1, 0x23, 0x45,
268 0xf5, 0x45, 0xac, 0x98, 0x7a, 0x48, 0xff, 0x64,
269 0xd5, 0x59, 0x47, 0xde, 0x2b, 0x3f, 0xfa, 0xec,
270 0x50, 0xe0, 0x81, 0x60, 0x8b, 0xc3, 0xfc, 0x80,
271 0x98, 0x17, 0xc7, 0xa3, 0xc2, 0x57, 0x3d, 0xab,
272 0x91, 0x67, 0xf5, 0xc4, 0xab, 0x92, 0xc8, 0xd6,
273 0x3b, 0x6b, 0x3f, 0xff, 0x15, 0x6b, 0xcf, 0x53,
274 0x65, 0x02, 0xf1, 0x74, 0xca, 0xa9, 0xbe, 0x24,
275 0xd2, 0xf0, 0xb7, 0x26, 0xa8, 0xd7, 0x6d, 0xed,
276 0x90, 0x36, 0x7b, 0x3e, 0x41, 0xa9, 0x7f, 0xa3,
277 0x1b, 0xf4, 0x43, 0xc5, 0x51, 0xbe, 0x28, 0x59,
278 0xe9, 0x45, 0x26, 0x49, 0x38, 0x32, 0xf8, 0xf3,
279 0x92, 0x6e, 0x30, 0xcc, 0xb0, 0xa0, 0xf9, 0x01,
280 0x14, 0xc8, 0xba, 0xd9, 0xf0, 0x2a, 0x29, 0xe2,
281 0x52, 0x9a, 0x76, 0x95, 0x3a, 0x16, 0x32, 0xec,
282 0xf4, 0x10, 0xec, 0xee, 0x47, 0x00, 0x70, 0x19,
283 0xe4, 0x72, 0x35, 0x66, 0x44, 0x53, 0x2d, 0xa2,
284 0xf3, 0xaa, 0x7e, 0x8a, 0x33, 0x13, 0xcd, 0xc8,
285 0xbf, 0x0e, 0x40, 0x90, 0x00, 0xe4, 0x42, 0xc3,
286 0x09, 0x84, 0xe1, 0x66, 0x17, 0xa2, 0xaf, 0x03,
287 0xab, 0x6b, 0xa1, 0xec, 0xfb, 0x17, 0x72, 0x81,
288 0xfe, 0x9a, 0x9f, 0xf4, 0xb2, 0x33, 0x1f, 0xae,
289 0x0c, 0xd1, 0x6a, 0xae, 0x19, 0xb8, 0xaf, 0xec,
290 0xe3, 0xea, 0x00, 0xf8, 0xac, 0x87, 0x07, 0x5f,
291 0x6d, 0xb0, 0xac, 0x6b, 0x22, 0x48, 0x36, 0xbf,
292 0x22, 0x18, 0xb0, 0x03, 0x9f, 0x6c, 0x70, 0x45,
293 0x36, 0xf0, 0x6b, 0xc6, 0xc2, 0xa5, 0x72, 0x2c,
294 0xd8, 0xe0, 0x27, 0x3d, 0xec, 0x56, 0x07, 0x05,
295 0x7d, 0x83, 0xa1, 0x65, 0x7d, 0x41, 0x5b, 0xcd,
296 0x77, 0x24, 0xe5, 0xaa, 0x76, 0x47, 0xd0, 0x50,
297 0xf6, 0xe7, 0xb5, 0x59, 0x75, 0x31, 0x27, 0xef,
298 0xd8, 0xa6, 0x4e, 0x7f, 0xb8, 0x40, 0xb1, 0xdf,
299 0x53, 0x14, 0xed, 0xf1, 0x68, 0x5f, 0xfc, 0x3f,
300 0x02, 0xdb, 0x05, 0xeb, 0x31, 0xe4, 0x2c, 0x7f,
301 0x32, 0xb5, 0x70, 0x8e, 0x75, 0x85, 0xa4, 0x5c,
302 0x16, 0x23, 0x37, 0xf2, 0x10, 0x79, 0xcb, 0xdc,
303 0xf8, 0x1c, 0x25, 0xc2, 0xa1, 0x3d, 0x9c, 0x33,
304 0x6c, 0xed, 0xc3, 0xe7, 0xf3, 0x02, 0x87, 0x82,
305 0x4e, 0xfb, 0xac, 0xb3, 0x2d, 0xfc, 0xf8, 0x0d,
306 0x1d, 0x4a, 0x39, 0xd4, 0xb3, 0x09, 0xbb, 0xe9,
307 0x25, 0xc7, 0xec, 0x6a, 0x87, 0x72, 0x84, 0xed,
308 0x12, 0x60, 0x19, 0x64, 0xeb, 0x16, 0x2a, 0x5b,
309 0x10, 0x76, 0x27, 0xff, 0x7b, 0xe4, 0xae, 0xe5,
310 0xa4, 0x04, 0x02, 0x7f, 0xbb, 0x0a, 0xb5, 0xf4,
311 0x05, 0xa5, 0x56, 0x1c, 0x53, 0x31, 0x7a, 0x93,
312 0xba, 0x16, 0x15, 0xab, 0x62, 0x60, 0xfc, 0xde,
313 0x72, 0x36, 0x6e, 0x28, 0xaf, 0x98, 0x0d, 0xe6,
314 0xf4, 0xde, 0x60, 0xa7, 0x7e, 0x06, 0x07, 0x86,
315 0xf3, 0x94, 0xb6, 0x6d, 0x0d, 0x93, 0xa6, 0xbc,
316 0x60, 0x70, 0x33, 0xac, 0x3f, 0xa1, 0xa8, 0x4a,
317 0x20, 0x61, 0xb6, 0xb5, 0x43, 0xa3, 0x15, 0x5a,
318 0x00, 0xbe, 0x76, 0x98, 0x57, 0x72, 0xab, 0x7a,
319 0x0e, 0x18, 0x93, 0x82, 0x3a, 0x18, 0x78, 0x6e,
320 0x71, 0x7b, 0x78, 0x4f, 0x7e, 0x8c, 0xde, 0x7a,
321 0x62, 0xb5, 0x0a, 0x7c, 0x45, 0x1d, 0x16, 0xd5,
322 0xc3, 0x8c, 0x9b, 0x25, 0xb4, 0x50, 0x90, 0xcd,
323 0x96, 0x93, 0xad, 0x0f, 0xd4, 0x43, 0xcb, 0x49,
324 0x0f, 0xfc, 0x5a, 0x31, 0xf4, 0x19, 0xb7, 0xd4,
325 0xeb, 0x4d, 0x40, 0x58, 0xd0, 0x3b, 0xc8, 0xe0,
326 0x4a, 0x54, 0x2f, 0xdb, 0x22, 0xc3, 0x29, 0x7b,
327 0x40, 0x90, 0x61, 0x43, 0xd3, 0x7e, 0xe2, 0x30,
328 0x2b, 0x48, 0x3c, 0xce, 0x90, 0x93, 0xb1, 0x8b,
329 0x31, 0x96, 0x65, 0x6d, 0x57, 0x8b, 0x9d, 0x4d,
330 0x53, 0xf0, 0x83, 0x1c, 0xe5, 0xa1, 0x9d, 0x55,
331 0xe3, 0xbf, 0x7e, 0xca, 0x1a, 0x74, 0x66, 0x14,
332 0xcc, 0x47, 0x43, 0xd9, 0xbb, 0xef, 0x97, 0x7d,
333 0xb7, 0x6e, 0xff, 0xf1, 0x22, 0xf8, 0x10, 0x2d,
334 0x3f, 0xcd, 0x49, 0x96, 0xd9, 0x09, 0x11, 0xb8,
335 0x33, 0xd0, 0x23, 0x9a, 0xfa, 0x16, 0xcb, 0x50,
336 0x26, 0x57, 0x24, 0x5c, 0x0e, 0xba, 0xf0, 0x3f,
337 0x37, 0x2f, 0xa3, 0xf7, 0x18, 0x57, 0x48, 0x48,
338 0x95, 0xcf, 0xef, 0x87, 0x67, 0x2a, 0xe9, 0xb6,
339 0x8a, 0x21, 0x36, 0x7f, 0xff, 0x48, 0x6c, 0x46,
340 0x35, 0x57, 0xf2, 0xbc, 0x48, 0x67, 0x8f, 0x63,
341 0x23, 0x78, 0x11, 0x2b, 0xc2, 0x08, 0xde, 0x51,
342 0xe8, 0x8b, 0x92, 0x29, 0xf9, 0x9a, 0x9e, 0xad,
343 0xed, 0x0f, 0xeb, 0xa2, 0xd2, 0x40, 0x92, 0xd4,
344 0xde, 0x62, 0x95, 0x76, 0xfd, 0x6e, 0x3c, 0xbf,
345 0xc0, 0xd7, 0x0d, 0xe5, 0x1b, 0xa4, 0xc7, 0x18,
346 0xe1, 0x58, 0xa4, 0x56, 0xef, 0x2e, 0x17, 0x1b,
347 0x75, 0xcb, 0xbc, 0xf9, 0x2a, 0x95, 0x71, 0xa7,
348 0x1d, 0x7f, 0xe7, 0x73, 0x63, 0x05, 0x6b, 0x19,
349 0x4c, 0xf4, 0x22, 0x14, 0xc4, 0x59, 0x88, 0x66,
350 0x92, 0x86, 0x61, 0x5c, 0x6a, 0xae, 0xec, 0x58,
351 0xff, 0xc9, 0xf2, 0x44, 0xd4, 0xa2, 0xf5, 0x98,
352 0xeb, 0x5f, 0x09, 0xbc, 0x8a, 0xbf, 0x3c, 0xb4,
353 0x3e, 0xb1, 0x20, 0x05, 0x44, 0x96, 0x79, 0x0a,
354 0x40, 0x92, 0x7f, 0x9d, 0xd1, 0xaf, 0xbc, 0x90,
355 0x95, 0x0a, 0x81, 0xd4, 0xa7, 0xc6, 0xb8, 0xe0,
356 0xe4, 0x39, 0x30, 0x1d, 0x79, 0xc0, 0xe5, 0xfa,
357 0xb4, 0xe9, 0x63, 0xb4, 0x09, 0x72, 0x3b, 0x3e,
358 0xd9, 0xf6, 0xd9, 0x10, 0x21, 0x18, 0x7e, 0xe5,
359 0xad, 0x81, 0xd7, 0xd5, 0x82, 0xd0, 0x8c, 0x3b,
360 0x38, 0x95, 0xf8, 0x92, 0x01, 0xa9, 0x92, 0x00,
361 0x70, 0xd1, 0xa7, 0x88, 0x77, 0x1f, 0x3a, 0xeb,
362 0xb5, 0xe4, 0xf5, 0x9d, 0xc7, 0x37, 0x86, 0xb2,
363 0x12, 0x46, 0x34, 0x19, 0x72, 0x8c, 0xf5, 0x8c,
364 0xf6, 0x78, 0x98, 0xe0, 0x7c, 0xd3, 0xf4
365 },
366 "id-Gost28147-89-CryptoPro-B-ParamSet",
367 "testcfb2",
368 {
369 0x48, 0x0c, 0x74, 0x1b, 0x02, 0x6b, 0x55, 0xd5,
370 0xb6, 0x6d, 0xd7, 0x1d, 0x40, 0x48, 0x05, 0x6b,
371 0x6d, 0xeb, 0x3c, 0x29, 0x0f, 0x84, 0x80, 0x23,
372 0xee, 0x0d, 0x47, 0x77, 0xe3, 0xfe, 0x61, 0xc9
373 },
374 G89_CFB,
375 {
376 0x1f, 0x3f, 0x82, 0x1e, 0x0d, 0xd8, 0x1e, 0x22
377 },
378 {
379 0x23, 0xc6, 0x7f, 0x20, 0xa1, 0x23, 0x58, 0xbc,
380 0x7b, 0x05, 0xdb, 0x21, 0x15, 0xcf, 0x96, 0x41,
381 0xc7, 0x88, 0xef, 0x76, 0x5c, 0x49, 0xdb, 0x42,
382 0xbf, 0xf3, 0xc0, 0xf5, 0xbd, 0x5d, 0xd9, 0x8e,
383 0xaf, 0x3d, 0xf4, 0xe4, 0xda, 0x88, 0xbd, 0xbc,
384 0x47, 0x5d, 0x76, 0x07, 0xc9, 0x5f, 0x54, 0x1d,
385 0x1d, 0x6a, 0xa1, 0x2e, 0x18, 0xd6, 0x60, 0x84,
386 0x02, 0x18, 0x37, 0x92, 0x92, 0x15, 0xab, 0x21,
387 0xee, 0x21, 0xcc, 0x71, 0x6e, 0x51, 0xd9, 0x2b,
388 0xcc, 0x81, 0x97, 0x3f, 0xeb, 0x45, 0x99, 0xb8,
389 0x1b, 0xda, 0xff, 0x90, 0xd3, 0x41, 0x06, 0x9c,
390 0x3f, 0xfb, 0xe4, 0xb2, 0xdc, 0xc9, 0x03, 0x0d,
391 0xa7, 0xae, 0xd7, 0x7d, 0x02, 0xb8, 0x32, 0xab,
392 0xf3, 0x65, 0xa3, 0x65, 0x6c, 0x4e, 0xe4, 0xa2,
393 0x5e, 0x9e, 0xee, 0xcd, 0xde, 0x79, 0x36, 0x6b,
394 0x1b, 0xe1, 0x3c, 0xdf, 0x10, 0xad, 0x4f, 0x02,
395 0xe1, 0x14, 0xaa, 0x09, 0xb4, 0x0b, 0x76, 0xeb,
396 0x69, 0x38, 0x20, 0x02, 0xcb, 0x8e, 0xc0, 0xdf,
397 0xca, 0x48, 0x74, 0xc3, 0x31, 0xad, 0x42, 0x2c,
398 0x51, 0x9b, 0xd0, 0x6a, 0xc1, 0x36, 0xd7, 0x21,
399 0xdf, 0xb0, 0x45, 0xba, 0xca, 0x7f, 0x35, 0x20,
400 0x28, 0xbb, 0xc1, 0x76, 0xfd, 0x43, 0x5d, 0x23,
401 0x7d, 0x31, 0x84, 0x1a, 0x97, 0x4d, 0x83, 0xaa,
402 0x7e, 0xf1, 0xc4, 0xe6, 0x83, 0xac, 0x0d, 0xef,
403 0xef, 0x3c, 0xa4, 0x7c, 0x48, 0xe4, 0xc8, 0xca,
404 0x0d, 0x7d, 0xea, 0x7c, 0x45, 0xd7, 0x73, 0x50,
405 0x25, 0x1d, 0x01, 0xc4, 0x02, 0x1a, 0xcd, 0xe0,
406 0x38, 0x5b, 0xa8, 0x5a, 0x16, 0x9a, 0x10, 0x59,
407 0x74, 0xd7, 0x19, 0xc6, 0xf3, 0xb5, 0x17, 0xf6,
408 0x59, 0x8d, 0x62, 0xaf, 0x44, 0xe8, 0xdc, 0xe9,
409 0xc1, 0x76, 0xf1, 0xd0, 0xbd, 0x29, 0xd7, 0xec,
410 0x1d, 0xac, 0x57, 0xdb, 0x1a, 0x3f, 0xd8, 0xf6,
411 0x6e, 0xb6, 0xe6, 0xdf, 0x36, 0xe7, 0x89, 0xce,
412 0x56, 0x35, 0x43, 0x1c, 0x7d, 0x57, 0x79, 0x0e,
413 0xd8, 0xf4, 0xd7, 0xa7, 0x0d, 0xc6, 0x8f, 0x91,
414 0x66, 0x67, 0x82, 0x0f, 0x49, 0xc9, 0xc5, 0x65,
415 0x81, 0xa1, 0x39, 0x5a, 0x53, 0x9f, 0x02, 0xa5,
416 0xd5, 0x36, 0x22, 0xa8, 0xa8, 0x1c, 0x37, 0x0e,
417 0x76, 0x46, 0xdf, 0xbd, 0x6a, 0xdb, 0xfc, 0x1b,
418 0xbd, 0x10, 0xb8, 0xb1, 0xbc, 0x72, 0x4c, 0x58,
419 0x4a, 0xda, 0x6d, 0x66, 0x00, 0xda, 0x7a, 0x66,
420 0xa0, 0xe7, 0x3b, 0x39, 0xa3, 0xf7, 0x05, 0x07,
421 0xfa, 0x21, 0x4b, 0xc7, 0x94, 0xc0, 0xd3, 0x7b,
422 0x19, 0x02, 0x5d, 0x4a, 0x10, 0xf1, 0xc2, 0x0f,
423 0x19, 0x68, 0x27, 0xc7, 0x7d, 0xbf, 0x55, 0x03,
424 0x57, 0x7d, 0xaf, 0x77, 0xae, 0x80, 0x2f, 0x7a,
425 0xe6, 0x1f, 0x4b, 0xdc, 0x15, 0x18, 0xc0, 0x62,
426 0xa1, 0xe8, 0xd9, 0x1c, 0x9e, 0x8c, 0x96, 0x39,
427 0xc1, 0xc4, 0x88, 0xf7, 0x0c, 0xe1, 0x04, 0x84,
428 0x68, 0x51, 0xce, 0xf1, 0x90, 0xda, 0x7f, 0x76,
429 0xc8, 0xc0, 0x88, 0xef, 0x8e, 0x15, 0x25, 0x3e,
430 0x7b, 0xe4, 0x79, 0xb5, 0x66, 0x2d, 0x9c, 0xd1,
431 0x13, 0xda, 0xd0, 0xd5, 0x46, 0xd5, 0x8d, 0x46,
432 0x18, 0x07, 0xee, 0xd8, 0xc9, 0x64, 0xe3, 0xbe,
433 0x0e, 0x68, 0x27, 0x09, 0x96, 0x26, 0xf6, 0xe2,
434 0x19, 0x61, 0x3f, 0xf4, 0x58, 0x27, 0x0a, 0xeb,
435 0xce, 0x7c, 0xb6, 0x68, 0x92, 0xe7, 0x12, 0x3b,
436 0x31, 0xd4, 0x48, 0xdf, 0x35, 0x8d, 0xf4, 0x86,
437 0x42, 0x2a, 0x15, 0x4b, 0xe8, 0x19, 0x1f, 0x26,
438 0x65, 0x9b, 0xa8, 0xda, 0x4b, 0x79, 0x1f, 0x8e,
439 0xe6, 0x13, 0x7e, 0x49, 0x8f, 0xc1, 0xce, 0xdc,
440 0x5e, 0x64, 0x74, 0xce, 0x02, 0x78, 0xe0, 0xcf,
441 0xa0, 0xed, 0x5e, 0x31, 0x74, 0xd1, 0xd0, 0xb4,
442 0xee, 0x70, 0x19, 0x14, 0x3c, 0x8f, 0x16, 0xa6,
443 0xcf, 0x12, 0x93, 0x15, 0x88, 0xeb, 0x91, 0x65,
444 0x76, 0x98, 0xfd, 0xa1, 0x94, 0x30, 0xba, 0x43,
445 0x62, 0x65, 0x40, 0x04, 0x77, 0x9e, 0xd6, 0xab,
446 0x8b, 0x0d, 0x93, 0x80, 0x50, 0x5f, 0xa2, 0x76,
447 0x20, 0xa7, 0xd6, 0x9c, 0x27, 0x15, 0x27, 0xbc,
448 0xa5, 0x5a, 0xbf, 0xe9, 0x92, 0x82, 0x05, 0xa8,
449 0x41, 0xe9, 0xb5, 0x60, 0xd5, 0xc0, 0xd7, 0x4b,
450 0xad, 0x38, 0xb2, 0xe9, 0xd1, 0xe5, 0x51, 0x5f,
451 0x24, 0x78, 0x24, 0x9a, 0x23, 0xd2, 0xc2, 0x48,
452 0xbd, 0x0e, 0xf1, 0x37, 0x72, 0x91, 0x87, 0xb0,
453 0x4e, 0xbd, 0x99, 0x6b, 0x2c, 0x01, 0xb6, 0x79,
454 0x69, 0xec, 0x0c, 0xed, 0xe5, 0x3f, 0x50, 0x64,
455 0x7c, 0xb9, 0xdd, 0xe1, 0x92, 0x81, 0xb5, 0xd0,
456 0xcb, 0x17, 0x83, 0x86, 0x8b, 0xea, 0x4f, 0x93,
457 0x08, 0xbc, 0x22, 0x0c, 0xef, 0xe8, 0x0d, 0xf5,
458 0x9e, 0x23, 0xe1, 0xf9, 0xb7, 0x6b, 0x45, 0x0b,
459 0xcb, 0xa9, 0xb6, 0x4d, 0x28, 0x25, 0xba, 0x3e,
460 0x86, 0xf2, 0x75, 0x47, 0x5d, 0x9d, 0x6b, 0xf6,
461 0x8a, 0x05, 0x58, 0x73, 0x3d, 0x00, 0xde, 0xfd,
462 0x69, 0xb1, 0x61, 0x16, 0xf5, 0x2e, 0xb0, 0x9f,
463 0x31, 0x6a, 0x00, 0xb9, 0xef, 0x71, 0x63, 0x47,
464 0xa3, 0xca, 0xe0, 0x40, 0xa8, 0x7e, 0x02, 0x04,
465 0xfe, 0xe5, 0xce, 0x48, 0x73, 0xe3, 0x94, 0xcf,
466 0xe2, 0xff, 0x29, 0x7e, 0xf6, 0x32, 0xbb, 0xb7,
467 0x55, 0x12, 0x21, 0x7a, 0x9c, 0x75, 0x04, 0x0c,
468 0xb4, 0x7c, 0xb0, 0x3d, 0x40, 0xb3, 0x11, 0x9a,
469 0x7a, 0x9a, 0x13, 0xfb, 0x77, 0xa7, 0x51, 0x68,
470 0xf7, 0x05, 0x47, 0x3b, 0x0f, 0x52, 0x5c, 0xe6,
471 0xc2, 0x99, 0x3a, 0x37, 0x54, 0x5c, 0x4f, 0x2b,
472 0xa7, 0x01, 0x08, 0x74, 0xbc, 0x91, 0xe3, 0xe2,
473 0xfe, 0x65, 0x94, 0xfd, 0x3d, 0x18, 0xe0, 0xf0,
474 0x62, 0xed, 0xc2, 0x10, 0x82, 0x9c, 0x58, 0x7f,
475 0xb2, 0xa3, 0x87, 0x8a, 0x74, 0xd9, 0xc1, 0xfb,
476 0x84, 0x28, 0x17, 0xc7, 0x2b, 0xcb, 0x53, 0x1f,
477 0x4e, 0x8a, 0x82, 0xfc, 0xb4, 0x3f, 0xc1, 0x47,
478 0x25, 0xf3, 0x21, 0xdc, 0x4c, 0x2d, 0x08, 0xfa,
479 0xe7, 0x0f, 0x03, 0xa9, 0x68, 0xde, 0x6b, 0x41,
480 0xa0, 0xf9, 0x41, 0x6c, 0x57, 0x4d, 0x3a, 0x0e,
481 0xea, 0x51, 0xca, 0x9f, 0x97, 0x11, 0x7d, 0xf6,
482 0x8e, 0x88, 0x63, 0x67, 0xc9, 0x65, 0x13, 0xca,
483 0x38, 0xed, 0x35, 0xbe, 0xf4, 0x27, 0xa9, 0xfc,
484 0xa9, 0xe6, 0xc3, 0x40, 0x86, 0x08, 0x39, 0x72,
485 0x37, 0xee, 0xb2, 0x87, 0x09, 0x96, 0xb7, 0x40,
486 0x87, 0x36, 0x92, 0xc1, 0x5d, 0x6a, 0x2c, 0x43,
487 0xca, 0x25, 0xc8, 0x35, 0x37, 0x2d, 0xb5, 0xa9,
488 0x27, 0x44, 0x50, 0xf2, 0x6d, 0x22, 0x75, 0x41,
489 0x77, 0x2a, 0xdb, 0xb1, 0x8c, 0x6d, 0x05, 0xe8,
490 0xc9, 0x99, 0xc7, 0x08, 0xf9, 0x14, 0x8f, 0x78,
491 0xa9, 0x8f, 0xc2, 0x5a, 0x7a, 0x65, 0xc5, 0xd8,
492 0x86, 0xbb, 0x72, 0x69, 0x6b, 0x6b, 0x45, 0x83,
493 0x5b, 0xb1, 0xf7, 0xcd, 0x16, 0x73, 0xee, 0xe9,
494 0x80, 0x85, 0xfe, 0x8e, 0xe1, 0xae, 0x53, 0x8f,
495 0xde, 0xbe, 0x48, 0x8b, 0x59, 0xef, 0xf6, 0x7e,
496 0xd8, 0xb5, 0xa8, 0x47, 0xc0, 0x4e, 0x15, 0x58,
497 0xca, 0xd3, 0x2f, 0xf8, 0x6c, 0xa6, 0x3d, 0x78,
498 0x4d, 0x7a, 0x54, 0xd6, 0x10, 0xe5, 0xcc, 0x05,
499 0xe2, 0x29, 0xb5, 0x86, 0x07, 0x39, 0x7d, 0x78,
500 0x8e, 0x5a, 0x8f, 0x83, 0x4c, 0xe7, 0x3d, 0x68,
501 0x3e, 0xe5, 0x02, 0xe6, 0x64, 0x4f, 0x5e, 0xb4,
502 0x49, 0x77, 0xf0, 0xc0, 0xfa, 0x6f, 0xc8, 0xfb,
503 0x9f, 0x84, 0x6f, 0x55, 0xfb, 0x30, 0x5e, 0x89,
504 0x93, 0xa9, 0xf3, 0xa6, 0xa3, 0xd7, 0x26, 0xbb,
505 0xd8, 0xa8, 0xd9, 0x95, 0x1d, 0xfe, 0xfc, 0xd7,
506 0xa8, 0x93, 0x66, 0x2f, 0x04, 0x53, 0x06, 0x64,
507 0x7f, 0x31, 0x29, 0xae, 0xb7, 0x9f, 0xba, 0xc4,
508 0x6d, 0x68, 0xd1, 0x24, 0x32, 0xf4, 0x11
509 }
510 },
511 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
512 4,
513 {
514 0x07, 0x9c, 0x91, 0xbe
515 },
516 "id-Gost28147-89-CryptoPro-C-ParamSet",
517 "testcfb3",
518 {
519 0x77, 0xc3, 0x45, 0x8e, 0xf6, 0x42, 0xe7, 0x04,
520 0x8e, 0xfc, 0x08, 0xe4, 0x70, 0x96, 0xd6, 0x05,
521 0x93, 0x59, 0x02, 0x6d, 0x6f, 0x97, 0xca, 0xe9,
522 0xcf, 0x89, 0x44, 0x4b, 0xde, 0x6c, 0x22, 0x1d
523 },
524 G89_CFB,
525 {
526 0x43, 0x7c, 0x3e, 0x8e, 0x2f, 0x2a, 0x00, 0x98
527 },
528 {
529 0x19, 0x35, 0x81, 0x34
530 }
531 },
532 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
533 9,
534 {
535 0x2f, 0x31, 0xd8, 0x83, 0xb4, 0x20, 0xe8, 0x6e,
536 0xda
537 },
538 "id-Gost28147-89-CryptoPro-D-ParamSet",
539 "testcfb4",
540 {
541 0x38, 0x9f, 0xe8, 0x37, 0xff, 0x9c, 0x5d, 0x29,
542 0xfc, 0x48, 0x55, 0xa0, 0x87, 0xea, 0xe8, 0x40,
543 0x20, 0x87, 0x5b, 0xb2, 0x01, 0x15, 0x55, 0xa7,
544 0xe3, 0x2d, 0xcb, 0x3d, 0xd6, 0x59, 0x04, 0x73
545 },
546 G89_CFB,
547 {
548 0xc5, 0xa2, 0xd2, 0x1f, 0x2f, 0xdf, 0xb8, 0xeb
549 },
550 {
551 0x6d, 0xa4, 0xed, 0x40, 0x08, 0x88, 0x71, 0xad,
552 0x16
553 }
554 },
555 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
556 5242880+8,
557 { 0 },
558 "id-Gost28147-89-CryptoPro-A-ParamSet",
559 "test5Mcfb",
560 {
561 0x61, 0x58, 0x44, 0x5a, 0x41, 0xf6, 0xc7, 0x0f,
562 0x6b, 0xdb, 0x51, 0x91, 0x6a, 0xf6, 0x81, 0x30,
563 0x8c, 0xa7, 0x98, 0xdd, 0x38, 0x35, 0x8a, 0x60,
564 0x85, 0xb4, 0xf0, 0xf9, 0x43, 0xa2, 0x7d, 0x9a
565 },
566 G89_CFB,
567 {
568 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
569 },
570 {
571 0x1c, 0x16, 0xa0, 0xe9, 0x63, 0x94, 0xfe, 0x38,
572 0x37, 0xa7, 0x9b, 0x70, 0x25, 0x2e, 0xd6, 0x00
573 }
574 },
575 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
576 U64(4294967296)+16,
577 { 0 },
578 "id-Gost28147-89-CryptoPro-A-ParamSet",
579 "test4Gcfb",
580 {
581 0xae, 0x57, 0xa2, 0xdd, 0xa4, 0xef, 0x4f, 0x96,
582 0xb8, 0x94, 0xa5, 0xd1, 0x1b, 0xc8, 0x9b, 0x42,
583 0xa5, 0x24, 0xcc, 0x89, 0x5c, 0xb8, 0x92, 0x52,
584 0xc1, 0x12, 0x6a, 0xb0, 0x9a, 0x26, 0xe8, 0x06
585 },
586 G89_CFB,
587 {
588 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
589 },
590 {
591 0x2e, 0x62, 0xb0, 0x2e, 0xc7, 0x87, 0x4b, 0x29,
592 0x33, 0x16, 0x6b, 0xb4, 0xd6, 0x61, 0x66, 0xd9
593 }
594 },
595 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
596 1037,
597 {
598 0x3d, 0x0b, 0x69, 0xf7, 0xa8, 0xe4, 0xfc, 0x99,
599 0x22, 0x2e, 0xee, 0xd1, 0x63, 0x12, 0xfe, 0xa8,
600 0x9d, 0xcb, 0x6c, 0x4d, 0x48, 0x8c, 0xe8, 0xbd,
601 0x8b, 0x60, 0xf1, 0xbf, 0x7b, 0xe3, 0x79, 0xd5,
602 0x2b, 0x25, 0x97, 0x13, 0xef, 0x35, 0xda, 0xf4,
603 0xbc, 0x77, 0xce, 0xea, 0xe9, 0x3f, 0xa4, 0xb6,
604 0x01, 0xd5, 0x73, 0x29, 0x58, 0xda, 0xd7, 0x67,
605 0x17, 0xac, 0xe4, 0x75, 0x2f, 0x57, 0x23, 0xac,
606 0x96, 0x21, 0xc7, 0x62, 0x2d, 0xf7, 0x32, 0xb5,
607 0x44, 0x5f, 0x72, 0xb1, 0x5f, 0xba, 0x1b, 0x1e,
608 0xdb, 0x4a, 0x09, 0x8c, 0x92, 0x61, 0xa2, 0xb0,
609 0x49, 0x68, 0xe5, 0xb3, 0xa2, 0x8f, 0x13, 0x4b,
610 0xf5, 0x4d, 0x84, 0xda, 0xab, 0xa0, 0xb6, 0xd1,
611 0x5a, 0x63, 0x19, 0xe8, 0xa2, 0x09, 0xf6, 0x76,
612 0x6f, 0x9b, 0x48, 0x0a, 0x15, 0x5d, 0xb7, 0x20,
613 0x21, 0x9a, 0x2e, 0xb9, 0x6d, 0xfa, 0x1e, 0xc2,
614 0x0e, 0xef, 0x15, 0xab, 0x59, 0x01, 0xfe, 0x43,
615 0x90, 0xf2, 0x62, 0xca, 0x4a, 0x9a, 0x48, 0x38,
616 0xab, 0x6f, 0x9d, 0x21, 0xb3, 0xad, 0xa7, 0x60,
617 0x46, 0xe3, 0xef, 0xd0, 0xe3, 0x1d, 0xc5, 0xe1,
618 0xb8, 0xa1, 0xe2, 0x99, 0x20, 0xc5, 0x76, 0xcc,
619 0xaa, 0x8a, 0xa9, 0x45, 0x55, 0xa0, 0x78, 0x00,
620 0x64, 0xde, 0xcf, 0x5b, 0xdf, 0x26, 0x48, 0xcd,
621 0xba, 0x8a, 0xb5, 0xfb, 0xfd, 0x4a, 0xd5, 0xc4,
622 0xe0, 0x43, 0xa6, 0x71, 0x90, 0xa4, 0x8b, 0xca,
623 0x2e, 0x88, 0x7b, 0xac, 0xb2, 0xdc, 0xf2, 0x01,
624 0xcb, 0xda, 0x6e, 0x91, 0x27, 0x28, 0x44, 0x88,
625 0x9a, 0xd2, 0x12, 0xf1, 0xa6, 0xf5, 0xb7, 0x61,
626 0xce, 0x79, 0x62, 0x52, 0x3c, 0xe6, 0x14, 0x73,
627 0xd1, 0x41, 0x92, 0x50, 0xbd, 0xdc, 0x3b, 0xd0,
628 0xa7, 0x11, 0x8c, 0x3a, 0xe4, 0x2d, 0xf2, 0x52,
629 0xd3, 0x2f, 0x7c, 0x8e, 0x54, 0x90, 0x4e, 0x23,
630 0xae, 0xb3, 0xa0, 0xf3, 0x25, 0x7e, 0x66, 0xaa,
631 0x0f, 0x6f, 0x81, 0x72, 0x77, 0xbb, 0xd3, 0x47,
632 0xe8, 0x05, 0xff, 0xe1, 0x5b, 0xc9, 0x37, 0x50,
633 0x33, 0x49, 0x17, 0xaf, 0xab, 0x1d, 0xe1, 0x15,
634 0xf2, 0xe5, 0x98, 0x5e, 0x2d, 0x05, 0x1f, 0x0d,
635 0x55, 0x97, 0xed, 0xff, 0x5e, 0xe0, 0x0f, 0xc3,
636 0x9c, 0xbd, 0x82, 0xc2, 0x06, 0xbe, 0x45, 0x66,
637 0xae, 0x33, 0xbe, 0x28, 0x48, 0xe9, 0x2d, 0x1a,
638 0xe6, 0x65, 0x8e, 0xdf, 0x76, 0x03, 0x73, 0x4b,
639 0xc0, 0x80, 0x71, 0xf9, 0xac, 0xba, 0xa0, 0xb0,
640 0x19, 0x1a, 0x0a, 0xd4, 0x35, 0x12, 0x88, 0x76,
641 0x05, 0x75, 0x8f, 0x7c, 0xb5, 0xf0, 0x19, 0x75,
642 0x6d, 0x05, 0xcb, 0x0d, 0xbc, 0x8d, 0xe9, 0xf0,
643 0xd4, 0xdb, 0x3c, 0x3c, 0x29, 0x8e, 0x2c, 0x32,
644 0x1d, 0xf7, 0xb6, 0x49, 0xcf, 0xdb, 0x63, 0xee,
645 0x3c, 0xfa, 0x33, 0x73, 0x6f, 0xe4, 0x97, 0x4e,
646 0x2f, 0xc9, 0x4c, 0x5c, 0x65, 0xfe, 0xea, 0xfb,
647 0xc6, 0xdd, 0xc1, 0x1c, 0x47, 0x3f, 0xf4, 0x50,
648 0x2f, 0xde, 0x1b, 0x5b, 0x0b, 0x16, 0xca, 0xb6,
649 0x46, 0x44, 0xf2, 0xc1, 0x0d, 0xa1, 0x1d, 0xa6,
650 0xdb, 0xf0, 0x3d, 0xb1, 0x6c, 0x05, 0x31, 0x85,
651 0x8e, 0x74, 0xae, 0xf2, 0x39, 0x26, 0xf7, 0xc1,
652 0xe7, 0x4c, 0xdd, 0x9d, 0x40, 0xb8, 0xf3, 0xc5,
653 0xc2, 0x16, 0x64, 0x6b, 0xaa, 0xdb, 0x4b, 0x82,
654 0x5c, 0xd3, 0x02, 0xd3, 0x8f, 0x26, 0x79, 0x8d,
655 0xb0, 0x78, 0x70, 0x19, 0x58, 0x0c, 0xb4, 0x31,
656 0x88, 0x44, 0x1c, 0x91, 0x6f, 0xf4, 0x52, 0x39,
657 0xa8, 0xf5, 0xc0, 0x1b, 0xfe, 0xf2, 0x0e, 0x4b,
658 0xac, 0x0a, 0xc2, 0x7e, 0x9c, 0x9b, 0xeb, 0x5d,
659 0x4e, 0x4f, 0x42, 0xd8, 0x71, 0x0a, 0x97, 0x27,
660 0x03, 0x14, 0x96, 0xa6, 0x3d, 0x04, 0xea, 0x9f,
661 0x14, 0x14, 0x27, 0x4c, 0xd9, 0xa2, 0x89, 0x5f,
662 0x65, 0x4a, 0xe1, 0x9d, 0x2c, 0xb8, 0xf8, 0xd4,
663 0x8f, 0x2a, 0x57, 0x36, 0xcc, 0x06, 0x9c, 0x2c,
664 0xc5, 0x13, 0x16, 0xdf, 0xfc, 0xae, 0x22, 0x16,
665 0xa8, 0x2b, 0x71, 0x6f, 0x1d, 0xb3, 0x47, 0x54,
666 0x3f, 0x2d, 0x0a, 0x68, 0x9f, 0x2e, 0xf6, 0x90,
667 0xd8, 0xa1, 0x21, 0x09, 0xd4, 0x97, 0xb9, 0x7b,
668 0x7f, 0x9b, 0x6a, 0xed, 0xd1, 0xf0, 0xe3, 0xb6,
669 0x28, 0xc7, 0x62, 0x82, 0x00, 0xc9, 0x38, 0xa1,
670 0x82, 0x78, 0xce, 0x87, 0xc8, 0x53, 0xac, 0x4f,
671 0x2e, 0x31, 0xb9, 0x50, 0x7f, 0x36, 0x00, 0x4a,
672 0x32, 0xe6, 0xd8, 0xbb, 0x59, 0x45, 0x0e, 0x91,
673 0x1b, 0x38, 0xa9, 0xbc, 0xb9, 0x5e, 0x6c, 0x6a,
674 0x9c, 0x03, 0x01, 0x1c, 0xde, 0xe8, 0x1f, 0x1e,
675 0xe3, 0xde, 0x25, 0xa2, 0x56, 0x79, 0xe1, 0xbd,
676 0x58, 0xc4, 0x93, 0xe6, 0xd0, 0x8a, 0x4d, 0x08,
677 0xab, 0xf7, 0xaa, 0xc3, 0x7d, 0xc1, 0xee, 0x68,
678 0x37, 0xbc, 0x78, 0x0b, 0x19, 0x68, 0x2b, 0x2b,
679 0x2e, 0x6d, 0xc4, 0x6f, 0xaa, 0x3b, 0xc6, 0x19,
680 0xcb, 0xf1, 0x58, 0xb9, 0x60, 0x85, 0x45, 0xae,
681 0x52, 0x97, 0xba, 0x24, 0x32, 0x13, 0x72, 0x16,
682 0x6e, 0x7b, 0xc1, 0x98, 0xac, 0xb1, 0xed, 0xb4,
683 0xcc, 0x6c, 0xcf, 0x45, 0xfc, 0x50, 0x89, 0x80,
684 0x8e, 0x7a, 0xa4, 0xd3, 0x64, 0x50, 0x63, 0x37,
685 0xc9, 0x6c, 0xf1, 0xc4, 0x3d, 0xfb, 0xde, 0x5a,
686 0x5c, 0xa8, 0x21, 0x35, 0xe6, 0x2e, 0x8c, 0x2a,
687 0x3c, 0x12, 0x17, 0x79, 0x9a, 0x0d, 0x2e, 0x79,
688 0xeb, 0x67, 0x1f, 0x2b, 0xf8, 0x6e, 0xca, 0xc1,
689 0xfa, 0x45, 0x18, 0x9e, 0xdf, 0x6a, 0xe6, 0xcb,
690 0xe9, 0x5c, 0xc3, 0x09, 0xaf, 0x93, 0x58, 0x13,
691 0xbf, 0x90, 0x84, 0x87, 0x75, 0xd6, 0x82, 0x28,
692 0x8d, 0xe7, 0x2f, 0xa3, 0xfb, 0x97, 0x74, 0x2a,
693 0x73, 0x04, 0x82, 0x06, 0x76, 0x69, 0xb1, 0x0b,
694 0x19, 0xfc, 0xae, 0xb3, 0xdd, 0x2a, 0xe5, 0xc1,
695 0x05, 0xd8, 0x80, 0x95, 0x22, 0x90, 0x71, 0xfc,
696 0xc2, 0x92, 0x42, 0xfd, 0xf1, 0x70, 0xb4, 0x68,
697 0x88, 0xa4, 0x9e, 0x0a, 0x24, 0x40, 0x13, 0xc8,
698 0xa2, 0x56, 0x4f, 0x39, 0xe6, 0x06, 0xf1, 0xdc,
699 0xf5, 0x13, 0x0e, 0xad, 0x9c, 0x8b, 0xaf, 0xe9,
700 0xe3, 0x88, 0x72, 0xff, 0xa0, 0x6d, 0xda, 0x08,
701 0x70, 0xb9, 0x2e, 0x83, 0xc5, 0xbb, 0x32, 0xa5,
702 0x74, 0xc7, 0xfb, 0x7b, 0x76, 0xaf, 0x02, 0xbb,
703 0x2b, 0xb8, 0x5e, 0x65, 0x02, 0xfe, 0x0e, 0xa0,
704 0x99, 0xce, 0x01, 0x3b, 0x35, 0xe1, 0xb0, 0x22,
705 0xe5, 0x94, 0xbd, 0xdd, 0x8e, 0xbb, 0xf6, 0x75,
706 0xbf, 0xbf, 0xee, 0x7a, 0xb1, 0x58, 0xb4, 0x81,
707 0xb8, 0x39, 0x3e, 0xb6, 0x1e, 0xde, 0xda, 0x1b,
708 0xd5, 0xf7, 0xdd, 0x7d, 0x65, 0x9c, 0xaa, 0x56,
709 0x93, 0xb8, 0xaf, 0x48, 0x53, 0xc7, 0x22, 0xe4,
710 0x1c, 0xdf, 0xe9, 0x79, 0xb4, 0x20, 0x89, 0xcc,
711 0x2a, 0x79, 0x2c, 0x09, 0xbe, 0x78, 0xcf, 0xcc,
712 0xf2, 0x90, 0xd6, 0x65, 0xc5, 0x29, 0xfc, 0xda,
713 0x69, 0xfc, 0xc0, 0xd6, 0x70, 0x99, 0x61, 0x3f,
714 0x60, 0x02, 0xd8, 0x12, 0x22, 0xc8, 0x34, 0xc6,
715 0x3b, 0xb3, 0xc2, 0x33, 0xa1, 0x5c, 0x8f, 0x4c,
716 0xd1, 0x52, 0x72, 0xf2, 0x42, 0x05, 0x8e, 0x18,
717 0x1f, 0x16, 0xda, 0xb8, 0x53, 0xa1, 0x5f, 0x01,
718 0x32, 0x1b, 0x90, 0xb3, 0x53, 0x9b, 0xd0, 0x85,
719 0x61, 0x2d, 0x17, 0xed, 0x0a, 0xa4, 0xa5, 0x27,
720 0x09, 0x75, 0x7c, 0xbc, 0x30, 0xf7, 0x5e, 0x59,
721 0x9a, 0x07, 0x96, 0x84, 0x28, 0x86, 0x4b, 0xa7,
722 0x22, 0x35, 0x28, 0xc7, 0xed, 0x0d, 0xc3, 0xce,
723 0x98, 0xcc, 0x2d, 0xec, 0xd4, 0x98, 0x09, 0x8e,
724 0x52, 0x5f, 0x2b, 0x9a, 0x13, 0xbe, 0x99, 0x16,
725 0x73, 0xd1, 0x1f, 0x81, 0xe5, 0xa2, 0x08, 0x78,
726 0xcb, 0x0c, 0x20, 0xd4, 0xa5, 0xea, 0x4b, 0x5b,
727 0x95, 0x5a, 0x92, 0x9a, 0x52
728 },
729 "id-Gost28147-89-CryptoPro-A-ParamSet",
730 "testcnt2",
731 {
732 0x1b, 0x5d, 0xdb, 0x77, 0xcf, 0xf9, 0xec, 0x95,
733 0x5e, 0xcc, 0x67, 0x9f, 0x5d, 0x28, 0xad, 0x4a,
734 0x27, 0xf4, 0x32, 0xc6, 0xb2, 0xcb, 0xb1, 0x45,
735 0x6a, 0x88, 0x14, 0x0c, 0x9b, 0x9b, 0x5f, 0x48
736 },
737 G89_CNT,
738 {
739 0x71, 0x58, 0x8c, 0xe1, 0x55, 0xf4, 0xf6, 0xb3
740 },
741 {
742 0x8e, 0xcd, 0x8f, 0xc8, 0xac, 0xe1, 0x15, 0x48,
743 0x2d, 0xae, 0x24, 0x8a, 0xc7, 0xfb, 0xba, 0x0f,
744 0x1d, 0x8a, 0x95, 0xa2, 0x43, 0xef, 0xcb, 0xdc,
745 0x59, 0x57, 0xa7, 0xc7, 0x0e, 0xe3, 0xe2, 0xb9,
746 0x0d, 0x86, 0x29, 0x62, 0xcb, 0x83, 0x4d, 0x07,
747 0x0c, 0x40, 0xd4, 0x7b, 0x2e, 0xca, 0xba, 0xbf,
748 0x4a, 0x60, 0x3b, 0x31, 0x98, 0xc8, 0x88, 0x47,
749 0xd9, 0x82, 0xab, 0xfc, 0x8f, 0x48, 0xe2, 0x46,
750 0xab, 0xd3, 0xa1, 0xab, 0x8a, 0x05, 0x22, 0x8c,
751 0xf4, 0xec, 0x9a, 0x1e, 0x76, 0xab, 0x1a, 0x60,
752 0xd9, 0x25, 0x6b, 0xb8, 0x56, 0xe5, 0xb2, 0xea,
753 0x10, 0xf3, 0x62, 0x04, 0x32, 0x5e, 0xaa, 0x3b,
754 0x7b, 0x57, 0xbc, 0x3b, 0x8b, 0x43, 0x47, 0xf2,
755 0xd5, 0x03, 0x7e, 0x51, 0x01, 0xff, 0x77, 0x28,
756 0xca, 0x90, 0xa3, 0xfe, 0x7e, 0x2e, 0x70, 0x16,
757 0x75, 0x18, 0x44, 0xf0, 0x1b, 0x85, 0x05, 0xea,
758 0xe3, 0x21, 0xf7, 0x26, 0x86, 0x76, 0x3c, 0x67,
759 0x9d, 0xfc, 0xbc, 0x10, 0x7f, 0x77, 0xe4, 0xed,
760 0xd3, 0x12, 0xf8, 0x83, 0x00, 0x1f, 0x4b, 0x92,
761 0x95, 0x92, 0x5c, 0xf3, 0x5a, 0xf3, 0xb7, 0xd0,
762 0xa9, 0x5f, 0xf2, 0x18, 0xc4, 0x66, 0x62, 0xc1,
763 0x84, 0x0e, 0x66, 0xe8, 0x80, 0x7d, 0x1f, 0xf0,
764 0xba, 0x01, 0x9b, 0x71, 0xae, 0x93, 0xcc, 0x27,
765 0x54, 0x34, 0x9a, 0xbd, 0xca, 0xee, 0x52, 0x09,
766 0x92, 0x9d, 0xb0, 0xd5, 0xd9, 0xba, 0x2f, 0xb9,
767 0x96, 0xdc, 0xfa, 0xbd, 0xce, 0xea, 0x1a, 0x7b,
768 0x9a, 0x1d, 0x13, 0xa7, 0x11, 0xe2, 0x9a, 0x64,
769 0xf6, 0xd3, 0xee, 0xc6, 0x33, 0xb7, 0x6e, 0xef,
770 0x25, 0x9e, 0x1e, 0x7c, 0xe3, 0x1f, 0x2c, 0x6e,
771 0xa9, 0xc0, 0xf8, 0xc1, 0xbf, 0x3b, 0xf8, 0x34,
772 0x03, 0x9b, 0xa1, 0x40, 0x5b, 0x0c, 0x3c, 0x09,
773 0x66, 0x9d, 0x63, 0xe2, 0xe2, 0x04, 0x8f, 0x06,
774 0x84, 0x74, 0x68, 0xb2, 0x5c, 0x3b, 0x4c, 0xad,
775 0x0b, 0x3f, 0x03, 0xb3, 0x07, 0x8a, 0x64, 0xa7,
776 0x36, 0x56, 0x26, 0x39, 0x66, 0xda, 0xe9, 0x6d,
777 0x1b, 0xd5, 0x88, 0xe8, 0x5c, 0xaf, 0x5a, 0x4c,
778 0x49, 0xf7, 0xf5, 0xb7, 0x78, 0xf0, 0xde, 0xec,
779 0xcd, 0x16, 0x23, 0x9e, 0x8c, 0x13, 0xbe, 0x6b,
780 0x6f, 0x9b, 0x07, 0xe5, 0xbb, 0xcc, 0x3a, 0x1b,
781 0x6f, 0x43, 0xdf, 0xff, 0x46, 0x2a, 0xae, 0x47,
782 0x19, 0x18, 0x9a, 0x25, 0x09, 0xc9, 0x24, 0x40,
783 0x0c, 0x4b, 0xa7, 0xda, 0x5e, 0x0d, 0xee, 0xfa,
784 0x62, 0x45, 0x8e, 0xcc, 0x2f, 0x23, 0x08, 0x1d,
785 0x92, 0xf0, 0xfe, 0x82, 0x0f, 0xd7, 0x11, 0x60,
786 0x7e, 0x0b, 0x0b, 0x75, 0xf4, 0xf5, 0x3b, 0xc0,
787 0xa4, 0xe8, 0x72, 0xa5, 0xb6, 0xfa, 0x5a, 0xad,
788 0x5a, 0x4f, 0x39, 0xb5, 0xa2, 0x12, 0x96, 0x0a,
789 0x32, 0x84, 0xb2, 0xa1, 0x06, 0x68, 0x56, 0x57,
790 0x97, 0xa3, 0x7b, 0x22, 0x61, 0x76, 0x5d, 0x30,
791 0x1a, 0x31, 0xab, 0x99, 0x06, 0xc5, 0x1a, 0x96,
792 0xcf, 0xcf, 0x14, 0xff, 0xb2, 0xc4, 0xcc, 0x2b,
793 0xbf, 0x0c, 0x9d, 0x91, 0x8f, 0x79, 0x5b, 0xbc,
794 0xa9, 0x6b, 0x91, 0x6a, 0xb4, 0x93, 0x5c, 0x7b,
795 0x5d, 0xc2, 0x8a, 0x75, 0xc0, 0xc1, 0x08, 0xfa,
796 0x99, 0xf9, 0x4d, 0x5e, 0x0c, 0x06, 0x64, 0x60,
797 0xa9, 0x01, 0x4a, 0x34, 0x0f, 0x33, 0x84, 0x95,
798 0x69, 0x30, 0xc1, 0x1c, 0x36, 0xf8, 0xfc, 0x30,
799 0x23, 0xb2, 0x71, 0xe5, 0x52, 0x4d, 0x12, 0x1a,
800 0xc9, 0xbe, 0xee, 0xc9, 0xcb, 0x01, 0x85, 0xf3,
801 0xdb, 0x30, 0xf9, 0x41, 0xa9, 0x40, 0xb0, 0x06,
802 0x29, 0x77, 0xcd, 0xc5, 0xec, 0x58, 0x02, 0x48,
803 0x83, 0x53, 0x44, 0x6a, 0xd2, 0xca, 0x05, 0xd8,
804 0x5a, 0x08, 0xeb, 0xa9, 0xf4, 0xe6, 0xc7, 0x9d,
805 0xd5, 0x7b, 0x74, 0x0b, 0x31, 0xb7, 0xa5, 0x57,
806 0x7c, 0x7a, 0xfd, 0x1a, 0x0e, 0xd7, 0x97, 0x41,
807 0xbf, 0xdd, 0xc6, 0x19, 0x6c, 0x77, 0x8c, 0x18,
808 0x52, 0x57, 0x83, 0xba, 0x71, 0x25, 0xee, 0x39,
