summaryrefslogtreecommitdiff
path: root/src/regress
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/regress/lib/libc/Makefile11
-rw-r--r--src/regress/lib/libc/arc4random-fork/arc4random-fork.c2
-rw-r--r--src/regress/lib/libc/explicit_bzero/explicit_bzero.c4
-rw-r--r--src/regress/lib/libc/hash/Makefile5
-rw-r--r--src/regress/lib/libc/hash/hash_test.c935
-rw-r--r--src/regress/lib/libc/illumos/Makefile7
-rw-r--r--src/regress/lib/libc/illumos/Makefile.inc9
-rw-r--r--src/regress/lib/libc/illumos/oclo/Makefile18
-rw-r--r--src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c15
-rw-r--r--src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c4
-rw-r--r--src/regress/lib/libc/stdio/Makefile29
-rw-r--r--src/regress/lib/libc/stdio/test___fpending.c58
-rw-r--r--src/regress/lib/libc/stdio/test___freadahead.c71
-rw-r--r--src/regress/lib/libc/stdio/test___freading.c125
-rw-r--r--src/regress/lib/libc/stdio/test___freadptr.c78
-rw-r--r--src/regress/lib/libc/stdio/test___fseterr.c60
-rw-r--r--src/regress/lib/libc/stdio/test___fwriting.c83
-rw-r--r--src/regress/lib/libc/stdio/test_fflush.c345
-rw-r--r--src/regress/lib/libc/stdio/test_ungetwc.c90
-rw-r--r--src/regress/lib/libc/time/time_conversion/timetest.c158
-rw-r--r--src/regress/lib/libcrypto/aes/aes_test.c303
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1time.c26
-rw-r--r--src/regress/lib/libcrypto/bio/bio_dump.c4
-rw-r--r--src/regress/lib/libcrypto/bn/bn_mul_div.c15
-rw-r--r--src/regress/lib/libcrypto/c2sp/Makefile13
-rw-r--r--src/regress/lib/libcrypto/certs/Makefile19
-rw-r--r--src/regress/lib/libcrypto/ec/Makefile9
-rw-r--r--src/regress/lib/libcrypto/ec/ec_arithmetic.c210
-rw-r--r--src/regress/lib/libcrypto/ec/ec_asn1_test.c378
-rw-r--r--src/regress/lib/libcrypto/ec/ectest.c9
-rw-r--r--src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c4
-rw-r--r--src/regress/lib/libcrypto/evp/evp_test.c82
-rw-r--r--src/regress/lib/libcrypto/free/Makefile6
-rw-r--r--src/regress/lib/libcrypto/free/freenull.c.head3
-rw-r--r--src/regress/lib/libcrypto/gcm128/gcm128test.c32
-rwxr-xr-xsrc/regress/lib/libcrypto/man/check_complete.pl11
-rw-r--r--src/regress/lib/libcrypto/md/Makefile18
-rw-r--r--src/regress/lib/libcrypto/md/md_test.c210
-rw-r--r--src/regress/lib/libcrypto/mlkem/Makefile4
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c180
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_tests.c297
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c213
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h63
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_unittest.c318
-rw-r--r--src/regress/lib/libcrypto/mlkem/parse_test_file.c13
-rw-r--r--src/regress/lib/libcrypto/rsa/rsa_method_test.c4
-rw-r--r--src/regress/lib/libcrypto/sha/Makefile8
-rw-r--r--src/regress/lib/libcrypto/sha/sha_test.c286
-rw-r--r--src/regress/lib/libcrypto/symbols/symbols.awk10
-rw-r--r--src/regress/lib/libcrypto/test/test.c226
-rw-r--r--src/regress/lib/libcrypto/test/test.h137
-rw-r--r--src/regress/lib/libcrypto/test/test_util.c51
-rw-r--r--src/regress/lib/libcrypto/wycheproof/Makefile12
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl4
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c23
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof.go751
-rw-r--r--src/regress/lib/libcrypto/x509/Makefile10
-rw-r--r--src/regress/lib/libcrypto/x509/bettertls/Makefile8
-rw-r--r--src/regress/lib/libcrypto/x509/x509_name_test.c123
-rw-r--r--src/regress/lib/libcrypto/x509/x509name.c62
-rw-r--r--src/regress/lib/libcrypto/x509/x509name.expected3
-rw-r--r--src/regress/lib/libssl/interop/Makefile4
-rw-r--r--src/regress/lib/libssl/interop/botan/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile17
-rw-r--r--src/regress/lib/libssl/interop/netcat/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/openssl33/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/openssl34/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/openssl35/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/session/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/version/Makefile12
-rw-r--r--src/regress/lib/libssl/openssl-ruby/Makefile23
-rw-r--r--src/regress/lib/libssl/pqueue/Makefile7
-rw-r--r--src/regress/lib/libssl/pqueue/expected.txt3
-rw-r--r--src/regress/lib/libssl/pqueue/pq_test.c95
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c41
-rw-r--r--src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py308
-rw-r--r--src/regress/lib/libtls/tls/tlstest.c139
78 files changed, 5170 insertions, 1912 deletions
diff --git a/src/regress/lib/libc/Makefile b/src/regress/lib/libc/Makefile
index 3cd970e49d..7a8db225ef 100644
--- a/src/regress/lib/libc/Makefile
+++ b/src/regress/lib/libc/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.59 2024/07/14 09:48:48 jca Exp $ 1# $OpenBSD: Makefile,v 1.62 2025/08/04 06:10:40 tb Exp $
2 2
3SUBDIR+= _setjmp 3SUBDIR+= _setjmp
4SUBDIR+= alloca arc4random-fork atexit 4SUBDIR+= alloca arc4random-fork atexit
@@ -9,8 +9,9 @@ SUBDIR+= elf_aux_info
9SUBDIR+= env explicit_bzero 9SUBDIR+= env explicit_bzero
10SUBDIR+= ffs fmemopen fnmatch fpclassify fread 10SUBDIR+= ffs fmemopen fnmatch fpclassify fread
11SUBDIR+= gcvt getaddrinfo getcap getopt getopt_long glob 11SUBDIR+= gcvt getaddrinfo getcap getopt getopt_long glob
12SUBDIR+= hash
12SUBDIR+= hsearch 13SUBDIR+= hsearch
13SUBDIR+= ieeefp ifnameindex 14SUBDIR+= ieeefp ifnameindex illumos
14SUBDIR+= ldexp locale longjmp 15SUBDIR+= ldexp locale longjmp
15SUBDIR+= malloc mkstemp modf 16SUBDIR+= malloc mkstemp modf
16SUBDIR+= netdb 17SUBDIR+= netdb
@@ -18,9 +19,9 @@ SUBDIR+= open_memstream orientation
18SUBDIR+= popen printf 19SUBDIR+= popen printf
19SUBDIR+= qsort 20SUBDIR+= qsort
20SUBDIR+= regex 21SUBDIR+= regex
21SUBDIR+= setjmp setjmp-signal sigsetjmp sigthr sleep sprintf stdio_threading 22SUBDIR+= setjmp setjmp-signal sigsetjmp sigthr sleep sprintf stdio
22SUBDIR+= stpncpy strchr strerror strlcat strlcpy strnlen strtod strtol strtonum 23SUBDIR+= stdio_threading stpncpy strchr strerror strlcat strlcpy strnlen
23SUBDIR+= sys 24SUBDIR+= strtod strtol strtonum sys
24SUBDIR+= telldir time timingsafe 25SUBDIR+= telldir time timingsafe
25SUBDIR+= uuid 26SUBDIR+= uuid
26SUBDIR+= vis 27SUBDIR+= vis
diff --git a/src/regress/lib/libc/arc4random-fork/arc4random-fork.c b/src/regress/lib/libc/arc4random-fork/arc4random-fork.c
index 4bc9c634f1..9b334945af 100644
--- a/src/regress/lib/libc/arc4random-fork/arc4random-fork.c
+++ b/src/regress/lib/libc/arc4random-fork/arc4random-fork.c
@@ -111,7 +111,7 @@ main(int argc, char *argv[])
111 } 111 }
112 112
113 if (flagprefork) 113 if (flagprefork)
114 arc4random(); 114 (void)arc4random();
115 115
116 bufparent = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE, 116 bufparent = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE,
117 MAP_ANON|MAP_PRIVATE, -1, 0); 117 MAP_ANON|MAP_PRIVATE, -1, 0);
diff --git a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c b/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
index 496bafb208..30c86290e8 100644
--- a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
+++ b/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: explicit_bzero.c,v 1.9 2022/02/10 08:39:32 tb Exp $ */ 1/* $OpenBSD: explicit_bzero.c,v 1.10 2025/05/31 15:31:40 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Google Inc. 3 * Copyright (c) 2014 Google Inc.
4 * 4 *
@@ -28,9 +28,11 @@
28 28
29#if defined(__has_feature) 29#if defined(__has_feature)
30#if __has_feature(address_sanitizer) 30#if __has_feature(address_sanitizer)
31#ifndef __SANITIZE_ADDRESS__
31#define __SANITIZE_ADDRESS__ 32#define __SANITIZE_ADDRESS__
32#endif 33#endif
33#endif 34#endif
35#endif
34#ifdef __SANITIZE_ADDRESS__ 36#ifdef __SANITIZE_ADDRESS__
35#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) 37#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
36#else 38#else
diff --git a/src/regress/lib/libc/hash/Makefile b/src/regress/lib/libc/hash/Makefile
new file mode 100644
index 0000000000..9bd69bf8df
--- /dev/null
+++ b/src/regress/lib/libc/hash/Makefile
@@ -0,0 +1,5 @@
1# $OpenBSD: Makefile,v 1.2 2025/04/14 18:33:56 tb Exp $
2
3PROG = hash_test
4
5.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/hash/hash_test.c b/src/regress/lib/libc/hash/hash_test.c
new file mode 100644
index 0000000000..c04a0458fe
--- /dev/null
+++ b/src/regress/lib/libc/hash/hash_test.c
@@ -0,0 +1,935 @@
1/* $OpenBSD: hash_test.c,v 1.3 2025/08/02 06:05:13 tb Exp $ */
2
3/*
4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <sys/types.h>
20
21#include <md5.h>
22#include <rmd160.h>
23#include <sha1.h>
24#include <sha2.h>
25#include <stdio.h>
26#include <string.h>
27
28#define MAX_DIGEST_LENGTH SHA512_DIGEST_LENGTH
29
30struct hash_test_case {
31 const char *in;
32 const uint8_t out[MAX_DIGEST_LENGTH];
33};
34
35enum {
36 hash_md5,
37 hash_rmd160,
38 hash_sha1,
39 hash_sha224,
40 hash_sha256,
41 hash_sha384,
42 hash_sha512,
43 hash_sha512_256,
44 NUM_HASHES,
45};
46
47/* RFC 1321, Appendix A.5 */
48static const struct hash_test_case md5_tests[] = {
49 {
50 .out = {
51 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
52 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
53 },
54 },
55 {
56 .in = "",
57 .out = {
58 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
59 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
60 },
61 },
62 {
63 .in = "a",
64 .out = {
65 0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
66 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61,
67 },
68 },
69 {
70 .in = "abc",
71 .out = {
72 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
73 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72,
74 },
75 },
76 {
77 .in = "message digest",
78 .out = {
79 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
80 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0,
81 },
82 },
83 {
84 .in = "abcdefghijklmnopqrstuvwxyz",
85 .out = {
86 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
87 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b,
88 },
89 },
90 {
91 .in = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
92 "abcdefghijklmnopqrstuvwxyz0123456789",
93 .out = {
94 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
95 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f,
96 },
97 },
98 {
99 .in = "1234567890123456789012345678901234567890"
100 "1234567890123456789012345678901234567890",
101 .out = {
102 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
103 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a,
104 },
105 },
106};
107
108#define N_MD5_TESTS (sizeof(md5_tests) / sizeof(md5_tests[0]))
109
110static void
111md5_init(void *ctx)
112{
113 MD5Init(ctx);
114}
115
116static void
117md5_update(void *ctx, const uint8_t *data, size_t len)
118{
119 MD5Update(ctx, data, len);
120}
121
122static void
123md5_final(void *digest, void *ctx)
124{
125 MD5Final(digest, ctx);
126}
127
128/* https://homes.esat.kuleuven.be/~bosselae/ripemd160.html */
129static const struct hash_test_case rmd160_tests[] = {
130 {
131 .out = {
132 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54,
133 0x61, 0x28, 0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48,
134 0xb2, 0x25, 0x8d, 0x31,
135 },
136 },
137 {
138 .in = "",
139 .out = {
140 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54,
141 0x61, 0x28, 0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48,
142 0xb2, 0x25, 0x8d, 0x31,
143 },
144 },
145 {
146 .in = "a",
147 .out = {
148 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9,
149 0xda, 0xae, 0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83,
150 0x5a, 0x46, 0x7f, 0xfe,
151 },
152 },
153 {
154 .in = "abc",
155 .out = {
156 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a,
157 0x9b, 0x04, 0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87,
158 0xf1, 0x5a, 0x0b, 0xfc,
159 },
160 },
161 {
162 .in = "message digest",
163 .out = {
164 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5,
165 0x72, 0xb8, 0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa,
166 0x21, 0x59, 0x5f, 0x36,
167 },
168 },
169 {
170 .in = "abcdefghijklmnopqrstuvwxyz",
171 .out = {
172 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b,
173 0x56, 0xbb, 0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65,
174 0xb3, 0x70, 0x8d, 0xbc,
175 },
176 },
177 {
178 .in = "abcdbcdecdefdefgefghfghighijhijkijkljkl"
179 "mklmnlmnomnopnopq",
180 .out = {
181 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88,
182 0xe4, 0x05, 0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a,
183 0xda, 0x62, 0xeb, 0x2b,
184 },
185 },
186 {
187 .in = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
188 "0123456789",
189 .out = {
190 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02,
191 0x86, 0xed, 0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79,
192 0xb2, 0x1f, 0x51, 0x89,
193 },
194 },
195 {
196 .in = "1234567890123456789012345678901234567890"
197 "1234567890123456789012345678901234567890",
198 .out = {
199 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39,
200 0xf4, 0xdb, 0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf,
201 0x63, 0x32, 0x6b, 0xfb,
202 },
203 },
204};
205
206#define N_RMD160_TESTS (sizeof(rmd160_tests) / sizeof(rmd160_tests[0]))
207
208static void
209rmd160_init(void *ctx)
210{
211 RMD160Init(ctx);
212}
213
214static void
215rmd160_update(void *ctx, const uint8_t *data, size_t len)
216{
217 RMD160Update(ctx, data, len);
218}
219
220static void
221rmd160_final(void *digest, void *ctx)
222{
223 RMD160Final(digest, ctx);
224}
225
226/* RFC 3174 - Appendix A (plus two zero-length tests) */
227static const struct hash_test_case sha1_tests[] = {
228 {
229 .out = {
230 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
231 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
232 0xaf, 0xd8, 0x07, 0x09,
233 },
234 },
235 {
236 .in = "",
237 .out = {
238 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
239 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
240 0xaf, 0xd8, 0x07, 0x09,
241 },
242 },
243 {
244 .in = "abc",
245 .out = {
246 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
247 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
248 0x9c, 0xd0, 0xd8, 0x9d,
249 },
250 },
251 {
252 .in = "abcdbcdecdefdefgefghfghighijhi"
253 "jkijkljklmklmnlmnomnopnopq",
254 .out = {
255 0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e,
256 0xba, 0xae, 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5,
257 0xe5, 0x46, 0x70, 0xf1,
258 },
259 },
260 {
261 .in = "0123456701234567012345670123456701234567012345670123456701234567"
262 "0123456701234567012345670123456701234567012345670123456701234567"
263 "0123456701234567012345670123456701234567012345670123456701234567"
264 "0123456701234567012345670123456701234567012345670123456701234567"
265 "0123456701234567012345670123456701234567012345670123456701234567"
266 "0123456701234567012345670123456701234567012345670123456701234567"
267 "0123456701234567012345670123456701234567012345670123456701234567"
268 "0123456701234567012345670123456701234567012345670123456701234567"
269 "0123456701234567012345670123456701234567012345670123456701234567"
270 "0123456701234567012345670123456701234567012345670123456701234567",
271 .out = {
272 0xde, 0xa3, 0x56, 0xa2, 0xcd, 0xdd, 0x90, 0xc7,
273 0xa7, 0xec, 0xed, 0xc5, 0xeb, 0xb5, 0x63, 0x93,
274 0x4f, 0x46, 0x04, 0x52,
275 },
276 },
277};
278
279#define N_SHA1_TESTS (sizeof(sha1_tests) / sizeof(sha1_tests[0]))
280
281static void
282sha1_init(void *ctx)
283{
284 SHA1Init(ctx);
285}
286
287static void
288sha1_update(void *ctx, const uint8_t *data, size_t len)
289{
290 SHA1Update(ctx, data, len);
291}
292
293static void
294sha1_final(void *digest, void *ctx)
295{
296 SHA1Final(digest, ctx);
297}
298
299static const struct hash_test_case sha224_tests[] = {
300 {
301 .out = {
302 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
303 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
304 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
305 0xc5, 0xb3, 0xe4, 0x2f,
306 },
307 },
308 {
309 .in = "",
310 .out = {
311 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
312 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
313 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
314 0xc5, 0xb3, 0xe4, 0x2f,
315 },
316 },
317 {
318 .in = "abc",
319 .out = {
320 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22,
321 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3,
322 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
323 0xe3, 0x6c, 0x9d, 0xa7,
324 },
325 },
326 {
327 .in = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
328 .out = {
329 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc,
330 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50,
331 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
332 0x52, 0x52, 0x25, 0x25,
333 },
334 },
335 {
336 .in = "0123456701234567012345670123456701234567012345670123456701234567"
337 "0123456701234567012345670123456701234567012345670123456701234567"
338 "0123456701234567012345670123456701234567012345670123456701234567"
339 "0123456701234567012345670123456701234567012345670123456701234567"
340 "0123456701234567012345670123456701234567012345670123456701234567"
341 "0123456701234567012345670123456701234567012345670123456701234567"
342 "0123456701234567012345670123456701234567012345670123456701234567"
343 "0123456701234567012345670123456701234567012345670123456701234567"
344 "0123456701234567012345670123456701234567012345670123456701234567"
345 "0123456701234567012345670123456701234567012345670123456701234567",
346 .out = {
347 0x56, 0x7f, 0x69, 0xf1, 0x68, 0xcd, 0x78, 0x44,
348 0xe6, 0x52, 0x59, 0xce, 0x65, 0x8f, 0xe7, 0xaa,
349 0xdf, 0xa2, 0x52, 0x16, 0xe6, 0x8e, 0xca, 0x0e,
350 0xb7, 0xab, 0x82, 0x62,
351 },
352 },
353 {
354 .in = "\x07",
355 .out = {
356 0x00, 0xec, 0xd5, 0xf1, 0x38, 0x42, 0x2b, 0x8a,
357 0xd7, 0x4c, 0x97, 0x99, 0xfd, 0x82, 0x6c, 0x53,
358 0x1b, 0xad, 0x2f, 0xca, 0xbc, 0x74, 0x50, 0xbe,
359 0xe2, 0xaa, 0x8c, 0x2a,
360 },
361 },
362};
363
364#define N_SHA224_TESTS (sizeof(sha224_tests) / sizeof(sha224_tests[0]))
365
366static void
367sha224_init(void *ctx)
368{
369 SHA224Init(ctx);
370}
371
372static void
373sha224_update(void *ctx, const uint8_t *data, size_t len)
374{
375 SHA224Update(ctx, data, len);
376}
377
378static void
379sha224_final(void *digest, void *ctx)
380{
381 SHA224Final(digest, ctx);
382}
383
384static const struct hash_test_case sha256_tests[] = {
385 {
386 .out = {
387 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
388 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
389 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
390 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
391 },
392 },
393 {
394 .in = "",
395 .out = {
396 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
397 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
398 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
399 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
400 },
401 },
402 {
403 .in = "abc",
404 .out = {
405 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
406 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
407 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
408 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD,
409 },
410 },
411 {
412 .in = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
413 .out = {
414 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
415 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
416 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
417 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1,
418 },
419 },
420 {
421 .in = "0123456701234567012345670123456701234567012345670123456701234567"
422 "0123456701234567012345670123456701234567012345670123456701234567"
423 "0123456701234567012345670123456701234567012345670123456701234567"
424 "0123456701234567012345670123456701234567012345670123456701234567"
425 "0123456701234567012345670123456701234567012345670123456701234567"
426 "0123456701234567012345670123456701234567012345670123456701234567"
427 "0123456701234567012345670123456701234567012345670123456701234567"
428 "0123456701234567012345670123456701234567012345670123456701234567"
429 "0123456701234567012345670123456701234567012345670123456701234567"
430 "0123456701234567012345670123456701234567012345670123456701234567",
431 .out = {
432 0x59, 0x48, 0x47, 0x32, 0x84, 0x51, 0xBD, 0xFA,
433 0x85, 0x05, 0x62, 0x25, 0x46, 0x2C, 0xC1, 0xD8,
434 0x67, 0xD8, 0x77, 0xFB, 0x38, 0x8D, 0xF0, 0xCE,
435 0x35, 0xF2, 0x5A, 0xB5, 0x56, 0x2B, 0xFB, 0xB5,
436 },
437 },
438 {
439 .in = "\x19",
440 .out = {
441 0x68, 0xaa, 0x2e, 0x2e, 0xe5, 0xdf, 0xf9, 0x6e,
442 0x33, 0x55, 0xe6, 0xc7, 0xee, 0x37, 0x3e, 0x3d,
443 0x6a, 0x4e, 0x17, 0xf7, 0x5f, 0x95, 0x18, 0xd8,
444 0x43, 0x70, 0x9c, 0x0c, 0x9b, 0xc3, 0xe3, 0xd4,
445 },
446 },
447};
448
449#define N_SHA256_TESTS (sizeof(sha256_tests) / sizeof(sha256_tests[0]))
450
451static void
452sha256_init(void *ctx)
453{
454 SHA256Init(ctx);
455}
456
457static void
458sha256_update(void *ctx, const uint8_t *data, size_t len)
459{
460 SHA256Update(ctx, data, len);
461}
462
463static void
464sha256_final(void *digest, void *ctx)
465{
466 SHA256Final(digest, ctx);
467}
468
469static const struct hash_test_case sha384_tests[] = {
470 {
471 .out = {
472 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
473 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
474 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
475 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
476 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
477 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b,
478 },
479 },
480 {
481 .in = "",
482 .out = {
483 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
484 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
485 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
486 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
487 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
488 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b,
489 },
490 },
491 {
492 .in = "abc",
493 .out = {
494 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
495 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
496 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
497 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
498 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
499 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7,
500 },
501 },
502 {
503 .in = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
504 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
505 .out = {
506 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
507 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
508 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
509 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
510 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
511 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39,
512 },
513 },
514 {
515 .in = "0123456701234567012345670123456701234567012345670123456701234567"
516 "0123456701234567012345670123456701234567012345670123456701234567"
517 "0123456701234567012345670123456701234567012345670123456701234567"
518 "0123456701234567012345670123456701234567012345670123456701234567"
519 "0123456701234567012345670123456701234567012345670123456701234567"
520 "0123456701234567012345670123456701234567012345670123456701234567"
521 "0123456701234567012345670123456701234567012345670123456701234567"
522 "0123456701234567012345670123456701234567012345670123456701234567"
523 "0123456701234567012345670123456701234567012345670123456701234567"
524 "0123456701234567012345670123456701234567012345670123456701234567",
525 .out = {
526 0x2f, 0xc6, 0x4a, 0x4f, 0x50, 0x0d, 0xdb, 0x68,
527 0x28, 0xf6, 0xa3, 0x43, 0x0b, 0x8d, 0xd7, 0x2a,
528 0x36, 0x8e, 0xb7, 0xf3, 0xa8, 0x32, 0x2a, 0x70,
529 0xbc, 0x84, 0x27, 0x5b, 0x9c, 0x0b, 0x3a, 0xb0,
530 0x0d, 0x27, 0xa5, 0xcc, 0x3c, 0x2d, 0x22, 0x4a,
531 0xa6, 0xb6, 0x1a, 0x0d, 0x79, 0xfb, 0x45, 0x96,
532 },
533 },
534 {
535 .in = "\xb9",
536 .out = {
537 0xbc, 0x80, 0x89, 0xa1, 0x90, 0x07, 0xc0, 0xb1,
538 0x41, 0x95, 0xf4, 0xec, 0xc7, 0x40, 0x94, 0xfe,
539 0xc6, 0x4f, 0x01, 0xf9, 0x09, 0x29, 0x28, 0x2c,
540 0x2f, 0xb3, 0x92, 0x88, 0x15, 0x78, 0x20, 0x8a,
541 0xd4, 0x66, 0x82, 0x8b, 0x1c, 0x6c, 0x28, 0x3d,
542 0x27, 0x22, 0xcf, 0x0a, 0xd1, 0xab, 0x69, 0x38,
543 },
544 },
545};
546
547#define N_SHA384_TESTS (sizeof(sha384_tests) / sizeof(sha384_tests[0]))
548
549static void
550sha384_init(void *ctx)
551{
552 SHA384Init(ctx);
553}
554
555static void
556sha384_update(void *ctx, const uint8_t *data, size_t len)
557{
558 SHA384Update(ctx, data, len);
559}
560
561static void
562sha384_final(void *digest, void *ctx)
563{
564 SHA384Final(digest, ctx);
565}
566
567static const struct hash_test_case sha512_tests[] = {
568 {
569 .out = {
570 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
571 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
572 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
573 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
574 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
575 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
576 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
577 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e,
578 },
579 },
580 {
581 .in = "",
582 .out = {
583 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
584 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
585 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
586 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
587 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
588 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
589 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
590 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e,
591 },
592 },
593 {
594 .in = "abc",
595 .out = {
596 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
597 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
598 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
599 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
600 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
601 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
602 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
603 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f,
604 },
605 },
606 {
607 .in = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
608 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
609 .out = {
610 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
611 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
612 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
613 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
614 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
615 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
616 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
617 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09,
618 },
619 },
620 {
621 .in = "0123456701234567012345670123456701234567012345670123456701234567"
622 "0123456701234567012345670123456701234567012345670123456701234567"
623 "0123456701234567012345670123456701234567012345670123456701234567"
624 "0123456701234567012345670123456701234567012345670123456701234567"
625 "0123456701234567012345670123456701234567012345670123456701234567"
626 "0123456701234567012345670123456701234567012345670123456701234567"
627 "0123456701234567012345670123456701234567012345670123456701234567"
628 "0123456701234567012345670123456701234567012345670123456701234567"
629 "0123456701234567012345670123456701234567012345670123456701234567"
630 "0123456701234567012345670123456701234567012345670123456701234567",
631 .out = {
632 0x89, 0xd0, 0x5b, 0xa6, 0x32, 0xc6, 0x99, 0xc3,
633 0x12, 0x31, 0xde, 0xd4, 0xff, 0xc1, 0x27, 0xd5,
634 0xa8, 0x94, 0xda, 0xd4, 0x12, 0xc0, 0xe0, 0x24,
635 0xdb, 0x87, 0x2d, 0x1a, 0xbd, 0x2b, 0xa8, 0x14,
636 0x1a, 0x0f, 0x85, 0x07, 0x2a, 0x9b, 0xe1, 0xe2,
637 0xaa, 0x04, 0xcf, 0x33, 0xc7, 0x65, 0xcb, 0x51,
638 0x08, 0x13, 0xa3, 0x9c, 0xd5, 0xa8, 0x4c, 0x4a,
639 0xca, 0xa6, 0x4d, 0x3f, 0x3f, 0xb7, 0xba, 0xe9,
640 },
641 },
642 {
643 .in = "\xd0",
644 .out = {
645 0x99, 0x92, 0x20, 0x29, 0x38, 0xe8, 0x82, 0xe7,
646 0x3e, 0x20, 0xf6, 0xb6, 0x9e, 0x68, 0xa0, 0xa7,
647 0x14, 0x90, 0x90, 0x42, 0x3d, 0x93, 0xc8, 0x1b,
648 0xab, 0x3f, 0x21, 0x67, 0x8d, 0x4a, 0xce, 0xee,
649 0xe5, 0x0e, 0x4e, 0x8c, 0xaf, 0xad, 0xa4, 0xc8,
650 0x5a, 0x54, 0xea, 0x83, 0x06, 0x82, 0x6c, 0x4a,
651 0xd6, 0xe7, 0x4c, 0xec, 0xe9, 0x63, 0x1b, 0xfa,
652 0x8a, 0x54, 0x9b, 0x4a, 0xb3, 0xfb, 0xba, 0x15,
653 },
654 },
655};
656
657#define N_SHA512_TESTS (sizeof(sha512_tests) / sizeof(sha512_tests[0]))
658
659static void
660sha512_init(void *ctx)
661{
662 SHA512Init(ctx);
663}
664
665static void
666sha512_update(void *ctx, const uint8_t *data, size_t len)
667{
668 SHA512Update(ctx, data, len);
669}
670
671static void
672sha512_final(void *digest, void *ctx)
673{
674 SHA512Final(digest, ctx);
675}
676
677static const struct hash_test_case sha512_256_tests[] = {
678 {
679 .out = {
680 0xc6, 0x72, 0xb8, 0xd1, 0xef, 0x56, 0xed, 0x28,
681 0xab, 0x87, 0xc3, 0x62, 0x2c, 0x51, 0x14, 0x06,
682 0x9b, 0xdd, 0x3a, 0xd7, 0xb8, 0xf9, 0x73, 0x74,
683 0x98, 0xd0, 0xc0, 0x1e, 0xce, 0xf0, 0x96, 0x7a,
684 },
685 },
686 {
687 .in = "",
688 .out = {
689 0xc6, 0x72, 0xb8, 0xd1, 0xef, 0x56, 0xed, 0x28,
690 0xab, 0x87, 0xc3, 0x62, 0x2c, 0x51, 0x14, 0x06,
691 0x9b, 0xdd, 0x3a, 0xd7, 0xb8, 0xf9, 0x73, 0x74,
692 0x98, 0xd0, 0xc0, 0x1e, 0xce, 0xf0, 0x96, 0x7a,
693 },
694 },
695 {
696 .in = "abc",
697 .out = {
698 0x53, 0x04, 0x8e, 0x26, 0x81, 0x94, 0x1e, 0xf9,
699 0x9b, 0x2e, 0x29, 0xb7, 0x6b, 0x4c, 0x7d, 0xab,
700 0xe4, 0xc2, 0xd0, 0xc6, 0x34, 0xfc, 0x6d, 0x46,
701 0xe0, 0xe2, 0xf1, 0x31, 0x07, 0xe7, 0xaf, 0x23,
702 },
703 },
704 {
705 .in = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
706 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
707 .out = {
708 0x39, 0x28, 0xe1, 0x84, 0xfb, 0x86, 0x90, 0xf8,
709 0x40, 0xda, 0x39, 0x88, 0x12, 0x1d, 0x31, 0xbe,
710 0x65, 0xcb, 0x9d, 0x3e, 0xf8, 0x3e, 0xe6, 0x14,
711 0x6f, 0xea, 0xc8, 0x61, 0xe1, 0x9b, 0x56, 0x3a,
712 },
713 },
714 {
715 .in = "0123456701234567012345670123456701234567012345670123456701234567"
716 "0123456701234567012345670123456701234567012345670123456701234567"
717 "0123456701234567012345670123456701234567012345670123456701234567"
718 "0123456701234567012345670123456701234567012345670123456701234567"
719 "0123456701234567012345670123456701234567012345670123456701234567"
720 "0123456701234567012345670123456701234567012345670123456701234567"
721 "0123456701234567012345670123456701234567012345670123456701234567"
722 "0123456701234567012345670123456701234567012345670123456701234567"
723 "0123456701234567012345670123456701234567012345670123456701234567"
724 "0123456701234567012345670123456701234567012345670123456701234567",
725 .out = {
726 0xcf, 0x78, 0xe4, 0xba, 0x93, 0x5b, 0x4d, 0x9e,
727 0xb9, 0x10, 0x52, 0xae, 0xdd, 0xf8, 0xe2, 0xd6,
728 0x06, 0xc5, 0x90, 0xf7, 0x08, 0x57, 0x36, 0x93,
729 0xea, 0x94, 0xbe, 0x82, 0x6a, 0x66, 0x6e, 0xe4,
730 },
731 },
732};
733
734#define N_SHA512_256_TESTS (sizeof(sha512_256_tests) / sizeof(sha512_256_tests[0]))
735
736static void
737sha512_256_init(void *ctx)
738{
739 SHA512_256Init(ctx);
740}
741
742static void
743sha512_256_update(void *ctx, const uint8_t *data, size_t len)
744{
745 SHA512_256Update(ctx, data, len);
746}
747
748static void
749sha512_256_final(void *digest, void *ctx)
750{
751 SHA512_256Final(digest, ctx);
752}
753
754struct hash_ctx {
755 uint8_t *digest;
756 size_t digest_len;
757 void *ctx;
758 void (*init)(void *);
759 void (*update)(void *, const uint8_t *, size_t);
760 void (*final)(void *, void *);
761};
762
763static const struct hash_tests {
764 const char *name;
765 size_t num_tests;
766 const struct hash_test_case *tests;
767} hash_tests[] = {
768 [hash_md5] = {
769 .name = "RFC 1321 MD5",
770 .num_tests = N_MD5_TESTS,
771 .tests = md5_tests,
772 },
773 [hash_rmd160] = {
774 .name = "Bosselaers RMD160",
775 .num_tests = N_RMD160_TESTS,
776 .tests = rmd160_tests,
777 },
778 [hash_sha1] = {
779 .name = "RFC 3174 SHA1",
780 .num_tests = N_SHA1_TESTS,
781 .tests = sha1_tests,
782 },
783 [hash_sha224] = {
784 .name = "RFC 6234 SHA224",
785 .num_tests = N_SHA224_TESTS,
786 .tests = sha224_tests,
787 },
788 [hash_sha256] = {
789 .name = "RFC 6234 SHA256",
790 .num_tests = N_SHA256_TESTS,
791 .tests = sha256_tests,
792 },
793 [hash_sha384] = {
794 .name = "RFC 6234 SHA384",
795 .num_tests = N_SHA384_TESTS,
796 .tests = sha384_tests,
797 },
798 [hash_sha512] = {
799 .name = "RFC 6234 SHA512",
800 .num_tests = N_SHA512_TESTS,
801 .tests = sha512_tests,
802 },
803 [hash_sha512_256] = {
804 .name = "RFC 6234 SHA512_256 (generated)",
805 .num_tests = N_SHA512_256_TESTS,
806 .tests = sha512_256_tests,
807 },
808};
809
810static int
811hash_test_case(struct hash_ctx *ctx, const struct hash_test_case *tc,
812 const char *name, size_t testno)
813{
814 size_t in_len = tc->in != NULL ? strlen(tc->in) : 0;
815
816 ctx->init(ctx->ctx);
817 ctx->update(ctx->ctx, (const uint8_t *)tc->in, in_len);
818 ctx->final(ctx->digest, ctx->ctx);
819
820 if (memcmp(tc->out, ctx->digest, ctx->digest_len) != 0) {
821 fprintf(stderr, "FAIL: %s test %zu\n", name, testno);
822 return 1;
823 }
824
825 return 0;
826}
827
828static int
829hash_test(struct hash_ctx *ctx, const struct hash_tests *tests)
830{
831 size_t i;
832 int failed = 0;
833
834 for (i = 0; i < tests->num_tests; i++) {
835 const struct hash_test_case *tc = &tests->tests[i];
836
837 failed |= hash_test_case(ctx, tc, tests->name, i);
838 }
839
840 return failed;
841}
842
843int
844main(void)
845{
846 uint8_t md5_digest[MD5_DIGEST_LENGTH];
847 uint8_t rmd160_digest[RMD160_DIGEST_LENGTH];
848 uint8_t sha1_digest[SHA1_DIGEST_LENGTH];
849 uint8_t sha224_digest[SHA224_DIGEST_LENGTH];
850 uint8_t sha256_digest[SHA256_DIGEST_LENGTH];
851 uint8_t sha384_digest[SHA384_DIGEST_LENGTH];
852 uint8_t sha512_digest[SHA512_DIGEST_LENGTH];
853 uint8_t sha512_256_digest[SHA512_256_DIGEST_LENGTH];
854 MD5_CTX md5_ctx;
855 RMD160_CTX rmd160_ctx;
856 SHA1_CTX sha1_ctx;
857 SHA2_CTX sha224_ctx;
858 SHA2_CTX sha256_ctx;
859 SHA2_CTX sha384_ctx;
860 SHA2_CTX sha512_ctx;
861 SHA2_CTX sha512_256_ctx;
862 struct hash_ctx ctx[] = {
863 [hash_md5] = {
864 .digest = md5_digest,
865 .digest_len = sizeof(md5_digest),
866 .ctx = &md5_ctx,
867 .init = md5_init,
868 .update = md5_update,
869 .final = md5_final,
870 },
871 [hash_rmd160] = {
872 .digest = rmd160_digest,
873 .digest_len = sizeof(rmd160_digest),
874 .ctx = &rmd160_ctx,
875 .init = rmd160_init,
876 .update = rmd160_update,
877 .final = rmd160_final,
878 },
879 [hash_sha1] = {
880 .digest = sha1_digest,
881 .digest_len = sizeof(sha1_digest),
882 .ctx = &sha1_ctx,
883 .init = sha1_init,
884 .update = sha1_update,
885 .final = sha1_final,
886 },
887 [hash_sha224] = {
888 .digest = sha224_digest,
889 .digest_len = sizeof(sha224_digest),
890 .ctx = &sha224_ctx,
891 .init = sha224_init,
892 .update = sha224_update,
893 .final = sha224_final,
894 },
895 [hash_sha256] = {
896 .digest = sha256_digest,
897 .digest_len = sizeof(sha256_digest),
898 .ctx = &sha256_ctx,
899 .init = sha256_init,
900 .update = sha256_update,
901 .final = sha256_final,
902 },
903 [hash_sha384] = {
904 .digest = sha384_digest,
905 .digest_len = sizeof(sha384_digest),
906 .ctx = &sha384_ctx,
907 .init = sha384_init,
908 .update = sha384_update,
909 .final = sha384_final,
910 },
911 [hash_sha512] = {
912 .digest = sha512_digest,
913 .digest_len = sizeof(sha512_digest),
914 .ctx = &sha512_ctx,
915 .init = sha512_init,
916 .update = sha512_update,
917 .final = sha512_final,
918 },
919 [hash_sha512_256] = {
920 .digest = sha512_256_digest,
921 .digest_len = sizeof(sha512_256_digest),
922 .ctx = &sha512_256_ctx,
923 .init = sha512_256_init,
924 .update = sha512_256_update,
925 .final = sha512_256_final,
926 },
927 };
928 int i;
929 int failed = 0;
930
931 for (i = 0; i < NUM_HASHES; i++)
932 failed |= hash_test(&ctx[i], &hash_tests[i]);
933
934 return failed;
935}
diff --git a/src/regress/lib/libc/illumos/Makefile b/src/regress/lib/libc/illumos/Makefile
new file mode 100644
index 0000000000..cf2d22eb44
--- /dev/null
+++ b/src/regress/lib/libc/illumos/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2025/08/02 06:16:34 tb Exp $
2
3SUBDIR += oclo
4
5install:
6
7.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libc/illumos/Makefile.inc b/src/regress/lib/libc/illumos/Makefile.inc
new file mode 100644
index 0000000000..4296b6e690
--- /dev/null
+++ b/src/regress/lib/libc/illumos/Makefile.inc
@@ -0,0 +1,9 @@
1# $OpenBSD: Makefile.inc,v 1.1.1.1 2025/08/02 06:16:34 tb Exp $
2
3ILLUMOS_OS_TESTDIR = /usr/local/share/illumos-os-tests
4
5.if !exists(${ILLUMOS_OS_TESTDIR})
6regress:
7 @echo package illumos-os-tests is required for this regress
8 @echo SKIPPED
9.endif
diff --git a/src/regress/lib/libc/illumos/oclo/Makefile b/src/regress/lib/libc/illumos/oclo/Makefile
new file mode 100644
index 0000000000..284e49dc73
--- /dev/null
+++ b/src/regress/lib/libc/illumos/oclo/Makefile
@@ -0,0 +1,18 @@
1# $OpenBSD: Makefile,v 1.2 2025/08/09 18:17:42 anton Exp $
2
3.if exists(/usr/local/share/illumos-os-tests)
4
5PROGS = oclo
6PROGS += oclo_errors
7PROGS += ocloexec_verify
8
9LDADD_ocloexec_verify = -lkvm
10
11WARNINGS = yes
12
13regress: ${PROGS}
14
15.PATH: /usr/local/share/illumos-os-tests/tests/oclo
16.endif
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c b/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c
index 486c247f0d..57d799f49d 100644
--- a/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c
+++ b/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: malloc_errs.c,v 1.5 2024/04/14 17:47:41 otto Exp $ */ 1/* $OpenBSD: malloc_errs.c,v 1.6 2025/05/24 06:40:29 otto Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Otto Moerbeek <otto@drijf.net> 3 * Copyright (c) 2023 Otto Moerbeek <otto@drijf.net>
4 * 4 *
@@ -286,11 +286,10 @@ int main(int argc, char *argv[])
286 int i, status; 286 int i, status;
287 pid_t pid; 287 pid_t pid;
288 char num[10]; 288 char num[10];
289 char options[10]; 289 char options[40];
290 extern char* malloc_options; 290 char const *env[2];
291 291
292 if (argc == 3) { 292 if (argc == 2) {
293 malloc_options = argv[2];
294 /* prevent coredumps */ 293 /* prevent coredumps */
295 setrlimit(RLIMIT_CORE, &lim); 294 setrlimit(RLIMIT_CORE, &lim);
296 i = atoi(argv[1]); 295 i = atoi(argv[1]);
@@ -303,9 +302,11 @@ int main(int argc, char *argv[])
303 pid = fork(); 302 pid = fork();
304 switch (pid) { 303 switch (pid) {
305 case 0: 304 case 0:
306 snprintf(options, sizeof(options), "us%s", tests[i].flags); 305 snprintf(options, sizeof(options), "MALLOC_OPTIONS=us%s", tests[i].flags);
307 snprintf(num, sizeof(num), "%d", i); 306 snprintf(num, sizeof(num), "%d", i);
308 execl(argv[0], argv[0], num, options, NULL); 307 env[0] = options;
308 env[1] = NULL;
309 execle(argv[0], argv[0], num, NULL, env);
309 err(1, "exec"); 310 err(1, "exec");
310 break; 311 break;
311 case -1: 312 case -1:
diff --git a/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c b/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c
index 799d2b9117..7e53c32dbc 100644
--- a/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c
+++ b/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: malloc_ulimit1.c,v 1.5 2019/06/12 11:31:36 bluhm Exp $ */ 1/* $OpenBSD: malloc_ulimit1.c,v 1.6 2025/05/24 06:47:27 otto Exp $ */
2 2
3/* Public Domain, 2006, Otto Moerbeek <otto@drijf.net> */ 3/* Public Domain, 2006, Otto Moerbeek <otto@drijf.net> */
4 4
@@ -23,7 +23,7 @@
23#define FACTOR 1024 23#define FACTOR 1024
24 24
25/* This test takes forever with junking turned on. */ 25/* This test takes forever with junking turned on. */
26char *malloc_options = "jj"; 26const char * const malloc_options = "jj";
27 27
28int 28int
29main() 29main()
diff --git a/src/regress/lib/libc/stdio/Makefile b/src/regress/lib/libc/stdio/Makefile
new file mode 100644
index 0000000000..f1e980f688
--- /dev/null
+++ b/src/regress/lib/libc/stdio/Makefile
@@ -0,0 +1,29 @@
1# $OpenBSD: Makefile,v 1.4 2025/06/03 14:35:27 yasuoka Exp $
2
3PROGS= test_fflush
4CLEANFILES= test_fflush.tmp
5
6PROGS+= test_ungetwc
7CLEANFILES+= test_ungetwc.tmp
8
9PROGS+= test___freading
10CLEANFILES+= test___freading.tmp
11
12PROGS+= test___fwriting
13CLEANFILES+= test___fwriting.tmp
14
15PROGS+= test___fpending
16CLEANFILES+= test___fpending.tmp
17
18PROGS+= test___freadahead
19CLEANFILES+= test___freadahead.tmp
20
21PROGS+= test___freadptr
22CLEANFILES+= test___freadptr.tmp
23
24PROGS+= test___fseterr
25CLEANFILES+= test___fseterr.tmp
26
27WARNINGS= yes
28
29.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/stdio/test___fpending.c b/src/regress/lib/libc/stdio/test___fpending.c
new file mode 100644
index 0000000000..96ace2e481
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___fpending.c
@@ -0,0 +1,58 @@
1/* $OpenBSD: test___fpending.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23
24/* we use assert() */
25#undef NDEBUG
26
27#define TMPFILENAME "test___fpending.tmp"
28
29void test___fpending0(void);
30
31void
32test___fpending0(void)
33{
34 FILE *fp;
35 int r;
36 size_t s;
37
38 fp = fopen(TMPFILENAME, "w");
39 assert(fp != NULL);
40 r = fputs("Hello world", fp);
41 assert(r >= 0);
42 s = __fpending(fp);
43 assert(s > 0); /* assume buffered */
44 r = fflush(fp);
45 assert(r == 0);
46 s = __fpending(fp);
47 assert(s == 0); /* buffer must be 0 */
48 r = fclose(fp);
49 assert(r == 0);
50}
51
52int
53main(int argc, char *argv[])
54{
55 test___fpending0();
56
57 exit(0);
58}
diff --git a/src/regress/lib/libc/stdio/test___freadahead.c b/src/regress/lib/libc/stdio/test___freadahead.c
new file mode 100644
index 0000000000..66d5e3492a
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___freadahead.c
@@ -0,0 +1,71 @@
1/* $OpenBSD: test___freadahead.c,v 1.2 2025/06/03 14:35:27 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <errno.h>
21#include <stdio.h>
22#include <stdio_ext.h>
23#include <stdlib.h>
24
25/* we use assert() */
26#undef NDEBUG
27
28#define TMPFILENAME "test___freadahead.tmp"
29
30void test___freadahead0(void);
31
32void
33test___freadahead0(void)
34{
35 FILE *fp;
36 int r;
37 size_t s;
38
39 fp = fopen(TMPFILENAME, "w");
40 assert(fp != NULL);
41 r = fputs("Hello world", fp);
42 assert(r >= 0);
43 r = fclose(fp);
44
45 fp = fopen(TMPFILENAME, "r");
46 s = __freadahead(fp);
47 assert(s == 0);
48 assert(fgetc(fp) == 'H');
49 s = __freadahead(fp);
50 assert(s == 10);
51 r = fflush(fp);
52#if 0
53 /* fflush() to reading file is not supported (yet) */
54 assert(errno == EBADF);
55#else
56 assert(r == 0);
57 s = __freadahead(fp);
58 assert(s == 0);
59#endif
60
61 r = fclose(fp);
62 assert(r == 0);
63}
64
65int
66main(int argc, char *argv[])
67{
68 test___freadahead0();
69
70 exit(0);
71}
diff --git a/src/regress/lib/libc/stdio/test___freading.c b/src/regress/lib/libc/stdio/test___freading.c
new file mode 100644
index 0000000000..f74eb78d35
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___freading.c
@@ -0,0 +1,125 @@
1/* $OpenBSD: test___freading.c,v 1.2 2025/06/12 07:39:26 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23#include <string.h>
24#include <unistd.h>
25
26/* we use assert() */
27#undef NDEBUG
28
29#define TMPFILENAME "test___freading.tmp"
30
31void setup(void);
32
33void test___freading0(void);
34void test___freading1(void);
35void test___freading2(void);
36
37void
38setup(void)
39{
40 FILE *fp;
41
42 /* common setup */
43 unlink(TMPFILENAME);
44 fp = fopen(TMPFILENAME, "w+");
45 assert(fp != NULL);
46 fputs("Hello world\n", fp);
47 fclose(fp);
48}
49
50void
51test___freading0(void)
52{
53 FILE *fp;
54 int r;
55 char buf[80];
56
57 fp = popen("echo Hello world", "r");
58 assert(fp != NULL);
59 assert(__freading(fp) != 0);
60 assert(fgets(buf, sizeof(buf), fp) != NULL);
61 assert(strcmp(buf, "Hello world\n") == 0);
62 r = pclose(fp);
63 assert(r == 0);
64}
65
66void
67test___freading1(void)
68{
69 FILE *fp;
70 int r;
71
72 /* when the last operaiton is read, __freading() returns true */
73 fp = fopen(TMPFILENAME, "w+");
74 assert(fp != NULL);
75 assert(__freading(fp) == 0);
76 r = fputs("Hello world\n", fp);
77 assert(r >= 0);
78 assert(__freading(fp) == 0);
79 rewind(fp);
80 assert(fgetc(fp) == 'H');
81 assert(__freading(fp) != 0);
82 /* write */
83 fseek(fp, 0, SEEK_END);
84 r = fputs("\n", fp);
85 assert(__freading(fp) == 0);
86 /* ungetc */
87 rewind(fp);
88 assert(ungetc('X', fp) != 0);
89 assert(__freading(fp) != 0); /* reading */
90
91 r = fclose(fp);
92 assert(r == 0);
93}
94
95void
96test___freading2(void)
97{
98 int r;
99 FILE *fp;
100
101 /*
102 * until v1.10 of fpurge.c mistakenly enables the writing buffer
103 * without _SRD flag set.
104 */
105 fp = fopen(TMPFILENAME, "r+");
106 assert(fp != NULL);
107 assert(fgetc(fp) == 'H');
108 fpurge(fp);
109 fseek(fp, 0, SEEK_CUR);
110 assert(fputc('X', fp) == 'X');
111 assert(__freading(fp) == 0);
112
113 r = fclose(fp);
114 assert(r == 0);
115}
116
117int
118main(int argc, char *argv[])
119{
120 test___freading0();
121 test___freading1();
122 test___freading2();
123
124 exit(0);
125}
diff --git a/src/regress/lib/libc/stdio/test___freadptr.c b/src/regress/lib/libc/stdio/test___freadptr.c
new file mode 100644
index 0000000000..cce362f2ae
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___freadptr.c
@@ -0,0 +1,78 @@
1/* $OpenBSD: test___freadptr.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <sys/types.h>
20#include <assert.h>
21#include <stdio.h>
22#include <stdio_ext.h>
23#include <stdlib.h>
24#include <string.h>
25
26/* we use assert() */
27#undef NDEBUG
28
29#define TMPFILENAME "test___freadptr.tmp"
30
31void test___freadptr0(void);
32
33/* test __freadptr() and __freadptrinc() */
34void
35test___freadptr0(void)
36{
37 FILE *fp;
38 int r;
39 ssize_t s;
40 const char *p;
41
42 fp = fopen(TMPFILENAME, "w");
43 assert(fp != NULL);
44 r = fputs("Hello world", fp);
45 assert(r >= 0);
46 r = fclose(fp);
47
48 fp = fopen(TMPFILENAME, "r");
49 assert(fgetc(fp) == 'H');
50 p = __freadptr(fp, &s);
51 assert(p != NULL);
52 assert(s > 4); /* this test assume this (not by the spec) */
53 assert(*p == 'e');
54 assert(strncmp(p, "ello world", s) == 0);
55
56 __freadptrinc(fp, 4);
57 assert(fgetc(fp) == ' ');
58
59 ungetc('A', fp);
60 ungetc('A', fp);
61 ungetc('A', fp);
62 p = __freadptr(fp, &s);
63 assert(s > 0);
64 assert(*p == 'A');
65 /* ptr will contains only the pushback buffer */
66 assert(strncmp(p, "AAAworld", s) == 0);
67
68 r = fclose(fp);
69 assert(r == 0);
70}
71
72int
73main(int argc, char *argv[])
74{
75 test___freadptr0();
76
77 exit(0);
78}
diff --git a/src/regress/lib/libc/stdio/test___fseterr.c b/src/regress/lib/libc/stdio/test___fseterr.c
new file mode 100644
index 0000000000..70fb491c6c
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___fseterr.c
@@ -0,0 +1,60 @@
1/* $OpenBSD: test___fseterr.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23
24/* we use assert() */
25#undef NDEBUG
26
27#define TMPFILENAME "test___fseterr.tmp"
28
29void test___fseterr0(void);
30
31void
32test___fseterr0(void)
33{
34 FILE *fp;
35 int r;
36
37 fp = fopen(TMPFILENAME, "w+");
38 assert(fp != NULL);
39
40 assert(!ferror(fp));
41
42 r = fprintf(fp, "hello world\n");
43 assert(r > 0);
44
45 __fseterr(fp);
46 assert(ferror(fp));
47
48 r = fprintf(fp, "hello world\n");
49 assert(r == -1);
50
51 fclose(fp);
52}
53
54int
55main(int argc, char *argv[])
56{
57 test___fseterr0();
58
59 exit(0);
60}
diff --git a/src/regress/lib/libc/stdio/test___fwriting.c b/src/regress/lib/libc/stdio/test___fwriting.c
new file mode 100644
index 0000000000..eb4671d3cf
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___fwriting.c
@@ -0,0 +1,83 @@
1/* $OpenBSD: test___fwriting.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23
24/* we use assert() */
25#undef NDEBUG
26
27#define TMPFILENAME "test___fwriting.tmp"
28
29void test___fwriting0(void);
30void test___fwriting1(void);
31
32void
33test___fwriting0(void)
34{
35 FILE *fp;
36 int r;
37
38 fp = fopen(TMPFILENAME, "w"); /* write only */
39 assert(fp != NULL);
40 assert(__fwriting(fp) != 0); /* writing is true immediately */
41 r = fputs("Hello world\n", fp);
42 assert(r >= 0);
43 r = fclose(fp);
44 assert(r == 0);
45
46 fp = fopen(TMPFILENAME, "a"); /* append only */
47 assert(fp != NULL);
48 assert(__fwriting(fp) != 0); /* writing immediately */
49 r = fclose(fp);
50 assert(r == 0);
51}
52
53void
54test___fwriting1(void)
55{
56 FILE *fp;
57 int r;
58
59 fp = fopen(TMPFILENAME, "w+"); /* read / write */
60 assert(fp != NULL);
61 r = fputs("Hello world\n", fp);
62 assert(r >= 0);
63 assert(__fwriting(fp) != 0);
64 rewind(fp);
65 assert(fgetc(fp) == 'H'); /* read */
66 assert(__fwriting(fp) == 0); /* writing becomes false */
67 fputc('e', fp);
68 assert(__fwriting(fp) != 0); /* writing becomes true */
69 ungetc('e', fp);
70 assert(__fwriting(fp) == 0); /* ungetc -> writing becomes false */
71
72 r = fclose(fp);
73 assert(r == 0);
74}
75
76int
77main(int argc, char *argv[])
78{
79 test___fwriting0();
80 test___fwriting1();
81
82 exit(0);
83}
diff --git a/src/regress/lib/libc/stdio/test_fflush.c b/src/regress/lib/libc/stdio/test_fflush.c
new file mode 100644
index 0000000000..a0586b7d14
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test_fflush.c
@@ -0,0 +1,345 @@
1/* $OpenBSD: test_fflush.c,v 1.3 2025/06/08 08:53:53 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <locale.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24#include <unistd.h>
25#include <wchar.h>
26
27/* we use assert() */
28#undef NDEBUG
29
30#define TMPFILENAME "test_fflush.tmp"
31
32void setup(void);
33
34void test_fflush_read0(void);
35void test_fflush_read1(void);
36void test_fflush_read2(void);
37void test_fflush_read3(void);
38void test_fflush_read4(void);
39void setupw(void);
40void test_fflush_read5(void);
41void test_fflush_read6(void);
42
43void
44setup(void)
45{
46 FILE *fp;
47
48 /* common setup */
49 unlink(TMPFILENAME);
50 fp = fopen(TMPFILENAME, "w+");
51 assert(fp != NULL);
52 fputs("Hello world\n", fp);
53 fclose(fp);
54}
55
56/* fflush work with reading file and seekable */
57void
58test_fflush_read0(void)
59{
60 int r;
61 char buf[80];
62 FILE *fp;
63
64 setup();
65
66 /* In POSIX 2008, fflush() must work with the file object for reading */
67 fp = fopen(TMPFILENAME, "r");
68 assert(fp != NULL);
69 assert(fgetc(fp) == 'H');
70 r = fflush(fp);
71 assert(r == 0);
72
73 /* the position is moved to 1 */
74 assert(ftell(fp) == 1);
75
76 /* can read rest of that */
77 fgets(buf, sizeof(buf), fp);
78 assert(strcmp(buf, "ello world\n") == 0);
79 r = fclose(fp);
80 assert(r == 0);
81}
82
83/* fflush work with reading file and seekable + unget */
84void
85test_fflush_read1(void)
86{
87 int r;
88 char buf[80];
89 FILE *fp;
90
91 setup();
92
93 fp = fopen(TMPFILENAME, "r");
94 assert(fp != NULL);
95 assert(fgetc(fp) == 'H');
96 assert(fgetc(fp) == 'e');
97 assert(fgetc(fp) == 'l');
98 assert(fgetc(fp) == 'l');
99 assert(fgetc(fp) == 'o');
100
101 /* push the 'AAAA' back */
102 ungetc('A', fp);
103 ungetc('A', fp);
104 ungetc('A', fp);
105 ungetc('A', fp);
106
107 /* can read rest of that */
108 fgets(buf, sizeof(buf), fp);
109 assert(strcmp(buf, "AAAA world\n") == 0);
110 r = fclose(fp);
111 assert(r == 0);
112
113 /* do the same thing + fflush */
114
115 fp = fopen(TMPFILENAME, "r");
116 assert(fp != NULL);
117 assert(fgetc(fp) == 'H');
118 assert(fgetc(fp) == 'e');
119 assert(fgetc(fp) == 'l');
120 assert(fgetc(fp) == 'l');
121 assert(fgetc(fp) == 'o');
122
123 /* push 'AAAA' back */
124 ungetc('A', fp);
125 ungetc('A', fp);
126 ungetc('A', fp);
127 ungetc('A', fp);
128
129 /* then fflush */
130 r = fflush(fp);
131 assert(r == 0);
132
133 /* fllush() clears the all pushed back chars */
134
135 /* can read rest of that */
136 fgets(buf, sizeof(buf), fp);
137 assert(strcmp(buf, " world\n") == 0);
138 r = fclose(fp);
139 assert(r == 0);
140}
141
142/* fflush() to reading and non-seekable stream */
143void
144test_fflush_read2(void)
145{
146 int r;
147 FILE *fp;
148 char buf[80];
149
150 /* In POSIX-2008, fflush() must work with the file object for reading */
151 fp = popen("echo Hello world", "r");
152 assert(fp != NULL);
153 assert(fgetc(fp) == 'H');
154 r = fflush(fp);
155 assert(r == 0);
156
157 /*
158 * FILE object for read and NOT seekable. In that case, fflush does
159 * nothing, but must keep the buffer.
160 */
161
162 /* can read rest of that */
163 fgets(buf, sizeof(buf), fp);
164 assert(strcmp(buf, "ello world\n") == 0);
165 r = pclose(fp);
166 assert(r == 0);
167}
168
169/* fflush() to the file which doesn't have any buffer */
170void
171test_fflush_read3(void)
172{
173 int r;
174 FILE *fp;
175
176 setup();
177
178 /* In POSIX-2008, fflush() must work with the file object for reading */
179 fp = fopen(TMPFILENAME, "r");
180 assert(fp != NULL);
181 r = fflush(fp);
182 assert(r == 0);
183 r = fclose(fp);
184 assert(r == 0);
185}
186
187/* freopen() should call fflush() internal */
188void
189test_fflush_read4(void)
190{
191 int r;
192 FILE *fp;
193 off_t pos;
194 char buf[80];
195
196 setup();
197
198 /* In POSIX-2008, fflush() must work with the file object for reading */
199 fp = fopen(TMPFILENAME, "r");
200 assert(fp != NULL);
201
202 assert(fgetc(fp) == 'H'); /* read 1 */
203
204 pos = lseek(fileno(fp), 0, SEEK_CUR);
205 assert(pos >= 1);
206 assert(pos > 1); /* this test assume the buffer is used */
207
208 /* freopen() should call fflush() internal */
209 fp = freopen(TMPFILENAME, "r", fp);
210 assert(fp != NULL);
211
212 /* can read rest of that on fp */
213 fgets(buf, sizeof(buf), fp);
214 assert(strcmp(buf, "Hello world\n") == 0);
215
216 r = fclose(fp);
217 assert(r == 0);
218}
219
220void
221setupw(void)
222{
223 FILE *fp;
224
225 /* common setup */
226 unlink(TMPFILENAME);
227 fp = fopen(TMPFILENAME, "w+");
228 assert(fp != NULL);
229 /* Konnitiwa Sekai(in Kanji) */
230 fputws(L"\u3053\u3093\u306b\u3061\u308f \u4e16\u754c\n", fp);
231 fclose(fp);
232}
233
234/* fflush work with reading file and seekable + ungetwc */
235void
236test_fflush_read5(void)
237{
238 int r;
239 wchar_t buf[80];
240 FILE *fp;
241
242 setupw();
243
244 fp = fopen(TMPFILENAME, "r");
245
246 assert(fp != NULL);
247 assert(fgetwc(fp) == L'\u3053'); /* Ko */
248 assert(fgetwc(fp) == L'\u3093'); /* N */
249 assert(fgetwc(fp) == L'\u306b'); /* Ni */
250 assert(fgetwc(fp) == L'\u3061'); /* Ti */
251 assert(fgetwc(fp) == L'\u308f'); /* Wa */
252
253 /* push 263A(smile) back */
254 assert(ungetwc(L'\u263a', fp));
255
256 /* we support 1 push back wchar_t */
257 assert(fgetwc(fp) == L'\u263a');
258
259 /* can read reset of that */
260 fgetws(buf, sizeof(buf), fp);
261 assert(wcscmp(buf, L" \u4e16\u754c\n") == 0);
262
263 r = fclose(fp);
264 assert(r == 0);
265
266 /* do the same thing + fflush */
267 fp = fopen(TMPFILENAME, "r");
268
269 assert(fp != NULL);
270 assert(fgetwc(fp) == L'\u3053'); /* Ko */
271 assert(fgetwc(fp) == L'\u3093'); /* N */
272 assert(fgetwc(fp) == L'\u306b'); /* Ni */
273 assert(fgetwc(fp) == L'\u3061'); /* Ti */
274 assert(fgetwc(fp) == L'\u308f'); /* Wa */
275
276 /* push 263A(smile) back */
277 assert(ungetwc(L'\u263a', fp));
278
279 /* we support 1 push back wchar_t */
280 assert(fgetwc(fp) == L'\u263a');
281
282 /* then fflush */
283 r = fflush(fp);
284 assert(r == 0);
285
286 /* fllush() clears the all pushed back chars */
287
288 /* can read rest of that */
289 fgetws(buf, sizeof(buf), fp);
290 assert(wcscmp(buf, L" \u4e16\u754c\n") == 0);
291 r = fclose(fp);
292 assert(r == 0);
293}
294
295void
296test_fflush_read6(void)
297{
298 int r, c;
299 FILE *fp;
300
301 setup();
302 fp = fopen(TMPFILENAME, "r");
303 assert(fp != NULL);
304
305 /*
306 * https://pubs.opengroup.org/onlinepubs/9699919799/functions/fflush.html
307 * .. any characters pushed back onto the stream by ungetc() or ungetwc()
308 * that have not subsequently been read from the stream shall be discarded
309 * (without further changing the file offset).
310 */
311
312 assert(fgetc(fp) == 'H');
313 c = getc(fp);
314 ungetc(c, fp); /* push back the character has been read */
315 r = fflush(fp);
316 assert(r == 0);
317 assert(getc(fp) == c);
318
319 fseek(fp, 0, SEEK_SET);
320 assert(fgetc(fp) == 'H');
321 c = getc(fp);
322 ungetc('X', fp); /* push back the character has not been read */
323 r = fflush(fp);
324 assert(r == 0);
325 assert(getc(fp) == 'l');
326
327 r = fclose(fp);
328 assert(r == 0);
329}
330
331int
332main(int argc, char *argv[])
333{
334 setlocale(LC_ALL, "C.UTF-8");
335
336 test_fflush_read0();
337 test_fflush_read1();
338 test_fflush_read2();
339 test_fflush_read3();
340 test_fflush_read4();
341 test_fflush_read5();
342 test_fflush_read6();
343
344 exit(0);
345}
diff --git a/src/regress/lib/libc/stdio/test_ungetwc.c b/src/regress/lib/libc/stdio/test_ungetwc.c
new file mode 100644
index 0000000000..bb4e853020
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test_ungetwc.c
@@ -0,0 +1,90 @@
1/* $OpenBSD: test_ungetwc.c,v 1.1 2025/05/25 05:32:45 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <unistd.h>
24#include <locale.h>
25#include <wchar.h>
26
27/* we use assert() */
28#undef NDEBUG
29
30#define TMPFILENAME "test_ungetwc.tmp"
31
32void setupw(void);
33void test_fflush_ungetwc0(void);
34
35void
36setupw(void)
37{
38 FILE *fp;
39
40 /* common setup */
41 unlink(TMPFILENAME);
42 fp = fopen(TMPFILENAME, "w+");
43 assert(fp != NULL);
44 /* Konnitiwa Sekai(in Kanji) */
45 fputws(L"\u3053\u3093\u306b\u3061\u308f \u4e16\u754c\n", fp);
46 fclose(fp);
47}
48
49/* fflush work with reading file and seekable + ungetwc */
50void
51test_fflush_ungetwc0(void)
52{
53 int r;
54 wchar_t buf[80];
55 FILE *fp;
56
57 setupw();
58
59 fp = fopen(TMPFILENAME, "r");
60
61 assert(fp != NULL);
62 assert(fgetwc(fp) == L'\u3053'); /* Ko */
63 assert(fgetwc(fp) == L'\u3093'); /* N */
64 assert(fgetwc(fp) == L'\u306b'); /* Ni */
65 assert(fgetwc(fp) == L'\u3061'); /* Ti */
66 assert(fgetwc(fp) == L'\u308f'); /* Wa */
67
68 /* push 263A(smile) back */
69 assert(ungetwc(L'\u263a', fp));
70
71 /* we support 1 push back wchar_t */
72 assert(fgetwc(fp) == L'\u263a');
73
74 /* can read reset of that */
75 fgetws(buf, sizeof(buf), fp);
76 assert(wcscmp(buf, L" \u4e16\u754c\n") == 0);
77
78 r = fclose(fp);
79 assert(r == 0);
80}
81
82int
83main(int argc, char *argv[])
84{
85 setlocale(LC_ALL, "C.UTF-8");
86
87 test_fflush_ungetwc0();
88
89 exit(0);
90}
diff --git a/src/regress/lib/libc/time/time_conversion/timetest.c b/src/regress/lib/libc/time/time_conversion/timetest.c
index 0706704ee1..1405f1c6a5 100644
--- a/src/regress/lib/libc/time/time_conversion/timetest.c
+++ b/src/regress/lib/libc/time/time_conversion/timetest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: timetest.c,v 1.4 2023/04/13 11:32:06 mbuhl Exp $ */ 1/* $OpenBSD: timetest.c,v 1.5 2025/08/17 08:43:03 phessler Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2022 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
@@ -79,12 +79,12 @@ struct timetest timetests[] = {
79 .tm_yday=171, 79 .tm_yday=171,
80 .tm_isdst=0, 80 .tm_isdst=0,
81 .tm_gmtoff=0, 81 .tm_gmtoff=0,
82 .tm_zone="GMT" 82 .tm_zone="UTC"
83 }, 83 },
84 }, 84 },
85 { 85 {
86 .descr="moon", 86 .descr="moon",
87 .timezone="right/UTC", 87 .timezone="right/GMT",
88 .time=-16751025, 88 .time=-16751025,
89 .local_tm= { 89 .local_tm= {
90 .tm_year=69, 90 .tm_year=69,
@@ -97,7 +97,7 @@ struct timetest timetests[] = {
97 .tm_yday=171, 97 .tm_yday=171,
98 .tm_isdst=0, 98 .tm_isdst=0,
99 .tm_gmtoff=0, 99 .tm_gmtoff=0,
100 .tm_zone="UTC" 100 .tm_zone="GMT"
101 }, 101 },
102 .gmt_tm= { 102 .gmt_tm= {
103 .tm_year=69, 103 .tm_year=69,
@@ -110,7 +110,7 @@ struct timetest timetests[] = {
110 .tm_yday=171, 110 .tm_yday=171,
111 .tm_isdst=0, 111 .tm_isdst=0,
112 .tm_gmtoff=0, 112 .tm_gmtoff=0,
113 .tm_zone="GMT" 113 .tm_zone="UTC"
114 }, 114 },
115 }, 115 },
116 { 116 {
@@ -141,7 +141,7 @@ struct timetest timetests[] = {
141 .tm_yday=171, 141 .tm_yday=171,
142 .tm_isdst=0, 142 .tm_isdst=0,
143 .tm_gmtoff=0, 143 .tm_gmtoff=0,
144 .tm_zone="GMT" 144 .tm_zone="UTC"
145 }, 145 },
146 }, 146 },
147 { 147 {
@@ -172,12 +172,12 @@ struct timetest timetests[] = {
172 .tm_yday=0, 172 .tm_yday=0,
173 .tm_isdst=0, 173 .tm_isdst=0,
174 .tm_gmtoff=0, 174 .tm_gmtoff=0,
175 .tm_zone="GMT" 175 .tm_zone="UTC"
176 }, 176 },
177 }, 177 },
178 { 178 {
179 .descr="epoch", 179 .descr="epoch",
180 .timezone="right/UTC", 180 .timezone="right/GMT",
181 .time=0, 181 .time=0,
182 .local_tm= { 182 .local_tm= {
183 .tm_year=70, 183 .tm_year=70,
@@ -190,7 +190,7 @@ struct timetest timetests[] = {
190 .tm_yday=0, 190 .tm_yday=0,
191 .tm_isdst=0, 191 .tm_isdst=0,
192 .tm_gmtoff=0, 192 .tm_gmtoff=0,
193 .tm_zone="UTC" 193 .tm_zone="GMT"
194 }, 194 },
195 .gmt_tm= { 195 .gmt_tm= {
196 .tm_year=70, 196 .tm_year=70,
@@ -203,7 +203,7 @@ struct timetest timetests[] = {
203 .tm_yday=0, 203 .tm_yday=0,
204 .tm_isdst=0, 204 .tm_isdst=0,
205 .tm_gmtoff=0, 205 .tm_gmtoff=0,
206 .tm_zone="GMT" 206 .tm_zone="UTC"
207 }, 207 },
208 }, 208 },
209 { 209 {
@@ -234,7 +234,7 @@ struct timetest timetests[] = {
234 .tm_yday=0, 234 .tm_yday=0,
235 .tm_isdst=0, 235 .tm_isdst=0,
236 .tm_gmtoff=0, 236 .tm_gmtoff=0,
237 .tm_zone="GMT" 237 .tm_zone="UTC"
238 }, 238 },
239 }, 239 },
240 { 240 {
@@ -265,12 +265,12 @@ struct timetest timetests[] = {
265 .tm_yday=364, 265 .tm_yday=364,
266 .tm_isdst=0, 266 .tm_isdst=0,
267 .tm_gmtoff=0, 267 .tm_gmtoff=0,
268 .tm_zone="GMT" 268 .tm_zone="UTC"
269 }, 269 },
270 }, 270 },
271 { 271 {
272 .descr="epoch - 1", 272 .descr="epoch - 1",
273 .timezone="right/UTC", 273 .timezone="right/GMT",
274 .time=-1, 274 .time=-1,
275 .local_tm= { 275 .local_tm= {
276 .tm_year=69, 276 .tm_year=69,
@@ -283,7 +283,7 @@ struct timetest timetests[] = {
283 .tm_yday=364, 283 .tm_yday=364,
284 .tm_isdst=0, 284 .tm_isdst=0,
285 .tm_gmtoff=0, 285 .tm_gmtoff=0,
286 .tm_zone="UTC" 286 .tm_zone="GMT"
287 }, 287 },
288 .gmt_tm= { 288 .gmt_tm= {
289 .tm_year=69, 289 .tm_year=69,
@@ -296,7 +296,7 @@ struct timetest timetests[] = {
296 .tm_yday=364, 296 .tm_yday=364,
297 .tm_isdst=0, 297 .tm_isdst=0,
298 .tm_gmtoff=0, 298 .tm_gmtoff=0,
299 .tm_zone="GMT" 299 .tm_zone="UTC"
300 }, 300 },
301 }, 301 },
302 { 302 {
@@ -327,7 +327,7 @@ struct timetest timetests[] = {
327 .tm_yday=364, 327 .tm_yday=364,
328 .tm_isdst=0, 328 .tm_isdst=0,
329 .tm_gmtoff=0, 329 .tm_gmtoff=0,
330 .tm_zone="GMT" 330 .tm_zone="UTC"
331 }, 331 },
332 }, 332 },
333 { 333 {
@@ -358,12 +358,12 @@ struct timetest timetests[] = {
358 .tm_yday=346, 358 .tm_yday=346,
359 .tm_isdst=0, 359 .tm_isdst=0,
360 .tm_gmtoff=0, 360 .tm_gmtoff=0,
361 .tm_zone="GMT" 361 .tm_zone="UTC"
362 }, 362 },
363 }, 363 },
364 { 364 {
365 .descr="legacy min", 365 .descr="legacy min",
366 .timezone="right/UTC", 366 .timezone="right/GMT",
367 .time=-2147483648, 367 .time=-2147483648,
368 .local_tm= { 368 .local_tm= {
369 .tm_year=1, 369 .tm_year=1,
@@ -376,7 +376,7 @@ struct timetest timetests[] = {
376 .tm_yday=346, 376 .tm_yday=346,
377 .tm_isdst=0, 377 .tm_isdst=0,
378 .tm_gmtoff=0, 378 .tm_gmtoff=0,
379 .tm_zone="UTC" 379 .tm_zone="GMT"
380 }, 380 },
381 .gmt_tm= { 381 .gmt_tm= {
382 .tm_year=1, 382 .tm_year=1,
@@ -389,7 +389,7 @@ struct timetest timetests[] = {
389 .tm_yday=346, 389 .tm_yday=346,
390 .tm_isdst=0, 390 .tm_isdst=0,
391 .tm_gmtoff=0, 391 .tm_gmtoff=0,
392 .tm_zone="GMT" 392 .tm_zone="UTC"
393 }, 393 },
394 }, 394 },
395 { 395 {
@@ -420,12 +420,12 @@ struct timetest timetests[] = {
420 .tm_yday=346, 420 .tm_yday=346,
421 .tm_isdst=0, 421 .tm_isdst=0,
422 .tm_gmtoff=0, 422 .tm_gmtoff=0,
423 .tm_zone="GMT" 423 .tm_zone="UTC"
424 }, 424 },
425 }, 425 },
426 { 426 {
427 .descr="legacy min - 1", 427 .descr="legacy min - 1",
428 .timezone="right/UTC", 428 .timezone="right/GMT",
429 .time=-2147483649, 429 .time=-2147483649,
430 .local_tm= { 430 .local_tm= {
431 .tm_year=1, 431 .tm_year=1,
@@ -438,7 +438,7 @@ struct timetest timetests[] = {
438 .tm_yday=346, 438 .tm_yday=346,
439 .tm_isdst=0, 439 .tm_isdst=0,
440 .tm_gmtoff=0, 440 .tm_gmtoff=0,
441 .tm_zone="UTC" 441 .tm_zone="GMT"
442 }, 442 },
443 .gmt_tm= { 443 .gmt_tm= {
444 .tm_year=1, 444 .tm_year=1,
@@ -451,7 +451,7 @@ struct timetest timetests[] = {
451 .tm_yday=346, 451 .tm_yday=346,
452 .tm_isdst=0, 452 .tm_isdst=0,
453 .tm_gmtoff=0, 453 .tm_gmtoff=0,
454 .tm_zone="GMT" 454 .tm_zone="UTC"
455 }, 455 },
456 }, 456 },
457 { 457 {
@@ -482,12 +482,12 @@ struct timetest timetests[] = {
482 .tm_yday=18, 482 .tm_yday=18,
483 .tm_isdst=0, 483 .tm_isdst=0,
484 .tm_gmtoff=0, 484 .tm_gmtoff=0,
485 .tm_zone="GMT" 485 .tm_zone="UTC"
486 }, 486 },
487 }, 487 },
488 { 488 {
489 .descr="legacy max", 489 .descr="legacy max",
490 .timezone="right/UTC", 490 .timezone="right/GMT",
491 .time=2147483647, 491 .time=2147483647,
492 .local_tm= { 492 .local_tm= {
493 .tm_year=138, 493 .tm_year=138,
@@ -500,7 +500,7 @@ struct timetest timetests[] = {
500 .tm_yday=18, 500 .tm_yday=18,
501 .tm_isdst=0, 501 .tm_isdst=0,
502 .tm_gmtoff=0, 502 .tm_gmtoff=0,
503 .tm_zone="UTC" 503 .tm_zone="GMT"
504 }, 504 },
505 .gmt_tm= { 505 .gmt_tm= {
506 .tm_year=138, 506 .tm_year=138,
@@ -513,7 +513,7 @@ struct timetest timetests[] = {
513 .tm_yday=18, 513 .tm_yday=18,
514 .tm_isdst=0, 514 .tm_isdst=0,
515 .tm_gmtoff=0, 515 .tm_gmtoff=0,
516 .tm_zone="GMT" 516 .tm_zone="UTC"
517 }, 517 },
518 }, 518 },
519 { 519 {
@@ -544,12 +544,12 @@ struct timetest timetests[] = {
544 .tm_yday=18, 544 .tm_yday=18,
545 .tm_isdst=0, 545 .tm_isdst=0,
546 .tm_gmtoff=0, 546 .tm_gmtoff=0,
547 .tm_zone="GMT" 547 .tm_zone="UTC"
548 }, 548 },
549 }, 549 },
550 { 550 {
551 .descr="legacy max + 1", 551 .descr="legacy max + 1",
552 .timezone="right/UTC", 552 .timezone="right/GMT",
553 .time=2147483648, 553 .time=2147483648,
554 .local_tm= { 554 .local_tm= {
555 .tm_year=138, 555 .tm_year=138,
@@ -562,7 +562,7 @@ struct timetest timetests[] = {
562 .tm_yday=18, 562 .tm_yday=18,
563 .tm_isdst=0, 563 .tm_isdst=0,
564 .tm_gmtoff=0, 564 .tm_gmtoff=0,
565 .tm_zone="UTC" 565 .tm_zone="GMT"
566 }, 566 },
567 .gmt_tm= { 567 .gmt_tm= {
568 .tm_year=138, 568 .tm_year=138,
@@ -575,7 +575,7 @@ struct timetest timetests[] = {
575 .tm_yday=18, 575 .tm_yday=18,
576 .tm_isdst=0, 576 .tm_isdst=0,
577 .tm_gmtoff=0, 577 .tm_gmtoff=0,
578 .tm_zone="GMT" 578 .tm_zone="UTC"
579 }, 579 },
580 }, 580 },
581 { 581 {
@@ -611,7 +611,7 @@ struct timetest timetests[] = {
611 }, 611 },
612 { 612 {
613 .descr="min", 613 .descr="min",
614 .timezone="right/UTC", 614 .timezone="right/GMT",
615 .time=INT64_MIN, 615 .time=INT64_MIN,
616 .local_tm= { 616 .local_tm= {
617 .tm_year=0, 617 .tm_year=0,
@@ -704,7 +704,7 @@ struct timetest timetests[] = {
704 }, 704 },
705 { 705 {
706 .descr="max", 706 .descr="max",
707 .timezone="right/UTC", 707 .timezone="right/GMT",
708 .time=9223372036854775807, 708 .time=9223372036854775807,
709 .local_tm= { 709 .local_tm= {
710 .tm_year=0, 710 .tm_year=0,
@@ -792,7 +792,7 @@ struct timetest timetests[] = {
792 .tm_yday=30, 792 .tm_yday=30,
793 .tm_isdst=0, 793 .tm_isdst=0,
794 .tm_gmtoff=0, 794 .tm_gmtoff=0,
795 .tm_zone="GMT" 795 .tm_zone="UTC"
796 }, 796 },
797 }, 797 },
798 { 798 {
@@ -823,12 +823,12 @@ struct timetest timetests[] = {
823 .tm_yday=30, 823 .tm_yday=30,
824 .tm_isdst=0, 824 .tm_isdst=0,
825 .tm_gmtoff=0, 825 .tm_gmtoff=0,
826 .tm_zone="GMT" 826 .tm_zone="UTC"
827 }, 827 },
828 }, 828 },
829 { 829 {
830 .descr="maxint struct tm", 830 .descr="maxint struct tm",
831 .timezone="right/UTC", 831 .timezone="right/GMT",
832 .time=67767976204675199, 832 .time=67767976204675199,
833 .local_tm= { 833 .local_tm= {
834 .tm_year=2147481747, 834 .tm_year=2147481747,
@@ -841,7 +841,7 @@ struct timetest timetests[] = {
841 .tm_yday=30, 841 .tm_yday=30,
842 .tm_isdst=0, 842 .tm_isdst=0,
843 .tm_gmtoff=0, 843 .tm_gmtoff=0,
844 .tm_zone="UTC" 844 .tm_zone="GMT"
845 }, 845 },
846 .gmt_tm= { 846 .gmt_tm= {
847 .tm_year=2147481747, 847 .tm_year=2147481747,
@@ -854,12 +854,12 @@ struct timetest timetests[] = {
854 .tm_yday=30, 854 .tm_yday=30,
855 .tm_isdst=0, 855 .tm_isdst=0,
856 .tm_gmtoff=0, 856 .tm_gmtoff=0,
857 .tm_zone="GMT" 857 .tm_zone="UTC"
858 }, 858 },
859 }, 859 },
860 { 860 {
861 .descr="minint struct tm", 861 .descr="minint struct tm",
862 .timezone="right/UTC", 862 .timezone="right/GMT",
863 .time=-67768038398073601, 863 .time=-67768038398073601,
864 .local_tm= { 864 .local_tm= {
865 .tm_year=-2147483578, 865 .tm_year=-2147483578,
@@ -872,7 +872,7 @@ struct timetest timetests[] = {
872 .tm_yday=30, 872 .tm_yday=30,
873 .tm_isdst=0, 873 .tm_isdst=0,
874 .tm_gmtoff=0, 874 .tm_gmtoff=0,
875 .tm_zone="UTC" 875 .tm_zone="GMT"
876 }, 876 },
877 .gmt_tm= { 877 .gmt_tm= {
878 .tm_year=-2147483578, 878 .tm_year=-2147483578,
@@ -885,7 +885,7 @@ struct timetest timetests[] = {
885 .tm_yday=30, 885 .tm_yday=30,
886 .tm_isdst=0, 886 .tm_isdst=0,
887 .tm_gmtoff=0, 887 .tm_gmtoff=0,
888 .tm_zone="GMT" 888 .tm_zone="UTC"
889 }, 889 },
890 }, 890 },
891 { 891 {
@@ -916,12 +916,12 @@ struct timetest timetests[] = {
916 .tm_yday=0, 916 .tm_yday=0,
917 .tm_isdst=0, 917 .tm_isdst=0,
918 .tm_gmtoff=0, 918 .tm_gmtoff=0,
919 .tm_zone="GMT" 919 .tm_zone="UTC"
920 }, 920 },
921 }, 921 },
922 { 922 {
923 .descr="0000", 923 .descr="0000",
924 .timezone="right/UTC", 924 .timezone="right/GMT",
925 .time=-62167219200, 925 .time=-62167219200,
926 .local_tm= { 926 .local_tm= {
927 .tm_year=-1900, 927 .tm_year=-1900,
@@ -934,7 +934,7 @@ struct timetest timetests[] = {
934 .tm_yday=0, 934 .tm_yday=0,
935 .tm_isdst=0, 935 .tm_isdst=0,
936 .tm_gmtoff=0, 936 .tm_gmtoff=0,
937 .tm_zone="UTC" 937 .tm_zone="GMT"
938 }, 938 },
939 .gmt_tm= { 939 .gmt_tm= {
940 .tm_year=-1900, 940 .tm_year=-1900,
@@ -947,7 +947,7 @@ struct timetest timetests[] = {
947 .tm_yday=0, 947 .tm_yday=0,
948 .tm_isdst=0, 948 .tm_isdst=0,
949 .tm_gmtoff=0, 949 .tm_gmtoff=0,
950 .tm_zone="GMT" 950 .tm_zone="UTC"
951 }, 951 },
952 }, 952 },
953 { 953 {
@@ -978,7 +978,7 @@ struct timetest timetests[] = {
978 .tm_yday=0, 978 .tm_yday=0,
979 .tm_isdst=0, 979 .tm_isdst=0,
980 .tm_gmtoff=0, 980 .tm_gmtoff=0,
981 .tm_zone="GMT" 981 .tm_zone="UTC"
982 }, 982 },
983 }, 983 },
984 { 984 {
@@ -1009,12 +1009,12 @@ struct timetest timetests[] = {
1009 .tm_yday=364, 1009 .tm_yday=364,
1010 .tm_isdst=0, 1010 .tm_isdst=0,
1011 .tm_gmtoff=0, 1011 .tm_gmtoff=0,
1012 .tm_zone="GMT" 1012 .tm_zone="UTC"
1013 }, 1013 },
1014 }, 1014 },
1015 { 1015 {
1016 .descr="9999", 1016 .descr="9999",
1017 .timezone="right/UTC", 1017 .timezone="right/GMT",
1018 .time=253402300799, 1018 .time=253402300799,
1019 .local_tm= { 1019 .local_tm= {
1020 .tm_year=8099, 1020 .tm_year=8099,
@@ -1027,7 +1027,7 @@ struct timetest timetests[] = {
1027 .tm_yday=364, 1027 .tm_yday=364,
1028 .tm_isdst=0, 1028 .tm_isdst=0,
1029 .tm_gmtoff=0, 1029 .tm_gmtoff=0,
1030 .tm_zone="UTC" 1030 .tm_zone="GMT"
1031 }, 1031 },
1032 .gmt_tm= { 1032 .gmt_tm= {
1033 .tm_year=8099, 1033 .tm_year=8099,
@@ -1040,7 +1040,7 @@ struct timetest timetests[] = {
1040 .tm_yday=364, 1040 .tm_yday=364,
1041 .tm_isdst=0, 1041 .tm_isdst=0,
1042 .tm_gmtoff=0, 1042 .tm_gmtoff=0,
1043 .tm_zone="GMT" 1043 .tm_zone="UTC"
1044 }, 1044 },
1045 }, 1045 },
1046 { 1046 {
@@ -1071,7 +1071,7 @@ struct timetest timetests[] = {
1071 .tm_yday=364, 1071 .tm_yday=364,
1072 .tm_isdst=0, 1072 .tm_isdst=0,
1073 .tm_gmtoff=0, 1073 .tm_gmtoff=0,
1074 .tm_zone="GMT" 1074 .tm_zone="UTC"
1075 }, 1075 },
1076 }, 1076 },
1077 { 1077 {
@@ -1102,7 +1102,7 @@ struct timetest timetests[] = {
1102 .tm_yday=0, 1102 .tm_yday=0,
1103 .tm_isdst=0, 1103 .tm_isdst=0,
1104 .tm_gmtoff=0, 1104 .tm_gmtoff=0,
1105 .tm_zone="GMT" 1105 .tm_zone="UTC"
1106 }, 1106 },
1107 }, 1107 },
1108 { 1108 {
@@ -1133,7 +1133,7 @@ struct timetest timetests[] = {
1133 .tm_yday=0, 1133 .tm_yday=0,
1134 .tm_isdst=0, 1134 .tm_isdst=0,
1135 .tm_gmtoff=0, 1135 .tm_gmtoff=0,
1136 .tm_zone="GMT" 1136 .tm_zone="UTC"
1137 }, 1137 },
1138 }, 1138 },
1139 { 1139 {
@@ -1164,12 +1164,12 @@ struct timetest timetests[] = {
1164 .tm_yday=0, 1164 .tm_yday=0,
1165 .tm_isdst=0, 1165 .tm_isdst=0,
1166 .tm_gmtoff=0, 1166 .tm_gmtoff=0,
1167 .tm_zone="GMT" 1167 .tm_zone="UTC"
1168 }, 1168 },
1169 }, 1169 },
1170 { 1170 {
1171 .descr="leap second - 1", 1171 .descr="leap second - 1",
1172 .timezone="right/UTC", 1172 .timezone="right/GMT",
1173 .time=1483228825, 1173 .time=1483228825,
1174 .local_tm= { 1174 .local_tm= {
1175 .tm_year=116, 1175 .tm_year=116,
@@ -1182,7 +1182,7 @@ struct timetest timetests[] = {
1182 .tm_yday=365, 1182 .tm_yday=365,
1183 .tm_isdst=0, 1183 .tm_isdst=0,
1184 .tm_gmtoff=0, 1184 .tm_gmtoff=0,
1185 .tm_zone="UTC" 1185 .tm_zone="GMT"
1186 }, 1186 },
1187 .gmt_tm= { 1187 .gmt_tm= {
1188 .tm_year=117, 1188 .tm_year=117,
@@ -1195,12 +1195,12 @@ struct timetest timetests[] = {
1195 .tm_yday=0, 1195 .tm_yday=0,
1196 .tm_isdst=0, 1196 .tm_isdst=0,
1197 .tm_gmtoff=0, 1197 .tm_gmtoff=0,
1198 .tm_zone="GMT" 1198 .tm_zone="UTC"
1199 }, 1199 },
1200 }, 1200 },
1201 { 1201 {
1202 .descr="leap second", 1202 .descr="leap second",
1203 .timezone="right/UTC", 1203 .timezone="right/GMT",
1204 .time=1483228826, 1204 .time=1483228826,
1205 .local_tm= { 1205 .local_tm= {
1206 .tm_year=116, 1206 .tm_year=116,
@@ -1213,7 +1213,7 @@ struct timetest timetests[] = {
1213 .tm_yday=365, 1213 .tm_yday=365,
1214 .tm_isdst=0, 1214 .tm_isdst=0,
1215 .tm_gmtoff=0, 1215 .tm_gmtoff=0,
1216 .tm_zone="UTC" 1216 .tm_zone="GMT"
1217 }, 1217 },
1218 .gmt_tm= { 1218 .gmt_tm= {
1219 .tm_year=117, 1219 .tm_year=117,
@@ -1226,12 +1226,12 @@ struct timetest timetests[] = {
1226 .tm_yday=0, 1226 .tm_yday=0,
1227 .tm_isdst=0, 1227 .tm_isdst=0,
1228 .tm_gmtoff=0, 1228 .tm_gmtoff=0,
1229 .tm_zone="GMT" 1229 .tm_zone="UTC"
1230 }, 1230 },
1231 }, 1231 },
1232 { 1232 {
1233 .descr="leap second + 1", 1233 .descr="leap second + 1",
1234 .timezone="right/UTC", 1234 .timezone="right/GMT",
1235 .time=1483228827, 1235 .time=1483228827,
1236 .local_tm= { 1236 .local_tm= {
1237 .tm_year=117, 1237 .tm_year=117,
@@ -1244,7 +1244,7 @@ struct timetest timetests[] = {
1244 .tm_yday=0, 1244 .tm_yday=0,
1245 .tm_isdst=0, 1245 .tm_isdst=0,
1246 .tm_gmtoff=0, 1246 .tm_gmtoff=0,
1247 .tm_zone="UTC" 1247 .tm_zone="GMT"
1248 }, 1248 },
1249 .gmt_tm= { 1249 .gmt_tm= {
1250 .tm_year=117, 1250 .tm_year=117,
@@ -1257,7 +1257,7 @@ struct timetest timetests[] = {
1257 .tm_yday=0, 1257 .tm_yday=0,
1258 .tm_isdst=0, 1258 .tm_isdst=0,
1259 .tm_gmtoff=0, 1259 .tm_gmtoff=0,
1260 .tm_zone="GMT" 1260 .tm_zone="UTC"
1261 }, 1261 },
1262 }, 1262 },
1263 { 1263 {
@@ -1288,7 +1288,7 @@ struct timetest timetests[] = {
1288 .tm_yday=0, 1288 .tm_yday=0,
1289 .tm_isdst=0, 1289 .tm_isdst=0,
1290 .tm_gmtoff=0, 1290 .tm_gmtoff=0,
1291 .tm_zone="GMT" 1291 .tm_zone="UTC"
1292 }, 1292 },
1293 }, 1293 },
1294 { 1294 {
@@ -1319,7 +1319,7 @@ struct timetest timetests[] = {
1319 .tm_yday=0, 1319 .tm_yday=0,
1320 .tm_isdst=0, 1320 .tm_isdst=0,
1321 .tm_gmtoff=0, 1321 .tm_gmtoff=0,
1322 .tm_zone="GMT" 1322 .tm_zone="UTC"
1323 }, 1323 },
1324 }, 1324 },
1325 { 1325 {
@@ -1350,7 +1350,7 @@ struct timetest timetests[] = {
1350 .tm_yday=0, 1350 .tm_yday=0,
1351 .tm_isdst=0, 1351 .tm_isdst=0,
1352 .tm_gmtoff=0, 1352 .tm_gmtoff=0,
1353 .tm_zone="GMT" 1353 .tm_zone="UTC"
1354 }, 1354 },
1355 }, 1355 },
1356 { 1356 {
@@ -1381,7 +1381,7 @@ struct timetest timetests[] = {
1381 .tm_yday=72, 1381 .tm_yday=72,
1382 .tm_isdst=0, 1382 .tm_isdst=0,
1383 .tm_gmtoff=0, 1383 .tm_gmtoff=0,
1384 .tm_zone="GMT" 1384 .tm_zone="UTC"
1385 }, 1385 },
1386 }, 1386 },
1387 { 1387 {
@@ -1412,7 +1412,7 @@ struct timetest timetests[] = {
1412 .tm_yday=72, 1412 .tm_yday=72,
1413 .tm_isdst=0, 1413 .tm_isdst=0,
1414 .tm_gmtoff=0, 1414 .tm_gmtoff=0,
1415 .tm_zone="GMT" 1415 .tm_zone="UTC"
1416 }, 1416 },
1417 }, 1417 },
1418 { 1418 {
@@ -1443,7 +1443,7 @@ struct timetest timetests[] = {
1443 .tm_yday=72, 1443 .tm_yday=72,
1444 .tm_isdst=0, 1444 .tm_isdst=0,
1445 .tm_gmtoff=0, 1445 .tm_gmtoff=0,
1446 .tm_zone="GMT" 1446 .tm_zone="UTC"
1447 }, 1447 },
1448 }, 1448 },
1449 { 1449 {
@@ -1474,7 +1474,7 @@ struct timetest timetests[] = {
1474 .tm_yday=72, 1474 .tm_yday=72,
1475 .tm_isdst=0, 1475 .tm_isdst=0,
1476 .tm_gmtoff=0, 1476 .tm_gmtoff=0,
1477 .tm_zone="GMT" 1477 .tm_zone="UTC"
1478 }, 1478 },
1479 }, 1479 },
1480 { 1480 {
@@ -1505,7 +1505,7 @@ struct timetest timetests[] = {
1505 .tm_yday=72, 1505 .tm_yday=72,
1506 .tm_isdst=0, 1506 .tm_isdst=0,
1507 .tm_gmtoff=0, 1507 .tm_gmtoff=0,
1508 .tm_zone="GMT" 1508 .tm_zone="UTC"
1509 }, 1509 },
1510 }, 1510 },
1511 { 1511 {
@@ -1536,7 +1536,7 @@ struct timetest timetests[] = {
1536 .tm_yday=72, 1536 .tm_yday=72,
1537 .tm_isdst=0, 1537 .tm_isdst=0,
1538 .tm_gmtoff=0, 1538 .tm_gmtoff=0,
1539 .tm_zone="GMT" 1539 .tm_zone="UTC"
1540 }, 1540 },
1541 }, 1541 },
1542 { 1542 {
@@ -1567,7 +1567,7 @@ struct timetest timetests[] = {
1567 .tm_yday=310, 1567 .tm_yday=310,
1568 .tm_isdst=0, 1568 .tm_isdst=0,
1569 .tm_gmtoff=0, 1569 .tm_gmtoff=0,
1570 .tm_zone="GMT" 1570 .tm_zone="UTC"
1571 }, 1571 },
1572 }, 1572 },
1573 { 1573 {
@@ -1598,7 +1598,7 @@ struct timetest timetests[] = {
1598 .tm_yday=310, 1598 .tm_yday=310,
1599 .tm_isdst=0, 1599 .tm_isdst=0,
1600 .tm_gmtoff=0, 1600 .tm_gmtoff=0,
1601 .tm_zone="GMT" 1601 .tm_zone="UTC"
1602 }, 1602 },
1603 }, 1603 },
1604 { 1604 {
@@ -1629,7 +1629,7 @@ struct timetest timetests[] = {
1629 .tm_yday=310, 1629 .tm_yday=310,
1630 .tm_isdst=0, 1630 .tm_isdst=0,
1631 .tm_gmtoff=0, 1631 .tm_gmtoff=0,
1632 .tm_zone="GMT" 1632 .tm_zone="UTC"
1633 }, 1633 },
1634 }, 1634 },
1635 { 1635 {
@@ -1660,7 +1660,7 @@ struct timetest timetests[] = {
1660 .tm_yday=310, 1660 .tm_yday=310,
1661 .tm_isdst=0, 1661 .tm_isdst=0,
1662 .tm_gmtoff=0, 1662 .tm_gmtoff=0,
1663 .tm_zone="GMT" 1663 .tm_zone="UTC"
1664 }, 1664 },
1665 }, 1665 },
1666 { 1666 {
@@ -1691,7 +1691,7 @@ struct timetest timetests[] = {
1691 .tm_yday=310, 1691 .tm_yday=310,
1692 .tm_isdst=0, 1692 .tm_isdst=0,
1693 .tm_gmtoff=0, 1693 .tm_gmtoff=0,
1694 .tm_zone="GMT" 1694 .tm_zone="UTC"
1695 }, 1695 },
1696 }, 1696 },
1697 { 1697 {
@@ -1722,7 +1722,7 @@ struct timetest timetests[] = {
1722 .tm_yday=310, 1722 .tm_yday=310,
1723 .tm_isdst=0, 1723 .tm_isdst=0,
1724 .tm_gmtoff=0, 1724 .tm_gmtoff=0,
1725 .tm_zone="GMT" 1725 .tm_zone="UTC"
1726 }, 1726 },
1727 }, 1727 },
1728 { 1728 {
diff --git a/src/regress/lib/libcrypto/aes/aes_test.c b/src/regress/lib/libcrypto/aes/aes_test.c
index 37bee05ca7..8d5947a031 100644
--- a/src/regress/lib/libcrypto/aes/aes_test.c
+++ b/src/regress/lib/libcrypto/aes/aes_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: aes_test.c,v 1.3 2023/09/28 08:21:43 tb Exp $ */ 1/* $OpenBSD: aes_test.c,v 1.5 2025/07/05 14:32:47 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
4 * 4 *
@@ -524,6 +524,161 @@ static const struct aes_test aes_tests[] = {
524 }, 524 },
525 .out_len = 64, 525 .out_len = 64,
526 }, 526 },
527
528 /* XTS128 - Test vectors from NIST SP 800-38A */
529 {
530 /* XTSGenAES128 1 */
531 .mode = NID_aes_128_xts,
532 .key = {
533 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
534 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
535 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
536 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f,
537 },
538 .iv = {
539 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
540 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5,
541 },
542 .iv_len = 16,
543 .in = {
544 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
545 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
546 },
547 .in_len = 16,
548 .out = {
549 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
550 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63,
551 },
552 .out_len = 16,
553 },
554 {
555 /* XTSGenAES128 385 */
556 .mode = NID_aes_128_xts,
557 .key = {
558 0xb8, 0xdb, 0x0b, 0x9e, 0x63, 0xf5, 0xf0, 0xe6,
559 0x60, 0x97, 0x98, 0xa6, 0xcb, 0x42, 0xbb, 0x5b,
560 0x5d, 0x71, 0x39, 0xbb, 0x95, 0x57, 0x99, 0xf5,
561 0x2a, 0x7c, 0x58, 0x1f, 0x84, 0x63, 0x31, 0x76,
562 },
563 .iv = {
564 0x8d, 0x46, 0xf9, 0x67, 0x01, 0x16, 0x7a, 0x1d,
565 0x77, 0xcd, 0x1e, 0x44, 0xda, 0x92, 0xf3, 0xa8,
566 },
567 .iv_len = 16,
568 .in = {
569 0xb4, 0x64, 0x4d, 0xc1, 0xb3, 0x8d, 0xd5, 0x98,
570 0xca, 0x84, 0x0a, 0x82, 0xd4, 0xd9, 0xc0, 0x65,
571 0x67, 0x23, 0xb1, 0x58, 0x01, 0xaa, 0x18, 0xe6,
572 0x6e,
573 },
574 .in_len = 25,
575 .out = {
576 0x09, 0x28, 0x8c, 0xf5, 0x1f, 0x1e, 0xb4, 0xad,
577 0xb8, 0x54, 0x23, 0xd0, 0xe0, 0xd6, 0xe9, 0x58,
578 0x18, 0x87, 0x06, 0xaf, 0x26, 0x0e, 0x24, 0x67,
579 0x4e,
580 },
581 .out_len = 25,
582 },
583 {
584 /* XTSGenAES128 404 */
585 .mode = NID_aes_128_xts,
586 .key = {
587 0xbe, 0x5c, 0xf1, 0xf9, 0x9d, 0x51, 0x59, 0xf2,
588 0x11, 0xdb, 0xc4, 0xc1, 0x47, 0xf7, 0x9c, 0x55,
589 0x6b, 0x2d, 0xa5, 0xc6, 0x91, 0xde, 0xed, 0x74,
590 0x0d, 0x01, 0x57, 0xea, 0xb8, 0xc9, 0xc8, 0x9a,
591 },
592 .iv = {
593 0x89, 0x24, 0x86, 0x24, 0xb6, 0x96, 0xcf, 0x9c,
594 0xb1, 0xb5, 0x77, 0x9c, 0xdc, 0xbc, 0xfe, 0x1c,
595 },
596 .iv_len = 16,
597 .in = {
598 0x3b, 0x80, 0xf8, 0x22, 0xc4, 0xee, 0xe1, 0x31,
599 0x3f, 0x79, 0xca, 0x3d, 0xb1, 0x34, 0xd9, 0xca,
600 0x8b, 0x09, 0xa3, 0x53, 0x4d, 0x4e, 0x18, 0xe6,
601 0x43, 0x9e, 0x1c, 0xdb, 0x86, 0x18, 0x2a, 0x4f,
602 },
603 .in_len = 32,
604 .out = {
605 0x4b, 0x6a, 0xf4, 0x3a, 0x88, 0xb6, 0x33, 0xeb,
606 0xd1, 0xe1, 0x27, 0xc1, 0xec, 0x90, 0xcc, 0x47,
607 0xa2, 0xf1, 0x6e, 0x3b, 0xc7, 0x9f, 0x88, 0x45,
608 0xe3, 0xbd, 0x00, 0x25, 0xda, 0x87, 0x26, 0x45,
609 },
610 .out_len = 32,
611 },
612 {
613 /* XTSGenAES256 1 */
614 .mode = NID_aes_256_xts,
615 .key = {
616 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
617 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
618 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
619 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
620 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
621 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
622 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
623 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08,
624 },
625 .iv = {
626 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
627 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64,
628 },
629 .iv_len = 16,
630 .in = {
631 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
632 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
633 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
634 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e,
635 },
636 .in_len = 32,
637 .out = {
638 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
639 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
640 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
641 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb,
642 },
643 .out_len = 32,
644 },
645 {
646 /* XTSGenAES256 172 */
647 .mode = NID_aes_256_xts,
648 .key= {
649 0x5c, 0x7f, 0x7a, 0x36, 0x08, 0x01, 0x78, 0x43,
650 0x00, 0x83, 0xff, 0x54, 0x92, 0xef, 0x77, 0x26,
651 0x0f, 0x68, 0x0a, 0x15, 0xa7, 0x66, 0x24, 0xb8,
652 0x9e, 0x85, 0x4c, 0x94, 0xf0, 0x48, 0x8a, 0x9e,
653 0x7d, 0xaa, 0x4f, 0x33, 0x01, 0x1f, 0x91, 0xdf,
654 0x5e, 0x33, 0x80, 0x53, 0xf4, 0x6c, 0xee, 0x65,
655 0x0f, 0xb0, 0xee, 0x69, 0xf8, 0xc2, 0x15, 0x75,
656 0x5a, 0x4a, 0x63, 0xcd, 0x42, 0x28, 0xc2, 0x19,
657 },
658 .iv = {
659 0xa4, 0x01, 0xd7, 0x3c, 0x88, 0x75, 0xe7, 0x59,
660 0xaa, 0x3e, 0xef, 0x53, 0xe0, 0xfb, 0x62, 0x63,
661 },
662 .iv_len = 16,
663 .in = {
664 0xb1, 0xe6, 0x29, 0xa6, 0x2a, 0x03, 0xca, 0x96,
665 0x9b, 0x16, 0x91, 0x52, 0x02, 0xbc, 0xaa, 0x09,
666 0xe7, 0x8a, 0xe1, 0x85, 0x1b, 0xc8, 0x85, 0x81,
667 0x16, 0x49, 0x68, 0xa5, 0x65, 0x6c, 0x82, 0xc0,
668 0xe5, 0xc4, 0x03, 0xba, 0x54, 0xb9, 0xb5, 0xed,
669 0x9b, 0xab, 0xe8, 0xb0, 0x75, 0x1d, 0x1b, 0x34,
670 },
671 .in_len = 48,
672 .out = {
673 0xf5, 0xbc, 0xa6, 0x0f, 0xb9, 0x35, 0x2b, 0x1d,
674 0xe0, 0x4d, 0x71, 0x29, 0x40, 0x56, 0x26, 0xb3,
675 0xa4, 0x74, 0xa2, 0x64, 0xfb, 0xac, 0x2d, 0x6b,
676 0xe1, 0x19, 0xe1, 0xd5, 0x7a, 0xa9, 0x98, 0xd0,
677 0xe0, 0xe4, 0xd9, 0xf9, 0xc9, 0x76, 0x21, 0x0d,
678 0x93, 0xc4, 0x65, 0xa3, 0xe3, 0x60, 0xcd, 0x92,
679 },
680 .out_len = 48,
681 },
527}; 682};
528 683
529#define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0])) 684#define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0]))
@@ -542,7 +697,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
542 697
543 /* Encryption */ 698 /* Encryption */
544 memset(out, 0, sizeof(out)); 699 memset(out, 0, sizeof(out));
545 AES_set_encrypt_key(at->key, key_bits, &key); 700 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
701 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
702 return 0;
703 }
546 AES_ecb_encrypt(at->in, out, &key, 1); 704 AES_ecb_encrypt(at->in, out, &key, 1);
547 705
548 if (memcmp(at->out, out, at->out_len) != 0) { 706 if (memcmp(at->out, out, at->out_len) != 0) {
@@ -553,7 +711,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
553 711
554 /* Decryption */ 712 /* Decryption */
555 memset(out, 0, sizeof(out)); 713 memset(out, 0, sizeof(out));
556 AES_set_decrypt_key(at->key, key_bits, &key); 714 if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
715 fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
716 return 0;
717 }
557 AES_ecb_encrypt(at->out, out, &key, 0); 718 AES_ecb_encrypt(at->out, out, &key, 0);
558 719
559 if (memcmp(at->in, out, at->in_len) != 0) { 720 if (memcmp(at->in, out, at->in_len) != 0) {
@@ -582,7 +743,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
582 /* Encryption */ 743 /* Encryption */
583 memset(out, 0, sizeof(out)); 744 memset(out, 0, sizeof(out));
584 memcpy(iv, at->iv, at->iv_len); 745 memcpy(iv, at->iv, at->iv_len);
585 AES_set_encrypt_key(at->key, key_bits, &key); 746 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
747 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
748 return 0;
749 }
586 AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1); 750 AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1);
587 751
588 if (memcmp(at->out, out, at->out_len) != 0) { 752 if (memcmp(at->out, out, at->out_len) != 0) {
@@ -594,7 +758,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
594 /* Decryption */ 758 /* Decryption */
595 memset(out, 0, sizeof(out)); 759 memset(out, 0, sizeof(out));
596 memcpy(iv, at->iv, at->iv_len); 760 memcpy(iv, at->iv, at->iv_len);
597 AES_set_decrypt_key(at->key, key_bits, &key); 761 if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
762 fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
763 return 0;
764 }
598 AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0); 765 AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0);
599 766
600 if (memcmp(at->in, out, at->in_len) != 0) { 767 if (memcmp(at->in, out, at->in_len) != 0) {
@@ -607,6 +774,96 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
607} 774}
608 775
609static int 776static int
777aes_cfb128_test(size_t test_number, const char *label, int key_bits,
778 const struct aes_test *at)
779{
780 AES_KEY key;
781 uint8_t out[64];
782 uint8_t iv[16];
783 int num = 0;
784
785 /* CFB mode has no padding */
786
787 /* Encryption */
788 memset(out, 0, sizeof(out));
789 memcpy(iv, at->iv, at->iv_len);
790 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
791 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
792 return 0;
793 }
794 AES_cfb128_encrypt(at->in, out, at->in_len, &key, iv, &num, AES_ENCRYPT);
795
796 if (memcmp(at->out, out, at->out_len) != 0) {
797 fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
798 label, test_number);
799 return 0;
800 }
801
802 /* Decryption */
803 memset(out, 0, sizeof(out));
804 memcpy(iv, at->iv, at->iv_len);
805 num = 0;
806 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
807 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
808 return 0;
809 }
810 AES_cfb128_encrypt(at->out, out, at->out_len, &key, iv, &num, AES_DECRYPT);
811
812 if (memcmp(at->in, out, at->in_len) != 0) {
813 fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
814 label, test_number);
815 return 0;
816 }
817
818 return 1;
819}
820
821static int
822aes_ofb128_test(size_t test_number, const char *label, int key_bits,
823 const struct aes_test *at)
824{
825 AES_KEY key;
826 uint8_t out[64];
827 uint8_t iv[16];
828 int num = 0;
829
830 /* OFB mode has no padding */
831
832 /* Encryption */
833 memset(out, 0, sizeof(out));
834 memcpy(iv, at->iv, at->iv_len);
835 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
836 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
837 return 0;
838 }
839 AES_ofb128_encrypt(at->in, out, at->in_len, &key, iv, &num);
840
841 if (memcmp(at->out, out, at->out_len) != 0) {
842 fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
843 label, test_number);
844 return 0;
845 }
846
847 /* Decryption */
848 memset(out, 0, sizeof(out));
849 memcpy(iv, at->iv, at->iv_len);
850 num = 0;
851 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
852 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
853 return 0;
854 }
855 AES_ofb128_encrypt(at->out, out, at->out_len, &key, iv, &num);
856
857 if (memcmp(at->in, out, at->in_len) != 0) {
858 fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
859 label, test_number);
860 return 0;
861 }
862
863 return 1;
864}
865
866static int
610aes_evp_test(size_t test_number, const struct aes_test *at, const char *label, 867aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
611 int key_bits, const EVP_CIPHER *cipher) 868 int key_bits, const EVP_CIPHER *cipher)
612{ 869{
@@ -649,6 +906,10 @@ aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
649 if (in_len > at->in_len - i) 906 if (in_len > at->in_len - i)
650 in_len = at->in_len - i; 907 in_len = at->in_len - i;
651 908
909 /* XTS needs to be single shot. */
910 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_XTS_MODE)
911 in_len = at->in_len;
912
652 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len, 913 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len,
653 at->in + i, in_len)) { 914 at->in + i, in_len)) {
654 fprintf(stderr, 915 fprintf(stderr,
@@ -715,6 +976,10 @@ aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
715 if (in_len > at->out_len - i) 976 if (in_len > at->out_len - i)
716 in_len = at->out_len - i; 977 in_len = at->out_len - i;
717 978
979 /* XTS needs to be single shot. */
980 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_XTS_MODE)
981 in_len = at->in_len;
982
718 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len, 983 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len,
719 at->out + i, in_len)) { 984 at->out + i, in_len)) {
720 fprintf(stderr, 985 fprintf(stderr,
@@ -881,6 +1146,16 @@ aes_cipher_from_nid(int nid, const char **out_label,
881 *out_cipher = EVP_aes_256_ccm(); 1146 *out_cipher = EVP_aes_256_ccm();
882 break; 1147 break;
883 1148
1149 /* XTS */
1150 case NID_aes_128_xts:
1151 *out_label = SN_aes_128_xts;
1152 *out_cipher = EVP_aes_128_xts();
1153 break;
1154 case NID_aes_256_xts:
1155 *out_label = SN_aes_256_xts;
1156 *out_cipher = EVP_aes_256_xts();
1157 break;
1158
884 /* Unknown */ 1159 /* Unknown */
885 default: 1160 default:
886 return 0; 1161 return 0;
@@ -902,8 +1177,10 @@ aes_test(void)
902 for (i = 0; i < N_AES_TESTS; i++) { 1177 for (i = 0; i < N_AES_TESTS; i++) {
903 at = &aes_tests[i]; 1178 at = &aes_tests[i];
904 key_bits = aes_key_bits_from_nid(at->mode); 1179 key_bits = aes_key_bits_from_nid(at->mode);
905 if (!aes_cipher_from_nid(at->mode, &label, &cipher)) 1180 if (!aes_cipher_from_nid(at->mode, &label, &cipher)) {
1181 fprintf(stderr, "unknown cipher\n");
906 goto failed; 1182 goto failed;
1183 }
907 1184
908 switch (at->mode) { 1185 switch (at->mode) {
909 /* ECB */ 1186 /* ECB */
@@ -926,14 +1203,16 @@ aes_test(void)
926 case NID_aes_128_cfb128: 1203 case NID_aes_128_cfb128:
927 case NID_aes_192_cfb128: 1204 case NID_aes_192_cfb128:
928 case NID_aes_256_cfb128: 1205 case NID_aes_256_cfb128:
929 /* XXX - CFB128 non-EVP tests */ 1206 if (!aes_cfb128_test(i, label, key_bits, at))
1207 goto failed;
930 break; 1208 break;
931 1209
932 /* OFB128 */ 1210 /* OFB128 */
933 case NID_aes_128_ofb128: 1211 case NID_aes_128_ofb128:
934 case NID_aes_192_ofb128: 1212 case NID_aes_192_ofb128:
935 case NID_aes_256_ofb128: 1213 case NID_aes_256_ofb128:
936 /* XXX - OFB128 non-EVP tests */ 1214 if (!aes_ofb128_test(i, label, key_bits, at))
1215 goto failed;
937 break; 1216 break;
938 1217
939 /* GCM */ 1218 /* GCM */
@@ -947,7 +1226,13 @@ aes_test(void)
947 case NID_aes_128_ccm: 1226 case NID_aes_128_ccm:
948 case NID_aes_192_ccm: 1227 case NID_aes_192_ccm:
949 case NID_aes_256_ccm: 1228 case NID_aes_256_ccm:
950 /* XXX - CCM non-EVP tests */ 1229 /* CCM is EVP-only */
1230 break;
1231
1232 /* XTS */
1233 case NID_aes_128_xts:
1234 case NID_aes_256_xts:
1235 /* XTS is EVP-only */
951 break; 1236 break;
952 1237
953 /* Unknown */ 1238 /* Unknown */
diff --git a/src/regress/lib/libcrypto/asn1/asn1time.c b/src/regress/lib/libcrypto/asn1/asn1time.c
index 7223ad9c9b..e0e5139808 100644
--- a/src/regress/lib/libcrypto/asn1/asn1time.c
+++ b/src/regress/lib/libcrypto/asn1/asn1time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1time.c,v 1.30 2024/07/21 13:25:11 tb Exp $ */ 1/* $OpenBSD: asn1time.c,v 1.31 2025/05/22 04:54:14 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Google Inc. 4 * Copyright (c) 2024 Google Inc.