809 0xbb, 0xe2, 0x43, 0xa0, 0x14, 0xdc, 0x0e, 0x84,
810 0xb4, 0x2b, 0xde, 0x3e, 0xe5, 0x36, 0xb7, 0xa2,
811 0x92, 0x98, 0x05, 0xb8, 0x96, 0xe5, 0xd0, 0x8c,
812 0x08, 0x93, 0x35, 0xc2, 0x81, 0xe0, 0xfc, 0x59,
813 0x71, 0xe2, 0x44, 0x49, 0x5d, 0xda, 0xfb, 0x9c,
814 0xaa, 0x70, 0x9f, 0x43, 0xa8, 0xa5, 0xd9, 0x67,
815 0xd9, 0x8f, 0xa3, 0x1e, 0xbe, 0x0e, 0xec, 0xdf,
816 0x12, 0x2b, 0x6a, 0xe7, 0x1c, 0x12, 0x17, 0xe7,
817 0xc4, 0x6d, 0x50, 0xc9, 0x52, 0x7a, 0xd5, 0xe8,
818 0x7f, 0xbc, 0x07, 0x15, 0xac, 0xdb, 0x93, 0x66,
819 0xb1, 0xf0, 0xa7, 0x7b, 0x2f, 0xe9, 0xec, 0xd0,
820 0x47, 0x69, 0x59, 0x87, 0xf1, 0x4c, 0x3e, 0x4b,
821 0x9b, 0x11, 0x79, 0x13, 0xe4, 0x96, 0xf6, 0x56,
822 0x04, 0x6e, 0x0b, 0x33, 0xfc, 0x40, 0xf6, 0xc7,
823 0xc1, 0x43, 0xb1, 0xbf, 0x0e, 0xb3, 0x87, 0xfd,
824 0x0b, 0x1c, 0x63, 0x46, 0x3a, 0xd3, 0xa0, 0x17,
825 0x59, 0x25, 0x94, 0x6c, 0x9c, 0x3d, 0x0c, 0x81,
826 0xce, 0x82, 0x72, 0x42, 0x28, 0xf9, 0x37, 0x6a,
827 0x6d, 0xe4, 0x12, 0xf4, 0x21, 0xaa, 0xf7, 0xfe,
828 0x27, 0x55, 0x40, 0x1a, 0x14, 0xc3, 0x39, 0x5b,
829 0xbf, 0x63, 0xc2, 0x5f, 0x10, 0x1f, 0x14, 0x25,
830 0xd0, 0xce, 0xf3, 0x14, 0x48, 0x13, 0xa5, 0x0b,
831 0x4d, 0x38, 0xcf, 0x0d, 0x34, 0xc0, 0x0a, 0x11,
832 0xb4, 0xb5, 0x72, 0xc8, 0x4b, 0xc2, 0x6f, 0xe7,
833 0x9d, 0x93, 0xf7, 0xdf, 0xb8, 0x43, 0x72, 0x7e,
834 0xda, 0x3e, 0x20, 0x1f, 0xbc, 0x21, 0x2a, 0xce,
835 0x00, 0xfa, 0x96, 0x9f, 0x3d, 0xe5, 0x88, 0x96,
836 0xef, 0x29, 0x84, 0xdf, 0x6c, 0x1c, 0x96, 0xd8,
837 0x58, 0x47, 0xaa, 0x92, 0xf3, 0x07, 0xe5, 0xfb,
838 0xaf, 0xea, 0x95, 0x7e, 0x0b, 0x71, 0xcd, 0x81,
839 0x0f, 0xb7, 0x0a, 0x59, 0x8f, 0x31, 0x4d, 0xd1,
840 0xc3, 0xf3, 0x2f, 0x70, 0x5c, 0x59, 0x18, 0x97,
841 0xaf, 0x77, 0x95, 0x5e, 0xaf, 0x40, 0x06, 0x12,
842 0x81, 0x61, 0x86, 0x08, 0x4e, 0xbc, 0x89, 0x46,
843 0x07, 0x2e, 0x5b, 0x10, 0xaa, 0x12, 0xf0, 0xa7,
844 0x84, 0xe2, 0x9a, 0x08, 0xf1, 0xde, 0x59, 0xe3,
845 0x0e, 0x47, 0x4b, 0xff, 0xc3, 0xc9, 0x18, 0xaf,
846 0x95, 0x9c, 0x67, 0x2a, 0xde, 0x8a, 0x7a, 0x99,
847 0x04, 0xc4, 0xb8, 0x97, 0x4c, 0x04, 0x29, 0x71,
848 0x05, 0xda, 0xb3, 0xd6, 0xdb, 0x6c, 0x71, 0xe6,
849 0xe8, 0x03, 0xbf, 0x94, 0x7d, 0xde, 0x3d, 0xc8,
850 0x44, 0xfa, 0x7d, 0x62, 0xb4, 0x36, 0x03, 0xee,
851 0x36, 0x52, 0x64, 0xb4, 0x85, 0x6d, 0xd5, 0x78,
852 0xf0, 0x6f, 0x67, 0x2d, 0x0e, 0xe0, 0x2c, 0x88,
853 0x9b, 0x55, 0x19, 0x29, 0x40, 0xf6, 0x8c, 0x12,
854 0xbb, 0x2c, 0x83, 0x96, 0x40, 0xc0, 0x36, 0xf5,
855 0x77, 0xff, 0x70, 0x8c, 0x75, 0x92, 0x0b, 0xad,
856 0x05, 0x9b, 0x7e, 0xa2, 0xfc, 0xa9, 0xd1, 0x64,
857 0x76, 0x82, 0x13, 0xba, 0x22, 0x5e, 0x33, 0x0e,
858 0x26, 0x70, 0xa9, 0xbe, 0x74, 0x28, 0xf5, 0xe2,
859 0xc4, 0x96, 0xee, 0x3a, 0xbc, 0x97, 0xa6, 0x2c,
860 0x2a, 0xe0, 0x64, 0x8d, 0x35, 0xc6, 0x1a, 0xca,
861 0xf4, 0x92, 0xfa, 0xc3, 0xf1, 0x1f, 0x98, 0xe4,
862 0x43, 0x88, 0x69, 0x3a, 0x09, 0xbf, 0x63, 0xe5,
863 0x96, 0x29, 0x0b, 0x9b, 0x62, 0x23, 0x14, 0x8a,
864 0x95, 0xe4, 0x1c, 0x5c, 0x0a, 0xa9, 0xc5, 0xb9,
865 0x6f, 0x4f, 0x2b, 0x25, 0x6f, 0x74, 0x1e, 0x18,
866 0xd5, 0xfe, 0x27, 0x7d, 0x3f, 0x6e, 0x55, 0x2c,
867 0x67, 0xe6, 0xde, 0xb5, 0xcc, 0xc0, 0x2d, 0xff,
868 0xc4, 0xe4, 0x06, 0x21, 0xa5, 0xc8, 0xd3, 0xd6,
869 0x6c, 0xa1, 0xc3, 0xfb, 0x88, 0x92, 0xb1, 0x1d,
870 0x90, 0xe1, 0x35, 0x05, 0x9b, 0x29, 0x6d, 0xba,
871 0xf1, 0xf4, 0x1e, 0x23, 0x2e
872 }
873 },
874 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
875 5242880+8,
876 { 0 },
877 "id-Gost28147-89-CryptoPro-A-ParamSet",
878 "test5Mcnt",
879 {
880 0x07, 0x52, 0x65, 0xe7, 0xca, 0xa3, 0xca, 0x45,
881 0xcf, 0x3a, 0x05, 0x1d, 0x38, 0x03, 0x53, 0x0c,
882 0x22, 0x31, 0xba, 0x99, 0x4f, 0x9b, 0x6a, 0x1b,
883 0x7e, 0x09, 0x9d, 0x4e, 0xb5, 0xc9, 0x84, 0x2e
884 },
885 G89_CNT,
886 {
887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
888 },
889 {
890 0x3d, 0x05, 0x07, 0x57, 0xc0, 0x75, 0x89, 0x97,
891 0xd6, 0x94, 0x49, 0x11, 0x1d, 0xd0, 0x91, 0xee
892 }
893 },
894 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
895 U64(4294967296)+16,
896 { 0 },
897 "id-Gost28147-89-CryptoPro-A-ParamSet",
898 "test4Gcnt",
899 {
900 0x75, 0xa3, 0x3c, 0xae, 0x03, 0x6b, 0x10, 0xdb,
901 0xc1, 0x56, 0x50, 0x89, 0x03, 0xd2, 0x9f, 0x91,
902 0xee, 0xe8, 0x64, 0x1d, 0x43, 0xf2, 0x4e, 0xf8,
903 0xf2, 0x6c, 0xed, 0xda, 0x8f, 0xe4, 0x88, 0xe9
904 },
905 G89_CNT,
906 {
907 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
908 },
909 {
910 0xfa, 0x6c, 0x96, 0x78, 0xe2, 0xf8, 0xdd, 0xaa,
911 0x67, 0x5a, 0xc9, 0x5d, 0x57, 0xf1, 0xbd, 0x99
912 }
913 },
914 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
915 1035,
916 {
917 0xd6, 0xcf, 0x31, 0x96, 0x9c, 0xa1, 0xfb, 0xd6,
918 0x8d, 0xa3, 0xdd, 0x01, 0xd9, 0x88, 0xc0, 0x2f,
919 0xbc, 0x46, 0xc7, 0x3a, 0xe4, 0x21, 0x86, 0x96,
920 0x8d, 0xe2, 0xca, 0xb6, 0x37, 0xa2, 0xe1, 0xa8,
921 0x7e, 0xa7, 0x79, 0x2e, 0xa4, 0x56, 0x75, 0x7f,
922 0x3e, 0x55, 0x8b, 0x43, 0xae, 0x65, 0xdf, 0xaa,
923 0x42, 0xb6, 0x00, 0xa6, 0x61, 0x03, 0x0d, 0xd3,
924 0x41, 0x02, 0x27, 0x23, 0x95, 0x79, 0x9b, 0x34,
925 0x81, 0xa9, 0x86, 0xb5, 0xa7, 0x90, 0xe2, 0xae,
926 0xc4, 0x2f, 0xc3, 0x8e, 0x32, 0x56, 0x13, 0xfa,
927 0x4d, 0x4e, 0x9f, 0x15, 0x75, 0x7e, 0x74, 0xdc,
928 0x32, 0x2d, 0xee, 0x4d, 0x67, 0x70, 0x9f, 0x62,
929 0xb9, 0xc4, 0xdb, 0x24, 0x84, 0xcc, 0x16, 0x7b,
930 0xda, 0x22, 0xf7, 0xc5, 0xf3, 0x93, 0x35, 0x73,
931 0xc6, 0x03, 0x1c, 0x77, 0xa5, 0xf2, 0x76, 0x56,
932 0xb4, 0x95, 0xd4, 0x7e, 0x0d, 0x20, 0xc6, 0x6e,
933 0xee, 0x8f, 0x25, 0x48, 0xff, 0x7e, 0x01, 0x3a,
934 0xb4, 0x1f, 0xaa, 0x35, 0xc0, 0x33, 0x58, 0x9c,
935 0xb5, 0xba, 0x65, 0x4b, 0xd3, 0x51, 0x14, 0xec,
936 0x61, 0xce, 0xe4, 0xba, 0x49, 0xba, 0x39, 0x32,
937 0xab, 0xce, 0x81, 0x72, 0xce, 0xab, 0xed, 0xd4,
938 0xd2, 0x19, 0x87, 0x85, 0x92, 0xfa, 0x64, 0x34,
939 0xd8, 0x86, 0xf4, 0x8a, 0x08, 0x3c, 0xde, 0xee,
940 0x97, 0x92, 0x92, 0x69, 0xba, 0x9b, 0x5f, 0x7a,
941 0x03, 0xc1, 0x5d, 0x43, 0x02, 0x8c, 0xbe, 0xd2,
942 0x46, 0x72, 0x81, 0x40, 0x7d, 0x68, 0x98, 0x45,
943 0x0b, 0x54, 0x27, 0x1c, 0xaf, 0x80, 0x42, 0xe4,
944 0xd5, 0xd4, 0xe4, 0xa2, 0x98, 0x07, 0x8f, 0x03,
945 0xf5, 0x2c, 0x8c, 0x88, 0xca, 0x5a, 0xde, 0xe4,
946 0x9f, 0xb1, 0x5f, 0x82, 0xff, 0x20, 0x67, 0x52,
947 0x85, 0x84, 0x4f, 0xc8, 0xfe, 0xa7, 0x9e, 0xae,
948 0x1c, 0xfa, 0xb8, 0x75, 0xd3, 0xf7, 0x9f, 0x0d,
949 0xda, 0x2d, 0xe6, 0xcc, 0x86, 0x6b, 0xa4, 0x14,
950 0x65, 0xc3, 0xf9, 0x15, 0xbc, 0x87, 0xf5, 0xae,
951 0x8c, 0x10, 0xd4, 0xce, 0x5b, 0x9c, 0xe2, 0xdd,
952 0x42, 0x03, 0x09, 0x87, 0x47, 0xed, 0x5d, 0xd0,
953 0x7a, 0x69, 0x4c, 0xfa, 0x43, 0x7d, 0xbf, 0x07,
954 0x85, 0x6a, 0xee, 0x68, 0xe6, 0x7a, 0x57, 0xb2,
955 0x20, 0x8d, 0x80, 0xf2, 0x91, 0x6f, 0x5c, 0x07,
956 0x8c, 0xe4, 0x6a, 0x49, 0x90, 0x85, 0x8b, 0x77,
957 0x29, 0x56, 0x1c, 0x5e, 0xa9, 0x3f, 0xab, 0x8b,
958 0x79, 0xa3, 0x6f, 0x6b, 0x34, 0xcb, 0x61, 0xf6,
959 0xe6, 0x92, 0xd1, 0x48, 0x9e, 0x11, 0xa2, 0x82,
960 0xc0, 0x4e, 0x23, 0xd2, 0x15, 0x0d, 0x8d, 0xff,
961 0xfa, 0x17, 0x9d, 0x81, 0xb8, 0xbc, 0xd7, 0x5b,
962 0x08, 0x81, 0x20, 0x40, 0xc0, 0x3c, 0x06, 0x8b,
963 0x1a, 0x88, 0x0b, 0x4b, 0x7b, 0x31, 0xf5, 0xd4,
964 0x4e, 0x09, 0xd1, 0x4d, 0x0d, 0x7f, 0x45, 0xd1,
965 0x09, 0x35, 0xba, 0xce, 0x65, 0xdd, 0xf2, 0xb8,
966 0xfb, 0x7a, 0xbc, 0xc4, 0x4b, 0xc8, 0x75, 0xda,
967 0x6b, 0xce, 0x3d, 0xe8, 0x94, 0xcc, 0x23, 0x6f,
968 0xb0, 0x3b, 0x4f, 0x7d, 0x07, 0xb9, 0x0f, 0x62,
969 0x92, 0x7e, 0xda, 0x70, 0x50, 0xce, 0xd3, 0x28,
970 0x12, 0x11, 0x00, 0xeb, 0x8d, 0x63, 0x70, 0x78,
971 0xa8, 0x7b, 0x76, 0xab, 0xc6, 0x40, 0xc0, 0x4e,
972 0x80, 0xdd, 0xf0, 0xfe, 0x83, 0x72, 0x56, 0x4c,
973 0x09, 0x4c, 0xf1, 0x72, 0x72, 0x86, 0x26, 0x31,
974 0xc3, 0xc2, 0xdc, 0x8e, 0xc7, 0xf4, 0x35, 0xec,
975 0x17, 0x06, 0x63, 0x47, 0x49, 0x88, 0x47, 0xaf,
976 0xb3, 0x38, 0x4f, 0x7e, 0x44, 0x95, 0xb5, 0xbb,
977 0x1d, 0xbd, 0x5a, 0x91, 0x5b, 0xd0, 0x1a, 0xdf,
978 0x0d, 0x0b, 0x50, 0xd8, 0xe2, 0x0e, 0xc5, 0x00,
979 0x2d, 0x5b, 0x29, 0x19, 0xaa, 0x2b, 0x64, 0xc5,
980 0x40, 0x31, 0x48, 0x11, 0xbc, 0x04, 0xd1, 0xcf,
981 0x6d, 0xf9, 0xa5, 0x2f, 0x4a, 0xc9, 0x82, 0xfa,
982 0x59, 0xe1, 0xfc, 0xab, 0x1c, 0x33, 0x26, 0x0a,
983 0x5f, 0xef, 0xf2, 0x06, 0xd8, 0xd3, 0x7e, 0x16,
984 0x58, 0x16, 0x78, 0x73, 0xae, 0xba, 0xeb, 0xe5,
985 0x3d, 0xb2, 0x0a, 0xb3, 0x32, 0x2d, 0x14, 0xa4,
986 0xfa, 0x3f, 0x1f, 0x43, 0xf9, 0x7b, 0xa9, 0x43,
987 0x98, 0x18, 0x94, 0x07, 0x07, 0xe5, 0x19, 0x34,
988 0xa8, 0x16, 0x5f, 0x71, 0x67, 0xaa, 0x29, 0xe5,
989 0xfa, 0xf0, 0x83, 0x06, 0x1d, 0x9d, 0xfc, 0xfe,
990 0xfe, 0x8c, 0xb5, 0xb2, 0xa9, 0xe7, 0xa0, 0x40,
991 0x60, 0xb6, 0x71, 0x9e, 0xab, 0x5b, 0x83, 0xb9,
992 0x0c, 0x2b, 0x58, 0x23, 0x80, 0x09, 0x9e, 0x5d,
993 0x94, 0x7d, 0x40, 0x76, 0xa9, 0x16, 0x96, 0x9e,
994 0x83, 0xe0, 0x0d, 0xec, 0xa0, 0xec, 0x76, 0x2a,
995 0xb7, 0xa0, 0xff, 0xb8, 0x50, 0x4c, 0x5b, 0xc6,
996 0x8b, 0x0a, 0x65, 0x2e, 0xfe, 0xb4, 0x40, 0x9a,
997 0x01, 0xd8, 0xc6, 0xa3, 0xab, 0x99, 0xa2, 0xc5,
998 0x0c, 0x08, 0xc4, 0xb7, 0xee, 0x4d, 0x1d, 0xc4,
999 0x08, 0x15, 0xd0, 0xdb, 0xaa, 0x63, 0x4f, 0x31,
1000 0xeb, 0x14, 0x97, 0x43, 0xbd, 0xc1, 0x94, 0x08,
1001 0xe6, 0xde, 0x43, 0x9f, 0x95, 0x0b, 0x96, 0x7e,
1002 0x7f, 0x3c, 0x68, 0xba, 0x6f, 0xc4, 0xc9, 0x35,
1003 0x2b, 0xc4, 0x0e, 0xda, 0x1f, 0x91, 0x68, 0x64,
1004 0x63, 0x34, 0x73, 0xbe, 0x57, 0x75, 0xb9, 0xed,
1005 0xf7, 0x2d, 0x3b, 0x05, 0x21, 0x93, 0x28, 0x48,
1006 0x96, 0x95, 0x97, 0xa0, 0xd2, 0x7d, 0x78, 0xbb,
1007 0x6a, 0x49, 0x8f, 0x76, 0x55, 0x74, 0x63, 0xb9,
1008 0xc5, 0x36, 0x12, 0x25, 0xbf, 0x03, 0x82, 0x8f,
1009 0xf0, 0xf6, 0x80, 0xbb, 0x33, 0xb4, 0xf4, 0x17,
1010 0x27, 0x1c, 0xf3, 0x4c, 0x10, 0xa3, 0xe4, 0xd1,
1011 0x55, 0xd9, 0x68, 0x21, 0x4e, 0x5a, 0x83, 0x67,
1012 0xbf, 0xf8, 0x3c, 0x7d, 0x4e, 0x62, 0xd3, 0x28,
1013 0xa7, 0x26, 0x6f, 0xe9, 0xee, 0xc2, 0x0b, 0x2d,
1014 0x03, 0x84, 0xb1, 0xff, 0xd6, 0x68, 0x1f, 0xb6,
1015 0xf2, 0xe4, 0x0f, 0xda, 0x2d, 0xee, 0x5f, 0x6e,
1016 0x21, 0xc8, 0xe1, 0xfc, 0xad, 0x6b, 0x0e, 0x04,
1017 0x7d, 0xaf, 0xc2, 0x3b, 0xa5, 0x68, 0x9b, 0x0c,
1018 0xf3, 0x56, 0xf3, 0xda, 0x8d, 0xc8, 0x7d, 0x39,
1019 0xdc, 0xd5, 0x99, 0xc6, 0x01, 0x10, 0xce, 0x42,
1020 0x1b, 0xac, 0x48, 0xdc, 0x97, 0x78, 0x0a, 0xec,
1021 0xb3, 0x8f, 0x47, 0x35, 0xa3, 0x6a, 0x64, 0xb2,
1022 0x8e, 0x63, 0x69, 0x22, 0x66, 0xae, 0x2e, 0xe0,
1023 0x88, 0xf9, 0x40, 0x3c, 0xc9, 0xa2, 0x57, 0x61,
1024 0xf6, 0xad, 0xf0, 0xdc, 0x90, 0x56, 0x3f, 0x06,
1025 0x9b, 0x7d, 0xbd, 0xc2, 0x81, 0x02, 0xab, 0xb8,
1026 0x15, 0x09, 0x88, 0x4a, 0xff, 0x2f, 0x31, 0xbf,
1027 0x5e, 0xfa, 0x6a, 0x7e, 0xf6, 0xc5, 0xa7, 0xf7,
1028 0xd5, 0xab, 0x55, 0xac, 0xae, 0x0d, 0x8c, 0x8d,
1029 0x7f, 0x4b, 0x25, 0xbb, 0x32, 0xff, 0x11, 0x33,
1030 0x2e, 0x37, 0x37, 0x69, 0x96, 0x15, 0x17, 0xb1,
1031 0x17, 0x49, 0xe0, 0x9a, 0x9c, 0xd9, 0x5b, 0x8d,
1032 0x58, 0xa3, 0x1d, 0x92, 0x87, 0xf8, 0x80, 0xb9,
1033 0xbd, 0x5a, 0xec, 0x40, 0xe1, 0x00, 0x33, 0x60,
1034 0xe4, 0x86, 0x16, 0x6d, 0x61, 0x81, 0xf2, 0x28,
1035 0x6a, 0xa7, 0xce, 0x3f, 0x95, 0xae, 0x43, 0xca,
1036 0xe1, 0x3f, 0x81, 0x74, 0x7e, 0x1c, 0x47, 0x17,
1037 0x95, 0xc6, 0x60, 0xda, 0x74, 0x77, 0xd9, 0x9f,
1038 0xfa, 0x92, 0xb4, 0xbe, 0xe1, 0x23, 0x98, 0x18,
1039 0x95, 0x63, 0x03, 0x13, 0x4c, 0x1a, 0x2d, 0x41,
1040 0xcd, 0xe4, 0x84, 0xf7, 0xe6, 0x38, 0xef, 0xff,
1041 0x95, 0xb2, 0xe8, 0x7c, 0x8f, 0x58, 0xb5, 0xb5,
1042 0xed, 0x27, 0x7f, 0x3c, 0x18, 0xab, 0xbe, 0x7f,
1043 0x4f, 0xe2, 0x35, 0x15, 0x71, 0xb7, 0x6f, 0x85,
1044 0x38, 0x9b, 0x88, 0xf6, 0x9c, 0x8d, 0x43, 0xb5,
1045 0x58, 0x9e, 0xf2, 0xd1, 0x96, 0xbe, 0xb7, 0xad,
1046 0x1a, 0xa0, 0x98
1047 },
1048 "id-Gost28147-89-CryptoPro-A-ParamSet",
1049 "testimit2",
1050 {
1051 0x80, 0xd9, 0xa0, 0xdc, 0x21, 0xf9, 0x30, 0x40,
1052 0x75, 0xfe, 0x49, 0x1b, 0x9e, 0x71, 0x90, 0x91,
1053 0x78, 0x88, 0x21, 0x60, 0x39, 0xe7, 0xc9, 0x2b,
1054 0xfb, 0x55, 0x1d, 0xf4, 0xdd, 0x2b, 0x0a, 0x01
1055 },
1056 G89_IMIT,
1057 { 0 },
1058 {
1059 0x90, 0xf2, 0x11, 0x9a
1060 }
1061 },
1062 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1063 10,
1064 {
1065 0x1d, 0xeb, 0xe6, 0x79, 0x0a, 0x59, 0x00, 0xe6,
1066 0x8e, 0x5c
1067 },
1068 "id-Gost28147-89-CryptoPro-A-ParamSet",
1069 "testimit3",
1070 {
1071 0xa9, 0xb6, 0x37, 0xcc, 0x6d, 0x9b, 0x2f, 0x25,
1072 0xb0, 0xdf, 0x47, 0x04, 0x50, 0x68, 0xb0, 0x27,
1073 0x41, 0x27, 0x58, 0x6a, 0xbd, 0x0a, 0x6e, 0x50,
1074 0x2f, 0xc6, 0xfc, 0xc0, 0x3e, 0x29, 0x42, 0xa5
1075 },
1076 G89_IMIT,
1077 { 0 },
1078 {
1079 0x31, 0x7c, 0x16, 0xe4
1080 }
1081 },
1082 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1083 6,
1084 {
1085 0xef, 0x06, 0x8f, 0x14, 0xc9, 0x04
1086 },
1087 "id-Gost28147-89-CryptoPro-A-ParamSet",
1088 "testimit4",
1089 {
1090 0xb0, 0x6c, 0x48, 0x23, 0x0a, 0x6e, 0xf4, 0xec,
1091 0x27, 0x98, 0x01, 0x23, 0xa7, 0xd8, 0xbf, 0x60,
1092 0x89, 0xef, 0xad, 0xe8, 0x8f, 0x79, 0x14, 0x8c,
1093 0x18, 0x5c, 0x9a, 0xda, 0xef, 0x0b, 0xdd, 0xa0
1094 },
1095 G89_IMIT,
1096 { 0 },
1097 {
1098 0xe9, 0x72, 0xae, 0xbf
1099 }
1100 },
1101 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1102 16,
1103 {
1104 0x02, 0xf8, 0xec, 0x2b, 0x4d, 0x1f, 0xbc, 0x7c,
1105 0x6e, 0x47, 0xe3, 0x87, 0x22, 0x75, 0x41, 0xa7
1106 },
1107 "id-Gost28147-89-CryptoPro-B-ParamSet",
1108 "testimit5",
1109 {
1110 0x33, 0xd3, 0xef, 0x01, 0x19, 0x95, 0x0e, 0x15,
1111 0xa1, 0x69, 0x75, 0xae, 0x56, 0x27, 0x17, 0x79,
1112 0x63, 0x47, 0xab, 0x62, 0x9d, 0x4a, 0xf0, 0x34,
1113 0xd3, 0x1e, 0x69, 0x74, 0xec, 0x31, 0x48, 0xfc
1114 },
1115 G89_IMIT,
1116 { 0 },
1117 {
1118 0xf5, 0x55, 0x1f, 0x28
1119 }
1120 },
1121 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1122 8,
1123 {
1124 0xf3, 0xb2, 0x29, 0xd2, 0x7a, 0x37, 0x03, 0x12
1125 },
1126 "id-Gost28147-89-CryptoPro-A-ParamSet",
1127 "testimit6",
1128 {
1129 0x42, 0x35, 0x81, 0x91, 0x0b, 0xa9, 0x99, 0xff,
1130 0xd9, 0x43, 0xf8, 0xc6, 0x19, 0x55, 0x1f, 0x2f,
1131 0x2d, 0x45, 0x40, 0x20, 0x1e, 0x1d, 0x32, 0x7a,
1132 0xb1, 0x07, 0x6b, 0x4f, 0x45, 0x90, 0xd9, 0x80
1133 },
1134 G89_IMIT,
1135 { 0 },
1136 {
1137 0x6e, 0x15, 0xfa, 0xe8
1138 }
1139 },
1140 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1141 0,
1142 {
1143 0
1144 },
1145 "id-Gost28147-89-CryptoPro-A-ParamSet",
1146 "testimit7",
1147 {
1148 0x26, 0xcb, 0xb9, 0xf0, 0x0c, 0x62, 0x9f, 0xaa,
1149 0x4a, 0x1d, 0xb6, 0x30, 0x09, 0x01, 0x56, 0x89,
1150 0x66, 0xd4, 0xe4, 0x0e, 0xfe, 0xf6, 0x10, 0x6b,
1151 0x6c, 0xe8, 0x04, 0x3a, 0xe3, 0x61, 0x4b, 0x19
1152 },
1153 G89_IMIT,
1154 { 0 },
1155 {
1156 0x00, 0x00, 0x00, 0x00
1157 }
1158 },
1159 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1160 5242880,
1161 { 0 },
1162 "id-Gost28147-89-CryptoPro-A-ParamSet",
1163 "test5Mimit",
1164 {
1165 0xaa, 0x85, 0x84, 0xcd, 0x65, 0x28, 0xe1, 0xdb,
1166 0xb8, 0x20, 0x19, 0x43, 0xe0, 0x36, 0x35, 0x10,
1167 0x19, 0xc3, 0x70, 0x5b, 0x27, 0xc1, 0x9d, 0x84,
1168 0x75, 0xa3, 0xc6, 0x49, 0x46, 0x8f, 0x7c, 0x4e
1169 },
1170 G89_IMIT,
1171 { 0 },
1172 {
1173 0x2a, 0xe6, 0x23, 0xc6
1174 }
1175 },
1176 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1177 3221225472U + 16,
1178 { 0 },
1179 "id-Gost28147-89-CryptoPro-A-ParamSet",
1180 "test3Gimit1",
1181 {
1182 0xd5, 0xda, 0xfe, 0x06, 0x60, 0xdc, 0xf0, 0xb3,
1183 0x49, 0x5a, 0x02, 0x59, 0xc8, 0x2e, 0x4a, 0x2b,
1184 0xcc, 0x9b, 0x98, 0x04, 0xb7, 0xf2, 0x78, 0xb7,
1185 0xce, 0xa3, 0xf2, 0xdb, 0x9e, 0xa8, 0x49, 0x1d
1186 },
1187 G89_IMIT,
1188 { 0 },
1189 {
1190 0xcc, 0x46, 0x67, 0xe4
1191 }
1192 },
1193 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1194 U64(4)*1024*1024*1024,
1195 { 0 },
1196 "id-Gost28147-89-CryptoPro-A-ParamSet",
1197 "test4Gimit3",
1198 {
1199 0x0d, 0xf1, 0xa8, 0x7f, 0x57, 0x03, 0x44, 0xcc,
1200 0xdb, 0x20, 0xde, 0xed, 0x85, 0x50, 0x38, 0xda,
1201 0xc9, 0x44, 0xec, 0x2c, 0x0d, 0x66, 0xb7, 0xdc,
1202 0x17, 0x14, 0x55, 0x95, 0x33, 0x6e, 0x43, 0x3e
1203 },
1204 G89_IMIT,
1205 { 0 },
1206 {
1207 0xb7, 0x21, 0x2e, 0x48
1208 }
1209 },
1210 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1211 U64(4)*1024*1024*1024+4,
1212 { 0 },
1213 "id-Gost28147-89-CryptoPro-A-ParamSet",
1214 "test4Gimit1",
1215 {
1216 0x0c, 0xf3, 0xe9, 0xb0, 0x28, 0x3b, 0x9f, 0x8b,
1217 0xe3, 0x82, 0xb9, 0xa2, 0xa6, 0xbd, 0x80, 0xd2,
1218 0xcd, 0xfa, 0x3f, 0xf7, 0x90, 0xa7, 0x55, 0x06,
1219 0x9b, 0x7a, 0x58, 0xee, 0xe7, 0xf1, 0x9d, 0xbe
1220 },
1221 G89_IMIT,
1222 { 0 },
1223 {
1224 0xda, 0x15, 0x10, 0x73
1225 }
1226 },
1227 { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */
1228 U64(4)*1024*1024*1024+10,
1229 { 0 },
1230 "id-Gost28147-89-CryptoPro-A-ParamSet",
1231 "test4Gimit2",
1232 {
1233 0x97, 0x1a, 0x42, 0x22, 0xfa, 0x07, 0xb2, 0xca,
1234 0xf9, 0xd2, 0x34, 0x5a, 0x92, 0xb1, 0x1f, 0x6b,
1235 0x53, 0xf8, 0xaf, 0xed, 0x9a, 0x73, 0xc4, 0x38,
1236 0xd7, 0x7d, 0x25, 0x81, 0x00, 0x0d, 0xd4, 0x29
1237 },
1238 G89_IMIT,
1239 { 0 },
1240 {
1241 0x52, 0xaa, 0x22, 0xb4
1242 }
1243 }
1244};
1245
1246/* const */ unsigned char bZB[40*1024*1024];
1247unsigned char bTS[40*1024*1024];
1248
1249int main(int argc, char *argv[])
1250{
1251 unsigned int t;
1252 uint64_t ullMaxLen = 6*1000*1000;
1253 int ignore = 0;
1254 EVP_MD_CTX mctx;
1255 EVP_CIPHER_CTX ectx;
1256 EVP_PKEY *mac_key;
1257 unsigned char bDerive[EVP_MAX_KEY_LENGTH];
1258 unsigned char bTest[G89_MAX_TC_LEN];
1259 unsigned char bTest1[G89_MAX_TC_LEN];
1260 uint64_t ullLeft;
1261 unsigned int mdl = 0;
1262 int enlu = 0;
1263 int enlf = 0;
1264 size_t siglen;
1265 size_t l = 0;
1266 BIO *bio_err;
1267 const EVP_MD *md_gost94 = NULL;
1268 const EVP_CIPHER *cp_g89ecb = NULL;
1269 const EVP_CIPHER *cp_g89cfb = NULL;
1270 const EVP_CIPHER *cp_g89cnt = NULL;
1271 const EVP_CIPHER *ctype = NULL;
1272 const EVP_MD *md_g89imit = NULL;
1273
1274 printf("Testing GOST 28147-89 ");
1275
1276 if(1 < argc) {
1277 if(1 != sscanf(argv[1], "%" SCNu64, &ullMaxLen) ||
1278 ( 2 < argc ?
1279 1 != sscanf(argv[2], "%d", &ignore) : 0)) {
1280 fflush(NULL);
1281 fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n",
1282 argv[0]);
1283 return 1;
1284 }
1285 }
1286
1287 ERR_load_crypto_strings();
1288 ENGINE_load_builtin_engines();
1289 OPENSSL_load_builtin_modules();
1290 OpenSSL_add_all_algorithms();
1291
1292 memset(bZB, 0, sizeof bZB);
1293 memset(bTS, 0, sizeof bTS);
1294
1295 /* Test load engine */
1296 if(NULL == (md_gost94 = EVP_get_digestbyname(SN_id_GostR3411_94))) {
1297 fflush(NULL);
1298 fprintf(stderr, "\"" SN_id_GostR3411_94 "\" - not found\n");
1299 if(!ignore) {
1300 return 7;
1301 }
1302 }
1303 if(NULL == (cp_g89cfb = EVP_get_cipherbyname(SN_id_Gost28147_89))) {
1304 fflush(NULL);
1305 fprintf(stderr, "\"" SN_id_Gost28147_89 "\" - not found\n");
1306 if(!ignore) {
1307 return 8;
1308 }
1309 }
1310 if(NULL == (cp_g89cnt = EVP_get_cipherbyname(SN_gost89_cnt))) {
1311 fflush(NULL);
1312 fprintf(stderr, "\"" SN_gost89_cnt "\" - not found\n");
1313 if(!ignore) {
1314 return 9;
1315 }
1316 }
1317 if(NULL == (cp_g89ecb = EVP_get_cipherbyname(SN_gost89_ecb))) {
1318 fflush(NULL);
1319 fprintf(stderr, "\"" SN_gost89_ecb "\" - not found\n");
1320 if(!ignore) {
1321 return 8;
1322 }
1323 }
1324 if(NULL == (md_g89imit = EVP_get_digestbyname(SN_id_Gost28147_89_MAC))) {
1325 fflush(NULL);
1326 fprintf(stderr, "\"" SN_id_Gost28147_89_MAC "\" - not found\n");
1327 if(!ignore) {
1328 return 10;
1329 }
1330 }
1331
1332 /* Test cases */
1333 for(t = 0; t < sizeof(tcs)/sizeof(tcs[0]); t++) {
1334 if(NULL != tcs[t].szDerive) {
1335 memset(bDerive, 0x3c, sizeof(bDerive));
1336 mdl = sizeof(bDerive);
1337 EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive),
1338 bDerive, &mdl,
1339 md_gost94, NULL);
1340 if(0 != memcmp(tcs[t].bRawKey, bDerive, mdl)) {
1341 fflush(NULL);
1342 fprintf(stderr, "Engine test t=%d "
1343 "derive key error.\n", t);
1344 if(!ignore) {
1345 return 12;
1346 }
1347 }
1348 }
1349 if(ullMaxLen < tcs[t].ullLen) {
1350 printf("@");
1351 continue;
1352 }
1353 memset(bTest, 0xa5, sizeof(bTest));
1354 memset(bTest1, 0x5a, sizeof(bTest1));
1355
1356 switch(tcs[t].gMode) {
1357 case G89_ECB:
1358 ctype = cp_g89ecb;
1359 goto engine_cipher_check;
1360 case G89_CFB:
1361 ctype = cp_g89cfb;
1362 goto engine_cipher_check;
1363 case G89_CNT:
1364 ctype = cp_g89cnt;
1365engine_cipher_check:
1366 EVP_CIPHER_CTX_init(&ectx);
1367 EVP_EncryptInit_ex(&ectx, ctype, NULL,
1368 tcs[t].bRawKey, tcs[t].bIV);
1369 EVP_CIPHER_CTX_ctrl(&ectx, EVP_CTRL_GOST_SET_SBOX, OBJ_txt2nid(tcs[t].szParamSet), 0);
1370 if(G89_MAX_TC_LEN >= tcs[t].ullLen) {
1371 enlu = sizeof(bTest);
1372 EVP_EncryptUpdate(&ectx, bTest, &enlu,
1373 tcs[t].bIn, (int)tcs[t].ullLen);
1374 l = (size_t)tcs[t].ullLen;
1375 } else {
1376 for(ullLeft = tcs[t].ullLen;
1377 ullLeft >= sizeof(bZB);
1378 ullLeft -= sizeof(bZB)) {
1379 printf("B");
1380 fflush(NULL);
1381 enlu = sizeof(bTS);
1382 EVP_EncryptUpdate(&ectx, bTS, &enlu,
1383 bZB, sizeof(bZB));
1384 }
1385 printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen);
1386 fflush(NULL);
1387 EVP_EncryptUpdate(&ectx, bTS, &enlu,
1388 bZB, (int)ullLeft);
1389 memcpy(bTest, &bTS[enlu-16], 16);
1390 enlu = (int)tcs[t].ullLen;
1391 l = 16;
1392 }
1393 enlf = sizeof(bTest1);
1394 if (tcs[t].gMode == G89_ECB)
1395 enlf = 0;
1396 else
1397 EVP_EncryptFinal_ex(&ectx, bTest1, &enlf);
1398 EVP_CIPHER_CTX_cleanup(&ectx);
1399 break;
1400 case G89_IMIT:
1401 EVP_MD_CTX_init(&mctx);
1402 mac_key = EVP_PKEY_new_mac_key(
1403 NID_id_Gost28147_89_MAC, NULL,
1404 bDerive, mdl);
1405 if (!mac_key)
1406 goto imit_fail;
1407 EVP_DigestSignInit(&mctx, NULL,
1408 md_g89imit, NULL, mac_key);
1409 EVP_MD_CTX_ctrl(&mctx, EVP_MD_CTRL_GOST_SET_SBOX, OBJ_txt2nid(tcs[t].szParamSet), 0);
1410 if(G89_MAX_TC_LEN >= tcs[t].ullLen) {
1411 EVP_DigestSignUpdate(&mctx, tcs[t].bIn,
1412 (unsigned int)tcs[t].ullLen);
1413 } else {
1414 for(ullLeft = tcs[t].ullLen;
1415 ullLeft >= sizeof(bZB);
1416 ullLeft -= sizeof(bZB)) {
1417 printf("B");
1418 fflush(NULL);
1419 EVP_DigestSignUpdate(&mctx, bZB, sizeof(bZB));
1420 }
1421 printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen);
1422 fflush(NULL);
1423 EVP_DigestSignUpdate(&mctx, bZB,
1424 (unsigned int)ullLeft);
1425 }
1426 siglen = 4;
1427 OPENSSL_assert(EVP_DigestSignFinal(&mctx, bTest, &siglen));
1428 EVP_MD_CTX_cleanup(&mctx);
1429 EVP_PKEY_free(mac_key);
1430 enlu = (int)tcs[t].ullLen;
1431 enlf = 0;
1432 l = siglen;
1433 break;
1434 }
1435 if((int)tcs[t].ullLen != enlu || 0 != enlf ||
1436 0 != memcmp(tcs[t].bOut, bTest, l)) {
1437imit_fail:
1438 fflush(NULL);
1439 fprintf(stderr, "\nEngine test t=%d len=%" PRIu64
1440 " mode=%d failed.\n", t, tcs[t].ullLen, tcs[t].gMode);
1441 if(!ignore) {
1442 return 13;
1443 }
1444 } else {
1445 printf(".");
1446 fflush(NULL);
1447 }
1448 }
1449
1450 printf(" passed\n");
1451 fflush(NULL);
1452
1453 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
1454 ERR_print_errors(bio_err);
1455 (void)BIO_flush(bio_err);
1456 BIO_free(bio_err);
1457 return 0;
1458}
1459#endif
diff --git a/src/regress/lib/libcrypto/hkdf/Makefile b/src/regress/lib/libcrypto/hkdf/Makefile
deleted file mode 100644
index 38d7f5b1f9..0000000000
--- a/src/regress/lib/libcrypto/hkdf/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/05/06 20:42:57 beck Exp $
2
3PROG= hkdf_test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/hkdf/hkdf_test.c b/src/regress/lib/libcrypto/hkdf/hkdf_test.c
deleted file mode 100644
index 5e89f3384c..0000000000
--- a/src/regress/lib/libcrypto/hkdf/hkdf_test.c
+++ /dev/null
@@ -1,300 +0,0 @@
1/* $OpenBSD: hkdf_test.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (c) 2014, Google Inc.
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
15
16#include <stdio.h>
17#include <string.h>
18
19#include <openssl/crypto.h>
20#include <openssl/evp.h>
21#include <openssl/err.h>
22#include <openssl/hkdf.h>
23
24#define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
25
26typedef struct HKDFTestVector_st {
27 const EVP_MD *(*md_func)(void);
28 const uint8_t ikm[80];
29 const size_t ikm_len;
30 const uint8_t salt[80];
31 const size_t salt_len;
32 const uint8_t info[80];
33 const size_t info_len;
34 const uint8_t prk[EVP_MAX_MD_SIZE];
35 const size_t prk_len;
36 const size_t out_len;
37 const uint8_t out[82];
38} HKDFTestVector;
39
40/* These test vectors are from RFC 5869. */
41static const HKDFTestVector kTests[] = {
42 {
43 EVP_sha256,
44 {
45 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
46 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
47 }, 22,
48 {
49 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
50 0x0c,
51 }, 13,
52 {
53 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9,
54 }, 10,
55 {
56 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f, 0x0d,
57 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
58 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5,
59 }, 32,
60 42, {
61 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64,
62 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
63 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08,
64 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65
65 }
66 },
67 {
68 EVP_sha256,
69 {
70 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
71 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
72 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
73 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
74 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
75 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
76 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
77 }, 80,
78 {
79 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
80 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
81 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
82 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
83 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
84 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
85 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
86 }, 80,
87 {
88 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb,
89 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
90 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3,
91 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
92 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb,
93 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
94 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
95 }, 80,
96 {
97 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, 0x06, 0x10, 0x4c, 0x9c,
98 0xeb, 0x35, 0xb4, 0x5c, 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
99 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44,
100 }, 32,
101 82, {
102 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c,
103 0x59, 0x6a, 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
104 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99,
105 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
106 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 0x36, 0x77, 0x93, 0xa9,
107 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
108 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87
109 }
110 },
111 {
112 EVP_sha256,
113 {
114 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
115 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
116 }, 22,
117 {
118 0,
119 }, 0,
120 {
121 0,
122 }, 0,
123 {
124 0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16, 0x7f, 0x33, 0xa9, 0x1d,
125 0x6f, 0x64, 0x8b, 0xdf, 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77,
126 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04
127 }, 32,
128 42, {
129 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80, 0x2a,
130 0x06, 0x3c, 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
131 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95,
132 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8
133 }
134 },
135 {
136 EVP_sha1,
137 {
138 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
139 }, 11,
140 {
141 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
142 0x0c,
143 }, 13,
144 {
145 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9,
146 }, 10,
147 {
148 0x9b, 0x6c, 0x18, 0xc4, 0x32, 0xa7, 0xbf, 0x8f, 0x0e, 0x71, 0xc8, 0xeb,
149 0x88, 0xf4, 0xb3, 0x0b, 0xaa, 0x2b, 0xa2, 0x43
150 }, 20,
151 42, {
152 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, 0x33, 0x06, 0x8b, 0x56,
153 0xef, 0xa5, 0xad, 0x81, 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
154 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, 0xc2, 0x2e, 0x42, 0x24,
155 0x78, 0xd3, 0x05, 0xf3, 0xf8, 0x96
156 }
157 },
158 {
159 EVP_sha1,
160 {
161 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
162 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
163 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
164 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
165 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
166 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
167 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
168 }, 80,
169 {
170 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
171 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
172 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
173 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
174 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
175 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
176 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
177 }, 80,
178 {
179 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb,
180 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
181 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3,
182 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
183 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb,
184 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
185 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
186 }, 80,
187 {
188 0x8a, 0xda, 0xe0, 0x9a, 0x2a, 0x30, 0x70, 0x59, 0x47, 0x8d, 0x30, 0x9b,
189 0x26, 0xc4, 0x11, 0x5a, 0x22, 0x4c, 0xfa, 0xf6,
190 }, 20,
191 82, {
192 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7, 0xc9, 0xf1, 0x2c, 0xd5,
193 0x91, 0x2a, 0x06, 0xeb, 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
194 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe, 0x8f, 0xa3, 0xf1, 0xa4,
195 0xe5, 0xad, 0x79, 0xf3, 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
196 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed, 0x03, 0x4c, 0x7f, 0x9d,
197 0xfe, 0xb1, 0x5c, 0x5e, 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
198 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52, 0xd3, 0xb4
199 }
200 },
201 {
202 EVP_sha1,
203 {
204 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
205 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
206 }, 22,
207 {
208 0,
209 }, 0,
210 {
211 0,
212 }, 0,
213 {
214 0xda, 0x8c, 0x8a, 0x73, 0xc7, 0xfa, 0x77, 0x28, 0x8e, 0xc6, 0xf5, 0xe7,
215 0xc2, 0x97, 0x78, 0x6a, 0xa0, 0xd3, 0x2d, 0x01,
216 }, 20,
217 42, {
218 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, 0xd1, 0xe5, 0x52, 0x98,
219 0xda, 0x9d, 0x05, 0x06, 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
220 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, 0xea, 0x00, 0x03, 0x3d,
221 0xe0, 0x39, 0x84, 0xd3, 0x49, 0x18
222 }
223 },
224 {
225 EVP_sha1,
226 {
227 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
228 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
229 }, 22,
230 {
231 0,
232 }, 0,
233 {
234 0,
235 }, 0,
236 {
237 0x2a, 0xdc, 0xca, 0xda, 0x18, 0x77, 0x9e, 0x7c, 0x20, 0x77, 0xad, 0x2e,
238 0xb1, 0x9d, 0x3f, 0x3e, 0x73, 0x13, 0x85, 0xdd,
239 }, 20,
240 42, {
241 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3, 0x50, 0x0d, 0x63, 0x6a,
242 0x62, 0xf6, 0x4f, 0x0a, 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
243 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5, 0x67, 0x3a, 0x08, 0x1d,
244 0x70, 0xcc, 0xe7, 0xac, 0xfc, 0x48
245 }
246 },
247};
248
249int main(void) {
250 size_t i;
251 OPENSSL_add_all_algorithms_noconf();
252
253 for (i = 0; i < OPENSSL_ARRAY_SIZE(kTests); i++) {
254 const HKDFTestVector *test = &kTests[i];
255 uint8_t prk[EVP_MAX_MD_SIZE];
256 uint8_t buf[82];
257 size_t prk_len;
258 if (!HKDF_extract(prk, &prk_len, test->md_func(), test->ikm,
259 test->ikm_len, test->salt, test->salt_len)) {
260 fprintf(stderr, "Call to HKDF_extract failed\n");
261 ERR_print_errors_fp(stderr);
262 return 1;
263 }
264 if (prk_len != test->prk_len ||
265 memcmp(prk, test->prk, test->prk_len) != 0) {
266 fprintf(stderr, "%zu: Resulting PRK does not match"
267 "test vector\n", i);
268 return 1;
269 }
270 if (!HKDF_expand(buf, test->out_len, test->md_func(), prk, prk_len,
271 test->info, test->info_len)) {
272 fprintf(stderr, "Call to HKDF_expand failed\n");
273 ERR_print_errors_fp(stderr);
274 return 1;
275 }
276 if (memcmp(buf, test->out, test->out_len) != 0) {
277 fprintf(stderr,
278 "%zu: Resulting key material does not match test"
279 "vector\n", i);
280 return 1;
281 }
282
283 if (!HKDF(buf, test->out_len, test->md_func(), test->ikm,
284 test->ikm_len, test->salt, test->salt_len, test->info,
285 test->info_len)) {
286 fprintf(stderr, "Call to HKDF failed\n");
287 ERR_print_errors_fp(stderr);
288 return 1;
289 }
290 if (memcmp(buf, test->out, test->out_len) != 0) {
291 fprintf(stderr,
292 "%zu: Resulting key material does not match test"
293 "vector\n", i);
294 return 1;
295 }
296 }
297
298 printf("PASS\n");
299 return 0;
300}
diff --git a/src/regress/lib/libcrypto/hmac/Makefile b/src/regress/lib/libcrypto/hmac/Makefile
deleted file mode 100644
index 6705336211..0000000000
--- a/src/regress/lib/libcrypto/hmac/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= hmactest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/hmac/hmactest.c b/src/regress/lib/libcrypto/hmac/hmactest.c
deleted file mode 100644
index 1f120da5d9..0000000000
--- a/src/regress/lib/libcrypto/hmac/hmactest.c
+++ /dev/null
@@ -1,329 +0,0 @@
1/* $OpenBSD: hmactest.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/hmac.h>
64#ifndef OPENSSL_NO_MD5
65#include <openssl/md5.h>
66#endif
67
68#ifndef OPENSSL_NO_MD5
69static struct test_st {
70 unsigned char key[16];
71 int key_len;
72 unsigned char data[64];
73 int data_len;
74 unsigned char *digest;
75} test[8] = {
76 { "",
77 0,
78 "More text test vectors to stuff up EBCDIC machines :-)",
79 54,
80 (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
81 },
82 { {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
83 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
84 16,
85 "Hi There",
86 8,
87 (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
88 },
89 { "Jefe",
90 4,
91 "what do ya want for nothing?",
92 28,
93 (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
94 },
95 { {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
96 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
97 16,
98 {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
99 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
100 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
101 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
102 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
103 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
104 0xdd,0xdd},
105 50,
106 (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
107 },
108 { "",
109 0,
110 "My test data",
111 12,
112 (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
113 },
114 { "",
115 0,
116 "My test data",
117 12,
118 (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
119 },
120 { "123456",
121 6,
122 "My test data",
123 12,
124 (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
125 },
126 { "12345",
127 5,
128 "My test data again",
129 12,
130 (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
131 }
132};
133#endif
134
135static char *pt(unsigned char *md, unsigned int len);
136
137int
138main(int argc, char *argv[])
139{
140#ifndef OPENSSL_NO_MD5
141 int i;
142 char *p;
143#endif
144 int err = 0;
145 HMAC_CTX ctx, ctx2;
146 unsigned char buf[EVP_MAX_MD_SIZE];
147 unsigned int len;
148
149#ifdef OPENSSL_NO_MD5
150 printf("test skipped: MD5 disabled\n");
151#else
152
153 for (i = 0; i < 4; i++) {
154 p = pt(HMAC(EVP_md5(),
155 test[i].key, test[i].key_len,
156 test[i].data, test[i].data_len, NULL, NULL),
157 MD5_DIGEST_LENGTH);
158
159 if (strcmp(p, (char *)test[i].digest) != 0) {
160 printf("error calculating HMAC on %d entry'\n", i);
161 printf("got %s instead of %s\n", p, test[i].digest);
162 err++;
163 } else
164 printf("test %d ok\n", i);
165 }
166#endif /* OPENSSL_NO_MD5 */
167
168/* test4 */
169 HMAC_CTX_init(&ctx);
170 if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
171 printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
172 err++;
173 goto test5;
174 }
175 if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
176 printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
177 err++;
178 goto test5;
179 }
180 if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
181 printf("Should fail to initialise HMAC with empty key (test 4)\n");
182 err++;
183 goto test5;
184 }
185 if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
186 printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
187 err++;
188 goto test5;
189 }
190 printf("test 4 ok\n");
191 test5:
192 HMAC_CTX_cleanup(&ctx);
193 HMAC_CTX_init(&ctx);
194 if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
195 printf("Should fail to initialise HMAC with empty MD (test 5)\n");
196 err++;
197 goto test6;
198 }
199 if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
200 printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
201 err++;
202 goto test6;
203 }
204 if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
205 printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
206 err++;
207 goto test6;
208 }
209 if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
210 printf("Failed to initialise HMAC (test 5)\n");
211 err++;
212 goto test6;
213 }
214 if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
215 printf("Error updating HMAC with data (test 5)\n");
216 err++;
217 goto test6;
218 }
219 if (!HMAC_Final(&ctx, buf, &len)) {
220 printf("Error finalising data (test 5)\n");
221 err++;
222 goto test6;
223 }
224 p = pt(buf, len);
225 if (strcmp(p, (char *)test[4].digest) != 0) {
226 printf("Error calculating interim HMAC on test 5\n");
227 printf("got %s instead of %s\n", p, test[4].digest);
228 err++;
229 goto test6;
230 }
231 if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
232 printf("Should disallow changing MD without a new key (test 5)\n");
233 err++;
234 goto test6;
235 }
236 if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
237 printf("Failed to reinitialise HMAC (test 5)\n");
238 err++;
239 goto test6;
240 }
241 if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
242 printf("Error updating HMAC with data (sha256) (test 5)\n");
243 err++;
244 goto test6;
245 }
246 if (!HMAC_Final(&ctx, buf, &len)) {
247 printf("Error finalising data (sha256) (test 5)\n");
248 err++;
249 goto test6;
250 }
251 p = pt(buf, len);
252 if (strcmp(p, (char *)test[5].digest) != 0) {
253 printf("Error calculating 2nd interim HMAC on test 5\n");
254 printf("got %s instead of %s\n", p, test[5].digest);
255 err++;
256 goto test6;
257 }
258 if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
259 printf("Failed to reinitialise HMAC with key (test 5)\n");
260 err++;
261 goto test6;
262 }
263 if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
264 printf("Error updating HMAC with data (new key) (test 5)\n");
265 err++;
266 goto test6;
267 }
268 if (!HMAC_Final(&ctx, buf, &len)) {
269 printf("Error finalising data (new key) (test 5)\n");
270 err++;
271 goto test6;
272 }
273 p = pt(buf, len);
274 if (strcmp(p, (char *)test[6].digest) != 0) {
275 printf("error calculating HMAC on test 5\n");
276 printf("got %s instead of %s\n", p, test[6].digest);
277 err++;
278 } else {
279 printf("test 5 ok\n");
280 }
281 test6:
282 HMAC_CTX_cleanup(&ctx);
283 HMAC_CTX_init(&ctx);
284 if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
285 printf("Failed to initialise HMAC (test 6)\n");
286 err++;
287 goto end;
288 }
289 if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
290 printf("Error updating HMAC with data (test 6)\n");
291 err++;
292 goto end;
293 }
294 if (!HMAC_CTX_copy(&ctx2, &ctx)) {
295 printf("Failed to copy HMAC_CTX (test 6)\n");
296 err++;
297 goto end;
298 }
299 if (!HMAC_Final(&ctx2, buf, &len)) {
300 printf("Error finalising data (test 6)\n");
301 err++;
302 goto end;
303 }
304 p = pt(buf, len);
305 if (strcmp(p, (char *)test[7].digest) != 0) {
306 printf("Error calculating HMAC on test 6\n");
307 printf("got %s instead of %s\n", p, test[7].digest);
308 err++;
309 } else {
310 printf("test 6 ok\n");
311 }
312end:
313 HMAC_CTX_cleanup(&ctx);
314 exit(err);
315 return(0);
316}
317
318#ifndef OPENSSL_NO_MD5
319static char *
320pt(unsigned char *md, unsigned int len)
321{
322 unsigned int i;
323 static char buf[80];
324
325 for (i = 0; i < len; i++)
326 snprintf(buf + i * 2, sizeof(buf) - i * 2, "%02x", md[i]);
327 return(buf);
328}
329#endif
diff --git a/src/regress/lib/libcrypto/idea/Makefile b/src/regress/lib/libcrypto/idea/Makefile
deleted file mode 100644
index b04ff3d2b5..0000000000
--- a/src/regress/lib/libcrypto/idea/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= ideatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/idea/ideatest.c b/src/regress/lib/libcrypto/idea/ideatest.c
deleted file mode 100644
index b33b824ae7..0000000000
--- a/src/regress/lib/libcrypto/idea/ideatest.c
+++ /dev/null
@@ -1,221 +0,0 @@
1/* $OpenBSD: ideatest.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/idea.h>
64
65unsigned char k[16]={
66 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
67 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
68
69unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
70unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
71unsigned char out[80];
72
73char *text="Hello to all people out there";
74
75static unsigned char cfb_key[16]={
76 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
77 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
78 };
79static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
80static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
81#define CFB_TEST_SIZE 24
82static unsigned char plain[CFB_TEST_SIZE]=
83 {
84 0x4e,0x6f,0x77,0x20,0x69,0x73,
85 0x20,0x74,0x68,0x65,0x20,0x74,
86 0x69,0x6d,0x65,0x20,0x66,0x6f,
87 0x72,0x20,0x61,0x6c,0x6c,0x20
88 };
89static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
90 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
91 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
92 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
93
94/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
95 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
96 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
97 };
98
99static int cfb64_test(unsigned char *cfb_cipher);
100static char *pt(unsigned char *p);
101int main(int argc, char *argv[])
102 {
103 int i,err=0;
104 IDEA_KEY_SCHEDULE key,dkey;
105 unsigned char iv[8];
106
107 idea_set_encrypt_key(k,&key);
108 idea_ecb_encrypt(in,out,&key);
109 if (memcmp(out,c,8) != 0)
110 {
111 printf("ecb idea error encrypting\n");
112 printf("got :");
113 for (i=0; i<8; i++)
114 printf("%02X ",out[i]);
115 printf("\n");
116 printf("expected:");
117 for (i=0; i<8; i++)
118 printf("%02X ",c[i]);
119 err=20;
120 printf("\n");
121 }
122
123 idea_set_decrypt_key(&key,&dkey);
124 idea_ecb_encrypt(c,out,&dkey);
125 if (memcmp(out,in,8) != 0)
126 {
127 printf("ecb idea error decrypting\n");
128 printf("got :");
129 for (i=0; i<8; i++)
130 printf("%02X ",out[i]);
131 printf("\n");
132 printf("expected:");
133 for (i=0; i<8; i++)
134 printf("%02X ",in[i]);
135 printf("\n");
136 err=3;
137 }
138
139 if (err == 0) printf("ecb idea ok\n");
140
141 memcpy(iv,k,8);
142 idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
143 memcpy(iv,k,8);
144 idea_cbc_encrypt(out,out,8,&dkey,iv,0);
145 idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
146 if (memcmp(text,out,strlen(text)+1) != 0)
147 {
148 printf("cbc idea bad\n");
149 err=4;
150 }
151 else
152 printf("cbc idea ok\n");
153
154 printf("cfb64 idea ");
155 if (cfb64_test(cfb_cipher64))
156 {
157 printf("bad\n");
158 err=5;
159 }
160 else
161 printf("ok\n");
162
163 exit(err);
164 }
165
166static int cfb64_test(unsigned char *cfb_cipher)
167 {
168 IDEA_KEY_SCHEDULE eks,dks;
169 int err=0,i,n;
170
171 idea_set_encrypt_key(cfb_key,&eks);
172 idea_set_decrypt_key(&eks,&dks);
173 memcpy(cfb_tmp,cfb_iv,8);
174 n=0;
175 idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
176 cfb_tmp,&n,IDEA_ENCRYPT);
177 idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
178 (long)CFB_TEST_SIZE-12,&eks,
179 cfb_tmp,&n,IDEA_ENCRYPT);
180 if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
181 {
182 err=1;
183 printf("idea_cfb64_encrypt encrypt error\n");
184 for (i=0; i<CFB_TEST_SIZE; i+=8)
185 printf("%s\n",pt(&(cfb_buf1[i])));
186 }
187 memcpy(cfb_tmp,cfb_iv,8);
188 n=0;
189 idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
190 cfb_tmp,&n,IDEA_DECRYPT);
191 idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
192 (long)CFB_TEST_SIZE-17,&dks,
193 cfb_tmp,&n,IDEA_DECRYPT);
194 if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
195 {
196 err=1;
197 printf("idea_cfb_encrypt decrypt error\n");
198 for (i=0; i<24; i+=8)
199 printf("%s\n",pt(&(cfb_buf2[i])));
200 }
201 return(err);
202 }
203
204static char *pt(unsigned char *p)
205 {
206 static char bufs[10][20];
207 static int bnum=0;
208 char *ret;
209 int i;
210 static char *f="0123456789ABCDEF";
211
212 ret= &(bufs[bnum++][0]);
213 bnum%=10;
214 for (i=0; i<8; i++)
215 {
216 ret[i*2]=f[(p[i]>>4)&0xf];
217 ret[i*2+1]=f[p[i]&0xf];
218 }
219 ret[16]='\0';
220 return(ret);
221 }
diff --git a/src/regress/lib/libcrypto/ige/Makefile b/src/regress/lib/libcrypto/ige/Makefile
deleted file mode 100644
index a0197e059f..0000000000
--- a/src/regress/lib/libcrypto/ige/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= igetest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c
deleted file mode 100644
index 2191af85b7..0000000000
--- a/src/regress/lib/libcrypto/ige/igetest.c
+++ /dev/null
@@ -1,370 +0,0 @@
1/* $OpenBSD: igetest.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 */
51
52#include <assert.h>
53#include <stdio.h>
54#include <stdlib.h>
55#include <string.h>
56
57#include <openssl/aes.h>
58
59#define TEST_SIZE 128
60#define BIG_TEST_SIZE 10240
61
62static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
63 {
64 int n=0;
65
66 fprintf(f,"%s",title);
67 for( ; n < l ; ++n)
68 {
69 if((n%16) == 0)
70 fprintf(f,"\n%04x",n);
71 fprintf(f," %02x",s[n]);
72 }
73 fprintf(f,"\n");
74 }
75
76#define MAX_VECTOR_SIZE 64
77
78struct ige_test
79 {
80 const unsigned char key[16];
81 const unsigned char iv[32];
82 const unsigned char in[MAX_VECTOR_SIZE];
83 const unsigned char out[MAX_VECTOR_SIZE];
84 const size_t length;
85 const int encrypt;
86 };
87
88static struct ige_test const ige_test_vectors[] = {
89{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
90 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */
91 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
92 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
93 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
94 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */
95 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
99 { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
100 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
101 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
102 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */
103 32, AES_ENCRYPT }, /* test vector 0 */
104
105{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
106 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */
107 { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
108 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
109 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
110 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */
111 { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
112 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
113 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
114 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */
115 { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
116 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
117 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
118 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */
119 32, AES_DECRYPT }, /* test vector 1 */
120};
121
122static int run_test_vectors(void)
123 {
124 unsigned int n;
125 int errs = 0;
126
127 for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
128 {
129 const struct ige_test * const v = &ige_test_vectors[n];
130 AES_KEY key;
131 unsigned char buf[MAX_VECTOR_SIZE];
132 unsigned char iv[AES_BLOCK_SIZE*2];
133
134 assert(v->length <= MAX_VECTOR_SIZE);
135
136 if(v->encrypt == AES_ENCRYPT)
137 AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);
138 else
139 AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);
140 memcpy(iv, v->iv, sizeof iv);
141 AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
142
143 if(memcmp(v->out, buf, v->length))
144 {
145 printf("IGE test vector %d failed\n", n);
146 hexdump(stdout, "key", v->key, sizeof v->key);
147 hexdump(stdout, "iv", v->iv, sizeof v->iv);
148 hexdump(stdout, "in", v->in, v->length);
149 hexdump(stdout, "expected", v->out, v->length);
150 hexdump(stdout, "got", buf, v->length);
151
152 ++errs;
153 }
154
155 /* try with in == out */
156 memcpy(iv, v->iv, sizeof iv);
157 memcpy(buf, v->in, v->length);
158 AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
159
160 if(memcmp(v->out, buf, v->length))
161 {
162 printf("IGE test vector %d failed (with in == out)\n", n);
163 hexdump(stdout, "key", v->key, sizeof v->key);
164 hexdump(stdout, "iv", v->iv, sizeof v->iv);
165 hexdump(stdout, "in", v->in, v->length);
166 hexdump(stdout, "expected", v->out, v->length);
167 hexdump(stdout, "got", buf, v->length);
168
169 ++errs;
170 }
171 }
172
173 return errs;
174 }
175
176int main(int argc, char **argv)
177 {
178 unsigned char rkey[16];
179 unsigned char rkey2[16];
180 AES_KEY key;
181 AES_KEY key2;
182 unsigned char plaintext[BIG_TEST_SIZE];
183 unsigned char ciphertext[BIG_TEST_SIZE];
184 unsigned char checktext[BIG_TEST_SIZE];
185 unsigned char iv[AES_BLOCK_SIZE*4];
186 unsigned char saved_iv[AES_BLOCK_SIZE*4];
187 int err = 0;
188 unsigned int n;
189 unsigned matches;
190
191 assert(BIG_TEST_SIZE >= TEST_SIZE);
192
193 arc4random_buf(rkey, sizeof(rkey));
194 arc4random_buf(plaintext, sizeof(plaintext));