@@ -33,6 +33,7 @@ struct asn1_time_test {
33 const char *data; 33 const char *data;
34 const unsigned char der[32]; 34 const unsigned char der[32];
35 time_t time; 35 time_t time;
36 int generalized_time;
36}; 37};
37 38
38static const struct asn1_time_test asn1_invtime_tests[] = { 39static const struct asn1_time_test asn1_invtime_tests[] = {
@@ -73,20 +74,19 @@ static const struct asn1_time_test asn1_invtime_tests[] = {
73 { 74 {
74 .str = "aaaaaaaaaaaaaaZ", 75 .str = "aaaaaaaaaaaaaaZ",
75 }, 76 },
76 /* utc time with omitted seconds, should fail */
77 { 77 {
78 /* UTC time with omitted seconds, should fail */
78 .str = "1609082343Z", 79 .str = "1609082343Z",
79 }, 80 },
80};
81
82static const struct asn1_time_test asn1_invgentime_tests[] = {
83 /* Generalized time with omitted seconds, should fail */
84 { 81 {
82 /* Generalized time with omitted seconds, should fail */
85 .str = "201612081934Z", 83 .str = "201612081934Z",
84 .generalized_time = 1,
86 }, 85 },
87 /* Valid UTC time, should fail as a generalized time */
88 { 86 {
87 /* Valid UTC time, should fail as a generalized time */
89 .str = "160908234300Z", 88 .str = "160908234300Z",
89 .generalized_time = 1,
90 }, 90 },
91}; 91};
92 92
@@ -235,7 +235,7 @@ asn1_compare_str(int test_no, const struct asn1_string_st *asn1str,
235} 235}
236 236
237static int 237static int
238asn1_invtime_test(int test_no, const struct asn1_time_test *att, int gen) 238asn1_invtime_test(int test_no, const struct asn1_time_test *att)
239{ 239{
240 ASN1_GENERALIZEDTIME *gt = NULL; 240 ASN1_GENERALIZEDTIME *gt = NULL;
241 ASN1_UTCTIME *ut = NULL; 241 ASN1_UTCTIME *ut = NULL;
@@ -255,7 +255,7 @@ asn1_invtime_test(int test_no, const struct asn1_time_test *att, int gen)
255 goto done; 255 goto done;
256 } 256 }
257 257
258 if (gen) { 258 if (att->generalized_time) {
259 failure = 0; 259 failure = 0;
260 goto done; 260 goto done;
261 } 261 }
@@ -842,13 +842,7 @@ main(int argc, char **argv)
842 fprintf(stderr, "Invalid time tests...\n"); 842 fprintf(stderr, "Invalid time tests...\n");
843 for (i = 0; i < N_INVTIME_TESTS; i++) { 843 for (i = 0; i < N_INVTIME_TESTS; i++) {
844 att = &asn1_invtime_tests[i]; 844 att = &asn1_invtime_tests[i];
845 failed |= asn1_invtime_test(i, att, 0); 845 failed |= asn1_invtime_test(i, att);
846 }
847
848 fprintf(stderr, "Invalid generalized time tests...\n");
849 for (i = 0; i < N_INVGENTIME_TESTS; i++) {
850 att = &asn1_invgentime_tests[i];
851 failed |= asn1_invtime_test(i, att, 1);
852 } 846 }
853 847
854 fprintf(stderr, "GENERALIZEDTIME tests...\n"); 848 fprintf(stderr, "GENERALIZEDTIME tests...\n");
diff --git a/src/regress/lib/libcrypto/bio/bio_dump.c b/src/regress/lib/libcrypto/bio/bio_dump.c
index 22db80fa3d..fd2bb285fb 100644
--- a/src/regress/lib/libcrypto/bio/bio_dump.c
+++ b/src/regress/lib/libcrypto/bio/bio_dump.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bio_dump.c,v 1.4 2024/02/09 12:48:32 tb Exp $ */ 1/* $OpenBSD: bio_dump.c,v 1.5 2025/05/18 06:41:51 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -809,7 +809,7 @@ bio_dump_test(const struct bio_dump_testcase *tc)
809 tc->indent, ret, got_len, strlen(tc->output)); 809 tc->indent, ret, got_len, strlen(tc->output));
810 goto err; 810 goto err;
811 } 811 }
812 if (strncmp(tc->output, got, got_len) != 0) { 812 if (got_len > 0 && strncmp(tc->output, got, got_len) != 0) {
813 fprintf(stderr, "%d: mismatch\n", tc->indent); 813 fprintf(stderr, "%d: mismatch\n", tc->indent);
814 goto err; 814 goto err;
815 } 815 }
diff --git a/src/regress/lib/libcrypto/bn/bn_mul_div.c b/src/regress/lib/libcrypto/bn/bn_mul_div.c
index 625d5e318e..dbad01004e 100644
--- a/src/regress/lib/libcrypto/bn/bn_mul_div.c
+++ b/src/regress/lib/libcrypto/bn/bn_mul_div.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_mul_div.c,v 1.7 2023/06/21 07:18:10 jsing Exp $ */ 1/* $OpenBSD: bn_mul_div.c,v 1.8 2025/08/12 10:29:35 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -233,6 +233,13 @@ struct benchmark benchmarks[] = {
233 .b_bits = 256, 233 .b_bits = 256,
234 }, 234 },
235 { 235 {
236 .desc = "BN_mul (384 bit x 384 bit)",
237 .setup = benchmark_bn_mul_setup,
238 .run_once = benchmark_bn_mul_run_once,
239 .a_bits = 384,
240 .b_bits = 384,
241 },
242 {
236 .desc = "BN_mul (512 bit x 512 bit)", 243 .desc = "BN_mul (512 bit x 512 bit)",
237 .setup = benchmark_bn_mul_setup, 244 .setup = benchmark_bn_mul_setup,
238 .run_once = benchmark_bn_mul_run_once, 245 .run_once = benchmark_bn_mul_run_once,
@@ -294,6 +301,12 @@ struct benchmark benchmarks[] = {
294 .a_bits = 256, 301 .a_bits = 256,
295 }, 302 },
296 { 303 {
304 .desc = "BN_sqr (384 bit)",
305 .setup = benchmark_bn_sqr_setup,
306 .run_once = benchmark_bn_sqr_run_once,
307 .a_bits = 384,
308 },
309 {
297 .desc = "BN_sqr (512 bit)", 310 .desc = "BN_sqr (512 bit)",
298 .setup = benchmark_bn_sqr_setup, 311 .setup = benchmark_bn_sqr_setup,
299 .run_once = benchmark_bn_sqr_run_once, 312 .run_once = benchmark_bn_sqr_run_once,
diff --git a/src/regress/lib/libcrypto/c2sp/Makefile b/src/regress/lib/libcrypto/c2sp/Makefile
index 9b2c944ba4..73ee0b8c22 100644
--- a/src/regress/lib/libcrypto/c2sp/Makefile
+++ b/src/regress/lib/libcrypto/c2sp/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.4 2024/10/28 16:27:14 tb Exp $ 1# $OpenBSD: Makefile,v 1.7 2025/07/23 07:35:21 tb Exp $
2 2
3C2SP_TESTVECTORS = /usr/local/share/c2sp-testvectors/ 3C2SP_TESTVECTORS = /usr/local/share/c2sp-testvectors/
4 4
@@ -13,12 +13,12 @@ PROGS += cctv
13SRCS_cctv = 13SRCS_cctv =
14 14
15cctv: cctv.go 15cctv: cctv.go
16 go build -o $@ ${.CURDIR}/cctv.go 16 env GOCACHE=${.OBJDIR}/go-build go build -o $@ ${.CURDIR}/cctv.go
17 17
18OSSL_LIB = /usr/local/lib/eopenssl 18OSSL_LIB = /usr/local/lib/eopenssl
19OSSL_INC = /usr/local/include/eopenssl 19OSSL_INC = /usr/local/include/eopenssl
20 20
21. for V in 11 32 33 34 21. for V in 35
22. if exists(/usr/local/bin/eopenssl$V) 22. if exists(/usr/local/bin/eopenssl$V)
23PROGS += cctv-openssl$V 23PROGS += cctv-openssl$V
24SRCS_cctv-openssl$V = 24SRCS_cctv-openssl$V =
@@ -29,10 +29,17 @@ CGO_LDFLAGS_$V += -L${OSSL_LIB}$V
29 29
30cctv-openssl$V: cctv.go 30cctv-openssl$V: cctv.go
31 env CGO_CFLAGS="${CGO_CFLAGS_$V}" CGO_LDFLAGS="${CGO_LDFLAGS_$V}" \ 31 env CGO_CFLAGS="${CGO_CFLAGS_$V}" CGO_LDFLAGS="${CGO_LDFLAGS_$V}" \
32 GOCACHE=${.OBJDIR}/go-build \
32 go build -o $@ ${.CURDIR}/cctv.go 33 go build -o $@ ${.CURDIR}/cctv.go
33. endif 34. endif
34. endfor 35. endfor
35 36
37REGRESS_CLEANUP = clean-go-cache
38
39clean-go-cache:
40 env GOCACHE=${.OBJDIR}/go-build go clean -cache
41 rm -rf ${.OBJDIR}/go-build
42
36.endif 43.endif
37 44
38.include <bsd.regress.mk> 45.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/certs/Makefile b/src/regress/lib/libcrypto/certs/Makefile
index 621c60907f..f7ba9fcad8 100644
--- a/src/regress/lib/libcrypto/certs/Makefile
+++ b/src/regress/lib/libcrypto/certs/Makefile
@@ -1,21 +1,24 @@
1# $OpenBSD: Makefile,v 1.1 2020/07/14 18:27:28 jsing Exp $ 1# $OpenBSD: Makefile,v 1.2 2025/07/09 05:04:35 tb Exp $
2 2
3.if ! (make(clean) || make(cleandir) || make(obj)) 3.if !exists(/usr/local/bin/go)
4GO_VERSION != sh -c "(go version) 2>/dev/null || true"
5.endif
6
7.if empty(GO_VERSION)
8regress: 4regress:
9 @echo package go is required for this regress 5 @echo package go is required for this regress
10 @echo SKIPPED 6 @echo SKIPPED
11.endif 7.else
12 8
13REGRESS_TARGETS=regress-go-verify 9REGRESS_TARGETS=regress-go-verify
10REGRESS_CLEANUP=clean-go-cache
14 11
15certs: 12certs:
16 cd ${.CURDIR} && sh ./make-certs.sh 13 cd ${.CURDIR} && sh ./make-certs.sh
17 14
18regress-go-verify: 15regress-go-verify:
19 cd ${.CURDIR} && go test -test.v . 16 cd ${.CURDIR} && env GOCACHE=${.OBJDIR}/go-build go test -test.v .
17
18clean-go-cache:
19 env GOCACHE=${.OBJDIR}/go-build go clean -cache
20 rm -rf ${.OBJDIR}/go-build
21
22.endif
20 23
21.include <bsd.regress.mk> 24.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ec/Makefile b/src/regress/lib/libcrypto/ec/Makefile
index b21eacb4bc..1d976c77d0 100644
--- a/src/regress/lib/libcrypto/ec/Makefile
+++ b/src/regress/lib/libcrypto/ec/Makefile
@@ -1,12 +1,13 @@
1# $OpenBSD: Makefile,v 1.11 2025/03/08 20:09:35 tb Exp $ 1# $OpenBSD: Makefile,v 1.13 2025/08/03 08:29:39 jsing Exp $
2 2
3.ifdef EOPENSSL33 3.ifdef EOPENSSL35
4LDADD += -Wl,-rpath,/usr/local/lib/eopenssl33 -L/usr/local/lib/eopenssl33 4LDADD += -Wl,-rpath,/usr/local/lib/eopenssl35 -L/usr/local/lib/eopenssl35
5CFLAGS += -I/usr/local/include/eopenssl33/ 5CFLAGS += -I/usr/local/include/eopenssl35/
6CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED 6CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
7.endif 7.endif
8 8
9PROGS += ectest 9PROGS += ectest
10PROGS += ec_arithmetic
10PROGS += ec_asn1_test 11PROGS += ec_asn1_test
11PROGS += ec_point_conversion 12PROGS += ec_point_conversion
12 13
diff --git a/src/regress/lib/libcrypto/ec/ec_arithmetic.c b/src/regress/lib/libcrypto/ec/ec_arithmetic.c
new file mode 100644
index 0000000000..c6f7cd4f8c
--- /dev/null
+++ b/src/regress/lib/libcrypto/ec/ec_arithmetic.c
@@ -0,0 +1,210 @@
1/* $OpenBSD: ec_arithmetic.c,v 1.1 2025/08/03 08:29:39 jsing Exp $ */
2/*
3 * Copyright (c) 2022,2025 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/time.h>
19
20#include <err.h>
21#include <signal.h>
22#include <stdio.h>
23#include <string.h>
24#include <time.h>
25#include <unistd.h>
26
27#include <openssl/bn.h>
28#include <openssl/ec.h>
29#include <openssl/objects.h>
30
31static void
32benchmark_ec_point_add(const EC_GROUP *group, EC_POINT *result,
33 const BIGNUM *scalar, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
34{
35 if (!EC_POINT_add(group, result, a, b, ctx))
36 errx(1, "EC_POINT_add");
37}
38
39static void
40benchmark_ec_point_dbl(const EC_GROUP *group, EC_POINT *result,
41 const BIGNUM *scalar, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
42{
43 if (!EC_POINT_dbl(group, result, a, ctx))
44 errx(1, "EC_POINT_dbl");
45}
46
47static void
48benchmark_ec_point_mul_generator(const EC_GROUP *group, EC_POINT *result,
49 const BIGNUM *scalar, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
50{
51 if (!EC_POINT_mul(group, result, scalar, NULL, NULL, ctx))
52 errx(1, "EC_POINT_mul");
53}
54
55struct benchmark {
56 int curve;
57 const char *desc;
58 void (*func)(const EC_GROUP *, EC_POINT *, const BIGNUM *,
59 const EC_POINT *, const EC_POINT *, BN_CTX *);
60};
61
62static const struct benchmark benchmarks[] = {
63 {
64 .curve = NID_X9_62_prime256v1,
65 .desc = "EC_POINT_add() p256",
66 .func = benchmark_ec_point_add,
67 },
68 {
69 .curve = NID_secp384r1,
70 .desc = "EC_POINT_add() p384",
71 .func = benchmark_ec_point_add,
72 },
73 {
74 .curve = NID_secp521r1,
75 .desc = "EC_POINT_add() p521",
76 .func = benchmark_ec_point_add,
77 },
78 {
79 .curve = NID_X9_62_prime256v1,
80 .desc = "EC_POINT_dbl() p256",
81 .func = benchmark_ec_point_dbl,
82 },
83 {
84 .curve = NID_secp384r1,
85 .desc = "EC_POINT_dbl() p384",
86 .func = benchmark_ec_point_dbl,
87 },
88 {
89 .curve = NID_secp521r1,
90 .desc = "EC_POINT_dbl() p521",
91 .func = benchmark_ec_point_dbl,
92 },
93 {
94 .curve = NID_X9_62_prime256v1,
95 .desc = "EC_POINT_mul() generator p256",
96 .func = benchmark_ec_point_mul_generator,
97 },
98 {
99 .curve = NID_secp384r1,
100 .desc = "EC_POINT_mul() generator p384",
101 .func = benchmark_ec_point_mul_generator,
102 },
103 {
104 .curve = NID_secp521r1,
105 .desc = "EC_POINT_mul() generator p521",
106 .func = benchmark_ec_point_mul_generator,
107 },
108};
109
110#define N_BENCHMARKS (sizeof(benchmarks) / sizeof(benchmarks[0]))
111
112static volatile sig_atomic_t benchmark_stop;
113
114static void
115benchmark_sig_alarm(int sig)
116{
117 benchmark_stop = 1;
118}
119
120static void
121benchmark_run(const struct benchmark *bm, int seconds)
122{
123 struct timespec start, end, duration;
124 EC_GROUP *group = NULL;
125 EC_POINT *a = NULL, *b = NULL, *result = NULL;
126 BIGNUM *order = NULL, *scalar = NULL;
127 BN_CTX *ctx = NULL;
128 int i;
129
130 signal(SIGALRM, benchmark_sig_alarm);
131
132 if ((ctx = BN_CTX_new()) == NULL)
133 errx(1, "BN_CTX_new");
134
135 if ((group = EC_GROUP_new_by_curve_name(bm->curve)) == NULL)
136 errx(1, "EC_GROUP_new_by_curve_name");
137 if ((order = BN_new()) == NULL)
138 errx(1, "BN_new");
139 if (!EC_GROUP_get_order(group, order, ctx))
140 errx(1, "EC_GROUP_get_order");
141
142 if ((scalar = BN_new()) == NULL)
143 errx(1, "BN_new");
144 if (!BN_rand_range(scalar, order))
145 errx(1, "BN_rand_range");
146 if (!BN_set_bit(scalar, EC_GROUP_order_bits(group) - 1))
147 errx(1, "BN_set_bit");
148
149 if ((result = EC_POINT_new(group)) == NULL)
150 errx(1, "EC_POINT_new");
151 if ((a = EC_POINT_new(group)) == NULL)
152 errx(1, "EC_POINT_new");
153 if ((b = EC_POINT_new(group)) == NULL)
154 errx(1, "EC_POINT_new");
155
156 if (!EC_POINT_mul(group, a, scalar, NULL, NULL, ctx))
157 errx(1, "EC_POINT_mul");
158 if (!EC_POINT_mul(group, b, scalar, NULL, NULL, ctx))
159 errx(1, "EC_POINT_mul");
160
161 benchmark_stop = 0;
162 i = 0;
163 alarm(seconds);
164
165 clock_gettime(CLOCK_MONOTONIC, &start);
166
167 fprintf(stderr, "Benchmarking %s for %ds: ", bm->desc, seconds);
168 while (!benchmark_stop) {
169 bm->func(group, result, scalar, a, b, ctx);
170 i++;
171 }
172 clock_gettime(CLOCK_MONOTONIC, &end);
173 timespecsub(&end, &start, &duration);
174 fprintf(stderr, "%d iterations in %f seconds\n", i,
175 duration.tv_sec + duration.tv_nsec / 1000000000.0);
176
177 EC_GROUP_free(group);
178 EC_POINT_free(result);
179 EC_POINT_free(a);
180 EC_POINT_free(b);
181 BN_free(order);
182 BN_free(scalar);
183 BN_CTX_free(ctx);
184}
185
186static void
187benchmark_ec_mul_single(void)
188{
189 const struct benchmark *bm;
190 size_t i;
191
192 for (i = 0; i < N_BENCHMARKS; i++) {
193 bm = &benchmarks[i];
194 benchmark_run(bm, 5);
195 }
196}
197
198int
199main(int argc, char **argv)
200{
201 int benchmark = 0, failed = 0;
202
203 if (argc == 2 && strcmp(argv[1], "--benchmark") == 0)
204 benchmark = 1;
205
206 if (benchmark && !failed)
207 benchmark_ec_mul_single();
208
209 return failed;
210}
diff --git a/src/regress/lib/libcrypto/ec/ec_asn1_test.c b/src/regress/lib/libcrypto/ec/ec_asn1_test.c
index 03358e69ca..c89ab0e7ab 100644
--- a/src/regress/lib/libcrypto/ec/ec_asn1_test.c
+++ b/src/regress/lib/libcrypto/ec/ec_asn1_test.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: ec_asn1_test.c,v 1.32 2025/03/08 20:09:35 tb Exp $ */ 1/* $OpenBSD: ec_asn1_test.c,v 1.39 2025/08/26 17:57:10 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024, 2025 Theo Buehler <tb@openbsd.org>
5 * 5 *
6 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -17,12 +17,17 @@
17 */ 17 */
18 18
19#include <err.h> 19#include <err.h>
20#include <stdio.h>
21#include <stdint.h>
22#include <stdlib.h>
20#include <string.h> 23#include <string.h>
21 24
22#include <openssl/bio.h> 25#include <openssl/bio.h>
26#include <openssl/bn.h>
23#include <openssl/ec.h> 27#include <openssl/ec.h>
24#include <openssl/err.h> 28#include <openssl/err.h>
25#include <openssl/objects.h> 29#include <openssl/objects.h>
30#include <openssl/sha.h>
26 31
27#include "ec_local.h" 32#include "ec_local.h"
28 33
@@ -1025,6 +1030,62 @@ ec_group_non_builtin_curves(void)
1025 return failed; 1030 return failed;
1026} 1031}
1027 1032
1033static int
1034ec_group_check_prime_order(EC_builtin_curve *curve, BN_CTX *ctx)
1035{
1036 EC_GROUP *group;
1037 BIGNUM *order;
1038 int rv;
1039 int failed = 0;
1040
1041 if ((group = EC_GROUP_new_by_curve_name(curve->nid)) == NULL)
1042 errx(1, "EC_GROUP_new_by_curve_name");
1043
1044 BN_CTX_start(ctx);
1045
1046 if ((order = BN_CTX_get(ctx)) == NULL)
1047 errx(1, "order = BN_CTX_get()");
1048
1049 if (!EC_GROUP_get_order(group, order, ctx))
1050 errx(1, "EC_GROUP_get_order");
1051
1052 if ((rv = BN_is_prime_ex(order, 0, ctx, NULL)) != 1) {
1053 fprintf(stderr, "%s: nid %d: BN_is_prime_ex() returned %d, want 1\n",
1054 __func__, curve->nid, rv);
1055 failed = 1;
1056 }
1057
1058 BN_CTX_end(ctx);
1059 EC_GROUP_free(group);
1060
1061 return failed;
1062}
1063
1064static int
1065ec_group_builtin_curves_have_prime_order(void)
1066{
1067 BN_CTX *ctx = NULL;
1068 EC_builtin_curve *all_curves = NULL;
1069 size_t curve_id, ncurves;
1070 int failed = 0;
1071
1072 if ((ctx = BN_CTX_new()) == NULL)
1073 errx(1, "BN_CTX_new");
1074
1075 ncurves = EC_get_builtin_curves(NULL, 0);
1076 if ((all_curves = calloc(ncurves, sizeof(*all_curves))) == NULL)
1077 err(1, "calloc builtin curves");
1078 EC_get_builtin_curves(all_curves, ncurves);
1079
1080 for (curve_id = 0; curve_id < ncurves; curve_id++)
1081 failed |= ec_group_check_prime_order(&all_curves[curve_id], ctx);
1082
1083 free(all_curves);
1084 BN_CTX_free(ctx);
1085
1086 return failed;
1087}
1088
1028static const struct ec_private_key { 1089static const struct ec_private_key {
1029 const char *name; 1090 const char *name;
1030 size_t der_len; 1091 size_t der_len;
@@ -1281,126 +1342,6 @@ static const struct ec_private_key {
1281 }, 1342 },
1282 }, 1343 },
1283 { 1344 {
1284 .name = "prime239v1",
1285 .der_len = 115,
1286 .der = {
1287 0x30, 0x71, 0x02, 0x01, 0x01, 0x04, 0x1e, 0x6e,
1288 0x26, 0x5e, 0xde, 0x5b, 0x67, 0xd6, 0x38, 0x52,
1289 0xe7, 0x1e, 0x8d, 0x44, 0xb1, 0xfb, 0xf8, 0xaf,
1290 0xf9, 0x94, 0x2c, 0xe2, 0x0d, 0xa8, 0x5f, 0x03,
1291 0x67, 0x53, 0x7b, 0x8b, 0x2e, 0xa0, 0x0a, 0x06,
1292 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
1293 0x04, 0xa1, 0x40, 0x03, 0x3e, 0x00, 0x04, 0x33,
1294 0xc6, 0xe5, 0x8a, 0xc1, 0x8b, 0x7c, 0x96, 0x19,
1295 0xc9, 0xe1, 0x54, 0x7f, 0x81, 0x9e, 0x59, 0x62,
1296 0xec, 0xc0, 0x1e, 0xe5, 0x53, 0xd5, 0xae, 0x6b,
1297 0xd3, 0xe0, 0x09, 0x07, 0xc5, 0x27, 0x81, 0xa6,
1298 0x8d, 0x39, 0x8e, 0xfe, 0x01, 0xc2, 0x1d, 0xda,
1299 0xde, 0x7b, 0xdc, 0x76, 0x27, 0x17, 0xf9, 0x6f,
1300 0xe3, 0x04, 0xef, 0x5d, 0x65, 0x75, 0x98, 0x7f,
1301 0x2d, 0xd0, 0x68,
1302 },
1303 .hex = "0433C6E58AC18B7C"
1304 "9619C9E1547F819E"
1305 "5962ECC01EE553D5"
1306 "AE6BD3E00907C527"
1307 "81A68D398EFE01C2"
1308 "1DDADE7BDC762717"
1309 "F96FE304EF5D6575"
1310 "987F2DD068",
1311 .oct_len = 61,
1312 .oct = {
1313 0x04, 0x33, 0xc6, 0xe5, 0x8a, 0xc1, 0x8b, 0x7c,
1314 0x96, 0x19, 0xc9, 0xe1, 0x54, 0x7f, 0x81, 0x9e,
1315 0x59, 0x62, 0xec, 0xc0, 0x1e, 0xe5, 0x53, 0xd5,
1316 0xae, 0x6b, 0xd3, 0xe0, 0x09, 0x07, 0xc5, 0x27,
1317 0x81, 0xa6, 0x8d, 0x39, 0x8e, 0xfe, 0x01, 0xc2,
1318 0x1d, 0xda, 0xde, 0x7b, 0xdc, 0x76, 0x27, 0x17,
1319 0xf9, 0x6f, 0xe3, 0x04, 0xef, 0x5d, 0x65, 0x75,
1320 0x98, 0x7f, 0x2d, 0xd0, 0x68,
1321 },
1322 },
1323 {
1324 .name = "prime239v2",
1325 .der_len = 115,
1326 .der = {
1327 0x30, 0x71, 0x02, 0x01, 0x01, 0x04, 0x1e, 0x30,
1328 0x2f, 0x01, 0x10, 0xe9, 0x09, 0x15, 0xdd, 0xe3,
1329 0xdd, 0xae, 0xcb, 0x9d, 0x3a, 0x58, 0x92, 0x02,
1330 0x1e, 0x6e, 0x02, 0x57, 0xa8, 0x36, 0x0b, 0x20,
1331 0x0b, 0x7e, 0xf4, 0xad, 0x0b, 0xa0, 0x0a, 0x06,
1332 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
1333 0x05, 0xa1, 0x40, 0x03, 0x3e, 0x00, 0x04, 0x3c,
1334 0x10, 0x27, 0x7b, 0xac, 0xdf, 0x86, 0xc9, 0x4f,
1335 0xf8, 0x39, 0x87, 0x02, 0x39, 0xaf, 0x41, 0xbc,
1336 0x4b, 0x67, 0xd8, 0x5e, 0x04, 0x96, 0x84, 0xb5,
1337 0x60, 0x50, 0x48, 0x6a, 0x20, 0x1d, 0x2b, 0x7e,
1338 0x9f, 0xaf, 0xf8, 0x8e, 0x7e, 0xa4, 0xcd, 0x00,
1339 0xad, 0xb1, 0xad, 0x22, 0x69, 0x32, 0x10, 0x6c,
1340 0xe0, 0xcc, 0xdd, 0x45, 0xd8, 0xa6, 0x29, 0x2f,
1341 0xad, 0x6b, 0xf9,
1342 },
1343 .hex = "043C10277BACDF86"
1344 "C94FF839870239AF"
1345 "41BC4B67D85E0496"
1346 "84B56050486A201D"
1347 "2B7E9FAFF88E7EA4"
1348 "CD00ADB1AD226932"
1349 "106CE0CCDD45D8A6"
1350 "292FAD6BF9",
1351 .oct_len = 61,
1352 .oct = {
1353 0x04, 0x3c, 0x10, 0x27, 0x7b, 0xac, 0xdf, 0x86,
1354 0xc9, 0x4f, 0xf8, 0x39, 0x87, 0x02, 0x39, 0xaf,
1355 0x41, 0xbc, 0x4b, 0x67, 0xd8, 0x5e, 0x04, 0x96,
1356 0x84, 0xb5, 0x60, 0x50, 0x48, 0x6a, 0x20, 0x1d,
1357 0x2b, 0x7e, 0x9f, 0xaf, 0xf8, 0x8e, 0x7e, 0xa4,
1358 0xcd, 0x00, 0xad, 0xb1, 0xad, 0x22, 0x69, 0x32,
1359 0x10, 0x6c, 0xe0, 0xcc, 0xdd, 0x45, 0xd8, 0xa6,
1360 0x29, 0x2f, 0xad, 0x6b, 0xf9,
1361 },
1362 },
1363 {
1364 .name = "prime239v3",
1365 .der_len = 115,
1366 .der = {
1367 0x30, 0x71, 0x02, 0x01, 0x01, 0x04, 0x1e, 0x26,
1368 0x3f, 0x23, 0x4c, 0xe7, 0xbd, 0xa8, 0xe4, 0xfe,
1369 0x7c, 0xf6, 0x18, 0x6a, 0xb2, 0xa6, 0x39, 0x15,
1370 0x6d, 0x72, 0xe8, 0x9e, 0x3f, 0x0f, 0x10, 0x1e,
1371 0xe5, 0xdf, 0xac, 0xe8, 0x2f, 0xa0, 0x0a, 0x06,
1372 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
1373 0x06, 0xa1, 0x40, 0x03, 0x3e, 0x00, 0x04, 0x37,
1374 0xba, 0x07, 0x7f, 0xd9, 0x46, 0x5a, 0x33, 0x03,
1375 0x31, 0x77, 0x38, 0xef, 0xee, 0xcc, 0x3d, 0xe1,
1376 0xaa, 0x57, 0xe3, 0x8d, 0xb7, 0xcd, 0xe3, 0x01,
1377 0xf4, 0xd6, 0x75, 0x49, 0x72, 0x61, 0x4c, 0xbf,
1378 0xc0, 0x1f, 0x8b, 0x5f, 0x98, 0x9b, 0xa7, 0xe5,
1379 0x6a, 0xb7, 0xfe, 0x63, 0xdb, 0xb0, 0x40, 0xcb,
1380 0x26, 0x81, 0x2a, 0x91, 0x14, 0x0f, 0xc7, 0x31,
1381 0x13, 0x78, 0x16,
1382 },
1383 .hex = "0437BA077FD9465A"
1384 "3303317738EFEECC"
1385 "3DE1AA57E38DB7CD"
1386 "E301F4D675497261"
1387 "4CBFC01F8B5F989B"
1388 "A7E56AB7FE63DBB0"
1389 "40CB26812A91140F"
1390 "C731137816",
1391 .oct_len = 61,
1392 .oct = {
1393 0x04, 0x37, 0xba, 0x07, 0x7f, 0xd9, 0x46, 0x5a,
1394 0x33, 0x03, 0x31, 0x77, 0x38, 0xef, 0xee, 0xcc,
1395 0x3d, 0xe1, 0xaa, 0x57, 0xe3, 0x8d, 0xb7, 0xcd,
1396 0xe3, 0x01, 0xf4, 0xd6, 0x75, 0x49, 0x72, 0x61,
1397 0x4c, 0xbf, 0xc0, 0x1f, 0x8b, 0x5f, 0x98, 0x9b,
1398 0xa7, 0xe5, 0x6a, 0xb7, 0xfe, 0x63, 0xdb, 0xb0,
1399 0x40, 0xcb, 0x26, 0x81, 0x2a, 0x91, 0x14, 0x0f,
1400 0xc7, 0x31, 0x13, 0x78, 0x16,
1401 },
1402 },
1403 {
1404 .name = "prime256v1", 1345 .name = "prime256v1",
1405 .der_len = 121, 1346 .der_len = 121,
1406 .der = { 1347 .der = {
@@ -2468,6 +2409,197 @@ ec_group_check_private_keys(void)
2468 return failed; 2409 return failed;
2469} 2410}
2470 2411
2412static void
2413ec_group_sha1_bignum(BIGNUM *out, const BIGNUM *in)
2414{
2415 char md[SHA_DIGEST_LENGTH];
2416 unsigned char *bin;
2417 size_t bin_len;
2418
2419 if (BN_num_bytes(in) <= 0)
2420 errx(1, "%s: invalid bignum", __func__);
2421
2422 bin_len = BN_num_bytes(in);
2423 if ((bin = calloc(1, bin_len)) == NULL)
2424 err(1, "calloc");
2425 if (BN_bn2bin(in, bin) <= 0)
2426 errx(1, "BN_bn2bin");
2427
2428 SHA1(bin, bin_len, md);
2429 free(bin);
2430
2431 if (BN_bin2bn(md, sizeof(md), out) == NULL)
2432 errx(1, "BN_bin2bn");
2433}
2434
2435static int
2436ec_group_check_seed(const EC_builtin_curve *curve, BN_CTX *ctx)
2437{
2438 EC_GROUP *group = NULL;
2439 BIGNUM *p, *a, *b, *pow2, *r, *seed_bn, *w;
2440 const unsigned char *seed;
2441 size_t seed_len;
2442 int i, g, h, s, t;
2443 int failed = 1;
2444
2445 if ((group = EC_GROUP_new_by_curve_name(curve->nid)) == NULL)
2446 errx(1, "EC_GROUP_new_by_curve_name");
2447
2448 BN_CTX_start(ctx);
2449
2450 if ((p = BN_CTX_get(ctx)) == NULL)
2451 errx(1, "p = BN_CTX_get()");
2452 if ((a = BN_CTX_get(ctx)) == NULL)
2453 errx(1, "a = BN_CTX_get()");
2454 if ((b = BN_CTX_get(ctx)) == NULL)
2455 errx(1, "b = BN_CTX_get()");
2456 if ((r = BN_CTX_get(ctx)) == NULL)
2457 errx(1, "r = BN_CTX_get()");
2458 if ((pow2 = BN_CTX_get(ctx)) == NULL)
2459 errx(1, "pow2 = BN_CTX_get()");
2460 if ((seed_bn = BN_CTX_get(ctx)) == NULL)
2461 errx(1, "seed_bn = BN_CTX_get()");
2462 if ((w = BN_CTX_get(ctx)) == NULL)
2463 errx(1, "w = BN_CTX_get()");
2464
2465 /*
2466 * If the curve has a seed, verify that its parameters a and b have
2467 * been selected using that seed, loosely following X9.62, F.3.4.b.
2468 * Otherwise there's nothing to do.
2469 */
2470 if ((seed = EC_GROUP_get0_seed(group)) == NULL)
2471 goto done;
2472 seed_len = EC_GROUP_get_seed_len(group);
2473
2474 /*
2475 * This isn't a requirement but happens to be the case for NIST
2476 * curves - the only built-in curves that have a seed.
2477 */
2478 if (seed_len != SHA_DIGEST_LENGTH) {
2479 fprintf(stderr, "%s FAIL: unexpected seed length. "
2480 "want %d, got %zu\n", __func__, SHA_DIGEST_LENGTH, seed_len);
2481 goto err;
2482 }
2483
2484 /* Seed length in bits, per F.3.3.b. */
2485 g = 8 * seed_len;
2486
2487 /*
2488 * Prepare to build the verifiably random element r of GFp by
2489 * concatenating the SHA-1 of modifications of the seed as a number.
2490 */
2491 if (BN_bin2bn(seed, seed_len, seed_bn) == NULL)
2492 errx(1, "BN_bin2bn");
2493
2494 if (!EC_GROUP_get_curve(group, p, a, b, ctx))
2495 errx(1, "EC_GROUP_get_curve");
2496
2497 t = BN_num_bits(p); /* bit length needed. */
2498 s = (t - 1) / 160; /* number of SHA-1 fitting in bit length. */
2499 h = t - 160 * s; /* remaining number of bits in r. */
2500
2501 /*
2502 * Steps 1 - 3: compute hash of the seed and take h - 1 rightmost bits.
2503 */
2504
2505 ec_group_sha1_bignum(r, seed_bn);
2506 BN_zero(pow2);
2507 if (!BN_set_bit(pow2, h - 1))
2508 errx(1, "BN_set_bit");
2509 if (!BN_mod(r, r, pow2, ctx))
2510 errx(1, "BN_nnmod");
2511
2512 /*
2513 * Steps 4 - 6: for i from 1 to s do Wi = SHA-1(SEED + i mod 2^g),
2514 * With W0 = r as already computed, let r = W0 || W1 || ... || Ws.
2515 */
2516
2517 BN_zero(pow2);
2518 if (!BN_set_bit(pow2, g))
2519 errx(1, "BN_set_bit");
2520
2521 for (i = 0; i < s; i++) {
2522 /*
2523 * This is a bit silly since the seed isn't going to have all
2524 * its bits set, so BN_add_word(seed_bn, 1) would do, but for
2525 * the sake of correctness...
2526 */
2527 if (!BN_mod_add(seed_bn, seed_bn, BN_value_one(), pow2, ctx))
2528 errx(1, "BN_mod_add");
2529
2530 ec_group_sha1_bignum(w, seed_bn);
2531
2532 if (!BN_lshift(r, r, 8 * SHA_DIGEST_LENGTH))
2533 errx(1, "BN_lshift");
2534 if (!BN_add(r, r, w))
2535 errx(1, "BN_add");
2536 }
2537
2538 /*
2539 * Step 7: check that r * b^2 == a^3 (mod p)
2540 */
2541
2542 /* Compute r = r * b^2 (mod p). */
2543 if (!BN_mod_sqr(b, b, p, ctx))
2544 errx(1, "BN_mod_sqr");
2545 if (!BN_mod_mul(r, r, b, p, ctx))
2546 errx(1, "BN_mod_mul");
2547
2548 /* Compute a = a^3 (mod p). */
2549 if (!BN_mod_sqr(b, a, p, ctx))
2550 errx(1, "BN_mod_sqr");
2551 if (!BN_mod_mul(a, a, b, p, ctx))
2552 errx(1, "BN_mod_mul");
2553
2554 /*
2555 * XXX - this assumes that a, b, p >= 0, so the results are in [0, p).
2556 * This is currently enforced in the EC code.
2557 */
2558 if (BN_cmp(r, a) != 0) {
2559 fprintf(stderr, "FAIL: %s verification failed for %s\nr * b^2:\t",
2560 __func__, curve->comment);
2561 BN_print_fp(stderr, r);
2562 fprintf(stderr, "\na^3:\t\t");
2563 BN_print_fp(stderr, a);
2564 fprintf(stderr, "\n");
2565 goto err;
2566 }
2567
2568 done:
2569 failed = 0;
2570
2571 err:
2572 BN_CTX_end(ctx);
2573 EC_GROUP_free(group);
2574
2575 return failed;
2576}
2577
2578static int
2579ec_group_check_seeds(void)
2580{
2581 BN_CTX *ctx = NULL;
2582 EC_builtin_curve *all_curves = NULL;
2583 size_t curve_id, ncurves;
2584 int failed = 0;
2585
2586 if ((ctx = BN_CTX_new()) == NULL)
2587 errx(1, "BN_CTX_new");
2588
2589 ncurves = EC_get_builtin_curves(NULL, 0);
2590 if ((all_curves = calloc(ncurves, sizeof(*all_curves))) == NULL)
2591 err(1, "calloc builtin curves");
2592 EC_get_builtin_curves(all_curves, ncurves);
2593
2594 for (curve_id = 0; curve_id < ncurves; curve_id++)
2595 failed |= ec_group_check_seed(&all_curves[curve_id], ctx);
2596
2597 free(all_curves);
2598 BN_CTX_free(ctx);
2599
2600 return failed;
2601}
2602
2471int 2603int
2472main(int argc, char **argv) 2604main(int argc, char **argv)
2473{ 2605{
@@ -2478,7 +2610,9 @@ main(int argc, char **argv)
2478 failed |= ec_group_pkparameters_correct_padding_test(); 2610 failed |= ec_group_pkparameters_correct_padding_test();
2479 failed |= ec_group_roundtrip_builtin_curves(); 2611 failed |= ec_group_roundtrip_builtin_curves();
2480 failed |= ec_group_non_builtin_curves(); 2612 failed |= ec_group_non_builtin_curves();
2613 failed |= ec_group_builtin_curves_have_prime_order();
2481 failed |= ec_group_check_private_keys(); 2614 failed |= ec_group_check_private_keys();
2615 failed |= ec_group_check_seeds();
2482 2616
2483 return failed; 2617 return failed;
2484} 2618}
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
index fc44f9c886..3e81954174 100644
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ectest.c,v 1.35 2025/01/24 11:49:13 tb Exp $ */ 1/* $OpenBSD: ectest.c,v 1.36 2025/07/23 07:40:07 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -71,14 +71,11 @@
71 71
72#include <stdio.h> 72#include <stdio.h>
73#include <stdlib.h> 73#include <stdlib.h>
74#include <string.h>
75#include <time.h>
76 74
75#include <openssl/bn.h>
76#include <openssl/crypto.h>
77#include <openssl/ec.h> 77#include <openssl/ec.h>
78#include <openssl/err.h> 78#include <openssl/err.h>
79#include <openssl/obj_mac.h>
80#include <openssl/objects.h>
81#include <openssl/bn.h>
82#include <openssl/opensslconf.h> 79#include <openssl/opensslconf.h>
83 80
84#define ABORT do { \ 81#define ABORT do { \
diff --git a/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c b/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c
index d4825f68e8..1d2fa60be7 100644
--- a/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c
+++ b/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_pkey_cleanup.c,v 1.5 2024/02/29 20:02:00 tb Exp $ */ 1/* $OpenBSD: evp_pkey_cleanup.c,v 1.6 2025/05/21 03:53:20 kenjiro Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -38,6 +38,8 @@ int pkey_ids[] = {
38 EVP_PKEY_RSA, 38 EVP_PKEY_RSA,
39 EVP_PKEY_RSA_PSS, 39 EVP_PKEY_RSA_PSS,
40 EVP_PKEY_X25519, 40 EVP_PKEY_X25519,
41 EVP_PKEY_HKDF,
42 EVP_PKEY_TLS1_PRF,
41}; 43};
42 44
43static const size_t N_PKEY_IDS = sizeof(pkey_ids) / sizeof(pkey_ids[0]); 45static const size_t N_PKEY_IDS = sizeof(pkey_ids) / sizeof(pkey_ids[0]);
diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c
index a699832c45..0bd8b4d092 100644
--- a/src/regress/lib/libcrypto/evp/evp_test.c
+++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_test.c,v 1.20 2024/07/09 17:24:12 tb Exp $ */ 1/* $OpenBSD: evp_test.c,v 1.21 2025/05/22 00:13:47 kenjiro Exp $ */
2/* 2/*
3 * Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>
@@ -802,6 +802,85 @@ kdf_compare_bytes(const char *label, const unsigned char *d1, int len1,
802} 802}
803 803
804static int 804static int
805evp_kdf_hkdf_basic(void)
806{
807 EVP_PKEY_CTX *pctx;
808 unsigned char out[42];
809 size_t outlen = sizeof(out);
810 int failed = 1;
811
812 /* Test vector from RFC 5869, Appendix A.1. */
813 const unsigned char ikm[] = {
814 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
815 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
816 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
817 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
818 0x0b, 0x0b,
819 };
820 const unsigned char salt[] = {
821 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
822 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
823 0x0c,
824 };
825 const unsigned char info[] = {
826 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
827 0xf6, 0xf7, 0xf8, 0xf9,
828 };
829 const unsigned char expected[42] = {
830 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
831 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
832 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
833 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
834 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
835 0x58, 0x65,
836 };
837
838 if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
839 fprintf(stderr, "FAIL: EVP_PKEY_CTX_new_id\n");
840 goto err;
841 }
842
843 if (EVP_PKEY_derive_init(pctx) <= 0) {
844 fprintf(stderr, "FAIL: EVP_PKEY_derive_init\n");
845 goto err;
846 }
847
848 if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
849 fprintf(stderr, "FAIL: EVP_PKEY_CTX_set_hkdf_md\n");
850 goto err;
851 }
852
853 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, sizeof(salt)) <= 0) {
854 fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_salt\n");
855 goto err;
856 }
857
858 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, sizeof(ikm)) <= 0) {
859 fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_key\n");
860 goto err;
861 }
862
863 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, sizeof(info)) <= 0) {
864 fprintf(stderr, "FAIL: EVP_PKEY_CTX_add1_hkdf_info\n");
865 goto err;
866 }
867
868 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
869 fprintf(stderr, "FAIL: EVP_PKEY_derive\n");
870 goto err;
871 }
872
873 if (!kdf_compare_bytes("HKDF test", out, outlen, expected, sizeof(expected)))
874 goto err;
875
876 failed = 0;
877
878 err:
879 EVP_PKEY_CTX_free(pctx);
880 return failed;
881}
882
883static int
805evp_kdf_tls1_prf_basic(void) 884evp_kdf_tls1_prf_basic(void)
806{ 885{
807 EVP_PKEY_CTX *pctx; 886 EVP_PKEY_CTX *pctx;
@@ -1038,6 +1117,7 @@ main(int argc, char **argv)
1038 failed |= obj_name_do_all_test(); 1117 failed |= obj_name_do_all_test();
1039 failed |= evp_get_cipherbyname_test(); 1118 failed |= evp_get_cipherbyname_test();
1040 failed |= evp_get_digestbyname_test(); 1119 failed |= evp_get_digestbyname_test();
1120 failed |= evp_kdf_hkdf_basic();
1041 failed |= evp_kdf_tls1_prf_basic(); 1121 failed |= evp_kdf_tls1_prf_basic();
1042 failed |= evp_kdf_tls1_prf(); 1122 failed |= evp_kdf_tls1_prf();
1043 1123
diff --git a/src/regress/lib/libcrypto/free/Makefile b/src/regress/lib/libcrypto/free/Makefile
index 21516f1172..9171393c0f 100644
--- a/src/regress/lib/libcrypto/free/Makefile
+++ b/src/regress/lib/libcrypto/free/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.5 2023/04/15 14:10:09 tb Exp $ 1# $OpenBSD: Makefile,v 1.6 2025/08/25 06:08:33 tb Exp $
2 2
3TESTS = \ 3TESTS = \
4 freenull 4 freenull
@@ -10,9 +10,11 @@ REGRESS_TARGETS= all_tests
10LDADD= -lcrypto 10LDADD= -lcrypto
11DPADD= ${LIBCRYPTO} 11DPADD= ${LIBCRYPTO}
12 12
13CFLAGS+= -Wall -Werror
14
13CLEANFILES+= freenull.c freenull.c.body freenull.c.tmp 15CLEANFILES+= freenull.c freenull.c.body freenull.c.tmp
14 16
15freenull.c: freenull.awk ../../../../lib/libcrypto/Symbols.list 17freenull.c: freenull.awk freenull.c.head freenull.c.tail ../../../../lib/libcrypto/Symbols.list
16 awk -f ${.CURDIR}/freenull.awk \ 18 awk -f ${.CURDIR}/freenull.awk \
17 < ${BSDSRCDIR}/lib/libcrypto/Symbols.list > freenull.c.body 19 < ${BSDSRCDIR}/lib/libcrypto/Symbols.list > freenull.c.body
18 cat ${.CURDIR}/freenull.c.head freenull.c.body \ 20 cat ${.CURDIR}/freenull.c.head freenull.c.body \
diff --git a/src/regress/lib/libcrypto/free/freenull.c.head b/src/regress/lib/libcrypto/free/freenull.c.head
index db652bfb01..747f174a4c 100644
--- a/src/regress/lib/libcrypto/free/freenull.c.head
+++ b/src/regress/lib/libcrypto/free/freenull.c.head
@@ -1,4 +1,4 @@
1/* $OpenBSD: freenull.c.head,v 1.10 2024/08/30 05:00:38 tb Exp $ */ 1/* $OpenBSD: freenull.c.head,v 1.11 2025/08/25 06:01:33 tb Exp $ */
2 2
3#include <openssl/asn1.h> 3#include <openssl/asn1.h>
4#include <openssl/cmac.h> 4#include <openssl/cmac.h>
@@ -10,6 +10,7 @@
10#include <openssl/gost.h> 10#include <openssl/gost.h>
11#endif 11#endif
12#include <openssl/hmac.h> 12#include <openssl/hmac.h>
13#include <openssl/mlkem.h>
13#include <openssl/ocsp.h> 14#include <openssl/ocsp.h>
14#include <openssl/pkcs12.h> 15#include <openssl/pkcs12.h>
15#include <openssl/ts.h> 16#include <openssl/ts.h>
diff --git a/src/regress/lib/libcrypto/gcm128/gcm128test.c b/src/regress/lib/libcrypto/gcm128/gcm128test.c
index def7653c7b..78631979fe 100644
--- a/src/regress/lib/libcrypto/gcm128/gcm128test.c
+++ b/src/regress/lib/libcrypto/gcm128/gcm128test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gcm128test.c,v 1.7 2022/09/05 21:06:31 tb Exp $ */ 1/* $OpenBSD: gcm128test.c,v 1.8 2025/05/16 14:03:49 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -57,11 +57,6 @@
57#include <openssl/aes.h> 57#include <openssl/aes.h>
58#include <openssl/modes.h> 58#include <openssl/modes.h>
59 59
60/* XXX - something like this should be in the public headers. */
61struct gcm128_context {
62 uint64_t opaque[64];
63};
64
65struct gcm128_test { 60struct gcm128_test {
66 const uint8_t K[128]; 61 const uint8_t K[128];
67 size_t K_len; 62 size_t K_len;
@@ -856,7 +851,7 @@ struct gcm128_test gcm128_tests[] = {
856static int 851static int
857do_gcm128_test(int test_no, struct gcm128_test *tv) 852do_gcm128_test(int test_no, struct gcm128_test *tv)
858{ 853{
859 GCM128_CONTEXT ctx; 854 GCM128_CONTEXT *ctx;
860 AES_KEY key; 855 AES_KEY key;
861 uint8_t *out = NULL; 856 uint8_t *out = NULL;
862 size_t out_len; 857 size_t out_len;
@@ -873,13 +868,16 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
873 868
874 if (out_len != 0) 869 if (out_len != 0)
875 memset(out, 0, out_len); 870 memset(out, 0, out_len);
876 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); 871
877 CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len); 872 if ((ctx = CRYPTO_gcm128_new(&key, (block128_f)AES_encrypt)) == NULL)
873 err(1, "CRYPTO_gcm128_new");
874
875 CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len);
878 if (tv->A_len > 0) 876 if (tv->A_len > 0)
879 CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len); 877 CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len);
880 if (tv->P_len > 0) 878 if (tv->P_len > 0)
881 CRYPTO_gcm128_encrypt(&ctx, tv->P, out, out_len); 879 CRYPTO_gcm128_encrypt(ctx, tv->P, out, out_len);
882 if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { 880 if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) {
883 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", 881 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n",
884 test_no); 882 test_no);
885 goto fail; 883 goto fail;
@@ -891,12 +889,12 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
891 889
892 if (out_len != 0) 890 if (out_len != 0)
893 memset(out, 0, out_len); 891 memset(out, 0, out_len);
894 CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len); 892 CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len);
895 if (tv->A_len > 0) 893 if (tv->A_len > 0)
896 CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len); 894 CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len);
897 if (tv->C_len > 0) 895 if (tv->C_len > 0)
898 CRYPTO_gcm128_decrypt(&ctx, tv->C, out, out_len); 896 CRYPTO_gcm128_decrypt(ctx, tv->C, out, out_len);
899 if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { 897 if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) {
900 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", 898 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n",
901 test_no); 899 test_no);
902 goto fail; 900 goto fail;
@@ -909,6 +907,8 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
909 ret = 0; 907 ret = 0;
910 908
911fail: 909fail:
910 CRYPTO_gcm128_release(ctx);
911
912 free(out); 912 free(out);
913 return (ret); 913 return (ret);
914} 914}
diff --git a/src/regress/lib/libcrypto/man/check_complete.pl b/src/regress/lib/libcrypto/man/check_complete.pl
index 5f2d12ec73..3cbf02f16a 100755
--- a/src/regress/lib/libcrypto/man/check_complete.pl
+++ b/src/regress/lib/libcrypto/man/check_complete.pl
@@ -1,6 +1,6 @@
1#!/usr/bin/perl 1#!/usr/bin/perl
2# 2#
3# Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> 3# Copyright (c) 2021,2022,2023,2024,2025 Ingo Schwarze <schwarze@openbsd.org>
4# 4#
5# Permission to use, copy, modify, and distribute this software for any 5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above 6# purpose with or without fee is hereby granted, provided that the above
@@ -30,6 +30,9 @@ my %internal = (
30 BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l 30 BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l
31 BN_TBIT BN_ULLONG 31 BN_TBIT BN_ULLONG
32 )], 32 )],
33 conf => [qw(
34 conf_st conf_method_st
35 )],
33 evp => [qw( 36 evp => [qw(
34 ASN1_PKEY_CTRL_CMS_ENVELOPE ASN1_PKEY_CTRL_CMS_RI_TYPE 37 ASN1_PKEY_CTRL_CMS_ENVELOPE ASN1_PKEY_CTRL_CMS_RI_TYPE
35 ASN1_PKEY_CTRL_CMS_SIGN 38 ASN1_PKEY_CTRL_CMS_SIGN
@@ -116,7 +119,7 @@ my %postponed = (
116 119
117my $MANW = 'man -M /usr/share/man -w'; 120my $MANW = 'man -M /usr/share/man -w';
118my $srcdir = '/usr/src/lib/libcrypto/man'; 121my $srcdir = '/usr/src/lib/libcrypto/man';
119my $hfile = '/usr/include/openssl'; 122my $hfile = '/usr/include';
120 123
121my $in_cplusplus = 0; 124my $in_cplusplus = 0;
122my $in_comment = 0; 125my $in_comment = 0;
@@ -133,6 +136,7 @@ if (defined $ARGV[0] && $ARGV[0] eq '-v') {
133 shift @ARGV; 136 shift @ARGV;
134} 137}
135$#ARGV == 0 or die "usage: $0 [-v] headername"; 138$#ARGV == 0 or die "usage: $0 [-v] headername";
139$hfile .= "/openssl" unless $ARGV[0] eq 'tls';
136$hfile .= "/$ARGV[0].h"; 140$hfile .= "/$ARGV[0].h";
137open my $in_fh, '<', $hfile or die "$hfile: $!"; 141open my $in_fh, '<', $hfile or die "$hfile: $!";
138 142
@@ -236,6 +240,7 @@ try_again:
236 # Uninteresting lines. 240 # Uninteresting lines.
237 241
238 if (/^\s*$/ || 242 if (/^\s*$/ ||
243 /^DECLARE_LHASH_OF\(\w+\);$/ ||
239 /^DECLARE_STACK_OF\(\w+\)$/ || 244 /^DECLARE_STACK_OF\(\w+\)$/ ||
240 /^DECLARE_PKCS12_STACK_OF\(\w+\)$/ || 245 /^DECLARE_PKCS12_STACK_OF\(\w+\)$/ ||
241 /^TYPEDEF_D2I2D_OF\(\w+\);$/ || 246 /^TYPEDEF_D2I2D_OF\(\w+\);$/ ||
@@ -288,7 +293,7 @@ try_again:
288 print "D- $line\n" if $verbose; 293 print "D- $line\n" if $verbose;
289 next; 294 next;
290 } 295 }
291 if ($id =~ /^(?:ASN1|BIO|BN|EVP|X509(?:V3)?)_[FR]_\w+$/) { 296 if ($id =~ /^(?:ASN1|BIO|BN|CONF|EVP|X509(?:V3)?)_[FR]_\w+$/) {
292 print "D- $line\n" if $verbose; 297 print "D- $line\n" if $verbose;
293 next; 298 next;
294 } 299 }
diff --git a/src/regress/lib/libcrypto/md/Makefile b/src/regress/lib/libcrypto/md/Makefile
index 94bec95e05..1df57283b2 100644
--- a/src/regress/lib/libcrypto/md/Makefile
+++ b/src/regress/lib/libcrypto/md/Makefile
@@ -1,9 +1,15 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2022/09/02 13:34:48 tb Exp $ 1# $OpenBSD: Makefile,v 1.2 2025/05/22 03:24:47 joshua Exp $
2 2
3PROG= md_test 3PROG = md_test
4LDADD= -lcrypto 4LDADD = -lcrypto
5DPADD= ${LIBCRYPTO} 5DPADD = ${LIBCRYPTO}
6WARNINGS= Yes 6WARNINGS = Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror 7CFLAGS += -DLIBRESSL_INTERNAL -Werror
8CFLAGS += -I${.CURDIR}/../test
9SRCS += md_test.c
10SRCS += test.c
11SRCS += test_util.c
12
13.PATH: ${.CURDIR}/../test
8 14
9.include <bsd.regress.mk> 15.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/md/md_test.c b/src/regress/lib/libcrypto/md/md_test.c
index 590bb50ee3..752f2e4958 100644
--- a/src/regress/lib/libcrypto/md/md_test.c
+++ b/src/regress/lib/libcrypto/md/md_test.c
@@ -1,6 +1,6 @@
1/* $OpenBSD: md_test.c,v 1.3 2025/01/19 10:17:39 tb Exp $ */ 1/* $OpenBSD: md_test.c,v 1.4 2025/05/22 03:24:47 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022, 2025 Joshua Sing <joshua@joshuasing.dev>
4 * 4 *
5 * Permission to use, copy, modify, and distribute this software for any 5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above 6 * purpose with or without fee is hereby granted, provided that the above
@@ -22,6 +22,8 @@
22#include <stdint.h> 22#include <stdint.h>
23#include <string.h> 23#include <string.h>
24 24
25#include "test.h"
26
25struct md_test { 27struct md_test {
26 const int algorithm; 28 const int algorithm;
27 const uint8_t in[128]; 29 const uint8_t in[128];
@@ -30,7 +32,7 @@ struct md_test {
30}; 32};
31 33
32static const struct md_test md_tests[] = { 34static const struct md_test md_tests[] = {
33 /* MD4 (RFC 1320 test vectors) */ 35 /* MD4 (RFC 1320 test vectors) */
34 { 36 {
35 .algorithm = NID_md4, 37 .algorithm = NID_md4,
36 .in = "", 38 .in = "",
@@ -99,7 +101,7 @@ static const struct md_test md_tests[] = {
99 } 101 }
100 }, 102 },
101 103
102 /* MD5 (RFC 1321 test vectors) */ 104 /* MD5 (RFC 1321 test vectors) */
103 { 105 {
104 .algorithm = NID_md5, 106 .algorithm = NID_md5,
105 .in = "", 107 .in = "",
@@ -175,25 +177,21 @@ typedef unsigned char *(*md_hash_func)(const unsigned char *, size_t,
175 unsigned char *); 177 unsigned char *);
176 178
177static int 179static int
178md_hash_from_algorithm(int algorithm, const char **out_label, 180md_hash_from_algorithm(int algorithm, md_hash_func *out_func,
179 md_hash_func *out_func, const EVP_MD **out_md, size_t *out_len) 181 const EVP_MD **out_md, size_t *out_len)
180{ 182{
181 switch (algorithm) { 183 switch (algorithm) {
182 case NID_md4: 184 case NID_md4:
183 *out_label = SN_md4;
184 *out_func = MD4; 185 *out_func = MD4;
185 *out_md = EVP_md4(); 186 *out_md = EVP_md4();
186 *out_len = MD4_DIGEST_LENGTH; 187 *out_len = MD4_DIGEST_LENGTH;
187 break; 188 break;
188 case NID_md5: 189 case NID_md5:
189 *out_label = SN_md5;
190 *out_func = MD5; 190 *out_func = MD5;
191 *out_md = EVP_md5(); 191 *out_md = EVP_md5();
192 *out_len = MD5_DIGEST_LENGTH; 192 *out_len = MD5_DIGEST_LENGTH;
193 break; 193 break;
194 default: 194 default:
195 fprintf(stderr, "FAIL: unknown algorithm (%d)\n",
196 algorithm);
197 return 0; 195 return 0;
198 } 196 }
199 197
@@ -201,108 +199,100 @@ md_hash_from_algorithm(int algorithm, const char **out_label,
201} 199}
202 200
203static void 201static void
204hexdump(const unsigned char *buf, size_t len) 202test_md_tv(struct test *t, const void *arg)
205{
206 size_t i;
207
208 for (i = 1; i <= len; i++)
209 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
210
211 fprintf(stderr, "\n");
212}
213
214static int
215md_test(void)
216{ 203{
217 unsigned char *(*md_func)(const unsigned char *, size_t, unsigned char *); 204 const struct md_test *st = arg;
218 const struct md_test *st; 205 md_hash_func md_func;
219 EVP_MD_CTX *hash = NULL;
220 const EVP_MD *md; 206 const EVP_MD *md;
207 EVP_MD_CTX *hash = NULL;
221 uint8_t out[EVP_MAX_MD_SIZE]; 208 uint8_t out[EVP_MAX_MD_SIZE];
222 size_t in_len, out_len; 209 size_t in_len, out_len;
223 size_t i;
224 const char *label;
225 int failed = 1;
226 210
227 if ((hash = EVP_MD_CTX_new()) == NULL) { 211 if (!md_hash_from_algorithm(st->algorithm, &md_func, &md, &out_len)) {
228 fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); 212 test_errorf(t, "md_hash_from_algorithm: unknown algorithm: %d",
229 goto failed; 213 st->algorithm);
214 goto fail;
230 } 215 }
231 216
232 for (i = 0; i < N_MD_TESTS; i++) { 217 if ((hash = EVP_MD_CTX_new()) == NULL) {
233 st = &md_tests[i]; 218 test_errorf(t, "EVP_MD_CTX_new()");
234 if (!md_hash_from_algorithm(st->algorithm, &label, &md_func, 219 goto fail;
235 &md, &out_len)) 220 }
236 goto failed;
237
238 /* Digest */
239 memset(out, 0, sizeof(out));
240 md_func(st->in, st->in_len, out);
241 if (memcmp(st->out, out, out_len) != 0) {
242 fprintf(stderr, "FAIL (%s): mismatch\n", label);
243 goto failed;
244 }
245 221
246 /* EVP single-shot digest */ 222 /* Digest */
247 memset(out, 0, sizeof(out)); 223 memset(out, 0, sizeof(out));
248 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) { 224 md_func(st->in, st->in_len, out);
249 fprintf(stderr, "FAIL (%s): EVP_Digest failed\n", 225 if (memcmp(st->out, out, out_len) != 0) {
250 label); 226 test_errorf(t, "MD: digest output mismatch");
251 goto failed; 227 test_hexdiff(t, out, out_len, st->out);
252 } 228 }
253 229
254 if (memcmp(st->out, out, out_len) != 0) { 230 /* EVP single-shot digest */
255 fprintf(stderr, "FAIL (%s): EVP single-shot mismatch\n", 231 memset(out, 0, sizeof(out));
256 label); 232 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
257 goto failed; 233 test_errorf(t, "EVP_Digest()");
258 } 234 goto fail;
235 }
236 if (memcmp(st->out, out, out_len) != 0) {
237 test_errorf(t, "EVP_Digest: digest output mismatch");
238 test_hexdiff(t, out, out_len, st->out);
239 }
259 240
260 /* EVP digest */ 241 /* EVP digest */
261 memset(out, 0, sizeof(out)); 242 memset(out, 0, sizeof(out));
262 if (!EVP_DigestInit_ex(hash, md, NULL)) { 243 if (!EVP_DigestInit_ex(hash, md, NULL)) {
263 fprintf(stderr, "FAIL (%s): EVP_DigestInit_ex failed\n", 244 test_errorf(t, "EVP_DigestInit_ex()");
264 label); 245 goto fail;
265 goto failed; 246 }
266 }
267 247
268 in_len = st->in_len / 2; 248 in_len = st->in_len / 2;
269 if (!EVP_DigestUpdate(hash, st->in, in_len)) { 249 if (!EVP_DigestUpdate(hash, st->in, in_len)) {
270 fprintf(stderr, 250 test_errorf(t, "EVP_DigestUpdate: first half failed");
271 "FAIL (%s): EVP_DigestUpdate first half failed\n", 251 goto fail;
272 label); 252 }
273 goto failed;
274 }
275 253
276 if (!EVP_DigestUpdate(hash, st->in + in_len, 254 if (!EVP_DigestUpdate(hash, st->in + in_len,
277 st->in_len - in_len)) { 255 st->in_len - in_len)) {
278 fprintf(stderr, 256 test_errorf(t, "EVP_DigestUpdate: second half failed");
279 "FAIL (%s): EVP_DigestUpdate second half failed\n", 257 goto fail;
280 label); 258 }
281 goto failed;
282 }
283 259
284 if (!EVP_DigestFinal_ex(hash, out, NULL)) { 260 if (!EVP_DigestFinal_ex(hash, out, NULL)) {
285 fprintf(stderr, 261 test_errorf(t, "EVP_DigestFinal_ex()");
286 "FAIL (%s): EVP_DigestFinal_ex failed\n", 262 goto fail;
287 label); 263 }
288 goto failed;
289 }
290 264
291 if (memcmp(st->out, out, out_len) != 0) { 265 if (memcmp(st->out, out, out_len) != 0) {
292 fprintf(stderr, "FAIL (%s): EVP mismatch\n", label); 266 test_errorf(t, "EVP: digest output mismatch");
293 goto failed; 267 test_hexdiff(t, out, out_len, st->out);
294 }
295 } 268 }
296 269
297 failed = 0;
298 270
299 failed: 271 fail:
300 EVP_MD_CTX_free(hash); 272 EVP_MD_CTX_free(hash);
301 return failed;
302} 273}
303 274
304static int 275static void
305md5_large_test(void) 276test_md(struct test *t, const void *arg)
277{
278 const struct md_test *st;
279 size_t i;
280 char *name;
281
282 for (i = 0; i < N_MD_TESTS; i++) {
283 st = &md_tests[i];
284 if (asprintf(&name, "%s: '%s'", OBJ_nid2sn(st->algorithm), st->in) == -1) {
285 test_errorf(t, "create test name");
286 return;
287 }
288
289 test_run(t, name, test_md_tv, st);
290 free(name);
291 }
292}
293
294static void
295test_md5_large(struct test *t, const void *arg)
306{ 296{
307 MD5_CTX ctx; 297 MD5_CTX ctx;
308 uint8_t in[1024]; 298 uint8_t in[1024];
@@ -310,12 +300,10 @@ md5_large_test(void)
310 unsigned int out_len; 300 unsigned int out_len;
311 size_t in_len; 301 size_t in_len;
312 size_t i; 302 size_t i;
313 const char *label;
314 uint8_t want[] = { 303 uint8_t want[] = {
315 0xd8, 0xbc, 0xae, 0x13, 0xb5, 0x5a, 0xb0, 0xfc, 304 0xd8, 0xbc, 0xae, 0x13, 0xb5, 0x5a, 0xb0, 0xfc,
316 0x7f, 0x8a, 0xe1, 0x78, 0x27, 0x8d, 0x44, 0x1b, 305 0x7f, 0x8a, 0xe1, 0x78, 0x27, 0x8d, 0x44, 0x1b,
317 }; 306 };
318 int failed = 1;
319 307
320 memset(in, 'A', sizeof(in)); 308 memset(in, 'A', sizeof(in));
321 in_len = sizeof(in); 309 in_len = sizeof(in);
@@ -323,44 +311,34 @@ md5_large_test(void)
323 memset(out, 0, sizeof(out)); 311 memset(out, 0, sizeof(out));
324 out_len = 16; 312 out_len = 16;
325 313
326 label = "md5";
327
328 MD5_Init(&ctx); 314 MD5_Init(&ctx);
329 315
330 for (i = 0; i < (1<<29) + 1; i += in_len) { 316 for (i = 0; i < (1<<29) + 1; i += in_len) {
331 if (!MD5_Update(&ctx, in, in_len)) { 317 if (!MD5_Update(&ctx, in, in_len)) {
332 fprintf(stderr, "FAIL (%s): MD5_Update failed\n", label); 318 test_errorf(t, "MD5_Update()");
333 goto failed; 319 return;
334 } 320 }
335 } 321 }
336 if (!MD5_Final(out, &ctx)) { 322 if (!MD5_Final(out, &ctx)) {
337 fprintf(stderr, "FAIL (%s): MD5_Final failed\n", label); 323 test_errorf(t, "MD5_Final()");
338 goto failed; 324 return;
339 } 325 }
340 326
341 if (memcmp(out, want, out_len) != 0) { 327 if (memcmp(out, want, out_len) != 0) {
342 fprintf(stderr, "FAIL (%s): MD5 mismatch\n", label); 328 test_errorf(t, "MD5 digest output mismatch");
343 hexdump(out, out_len); 329 test_hexdump(t, out, out_len);
344 goto failed;
345 } 330 }
346 if (ctx.Nh != 0x1 || ctx.Nl != 0x2000) { 331 if (ctx.Nh != 0x1 || ctx.Nl != 0x2000)
347 fprintf(stderr, "FAIL (%s): MD5 incorrect bit length\n", label); 332 test_errorf(t, "MD5 incorrect bit length");
348 goto failed;
349 }
350
351 failed = 0;
352
353 failed:
354 return failed;
355} 333}
356 334
357int 335int
358main(int argc, char **argv) 336main(int argc, char **argv)
359{ 337{
360 int failed = 0; 338 struct test *t = test_init();
361 339
362 failed |= md_test(); 340 test_run(t, "md", test_md, NULL);
363 failed |= md5_large_test(); 341 test_run(t, "md5 large", test_md5_large, NULL);
364 342
365 return failed; 343 return test_result(t);
366} 344}
diff --git a/src/regress/lib/libcrypto/mlkem/Makefile b/src/regress/lib/libcrypto/mlkem/Makefile
index a08623c90a..3acaf78e63 100644
--- a/src/regress/lib/libcrypto/mlkem/Makefile
+++ b/src/regress/lib/libcrypto/mlkem/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.9 2024/12/29 20:14:15 tb Exp $ 1# $OpenBSD: Makefile,v 1.10 2025/08/15 14:46:37 tb Exp $
2 2
3REGRESS_SLOW_TARGETS += run-regress-mlkem_iteration_tests 3REGRESS_SLOW_TARGETS += run-regress-mlkem_iteration_tests
4 4
@@ -22,7 +22,7 @@ run-regress-mlkem_tests: mlkem_tests
22 ./mlkem_tests $f ${.CURDIR}/$f.txt 22 ./mlkem_tests $f ${.CURDIR}/$f.txt
23.endfor 23.endfor
24 24
25SRCS_mlkem_tests = mlkem_tests.c mlkem_tests_util.c parse_test_file.c 25SRCS_mlkem_tests = mlkem_tests.c parse_test_file.c
26SRCS_mlkem_iteration_tests = mlkem_iteration_tests.c mlkem_tests_util.c 26SRCS_mlkem_iteration_tests = mlkem_iteration_tests.c mlkem_tests_util.c
27SRCS_mlkem_unittest = mlkem_unittest.c mlkem_tests_util.c 27SRCS_mlkem_unittest = mlkem_unittest.c mlkem_tests_util.c
28 28
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
index 5a61248090..053f8e1222 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_iteration_tests.c,v 1.2 2024/12/26 07:26:45 tb Exp $ */ 1/* $OpenBSD: mlkem_iteration_tests.c,v 1.8 2025/08/17 19:26:35 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -22,7 +22,7 @@
22#include <stdio.h> 22#include <stdio.h>
23#include <stdlib.h> 23#include <stdlib.h>
24 24
25#include "mlkem.h" 25#include <openssl/mlkem.h>
26 26
27#include "mlkem_internal.h" 27#include "mlkem_internal.h"
28#include "mlkem_tests_util.h" 28#include "mlkem_tests_util.h"
@@ -63,46 +63,49 @@ const uint8_t kExpectedAdam1024[32] = {
63 0x04, 0xab, 0xdb, 0x94, 0x8b, 0x90, 0x8b, 0x75, 0xba, 0xd5 63 0x04, 0xab, 0xdb, 0x94, 0x8b, 0x90, 0x8b, 0x75, 0xba, 0xd5
64}; 64};
65 65
66struct iteration_ctx {
67 uint8_t *encoded_public_key;
68 size_t encoded_public_key_len;
69 uint8_t *ciphertext;
70 size_t ciphertext_len;
71 uint8_t *invalid_ciphertext;
72 size_t invalid_ciphertext_len;
73 void *priv;
74 void *pub;
75
76 mlkem_encode_private_key_fn encode_private_key;
77 mlkem_encap_external_entropy_fn encap_external_entropy;
78 mlkem_generate_key_external_entropy_fn generate_key_external_entropy;
79 mlkem_public_from_private_fn public_from_private;
80 mlkem_decap_fn decap;
81
82 const uint8_t *start;
83 size_t start_len;
84
85 const uint8_t *expected;
86 size_t expected_len;
87};
88
89static int 66static int
90MlkemIterativeTest(struct iteration_ctx *ctx) 67MlkemIterativeTest(int rank)
91{ 68{
92 uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES]; 69 const uint8_t *start, *expected;
70 size_t start_len;
93 uint8_t encap_entropy[MLKEM_ENCAP_ENTROPY]; 71 uint8_t encap_entropy[MLKEM_ENCAP_ENTROPY];
94 uint8_t seed[MLKEM_SEED_BYTES] = {0}; 72 uint8_t seed[MLKEM_SEED_LENGTH] = {0};
73 uint8_t *shared_secret = NULL;
95 sha3_ctx drng, results; 74 sha3_ctx drng, results;
96 uint8_t out[32]; 75 uint8_t out[32];
97 int i; 76 int i;
98 77
78 start = kExpectedSeedStart;
79 start_len = sizeof(kExpectedSeedStart);
80 switch(rank){
81 case RANK768:
82 expected = kExpectedAdam768;
83 break;
84 case RANK1024:
85 expected = kExpectedAdam1024;
86 break;
87 default:
88 errx(1, "invalid rank %d", rank);
89 }
90
99 shake128_init(&drng); 91 shake128_init(&drng);
100 shake128_init(&results); 92 shake128_init(&results);
101 93
102 shake_xof(&drng); 94 shake_xof(&drng);
103 for (i = 0; i < 10000; i++) { 95 for (i = 0; i < 10000; i++) {
104 uint8_t *encoded_private_key = NULL; 96 uint8_t *encoded_public_key = NULL, *ciphertext = NULL,
105 size_t encoded_private_key_len; 97 *encoded_private_key = NULL, *invalid_ciphertext = NULL;
98 size_t encoded_public_key_len, ciphertext_len,
99 encoded_private_key_len, invalid_ciphertext_len;
100 MLKEM_private_key *priv;
101 MLKEM_public_key *pub;
102 size_t s_len = 0;
103
104 /* allocate keys for this iteration */
105 if ((priv = MLKEM_private_key_new(rank)) == NULL)
106 errx(1, "malloc");
107 if ((pub = MLKEM_public_key_new(rank)) == NULL)
108 errx(1, "malloc");
106 109
107 /* 110 /*
108 * This should draw both d and z from DRNG concatenating in 111 * This should draw both d and z from DRNG concatenating in
@@ -110,118 +113,91 @@ MlkemIterativeTest(struct iteration_ctx *ctx)
110 */ 113 */
111 shake_out(&drng, seed, sizeof(seed)); 114 shake_out(&drng, seed, sizeof(seed));
112 if (i == 0) { 115 if (i == 0) {
113 if (compare_data(seed, ctx->start, ctx->start_len, 116 if (compare_data(seed, start, start_len,
114 "seed start") != 0) 117 "seed start") != 0)
115 errx(1, "compare_data"); 118 errx(1, "compare_data");
116 } 119 }
117 120
118 /* generate ek as encoded_public_key */ 121 /* generate ek as encoded_public_key */
119 ctx->generate_key_external_entropy(ctx->encoded_public_key, 122 if (!MLKEM_generate_key_external_entropy(priv,
120 ctx->priv, seed); 123 &encoded_public_key, &encoded_public_key_len,
121 ctx->public_from_private(ctx->pub, ctx->priv); 124 seed))
125 errx(1, "generate_key_external_entropy");
126
127 if (!MLKEM_public_from_private(priv, pub))
128 errx(1, "public_from_private");
122 129
123 /* hash in ek */ 130 /* hash in ek */
124 shake_update(&results, ctx->encoded_public_key, 131 shake_update(&results, encoded_public_key,
125 ctx->encoded_public_key_len); 132 encoded_public_key_len);
126 133
127 /* marshal priv to dk as encoded_private_key */ 134 /* marshal priv to dk as encoded_private_key */
128 if (!ctx->encode_private_key(ctx->priv, &encoded_private_key, 135 if (!MLKEM_marshal_private_key(priv, &encoded_private_key,
129 &encoded_private_key_len)) 136 &encoded_private_key_len))
130 errx(1, "encode private key"); 137 errx(1, "marshal private key");
131 138
132 /* hash in dk */ 139 /* hash in dk */
133 shake_update(&results, encoded_private_key, 140 shake_update(&results, encoded_private_key,
134 encoded_private_key_len); 141 encoded_private_key_len);
135 142
136 free(encoded_private_key); 143 freezero(encoded_private_key, encoded_private_key_len);
137 144
138 /* draw m as encap entropy from DRNG */ 145 /* draw m as encap entropy from DRNG */
139 shake_out(&drng, encap_entropy, sizeof(encap_entropy)); 146 shake_out(&drng, encap_entropy, sizeof(encap_entropy));
140 147
141 /* generate ct as ciphertext, k as shared_secret */ 148 /* generate ct as ciphertext, k as shared_secret */
142 ctx->encap_external_entropy(ctx->ciphertext, shared_secret, 149 if (!MLKEM_encap_external_entropy(pub, encap_entropy,
143 ctx->pub, encap_entropy); 150 &ciphertext, &ciphertext_len, &shared_secret, &s_len))
151 errx(1, "encap_external_entropy");
144 152
145 /* hash in ct */ 153 /* hash in ct */
146 shake_update(&results, ctx->ciphertext, ctx->ciphertext_len); 154 shake_update(&results, ciphertext, ciphertext_len);
147 /* hash in k */ 155 /* hash in k */
148 shake_update(&results, shared_secret, sizeof(shared_secret)); 156 shake_update(&results, shared_secret, s_len);
157
158 freezero(shared_secret, s_len);
159 shared_secret = NULL;
160
161 invalid_ciphertext_len = ciphertext_len;
162 if ((invalid_ciphertext = calloc(1, invalid_ciphertext_len))
163 == NULL)
164 errx(1, "malloc");
149 165
150 /* draw ct as invalid_ciphertxt from DRNG */ 166 /* draw ct as invalid_ciphertxt from DRNG */
151 shake_out(&drng, ctx->invalid_ciphertext, 167 shake_out(&drng, invalid_ciphertext, invalid_ciphertext_len);
152 ctx->invalid_ciphertext_len);
153 168
154 /* generate k as shared secret from invalid ciphertext */ 169 /* generate k as shared secret from invalid ciphertext */
155 if (!ctx->decap(shared_secret, ctx->invalid_ciphertext, 170 if (!MLKEM_decap(priv, invalid_ciphertext,
156 ctx->invalid_ciphertext_len, ctx->priv)) 171 invalid_ciphertext_len, &shared_secret, &s_len))
157 errx(1, "decap failed"); 172 errx(1, "decap failed, iteration %d", i);
158 173
159 /* hash in k */ 174 /* hash in k */
160 shake_update(&results, shared_secret, sizeof(shared_secret)); 175 shake_update(&results, shared_secret, s_len);
176
177 freezero(shared_secret, s_len);
178 shared_secret = NULL;
179 freezero(invalid_ciphertext, invalid_ciphertext_len);
180 invalid_ciphertext = NULL;
181
182 /* free keys and intermediate products for this iteration */
183 MLKEM_private_key_free(priv);
184 MLKEM_public_key_free(pub);
185 freezero(encoded_public_key, encoded_public_key_len);
186 freezero(ciphertext, ciphertext_len);
161 } 187 }
162 shake_xof(&results); 188 shake_xof(&results);
163 shake_out(&results, out, sizeof(out)); 189 shake_out(&results, out, sizeof(out));
164 190
165 return compare_data(ctx->expected, out, sizeof(out), "final result hash"); 191 return compare_data(expected, out, sizeof(out), "final result hash");
166} 192}
167 193
168int 194int
169main(void) 195main(void)
170{ 196{
171 uint8_t encoded_public_key768[MLKEM768_PUBLIC_KEY_BYTES];
172 uint8_t ciphertext768[MLKEM768_CIPHERTEXT_BYTES];
173 uint8_t invalid_ciphertext768[MLKEM768_CIPHERTEXT_BYTES];
174 struct MLKEM768_private_key priv768;
175 struct MLKEM768_public_key pub768;
176 struct iteration_ctx iteration768 = {
177 .encoded_public_key = encoded_public_key768,
178 .encoded_public_key_len = sizeof(encoded_public_key768),
179 .ciphertext = ciphertext768,
180 .ciphertext_len = sizeof(ciphertext768),
181 .invalid_ciphertext = invalid_ciphertext768,
182 .invalid_ciphertext_len = sizeof(invalid_ciphertext768),
183 .priv = &priv768,
184 .pub = &pub768,
185 .encap_external_entropy = mlkem768_encap_external_entropy,
186 .encode_private_key = mlkem768_encode_private_key,
187 .generate_key_external_entropy =
188 mlkem768_generate_key_external_entropy,
189 .public_from_private = mlkem768_public_from_private,
190 .decap = mlkem768_decap,
191 .start = kExpectedSeedStart,
192 .start_len = sizeof(kExpectedSeedStart),
193 .expected = kExpectedAdam768,
194 .expected_len = sizeof(kExpectedAdam768),
195 };
196 uint8_t encoded_public_key1024[MLKEM1024_PUBLIC_KEY_BYTES];
197 uint8_t ciphertext1024[MLKEM1024_CIPHERTEXT_BYTES];
198 uint8_t invalid_ciphertext1024[MLKEM1024_CIPHERTEXT_BYTES];
199 struct MLKEM1024_private_key priv1024;
200 struct MLKEM1024_public_key pub1024;
201 struct iteration_ctx iteration1024 = {
202 .encoded_public_key = encoded_public_key1024,
203 .encoded_public_key_len = sizeof(encoded_public_key1024),
204 .ciphertext = ciphertext1024,
205 .ciphertext_len = sizeof(ciphertext1024),
206 .invalid_ciphertext = invalid_ciphertext1024,
207 .invalid_ciphertext_len = sizeof(invalid_ciphertext1024),
208 .priv = &priv1024,
209 .pub = &pub1024,
210 .encap_external_entropy = mlkem1024_encap_external_entropy,
211 .encode_private_key = mlkem1024_encode_private_key,
212 .generate_key_external_entropy =
213 mlkem1024_generate_key_external_entropy,
214 .public_from_private = mlkem1024_public_from_private,
215 .decap = mlkem1024_decap,
216 .start = kExpectedSeedStart,
217 .start_len = sizeof(kExpectedSeedStart),
218 .expected = kExpectedAdam1024,
219 .expected_len = sizeof(kExpectedAdam1024),
220 };
221 int failed = 0; 197 int failed = 0;
222 198
223 failed |= MlkemIterativeTest(&iteration768); 199 failed |= MlkemIterativeTest(RANK768);
224 failed |= MlkemIterativeTest(&iteration1024); 200 failed |= MlkemIterativeTest(RANK1024);
225 201
226 return failed; 202 return failed;
227} 203}
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
index 2801a58890..361467afd0 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_tests.c,v 1.2 2024/12/26 00:10:19 tb Exp $ */ 1/* $OpenBSD: mlkem_tests.c,v 1.10 2025/08/15 21:47:39 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -23,12 +23,11 @@
23#include <stdlib.h> 23#include <stdlib.h>
24#include <string.h> 24#include <string.h>
25 25
26#include "bytestring.h" 26#include <openssl/mlkem.h>
27#include "mlkem.h"
28 27
28#include "bytestring.h"
29#include "mlkem_internal.h" 29#include "mlkem_internal.h"
30 30
31#include "mlkem_tests_util.h"
32#include "parse_test_file.h" 31#include "parse_test_file.h"
33 32
34enum test_type { 33enum test_type {
@@ -39,11 +38,7 @@ enum test_type {
39struct decap_ctx { 38struct decap_ctx {
40 struct parse *parse_ctx; 39 struct parse *parse_ctx;
41 40
42 void *private_key; 41 int rank;
43 size_t private_key_len;
44
45 mlkem_parse_private_key_fn parse_private_key;
46 mlkem_decap_fn decap;
47}; 42};
48 43
49enum decap_states { 44enum decap_states {
@@ -102,8 +97,10 @@ static int
102MlkemDecapFileTest(struct decap_ctx *decap) 97MlkemDecapFileTest(struct decap_ctx *decap)
103{ 98{
104 struct parse *p = decap->parse_ctx; 99 struct parse *p = decap->parse_ctx;
105 uint8_t shared_secret_buf[MLKEM_SHARED_SECRET_BYTES]; 100 MLKEM_private_key *priv_key = NULL;
106 CBS ciphertext, shared_secret, private_key; 101 CBS ciphertext, shared_secret, private_key;
102 uint8_t *shared_secret_buf = NULL;
103 size_t shared_secret_buf_len = 0;
107 int should_fail; 104 int should_fail;
108 int failed = 1; 105 int failed = 1;
109 106
@@ -112,20 +109,31 @@ MlkemDecapFileTest(struct decap_ctx *decap)
112 parse_get_cbs(p, DECAP_PRIVATE_KEY, &private_key); 109 parse_get_cbs(p, DECAP_PRIVATE_KEY, &private_key);
113 parse_get_int(p, DECAP_RESULT, &should_fail); 110 parse_get_int(p, DECAP_RESULT, &should_fail);
114 111
115 if (!decap->parse_private_key(decap->private_key, &private_key)) { 112 if ((priv_key = MLKEM_private_key_new(decap->rank)) == NULL)
113 parse_errx(p, "MLKEM_private_key_new");
114
115 if (!MLKEM_parse_private_key(priv_key,
116 CBS_data(&private_key), CBS_len(&private_key))) {
116 if ((failed = !should_fail)) 117 if ((failed = !should_fail))
117 parse_info(p, "parse private key"); 118 parse_info(p, "parse private key");
118 goto err; 119 goto err;
119 } 120 }
120 if (!decap->decap(shared_secret_buf, 121 if (!MLKEM_decap(priv_key, CBS_data(&ciphertext), CBS_len(&ciphertext),
121 CBS_data(&ciphertext), CBS_len(&ciphertext), decap->private_key)) { 122 &shared_secret_buf, &shared_secret_buf_len)) {
122 if ((failed = !should_fail)) 123 if ((failed = !should_fail))
123 parse_info(p, "decap"); 124 parse_info(p, "decap");
124 goto err; 125 goto err;
125 } 126 }
126 127
128 if (shared_secret_buf_len != MLKEM_SHARED_SECRET_LENGTH) {
129 if ((failed = !should_fail))
130 parse_info(p, "shared secret length %zu != %d",
131 shared_secret_buf_len, MLKEM_SHARED_SECRET_LENGTH);
132 goto err;
133 }
134
127 failed = !parse_data_equal(p, "shared_secret", &shared_secret, 135 failed = !parse_data_equal(p, "shared_secret", &shared_secret,
128 shared_secret_buf, sizeof(shared_secret_buf)); 136 shared_secret_buf, shared_secret_buf_len);
129 137
130 if (should_fail != failed) { 138 if (should_fail != failed) {
131 parse_info(p, "FAIL: should_fail %d, failed %d", 139 parse_info(p, "FAIL: should_fail %d, failed %d",
@@ -134,6 +142,9 @@ MlkemDecapFileTest(struct decap_ctx *decap)
134 } 142 }
135 143
136 err: 144 err:
145 MLKEM_private_key_free(priv_key);
146 freezero(shared_secret_buf, shared_secret_buf_len);
147
137 return failed; 148 return failed;
138} 149}
139 150
@@ -192,35 +203,49 @@ static int
192MlkemNistDecapFileTest(struct decap_ctx *decap) 203MlkemNistDecapFileTest(struct decap_ctx *decap)
193{ 204{
194 struct parse *p = decap->parse_ctx; 205 struct parse *p = decap->parse_ctx;
195 uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES]; 206 MLKEM_private_key *priv_key = NULL;
196 CBS dk, c, k; 207 CBS dk, c, k;
208 uint8_t *shared_secret = NULL;
209 size_t shared_secret_len = 0;
197 int failed = 1; 210 int failed = 1;
198 211
199 parse_instruction_get_cbs(p, NIST_DECAP_DK, &dk); 212 parse_instruction_get_cbs(p, NIST_DECAP_DK, &dk);
200 parse_get_cbs(p, NIST_DECAP_C, &c); 213 parse_get_cbs(p, NIST_DECAP_C, &c);
201 parse_get_cbs(p, NIST_DECAP_K, &k); 214 parse_get_cbs(p, NIST_DECAP_K, &k);
202 215
216 if ((priv_key = MLKEM_private_key_new(decap->rank)) == NULL)
217 parse_errx(p, "MLKEM_private_key_new");
218
203 if (!parse_length_equal(p, "private key", 219 if (!parse_length_equal(p, "private key",
204 decap->private_key_len, CBS_len(&dk))) 220 MLKEM_private_key_encoded_length(priv_key), CBS_len(&dk)))
205 goto err; 221 goto err;
206 if (!parse_length_equal(p, "shared secret", 222 if (!parse_length_equal(p, "shared secret",
207 MLKEM_SHARED_SECRET_BYTES, CBS_len(&k))) 223 MLKEM_SHARED_SECRET_LENGTH, CBS_len(&k)))
208 goto err; 224 goto err;
209 225
210 if (!decap->parse_private_key(decap->private_key, &dk)) { 226 if (!MLKEM_parse_private_key(priv_key, CBS_data(&dk), CBS_len(&dk))) {
211 parse_info(p, "parse private key"); 227 parse_info(p, "parse private key");
212 goto err; 228 goto err;
213 } 229 }
214 if (!decap->decap(shared_secret, CBS_data(&c), CBS_len(&c), 230 if (!MLKEM_decap(priv_key, CBS_data(&c), CBS_len(&c),
215 decap->private_key)) { 231 &shared_secret, &shared_secret_len)) {
216 parse_info(p, "decap"); 232 parse_info(p, "decap");