195 arc4random_buf(iv, sizeof(iv));
196 memcpy(saved_iv, iv, sizeof(saved_iv));
197
198 /* Forward IGE only... */
199
200 /* Straight encrypt/decrypt */
201 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
202 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,
203 AES_ENCRYPT);
204
205 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
206 memcpy(iv, saved_iv, sizeof iv);
207 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
208 AES_DECRYPT);
209
210 if(memcmp(checktext, plaintext, TEST_SIZE))
211 {
212 printf("Encrypt+decrypt doesn't match\n");
213 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
214 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
215 ++err;
216 }
217
218 /* Now check encrypt chaining works */
219 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
220 memcpy(iv, saved_iv, sizeof iv);
221 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
222 AES_ENCRYPT);
223 AES_ige_encrypt(plaintext+TEST_SIZE/2,
224 ciphertext+TEST_SIZE/2, TEST_SIZE/2,
225 &key, iv, AES_ENCRYPT);
226
227 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
228 memcpy(iv, saved_iv, sizeof iv);
229 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
230 AES_DECRYPT);
231
232 if(memcmp(checktext, plaintext, TEST_SIZE))
233 {
234 printf("Chained encrypt+decrypt doesn't match\n");
235 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
236 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
237 ++err;
238 }
239
240 /* And check decrypt chaining */
241 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
242 memcpy(iv, saved_iv, sizeof iv);
243 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
244 AES_ENCRYPT);
245 AES_ige_encrypt(plaintext+TEST_SIZE/2,
246 ciphertext+TEST_SIZE/2, TEST_SIZE/2,
247 &key, iv, AES_ENCRYPT);
248
249 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
250 memcpy(iv, saved_iv, sizeof iv);
251 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,
252 AES_DECRYPT);
253 AES_ige_encrypt(ciphertext+TEST_SIZE/2,
254 checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,
255 AES_DECRYPT);
256
257 if(memcmp(checktext, plaintext, TEST_SIZE))
258 {
259 printf("Chained encrypt+chained decrypt doesn't match\n");
260 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
261 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
262 ++err;
263 }
264
265 /* make sure garble extends forwards only */
266 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
267 memcpy(iv, saved_iv, sizeof iv);
268 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
269 AES_ENCRYPT);
270
271 /* corrupt halfway through */
272 ++ciphertext[sizeof ciphertext/2];
273 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
274 memcpy(iv, saved_iv, sizeof iv);
275 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
276 AES_DECRYPT);
277
278 matches=0;
279 for(n=0 ; n < sizeof checktext ; ++n)
280 if(checktext[n] == plaintext[n])
281 ++matches;
282
283 if(matches > sizeof checktext/2+sizeof checktext/100)
284 {
285 printf("More than 51%% matches after garbling\n");
286 ++err;
287 }
288
289 if(matches < sizeof checktext/2)
290 {
291 printf("Garble extends backwards!\n");
292 ++err;
293 }
294
295 /* make sure garble extends both ways */
296 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
297 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
298 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
299 AES_ENCRYPT);
300
301 /* corrupt halfway through */
302 ++ciphertext[sizeof ciphertext/2];
303 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
304 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
305 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
306 AES_DECRYPT);
307
308 matches=0;
309 for(n=0 ; n < sizeof checktext ; ++n)
310 if(checktext[n] == plaintext[n])
311 ++matches;
312
313 if(matches > sizeof checktext/100)
314 {
315 printf("More than 1%% matches after bidirectional garbling\n");
316 ++err;
317 }
318
319 /* make sure garble extends both ways (2) */
320 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
321 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
322 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
323 AES_ENCRYPT);
324
325 /* corrupt right at the end */
326 ++ciphertext[sizeof ciphertext-1];
327 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
328 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
329 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
330 AES_DECRYPT);
331
332 matches=0;
333 for(n=0 ; n < sizeof checktext ; ++n)
334 if(checktext[n] == plaintext[n])
335 ++matches;
336
337 if(matches > sizeof checktext/100)
338 {
339 printf("More than 1%% matches after bidirectional garbling (2)\n");
340 ++err;
341 }
342
343 /* make sure garble extends both ways (3) */
344 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
345 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
346 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
347 AES_ENCRYPT);
348
349 /* corrupt right at the start */
350 ++ciphertext[0];
351 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
352 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
353 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
354 AES_DECRYPT);
355
356 matches=0;
357 for(n=0 ; n < sizeof checktext ; ++n)
358 if(checktext[n] == plaintext[n])
359 ++matches;
360
361 if(matches > sizeof checktext/100)
362 {
363 printf("More than 1%% matches after bidirectional garbling (3)\n");
364 ++err;
365 }
366
367 err += run_test_vectors();
368
369 return err;
370 }
diff --git a/src/regress/lib/libcrypto/init/Makefile b/src/regress/lib/libcrypto/init/Makefile
deleted file mode 100644
index 33b0a2aa76..0000000000
--- a/src/regress/lib/libcrypto/init/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/03/19 14:34:33 beck Exp $
2PROG= init_pledge
3SRCS+= init_pledge.c
4NOMAN= yes
5
6LDADD+= -lcrypto -lutil
7CFLAGS+= -Wall -Werror
8
9REGRESS_TARGETS+= test_normal
10
11test_normal: ${PROG}
12 ./${PROG}
13
14.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/init/init_pledge.c b/src/regress/lib/libcrypto/init/init_pledge.c
deleted file mode 100644
index 76f5668ab8..0000000000
--- a/src/regress/lib/libcrypto/init/init_pledge.c
+++ /dev/null
@@ -1,34 +0,0 @@
1/* $OpenBSD: init_pledge.c,v 1.1 2018/03/19 14:34:33 beck Exp $ */
2
3/*
4 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <openssl/err.h>
20
21#include <stdio.h>
22#include <unistd.h>
23
24
25int
26main (int argc, char *argv[])
27{
28 pledge("stdio", NULL);
29
30 ERR_load_ERR_strings();
31 printf("[SUCCESS] - crypto autoinit is pledge(\"stdio\") safe\n");
32
33 exit(0);
34}
diff --git a/src/regress/lib/libcrypto/md4/Makefile b/src/regress/lib/libcrypto/md4/Makefile
deleted file mode 100644
index ddb4acf2d1..0000000000
--- a/src/regress/lib/libcrypto/md4/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2015/09/14 01:45:03 doug Exp $
2
3PROG= md4test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/md4/md4test.c b/src/regress/lib/libcrypto/md4/md4test.c
deleted file mode 100644
index 7279e40f16..0000000000
--- a/src/regress/lib/libcrypto/md4/md4test.c
+++ /dev/null
@@ -1,125 +0,0 @@
1/* $OpenBSD: md4test.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/md4.h>
65
66static char *test[]={
67 "",
68 "a",
69 "abc",
70 "message digest",
71 "abcdefghijklmnopqrstuvwxyz",
72 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
73 "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
74 NULL,
75 };
76
77static char *ret[]={
78"31d6cfe0d16ae931b73c59d7e0c089c0",
79"bde52cb31de33e46245e05fbdbd6fb24",
80"a448017aaf21d8525fc10ae87aa6729d",
81"d9130a8164549fe818874806e1c7014b",
82"d79e1c308aa5bbcdeea8ed63df412da9",
83"043f8582f241db351ce627e153e7f0e4",
84"e33b4ddc9c38f2199c3e7b164fcc0536",
85};
86
87static char *pt(unsigned char *md);
88int main(int argc, char *argv[])
89 {
90 int i,err=0;
91 char **P,**R;
92 char *p;
93 unsigned char md[MD4_DIGEST_LENGTH];
94
95 P=test;
96 R=ret;
97 i=1;
98 while (*P != NULL)
99 {
100 EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
101 p=pt(md);
102 if (strcmp(p,(char *)*R) != 0)
103 {
104 printf("error calculating MD4 on '%s'\n",*P);
105 printf("got %s instead of %s\n",p,*R);
106 err++;
107 }
108 else
109 printf("test %d ok\n",i);
110 i++;
111 R++;
112 P++;
113 }
114 exit(err);
115 }
116
117static char *pt(unsigned char *md)
118 {
119 int i;
120 static char buf[80];
121
122 for (i=0; i<MD4_DIGEST_LENGTH; i++)
123 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
124 return(buf);
125 }
diff --git a/src/regress/lib/libcrypto/md5/Makefile b/src/regress/lib/libcrypto/md5/Makefile
deleted file mode 100644
index d620dfa48a..0000000000
--- a/src/regress/lib/libcrypto/md5/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
2
3PROG= md5test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/md5/md5test.c b/src/regress/lib/libcrypto/md5/md5test.c
deleted file mode 100644
index 92b1b4a273..0000000000
--- a/src/regress/lib/libcrypto/md5/md5test.c
+++ /dev/null
@@ -1,126 +0,0 @@
1/* $OpenBSD: md5test.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/md5.h>
65
66static char *test[]={
67 "",
68 "a",
69 "abc",
70 "message digest",
71 "abcdefghijklmnopqrstuvwxyz",
72 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
73 "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
74 NULL,
75 };
76
77static char *ret[]={
78 "d41d8cd98f00b204e9800998ecf8427e",
79 "0cc175b9c0f1b6a831c399e269772661",
80 "900150983cd24fb0d6963f7d28e17f72",
81 "f96b697d7cb7938d525a2f31aaf161d0",
82 "c3fcd3d76192e4007dfb496cca67e13b",
83 "d174ab98d277d9f5a5611c2c9f419d9f",
84 "57edf4a22be3c955ac49da2e2107b67a",
85 };
86
87static char *pt(unsigned char *md);
88int main(int argc, char *argv[])
89 {
90 int i,err=0;
91 char **P,**R;
92 char *p;
93 unsigned char md[MD5_DIGEST_LENGTH];
94
95 P=test;
96 R=ret;
97 i=1;
98 while (*P != NULL)
99 {
100 EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);
101 p=pt(md);
102 if (strcmp(p,(char *)*R) != 0)
103 {
104 printf("error calculating MD5 on '%s'\n",*P);
105 printf("got %s instead of %s\n",p,*R);
106 err++;
107 }
108 else
109 printf("test %d ok\n",i);
110 i++;
111 R++;
112 P++;
113 }
114
115 exit(err);
116 }
117
118static char *pt(unsigned char *md)
119 {
120 int i;
121 static char buf[80];
122
123 for (i=0; i<MD5_DIGEST_LENGTH; i++)
124 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
125 return(buf);
126 }
diff --git a/src/regress/lib/libcrypto/ocsp/Makefile b/src/regress/lib/libcrypto/ocsp/Makefile
deleted file mode 100644
index 62fb985647..0000000000
--- a/src/regress/lib/libcrypto/ocsp/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2016/11/05 12:45:25 miod Exp $
2
3REGRESS_TARGETS= all_tests
4
5PROG= ocsp_test
6LDADD= -lcrypto -lssl
7DPADD= ${LIBCRYPTO} ${LIBSSL}
8WARNINGS= Yes
9LDFLAGS+= -lcrypto -lssl
10CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
11
12all_tests: ${PROG}
13 ${.OBJDIR}/${PROG} www.amazon.com 443
14 ${.OBJDIR}/${PROG} cloudflare.com 443
15
16.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ocsp/ocsp_test.c b/src/regress/lib/libcrypto/ocsp/ocsp_test.c
deleted file mode 100644
index 5914729828..0000000000
--- a/src/regress/lib/libcrypto/ocsp/ocsp_test.c
+++ /dev/null
@@ -1,154 +0,0 @@
1/* $OpenBSD: ocsp_test.c,v 1.6 2018/07/18 16:24:16 tb Exp $ */
2/*
3 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19#include <netdb.h>
20#include <stdlib.h>
21#include <unistd.h>
22#include <err.h>
23#include <sys/socket.h>
24
25#include <openssl/ssl.h>
26#include <openssl/ocsp.h>
27
28static int
29tcp_connect(char *host, char *port)
30{
31 int error, sd = -1;
32 struct addrinfo hints, *res, *r;
33
34 memset(&hints, 0, sizeof(struct addrinfo));
35 hints.ai_family = AF_INET;
36 hints.ai_socktype = SOCK_STREAM;
37
38 error = getaddrinfo(host, port, &hints, &res);
39 if (error != 0) {
40 perror("getaddrinfo()");
41 exit(-1);
42 }
43
44 for (r = res; r != NULL; r = r->ai_next) {
45 sd = socket(r->ai_family, r->ai_socktype, r->ai_protocol);
46 if (sd == -1)
47 continue;
48
49 if (connect(sd, r->ai_addr, r->ai_addrlen) == 0)
50 break;
51
52 close(sd);
53 }
54
55 freeaddrinfo(res);
56
57 return sd;
58}
59
60int
61main(int argc, char *argv[])
62{
63 int sd, ocsp_status;
64 const unsigned char *p;
65 long len;
66 OCSP_RESPONSE *rsp = NULL;
67 OCSP_BASICRESP *br = NULL;
68 X509_STORE *st = NULL;
69 STACK_OF(X509) *ch = NULL;
70 char *host, *port;
71#ifdef _PATH_SSL_CA_FILE
72 char *cafile = _PATH_SSL_CA_FILE;
73#else
74 char *cafile = "/etc/ssl/cert.pem";
75#endif
76
77 SSL *ssl;
78 SSL_CTX *ctx;
79
80 SSL_library_init();
81 SSL_load_error_strings();
82
83 ctx = SSL_CTX_new(SSLv23_client_method());
84
85 if (!SSL_CTX_load_verify_locations(ctx, cafile, NULL)) {
86 printf("failed to load %s\n", cafile);
87 exit(-1);
88 }
89
90 if (argc != 3)
91 errx(-1, "need a host and port to connect to");
92 else {
93 host = argv[1];
94 port = argv[2];
95 }
96
97 sd = tcp_connect(host, port);
98
99 ssl = SSL_new(ctx);
100
101 SSL_set_fd(ssl, (int) sd);
102 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
103
104 if (SSL_connect(ssl) <= 0) {
105 printf("SSL connect error\n");
106 exit(-1);
107 }
108
109 if (SSL_get_verify_result(ssl) != X509_V_OK) {
110 printf("Certificate doesn't verify from host %s port %s\n", host, port);
111 exit(-1);
112 }
113
114 /* ==== VERIFY OCSP RESPONSE ==== */
115
116
117 len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
118
119 if (!p) {
120 printf("No OCSP response received for %s port %s\n", host, port);
121 exit(-1);
122 }
123
124 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
125 if (!rsp) {
126 puts("Invalid OCSP response");
127 exit(-1);
128 }
129
130 ocsp_status = OCSP_response_status(rsp);
131 if (ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
132 printf("Invalid OCSP response status: %s (%d)",
133 OCSP_response_status_str(ocsp_status), ocsp_status);
134 exit(-1);
135 }
136
137 br = OCSP_response_get1_basic(rsp);
138 if (!br) {
139 puts("Invalid OCSP response");
140 exit(-1);
141 }
142
143 ch = SSL_get_peer_cert_chain(ssl);
144 st = SSL_CTX_get_cert_store(ctx);
145
146 if (OCSP_basic_verify(br, ch, st, 0) <= 0) {
147 puts("OCSP response verification failed");
148 exit(-1);
149 }
150
151 printf("OCSP validated from %s %s\n", host, port);
152
153 return 0;
154}
diff --git a/src/regress/lib/libcrypto/pbkdf2/Makefile b/src/regress/lib/libcrypto/pbkdf2/Makefile
deleted file mode 100644
index 7f39430aa3..0000000000
--- a/src/regress/lib/libcrypto/pbkdf2/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2014/07/11 20:37:59 miod Exp $
2
3PROG= pbkdf2
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/pbkdf2/pbkdf2.c b/src/regress/lib/libcrypto/pbkdf2/pbkdf2.c
deleted file mode 100644
index 9cbc031821..0000000000
--- a/src/regress/lib/libcrypto/pbkdf2/pbkdf2.c
+++ /dev/null
@@ -1,214 +0,0 @@
1/* $OpenBSD: pbkdf2.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Written by Christian Heimes, 2013 */
3/*
4 * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 */
50
51
52#include <stdio.h>
53#include <stdlib.h>
54#include <string.h>
55#include <errno.h>
56
57#include <openssl/opensslconf.h>
58#include <openssl/evp.h>
59#ifndef OPENSSL_NO_ENGINE
60#include <openssl/engine.h>
61#endif
62#include <openssl/err.h>
63#include <openssl/conf.h>
64
65typedef struct {
66 const char *pass;
67 int passlen;
68 const char *salt;
69 int saltlen;
70 int iter;
71} testdata;
72
73static const testdata test_cases[] = {
74 {"password", 8, "salt", 4, 1},
75 {"password", 8, "salt", 4, 2},
76 {"password", 8, "salt", 4, 4096},
77 {"passwordPASSWORDpassword", 24,
78 "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096},
79 {"pass\0word", 9, "sa\0lt", 5, 4096},
80 {NULL},
81};
82
83static const char *sha1_results[] = {
84 "0c60c80f961f0e71f3a9b524af6012062fe037a6",
85 "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957",
86 "4b007901b765489abead49d926f721d065a429c1",
87 "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038",
88 "56fa6aa75548099dcc37d7f03425e0c3",
89};
90
91static const char *sha256_results[] = {
92 "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b",
93 "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43",
94 "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a",
95 "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c63551"
96 "8c7dac47e9",
97 "89b69d0516f829893c696226650a8687",
98};
99
100static const char *sha512_results[] = {
101 "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d47"
102 "0a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce",
103 "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab"
104 "2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e",
105 "d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30"
106 "602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5",
107 "8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59"
108 "f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8",
109 "9d9e9c4cd21fe4be24d5b8244c759665",
110};
111
112static void
113hexdump(FILE *f, const char *title, const unsigned char *s, size_t len)
114{
115 fprintf(f, "%s", title);
116 for (; len != 0; len--)
117 fprintf(f, " 0x%02x", *(s++));
118 fprintf(f, "\n");
119}
120
121static int
122convert(unsigned char *dst, const unsigned char *src, size_t len)
123{
124 unsigned int n;
125
126 for (; len != 0; src += 2, len--) {
127 if (sscanf((char *)src, "%2x", &n) != 1)
128 return EINVAL;
129 *dst++ = (unsigned char)n;
130 }
131 return 0;
132}
133
134static void
135test_p5_pbkdf2(unsigned int n, const char *digestname, const testdata *test,
136 const char *hex)
137{
138 const EVP_MD *digest;
139 unsigned char *out;
140 unsigned char *expected;
141 size_t keylen;
142 int r;
143
144 digest = EVP_get_digestbyname(digestname);
145 if (digest == NULL) {
146 fprintf(stderr, "unknown digest %s\n", digestname);
147 exit(5);
148 }
149
150 keylen = strlen(hex);
151 if ((keylen % 2) != 0) {
152 fprintf(stderr, "odd hex string %s, digest %u\n", digestname, n);
153 exit(5);
154 }
155 keylen /= 2;
156 expected = malloc(keylen);
157 out = malloc(keylen);
158 if (expected == NULL || out == NULL) {
159 fprintf(stderr, "malloc() failed\n");
160 exit(5);
161 }
162 if (convert(expected, (const unsigned char *)hex, keylen) != 0) {
163 fprintf(stderr, "invalid hex string %s, digest %u\n", hex, n);
164 exit(5);
165 }
166
167 r = PKCS5_PBKDF2_HMAC(test->pass, test->passlen,
168 (const unsigned char *)test->salt, test->saltlen,
169 test->iter, digest, keylen, out);
170
171 if (r == 0) {
172 fprintf(stderr, "PKCS5_PBKDF2_HMAC(%s) failure test %u\n",
173 digestname, n);
174 exit(3);
175 }
176 if (memcmp(expected, out, keylen) != 0) {
177 fprintf(stderr,
178 "Wrong result for PKCS5_PBKDF2_HMAC(%s) test %u\n",
179 digestname, n);
180 hexdump(stderr, "expected: ", expected, keylen);
181 hexdump(stderr, "result: ", out, keylen);
182 exit(2);
183 }
184 free(expected);
185 free(out);
186}
187
188int
189main(int argc,char **argv)
190{
191 unsigned int n;
192 const testdata *test = test_cases;
193
194 OpenSSL_add_all_digests();
195#ifndef OPENSSL_NO_ENGINE
196 ENGINE_load_builtin_engines();
197 ENGINE_register_all_digests();
198#endif
199
200 for (n = 0; test->pass != NULL; n++, test++) {
201 test_p5_pbkdf2(n, "sha1", test, sha1_results[n]);
202 test_p5_pbkdf2(n, "sha256", test, sha256_results[n]);
203 test_p5_pbkdf2(n, "sha512", test, sha512_results[n]);
204 }
205
206#ifndef OPENSSL_NO_ENGINE
207 ENGINE_cleanup();
208#endif
209 EVP_cleanup();
210 CRYPTO_cleanup_all_ex_data();
211 ERR_remove_thread_state(NULL);
212 ERR_free_strings();
213 return 0;
214}
diff --git a/src/regress/lib/libcrypto/pkcs7/Makefile b/src/regress/lib/libcrypto/pkcs7/Makefile
deleted file mode 100644
index aceb169e16..0000000000
--- a/src/regress/lib/libcrypto/pkcs7/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2014/07/08 15:53:53 jsing Exp $
2
3PROG= pkcs7test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/pkcs7/pkcs7test.c b/src/regress/lib/libcrypto/pkcs7/pkcs7test.c
deleted file mode 100644
index 5548307375..0000000000
--- a/src/regress/lib/libcrypto/pkcs7/pkcs7test.c
+++ /dev/null
@@ -1,289 +0,0 @@
1/* $OpenBSD: pkcs7test.c,v 1.3 2014/11/26 05:48:00 bcook Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdlib.h>
20#include <string.h>
21#include <unistd.h>
22
23#include <openssl/bio.h>
24#include <openssl/err.h>
25#include <openssl/evp.h>
26#include <openssl/pem.h>
27#include <openssl/pkcs7.h>
28#include <openssl/x509.h>
29
30const char certificate[] = "\
31-----BEGIN CERTIFICATE----- \n\
32MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV \n\
33BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT \n\
34VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt \n\
35ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMVoXDTI0MDQwMTE0NDUxMVowZDELMAkG \n\
36A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU \n\
37RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw \n\
38ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY \n\
39+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs \n\
40lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D \n\
41nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2 \n\
42x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2 \n\
43bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9 \n\
44AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG \n\
45+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B \n\
46AQUFAAOCAQEAJzA4KTjkjXGSC4He63yX9Br0DneGBzjAwc1H6f72uqnCs8m7jgkE \n\
47PQJFdTzQUKh97QPUuayZ2gl8XHagg+iWGy60Kw37gQ0+lumCN2sllvifhHU9R03H \n\
48bWtS4kue+yQjMbrzf3zWygMDgwvFOUAIgBpH9qGc+CdNu97INTYd0Mvz51vLlxRn \n\
49sC5aBYCWaZFnw3lWYxf9eVFRy9U+DkYFqX0LpmbDtcKP7AZGE6ZwSzaim+Cnoz1u \n\
50Cgn+QmpFXgJKMFIZ82iSZISn+JkCCGxctZX1lMvai4Wi8Y0HxW9FTFZ6KBNwwE4B \n\
51zjbN/ehBkgLlW/DWfi44DvwUHmuU6QP3cw== \n\
52-----END CERTIFICATE----- \n\
53";
54
55const char private_key[] = "\
56-----BEGIN RSA PRIVATE KEY----- \n\
57MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f \n\
58wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr \n\
59agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy \n\
60mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr \n\
61MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x \n\
62HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L \n\
63p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT \n\
64KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB \n\
651uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx \n\
66L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl \n\
67LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO \n\
68Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn \n\
69/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai \n\
701oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX \n\
711ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3 \n\
72NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ \n\
73zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC \n\
74mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7 \n\
755SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK \n\
76u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+ \n\
77HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV \n\
78tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn \n\
79SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh \n\
80kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww \n\
811Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw= \n\
82-----END RSA PRIVATE KEY----- \n\
83";
84
85const char message[] = "\
86Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do \r\n\
87eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut \r\n\
88enim ad minim veniam, quis nostrud exercitation ullamco laboris \r\n\
89nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor \r\n\
90in reprehenderit in voluptate velit esse cillum dolore eu fugiat \r\n\
91nulla pariatur. Excepteur sint occaecat cupidatat non proident, \r\n\
92sunt in culpa qui officia deserunt mollit anim id est laborum. \r\n\
93";
94
95static int
96x509_store_callback(int ok, X509_STORE_CTX *ctx)
97{
98 /* Pretend the certificate issuer is valid... */
99 return 1;
100}
101
102static void
103fatal(const char *msg)
104{
105 warnx("%s", msg);
106 ERR_print_errors(BIO_new_fd(STDERR_FILENO, 0));
107 exit(1);
108}
109
110static void
111message_compare(const char *out, size_t len)
112{
113 if (len != sizeof(message)) {
114 fprintf(stderr, "FAILURE: length mismatch (%zu != %zu)\n",
115 len, sizeof(message));
116 exit(1);
117 }
118 if (memcmp(out, message, len) != 0) {
119 fprintf(stderr, "FAILURE: message mismatch\n");
120 fprintf(stderr, "Got:\n%s\n", out);
121 fprintf(stderr, "Want:\n%s\n", message);
122 exit(1);
123 }
124}
125
126int
127main(int argc, char **argv)
128{
129 BIO *bio_in, *bio_content, *bio_out, *bio_cert, *bio_pkey;
130 STACK_OF(X509) *certs;
131 const EVP_CIPHER *cipher;
132 EVP_PKEY *pkey;
133 X509_STORE *store;
134 X509 *cert;
135 PKCS7 *p7;
136 size_t len;
137 char *out;
138 int flags;
139
140 ERR_load_crypto_strings();
141 OpenSSL_add_all_algorithms();
142
143 /*
144 * A bunch of setup...
145 */
146 cipher = EVP_aes_256_cbc();
147 if (cipher == NULL)
148 fatal("cipher");
149
150 certs = sk_X509_new_null();
151 if (certs == NULL)
152 fatal("sk_X509_new_null");
153
154 bio_cert = BIO_new_mem_buf((char *)certificate, sizeof(certificate));
155 if (bio_cert == NULL)
156 fatal("BIO_new_mem_buf certificate");
157
158 cert = PEM_read_bio_X509_AUX(bio_cert, NULL, NULL, NULL);
159 if (cert == NULL)
160 fatal("PEM_read_bio_X509_AUX");
161 sk_X509_push(certs, cert);
162
163 store = X509_STORE_new();
164 if (store == NULL)
165 fatal("X509_STORE_new");
166 X509_STORE_set_verify_cb(store, x509_store_callback);
167
168 bio_pkey = BIO_new_mem_buf((char *)private_key, sizeof(private_key));
169 if (bio_pkey == NULL)
170 fatal("BIO_new_mem_buf private_key");
171
172 pkey = PEM_read_bio_PrivateKey(bio_pkey, NULL, NULL, NULL);
173 if (pkey == NULL)
174 fatal("PEM_read_bio_PrivateKey");
175
176 bio_content = BIO_new_mem_buf((char *)message, sizeof(message));
177 if (bio_content == NULL)
178 fatal("BIO_new_mem_buf message");
179
180 /*
181 * Encrypt and then decrypt.
182 */
183 if (BIO_reset(bio_content) != 1)
184 fatal("BIO_reset");
185 bio_out = BIO_new(BIO_s_mem());
186 if (bio_out == NULL)
187 fatal("BIO_new");
188
189 p7 = PKCS7_encrypt(certs, bio_content, cipher, 0);
190 if (p7 == NULL)
191 fatal("PKCS7_encrypt");
192 if (PEM_write_bio_PKCS7(bio_out, p7) != 1)
193 fatal("PEM_write_bio_PKCS7");
194 PKCS7_free(p7);
195
196 bio_in = bio_out;
197 bio_out = BIO_new(BIO_s_mem());
198 if (bio_out == NULL)
199 fatal("BIO_new");
200
201 p7 = PEM_read_bio_PKCS7(bio_in, NULL, NULL, NULL);
202 if (p7 == NULL)
203 fatal("PEM_read_bio_PKCS7");
204 if (PKCS7_decrypt(p7, pkey, cert, bio_out, 0) != 1)
205 fatal("PKCS7_decrypt");
206
207 len = BIO_get_mem_data(bio_out, &out);
208 message_compare(out, len);
209
210 BIO_free(bio_out);
211
212 /*
213 * Sign and then verify.
214 */
215 if (BIO_reset(bio_content) != 1)
216 fatal("BIO_reset");
217 bio_out = BIO_new(BIO_s_mem());
218 if (bio_out == NULL)
219 fatal("BIO_new");
220
221 p7 = PKCS7_sign(cert, pkey, certs, bio_content, 0);
222 if (p7 == NULL)
223 fatal("PKCS7_sign");
224 if (PEM_write_bio_PKCS7(bio_out, p7) != 1)
225 fatal("PEM_write_bio_PKCS7");
226 PKCS7_free(p7);
227
228 bio_in = bio_out;
229 bio_out = BIO_new(BIO_s_mem());
230 if (bio_out == NULL)
231 fatal("BIO_new");
232
233 p7 = PEM_read_bio_PKCS7(bio_in, NULL, NULL, NULL);
234 if (p7 == NULL)
235 fatal("PEM_read_bio_PKCS7");
236 if (PKCS7_verify(p7, certs, store, NULL, bio_out, 0) != 1)
237 fatal("PKCS7_verify");
238
239 len = BIO_get_mem_data(bio_out, &out);
240 message_compare(out, len);
241
242 BIO_free(bio_in);
243 BIO_free(bio_out);
244
245 /*
246 * Sign and then verify with a detached signature.
247 */
248 if (BIO_reset(bio_content) != 1)
249 fatal("BIO_reset");
250 bio_out = BIO_new(BIO_s_mem());
251 if (bio_out == NULL)
252 fatal("BIO_new");
253
254 flags = PKCS7_DETACHED|PKCS7_PARTIAL;
255 p7 = PKCS7_sign(NULL, NULL, NULL, bio_content, flags);
256 if (p7 == NULL)
257 fatal("PKCS7_sign");
258 if (PKCS7_sign_add_signer(p7, cert, pkey, NULL, flags) == NULL)
259 fatal("PKCS7_sign_add_signer");
260 if (PKCS7_final(p7, bio_content, flags) != 1)
261 fatal("PKCS7_final");
262 if (PEM_write_bio_PKCS7(bio_out, p7) != 1)
263 fatal("PEM_write_bio_PKCS7");
264 PKCS7_free(p7);
265
266 /* bio_out contains only the detached signature. */
267 bio_in = bio_out;
268 if (BIO_reset(bio_content) != 1)
269 fatal("BIO_reset");
270
271 bio_out = BIO_new(BIO_s_mem());
272 if (bio_out == NULL)
273 fatal("BIO_new");
274
275 p7 = PEM_read_bio_PKCS7(bio_in, NULL, NULL, NULL);
276 if (p7 == NULL)
277 fatal("PEM_read_bio_PKCS7");
278 if (PKCS7_verify(p7, certs, store, bio_content, bio_out, flags) != 1)
279 fatal("PKCS7_verify");
280
281 len = BIO_get_mem_data(bio_out, &out);
282 message_compare(out, len);
283
284 BIO_free(bio_in);
285 BIO_free(bio_out);
286 BIO_free(bio_content);
287
288 return 0;
289}
diff --git a/src/regress/lib/libcrypto/poly1305/Makefile b/src/regress/lib/libcrypto/poly1305/Makefile
deleted file mode 100644
index 4e3096c2cd..0000000000
--- a/src/regress/lib/libcrypto/poly1305/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= poly1305test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/poly1305/poly1305test.c b/src/regress/lib/libcrypto/poly1305/poly1305test.c
deleted file mode 100644
index 3f9af0db00..0000000000
--- a/src/regress/lib/libcrypto/poly1305/poly1305test.c
+++ /dev/null
@@ -1,169 +0,0 @@
1/* $OpenBSD: poly1305test.c,v 1.3 2018/07/17 17:06:49 tb Exp $ */
2/*
3 * Public Domain poly1305 from Andrew Moon
4 * Based on poly1305-donna.c from:
5 * https://github.com/floodyberry/poly1305-donna
6 */
7
8#include <stdio.h>
9
10#include <openssl/poly1305.h>
11
12void poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes,
13 const unsigned char key[32]);
14
15int poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]);
16int poly1305_power_on_self_test(void);
17
18void
19poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes,
20const unsigned char key[32]) {
21 poly1305_context ctx;
22 CRYPTO_poly1305_init(&ctx, key);
23 CRYPTO_poly1305_update(&ctx, m, bytes);
24 CRYPTO_poly1305_finish(&ctx, mac);
25}
26
27int
28poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16])
29{
30 size_t i;
31 unsigned int dif = 0;
32 for (i = 0; i < 16; i++)
33 dif |= (mac1[i] ^ mac2[i]);
34 dif = (dif - 1) >> ((sizeof(unsigned int) * 8) - 1);
35 return (dif & 1);
36}
37
38/* test a few basic operations */
39int
40poly1305_power_on_self_test(void)
41{
42 /* example from nacl */
43 static const unsigned char nacl_key[32] = {
44 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91,
45 0x6d, 0x11, 0xc2, 0xcb, 0x21, 0x4d, 0x3c, 0x25,
46 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23, 0x4e, 0x65,
47 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80,
48 };
49
50 static const unsigned char nacl_msg[131] = {
51 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73,
52 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce,
53 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4,
54 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a,
55 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b,
56 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72,
57 0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2,
58 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38,
59 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a,
60 0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae,
61 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea,
62 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda,
63 0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde,
64 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3,
65 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6,
66 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74,
67 0xe3, 0x55, 0xa5
68 };
69
70 static const unsigned char nacl_mac[16] = {
71 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
72 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9
73 };
74
75 /* generates a final value of (2^130 - 2) == 3 */
76 static const unsigned char wrap_key[32] = {
77 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
78 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
80 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
81 };
82
83 static const unsigned char wrap_msg[16] = {
84 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
85 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
86 };
87
88 static const unsigned char wrap_mac[16] = {
89 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
91 };
92
93 /*
94 mac of the macs of messages of length 0 to 256, where the key and messages
95 have all their values set to the length
96 */
97 static const unsigned char total_key[32] = {
98 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
99 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9,
100 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
102 };
103
104 static const unsigned char total_mac[16] = {
105 0x64, 0xaf, 0xe2, 0xe8, 0xd6, 0xad, 0x7b, 0xbd,
106 0xd2, 0x87, 0xf9, 0x7c, 0x44, 0x62, 0x3d, 0x39
107 };
108
109 poly1305_context ctx;
110 poly1305_context total_ctx;
111 unsigned char all_key[32];
112 unsigned char all_msg[256];
113 unsigned char mac[16];
114 size_t i, j;
115 int result = 1;
116
117 for (i = 0; i < sizeof(mac); i++)
118 mac[i] = 0;
119 poly1305_auth(mac, nacl_msg, sizeof(nacl_msg), nacl_key);
120 result &= poly1305_verify(nacl_mac, mac);
121
122 for (i = 0; i < sizeof(mac); i++)
123 mac[i] = 0;
124 CRYPTO_poly1305_init(&ctx, nacl_key);
125 CRYPTO_poly1305_update(&ctx, nacl_msg + 0, 32);
126 CRYPTO_poly1305_update(&ctx, nacl_msg + 32, 64);
127 CRYPTO_poly1305_update(&ctx, nacl_msg + 96, 16);
128 CRYPTO_poly1305_update(&ctx, nacl_msg + 112, 8);
129 CRYPTO_poly1305_update(&ctx, nacl_msg + 120, 4);
130 CRYPTO_poly1305_update(&ctx, nacl_msg + 124, 2);
131 CRYPTO_poly1305_update(&ctx, nacl_msg + 126, 1);
132 CRYPTO_poly1305_update(&ctx, nacl_msg + 127, 1);
133 CRYPTO_poly1305_update(&ctx, nacl_msg + 128, 1);
134 CRYPTO_poly1305_update(&ctx, nacl_msg + 129, 1);
135 CRYPTO_poly1305_update(&ctx, nacl_msg + 130, 1);
136 CRYPTO_poly1305_finish(&ctx, mac);
137 result &= poly1305_verify(nacl_mac, mac);
138
139 for (i = 0; i < sizeof(mac); i++)
140 mac[i] = 0;
141 poly1305_auth(mac, wrap_msg, sizeof(wrap_msg), wrap_key);
142 result &= poly1305_verify(wrap_mac, mac);
143
144 CRYPTO_poly1305_init(&total_ctx, total_key);
145 for (i = 0; i < 256; i++) {
146 /* set key and message to 'i,i,i..' */
147 for (j = 0; j < sizeof(all_key); j++)
148 all_key[j] = i;
149 for (j = 0; j < i; j++)
150 all_msg[j] = i;
151 poly1305_auth(mac, all_msg, i, all_key);
152 CRYPTO_poly1305_update(&total_ctx, mac, 16);
153 }
154 CRYPTO_poly1305_finish(&total_ctx, mac);
155 result &= poly1305_verify(total_mac, mac);
156
157 return result;
158}
159
160int
161main(int argc, char **argv)
162{
163 if (!poly1305_power_on_self_test()) {
164 fprintf(stderr, "One or more self tests failed!\n");
165 return 1;
166 }
167
168 return 0;
169}
diff --git a/src/regress/lib/libcrypto/rand/Makefile b/src/regress/lib/libcrypto/rand/Makefile
deleted file mode 100644
index 0235a43ef1..0000000000
--- a/src/regress/lib/libcrypto/rand/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= randtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rand/randtest.c b/src/regress/lib/libcrypto/rand/randtest.c
deleted file mode 100644
index d0f02ad22d..0000000000
--- a/src/regress/lib/libcrypto/rand/randtest.c
+++ /dev/null
@@ -1,204 +0,0 @@
1/* $OpenBSD: randtest.c,v 1.3 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#undef LIBRESSL_INTERNAL /* Needed to get RAND_pseudo_bytes(). */
63#include <openssl/rand.h>
64
65/* some FIPS 140-1 random number test */
66/* some simple tests */
67
68int main(int argc,char **argv)
69 {
70 unsigned char buf[2500];
71 int i,j,k,s,sign,nsign,err=0;
72 unsigned long n1;
73 unsigned long n2[16];
74 unsigned long runs[2][34];
75 /*double d; */
76 long d;
77
78 i = RAND_pseudo_bytes(buf,2500);
79 if (i < 0)
80 {
81 printf ("init failed, the rand method is not properly installed\n");
82 err++;
83 goto err;
84 }
85
86 n1=0;
87 for (i=0; i<16; i++) n2[i]=0;
88 for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
89
90 /* test 1 and 2 */
91 sign=0;
92 nsign=0;
93 for (i=0; i<2500; i++)
94 {
95 j=buf[i];
96
97 n2[j&0x0f]++;
98 n2[(j>>4)&0x0f]++;
99
100 for (k=0; k<8; k++)
101 {
102 s=(j&0x01);
103 if (s == sign)
104 nsign++;
105 else
106 {
107 if (nsign > 34) nsign=34;
108 if (nsign != 0)
109 {
110 runs[sign][nsign-1]++;
111 if (nsign > 6)
112 runs[sign][5]++;
113 }
114 sign=s;
115 nsign=1;
116 }
117
118 if (s) n1++;
119 j>>=1;
120 }
121 }
122 if (nsign > 34) nsign=34;
123 if (nsign != 0) runs[sign][nsign-1]++;
124
125 /* test 1 */
126 if (!((9654 < n1) && (n1 < 10346)))
127 {
128 printf("test 1 failed, X=%lu\n",n1);
129 err++;
130 }
131 printf("test 1 done\n");
132
133 /* test 2 */
134 d=0;
135 for (i=0; i<16; i++)
136 d+=n2[i]*n2[i];
137 d=(d*8)/25-500000;
138 if (!((103 < d) && (d < 5740)))
139 {
140 printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
141 err++;
142 }
143 printf("test 2 done\n");
144
145 /* test 3 */
146 for (i=0; i<2; i++)
147 {
148 if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
149 {
150 printf("test 3 failed, bit=%d run=%d num=%lu\n",
151 i,1,runs[i][0]);
152 err++;
153 }
154 if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
155 {
156 printf("test 3 failed, bit=%d run=%d num=%lu\n",
157 i,2,runs[i][1]);
158 err++;
159 }
160 if (!(( 502 < runs[i][2]) && (runs[i][2] < 748)))
161 {
162 printf("test 3 failed, bit=%d run=%d num=%lu\n",
163 i,3,runs[i][2]);
164 err++;
165 }
166 if (!(( 223 < runs[i][3]) && (runs[i][3] < 402)))
167 {
168 printf("test 3 failed, bit=%d run=%d num=%lu\n",
169 i,4,runs[i][3]);
170 err++;
171 }
172 if (!(( 90 < runs[i][4]) && (runs[i][4] < 223)))
173 {
174 printf("test 3 failed, bit=%d run=%d num=%lu\n",
175 i,5,runs[i][4]);
176 err++;
177 }
178 if (!(( 90 < runs[i][5]) && (runs[i][5] < 223)))
179 {
180 printf("test 3 failed, bit=%d run=%d num=%lu\n",
181 i,6,runs[i][5]);
182 err++;
183 }
184 }
185 printf("test 3 done\n");
186
187 /* test 4 */
188 if (runs[0][33] != 0)
189 {
190 printf("test 4 failed, bit=%d run=%d num=%lu\n",
191 0,34,runs[0][33]);
192 err++;
193 }
194 if (runs[1][33] != 0)
195 {
196 printf("test 4 failed, bit=%d run=%d num=%lu\n",
197 1,34,runs[1][33]);
198 err++;
199 }
200 printf("test 4 done\n");
201 err:
202 err=((err)?1:0);
203 exit(err);
204 }
diff --git a/src/regress/lib/libcrypto/rc2/Makefile b/src/regress/lib/libcrypto/rc2/Makefile
deleted file mode 100644
index 99e7c748d7..0000000000
--- a/src/regress/lib/libcrypto/rc2/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= rc2test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rc2/rc2test.c b/src/regress/lib/libcrypto/rc2/rc2test.c
deleted file mode 100644
index a8d33077dd..0000000000
--- a/src/regress/lib/libcrypto/rc2/rc2test.c
+++ /dev/null
@@ -1,138 +0,0 @@
1/* $OpenBSD: rc2test.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
60 * RC2 modes, more of the code will be uncommented. */
61
62#include <stdio.h>
63#include <string.h>
64#include <stdlib.h>
65
66#include <openssl/rc2.h>
67
68static unsigned char RC2key[4][16]={
69 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
70 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
71 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
72 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
73 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
74 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
75 {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
76 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
77 };
78
79static unsigned char RC2plain[4][8]={
80 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
81 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
82 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
83 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
84 };
85
86static unsigned char RC2cipher[4][8]={
87 {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
88 {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
89 {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
90 {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
91 };
92/************/
93
94int main(int argc, char *argv[])
95 {
96 int i,n,err=0;
97 RC2_KEY key;
98 unsigned char buf[8],buf2[8];
99
100 for (n=0; n<4; n++)
101 {
102 RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
103
104 RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
105 if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
106 {
107 printf("ecb rc2 error encrypting\n");
108 printf("got :");
109 for (i=0; i<8; i++)
110 printf("%02X ",buf[i]);
111 printf("\n");
112 printf("expected:");
113 for (i=0; i<8; i++)
114 printf("%02X ",RC2cipher[n][i]);
115 err=20;
116 printf("\n");
117 }
118
119 RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
120 if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
121 {
122 printf("ecb RC2 error decrypting\n");
123 printf("got :");
124 for (i=0; i<8; i++)
125 printf("%02X ",buf[i]);
126 printf("\n");
127 printf("expected:");
128 for (i=0; i<8; i++)
129 printf("%02X ",RC2plain[n][i]);
130 printf("\n");
131 err=3;
132 }
133 }
134
135 if (err == 0) printf("ecb RC2 ok\n");
136
137 exit(err);
138 }
diff --git a/src/regress/lib/libcrypto/rc4/Makefile b/src/regress/lib/libcrypto/rc4/Makefile
deleted file mode 100644
index bbb62d328b..0000000000
--- a/src/regress/lib/libcrypto/rc4/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= rc4test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rc4/rc4test.c b/src/regress/lib/libcrypto/rc4/rc4test.c
deleted file mode 100644
index c1d98eb8c1..0000000000
--- a/src/regress/lib/libcrypto/rc4/rc4test.c
+++ /dev/null
@@ -1,225 +0,0 @@
1/* $OpenBSD: rc4test.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/evp.h>
64#include <openssl/rc4.h>
65#include <openssl/sha.h>
66
67static unsigned char keys[7][30]={
68 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
69 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
70 {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
71 {4,0xef,0x01,0x23,0x45},
72 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
73 {4,0xef,0x01,0x23,0x45},
74 };
75
76static unsigned char data_len[7]={8,8,8,20,28,10};
77static unsigned char data[7][30]={
78 {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
79 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
80 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
81 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
82 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
83 0x00,0x00,0x00,0x00,0xff},
84 {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
85 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
86 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
87 0x12,0x34,0x56,0x78,0xff},
88 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
89 {0},
90 };
91
92static unsigned char output[7][30]={
93 {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
94 {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
95 {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
96 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
97 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
98 0x36,0xb6,0x78,0x58,0x00},
99 {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
100 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
101 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
102 0x40,0x01,0x1e,0xcf,0x00},
103 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
104 {0},
105 };
106
107int main(int argc, char *argv[])
108 {
109 int i,err=0;
110 int j;
111 unsigned char *p;
112 RC4_KEY key;
113 unsigned char obuf[512];
114
115 OPENSSL_add_all_algorithms_noconf();
116
117 for (i=0; i<6; i++)
118 {
119 RC4_set_key(&key,keys[i][0],&(keys[i][1]));
120 memset(obuf,0x00,sizeof(obuf));
121 RC4(&key,data_len[i],&(data[i][0]),obuf);
122 if (memcmp(obuf,output[i],data_len[i]+1) != 0)
123 {
124 printf("error calculating RC4\n");
125 printf("output:");
126 for (j=0; j<data_len[i]+1; j++)
127 printf(" %02x",obuf[j]);
128 printf("\n");
129 printf("expect:");
130 p= &(output[i][0]);
131 for (j=0; j<data_len[i]+1; j++)
132 printf(" %02x",*(p++));
133 printf("\n");
134 err++;
135 }
136 else
137 printf("test %d ok\n",i);
138 }
139 printf("test end processing ");
140 for (i=0; i<data_len[3]; i++)
141 {
142 RC4_set_key(&key,keys[3][0],&(keys[3][1]));
143 memset(obuf,0x00,sizeof(obuf));
144 RC4(&key,i,&(data[3][0]),obuf);
145 if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
146 {
147 printf("error in RC4 length processing\n");
148 printf("output:");
149 for (j=0; j<i+1; j++)
150 printf(" %02x",obuf[j]);
151 printf("\n");
152 printf("expect:");
153 p= &(output[3][0]);
154 for (j=0; j<i; j++)
155 printf(" %02x",*(p++));
156 printf(" 00\n");
157 err++;
158 }
159 else
160 {
161 printf(".");
162 fflush(stdout);
163 }
164 }
165 printf("done\n");
166 printf("test multi-call ");
167 for (i=0; i<data_len[3]; i++)
168 {
169 RC4_set_key(&key,keys[3][0],&(keys[3][1]));
170 memset(obuf,0x00,sizeof(obuf));
171 RC4(&key,i,&(data[3][0]),obuf);
172 RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
173 if (memcmp(obuf,output[3],data_len[3]+1) != 0)
174 {
175 printf("error in RC4 multi-call processing\n");
176 printf("output:");
177 for (j=0; j<data_len[3]+1; j++)
178 printf(" %02x",obuf[j]);
179 printf("\n");
180 printf("expect:");
181 p= &(output[3][0]);
182 for (j=0; j<data_len[3]+1; j++)
183 printf(" %02x",*(p++));
184 err++;
185 }
186 else
187 {
188 printf(".");
189 fflush(stdout);
190 }
191 }
192 printf("done\n");
193 printf("bulk test ");
194 { unsigned char buf[513];
195 SHA_CTX c;
196 unsigned char md[SHA_DIGEST_LENGTH];
197 static unsigned char expected[]={
198 0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
199 0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
200
201 RC4_set_key(&key,keys[0][0],&(keys[3][1]));
202 memset(buf,'\0',sizeof(buf));
203 SHA1_Init(&c);
204 for (i=0;i<2571;i++) {
205 RC4(&key,sizeof(buf),buf,buf);
206 SHA1_Update(&c,buf,sizeof(buf));
207 }
208 SHA1_Final(md,&c);
209
210 if (memcmp(md,expected,sizeof(md))) {
211 printf("error in RC4 bulk test\n");
212 printf("output:");
213 for (j=0; j<(int)sizeof(md); j++)
214 printf(" %02x",md[j]);
215 printf("\n");
216 printf("expect:");
217 for (j=0; j<(int)sizeof(md); j++)
218 printf(" %02x",expected[j]);
219 printf("\n");
220 err++;
221 }
222 else printf("ok\n");
223 }
224 exit(err);
225 }
diff --git a/src/regress/lib/libcrypto/rmd/Makefile b/src/regress/lib/libcrypto/rmd/Makefile
deleted file mode 100644
index 843b6b54c9..0000000000
--- a/src/regress/lib/libcrypto/rmd/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= rmdtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rmd/rmdtest.c b/src/regress/lib/libcrypto/rmd/rmdtest.c
deleted file mode 100644
index aa6cb0174e..0000000000
--- a/src/regress/lib/libcrypto/rmd/rmdtest.c
+++ /dev/null
@@ -1,128 +0,0 @@
1/* $OpenBSD: rmdtest.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/ripemd.h>
64#include <openssl/evp.h>
65
66static char *test[]={
67 "",
68 "a",
69 "abc",
70 "message digest",
71 "abcdefghijklmnopqrstuvwxyz",
72 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
73 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
74 "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
75 NULL,
76 };
77
78static char *ret[]={
79 "9c1185a5c5e9fc54612808977ee8f548b2258d31",
80 "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
81 "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
82 "5d0689ef49d2fae572b881b123a85ffa21595f36",
83 "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
84 "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
85 "b0e20b6e3116640286ed3a87a5713079b21f5189",
86 "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
87 };
88
89static char *pt(unsigned char *md);
90int main(int argc, char *argv[])
91 {
92 int i,err=0;
93 char **P,**R;
94 char *p;
95 unsigned char md[RIPEMD160_DIGEST_LENGTH];
96
97 P=test;
98 R=ret;
99 i=1;
100 while (*P != NULL)
101 {
102 EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
103 p=pt(md);
104 if (strcmp(p,(char *)*R) != 0)
105 {
106 printf("error calculating RIPEMD160 on '%s'\n",*P);
107 printf("got %s instead of %s\n",p,*R);
108 err++;
109 }
110 else
111 printf("test %d ok\n",i);
112 i++;
113 R++;
114 P++;
115 }
116 exit(err);
117 return(0);
118 }
119
120static char *pt(unsigned char *md)
121 {
122 int i;
123 static char buf[80];
124
125 for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
126 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
127 return(buf);
128 }
diff --git a/src/regress/lib/libcrypto/rsa/Makefile b/src/regress/lib/libcrypto/rsa/Makefile
deleted file mode 100644
index ac87800492..0000000000
--- a/src/regress/lib/libcrypto/rsa/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/01/25 06:44:04 beck Exp $
2
3PROG= rsa_test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS=regress-dsatest
10
11regress-dsatest: ${PROG}
12 ./${PROG}
13 ./${PROG} -app2_1
14
15.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rsa/rsa_test.c b/src/regress/lib/libcrypto/rsa/rsa_test.c
deleted file mode 100644
index 9e7cd6f472..0000000000
--- a/src/regress/lib/libcrypto/rsa/rsa_test.c
+++ /dev/null
@@ -1,327 +0,0 @@
1/* $OpenBSD: rsa_test.c,v 1.3 2018/07/17 17:06:49 tb Exp $ */
2/*
3 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
4 *
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11/* test vectors from p1ovect1.txt */
12
13#include <stdio.h>
14#include <string.h>
15
16#include <openssl/crypto.h>
17#include <openssl/err.h>
18#include <openssl/rand.h>
19#include <openssl/bn.h>
20#ifdef OPENSSL_NO_RSA
21int main(int argc, char *argv[])
22{
23 printf("No RSA support\n");
24 return (0);
25}
26#else
27# include <openssl/rsa.h>
28
29# define SetKey \
30 key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
31 key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
32 key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
33 key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
34 key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
35 key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
36 key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
37 key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
38 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
39 return (sizeof(ctext_ex) - 1);
40
41static int key1(RSA *key, unsigned char *c)
42{
43 static unsigned char n[] =
44 "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
45 "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
46 "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
47 "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
48 "\xF5";
49
50 static unsigned char e[] = "\x11";
51
52 static unsigned char d[] =
53 "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
54 "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
55 "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
56 "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
57
58 static unsigned char p[] =
59 "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
60 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
61 "\x0D";
62
63 static unsigned char q[] =
64 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
65 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
66 "\x89";
67
68 static unsigned char dmp1[] =
69 "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
70 "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
71
72 static unsigned char dmq1[] =
73 "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
74 "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
75 "\x51";
76
77 static unsigned char iqmp[] =
78 "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
79 "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
80
81 static unsigned char ctext_ex[] =
82 "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
83 "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
84 "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
85 "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
86
87 SetKey;
88}
89
90static int key2(RSA *key, unsigned char *c)
91{
92 static unsigned char n[] =
93 "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
94 "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
95 "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
96 "\x34\x77\xCF";
97
98 static unsigned char e[] = "\x3";
99
100 static unsigned char d[] =
101 "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
102 "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
103 "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
104 "\xE5\xEB";
105
106 static unsigned char p[] =
107 "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
108 "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
109
110 static unsigned char q[] =
111 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
112 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
113
114 static unsigned char dmp1[] =
115 "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
116 "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
117
118 static unsigned char dmq1[] =
119 "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
120 "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
121
122 static unsigned char iqmp[] =
123 "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
124 "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
125
126 static unsigned char ctext_ex[] =
127 "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
128 "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
129 "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
130 "\x62\x51";
131
132 SetKey;
133}
134
135static int key3(RSA *key, unsigned char *c)
136{
137 static unsigned char n[] =
138 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
139 "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
140 "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
141 "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
142 "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
143 "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
144 "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
145 "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
146 "\xCB";
147
148 static unsigned char e[] = "\x11";
149
150 static unsigned char d[] =
151 "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
152 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
153 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
154 "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
155 "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
156 "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
157 "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
158 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
159 "\xC1";
160
161 static unsigned char p[] =
162 "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
163 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
164 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
165 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
166 "\x99";
167
168 static unsigned char q[] =
169 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
170 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
171 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
172 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
173 "\x03";
174
175 static unsigned char dmp1[] =
176 "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
177 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
178 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
179 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
180
181 static unsigned char dmq1[] =
182 "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
183 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
184 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
185 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
186
187 static unsigned char iqmp[] =
188 "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
189 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
190 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
191 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
192 "\xF7";
193
194 static unsigned char ctext_ex[] =
195 "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
196 "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
197 "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
198 "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
199 "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
200 "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
201 "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
202 "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
203
204 SetKey;
205}
206
207static int pad_unknown(void)
208{
209 unsigned long l;
210 while ((l = ERR_get_error()) != 0)
211 if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
212 return (1);
213 return (0);
214}
215
216int main(int argc, char *argv[])
217{
218 int err = 0;
219 int v;
220 RSA *key;
221 unsigned char ptext[256];
222 unsigned char ctext[256];
223 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
224 unsigned char ctext_ex[256];
225 int plen;
226 int clen = 0;
227 int num;
228 int n;
229
230 plen = sizeof(ptext_ex) - 1;
231
232 for (v = 0; v < 3; v++) {
233 key = RSA_new();
234 switch (v) {
235 case 0:
236 clen = key1(key, ctext_ex);
237 break;
238 case 1:
239 clen = key2(key, ctext_ex);
240 break;
241 case 2:
242 clen = key3(key, ctext_ex);
243 break;
244 }
245
246 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
247 RSA_PKCS1_PADDING);
248 if (num != clen) {
249 printf("PKCS#1 v1.5 encryption failed!\n");
250 err = 1;
251 goto oaep;
252 }
253
254 num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
255 if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
256 printf("PKCS#1 v1.5 decryption failed!\n");
257 err = 1;
258 } else
259 printf("PKCS #1 v1.5 encryption/decryption ok\n");
260
261 oaep:
262 ERR_clear_error();
263 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
264 RSA_PKCS1_OAEP_PADDING);
265 if (num == -1 && pad_unknown()) {
266 printf("No OAEP support\n");
267 goto next;
268 }
269 if (num != clen) {
270 printf("OAEP encryption failed!\n");
271 err = 1;
272 goto next;
273 }
274
275 num = RSA_private_decrypt(num, ctext, ptext, key,
276 RSA_PKCS1_OAEP_PADDING);
277 if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
278 printf("OAEP decryption (encrypted data) failed!\n");
279 err = 1;
280 } else if (memcmp(ctext, ctext_ex, num) == 0)
281 printf("OAEP test vector %d passed!\n", v);
282
283 /*
284 * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try
285 * decrypting ctext_ex
286 */
287
288 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
289 RSA_PKCS1_OAEP_PADDING);
290
291 if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
292 printf("OAEP decryption (test vector data) failed!\n");
293 err = 1;
294 } else
295 printf("OAEP encryption/decryption ok\n");
296
297 /* Try decrypting corrupted ciphertexts. */
298 for (n = 0; n < clen; ++n) {
299 ctext[n] ^= 1;
300 num = RSA_private_decrypt(clen, ctext, ptext, key,
301 RSA_PKCS1_OAEP_PADDING);
302 if (num > 0) {
303 printf("Corrupt data decrypted!\n");
304 err = 1;
305 break;
306 }
307 ctext[n] ^= 1;
308 }
309
310 /* Test truncated ciphertexts, as well as negative length. */
311 for (n = -1; n < clen; ++n) {
312 num = RSA_private_decrypt(n, ctext, ptext, key,
313 RSA_PKCS1_OAEP_PADDING);
314 if (num > 0) {
315 printf("Truncated data decrypted!\n");
316 err = 1;
317 break;
318 }
319 }
320
321 next:
322 RSA_free(key);
323 }
324
325 return err;
326}
327#endif
diff --git a/src/regress/lib/libcrypto/sha1/Makefile b/src/regress/lib/libcrypto/sha1/Makefile
deleted file mode 100644
index 2bb0b45ec9..0000000000
--- a/src/regress/lib/libcrypto/sha1/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= sha1test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha1/sha1test.c b/src/regress/lib/libcrypto/sha1/sha1test.c
deleted file mode 100644
index 7f28ba676f..0000000000
--- a/src/regress/lib/libcrypto/sha1/sha1test.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* $OpenBSD: sha1test.c,v 1.3 2018/07/17 17:06:50 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/sha.h>
65
66static char *test[]={
67 "abc",
68 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
69 NULL,
70 };
71
72static char *ret[]={
73 "a9993e364706816aba3e25717850c26c9cd0d89d",
74 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
75 };
76static char *bigret=
77 "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
78
79static char *pt(unsigned char *md);
80int main(int argc, char *argv[])
81 {
82 int i,err=0;
83 char **P,**R;
84 static unsigned char buf[1000];
85 char *p,*r;
86 EVP_MD_CTX c;
87 unsigned char md[SHA_DIGEST_LENGTH];
88
89 EVP_MD_CTX_init(&c);
90 P=test;
91 R=ret;
92 i=1;
93 while (*P != NULL)
94 {
95 EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
96 p=pt(md);
97 if (strcmp(p,(char *)*R) != 0)
98 {
99 printf("error calculating SHA1 on '%s'\n",*P);
100 printf("got %s instead of %s\n",p,*R);
101 err++;
102 }
103 else
104 printf("test %d ok\n",i);
105 i++;
106 R++;
107 P++;
108 }
109
110 memset(buf,'a',1000);
111 EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
112 for (i=0; i<1000; i++)
113 EVP_DigestUpdate(&c,buf,1000);
114 EVP_DigestFinal_ex(&c,md,NULL);
115 p=pt(md);
116
117 r=bigret;
118 if (strcmp(p,r) != 0)
119 {
120 printf("error calculating SHA1 on 'a' * 1000\n");
121 printf("got %s instead of %s\n",p,r);
122 err++;
123 }
124 else
125 printf("test 3 ok\n");
126
127 EVP_MD_CTX_cleanup(&c);
128 exit(err);
129 }
130
131static char *pt(unsigned char *md)
132 {
133 int i;
134 static char buf[80];
135
136 for (i=0; i<SHA_DIGEST_LENGTH; i++)
137 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
138 return(buf);
139 }
diff --git a/src/regress/lib/libcrypto/sha2/Makefile b/src/regress/lib/libcrypto/sha2/Makefile
deleted file mode 100644
index e7bccf5f24..0000000000
--- a/src/regress/lib/libcrypto/sha2/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2015/09/29 01:07:56 doug Exp $
2
3REGRESS_TARGETS=regress-sha2
4OPENSSL=/usr/bin/openssl
5
6HASHES= \
7 sha224 \
8 abc \
9 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7 \
10 sha224 \
11 abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq \
12 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525 \
13 sha256 \
14 abc \
15 ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad \
16 sha256 \
17 abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq \
18 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 \
19 sha384 \
20 abc \
21 cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 \
22 sha384 \
23 abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu \
24 09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039 \
25 sha512 \
26 abc \
27 ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f \
28 sha512 \
29 abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu \
30 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909
31
32regress-sha2:
33.for hash input output in ${HASHES}
34 @(echo -n ${input} | ${OPENSSL} ${hash} | (read a b; \
35 test $$b == ${output} || \
36 (echo wrong ${hash} hash of \"${input}\"; \
37 echo expected: ${output}; \
38 echo computed: $$b; \
39 false)))
40.endfor
41
42.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha256/Makefile b/src/regress/lib/libcrypto/sha256/Makefile
deleted file mode 100644
index 6e5f9d714b..0000000000
--- a/src/regress/lib/libcrypto/sha256/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= sha256test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha256/sha256test.c b/src/regress/lib/libcrypto/sha256/sha256test.c
deleted file mode 100644
index 9c22bc7664..0000000000
--- a/src/regress/lib/libcrypto/sha256/sha256test.c
+++ /dev/null
@@ -1,162 +0,0 @@
1/* $OpenBSD: sha256test.c,v 1.3 2018/07/17 17:06:50 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * ====================================================================
5 */
6#include <stdio.h>
7#include <string.h>
8#include <stdlib.h>
9
10#include <openssl/sha.h>
11#include <openssl/evp.h>
12
13#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
14int
15main(int argc, char *argv[])
16{
17 printf("No SHA256 support\n");
18 return (0);
19}
20#else
21
22unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
23 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
24 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
25 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
26 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad,
27};
28
29unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
30 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
31 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
32 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
33 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1,
34};
35
36unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
37 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92,
38 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
39 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e,
40 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0,
41};
42
43unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
44 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22,
45 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3,
46 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
47 0xe3, 0x6c, 0x9d, 0xa7,
48};
49
50unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
51 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc,
52 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50,
53 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
54 0x52, 0x52, 0x25, 0x25,
55};
56
57unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
58 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8,
59 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b,
60 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee,
61 0x4e, 0xe7, 0xad, 0x67,
62};
63
64int
65main(int argc, char **argv) {
66 unsigned char md[SHA256_DIGEST_LENGTH];
67 int i;
68 EVP_MD_CTX evp;
69
70 fprintf(stdout, "Testing SHA-256 ");
71
72 EVP_Digest("abc",3,md,NULL,EVP_sha256(),NULL);
73 if (memcmp(md, app_b1, sizeof(app_b1))) {
74 fflush(stdout);
75 fprintf(stderr, "\nTEST 1 of 3 failed.\n");
76 return 1;
77 }
78 fprintf(stdout, ".");
79 fflush(stdout);
80
81 EVP_Digest(
82 "abcdbcde""cdefdefg""efghfghi""ghijhijk"
83 "ijkljklm""klmnlmno""mnopnopq",
84 56, md, NULL, EVP_sha256(), NULL);
85 if (memcmp(md, app_b2, sizeof(app_b2))) {
86 fflush(stdout);
87 fprintf(stderr, "\nTEST 2 of 3 failed.\n");
88 return 1;
89 }
90 fprintf(stdout, ".");
91 fflush(stdout);
92
93 EVP_MD_CTX_init(&evp);
94 EVP_DigestInit_ex(&evp, EVP_sha256(), NULL);
95 for (i = 0; i < 1000000; i += 160)
96 EVP_DigestUpdate(&evp,
97 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
98 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
99 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
100 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
101 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
102 (1000000 - i) < 160 ? 1000000 - i : 160);
103 EVP_DigestFinal_ex(&evp, md, NULL);
104 EVP_MD_CTX_cleanup(&evp);
105
106 if (memcmp(md, app_b3, sizeof(app_b3))) {
107 fflush(stdout);
108 fprintf(stderr, "\nTEST 3 of 3 failed.\n");
109 return 1;
110 }
111 fprintf(stdout, ".");
112 fflush(stdout);
113
114 fprintf(stdout, " passed.\n"); fflush(stdout);
115
116 fprintf(stdout, "Testing SHA-224 ");
117
118 EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);
119 if (memcmp(md, addenum_1, sizeof(addenum_1))) {
120 fflush(stdout);
121 fprintf(stderr, "\nTEST 1 of 3 failed.\n");
122 return 1;
123 }
124 fprintf(stdout, ".");
125 fflush(stdout);
126
127 EVP_Digest(
128 "abcdbcde""cdefdefg""efghfghi""ghijhijk"
129 "ijkljklm""klmnlmno""mnopnopq",
130 56, md, NULL, EVP_sha224(), NULL);
131 if (memcmp(md, addenum_2, sizeof(addenum_2))) {
132 fflush(stdout);
133 fprintf(stderr, "\nTEST 2 of 3 failed.\n");
134 return 1;
135 }
136 fprintf(stdout, ".");
137 fflush(stdout);
138
139 EVP_MD_CTX_init(&evp);
140 EVP_DigestInit_ex (&evp, EVP_sha224(), NULL);
141 for (i = 0; i < 1000000; i += 64)
142 EVP_DigestUpdate(&evp,
143 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
144 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
145 (1000000 - i) < 64 ? 1000000 - i : 64);
146 EVP_DigestFinal_ex(&evp, md, NULL);
147 EVP_MD_CTX_cleanup(&evp);
148
149 if (memcmp(md, addenum_3, sizeof(addenum_3))) {
150 fflush(stdout);
151 fprintf(stderr, "\nTEST 3 of 3 failed.\n");
152 return 1;
153 }
154 fprintf(stdout, ".");
155 fflush(stdout);
156
157 fprintf(stdout, " passed.\n");
158 fflush(stdout);
159
160 return 0;
161}
162#endif
diff --git a/src/regress/lib/libcrypto/sha512/Makefile b/src/regress/lib/libcrypto/sha512/Makefile
deleted file mode 100644
index 354860eae1..0000000000
--- a/src/regress/lib/libcrypto/sha512/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= sha512test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha512/sha512test.c b/src/regress/lib/libcrypto/sha512/sha512test.c
deleted file mode 100644
index bbcec93a2b..0000000000
--- a/src/regress/lib/libcrypto/sha512/sha512test.c
+++ /dev/null
@@ -1,201 +0,0 @@
1/* $OpenBSD: sha512test.c,v 1.4 2018/07/17 17:06:50 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * ====================================================================
5 */
6#include <stdio.h>
7#include <string.h>
8#include <stdlib.h>
9
10#include <openssl/sha.h>
11#include <openssl/evp.h>
12#include <openssl/crypto.h>
13
14#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
15int
16main(int argc, char *argv[])
17{
18 printf("No SHA512 support\n");
19 return (0);
20}
21#else
22
23unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
24 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
25 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
26 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
27 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
28 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
29 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
30 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
31 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f,
32};
33
34unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
35 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
36 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
37 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
38 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
39 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
40 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
41 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
42 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09,
43};
44
45unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
46 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64,
47 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
48 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28,
49 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
50 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a,
51 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
52 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e,
53 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b,
54};
55
56unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
57 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
58 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
59 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
60 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
61 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
62 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7,
63};
64
65unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
66 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
67 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
68 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
69 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
70 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
71 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39,
72};
73
74unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
75 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb,
76 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c,
77 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52,
78 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
79 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
80 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85,
81};
82
83int
84main(int argc, char **argv) {
85 unsigned char md[SHA512_DIGEST_LENGTH];
86 int i;
87 EVP_MD_CTX evp;
88
89#ifdef OPENSSL_IA32_SSE2
90 /* Alternative to this is to call OpenSSL_add_all_algorithms...