217 goto err; 233 goto err;
218 } 234 }
219 235
236 if (shared_secret_len != MLKEM_SHARED_SECRET_LENGTH) {
237 parse_info(p, "shared secret length %zu != %d",
238 shared_secret_len, MLKEM_SHARED_SECRET_LENGTH);
239 goto err;
240 }
241
220 failed = !parse_data_equal(p, "shared secret", &k, 242 failed = !parse_data_equal(p, "shared secret", &k,
221 shared_secret, MLKEM_SHARED_SECRET_BYTES); 243 shared_secret, shared_secret_len);
222 244
223 err: 245 err:
246 MLKEM_private_key_free(priv_key);
247 freezero(shared_secret, shared_secret_len);
248
224 return failed; 249 return failed;
225} 250}
226 251
@@ -244,46 +269,24 @@ static const struct test_parse nist_decap_parse = {
244}; 269};
245 270
246static int 271static int
247mlkem_decap_tests(const char *fn, size_t size, enum test_type test_type) 272mlkem_decap_tests(const char *fn, int rank, enum test_type test_type)
248{ 273{
249 struct MLKEM768_private_key private_key768; 274 struct decap_ctx decap = {
250 struct decap_ctx decap768 = { 275 .rank = rank,
251 .private_key = &private_key768,
252 .private_key_len = MLKEM768_PRIVATE_KEY_BYTES,
253
254 .parse_private_key = mlkem768_parse_private_key,
255 .decap = mlkem768_decap,
256 }; 276 };
257 struct MLKEM1024_private_key private_key1024;
258 struct decap_ctx decap1024 = {
259 .private_key = &private_key1024,
260 .private_key_len = MLKEM1024_PRIVATE_KEY_BYTES,
261 277
262 .parse_private_key = mlkem1024_parse_private_key, 278 if (test_type == TEST_TYPE_NORMAL)
263 .decap = mlkem1024_decap, 279 return parse_test_file(fn, &decap_parse, &decap);
264 }; 280 if (test_type == TEST_TYPE_NIST)
265 281 return parse_test_file(fn, &nist_decap_parse, &decap);
266 if (size == 768 && test_type == TEST_TYPE_NORMAL)
267 return parse_test_file(fn, &decap_parse, &decap768);
268 if (size == 768 && test_type == TEST_TYPE_NIST)
269 return parse_test_file(fn, &nist_decap_parse, &decap768);
270 if (size == 1024 && test_type == TEST_TYPE_NORMAL)
271 return parse_test_file(fn, &decap_parse, &decap1024);
272 if (size == 1024 && test_type == TEST_TYPE_NIST)
273 return parse_test_file(fn, &nist_decap_parse, &decap1024);
274 282
275 errx(1, "unknown decap test: size %zu, type %d", size, test_type); 283 errx(1, "unknown decap test: rank %d, type %d", rank, test_type);
276} 284}
277 285
278struct encap_ctx { 286struct encap_ctx {
279 struct parse *parse_ctx; 287 struct parse *parse_ctx;
280 288
281 void *public_key; 289 int rank;
282 uint8_t *ciphertext;
283 size_t ciphertext_len;
284
285 mlkem_parse_public_key_fn parse_public_key;
286 mlkem_encap_external_entropy_fn encap_external_entropy;
287}; 290};
288 291
289enum encap_states { 292enum encap_states {
@@ -349,8 +352,12 @@ static int
349MlkemEncapFileTest(struct encap_ctx *encap) 352MlkemEncapFileTest(struct encap_ctx *encap)
350{ 353{
351 struct parse *p = encap->parse_ctx; 354 struct parse *p = encap->parse_ctx;
352 uint8_t shared_secret_buf[MLKEM_SHARED_SECRET_BYTES]; 355 MLKEM_public_key *pub_key = NULL;
353 CBS entropy, public_key, ciphertext, shared_secret; 356 CBS entropy, public_key, ciphertext, shared_secret;
357 uint8_t *ciphertext_buf = NULL;
358 size_t ciphertext_buf_len = 0;
359 uint8_t *shared_secret_buf = NULL;
360 size_t shared_secret_buf_len = 0;
354 int should_fail; 361 int should_fail;
355 int failed = 1; 362 int failed = 1;
356 363
@@ -360,18 +367,34 @@ MlkemEncapFileTest(struct encap_ctx *encap)
360 parse_get_cbs(p, ENCAP_SHARED_SECRET, &shared_secret); 367 parse_get_cbs(p, ENCAP_SHARED_SECRET, &shared_secret);
361 parse_get_int(p, ENCAP_RESULT, &should_fail); 368 parse_get_int(p, ENCAP_RESULT, &should_fail);
362 369
363 if (!encap->parse_public_key(encap->public_key, &public_key)) { 370 if ((pub_key = MLKEM_public_key_new(encap->rank)) == NULL)
371 parse_errx(p, "MLKEM_public_key_new");
372
373 if (!MLKEM_parse_public_key(pub_key,
374 CBS_data(&public_key), CBS_len(&public_key))) {
364 if ((failed = !should_fail)) 375 if ((failed = !should_fail))
365 parse_info(p, "parse public key"); 376 parse_info(p, "parse public key");
366 goto err; 377 goto err;
367 } 378 }
368 encap->encap_external_entropy(encap->ciphertext, shared_secret_buf, 379 if (!MLKEM_encap_external_entropy(pub_key, CBS_data(&entropy),
369 encap->public_key, CBS_data(&entropy)); 380 &ciphertext_buf, &ciphertext_buf_len,
381 &shared_secret_buf, &shared_secret_buf_len)) {
382 if ((failed = !should_fail))
383 parse_info(p, "encap_external_entropy");
384 goto err;
385 }
386
387 if (shared_secret_buf_len != MLKEM_SHARED_SECRET_LENGTH) {
388 if ((failed = !should_fail))
389 parse_info(p, "shared secret length %zu != %d",
390 shared_secret_buf_len, MLKEM_SHARED_SECRET_LENGTH);
391 goto err;
392 }
370 393
371 failed = !parse_data_equal(p, "shared_secret", &shared_secret, 394 failed = !parse_data_equal(p, "shared_secret", &shared_secret,
372 shared_secret_buf, sizeof(shared_secret_buf)); 395 shared_secret_buf, shared_secret_buf_len);
373 failed |= !parse_data_equal(p, "ciphertext", &ciphertext, 396 failed |= !parse_data_equal(p, "ciphertext", &ciphertext,
374 encap->ciphertext, encap->ciphertext_len); 397 ciphertext_buf, ciphertext_buf_len);
375 398
376 if (should_fail != failed) { 399 if (should_fail != failed) {
377 parse_info(p, "FAIL: should_fail %d, failed %d", 400 parse_info(p, "FAIL: should_fail %d, failed %d",
@@ -380,6 +403,10 @@ MlkemEncapFileTest(struct encap_ctx *encap)
380 } 403 }
381 404
382 err: 405 err:
406 MLKEM_public_key_free(pub_key);
407 freezero(ciphertext_buf, ciphertext_buf_len);
408 freezero(shared_secret_buf, shared_secret_buf_len);
409
383 return failed; 410 return failed;
384} 411}
385 412
@@ -400,48 +427,19 @@ static const struct test_parse encap_parse = {
400}; 427};
401 428
402static int 429static int
403mlkem_encap_tests(const char *fn, size_t size) 430mlkem_encap_tests(const char *fn, int rank)
404{ 431{
405 struct MLKEM768_public_key public_key768; 432 struct encap_ctx encap = {
406 uint8_t ciphertext768[MLKEM768_CIPHERTEXT_BYTES]; 433 .rank = rank,
407 struct encap_ctx encap768 = {
408 .public_key = &public_key768,
409 .ciphertext = ciphertext768,
410 .ciphertext_len = sizeof(ciphertext768),
411
412 .parse_public_key = mlkem768_parse_public_key,
413 .encap_external_entropy = mlkem768_encap_external_entropy,
414 };
415 struct MLKEM1024_public_key public_key1024;
416 uint8_t ciphertext1024[MLKEM1024_CIPHERTEXT_BYTES];
417 struct encap_ctx encap1024 = {
418 .public_key = &public_key1024,
419 .ciphertext = ciphertext1024,
420 .ciphertext_len = sizeof(ciphertext1024),
421
422 .parse_public_key = mlkem1024_parse_public_key,
423 .encap_external_entropy = mlkem1024_encap_external_entropy,
424 }; 434 };
425 435
426 if (size == 768) 436 return parse_test_file(fn, &encap_parse, &encap);
427 return parse_test_file(fn, &encap_parse, &encap768);
428 if (size == 1024)
429 return parse_test_file(fn, &encap_parse, &encap1024);
430
431 errx(1, "unknown encap test: size %zu", size);
432} 437}
433 438
434struct keygen_ctx { 439struct keygen_ctx {
435 struct parse *parse_ctx; 440 struct parse *parse_ctx;
436 441
437 void *private_key; 442 int rank;
438 void *encoded_public_key;
439 size_t encoded_public_key_len;
440 size_t private_key_len;
441 size_t public_key_len;
442
443 mlkem_generate_key_external_entropy_fn generate_key_external_entropy;
444 mlkem_encode_private_key_fn encode_private_key;
445}; 443};
446 444
447enum keygen_states { 445enum keygen_states {
@@ -492,27 +490,38 @@ static int
492MlkemKeygenFileTest(struct keygen_ctx *keygen) 490MlkemKeygenFileTest(struct keygen_ctx *keygen)
493{ 491{
494 struct parse *p = keygen->parse_ctx; 492 struct parse *p = keygen->parse_ctx;
493 MLKEM_private_key *priv_key = NULL;
495 CBS seed, public_key, private_key; 494 CBS seed, public_key, private_key;
496 uint8_t *encoded_private_key = NULL; 495 uint8_t *encoded_private_key = NULL;
497 size_t encoded_private_key_len = 0; 496 size_t encoded_private_key_len = 0;
497 uint8_t *encoded_public_key = NULL;
498 size_t encoded_public_key_len = 0;
498 int failed = 1; 499 int failed = 1;
499 500
500 parse_get_cbs(p, KEYGEN_SEED, &seed); 501 parse_get_cbs(p, KEYGEN_SEED, &seed);
501 parse_get_cbs(p, KEYGEN_PUBLIC_KEY, &public_key); 502 parse_get_cbs(p, KEYGEN_PUBLIC_KEY, &public_key);
502 parse_get_cbs(p, KEYGEN_PRIVATE_KEY, &private_key); 503 parse_get_cbs(p, KEYGEN_PRIVATE_KEY, &private_key);
503 504
504 if (!parse_length_equal(p, "seed", MLKEM_SEED_BYTES, CBS_len(&seed))) 505 if (!parse_length_equal(p, "seed", MLKEM_SEED_LENGTH, CBS_len(&seed)))
505 goto err; 506 goto err;
507
508 if ((priv_key = MLKEM_private_key_new(keygen->rank)) == NULL)
509 parse_errx(p, "MLKEM_public_key_free");
510
511 if (!MLKEM_generate_key_external_entropy(priv_key,
512 &encoded_public_key, &encoded_public_key_len, CBS_data(&seed))) {
513 parse_info(p, "generate_key_external_entropy");
514 goto err;
515 }
516
506 if (!parse_length_equal(p, "public key", 517 if (!parse_length_equal(p, "public key",
507 keygen->public_key_len, CBS_len(&public_key))) 518 encoded_public_key_len, CBS_len(&public_key)))
508 goto err; 519 goto err;
509 if (!parse_length_equal(p, "private key", 520 if (!parse_length_equal(p, "private key",
510 keygen->private_key_len, CBS_len(&private_key))) 521 MLKEM_private_key_encoded_length(priv_key), CBS_len(&private_key)))
511 goto err; 522 goto err;
512 523
513 keygen->generate_key_external_entropy(keygen->encoded_public_key, 524 if (!MLKEM_marshal_private_key(priv_key,
514 keygen->private_key, CBS_data(&seed));
515 if (!keygen->encode_private_key(keygen->private_key,
516 &encoded_private_key, &encoded_private_key_len)) { 525 &encoded_private_key, &encoded_private_key_len)) {
517 parse_info(p, "encode private key"); 526 parse_info(p, "encode private key");
518 goto err; 527 goto err;
@@ -521,10 +530,12 @@ MlkemKeygenFileTest(struct keygen_ctx *keygen)
521 failed = !parse_data_equal(p, "private key", &private_key, 530 failed = !parse_data_equal(p, "private key", &private_key,
522 encoded_private_key, encoded_private_key_len); 531 encoded_private_key, encoded_private_key_len);
523 failed |= !parse_data_equal(p, "public key", &public_key, 532 failed |= !parse_data_equal(p, "public key", &public_key,
524 keygen->encoded_public_key, keygen->encoded_public_key_len); 533 encoded_public_key, encoded_public_key_len);
525 534
526 err: 535 err:
536 MLKEM_private_key_free(priv_key);
527 freezero(encoded_private_key, encoded_private_key_len); 537 freezero(encoded_private_key, encoded_private_key_len);
538 freezero(encoded_public_key, encoded_public_key_len);
528 539
529 return failed; 540 return failed;
530} 541}
@@ -584,12 +595,15 @@ static int
584MlkemNistKeygenFileTest(struct keygen_ctx *keygen) 595MlkemNistKeygenFileTest(struct keygen_ctx *keygen)
585{ 596{
586 struct parse *p = keygen->parse_ctx; 597 struct parse *p = keygen->parse_ctx;
598 MLKEM_private_key *priv_key = NULL;
587 CBB seed_cbb; 599 CBB seed_cbb;
588 CBS z, d, ek, dk; 600 CBS z, d, ek, dk;
589 uint8_t seed[MLKEM_SEED_BYTES]; 601 uint8_t seed[MLKEM_SEED_LENGTH];
590 size_t seed_len; 602 size_t seed_len;
591 uint8_t *encoded_private_key = NULL; 603 uint8_t *encoded_private_key = NULL;
592 size_t encoded_private_key_len = 0; 604 size_t encoded_private_key_len = 0;
605 uint8_t *encoded_public_key = NULL;
606 size_t encoded_public_key_len = 0;
593 int failed = 1; 607 int failed = 1;
594 608
595 parse_get_cbs(p, NIST_KEYGEN_Z, &z); 609 parse_get_cbs(p, NIST_KEYGEN_Z, &z);
@@ -606,24 +620,33 @@ MlkemNistKeygenFileTest(struct keygen_ctx *keygen)
606 if (!CBB_finish(&seed_cbb, NULL, &seed_len)) 620 if (!CBB_finish(&seed_cbb, NULL, &seed_len))
607 parse_errx(p, "CBB_finish"); 621 parse_errx(p, "CBB_finish");
608 622
609 if (!parse_length_equal(p, "bogus z or d", MLKEM_SEED_BYTES, seed_len)) 623 if (!parse_length_equal(p, "bogus z or d", MLKEM_SEED_LENGTH, seed_len))
610 goto err; 624 goto err;
611 625
612 keygen->generate_key_external_entropy(keygen->encoded_public_key, 626 if ((priv_key = MLKEM_private_key_new(keygen->rank)) == NULL)
613 keygen->private_key, seed); 627 parse_errx(p, "MLKEM_private_key_new");
614 if (!keygen->encode_private_key(keygen->private_key, 628
629 if (!MLKEM_generate_key_external_entropy(priv_key,
630 &encoded_public_key, &encoded_public_key_len, seed)) {
631 parse_info(p, "MLKEM_generate_key_external_entropy");
632 goto err;
633 }
634
635 if (!MLKEM_marshal_private_key(priv_key,
615 &encoded_private_key, &encoded_private_key_len)) { 636 &encoded_private_key, &encoded_private_key_len)) {
616 parse_info(p, "encode private key"); 637 parse_info(p, "encode private key");
617 goto err; 638 goto err;
618 } 639 }
619 640
620 failed = !parse_data_equal(p, "public key", &ek, 641 failed = !parse_data_equal(p, "public key", &ek,
621 keygen->encoded_public_key, keygen->encoded_public_key_len); 642 encoded_public_key, encoded_public_key_len);
622 failed |= !parse_data_equal(p, "private key", &dk, 643 failed |= !parse_data_equal(p, "private key", &dk,
623 encoded_private_key, encoded_private_key_len); 644 encoded_private_key, encoded_private_key_len);
624 645
625 err: 646 err:
647 MLKEM_private_key_free(priv_key);
626 freezero(encoded_private_key, encoded_private_key_len); 648 freezero(encoded_private_key, encoded_private_key_len);
649 freezero(encoded_public_key, encoded_public_key_len);
627 650
628 return failed; 651 return failed;
629} 652}
@@ -645,73 +668,45 @@ static const struct test_parse nist_keygen_parse = {
645}; 668};
646 669
647static int 670static int
648mlkem_keygen_tests(const char *fn, size_t size, enum test_type test_type) 671mlkem_keygen_tests(const char *fn, int rank, enum test_type test_type)
649{ 672{
650 struct MLKEM768_private_key private_key768; 673 struct keygen_ctx keygen = {
651 uint8_t encoded_public_key768[MLKEM768_PUBLIC_KEY_BYTES]; 674 .rank = rank,
652 struct keygen_ctx keygen768 = {
653 .private_key = &private_key768,
654 .encoded_public_key = encoded_public_key768,
655 .encoded_public_key_len = sizeof(encoded_public_key768),
656 .private_key_len = MLKEM768_PRIVATE_KEY_BYTES,
657 .public_key_len = MLKEM768_PUBLIC_KEY_BYTES,
658 .generate_key_external_entropy =
659 mlkem768_generate_key_external_entropy,
660 .encode_private_key =
661 mlkem768_encode_private_key,
662 };
663 struct MLKEM1024_private_key private_key1024;
664 uint8_t encoded_public_key1024[MLKEM1024_PUBLIC_KEY_BYTES];
665 struct keygen_ctx keygen1024 = {
666 .private_key = &private_key1024,
667 .encoded_public_key = encoded_public_key1024,
668 .encoded_public_key_len = sizeof(encoded_public_key1024),
669 .private_key_len = MLKEM1024_PRIVATE_KEY_BYTES,
670 .public_key_len = MLKEM1024_PUBLIC_KEY_BYTES,
671
672 .generate_key_external_entropy =
673 mlkem1024_generate_key_external_entropy,
674 .encode_private_key =
675 mlkem1024_encode_private_key,
676 }; 675 };
677 676
678 if (size == 768 && test_type == TEST_TYPE_NORMAL) 677 if (test_type == TEST_TYPE_NORMAL)
679 return parse_test_file(fn, &keygen_parse, &keygen768); 678 return parse_test_file(fn, &keygen_parse, &keygen);
680 if (size == 768 && test_type == TEST_TYPE_NIST) 679 if (test_type == TEST_TYPE_NIST)
681 return parse_test_file(fn, &nist_keygen_parse, &keygen768); 680 return parse_test_file(fn, &nist_keygen_parse, &keygen);
682 if (size == 1024 && test_type == TEST_TYPE_NORMAL)
683 return parse_test_file(fn, &keygen_parse, &keygen1024);
684 if (size == 1024 && test_type == TEST_TYPE_NIST)
685 return parse_test_file(fn, &nist_keygen_parse, &keygen1024);
686 681
687 errx(1, "unknown keygen test: size %zu, type %d", size, test_type); 682 errx(1, "unknown keygen test: rank %d, type %d", rank, test_type);
688} 683}
689 684
690static int 685static int
691run_mlkem_test(const char *test, const char *fn) 686run_mlkem_test(const char *test, const char *fn)
692{ 687{
693 if (strcmp(test, "mlkem768_decap_tests") == 0) 688 if (strcmp(test, "mlkem768_decap_tests") == 0)
694 return mlkem_decap_tests(fn, 768, TEST_TYPE_NORMAL); 689 return mlkem_decap_tests(fn, RANK768, TEST_TYPE_NORMAL);
695 if (strcmp(test, "mlkem768_nist_decap_tests") == 0) 690 if (strcmp(test, "mlkem768_nist_decap_tests") == 0)
696 return mlkem_decap_tests(fn, 768, TEST_TYPE_NIST); 691 return mlkem_decap_tests(fn, RANK768, TEST_TYPE_NIST);
697 if (strcmp(test, "mlkem1024_decap_tests") == 0) 692 if (strcmp(test, "mlkem1024_decap_tests") == 0)
698 return mlkem_decap_tests(fn, 1024, TEST_TYPE_NORMAL); 693 return mlkem_decap_tests(fn, RANK1024, TEST_TYPE_NORMAL);
699 if (strcmp(test, "mlkem1024_nist_decap_tests") == 0) 694 if (strcmp(test, "mlkem1024_nist_decap_tests") == 0)
700 return mlkem_decap_tests(fn, 1024, TEST_TYPE_NIST); 695 return mlkem_decap_tests(fn, RANK1024, TEST_TYPE_NIST);
701 696
702 if (strcmp(test, "mlkem768_encap_tests") == 0) 697 if (strcmp(test, "mlkem768_encap_tests") == 0)
703 return mlkem_encap_tests(fn, 768); 698 return mlkem_encap_tests(fn, RANK768);
704 if (strcmp(test, "mlkem1024_encap_tests") == 0) 699 if (strcmp(test, "mlkem1024_encap_tests") == 0)
705 return mlkem_encap_tests(fn, 1024); 700 return mlkem_encap_tests(fn, RANK1024);
706 701
707 if (strcmp(test, "mlkem768_keygen_tests") == 0) 702 if (strcmp(test, "mlkem768_keygen_tests") == 0)
708 return mlkem_keygen_tests(fn, 768, TEST_TYPE_NORMAL); 703 return mlkem_keygen_tests(fn, RANK768, TEST_TYPE_NORMAL);
709 if (strcmp(test, "mlkem768_nist_keygen_tests") == 0) 704 if (strcmp(test, "mlkem768_nist_keygen_tests") == 0)
710 return mlkem_keygen_tests(fn, 768, TEST_TYPE_NIST); 705 return mlkem_keygen_tests(fn, RANK768, TEST_TYPE_NIST);
711 if (strcmp(test, "mlkem1024_keygen_tests") == 0) 706 if (strcmp(test, "mlkem1024_keygen_tests") == 0)
712 return mlkem_keygen_tests(fn, 1024, TEST_TYPE_NORMAL); 707 return mlkem_keygen_tests(fn, RANK1024, TEST_TYPE_NORMAL);
713 if (strcmp(test, "mlkem1024_nist_keygen_tests") == 0) 708 if (strcmp(test, "mlkem1024_nist_keygen_tests") == 0)
714 return mlkem_keygen_tests(fn, 1024, TEST_TYPE_NIST); 709 return mlkem_keygen_tests(fn, RANK1024, TEST_TYPE_NIST);
715 710
716 errx(1, "unknown test %s (test file %s)", test, fn); 711 errx(1, "unknown test %s (test file %s)", test, fn);
717} 712}
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
index 1bb2ed3a8b..d2e0fbd7c7 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_tests_util.c,v 1.5 2024/12/26 00:04:24 tb Exp $ */ 1/* $OpenBSD: mlkem_tests_util.c,v 1.10 2025/08/15 14:47:54 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -22,11 +22,6 @@
22#include <stdio.h> 22#include <stdio.h>
23#include <string.h> 23#include <string.h>
24 24
25#include "bytestring.h"
26#include "mlkem.h"
27
28#include "mlkem_internal.h"
29
30#include "mlkem_tests_util.h" 25#include "mlkem_tests_util.h"
31 26
32static void 27static void
@@ -59,209 +54,3 @@ compare_data(const uint8_t *want, const uint8_t *got, size_t len, const char *ms
59 54
60 return 1; 55 return 1;
61} 56}
62
63int
64mlkem768_encode_private_key(const void *private_key, uint8_t **out_buf,
65 size_t *out_len)
66{
67 CBB cbb;
68 int ret = 0;
69
70 if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
71 goto err;
72 if (!MLKEM768_marshal_private_key(&cbb, private_key))
73 goto err;
74 if (!CBB_finish(&cbb, out_buf, out_len))
75 goto err;
76
77 ret = 1;
78
79 err:
80 CBB_cleanup(&cbb);
81
82 return ret;
83}
84
85int
86mlkem768_encode_public_key(const void *public_key, uint8_t **out_buf,
87 size_t *out_len)
88{
89 CBB cbb;
90 int ret = 0;
91
92 if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
93 goto err;
94 if (!MLKEM768_marshal_public_key(&cbb, public_key))
95 goto err;
96 if (!CBB_finish(&cbb, out_buf, out_len))
97 goto err;
98
99 ret = 1;
100
101 err:
102 CBB_cleanup(&cbb);
103
104 return ret;
105}
106
107int
108mlkem1024_encode_private_key(const void *private_key, uint8_t **out_buf,
109 size_t *out_len)
110{
111 CBB cbb;
112 int ret = 0;
113
114 if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
115 goto err;
116 if (!MLKEM1024_marshal_private_key(&cbb, private_key))
117 goto err;
118 if (!CBB_finish(&cbb, out_buf, out_len))
119 goto err;
120
121 ret = 1;
122
123 err:
124 CBB_cleanup(&cbb);
125
126 return ret;
127}
128
129int
130mlkem1024_encode_public_key(const void *public_key, uint8_t **out_buf,
131 size_t *out_len)
132{
133 CBB cbb;
134 int ret = 0;
135
136 if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
137 goto err;
138 if (!MLKEM1024_marshal_public_key(&cbb, public_key))
139 goto err;
140 if (!CBB_finish(&cbb, out_buf, out_len))
141 goto err;
142
143 ret = 1;
144
145 err:
146 CBB_cleanup(&cbb);
147
148 return ret;
149}
150
151int
152mlkem768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
153 const uint8_t *ciphertext, size_t ciphertext_len, const void *private_key)
154{
155 return MLKEM768_decap(out_shared_secret, ciphertext, ciphertext_len,
156 private_key);
157}
158
159void
160mlkem768_encap(uint8_t *out_ciphertext,
161 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
162 const void *public_key)
163{
164 MLKEM768_encap(out_ciphertext, out_shared_secret, public_key);
165}
166
167void
168mlkem768_encap_external_entropy(uint8_t *out_ciphertext,
169 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
170 const void *public_key, const uint8_t entropy[MLKEM_ENCAP_ENTROPY])
171{
172 MLKEM768_encap_external_entropy(out_ciphertext, out_shared_secret,
173 public_key, entropy);
174}
175
176void
177mlkem768_generate_key(uint8_t *out_encoded_public_key,
178 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key)
179{
180 MLKEM768_generate_key(out_encoded_public_key, optional_out_seed,
181 out_private_key);
182}
183
184void
185mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
186 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES])
187{
188 MLKEM768_generate_key_external_entropy(out_encoded_public_key,
189 out_private_key, entropy);
190}
191
192int
193mlkem768_parse_private_key(void *out_private_key, CBS *private_key_cbs)
194{
195 return MLKEM768_parse_private_key(out_private_key, private_key_cbs);
196}
197
198int
199mlkem768_parse_public_key(void *out_public_key, CBS *public_key_cbs)
200{
201 return MLKEM768_parse_public_key(out_public_key, public_key_cbs);
202}
203
204void
205mlkem768_public_from_private(void *out_public_key, const void *private_key)
206{
207 MLKEM768_public_from_private(out_public_key, private_key);
208}
209
210int
211mlkem1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
212 const uint8_t *ciphertext, size_t ciphertext_len, const void *private_key)
213{
214 return MLKEM1024_decap(out_shared_secret, ciphertext, ciphertext_len,
215 private_key);
216}
217
218void
219mlkem1024_encap(uint8_t *out_ciphertext,
220 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
221 const void *public_key)
222{
223 MLKEM1024_encap(out_ciphertext, out_shared_secret, public_key);
224}
225
226void
227mlkem1024_encap_external_entropy(uint8_t *out_ciphertext,
228 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
229 const void *public_key, const uint8_t entropy[MLKEM_ENCAP_ENTROPY])
230{
231 MLKEM1024_encap_external_entropy(out_ciphertext, out_shared_secret,
232 public_key, entropy);
233}
234
235void
236mlkem1024_generate_key(uint8_t *out_encoded_public_key,
237 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key)
238{
239 MLKEM1024_generate_key(out_encoded_public_key, optional_out_seed,
240 out_private_key);
241}
242
243void
244mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
245 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES])
246{
247 MLKEM1024_generate_key_external_entropy(out_encoded_public_key,
248 out_private_key, entropy);
249}
250
251int
252mlkem1024_parse_private_key(void *out_private_key, CBS *private_key_cbs)
253{
254 return MLKEM1024_parse_private_key(out_private_key, private_key_cbs);
255}
256
257void
258mlkem1024_public_from_private(void *out_public_key, const void *private_key)
259{
260 MLKEM1024_public_from_private(out_public_key, private_key);
261}
262
263int
264mlkem1024_parse_public_key(void *out_public_key, CBS *public_key_cbs)
265{
266 return MLKEM1024_parse_public_key(out_public_key, public_key_cbs);
267}
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
index 7fbe6f76a9..514a309112 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_tests_util.h,v 1.4 2024/12/26 00:04:24 tb Exp $ */ 1/* $OpenBSD: mlkem_tests_util.h,v 1.9 2025/08/15 14:47:54 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 3 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -22,68 +22,7 @@
22#include <stddef.h> 22#include <stddef.h>
23#include <stdint.h> 23#include <stdint.h>
24 24
25#include "bytestring.h"
26
27#include "mlkem.h"
28#include "mlkem_internal.h"
29
30int compare_data(const uint8_t *want, const uint8_t *got, size_t len, 25int compare_data(const uint8_t *want, const uint8_t *got, size_t len,
31 const char *msg); 26 const char *msg);
32 27
33int mlkem768_encode_private_key(const void *priv, uint8_t **out_buf,
34 size_t *out_len);
35int mlkem768_encode_public_key(const void *pub, uint8_t **out_buf,
36 size_t *out_len);
37int mlkem1024_encode_private_key(const void *priv, uint8_t **out_buf,
38 size_t *out_len);
39int mlkem1024_encode_public_key(const void *pub, uint8_t **out_buf,
40 size_t *out_len);
41
42int mlkem768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
43 const uint8_t *ciphertext, size_t ciphertext_len, const void *priv);
44void mlkem768_encap(uint8_t *out_ciphertext,
45 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub);
46void mlkem768_encap_external_entropy(uint8_t *out_ciphertext,
47 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub,
48 const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
49void mlkem768_generate_key(uint8_t *out_encoded_public_key,
50 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key);
51void mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
52 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES]);
53int mlkem768_parse_private_key(void *priv, CBS *private_key_cbs);
54int mlkem768_parse_public_key(void *pub, CBS *in);
55void mlkem768_public_from_private(void *out_public_key, const void *private_key);
56
57int mlkem1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
58 const uint8_t *ciphertext, size_t ciphertext_len, const void *priv);
59void mlkem1024_encap(uint8_t *out_ciphertext,
60 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub);
61void mlkem1024_encap_external_entropy(uint8_t *out_ciphertext,
62 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub,
63 const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
64void mlkem1024_generate_key(uint8_t *out_encoded_public_key,
65 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key);
66void mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
67 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES]);
68int mlkem1024_parse_private_key(void *priv, CBS *private_key_cbs);
69int mlkem1024_parse_public_key(void *pub, CBS *in);
70void mlkem1024_public_from_private(void *out_public_key, const void *private_key);
71
72typedef int (*mlkem_encode_private_key_fn)(const void *, uint8_t **, size_t *);
73typedef int (*mlkem_encode_public_key_fn)(const void *, uint8_t **, size_t *);
74typedef int (*mlkem_decap_fn)(uint8_t [MLKEM_SHARED_SECRET_BYTES],
75 const uint8_t *, size_t, const void *);
76typedef void (*mlkem_encap_fn)(uint8_t *, uint8_t [MLKEM_SHARED_SECRET_BYTES],
77 const void *);
78typedef void (*mlkem_encap_external_entropy_fn)(uint8_t *,
79 uint8_t [MLKEM_SHARED_SECRET_BYTES], const void *,
80 const uint8_t [MLKEM_ENCAP_ENTROPY]);
81typedef void (*mlkem_generate_key_fn)(uint8_t *, uint8_t *, void *);
82typedef void (*mlkem_generate_key_external_entropy_fn)(uint8_t *, void *,
83 const uint8_t [MLKEM_SEED_BYTES]);
84typedef int (*mlkem_parse_private_key_fn)(void *, CBS *);
85typedef int (*mlkem_parse_public_key_fn)(void *, CBS *);
86typedef void (*mlkem_public_from_private_fn)(void *out_public_key,
87 const void *private_key);
88
89#endif /* MLKEM_TEST_UTIL_H */ 28#endif /* MLKEM_TEST_UTIL_H */
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
index 23b3d8b261..f802324189 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_unittest.c,v 1.6 2024/12/26 12:35:25 tb Exp $ */ 1/* $OpenBSD: mlkem_unittest.c,v 1.15 2025/08/17 19:26:35 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -22,132 +22,201 @@
22#include <stdlib.h> 22#include <stdlib.h>
23#include <string.h> 23#include <string.h>
24 24
25#include "bytestring.h" 25#include <openssl/mlkem.h>
26#include "mlkem.h"
27 26
27#include "mlkem_internal.h"
28#include "mlkem_tests_util.h" 28#include "mlkem_tests_util.h"
29 29
30struct unittest_ctx {
31 void *priv;
32 void *pub;
33 void *priv2;
34 void *pub2;
35 uint8_t *encoded_public_key;
36 size_t encoded_public_key_len;
37 uint8_t *ciphertext;
38 size_t ciphertext_len;
39 mlkem_decap_fn decap;
40 mlkem_encap_fn encap;
41 mlkem_generate_key_fn generate_key;
42 mlkem_parse_private_key_fn parse_private_key;
43 mlkem_parse_public_key_fn parse_public_key;
44 mlkem_encode_private_key_fn encode_private_key;
45 mlkem_encode_public_key_fn encode_public_key;
46 mlkem_public_from_private_fn public_from_private;
47};
48
49static int 30static int
50MlKemUnitTest(struct unittest_ctx *ctx) 31MlKemUnitTest(int rank)
51{ 32{
52 uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES]; 33 MLKEM_private_key *priv = NULL, *priv2 = NULL, *priv3 = NULL;
53 uint8_t shared_secret2[MLKEM_SHARED_SECRET_BYTES]; 34 MLKEM_public_key *pub = NULL, *pub2 = NULL, *pub3 = NULL;
35 uint8_t *encoded_public_key = NULL, *ciphertext = NULL,
36 *shared_secret2 = NULL, *shared_secret1 = NULL,
37 *encoded_private_key = NULL, *tmp_buf = NULL, *seed_buf = NULL;
38 size_t encoded_public_key_len, ciphertext_len,
39 encoded_private_key_len, tmp_buf_len;
54 uint8_t first_two_bytes[2]; 40 uint8_t first_two_bytes[2];
55 uint8_t *encoded_private_key = NULL, *tmp_buf = NULL; 41 size_t s_len = 0;
56 size_t encoded_private_key_len, tmp_buf_len;
57 CBS cbs;
58 int failed = 0; 42 int failed = 0;
59 43
60 ctx->generate_key(ctx->encoded_public_key, NULL, ctx->priv); 44 if ((pub = MLKEM_public_key_new(rank)) == NULL) {
45 warnx("public_key_new");
46 failed |= 1;
47 }
48
49 if ((pub2 = MLKEM_public_key_new(rank)) == NULL) {
50 warnx("public_key_new");
51 failed |= 1;
52 }
53
54 if ((priv = MLKEM_private_key_new(rank)) == NULL) {
55 warnx("private_key_new");
56 failed |= 1;
57 }
58
59 if ((priv2 = MLKEM_private_key_new(rank)) == NULL) {
60 warnx("private_key_new");
61 failed |= 1;
62 }
63
64 if (!MLKEM_generate_key(priv, &encoded_public_key,
65 &encoded_public_key_len, &seed_buf, &s_len)) {
66 warnx("generate_key failed");
67 failed |= 1;
68 }
69
70 if (s_len != MLKEM_SEED_LENGTH) {
71 warnx("seed length %zu != %d", s_len, MLKEM_SEED_LENGTH);
72 failed |= 1;
73 }
74
75 if ((priv3 = MLKEM_private_key_new(rank)) == NULL) {
76 warnx("private_key_new");
77 failed |= 1;
78 }
79
80 if ((pub3 = MLKEM_public_key_new(rank)) == NULL) {
81 warnx("public_key_new");
82 failed |= 1;
83 }
61 84
62 memcpy(first_two_bytes, ctx->encoded_public_key, sizeof(first_two_bytes)); 85 if (!MLKEM_private_key_from_seed(priv3, seed_buf, s_len)) {
63 memset(ctx->encoded_public_key, 0xff, sizeof(first_two_bytes)); 86 warnx("private_key_from_seed failed");
87 failed |= 1;
88 }
89
90 free(seed_buf);
91 seed_buf = NULL;
64 92
65 CBS_init(&cbs, ctx->encoded_public_key, ctx->encoded_public_key_len); 93 if (!MLKEM_public_from_private(priv3, pub3)) {
94 warnx("public_from_private");
95 failed |= 1;
96 }
97
98 memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
99 memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
66 100
67 /* Parsing should fail because the first coefficient is >= kPrime. */ 101 /* Parsing should fail because the first coefficient is >= kPrime. */
68 if (ctx->parse_public_key(ctx->pub, &cbs)) { 102 if (MLKEM_parse_public_key(pub, encoded_public_key,
103 encoded_public_key_len)) {
69 warnx("parse_public_key should have failed"); 104 warnx("parse_public_key should have failed");
70 failed |= 1; 105 failed |= 1;
71 } 106 }
72 107
73 memcpy(ctx->encoded_public_key, first_two_bytes, sizeof(first_two_bytes)); 108 memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
74 CBS_init(&cbs, ctx->encoded_public_key, ctx->encoded_public_key_len); 109
75 if (!ctx->parse_public_key(ctx->pub, &cbs)) { 110 MLKEM_public_key_free(pub);
76 warnx("MLKEM768_parse_public_key"); 111 if ((pub = MLKEM_public_key_new(rank)) == NULL) {
112 warnx("public_key_new");
113 failed |= 1;
114 }
115 if (!MLKEM_parse_public_key(pub, encoded_public_key,
116 encoded_public_key_len)) {
117 warnx("MLKEM_parse_public_key");
77 failed |= 1; 118 failed |= 1;
78 } 119 }
79 120
80 if (CBS_len(&cbs) != 0u) { 121 if (!MLKEM_marshal_public_key(pub, &tmp_buf, &tmp_buf_len)) {
81 warnx("CBS_len must be 0"); 122 warnx("marshal_public_key");
123 failed |= 1;
124 }
125 if (encoded_public_key_len != tmp_buf_len) {
126 warnx("encoded public key lengths differ %d != %d",
127 (int) encoded_public_key_len, (int) tmp_buf_len);
82 failed |= 1; 128 failed |= 1;
83 } 129 }
84 130
85 if (!ctx->encode_public_key(ctx->pub, &tmp_buf, &tmp_buf_len)) { 131 if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len,
86 warnx("encode_public_key"); 132 "encoded public keys") != 0) {
133 warnx("compare_data");
87 failed |= 1; 134 failed |= 1;
88 } 135 }
89 if (ctx->encoded_public_key_len != tmp_buf_len) { 136 free(tmp_buf);
90 warnx("encoded public key lengths differ"); 137 tmp_buf = NULL;
138 tmp_buf_len = 0;
139
140 if (!MLKEM_marshal_public_key(pub3, &tmp_buf, &tmp_buf_len)) {
141 warnx("marshal_public_key");
142 failed |= 1;
143 }
144 if (encoded_public_key_len != tmp_buf_len) {
145 warnx("encoded public key lengths differ %d != %d",
146 (int) encoded_public_key_len, (int) tmp_buf_len);
91 failed |= 1; 147 failed |= 1;
92 } 148 }
93 149
94 if (compare_data(ctx->encoded_public_key, tmp_buf, tmp_buf_len, 150 if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len,
95 "encoded public keys") != 0) { 151 "encoded public keys") != 0) {
96 warnx("compare_data"); 152 warnx("compare_data");
97 failed |= 1; 153 failed |= 1;
98 } 154 }
99 free(tmp_buf); 155 free(tmp_buf);
100 tmp_buf = NULL; 156 tmp_buf = NULL;
157 tmp_buf_len = 0;
101 158
102 ctx->public_from_private(ctx->pub2, ctx->priv); 159 if (!MLKEM_public_from_private(priv, pub2)) {
103 if (!ctx->encode_public_key(ctx->pub2, &tmp_buf, &tmp_buf_len)) { 160 warnx("public_from_private");
104 warnx("encode_public_key"); 161 failed |= 1;
162 }
163 if (!MLKEM_marshal_public_key(pub2, &tmp_buf, &tmp_buf_len)) {
164 warnx("marshal_public_key");
105 failed |= 1; 165 failed |= 1;
106 } 166 }
107 if (ctx->encoded_public_key_len != tmp_buf_len) { 167 if (encoded_public_key_len != tmp_buf_len) {
108 warnx("encoded public key lengths differ"); 168 warnx("encoded public key lengths differ %d %d",
169 (int) encoded_public_key_len, (int) tmp_buf_len);
109 failed |= 1; 170 failed |= 1;
110 } 171 }
111 172
112 if (compare_data(ctx->encoded_public_key, tmp_buf, tmp_buf_len, 173 if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len,
113 "encoded public keys") != 0) { 174 "encoded public keys") != 0) {
114 warnx("compare_data"); 175 warnx("compare_data");
115 failed |= 1; 176 failed |= 1;
116 } 177 }
117 free(tmp_buf); 178 free(tmp_buf);
118 tmp_buf = NULL; 179 tmp_buf = NULL;
180 tmp_buf_len = 0;
119 181
120 if (!ctx->encode_private_key(ctx->priv, &encoded_private_key, 182 if (!MLKEM_marshal_private_key(priv, &encoded_private_key,
121 &encoded_private_key_len)) { 183 &encoded_private_key_len)) {
122 warnx("mlkem768_encode_private_key"); 184 warnx("marshal_private_key");
123 failed |= 1; 185 failed |= 1;
124 } 186 }
125 187
126 memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes)); 188 memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
127 memset(encoded_private_key, 0xff, sizeof(first_two_bytes)); 189 memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
128 CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
129 190
130 /* Parsing should fail because the first coefficient is >= kPrime. */ 191 /* Parsing should fail because the first coefficient is >= kPrime. */
131 if (ctx->parse_private_key(ctx->priv2, &cbs)) { 192 if (MLKEM_parse_private_key(priv2, encoded_private_key,
132 warnx("MLKEM768_parse_private_key should have failed"); 193 encoded_private_key_len)) {
194 warnx("parse_private_key should have failed");
133 failed |= 1; 195 failed |= 1;
134 } 196 }
135 197
136 memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes)); 198 memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
137 CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
138 199
139 if (!ctx->parse_private_key(ctx->priv2, &cbs)) { 200 MLKEM_private_key_free(priv2);
140 warnx("MLKEM768_parse_private_key"); 201 priv2 = NULL;
202
203 if ((priv2 = MLKEM_private_key_new(rank)) == NULL) {
204 warnx("private_key_new");
205 failed |= 1;
206 }
207 if (!MLKEM_parse_private_key(priv2, encoded_private_key,
208 encoded_private_key_len)) {
209 warnx("parse_private_key");
141 failed |= 1; 210 failed |= 1;
142 } 211 }
143 212
144 if (!ctx->encode_private_key(ctx->priv2, &tmp_buf, &tmp_buf_len)) { 213 if (!MLKEM_marshal_private_key(priv2, &tmp_buf, &tmp_buf_len)) {
145 warnx("encode_private_key"); 214 warnx("marshal_private_key");
146 failed |= 1; 215 failed |= 1;
147 } 216 }
148 217
149 if (encoded_private_key_len != tmp_buf_len) { 218 if (encoded_private_key_len != tmp_buf_len) {
150 warnx("encode private key lengths differ"); 219 warnx("encoded private key lengths differ");
151 failed |= 1; 220 failed |= 1;
152 } 221 }
153 222
@@ -160,100 +229,79 @@ MlKemUnitTest(struct unittest_ctx *ctx)
160 free(tmp_buf); 229 free(tmp_buf);
161 tmp_buf = NULL; 230 tmp_buf = NULL;
162 231
163 ctx->encap(ctx->ciphertext, shared_secret1, ctx->pub); 232 if (!MLKEM_encap(pub, &ciphertext, &ciphertext_len, &shared_secret1,
164 ctx->decap(shared_secret2, ctx->ciphertext, ctx->ciphertext_len, 233 &s_len)) {
165 ctx->priv); 234 warnx("encap failed using pub");
166 if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, 235 failed |= 1;
236 }
237
238 if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
239 warnx("seed length %zu != %d", s_len,
240 MLKEM_SHARED_SECRET_LENGTH);
241 failed |= 1;
242 }
243
244 if (!MLKEM_decap(priv, ciphertext, ciphertext_len,
245 &shared_secret2, &s_len)) {
246 warnx("decap() failed using priv");
247 failed |= 1;
248 }
249
250 if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
251 warnx("seed length %zu != %d", s_len,
252 MLKEM_SHARED_SECRET_LENGTH);
253 failed |= 1;
254 }
255
256 if (compare_data(shared_secret1, shared_secret2, s_len,
167 "shared secrets with priv") != 0) { 257 "shared secrets with priv") != 0) {
168 warnx("compare_data"); 258 warnx("compare_data");
169 failed |= 1; 259 failed |= 1;
170 } 260 }
171 261
172 ctx->decap(shared_secret2, ctx->ciphertext, ctx->ciphertext_len, 262 free(shared_secret2);
173 ctx->priv2); 263 shared_secret2 = NULL;
174 if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, 264
265 if (!MLKEM_decap(priv2, ciphertext, ciphertext_len,
266 &shared_secret2, &s_len)){
267 warnx("decap() failed using priv2");
268 failed |= 1;
269 }
270
271 if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
272 warnx("seed length %zu != %d", s_len,
273 MLKEM_SHARED_SECRET_LENGTH);
274 failed |= 1;
275 }
276
277 if (compare_data(shared_secret1, shared_secret2, s_len,
175 "shared secrets with priv2") != 0) { 278 "shared secrets with priv2") != 0) {
176 warnx("compare_data"); 279 warnx("compare_data");
177 failed |= 1; 280 failed |= 1;
178 } 281 }
179 282
283 MLKEM_public_key_free(pub);
284 MLKEM_public_key_free(pub2);
285 MLKEM_public_key_free(pub3);
286 MLKEM_private_key_free(priv);
287 MLKEM_private_key_free(priv2);
288 MLKEM_private_key_free(priv3);
289 free(encoded_public_key);
290 free(ciphertext);
180 free(encoded_private_key); 291 free(encoded_private_key);
292 free(shared_secret1);
293 free(shared_secret2);
181 294
182 return failed; 295 return failed;
183} 296}
184 297
185static int
186mlkem768_unittest(void)
187{
188 struct MLKEM768_private_key mlkem768_priv, mlkem768_priv2;
189 struct MLKEM768_public_key mlkem768_pub, mlkem768_pub2;
190 uint8_t mlkem768_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];
191 uint8_t mlkem768_ciphertext[MLKEM768_CIPHERTEXT_BYTES];
192 struct unittest_ctx mlkem768_test = {
193 .priv = &mlkem768_priv,
194 .pub = &mlkem768_pub,
195 .priv2 = &mlkem768_priv2,
196 .pub2 = &mlkem768_pub2,
197 .encoded_public_key = mlkem768_encoded_public_key,
198 .encoded_public_key_len = sizeof(mlkem768_encoded_public_key),
199 .ciphertext = mlkem768_ciphertext,
200 .ciphertext_len = sizeof(mlkem768_ciphertext),
201 .decap = mlkem768_decap,
202 .encap = mlkem768_encap,
203 .generate_key = mlkem768_generate_key,
204 .parse_private_key = mlkem768_parse_private_key,
205 .parse_public_key = mlkem768_parse_public_key,
206 .encode_private_key = mlkem768_encode_private_key,
207 .encode_public_key = mlkem768_encode_public_key,
208 .public_from_private = mlkem768_public_from_private,
209 };
210
211 return MlKemUnitTest(&mlkem768_test);
212}
213
214static int
215mlkem1024_unittest(void)
216{
217 struct MLKEM1024_private_key mlkem1024_priv, mlkem1024_priv2;
218 struct MLKEM1024_public_key mlkem1024_pub, mlkem1024_pub2;
219 uint8_t mlkem1024_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES];
220 uint8_t mlkem1024_ciphertext[MLKEM1024_CIPHERTEXT_BYTES];
221 struct unittest_ctx mlkem1024_test = {
222 .priv = &mlkem1024_priv,
223 .pub = &mlkem1024_pub,
224 .priv2 = &mlkem1024_priv2,
225 .pub2 = &mlkem1024_pub2,
226 .encoded_public_key = mlkem1024_encoded_public_key,
227 .encoded_public_key_len = sizeof(mlkem1024_encoded_public_key),
228 .ciphertext = mlkem1024_ciphertext,
229 .ciphertext_len = sizeof(mlkem1024_ciphertext),
230 .decap = mlkem1024_decap,
231 .encap = mlkem1024_encap,
232 .generate_key = mlkem1024_generate_key,
233 .parse_private_key = mlkem1024_parse_private_key,
234 .parse_public_key = mlkem1024_parse_public_key,
235 .encode_private_key = mlkem1024_encode_private_key,
236 .encode_public_key = mlkem1024_encode_public_key,
237 .public_from_private = mlkem1024_public_from_private,
238 };
239
240 return MlKemUnitTest(&mlkem1024_test);
241}
242
243int 298int
244main(void) 299main(void)
245{ 300{
246 int failed = 0; 301 int failed = 0;
247 302
248 /* 303 failed |= MlKemUnitTest(RANK768);
249 * XXX - this is split into two helper functions since having a few 304 failed |= MlKemUnitTest(RANK1024);
250 * ML-KEM key blobs on the stack makes Emscripten's stack explode,
251 * leading to inscrutable silent failures unles ASAN is enabled.
252 * Go figure.
253 */
254
255 failed |= mlkem768_unittest();
256 failed |= mlkem1024_unittest();
257 305
258 return failed; 306 return failed;
259} 307}
diff --git a/src/regress/lib/libcrypto/mlkem/parse_test_file.c b/src/regress/lib/libcrypto/mlkem/parse_test_file.c
index 19f03439e2..9f3e5f3a1a 100644
--- a/src/regress/lib/libcrypto/mlkem/parse_test_file.c
+++ b/src/regress/lib/libcrypto/mlkem/parse_test_file.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: parse_test_file.c,v 1.3 2024/12/27 11:17:48 tb Exp $ */ 1/* $OpenBSD: parse_test_file.c,v 1.6 2025/06/03 10:29:37 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -47,6 +47,8 @@ static void
47line_data_clear(struct line_data *ld) 47line_data_clear(struct line_data *ld)
48{ 48{
49 freezero(ld->data, ld->data_len); 49 freezero(ld->data, ld->data_len);
50 /* The dereference isn't enough for silly old gcc 14. */
51 assert(ld != NULL);
50 explicit_bzero(ld, sizeof(*ld)); 52 explicit_bzero(ld, sizeof(*ld));
51} 53}
52 54
@@ -644,7 +646,8 @@ parse_reinit(struct parse *p)
644 p->state.running_test_case = 0; 646 p->state.running_test_case = 0;
645 parse_line_data_clear(p); 647 parse_line_data_clear(p);
646 tctx->finish(p->ctx); 648 tctx->finish(p->ctx);
647 tctx->init(p->ctx, p); 649 if (!tctx->init(p->ctx, p))
650 parse_errx(p, "init failed");
648} 651}
649 652
650static int 653static int
@@ -706,7 +709,8 @@ parse_init(struct parse *p, const char *fn, const struct test_parse *tctx,
706 parse_state_init(&p->state, tctx->num_states, tctx->num_instructions); 709 parse_state_init(&p->state, tctx->num_states, tctx->num_instructions);
707 p->tctx = tctx; 710 p->tctx = tctx;
708 p->ctx = ctx; 711 p->ctx = ctx;
709 tctx->init(ctx, p); 712 if (!tctx->init(p->ctx, p))
713 parse_errx(p, "init failed");
710} 714}
711 715
712static int 716static int
@@ -732,7 +736,10 @@ parse_next_line(struct parse *p)
732static void 736static void
733parse_finish(struct parse *p) 737parse_finish(struct parse *p)
734{ 738{
739 const struct test_parse *tctx = p->tctx;
740
735 parse_state_finish(&p->state); 741 parse_state_finish(&p->state);
742 tctx->finish(p->ctx);
736 743
737 free(p->buf); 744 free(p->buf);
738 745
diff --git a/src/regress/lib/libcrypto/rsa/rsa_method_test.c b/src/regress/lib/libcrypto/rsa/rsa_method_test.c
index d9c1cc4f9a..9d0a4c3592 100644
--- a/src/regress/lib/libcrypto/rsa/rsa_method_test.c
+++ b/src/regress/lib/libcrypto/rsa/rsa_method_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_method_test.c,v 1.5 2025/01/05 18:21:36 tb Exp $ */ 1/* $OpenBSD: rsa_method_test.c,v 1.6 2025/08/26 05:07:50 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
@@ -221,7 +221,7 @@ sign_and_verify_test(void)
221 errx(1, "%s: RSA_set_ex_data", __func__); 221 errx(1, "%s: RSA_set_ex_data", __func__);
222 222
223 if ((sign_verify_method = RSA_meth_dup(RSA_get_default_method())) == NULL) 223 if ((sign_verify_method = RSA_meth_dup(RSA_get_default_method())) == NULL)
224 errx(1, "%s: RSA_get_default_method", __func__); 224 errx(1, "%s: RSA_meth_dup", __func__);
225 if (!RSA_meth_set0_app_data(sign_verify_method, rsa_priv)) 225 if (!RSA_meth_set0_app_data(sign_verify_method, rsa_priv))
226 errx(1, "%s: RSA_meth_set0_app_data", __func__); 226 errx(1, "%s: RSA_meth_set0_app_data", __func__);
227 227
diff --git a/src/regress/lib/libcrypto/sha/Makefile b/src/regress/lib/libcrypto/sha/Makefile
index 6ec223116d..c6ab0398ba 100644
--- a/src/regress/lib/libcrypto/sha/Makefile
+++ b/src/regress/lib/libcrypto/sha/Makefile
@@ -1,9 +1,15 @@
1# $OpenBSD: Makefile,v 1.5 2022/09/01 14:02:41 tb Exp $ 1# $OpenBSD: Makefile,v 1.6 2025/05/22 03:35:40 joshua Exp $
2 2
3PROG = sha_test 3PROG = sha_test
4LDADD = -lcrypto 4LDADD = -lcrypto
5DPADD = ${LIBCRYPTO} 5DPADD = ${LIBCRYPTO}
6WARNINGS = Yes 6WARNINGS = Yes
7CFLAGS += -DLIBRESSL_INTERNAL -Werror 7CFLAGS += -DLIBRESSL_INTERNAL -Werror
8CFLAGS += -I${.CURDIR}/../test
9SRCS += sha_test.c
10SRCS += test.c
11SRCS += test_util.c
12
13.PATH: ${.CURDIR}/../test
8 14
9.include <bsd.regress.mk> 15.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha/sha_test.c b/src/regress/lib/libcrypto/sha/sha_test.c
index 82a0c4cceb..904924c890 100644
--- a/src/regress/lib/libcrypto/sha/sha_test.c
+++ b/src/regress/lib/libcrypto/sha/sha_test.c
@@ -1,6 +1,6 @@
1/* $OpenBSD: sha_test.c,v 1.6 2023/07/19 15:11:42 joshua Exp $ */ 1/* $OpenBSD: sha_test.c,v 1.7 2025/05/22 03:35:40 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2022, 2023 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022, 2023, 2025 Joshua Sing <joshua@joshuasing.dev>
4 * 4 *
5 * Permission to use, copy, modify, and distribute this software for any 5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above 6 * purpose with or without fee is hereby granted, provided that the above
@@ -21,6 +21,8 @@
21#include <stdint.h> 21#include <stdint.h>
22#include <string.h> 22#include <string.h>
23 23
24#include "test.h"
25
24struct sha_test { 26struct sha_test {
25 const int algorithm; 27 const int algorithm;
26 const uint8_t in[128]; 28 const uint8_t in[128];
@@ -677,260 +679,240 @@ typedef unsigned char *(*sha_hash_func)(const unsigned char *, size_t,
677 unsigned char *); 679 unsigned char *);
678 680
679static int 681static int
680sha_hash_from_algorithm(int algorithm, const char **out_label, 682sha_hash_from_algorithm(int algorithm, sha_hash_func *out_func,
681 sha_hash_func *out_func, const EVP_MD **out_md, size_t *out_len) 683 const EVP_MD **out_md)
682{ 684{
683 const char *label;
684 sha_hash_func sha_func; 685 sha_hash_func sha_func;
685 const EVP_MD *md; 686 const EVP_MD *md;
686 size_t len;
687 687
688 switch (algorithm) { 688 switch (algorithm) {
689 case NID_sha1: 689 case NID_sha1:
690 label = SN_sha1;
691 sha_func = SHA1; 690 sha_func = SHA1;
692 md = EVP_sha1(); 691 md = EVP_sha1();
693 len = SHA_DIGEST_LENGTH;
694 break; 692 break;
695 case NID_sha224: 693 case NID_sha224:
696 label = SN_sha224;
697 sha_func = SHA224; 694 sha_func = SHA224;
698 md = EVP_sha224(); 695 md = EVP_sha224();
699 len = SHA224_DIGEST_LENGTH;
700 break; 696 break;
701 case NID_sha256: 697 case NID_sha256:
702 label = SN_sha256;
703 sha_func = SHA256; 698 sha_func = SHA256;
704 md = EVP_sha256(); 699 md = EVP_sha256();
705 len = SHA256_DIGEST_LENGTH;
706 break; 700 break;
707 case NID_sha384: 701 case NID_sha384:
708 label = SN_sha384;
709 sha_func = SHA384; 702 sha_func = SHA384;
710 md = EVP_sha384(); 703 md = EVP_sha384();
711 len = SHA384_DIGEST_LENGTH;
712 break; 704 break;
713 case NID_sha512: 705 case NID_sha512:
714 label = SN_sha512;
715 sha_func = SHA512; 706 sha_func = SHA512;
716 md = EVP_sha512(); 707 md = EVP_sha512();
717 len = SHA512_DIGEST_LENGTH;
718 break; 708 break;
719 case NID_sha3_224: 709 case NID_sha3_224:
720 label = SN_sha3_224;
721 sha_func = NULL; 710 sha_func = NULL;
722 md = EVP_sha3_224(); 711 md = EVP_sha3_224();
723 len = 224 / 8;
724 break; 712 break;
725 case NID_sha3_256: 713 case NID_sha3_256:
726 label = SN_sha3_256;
727 sha_func = NULL; 714 sha_func = NULL;
728 md = EVP_sha3_256(); 715 md = EVP_sha3_256();
729 len = 256 / 8;
730 break; 716 break;
731 case NID_sha3_384: 717 case NID_sha3_384:
732 label = SN_sha3_384;
733 sha_func = NULL; 718 sha_func = NULL;
734 md = EVP_sha3_384(); 719 md = EVP_sha3_384();
735 len = 384 / 8;
736 break; 720 break;
737 case NID_sha3_512: 721 case NID_sha3_512:
738 label = SN_sha3_512;
739 sha_func = NULL; 722 sha_func = NULL;
740 md = EVP_sha3_512(); 723 md = EVP_sha3_512();
741 len = 512 / 8;
742 break; 724 break;
743 default: 725 default:
744 fprintf(stderr, "FAIL: unknown algorithm (%d)\n",
745 algorithm);
746 return 0; 726 return 0;
747 } 727 }
748 728
749 if (out_label != NULL)
750 *out_label = label;
751 if (out_func != NULL) 729 if (out_func != NULL)
752 *out_func = sha_func; 730 *out_func = sha_func;
753 if (out_md != NULL) 731 if (out_md != NULL)
754 *out_md = md; 732 *out_md = md;
755 if (out_len != NULL)
756 *out_len = len;
757 733
758 return 1; 734 return 1;
759} 735}
760 736
761static int 737static void
762sha_test(void) 738test_sha_tv(struct test *t, const void *arg)
763{ 739{
740 const struct sha_test *st = arg;
764 sha_hash_func sha_func; 741 sha_hash_func sha_func;
765 const struct sha_test *st;
766 EVP_MD_CTX *hash = NULL; 742 EVP_MD_CTX *hash = NULL;
767 const EVP_MD *md; 743 const EVP_MD *md;
768 uint8_t out[EVP_MAX_MD_SIZE]; 744 uint8_t out[EVP_MAX_MD_SIZE];
769 size_t in_len, out_len; 745 size_t in_len, out_len;
770 size_t i;
771 const char *label;
772 int failed = 1;
773 746
774 if ((hash = EVP_MD_CTX_new()) == NULL) { 747 if ((hash = EVP_MD_CTX_new()) == NULL) {
775 fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); 748 test_errorf(t, "EVP_MD_CTX_new()");
776 goto failed; 749 goto fail;
777 } 750 }
778 751
779 for (i = 0; i < N_SHA_TESTS; i++) { 752 if (!sha_hash_from_algorithm(st->algorithm, &sha_func, &md))
780 st = &sha_tests[i]; 753 goto fail;
781 if (!sha_hash_from_algorithm(st->algorithm, &label, &sha_func,
782 &md, &out_len))
783 goto failed;
784
785 /* Digest */
786 if (sha_func != NULL) {
787 memset(out, 0, sizeof(out));
788 sha_func(st->in, st->in_len, out);
789 if (memcmp(st->out, out, out_len) != 0) {
790 fprintf(stderr, "FAIL (%s:%zu): mismatch\n",
791 label, i);
792 goto failed;
793 }
794 }
795 754
796 /* EVP single-shot digest */ 755 out_len = EVP_MD_size(md);
797 memset(out, 0, sizeof(out));
798 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
799 fprintf(stderr, "FAIL (%s:%zu): EVP_Digest failed\n",
800 label, i);
801 goto failed;
802 }
803 756
757 /* Digest */
758 if (sha_func != NULL) {
759 memset(out, 0, sizeof(out));
760 sha_func(st->in, st->in_len, out);
804 if (memcmp(st->out, out, out_len) != 0) { 761 if (memcmp(st->out, out, out_len) != 0) {
805 fprintf(stderr, 762 test_errorf(t, "SHA: digest output mismatch");
806 "FAIL (%s:%zu): EVP single-shot mismatch\n", 763 test_hexdiff(t, out, out_len, st->out);
807 label, i);
808 goto failed;
809 } 764 }
765 }
810 766
811 /* EVP digest */ 767 /* EVP single-shot digest */
812 memset(out, 0, sizeof(out)); 768 memset(out, 0, sizeof(out));
813 if (!EVP_DigestInit_ex(hash, md, NULL)) { 769 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
814 fprintf(stderr, 770 test_errorf(t, "EVP_Digest()");
815 "FAIL (%s:%zu): EVP_DigestInit_ex failed\n", 771 goto fail;
816 label, i); 772 }
817 goto failed;
818 }
819 773
820 in_len = st->in_len / 2; 774 if (memcmp(st->out, out, out_len) != 0) {
821 if (!EVP_DigestUpdate(hash, st->in, in_len)) { 775 test_errorf(t, "EVP single-shot: output diget mismatch");
822 fprintf(stderr, 776 test_hexdiff(t, out, out_len, st->out);
823 "FAIL (%s:%zu): EVP_DigestUpdate first half " 777 }
824 "failed\n", label, i);
825 goto failed;
826 }
827 778
828 if (!EVP_DigestUpdate(hash, st->in + in_len, 779 /* EVP digest */
829 st->in_len - in_len)) { 780 memset(out, 0, sizeof(out));
830 fprintf(stderr, 781 if (!EVP_DigestInit_ex(hash, md, NULL)) {
831 "FAIL (%s:%zu): EVP_DigestUpdate second half " 782 test_errorf(t, "EVP_DigestInit_ex() ");
832 "failed\n", label, i); 783 goto fail;
833 goto failed; 784 }
834 }
835 785
836 if (!EVP_DigestFinal_ex(hash, out, NULL)) { 786 in_len = st->in_len / 2;
837 fprintf(stderr, 787 if (!EVP_DigestUpdate(hash, st->in, in_len)) {
838 "FAIL (%s:%zu): EVP_DigestFinal_ex failed\n", 788 test_errorf(t, "EVP_DigestUpdate() first half");
839 label, i); 789 goto fail;
840 goto failed; 790 }
841 }
842 791
843 if (memcmp(st->out, out, out_len) != 0) { 792 if (!EVP_DigestUpdate(hash, st->in + in_len,
844 fprintf(stderr, "FAIL (%s:%zu): EVP mismatch\n", 793 st->in_len - in_len)) {
845 label, i); 794 test_errorf(t, "EVP_DigestUpdate() second half");
846 goto failed; 795 goto fail;
847 }
848 } 796 }
849 797
850 failed = 0; 798 if (!EVP_DigestFinal_ex(hash, out, NULL)) {
799 test_errorf(t, "EVP_DigestFinal_ex()");
800 goto fail;
801 }
851 802
852 failed: 803 if (memcmp(st->out, out, out_len) != 0) {
804 test_errorf(t, "EVP: digest output mismatch");
805 test_hexdiff(t, out, out_len, st->out);
806 }
807
808
809 fail:
853 EVP_MD_CTX_free(hash); 810 EVP_MD_CTX_free(hash);
854 return failed;
855} 811}
856 812
857static int 813static void
858sha_repetition_test(void) 814test_sha(struct test *t, const void *arg)
859{ 815{
860 const struct sha_repetition_test *st; 816 const struct sha_test *st;
817 size_t i;
818 char *name;
819
820 for (i = 0; i < N_SHA_TESTS; i++) {
821 st = &sha_tests[i];
822 if (asprintf(&name, "%s: '%s'", OBJ_nid2sn(st->algorithm), st->in) == -1) {
823 test_errorf(t, "create test name failed");
824 return;
825 }
826
827 test_run(t, name, test_sha_tv, st);
828 free(name);
829 }
830}
831
832static void
833test_sha_repetition_tv(struct test *t, const void *arg)
834{
835 const struct sha_repetition_test *st = arg;
861 EVP_MD_CTX *hash = NULL; 836 EVP_MD_CTX *hash = NULL;
862 const EVP_MD *md; 837 const EVP_MD *md;
863 uint8_t buf[1024]; 838 uint8_t buf[1024];
864 uint8_t out[EVP_MAX_MD_SIZE]; 839 uint8_t out[EVP_MAX_MD_SIZE];
865 size_t out_len, part_len; 840 size_t out_len, part_len;
866 size_t i, j; 841 size_t i;
867 const char *label;
868 int failed = 1;
869 842
870 if ((hash = EVP_MD_CTX_new()) == NULL) { 843 if ((hash = EVP_MD_CTX_new()) == NULL) {
871 fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); 844 test_errorf(t, "EVP_MD_CTX_new()");
872 goto failed; 845 goto fail;
873 } 846 }
874 847
875 for (i = 0; i < N_SHA_REPETITION_TESTS; i++) { 848 if (!sha_hash_from_algorithm(st->algorithm, NULL, &md))
876 st = &sha_repetition_tests[i]; 849 goto fail;
877 if (!sha_hash_from_algorithm(st->algorithm, &label, NULL, &md,
878 &out_len))
879 goto failed;
880
881 /* EVP digest */
882 if (!EVP_DigestInit_ex(hash, md, NULL)) {
883 fprintf(stderr,
884 "FAIL (%s:%zu): EVP_DigestInit_ex failed\n",
885 label, i);
886 goto failed;
887 }
888 850
889 memset(buf, st->in, sizeof(buf)); 851 out_len = EVP_MD_size(md);
890 852
891 for (j = 0; j < st->in_repetitions;) { 853 /* EVP digest */
892 part_len = arc4random_uniform(sizeof(buf)); 854 if (!EVP_DigestInit_ex(hash, md, NULL)) {
893 if (part_len > st->in_repetitions - j) 855 test_errorf(t, "EVP_DigestInit_ex()");
894 part_len = st->in_repetitions - j; 856 goto fail;
857 }
895 858
896 if (!EVP_DigestUpdate(hash, buf, part_len)) { 859 memset(buf, st->in, sizeof(buf));
897 fprintf(stderr,
898 "FAIL (%s:%zu): EVP_DigestUpdate failed\n",
899 label, i);
900 goto failed;
901 }
902 860
903 j += part_len; 861 for (i = 0; i < st->in_repetitions;) {
904 } 862 part_len = arc4random_uniform(sizeof(buf));
863 if (part_len > st->in_repetitions - i)
864 part_len = st->in_repetitions - i;
905 865
906 if (!EVP_DigestFinal_ex(hash, out, NULL)) { 866 if (!EVP_DigestUpdate(hash, buf, part_len)) {
907 fprintf(stderr, 867 test_errorf(t, "EVP_DigestUpdate()");
908 "FAIL (%s:%zu): EVP_DigestFinal_ex failed\n", 868 goto fail;
909 label, i);
910 goto failed;
911 } 869 }
912 870
913 if (memcmp(st->out, out, out_len) != 0) { 871 i += part_len;
914 fprintf(stderr, "FAIL (%s:%zu): EVP mismatch\n", 872 }
915 label, i); 873
916 goto failed; 874 if (!EVP_DigestFinal_ex(hash, out, NULL)) {
917 } 875 test_errorf(t, "EVP_DigestFinal_ex()");
876 goto fail;
918 } 877 }
919 878
920 failed = 0; 879 if (memcmp(st->out, out, out_len) != 0) {
880 test_errorf(t, "EVP: digest output mismatch");
881 test_hexdiff(t, out, out_len, st->out);
882 goto fail;
883 }
921 884
922 failed: 885 fail:
923 EVP_MD_CTX_free(hash); 886 EVP_MD_CTX_free(hash);
924 return failed; 887}
888
889static void
890test_sha_repetition(struct test *t, const void *arg)
891{
892 const struct sha_repetition_test *st;
893 size_t i;
894 char *name;
895
896 for (i = 0; i < N_SHA_REPETITION_TESTS; i++) {
897 st = &sha_repetition_tests[i];
898 if (asprintf(&name, "%s: '%hhu' x %zu", OBJ_nid2sn(st->algorithm),
899 st->in, st->in_repetitions) == -1) {
900 test_errorf(t, "create test name failed");
901 return;
902 }
903
904 test_run(t, name, test_sha_repetition_tv, st);
905 free(name);
906 }
925} 907}
926 908
927int 909int
928main(int argc, char **argv) 910main(int argc, char **argv)
929{ 911{
930 int failed = 0; 912 struct test *t = test_init();
931 913
932 failed |= sha_test(); 914 test_run(t, "sha", test_sha, NULL);
933 failed |= sha_repetition_test(); 915 test_run(t, "sha repetition", test_sha_repetition, NULL);
934 916
935 return failed; 917 return test_result(t);
936} 918}
diff --git a/src/regress/lib/libcrypto/symbols/symbols.awk b/src/regress/lib/libcrypto/symbols/symbols.awk
index 8ea68b681e..253658e7a0 100644
--- a/src/regress/lib/libcrypto/symbols/symbols.awk
+++ b/src/regress/lib/libcrypto/symbols/symbols.awk
@@ -1,4 +1,4 @@
1# $OpenBSD: symbols.awk,v 1.13 2024/09/01 17:20:37 tb Exp $ 1# $OpenBSD: symbols.awk,v 1.15 2025/08/22 15:52:34 tb Exp $
2 2
3# Copyright (c) 2018,2020 Theo Buehler <tb@openbsd.org> 3# Copyright (c) 2018,2020 Theo Buehler <tb@openbsd.org>
4# 4#
@@ -26,7 +26,7 @@ BEGIN {
26 # Undefine aliases, so we don't accidentally leave them in Symbols.list. 26 # Undefine aliases, so we don't accidentally leave them in Symbols.list.
27 printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0) 27 printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0)
28 28
29 printf("static typeof(%s) *_libre_%s;\n", $0, $0); 29 printf("extern typeof(%s) *_libre_%s;\n", $0, $0);
30} 30}
31 31
32END { 32END {
@@ -51,8 +51,12 @@ END {
51 51
52 printf("\t\};\n\n") 52 printf("\t\};\n\n")
53 53
54 printf("\tfor (i = 0; i < sizeof(symbols) / sizeof(symbols[0]); i++)\n") 54 printf("\tfor (i = 0; i < sizeof(symbols) / sizeof(symbols[0]); i++) {\n")
55 printf("\t\tfprintf(stderr, \"%%s: %%p\\n\", symbols[i].name, symbols[i].addr);\n") 55 printf("\t\tfprintf(stderr, \"%%s: %%p\\n\", symbols[i].name, symbols[i].addr);\n")
56 printf("#if defined(USE_LIBRESSL_NAMESPACE)\n")
57 printf("\t\tfprintf(stderr, \"_libre_%%s: %%p\\n\", symbols[i].name, symbols[i].libre_addr);\n")
58 printf("#endif\n")
59 printf("\t}\n")
56 printf("\n\tprintf(\"OK\\n\");\n") 60 printf("\n\tprintf(\"OK\\n\");\n")
57 printf("\n\treturn 0;\n}\n") 61 printf("\n\treturn 0;\n}\n")
58} 62}
diff --git a/src/regress/lib/libcrypto/test/test.c b/src/regress/lib/libcrypto/test/test.c
new file mode 100644
index 0000000000..1188ec34ef
--- /dev/null
+++ b/src/regress/lib/libcrypto/test/test.c
@@ -0,0 +1,226 @@
1/* $OpenBSD: test.c,v 1.4 2025/05/31 11:36:48 tb Exp $ */
2/*
3 * Copyright (c) 2025 Joshua Sing <joshua@joshuasing.dev>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdarg.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <unistd.h>
24
25#include "test.h"
26
27struct test {
28 struct test *parent;
29 char *name;
30 FILE *out;
31 int skipped;
32 int failed;
33};
34
35static struct test *
36test_new(struct test *pt, const char *name)
37{
38 struct test *t;
39
40 if ((t = calloc(1, sizeof(*t))) == NULL)
41 err(1, "calloc");
42
43 if (name != NULL) {
44 if ((t->name = strdup(name)) == NULL)
45 err(1, "strdup");
46 }
47
48 if (pt != NULL)
49 t->out = pt->out;
50 t->parent = pt;
51
52 return t;
53}
54
55struct test *
56test_init(void)
57{
58 struct test *t;
59 char *tmp_file;
60 int out_fd;
61 char *v;
62
63 t = test_new(NULL, NULL);
64 t->out = stderr;
65
66 if (((v = getenv("TEST_VERBOSE")) != NULL) && strcmp(v, "0") != 0)
67 return t;
68
69 /* Create a temporary file for logging in non-verbose mode */
70 if ((tmp_file = strdup("/tmp/libressl-test.XXXXXXXX")) == NULL)
71 err(1, "strdup");
72 if ((out_fd = mkstemp(tmp_file)) == -1)
73 err(1, "mkstemp");
74
75 unlink(tmp_file);
76 free(tmp_file);
77 if ((t->out = fdopen(out_fd, "w+")) == NULL)
78 err(1, "fdopen");
79
80 return t;
81}
82
83static void
84test_cleanup(struct test *t)
85{
86 free(t->name);
87 free(t);
88}
89
90int
91test_result(struct test *t)
92{
93 int failed = t->failed;
94
95 if (t->parent == NULL && t->out != stderr)
96 fclose(t->out);
97
98 test_cleanup(t);
99
100 return failed;
101}
102
103void
104test_fail(struct test *t)
105{
106 t->failed = 1;
107
108 /* Also fail parent. */
109 if (t->parent != NULL)
110 test_fail(t->parent);
111}
112
113static void
114test_vprintf(struct test *t, const char *fmt, va_list ap)
115{
116 if (vfprintf(t->out, fmt, ap) == -1)
117 err(1, "vfprintf");
118}
119
120void
121test_printf(struct test *t, const char *fmt, ...)
122{
123 va_list ap;
124
125 va_start(ap, fmt);
126 test_vprintf(t, fmt, ap);
127 va_end(ap);
128}
129
130static void
131test_vlogf_internal(struct test *t, const char *label, const char *func,
132 const char *file, int line, const char *fmt, va_list ap)
133{
134 char *msg = NULL;
135 char *l = ": ";
136 const char *filename;
137
138 if (label == NULL) {
139 label = "";
140 l = "";
141 }
142
143 if (vasprintf(&msg, fmt, ap) == -1)
144 err(1, "vasprintf");
145
146 if ((filename = strrchr(file, '/')) != NULL)
147 filename++;
148 else
149 filename = file;
150
151 test_printf(t, "%s [%s:%d]%s%s: %s\n",
152 func, filename, line, l, label, msg);
153
154 free(msg);
155}
156
157void
158test_logf_internal(struct test *t, const char *label, const char *func,
159 const char *file, int line, const char *fmt, ...)
160{
161 va_list ap;
162
163 va_start(ap, fmt);
164 test_vlogf_internal(t, label, func, file, line, fmt, ap);
165 va_end(ap);
166}
167
168void
169test_skip(struct test *t, const char *reason)
170{
171 t->skipped = 1;
172 test_printf(t, "%s\n", reason);
173}
174
175void
176test_skipf(struct test *t, const char *fmt, ...)
177{
178 va_list ap;
179
180 t->skipped = 1;
181
182 va_start(ap, fmt);
183 test_vprintf(t, fmt, ap);
184 if (fputc('\n', t->out) == EOF)
185 err(1, "fputc");
186 va_end(ap);
187}
188
189void
190test_run(struct test *pt, const char *name, test_run_func *fn, const void *arg)
191{
192 struct test *t = test_new(pt, name);
193 char *status = "PASS";
194 char buf[1024];
195 size_t buflen;
196 int ferr;
197
198 /* Run test */
199 test_printf(t, "=== RUN %s\n", t->name);
200 fn(t, arg);
201
202 if (t->skipped)
203 status = "SKIP";
204 if (t->failed)
205 status = "FAIL";
206
207 test_printf(t, "--- %s: %s\n\n", status, t->name);
208
209 /* Print result of test */
210 if (t->failed && t->out != stderr) {
211 /* Copy logs to stderr */
212 rewind(t->out);
213 while ((buflen = fread(buf, 1, sizeof(buf), t->out)) > 0)
214 fwrite(buf, 1, buflen, stderr);
215 if ((ferr = ferror(t->out)) != 0)
216 errx(1, "ferror: %d", ferr);
217 }
218
219 if (t->out != NULL && t->out != stderr) {
220 /* Reset output file */
221 rewind(t->out);
222 ftruncate(fileno(t->out), 0);
223 }
224
225 test_cleanup(t);
226}
diff --git a/src/regress/lib/libcrypto/test/test.h b/src/regress/lib/libcrypto/test/test.h
new file mode 100644
index 0000000000..1c8391d4ec
--- /dev/null
+++ b/src/regress/lib/libcrypto/test/test.h
@@ -0,0 +1,137 @@
1/* $OpenBSD: test.h,v 1.4 2025/05/31 11:37:18 tb Exp $ */
2/*
3 * Copyright (c) 2025 Joshua Sing <joshua@joshuasing.dev>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef HEADER_TEST_H
19#define HEADER_TEST_H
20
21#include <stddef.h>
22#include <stdint.h>
23
24struct test;
25
26/*
27 * test_init creates a new root test struct.
28 *
29 * Additional tests may be run under the root test struct by calling test_run.
30 *
31 * If the TEST_VERBOSE environment variable is set and not equal to "0", then
32 * verbose mode will be enabled and all test logs will be written to stderr.
33 */
34struct test *test_init(void);
35
36/*
37 * test_result cleans up after all tests have completed and returns an
38 * appropriate exit code indicating the result of the tests.
39 */
40int test_result(struct test *_t);
41
42/*
43 * test_run_func is an individual test function. It is passed the test struct
44 * and an arbitrary argument which may be passed when test_run is called.
45 */
46typedef void (test_run_func)(struct test *_t, const void *_arg);
47
48/*
49 * test_fail marks the test and its parents as failed.
50 */
51void test_fail(struct test *_t);
52
53/*
54 * test_printf prints a test log message. When in verbose mode, the log message
55 * will be written to stderr, otherwise it will be buffered and only written to
56 * stderr if the test fails.
57 *
58 * This printf will write directly, without any additional formatting.
59 */
60void test_printf(struct test *_t, const char *_fmt, ...)
61 __attribute__((__format__ (printf, 2, 3)))
62 __attribute__((__nonnull__ (2)));
63
64/*
65 * test_logf_internal prints a test log message. When in verbose mode, the
66 * log message will be written to stderr, otherwise it will be buffered and
67 * only written to stderr if the test fails.
68 *
69 * label is an optional label indicating the severity of the log.
70 * func, file and line are used to show where the log comes from and are
71 * automatically set in the test log macros.
72 *
73 * This function should never be called directly.
74 */
75void test_logf_internal(struct test *_t, const char *_label, const char *_func,
76 const char *_file, int _line, const char *_fmt, ...)
77 __attribute__((__format__ (printf, 6, 7)))
78 __attribute__((__nonnull__ (6)));
79
80/*
81 * test_logf prints an informational log message. When in verbose mode, the log
82 * will be written to stderr, otherwise it will be buffered and only written to
83 * stderr if the test fails.
84 */
85#define test_logf(t, fmt, ...) \
86 do { \
87 test_logf_internal(t, NULL, __func__, __FILE__, __LINE__, fmt, ##__VA_ARGS__); \
88 } while (0)
89
90/*
91 * test_errorf prints an error message. It will also cause the test to fail.
92 * If the test cannot proceed, it is recommended to return or goto a cleanup
93 * label.
94 *
95 * Tests should not fail-fast if continuing will provide more detailed
96 * information about what is broken.
97 */
98#define test_errorf(t, fmt, ...) \
99 do { \
100 test_logf_internal(t, "ERROR", __func__, __FILE__, __LINE__, fmt, ##__VA_ARGS__); \
101 test_fail(t); \
102 } while (0)
103
104/*
105 * test_skip marks the test as skipped. Once called, the test should return.
106 */
107void test_skip(struct test *_t, const char *_reason);
108
109/*
110 * test_skipf marks the test as skipped with a formatted reason. Once called,
111 * the test should return.
112 */
113void test_skipf(struct test *_t, const char *_fmt, ...)
114 __attribute__((__format__ (printf, 2, 3)))
115 __attribute__((__nonnull__ (2)));
116
117/*
118 * test_run runs a test function. It will create a new test struct with the
119 * given test as the parent. An argument may be provided to pass data to the
120 * test function, otherwise NULL should be passed.
121 *
122 * Each test should have a unique and informational name.
123 */
124void test_run(struct test *_t, const char *_name, test_run_func *_fn, const void *_arg);
125
126/*
127 * test_hexdump prints the given data as hexadecimal.
128 */
129void test_hexdump(struct test *_t, const unsigned char *_buf, size_t _len);
130
131/*
132 * test_hexdiff prints the given data as hexadecimal. If a second comparison
133 * buffer is not NULL, any differing bytes will be marked with an astrix.
134 */
135void test_hexdiff(struct test *_t, const uint8_t *_buf, size_t _len, const uint8_t *_compare);
136
137#endif /* HEADER_TEST_H */
diff --git a/src/regress/lib/libcrypto/test/test_util.c b/src/regress/lib/libcrypto/test/test_util.c
new file mode 100644
index 0000000000..6ecb574788
--- /dev/null
+++ b/src/regress/lib/libcrypto/test/test_util.c
@@ -0,0 +1,51 @@
1/* $OpenBSD: test_util.c,v 1.1 2025/05/21 08:57:13 joshua Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdio.h>
20#include <stdint.h>
21
22#include "test.h"
23
24void
25test_hexdump(struct test *t, const unsigned char *buf, size_t len)
26{
27 size_t i;
28
29 for (i = 1; i <= len; i++)
30 test_printf(t, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
31
32 if ((len % 8) != 0)
33 test_printf(t, "\n");
34}
35
36void
37test_hexdiff(struct test *t, const uint8_t *buf, size_t len, const uint8_t *compare)
38{
39 const char *mark = "", *newline;
40 size_t i;
41
42 for (i = 1; i <= len; i++) {
43 if (compare != NULL)
44 mark = (buf[i - 1] != compare[i - 1]) ? "*" : " ";
45 newline = i % 8 ? "" : "\n";
46 test_printf(t, " %s0x%02x,%s", mark, buf[i - 1], newline);
47 }
48
49 if ((len % 8) != 0)
50 test_printf(t, "\n");
51}
diff --git a/src/regress/lib/libcrypto/wycheproof/Makefile b/src/regress/lib/libcrypto/wycheproof/Makefile
index f2f7910b5b..ec737822b5 100644
--- a/src/regress/lib/libcrypto/wycheproof/Makefile
+++ b/src/regress/lib/libcrypto/wycheproof/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.9 2023/07/08 19:41:07 tb Exp $ 1# $OpenBSD: Makefile,v 1.11 2025/09/05 14:41:29 tb Exp $
2 2
3WYCHEPROOF_TESTVECTORS = /usr/local/share/wycheproof/testvectors/ 3WYCHEPROOF_TESTVECTORS = /usr/local/share/wycheproof/testvectors_v1/
4 4
5.if !exists(${WYCHEPROOF_TESTVECTORS}) 5.if !exists(${WYCHEPROOF_TESTVECTORS})
6regress: 6regress:
@@ -18,11 +18,17 @@ REGRESS_TARGETS += regress-wycheproof
18CLEANFILES += wycheproof 18CLEANFILES += wycheproof
19 19
20wycheproof: wycheproof.go 20wycheproof: wycheproof.go
21 go build -o wycheproof ${.CURDIR}/wycheproof.go 21 env GOCACHE=${.OBJDIR}/go-build go build -o wycheproof ${.CURDIR}/wycheproof.go
22 22
23regress-wycheproof: wycheproof 23regress-wycheproof: wycheproof
24 ./wycheproof 24 ./wycheproof
25 25
26REGRESS_CLEANUP = clean-go-cache
27
28clean-go-cache:
29 env GOCACHE=${.OBJDIR}/go-build go clean -cache
30 rm -rf ${.OBJDIR}/go-build
31
26. endif 32. endif
27 33
28PROGS += wycheproof-primes 34PROGS += wycheproof-primes
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl b/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
index 45c7542b59..0eea14752c 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
@@ -1,4 +1,4 @@
1# $OpenBSD: wycheproof-json.pl,v 1.2 2022/07/08 14:33:56 tb Exp $ 1# $OpenBSD: wycheproof-json.pl,v 1.3 2025/09/05 14:36:03 tb Exp $
2 2
3# Copyright (c) 2022 Joel Sing <jsing@openbsd.org> 3# Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4# Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 4# Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -17,7 +17,7 @@
17 17
18use JSON::PP; 18use JSON::PP;
19 19
20$test_vector_path = "/usr/local/share/wycheproof/testvectors"; 20$test_vector_path = "/usr/local/share/wycheproof/testvectors_v1";
21 21
22open JSON, "$test_vector_path/primality_test.json" or die; 22open JSON, "$test_vector_path/primality_test.json" or die;
23@json = <JSON>; 23@json = <JSON>;
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c b/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
index 57bd7a53da..e54fd484f9 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: wycheproof-primes.c,v 1.2 2022/12/01 13:49:12 tb Exp $ */ 1/* $OpenBSD: wycheproof-primes.c,v 1.3 2025/09/05 14:36:03 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -16,7 +16,9 @@
16 */ 16 */
17 17
18#include <err.h> 18#include <err.h>
19#include <limits.h>
19#include <stdio.h> 20#include <stdio.h>
21#include <string.h>
20 22
21#include <openssl/bn.h> 23#include <openssl/bn.h>
22 24
@@ -26,12 +28,31 @@ int
26primality_test(struct wycheproof_testcase *test) 28primality_test(struct wycheproof_testcase *test)
27{ 29{
28 BIGNUM *value = NULL; 30 BIGNUM *value = NULL;
31 size_t len;
29 int ret; 32 int ret;
30 int failed = 1; 33 int failed = 1;
31 34
32 if (!BN_hex2bn(&value, test->value)) 35 if (!BN_hex2bn(&value, test->value))
33 errx(1, "%d: failed to set value \"%s\"", test->id, test->value); 36 errx(1, "%d: failed to set value \"%s\"", test->id, test->value);
34 37
38 if ((len = strlen(test->value)) > INT_MAX / 4)
39 errx(1, "%d: overlong test string %zu", test->id, len);
40
41 if (len > 0 && test->value[0] >= '8') {
42 BIGNUM *pow2;
43
44 if ((pow2 = BN_new()) == NULL)
45 errx(1, "BN_new");
46
47 if (!BN_set_bit(pow2, 4 * len))
48 errx(1, "BN_set_bit");
49
50 if (!BN_sub(value, value, pow2))
51 errx(1, "BN_sub");
52
53 BN_free(pow2);
54 }
55
35 if ((ret = BN_is_prime_ex(value, BN_prime_checks, NULL, NULL)) < 0) 56 if ((ret = BN_is_prime_ex(value, BN_prime_checks, NULL, NULL)) < 0)
36 errx(1, "%d: BN_is_prime_ex errored", test->id); 57 errx(1, "%d: BN_is_prime_ex errored", test->id);
37 58
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 8f0dfc8b2e..349227fb36 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,7 +1,7 @@
1/* $OpenBSD: wycheproof.go,v 1.161 2024/11/24 10:13:16 tb Exp $ */ 1/* $OpenBSD: wycheproof.go,v 1.191 2025/09/14 17:03:28 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
5 * 5 *
6 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -36,6 +36,7 @@ package main
36#include <openssl/evp.h> 36#include <openssl/evp.h>
37#include <openssl/kdf.h> 37#include <openssl/kdf.h>
38#include <openssl/hmac.h> 38#include <openssl/hmac.h>
39#include <openssl/mlkem.h>
39#include <openssl/objects.h> 40#include <openssl/objects.h>
40#include <openssl/pem.h> 41#include <openssl/pem.h>
41#include <openssl/x509.h> 42#include <openssl/x509.h>
@@ -81,16 +82,16 @@ import (
81 "fmt" 82 "fmt"
82 "io/ioutil" 83 "io/ioutil"
83 "log" 84 "log"
85 "math/big"
84 "os" 86 "os"
85 "path/filepath" 87 "path/filepath"
86 "regexp"
87 "runtime" 88 "runtime"
88 "strings" 89 "strings"
89 "sync" 90 "sync"
90 "unsafe" 91 "unsafe"
91) 92)
92 93
93const testVectorPath = "/usr/local/share/wycheproof/testvectors" 94const testVectorPath = "/usr/local/share/wycheproof/testvectors_v1"
94 95
95type testVariant int 96type testVariant int
96 97
@@ -125,6 +126,59 @@ func wycheproofFormatTestCase(tcid int, comment string, flags []string, result s
125 126
126var testc *testCoordinator 127var testc *testCoordinator
127 128
129type BigInt struct {
130 *big.Int
131}
132
133func mustConvertBigIntToBigNum(bi *BigInt) *C.BIGNUM {
134 value := bi.Bytes()
135 if len(value) == 0 {
136 value = append(value, 0)
137 }
138 bn := C.BN_new()
139 if bn == nil {
140 log.Fatal("BN_new failed")
141 }
142 if C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&value[0])), C.int(len(value)), bn) == nil {
143 log.Fatal("BN_bin2bn failed")
144 }
145 if bi.Sign() == -1 {
146 C.BN_set_negative(bn, C.int(1))
147 }
148 return bn
149}
150
151func (bi *BigInt) UnmarshalJSON(data []byte) error {
152 if len(data) < 2 || data[0] != '"' || data[len(data)-1] != '"' {
153 log.Fatalf("Failed to decode %q: too short or unquoted", data)
154 }
155 data = data[1 : len(data)-1]
156 if len(data)%2 == 1 {
157 pad := make([]byte, 1, len(data)+1)
158 if data[0] >= '0' && data[0] <= '7' {
159 pad[0] = '0'
160 } else {
161 pad[0] = 'f'
162 }
163 data = append(pad, data...)
164 }
165
166 src := make([]byte, hex.DecodedLen(len(data)))
167 _, err := hex.Decode(src, data)
168 if err != nil {
169 log.Fatalf("Failed to decode %q: %v", data, err)
170 }
171
172 bi.Int = &big.Int{}
173 bi.Int.SetBytes(src)
174 if data[0] >= '8' {
175 y := &big.Int{}
176 y.SetBit(y, 4*len(data), 1)
177 bi.Int.Sub(bi.Int, y)
178 }
179 return nil
180}
181
128type wycheproofJWKPublic struct { 182type wycheproofJWKPublic struct {
129 Crv string `json:"crv"` 183 Crv string `json:"crv"`
130 KID string `json:"kid"` 184 KID string `json:"kid"`
@@ -236,9 +290,9 @@ func (wt *wycheproofTestDSA) String() string {
236} 290}
237 291
238type wycheproofTestGroupDSA struct { 292type wycheproofTestGroupDSA struct {
239 Key *wycheproofDSAKey `json:"key"` 293 Key *wycheproofDSAKey `json:"publicKey"`
240 KeyDER string `json:"keyDer"` 294 KeyDER string `json:"publicKeyDer"`
241 KeyPEM string `json:"keyPem"` 295 KeyPEM string `json:"publicKeyPem"`
242 SHA string `json:"sha"` 296 SHA string `json:"sha"`
243 Type string `json:"type"` 297 Type string `json:"type"`
244 Tests []*wycheproofTestDSA `json:"tests"` 298 Tests []*wycheproofTestDSA `json:"tests"`
@@ -309,22 +363,38 @@ func (wt *wycheproofTestECDSA) String() string {
309} 363}
310 364
311type wycheproofTestGroupECDSA struct { 365type wycheproofTestGroupECDSA struct {
312 Key *wycheproofECDSAKey `json:"key"` 366 Key *wycheproofECDSAKey `json:"publicKey"`
313 KeyDER string `json:"keyDer"` 367 KeyDER string `json:"publicKeyDer"`
314 KeyPEM string `json:"keyPem"` 368 KeyPEM string `json:"publicKeyPem"`
315 SHA string `json:"sha"` 369 SHA string `json:"sha"`
316 Type string `json:"type"` 370 Type string `json:"type"`
317 Tests []*wycheproofTestECDSA `json:"tests"` 371 Tests []*wycheproofTestECDSA `json:"tests"`
318} 372}
319 373
320type wycheproofTestGroupECDSAWebCrypto struct { 374type wycheproofTestEcCurve struct {
321 JWK *wycheproofJWKPublic `json:"jwk"` 375 TCID int `json:"tcId"`
322 Key *wycheproofECDSAKey `json:"key"` 376 Comment string `json:"comment"`
323 KeyDER string `json:"keyDer"` 377 Flags []string `json:"flags"`
324 KeyPEM string `json:"keyPem"` 378 Name string `json:"name"`
325 SHA string `json:"sha"` 379 OID string `json:"oid"`
326 Type string `json:"type"` 380 Ref string `json:"ref"`
327 Tests []*wycheproofTestECDSA `json:"tests"` 381 P *BigInt `json:"p"`
382 N *BigInt `json:"n"`
383 A *BigInt `json:"a"`
384 B *BigInt `json:"b"`
385 Gx *BigInt `json:"gx"`
386 Gy *BigInt `json:"gy"`
387 H int `json:"h"`
388 Result string `json:"result"`
389}
390
391func (wt *wycheproofTestEcCurve) String() string {
392 return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
393}
394
395type wycheproofTestGroupEcCurve struct {
396 Type string `json:"type"`
397 Tests []*wycheproofTestEcCurve `json:"tests"`
328} 398}
329 399
330type wycheproofJWKEdDSA struct { 400type wycheproofJWKEdDSA struct {
@@ -357,10 +427,10 @@ func (wt *wycheproofTestEdDSA) String() string {
357} 427}
358 428
359type wycheproofTestGroupEdDSA struct { 429type wycheproofTestGroupEdDSA struct {
360 JWK *wycheproofJWKEdDSA `json:"jwk"` 430 JWK *wycheproofJWKEdDSA `json:"publicKeyJwk"`
361 Key *wycheproofEdDSAKey `json:"key"` 431 Key *wycheproofEdDSAKey `json:"publicKey"`
362 KeyDer string `json:"keyDer"` 432 KeyDer string `json:"publicKeyDer"`
363 KeyPem string `json:"keyPem"` 433 KeyPem string `json:"publicKeyPem"`
364 Type string `json:"type"` 434 Type string `json:"type"`
365 Tests []*wycheproofTestEdDSA `json:"tests"` 435 Tests []*wycheproofTestEdDSA `json:"tests"`
366} 436}
@@ -428,10 +498,32 @@ type wycheproofTestGroupKW struct {
428 Tests []*wycheproofTestKW `json:"tests"` 498 Tests []*wycheproofTestKW `json:"tests"`
429} 499}
430 500
501type wycheproofTestMLKEM struct {
502 TCID int `json:"tcId"`
503 Comment string `json:"comment"`
504 Seed string `json:"seed"`
505 Ek string `json:"ek"`
506 M string `json:"m"`
507 C string `json:"c"`
508 K string `json:"K"`
509 Result string `json:"result"`
510 Flags []string `json:"flags"`
511}
512
513func (wt *wycheproofTestMLKEM) String() string {
514 return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
515}
516
517type wycheproofTestGroupMLKEM struct {
518 Type string `json:"type"`
519 ParameterSet string `json:"parameterSet"`
520 Tests []*wycheproofTestMLKEM `json:"tests"`
521}
522
431type wycheproofTestPrimality struct { 523type wycheproofTestPrimality struct {
432 TCID int `json:"tcId"` 524 TCID int `json:"tcId"`
433 Comment string `json:"comment"` 525 Comment string `json:"comment"`
434 Value string `json:"value"` 526 Value *BigInt `json:"value"`
435 Result string `json:"result"` 527 Result string `json:"result"`
436 Flags []string `json:"flags"` 528 Flags []string `json:"flags"`
437} 529}
@@ -460,15 +552,31 @@ func (wt *wycheproofTestRSA) String() string {
460} 552}
461 553
462type wycheproofTestGroupRSA struct { 554type wycheproofTestGroupRSA struct {
463 E string `json:"e"` 555 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
464 KeyASN string `json:"keyAsn"` 556 PublicKey *wycheproofRSAPublicKey `json:"publicKey"`
465 KeyDER string `json:"keyDer"` 557 KeyASN string `json:"keyAsn"`
466 KeyPEM string `json:"keyPem"` 558 KeyDER string `json:"keyDer"`
467 KeySize int `json:"keysize"` 559 KeyPEM string `json:"keyPem"`
468 N string `json:"n"` 560 KeySize int `json:"keysize"`
469 SHA string `json:"sha"` 561 SHA string `json:"sha"`
470 Type string `json:"type"` 562 Type string `json:"type"`
471 Tests []*wycheproofTestRSA `json:"tests"` 563 Tests []*wycheproofTestRSA `json:"tests"`
564}
565
566type wycheproofRSAPublicKey struct {
567 Modulus string `json:"modulus"`
568 PublicExponent string `json:"publicExponent"`
569}
570
571type wycheproofRSAPrivateKey struct {
572 Modulus string `json:"modulus"`
573 PrivateExponent string `json:"privateExponent"`
574 PublicExponent string `json:"publicExponent"`
575 Prime1 string `json:"prime1"`
576 Prime2 string `json:"prime2"`
577 Exponent1 string `json:"exponent1"`
578 Exponent2 string `json:"exponent2"`
579 Coefficient string `json:"coefficient"`
472} 580}
473 581
474type wycheproofPrivateKeyJwk struct { 582type wycheproofPrivateKeyJwk struct {
@@ -500,29 +608,25 @@ func (wt *wycheproofTestRsaes) String() string {
500} 608}
501 609
502type wycheproofTestGroupRsaesOaep struct { 610type wycheproofTestGroupRsaesOaep struct {
503 D string `json:"d"` 611 Type string `json:"type"`
504 E string `json:"e"`
505 KeySize int `json:"keysize"` 612 KeySize int `json:"keysize"`
613 SHA string `json:"sha"`
506 MGF string `json:"mgf"` 614 MGF string `json:"mgf"`
507 MGFSHA string `json:"mgfSha"` 615 MGFSHA string `json:"mgfSha"`
508 N string `json:"n"` 616 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
509 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"` 617 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
510 PrivateKeyPem string `json:"privateKeyPem"` 618 PrivateKeyPem string `json:"privateKeyPem"`
511 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` 619 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
512 SHA string `json:"sha"`
513 Type string `json:"type"`
514 Tests []*wycheproofTestRsaes `json:"tests"` 620 Tests []*wycheproofTestRsaes `json:"tests"`
515} 621}
516 622
517type wycheproofTestGroupRsaesPkcs1 struct { 623type wycheproofTestGroupRsaesPkcs1 struct {
518 D string `json:"d"` 624 Type string `json:"type"`
519 E string `json:"e"` 625 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
520 KeySize int `json:"keysize"`
521 N string `json:"n"`
522 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"` 626 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
523 PrivateKeyPem string `json:"privateKeyPem"` 627 PrivateKeyPem string `json:"privateKeyPem"`
524 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` 628 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
525 Type string `json:"type"` 629 KeySize int `json:"keysize"`
526 Tests []*wycheproofTestRsaes `json:"tests"` 630 Tests []*wycheproofTestRsaes `json:"tests"`
527} 631}
528 632
@@ -540,18 +644,18 @@ func (wt *wycheproofTestRsassa) String() string {
540} 644}
541 645
542type wycheproofTestGroupRsassa struct { 646type wycheproofTestGroupRsassa struct {
543 E string `json:"e"` 647 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
544 KeyASN string `json:"keyAsn"` 648 PublicKey *wycheproofRSAPublicKey `json:"publicKey"`
545 KeyDER string `json:"keyDer"` 649 KeyASN string `json:"keyAsn"`
546 KeyPEM string `json:"keyPem"` 650 KeyDER string `json:"keyDer"`
547 KeySize int `json:"keysize"` 651 KeyPEM string `json:"keyPem"`
548 MGF string `json:"mgf"` 652 KeySize int `json:"keysize"`
549 MGFSHA string `json:"mgfSha"` 653 MGF string `json:"mgf"`
550 N string `json:"n"` 654 MGFSHA string `json:"mgfSha"`
551 SLen int `json:"sLen"` 655 SLen int `json:"sLen"`
552 SHA string `json:"sha"` 656 SHA string `json:"sha"`
553 Type string `json:"type"` 657 Type string `json:"type"`
554 Tests []*wycheproofTestRsassa `json:"tests"` 658 Tests []*wycheproofTestRsassa `json:"tests"`
555} 659}
556 660
557type wycheproofTestX25519 struct { 661type wycheproofTestX25519 struct {
@@ -578,13 +682,13 @@ type wycheproofTestGroupRunner interface {
578 run(string, testVariant) bool 682 run(string, testVariant) bool
579} 683}
580 684
581type wycheproofTestVectors struct { 685type wycheproofTestVectorsV1 struct {
582 Algorithm string `json:"algorithm"` 686 Algorithm string `json:"algorithm"`
583 GeneratorVersion string `json:"generatorVersion"` 687 Schema string `json:"schema"`
584 Notes map[string]string `json:"notes"` 688 NumberOfTests int `json:"numberOfTests"`
585 NumberOfTests int `json:"numberOfTests"` 689 Header []string `json:"header"`
586 // Header 690 Notes json.RawMessage `json:"notes"`
587 TestGroups []json.RawMessage `json:"testGroups"` 691 TestGroups []json.RawMessage `json:"testGroups"`
588} 692}
589 693
590var nids = map[string]int{ 694var nids = map[string]int{
@@ -641,10 +745,16 @@ func nidFromString(ns string) (int, error) {
641 return -1, fmt.Errorf("unknown NID %q", ns) 745 return -1, fmt.Errorf("unknown NID %q", ns)
642} 746}
643 747
644func skipSmallCurve(nid int) bool { 748func skipHash(hash string) bool {
749 return hash == "SHAKE128" || hash == "SHAKE256"
750}
751
752func skipCurve(nid int) bool {
645 switch C.int(nid) { 753 switch C.int(nid) {
646 case C.NID_secp160k1, C.NID_secp160r1, C.NID_secp160r2, C.NID_secp192k1, C.NID_X9_62_prime192v1: 754 case C.NID_secp160k1, C.NID_secp160r1, C.NID_secp160r2, C.NID_secp192k1, C.NID_X9_62_prime192v1:
647 return true 755 return true
756 case C.NID_sect283k1, C.NID_sect283r1, C.NID_sect409k1, C.NID_sect409r1, C.NID_sect571k1, C.NID_sect571r1:
757 return true
648 } 758 }
649 return false 759 return false
650} 760}
@@ -1266,7 +1376,7 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1266 log.Fatal("Failed EVP_EncryptUpdate aad") 1376 log.Fatal("Failed EVP_EncryptUpdate aad")
1267 } 1377 }
1268 1378
1269 sealed := make([]byte, ctLen + tagLen) 1379 sealed := make([]byte, ctLen+tagLen)
1270 copy(sealed, msg) 1380 copy(sealed, msg)
1271 if C.EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(&sealed[0])), (*C.int)(unsafe.Pointer(&len)), (*C.uchar)(unsafe.Pointer(&sealed[0])), (C.int)(msgLen)) != 1 { 1381 if C.EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(&sealed[0])), (*C.int)(unsafe.Pointer(&len)), (*C.uchar)(unsafe.Pointer(&sealed[0])), (C.int)(msgLen)) != 1 {
1272 log.Fatal("Failed EVP_EncryptUpdate msg") 1382 log.Fatal("Failed EVP_EncryptUpdate msg")
@@ -1281,7 +1391,7 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1281 } 1391 }
1282 outLen += (C.int)(tagLen) 1392 outLen += (C.int)(tagLen)
1283 1393
1284 if (C.int)(ctLen + tagLen) != outLen { 1394 if (C.int)(ctLen+tagLen) != outLen {
1285 fmt.Printf("%s\n", wt) 1395 fmt.Printf("%s\n", wt)
1286 } 1396 }
1287 1397
@@ -1290,7 +1400,7 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1290 tagMatch := bytes.Equal(tag, sealed[ctLen:]) 1400 tagMatch := bytes.Equal(tag, sealed[ctLen:])