91 * The below code is retained exclusively for debugging purposes. */
92 {
93 char *env;
94
95 if ((env=getenv("OPENSSL_ia32cap")))
96 OPENSSL_ia32cap = strtoul (env, NULL, 0);
97 }
98#endif
99
100 fprintf(stdout, "Testing SHA-512 ");
101
102 EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
103 if (memcmp(md, app_c1, sizeof(app_c1))) {
104 fflush(stdout);
105 fprintf(stderr, "\nTEST 1 of 3 failed.\n");
106 return 1;
107 }
108 fprintf(stdout, ".");
109 fflush(stdout);
110
111 EVP_Digest(
112 "abcdefgh""bcdefghi""cdefghij""defghijk"
113 "efghijkl""fghijklm""ghijklmn""hijklmno"
114 "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
115 "mnopqrst""nopqrstu",
116 112, md, NULL, EVP_sha512(), NULL);
117 if (memcmp(md, app_c2, sizeof(app_c2))) {
118 fflush(stdout);
119 fprintf(stderr, "\nTEST 2 of 3 failed.\n");
120 return 1;
121 }
122 fprintf(stdout, ".");
123 fflush(stdout);
124
125 EVP_MD_CTX_init(&evp);
126 EVP_DigestInit_ex(&evp, EVP_sha512(), NULL);
127 for (i = 0; i < 1000000; i += 288)
128 EVP_DigestUpdate(&evp,
129 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
130 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
131 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
132 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
133 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
134 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
135 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
136 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
137 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
138 (1000000 - i) < 288 ? 1000000 - i : 288);
139 EVP_DigestFinal_ex(&evp, md, NULL);
140 EVP_MD_CTX_cleanup(&evp);
141
142 if (memcmp(md, app_c3, sizeof(app_c3))) {
143 fflush(stdout);
144 fprintf(stderr, "\nTEST 3 of 3 failed.\n");
145 return 1;
146 }
147 fprintf(stdout, ".");
148 fflush(stdout);
149
150 fprintf(stdout, " passed.\n");
151 fflush(stdout);
152
153 fprintf(stdout, "Testing SHA-384 ");
154
155 EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL);
156 if (memcmp(md, app_d1, sizeof(app_d1))) {
157 fflush(stdout);
158 fprintf(stderr, "\nTEST 1 of 3 failed.\n");
159 return 1;
160 }
161 fprintf(stdout, ".");
162 fflush(stdout);
163
164 EVP_Digest(
165 "abcdefgh""bcdefghi""cdefghij""defghijk"
166 "efghijkl""fghijklm""ghijklmn""hijklmno"
167 "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
168 "mnopqrst""nopqrstu",
169 112, md, NULL, EVP_sha384(), NULL);
170 if (memcmp(md, app_d2, sizeof(app_d2))) {
171 fflush(stdout);
172 fprintf(stderr, "\nTEST 2 of 3 failed.\n");
173 return 1;
174 }
175 fprintf(stdout, ".");
176 fflush(stdout);
177
178 EVP_MD_CTX_init(&evp);
179 EVP_DigestInit_ex(&evp, EVP_sha384(), NULL);
180 for (i = 0; i < 1000000; i += 64)
181 EVP_DigestUpdate(&evp,
182 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
183 "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
184 (1000000 - i) < 64 ? 1000000 - i : 64);
185 EVP_DigestFinal_ex(&evp, md, NULL);
186 EVP_MD_CTX_cleanup(&evp);
187
188 if (memcmp(md, app_d3, sizeof(app_d3))) {
189 fflush(stdout);
190 fprintf(stderr, "\nTEST 3 of 3 failed.\n");
191 return 1;
192 }
193 fprintf(stdout, ".");
194 fflush(stdout);
195
196 fprintf(stdout, " passed.\n");
197 fflush(stdout);
198
199 return 0;
200}
201#endif
diff --git a/src/regress/lib/libcrypto/utf8/Makefile b/src/regress/lib/libcrypto/utf8/Makefile
deleted file mode 100644
index 5f06560ea5..0000000000
--- a/src/regress/lib/libcrypto/utf8/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2016/12/21 15:51:05 jsing Exp $
2
3PROG= utf8test
4CPPFLAGS+=-I${.CURDIR}/../../../../lib/libcrypto/asn1
5LDADD= ${CRYPTO_INT}
6DPADD= ${LIBCRYPTO}
7WARNINGS=Yes
8CFLAGS+= -DLIBRESSL_INTERNAL -Werror
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/utf8/utf8test.c b/src/regress/lib/libcrypto/utf8/utf8test.c
deleted file mode 100644
index e3a47d5adf..0000000000
--- a/src/regress/lib/libcrypto/utf8/utf8test.c
+++ /dev/null
@@ -1,319 +0,0 @@
1/* $OpenBSD: utf8test.c,v 1.4 2018/07/17 17:06:50 tb Exp $ */
2/*
3 * Copyright (c) 2014 Philip Guenther <guenther@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * A mostly exhaustive test of UTF-8 decoder and encoder
20 */
21
22#include <stdio.h>
23#include <string.h>
24#include <err.h>
25
26#include <openssl/asn1.h>
27#include "asn1_locl.h" /* peek into the internals */
28
29#define UNCHANGED 0xfedcba98
30
31#define ASSERT(x) \
32 do { \
33 if (!(x)) \
34 errx(1, "test failed at line %d: %s", \
35 __LINE__, #x); \
36 } while (0)
37
38int
39main(void)
40{
41 unsigned char testbuf[] = "012345";
42 const unsigned char zerobuf[sizeof testbuf] = { 0 };
43 unsigned long value;
44 unsigned int i, j, k, l;
45 int ret;
46
47 /*
48 * First, verify UTF8_getc()
49 */
50 value = UNCHANGED;
51 ret = UTF8_getc(testbuf, 0, &value);
52 ASSERT(ret == 0);
53 ASSERT(value == UNCHANGED);
54
55 /* check all valid single-byte chars */
56 for (i = 0; i < 0x80; i++) {
57 testbuf[0] = i;
58 ret = UTF8_getc(testbuf, 1, &value);
59 ASSERT(ret == 1);
60 ASSERT(value == i);
61
62 ret = UTF8_getc(testbuf, 2, &value);
63 ASSERT(ret == 1);
64 ASSERT(value == i);
65 }
66
67 /*
68 * Verify failure on all invalid initial bytes:
69 * 0x80 - 0xBF following bytes only
70 * 0xC0 - 0xC1 used to be in non-shortest forms
71 * 0xF5 - 0xFD used to be initial for 5 and 6 byte sequences
72 * 0xFE - 0xFF have never been valid in utf-8
73 */
74 for (i = 0x80; i < 0xC2; i++) {
75 value = UNCHANGED;
76 testbuf[0] = i;
77 ret = UTF8_getc(testbuf, 1, &value);
78 ASSERT(ret == -2);
79 ASSERT(value == UNCHANGED);
80 }
81 for (i = 0xF5; i < 0x100; i++) {
82 value = UNCHANGED;
83 testbuf[0] = i;
84 ret = UTF8_getc(testbuf, 1, &value);
85 ASSERT(ret == -2);
86 ASSERT(value == UNCHANGED);
87 }
88
89 /*
90 * Verify handling of all two-byte sequences
91 */
92 for (i = 0xC2; i < 0xE0; i++) {
93 testbuf[0] = i;
94
95 for (j = 0; j < 0x100; j++) {
96 testbuf[1] = j;
97
98 value = UNCHANGED;
99 ret = UTF8_getc(testbuf, 1, &value);
100 ASSERT(ret == -1);
101 ASSERT(value == UNCHANGED);
102
103 ret = UTF8_getc(testbuf, 2, &value);
104
105 /* outside range of trailing bytes */
106 if (j < 0x80 || j > 0xBF) {
107 ASSERT(ret == -3);
108 ASSERT(value == UNCHANGED);
109 continue;
110 }
111
112 /* valid */
113 ASSERT(ret == 2);
114 ASSERT((value & 0x3F) == (j & 0x3F));
115 ASSERT(value >> 6 == (i & 0x1F));
116 }
117 }
118
119 /*
120 * Verify handling of all three-byte sequences
121 */
122 for (i = 0xE0; i < 0xF0; i++) {
123 testbuf[0] = i;
124
125 for (j = 0; j < 0x100; j++) {
126 testbuf[1] = j;
127
128 for (k = 0; k < 0x100; k++) {
129 testbuf[2] = k;
130
131 value = UNCHANGED;
132 ret = UTF8_getc(testbuf, 2, &value);
133 ASSERT(ret == -1);
134 ASSERT(value == UNCHANGED);
135
136 ret = UTF8_getc(testbuf, 3, &value);
137
138 /* outside range of trailing bytes */
139 if (j < 0x80 || j > 0xBF ||
140 k < 0x80 || k > 0xBF) {
141 ASSERT(ret == -3);
142 ASSERT(value == UNCHANGED);
143 continue;
144 }
145
146 /* non-shortest form */
147 if (i == 0xE0 && j < 0xA0) {
148 ASSERT(ret == -4);
149 ASSERT(value == UNCHANGED);
150 continue;
151 }
152
153 /* surrogate pair code point */
154 if (i == 0xED && j > 0x9F) {
155 ASSERT(ret == -2);
156 ASSERT(value == UNCHANGED);
157 continue;
158 }
159
160 ASSERT(ret == 3);
161 ASSERT((value & 0x3F) == (k & 0x3F));
162 ASSERT(((value >> 6) & 0x3F) == (j & 0x3F));
163 ASSERT(value >> 12 == (i & 0x0F));
164 }
165 }
166 }
167
168 /*
169 * Verify handling of all four-byte sequences
170 */
171 for (i = 0xF0; i < 0xF5; i++) {
172 testbuf[0] = i;
173
174 for (j = 0; j < 0x100; j++) {
175 testbuf[1] = j;
176
177 for (k = 0; k < 0x100; k++) {
178 testbuf[2] = k;
179
180 for (l = 0; l < 0x100; l++) {
181 testbuf[3] = l;
182
183 value = UNCHANGED;
184 ret = UTF8_getc(testbuf, 3, &value);
185 ASSERT(ret == -1);
186 ASSERT(value == UNCHANGED);
187
188 ret = UTF8_getc(testbuf, 4, &value);
189
190 /* outside range of trailing bytes */
191 if (j < 0x80 || j > 0xBF ||
192 k < 0x80 || k > 0xBF ||
193 l < 0x80 || l > 0xBF) {
194 ASSERT(ret == -3);
195 ASSERT(value == UNCHANGED);
196 continue;
197 }
198
199 /* non-shortest form */
200 if (i == 0xF0 && j < 0x90) {
201 ASSERT(ret == -4);
202 ASSERT(value == UNCHANGED);
203 continue;
204 }
205
206 /* beyond end of UCS range */
207 if (i == 0xF4 && j > 0x8F) {
208 ASSERT(ret == -2);
209 ASSERT(value == UNCHANGED);
210 continue;
211 }
212
213 ASSERT(ret == 4);
214 ASSERT((value & 0x3F) == (l & 0x3F));
215 ASSERT(((value >> 6) & 0x3F) ==
216 (k & 0x3F));
217 ASSERT(((value >> 12) & 0x3F) ==
218 (j & 0x3F));
219 ASSERT(value >> 18 == (i & 0x07));
220 }
221 }
222 }
223 }
224
225
226 /*
227 * Next, verify UTF8_putc()
228 */
229 memset(testbuf, 0, sizeof testbuf);
230
231 /* single-byte sequences */
232 for (i = 0; i < 0x80; i++) {
233 ret = UTF8_putc(NULL, 0, i);
234 ASSERT(ret == 1);
235
236 testbuf[0] = 0;
237 ret = UTF8_putc(testbuf, 0, i);
238 ASSERT(ret == -1);
239 ASSERT(memcmp(testbuf, zerobuf, sizeof testbuf) == 0);
240
241 ret = UTF8_putc(testbuf, 1, i);
242 ASSERT(ret == 1);
243 ASSERT(testbuf[0] == i);
244 ASSERT(memcmp(testbuf+1, zerobuf, sizeof(testbuf)-1) == 0);
245 }
246
247 /* two-byte sequences */
248 for (i = 0x80; i < 0x800; i++) {
249 ret = UTF8_putc(NULL, 0, i);
250 ASSERT(ret == 2);
251
252 testbuf[0] = testbuf[1] = 0;
253 ret = UTF8_putc(testbuf, 1, i);
254 ASSERT(ret == -1);
255 ASSERT(memcmp(testbuf, zerobuf, sizeof testbuf) == 0);
256
257 ret = UTF8_putc(testbuf, 2, i);
258 ASSERT(ret == 2);
259 ASSERT(memcmp(testbuf+2, zerobuf, sizeof(testbuf)-2) == 0);
260 ret = UTF8_getc(testbuf, 2, &value);
261 ASSERT(ret == 2);
262 ASSERT(value == i);
263 }
264
265 /* three-byte sequences */
266 for (i = 0x800; i < 0x10000; i++) {
267 if (i >= 0xD800 && i < 0xE000) {
268 /* surrogates aren't valid */
269 ret = UTF8_putc(NULL, 0, i);
270 ASSERT(ret == -2);
271 continue;
272 }
273
274 ret = UTF8_putc(NULL, 0, i);
275 ASSERT(ret == 3);
276
277 testbuf[0] = testbuf[1] = testbuf[2] = 0;
278 ret = UTF8_putc(testbuf, 2, i);
279 ASSERT(ret == -1);
280 ASSERT(memcmp(testbuf, zerobuf, sizeof testbuf) == 0);
281
282 ret = UTF8_putc(testbuf, 3, i);
283 ASSERT(ret == 3);
284 ASSERT(memcmp(testbuf+3, zerobuf, sizeof(testbuf)-3) == 0);
285 ret = UTF8_getc(testbuf, 3, &value);
286 ASSERT(ret == 3);
287 ASSERT(value == i);
288 }
289
290 /* four-byte sequences */
291 for (i = 0x10000; i < 0x110000; i++) {
292 ret = UTF8_putc(NULL, 0, i);
293 ASSERT(ret == 4);
294
295 testbuf[0] = testbuf[1] = testbuf[2] = testbuf[3] = 0;
296 ret = UTF8_putc(testbuf, 3, i);
297 ASSERT(ret == -1);
298 ASSERT(memcmp(testbuf, zerobuf, sizeof testbuf) == 0);
299
300 ret = UTF8_putc(testbuf, 4, i);
301 ASSERT(ret == 4);
302 ASSERT(memcmp(testbuf+4, zerobuf, sizeof(testbuf)-4) == 0);
303 ret = UTF8_getc(testbuf, 4, &value);
304 ASSERT(ret == 4);
305 ASSERT(value == i);
306 }
307
308 /* spot check some larger values to confirm error return */
309 for (i = 0x110000; i < 0x110100; i++) {
310 ret = UTF8_putc(NULL, 0, i);
311 ASSERT(ret == -2);
312 }
313 for (value = (unsigned long)-1; value > (unsigned long)-256; value--) {
314 ret = UTF8_putc(NULL, 0, value);
315 ASSERT(ret == -2);
316 }
317
318 return 0;
319}
diff --git a/src/regress/lib/libcrypto/wycheproof/Makefile b/src/regress/lib/libcrypto/wycheproof/Makefile
deleted file mode 100644
index 4359db438c..0000000000
--- a/src/regress/lib/libcrypto/wycheproof/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2018/09/22 00:10:18 tb Exp $
2
3GO_VERSION != sh -c "(go version) 2>/dev/null || true"
4
5.if empty(GO_VERSION)
6regress:
7 @echo package go is required for this regress
8 @echo SKIPPED
9.endif
10
11CLEANFILES+=wycheproof
12REGRESS_TARGETS=regress-wycheproof
13
14audit: wycheproof
15 ./wycheproof -v
16
17wycheproof: wycheproof.go
18 go build -o wycheproof ${.CURDIR}/wycheproof.go
19
20regress-wycheproof: wycheproof
21 ./wycheproof
22
23.PHONY: audit
24
25.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
deleted file mode 100644
index 9bc4e5fd8b..0000000000
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ /dev/null
@@ -1,2211 +0,0 @@
1/* $OpenBSD: wycheproof.go,v 1.86 2018/10/20 16:02:05 tb Exp $ */
2/*
3 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19// Wycheproof runs test vectors from Project Wycheproof against libcrypto.
20package main
21
22/*
23#cgo LDFLAGS: -lcrypto
24
25#include <string.h>
26
27#include <openssl/aes.h>
28#include <openssl/bio.h>
29#include <openssl/bn.h>
30#include <openssl/cmac.h>
31#include <openssl/curve25519.h>
32#include <openssl/dsa.h>
33#include <openssl/ec.h>
34#include <openssl/ecdsa.h>
35#include <openssl/evp.h>
36#include <openssl/objects.h>
37#include <openssl/pem.h>
38#include <openssl/x509.h>
39#include <openssl/rsa.h>
40*/
41import "C"
42
43import (
44 "bytes"
45 "crypto/sha1"
46 "crypto/sha256"
47 "crypto/sha512"
48 "encoding/base64"
49 "encoding/hex"
50 "encoding/json"
51 "flag"
52 "fmt"
53 "hash"
54 "io/ioutil"
55 "log"
56 "os"
57 "path/filepath"
58 "sort"
59 "unsafe"
60)
61
62const testVectorPath = "/usr/local/share/wycheproof/testvectors"
63
64var acceptableAudit = false
65var acceptableComments map[string]int
66var acceptableFlags map[string]int
67
68type wycheproofJWKPublic struct {
69 Crv string `json:"crv"`
70 KID string `json:"kid"`
71 KTY string `json:"kty"`
72 X string `json:"x"`
73 Y string `json:"y"`
74}
75
76type wycheproofJWKPrivate struct {
77 Crv string `json:"crv"`
78 D string `json:"d"`
79 KID string `json:"kid"`
80 KTY string `json:"kty"`
81 X string `json:"x"`
82 Y string `json:"y"`
83}
84
85type wycheproofTestGroupAesCbcPkcs5 struct {
86 IVSize int `json:"ivSize"`
87 KeySize int `json:"keySize"`
88 Type string `json:"type"`
89 Tests []*wycheproofTestAesCbcPkcs5 `json:"tests"`
90}
91
92type wycheproofTestAesCbcPkcs5 struct {
93 TCID int `json:"tcId"`
94 Comment string `json:"comment"`
95 Key string `json:"key"`
96 IV string `json:"iv"`
97 Msg string `json:"msg"`
98 CT string `json:"ct"`
99 Result string `json:"result"`
100 Flags []string `json:"flags"`
101}
102
103type wycheproofTestGroupAead struct {
104 IVSize int `json:"ivSize"`
105 KeySize int `json:"keySize"`
106 TagSize int `json:"tagSize"`
107 Type string `json:"type"`
108 Tests []*wycheproofTestAead `json:"tests"`
109}
110
111type wycheproofTestAead struct {
112 TCID int `json:"tcId"`
113 Comment string `json:"comment"`
114 Key string `json:"key"`
115 IV string `json:"iv"`
116 AAD string `json:"aad"`
117 Msg string `json:"msg"`
118 CT string `json:"ct"`
119 Tag string `json:"tag"`
120 Result string `json:"result"`
121 Flags []string `json:"flags"`
122}
123
124type wycheproofTestGroupAesCmac struct {
125 KeySize int `json:"keySize"`
126 TagSize int `json:"tagSize"`
127 Type string `json:"type"`
128 Tests []*wycheproofTestAesCmac `json:"tests"`
129}
130
131type wycheproofTestAesCmac struct {
132 TCID int `json:"tcId"`
133 Comment string `json:"comment"`
134 Key string `json:"key"`
135 Msg string `json:"msg"`
136 Tag string `json:"tag"`
137 Result string `json:"result"`
138 Flags []string `json:"flags"`
139}
140
141type wycheproofDSAKey struct {
142 G string `json:"g"`
143 KeySize int `json:"keySize"`
144 P string `json:"p"`
145 Q string `json:"q"`
146 Type string `json:"type"`
147 Y string `json:"y"`
148}
149
150type wycheproofTestDSA struct {
151 TCID int `json:"tcId"`
152 Comment string `json:"comment"`
153 Msg string `json:"msg"`
154 Sig string `json:"sig"`
155 Result string `json:"result"`
156 Flags []string `json:"flags"`
157}
158
159type wycheproofTestGroupDSA struct {
160 Key *wycheproofDSAKey `json:"key"`
161 KeyDER string `json:"keyDer"`
162 KeyPEM string `json:"keyPem"`
163 SHA string `json:"sha"`
164 Type string `json:"type"`
165 Tests []*wycheproofTestDSA `json:"tests"`
166}
167
168type wycheproofTestECDH struct {
169 TCID int `json:"tcId"`
170 Comment string `json:"comment"`
171 Public string `json:"public"`
172 Private string `json:"private"`
173 Shared string `json:"shared"`
174 Result string `json:"result"`
175 Flags []string `json:"flags"`
176}
177
178type wycheproofTestGroupECDH struct {
179 Curve string `json:"curve"`
180 Encoding string `json:"encoding"`
181 Type string `json:"type"`
182 Tests []*wycheproofTestECDH `json:"tests"`
183}
184
185type wycheproofTestECDHWebCrypto struct {
186 TCID int `json:"tcId"`
187 Comment string `json:"comment"`
188 Public *wycheproofJWKPublic `json:"public"`
189 Private *wycheproofJWKPrivate `json:"private"`
190 Shared string `json:"shared"`
191 Result string `json:"result"`
192 Flags []string `json:"flags"`
193}
194
195type wycheproofTestGroupECDHWebCrypto struct {
196 Curve string `json:"curve"`
197 Encoding string `json:"encoding"`
198 Type string `json:"type"`
199 Tests []*wycheproofTestECDHWebCrypto `json:"tests"`
200}
201
202type wycheproofECDSAKey struct {
203 Curve string `json:"curve"`
204 KeySize int `json:"keySize"`
205 Type string `json:"type"`
206 Uncompressed string `json:"uncompressed"`
207 WX string `json:"wx"`
208 WY string `json:"wy"`
209}
210
211type wycheproofTestECDSA struct {
212 TCID int `json:"tcId"`
213 Comment string `json:"comment"`
214 Msg string `json:"msg"`
215 Sig string `json:"sig"`
216 Result string `json:"result"`
217 Flags []string `json:"flags"`
218}
219
220type wycheproofTestGroupECDSA struct {
221 Key *wycheproofECDSAKey `json:"key"`
222 KeyDER string `json:"keyDer"`
223 KeyPEM string `json:"keyPem"`
224 SHA string `json:"sha"`
225 Type string `json:"type"`
226 Tests []*wycheproofTestECDSA `json:"tests"`
227}
228
229type wycheproofTestGroupECDSAWebCrypto struct {
230 JWK *wycheproofJWKPublic `json:"jwk"`
231 Key *wycheproofECDSAKey `json:"key"`
232 KeyDER string `json:"keyDer"`
233 KeyPEM string `json:"keyPem"`
234 SHA string `json:"sha"`
235 Type string `json:"type"`
236 Tests []*wycheproofTestECDSA `json:"tests"`
237}
238
239type wycheproofTestKW struct {
240 TCID int `json:"tcId"`
241 Comment string `json:"comment"`
242 Key string `json:"key"`
243 Msg string `json:"msg"`
244 CT string `json:"ct"`
245 Result string `json:"result"`
246 Flags []string `json:"flags"`
247}
248
249type wycheproofTestGroupKW struct {
250 KeySize int `json:"keySize"`
251 Type string `json:"type"`
252 Tests []*wycheproofTestKW `json:"tests"`
253}
254
255type wycheproofTestRSA struct {
256 TCID int `json:"tcId"`
257 Comment string `json:"comment"`
258 Msg string `json:"msg"`
259 Sig string `json:"sig"`
260 Padding string `json:"padding"`
261 Result string `json:"result"`
262 Flags []string `json:"flags"`
263}
264
265type wycheproofTestGroupRSA struct {
266 E string `json:"e"`
267 KeyASN string `json:"keyAsn"`
268 KeyDER string `json:"keyDer"`
269 KeyPEM string `json:"keyPem"`
270 KeySize int `json:"keysize"`
271 N string `json:"n"`
272 SHA string `json:"sha"`
273 Type string `json:"type"`
274 Tests []*wycheproofTestRSA `json:"tests"`
275}
276
277type wycheproofTestRSASSA struct {
278 TCID int `json:"tcId"`
279 Comment string `json:"comment"`
280 Msg string `json:"msg"`
281 Sig string `json:"sig"`
282 Result string `json:"result"`
283 Flags []string `json:"flags"`
284}
285
286type wycheproofTestGroupRSASSA struct {
287 E string `json:"e"`
288 KeyASN string `json:"keyAsn"`
289 KeyDER string `json:"keyDer"`
290 KeyPEM string `json:"keyPem"`
291 KeySize int `json:"keysize"`
292 MGF string `json:"mgf"`
293 MGFSHA string `json:"mgfSha"`
294 N string `json:"n"`
295 SLen int `json:"sLen"`
296 SHA string `json:"sha"`
297 Type string `json:"type"`
298 Tests []*wycheproofTestRSASSA `json:"tests"`
299}
300
301type wycheproofTestX25519 struct {
302 TCID int `json:"tcId"`
303 Comment string `json:"comment"`
304 Curve string `json:"curve"`
305 Public string `json:"public"`
306 Private string `json:"private"`
307 Shared string `json:"shared"`
308 Result string `json:"result"`
309 Flags []string `json:"flags"`
310}
311
312type wycheproofTestGroupX25519 struct {
313 Curve string `json:"curve"`
314 Tests []*wycheproofTestX25519 `json:"tests"`
315}
316
317type wycheproofTestVectors struct {
318 Algorithm string `json:"algorithm"`
319 GeneratorVersion string `json:"generatorVersion"`
320 Notes map[string]string `json:"notes"`
321 NumberOfTests int `json:"numberOfTests"`
322 // Header
323 TestGroups []json.RawMessage `json:"testGroups"`
324}
325
326var nids = map[string]int{
327 "brainpoolP224r1": C.NID_brainpoolP224r1,
328 "brainpoolP256r1": C.NID_brainpoolP256r1,
329 "brainpoolP320r1": C.NID_brainpoolP320r1,
330 "brainpoolP384r1": C.NID_brainpoolP384r1,
331 "brainpoolP512r1": C.NID_brainpoolP512r1,
332 "brainpoolP224t1": C.NID_brainpoolP224t1,
333 "brainpoolP256t1": C.NID_brainpoolP256t1,
334 "brainpoolP320t1": C.NID_brainpoolP320t1,
335 "brainpoolP384t1": C.NID_brainpoolP384t1,
336 "brainpoolP512t1": C.NID_brainpoolP512t1,
337 "secp224r1": C.NID_secp224r1,
338 "secp256k1": C.NID_secp256k1,
339 "P-256K": C.NID_secp256k1,
340 "secp256r1": C.NID_X9_62_prime256v1, // RFC 8422, Table 4, p.32
341 "P-256": C.NID_X9_62_prime256v1,
342 "secp384r1": C.NID_secp384r1,
343 "P-384": C.NID_secp384r1,
344 "secp521r1": C.NID_secp521r1,
345 "P-521": C.NID_secp521r1,
346 "SHA-1": C.NID_sha1,
347 "SHA-224": C.NID_sha224,
348 "SHA-256": C.NID_sha256,
349 "SHA-384": C.NID_sha384,
350 "SHA-512": C.NID_sha512,
351}
352
353func gatherAcceptableStatistics(testcase int, comment string, flags []string) {
354 fmt.Printf("AUDIT: Test case %d (%q) %v\n", testcase, comment, flags)
355
356 if comment == "" {
357 acceptableComments["No comment"]++
358 } else {
359 acceptableComments[comment]++
360 }
361
362 if len(flags) == 0 {
363 acceptableFlags["NoFlag"]++
364 } else {
365 for _, flag := range flags {
366 acceptableFlags[flag]++
367 }
368 }
369}
370
371func printAcceptableStatistics() {
372 fmt.Printf("\nComment statistics:\n")
373
374 var comments []string
375 for comment := range acceptableComments {
376 comments = append(comments, comment)
377 }
378 sort.Strings(comments)
379 for _, comment := range comments {
380 prcomment := comment
381 if len(comment) > 45 {
382 prcomment = comment[0:42] + "..."