1291 if (ctMatch && tagMatch) == (wt.Result != "invalid") { 1401 if (ctMatch && tagMatch) == (wt.Result != "invalid") {
1292 sealSuccess = true 1402 sealSuccess = true
1293 } else { 1403 } else {
1294 fmt.Printf("%s - ct match: %t tag match: %t\n", wt, ctMatch, tagMatch) 1404 fmt.Printf("%s - ct match: %t tag match: %t\n", wt, ctMatch, tagMatch)
1295 } 1405 }
1296 1406
@@ -1316,9 +1426,9 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1316 ct = append(ct, 0) 1426 ct = append(ct, 0)
1317 } 1427 }
1318 1428
1319 opened := make([]byte, msgLen + tagLen) 1429 opened := make([]byte, msgLen+tagLen)
1320 copy(opened, ct) 1430 copy(opened, ct)
1321 if msgLen + aadLen == 0 { 1431 if msgLen+aadLen == 0 {
1322 opened = append(opened, 0) 1432 opened = append(opened, 0)
1323 } 1433 }
1324 1434
@@ -1645,7 +1755,7 @@ func (wtg *wycheproofTestGroupECDH) run(algorithm string, variant testVariant) b
1645 if err != nil { 1755 if err != nil {
1646 log.Fatalf("Failed to get nid for curve: %v", err) 1756 log.Fatalf("Failed to get nid for curve: %v", err)
1647 } 1757 }
1648 if skipSmallCurve(nid) { 1758 if skipCurve(nid) {
1649 return true 1759 return true
1650 } 1760 }
1651 1761
@@ -1766,7 +1876,16 @@ func runECDSATest(ecKey *C.EC_KEY, md *C.EVP_MD, nid int, variant testVariant, w
1766 msg, msgLen := mustHashHexMessage(md, wt.Msg) 1876 msg, msgLen := mustHashHexMessage(md, wt.Msg)
1767 1877
1768 var ret C.int 1878 var ret C.int
1769 if variant == Webcrypto || variant == P1363 { 1879 if variant == P1363 {
1880 order_bytes := int((C.EC_GROUP_order_bits(C.EC_KEY_get0_group(ecKey)) + 7) / 8)
1881 if len(wt.Sig)/2 != 2*order_bytes {
1882 if wt.Result == "valid" {
1883 fmt.Printf("FAIL: %s - incorrect signature length, %d, %d\n", wt, len(wt.Sig)/2, 2*order_bytes)
1884 return false
1885 }
1886 return true
1887 }
1888
1770 cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig) 1889 cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
1771 if cDer == nil { 1890 if cDer == nil {
1772 fmt.Print("FAIL: unable to decode signature") 1891 fmt.Print("FAIL: unable to decode signature")
@@ -1797,7 +1916,10 @@ func (wtg *wycheproofTestGroupECDSA) run(algorithm string, variant testVariant)
1797 if err != nil { 1916 if err != nil {
1798 log.Fatalf("Failed to get nid for curve: %v", err) 1917 log.Fatalf("Failed to get nid for curve: %v", err)
1799 } 1918 }
1800 if skipSmallCurve(nid) { 1919 if skipCurve(nid) {
1920 return true
1921 }
1922 if skipHash(wtg.SHA) {
1801 return true 1923 return true
1802 } 1924 }
1803 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid)) 1925 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
@@ -1892,55 +2014,73 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
1892 return cDer, derLen 2014 return cDer, derLen
1893} 2015}
1894 2016
1895func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant testVariant) bool { 2017func runEcCurveTest(wt *wycheproofTestEcCurve) bool {
1896 fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA) 2018 oid := C.CString(wt.OID)
2019 defer C.free(unsafe.Pointer(oid))
1897 2020
1898 nid, err := nidFromString(wtg.JWK.Crv) 2021 nid := C.OBJ_txt2nid(oid)
1899 if err != nil { 2022 if nid == C.NID_undef {
1900 log.Fatalf("Failed to get nid for curve: %v", err) 2023 fmt.Printf("INFO: %s: %s: unknown OID %s\n", wt, wt.Name, wt.OID)
1901 } 2024 return false
1902 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1903 if ecKey == nil {
1904 log.Fatal("EC_KEY_new_by_curve_name failed")
1905 } 2025 }
1906 defer C.EC_KEY_free(ecKey)
1907 2026
1908 x, err := base64.RawURLEncoding.DecodeString(wtg.JWK.X) 2027 builtinGroup := C.EC_GROUP_new_by_curve_name(nid)
1909 if err != nil { 2028 defer C.EC_GROUP_free(builtinGroup)
1910 log.Fatalf("Failed to base64 decode X: %v", err) 2029
1911 } 2030 if builtinGroup == nil {
1912 bnX := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&x[0])), C.int(len(x)), nil) 2031 fmt.Printf("INFO: %s: %s: no builtin curve for OID %s\n", wt, wt.Name, wt.OID)
1913 if bnX == nil { 2032 return true
1914 log.Fatal("Failed to decode X")
1915 } 2033 }
1916 defer C.BN_free(bnX)
1917 2034
1918 y, err := base64.RawURLEncoding.DecodeString(wtg.JWK.Y) 2035 p := mustConvertBigIntToBigNum(wt.P)
1919 if err != nil { 2036 defer C.BN_free(p)
1920 log.Fatalf("Failed to base64 decode Y: %v", err) 2037 a := mustConvertBigIntToBigNum(wt.A)
2038 defer C.BN_free(a)
2039 b := mustConvertBigIntToBigNum(wt.B)
2040 defer C.BN_free(b)
2041 n := mustConvertBigIntToBigNum(wt.N)
2042 defer C.BN_free(n)
2043 x := mustConvertBigIntToBigNum(wt.Gx)
2044 defer C.BN_free(x)
2045 y := mustConvertBigIntToBigNum(wt.Gy)
2046 defer C.BN_free(y)
2047
2048 group := C.EC_GROUP_new_curve_GFp(p, a, b, (*C.BN_CTX)(nil))
2049 defer C.EC_GROUP_free(group)
2050
2051 if group == nil {
2052 log.Fatalf("EC_GROUP_new_curve_GFp failed")
1921 } 2053 }
1922 bnY := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&y[0])), C.int(len(y)), nil) 2054
1923 if bnY == nil { 2055 point := C.EC_POINT_new(group)
1924 log.Fatal("Failed to decode Y") 2056 defer C.EC_POINT_free(point)
2057
2058 if point == nil {
2059 log.Fatalf("EC_POINT_new failed")
1925 } 2060 }
1926 defer C.BN_free(bnY)
1927 2061
1928 if C.EC_KEY_set_public_key_affine_coordinates(ecKey, bnX, bnY) != 1 { 2062 if C.EC_POINT_set_affine_coordinates(group, point, x, y, (*C.BN_CTX)(nil)) == 0 {
1929 log.Fatal("Failed to set EC public key") 2063 log.Fatalf("EC_POINT_set_affine_coordinates failed")
1930 } 2064 }
1931 2065
1932 nid, err = nidFromString(wtg.SHA) 2066 if C.EC_GROUP_set_generator(group, point, n, (*C.BIGNUM)(nil)) == 0 {
1933 if err != nil { 2067 log.Fatalf("EC_POINT_set_generator failed")
1934 log.Fatalf("Failed to get MD NID: %v", err)
1935 } 2068 }
1936 md, err := hashEvpMdFromString(wtg.SHA) 2069
1937 if err != nil { 2070 success := true
1938 log.Fatalf("Failed to get hash: %v", err) 2071 if C.EC_GROUP_cmp(group, builtinGroup, (*C.BN_CTX)(nil)) != 0 {
2072 fmt.Printf("FAIL: %s %s builtin curve has wrong parameters\n", wt, wt.Name)
2073 success = false
1939 } 2074 }
2075 return success
2076}
2077
2078func (wtg *wycheproofTestGroupEcCurve) run(algorithm string, variant testVariant) bool {
2079 fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
1940 2080
1941 success := true 2081 success := true
1942 for _, wt := range wtg.Tests { 2082 for _, wt := range wtg.Tests {
1943 if !runECDSATest(ecKey, md, nid, Webcrypto, wt) { 2083 if !runEcCurveTest(wt) {
1944 success = false 2084 success = false
1945 } 2085 }
1946 } 2086 }
@@ -1972,11 +2112,11 @@ func runEdDSATest(pkey *C.EVP_PKEY, wt *wycheproofTestEdDSA) bool {
1972} 2112}
1973 2113
1974func (wtg *wycheproofTestGroupEdDSA) run(algorithm string, variant testVariant) bool { 2114func (wtg *wycheproofTestGroupEdDSA) run(algorithm string, variant testVariant) bool {
1975 fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type) 2115 if wtg.Key.Curve == "edwards25519" {
1976 2116 fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
1977 if wtg.Key.Curve != "edwards25519" || wtg.Key.KeySize != 255 { 2117 } else {
1978 fmt.Printf("INFO: Unexpected curve or key size. want (\"edwards25519\", 255), got (%q, %d)\n", wtg.Key.Curve, wtg.Key.KeySize) 2118 fmt.Printf("INFO: Skipping %v test group %v for %v...\n", algorithm, wtg.Type, wtg.Key.Curve)
1979 return false 2119 return true
1980 } 2120 }
1981 2121
1982 pubKey, pubKeyLen := mustDecodeHexString(wtg.Key.Pk, "pubkey") 2122 pubKey, pubKeyLen := mustDecodeHexString(wtg.Key.Pk, "pubkey")
@@ -2204,13 +2344,122 @@ func (wtg *wycheproofTestGroupKW) run(algorithm string, variant testVariant) boo
2204 return success 2344 return success
2205} 2345}
2206 2346
2207func runPrimalityTest(wt *wycheproofTestPrimality) bool { 2347func runMLKEMTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool {
2208 var bnValue *C.BIGNUM 2348 privKey := C.MLKEM_private_key_new(rank)
2209 value := C.CString(wt.Value) 2349 defer C.MLKEM_private_key_free(privKey)
2210 if C.BN_hex2bn(&bnValue, value) == 0 { 2350 if privKey == nil {
2211 log.Fatal("Failed to set bnValue") 2351 log.Fatal("MLKEM_private_key_new failed")
2352 }
2353 pubKey := C.MLKEM_public_key_new(rank)
2354 defer C.MLKEM_public_key_free(pubKey)
2355 if pubKey == nil {
2356 log.Fatal("MLKEM_public_key_new failed")
2357 }
2358
2359 seed, seedLen := mustDecodeHexString(wt.Seed, "seed")
2360 ek, _ := mustDecodeHexString(wt.Ek, "ek")
2361
2362 if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), C.size_t(seedLen)) != 1 {
2363 fmt.Printf("%s - MLKEM_private_key_from_seed failed\n", wt)
2364 return false
2365 }
2366
2367 if C.MLKEM_public_from_private(privKey, pubKey) != 1 {
2368 fmt.Printf("%s - MLKEM_public_from_private failed\n", wt)
2369 return false
2370 }
2371
2372 var marshalledPubKey *C.uchar
2373 var marshalledPubKeyLen C.size_t
2374 defer C.free(unsafe.Pointer(marshalledPubKey))
2375 if C.MLKEM_marshal_public_key(pubKey, (**C.uchar)(unsafe.Pointer(&marshalledPubKey)), (*C.size_t)(unsafe.Pointer(&marshalledPubKeyLen))) != 1 {
2376 fmt.Printf("%s - MLKEM_marshal_private_key failed\n", wt)
2377 return false
2378 }
2379 gotEk := unsafe.Slice((*byte)(unsafe.Pointer(marshalledPubKey)), marshalledPubKeyLen)
2380
2381 if !bytes.Equal(ek, gotEk) {
2382 fmt.Printf("FAIL: %s marshalledPubKey mismatch\n", wt)
2383 return false
2384 }
2385
2386 c, cLen := mustDecodeHexString(wt.C, "c")
2387
2388 var sharedSecret *C.uchar
2389 var sharedSecretLen C.size_t
2390 defer C.free(unsafe.Pointer(sharedSecret))
2391 if C.MLKEM_decap(privKey, (*C.uchar)(unsafe.Pointer(&c[0])), C.size_t(cLen), (**C.uchar)(unsafe.Pointer(&sharedSecret)), (*C.size_t)(unsafe.Pointer(&sharedSecretLen))) != 1 {
2392 fmt.Printf("%s - MLKEM_decap failed\n", wt)
2393 return false
2394 }
2395 gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen)
2396
2397 k, _ := mustDecodeHexString(wt.K, "K")
2398
2399 if !bytes.Equal(k, gotK) {
2400 fmt.Printf("FAIL: %s sharedSecret mismatch\n", wt)
2401 return false
2402 }
2403
2404 return true
2405}
2406
2407func runMLKEMEncapsTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool {
2408 pubKey := C.MLKEM_public_key_new(rank)
2409 defer C.MLKEM_public_key_free(pubKey)
2410 if pubKey == nil {
2411 log.Fatal("MLKEM_public_key_new failed")
2412 }
2413
2414 ek, ekLen := mustDecodeHexString(wt.C, "eK")
2415
2416 if C.MLKEM_parse_public_key(pubKey, (*C.uchar)(unsafe.Pointer(&ek[0])), (C.size_t)(ekLen)) != 0 || wt.Result != "invalid" {
2417 fmt.Printf("FAIL: %s MLKEM_parse_public_key succeeded\n", wt)
2418 return false
2419 }
2420
2421 return true
2422}
2423
2424func (wtg *wycheproofTestGroupMLKEM) run(algorithm string, variant testVariant) bool {
2425 var rank C.int
2426
2427 switch wtg.ParameterSet {
2428 case "ML-KEM-512":
2429 fmt.Printf("INFO: skipping %v test group of type %v for %s\n", algorithm, wtg.Type, wtg.ParameterSet)
2430 return true
2431 case "ML-KEM-768":
2432 rank = C.RANK768
2433 case "ML-KEM-1024":
2434 rank = C.RANK1024
2435 default:
2436 log.Fatalf("Unknown ML-KEM parameterSet %v", wtg.ParameterSet)
2437 }
2438 fmt.Printf("Running %v test group of type %v\n", algorithm, wtg.Type)
2439
2440 type MLKEMTestFunc func(C.int, *wycheproofTestMLKEM) bool
2441 var runTest MLKEMTestFunc
2442
2443 switch wtg.Type {
2444 case "MLKEMTest":
2445 runTest = runMLKEMTestGroup
2446 case "MLKEMEncapsTest":
2447 runTest = runMLKEMEncapsTestGroup
2448 default:
2449 log.Fatalf("Unknown ML-KEM test type %v", wtg.Type)
2212 } 2450 }
2213 C.free(unsafe.Pointer(value)) 2451
2452 success := true
2453 for _, wt := range wtg.Tests {
2454 if !runTest(rank, wt) {
2455 success = false
2456 }
2457 }
2458 return success
2459}
2460
2461func runPrimalityTest(wt *wycheproofTestPrimality) bool {
2462 bnValue := mustConvertBigIntToBigNum(wt.Value)
2214 defer C.BN_free(bnValue) 2463 defer C.BN_free(bnValue)
2215 2464
2216 ret := C.BN_is_prime_ex(bnValue, C.BN_prime_checks, (*C.BN_CTX)(unsafe.Pointer(nil)), (*C.BN_GENCB)(unsafe.Pointer(nil))) 2465 ret := C.BN_is_prime_ex(bnValue, C.BN_prime_checks, (*C.BN_CTX)(unsafe.Pointer(nil)), (*C.BN_GENCB)(unsafe.Pointer(nil)))
@@ -2280,13 +2529,17 @@ func runRsaesOaepTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproo
2280func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVariant) bool { 2529func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVariant) bool {
2281 fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA) 2530 fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)
2282 2531
2532 if skipHash(wtg.SHA) {
2533 return true
2534 }
2535
2283 rsa := C.RSA_new() 2536 rsa := C.RSA_new()
2284 if rsa == nil { 2537 if rsa == nil {
2285 log.Fatal("RSA_new failed") 2538 log.Fatal("RSA_new failed")
2286 } 2539 }
2287 defer C.RSA_free(rsa) 2540 defer C.RSA_free(rsa)
2288 2541
2289 d := C.CString(wtg.D) 2542 d := C.CString(wtg.PrivateKey.PrivateExponent)
2290 var rsaD *C.BIGNUM 2543 var rsaD *C.BIGNUM
2291 defer C.BN_free(rsaD) 2544 defer C.BN_free(rsaD)
2292 if C.BN_hex2bn(&rsaD, d) == 0 { 2545 if C.BN_hex2bn(&rsaD, d) == 0 {
@@ -2294,7 +2547,7 @@ func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVaria
2294 } 2547 }
2295 C.free(unsafe.Pointer(d)) 2548 C.free(unsafe.Pointer(d))
2296 2549
2297 e := C.CString(wtg.E) 2550 e := C.CString(wtg.PrivateKey.PublicExponent)
2298 var rsaE *C.BIGNUM 2551 var rsaE *C.BIGNUM
2299 defer C.BN_free(rsaE) 2552 defer C.BN_free(rsaE)
2300 if C.BN_hex2bn(&rsaE, e) == 0 { 2553 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2302,7 +2555,7 @@ func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVaria
2302 } 2555 }
2303 C.free(unsafe.Pointer(e)) 2556 C.free(unsafe.Pointer(e))
2304 2557
2305 n := C.CString(wtg.N) 2558 n := C.CString(wtg.PrivateKey.Modulus)
2306 var rsaN *C.BIGNUM 2559 var rsaN *C.BIGNUM
2307 defer C.BN_free(rsaN) 2560 defer C.BN_free(rsaN)
2308 if C.BN_hex2bn(&rsaN, n) == 0 { 2561 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2376,7 +2629,7 @@ func (wtg *wycheproofTestGroupRsaesPkcs1) run(algorithm string, variant testVari
2376 } 2629 }
2377 defer C.RSA_free(rsa) 2630 defer C.RSA_free(rsa)
2378 2631
2379 d := C.CString(wtg.D) 2632 d := C.CString(wtg.PrivateKey.PrivateExponent)
2380 var rsaD *C.BIGNUM 2633 var rsaD *C.BIGNUM
2381 defer C.BN_free(rsaD) 2634 defer C.BN_free(rsaD)
2382 if C.BN_hex2bn(&rsaD, d) == 0 { 2635 if C.BN_hex2bn(&rsaD, d) == 0 {
@@ -2384,7 +2637,7 @@ func (wtg *wycheproofTestGroupRsaesPkcs1) run(algorithm string, variant testVari
2384 } 2637 }
2385 C.free(unsafe.Pointer(d)) 2638 C.free(unsafe.Pointer(d))
2386 2639
2387 e := C.CString(wtg.E) 2640 e := C.CString(wtg.PrivateKey.PublicExponent)
2388 var rsaE *C.BIGNUM 2641 var rsaE *C.BIGNUM
2389 defer C.BN_free(rsaE) 2642 defer C.BN_free(rsaE)
2390 if C.BN_hex2bn(&rsaE, e) == 0 { 2643 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2392,7 +2645,7 @@ func (wtg *wycheproofTestGroupRsaesPkcs1) run(algorithm string, variant testVari
2392 } 2645 }
2393 C.free(unsafe.Pointer(e)) 2646 C.free(unsafe.Pointer(e))
2394 2647
2395 n := C.CString(wtg.N) 2648 n := C.CString(wtg.PrivateKey.Modulus)
2396 var rsaN *C.BIGNUM 2649 var rsaN *C.BIGNUM
2397 defer C.BN_free(rsaN) 2650 defer C.BN_free(rsaN)
2398 if C.BN_hex2bn(&rsaN, n) == 0 { 2651 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2451,13 +2704,30 @@ func runRsassaTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLen int, wt *wy
2451 2704
2452func (wtg *wycheproofTestGroupRsassa) run(algorithm string, variant testVariant) bool { 2705func (wtg *wycheproofTestGroupRsassa) run(algorithm string, variant testVariant) bool {
2453 fmt.Printf("Running %v test group %v with key size %d and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.SHA) 2706 fmt.Printf("Running %v test group %v with key size %d and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.SHA)
2707
2708 if skipHash(wtg.SHA) {
2709 return true
2710 }
2711
2454 rsa := C.RSA_new() 2712 rsa := C.RSA_new()
2455 if rsa == nil { 2713 if rsa == nil {
2456 log.Fatal("RSA_new failed") 2714 log.Fatal("RSA_new failed")
2457 } 2715 }
2458 defer C.RSA_free(rsa) 2716 defer C.RSA_free(rsa)
2459 2717
2460 e := C.CString(wtg.E) 2718 var publicExponent, modulus string
2719 if wtg.PublicKey != nil {
2720 publicExponent = wtg.PublicKey.PublicExponent
2721 modulus = wtg.PublicKey.Modulus
2722 } else if wtg.PrivateKey != nil {
2723 publicExponent = wtg.PrivateKey.PublicExponent
2724 modulus = wtg.PrivateKey.Modulus
2725 }
2726 if publicExponent == "" || modulus == "" {
2727 return true
2728 }
2729
2730 e := C.CString(publicExponent)
2461 var rsaE *C.BIGNUM 2731 var rsaE *C.BIGNUM
2462 defer C.BN_free(rsaE) 2732 defer C.BN_free(rsaE)
2463 if C.BN_hex2bn(&rsaE, e) == 0 { 2733 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2465,7 +2735,7 @@ func (wtg *wycheproofTestGroupRsassa) run(algorithm string, variant testVariant)
2465 } 2735 }
2466 C.free(unsafe.Pointer(e)) 2736 C.free(unsafe.Pointer(e))
2467 2737
2468 n := C.CString(wtg.N) 2738 n := C.CString(modulus)
2469 var rsaN *C.BIGNUM 2739 var rsaN *C.BIGNUM
2470 defer C.BN_free(rsaN) 2740 defer C.BN_free(rsaN)
2471 if C.BN_hex2bn(&rsaN, n) == 0 { 2741 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2522,7 +2792,19 @@ func (wtg *wycheproofTestGroupRSA) run(algorithm string, variant testVariant) bo
2522 } 2792 }
2523 defer C.RSA_free(rsa) 2793 defer C.RSA_free(rsa)
2524 2794
2525 e := C.CString(wtg.E) 2795 var publicExponent, modulus string
2796 if wtg.PublicKey != nil {
2797 publicExponent = wtg.PublicKey.PublicExponent
2798 modulus = wtg.PublicKey.Modulus
2799 } else if wtg.PrivateKey != nil {
2800 publicExponent = wtg.PrivateKey.PublicExponent
2801 modulus = wtg.PrivateKey.Modulus
2802 }
2803 if publicExponent == "" || modulus == "" {
2804 return true
2805 }
2806
2807 e := C.CString(publicExponent)
2526 var rsaE *C.BIGNUM 2808 var rsaE *C.BIGNUM
2527 defer C.BN_free(rsaE) 2809 defer C.BN_free(rsaE)
2528 if C.BN_hex2bn(&rsaE, e) == 0 { 2810 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2530,7 +2812,7 @@ func (wtg *wycheproofTestGroupRSA) run(algorithm string, variant testVariant) bo
2530 } 2812 }
2531 C.free(unsafe.Pointer(e)) 2813 C.free(unsafe.Pointer(e))
2532 2814
2533 n := C.CString(wtg.N) 2815 n := C.CString(modulus)
2534 var rsaN *C.BIGNUM 2816 var rsaN *C.BIGNUM
2535 defer C.BN_free(rsaN) 2817 defer C.BN_free(rsaN)
2536 if C.BN_hex2bn(&rsaN, n) == 0 { 2818 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2586,7 +2868,12 @@ func runX25519Test(wt *wycheproofTestX25519) bool {
2586} 2868}
2587 2869
2588func (wtg *wycheproofTestGroupX25519) run(algorithm string, variant testVariant) bool { 2870func (wtg *wycheproofTestGroupX25519) run(algorithm string, variant testVariant) bool {
2589 fmt.Printf("Running %v test group with curve %v...\n", algorithm, wtg.Curve) 2871 if wtg.Curve == "curve25519" {
2872 fmt.Printf("Running %v test group with curve %v...\n", algorithm, wtg.Curve)
2873 } else {
2874 fmt.Printf("INFO: Skipping %v test group with curve %v...\n", algorithm, wtg.Curve)
2875 return true
2876 }
2590 2877
2591 success := true 2878 success := true
2592 for _, wt := range wtg.Tests { 2879 for _, wt := range wtg.Tests {
@@ -2597,59 +2884,121 @@ func (wtg *wycheproofTestGroupX25519) run(algorithm string, variant testVariant)
2597 return success 2884 return success
2598} 2885}
2599 2886
2600func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTestGroupRunner { 2887func testGroupFromTestVector(wtv *wycheproofTestVectorsV1) (wycheproofTestGroupRunner, testVariant) {
2601 if algorithm == "ECDH" && variant == Webcrypto { 2888 variant := Normal
2602 return &wycheproofTestGroupECDHWebCrypto{} 2889
2603 } 2890 switch wtv.Algorithm {
2604 if algorithm == "ECDSA" && variant == Webcrypto { 2891 case "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512":
2605 return &wycheproofTestGroupECDSAWebCrypto{} 2892 return nil, Skip
2606 } 2893 case "AEGIS128", "AEGIS128L", "AEGIS256":
2607 switch algorithm { 2894 return nil, Skip
2895 case "AEAD-AES-SIV-CMAC":
2896 return nil, Skip
2608 case "AES-CBC-PKCS5": 2897 case "AES-CBC-PKCS5":
2609 return &wycheproofTestGroupAesCbcPkcs5{} 2898 return &wycheproofTestGroupAesCbcPkcs5{}, variant
2610 case "AES-CCM", "AES-GCM": 2899 case "AES-CCM", "AES-GCM":
2611 return &wycheproofTestGroupAesAead{} 2900 return &wycheproofTestGroupAesAead{}, variant
2612 case "AES-CMAC": 2901 case "AES-CMAC":
2613 return &wycheproofTestGroupAesCmac{} 2902 return &wycheproofTestGroupAesCmac{}, variant
2903 case "AES-EAX", "AES-FF1", "AES-GCM-SIV", "AES-GMAC", "AES-KWP", "AES-SIV-CMAC", "AES-XTS":
2904 return nil, Skip
2905 case "AES-WRAP":
2906 return &wycheproofTestGroupKW{}, variant
2907 case "ARIA-CBC-PKCS5", "ARIA-CCM", "ARIA-CMAC", "ARIA-GCM", "ARIA-KWP", "ARIA-WRAP":
2908 return nil, Skip
2909 case "ASCON128", "ASCON128A", "ASCON80PQ":
2910 return nil, Skip
2911 case "CAMELLIA-CBC-PKCS5", "CAMELLIA-CCM", "CAMELLIA-CMAC", "CAMELLIA-WRAP":
2912 return nil, Skip
2614 case "CHACHA20-POLY1305", "XCHACHA20-POLY1305": 2913 case "CHACHA20-POLY1305", "XCHACHA20-POLY1305":
2615 return &wycheproofTestGroupChaCha{} 2914 return &wycheproofTestGroupChaCha{}, variant
2616 case "DSA": 2915 case "DSA":
2617 return &wycheproofTestGroupDSA{} 2916 if wtv.Schema == "dsa_p1363_verify_schema_v1.json" {
2917 variant = P1363
2918 }
2919 return &wycheproofTestGroupDSA{}, variant
2920 case "EcCurveTest":
2921 return &wycheproofTestGroupEcCurve{}, variant
2618 case "ECDH": 2922 case "ECDH":
2619 return &wycheproofTestGroupECDH{} 2923 if wtv.Schema == "ecdh_webcrypto_test_schema_v1.json" {
2924 return &wycheproofTestGroupECDHWebCrypto{}, Webcrypto
2925 }
2926 if wtv.Schema == "ecdh_ecpoint_test_schema_v1.json" {
2927 variant = EcPoint
2928 }
2929 if wtv.Schema == "ecdh_pem_test_schema_v1.json" {
2930 variant = Skip
2931 }
2932 return &wycheproofTestGroupECDH{}, variant
2620 case "ECDSA": 2933 case "ECDSA":
2621 return &wycheproofTestGroupECDSA{} 2934 if wtv.Schema == "ecdsa_bitcoin_verify_schema.json" {
2935 variant = Skip
2936 }
2937 if wtv.Schema == "ecdsa_p1363_verify_schema_v1.json" {
2938 variant = P1363
2939 }
2940 return &wycheproofTestGroupECDSA{}, variant
2622 case "EDDSA": 2941 case "EDDSA":
2623 return &wycheproofTestGroupEdDSA{} 2942 return &wycheproofTestGroupEdDSA{}, variant
2624 case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512": 2943 case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
2625 return &wycheproofTestGroupHkdf{} 2944 return &wycheproofTestGroupHkdf{}, variant
2626 case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA3-224", "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512": 2945 case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA512/224", "HMACSHA512/256", "HMACSHA3-224", "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512":
2627 return &wycheproofTestGroupHmac{} 2946 return &wycheproofTestGroupHmac{}, variant
2628 case "KW": 2947 case "HMACSM3":
2629 return &wycheproofTestGroupKW{} 2948 return nil, Skip
2949 case "KMAC128", "KMAC256":
2950 return nil, Skip
2951 case "ML-DSA-44", "ML-DSA-65", "ML-DSA-87":
2952 return nil, Skip
2953 case "ML-KEM":
2954 return &wycheproofTestGroupMLKEM{}, Normal
2955 case "MORUS640", "MORUS1280":
2956 return nil, Skip
2957 case "PbeWithHmacSha1AndAes_128", "PbeWithHmacSha1AndAes_192", "PbeWithHmacSha1AndAes_256", "PbeWithHmacSha224AndAes_128", "PbeWithHmacSha224AndAes_192", "PbeWithHmacSha224AndAes_256", "PbeWithHmacSha256AndAes_128", "PbeWithHmacSha256AndAes_192", "PbeWithHmacSha256AndAes_256", "PbeWithHmacSha384AndAes_128", "PbeWithHmacSha384AndAes_192", "PbeWithHmacSha384AndAes_256", "PbeWithHmacSha512AndAes_128", "PbeWithHmacSha512AndAes_192", "PbeWithHmacSha512AndAes_256":
2958 return nil, Skip
2959 case "PBKDF2-HMACSHA1", "PBKDF2-HMACSHA224", "PBKDF2-HMACSHA256", "PBKDF2-HMACSHA384", "PBKDF2-HMACSHA512":
2960 return nil, Skip
2630 case "PrimalityTest": 2961 case "PrimalityTest":
2631 return &wycheproofTestGroupPrimality{} 2962 return &wycheproofTestGroupPrimality{}, variant
2632 case "RSAES-OAEP": 2963 case "RSAES-OAEP":
2633 return &wycheproofTestGroupRsaesOaep{} 2964 return &wycheproofTestGroupRsaesOaep{}, variant
2634 case "RSAES-PKCS1-v1_5": 2965 case "RSAES-PKCS1-v1_5":
2635 return &wycheproofTestGroupRsaesPkcs1{} 2966 return &wycheproofTestGroupRsaesPkcs1{}, variant
2636 case "RSASSA-PSS": 2967 case "RSASSA-PSS":
2637 return &wycheproofTestGroupRsassa{} 2968 return &wycheproofTestGroupRsassa{}, variant
2638 case "RSASSA-PKCS1-v1_5", "RSASig": 2969 case "RSASSA-PKCS1-v1_5", "RSASig":
2639 return &wycheproofTestGroupRSA{} 2970 return &wycheproofTestGroupRSA{}, variant
2640 case "XDH", "X25519": 2971 case "SEED-CCM", "SEED-GCM", "SEED-WRAP":
2641 return &wycheproofTestGroupX25519{} 2972 return nil, Skip
2973 case "SipHash-1-3", "SipHash-2-4", "SipHash-4-8", "SipHashX-2-4", "SipHashX-4-8":
2974 return nil, Skip
2975 case "SM4-CCM", "SM4-GCM":
2976 return nil, Skip
2977 case "VMAC-AES":
2978 return nil, Skip
2979 case "XDH":
2980 switch wtv.Schema {
2981 case "xdh_asn_comp_schema_v1.json", "xdh_jwk_comp_schema_v1.json", "xdh_pem_comp_schema_v1.json":
2982 variant = Skip
2983 case "xdh_comp_schema_v1.json":
2984 variant = Normal
2985 }
2986 return &wycheproofTestGroupX25519{}, variant
2642 default: 2987 default:
2643 return nil 2988 // XXX - JOSE tests don't set an Algorithm...
2989 if strings.HasPrefix(wtv.Schema, "json_web_") {
2990 return nil, Skip
2991 }
2992 return nil, Normal
2644 } 2993 }
2645} 2994}
2646 2995
2647func runTestVectors(path string, variant testVariant) bool { 2996func runTestVectors(path string) bool {
2648 b, err := ioutil.ReadFile(path) 2997 b, err := ioutil.ReadFile(path)
2649 if err != nil { 2998 if err != nil {
2650 log.Fatalf("Failed to read test vectors: %v", err) 2999 log.Fatalf("Failed to read test vectors: %v", err)
2651 } 3000 }
2652 wtv := &wycheproofTestVectors{} 3001 wtv := &wycheproofTestVectorsV1{}
2653 if err := json.Unmarshal(b, wtv); err != nil { 3002 if err := json.Unmarshal(b, wtv); err != nil {
2654 log.Fatalf("Failed to unmarshal JSON: %v", err) 3003 log.Fatalf("Failed to unmarshal JSON: %v", err)
2655 } 3004 }
@@ -2657,10 +3006,13 @@ func runTestVectors(path string, variant testVariant) bool {
2657 3006
2658 success := true 3007 success := true
2659 for _, tg := range wtv.TestGroups { 3008 for _, tg := range wtv.TestGroups {
2660 wtg := testGroupFromAlgorithm(wtv.Algorithm, variant) 3009 wtg, variant := testGroupFromTestVector(wtv)
3010 if variant == Skip {
3011 fmt.Printf("INFO: Skipping tests from \"%s\"\n", filepath.Base(path))
3012 return true
3013 }
2661 if wtg == nil { 3014 if wtg == nil {
2662 log.Printf("INFO: Unknown test vector algorithm %q", wtv.Algorithm) 3015 log.Fatalf("INFO: Unknown test vector algorithm %qin \"%s\"", wtv.Algorithm, filepath.Base(path))
2663 return false
2664 } 3016 }
2665 if err := json.Unmarshal(tg, wtg); err != nil { 3017 if err := json.Unmarshal(tg, wtg); err != nil {
2666 log.Fatalf("Failed to unmarshal test groups JSON: %v", err) 3018 log.Fatalf("Failed to unmarshal test groups JSON: %v", err)
@@ -2714,44 +3066,13 @@ func (tc *testCoordinator) shutdown() {
2714} 3066}
2715 3067
2716func main() { 3068func main() {
2717 if _, err := os.Stat(testVectorPath); os.IsNotExist(err) { 3069 path := testVectorPath
3070 if _, err := os.Stat(path); os.IsNotExist(err) {
2718 fmt.Printf("package wycheproof-testvectors is required for this regress\n") 3071 fmt.Printf("package wycheproof-testvectors is required for this regress\n")
2719 fmt.Printf("SKIPPED\n") 3072 fmt.Printf("SKIPPED\n")
2720 os.Exit(0) 3073 os.Exit(0)
2721 } 3074 }
2722 3075
2723 tests := []struct {
2724 name string
2725 pattern string
2726 variant testVariant
2727 }{
2728 {"AES", "aes_[cg]*[^xv]_test.json", Normal}, // Skip AES-EAX, AES-GCM-SIV and AES-SIV-CMAC.
2729 {"ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal},
2730 {"DSA", "dsa_*test.json", Normal},
2731 {"DSA", "dsa_*_p1363_test.json", P1363},
2732 {"ECDH", "ecdh_test.json", Normal},
2733 {"ECDH", "ecdh_[^w_]*_test.json", Normal},
2734 {"ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint},
2735 {"ECDH webcrypto", "ecdh_webcrypto_test.json", Webcrypto},
2736 {"ECDSA", "ecdsa_test.json", Normal},
2737 {"ECDSA", "ecdsa_[^w]*test.json", Normal},
2738 {"ECDSA P1363", "ecdsa_*_p1363_test.json", P1363},
2739 {"ECDSA webcrypto", "ecdsa_webcrypto_test.json", Webcrypto},
2740 {"EDDSA", "eddsa_test.json", Normal},
2741 {"ED448", "ed448_test.json", Skip},
2742 {"HKDF", "hkdf_sha*_test.json", Normal},
2743 {"HMAC", "hmac_sha*_test.json", Normal},
2744 {"JSON webcrypto", "json_web_*_test.json", Skip},
2745 {"KW", "kw_test.json", Normal},
2746 {"Primality test", "primality_test.json", Normal},
2747 {"RSA", "rsa_*test.json", Normal},
2748 {"X25519", "x25519_test.json", Normal},
2749 {"X25519 ASN", "x25519_asn_test.json", Skip},
2750 {"X25519 JWK", "x25519_jwk_test.json", Skip},
2751 {"X25519 PEM", "x25519_pem_test.json", Skip},
2752 {"XCHACHA20-POLY1305", "xchacha20_poly1305_test.json", Normal},
2753 }
2754
2755 success := true 3076 success := true
2756 3077
2757 var wg sync.WaitGroup 3078 var wg sync.WaitGroup
@@ -2764,33 +3085,25 @@ func main() {
2764 3085
2765 testc = newTestCoordinator() 3086 testc = newTestCoordinator()
2766 3087
2767 skipNormal := regexp.MustCompile(`_(ecpoint|p1363|sect\d{3}[rk]1|secp(160|192))_`) 3088 tvs, err := filepath.Glob(filepath.Join(path, "*.json"))
2768 3089 if err != nil {
2769 for _, test := range tests { 3090 log.Fatalf("Failed to glob test vectors: %v", err)
2770 tvs, err := filepath.Glob(filepath.Join(testVectorPath, test.pattern)) 3091 }
2771 if err != nil { 3092 if len(tvs) == 0 {
2772 log.Fatalf("Failed to glob %v test vectors: %v", test.name, err) 3093 log.Fatalf("Failed to find test vectors at %q\n", path)
2773 } 3094 }
2774 if len(tvs) == 0 { 3095 for _, tv := range tvs {
2775 log.Fatalf("Failed to find %v test vectors at %q\n", test.name, testVectorPath) 3096 wg.Add(1)
2776 } 3097 <-vectorsRateLimitCh
2777 for _, tv := range tvs { 3098 go func(tv string) {
2778 if test.variant == Skip || (test.variant == Normal && skipNormal.Match([]byte(tv))) { 3099 select {
2779 fmt.Printf("INFO: Skipping tests from \"%s\"\n", strings.TrimPrefix(tv, testVectorPath+"/")) 3100 case resultCh <- runTestVectors(tv):
2780 continue 3101 default:
3102 log.Fatal("result channel is full")
2781 } 3103 }
2782 wg.Add(1) 3104 vectorsRateLimitCh <- true
2783 <-vectorsRateLimitCh 3105 wg.Done()
2784 go func(tv string, variant testVariant) { 3106 }(tv)
2785 select {
2786 case resultCh <- runTestVectors(tv, variant):
2787 default:
2788 log.Fatal("result channel is full")
2789 }
2790 vectorsRateLimitCh <- true
2791 wg.Done()
2792 }(tv, test.variant)
2793 }
2794 } 3107 }
2795 3108
2796 wg.Wait() 3109 wg.Wait()
diff --git a/src/regress/lib/libcrypto/x509/Makefile b/src/regress/lib/libcrypto/x509/Makefile
index 19e65efddd..94e9e476a0 100644
--- a/src/regress/lib/libcrypto/x509/Makefile
+++ b/src/regress/lib/libcrypto/x509/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.24 2025/03/15 06:37:49 tb Exp $ 1# $OpenBSD: Makefile,v 1.25 2025/05/05 06:33:34 tb Exp $
2 2
3PROGS = constraints verify x509attribute x509name x509req_ext callback 3PROGS = constraints verify x509attribute x509req_ext callback
4PROGS += expirecallback callbackfailures x509_asn1 x509_extensions_test 4PROGS += expirecallback callbackfailures x509_asn1 x509_extensions_test
5PROGS += x509_name_test 5PROGS += x509_name_test
6LDADD = -lcrypto 6LDADD = -lcrypto
@@ -16,7 +16,7 @@ CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring
16 16
17SUBDIR += bettertls policy rfc3779 17SUBDIR += bettertls policy rfc3779
18 18
19CLEANFILES += x509name.result callback.out 19CLEANFILES += callback.out
20 20
21.if make(clean) || make(cleandir) 21.if make(clean) || make(cleandir)
22. if ${.OBJDIR} != ${.CURDIR} 22. if ${.OBJDIR} != ${.CURDIR}
@@ -29,10 +29,6 @@ run-regress-verify: verify
29 perl ${.CURDIR}/make-dir-roots.pl ${.CURDIR}/../certs . 29 perl ${.CURDIR}/make-dir-roots.pl ${.CURDIR}/../certs .
30 ./verify ${.CURDIR}/../certs 30 ./verify ${.CURDIR}/../certs
31 31
32run-regress-x509name: x509name
33 ./x509name > x509name.result
34 diff -u ${.CURDIR}/x509name.expected x509name.result
35
36run-regress-callback: callback 32run-regress-callback: callback
37 ./callback ${.CURDIR}/../certs 33 ./callback ${.CURDIR}/../certs
38 perl ${.CURDIR}/callback.pl callback.out 34 perl ${.CURDIR}/callback.pl callback.out
diff --git a/src/regress/lib/libcrypto/x509/bettertls/Makefile b/src/regress/lib/libcrypto/x509/bettertls/Makefile
index 2724140635..2a06239fc5 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/Makefile
+++ b/src/regress/lib/libcrypto/x509/bettertls/Makefile
@@ -1,10 +1,10 @@
1# $OpenBSD: Makefile,v 1.6 2024/12/27 08:02:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.7 2025/07/23 07:46:12 tb Exp $
2 2
3PROGS = verify 3PROGS = verify
4 4
5.ifdef EOPENSSL33 5.ifdef EOPENSSL35
6LDADD += -Wl,-rpath,/usr/local/lib/eopenssl33 -L/usr/local/lib/eopenssl33 6LDADD += -Wl,-rpath,/usr/local/lib/eopenssl35 -L/usr/local/lib/eopenssl35
7CFLAGS += -I/usr/local/include/eopenssl33/ 7CFLAGS += -I/usr/local/include/eopenssl35/
8.endif 8.endif
9 9
10LDADD += -lcrypto 10LDADD += -lcrypto
diff --git a/src/regress/lib/libcrypto/x509/x509_name_test.c b/src/regress/lib/libcrypto/x509/x509_name_test.c
index eaf7076d74..24e62cc766 100644
--- a/src/regress/lib/libcrypto/x509/x509_name_test.c
+++ b/src/regress/lib/libcrypto/x509/x509_name_test.c
@@ -1,7 +1,9 @@
1/* $OpenBSD: x509_name_test.c,v 1.2 2025/03/19 11:19:17 tb Exp $ */ 1/* $OpenBSD: x509_name_test.c,v 1.3 2025/05/05 06:33:34 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
5 * Copyright (c) 2025 Kenjiro Nakayama <nakayamakenjiro@gmail.com>
6 * Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
5 * 7 *
6 * Permission to use, copy, modify, and distribute this software for any 8 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 9 * purpose with or without fee is hereby granted, provided that the above
@@ -288,12 +290,131 @@ x509_name_compat_test(void)
288 return failed; 290 return failed;
289} 291}
290 292
293static const struct x509_name_entry_test {
294 const char *field;
295 const char *value;
296 int loc;
297 int set;
298 const char *expected_str;
299 const int expected_set[4];
300 const int expected_count;
301} entry_tests[] = {
302 {
303 .field = "ST",
304 .value = "BaWue",
305 .loc = -1,
306 .set = 0,
307 .expected_str = "ST=BaWue",
308 .expected_set = { 0 },
309 .expected_count = 1,
310 },
311 {
312 .field = "O",
313 .value = "KIT",
314 .loc = -1,
315 .set = 0,
316 .expected_str = "ST=BaWue, O=KIT",
317 .expected_set = { 0, 1 },
318 .expected_count = 2,
319 },
320 {
321 .field = "L",
322 .value = "Karlsruhe",
323 .loc = 1,
324 .set = 0,
325 .expected_str = "ST=BaWue, L=Karlsruhe, O=KIT",
326 .expected_set = { 0, 1, 2 },
327 .expected_count = 3,
328 },
329 {
330 .field = "C",
331 .value = "DE",
332 .loc = 0,
333 .set = 1,
334 .expected_str = "C=DE + ST=BaWue, L=Karlsruhe, O=KIT",
335 .expected_set = { 0, 0, 1, 2 },
336 .expected_count = 4,
337 },
338};
339
340#define N_ENTRY_TESTS (sizeof(entry_tests) / sizeof(entry_tests[0]))
341
342static int
343verify_x509_name_output(X509_NAME *name, const struct x509_name_entry_test *tc)
344{
345 BIO *bio;
346 char *got;
347 long got_len;
348 int loc, ret;
349 int failed = 1;
350
351 if ((bio = BIO_new(BIO_s_mem())) == NULL)
352 goto fail;
353
354 if ((ret = X509_NAME_print_ex(bio, name, 0, XN_FLAG_SEP_CPLUS_SPC)) == -1)
355 goto fail;
356
357 if ((got_len = BIO_get_mem_data(bio, &got)) < 0)
358 goto fail;
359
360 if (ret != got_len || strlen(tc->expected_str) != (size_t)ret)
361 goto fail;
362
363 if (strncmp(tc->expected_str, got, got_len) != 0)
364 goto fail;
365
366 if (X509_NAME_entry_count(name) != tc->expected_count)
367 goto fail;
368
369 for (loc = 0; loc < X509_NAME_entry_count(name); loc++) {
370 X509_NAME_ENTRY *e = X509_NAME_get_entry(name, loc);
371 if (e == NULL || X509_NAME_ENTRY_set(e) != tc->expected_set[loc])
372 goto fail;
373 }
374
375 failed = 0;
376
377 fail:
378 BIO_free(bio);
379
380 return failed;
381}
382
383static int
384x509_name_add_entry_test(void)
385{
386 X509_NAME *name;
387 int failed = 1;
388
389 if ((name = X509_NAME_new()) == NULL)
390 goto done;
391
392 for (size_t i = 0; i < N_ENTRY_TESTS; i++) {
393 const struct x509_name_entry_test *t = &entry_tests[i];
394
395 if (!X509_NAME_add_entry_by_txt(name, t->field, MBSTRING_ASC,
396 (const unsigned char *)t->value, -1, t->loc, t->set))
397 goto done;
398
399 if (verify_x509_name_output(name, t))
400 goto done;
401 }
402
403 failed = 0;
404
405 done:
406 X509_NAME_free(name);
407
408 return failed;
409}
410
291int 411int
292main(void) 412main(void)
293{ 413{
294 int failed = 0; 414 int failed = 0;
295 415
296 failed |= x509_name_compat_test(); 416 failed |= x509_name_compat_test();
417 failed |= x509_name_add_entry_test();
297 418
298 return failed; 419 return failed;
299} 420}
diff --git a/src/regress/lib/libcrypto/x509/x509name.c b/src/regress/lib/libcrypto/x509/x509name.c
deleted file mode 100644
index 9deeeb2986..0000000000
--- a/src/regress/lib/libcrypto/x509/x509name.c
+++ /dev/null
@@ -1,62 +0,0 @@
1/* $OpenBSD: x509name.c,v 1.3 2021/10/31 08:27:15 tb Exp $ */
2/*
3 * Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include <openssl/x509.h>
22
23static void debug_print(X509_NAME *);
24
25static void
26debug_print(X509_NAME *name)
27{
28 int loc;
29
30 for (loc = 0; loc < X509_NAME_entry_count(name); loc++)
31 printf("%d:",
32 X509_NAME_ENTRY_set(X509_NAME_get_entry(name, loc)));
33 putchar(' ');
34 X509_NAME_print_ex_fp(stdout, name, 0, XN_FLAG_SEP_CPLUS_SPC);
35 putchar('\n');
36}
37
38int
39main(void)
40{
41 X509_NAME *name;
42
43 if ((name = X509_NAME_new()) == NULL)
44 err(1, NULL);
45 X509_NAME_add_entry_by_txt(name, "ST", MBSTRING_ASC,
46 "BaWue", -1, -1, 0);
47 X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
48 "KIT", -1, -1, 0);
49 debug_print(name);
50
51 X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC,
52 "Karlsruhe", -1, 1, 0);
53 debug_print(name);
54
55 X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
56 "DE", -1, 0, 1);
57 debug_print(name);
58
59 X509_NAME_free(name);
60
61 return 0;
62}
diff --git a/src/regress/lib/libcrypto/x509/x509name.expected b/src/regress/lib/libcrypto/x509/x509name.expected
deleted file mode 100644
index 6cee7cc435..0000000000
--- a/src/regress/lib/libcrypto/x509/x509name.expected
+++ /dev/null
@@ -1,3 +0,0 @@
10:1: ST=BaWue, O=KIT
20:1:2: ST=BaWue, L=Karlsruhe, O=KIT
30:0:1:2: C=DE + ST=BaWue, L=Karlsruhe, O=KIT
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index bdc67f627a..e1e9633d37 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
2 2
3SUBDIR = libressl openssl33 openssl34 3SUBDIR = libressl openssl35
4 4
5# the above binaries must have been built before we can continue 5# the above binaries must have been built before we can continue
6SUBDIR += netcat 6SUBDIR += netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 85877d4290..56bcdaf4bd 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4 4
@@ -20,11 +20,8 @@ CXX = /usr/local/bin/eg++
20.endif 20.endif
21 21
22LIBRARIES = libressl 22LIBRARIES = libressl
23.if exists(/usr/local/bin/eopenssl33) 23.if exists(/usr/local/bin/eopenssl35)
24LIBRARIES += openssl33 24LIBRARIES += openssl35
25.endif
26.if exists(/usr/local/bin/eopenssl34)
27LIBRARIES += openssl34
28.endif 25.endif
29 26
30PROGS = client 27PROGS = client
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 74c63c86a8..9698c56acd 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 3.x. Create client and server certificates 4# openssl 3.x. Create client and server certificates
@@ -7,11 +7,8 @@
7# and check the result of certificate verification. 7# and check the result of certificate verification.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33) 10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl33 11LIBRARIES += openssl35
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif 12.endif
16 13
17.for cca in noca ca fakeca 14.for cca in noca ca fakeca
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index fa7e25f9ee..5bdc9089fe 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers 4# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -7,11 +7,8 @@
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33) 10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl33 11LIBRARIES += openssl35
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif 12.endif
16 13
17CLEANFILES = *.tmp *.ciphers ciphers.mk 14CLEANFILES = *.tmp *.ciphers ciphers.mk
@@ -41,8 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
41 uniq -d <$@.tmp >$@ 38 uniq -d <$@.tmp >$@
42 # we are only interested in ciphers supported by libressl 39 # we are only interested in ciphers supported by libressl
43 sort $@ client-libressl.ciphers >$@.tmp 40 sort $@ client-libressl.ciphers >$@.tmp
44. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ 41. if "${clib}" == "openssl35" || "${slib}" == "openssl35"
45 "${clib}" == "openssl34" || "${slib}" == "openssl34"
46 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 42 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
47 sed -i '/^TLS_/d' $@.tmp 43 sed -i '/^TLS_/d' $@.tmp
48. endif 44. endif
@@ -70,8 +66,7 @@ regress: ciphers.mk
70.endif 66.endif
71 67
72LEVEL_libressl = 68LEVEL_libressl =
73LEVEL_openssl33 = ,@SECLEVEL=0 69LEVEL_openssl35 = ,@SECLEVEL=0
74LEVEL_openssl34 = ,@SECLEVEL=0
75 70
76.for clib in ${LIBRARIES} 71.for clib in ${LIBRARIES}
77.for slib in ${LIBRARIES} 72.for slib in ${LIBRARIES}
@@ -132,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
132. endif 127. endif
133. if "${clib}" == "libressl" 128. if "${clib}" == "libressl"
134 # libressl client may prefer chacha-poly if aes-ni is not supported 129 # libressl client may prefer chacha-poly if aes-ni is not supported
135. if "${slib}" == "openssl33" || "${slib}" == "openssl34" 130. if "${slib}" == "openssl35"
136 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 131 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
137. else 132. else
138 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 133 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 3b8e3f95be..cff6b7ea76 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,11 +1,8 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2 2
3LIBRARIES = libressl 3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33) 4.if exists(/usr/local/bin/eopenssl35)
5LIBRARIES += openssl33 5LIBRARIES += openssl35
6.endif
7.if exists(/usr/local/bin/eopenssl34)
8LIBRARIES += openssl34
9.endif 6.endif
10 7
11# run netcat server and connect with test client 8# run netcat server and connect with test client
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index eff61704d0..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl33)
4regress:
5 # install openssl-3.3 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl33
13LDFLAGS = -L /usr/local/lib/eopenssl33
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl33/libssl.a \
16 /usr/local/lib/eopenssl33/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl33
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.3
27 grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.3
34 grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.3 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl33)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 72246bb621..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl34)
4regress:
5 # install openssl-3.4 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl34
13LDFLAGS = -L /usr/local/lib/eopenssl34
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl34/libssl.a \
16 /usr/local/lib/eopenssl34/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl34
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.4
27 grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.4
34 grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.4 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl34)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl35/Makefile b/src/regress/lib/libssl/interop/openssl35/Makefile
new file mode 100644
index 0000000000..e11ad5dd20
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl35/Makefile
@@ -0,0 +1,44 @@
1# $OpenBSD: Makefile,v 1.1 2025/07/09 17:48:02 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl35)
4regress:
5 # install openssl-3.5 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.5" to run tests against OpenSSL 3.5'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl35
13LDFLAGS = -L /usr/local/lib/eopenssl35
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl35/libssl.a \
16 /usr/local/lib/eopenssl35/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl35
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.5
27 grep -q /usr/local/lib/eopenssl35/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl35/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.5
34 grep 'SSLEAY_VERSION: OpenSSL 3.5' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.5 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl35)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index e9a353f99e..fff66b169b 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,11 +1,8 @@
1# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
2 2
3LIBRARIES = libressl 3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33) 4.if exists(/usr/local/bin/eopenssl35)
5#LIBRARIES += openssl33 5#LIBRARIES += openssl35
6.endif
7.if exists(/usr/local/bin/eopenssl34)
8#LIBRARIES += openssl34
9.endif 6.endif
10 7
11run-session-client-libressl-server-libressl: 8run-session-client-libressl-server-libressl:
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 605fba252f..5ee7d4c4f3 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS 4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@@ -7,11 +7,8 @@
7# print out. 7# print out.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33) 10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl33 11LIBRARIES += openssl35
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif 12.endif
16 13
17VERSIONS = any TLS1_2 TLS1_3 14VERSIONS = any TLS1_2 TLS1_3
@@ -29,8 +26,7 @@ FAIL_${cver}_${sver} = !
29.for slib in ${LIBRARIES} 26.for slib in ${LIBRARIES}
30 27
31.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ 28.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
32 ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \ 29 ((("${clib}" != openssl35 && "${slib}" != openssl35)) || \
33 (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
34 (("${cver}" != any && "${sver}" != any) && \ 30 (("${cver}" != any && "${sver}" != any) && \
35 ("${cver}" != TLS1 && "${sver}" != TLS1) && \ 31 ("${cver}" != TLS1 && "${sver}" != TLS1) && \
36 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) 32 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
diff --git a/src/regress/lib/libssl/openssl-ruby/Makefile b/src/regress/lib/libssl/openssl-ruby/Makefile
index af8083f662..19d2f2fc40 100644
--- a/src/regress/lib/libssl/openssl-ruby/Makefile
+++ b/src/regress/lib/libssl/openssl-ruby/Makefile
@@ -1,10 +1,10 @@
1# $OpenBSD: Makefile,v 1.14 2024/08/31 11:14:58 tb Exp $ 1# $OpenBSD: Makefile,v 1.17 2025/06/27 03:32:08 tb Exp $
2 2
3OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests 3OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests
4.if exists(/usr/local/bin/ruby32) 4.if exists(/usr/local/bin/ruby33)
5RUBY_BINREV = 32
6.else
7RUBY_BINREV = 33 5RUBY_BINREV = 33
6.else
7RUBY_BINREV = 34
8.endif 8.endif
9RUBY = ruby${RUBY_BINREV} 9RUBY = ruby${RUBY_BINREV}
10 10
@@ -71,6 +71,21 @@ ${_t}: ${_BUILD_COOKIE}
71 -n ${_t} 71 -n ${_t}
72.endfor 72.endfor
73 73
74# These tests can be a pain to run. To run a small set of individual
75# ssl tests, set the test names separated by spaces in the environment
76# variable RUBY_SSL_TEST_TARGETS - then you can type "make <test_name>"
77# to run a single ruby ssl test.
78.for _t in ${RUBY_SSL_TEST_TARGETS}
79REGRESS_TARGETS += ${_t}
80REGRESS_EXPECTED_FAILURES += ${_t}
81${_t}: ${_BUILD_COOKIE}
82 cd ${BUILDDIR} && \
83 ${RUBY} -I. -I${OPENSSL_RUBY_TESTS}/test/openssl \
84 -I${OPENSSL_RUBY_TESTS}/lib \
85 ${OPENSSL_RUBY_TESTS}/test/openssl/test_ssl.rb \
86 -n ${_t}
87.endfor
88
74CLEANFILES += ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE} 89CLEANFILES += ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE}
75 90
76. if make(clean) || make(cleandir) 91. if make(clean) || make(cleandir)
diff --git a/src/regress/lib/libssl/pqueue/Makefile b/src/regress/lib/libssl/pqueue/Makefile
index 48c2cb7e61..05fe9a268d 100644
--- a/src/regress/lib/libssl/pqueue/Makefile
+++ b/src/regress/lib/libssl/pqueue/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2016/11/04 19:45:12 jsing Exp $ 1# $OpenBSD: Makefile,v 1.2 2025/05/04 11:04:02 tb Exp $
2 2
3PROG= pq_test 3PROG= pq_test
4SRC= ${.CURDIR}/../../../../lib/libssl 4SRC= ${.CURDIR}/../../../../lib/libssl
@@ -9,9 +9,4 @@ DPADD= ${LIBSSL} ${LIBCRYPTO}
9WARNINGS= Yes 9WARNINGS= Yes
10CFLAGS+= -DLIBRESSL_INTERNAL -Werror 10CFLAGS+= -DLIBRESSL_INTERNAL -Werror
11 11
12REGRESS_TARGETS= regress-pq_test
13
14regress-pq_test: ${PROG}
15 ${.OBJDIR}/pq_test | cmp -s ${.CURDIR}/expected.txt /dev/stdin
16
17.include <bsd.regress.mk> 12.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/expected.txt b/src/regress/lib/libssl/pqueue/expected.txt
deleted file mode 100644
index c59d6cd838..0000000000
--- a/src/regress/lib/libssl/pqueue/expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1item 6966726167696c69
2item 7374696365787069
3item 737570657263616c
diff --git a/src/regress/lib/libssl/pqueue/pq_test.c b/src/regress/lib/libssl/pqueue/pq_test.c
index a078ba5366..822fdea961 100644
--- a/src/regress/lib/libssl/pqueue/pq_test.c
+++ b/src/regress/lib/libssl/pqueue/pq_test.c
@@ -59,60 +59,77 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <stdlib.h> 60#include <stdlib.h>
61#include <string.h> 61#include <string.h>
62
62#include "pqueue.h" 63#include "pqueue.h"
63 64
64/* remember to change expected.txt if you change these values */ 65static const unsigned char *pq_expected[3] = {
65unsigned char prio1[8] = "supercal"; 66 "ifragili",
66unsigned char prio2[8] = "ifragili"; 67 "sticexpi",
67unsigned char prio3[8] = "sticexpi"; 68 "supercal"
69};
68 70
69static void 71static int
70pqueue_print(pqueue pq) 72test_pqueue(void)
71{ 73{
72 pitem *iter, *item; 74 const unsigned char *prio1 = pq_expected[2];
73 75 const unsigned char *prio2 = pq_expected[0];
74 iter = pqueue_iterator(pq); 76 const unsigned char *prio3 = pq_expected[1];
75 for (item = pqueue_next(&iter); item != NULL; 77 pqueue pq = NULL;
76 item = pqueue_next(&iter)) { 78 pitem *item = NULL;
77 printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n", 79 pitem *iter = NULL;
78 item->priority[0], item->priority[1], 80 int i = 0;
79 item->priority[2], item->priority[3], 81 int failed = 1;
80 item->priority[4], item->priority[5],
81 item->priority[6], item->priority[7]);
82 }
83}
84 82
85int 83 if ((pq = pqueue_new()) == NULL)
86main(void) 84 goto failure;
87{
88 pitem *item;
89 pqueue pq;
90 85
91 pq = pqueue_new(); 86 if (!pqueue_insert(pq, pitem_new(prio3, NULL)))
87 goto failure;
88 if (!pqueue_insert(pq, pitem_new(prio1, NULL)))
89 goto failure;
90 if (!pqueue_insert(pq, pitem_new(prio2, NULL)))
91 goto failure;
92 92
93 item = pitem_new(prio3, NULL); 93 if (pqueue_size(pq) != 3)
94 pqueue_insert(pq, item); 94 goto failure;
95 95
96 item = pitem_new(prio1, NULL); 96 if ((item = pqueue_find(pq, prio1)) == NULL)
97 pqueue_insert(pq, item); 97 goto failure;
98 if ((item = pqueue_find(pq, prio2)) == NULL)
99 goto failure;
100 if ((item = pqueue_find(pq, prio3)) == NULL)
101 goto failure;
98 102
99 item = pitem_new(prio2, NULL); 103 if ((item = pqueue_peek(pq)) == NULL)
100 pqueue_insert(pq, item); 104 goto failure;
101 105
102 item = pqueue_find(pq, prio1); 106 if (memcmp(item->priority, pq_expected[0], 8))
103 fprintf(stderr, "found %p\n", item->priority); 107 goto failure;
104 108
105 item = pqueue_find(pq, prio2); 109 iter = pqueue_iterator(pq);
106 fprintf(stderr, "found %p\n", item->priority); 110 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
111 if (memcmp(item->priority, pq_expected[i], 8) != 0)
112 goto failure;
113 i++;
114 }
107 115
108 item = pqueue_find(pq, prio3); 116 failed = (i != 3);
109 fprintf(stderr, "found %p\n", item ? item->priority: 0);
110 117
111 pqueue_print(pq); 118 failure:
112 119
113 for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq)) 120 for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
114 pitem_free(item); 121 pitem_free(item);
115
116 pqueue_free(pq); 122 pqueue_free(pq);
117 return 0; 123
124 return failed;
125}
126
127int
128main(void)
129{
130 int failed = 0;
131
132 failed |= test_pqueue();
133
134 return failed;
118} 135}
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 4adf27421d..68584998ce 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.94 2025/05/03 08:37:28 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -3740,6 +3740,11 @@ test_tlsext_keyshare_client(void)
3740 FAIL("Did not select a key share"); 3740 FAIL("Did not select a key share");
3741 goto done; 3741 goto done;
3742 } 3742 }
3743 if (tls_key_share_group(ssl->s3->hs.key_share) != 29) {
3744 FAIL("wrong key share group: got %d, expected 29\n",
3745 tls_key_share_group(ssl->s3->hs.key_share));
3746 goto done;
3747 }
3743 3748
3744 /* 3749 /*
3745 * Pretend the client did not send the supported groups extension. We 3750 * Pretend the client did not send the supported groups extension. We
@@ -4542,12 +4547,10 @@ test_tlsext_valid_hostnames(void)
4542#define N_TLSEXT_RANDOMIZATION_TESTS 1000 4547#define N_TLSEXT_RANDOMIZATION_TESTS 1000
4543 4548
4544static int 4549static int
4545test_tlsext_check_extension_order(SSL *ssl) 4550test_tlsext_check_psk_is_last_extension(SSL *ssl)
4546{ 4551{
4547 const struct tls_extension *ext; 4552 const struct tls_extension *ext;
4548 uint16_t type; 4553 uint16_t type;
4549 size_t alpn_idx, sni_idx;
4550 size_t i;
4551 4554
4552 if (ssl->tlsext_build_order_len == 0) { 4555 if (ssl->tlsext_build_order_len == 0) {
4553 FAIL("Unexpected zero build order length"); 4556 FAIL("Unexpected zero build order length");
@@ -4560,34 +4563,6 @@ test_tlsext_check_extension_order(SSL *ssl)
4560 return 1; 4563 return 1;
4561 } 4564 }
4562 4565
4563 if (ssl->server)
4564 return 0;
4565
4566 alpn_idx = sni_idx = ssl->tlsext_build_order_len;
4567 for (i = 0; i < ssl->tlsext_build_order_len; i++) {
4568 ext = ssl->tlsext_build_order[i];
4569 if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
4570 alpn_idx = i;
4571 if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
4572 sni_idx = i;
4573 }
4574
4575 if (alpn_idx == ssl->tlsext_build_order_len) {
4576 FAIL("could not find alpn extension\n");
4577 return 1;
4578 }
4579
4580 if (sni_idx == ssl->tlsext_build_order_len) {
4581 FAIL("could not find alpn extension\n");
4582 return 1;
4583 }
4584
4585 if (sni_idx >= alpn_idx) {
4586 FAIL("sni does not precede alpn: %zu >= %zu\n",
4587 sni_idx, alpn_idx);
4588 return 1;
4589 }
4590
4591 return 0; 4566 return 0;
4592} 4567}
4593 4568
@@ -4600,7 +4575,7 @@ test_tlsext_randomized_extensions(SSL *ssl)
4600 for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) { 4575 for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
4601 if (!tlsext_randomize_build_order(ssl)) 4576 if (!tlsext_randomize_build_order(ssl))
4602 errx(1, "failed to randomize extensions"); 4577 errx(1, "failed to randomize extensions");
4603 failed |= test_tlsext_check_extension_order(ssl); 4578 failed |= test_tlsext_check_psk_is_last_extension(ssl);
4604 } 4579 }
4605 4580
4606 return failed; 4581 return failed;
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
index 91aedad165..ff678ec9a8 100644
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
1# $OpenBSD: tlsfuzzer.py,v 1.56 2024/09/18 19:12:37 tb Exp $ 1# $OpenBSD: tlsfuzzer.py,v 1.57 2025/06/15 09:44:57 tb Exp $
2# 2#
3# Copyright (c) 2020 Theo Buehler <tb@openbsd.org> 3# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4# 4#
@@ -72,7 +72,7 @@ def substitute_alert(want, got):
72 return f"Expected alert description \"{want}\" " \ 72 return f"Expected alert description \"{want}\" " \
73 + f"does not match received \"{got}\"" 73 + f"does not match received \"{got}\""
74 74
75# test-tls13-finished.py has 70 failing tests that expect a "decode_error" 75# test_tls13_finished.py has 70 failing tests that expect a "decode_error"
76# instead of the "decrypt_error" sent by tls13_server_finished_recv(). 76# instead of the "decrypt_error" sent by tls13_server_finished_recv().
77# Both alerts appear to be reasonable in this context, so work around this 77# Both alerts appear to be reasonable in this context, so work around this
78# in the test instead of the library. 78# in the test instead of the library.
@@ -164,46 +164,46 @@ def generate_test_tls13_finished_args():
164 return args 164 return args
165 165
166tls13_tests = TestGroup("TLSv1.3 tests", [ 166tls13_tests = TestGroup("TLSv1.3 tests", [
167 Test("test-tls13-ccs.py"), 167 Test("test_tls13_ccs.py"),
168 Test("test-tls13-conversation.py"), 168 Test("test_tls13_conversation.py"),
169 Test("test-tls13-count-tickets.py"), 169 Test("test_tls13_count_tickets.py"),
170 Test("test-tls13-empty-alert.py"), 170 Test("test_tls13_empty_alert.py"),
171 Test("test-tls13-finished.py", generate_test_tls13_finished_args()), 171 Test("test_tls13_finished.py", generate_test_tls13_finished_args()),
172 Test("test-tls13-finished-plaintext.py"), 172 Test("test_tls13_finished_plaintext.py"),
173 Test("test-tls13-hrr.py"), 173 Test("test_tls13_hrr.py"),
174 Test("test-tls13-keyshare-omitted.py"), 174 Test("test_tls13_keyshare_omitted.py"),
175 Test("test-tls13-legacy-version.py"), 175 Test("test_tls13_legacy_version.py"),
176 Test("test-tls13-nociphers.py"), 176 Test("test_tls13_nociphers.py"),
177 Test("test-tls13-record-padding.py"), 177 Test("test_tls13_record_padding.py"),
178 # Exclude QUIC transport parameters 178 # Exclude QUIC transport parameters
179 Test("test-tls13-shuffled-extentions.py", [ "--exc", "57" ]), 179 Test("test_tls13_shuffled_extentions.py", [ "--exc", "57" ]),
180 Test("test-tls13-zero-content-type.py"), 180 Test("test_tls13_zero_content_type.py"),
181 181
182 # The skipped tests fail due to a bug in BIO_gets() which masks the retry 182 # The skipped tests fail due to a bug in BIO_gets() which masks the retry
183 # signalled from an SSL_read() failure. Testing with httpd(8) shows we're 183 # signalled from an SSL_read() failure. Testing with httpd(8) shows we're
184 # handling these corner cases correctly since tls13_record_layer.c -r1.47. 184 # handling these corner cases correctly since tls13_record_layer.c -r1.47.
185 Test("test-tls13-zero-length-data.py", [ 185 Test("test_tls13_zero_length_data.py", [
186 "-e", "zero-length app data", 186 "-e", "zero-length app data",
187 "-e", "zero-length app data with large padding", 187 "-e", "zero-length app data with large padding",
188 "-e", "zero-length app data with padding", 188 "-e", "zero-length app data with padding",
189 ]), 189 ]),
190 190
191 # We don't currently handle NSTs 191 # We don't currently handle NSTs
192 Test("test-tls13-connection-abort.py", ["-e", "After NewSessionTicket"]), 192 Test("test_tls13_connection_abort.py", ["-e", "After NewSessionTicket"]),
193]) 193])
194 194
195# Tests that take a lot of time (> ~30s on an x280) 195# Tests that take a lot of time (> ~30s on an x280)
196tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [ 196tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
197 # XXX: Investigate the occasional message 197 # XXX: Investigate the occasional message
198 # "Got shared secret with 1 most significant bytes equal to zero." 198 # "Got shared secret with 1 most significant bytes equal to zero."
199 Test("test-tls13-dhe-shared-secret-padding.py", tls13_unsupported_ciphers), 199 Test("test_tls13_dhe_shared_secret_padding.py", tls13_unsupported_ciphers),
200 200
201 Test("test-tls13-invalid-ciphers.py"), 201 Test("test_tls13_invalid_ciphers.py"),
202 Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers), 202 Test("test_tls13_serverhello_random.py", tls13_unsupported_ciphers),
203 203
204 # Mark two tests cases as xfail for now. The tests expect an arguably 204 # Mark two tests cases as xfail for now. The tests expect an arguably
205 # correct decode_error while we send a decrypt_error (like fizz/boring). 205 # correct decode_error while we send a decrypt_error (like fizz/boring).
206 Test("test-tls13-record-layer-limits.py", [ 206 Test("test_tls13_record_layer_limits.py", [
207 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256", 207 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256",
208 "-X", substitute_alert("decode_error", "decrypt_error"), 208 "-X", substitute_alert("decode_error", "decrypt_error"),
209 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256", 209 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256",
@@ -212,22 +212,22 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
212 # We don't accept an empty ECPF extension since it must advertise the 212 # We don't accept an empty ECPF extension since it must advertise the
213 # uncompressed point format. Exclude this extension type from the test. 213 # uncompressed point format. Exclude this extension type from the test.
214 Test( 214 Test(
215 "test-tls13-large-number-of-extensions.py", 215 "test_tls13_large_number_of_extensions.py",
216 tls13_args = ["--exc", "11"], 216 tls13_args = ["--exc", "11"],
217 ), 217 ),
218]) 218])
219 219
220tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [ 220tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [
221 # need to set up client certs to run these 221 # need to set up client certs to run these
222 Test("test-tls13-certificate-request.py"), 222 Test("test_tls13_certificate_request.py"),
223 Test("test-tls13-certificate-verify.py"), 223 Test("test_tls13_certificate_verify.py"),
224 Test("test-tls13-ecdsa-in-certificate-verify.py"), 224 Test("test_tls13_ecdsa_in_certificate_verify.py"),
225 Test("test-tls13-eddsa-in-certificate-verify.py"), 225 Test("test_tls13_eddsa_in_certificate_verify.py"),
226 226
227 # Test expects the server to have installed three certificates: 227 # Test expects the server to have installed three certificates:
228 # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified 228 # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified
229 # to not work. 229 # to not work.
230 Test("test-tls13-ecdsa-support.py"), 230 Test("test_tls13_ecdsa_support.py"),
231]) 231])
232 232
233tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [ 233tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
@@ -235,7 +235,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
235 # With X25519, we accept weak peer public keys and fail when we actually 235 # With X25519, we accept weak peer public keys and fail when we actually
236 # compute the keyshare. Other tests seem to indicate that we could be 236 # compute the keyshare. Other tests seem to indicate that we could be
237 # stricter about what keyshares we accept. 237 # stricter about what keyshares we accept.
238 Test("test-tls13-crfg-curves.py", [ 238 Test("test_tls13_crfg_curves.py", [
239 '-e', 'all zero x448 key share', 239 '-e', 'all zero x448 key share',
240 '-e', 'empty x448 key share', 240 '-e', 'empty x448 key share',
241 '-e', 'sanity x448 with compression ansiX962_compressed_char2', 241 '-e', 'sanity x448 with compression ansiX962_compressed_char2',
@@ -245,7 +245,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
245 '-e', 'too small x448 key share', 245 '-e', 'too small x448 key share',
246 '-e', 'x448 key share of "1"', 246 '-e', 'x448 key share of "1"',
247 ]), 247 ]),
248 Test("test-tls13-ecdhe-curves.py", [ 248 Test("test_tls13_ecdhe_curves.py", [
249 '-e', 'sanity - x448', 249 '-e', 'sanity - x448',
250 '-e', 'x448 - key share from other curve', 250 '-e', 'x448 - key share from other curve',
251 '-e', 'x448 - point at infinity', 251 '-e', 'x448 - point at infinity',
@@ -258,21 +258,21 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
258 # We have the logic corresponding to NSS's fix for CVE-2020-25648 258 # We have the logic corresponding to NSS's fix for CVE-2020-25648
259 # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 259 # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
260 # so should not be affected by this issue. 260 # so should not be affected by this issue.
261 Test("test-tls13-multiple-ccs-messages.py"), 261 Test("test_tls13_multiple_ccs_messages.py"),
262 262
263 # https://github.com/openssl/openssl/issues/8369 263 # https://github.com/openssl/openssl/issues/8369
264 Test("test-tls13-obsolete-curves.py"), 264 Test("test_tls13_obsolete_curves.py"),
265 265
266 # 3 failing rsa_pss_pss tests 266 # 3 failing rsa_pss_pss tests
267 Test("test-tls13-rsa-signatures.py"), 267 Test("test_tls13_rsa_signatures.py"),
268 268
269 # The failing tests all expect an ri extension. What's up with that? 269 # The failing tests all expect an ri extension. What's up with that?
270 Test("test-tls13-version-negotiation.py"), 270 Test("test_tls13_version_negotiation.py"),
271]) 271])
272 272
273tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [ 273tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
274 # Other test failures bugs in keyshare/tlsext negotiation? 274 # Other test failures bugs in keyshare/tlsext negotiation?
275 Test("test-tls13-unrecognised-groups.py"), # unexpected closure 275 Test("test_tls13_unrecognised_groups.py"), # unexpected closure
276 276
277 # 5 occasional failures: 277 # 5 occasional failures:
278 # 'app data split, conversation with KeyUpdate msg' 278 # 'app data split, conversation with KeyUpdate msg'
@@ -280,43 +280,43 @@ tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
280 # 'multiple KeyUpdate messages' 280 # 'multiple KeyUpdate messages'
281 # 'post-handshake KeyUpdate msg with update_not_request' 281 # 'post-handshake KeyUpdate msg with update_not_request'
282 # 'post-handshake KeyUpdate msg with update_request' 282 # 'post-handshake KeyUpdate msg with update_request'
283 Test("test-tls13-keyupdate.py"), 283 Test("test_tls13_keyupdate.py"),
284 284
285 Test("test-tls13-symetric-ciphers.py"), # unexpected message from peer 285 Test("test_tls13_symetric_ciphers.py"), # unexpected message from peer
286 286
287 # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature' 287 # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
288 # We send server hello, but the test expects handshake_failure 288 # We send server hello, but the test expects handshake_failure
289 Test("test-tls13-pkcs-signature.py"), 289 Test("test_tls13_pkcs_signature.py"),
290 # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512} 290 # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512}
291 Test("test-tls13-rsapss-signatures.py"), 291 Test("test_tls13_rsapss_signatures.py"),
292]) 292])
293 293
294tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [ 294tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
295 # Tests for features we don't support 295 # Tests for features we don't support
296 Test("test-tls13-0rtt-garbage.py"), 296 Test("test_tls13_0rtt_garbage.py"),
297 Test("test-tls13-ffdhe-groups.py"), 297 Test("test_tls13_ffdhe_groups.py"),
298 Test("test-tls13-ffdhe-sanity.py"), 298 Test("test_tls13_ffdhe_sanity.py"),
299 Test("test-tls13-psk_dhe_ke.py"), 299 Test("test_tls13_psk_dhe_ke.py"),
300 Test("test-tls13-psk_ke.py"), 300 Test("test_tls13_psk_ke.py"),
301 301
302 # need server to react to HTTP GET for /keyupdate 302 # need server to react to HTTP GET for /keyupdate
303 Test("test-tls13-keyupdate-from-server.py"), 303 Test("test_tls13_keyupdate_from_server.py"),
304 304
305 # needs an echo server 305 # needs an echo server
306 Test("test-tls13-lengths.py"), 306 Test("test_tls13_lengths.py"),
307 307
308 # Weird test: tests servers that don't support 1.3 308 # Weird test: tests servers that don't support 1.3
309 Test("test-tls13-non-support.py"), 309 Test("test_tls13_non_support.py"),
310 310
311 # broken test script 311 # broken test script
312 # UnboundLocalError: local variable 'cert' referenced before assignment 312 # UnboundLocalError: local variable 'cert' referenced before assignment
313 Test("test-tls13-post-handshake-auth.py"), 313 Test("test_tls13_post_handshake_auth.py"),
314 314
315 # ExpectNewSessionTicket 315 # ExpectNewSessionTicket
316 Test("test-tls13-session-resumption.py"), 316 Test("test_tls13_session_resumption.py"),
317 317
318 # Server must be configured to support only rsa_pss_rsae_sha512 318 # Server must be configured to support only rsa_pss_rsae_sha512
319 Test("test-tls13-signature-algorithms.py"), 319 Test("test_tls13_signature_algorithms.py"),
320]) 320])
321 321
322tls12_exclude_legacy_protocols = [ 322tls12_exclude_legacy_protocols = [
@@ -345,52 +345,52 @@ tls12_exclude_legacy_protocols = [
345 345
346tls12_tests = TestGroup("TLSv1.2 tests", [ 346tls12_tests = TestGroup("TLSv1.2 tests", [
347 # Tests that pass as they are. 347 # Tests that pass as they are.
348 Test("test-aes-gcm-nonces.py"), 348 Test("test_aes_gcm_nonces.py"),
349 Test("test-connection-abort.py"), 349 Test("test_connection_abort.py"),
350 Test("test-conversation.py"), 350 Test("test_conversation.py"),
351 Test("test-cve-2016-2107.py"), 351 Test("test_cve_2016_2107.py"),
352 Test("test-cve-2016-6309.py"), 352 Test("test_cve_2016_6309.py"),
353 Test("test-dhe-rsa-key-exchange.py"), 353 Test("test_dhe_rsa_key_exchange.py"),
354 Test("test-early-application-data.py"), 354 Test("test_early_application_data.py"),
355 Test("test-empty-extensions.py"), 355 Test("test_empty_extensions.py"),
356 Test("test-extensions.py"), 356 Test("test_extensions.py"),
357 Test("test-fuzzed-MAC.py"), 357 Test("test_fuzzed_MAC.py"),
358 Test("test-fuzzed-ciphertext.py"), 358 Test("test_fuzzed_ciphertext.py"),
359 Test("test-fuzzed-finished.py"), 359 Test("test_fuzzed_finished.py"),
360 Test("test-fuzzed-padding.py"), 360 Test("test_fuzzed_padding.py"),
361 Test("test-fuzzed-plaintext.py"), # fails once in a while 361 Test("test_fuzzed_plaintext.py"), # fails once in a while
362 Test("test-hello-request-by-client.py"), 362 Test("test_hello_request_by_client.py"),
363 Test("test-invalid-cipher-suites.py"), 363 Test("test_invalid_cipher_suites.py"),
364 Test("test-invalid-content-type.py"), 364 Test("test_invalid_content_type.py"),
365 Test("test-invalid-session-id.py"), 365 Test("test_invalid_session_id.py"),
366 Test("test-invalid-version.py"), 366 Test("test_invalid_version.py"),
367 Test("test-large-number-of-extensions.py"), 367 Test("test_large_number_of_extensions.py"),
368 Test("test-lucky13.py"), 368 Test("test_lucky13.py"),
369 Test("test-message-skipping.py"), 369 Test("test_message_skipping.py"),
370 Test("test-no-heartbeat.py"), 370 Test("test_no_heartbeat.py"),
371 Test("test-record-layer-fragmentation.py"), 371 Test("test_record_layer_fragmentation.py"),
372 Test("test-sslv2-connection.py"), 372 Test("test_sslv2_connection.py"),
373 Test("test-truncating-of-finished.py"), 373 Test("test_truncating_of_finished.py"),
374 Test("test-truncating-of-kRSA-client-key-exchange.py"), 374 Test("test_truncating_of_kRSA_client_key_exchange.py"),
375 Test("test-unsupported-curve-fallback.py"), 375 Test("test_unsupported_curve_fallback.py"),
376 Test("test-version-numbers.py"), 376 Test("test_version_numbers.py"),
377 Test("test-zero-length-data.py"), 377 Test("test_zero_length_data.py"),
378 378
379 # Tests that need tweaking for unsupported features and ciphers. 379 # Tests that need tweaking for unsupported features and ciphers.
380 Test( 380 Test(
381 "test-atypical-padding.py", [ 381 "test_atypical_padding.py", [
382 "-e", "sanity - encrypt then MAC", 382 "-e", "sanity - encrypt then MAC",
383 "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)", 383 "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)",
384 ] 384 ]
385 ), 385 ),
386 Test( 386 Test(
387 "test-ccs.py", [ 387 "test_ccs.py", [
388 "-x", "two bytes long CCS", 388 "-x", "two bytes long CCS",
389 "-X", substitute_alert("unexpected_message", "decode_error"), 389 "-X", substitute_alert("unexpected_message", "decode_error"),
390 ] 390 ]
391 ), 391 ),
392 Test( 392 Test(
393 "test-dhe-rsa-key-exchange-signatures.py", [ 393 "test_dhe_rsa_key_exchange_signatures.py", [
394 "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature", 394 "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
395 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature", 395 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
396 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature", 396 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
@@ -398,14 +398,14 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
398 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature", 398 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature",
399 ] 399 ]
400 ), 400 ),
401 Test("test-dhe-rsa-key-exchange-with-bad-messages.py", [ 401 Test("test_dhe_rsa_key_exchange_with_bad_messages.py", [
402 "-x", "invalid dh_Yc value - missing", 402 "-x", "invalid dh_Yc value - missing",
403 "-X", substitute_alert("decode_error", "illegal_parameter"), 403 "-X", substitute_alert("decode_error", "illegal_parameter"),
404 ]), 404 ]),
405 Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols), 405 Test("test_dhe_key_share_random.py", tls12_exclude_legacy_protocols),
406 Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]), 406 Test("test_export_ciphers_rejected.py", ["--min-ver", "TLSv1.2"]),
407 Test( 407 Test(
408 "test-downgrade-protection.py", 408 "test_downgrade_protection.py",
409 tls12_args = ["--server-max-protocol", "TLSv1.2"], 409 tls12_args = ["--server-max-protocol", "TLSv1.2"],
410 tls13_args = [ 410 tls13_args = [
411 "--server-max-protocol", "TLSv1.3", 411 "--server-max-protocol", "TLSv1.3",
@@ -414,7 +414,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
414 ] 414 ]
415 ), 415 ),
416 Test( 416 Test(
417 "test-fallback-scsv.py", 417 "test_fallback_scsv.py",
418 tls13_args = [ 418 tls13_args = [
419 "--tls-1.3", 419 "--tls-1.3",
420 "-e", "FALLBACK - hello TLSv1.1 - pos 0", 420 "-e", "FALLBACK - hello TLSv1.1 - pos 0",
@@ -428,7 +428,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
428 ] 428 ]
429 ), 429 ),
430 430
431 Test("test-invalid-compression-methods.py", [ 431 Test("test_invalid_compression_methods.py", [
432 "-x", "invalid compression methods", 432 "-x", "invalid compression methods",
433 "-X", substitute_alert("illegal_parameter", "decode_error"), 433 "-X", substitute_alert("illegal_parameter", "decode_error"),
434 "-x", "only deflate compression method", 434 "-x", "only deflate compression method",
@@ -437,134 +437,134 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
437 437
438 # Skip extended_master_secret test. Since we don't support this 438 # Skip extended_master_secret test. Since we don't support this
439 # extension, we don't notice that it was dropped. 439 # extension, we don't notice that it was dropped.
440 Test("test-renegotiation-changed-clienthello.py", [ 440 Test("test_renegotiation_changed_clienthello.py", [
441 "-e", "drop extended_master_secret in renegotiation", 441 "-e", "drop extended_master_secret in renegotiation",
442 ]), 442 ]),
443 443
444 Test("test-sessionID-resumption.py", [ 444 Test("test_sessionID_resumption.py", [
445 "-x", "Client Hello too long session ID", 445 "-x", "Client Hello too long session ID",
446 "-X", substitute_alert("decode_error", "illegal_parameter"), 446 "-X", substitute_alert("decode_error", "illegal_parameter"),
447 ]), 447 ]),
448 448
449 # Without --sig-algs-drop-ok, two tests fail since we do not currently 449 # Without --sig-algs-drop-ok, two tests fail since we do not currently
450 # implement the signature_algorithms_cert extension (although we MUST). 450 # implement the signature_algorithms_cert extension (although we MUST).
451 Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]), 451 Test("test_sig_algs_renegotiation_resumption.py", ["--sig-algs-drop-ok"]),
452 452
453 Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols), 453 Test("test_serverhello_random.py", args = tls12_exclude_legacy_protocols),
454 454
455 Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]), 455 Test("test_chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
456]) 456])
457 457
458tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [ 458tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
459 Test("test-cve-2016-7054.py"), 459 Test("test_cve_2016_7054.py"),
460 Test("test-dhe-no-shared-secret-padding.py", tls12_exclude_legacy_protocols), 460 Test("test_dhe_no_shared_secret_padding.py", tls12_exclude_legacy_protocols),
461 Test("test-ecdhe-padded-shared-secret.py", tls12_exclude_legacy_protocols), 461 Test("test_ecdhe_padded_shared_secret.py", tls12_exclude_legacy_protocols),
462 Test("test-ecdhe-rsa-key-share-random.py", tls12_exclude_legacy_protocols), 462 Test("test_ecdhe_rsa_key_share_random.py", tls12_exclude_legacy_protocols),
463 # Start at extension number 58 to avoid QUIC transport parameters (57) 463 # Start at extension number 58 to avoid QUIC transport parameters (57)
464 Test("test-large-hello.py", [ "-m", "58" ]), 464 Test("test_large_hello.py", [ "-m", "58" ]),
465]) 465])
466 466
467tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [ 467tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
468 # no shared cipher 468 # no shared cipher
469 Test("test-aesccm.py"), 469 Test("test_aesccm.py"),
470 # need server to set up alpn 470 # need server to set up alpn
471 Test("test-alpn-negotiation.py"), 471 Test("test_alpn_negotiation.py"),
472 # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it. 472 # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it.
473 Test("test-bleichenbacher-timing-pregenerate.py"), 473 Test("test_bleichenbacher_timing_pregenerate.py"),
474 # many tests fail due to unexpected server_name extension 474 # many tests fail due to unexpected server_name extension
475 Test("test-bleichenbacher-workaround.py"), 475 Test("test_bleichenbacher_workaround.py"),
476 476
477 # need client key and cert plus extra server setup 477 # need client key and cert plus extra server setup
478 Test("test-certificate-malformed.py"), 478 Test("test_certificate_malformed.py"),
479 Test("test-certificate-request.py"), 479 Test("test_certificate_request.py"),
480 Test("test-certificate-verify-malformed-sig.py"), 480 Test("test_certificate_verify_malformed_sig.py"),
481 Test("test-certificate-verify-malformed.py"), 481 Test("test_certificate_verify_malformed.py"),
482 Test("test-certificate-verify.py"), 482 Test("test_certificate_verify.py"),
483 Test("test-ecdsa-in-certificate-verify.py"), 483 Test("test_ecdsa_in_certificate_verify.py"),
484 Test("test-eddsa-in-certificate-verify.py"), 484 Test("test_eddsa_in_certificate_verify.py"),
485 Test("test-renegotiation-disabled-client-cert.py"), 485 Test("test_renegotiation_disabled_client_cert.py"),
486 Test("test-rsa-pss-sigs-on-certificate-verify.py"), 486 Test("test_rsa_pss_sigs_on_certificate_verify.py"),
487 Test("test-rsa-sigs-on-certificate-verify.py"), 487 Test("test_rsa_sigs_on_certificate_verify.py"),
488 488
489 # test doesn't expect session ticket 489 # test doesn't expect session ticket
490 Test("test-client-compatibility.py"), 490 Test("test_client_compatibility.py"),
491 # abrupt closure 491 # abrupt closure
492 Test("test-client-hello-max-size.py"), 492 Test("test_client_hello_max_size.py"),
493 # unknown signature algorithms 493 # unknown signature algorithms
494 Test("test-clienthello-md5.py"), 494 Test("test_clienthello_md5.py"),
495 495
496 # Tests expect an illegal_parameter or a decode_error alert. Should be 496 # Tests expect an illegal_parameter or a decode_error alert. Should be
497 # added to ssl3_get_client_key_exchange on kex function failure. 497 # added to ssl3_get_client_key_exchange on kex function failure.
498 Test("test-ecdhe-rsa-key-exchange-with-bad-messages.py"), 498 Test("test_ecdhe_rsa_key_exchange_with_bad_messages.py"),
499 499
500 # We send a handshake_failure due to no shared ciphers while the 500 # We send a handshake_failure due to no shared ciphers while the
501 # test expects to succeed. 501 # test expects to succeed.
502 Test("test-ecdhe-rsa-key-exchange.py"), 502 Test("test_ecdhe_rsa_key_exchange.py"),
503 503
504 # no shared cipher 504 # no shared cipher
505 Test("test-ecdsa-sig-flexibility.py"), 505 Test("test_ecdsa_sig_flexibility.py"),
506 506
507 # Tests expect SH but we send unexpected_message or handshake_failure 507 # Tests expect SH but we send unexpected_message or handshake_failure
508 # 'Application data inside Client Hello' 508 # 'Application data inside Client Hello'
509 # 'Application data inside Client Key Exchange' 509 # 'Application data inside Client Key Exchange'
510 # 'Application data inside Finished' 510 # 'Application data inside Finished'
511 Test("test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py"), 511 Test("test_interleaved_application_data_and_fragmented_handshakes_in_renegotiation.py"),
512 # Tests expect SH but we send handshake_failure 512 # Tests expect SH but we send handshake_failure
513 # 'Application data before Change Cipher Spec' 513 # 'Application data before Change Cipher Spec'
514 # 'Application data before Client Key Exchange' 514 # 'Application data before Client Key Exchange'
515 # 'Application data before Finished' 515 # 'Application data before Finished'
516 Test("test-interleaved-application-data-in-renegotiation.py"), 516 Test("test_interleaved_application_data_in_renegotiation.py"),
517 517
518 # broken test script 518 # broken test script
519 # TypeError: '<' not supported between instances of 'int' and 'NoneType' 519 # TypeError: '<' not supported between instances of 'int' and 'NoneType'
520 Test("test-invalid-client-hello-w-record-overflow.py"), 520 Test("test_invalid_client_hello_w_record_overflow.py"),
521 521
522 # Lots of failures. abrupt closure 522 # Lots of failures. abrupt closure
523 Test("test-invalid-client-hello.py"), 523 Test("test_invalid_client_hello.py"),
524 524
525 # abrupt closure 525 # abrupt closure
526 # 'encrypted premaster set to all zero (n)' n in 256 384 512 526 # 'encrypted premaster set to all zero (n)' n in 256 384 512
527 Test("test-invalid-rsa-key-exchange-messages.py"), 527 Test("test_invalid_rsa_key_exchange_messages.py"),
528 528
529 # test expects illegal_parameter, we send unrecognized_name (which seems 529 # test expects illegal_parameter, we send unrecognized_name (which seems
530 # correct according to rfc 6066?) 530 # correct according to rfc 6066?)
531 Test("test-invalid-server-name-extension-resumption.py"), 531 Test("test_invalid_server_name_extension_resumption.py"),
532 # let through some server names without sending an alert 532 # let through some server names without sending an alert
533 # again illegal_parameter vs unrecognized_name 533 # again illegal_parameter vs unrecognized_name
534 Test("test-invalid-server-name-extension.py"), 534 Test("test_invalid_server_name_extension.py"),
535 535
536 # 4 failures: 536 # 4 failures:
537 # 'insecure (legacy) renegotiation with GET after 2nd handshake' 537 # 'insecure (legacy) renegotiation with GET after 2nd handshake'
538 # 'insecure (legacy) renegotiation with incomplete GET' 538 # 'insecure (legacy) renegotiation with incomplete GET'
539 # 'secure renegotiation with GET after 2nd handshake' 539 # 'secure renegotiation with GET after 2nd handshake'
540 # 'secure renegotiation with incomplete GET' 540 # 'secure renegotiation with incomplete GET'
541 Test("test-legacy-renegotiation.py"), 541 Test("test_legacy_renegotiation.py"),
542 542
543 # 1 failure (timeout): we don't send the unexpected_message alert 543 # 1 failure (timeout): we don't send the unexpected_message alert
544 # 'duplicate change cipher spec after Finished' 544 # 'duplicate change cipher spec after Finished'
545 Test("test-message-duplication.py"), 545 Test("test_message_duplication.py"),
546 546
547 # server should send status_request 547 # server should send status_request
548 Test("test-ocsp-stapling.py"), 548 Test("test_ocsp_stapling.py"),
549 549
550 # unexpected closure 550 # unexpected closure
551 Test("test-openssl-3712.py"), 551 Test("test_openssl_3712.py"),
552 552
553 # failed: 3 (expect an alert, we send AD) 553 # failed: 3 (expect an alert, we send AD)
554 # 'try insecure (legacy) renegotiation with incomplete GET' 554 # 'try insecure (legacy) renegotiation with incomplete GET'
555 # 'try secure renegotiation with GET after 2nd CH' 555 # 'try secure renegotiation with GET after 2nd CH'
556 # 'try secure renegotiation with incomplete GET' 556 # 'try secure renegotiation with incomplete GET'
557 Test("test-renegotiation-disabled.py"), 557 Test("test_renegotiation_disabled.py"),
558 558
559 # 'resumption of safe session with NULL cipher' 559 # 'resumption of safe session with NULL cipher'
560 # 'resumption with cipher from old CH but not selected by server' 560 # 'resumption with cipher from old CH but not selected by server'
561 Test("test-resumption-with-wrong-ciphers.py"), 561 Test("test_resumption_with_wrong_ciphers.py"),
562 562
563 # 'session resumption with empty session_id' 563 # 'session resumption with empty session_id'
564 # 'session resumption with random session_id' 564 # 'session resumption with random session_id'
565 # 'session resumption with renegotiation' 565 # 'session resumption with renegotiation'
566 # AssertionError: Server did not send extension(s): session_ticket 566 # AssertionError: Server did not send extension(s): session_ticket
567 Test("test-session-ticket-resumption.py"), 567 Test("test_session_ticket_resumption.py"),
568 568
569 # 5 failures: 569 # 5 failures:
570 # 'empty sigalgs' 570 # 'empty sigalgs'
@@ -572,7 +572,7 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
572 # 'rsa_pss_pss_sha256 only' 572 # 'rsa_pss_pss_sha256 only'
573 # 'rsa_pss_pss_sha384 only' 573 # 'rsa_pss_pss_sha384 only'
574 # 'rsa_pss_pss_sha512 only' 574 # 'rsa_pss_pss_sha512 only'
575 Test("test-sig-algs.py"), 575 Test("test_sig_algs.py"),
576 576
577 # 13 failures: 577 # 13 failures:
578 # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744 578 # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
@@ -581,51 +581,51 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
581 # 'tolerance 32758 methods with sig_alg_cert' 581 # 'tolerance 32758 methods with sig_alg_cert'
582 # 'tolerance max 32744 number of methods with sig_alg_cert' 582 # 'tolerance max 32744 number of methods with sig_alg_cert'
583 # 'tolerance max (32760) number of methods' 583 # 'tolerance max (32760) number of methods'
584 Test("test-signature-algorithms.py"), 584 Test("test_signature_algorithms.py"),
585 585
586 # times out 586 # times out
587 Test("test-ssl-death-alert.py"), 587 Test("test_ssl_death_alert.py"),
588 588
589 # 17 pass, 13 fail. padding and truncation 589 # 17 pass, 13 fail. padding and truncation
590 Test("test-truncating-of-client-hello.py"), 590 Test("test_truncating_of_client_hello.py"),
591 591
592 # x448 tests need disabling plus x25519 corner cases need sorting out 592 # x448 tests need disabling plus x25519 corner cases need sorting out
593 Test("test-x25519.py"), 593 Test("test_x25519.py"),
594 594
595 # Needs TLS 1.0 or 1.1 595 # Needs TLS 1.0 or 1.1
596 Test("test-TLSv1_2-rejected-without-TLSv1_2.py"), 596 Test("test_TLSv1_2_rejected_without_TLSv1_2.py"),
597]) 597])
598 598
599tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [ 599tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
600 # protocol_version 600 # protocol_version
601 Test("test-SSLv3-padding.py"), 601 Test("test_SSLv3_padding.py"),
602 # we don't do RSA key exchanges 602 # we don't do RSA key exchanges
603 Test("test-bleichenbacher-timing.py"), 603 Test("test_bleichenbacher_timing.py"),
604 # no encrypt-then-mac 604 # no encrypt-then-mac
605 Test("test-encrypt-then-mac-renegotiation.py"), 605 Test("test_encrypt_then_mac_renegotiation.py"),
606 Test("test-encrypt-then-mac.py"), 606 Test("test_encrypt_then_mac.py"),
607 # no EME support 607 # no EME support
608 Test("test-extended-master-secret-extension-with-client-cert.py"), 608 Test("test_extended_master_secret_extension_with_client_cert.py"),
609 Test("test-extended-master-secret-extension.py"), 609 Test("test_extended_master_secret_extension.py"),
610 # no ffdhe 610 # no ffdhe
611 Test("test-ffdhe-expected-params.py"), 611 Test("test_ffdhe_expected_params.py"),
612 Test("test-ffdhe-negotiation.py"), 612 Test("test_ffdhe_negotiation.py"),
613 # record_size_limit/max_fragment_length extension (RFC 8449) 613 # record_size_limit/max_fragment_length extension (RFC 8449)
614 Test("test-record-size-limit.py"), 614 Test("test_record_size_limit.py"),
615 # expects the server to send the heartbeat extension 615 # expects the server to send the heartbeat extension
616 Test("test-heartbeat.py"), 616 Test("test_heartbeat.py"),
617 # needs an echo server 617 # needs an echo server
618 Test("test-lengths.py"), 618 Test("test_lengths.py"),
619]) 619])
620 620
621# These tests take a ton of time to fail against an 1.3 server, 621# These tests take a ton of time to fail against an 1.3 server,
622# so don't run them against 1.3 pending further investigation. 622# so don't run them against 1.3 pending further investigation.
623legacy_tests = TestGroup("Legacy protocol tests", [ 623legacy_tests = TestGroup("Legacy protocol tests", [
624 Test("test-sslv2-force-cipher-3des.py"), 624 Test("test_sslv2_force_cipher_3des.py"),
625 Test("test-sslv2-force-cipher-non3des.py"), 625 Test("test_sslv2_force_cipher_non3des.py"),
626 Test("test-sslv2-force-cipher.py"), 626 Test("test_sslv2_force_cipher.py"),
627 Test("test-sslv2-force-export-cipher.py"), 627 Test("test_sslv2_force_export_cipher.py"),
628 Test("test-sslv2hello-protocol.py"), 628 Test("test_sslv2hello_protocol.py"),
629]) 629])
630 630
631all_groups = [ 631all_groups = [
diff --git a/src/regress/lib/libtls/tls/tlstest.c b/src/regress/lib/libtls/tls/tlstest.c
index b675c798b4..d52156128d 100644
--- a/src/regress/lib/libtls/tls/tlstest.c
+++ b/src/regress/lib/libtls/tls/tlstest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlstest.c,v 1.16 2024/08/02 15:02:22 tb Exp $ */ 1/* $OpenBSD: tlstest.c,v 1.17 2025/06/04 10:28:00 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -531,6 +531,142 @@ do_tls_version_tests(void)
531 return failure; 531 return failure;
532} 532}
533 533
534static int
535test_tls_alpn(const char *client_alpn, const char *server_alpn,
536 const char *selected)
537{
538 struct tls_config *client_cfg, *server_cfg;
539 struct tls *client, *server, *server_cctx;
540 const char *got_server, *got_client;
541 int failed = 1;
542
543 if ((client = tls_client()) == NULL)
544 errx(1, "failed to create tls client");
545 if ((client_cfg = tls_config_new()) == NULL)
546 errx(1, "failed to create tls client config");
547 tls_config_insecure_noverifyname(client_cfg);
548 if (tls_config_set_alpn(client_cfg, client_alpn) == -1)
549 errx(1, "failed to set alpn: %s", tls_config_error(client_cfg));
550 if (tls_config_set_ca_file(client_cfg, cafile) == -1)
551 errx(1, "failed to set ca: %s", tls_config_error(client_cfg));
552
553 if ((server = tls_server()) == NULL)
554 errx(1, "failed to create tls server");
555 if ((server_cfg = tls_config_new()) == NULL)
556 errx(1, "failed to create tls server config");
557 if (tls_config_set_alpn(server_cfg, server_alpn) == -1)
558 errx(1, "failed to set alpn: %s", tls_config_error(server_cfg));
559 if (tls_config_set_keypair_file(server_cfg, certfile, keyfile) == -1)
560 errx(1, "failed to set keypair: %s",
561 tls_config_error(server_cfg));
562
563 if (tls_configure(client, client_cfg) == -1)
564 errx(1, "failed to configure client: %s", tls_error(client));
565 tls_reset(server);
566 if (tls_configure(server, server_cfg) == -1)
567 errx(1, "failed to configure server: %s", tls_error(server));
568
569 tls_config_free(client_cfg);
570 tls_config_free(server_cfg);
571
572 circular_init();
573
574 if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
575 NULL) == -1)
576 errx(1, "failed to accept: %s", tls_error(server));
577
578 if (tls_connect_cbs(client, client_read, client_write, NULL,
579 "test") == -1)
580 errx(1, "failed to connect: %s", tls_error(client));
581
582 if (do_client_server_test("alpn", client, server_cctx) != 0)
583 goto fail;
584
585 got_server = tls_conn_alpn_selected(server_cctx);
586 got_client = tls_conn_alpn_selected(client);
587
588 if (got_server == NULL || got_client == NULL) {
589 printf("FAIL: expected ALPN for server and client, got "
590 "server: %p, client %p\n", got_server, got_client);
591 goto fail;
592 }
593
594 if (strcmp(got_server, got_client) != 0) {
595 printf("FAIL: ALPN mismatch: server %s, client %s\n",
596 got_server, got_client);
597 goto fail;
598 }
599
600 if (strcmp(selected, got_server) != 0) {
601 printf("FAIL: ALPN mismatch: want %s, got %s\n",
602 selected, got_server);
603 goto fail;
604 }
605
606 failed = 0;
607
608 fail:
609 tls_free(client);
610 tls_free(server);
611 tls_free(server_cctx);
612
613 return (failed);
614}
615
616static const struct test_alpn {
617 const char *client;
618 const char *server;
619 const char *selected;
620} tls_test_alpn[] = {
621 {
622 .client = "http/2,http/1.1",
623 .server = "http/1.1",
624 .selected = "http/1.1",
625 },
626 {
627 .client = "http/2,http/1.1",
628 .server = "http/2,http/1.1",
629 .selected = "http/2",
630 },
631 {
632 .client = "http/1.1,http/2",
633 .server = "http/2,http/1.1",
634 .selected = "http/2",
635 },
636 {
637 .client = "http/2,http/1.1",
638 .server = "http/1.1,http/2",
639 .selected = "http/1.1",
640 },
641 {
642 .client = "http/1.1",
643 .server = "http/2,http/1.1",
644 .selected = "http/1.1",
645 },
646};
647
648#define N_TLS_ALPN_TESTS (sizeof(tls_test_alpn) / sizeof(tls_test_alpn[0]))
649
650static int
651do_tls_alpn_tests(void)
652{
653 const struct test_alpn *ta;
654 int failure = 0;
655 size_t i;
656
657 printf("== TLS alpn tests ==\n");
658
659 for (i = 0; i < N_TLS_ALPN_TESTS; i++) {
660 ta = &tls_test_alpn[i];
661 printf("INFO: alpn test %zu - client alpn '%s' "
662 "and server alpn '%s'\n", i, ta->client, ta->server);
663 failure |= test_tls_alpn(ta->client, ta->server, ta->selected);
664 printf("\n");
665 }
666
667 return failure;
668}
669
534int 670int
535main(int argc, char **argv) 671main(int argc, char **argv)
536{ 672{
@@ -549,6 +685,7 @@ main(int argc, char **argv)
549 failure |= do_tls_tests(); 685 failure |= do_tls_tests();
550 failure |= do_tls_ordering_tests(); 686 failure |= do_tls_ordering_tests();
551 failure |= do_tls_version_tests(); 687 failure |= do_tls_version_tests();
688 failure |= do_tls_alpn_tests();
552 689
553 return (failure); 690 return (failure);
554} 691}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-17 09:49:41 +0000