383 }
384 fmt.Printf("%-45v %5d\n", prcomment, acceptableComments[comment])
385 }
386
387 fmt.Printf("\nFlag statistics:\n")
388 var flags []string
389 for flag := range acceptableFlags {
390 flags = append(flags, flag)
391 }
392 sort.Strings(flags)
393 for _, flag := range flags {
394 fmt.Printf("%-45v %5d\n", flag, acceptableFlags[flag])
395 }
396}
397
398func nidFromString(ns string) (int, error) {
399 nid, ok := nids[ns]
400 if ok {
401 return nid, nil
402 }
403 return -1, fmt.Errorf("unknown NID %q", ns)
404}
405
406func hashFromString(hs string) (hash.Hash, error) {
407 switch hs {
408 case "SHA-1":
409 return sha1.New(), nil
410 case "SHA-224":
411 return sha256.New224(), nil
412 case "SHA-256":
413 return sha256.New(), nil
414 case "SHA-384":
415 return sha512.New384(), nil
416 case "SHA-512":
417 return sha512.New(), nil
418 default:
419 return nil, fmt.Errorf("unknown hash %q", hs)
420 }
421}
422
423func hashEvpMdFromString(hs string) (*C.EVP_MD, error) {
424 switch hs {
425 case "SHA-1":
426 return C.EVP_sha1(), nil
427 case "SHA-224":
428 return C.EVP_sha224(), nil
429 case "SHA-256":
430 return C.EVP_sha256(), nil
431 case "SHA-384":
432 return C.EVP_sha384(), nil
433 case "SHA-512":
434 return C.EVP_sha512(), nil
435 default:
436 return nil, fmt.Errorf("unknown hash %q", hs)
437 }
438}
439
440func checkAesCbcPkcs5(ctx *C.EVP_CIPHER_CTX, doEncrypt int, key []byte, keyLen int,
441 iv []byte, ivLen int, in []byte, inLen int, out []byte, outLen int,
442 wt *wycheproofTestAesCbcPkcs5) bool {
443 var action string
444 if doEncrypt == 1 {
445 action = "encrypting"
446 } else {
447 action = "decrypting"
448 }
449
450 ret := C.EVP_CipherInit_ex(ctx, nil, nil, (*C.uchar)(unsafe.Pointer(&key[0])),
451 (*C.uchar)(unsafe.Pointer(&iv[0])), C.int(doEncrypt))
452 if ret != 1 {
453 log.Fatalf("EVP_CipherInit_ex failed: %d", ret)
454 }
455
456 cipherOut := make([]byte, inLen + C.EVP_MAX_BLOCK_LENGTH)
457 var cipherOutLen C.int
458
459 ret = C.EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(&cipherOut[0])), &cipherOutLen,
460 (*C.uchar)(unsafe.Pointer(&in[0])), C.int(inLen))
461 if ret != 1 {
462 if wt.Result == "invalid" {
463 fmt.Printf("INFO: Test case %d (%q) [%v] %v - EVP_CipherUpdate() = %d, want %v\n",
464 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
465 return true
466 }
467 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - EVP_CipherUpdate() = %d, want %v\n",
468 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
469 return false
470 }
471
472 var finallen C.int
473 ret = C.EVP_CipherFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(&cipherOut[cipherOutLen])), &finallen)
474 if ret != 1 {
475 if wt.Result == "invalid" {
476 return true
477 }
478 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - EVP_CipherFinal_ex() = %d, want %v\n",
479 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
480 return false
481 }
482
483 cipherOutLen += finallen
484 if cipherOutLen != C.int(outLen) && wt.Result != "invalid" {
485 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - open length mismatch: got %d, want %d\n",
486 wt.TCID, wt.Comment, action, wt.Flags, cipherOutLen, outLen)
487 return false
488 }
489
490 openedMsg := out[0:cipherOutLen]
491 if outLen == 0 {
492 out = nil
493 }
494
495 success := false
496 if bytes.Equal(openedMsg, out) || wt.Result == "invalid" {
497 success = true
498 if acceptableAudit && wt.Result == "acceptable" {
499 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
500 }
501 } else {
502 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - msg match: %t; want %v\n",
503 wt.TCID, wt.Comment, action, wt.Flags, bytes.Equal(openedMsg, out), wt.Result)
504 }
505 return success
506}
507
508func runAesCbcPkcs5Test(ctx *C.EVP_CIPHER_CTX, wt *wycheproofTestAesCbcPkcs5) bool {
509 key, err := hex.DecodeString(wt.Key)
510 if err != nil {
511 log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
512 }
513 iv, err := hex.DecodeString(wt.IV)
514 if err != nil {
515 log.Fatalf("Failed to decode IV %q: %v", wt.IV, err)
516 }
517 ct, err := hex.DecodeString(wt.CT)
518 if err != nil {
519 log.Fatalf("Failed to decode CT %q: %v", wt.CT, err)
520 }
521 msg, err := hex.DecodeString(wt.Msg)
522 if err != nil {
523 log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
524 }
525
526 keyLen, ivLen, ctLen, msgLen := len(key), len(iv), len(ct), len(msg)
527
528 if keyLen == 0 {
529 key = append(key, 0)
530 }
531 if ivLen == 0 {
532 iv = append(iv, 0)
533 }
534 if ctLen == 0 {
535 ct = append(ct, 0)
536 }
537 if msgLen == 0 {
538 msg = append(msg, 0)
539 }
540
541 openSuccess := checkAesCbcPkcs5(ctx, 0, key, keyLen, iv, ivLen, ct, ctLen, msg, msgLen, wt)
542 sealSuccess := checkAesCbcPkcs5(ctx, 1, key, keyLen, iv, ivLen, msg, msgLen, ct, ctLen, wt)
543
544 return openSuccess && sealSuccess
545}
546
547func runAesCbcPkcs5TestGroup(algorithm string, wtg *wycheproofTestGroupAesCbcPkcs5) bool {
548 fmt.Printf("Running %v test group %v with IV size %d and key size %d...\n",
549 algorithm, wtg.Type, wtg.IVSize, wtg.KeySize)
550
551 var cipher *C.EVP_CIPHER
552 switch wtg.KeySize {
553 case 128:
554 cipher = C.EVP_aes_128_cbc()
555 case 192:
556 cipher = C.EVP_aes_192_cbc()
557 case 256:
558 cipher = C.EVP_aes_256_cbc()
559 default:
560 log.Fatalf("Unsupported key size: %d", wtg.KeySize)
561 }
562
563 ctx := C.EVP_CIPHER_CTX_new()
564 if ctx == nil {
565 log.Fatal("EVP_CIPHER_CTX_new() failed")
566 }
567 defer C.EVP_CIPHER_CTX_free(ctx)
568
569 ret := C.EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, 0)
570 if ret != 1 {
571 log.Fatalf("EVP_CipherInit_ex failed: %d", ret)
572 }
573
574 success := true
575 for _, wt := range wtg.Tests {
576 if !runAesCbcPkcs5Test(ctx, wt) {
577 success = false
578 }
579 }
580 return success
581}
582
583func checkAesAead(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int,
584 key []byte, keyLen int, iv []byte, ivLen int, aad []byte, aadLen int,
585 in []byte, inLen int, out []byte, outLen int, tag []byte, tagLen int,
586 wt *wycheproofTestAead) bool {
587 var ctrlSetIVLen C.int
588 var ctrlSetTag C.int
589 var ctrlGetTag C.int
590
591 doCCM := false
592 switch algorithm {
593 case "AES-CCM":
594 doCCM = true
595 ctrlSetIVLen = C.EVP_CTRL_CCM_SET_IVLEN
596 ctrlSetTag = C.EVP_CTRL_CCM_SET_TAG
597 ctrlGetTag = C.EVP_CTRL_CCM_GET_TAG
598 case "AES-GCM":
599 ctrlSetIVLen = C.EVP_CTRL_GCM_SET_IVLEN
600 ctrlSetTag = C.EVP_CTRL_GCM_SET_TAG
601 ctrlGetTag = C.EVP_CTRL_GCM_GET_TAG
602 }
603
604 setTag := unsafe.Pointer(nil)
605 var action string
606
607 if doEncrypt == 1 {
608 action = "encrypting"
609 } else {
610 action = "decrypting"
611 setTag = unsafe.Pointer(&tag[0])
612 }
613
614 ret := C.EVP_CipherInit_ex(ctx, nil, nil, nil, nil, C.int(doEncrypt))
615 if ret != 1 {
616 log.Fatalf("[%v] cipher init failed", action)
617 }
618
619 ret = C.EVP_CIPHER_CTX_ctrl(ctx, ctrlSetIVLen, C.int(ivLen), nil)
620 if ret != 1 {
621 if wt.Comment == "Nonce is too long" || wt.Comment == "Invalid nonce size" ||
622 wt.Comment == "0 size IV is not valid" {
623 return true
624 }
625 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - setting IV len to %d failed. got %d, want %v\n",
626 wt.TCID, wt.Comment, action, wt.Flags, ivLen, ret, wt.Result)
627 return false
628 }
629
630 if doEncrypt == 0 || doCCM {
631 ret = C.EVP_CIPHER_CTX_ctrl(ctx, ctrlSetTag, C.int(tagLen), setTag)
632 if ret != 1 {
633 if wt.Comment == "Invalid tag size" {
634 return true
635 }
636 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - setting tag length to %d failed. got %d, want %v\n",
637 wt.TCID, wt.Comment, action, wt.Flags, tagLen, ret, wt.Result)
638 return false
639 }
640 }
641
642 ret = C.EVP_CipherInit_ex(ctx, nil, nil, (*C.uchar)(unsafe.Pointer(&key[0])),
643 (*C.uchar)(unsafe.Pointer(&iv[0])), C.int(doEncrypt))
644 if ret != 1 {
645 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - setting key and IV failed. got %d, want %v\n",
646 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
647 return false
648 }
649
650 var cipherOutLen C.int
651 if doCCM {
652 ret = C.EVP_CipherUpdate(ctx, nil, &cipherOutLen, nil, C.int(inLen))
653 if ret != 1 {
654 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - setting input length to %d failed. got %d, want %v\n",
655 wt.TCID, wt.Comment, action, wt.Flags, inLen, ret, wt.Result)
656 return false
657 }
658 }
659
660 ret = C.EVP_CipherUpdate(ctx, nil, &cipherOutLen, (*C.uchar)(unsafe.Pointer(&aad[0])), C.int(aadLen))
661 if ret != 1 {
662 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - processing AAD failed. got %d, want %v\n",
663 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
664 return false
665 }
666
667 cipherOutLen = 0
668 cipherOut := make([]byte, inLen)
669 if inLen == 0 {
670 cipherOut = append(cipherOut, 0)
671 }
672
673 ret = C.EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(&cipherOut[0])), &cipherOutLen,
674 (*C.uchar)(unsafe.Pointer(&in[0])), C.int(inLen))
675 if ret != 1 {
676 if wt.Result == "invalid" {
677 return true
678 }
679 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - EVP_CipherUpdate() = %d, want %v\n",
680 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
681 return false
682 }
683
684 if doEncrypt == 1 {
685 var tmpLen C.int
686 dummyOut := make([]byte, 16)
687
688 ret = C.EVP_CipherFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(&dummyOut[0])), &tmpLen)
689 if ret != 1 {
690 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - EVP_CipherFinal_ex() = %d, want %v\n",
691 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
692 return false
693 }
694 cipherOutLen += tmpLen
695 }
696
697 if cipherOutLen != C.int(outLen) {
698 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - cipherOutLen %d != outLen %d. Result %v\n",
699 wt.TCID, wt.Comment, action, wt.Flags, cipherOutLen, outLen, wt.Result)
700 return false
701 }
702
703 success := true
704 if !bytes.Equal(cipherOut, out) {
705 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - expected and computed output do not match. Result: %v\n",
706 wt.TCID, wt.Comment, action, wt.Flags, wt.Result)
707 success = false
708 }
709 if doEncrypt == 1 {
710 tagOut := make([]byte, tagLen)
711 ret = C.EVP_CIPHER_CTX_ctrl(ctx, ctrlGetTag, C.int(tagLen), unsafe.Pointer(&tagOut[0]))
712 if ret != 1 {
713 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - EVP_CIPHER_CTX_ctrl() = %d, want %v\n",
714 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
715 return false
716 }
717
718 // There are no acceptable CCM cases. All acceptable GCM tests
719 // pass. They have len(IV) <= 48. NIST SP 800-38D, 5.2.1.1, p.8,
720 // allows 1 <= len(IV) <= 2^64-1, but notes:
721 // "For IVs it is recommended that implementations restrict
722 // support to the length of 96 bits, to promote
723 // interoperability, efficiency and simplicity of design."
724 if bytes.Equal(tagOut, tag) != (wt.Result == "valid" || wt.Result == "acceptable") {
725 fmt.Printf("FAIL: Test case %d (%q) [%v] %v - expected and computed tag do not match - ret: %d, Result: %v\n",
726 wt.TCID, wt.Comment, action, wt.Flags, ret, wt.Result)
727 success = false
728 }
729 if acceptableAudit && bytes.Equal(tagOut, tag) && wt.Result == "acceptable" {
730 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
731 }
732 }
733 return success
734}
735
736func runAesAeadTest(algorithm string, ctx *C.EVP_CIPHER_CTX, aead *C.EVP_AEAD, wt *wycheproofTestAead) bool {
737 key, err := hex.DecodeString(wt.Key)
738 if err != nil {
739 log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
740 }
741
742 iv, err := hex.DecodeString(wt.IV)
743 if err != nil {
744 log.Fatalf("Failed to decode IV %q: %v", wt.IV, err)
745 }
746
747 aad, err := hex.DecodeString(wt.AAD)
748 if err != nil {
749 log.Fatalf("Failed to decode AAD %q: %v", wt.AAD, err)
750 }
751
752 msg, err := hex.DecodeString(wt.Msg)
753 if err != nil {
754 log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err)
755 }
756
757 ct, err := hex.DecodeString(wt.CT)
758 if err != nil {
759 log.Fatalf("Failed to decode CT %q: %v", wt.CT, err)
760 }
761
762 tag, err := hex.DecodeString(wt.Tag)
763 if err != nil {
764 log.Fatalf("Failed to decode tag %q: %v", wt.Tag, err)
765 }
766
767 keyLen, ivLen, aadLen, msgLen, ctLen, tagLen := len(key), len(iv), len(aad), len(msg), len(ct), len(tag)
768
769 if keyLen == 0 {
770 key = append(key, 0)
771 }
772 if ivLen == 0 {
773 iv = append(iv, 0)
774 }
775 if aadLen == 0 {
776 aad = append(aad, 0)
777 }
778 if msgLen == 0 {
779 msg = append(msg, 0)
780 }
781 if ctLen == 0 {
782 ct = append(ct, 0)
783 }
784 if tagLen == 0 {
785 tag = append(tag, 0)
786 }
787
788 openEvp := checkAesAead(algorithm, ctx, 0, key, keyLen, iv, ivLen, aad, aadLen, ct, ctLen, msg, msgLen, tag, tagLen, wt)
789 sealEvp := checkAesAead(algorithm, ctx, 1, key, keyLen, iv, ivLen, aad, aadLen, msg, msgLen, ct, ctLen, tag, tagLen, wt)
790
791 openAead, sealAead := true, true
792 if aead != nil {
793 var ctx C.EVP_AEAD_CTX
794 if C.EVP_AEAD_CTX_init(&ctx, aead, (*C.uchar)(unsafe.Pointer(&key[0])), C.size_t(keyLen), C.size_t(tagLen), nil) != 1 {
795 log.Fatal("Failed to initialize AEAD context")
796 }
797 defer C.EVP_AEAD_CTX_cleanup(&ctx)
798
799 // Make sure we don't accidentally prepend or compare against a 0.
800 if ctLen == 0 {
801 ct = nil
802 }
803
804 openAead = checkAeadOpen(&ctx, iv, ivLen, aad, aadLen, msg, msgLen, ct, ctLen, tag, tagLen, wt)
805 sealAead = checkAeadSeal(&ctx, iv, ivLen, aad, aadLen, msg, msgLen, ct, ctLen, tag, tagLen, wt)
806 }
807
808 return openEvp && sealEvp && openAead && sealAead
809}
810
811func runAesAeadTestGroup(algorithm string, wtg *wycheproofTestGroupAead) bool {
812 fmt.Printf("Running %v test group %v with IV size %d, key size %d and tag size %d...\n",
813 algorithm, wtg.Type, wtg.IVSize, wtg.KeySize, wtg.TagSize)
814
815 var cipher *C.EVP_CIPHER
816 var aead *C.EVP_AEAD
817 switch algorithm {
818 case "AES-CCM":
819 switch wtg.KeySize {
820 case 128:
821 cipher = C.EVP_aes_128_ccm()
822 case 192:
823 cipher = C.EVP_aes_192_ccm()
824 case 256:
825 cipher = C.EVP_aes_256_ccm()
826 default:
827 fmt.Printf("INFO: Skipping tests with invalid key size %d\n", wtg.KeySize)
828 return true
829 }
830 case "AES-GCM":
831 switch wtg.KeySize {
832 case 128:
833 cipher = C.EVP_aes_128_gcm()
834 aead = C.EVP_aead_aes_128_gcm()
835 case 192:
836 cipher = C.EVP_aes_192_gcm()
837 case 256:
838 cipher = C.EVP_aes_256_gcm()
839 aead = C.EVP_aead_aes_256_gcm()
840 default:
841 fmt.Printf("INFO: Skipping tests with invalid key size %d\n", wtg.KeySize)
842 return true
843 }
844 default:
845 log.Fatalf("runAesAeadTestGroup() - unhandled algorithm: %v", algorithm)
846 }
847
848 ctx := C.EVP_CIPHER_CTX_new()
849 if ctx == nil {
850 log.Fatal("EVP_CIPHER_CTX_new() failed")
851 }
852 defer C.EVP_CIPHER_CTX_free(ctx)
853
854 C.EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, 1)
855
856 success := true
857 for _, wt := range wtg.Tests {
858 if !runAesAeadTest(algorithm, ctx, aead, wt) {
859 success = false
860 }
861 }
862 return success
863}
864
865func runAesCmacTest(cipher *C.EVP_CIPHER, wt *wycheproofTestAesCmac) bool {
866 key, err := hex.DecodeString(wt.Key)
867 if err != nil {
868 log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
869 }
870
871 msg, err := hex.DecodeString(wt.Msg)
872 if err != nil {
873 log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err)
874 }
875
876 tag, err := hex.DecodeString(wt.Tag)
877 if err != nil {
878 log.Fatalf("Failed to decode tag %q: %v", wt.Tag, err)
879 }
880
881 keyLen, msgLen, tagLen := len(key), len(msg), len(tag)
882
883 if keyLen == 0 {
884 key = append(key, 0)
885 }
886 if msgLen == 0 {
887 msg = append(msg, 0)
888 }
889 if tagLen == 0 {
890 tag = append(tag, 0)
891 }
892
893 ctx := C.CMAC_CTX_new()
894 if ctx == nil {
895 log.Fatal("CMAC_CTX_new failed")
896 }
897 defer C.CMAC_CTX_free(ctx)
898
899 ret := C.CMAC_Init(ctx, unsafe.Pointer(&key[0]), C.size_t(keyLen), cipher, nil)
900 if ret != 1 {
901 fmt.Printf("FAIL: Test case %d (%q) %v - CMAC_Init() = %d, want %v\n",
902 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
903 return false
904 }
905
906 ret = C.CMAC_Update(ctx, unsafe.Pointer(&msg[0]), C.size_t(msgLen))
907 if ret != 1 {
908 fmt.Printf("FAIL: Test case %d (%q) %v - CMAC_Update() = %d, want %v\n",
909 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
910 return false
911 }
912
913 var outLen C.size_t
914 outTag := make([]byte, 16)
915
916 ret = C.CMAC_Final(ctx, (*C.uchar)(unsafe.Pointer(&outTag[0])), &outLen)
917 if ret != 1 {
918 fmt.Printf("FAIL: Test case %d (%q) %v - CMAC_Final() = %d, want %v\n",
919 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
920 return false
921 }
922
923 outTag = outTag[0:tagLen]
924
925 success := true
926 if bytes.Equal(tag, outTag) != (wt.Result == "valid") {
927 fmt.Printf("FAIL: Test case %d (%q) %v - want %v\n",
928 wt.TCID, wt.Comment, wt.Flags, wt.Result)
929 success = false
930 }
931 return success
932}
933
934func runAesCmacTestGroup(algorithm string, wtg *wycheproofTestGroupAesCmac) bool {
935 fmt.Printf("Running %v test group %v with key size %d and tag size %d...\n",
936 algorithm, wtg.Type, wtg.KeySize, wtg.TagSize)
937 var cipher *C.EVP_CIPHER
938
939 switch wtg.KeySize {
940 case 128:
941 cipher = C.EVP_aes_128_cbc()
942 case 192:
943 cipher = C.EVP_aes_192_cbc()
944 case 256:
945 cipher = C.EVP_aes_256_cbc()
946 default:
947 fmt.Printf("INFO: Skipping tests with invalid key size %d\n", wtg.KeySize)
948 return true
949 }
950
951 success := true
952 for _, wt := range wtg.Tests {
953 if !runAesCmacTest(cipher, wt) {
954 success = false
955 }
956 }
957 return success
958}
959
960func checkAeadOpen(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen int, msg []byte, msgLen int,
961 ct []byte, ctLen int, tag []byte, tagLen int, wt *wycheproofTestAead) bool {
962 maxOutLen := ctLen + tagLen
963
964 opened := make([]byte, maxOutLen)
965 var openedMsgLen C.size_t
966
967 catCtTag := append(ct, tag...)
968 openRet := C.EVP_AEAD_CTX_open(ctx, (*C.uint8_t)(unsafe.Pointer(&opened[0])),
969 (*C.size_t)(unsafe.Pointer(&openedMsgLen)), C.size_t(maxOutLen),
970 (*C.uint8_t)(unsafe.Pointer(&iv[0])), C.size_t(ivLen),
971 (*C.uint8_t)(unsafe.Pointer(&catCtTag[0])), C.size_t(len(catCtTag)),
972 (*C.uint8_t)(unsafe.Pointer(&aad[0])), C.size_t(aadLen))
973
974 if openRet != 1 {
975 if wt.Result == "invalid" {
976 return true
977 }
978 fmt.Printf("FAIL: Test case %d (%q) %v - EVP_AEAD_CTX_open() = %d, want %v\n",
979 wt.TCID, wt.Comment, wt.Flags, int(openRet), wt.Result)
980 return false
981 }
982
983 if openedMsgLen != C.size_t(msgLen) {
984 fmt.Printf("FAIL: Test case %d (%q) %v - open length mismatch: got %d, want %d\n",
985 wt.TCID, wt.Comment, wt.Flags, openedMsgLen, msgLen)
986 return false
987 }
988
989 openedMsg := opened[0:openedMsgLen]
990 if msgLen == 0 {
991 msg = nil
992 }
993
994 success := false
995 if bytes.Equal(openedMsg, msg) || wt.Result == "invalid" {
996 if acceptableAudit && wt.Result == "acceptable" {
997 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
998 }
999 success = true
1000 } else {
1001 fmt.Printf("FAIL: Test case %d (%q) %v - msg match: %t; want %v\n",
1002 wt.TCID, wt.Comment, wt.Flags, bytes.Equal(openedMsg, msg), wt.Result)
1003 }
1004 return success
1005}
1006
1007func checkAeadSeal(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen int, msg []byte,
1008 msgLen int, ct []byte, ctLen int, tag []byte, tagLen int, wt *wycheproofTestAead) bool {
1009 maxOutLen := msgLen + tagLen
1010
1011 sealed := make([]byte, maxOutLen)
1012 var sealedLen C.size_t
1013
1014 sealRet := C.EVP_AEAD_CTX_seal(ctx, (*C.uint8_t)(unsafe.Pointer(&sealed[0])),
1015 (*C.size_t)(unsafe.Pointer(&sealedLen)), C.size_t(maxOutLen),
1016 (*C.uint8_t)(unsafe.Pointer(&iv[0])), C.size_t(ivLen),
1017 (*C.uint8_t)(unsafe.Pointer(&msg[0])), C.size_t(msgLen),
1018 (*C.uint8_t)(unsafe.Pointer(&aad[0])), C.size_t(aadLen))
1019
1020 if sealRet != 1 {
1021 fmt.Printf("FAIL: Test case %d (%q) %v - EVP_AEAD_CTX_seal() = %d, want %v\n",
1022 wt.TCID, wt.Comment, wt.Flags, int(sealRet), wt.Result)
1023 return false
1024 }
1025
1026 if sealedLen != C.size_t(maxOutLen) {
1027 fmt.Printf("FAIL: Test case %d (%q) %v - seal length mismatch: got %d, want %d\n",
1028 wt.TCID, wt.Comment, wt.Flags, sealedLen, maxOutLen)
1029 return false
1030 }
1031
1032 sealedCt := sealed[0:msgLen]
1033 sealedTag := sealed[msgLen:maxOutLen]
1034
1035 success := false
1036 if bytes.Equal(sealedCt, ct) && bytes.Equal(sealedTag, tag) || wt.Result == "invalid" {
1037 if acceptableAudit && wt.Result == "acceptable" {
1038 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1039 }
1040 success = true
1041 } else {
1042 fmt.Printf("FAIL: Test case %d (%q) %v - EVP_AEAD_CTX_seal() = %d, ct match: %t, tag match: %t; want %v\n",
1043 wt.TCID, wt.Comment, wt.Flags, int(sealRet),
1044 bytes.Equal(sealedCt, ct), bytes.Equal(sealedTag, tag), wt.Result)
1045 }
1046 return success
1047}
1048
1049func runChaCha20Poly1305Test(wt *wycheproofTestAead) bool {
1050 aead := C.EVP_aead_chacha20_poly1305()
1051
1052 key, err := hex.DecodeString(wt.Key)
1053 if err != nil {
1054 log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
1055 }
1056 iv, err := hex.DecodeString(wt.IV)
1057 if err != nil {
1058 log.Fatalf("Failed to decode key %q: %v", wt.IV, err)
1059 }
1060 aad, err := hex.DecodeString(wt.AAD)
1061 if err != nil {
1062 log.Fatalf("Failed to decode AAD %q: %v", wt.AAD, err)
1063 }
1064 msg, err := hex.DecodeString(wt.Msg)
1065 if err != nil {
1066 log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err)
1067 }
1068 ct, err := hex.DecodeString(wt.CT)
1069 if err != nil {
1070 log.Fatalf("Failed to decode ct %q: %v", wt.CT, err)
1071 }
1072 tag, err := hex.DecodeString(wt.Tag)
1073 if err != nil {
1074 log.Fatalf("Failed to decode tag %q: %v", wt.Tag, err)
1075 }
1076
1077 keyLen, ivLen, aadLen, msgLen, ctLen, tagLen := len(key), len(iv), len(aad), len(msg), len(ct), len(tag)
1078
1079 if ivLen == 0 {
1080 iv = append(iv, 0)
1081 }
1082 if aadLen == 0 {
1083 aad = append(aad, 0)
1084 }
1085 if msgLen == 0 {
1086 msg = append(msg, 0)
1087 }
1088
1089 var ctx C.EVP_AEAD_CTX
1090 if C.EVP_AEAD_CTX_init(&ctx, aead, (*C.uchar)(unsafe.Pointer(&key[0])), C.size_t(keyLen), C.size_t(tagLen), nil) != 1 {
1091 log.Fatal("Failed to initialize AEAD context")
1092 }
1093 defer C.EVP_AEAD_CTX_cleanup(&ctx)
1094
1095 openSuccess := checkAeadOpen(&ctx, iv, ivLen, aad, aadLen, msg, msgLen, ct, ctLen, tag, tagLen, wt)
1096 sealSuccess := checkAeadSeal(&ctx, iv, ivLen, aad, aadLen, msg, msgLen, ct, ctLen, tag, tagLen, wt)
1097
1098 return openSuccess && sealSuccess
1099}
1100
1101func runChaCha20Poly1305TestGroup(algorithm string, wtg *wycheproofTestGroupAead) bool {
1102 // We currently only support nonces of length 12 (96 bits)
1103 if wtg.IVSize != 96 {
1104 return true
1105 }
1106
1107 fmt.Printf("Running %v test group %v with IV size %d, key size %d, tag size %d...\n",
1108 algorithm, wtg.Type, wtg.IVSize, wtg.KeySize, wtg.TagSize)
1109
1110 success := true
1111 for _, wt := range wtg.Tests {
1112 if !runChaCha20Poly1305Test(wt) {
1113 success = false
1114 }
1115 }
1116 return success
1117}
1118
1119func runDSATest(dsa *C.DSA, h hash.Hash, wt *wycheproofTestDSA) bool {
1120 msg, err := hex.DecodeString(wt.Msg)
1121 if err != nil {
1122 log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
1123 }
1124
1125 h.Reset()
1126 h.Write(msg)
1127 msg = h.Sum(nil)
1128
1129 sig, err := hex.DecodeString(wt.Sig)
1130 if err != nil {
1131 log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
1132 }
1133
1134 msgLen, sigLen := len(msg), len(sig)
1135 if msgLen == 0 {
1136 msg = append(msg, 0)
1137 }
1138 if sigLen == 0 {
1139 sig = append(msg, 0)
1140 }
1141
1142 ret := C.DSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
1143 (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), dsa)
1144
1145 success := true
1146 if ret == 1 != (wt.Result == "valid") {
1147 fmt.Printf("FAIL: Test case %d (%q) %v - DSA_verify() = %d, want %v\n",
1148 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
1149 success = false
1150 }
1151 return success
1152}
1153
1154func runDSATestGroup(algorithm string, wtg *wycheproofTestGroupDSA) bool {
1155 fmt.Printf("Running %v test group %v, key size %d and %v...\n",
1156 algorithm, wtg.Type, wtg.Key.KeySize, wtg.SHA)
1157
1158 dsa := C.DSA_new()
1159 if dsa == nil {
1160 log.Fatal("DSA_new failed")
1161 }
1162 defer C.DSA_free(dsa)
1163
1164 var bnG *C.BIGNUM
1165 wg := C.CString(wtg.Key.G)
1166 if C.BN_hex2bn(&bnG, wg) == 0 {
1167 log.Fatal("Failed to decode g")
1168 }
1169 C.free(unsafe.Pointer(wg))
1170
1171 var bnP *C.BIGNUM
1172 wp := C.CString(wtg.Key.P)
1173 if C.BN_hex2bn(&bnP, wp) == 0 {
1174 log.Fatal("Failed to decode p")
1175 }
1176 C.free(unsafe.Pointer(wp))
1177
1178 var bnQ *C.BIGNUM
1179 wq := C.CString(wtg.Key.Q)
1180 if C.BN_hex2bn(&bnQ, wq) == 0 {
1181 log.Fatal("Failed to decode q")
1182 }
1183 C.free(unsafe.Pointer(wq))
1184
1185 ret := C.DSA_set0_pqg(dsa, bnP, bnQ, bnG)
1186 if ret != 1 {
1187 log.Fatalf("DSA_set0_pqg returned %d", ret)
1188 }
1189
1190 var bnY *C.BIGNUM
1191 wy := C.CString(wtg.Key.Y)
1192 if C.BN_hex2bn(&bnY, wy) == 0 {
1193 log.Fatal("Failed to decode y")
1194 }
1195 C.free(unsafe.Pointer(wy))
1196
1197 ret = C.DSA_set0_key(dsa, bnY, nil)
1198 if ret != 1 {
1199 log.Fatalf("DSA_set0_key returned %d", ret)
1200 }
1201
1202 h, err := hashFromString(wtg.SHA)
1203 if err != nil {
1204 log.Fatalf("Failed to get hash: %v", err)
1205 }
1206
1207 der, err := hex.DecodeString(wtg.KeyDER)
1208 if err != nil {
1209 log.Fatalf("Failed to decode DER encoded key: %v", err)
1210 }
1211
1212 derLen := len(der)
1213 if derLen == 0 {
1214 der = append(der, 0)
1215 }
1216
1217 Cder := (*C.uchar)(C.malloc(C.ulong(derLen)))
1218 if Cder == nil {
1219 log.Fatal("malloc failed")
1220 }
1221 C.memcpy(unsafe.Pointer(Cder), unsafe.Pointer(&der[0]), C.ulong(derLen))
1222
1223 p := (*C.uchar)(Cder)
1224 dsaDER := C.d2i_DSA_PUBKEY(nil, (**C.uchar)(&p), C.long(derLen))
1225 defer C.DSA_free(dsaDER)
1226 C.free(unsafe.Pointer(Cder))
1227
1228 keyPEM := C.CString(wtg.KeyPEM)
1229 bio := C.BIO_new_mem_buf(unsafe.Pointer(keyPEM), C.int(len(wtg.KeyPEM)))
1230 if bio == nil {
1231 log.Fatal("BIO_new_mem_buf failed")
1232 }
1233 defer C.free(unsafe.Pointer(keyPEM))
1234 defer C.BIO_free(bio)
1235
1236 dsaPEM := C.PEM_read_bio_DSA_PUBKEY(bio, nil, nil, nil)
1237 if dsaPEM == nil {
1238 log.Fatal("PEM_read_bio_DSA_PUBKEY failed")
1239 }
1240 defer C.DSA_free(dsaPEM)
1241
1242 success := true
1243 for _, wt := range wtg.Tests {
1244 if !runDSATest(dsa, h, wt) {
1245 success = false
1246 }
1247 if !runDSATest(dsaDER, h, wt) {
1248 success = false
1249 }
1250 if !runDSATest(dsaPEM, h, wt) {
1251 success = false
1252 }
1253 }
1254 return success
1255}
1256
1257func runECDHTest(nid int, doECpoint bool, wt *wycheproofTestECDH) bool {
1258 privKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1259 if privKey == nil {
1260 log.Fatalf("EC_KEY_new_by_curve_name failed")
1261 }
1262 defer C.EC_KEY_free(privKey)
1263
1264 var bnPriv *C.BIGNUM
1265 wPriv := C.CString(wt.Private)
1266 if C.BN_hex2bn(&bnPriv, wPriv) == 0 {
1267 log.Fatal("Failed to decode wPriv")
1268 }
1269 C.free(unsafe.Pointer(wPriv))
1270 defer C.BN_free(bnPriv)
1271
1272 ret := C.EC_KEY_set_private_key(privKey, bnPriv)
1273 if ret != 1 {
1274 fmt.Printf("FAIL: Test case %d (%q) %v - EC_KEY_set_private_key() = %d, want %v\n",
1275 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
1276 return false
1277 }
1278
1279 pub, err := hex.DecodeString(wt.Public)
1280 if err != nil {
1281 log.Fatalf("Failed to decode public key: %v", err)
1282 }
1283
1284 pubLen := len(pub)
1285 if pubLen == 0 {
1286 pub = append(pub, 0)
1287 }
1288
1289 Cpub := (*C.uchar)(C.malloc(C.ulong(pubLen)))
1290 if Cpub == nil {
1291 log.Fatal("malloc failed")
1292 }
1293 C.memcpy(unsafe.Pointer(Cpub), unsafe.Pointer(&pub[0]), C.ulong(pubLen))
1294
1295 p := (*C.uchar)(Cpub)
1296 var pubKey *C.EC_KEY
1297 if doECpoint {
1298 pubKey = C.EC_KEY_new_by_curve_name(C.int(nid))
1299 if pubKey == nil {
1300 log.Fatal("EC_KEY_new_by_curve_name failed")
1301 }
1302 pubKey = C.o2i_ECPublicKey(&pubKey, (**C.uchar)(&p), C.long(pubLen))
1303 } else {
1304 pubKey = C.d2i_EC_PUBKEY(nil, (**C.uchar)(&p), C.long(pubLen))
1305 }
1306 defer C.EC_KEY_free(pubKey)
1307 C.free(unsafe.Pointer(Cpub))
1308
1309 if pubKey == nil {
1310 if wt.Result == "invalid" || wt.Result == "acceptable" {
1311 return true
1312 }
1313 fmt.Printf("FAIL: Test case %d (%q) %v - ASN decoding failed: want %v\n",
1314 wt.TCID, wt.Comment, wt.Flags, wt.Result)
1315 return false
1316 }
1317
1318 privGroup := C.EC_KEY_get0_group(privKey)
1319
1320 secLen := (C.EC_GROUP_get_degree(privGroup) + 7) / 8
1321
1322 secret := make([]byte, secLen)
1323 if secLen == 0 {
1324 secret = append(secret, 0)
1325 }
1326
1327 pubPoint := C.EC_KEY_get0_public_key(pubKey)
1328
1329 ret = C.ECDH_compute_key(unsafe.Pointer(&secret[0]), C.ulong(secLen), pubPoint, privKey, nil)
1330 if ret != C.int(secLen) {
1331 if wt.Result == "invalid" {
1332 return true
1333 }
1334 fmt.Printf("FAIL: Test case %d (%q) %v - ECDH_compute_key() = %d, want %d, result: %v\n",
1335 wt.TCID, wt.Comment, wt.Flags, ret, int(secLen), wt.Result)
1336 return false
1337 }
1338
1339 shared, err := hex.DecodeString(wt.Shared)
1340 if err != nil {
1341 log.Fatalf("Failed to decode shared secret: %v", err)
1342 }
1343
1344 success := true
1345 if !bytes.Equal(shared, secret) {
1346 fmt.Printf("FAIL: Test case %d (%q) %v - expected and computed shared secret do not match, want %v\n",
1347 wt.TCID, wt.Comment, wt.Flags, wt.Result)
1348 success = false
1349 }
1350 if acceptableAudit && success && wt.Result == "acceptable" {
1351 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1352 }
1353 return success
1354}
1355
1356func runECDHTestGroup(algorithm string, wtg *wycheproofTestGroupECDH) bool {
1357 doECpoint := false
1358 if wtg.Encoding == "ecpoint" {
1359 doECpoint = true
1360 }
1361
1362 fmt.Printf("Running %v test group %v with curve %v and %v encoding...\n",
1363 algorithm, wtg.Type, wtg.Curve, wtg.Encoding)
1364
1365 nid, err := nidFromString(wtg.Curve)
1366 if err != nil {
1367 log.Fatalf("Failed to get nid for curve: %v", err)
1368 }
1369
1370 success := true
1371 for _, wt := range wtg.Tests {
1372 if !runECDHTest(nid, doECpoint, wt) {
1373 success = false
1374 }
1375 }
1376 return success
1377}
1378
1379func runECDHWebCryptoTest(nid int, wt *wycheproofTestECDHWebCrypto) bool {
1380 privKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1381 if privKey == nil {
1382 log.Fatalf("EC_KEY_new_by_curve_name failed")
1383 }
1384 defer C.EC_KEY_free(privKey)
1385
1386 d, err := base64.RawURLEncoding.DecodeString(wt.Private.D)
1387 if err != nil {
1388 log.Fatalf("Failed to base64 decode d: %v", err)
1389 }
1390 bnD := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&d[0])), C.int(len(d)), nil)
1391 if bnD == nil {
1392 log.Fatal("Failed to decode D")
1393 }
1394 defer C.BN_free(bnD)
1395
1396 ret := C.EC_KEY_set_private_key(privKey, bnD)
1397 if ret != 1 {
1398 fmt.Printf("FAIL: Test case %d (%q) %v - EC_KEY_set_private_key() = %d, want %v\n",
1399 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
1400 return false
1401 }
1402
1403 x, err := base64.RawURLEncoding.DecodeString(wt.Public.X)
1404 if err != nil {
1405 log.Fatalf("Failed to base64 decode x: %v", err)
1406 }
1407 bnX := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&x[0])), C.int(len(x)), nil)
1408 if bnX == nil {
1409 log.Fatal("Failed to decode X")
1410 }
1411 defer C.BN_free(bnX)
1412
1413 y, err := base64.RawURLEncoding.DecodeString(wt.Public.Y)
1414 if err != nil {
1415 log.Fatalf("Failed to base64 decode y: %v", err)
1416 }
1417 bnY := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&y[0])), C.int(len(y)), nil)
1418 if bnY == nil {
1419 log.Fatal("Failed to decode Y")
1420 }
1421 defer C.BN_free(bnY)
1422
1423 pubKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1424 if pubKey == nil {
1425 log.Fatal("Failed to create EC_KEY")
1426 }
1427 defer C.EC_KEY_free(pubKey)
1428
1429 ret = C.EC_KEY_set_public_key_affine_coordinates(pubKey, bnX, bnY)
1430 if ret != 1 {
1431 if wt.Result == "invalid" {
1432 return true
1433 }
1434 fmt.Printf("FAIL: Test case %d (%q) %v - EC_KEY_set_public_key_affine_coordinates() = %d, want %v\n",
1435 wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
1436 return false
1437 }
1438 pubPoint := C.EC_KEY_get0_public_key(pubKey)
1439
1440 privGroup := C.EC_KEY_get0_group(privKey)
1441
1442 secLen := (C.EC_GROUP_get_degree(privGroup) + 7) / 8
1443
1444 secret := make([]byte, secLen)
1445 if secLen == 0 {
1446 secret = append(secret, 0)
1447 }
1448
1449 ret = C.ECDH_compute_key(unsafe.Pointer(&secret[0]), C.ulong(secLen), pubPoint, privKey, nil)
1450 if ret != C.int(secLen) {
1451 if wt.Result == "invalid" {
1452 return true
1453 }
1454 fmt.Printf("FAIL: Test case %d (%q) %v - ECDH_compute_key() = %d, want %d, result: %v\n",
1455 wt.TCID, wt.Comment, wt.Flags, ret, int(secLen), wt.Result)
1456 return false
1457 }
1458
1459 shared, err := hex.DecodeString(wt.Shared)
1460 if err != nil {
1461 log.Fatalf("Failed to decode shared secret: %v", err)
1462 }
1463
1464 success := true
1465 if !bytes.Equal(shared, secret) {
1466 fmt.Printf("FAIL: Test case %d (%q) %v - expected and computed shared secret do not match, want %v\n",
1467 wt.TCID, wt.Comment, wt.Flags, wt.Result)
1468 success = false
1469 }
1470 if acceptableAudit && success && wt.Result == "acceptable" {
1471 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1472 }
1473 return success
1474}
1475
1476func runECDHWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDHWebCrypto) bool {
1477 fmt.Printf("Running %v test group %v with curve %v and %v encoding...\n",
1478 algorithm, wtg.Type, wtg.Curve, wtg.Encoding)
1479
1480 nid, err := nidFromString(wtg.Curve)
1481 if err != nil {
1482 log.Fatalf("Failed to get nid for curve: %v", err)
1483 }
1484
1485 success := true
1486 for _, wt := range wtg.Tests {
1487 if !runECDHWebCryptoTest(nid, wt) {
1488 success = false
1489 }
1490 }
1491 return success
1492}
1493
1494func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, webcrypto bool, wt *wycheproofTestECDSA) bool {
1495 msg, err := hex.DecodeString(wt.Msg)
1496 if err != nil {
1497 log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
1498 }
1499
1500 h.Reset()
1501 h.Write(msg)
1502 msg = h.Sum(nil)
1503
1504 msgLen := len(msg)
1505 if msgLen == 0 {
1506 msg = append(msg, 0)
1507 }
1508
1509 var ret C.int
1510 if webcrypto {
1511 cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
1512 if cDer == nil {
1513 fmt.Print("FAIL: unable to decode signature")
1514 return false
1515 }
1516 defer C.free(unsafe.Pointer(cDer))
1517
1518 ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
1519 (*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey)
1520 } else {
1521 sig, err := hex.DecodeString(wt.Sig)
1522 if err != nil {
1523 log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
1524 }
1525
1526 sigLen := len(sig)
1527 if sigLen == 0 {
1528 sig = append(sig, 0)
1529 }
1530 ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
1531 (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), ecKey)
1532 }
1533
1534 // XXX audit acceptable cases...
1535 success := true
1536 if ret == 1 != (wt.Result == "valid") && wt.Result != "acceptable" {
1537 fmt.Printf("FAIL: Test case %d (%q) %v - ECDSA_verify() = %d, want %v\n",
1538 wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1539 success = false
1540 }
1541 if acceptableAudit && ret == 1 && wt.Result == "acceptable" {
1542 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1543 }
1544 return success
1545}
1546
1547func runECDSATestGroup(algorithm string, wtg *wycheproofTestGroupECDSA) bool {
1548 fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n",
1549 algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
1550
1551 nid, err := nidFromString(wtg.Key.Curve)
1552 if err != nil {
1553 log.Fatalf("Failed to get nid for curve: %v", err)
1554 }
1555 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1556 if ecKey == nil {
1557 log.Fatal("EC_KEY_new_by_curve_name failed")
1558 }
1559 defer C.EC_KEY_free(ecKey)
1560
1561 var bnX *C.BIGNUM
1562 wx := C.CString(wtg.Key.WX)
1563 if C.BN_hex2bn(&bnX, wx) == 0 {
1564 log.Fatal("Failed to decode WX")
1565 }
1566 C.free(unsafe.Pointer(wx))
1567 defer C.BN_free(bnX)
1568
1569 var bnY *C.BIGNUM
1570 wy := C.CString(wtg.Key.WY)
1571 if C.BN_hex2bn(&bnY, wy) == 0 {
1572 log.Fatal("Failed to decode WY")
1573 }
1574 C.free(unsafe.Pointer(wy))
1575 defer C.BN_free(bnY)
1576
1577 if C.EC_KEY_set_public_key_affine_coordinates(ecKey, bnX, bnY) != 1 {
1578 log.Fatal("Failed to set EC public key")
1579 }
1580
1581 nid, err = nidFromString(wtg.SHA)
1582 if err != nil {
1583 log.Fatalf("Failed to get MD NID: %v", err)
1584 }
1585 h, err := hashFromString(wtg.SHA)
1586 if err != nil {
1587 log.Fatalf("Failed to get hash: %v", err)
1588 }
1589
1590 success := true
1591 for _, wt := range wtg.Tests {
1592 if !runECDSATest(ecKey, nid, h, false, wt) {
1593 success = false
1594 }
1595 }
1596 return success
1597}
1598
1599// DER encode the signature (so that ECDSA_verify() can decode and encode it again...)
1600func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
1601 cSig := C.ECDSA_SIG_new()
1602 if cSig == nil {
1603 log.Fatal("ECDSA_SIG_new() failed")
1604 }
1605 defer C.ECDSA_SIG_free(cSig)
1606
1607 sigLen := len(wtSig)
1608 r := C.CString(wtSig[:sigLen/2])
1609 s := C.CString(wtSig[sigLen/2:])
1610 defer C.free(unsafe.Pointer(r))
1611 defer C.free(unsafe.Pointer(s))
1612 if C.BN_hex2bn(&cSig.r, r) == 0 {
1613 return nil, 0
1614 }
1615 if C.BN_hex2bn(&cSig.s, s) == 0 {
1616 return nil, 0
1617 }
1618
1619 derLen := C.i2d_ECDSA_SIG(cSig, nil)
1620 if derLen == 0 {
1621 return nil, 0
1622 }
1623 cDer := (*C.uchar)(C.malloc(C.ulong(derLen)))
1624 if cDer == nil {
1625 log.Fatal("malloc failed")
1626 }
1627
1628 p := cDer
1629 ret := C.i2d_ECDSA_SIG(cSig, (**C.uchar)(&p))
1630 if ret == 0 || ret != derLen {
1631 C.free(unsafe.Pointer(cDer))
1632 return nil, 0
1633 }
1634
1635 return cDer, derLen
1636}
1637
1638func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAWebCrypto) bool {
1639 fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n",
1640 algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
1641
1642 nid, err := nidFromString(wtg.JWK.Crv)
1643 if err != nil {
1644 log.Fatalf("Failed to get nid for curve: %v", err)
1645 }
1646 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1647 if ecKey == nil {
1648 log.Fatal("EC_KEY_new_by_curve_name failed")
1649 }
1650 defer C.EC_KEY_free(ecKey)
1651
1652 x, err := base64.RawURLEncoding.DecodeString(wtg.JWK.X)
1653 if err != nil {
1654 log.Fatalf("Failed to base64 decode X: %v", err)
1655 }
1656 bnX := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&x[0])), C.int(len(x)), nil)
1657 if bnX == nil {
1658 log.Fatal("Failed to decode X")
1659 }
1660 defer C.BN_free(bnX)
1661
1662 y, err := base64.RawURLEncoding.DecodeString(wtg.JWK.Y)
1663 if err != nil {
1664 log.Fatalf("Failed to base64 decode Y: %v", err)
1665 }
1666 bnY := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&y[0])), C.int(len(y)), nil)
1667 if bnY == nil {
1668 log.Fatal("Failed to decode Y")
1669 }
1670 defer C.BN_free(bnY)
1671
1672 if C.EC_KEY_set_public_key_affine_coordinates(ecKey, bnX, bnY) != 1 {
1673 log.Fatal("Failed to set EC public key")
1674 }
1675
1676 nid, err = nidFromString(wtg.SHA)
1677 if err != nil {
1678 log.Fatalf("Failed to get MD NID: %v", err)
1679 }
1680 h, err := hashFromString(wtg.SHA)
1681 if err != nil {
1682 log.Fatalf("Failed to get hash: %v", err)
1683 }
1684
1685 success := true
1686 for _, wt := range wtg.Tests {
1687 if !runECDSATest(ecKey, nid, h, true, wt) {
1688 success = false
1689 }
1690 }
1691 return success
1692}
1693
1694func runKWTestWrap(keySize int, key []byte, keyLen int, msg []byte, msgLen int, ct []byte, ctLen int, wt *wycheproofTestKW) bool {
1695 var aesKey C.AES_KEY
1696
1697 ret := C.AES_set_encrypt_key((*C.uchar)(unsafe.Pointer(&key[0])), (C.int)(keySize), (*C.AES_KEY)(unsafe.Pointer(&aesKey)))
1698 if ret != 0 {
1699 fmt.Printf("FAIL: Test case %d (%q) %v - AES_set_encrypt_key() = %d, want %v\n",
1700 wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1701 return false
1702 }
1703
1704 outLen := msgLen + 8
1705 out := make([]byte, outLen)
1706 ret = C.AES_wrap_key((*C.AES_KEY)(unsafe.Pointer(&aesKey)), nil, (*C.uchar)(unsafe.Pointer(&out[0])), (*C.uchar)(unsafe.Pointer(&msg[0])), (C.uint)(msgLen))
1707 success := false
1708 if ret == C.int(outLen) && bytes.Equal(out, ct) {
1709 if acceptableAudit && wt.Result == "acceptable" {
1710 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1711 }
1712 if wt.Result != "invalid" {
1713 success = true
1714 }
1715 } else if wt.Result != "valid" {
1716 success = true
1717 }
1718 if !success {
1719 fmt.Printf("FAIL: Test case %d (%q) %v - msgLen = %d, AES_wrap_key() = %d, want %v\n",
1720 wt.TCID, wt.Comment, wt.Flags, msgLen, int(ret), wt.Result)
1721 }
1722 return success
1723}
1724
1725func runKWTestUnWrap(keySize int, key []byte, keyLen int, msg []byte, msgLen int, ct []byte, ctLen int, wt *wycheproofTestKW) bool {
1726 var aesKey C.AES_KEY
1727
1728 ret := C.AES_set_decrypt_key((*C.uchar)(unsafe.Pointer(&key[0])), (C.int)(keySize), (*C.AES_KEY)(unsafe.Pointer(&aesKey)))
1729 if ret != 0 {
1730 fmt.Printf("FAIL: Test case %d (%q) %v - AES_set_encrypt_key() = %d, want %v\n",
1731 wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1732 return false
1733 }
1734
1735 out := make([]byte, ctLen)
1736 if ctLen == 0 {
1737 out = append(out, 0)
1738 }
1739 ret = C.AES_unwrap_key((*C.AES_KEY)(unsafe.Pointer(&aesKey)), nil, (*C.uchar)(unsafe.Pointer(&out[0])), (*C.uchar)(unsafe.Pointer(&ct[0])), (C.uint)(ctLen))
1740 success := false
1741 if ret == C.int(ctLen - 8) && bytes.Equal(out[0:ret], msg[0:ret]) {
1742 if acceptableAudit && wt.Result == "acceptable" {
1743 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1744 }
1745 if wt.Result != "invalid" {
1746 success = true
1747 }
1748 } else if wt.Result != "valid" {
1749 success = true
1750 }
1751 if !success {
1752 fmt.Printf("FAIL: Test case %d (%q) %v - keyLen = %d, AES_unwrap_key() = %d, want %v\n",
1753 wt.TCID, wt.Comment, wt.Flags, keyLen, int(ret), wt.Result)
1754 }
1755 return success
1756}
1757
1758func runKWTest(keySize int, wt *wycheproofTestKW) bool {
1759 key, err := hex.DecodeString(wt.Key)
1760 if err != nil {
1761 log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
1762 }
1763 msg, err := hex.DecodeString(wt.Msg)
1764 if err != nil {
1765 log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err)
1766 }
1767 ct, err := hex.DecodeString(wt.CT)
1768 if err != nil {
1769 log.Fatalf("Failed to decode ct %q: %v", wt.CT, err)
1770 }
1771
1772 keyLen, msgLen, ctLen := len(key), len(msg), len(ct)
1773
1774 if keyLen == 0 {
1775 key = append(key, 0)
1776 }
1777 if msgLen == 0 {
1778 msg = append(msg, 0)
1779 }
1780 if ctLen == 0 {
1781 ct = append(ct, 0)
1782 }
1783
1784 wrapSuccess := runKWTestWrap(keySize, key, keyLen, msg, msgLen, ct, ctLen, wt)
1785 unwrapSuccess := runKWTestUnWrap(keySize, key, keyLen, msg, msgLen, ct, ctLen, wt)
1786
1787 return wrapSuccess && unwrapSuccess
1788}
1789
1790func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool {
1791 fmt.Printf("Running %v test group %v with key size %d...\n",
1792 algorithm, wtg.Type, wtg.KeySize)
1793
1794 success := true
1795 for _, wt := range wtg.Tests {
1796 if !runKWTest(wtg.KeySize, wt) {
1797 success = false
1798 }
1799 }
1800 return success
1801}
1802
1803func runRSASSATest(rsa *C.RSA, h hash.Hash, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLen int, wt *wycheproofTestRSASSA) bool {
1804 msg, err := hex.DecodeString(wt.Msg)
1805 if err != nil {
1806 log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
1807 }
1808
1809 h.Reset()
1810 h.Write(msg)
1811 msg = h.Sum(nil)
1812
1813 sig, err := hex.DecodeString(wt.Sig)
1814 if err != nil {
1815 log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
1816 }
1817
1818 msgLen, sigLen := len(msg), len(sig)
1819 if msgLen == 0 {
1820 msg = append(msg, 0)
1821 }
1822 if sigLen == 0 {
1823 sig = append(sig, 0)
1824 }
1825
1826 sigOut := make([]byte, C.RSA_size(rsa) - 11)
1827 if sigLen == 0 {
1828 sigOut = append(sigOut, 0)
1829 }
1830
1831 ret := C.RSA_public_decrypt(C.int(sigLen), (*C.uchar)(unsafe.Pointer(&sig[0])),
1832 (*C.uchar)(unsafe.Pointer(&sigOut[0])), rsa, C.RSA_NO_PADDING)
1833 if ret == -1 {
1834 if wt.Result == "invalid" {
1835 return true
1836 }
1837 fmt.Printf("FAIL: Test case %d (%q) %v - RSA_public_decrypt() = %d, want %v\n",
1838 wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1839 return false
1840 }
1841
1842 ret = C.RSA_verify_PKCS1_PSS_mgf1(rsa, (*C.uchar)(unsafe.Pointer(&msg[0])), sha, mgfSha,
1843 (*C.uchar)(unsafe.Pointer(&sigOut[0])), C.int(sLen))
1844
1845 success := false
1846 if ret == 1 && (wt.Result == "valid" || wt.Result == "acceptable") {
1847 // All acceptable cases that pass use SHA-1 and are flagged:
1848 // "WeakHash" : "The key for this test vector uses a weak hash function."
1849 if acceptableAudit && wt.Result == "acceptable" {
1850 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1851 }
1852 success = true
1853 } else if ret == 0 && (wt.Result == "invalid" || wt.Result == "acceptable") {
1854 success = true
1855 } else {
1856 fmt.Printf("FAIL: Test case %d (%q) %v - RSA_verify_PKCS1_PSS_mgf1() = %d, want %v\n",
1857 wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1858 }
1859 return success
1860}
1861
1862func runRSASSATestGroup(algorithm string, wtg *wycheproofTestGroupRSASSA) bool {
1863 fmt.Printf("Running %v test group %v with key size %d and %v...\n",
1864 algorithm, wtg.Type, wtg.KeySize, wtg.SHA)
1865 rsa := C.RSA_new()
1866 if rsa == nil {
1867 log.Fatal("RSA_new failed")
1868 }
1869 defer C.RSA_free(rsa)
1870
1871 e := C.CString(wtg.E)
1872 if C.BN_hex2bn(&rsa.e, e) == 0 {
1873 log.Fatal("Failed to set RSA e")
1874 }
1875 C.free(unsafe.Pointer(e))
1876
1877 n := C.CString(wtg.N)
1878 if C.BN_hex2bn(&rsa.n, n) == 0 {
1879 log.Fatal("Failed to set RSA n")
1880 }
1881 C.free(unsafe.Pointer(n))
1882
1883 h, err := hashFromString(wtg.SHA)
1884 if err != nil {
1885 log.Fatalf("Failed to get hash: %v", err)
1886 }
1887
1888 sha, err := hashEvpMdFromString(wtg.SHA)
1889 if err != nil {
1890 log.Fatalf("Failed to get hash: %v", err)
1891 }
1892
1893 mgfSha, err := hashEvpMdFromString(wtg.MGFSHA)
1894 if err != nil {
1895 log.Fatalf("Failed to get MGF hash: %v", err)
1896 }
1897
1898 success := true
1899 for _, wt := range wtg.Tests {
1900 if !runRSASSATest(rsa, h, sha, mgfSha, wtg.SLen, wt) {
1901 success = false
1902 }
1903 }
1904 return success
1905}
1906
1907func runRSATest(rsa *C.RSA, nid int, h hash.Hash, wt *wycheproofTestRSA) bool {
1908 msg, err := hex.DecodeString(wt.Msg)
1909 if err != nil {
1910 log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
1911 }
1912
1913 h.Reset()
1914 h.Write(msg)
1915 msg = h.Sum(nil)
1916
1917 sig, err := hex.DecodeString(wt.Sig)
1918 if err != nil {
1919 log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
1920 }
1921
1922 msgLen, sigLen := len(msg), len(sig)
1923 if msgLen == 0 {
1924 msg = append(msg, 0)
1925 }
1926 if sigLen == 0 {
1927 sig = append(sig, 0)
1928 }
1929
1930 ret := C.RSA_verify(C.int(nid), (*C.uchar)(unsafe.Pointer(&msg[0])), C.uint(msgLen),
1931 (*C.uchar)(unsafe.Pointer(&sig[0])), C.uint(sigLen), rsa)
1932
1933 // XXX audit acceptable cases...
1934 success := true
1935 if ret == 1 != (wt.Result == "valid") && wt.Result != "acceptable" {
1936 fmt.Printf("FAIL: Test case %d (%q) %v - RSA_verify() = %d, want %v\n",
1937 wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1938 success = false
1939 }
1940 if acceptableAudit && ret == 1 && wt.Result == "acceptable" {
1941 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1942 }
1943 return success
1944}
1945
1946func runRSATestGroup(algorithm string, wtg *wycheproofTestGroupRSA) bool {
1947 fmt.Printf("Running %v test group %v with key size %d and %v...\n",
1948 algorithm, wtg.Type, wtg.KeySize, wtg.SHA)
1949
1950 rsa := C.RSA_new()
1951 if rsa == nil {
1952 log.Fatal("RSA_new failed")
1953 }
1954 defer C.RSA_free(rsa)
1955
1956 e := C.CString(wtg.E)
1957 if C.BN_hex2bn(&rsa.e, e) == 0 {
1958 log.Fatal("Failed to set RSA e")
1959 }
1960 C.free(unsafe.Pointer(e))
1961
1962 n := C.CString(wtg.N)
1963 if C.BN_hex2bn(&rsa.n, n) == 0 {
1964 log.Fatal("Failed to set RSA n")
1965 }
1966 C.free(unsafe.Pointer(n))
1967
1968 nid, err := nidFromString(wtg.SHA)
1969 if err != nil {
1970 log.Fatalf("Failed to get MD NID: %v", err)
1971 }
1972 h, err := hashFromString(wtg.SHA)
1973 if err != nil {
1974 log.Fatalf("Failed to get hash: %v", err)
1975 }
1976
1977 success := true
1978 for _, wt := range wtg.Tests {
1979 if !runRSATest(rsa, nid, h, wt) {
1980 success = false
1981 }
1982 }
1983 return success
1984}
1985
1986func runX25519Test(wt *wycheproofTestX25519) bool {
1987 public, err := hex.DecodeString(wt.Public)
1988 if err != nil {
1989 log.Fatalf("Failed to decode public %q: %v", wt.Public, err)
1990 }
1991 private, err := hex.DecodeString(wt.Private)
1992 if err != nil {
1993 log.Fatalf("Failed to decode private %q: %v", wt.Private, err)
1994 }
1995 shared, err := hex.DecodeString(wt.Shared)
1996 if err != nil {
1997 log.Fatalf("Failed to decode shared %q: %v", wt.Shared, err)
1998 }
1999
2000 got := make([]byte, C.X25519_KEY_LENGTH)
2001 result := true
2002
2003 if C.X25519((*C.uint8_t)(unsafe.Pointer(&got[0])), (*C.uint8_t)(unsafe.Pointer(&private[0])), (*C.uint8_t)(unsafe.Pointer(&public[0]))) != 1 {
2004 result = false
2005 } else {
2006 result = bytes.Equal(got, shared)
2007 }
2008
2009 // XXX audit acceptable cases...
2010 success := true
2011 if result != (wt.Result == "valid") && wt.Result != "acceptable" {
2012 fmt.Printf("FAIL: Test case %d (%q) %v - X25519(), want %v\n",
2013 wt.TCID, wt.Comment, wt.Flags, wt.Result)
2014 success = false
2015 }
2016 if acceptableAudit && result && wt.Result == "acceptable" {
2017 gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
2018 }
2019 return success
2020}
2021
2022func runX25519TestGroup(algorithm string, wtg *wycheproofTestGroupX25519) bool {
2023 fmt.Printf("Running %v test group with curve %v...\n", algorithm, wtg.Curve)
2024
2025 success := true
2026 for _, wt := range wtg.Tests {
2027 if !runX25519Test(wt) {
2028 success = false
2029 }
2030 }
2031 return success
2032}
2033
2034func runTestVectors(path string, webcrypto bool) bool {
2035 b, err := ioutil.ReadFile(path)
2036 if err != nil {
2037 log.Fatalf("Failed to read test vectors: %v", err)
2038 }
2039 wtv := &wycheproofTestVectors{}
2040 if err := json.Unmarshal(b, wtv); err != nil {
2041 log.Fatalf("Failed to unmarshal JSON: %v", err)
2042 }
2043 fmt.Printf("Loaded Wycheproof test vectors for %v with %d tests from %q\n",
2044 wtv.Algorithm, wtv.NumberOfTests, filepath.Base(path))
2045
2046 var wtg interface{}
2047 switch wtv.Algorithm {
2048 case "AES-CBC-PKCS5":
2049 wtg = &wycheproofTestGroupAesCbcPkcs5{}
2050 case "AES-CCM":
2051 wtg = &wycheproofTestGroupAead{}
2052 case "AES-CMAC":
2053 wtg = &wycheproofTestGroupAesCmac{}
2054 case "AES-GCM":
2055 wtg = &wycheproofTestGroupAead{}
2056 case "CHACHA20-POLY1305":
2057 wtg = &wycheproofTestGroupAead{}
2058 case "DSA":
2059 wtg = &wycheproofTestGroupDSA{}
2060 case "ECDH":
2061 if webcrypto {
2062 wtg = &wycheproofTestGroupECDHWebCrypto{}
2063 } else {
2064 wtg = &wycheproofTestGroupECDH{}
2065 }
2066 case "ECDSA":
2067 if webcrypto {
2068 wtg = &wycheproofTestGroupECDSAWebCrypto{}
2069 } else {
2070 wtg = &wycheproofTestGroupECDSA{}
2071 }
2072 case "KW":
2073 wtg = &wycheproofTestGroupKW{}
2074 case "RSASSA-PSS":
2075 wtg = &wycheproofTestGroupRSASSA{}
2076 case "RSASig":
2077 wtg = &wycheproofTestGroupRSA{}
2078 case "X25519":
2079 wtg = &wycheproofTestGroupX25519{}
2080 default:
2081 log.Fatalf("Unknown test vector algorithm %q", wtv.Algorithm)
2082 }
2083
2084 success := true
2085 for _, tg := range wtv.TestGroups {
2086 if err := json.Unmarshal(tg, wtg); err != nil {
2087 log.Fatalf("Failed to unmarshal test groups JSON: %v", err)
2088 }
2089 switch wtv.Algorithm {
2090 case "AES-CBC-PKCS5":
2091 if !runAesCbcPkcs5TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAesCbcPkcs5)) {
2092 success = false
2093 }
2094 case "AES-CCM":
2095 if !runAesAeadTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAead)) {
2096 success = false
2097 }
2098 case "AES-CMAC":
2099 if !runAesCmacTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAesCmac)) {
2100 success = false
2101 }
2102 case "AES-GCM":
2103 if !runAesAeadTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAead)) {
2104 success = false
2105 }
2106 case "CHACHA20-POLY1305":
2107 if !runChaCha20Poly1305TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAead)) {
2108 success = false
2109 }
2110 case "DSA":
2111 if !runDSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupDSA)) {
2112 success = false
2113 }
2114 case "ECDH":
2115 if webcrypto {
2116 if !runECDHWebCryptoTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupECDHWebCrypto)) {
2117 success = false
2118 }
2119 } else {
2120 if !runECDHTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupECDH)) {
2121 success = false
2122 }
2123 }
2124 case "ECDSA":
2125 if webcrypto {
2126 if !runECDSAWebCryptoTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupECDSAWebCrypto)) {
2127 success = false
2128 }
2129 } else {
2130 if !runECDSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupECDSA)) {
2131 success = false
2132 }
2133 }
2134 case "KW":
2135 if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {
2136 success = false
2137 }
2138 case "RSASSA-PSS":
2139 if !runRSASSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSASSA)) {
2140 success = false
2141 }
2142 case "RSASig":
2143 if !runRSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSA)) {
2144 success = false
2145 }
2146 case "X25519":
2147 if !runX25519TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupX25519)) {
2148 success = false
2149 }
2150 default:
2151 log.Fatalf("Unknown test vector algorithm %q", wtv.Algorithm)
2152 }
2153 }
2154 return success
2155}
2156
2157func main() {
2158 if _, err := os.Stat(testVectorPath); os.IsNotExist(err) {
2159 fmt.Printf("package wycheproof-testvectors is required for this regress\n")
2160 fmt.Printf("SKIPPED\n")
2161 os.Exit(0)
2162 }
2163
2164 flag.BoolVar(&acceptableAudit, "v", false, "audit acceptable cases")
2165 flag.Parse()
2166
2167 acceptableComments = make(map[string]int)
2168 acceptableFlags = make(map[string]int)
2169
2170 tests := []struct {
2171 name string
2172 pattern string
2173 }{
2174 {"AES", "aes_[cg]*[^xv]_test.json"}, // Skip AES-EAX, AES-GCM-SIV and AES-SIV-CMAC.
2175 {"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},
2176 {"DSA", "dsa_test.json"},
2177 {"ECDH", "ecdh_[^w]*test.json"},
2178 {"ECDHWebCrypto", "ecdh_w*_test.json"},
2179 {"ECDSA", "ecdsa_[^w]*test.json"},
2180 {"ECDSAWebCrypto", "ecdsa_w*_test.json"},
2181 {"KW", "kw_test.json"},
2182 {"RSA", "rsa_*test.json"},
2183 {"X25519", "x25519_*test.json"},
2184 }
2185
2186 success := true
2187
2188 for _, test := range tests {
2189 webcrypto := test.name == "ECDSAWebCrypto" || test.name == "ECDHWebCrypto"
2190 tvs, err := filepath.Glob(filepath.Join(testVectorPath, test.pattern))
2191 if err != nil {
2192 log.Fatalf("Failed to glob %v test vectors: %v", test.name, err)
2193 }
2194 if len(tvs) == 0 {
2195 log.Fatalf("Failed to find %v test vectors at %q\n", test.name, testVectorPath)
2196 }
2197 for _, tv := range tvs {
2198 if !runTestVectors(tv, webcrypto) {
2199 success = false
2200 }
2201 }
2202 }
2203
2204 if acceptableAudit {
2205 printAcceptableStatistics()
2206 }
2207
2208 if !success {
2209 os.Exit(1)
2210 }
2211}
diff --git a/src/regress/lib/libcrypto/x509/Makefile b/src/regress/lib/libcrypto/x509/Makefile
deleted file mode 100644
index 106a9f2bf2..0000000000
--- a/src/regress/lib/libcrypto/x509/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/04/07 13:54:46 schwarze Exp $
2
3PROG= x509name
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -Wall -Werror
8
9REGRESS_TARGETS=regress-x509name
10CLEANFILES+= x509name.result
11
12regress-x509name: ${PROG}
13 ./${PROG} > x509name.result
14 diff -u ${.CURDIR}/x509name.expected x509name.result
15
16.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/x509/x509name.c b/src/regress/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 4ff8ac6908..0000000000
--- a/src/regress/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,59 +0,0 @@
1/* $OpenBSD: x509name.c,v 1.1 2018/04/07 13:54:46 schwarze Exp $ */
2/*
3 * Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include <openssl/x509.h>
22
23static void debug_print(X509_NAME *);
24
25static void
26debug_print(X509_NAME *name)
27{
28 int loc;
29
30 for (loc = 0; loc < X509_NAME_entry_count(name); loc++)
31 printf("%d:", X509_NAME_get_entry(name, loc)->set);
32 putchar(' ');
33 X509_NAME_print_ex_fp(stdout, name, 0, XN_FLAG_SEP_CPLUS_SPC);
34 putchar('\n');
35}
36
37int
38main(void)
39{
40 X509_NAME *name;
41
42 if ((name = X509_NAME_new()) == NULL)
43 err(1, NULL);
44 X509_NAME_add_entry_by_txt(name, "ST", MBSTRING_ASC,
45 "BaWue", -1, -1, 0);
46 X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
47 "KIT", -1, -1, 0);
48 debug_print(name);
49
50 X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC,
51 "Karlsruhe", -1, 1, 0);
52 debug_print(name);
53
54 X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
55 "DE", -1, 0, 1);
56 debug_print(name);
57
58 return 0;
59}
diff --git a/src/regress/lib/libcrypto/x509/x509name.expected b/src/regress/lib/libcrypto/x509/x509name.expected
deleted file mode 100644
index 6cee7cc435..0000000000
--- a/src/regress/lib/libcrypto/x509/x509name.expected
+++ /dev/null
@@ -1,3 +0,0 @@
10:1: ST=BaWue, O=KIT
20:1:2: ST=BaWue, L=Karlsruhe, O=KIT
30:0:1:2: C=DE + ST=BaWue, L=Karlsruhe, O=KIT
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 21:55:13 +0000